Marcus Updateinfo to OVAL Converter 5.5 2025-01-29T14:32:57 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the apparmor-parser-2.13.4-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2017-6507 at SUSE CVE-2017-6507 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the augeas-1.10.1-1.11 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2012-0786 at SUSE CVE-2012-0786 at NVD CVE-2014-8119 at SUSE CVE-2014-8119 at NVD CVE-2017-7555 at SUSE CVE-2017-7555 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the bash-4.4-9.10.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2016-9401 at SUSE CVE-2016-9401 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the btrfsmaintenance-0.4.2-1.11 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2018-14722 at SUSE CVE-2018-14722 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the chrony-3.2-9.18.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2016-1567 at SUSE CVE-2016-1567 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the cni-plugins-0.8.6-3.8.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2020-10749 at SUSE CVE-2020-10749 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the containerd-1.3.9-5.29.3 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2016-9962 at SUSE CVE-2016-9962 at NVD CVE-2018-16873 at SUSE CVE-2018-16873 at NVD CVE-2018-16874 at SUSE CVE-2018-16874 at NVD CVE-2018-16875 at SUSE CVE-2018-16875 at NVD CVE-2019-5736 at SUSE CVE-2019-5736 at NVD CVE-2020-15157 at SUSE CVE-2020-15157 at NVD CVE-2020-15257 at SUSE CVE-2020-15257 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the coreutils-8.29-2.12 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2013-0221 at SUSE CVE-2013-0221 at NVD CVE-2013-0222 at SUSE CVE-2013-0222 at NVD CVE-2013-0223 at SUSE CVE-2013-0223 at NVD CVE-2015-4041 at SUSE CVE-2015-4041 at NVD CVE-2015-4042 at SUSE CVE-2015-4042 at NVD CVE-2017-7476 at SUSE CVE-2017-7476 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the cpio-2.12-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2014-9112 at SUSE CVE-2014-9112 at NVD CVE-2016-2037 at SUSE CVE-2016-2037 at NVD CVE-2019-14866 at SUSE CVE-2019-14866 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the cracklib-2.9.7-11.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2016-6318 at SUSE CVE-2016-6318 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the curl-7.66.0-4.11.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2014-8150 at SUSE CVE-2014-8150 at NVD CVE-2015-3143 at SUSE CVE-2015-3143 at NVD CVE-2015-3144 at SUSE CVE-2015-3144 at NVD CVE-2015-3145 at SUSE CVE-2015-3145 at NVD CVE-2015-3148 at SUSE CVE-2015-3148 at NVD CVE-2015-3153 at SUSE CVE-2015-3153 at NVD CVE-2015-3236 at SUSE CVE-2015-3236 at NVD CVE-2015-3237 at SUSE CVE-2015-3237 at NVD CVE-2016-0755 at SUSE CVE-2016-0755 at NVD CVE-2016-7167 at SUSE CVE-2016-7167 at NVD CVE-2016-8615 at SUSE CVE-2016-8615 at NVD CVE-2016-8616 at SUSE CVE-2016-8616 at NVD CVE-2016-8617 at SUSE CVE-2016-8617 at NVD CVE-2016-8618 at SUSE CVE-2016-8618 at NVD CVE-2016-8619 at SUSE CVE-2016-8619 at NVD CVE-2016-8620 at SUSE CVE-2016-8620 at NVD CVE-2016-8621 at SUSE CVE-2016-8621 at NVD CVE-2016-8622 at SUSE CVE-2016-8622 at NVD CVE-2016-8623 at SUSE CVE-2016-8623 at NVD CVE-2016-8624 at SUSE CVE-2016-8624 at NVD CVE-2016-8625 at SUSE CVE-2016-8625 at NVD CVE-2016-9586 at SUSE CVE-2016-9586 at NVD CVE-2016-9594 at SUSE CVE-2016-9594 at NVD CVE-2017-1000099 at SUSE CVE-2017-1000099 at NVD CVE-2017-1000100 at SUSE CVE-2017-1000100 at NVD CVE-2017-1000101 at SUSE CVE-2017-1000101 at NVD CVE-2017-1000254 at SUSE CVE-2017-1000254 at NVD CVE-2017-1000257 at SUSE CVE-2017-1000257 at NVD CVE-2017-2629 at SUSE CVE-2017-2629 at NVD CVE-2017-7468 at SUSE CVE-2017-7468 at NVD CVE-2017-8816 at SUSE CVE-2017-8816 at NVD CVE-2017-8817 at SUSE CVE-2017-8817 at NVD CVE-2017-8818 at SUSE CVE-2017-8818 at NVD CVE-2017-9502 at SUSE CVE-2017-9502 at NVD CVE-2018-0500 at SUSE CVE-2018-0500 at NVD CVE-2018-1000005 at SUSE CVE-2018-1000005 at NVD CVE-2018-1000007 at SUSE CVE-2018-1000007 at NVD CVE-2018-1000120 at SUSE CVE-2018-1000120 at NVD CVE-2018-1000121 at SUSE CVE-2018-1000121 at NVD CVE-2018-1000122 at SUSE CVE-2018-1000122 at NVD CVE-2018-1000300 at SUSE CVE-2018-1000300 at NVD CVE-2018-1000301 at SUSE CVE-2018-1000301 at NVD CVE-2018-14618 at SUSE CVE-2018-14618 at NVD CVE-2018-16839 at SUSE CVE-2018-16839 at NVD CVE-2018-16840 at SUSE CVE-2018-16840 at NVD CVE-2018-16842 at SUSE CVE-2018-16842 at NVD CVE-2018-16890 at SUSE CVE-2018-16890 at NVD CVE-2019-3822 at SUSE CVE-2019-3822 at NVD CVE-2019-3823 at SUSE CVE-2019-3823 at NVD CVE-2019-5435 at SUSE CVE-2019-5435 at NVD CVE-2019-5436 at SUSE CVE-2019-5436 at NVD CVE-2019-5481 at SUSE CVE-2019-5481 at NVD CVE-2019-5482 at SUSE CVE-2019-5482 at NVD CVE-2020-8169 at SUSE CVE-2020-8169 at NVD CVE-2020-8177 at SUSE CVE-2020-8177 at NVD CVE-2020-8231 at SUSE CVE-2020-8231 at NVD CVE-2020-8284 at SUSE CVE-2020-8284 at NVD CVE-2020-8285 at SUSE CVE-2020-8285 at NVD CVE-2020-8286 at SUSE CVE-2020-8286 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the dbus-1-1.12.2-8.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2014-3636 at SUSE CVE-2014-3636 at NVD CVE-2014-3637 at SUSE CVE-2014-3637 at NVD CVE-2014-3639 at SUSE CVE-2014-3639 at NVD CVE-2014-7824 at SUSE CVE-2014-7824 at NVD CVE-2014-8148 at SUSE CVE-2014-8148 at NVD CVE-2015-0245 at SUSE CVE-2015-0245 at NVD CVE-2019-12749 at SUSE CVE-2019-12749 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the dbus-1-glib-0.108-1.29 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2010-1172 at SUSE CVE-2010-1172 at NVD CVE-2013-0292 at SUSE CVE-2013-0292 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the docker-19.03.15_ce-6.46.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2014-5277 at SUSE CVE-2014-5277 at NVD CVE-2014-6407 at SUSE CVE-2014-6407 at NVD CVE-2014-6408 at SUSE CVE-2014-6408 at NVD CVE-2014-8178 at SUSE CVE-2014-8178 at NVD CVE-2014-8179 at SUSE CVE-2014-8179 at NVD CVE-2014-9356 at SUSE CVE-2014-9356 at NVD CVE-2014-9357 at SUSE CVE-2014-9357 at NVD CVE-2014-9358 at SUSE CVE-2014-9358 at NVD CVE-2015-3627 at SUSE CVE-2015-3627 at NVD CVE-2015-3629 at SUSE CVE-2015-3629 at NVD CVE-2015-3630 at SUSE CVE-2015-3630 at NVD CVE-2015-3631 at SUSE CVE-2015-3631 at NVD CVE-2016-3697 at SUSE CVE-2016-3697 at NVD CVE-2016-8867 at SUSE CVE-2016-8867 at NVD CVE-2016-9962 at SUSE CVE-2016-9962 at NVD CVE-2017-14992 at SUSE CVE-2017-14992 at NVD CVE-2017-16539 at SUSE CVE-2017-16539 at NVD CVE-2018-10892 at SUSE CVE-2018-10892 at NVD CVE-2018-15664 at SUSE CVE-2018-15664 at NVD CVE-2018-16873 at SUSE CVE-2018-16873 at NVD CVE-2018-16874 at SUSE CVE-2018-16874 at NVD CVE-2018-16875 at SUSE CVE-2018-16875 at NVD CVE-2018-20699 at SUSE CVE-2018-20699 at NVD CVE-2019-13509 at SUSE CVE-2019-13509 at NVD CVE-2019-14271 at SUSE CVE-2019-14271 at NVD CVE-2020-13401 at SUSE CVE-2020-13401 at NVD CVE-2020-15257 at SUSE CVE-2020-15257 at NVD CVE-2021-21284 at SUSE CVE-2021-21284 at NVD CVE-2021-21285 at SUSE CVE-2021-21285 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the docker-libnetwork-0.7.0.1+gitr2908_55e924b8a842-4.31.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2018-16873 at SUSE CVE-2018-16873 at NVD CVE-2018-16874 at SUSE CVE-2018-16874 at NVD CVE-2018-16875 at SUSE CVE-2018-16875 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the docker-runc-1.0.0rc10+gitr3981_dc9208a3303f-6.45.3 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2016-9962 at SUSE CVE-2016-9962 at NVD CVE-2018-16873 at SUSE CVE-2018-16873 at NVD CVE-2018-16874 at SUSE CVE-2018-16874 at NVD CVE-2018-16875 at SUSE CVE-2018-16875 at NVD CVE-2019-16884 at SUSE CVE-2019-16884 at NVD CVE-2019-19921 at SUSE CVE-2019-19921 at NVD CVE-2019-5736 at SUSE CVE-2019-5736 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the dracut-049.1+suse.186.g320cc3d1-1.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2016-8637 at SUSE CVE-2016-8637 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the e2fsprogs-1.43.8-4.23.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2015-0247 at SUSE CVE-2015-0247 at NVD CVE-2015-1572 at SUSE CVE-2015-1572 at NVD CVE-2019-5094 at SUSE CVE-2019-5094 at NVD CVE-2019-5188 at SUSE CVE-2019-5188 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the elfutils-0.168-4.5.3 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2014-9447 at SUSE CVE-2014-9447 at NVD CVE-2017-7607 at SUSE CVE-2017-7607 at NVD CVE-2017-7608 at SUSE CVE-2017-7608 at NVD CVE-2017-7609 at SUSE CVE-2017-7609 at NVD CVE-2017-7610 at SUSE CVE-2017-7610 at NVD CVE-2017-7611 at SUSE CVE-2017-7611 at NVD CVE-2017-7612 at SUSE CVE-2017-7612 at NVD CVE-2017-7613 at SUSE CVE-2017-7613 at NVD CVE-2018-16062 at SUSE CVE-2018-16062 at NVD CVE-2018-16402 at SUSE CVE-2018-16402 at NVD CVE-2018-16403 at SUSE CVE-2018-16403 at NVD CVE-2018-18310 at SUSE CVE-2018-18310 at NVD CVE-2018-18520 at SUSE CVE-2018-18520 at NVD CVE-2018-18521 at SUSE CVE-2018-18521 at NVD CVE-2019-7150 at SUSE CVE-2019-7150 at NVD CVE-2019-7665 at SUSE CVE-2019-7665 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the file-5.32-7.11.2 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2014-3710 at SUSE CVE-2014-3710 at NVD CVE-2014-8116 at SUSE CVE-2014-8116 at NVD CVE-2014-8117 at SUSE CVE-2014-8117 at NVD CVE-2017-1000249 at SUSE CVE-2017-1000249 at NVD CVE-2018-10360 at SUSE CVE-2018-10360 at NVD CVE-2019-18218 at SUSE CVE-2019-18218 at NVD CVE-2019-8905 at SUSE CVE-2019-8905 at NVD CVE-2019-8906 at SUSE CVE-2019-8906 at NVD CVE-2019-8907 at SUSE CVE-2019-8907 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the firewalld-0.5.5-4.24.9 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2016-5410 at SUSE CVE-2016-5410 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the fuse-2.9.7-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2009-3297 at SUSE CVE-2009-3297 at NVD CVE-2011-0541 at SUSE CVE-2011-0541 at NVD CVE-2015-3202 at SUSE CVE-2015-3202 at NVD CVE-2018-10906 at SUSE CVE-2018-10906 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the gettext-runtime-0.19.8.1-4.11.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2018-18751 at SUSE CVE-2018-18751 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the glib2-tools-2.62.6-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2018-16428 at SUSE CVE-2018-16428 at NVD CVE-2018-16429 at SUSE CVE-2018-16429 at NVD CVE-2019-12450 at SUSE CVE-2019-12450 at NVD CVE-2020-6750 at SUSE CVE-2020-6750 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the glibc-2.26-13.51.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2009-5155 at SUSE CVE-2009-5155 at NVD CVE-2010-3192 at SUSE CVE-2010-3192 at NVD CVE-2012-3406 at SUSE CVE-2012-3406 at NVD CVE-2013-4458 at SUSE CVE-2013-4458 at NVD CVE-2014-7817 at SUSE CVE-2014-7817 at NVD CVE-2014-8121 at SUSE CVE-2014-8121 at NVD CVE-2014-9402 at SUSE CVE-2014-9402 at NVD CVE-2014-9761 at SUSE CVE-2014-9761 at NVD CVE-2015-1472 at SUSE CVE-2015-1472 at NVD CVE-2015-1473 at SUSE CVE-2015-1473 at NVD CVE-2015-1781 at SUSE CVE-2015-1781 at NVD CVE-2015-5180 at SUSE CVE-2015-5180 at NVD CVE-2015-7547 at SUSE CVE-2015-7547 at NVD CVE-2015-8776 at SUSE CVE-2015-8776 at NVD CVE-2015-8777 at SUSE CVE-2015-8777 at NVD CVE-2015-8778 at SUSE CVE-2015-8778 at NVD CVE-2015-8779 at SUSE CVE-2015-8779 at NVD CVE-2016-10739 at SUSE CVE-2016-10739 at NVD CVE-2016-1234 at SUSE CVE-2016-1234 at NVD CVE-2016-3075 at SUSE CVE-2016-3075 at NVD CVE-2016-3706 at SUSE CVE-2016-3706 at NVD CVE-2016-4429 at SUSE CVE-2016-4429 at NVD CVE-2016-5417 at SUSE CVE-2016-5417 at NVD CVE-2016-6323 at SUSE CVE-2016-6323 at NVD CVE-2017-1000366 at SUSE CVE-2017-1000366 at NVD CVE-2017-1000408 at SUSE CVE-2017-1000408 at NVD CVE-2017-1000409 at SUSE CVE-2017-1000409 at NVD CVE-2017-12132 at SUSE CVE-2017-12132 at NVD CVE-2017-12133 at SUSE CVE-2017-12133 at NVD CVE-2017-15670 at SUSE CVE-2017-15670 at NVD CVE-2017-15671 at SUSE CVE-2017-15671 at NVD CVE-2017-15804 at SUSE CVE-2017-15804 at NVD CVE-2017-16997 at SUSE CVE-2017-16997 at NVD CVE-2017-17426 at SUSE CVE-2017-17426 at NVD CVE-2017-18269 at SUSE CVE-2017-18269 at NVD CVE-2018-1000001 at SUSE CVE-2018-1000001 at NVD CVE-2018-11236 at SUSE CVE-2018-11236 at NVD CVE-2018-11237 at SUSE CVE-2018-11237 at NVD CVE-2018-6485 at SUSE CVE-2018-6485 at NVD CVE-2018-6551 at SUSE CVE-2018-6551 at NVD CVE-2019-19126 at SUSE CVE-2019-19126 at NVD CVE-2019-9169 at SUSE CVE-2019-9169 at NVD CVE-2020-10029 at SUSE CVE-2020-10029 at NVD CVE-2020-1751 at SUSE CVE-2020-1751 at NVD CVE-2020-1752 at SUSE CVE-2020-1752 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the gpg2-2.2.5-4.14.4 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2018-1000858 at SUSE CVE-2018-1000858 at NVD CVE-2018-12020 at SUSE CVE-2018-12020 at NVD CVE-2018-9234 at SUSE CVE-2018-9234 at NVD CVE-2019-13050 at SUSE CVE-2019-13050 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the grep-3.1-4.3.12 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2015-1345 at SUSE CVE-2015-1345 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the grub2-2.04-9.30.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2015-8370 at SUSE CVE-2015-8370 at NVD CVE-2020-10713 at SUSE CVE-2020-10713 at NVD CVE-2020-14308 at SUSE CVE-2020-14308 at NVD CVE-2020-14309 at SUSE CVE-2020-14309 at NVD CVE-2020-14310 at SUSE CVE-2020-14310 at NVD CVE-2020-14311 at SUSE CVE-2020-14311 at NVD CVE-2020-15705 at SUSE CVE-2020-15705 at NVD CVE-2020-15706 at SUSE CVE-2020-15706 at NVD CVE-2020-15707 at SUSE CVE-2020-15707 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the gstreamer-1.16.2-1.53 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2016-10198 at SUSE CVE-2016-10198 at NVD CVE-2016-10199 at SUSE CVE-2016-10199 at NVD CVE-2017-5837 at SUSE CVE-2017-5837 at NVD CVE-2017-5838 at SUSE CVE-2017-5838 at NVD CVE-2017-5839 at SUSE CVE-2017-5839 at NVD CVE-2017-5840 at SUSE CVE-2017-5840 at NVD CVE-2017-5841 at SUSE CVE-2017-5841 at NVD CVE-2017-5842 at SUSE CVE-2017-5842 at NVD CVE-2017-5843 at SUSE CVE-2017-5843 at NVD CVE-2017-5844 at SUSE CVE-2017-5844 at NVD CVE-2017-5845 at SUSE CVE-2017-5845 at NVD CVE-2017-5846 at SUSE CVE-2017-5846 at NVD CVE-2017-5847 at SUSE CVE-2017-5847 at NVD CVE-2017-5848 at SUSE CVE-2017-5848 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the gstreamer-plugins-base-1.16.2-2.12 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2019-9928 at SUSE CVE-2019-9928 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the hardlink-1.0+git.e66999f-1.25 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2011-3630 at SUSE CVE-2011-3630 at NVD CVE-2011-3631 at SUSE CVE-2011-3631 at NVD CVE-2011-3632 at SUSE CVE-2011-3632 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the kdump-0.9.0-11.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2016-5759 at SUSE CVE-2016-5759 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the kernel-default-5.3.18-24.49.2 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2017-1000251 at SUSE CVE-2017-1000251 at NVD CVE-2017-12153 at SUSE CVE-2017-12153 at NVD CVE-2017-13080 at SUSE CVE-2017-13080 at NVD CVE-2017-14051 at SUSE CVE-2017-14051 at NVD CVE-2017-16536 at SUSE CVE-2017-16536 at NVD CVE-2017-16537 at SUSE CVE-2017-16537 at NVD CVE-2017-16646 at SUSE CVE-2017-16646 at NVD CVE-2017-16648 at SUSE CVE-2017-16648 at NVD CVE-2017-5715 at SUSE CVE-2017-5715 at NVD CVE-2017-5753 at SUSE CVE-2017-5753 at NVD CVE-2017-5754 at SUSE CVE-2017-5754 at NVD CVE-2018-10323 at SUSE CVE-2018-10323 at NVD CVE-2018-12232 at SUSE CVE-2018-12232 at NVD CVE-2018-13053 at SUSE CVE-2018-13053 at NVD CVE-2018-20669 at SUSE CVE-2018-20669 at NVD CVE-2019-0154 at SUSE CVE-2019-0154 at NVD CVE-2019-0155 at SUSE CVE-2019-0155 at NVD CVE-2019-10220 at SUSE CVE-2019-10220 at NVD CVE-2019-11477 at SUSE CVE-2019-11477 at NVD CVE-2019-11478 at SUSE CVE-2019-11478 at NVD CVE-2019-11479 at SUSE CVE-2019-11479 at NVD CVE-2019-14615 at SUSE CVE-2019-14615 at NVD CVE-2019-14814 at SUSE CVE-2019-14814 at NVD CVE-2019-14815 at SUSE CVE-2019-14815 at NVD CVE-2019-14816 at SUSE CVE-2019-14816 at NVD CVE-2019-14895 at SUSE CVE-2019-14895 at NVD CVE-2019-14896 at SUSE CVE-2019-14896 at NVD CVE-2019-14897 at SUSE CVE-2019-14897 at NVD CVE-2019-14901 at SUSE CVE-2019-14901 at NVD CVE-2019-15030 at SUSE CVE-2019-15030 at NVD CVE-2019-15031 at SUSE CVE-2019-15031 at NVD CVE-2019-15098 at SUSE CVE-2019-15098 at NVD CVE-2019-15099 at SUSE CVE-2019-15099 at NVD CVE-2019-15290 at SUSE CVE-2019-15290 at NVD CVE-2019-15291 at SUSE CVE-2019-15291 at NVD CVE-2019-15504 at SUSE CVE-2019-15504 at NVD CVE-2019-16231 at SUSE CVE-2019-16231 at NVD CVE-2019-16232 at SUSE CVE-2019-16232 at NVD CVE-2019-16233 at SUSE CVE-2019-16233 at NVD CVE-2019-16234 at SUSE CVE-2019-16234 at NVD CVE-2019-17133 at SUSE CVE-2019-17133 at NVD CVE-2019-17666 at SUSE CVE-2019-17666 at NVD CVE-2019-18198 at SUSE CVE-2019-18198 at NVD CVE-2019-18660 at SUSE CVE-2019-18660 at NVD CVE-2019-18683 at SUSE CVE-2019-18683 at NVD CVE-2019-18786 at SUSE CVE-2019-18786 at NVD CVE-2019-18808 at SUSE CVE-2019-18808 at NVD CVE-2019-18809 at SUSE CVE-2019-18809 at NVD CVE-2019-18811 at SUSE CVE-2019-18811 at NVD CVE-2019-18812 at SUSE CVE-2019-18812 at NVD CVE-2019-18813 at SUSE CVE-2019-18813 at NVD CVE-2019-19037 at SUSE CVE-2019-19037 at NVD CVE-2019-19043 at SUSE CVE-2019-19043 at NVD CVE-2019-19044 at SUSE CVE-2019-19044 at NVD CVE-2019-19045 at SUSE CVE-2019-19045 at NVD CVE-2019-19046 at SUSE CVE-2019-19046 at NVD CVE-2019-19047 at SUSE CVE-2019-19047 at NVD CVE-2019-19048 at SUSE CVE-2019-19048 at NVD CVE-2019-19049 at SUSE CVE-2019-19049 at NVD CVE-2019-19050 at SUSE CVE-2019-19050 at NVD CVE-2019-19051 at SUSE CVE-2019-19051 at NVD CVE-2019-19052 at SUSE CVE-2019-19052 at NVD CVE-2019-19053 at SUSE CVE-2019-19053 at NVD CVE-2019-19054 at SUSE CVE-2019-19054 at NVD CVE-2019-19055 at SUSE CVE-2019-19055 at NVD CVE-2019-19056 at SUSE CVE-2019-19056 at NVD CVE-2019-19057 at SUSE CVE-2019-19057 at NVD CVE-2019-19058 at SUSE CVE-2019-19058 at NVD CVE-2019-19060 at SUSE CVE-2019-19060 at NVD CVE-2019-19061 at SUSE CVE-2019-19061 at NVD CVE-2019-19062 at SUSE CVE-2019-19062 at NVD CVE-2019-19063 at SUSE CVE-2019-19063 at NVD CVE-2019-19064 at SUSE CVE-2019-19064 at NVD CVE-2019-19065 at SUSE CVE-2019-19065 at NVD CVE-2019-19066 at SUSE CVE-2019-19066 at NVD CVE-2019-19067 at SUSE CVE-2019-19067 at NVD CVE-2019-19068 at SUSE CVE-2019-19068 at NVD CVE-2019-19069 at SUSE CVE-2019-19069 at NVD CVE-2019-19070 at SUSE CVE-2019-19070 at NVD CVE-2019-19071 at SUSE CVE-2019-19071 at NVD CVE-2019-19072 at SUSE CVE-2019-19072 at NVD CVE-2019-19073 at SUSE CVE-2019-19073 at NVD CVE-2019-19074 at SUSE CVE-2019-19074 at NVD CVE-2019-19075 at SUSE CVE-2019-19075 at NVD CVE-2019-19077 at SUSE CVE-2019-19077 at NVD CVE-2019-19078 at SUSE CVE-2019-19078 at NVD CVE-2019-19080 at SUSE CVE-2019-19080 at NVD CVE-2019-19081 at SUSE CVE-2019-19081 at NVD CVE-2019-19082 at SUSE CVE-2019-19082 at NVD CVE-2019-19083 at SUSE CVE-2019-19083 at NVD CVE-2019-19241 at SUSE CVE-2019-19241 at NVD CVE-2019-19252 at SUSE CVE-2019-19252 at NVD CVE-2019-19332 at SUSE CVE-2019-19332 at NVD CVE-2019-19338 at SUSE CVE-2019-19338 at NVD CVE-2019-19447 at SUSE CVE-2019-19447 at NVD CVE-2019-19462 at SUSE CVE-2019-19462 at NVD CVE-2019-19523 at SUSE CVE-2019-19523 at NVD CVE-2019-19524 at SUSE CVE-2019-19524 at NVD CVE-2019-19525 at SUSE CVE-2019-19525 at NVD CVE-2019-19526 at SUSE CVE-2019-19526 at NVD CVE-2019-19528 at SUSE CVE-2019-19528 at NVD CVE-2019-19529 at SUSE CVE-2019-19529 at NVD CVE-2019-19532 at SUSE CVE-2019-19532 at NVD CVE-2019-19533 at SUSE CVE-2019-19533 at NVD CVE-2019-19534 at SUSE CVE-2019-19534 at NVD CVE-2019-19602 at SUSE CVE-2019-19602 at NVD CVE-2019-19767 at SUSE CVE-2019-19767 at NVD CVE-2019-19768 at SUSE CVE-2019-19768 at NVD CVE-2019-19770 at SUSE CVE-2019-19770 at NVD CVE-2019-19807 at SUSE CVE-2019-19807 at NVD CVE-2019-19922 at SUSE CVE-2019-19922 at NVD CVE-2019-19947 at SUSE CVE-2019-19947 at NVD CVE-2019-19965 at SUSE CVE-2019-19965 at NVD CVE-2019-20422 at SUSE CVE-2019-20422 at NVD CVE-2019-20810 at SUSE CVE-2019-20810 at NVD CVE-2019-20812 at SUSE CVE-2019-20812 at NVD CVE-2019-3016 at SUSE CVE-2019-3016 at NVD CVE-2019-8912 at SUSE CVE-2019-8912 at NVD CVE-2020-0110 at SUSE CVE-2020-0110 at NVD CVE-2020-0305 at SUSE CVE-2020-0305 at NVD CVE-2020-0404 at SUSE CVE-2020-0404 at NVD CVE-2020-0427 at SUSE CVE-2020-0427 at NVD CVE-2020-0431 at SUSE CVE-2020-0431 at NVD CVE-2020-0432 at SUSE CVE-2020-0432 at NVD CVE-2020-0444 at SUSE CVE-2020-0444 at NVD CVE-2020-0465 at SUSE CVE-2020-0465 at NVD CVE-2020-0466 at SUSE CVE-2020-0466 at NVD CVE-2020-0543 at SUSE CVE-2020-0543 at NVD CVE-2020-10135 at SUSE CVE-2020-10135 at NVD CVE-2020-10690 at SUSE CVE-2020-10690 at NVD CVE-2020-10711 at SUSE CVE-2020-10711 at NVD CVE-2020-10732 at SUSE CVE-2020-10732 at NVD CVE-2020-10751 at SUSE CVE-2020-10751 at NVD CVE-2020-10757 at SUSE CVE-2020-10757 at NVD CVE-2020-10766 at SUSE CVE-2020-10766 at NVD CVE-2020-10767 at SUSE CVE-2020-10767 at NVD CVE-2020-10768 at SUSE CVE-2020-10768 at NVD CVE-2020-10773 at SUSE CVE-2020-10773 at NVD CVE-2020-10781 at SUSE CVE-2020-10781 at NVD CVE-2020-10942 at SUSE CVE-2020-10942 at NVD CVE-2020-11494 at SUSE CVE-2020-11494 at NVD CVE-2020-11608 at SUSE CVE-2020-11608 at NVD CVE-2020-11668 at SUSE CVE-2020-11668 at NVD CVE-2020-11884 at SUSE CVE-2020-11884 at NVD CVE-2020-12351 at SUSE CVE-2020-12351 at NVD CVE-2020-12352 at SUSE CVE-2020-12352 at NVD CVE-2020-12464 at SUSE CVE-2020-12464 at NVD CVE-2020-12465 at SUSE CVE-2020-12465 at NVD CVE-2020-12652 at SUSE CVE-2020-12652 at NVD CVE-2020-12653 at SUSE CVE-2020-12653 at NVD CVE-2020-12654 at SUSE CVE-2020-12654 at NVD CVE-2020-12655 at SUSE CVE-2020-12655 at NVD CVE-2020-12656 at SUSE CVE-2020-12656 at NVD CVE-2020-12657 at SUSE CVE-2020-12657 at NVD CVE-2020-12659 at SUSE CVE-2020-12659 at NVD CVE-2020-12769 at SUSE CVE-2020-12769 at NVD CVE-2020-12771 at SUSE CVE-2020-12771 at NVD CVE-2020-12888 at SUSE CVE-2020-12888 at NVD CVE-2020-13143 at SUSE CVE-2020-13143 at NVD CVE-2020-13974 at SUSE CVE-2020-13974 at NVD CVE-2020-14314 at SUSE CVE-2020-14314 at NVD CVE-2020-14331 at SUSE CVE-2020-14331 at NVD CVE-2020-14351 at SUSE CVE-2020-14351 at NVD CVE-2020-14356 at SUSE CVE-2020-14356 at NVD CVE-2020-14385 at SUSE CVE-2020-14385 at NVD CVE-2020-14386 at SUSE CVE-2020-14386 at NVD CVE-2020-14390 at SUSE CVE-2020-14390 at NVD CVE-2020-14416 at SUSE CVE-2020-14416 at NVD CVE-2020-15393 at SUSE CVE-2020-15393 at NVD CVE-2020-15436 at SUSE CVE-2020-15436 at NVD CVE-2020-15437 at SUSE CVE-2020-15437 at NVD CVE-2020-15780 at SUSE CVE-2020-15780 at NVD CVE-2020-16120 at SUSE CVE-2020-16120 at NVD CVE-2020-16166 at SUSE CVE-2020-16166 at NVD CVE-2020-1749 at SUSE CVE-2020-1749 at NVD CVE-2020-24490 at SUSE CVE-2020-24490 at NVD CVE-2020-2521 at SUSE CVE-2020-2521 at NVD CVE-2020-25211 at SUSE CVE-2020-25211 at NVD CVE-2020-25212 at SUSE CVE-2020-25212 at NVD CVE-2020-25284 at SUSE CVE-2020-25284 at NVD CVE-2020-25285 at SUSE CVE-2020-25285 at NVD CVE-2020-25639 at SUSE CVE-2020-25639 at NVD CVE-2020-25641 at SUSE CVE-2020-25641 at NVD CVE-2020-25643 at SUSE CVE-2020-25643 at NVD CVE-2020-25645 at SUSE CVE-2020-25645 at NVD CVE-2020-25656 at SUSE CVE-2020-25656 at NVD CVE-2020-25668 at SUSE CVE-2020-25668 at NVD CVE-2020-25669 at SUSE CVE-2020-25669 at NVD CVE-2020-25704 at SUSE CVE-2020-25704 at NVD CVE-2020-25705 at SUSE CVE-2020-25705 at NVD CVE-2020-26088 at SUSE CVE-2020-26088 at NVD CVE-2020-27068 at SUSE CVE-2020-27068 at NVD CVE-2020-2732 at SUSE CVE-2020-2732 at NVD CVE-2020-27673 at SUSE CVE-2020-27673 at NVD CVE-2020-27675 at SUSE CVE-2020-27675 at NVD CVE-2020-27777 at SUSE CVE-2020-27777 at NVD CVE-2020-27786 at SUSE CVE-2020-27786 at NVD CVE-2020-27825 at SUSE CVE-2020-27825 at NVD CVE-2020-27830 at SUSE CVE-2020-27830 at NVD CVE-2020-27835 at SUSE CVE-2020-27835 at NVD CVE-2020-28374 at SUSE CVE-2020-28374 at NVD CVE-2020-28915 at SUSE CVE-2020-28915 at NVD CVE-2020-28941 at SUSE CVE-2020-28941 at NVD CVE-2020-28974 at SUSE CVE-2020-28974 at NVD CVE-2020-29369 at SUSE CVE-2020-29369 at NVD CVE-2020-29370 at SUSE CVE-2020-29370 at NVD CVE-2020-29371 at SUSE CVE-2020-29371 at NVD CVE-2020-29373 at SUSE CVE-2020-29373 at NVD CVE-2020-29568 at SUSE CVE-2020-29568 at NVD CVE-2020-29569 at SUSE CVE-2020-29569 at NVD CVE-2020-29660 at SUSE CVE-2020-29660 at NVD CVE-2020-29661 at SUSE CVE-2020-29661 at NVD CVE-2020-36158 at SUSE CVE-2020-36158 at NVD CVE-2020-4788 at SUSE CVE-2020-4788 at NVD CVE-2020-8428 at SUSE CVE-2020-8428 at NVD CVE-2020-8647 at SUSE CVE-2020-8647 at NVD CVE-2020-8648 at SUSE CVE-2020-8648 at NVD CVE-2020-8649 at SUSE CVE-2020-8649 at NVD CVE-2020-8694 at SUSE CVE-2020-8694 at NVD CVE-2020-8835 at SUSE CVE-2020-8835 at NVD CVE-2020-8992 at SUSE CVE-2020-8992 at NVD CVE-2020-9383 at SUSE CVE-2020-9383 at NVD CVE-2021-0342 at SUSE CVE-2021-0342 at NVD CVE-2021-20177 at SUSE CVE-2021-20177 at NVD CVE-2021-3347 at SUSE CVE-2021-3347 at NVD CVE-2021-3348 at SUSE CVE-2021-3348 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the kernel-firmware-20200107-3.15.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2017-13080 at SUSE CVE-2017-13080 at NVD CVE-2017-13081 at SUSE CVE-2017-13081 at NVD CVE-2017-5715 at SUSE CVE-2017-5715 at NVD CVE-2019-9836 at SUSE CVE-2019-9836 at NVD CVE-2020-12321 at SUSE CVE-2020-12321 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the kernel-rt-5.3.18-8.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2017-1000251 at SUSE CVE-2017-1000251 at NVD CVE-2017-12153 at SUSE CVE-2017-12153 at NVD CVE-2017-13080 at SUSE CVE-2017-13080 at NVD CVE-2017-14051 at SUSE CVE-2017-14051 at NVD CVE-2017-16536 at SUSE CVE-2017-16536 at NVD CVE-2017-16537 at SUSE CVE-2017-16537 at NVD CVE-2017-16646 at SUSE CVE-2017-16646 at NVD CVE-2017-16648 at SUSE CVE-2017-16648 at NVD CVE-2017-5715 at SUSE CVE-2017-5715 at NVD CVE-2017-5753 at SUSE CVE-2017-5753 at NVD CVE-2017-5754 at SUSE CVE-2017-5754 at NVD CVE-2018-10323 at SUSE CVE-2018-10323 at NVD CVE-2018-12232 at SUSE CVE-2018-12232 at NVD CVE-2018-13053 at SUSE CVE-2018-13053 at NVD CVE-2018-20669 at SUSE CVE-2018-20669 at NVD CVE-2019-0154 at SUSE CVE-2019-0154 at NVD CVE-2019-0155 at SUSE CVE-2019-0155 at NVD CVE-2019-10220 at SUSE CVE-2019-10220 at NVD CVE-2019-11477 at SUSE CVE-2019-11477 at NVD CVE-2019-11478 at SUSE CVE-2019-11478 at NVD CVE-2019-11479 at SUSE CVE-2019-11479 at NVD CVE-2019-14615 at SUSE CVE-2019-14615 at NVD CVE-2019-14814 at SUSE CVE-2019-14814 at NVD CVE-2019-14815 at SUSE CVE-2019-14815 at NVD CVE-2019-14816 at SUSE CVE-2019-14816 at NVD CVE-2019-14895 at SUSE CVE-2019-14895 at NVD CVE-2019-14896 at SUSE CVE-2019-14896 at NVD CVE-2019-14897 at SUSE CVE-2019-14897 at NVD CVE-2019-14901 at SUSE CVE-2019-14901 at NVD CVE-2019-15030 at SUSE CVE-2019-15030 at NVD CVE-2019-15031 at SUSE CVE-2019-15031 at NVD CVE-2019-15098 at SUSE CVE-2019-15098 at NVD CVE-2019-15099 at SUSE CVE-2019-15099 at NVD CVE-2019-15290 at SUSE CVE-2019-15290 at NVD CVE-2019-15291 at SUSE CVE-2019-15291 at NVD CVE-2019-15504 at SUSE CVE-2019-15504 at NVD CVE-2019-16231 at SUSE CVE-2019-16231 at NVD CVE-2019-16232 at SUSE CVE-2019-16232 at NVD CVE-2019-16233 at SUSE CVE-2019-16233 at NVD CVE-2019-16234 at SUSE CVE-2019-16234 at NVD CVE-2019-17133 at SUSE CVE-2019-17133 at NVD CVE-2019-17666 at SUSE CVE-2019-17666 at NVD CVE-2019-18198 at SUSE CVE-2019-18198 at NVD CVE-2019-18660 at SUSE CVE-2019-18660 at NVD CVE-2019-18683 at SUSE CVE-2019-18683 at NVD CVE-2019-18786 at SUSE CVE-2019-18786 at NVD CVE-2019-18808 at SUSE CVE-2019-18808 at NVD CVE-2019-18809 at SUSE CVE-2019-18809 at NVD CVE-2019-18811 at SUSE CVE-2019-18811 at NVD CVE-2019-18812 at SUSE CVE-2019-18812 at NVD CVE-2019-18813 at SUSE CVE-2019-18813 at NVD CVE-2019-19037 at SUSE CVE-2019-19037 at NVD CVE-2019-19043 at SUSE CVE-2019-19043 at NVD CVE-2019-19044 at SUSE CVE-2019-19044 at NVD CVE-2019-19045 at SUSE CVE-2019-19045 at NVD CVE-2019-19046 at SUSE CVE-2019-19046 at NVD CVE-2019-19047 at SUSE CVE-2019-19047 at NVD CVE-2019-19048 at SUSE CVE-2019-19048 at NVD CVE-2019-19049 at SUSE CVE-2019-19049 at NVD CVE-2019-19050 at SUSE CVE-2019-19050 at NVD CVE-2019-19051 at SUSE CVE-2019-19051 at NVD CVE-2019-19052 at SUSE CVE-2019-19052 at NVD CVE-2019-19053 at SUSE CVE-2019-19053 at NVD CVE-2019-19054 at SUSE CVE-2019-19054 at NVD CVE-2019-19055 at SUSE CVE-2019-19055 at NVD CVE-2019-19056 at SUSE CVE-2019-19056 at NVD CVE-2019-19057 at SUSE CVE-2019-19057 at NVD CVE-2019-19058 at SUSE CVE-2019-19058 at NVD CVE-2019-19060 at SUSE CVE-2019-19060 at NVD CVE-2019-19061 at SUSE CVE-2019-19061 at NVD CVE-2019-19062 at SUSE CVE-2019-19062 at NVD CVE-2019-19063 at SUSE CVE-2019-19063 at NVD CVE-2019-19064 at SUSE CVE-2019-19064 at NVD CVE-2019-19065 at SUSE CVE-2019-19065 at NVD CVE-2019-19066 at SUSE CVE-2019-19066 at NVD CVE-2019-19067 at SUSE CVE-2019-19067 at NVD CVE-2019-19068 at SUSE CVE-2019-19068 at NVD CVE-2019-19069 at SUSE CVE-2019-19069 at NVD CVE-2019-19070 at SUSE CVE-2019-19070 at NVD CVE-2019-19071 at SUSE CVE-2019-19071 at NVD CVE-2019-19072 at SUSE CVE-2019-19072 at NVD CVE-2019-19073 at SUSE CVE-2019-19073 at NVD CVE-2019-19074 at SUSE CVE-2019-19074 at NVD CVE-2019-19075 at SUSE CVE-2019-19075 at NVD CVE-2019-19077 at SUSE CVE-2019-19077 at NVD CVE-2019-19078 at SUSE CVE-2019-19078 at NVD CVE-2019-19080 at SUSE CVE-2019-19080 at NVD CVE-2019-19081 at SUSE CVE-2019-19081 at NVD CVE-2019-19082 at SUSE CVE-2019-19082 at NVD CVE-2019-19083 at SUSE CVE-2019-19083 at NVD CVE-2019-19241 at SUSE CVE-2019-19241 at NVD CVE-2019-19252 at SUSE CVE-2019-19252 at NVD CVE-2019-19332 at SUSE CVE-2019-19332 at NVD CVE-2019-19338 at SUSE CVE-2019-19338 at NVD CVE-2019-19447 at SUSE CVE-2019-19447 at NVD CVE-2019-19462 at SUSE CVE-2019-19462 at NVD CVE-2019-19523 at SUSE CVE-2019-19523 at NVD CVE-2019-19524 at SUSE CVE-2019-19524 at NVD CVE-2019-19525 at SUSE CVE-2019-19525 at NVD CVE-2019-19526 at SUSE CVE-2019-19526 at NVD CVE-2019-19528 at SUSE CVE-2019-19528 at NVD CVE-2019-19529 at SUSE CVE-2019-19529 at NVD CVE-2019-19532 at SUSE CVE-2019-19532 at NVD CVE-2019-19533 at SUSE CVE-2019-19533 at NVD CVE-2019-19534 at SUSE CVE-2019-19534 at NVD CVE-2019-19602 at SUSE CVE-2019-19602 at NVD CVE-2019-19767 at SUSE CVE-2019-19767 at NVD CVE-2019-19768 at SUSE CVE-2019-19768 at NVD CVE-2019-19770 at SUSE CVE-2019-19770 at NVD CVE-2019-19807 at SUSE CVE-2019-19807 at NVD CVE-2019-19922 at SUSE CVE-2019-19922 at NVD CVE-2019-19947 at SUSE CVE-2019-19947 at NVD CVE-2019-19965 at SUSE CVE-2019-19965 at NVD CVE-2019-20422 at SUSE CVE-2019-20422 at NVD CVE-2019-20810 at SUSE CVE-2019-20810 at NVD CVE-2019-20812 at SUSE CVE-2019-20812 at NVD CVE-2019-3016 at SUSE CVE-2019-3016 at NVD CVE-2019-8912 at SUSE CVE-2019-8912 at NVD CVE-2020-0110 at SUSE CVE-2020-0110 at NVD CVE-2020-0305 at SUSE CVE-2020-0305 at NVD CVE-2020-0404 at SUSE CVE-2020-0404 at NVD CVE-2020-0427 at SUSE CVE-2020-0427 at NVD CVE-2020-0431 at SUSE CVE-2020-0431 at NVD CVE-2020-0432 at SUSE CVE-2020-0432 at NVD CVE-2020-0444 at SUSE CVE-2020-0444 at NVD CVE-2020-0465 at SUSE CVE-2020-0465 at NVD CVE-2020-0466 at SUSE CVE-2020-0466 at NVD CVE-2020-0543 at SUSE CVE-2020-0543 at NVD CVE-2020-10135 at SUSE CVE-2020-10135 at NVD CVE-2020-10690 at SUSE CVE-2020-10690 at NVD CVE-2020-10711 at SUSE CVE-2020-10711 at NVD CVE-2020-10732 at SUSE CVE-2020-10732 at NVD CVE-2020-10751 at SUSE CVE-2020-10751 at NVD CVE-2020-10757 at SUSE CVE-2020-10757 at NVD CVE-2020-10766 at SUSE CVE-2020-10766 at NVD CVE-2020-10767 at SUSE CVE-2020-10767 at NVD CVE-2020-10768 at SUSE CVE-2020-10768 at NVD CVE-2020-10773 at SUSE CVE-2020-10773 at NVD CVE-2020-10781 at SUSE CVE-2020-10781 at NVD CVE-2020-10942 at SUSE CVE-2020-10942 at NVD CVE-2020-11494 at SUSE CVE-2020-11494 at NVD CVE-2020-11608 at SUSE CVE-2020-11608 at NVD CVE-2020-11668 at SUSE CVE-2020-11668 at NVD CVE-2020-11884 at SUSE CVE-2020-11884 at NVD CVE-2020-12351 at SUSE CVE-2020-12351 at NVD CVE-2020-12352 at SUSE CVE-2020-12352 at NVD CVE-2020-12464 at SUSE CVE-2020-12464 at NVD CVE-2020-12465 at SUSE CVE-2020-12465 at NVD CVE-2020-12652 at SUSE CVE-2020-12652 at NVD CVE-2020-12653 at SUSE CVE-2020-12653 at NVD CVE-2020-12654 at SUSE CVE-2020-12654 at NVD CVE-2020-12655 at SUSE CVE-2020-12655 at NVD CVE-2020-12656 at SUSE CVE-2020-12656 at NVD CVE-2020-12657 at SUSE CVE-2020-12657 at NVD CVE-2020-12659 at SUSE CVE-2020-12659 at NVD CVE-2020-12769 at SUSE CVE-2020-12769 at NVD CVE-2020-12771 at SUSE CVE-2020-12771 at NVD CVE-2020-12888 at SUSE CVE-2020-12888 at NVD CVE-2020-13143 at SUSE CVE-2020-13143 at NVD CVE-2020-13974 at SUSE CVE-2020-13974 at NVD CVE-2020-14314 at SUSE CVE-2020-14314 at NVD CVE-2020-14331 at SUSE CVE-2020-14331 at NVD CVE-2020-14351 at SUSE CVE-2020-14351 at NVD CVE-2020-14356 at SUSE CVE-2020-14356 at NVD CVE-2020-14385 at SUSE CVE-2020-14385 at NVD CVE-2020-14386 at SUSE CVE-2020-14386 at NVD CVE-2020-14390 at SUSE CVE-2020-14390 at NVD CVE-2020-14416 at SUSE CVE-2020-14416 at NVD CVE-2020-15393 at SUSE CVE-2020-15393 at NVD CVE-2020-15436 at SUSE CVE-2020-15436 at NVD CVE-2020-15437 at SUSE CVE-2020-15437 at NVD CVE-2020-15780 at SUSE CVE-2020-15780 at NVD CVE-2020-16120 at SUSE CVE-2020-16120 at NVD CVE-2020-16166 at SUSE CVE-2020-16166 at NVD CVE-2020-1749 at SUSE CVE-2020-1749 at NVD CVE-2020-24490 at SUSE CVE-2020-24490 at NVD CVE-2020-2521 at SUSE CVE-2020-2521 at NVD CVE-2020-25212 at SUSE CVE-2020-25212 at NVD CVE-2020-25284 at SUSE CVE-2020-25284 at NVD CVE-2020-25285 at SUSE CVE-2020-25285 at NVD CVE-2020-25641 at SUSE CVE-2020-25641 at NVD CVE-2020-25643 at SUSE CVE-2020-25643 at NVD CVE-2020-25645 at SUSE CVE-2020-25645 at NVD CVE-2020-25656 at SUSE CVE-2020-25656 at NVD CVE-2020-25668 at SUSE CVE-2020-25668 at NVD CVE-2020-25669 at SUSE CVE-2020-25669 at NVD CVE-2020-25704 at SUSE CVE-2020-25704 at NVD CVE-2020-25705 at SUSE CVE-2020-25705 at NVD CVE-2020-26088 at SUSE CVE-2020-26088 at NVD CVE-2020-27068 at SUSE CVE-2020-27068 at NVD CVE-2020-2732 at SUSE CVE-2020-2732 at NVD CVE-2020-27777 at SUSE CVE-2020-27777 at NVD CVE-2020-27786 at SUSE CVE-2020-27786 at NVD CVE-2020-27825 at SUSE CVE-2020-27825 at NVD CVE-2020-27830 at SUSE CVE-2020-27830 at NVD CVE-2020-28915 at SUSE CVE-2020-28915 at NVD CVE-2020-28941 at SUSE CVE-2020-28941 at NVD CVE-2020-28974 at SUSE CVE-2020-28974 at NVD CVE-2020-29369 at SUSE CVE-2020-29369 at NVD CVE-2020-29370 at SUSE CVE-2020-29370 at NVD CVE-2020-29371 at SUSE CVE-2020-29371 at NVD CVE-2020-29373 at SUSE CVE-2020-29373 at NVD CVE-2020-29660 at SUSE CVE-2020-29660 at NVD CVE-2020-29661 at SUSE CVE-2020-29661 at NVD CVE-2020-36158 at SUSE CVE-2020-36158 at NVD CVE-2020-4788 at SUSE CVE-2020-4788 at NVD CVE-2020-8428 at SUSE CVE-2020-8428 at NVD CVE-2020-8647 at SUSE CVE-2020-8647 at NVD CVE-2020-8648 at SUSE CVE-2020-8648 at NVD CVE-2020-8649 at SUSE CVE-2020-8649 at NVD CVE-2020-8694 at SUSE CVE-2020-8694 at NVD CVE-2020-8835 at SUSE CVE-2020-8835 at NVD CVE-2020-8992 at SUSE CVE-2020-8992 at NVD CVE-2020-9383 at SUSE CVE-2020-9383 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the krb5-1.16.3-3.15.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2014-5351 at SUSE CVE-2014-5351 at NVD CVE-2014-5352 at SUSE CVE-2014-5352 at NVD CVE-2014-5353 at SUSE CVE-2014-5353 at NVD CVE-2014-5354 at SUSE CVE-2014-5354 at NVD CVE-2014-5355 at SUSE CVE-2014-5355 at NVD CVE-2014-9421 at SUSE CVE-2014-9421 at NVD CVE-2014-9422 at SUSE CVE-2014-9422 at NVD CVE-2014-9423 at SUSE CVE-2014-9423 at NVD CVE-2015-2694 at SUSE CVE-2015-2694 at NVD CVE-2015-2695 at SUSE CVE-2015-2695 at NVD CVE-2015-2696 at SUSE CVE-2015-2696 at NVD CVE-2015-2697 at SUSE CVE-2015-2697 at NVD CVE-2015-2698 at SUSE CVE-2015-2698 at NVD CVE-2015-8629 at SUSE CVE-2015-8629 at NVD CVE-2015-8630 at SUSE CVE-2015-8630 at NVD CVE-2015-8631 at SUSE CVE-2015-8631 at NVD CVE-2016-3119 at SUSE CVE-2016-3119 at NVD CVE-2016-3120 at SUSE CVE-2016-3120 at NVD CVE-2017-11368 at SUSE CVE-2017-11368 at NVD CVE-2017-11462 at SUSE CVE-2017-11462 at NVD CVE-2018-20217 at SUSE CVE-2018-20217 at NVD CVE-2018-5729 at SUSE CVE-2018-5729 at NVD CVE-2018-5730 at SUSE CVE-2018-5730 at NVD CVE-2020-28196 at SUSE CVE-2020-28196 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the less-530-1.6 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2014-9488 at SUSE CVE-2014-9488 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the libX11-6-1.6.5-3.12.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2018-14598 at SUSE CVE-2018-14598 at NVD CVE-2018-14599 at SUSE CVE-2018-14599 at NVD CVE-2018-14600 at SUSE CVE-2018-14600 at NVD CVE-2020-14344 at SUSE CVE-2020-14344 at NVD CVE-2020-14363 at SUSE CVE-2020-14363 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the libXext6-1.3.3-1.30 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2013-1982 at SUSE CVE-2013-1982 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the libXrender1-0.9.10-1.30 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2013-1987 at SUSE CVE-2013-1987 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the libXv1-1.0.11-1.23 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2013-1989 at SUSE CVE-2013-1989 at NVD CVE-2013-2066 at SUSE CVE-2013-2066 at NVD CVE-2016-5407 at SUSE CVE-2016-5407 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the libaudit1-2.8.1-12.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2015-5186 at SUSE CVE-2015-5186 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the libblkid1-2.33.1-4.13.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2014-9114 at SUSE CVE-2014-9114 at NVD CVE-2015-5218 at SUSE CVE-2015-5218 at NVD CVE-2016-2779 at SUSE CVE-2016-2779 at NVD CVE-2016-5011 at SUSE CVE-2016-5011 at NVD CVE-2017-2616 at SUSE CVE-2017-2616 at NVD CVE-2018-7738 at SUSE CVE-2018-7738 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the libbluetooth3-5.48-13.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2016-9797 at SUSE CVE-2016-9797 at NVD CVE-2016-9798 at SUSE CVE-2016-9798 at NVD CVE-2016-9800 at SUSE CVE-2016-9800 at NVD CVE-2016-9801 at SUSE CVE-2016-9801 at NVD CVE-2016-9802 at SUSE CVE-2016-9802 at NVD CVE-2016-9804 at SUSE CVE-2016-9804 at NVD CVE-2016-9917 at SUSE CVE-2016-9917 at NVD CVE-2016-9918 at SUSE CVE-2016-9918 at NVD CVE-2020-0556 at SUSE CVE-2020-0556 at NVD CVE-2020-27153 at SUSE CVE-2020-27153 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the libbsd0-0.8.7-3.3.17 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2019-20367 at SUSE CVE-2019-20367 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the libbz2-1-1.0.6-5.9.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2016-3189 at SUSE CVE-2016-3189 at NVD CVE-2019-12900 at SUSE CVE-2019-12900 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the libcairo2-1.16.0-1.55 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2016-9082 at SUSE CVE-2016-9082 at NVD CVE-2017-7475 at SUSE CVE-2017-7475 at NVD CVE-2017-9814 at SUSE CVE-2017-9814 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the libcontainers-common-20200727-3.12.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2018-15664 at SUSE CVE-2018-15664 at NVD CVE-2019-10152 at SUSE CVE-2019-10152 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the libcroco-0_6-3-0.6.13-1.26 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2017-7960 at SUSE CVE-2017-7960 at NVD CVE-2017-7961 at SUSE CVE-2017-7961 at NVD CVE-2017-8834 at SUSE CVE-2017-8834 at NVD CVE-2017-8871 at SUSE CVE-2017-8871 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the libevent-2_1-8-2.1.8-2.23 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2014-6272 at SUSE CVE-2014-6272 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the libexpat1-2.2.5-3.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2012-0876 at SUSE CVE-2012-0876 at NVD CVE-2012-6702 at SUSE CVE-2012-6702 at NVD CVE-2015-1283 at SUSE CVE-2015-1283 at NVD CVE-2016-0718 at SUSE CVE-2016-0718 at NVD CVE-2016-4472 at SUSE CVE-2016-4472 at NVD CVE-2016-5300 at SUSE CVE-2016-5300 at NVD CVE-2016-9063 at SUSE CVE-2016-9063 at NVD CVE-2017-9233 at SUSE CVE-2017-9233 at NVD CVE-2018-20843 at SUSE CVE-2018-20843 at NVD CVE-2019-15903 at SUSE CVE-2019-15903 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the libfreebl3-3.53.1-3.51.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2014-1569 at SUSE CVE-2014-1569 at NVD CVE-2015-2721 at SUSE CVE-2015-2721 at NVD CVE-2015-4000 at SUSE CVE-2015-4000 at NVD CVE-2015-7181 at SUSE CVE-2015-7181 at NVD CVE-2015-7182 at SUSE CVE-2015-7182 at NVD CVE-2015-7575 at SUSE CVE-2015-7575 at NVD CVE-2016-1950 at SUSE CVE-2016-1950 at NVD CVE-2016-1979 at SUSE CVE-2016-1979 at NVD CVE-2016-2834 at SUSE CVE-2016-2834 at NVD CVE-2018-0495 at SUSE CVE-2018-0495 at NVD CVE-2018-12384 at SUSE CVE-2018-12384 at NVD CVE-2018-12404 at SUSE CVE-2018-12404 at NVD CVE-2018-18508 at SUSE CVE-2018-18508 at NVD CVE-2019-11745 at SUSE CVE-2019-11745 at NVD CVE-2019-17006 at SUSE CVE-2019-17006 at NVD CVE-2020-12399 at SUSE CVE-2020-12399 at NVD CVE-2020-12402 at SUSE CVE-2020-12402 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the libfreetype6-2.10.1-4.8.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2014-2240 at SUSE CVE-2014-2240 at NVD CVE-2014-9656 at SUSE CVE-2014-9656 at NVD CVE-2014-9657 at SUSE CVE-2014-9657 at NVD CVE-2014-9658 at SUSE CVE-2014-9658 at NVD CVE-2014-9659 at SUSE CVE-2014-9659 at NVD CVE-2014-9660 at SUSE CVE-2014-9660 at NVD CVE-2014-9661 at SUSE CVE-2014-9661 at NVD CVE-2014-9662 at SUSE CVE-2014-9662 at NVD CVE-2014-9663 at SUSE CVE-2014-9663 at NVD CVE-2014-9664 at SUSE CVE-2014-9664 at NVD CVE-2014-9665 at SUSE CVE-2014-9665 at NVD CVE-2014-9666 at SUSE CVE-2014-9666 at NVD CVE-2014-9667 at SUSE CVE-2014-9667 at NVD CVE-2014-9668 at SUSE CVE-2014-9668 at NVD CVE-2014-9669 at SUSE CVE-2014-9669 at NVD CVE-2014-9670 at SUSE CVE-2014-9670 at NVD CVE-2014-9671 at SUSE CVE-2014-9671 at NVD CVE-2014-9672 at SUSE CVE-2014-9672 at NVD CVE-2014-9673 at SUSE CVE-2014-9673 at NVD CVE-2014-9674 at SUSE CVE-2014-9674 at NVD CVE-2014-9675 at SUSE CVE-2014-9675 at NVD CVE-2017-8105 at SUSE CVE-2017-8105 at NVD CVE-2017-8287 at SUSE CVE-2017-8287 at NVD CVE-2018-6942 at SUSE CVE-2018-6942 at NVD CVE-2020-15999 at SUSE CVE-2020-15999 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the libgbm1-19.3.4-45.23 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2019-5068 at SUSE CVE-2019-5068 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the libgcc_s1-10.2.1+git583-1.3.4 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2020-13844 at SUSE CVE-2020-13844 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the libgcrypt20-1.8.2-8.36.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2014-3591 at SUSE CVE-2014-3591 at NVD CVE-2015-0837 at SUSE CVE-2015-0837 at NVD CVE-2015-5738 at SUSE CVE-2015-5738 at NVD CVE-2015-7511 at SUSE CVE-2015-7511 at NVD CVE-2016-6313 at SUSE CVE-2016-6313 at NVD CVE-2017-0379 at SUSE CVE-2017-0379 at NVD CVE-2017-7526 at SUSE CVE-2017-7526 at NVD CVE-2018-0495 at SUSE CVE-2018-0495 at NVD CVE-2019-12904 at SUSE CVE-2019-12904 at NVD CVE-2019-13627 at SUSE CVE-2019-13627 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the libgnutls30-3.6.7-14.7.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2014-8564 at SUSE CVE-2014-8564 at NVD CVE-2015-6251 at SUSE CVE-2015-6251 at NVD CVE-2016-8610 at SUSE CVE-2016-8610 at NVD CVE-2017-7869 at SUSE CVE-2017-7869 at NVD CVE-2018-10844 at SUSE CVE-2018-10844 at NVD CVE-2018-10845 at SUSE CVE-2018-10845 at NVD CVE-2018-10846 at SUSE CVE-2018-10846 at NVD CVE-2018-16868 at SUSE CVE-2018-16868 at NVD CVE-2019-3829 at SUSE CVE-2019-3829 at NVD CVE-2019-3836 at SUSE CVE-2019-3836 at NVD CVE-2020-11501 at SUSE CVE-2020-11501 at NVD CVE-2020-13777 at SUSE CVE-2020-13777 at NVD CVE-2020-24659 at SUSE CVE-2020-24659 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the libgraphite2-3-1.3.11-2.12 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2016-1521 at SUSE CVE-2016-1521 at NVD CVE-2017-5436 at SUSE CVE-2017-5436 at NVD CVE-2018-7999 at SUSE CVE-2018-7999 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the libhogweed4-3.4.1-4.12.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2015-8803 at SUSE CVE-2015-8803 at NVD CVE-2015-8804 at SUSE CVE-2015-8804 at NVD CVE-2015-8805 at SUSE CVE-2015-8805 at NVD CVE-2016-6489 at SUSE CVE-2016-6489 at NVD CVE-2018-16869 at SUSE CVE-2018-16869 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the libidn11-1.34-3.2.2 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2015-2059 at SUSE CVE-2015-2059 at NVD CVE-2015-8948 at SUSE CVE-2015-8948 at NVD CVE-2016-6261 at SUSE CVE-2016-6261 at NVD CVE-2016-6262 at SUSE CVE-2016-6262 at NVD CVE-2016-6263 at SUSE CVE-2016-6263 at NVD CVE-2017-14062 at SUSE CVE-2017-14062 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the libidn2-0-2.2.0-3.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2015-2059 at SUSE CVE-2015-2059 at NVD CVE-2015-8948 at SUSE CVE-2015-8948 at NVD CVE-2016-6261 at SUSE CVE-2016-6261 at NVD CVE-2016-6262 at SUSE CVE-2016-6262 at NVD CVE-2016-6263 at SUSE CVE-2016-6263 at NVD CVE-2019-12290 at SUSE CVE-2019-12290 at NVD CVE-2019-18224 at SUSE CVE-2019-18224 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the libjpeg8-8.1.2-5.15.7 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2014-9092 at SUSE CVE-2014-9092 at NVD CVE-2017-15232 at SUSE CVE-2017-15232 at NVD CVE-2018-1152 at SUSE CVE-2018-1152 at NVD CVE-2018-11813 at SUSE CVE-2018-11813 at NVD CVE-2018-14498 at SUSE CVE-2018-14498 at NVD CVE-2019-2201 at SUSE CVE-2019-2201 at NVD CVE-2020-13790 at SUSE CVE-2020-13790 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the libjson-c3-0.13-1.19 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2013-6370 at SUSE CVE-2013-6370 at NVD CVE-2013-6371 at SUSE CVE-2013-6371 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the libksba8-1.3.5-2.14 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2014-9087 at SUSE CVE-2014-9087 at NVD CVE-2016-4574 at SUSE CVE-2016-4574 at NVD CVE-2016-4579 at SUSE CVE-2016-4579 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the libldap-2_4-2-2.4.46-9.45.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2015-1545 at SUSE CVE-2015-1545 at NVD CVE-2015-1546 at SUSE CVE-2015-1546 at NVD CVE-2015-6908 at SUSE CVE-2015-6908 at NVD CVE-2017-17740 at SUSE CVE-2017-17740 at NVD CVE-2019-13057 at SUSE CVE-2019-13057 at NVD CVE-2019-13565 at SUSE CVE-2019-13565 at NVD CVE-2020-12243 at SUSE CVE-2020-12243 at NVD CVE-2020-15719 at SUSE CVE-2020-15719 at NVD CVE-2020-25692 at SUSE CVE-2020-25692 at NVD CVE-2020-25709 at SUSE CVE-2020-25709 at NVD CVE-2020-25710 at SUSE CVE-2020-25710 at NVD CVE-2020-8023 at SUSE CVE-2020-8023 at NVD CVE-2020-8027 at SUSE CVE-2020-8027 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the liblua5_3-5-5.3.4-3.3.2 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2019-6706 at SUSE CVE-2019-6706 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the liblz4-1-1.8.0-3.5.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2019-17543 at SUSE CVE-2019-17543 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the liblzo2-2-2.10-2.22 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2014-4607 at SUSE CVE-2014-4607 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the libmspack0-0.6-3.8.19 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2014-9556 at SUSE CVE-2014-9556 at NVD CVE-2017-11423 at SUSE CVE-2017-11423 at NVD CVE-2017-6419 at SUSE CVE-2017-6419 at NVD CVE-2018-18584 at SUSE CVE-2018-18584 at NVD CVE-2018-18585 at SUSE CVE-2018-18585 at NVD CVE-2019-1010305 at SUSE CVE-2019-1010305 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the libncurses6-6.1-5.6.2 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2018-19211 at SUSE CVE-2018-19211 at NVD CVE-2019-17594 at SUSE CVE-2019-17594 at NVD CVE-2019-17595 at SUSE CVE-2019-17595 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the libnghttp2-14-1.40.0-1.15 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2016-1544 at SUSE CVE-2016-1544 at NVD CVE-2018-1000168 at SUSE CVE-2018-1000168 at NVD CVE-2019-18802 at SUSE CVE-2019-18802 at NVD CVE-2019-9511 at SUSE CVE-2019-9511 at NVD CVE-2019-9513 at SUSE CVE-2019-9513 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the libnm0-1.22.10-3.3.4 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2006-7246 at SUSE CVE-2006-7246 at NVD CVE-2015-2924 at SUSE CVE-2015-2924 at NVD CVE-2016-0764 at SUSE CVE-2016-0764 at NVD CVE-2018-1000135 at SUSE CVE-2018-1000135 at NVD CVE-2018-15688 at SUSE CVE-2018-15688 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the libopenssl1_1-1.1.1d-11.12.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2014-3513 at SUSE CVE-2014-3513 at NVD CVE-2014-3567 at SUSE CVE-2014-3567 at NVD CVE-2014-3568 at SUSE CVE-2014-3568 at NVD CVE-2014-3569 at SUSE CVE-2014-3569 at NVD CVE-2014-3570 at SUSE CVE-2014-3570 at NVD CVE-2014-3571 at SUSE CVE-2014-3571 at NVD CVE-2014-3572 at SUSE CVE-2014-3572 at NVD CVE-2014-8275 at SUSE CVE-2014-8275 at NVD CVE-2015-0204 at SUSE CVE-2015-0204 at NVD CVE-2015-0205 at SUSE CVE-2015-0205 at NVD CVE-2015-0206 at SUSE CVE-2015-0206 at NVD CVE-2015-0209 at SUSE CVE-2015-0209 at NVD CVE-2015-0286 at SUSE CVE-2015-0286 at NVD CVE-2015-0287 at SUSE CVE-2015-0287 at NVD CVE-2015-0288 at SUSE CVE-2015-0288 at NVD CVE-2015-0289 at SUSE CVE-2015-0289 at NVD CVE-2015-0293 at SUSE CVE-2015-0293 at NVD CVE-2015-1788 at SUSE CVE-2015-1788 at NVD CVE-2015-1789 at SUSE CVE-2015-1789 at NVD CVE-2015-1790 at SUSE CVE-2015-1790 at NVD CVE-2015-1791 at SUSE CVE-2015-1791 at NVD CVE-2015-1792 at SUSE CVE-2015-1792 at NVD CVE-2015-1793 at SUSE CVE-2015-1793 at NVD CVE-2015-1794 at SUSE CVE-2015-1794 at NVD CVE-2015-3193 at SUSE CVE-2015-3193 at NVD CVE-2015-3194 at SUSE CVE-2015-3194 at NVD CVE-2015-3195 at SUSE CVE-2015-3195 at NVD CVE-2015-3196 at SUSE CVE-2015-3196 at NVD CVE-2015-3197 at SUSE CVE-2015-3197 at NVD CVE-2016-0701 at SUSE CVE-2016-0701 at NVD CVE-2016-0702 at SUSE CVE-2016-0702 at NVD CVE-2016-0705 at SUSE CVE-2016-0705 at NVD CVE-2016-0797 at SUSE CVE-2016-0797 at NVD CVE-2016-0798 at SUSE CVE-2016-0798 at NVD CVE-2016-0800 at SUSE CVE-2016-0800 at NVD CVE-2016-2105 at SUSE CVE-2016-2105 at NVD CVE-2016-2106 at SUSE CVE-2016-2106 at NVD CVE-2016-2107 at SUSE CVE-2016-2107 at NVD CVE-2016-2109 at SUSE CVE-2016-2109 at NVD CVE-2016-2176 at SUSE CVE-2016-2176 at NVD CVE-2016-2177 at SUSE CVE-2016-2177 at NVD CVE-2016-2178 at SUSE CVE-2016-2178 at NVD CVE-2016-2179 at SUSE CVE-2016-2179 at NVD CVE-2016-2180 at SUSE CVE-2016-2180 at NVD CVE-2016-2181 at SUSE CVE-2016-2181 at NVD CVE-2016-2182 at SUSE CVE-2016-2182 at NVD CVE-2016-2183 at SUSE CVE-2016-2183 at NVD CVE-2016-6302 at SUSE CVE-2016-6302 at NVD CVE-2016-6303 at SUSE CVE-2016-6303 at NVD CVE-2016-6304 at SUSE CVE-2016-6304 at NVD CVE-2016-6306 at SUSE CVE-2016-6306 at NVD CVE-2016-7052 at SUSE CVE-2016-7052 at NVD CVE-2016-7055 at SUSE CVE-2016-7055 at NVD CVE-2016-7056 at SUSE CVE-2016-7056 at NVD CVE-2017-3731 at SUSE CVE-2017-3731 at NVD CVE-2017-3732 at SUSE CVE-2017-3732 at NVD CVE-2017-3735 at SUSE CVE-2017-3735 at NVD CVE-2017-3736 at SUSE CVE-2017-3736 at NVD CVE-2017-3738 at SUSE CVE-2017-3738 at NVD CVE-2018-0732 at SUSE CVE-2018-0732 at NVD CVE-2018-0734 at SUSE CVE-2018-0734 at NVD CVE-2018-0735 at SUSE CVE-2018-0735 at NVD CVE-2018-0737 at SUSE CVE-2018-0737 at NVD CVE-2018-0739 at SUSE CVE-2018-0739 at NVD CVE-2019-1543 at SUSE CVE-2019-1543 at NVD CVE-2019-1547 at SUSE CVE-2019-1547 at NVD CVE-2019-1549 at SUSE CVE-2019-1549 at NVD CVE-2019-1551 at SUSE CVE-2019-1551 at NVD CVE-2019-1563 at SUSE CVE-2019-1563 at NVD CVE-2020-1967 at SUSE CVE-2020-1967 at NVD CVE-2020-1971 at SUSE CVE-2020-1971 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the libopus0-1.3.1-3.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2017-0381 at SUSE CVE-2017-0381 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the libpango-1_0-0-1.44.7+11-1.25 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2018-15120 at SUSE CVE-2018-15120 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the libpcre1-8.41-4.20 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2014-8964 at SUSE CVE-2014-8964 at NVD CVE-2015-2325 at SUSE CVE-2015-2325 at NVD CVE-2015-2326 at SUSE CVE-2015-2326 at NVD CVE-2015-3217 at SUSE CVE-2015-3217 at NVD CVE-2016-1283 at SUSE CVE-2016-1283 at NVD CVE-2016-3191 at SUSE CVE-2016-3191 at NVD CVE-2017-6004 at SUSE CVE-2017-6004 at NVD CVE-2017-7186 at SUSE CVE-2017-7186 at NVD CVE-2017-7244 at SUSE CVE-2017-7244 at NVD CVE-2017-7245 at SUSE CVE-2017-7245 at NVD CVE-2017-7246 at SUSE CVE-2017-7246 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the libpcre2-8-0-10.31-1.14 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2014-8964 at SUSE CVE-2014-8964 at NVD CVE-2015-2325 at SUSE CVE-2015-2325 at NVD CVE-2015-2326 at SUSE CVE-2015-2326 at NVD CVE-2016-3191 at SUSE CVE-2016-3191 at NVD CVE-2017-7186 at SUSE CVE-2017-7186 at NVD CVE-2017-8786 at SUSE CVE-2017-8786 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the libpng16-16-1.6.34-3.9.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2015-8126 at SUSE CVE-2015-8126 at NVD CVE-2016-10087 at SUSE CVE-2016-10087 at NVD CVE-2016-5735 at SUSE CVE-2016-5735 at NVD CVE-2017-12652 at SUSE CVE-2017-12652 at NVD CVE-2018-13785 at SUSE CVE-2018-13785 at NVD CVE-2019-7317 at SUSE CVE-2019-7317 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the libpolkit0-0.116-1.51 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2015-3218 at SUSE CVE-2015-3218 at NVD CVE-2015-3255 at SUSE CVE-2015-3255 at NVD CVE-2015-3256 at SUSE CVE-2015-3256 at NVD CVE-2015-4625 at SUSE CVE-2015-4625 at NVD CVE-2018-1116 at SUSE CVE-2018-1116 at NVD CVE-2018-19788 at SUSE CVE-2018-19788 at NVD CVE-2019-6133 at SUSE CVE-2019-6133 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the libprocps7-3.3.15-7.13.2 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2018-1122 at SUSE CVE-2018-1122 at NVD CVE-2018-1123 at SUSE CVE-2018-1123 at NVD CVE-2018-1124 at SUSE CVE-2018-1124 at NVD CVE-2018-1125 at SUSE CVE-2018-1125 at NVD CVE-2018-1126 at SUSE CVE-2018-1126 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the libproxy1-0.4.15-4.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2020-25219 at SUSE CVE-2020-25219 at NVD CVE-2020-26154 at SUSE CVE-2020-26154 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the libpython3_6m1_0-3.6.12-3.75.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2014-4650 at SUSE CVE-2014-4650 at NVD CVE-2016-0772 at SUSE CVE-2016-0772 at NVD CVE-2016-1000110 at SUSE CVE-2016-1000110 at NVD CVE-2016-5636 at SUSE CVE-2016-5636 at NVD CVE-2016-5699 at SUSE CVE-2016-5699 at NVD CVE-2017-18207 at SUSE CVE-2017-18207 at NVD CVE-2018-1000802 at SUSE CVE-2018-1000802 at NVD CVE-2018-1060 at SUSE CVE-2018-1060 at NVD CVE-2018-1061 at SUSE CVE-2018-1061 at NVD CVE-2018-14647 at SUSE CVE-2018-14647 at NVD CVE-2018-20406 at SUSE CVE-2018-20406 at NVD CVE-2018-20852 at SUSE CVE-2018-20852 at NVD CVE-2019-10160 at SUSE CVE-2019-10160 at NVD CVE-2019-15903 at SUSE CVE-2019-15903 at NVD CVE-2019-16056 at SUSE CVE-2019-16056 at NVD CVE-2019-16935 at SUSE CVE-2019-16935 at NVD CVE-2019-18348 at SUSE CVE-2019-18348 at NVD CVE-2019-20907 at SUSE CVE-2019-20907 at NVD CVE-2019-20916 at SUSE CVE-2019-20916 at NVD CVE-2019-5010 at SUSE CVE-2019-5010 at NVD CVE-2019-9636 at SUSE CVE-2019-9636 at NVD CVE-2019-9674 at SUSE CVE-2019-9674 at NVD CVE-2019-9947 at SUSE CVE-2019-9947 at NVD CVE-2020-14422 at SUSE CVE-2020-14422 at NVD CVE-2020-26116 at SUSE CVE-2020-26116 at NVD CVE-2020-27619 at SUSE CVE-2020-27619 at NVD CVE-2020-8492 at SUSE CVE-2020-8492 at NVD CVE-2021-3177 at SUSE CVE-2021-3177 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the libruby2_5-2_5-2.5.8-4.11.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2012-6708 at SUSE CVE-2012-6708 at NVD CVE-2015-9251 at SUSE CVE-2015-9251 at NVD CVE-2017-17742 at SUSE CVE-2017-17742 at NVD CVE-2018-1000073 at SUSE CVE-2018-1000073 at NVD CVE-2018-1000074 at SUSE CVE-2018-1000074 at NVD CVE-2018-1000075 at SUSE CVE-2018-1000075 at NVD CVE-2018-1000076 at SUSE CVE-2018-1000076 at NVD CVE-2018-1000077 at SUSE CVE-2018-1000077 at NVD CVE-2018-1000078 at SUSE CVE-2018-1000078 at NVD CVE-2018-1000079 at SUSE CVE-2018-1000079 at NVD CVE-2018-16395 at SUSE CVE-2018-16395 at NVD CVE-2018-16396 at SUSE CVE-2018-16396 at NVD CVE-2018-6914 at SUSE CVE-2018-6914 at NVD CVE-2018-8777 at SUSE CVE-2018-8777 at NVD CVE-2018-8778 at SUSE CVE-2018-8778 at NVD CVE-2018-8779 at SUSE CVE-2018-8779 at NVD CVE-2018-8780 at SUSE CVE-2018-8780 at NVD CVE-2019-15845 at SUSE CVE-2019-15845 at NVD CVE-2019-16201 at SUSE CVE-2019-16201 at NVD CVE-2019-16254 at SUSE CVE-2019-16254 at NVD CVE-2019-16255 at SUSE CVE-2019-16255 at NVD CVE-2019-8320 at SUSE CVE-2019-8320 at NVD CVE-2019-8321 at SUSE CVE-2019-8321 at NVD CVE-2019-8322 at SUSE CVE-2019-8322 at NVD CVE-2019-8323 at SUSE CVE-2019-8323 at NVD CVE-2019-8324 at SUSE CVE-2019-8324 at NVD CVE-2019-8325 at SUSE CVE-2019-8325 at NVD CVE-2020-10663 at SUSE CVE-2020-10663 at NVD CVE-2020-10933 at SUSE CVE-2020-10933 at NVD CVE-2020-8130 at SUSE CVE-2020-8130 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the libseccomp2-2.4.1-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2019-9893 at SUSE CVE-2019-9893 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the libsolv-tools-0.7.16-3.13.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2018-20532 at SUSE CVE-2018-20532 at NVD CVE-2018-20533 at SUSE CVE-2018-20533 at NVD CVE-2018-20534 at SUSE CVE-2018-20534 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the libspice-server1-0.14.2-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2013-4282 at SUSE CVE-2013-4282 at NVD CVE-2015-3247 at SUSE CVE-2015-3247 at NVD CVE-2015-5260 at SUSE CVE-2015-5260 at NVD CVE-2015-5261 at SUSE CVE-2015-5261 at NVD CVE-2016-0749 at SUSE CVE-2016-0749 at NVD CVE-2016-2150 at SUSE CVE-2016-2150 at NVD CVE-2016-9577 at SUSE CVE-2016-9577 at NVD CVE-2016-9578 at SUSE CVE-2016-9578 at NVD CVE-2018-10873 at SUSE CVE-2018-10873 at NVD CVE-2018-10893 at SUSE CVE-2018-10893 at NVD CVE-2019-3813 at SUSE CVE-2019-3813 at NVD CVE-2020-14355 at SUSE CVE-2020-14355 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the libsqlite3-0-3.28.0-3.9.2 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2018-20346 at SUSE CVE-2018-20346 at NVD CVE-2018-8740 at SUSE CVE-2018-8740 at NVD CVE-2019-16168 at SUSE CVE-2019-16168 at NVD CVE-2019-9936 at SUSE CVE-2019-9936 at NVD CVE-2019-9937 at SUSE CVE-2019-9937 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the libssh2-1-1.9.0-4.13.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2015-1782 at SUSE CVE-2015-1782 at NVD CVE-2016-0787 at SUSE CVE-2016-0787 at NVD CVE-2019-17498 at SUSE CVE-2019-17498 at NVD CVE-2019-3855 at SUSE CVE-2019-3855 at NVD CVE-2019-3856 at SUSE CVE-2019-3856 at NVD CVE-2019-3857 at SUSE CVE-2019-3857 at NVD CVE-2019-3858 at SUSE CVE-2019-3858 at NVD CVE-2019-3859 at SUSE CVE-2019-3859 at NVD CVE-2019-3860 at SUSE CVE-2019-3860 at NVD CVE-2019-3861 at SUSE CVE-2019-3861 at NVD CVE-2019-3862 at SUSE CVE-2019-3862 at NVD CVE-2019-3863 at SUSE CVE-2019-3863 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the libssh4-0.8.7-10.12.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2014-8132 at SUSE CVE-2014-8132 at NVD CVE-2015-3146 at SUSE CVE-2015-3146 at NVD CVE-2018-10933 at SUSE CVE-2018-10933 at NVD CVE-2019-14889 at SUSE CVE-2019-14889 at NVD CVE-2020-1730 at SUSE CVE-2020-1730 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the libsystemd0-246.10-2.3 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2015-7510 at SUSE CVE-2015-7510 at NVD CVE-2016-10156 at SUSE CVE-2016-10156 at NVD CVE-2017-15908 at SUSE CVE-2017-15908 at NVD CVE-2017-18078 at SUSE CVE-2017-18078 at NVD CVE-2017-9445 at SUSE CVE-2017-9445 at NVD CVE-2018-15686 at SUSE CVE-2018-15686 at NVD CVE-2018-15687 at SUSE CVE-2018-15687 at NVD CVE-2018-15688 at SUSE CVE-2018-15688 at NVD CVE-2018-16864 at SUSE CVE-2018-16864 at NVD CVE-2018-16865 at SUSE CVE-2018-16865 at NVD CVE-2018-21029 at SUSE CVE-2018-21029 at NVD CVE-2018-6954 at SUSE CVE-2018-6954 at NVD CVE-2019-20386 at SUSE CVE-2019-20386 at NVD CVE-2019-3842 at SUSE CVE-2019-3842 at NVD CVE-2019-3843 at SUSE CVE-2019-3843 at NVD CVE-2019-3844 at SUSE CVE-2019-3844 at NVD CVE-2019-6454 at SUSE CVE-2019-6454 at NVD CVE-2020-1712 at SUSE CVE-2020-1712 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the libtasn1-4.13-4.5.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2015-2806 at SUSE CVE-2015-2806 at NVD CVE-2015-3622 at SUSE CVE-2015-3622 at NVD CVE-2016-4008 at SUSE CVE-2016-4008 at NVD CVE-2018-1000654 at SUSE CVE-2018-1000654 at NVD CVE-2018-6003 at SUSE CVE-2018-6003 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the libthai-data-0.1.27-1.16 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2009-4012 at SUSE CVE-2009-4012 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the libunwind-1.2.1-4.2.3 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2015-3239 at SUSE CVE-2015-3239 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the libvirglrenderer0-0.6.0-4.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2016-10214 at SUSE CVE-2016-10214 at NVD CVE-2017-5937 at SUSE CVE-2017-5937 at NVD CVE-2017-5957 at SUSE CVE-2017-5957 at NVD CVE-2017-5993 at SUSE CVE-2017-5993 at NVD CVE-2017-5994 at SUSE CVE-2017-5994 at NVD CVE-2017-6386 at SUSE CVE-2017-6386 at NVD CVE-2019-18388 at SUSE CVE-2019-18388 at NVD CVE-2019-18389 at SUSE CVE-2019-18389 at NVD CVE-2019-18390 at SUSE CVE-2019-18390 at NVD CVE-2019-18391 at SUSE CVE-2019-18391 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the libvirt-libs-6.0.0-13.8.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2014-7823 at SUSE CVE-2014-7823 at NVD CVE-2014-8131 at SUSE CVE-2014-8131 at NVD CVE-2015-0236 at SUSE CVE-2015-0236 at NVD CVE-2015-5247 at SUSE CVE-2015-5247 at NVD CVE-2015-5313 at SUSE CVE-2015-5313 at NVD CVE-2017-1000256 at SUSE CVE-2017-1000256 at NVD CVE-2017-2635 at SUSE CVE-2017-2635 at NVD CVE-2017-5715 at SUSE CVE-2017-5715 at NVD CVE-2018-1064 at SUSE CVE-2018-1064 at NVD CVE-2018-12126 at SUSE CVE-2018-12126 at NVD CVE-2018-12127 at SUSE CVE-2018-12127 at NVD CVE-2018-12130 at SUSE CVE-2018-12130 at NVD CVE-2018-3639 at SUSE CVE-2018-3639 at NVD CVE-2018-5748 at SUSE CVE-2018-5748 at NVD CVE-2019-10132 at SUSE CVE-2019-10132 at NVD CVE-2019-10161 at SUSE CVE-2019-10161 at NVD CVE-2019-10166 at SUSE CVE-2019-10166 at NVD CVE-2019-10167 at SUSE CVE-2019-10167 at NVD CVE-2019-10168 at SUSE CVE-2019-10168 at NVD CVE-2019-11091 at SUSE CVE-2019-11091 at NVD CVE-2019-11135 at SUSE CVE-2019-11135 at NVD CVE-2019-3886 at SUSE CVE-2019-3886 at NVD CVE-2020-10701 at SUSE CVE-2020-10701 at NVD CVE-2020-12430 at SUSE CVE-2020-12430 at NVD CVE-2020-14339 at SUSE CVE-2020-14339 at NVD CVE-2020-15708 at SUSE CVE-2020-15708 at NVD CVE-2020-25637 at SUSE CVE-2020-25637 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the libvmtools0-11.2.5-4.12.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2015-5191 at SUSE CVE-2015-5191 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the libvorbis0-1.3.6-4.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2008-1420 at SUSE CVE-2008-1420 at NVD CVE-2009-3379 at SUSE CVE-2009-3379 at NVD CVE-2012-0444 at SUSE CVE-2012-0444 at NVD CVE-2017-14160 at SUSE CVE-2017-14160 at NVD CVE-2017-14632 at SUSE CVE-2017-14632 at NVD CVE-2017-14633 at SUSE CVE-2017-14633 at NVD CVE-2018-10392 at SUSE CVE-2018-10392 at NVD CVE-2018-10393 at SUSE CVE-2018-10393 at NVD CVE-2018-5146 at SUSE CVE-2018-5146 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the libxkbcommon0-0.8.2-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2018-15853 at SUSE CVE-2018-15853 at NVD CVE-2018-15854 at SUSE CVE-2018-15854 at NVD CVE-2018-15855 at SUSE CVE-2018-15855 at NVD CVE-2018-15856 at SUSE CVE-2018-15856 at NVD CVE-2018-15857 at SUSE CVE-2018-15857 at NVD CVE-2018-15858 at SUSE CVE-2018-15858 at NVD CVE-2018-15859 at SUSE CVE-2018-15859 at NVD CVE-2018-15861 at SUSE CVE-2018-15861 at NVD CVE-2018-15862 at SUSE CVE-2018-15862 at NVD CVE-2018-15863 at SUSE CVE-2018-15863 at NVD CVE-2018-15864 at SUSE CVE-2018-15864 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the libxml2-2-2.9.7-3.28.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2014-0191 at SUSE CVE-2014-0191 at NVD CVE-2014-3660 at SUSE CVE-2014-3660 at NVD CVE-2015-1819 at SUSE CVE-2015-1819 at NVD CVE-2015-5312 at SUSE CVE-2015-5312 at NVD CVE-2015-7497 at SUSE CVE-2015-7497 at NVD CVE-2015-7498 at SUSE CVE-2015-7498 at NVD CVE-2015-7499 at SUSE CVE-2015-7499 at NVD CVE-2015-7500 at SUSE CVE-2015-7500 at NVD CVE-2015-7941 at SUSE CVE-2015-7941 at NVD CVE-2015-7942 at SUSE CVE-2015-7942 at NVD CVE-2015-8035 at SUSE CVE-2015-8035 at NVD CVE-2015-8242 at SUSE CVE-2015-8242 at NVD CVE-2016-1762 at SUSE CVE-2016-1762 at NVD CVE-2016-1833 at SUSE CVE-2016-1833 at NVD CVE-2016-1834 at SUSE CVE-2016-1834 at NVD CVE-2016-1835 at SUSE CVE-2016-1835 at NVD CVE-2016-1836 at SUSE CVE-2016-1836 at NVD CVE-2016-1837 at SUSE CVE-2016-1837 at NVD CVE-2016-1838 at SUSE CVE-2016-1838 at NVD CVE-2016-1839 at SUSE CVE-2016-1839 at NVD CVE-2016-1840 at SUSE CVE-2016-1840 at NVD CVE-2016-3627 at SUSE CVE-2016-3627 at NVD CVE-2016-3705 at SUSE CVE-2016-3705 at NVD CVE-2016-4483 at SUSE CVE-2016-4483 at NVD CVE-2016-4658 at SUSE CVE-2016-4658 at NVD CVE-2017-0663 at SUSE CVE-2017-0663 at NVD CVE-2017-18258 at SUSE CVE-2017-18258 at NVD CVE-2017-5969 at SUSE CVE-2017-5969 at NVD CVE-2017-9047 at SUSE CVE-2017-9047 at NVD CVE-2017-9048 at SUSE CVE-2017-9048 at NVD CVE-2017-9049 at SUSE CVE-2017-9049 at NVD CVE-2018-14404 at SUSE CVE-2018-14404 at NVD CVE-2018-14567 at SUSE CVE-2018-14567 at NVD CVE-2018-9251 at SUSE CVE-2018-9251 at NVD CVE-2019-19956 at SUSE CVE-2019-19956 at NVD CVE-2019-20388 at SUSE CVE-2019-20388 at NVD CVE-2020-24977 at SUSE CVE-2020-24977 at NVD CVE-2020-7595 at SUSE CVE-2020-7595 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the libxslt1-1.1.32-3.8.24 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2015-7995 at SUSE CVE-2015-7995 at NVD CVE-2015-9019 at SUSE CVE-2015-9019 at NVD CVE-2016-4738 at SUSE CVE-2016-4738 at NVD CVE-2017-5029 at SUSE CVE-2017-5029 at NVD CVE-2019-11068 at SUSE CVE-2019-11068 at NVD CVE-2019-13117 at SUSE CVE-2019-13117 at NVD CVE-2019-13118 at SUSE CVE-2019-13118 at NVD CVE-2019-18197 at SUSE CVE-2019-18197 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the libyaml-0-2-0.1.7-1.17 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2013-6393 at SUSE CVE-2013-6393 at NVD CVE-2014-2525 at SUSE CVE-2014-2525 at NVD CVE-2014-9130 at SUSE CVE-2014-9130 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the libyaml-cpp0_6-0.6.1-4.2.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2017-5950 at SUSE CVE-2017-5950 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the libz1-1.2.11-3.18.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2016-9843 at SUSE CVE-2016-9843 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the libzmq5-4.2.3-3.15.4 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2014-7202 at SUSE CVE-2014-7202 at NVD CVE-2014-7203 at SUSE CVE-2014-7203 at NVD CVE-2014-9721 at SUSE CVE-2014-9721 at NVD CVE-2019-13132 at SUSE CVE-2019-13132 at NVD CVE-2019-6250 at SUSE CVE-2019-6250 at NVD CVE-2020-15166 at SUSE CVE-2020-15166 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the libzstd1-1.4.4-1.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2019-11922 at SUSE CVE-2019-11922 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the libzypp-17.25.6-3.28.2 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2017-7435 at SUSE CVE-2017-7435 at NVD CVE-2017-7436 at SUSE CVE-2017-7436 at NVD CVE-2017-9269 at SUSE CVE-2017-9269 at NVD CVE-2017-9271 at SUSE CVE-2017-9271 at NVD CVE-2018-7685 at SUSE CVE-2018-7685 at NVD CVE-2019-18900 at SUSE CVE-2019-18900 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the logrotate-3.13.0-4.3.9 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2011-1098 at SUSE CVE-2011-1098 at NVD CVE-2011-1154 at SUSE CVE-2011-1154 at NVD CVE-2011-1155 at SUSE CVE-2011-1155 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the mozilla-nspr-4.25.1-3.15.2 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2015-7183 at SUSE CVE-2015-7183 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the nfs-client-2.1.1-10.10.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2019-3689 at SUSE CVE-2019-3689 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the openslp-2.0.0-6.12.2 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2016-4912 at SUSE CVE-2016-4912 at NVD CVE-2016-7567 at SUSE CVE-2016-7567 at NVD CVE-2017-17833 at SUSE CVE-2017-17833 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the openssh-8.1p1-5.12.3 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2015-8325 at SUSE CVE-2015-8325 at NVD CVE-2016-0777 at SUSE CVE-2016-0777 at NVD CVE-2016-0778 at SUSE CVE-2016-0778 at NVD CVE-2016-10009 at SUSE CVE-2016-10009 at NVD CVE-2016-10010 at SUSE CVE-2016-10010 at NVD CVE-2016-10011 at SUSE CVE-2016-10011 at NVD CVE-2016-10012 at SUSE CVE-2016-10012 at NVD CVE-2016-6210 at SUSE CVE-2016-6210 at NVD CVE-2016-6515 at SUSE CVE-2016-6515 at NVD CVE-2016-8858 at SUSE CVE-2016-8858 at NVD CVE-2018-20685 at SUSE CVE-2018-20685 at NVD CVE-2019-6109 at SUSE CVE-2019-6109 at NVD CVE-2019-6110 at SUSE CVE-2019-6110 at NVD CVE-2019-6111 at SUSE CVE-2019-6111 at NVD CVE-2020-14145 at SUSE CVE-2020-14145 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the openssl-1.1.1d-1.46 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2014-3513 at SUSE CVE-2014-3513 at NVD CVE-2014-3567 at SUSE CVE-2014-3567 at NVD CVE-2014-3568 at SUSE CVE-2014-3568 at NVD CVE-2014-3569 at SUSE CVE-2014-3569 at NVD CVE-2014-3570 at SUSE CVE-2014-3570 at NVD CVE-2014-3571 at SUSE CVE-2014-3571 at NVD CVE-2014-3572 at SUSE CVE-2014-3572 at NVD CVE-2014-8275 at SUSE CVE-2014-8275 at NVD CVE-2015-0204 at SUSE CVE-2015-0204 at NVD CVE-2015-0205 at SUSE CVE-2015-0205 at NVD CVE-2015-0206 at SUSE CVE-2015-0206 at NVD CVE-2015-0209 at SUSE CVE-2015-0209 at NVD CVE-2015-0286 at SUSE CVE-2015-0286 at NVD CVE-2015-0287 at SUSE CVE-2015-0287 at NVD CVE-2015-0288 at SUSE CVE-2015-0288 at NVD CVE-2015-0289 at SUSE CVE-2015-0289 at NVD CVE-2015-0293 at SUSE CVE-2015-0293 at NVD CVE-2015-1788 at SUSE CVE-2015-1788 at NVD CVE-2015-1789 at SUSE CVE-2015-1789 at NVD CVE-2015-1790 at SUSE CVE-2015-1790 at NVD CVE-2015-1791 at SUSE CVE-2015-1791 at NVD CVE-2015-1792 at SUSE CVE-2015-1792 at NVD CVE-2015-1793 at SUSE CVE-2015-1793 at NVD CVE-2015-1794 at SUSE CVE-2015-1794 at NVD CVE-2015-3193 at SUSE CVE-2015-3193 at NVD CVE-2015-3194 at SUSE CVE-2015-3194 at NVD CVE-2015-3195 at SUSE CVE-2015-3195 at NVD CVE-2015-3196 at SUSE CVE-2015-3196 at NVD CVE-2015-3197 at SUSE CVE-2015-3197 at NVD CVE-2016-0701 at SUSE CVE-2016-0701 at NVD CVE-2016-0702 at SUSE CVE-2016-0702 at NVD CVE-2016-0705 at SUSE CVE-2016-0705 at NVD CVE-2016-0797 at SUSE CVE-2016-0797 at NVD CVE-2016-0798 at SUSE CVE-2016-0798 at NVD CVE-2016-0800 at SUSE CVE-2016-0800 at NVD CVE-2016-2105 at SUSE CVE-2016-2105 at NVD CVE-2016-2106 at SUSE CVE-2016-2106 at NVD CVE-2016-2107 at SUSE CVE-2016-2107 at NVD CVE-2016-2109 at SUSE CVE-2016-2109 at NVD CVE-2016-2176 at SUSE CVE-2016-2176 at NVD CVE-2016-2177 at SUSE CVE-2016-2177 at NVD CVE-2016-2178 at SUSE CVE-2016-2178 at NVD CVE-2016-2179 at SUSE CVE-2016-2179 at NVD CVE-2016-2180 at SUSE CVE-2016-2180 at NVD CVE-2016-2181 at SUSE CVE-2016-2181 at NVD CVE-2016-2182 at SUSE CVE-2016-2182 at NVD CVE-2016-2183 at SUSE CVE-2016-2183 at NVD CVE-2016-6302 at SUSE CVE-2016-6302 at NVD CVE-2016-6303 at SUSE CVE-2016-6303 at NVD CVE-2016-6304 at SUSE CVE-2016-6304 at NVD CVE-2016-6306 at SUSE CVE-2016-6306 at NVD CVE-2016-7052 at SUSE CVE-2016-7052 at NVD CVE-2016-7055 at SUSE CVE-2016-7055 at NVD CVE-2016-7056 at SUSE CVE-2016-7056 at NVD CVE-2017-3731 at SUSE CVE-2017-3731 at NVD CVE-2017-3732 at SUSE CVE-2017-3732 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the pam-1.3.0-6.29.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2015-3238 at SUSE CVE-2015-3238 at NVD CVE-2018-17953 at SUSE CVE-2018-17953 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the perl-5.26.1-7.12.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2017-12837 at SUSE CVE-2017-12837 at NVD CVE-2017-12883 at SUSE CVE-2017-12883 at NVD CVE-2018-12015 at SUSE CVE-2018-12015 at NVD CVE-2018-18311 at SUSE CVE-2018-18311 at NVD CVE-2018-18312 at SUSE CVE-2018-18312 at NVD CVE-2018-18313 at SUSE CVE-2018-18313 at NVD CVE-2018-18314 at SUSE CVE-2018-18314 at NVD CVE-2020-10543 at SUSE CVE-2020-10543 at NVD CVE-2020-10878 at SUSE CVE-2020-10878 at NVD CVE-2020-12723 at SUSE CVE-2020-12723 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the permissions-20181224-23.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2019-3687 at SUSE CVE-2019-3687 at NVD CVE-2019-3688 at SUSE CVE-2019-3688 at NVD CVE-2019-3690 at SUSE CVE-2019-3690 at NVD CVE-2020-8013 at SUSE CVE-2020-8013 at NVD CVE-2020-8025 at SUSE CVE-2020-8025 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the podman-2.1.1-4.28.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2018-10856 at SUSE CVE-2018-10856 at NVD CVE-2019-10152 at SUSE CVE-2019-10152 at NVD CVE-2019-10214 at SUSE CVE-2019-10214 at NVD CVE-2020-14370 at SUSE CVE-2020-14370 at NVD CVE-2020-1726 at SUSE CVE-2020-1726 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the policycoreutils-3.1-1.25 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2016-7545 at SUSE CVE-2016-7545 at NVD CVE-2018-1063 at SUSE CVE-2018-1063 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the powerpc-utils-1.3.7.1-3.27.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2014-4040 at SUSE CVE-2014-4040 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the python3-Jinja2-2.10.1-3.5.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2014-0012 at SUSE CVE-2014-0012 at NVD CVE-2016-10745 at SUSE CVE-2016-10745 at NVD CVE-2019-10906 at SUSE CVE-2019-10906 at NVD CVE-2019-8341 at SUSE CVE-2019-8341 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the python3-PyYAML-5.1.2-6.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2017-18342 at SUSE CVE-2017-18342 at NVD CVE-2020-1747 at SUSE CVE-2020-1747 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the python3-requests-2.20.1-6.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2015-2296 at SUSE CVE-2015-2296 at NVD CVE-2018-18074 at SUSE CVE-2018-18074 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the python3-salt-3000-24.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2016-1866 at SUSE CVE-2016-1866 at NVD CVE-2016-9639 at SUSE CVE-2016-9639 at NVD CVE-2017-12791 at SUSE CVE-2017-12791 at NVD CVE-2017-14695 at SUSE CVE-2017-14695 at NVD CVE-2017-14696 at SUSE CVE-2017-14696 at NVD CVE-2018-15750 at SUSE CVE-2018-15750 at NVD CVE-2018-15751 at SUSE CVE-2018-15751 at NVD CVE-2019-17361 at SUSE CVE-2019-17361 at NVD CVE-2019-18897 at SUSE CVE-2019-18897 at NVD CVE-2020-11651 at SUSE CVE-2020-11651 at NVD CVE-2020-11652 at SUSE CVE-2020-11652 at NVD CVE-2020-16846 at SUSE CVE-2020-16846 at NVD CVE-2020-17490 at SUSE CVE-2020-17490 at NVD CVE-2020-25592 at SUSE CVE-2020-25592 at NVD CVE-2020-28243 at SUSE CVE-2020-28243 at NVD CVE-2020-28972 at SUSE CVE-2020-28972 at NVD CVE-2020-35662 at SUSE CVE-2020-35662 at NVD CVE-2021-25281 at SUSE CVE-2021-25281 at NVD CVE-2021-25282 at SUSE CVE-2021-25282 at NVD CVE-2021-25283 at SUSE CVE-2021-25283 at NVD CVE-2021-25284 at SUSE CVE-2021-25284 at NVD CVE-2021-3144 at SUSE CVE-2021-3144 at NVD CVE-2021-3148 at SUSE CVE-2021-3148 at NVD CVE-2021-3197 at SUSE CVE-2021-3197 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the python3-setuptools-40.5.0-6.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2019-20916 at SUSE CVE-2019-20916 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the python3-urllib3-1.24-9.10.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2016-9015 at SUSE CVE-2016-9015 at NVD CVE-2019-11236 at SUSE CVE-2019-11236 at NVD CVE-2019-11324 at SUSE CVE-2019-11324 at NVD CVE-2019-9740 at SUSE CVE-2019-9740 at NVD CVE-2020-26137 at SUSE CVE-2020-26137 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the qemu-4.2.1-11.13.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2014-0222 at SUSE CVE-2014-0222 at NVD CVE-2014-0223 at SUSE CVE-2014-0223 at NVD CVE-2014-3461 at SUSE CVE-2014-3461 at NVD CVE-2014-3640 at SUSE CVE-2014-3640 at NVD CVE-2014-7840 at SUSE CVE-2014-7840 at NVD CVE-2014-8106 at SUSE CVE-2014-8106 at NVD CVE-2015-1779 at SUSE CVE-2015-1779 at NVD CVE-2015-3209 at SUSE CVE-2015-3209 at NVD CVE-2015-3456 at SUSE CVE-2015-3456 at NVD CVE-2015-4037 at SUSE CVE-2015-4037 at NVD CVE-2015-5154 at SUSE CVE-2015-5154 at NVD CVE-2015-5225 at SUSE CVE-2015-5225 at NVD CVE-2015-5278 at SUSE CVE-2015-5278 at NVD CVE-2015-5279 at SUSE CVE-2015-5279 at NVD CVE-2015-5745 at SUSE CVE-2015-5745 at NVD CVE-2015-6815 at SUSE CVE-2015-6815 at NVD CVE-2015-6855 at SUSE CVE-2015-6855 at NVD CVE-2015-7295 at SUSE CVE-2015-7295 at NVD CVE-2015-7512 at SUSE CVE-2015-7512 at NVD CVE-2015-7549 at SUSE CVE-2015-7549 at NVD CVE-2015-8345 at SUSE CVE-2015-8345 at NVD CVE-2015-8504 at SUSE CVE-2015-8504 at NVD CVE-2015-8558 at SUSE CVE-2015-8558 at NVD CVE-2015-8567 at SUSE CVE-2015-8567 at NVD CVE-2015-8568 at SUSE CVE-2015-8568 at NVD CVE-2015-8613 at SUSE CVE-2015-8613 at NVD CVE-2015-8619 at SUSE CVE-2015-8619 at NVD CVE-2015-8743 at SUSE CVE-2015-8743 at NVD CVE-2015-8744 at SUSE CVE-2015-8744 at NVD CVE-2015-8745 at SUSE CVE-2015-8745 at NVD CVE-2016-10028 at SUSE CVE-2016-10028 at NVD CVE-2016-10155 at SUSE CVE-2016-10155 at NVD CVE-2016-1568 at SUSE CVE-2016-1568 at NVD CVE-2016-1714 at SUSE CVE-2016-1714 at NVD CVE-2016-1922 at SUSE CVE-2016-1922 at NVD CVE-2016-1981 at SUSE CVE-2016-1981 at NVD CVE-2016-2198 at SUSE CVE-2016-2198 at NVD CVE-2016-3710 at SUSE CVE-2016-3710 at NVD CVE-2016-3712 at SUSE CVE-2016-3712 at NVD CVE-2016-4002 at SUSE CVE-2016-4002 at NVD CVE-2016-4020 at SUSE CVE-2016-4020 at NVD CVE-2016-4439 at SUSE CVE-2016-4439 at NVD CVE-2016-4441 at SUSE CVE-2016-4441 at NVD CVE-2016-4453 at SUSE CVE-2016-4453 at NVD CVE-2016-4454 at SUSE CVE-2016-4454 at NVD CVE-2016-4952 at SUSE CVE-2016-4952 at NVD CVE-2016-4964 at SUSE CVE-2016-4964 at NVD CVE-2016-5105 at SUSE CVE-2016-5105 at NVD CVE-2016-5106 at SUSE CVE-2016-5106 at NVD CVE-2016-5107 at SUSE CVE-2016-5107 at NVD CVE-2016-5126 at SUSE CVE-2016-5126 at NVD CVE-2016-5238 at SUSE CVE-2016-5238 at NVD CVE-2016-5337 at SUSE CVE-2016-5337 at NVD CVE-2016-5338 at SUSE CVE-2016-5338 at NVD CVE-2016-5403 at SUSE CVE-2016-5403 at NVD CVE-2016-6351 at SUSE CVE-2016-6351 at NVD CVE-2016-6490 at SUSE CVE-2016-6490 at NVD CVE-2016-6833 at SUSE CVE-2016-6833 at NVD CVE-2016-6836 at SUSE CVE-2016-6836 at NVD CVE-2016-6888 at SUSE CVE-2016-6888 at NVD CVE-2016-7116 at SUSE CVE-2016-7116 at NVD CVE-2016-7155 at SUSE CVE-2016-7155 at NVD CVE-2016-7156 at SUSE CVE-2016-7156 at NVD CVE-2016-7157 at SUSE CVE-2016-7157 at NVD CVE-2016-7161 at SUSE CVE-2016-7161 at NVD CVE-2016-7170 at SUSE CVE-2016-7170 at NVD CVE-2016-7421 at SUSE CVE-2016-7421 at NVD CVE-2016-7422 at SUSE CVE-2016-7422 at NVD CVE-2016-7423 at SUSE CVE-2016-7423 at NVD CVE-2016-7466 at SUSE CVE-2016-7466 at NVD CVE-2016-7907 at SUSE CVE-2016-7907 at NVD CVE-2016-7908 at SUSE CVE-2016-7908 at NVD CVE-2016-7909 at SUSE CVE-2016-7909 at NVD CVE-2016-7994 at SUSE CVE-2016-7994 at NVD CVE-2016-7995 at SUSE CVE-2016-7995 at NVD CVE-2016-8576 at SUSE CVE-2016-8576 at NVD CVE-2016-8577 at SUSE CVE-2016-8577 at NVD CVE-2016-8578 at SUSE CVE-2016-8578 at NVD CVE-2016-8667 at SUSE CVE-2016-8667 at NVD CVE-2016-8668 at SUSE CVE-2016-8668 at NVD CVE-2016-8669 at SUSE CVE-2016-8669 at NVD CVE-2016-8909 at SUSE CVE-2016-8909 at NVD CVE-2016-8910 at SUSE CVE-2016-8910 at NVD CVE-2016-9101 at SUSE CVE-2016-9101 at NVD CVE-2016-9102 at SUSE CVE-2016-9102 at NVD CVE-2016-9103 at SUSE CVE-2016-9103 at NVD CVE-2016-9104 at SUSE CVE-2016-9104 at NVD CVE-2016-9105 at SUSE CVE-2016-9105 at NVD CVE-2016-9106 at SUSE CVE-2016-9106 at NVD CVE-2016-9381 at SUSE CVE-2016-9381 at NVD CVE-2016-9602 at SUSE CVE-2016-9602 at NVD CVE-2016-9776 at SUSE CVE-2016-9776 at NVD CVE-2016-9845 at SUSE CVE-2016-9845 at NVD CVE-2016-9846 at SUSE CVE-2016-9846 at NVD CVE-2016-9907 at SUSE CVE-2016-9907 at NVD CVE-2016-9908 at SUSE CVE-2016-9908 at NVD CVE-2016-9911 at SUSE CVE-2016-9911 at NVD CVE-2016-9912 at SUSE CVE-2016-9912 at NVD CVE-2016-9913 at SUSE CVE-2016-9913 at NVD CVE-2016-9921 at SUSE CVE-2016-9921 at NVD CVE-2016-9922 at SUSE CVE-2016-9922 at NVD CVE-2016-9923 at SUSE CVE-2016-9923 at NVD CVE-2017-10664 at SUSE CVE-2017-10664 at NVD CVE-2017-10806 at SUSE CVE-2017-10806 at NVD CVE-2017-11334 at SUSE CVE-2017-11334 at NVD CVE-2017-11434 at SUSE CVE-2017-11434 at NVD CVE-2017-13672 at SUSE CVE-2017-13672 at NVD CVE-2017-13673 at SUSE CVE-2017-13673 at NVD CVE-2017-13711 at SUSE CVE-2017-13711 at NVD CVE-2017-14167 at SUSE CVE-2017-14167 at NVD CVE-2017-15038 at SUSE CVE-2017-15038 at NVD CVE-2017-15118 at SUSE CVE-2017-15118 at NVD CVE-2017-15119 at SUSE CVE-2017-15119 at NVD CVE-2017-15268 at SUSE CVE-2017-15268 at NVD CVE-2017-15289 at SUSE CVE-2017-15289 at NVD CVE-2017-2615 at SUSE CVE-2017-2615 at NVD CVE-2017-2620 at SUSE CVE-2017-2620 at NVD CVE-2017-2630 at SUSE CVE-2017-2630 at NVD CVE-2017-2633 at SUSE CVE-2017-2633 at NVD CVE-2017-5525 at SUSE CVE-2017-5525 at NVD CVE-2017-5526 at SUSE CVE-2017-5526 at NVD CVE-2017-5552 at SUSE CVE-2017-5552 at NVD CVE-2017-5578 at SUSE CVE-2017-5578 at NVD CVE-2017-5579 at SUSE CVE-2017-5579 at NVD CVE-2017-5667 at SUSE CVE-2017-5667 at NVD CVE-2017-5715 at SUSE CVE-2017-5715 at NVD CVE-2017-5856 at SUSE CVE-2017-5856 at NVD CVE-2017-5857 at SUSE CVE-2017-5857 at NVD CVE-2017-5898 at SUSE CVE-2017-5898 at NVD CVE-2017-5931 at SUSE CVE-2017-5931 at NVD CVE-2017-5973 at SUSE CVE-2017-5973 at NVD CVE-2017-5987 at SUSE CVE-2017-5987 at NVD CVE-2017-6058 at SUSE CVE-2017-6058 at NVD CVE-2017-6505 at SUSE CVE-2017-6505 at NVD CVE-2017-7471 at SUSE CVE-2017-7471 at NVD CVE-2017-7493 at SUSE CVE-2017-7493 at NVD CVE-2017-8112 at SUSE CVE-2017-8112 at NVD CVE-2017-8309 at SUSE CVE-2017-8309 at NVD CVE-2017-8379 at SUSE CVE-2017-8379 at NVD CVE-2017-8380 at SUSE CVE-2017-8380 at NVD CVE-2017-9503 at SUSE CVE-2017-9503 at NVD CVE-2017-9524 at SUSE CVE-2017-9524 at NVD CVE-2018-10839 at SUSE CVE-2018-10839 at NVD CVE-2018-11806 at SUSE CVE-2018-11806 at NVD CVE-2018-12126 at SUSE CVE-2018-12126 at NVD CVE-2018-12127 at SUSE CVE-2018-12127 at NVD CVE-2018-12130 at SUSE CVE-2018-12130 at NVD CVE-2018-12207 at SUSE CVE-2018-12207 at NVD CVE-2018-12617 at SUSE CVE-2018-12617 at NVD CVE-2018-15746 at SUSE CVE-2018-15746 at NVD CVE-2018-16847 at SUSE CVE-2018-16847 at NVD CVE-2018-16872 at SUSE CVE-2018-16872 at NVD CVE-2018-17958 at SUSE CVE-2018-17958 at NVD CVE-2018-17962 at SUSE CVE-2018-17962 at NVD CVE-2018-17963 at SUSE CVE-2018-17963 at NVD CVE-2018-18849 at SUSE CVE-2018-18849 at NVD CVE-2018-20123 at SUSE CVE-2018-20123 at NVD CVE-2018-20124 at SUSE CVE-2018-20124 at NVD CVE-2018-20125 at SUSE CVE-2018-20125 at NVD CVE-2018-20126 at SUSE CVE-2018-20126 at NVD CVE-2018-20191 at SUSE CVE-2018-20191 at NVD CVE-2018-20216 at SUSE CVE-2018-20216 at NVD CVE-2018-20815 at SUSE CVE-2018-20815 at NVD CVE-2018-3639 at SUSE CVE-2018-3639 at NVD CVE-2018-7550 at SUSE CVE-2018-7550 at NVD CVE-2018-7858 at SUSE CVE-2018-7858 at NVD CVE-2019-11091 at SUSE CVE-2019-11091 at NVD CVE-2019-11135 at SUSE CVE-2019-11135 at NVD CVE-2019-12068 at SUSE CVE-2019-12068 at NVD CVE-2019-12155 at SUSE CVE-2019-12155 at NVD CVE-2019-13164 at SUSE CVE-2019-13164 at NVD CVE-2019-14378 at SUSE CVE-2019-14378 at NVD CVE-2019-15890 at SUSE CVE-2019-15890 at NVD CVE-2019-5008 at SUSE CVE-2019-5008 at NVD CVE-2019-6778 at SUSE CVE-2019-6778 at NVD CVE-2019-8934 at SUSE CVE-2019-8934 at NVD CVE-2019-9824 at SUSE CVE-2019-9824 at NVD CVE-2020-10702 at SUSE CVE-2020-10702 at NVD CVE-2020-10761 at SUSE CVE-2020-10761 at NVD CVE-2020-11102 at SUSE CVE-2020-11102 at NVD CVE-2020-11869 at SUSE CVE-2020-11869 at NVD CVE-2020-11947 at SUSE CVE-2020-11947 at NVD CVE-2020-13361 at SUSE CVE-2020-13361 at NVD CVE-2020-13362 at SUSE CVE-2020-13362 at NVD CVE-2020-13659 at SUSE CVE-2020-13659 at NVD CVE-2020-13800 at SUSE CVE-2020-13800 at NVD CVE-2020-14364 at SUSE CVE-2020-14364 at NVD CVE-2020-15863 at SUSE CVE-2020-15863 at NVD CVE-2020-16092 at SUSE CVE-2020-16092 at NVD CVE-2020-1711 at SUSE CVE-2020-1711 at NVD CVE-2020-1983 at SUSE CVE-2020-1983 at NVD CVE-2020-24352 at SUSE CVE-2020-24352 at NVD CVE-2020-7039 at SUSE CVE-2020-7039 at NVD CVE-2020-8608 at SUSE CVE-2020-8608 at NVD CVE-2021-20181 at SUSE CVE-2021-20181 at NVD CVE-2021-20203 at SUSE CVE-2021-20203 at NVD CVE-2021-20221 at SUSE CVE-2021-20221 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the rpcbind-0.2.3-5.9.2 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2015-7236 at SUSE CVE-2015-7236 at NVD CVE-2017-8779 at SUSE CVE-2017-8779 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the rpm-4.14.1-20.3 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2017-7500 at SUSE CVE-2017-7500 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the rsync-3.1.3-4.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2014-8242 at SUSE CVE-2014-8242 at NVD CVE-2014-9512 at SUSE CVE-2014-9512 at NVD CVE-2017-16548 at SUSE CVE-2017-16548 at NVD CVE-2018-5764 at SUSE CVE-2018-5764 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the shadow-4.6-3.5.6 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2018-7169 at SUSE CVE-2018-7169 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the shim-15+git47-3.13.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2014-3675 at SUSE CVE-2014-3675 at NVD CVE-2014-3676 at SUSE CVE-2014-3676 at NVD CVE-2014-3677 at SUSE CVE-2014-3677 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the slirp4netns-0.4.7-3.12.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2019-6778 at SUSE CVE-2019-6778 at NVD CVE-2020-10756 at SUSE CVE-2020-10756 at NVD CVE-2020-1983 at SUSE CVE-2020-1983 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the squashfs-4.3-1.29 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2012-4024 at SUSE CVE-2012-4024 at NVD CVE-2012-4025 at SUSE CVE-2012-4025 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the sudo-1.8.22-4.15.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2014-9680 at SUSE CVE-2014-9680 at NVD CVE-2016-7032 at SUSE CVE-2016-7032 at NVD CVE-2016-7076 at SUSE CVE-2016-7076 at NVD CVE-2017-1000367 at SUSE CVE-2017-1000367 at NVD CVE-2017-1000368 at SUSE CVE-2017-1000368 at NVD CVE-2019-14287 at SUSE CVE-2019-14287 at NVD CVE-2019-18634 at SUSE CVE-2019-18634 at NVD CVE-2021-23239 at SUSE CVE-2021-23239 at NVD CVE-2021-23240 at SUSE CVE-2021-23240 at NVD CVE-2021-3156 at SUSE CVE-2021-3156 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the supportutils-3.1.9-5.24.3 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2018-19637 at SUSE CVE-2018-19637 at NVD CVE-2018-19638 at SUSE CVE-2018-19638 at NVD CVE-2018-19639 at SUSE CVE-2018-19639 at NVD CVE-2018-19640 at SUSE CVE-2018-19640 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the tar-1.30-3.3.2 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2010-0624 at SUSE CVE-2010-0624 at NVD CVE-2016-6321 at SUSE CVE-2016-6321 at NVD CVE-2018-20482 at SUSE CVE-2018-20482 at NVD CVE-2019-9923 at SUSE CVE-2019-9923 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the ucode-intel-20210216-2.19.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2017-5715 at SUSE CVE-2017-5715 at NVD CVE-2018-12126 at SUSE CVE-2018-12126 at NVD CVE-2018-12127 at SUSE CVE-2018-12127 at NVD CVE-2018-12130 at SUSE CVE-2018-12130 at NVD CVE-2018-3639 at SUSE CVE-2018-3639 at NVD CVE-2018-3640 at SUSE CVE-2018-3640 at NVD CVE-2019-11091 at SUSE CVE-2019-11091 at NVD CVE-2019-11135 at SUSE CVE-2019-11135 at NVD CVE-2019-11139 at SUSE CVE-2019-11139 at NVD CVE-2020-0543 at SUSE CVE-2020-0543 at NVD CVE-2020-0548 at SUSE CVE-2020-0548 at NVD CVE-2020-0549 at SUSE CVE-2020-0549 at NVD CVE-2020-8695 at SUSE CVE-2020-8695 at NVD CVE-2020-8696 at SUSE CVE-2020-8696 at NVD CVE-2020-8698 at SUSE CVE-2020-8698 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the update-alternatives-1.19.0.4-2.48 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2015-0840 at SUSE CVE-2015-0840 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the vim-data-common-8.0.1568-5.11.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2009-0316 at SUSE CVE-2009-0316 at NVD CVE-2017-1000382 at SUSE CVE-2017-1000382 at NVD CVE-2017-5953 at SUSE CVE-2017-5953 at NVD CVE-2017-6349 at SUSE CVE-2017-6349 at NVD CVE-2017-6350 at SUSE CVE-2017-6350 at NVD CVE-2019-12735 at SUSE CVE-2019-12735 at NVD CVE-2019-20807 at SUSE CVE-2019-20807 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the wicked-0.6.64-3.3.4 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2019-18902 at SUSE CVE-2019-18902 at NVD CVE-2019-18903 at SUSE CVE-2019-18903 at NVD CVE-2020-7216 at SUSE CVE-2020-7216 at NVD CVE-2020-7217 at SUSE CVE-2020-7217 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the wpa_supplicant-2.9-4.23.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2014-3686 at SUSE CVE-2014-3686 at NVD CVE-2015-1863 at SUSE CVE-2015-1863 at NVD CVE-2015-4141 at SUSE CVE-2015-4141 at NVD CVE-2015-4142 at SUSE CVE-2015-4142 at NVD CVE-2015-4143 at SUSE CVE-2015-4143 at NVD CVE-2015-4144 at SUSE CVE-2015-4144 at NVD CVE-2015-4145 at SUSE CVE-2015-4145 at NVD CVE-2015-4146 at SUSE CVE-2015-4146 at NVD CVE-2015-5310 at SUSE CVE-2015-5310 at NVD CVE-2015-5315 at SUSE CVE-2015-5315 at NVD CVE-2015-5316 at SUSE CVE-2015-5316 at NVD CVE-2015-8041 at SUSE CVE-2015-8041 at NVD CVE-2016-4476 at SUSE CVE-2016-4476 at NVD CVE-2016-4477 at SUSE CVE-2016-4477 at NVD CVE-2017-13077 at SUSE CVE-2017-13077 at NVD CVE-2017-13078 at SUSE CVE-2017-13078 at NVD CVE-2017-13079 at SUSE CVE-2017-13079 at NVD CVE-2017-13080 at SUSE CVE-2017-13080 at NVD CVE-2017-13081 at SUSE CVE-2017-13081 at NVD CVE-2017-13082 at SUSE CVE-2017-13082 at NVD CVE-2017-13086 at SUSE CVE-2017-13086 at NVD CVE-2017-13087 at SUSE CVE-2017-13087 at NVD CVE-2017-13088 at SUSE CVE-2017-13088 at NVD CVE-2018-14526 at SUSE CVE-2018-14526 at NVD CVE-2019-11555 at SUSE CVE-2019-11555 at NVD CVE-2019-13377 at SUSE CVE-2019-13377 at NVD CVE-2019-16275 at SUSE CVE-2019-16275 at NVD CVE-2019-9494 at SUSE CVE-2019-9494 at NVD CVE-2019-9495 at SUSE CVE-2019-9495 at NVD CVE-2019-9497 at SUSE CVE-2019-9497 at NVD CVE-2019-9498 at SUSE CVE-2019-9498 at NVD CVE-2019-9499 at SUSE CVE-2019-9499 at NVD CVE-2021-0326 at SUSE CVE-2021-0326 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the xen-libs-4.13.2_06-3.22.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2013-3495 at SUSE CVE-2013-3495 at NVD CVE-2013-4533 at SUSE CVE-2013-4533 at NVD CVE-2013-4534 at SUSE CVE-2013-4534 at NVD CVE-2013-4537 at SUSE CVE-2013-4537 at NVD CVE-2013-4538 at SUSE CVE-2013-4538 at NVD CVE-2013-4539 at SUSE CVE-2013-4539 at NVD CVE-2013-4540 at SUSE CVE-2013-4540 at NVD CVE-2014-0222 at SUSE CVE-2014-0222 at NVD CVE-2014-3640 at SUSE CVE-2014-3640 at NVD CVE-2014-3672 at SUSE CVE-2014-3672 at NVD CVE-2014-7815 at SUSE CVE-2014-7815 at NVD CVE-2015-1779 at SUSE CVE-2015-1779 at NVD CVE-2015-3259 at SUSE CVE-2015-3259 at NVD CVE-2015-3340 at SUSE CVE-2015-3340 at NVD CVE-2015-3456 at SUSE CVE-2015-3456 at NVD CVE-2015-4037 at SUSE CVE-2015-4037 at NVD CVE-2015-4103 at SUSE CVE-2015-4103 at NVD CVE-2015-4104 at SUSE CVE-2015-4104 at NVD CVE-2015-4105 at SUSE CVE-2015-4105 at NVD CVE-2015-4106 at SUSE CVE-2015-4106 at NVD CVE-2015-5154 at SUSE CVE-2015-5154 at NVD CVE-2015-5239 at SUSE CVE-2015-5239 at NVD CVE-2015-5278 at SUSE CVE-2015-5278 at NVD CVE-2015-5307 at SUSE CVE-2015-5307 at NVD CVE-2015-6815 at SUSE CVE-2015-6815 at NVD CVE-2015-6855 at SUSE CVE-2015-6855 at NVD CVE-2015-7311 at SUSE CVE-2015-7311 at NVD CVE-2015-7504 at SUSE CVE-2015-7504 at NVD CVE-2015-7512 at SUSE CVE-2015-7512 at NVD CVE-2015-7549 at SUSE CVE-2015-7549 at NVD CVE-2015-7835 at SUSE CVE-2015-7835 at NVD CVE-2015-7969 at SUSE CVE-2015-7969 at NVD CVE-2015-7970 at SUSE CVE-2015-7970 at NVD CVE-2015-7971 at SUSE CVE-2015-7971 at NVD CVE-2015-7972 at SUSE CVE-2015-7972 at NVD CVE-2015-8104 at SUSE CVE-2015-8104 at NVD CVE-2015-8339 at SUSE CVE-2015-8339 at NVD CVE-2015-8340 at SUSE CVE-2015-8340 at NVD CVE-2015-8341 at SUSE CVE-2015-8341 at NVD CVE-2015-8345 at SUSE CVE-2015-8345 at NVD CVE-2015-8504 at SUSE CVE-2015-8504 at NVD CVE-2015-8550 at SUSE CVE-2015-8550 at NVD CVE-2015-8554 at SUSE CVE-2015-8554 at NVD CVE-2015-8555 at SUSE CVE-2015-8555 at NVD CVE-2015-8558 at SUSE CVE-2015-8558 at NVD CVE-2015-8567 at SUSE CVE-2015-8567 at NVD CVE-2015-8568 at SUSE CVE-2015-8568 at NVD CVE-2015-8613 at SUSE CVE-2015-8613 at NVD CVE-2015-8615 at SUSE CVE-2015-8615 at NVD CVE-2015-8619 at SUSE CVE-2015-8619 at NVD CVE-2015-8743 at SUSE CVE-2015-8743 at NVD CVE-2015-8744 at SUSE CVE-2015-8744 at NVD CVE-2015-8745 at SUSE CVE-2015-8745 at NVD CVE-2016-10013 at SUSE CVE-2016-10013 at NVD CVE-2016-10024 at SUSE CVE-2016-10024 at NVD CVE-2016-10025 at SUSE CVE-2016-10025 at NVD CVE-2016-1568 at SUSE CVE-2016-1568 at NVD CVE-2016-1570 at SUSE CVE-2016-1570 at NVD CVE-2016-1571 at SUSE CVE-2016-1571 at NVD CVE-2016-1714 at SUSE CVE-2016-1714 at NVD CVE-2016-1922 at SUSE CVE-2016-1922 at NVD CVE-2016-1981 at SUSE CVE-2016-1981 at NVD CVE-2016-2198 at SUSE CVE-2016-2198 at NVD CVE-2016-2270 at SUSE CVE-2016-2270 at NVD CVE-2016-2271 at SUSE CVE-2016-2271 at NVD CVE-2016-2391 at SUSE CVE-2016-2391 at NVD CVE-2016-2392 at SUSE CVE-2016-2392 at NVD CVE-2016-2538 at SUSE CVE-2016-2538 at NVD CVE-2016-2841 at SUSE CVE-2016-2841 at NVD CVE-2016-4439 at SUSE CVE-2016-4439 at NVD CVE-2016-4441 at SUSE CVE-2016-4441 at NVD CVE-2016-5238 at SUSE CVE-2016-5238 at NVD CVE-2016-5338 at SUSE CVE-2016-5338 at NVD CVE-2016-6258 at SUSE CVE-2016-6258 at NVD CVE-2016-6259 at SUSE CVE-2016-6259 at NVD CVE-2016-6351 at SUSE CVE-2016-6351 at NVD CVE-2016-7092 at SUSE CVE-2016-7092 at NVD CVE-2016-7093 at SUSE CVE-2016-7093 at NVD CVE-2016-7094 at SUSE CVE-2016-7094 at NVD CVE-2016-7777 at SUSE CVE-2016-7777 at NVD CVE-2016-7908 at SUSE CVE-2016-7908 at NVD CVE-2016-7909 at SUSE CVE-2016-7909 at NVD CVE-2016-8667 at SUSE CVE-2016-8667 at NVD CVE-2016-8669 at SUSE CVE-2016-8669 at NVD CVE-2016-8910 at SUSE CVE-2016-8910 at NVD CVE-2016-9377 at SUSE CVE-2016-9377 at NVD CVE-2016-9378 at SUSE CVE-2016-9378 at NVD CVE-2016-9379 at SUSE CVE-2016-9379 at NVD CVE-2016-9380 at SUSE CVE-2016-9380 at NVD CVE-2016-9381 at SUSE CVE-2016-9381 at NVD CVE-2016-9382 at SUSE CVE-2016-9382 at NVD CVE-2016-9383 at SUSE CVE-2016-9383 at NVD CVE-2016-9384 at SUSE CVE-2016-9384 at NVD CVE-2016-9385 at SUSE CVE-2016-9385 at NVD CVE-2016-9386 at SUSE CVE-2016-9386 at NVD CVE-2016-9637 at SUSE CVE-2016-9637 at NVD CVE-2016-9921 at SUSE CVE-2016-9921 at NVD CVE-2016-9922 at SUSE CVE-2016-9922 at NVD CVE-2016-9932 at SUSE CVE-2016-9932 at NVD CVE-2017-12135 at SUSE CVE-2017-12135 at NVD CVE-2017-12136 at SUSE CVE-2017-12136 at NVD CVE-2017-12137 at SUSE CVE-2017-12137 at NVD CVE-2017-2615 at SUSE CVE-2017-2615 at NVD CVE-2017-2620 at SUSE CVE-2017-2620 at NVD CVE-2017-5715 at SUSE CVE-2017-5715 at NVD CVE-2017-5753 at SUSE CVE-2017-5753 at NVD CVE-2017-5754 at SUSE CVE-2017-5754 at NVD CVE-2017-6505 at SUSE CVE-2017-6505 at NVD CVE-2017-8309 at SUSE CVE-2017-8309 at NVD CVE-2017-9330 at SUSE CVE-2017-9330 at NVD CVE-2018-10471 at SUSE CVE-2018-10471 at NVD CVE-2018-10472 at SUSE CVE-2018-10472 at NVD CVE-2018-10981 at SUSE CVE-2018-10981 at NVD CVE-2018-10982 at SUSE CVE-2018-10982 at NVD CVE-2018-12126 at SUSE CVE-2018-12126 at NVD CVE-2018-12127 at SUSE CVE-2018-12127 at NVD CVE-2018-12130 at SUSE CVE-2018-12130 at NVD CVE-2018-12891 at SUSE CVE-2018-12891 at NVD CVE-2018-12892 at SUSE CVE-2018-12892 at NVD CVE-2018-12893 at SUSE CVE-2018-12893 at NVD CVE-2018-15468 at SUSE CVE-2018-15468 at NVD CVE-2018-15469 at SUSE CVE-2018-15469 at NVD CVE-2018-15470 at SUSE CVE-2018-15470 at NVD CVE-2018-18883 at SUSE CVE-2018-18883 at NVD CVE-2018-19961 at SUSE CVE-2018-19961 at NVD CVE-2018-19962 at SUSE CVE-2018-19962 at NVD CVE-2018-19963 at SUSE CVE-2018-19963 at NVD CVE-2018-19964 at SUSE CVE-2018-19964 at NVD CVE-2018-19965 at SUSE CVE-2018-19965 at NVD CVE-2018-19966 at SUSE CVE-2018-19966 at NVD CVE-2018-19967 at SUSE CVE-2018-19967 at NVD CVE-2018-3639 at SUSE CVE-2018-3639 at NVD CVE-2018-3646 at SUSE CVE-2018-3646 at NVD CVE-2018-3665 at SUSE CVE-2018-3665 at NVD CVE-2018-5244 at SUSE CVE-2018-5244 at NVD CVE-2018-7540 at SUSE CVE-2018-7540 at NVD CVE-2018-7541 at SUSE CVE-2018-7541 at NVD CVE-2018-7542 at SUSE CVE-2018-7542 at NVD CVE-2018-8897 at SUSE CVE-2018-8897 at NVD CVE-2019-11091 at SUSE CVE-2019-11091 at NVD CVE-2019-17349 at SUSE CVE-2019-17349 at NVD CVE-2020-0543 at SUSE CVE-2020-0543 at NVD CVE-2020-11739 at SUSE CVE-2020-11739 at NVD CVE-2020-11740 at SUSE CVE-2020-11740 at NVD CVE-2020-11741 at SUSE CVE-2020-11741 at NVD CVE-2020-11742 at SUSE CVE-2020-11742 at NVD CVE-2020-11743 at SUSE CVE-2020-11743 at NVD CVE-2020-15563 at SUSE CVE-2020-15563 at NVD CVE-2020-15565 at SUSE CVE-2020-15565 at NVD CVE-2020-15566 at SUSE CVE-2020-15566 at NVD CVE-2020-15567 at SUSE CVE-2020-15567 at NVD CVE-2020-25595 at SUSE CVE-2020-25595 at NVD CVE-2020-25596 at SUSE CVE-2020-25596 at NVD CVE-2020-25597 at SUSE CVE-2020-25597 at NVD CVE-2020-25598 at SUSE CVE-2020-25598 at NVD CVE-2020-25599 at SUSE CVE-2020-25599 at NVD CVE-2020-25600 at SUSE CVE-2020-25600 at NVD CVE-2020-25601 at SUSE CVE-2020-25601 at NVD CVE-2020-25602 at SUSE CVE-2020-25602 at NVD CVE-2020-25603 at SUSE CVE-2020-25603 at NVD CVE-2020-25604 at SUSE CVE-2020-25604 at NVD CVE-2020-27670 at SUSE CVE-2020-27670 at NVD CVE-2020-27671 at SUSE CVE-2020-27671 at NVD CVE-2020-27672 at SUSE CVE-2020-27672 at NVD CVE-2020-27674 at SUSE CVE-2020-27674 at NVD CVE-2020-28368 at SUSE CVE-2020-28368 at NVD CVE-2020-29480 at SUSE CVE-2020-29480 at NVD CVE-2020-29481 at SUSE CVE-2020-29481 at NVD CVE-2020-29483 at SUSE CVE-2020-29483 at NVD CVE-2020-29484 at SUSE CVE-2020-29484 at NVD CVE-2020-29566 at SUSE CVE-2020-29566 at NVD CVE-2020-29570 at SUSE CVE-2020-29570 at NVD CVE-2020-29571 at SUSE CVE-2020-29571 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 These are all security issues fixed in the zypper-1.14.42-3.17.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. Moderate CVE-2017-7436 at SUSE CVE-2017-7436 at NVD CVE-2017-9269 at SUSE CVE-2017-9269 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (bsc#1183934) - CVE-2021-22876: Automatic referer leaks credentials (bsc#1183933) Moderate SUSE bug 1183933 SUSE bug 1183934 CVE-2021-22876 at SUSE CVE-2021-22876 at NVD CVE-2021-22890 at SUSE CVE-2021-22890 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for MozillaFirefox fixes the following issues: - Firefox was updated to 78.9.0 ESR (MFSA 2021-11, bsc#1183942) * CVE-2021-23981: Texture upload into an unbound backing buffer resulted in an out-of-bound read * CVE-2021-23982: Internal network hosts could have been probed by a malicious webpage * CVE-2021-23984: Malicious extensions could have spoofed popup information * CVE-2021-23987: Memory safety bugs Important SUSE bug 1183942 CVE-2021-23981 at SUSE CVE-2021-23981 at NVD CVE-2021-23982 at SUSE CVE-2021-23982 at NVD CVE-2021-23984 at SUSE CVE-2021-23984 at NVD CVE-2021-23987 at SUSE CVE-2021-23987 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for xen fixes the following issues: - CVE-2021-3308: VUL-0: xen: IRQ vector leak on x86 (bsc#1181254, XSA-360) - CVE-2021-28687: HVM soft-reset crashes toolstack (bsc#1183072, XSA-368) - L3: conring size for XEN HV's with huge memory to small. Inital Xen logs cut (bsc#1177204) - L3: XEN domU crashed on resume when using the xl unpause command (bsc#1182576) - L3: xen: no needsreboot flag set (bsc#1180690) - kdump of HVM fails, soft-reset not handled by libxl (bsc#1179148) - openQA job causes libvirtd to dump core when running kdump inside domain (bsc#1181989) - Upstream bug fixes (bsc#1027519) Important SUSE bug 1027519 SUSE bug 1177204 SUSE bug 1179148 SUSE bug 1180690 SUSE bug 1181254 SUSE bug 1181989 SUSE bug 1182576 SUSE bug 1183072 CVE-2021-28687 at SUSE CVE-2021-28687 at NVD CVE-2021-3308 at SUSE CVE-2021-3308 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for wpa_supplicant fixes the following issues: - CVE-2021-30004: Fixed an issue where forging attacks might have occured because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c (bsc#1184348). Moderate SUSE bug 1184348 CVE-2021-30004 at SUSE CVE-2021-30004 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be 0 leading to out of bounds read (bsc#1184170). - CVE-2021-3428: Fixed an integer overflow in ext4_es_cache_extent (bsc#1173485). - CVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bsc#1184192 ). - CVE-2021-29265: Fixed an issue in usbip_sockfd_store which could have allowed attackers to cause a denial of service due to race conditions during an update of the local and shared status (bsc#1184167). - CVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet driver which could have allowed attackers to cause a system crash due to a calculation of negative fragment size (bsc#1184168). - CVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly (bsc#1184198). - CVE-2021-28971: Fixed an issue in intel_pmu_drain_pebs_nhm which could have caused a system crash because the PEBS status in a PEBS record was mishandled (bsc#1184196 ). - CVE-2021-28964: Fixed a race condition in get_old_root which could have allowed attackers to cause a denial of service (bsc#1184193). - CVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646). - CVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan (bsc#1183593 ). - CVE-2021-28375: Fixed an issue in fastrpc_internal_invoke which did not prevent user applications from sending kernel RPC messages (bsc#1183596). - CVE-2021-28038: Fixed an issue with the netback driver which was lacking necessary treatment of errors such as failed memory allocations (bsc#1183022). - CVE-2021-27365: Fixed an issue where an unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bsc#1182715). - CVE-2021-27364: Fixed an issue where an attacker could craft Netlink messages (bsc#1182717). - CVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure (bsc#1182716). - CVE-2020-35519: Fixed an out-of-bounds memory access was found in x25_bind (bsc#1183696). - CVE-2020-27815: Fixed an issue in JFS filesystem where could have allowed an attacker to execute code (bsc#1179454). - CVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183775). - CVE-2020-27170: Fixed potential side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183686). - CVE-2019-19769: Fixed a use-after-free in the perf_trace_lock_acquire function (bsc#1159280 ). - CVE-2019-18814: Fixed a use-after-free when aa_label_parse() fails in aa_audit_rule_init() (bsc#1156256). - CVE-2021-3483: Fixed a use-after-free in nosy.c (bsc#1184393). - CVE-2021-30002: Fixed a memory leak for large arguments in video_usercopy (bsc#1184120). - CVE-2021-29154: Fixed incorrect computation of branch displacements, allowing arbitrary code execution (bsc#1184391). - CVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h due to a retry loop continually was finding the same bad inode (bsc#1184194). - CVE-2020-36312: Fixed a memory leak upon a kmalloc failure (bsc#1184509 ). - CVE-2020-36311: Fixed a denial of service (soft lockup) by triggering destruction of a large SEV VM (bsc#1184511). - CVE-2020-36310: Fixed infinite loop for certain nested page faults (bsc#1184512). - CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673: Fixed multiple bugs in NFC subsytem (bsc#1178181). - CVE-2020-36322: Fixed an issue was discovered in FUSE filesystem implementation which could have caused a system crash (bsc#1184211). The following non-security bugs were fixed: - 0007-block-add-docs-for-gendisk-request_queue-refcount-he.patch: (bsc#1171295, git fixes (block drivers)). - 0008-block-revert-back-to-synchronous-request_queue-remov.patch: (bsc#1171295, git fixes (block drivers)). - 0009-blktrace-fix-debugfs-use-after-free.patch: (bsc#1171295, git fixes (block drivers)). - ACPI: bus: Constify is_acpi_node() and friends (part 2) (git-fixes). - ACPICA: Always create namespace nodes using acpi_ns_create_node() (git-fixes). - ACPICA: Enable sleep button on ACPI legacy wake (bsc#1181383). - ACPICA: Fix race in generic_serial_bus (I2C) and GPIO op_region parameter handling (git-fixes). - ACPI: scan: Rearrange memory allocation in acpi_device_add() (git-fixes). - ACPI: video: Add DMI quirk for GIGABYTE GB-BXBT-2807 (git-fixes). - ACPI: video: Add missing callback back for Sony VPCEH3U1E (git-fixes). - ALSA: aloop: Fix initialization of controls (git-fixes). - ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits (git-fixes). - ALSA: hda: Avoid spurious unsol event handling during S3/S4 (git-fixes). - ALSA: hda: Drop the BATCH workaround for AMD controllers (git-fixes). - ALSA: hda: generic: Fix the micmute led init state (git-fixes). - ALSA: hda/hdmi: Cancel pending works before suspend (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NH55RZQ (git-fixes). - ALSA: hda/realtek: Add quirk for Intel NUC 10 (git-fixes). - ALSA: hda/realtek: Apply dual codec quirks for MSI Godlike X570 board (git-fixes). - ALSA: hda/realtek: Apply headset-mic quirks for Xiaomi Redmibook Air (git-fixes). - ALSA: hda/realtek: apply pin quirk for XiaomiNotebook Pro (git-fixes). - ALSA: hda/realtek: Enable headset mic of Acer SWIFT with ALC256 (git-fixes). - ALSA: hda/realtek: fix a determine_headset_type issue for a Dell AIO (git-fixes). - ALSA: hda/realtek: Fix speaker amp setup on Acer Aspire E1 (git-fixes). - ALSA: usb: Add Plantronics C320-M USB ctrl msg delay quirk (bsc#1182552). - ALSA: usb-audio: Allow modifying parameters with succeeding hw_params calls (bsc#1182552). - ALSA: usb-audio: Apply sample rate quirk to Logitech Connect (git-fixes). - ALSA: usb-audio: Apply the control quirk to Plantronics headsets (bsc#1182552). - ALSA: usb-audio: Disable USB autosuspend properly in setup_disable_autosuspend() (bsc#1182552). - ALSA: usb-audio: Do not abort even if the clock rate differs (bsc#1182552). - ALSA: usb-audio: Drop bogus dB range in too low level (bsc#1182552). - ALSA: usb-audio: Fix 'cannot get freq eq' errors on Dell AE515 sound bar (bsc#1182552). - ALSA: usb-audio: fix NULL ptr dereference in usb_audio_probe (bsc#1182552). - ALSA: usb-audio: Fix 'RANGE setting not yet supported' errors (git-fixes). - ALSA: usb-audio: fix use after free in usb_audio_disconnect (bsc#1182552). - ALSA: usb-audio: Skip the clock selector inquiry for single connections (git-fixes). - ALSA: usb: Use DIV_ROUND_UP() instead of open-coding it (git-fixes). - amd/amdgpu: Disable VCN DPG mode for Picasso (git-fixes). - apparmor: check/put label on apparmor_sk_clone_security() (git-fixes). - appletalk: Fix skb allocation size in loopback case (git-fixes). - arm64: make STACKPROTECTOR_PER_TASK configurable (bsc#1181862). - ASoC: ak4458: Add MODULE_DEVICE_TABLE (git-fixes). - ASoC: ak5558: Add MODULE_DEVICE_TABLE (git-fixes). - ASoC: cs42l42: Always wait at least 3ms after reset (git-fixes). - ASoC: cs42l42: Do not enable/disable regulator at Bias Level (git-fixes). - ASoC: cs42l42: Fix Bitclock polarity inversion (git-fixes). - ASoC: cs42l42: Fix channel width support (git-fixes). - ASoC: cs42l42: Fix mixer volume control (git-fixes). - ASoC: cygnus: fix for_each_child.cocci warnings (git-fixes). - ASoC: es8316: Simplify adc_pga_gain_tlv table (git-fixes). - ASoC: fsl_esai: Fix TDM slot setup for I2S mode (git-fixes). - ASoC: fsl_ssi: Fix TDM slot setup for I2S mode (git-fixes). - ASoC: Intel: Add DMI quirk table to soc_intel_is_byt_cr() (git-fixes). - ASoC: intel: atom: Remove 44100 sample-rate from the media and deep-buffer DAI descriptions (git-fixes). - ASoC: intel: atom: Stop advertising non working S24LE support (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for ARCHOS Cesium 140 (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Acer One S1002 tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Estar Beauty HD MID 7316R tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Voyo Winpad A15 tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Fix HP Pavilion x2 10-p0XX OVCD current threshold (git-fixes). - ASoC: Intel: bytcr_rt5651: Add quirk for the Jumper EZpad 7 tablet (git-fixes). - ASoC: max98373: Added 30ms turn on/off time delay (git-fixes). - ASoC: rt5640: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes). - ASoC: rt5651: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes). - ASoC: rt5670: Add emulated 'DAC1 Playback Switch' control (git-fixes). - ASoC: rt5670: Remove ADC vol-ctrl mute bits poking from Sto1 ADC mixer settings (git-fixes). - ASoC: rt5670: Remove 'HP Playback Switch' control (git-fixes). - ASoC: rt5670: Remove 'OUT Channel Switch' control (git-fixes). - ASoC: sgtl5000: set DAP_AVC_CTRL register to correct default value on probe (git-fixes). - ASoC: simple-card-utils: Do not handle device clock (git-fixes). - ASoC: sunxi: sun4i-codec: fill ASoC card owner (git-fixes). - ASoC: wm8960: Fix wrong bclk and lrclk with pll enabled for some chips (git-fixes). - ath10k: fix wmi mgmt tx queue full due to race condition (git-fixes). - ath10k: hold RCU lock when calling ieee80211_find_sta_by_ifaddr() (git-fixes). - ath9k: fix transmitting to stations in dynamic SMPS mode (git-fixes). - atl1c: fix error return code in atl1c_probe() (git-fixes). - atl1e: fix error return code in atl1e_probe() (git-fixes). - batman-adv: initialize 'struct batadv_tvlv_tt_vlan_data'->reserved field (git-fixes). - binfmt_misc: fix possible deadlock in bm_register_write (git-fixes). - binfmt_misc: fix possible deadlock in bm_register_write (git-fixes). - blktrace-annotate-required-lock-on-do_blk_trace_setu.patch: (bsc#1171295). - blktrace-Avoid-sparse-warnings-when-assigning-q-blk_.patch: (bsc#1171295). - blktrace-break-out-of-blktrace-setup-on-concurrent-c.patch: (bsc#1171295). - block-clarify-context-for-refcount-increment-helpers.patch: (bsc#1171295). - block: rsxx: fix error return code of rsxx_pci_probe() (git-fixes). - Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data (git-fixes). - Bluetooth: hci_h5: Set HCI_QUIRK_SIMULTANEOUS_DISCOVERY for btrtl (git-fixes). - bnxt_en: reliably allocate IRQ table on reset to avoid crash (jsc#SLE-8371 bsc#1153274). - bpf: Add sanity check for upper ptr_limit (bsc#1183686 bsc#1183775). - bpf: Avoid warning when re-casting __bpf_call_base into __bpf_call_base_args (bsc#1155518). - bpf: Declare __bpf_free_used_maps() unconditionally (bsc#1155518). - bpf: Do not do bpf_cgroup_storage_set() for kuprobe/tp programs (bsc#1155518). - bpf: Fix 32 bit src register truncation on div/mod (bsc#1184170). - bpf: Fix verifier jsgt branch analysis on max bound (bsc#1155518). - bpf_lru_list: Read double-checked variable once without lock (bsc#1155518). - bpf: Remove MTU check in __bpf_skb_max_len (bsc#1155518). - bpf: Simplify alu_limit masking for pointer arithmetic (bsc#1183686 bsc#1183775). - bpf, sockmap: Fix sk->prot unhash op reset (bsc#1155518). - bpf,x64: Pad NOPs to make images converge more easily (bsc#1178163). - brcmfmac: Add DMI nvram filename quirk for Predia Basic tablet (git-fixes). - brcmfmac: Add DMI nvram filename quirk for Voyo winpad A15 tablet (git-fixes). - brcmfmac: clear EAP/association status bits on linkdown events (git-fixes). - btrfs: abort the transaction if we fail to inc ref in btrfs_copy_root (bsc#1184217). - btrfs: always pin deleted leaves when there are active tree mod log users (bsc#1184224). - btrfs: fix exhaustion of the system chunk array due to concurrent allocations (bsc#1183386). - btrfs: fix extent buffer leak on failure to copy root (bsc#1184218). - btrfs: fix race when cloning extent buffer during rewind of an old root (bsc#1184193). - btrfs: fix stale data exposure after cloning a hole with NO_HOLES enabled (bsc#1184220). - btrfs: fix subvolume/snapshot deletion not triggered on mount (bsc#1184219). - bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD (git-fixes). - bus: ti-sysc: Fix warning on unbind if reset is not deasserted (git-fixes). - can: c_can: move runtime PM enable/disable to c_can_platform (git-fixes). - can: c_can_pci: c_can_pci_remove(): fix use-after-free (git-fixes). - can: flexcan: assert FRZ bit in flexcan_chip_freeze() (git-fixes). - can: flexcan: enable RX FIFO after FRZ/HALT valid (git-fixes). - can: flexcan: flexcan_chip_freeze(): fix chip freeze for missing bitrate (git-fixes). - can: flexcan: invoke flexcan_chip_freeze() to enter freeze mode (git-fixes). - can: m_can: m_can_do_rx_poll(): fix extraneous msg loss warning (git-fixes). - can: peak_usb: add forgotten supported devices (git-fixes). - can: peak_usb: Revert 'can: peak_usb: add forgotten supported devices' (git-fixes). - can: skb: can_skb_set_owner(): fix ref counting if socket was closed before setting skb ownership (git-fixes). - cdc-acm: fix BREAK rx code path adding necessary calls (git-fixes). - cifs: change noisy error message to FYI (bsc#1181507). - cifs: check pointer before freeing (bsc#1183534). - cifs_debug: use %pd instead of messing with ->d_name (bsc#1181507). - cifs: do not send close in compound create+close requests (bsc#1181507). - cifs: New optype for session operations (bsc#1181507). - cifs: print MIDs in decimal notation (bsc#1181507). - cifs: return proper error code in statfs(2) (bsc#1181507). - cifs: Tracepoints and logs for tracing credit changes (bsc#1181507). - clk: fix invalid usage of list cursor in register (git-fixes). - clk: fix invalid usage of list cursor in unregister (git-fixes). - clk: socfpga: fix iomem pointer cast on 64-bit (git-fixes). - completion: Drop init_completion define (git-fixes). - configfs: fix a use-after-free in __configfs_open_file (git-fixes). - config: net: freescale: change xgmac-mdio to built-in References: bsc#1183015,bsc#1182595 - crypto: aesni - prevent misaligned buffers on the stack (git-fixes). - crypto: arm64/sha - add missing module aliases (git-fixes). - crypto: bcm - Rename struct device_private to bcm_device_private (git-fixes). - crypto: Kconfig - CRYPTO_MANAGER_EXTRA_TESTS requires the manager (git-fixes). - crypto: tcrypt - avoid signed overflow in byte count (git-fixes). - Delete patches.suse/sched-Reenable-interrupts-in-do_sched_yield.patch (bsc#1183530) - dm mpath: switch paths in dm_blk_ioctl() code path (bsc#1167574, bsc#1175995, bsc#1184485). - drivers/misc/vmw_vmci: restrict too big queue size in qp_host_alloc_queue (git-fixes). - drivers: video: fbcon: fix NULL dereference in fbcon_cursor() (git-fixes). - drm/amd/display: Guard against NULL pointer deref when get_i2c_info fails (git-fixes). - drm/amdgpu: Add check to prevent IH overflow (git-fixes). - drm/amdgpu: check alignment on CPU page for bo map (git-fixes). - drm/amdgpu: fix offset calculation in amdgpu_vm_bo_clear_mappings() (git-fixes). - drm/amdgpu: fix parameter error of RREG32_PCIE() in amdgpu_regs_pcie (git-fixes). - drm/amdkfd: Put ACPI table after using it (bsc#1152489) - drm/amd/powerplay: fix spelling mistake 'smu_state_memroy_block' -> (bsc#1152489) - drm/compat: Clear bounce structures (git-fixes). - drm/hisilicon: Fix use-after-free (git-fixes). - drm/i915: Fix invalid access to ACPI _DSM objects (bsc#1184074). - drm/i915: Reject 446-480MHz HDMI clock on GLK (git-fixes). - drm/mediatek: Fix aal size config (bsc#1152489) - drm: meson_drv add shutdown function (git-fixes). - drm/msm/a5xx: Remove overwriting A5XX_PC_DBG_ECO_CNTL register (git-fixes). - drm/msm/adreno: a5xx_power: Do not apply A540 lm_setup to other GPUs (git-fixes). - drm/msm/dsi: Correct io_start for MSM8994 (20nm PHY) (git-fixes). - drm/msm: Fix races managing the OOB state for timestamp vs (bsc#1152489) - drm/msm: fix shutdown hook in case GPU components failed to bind (git-fixes). - drm/msm: Fix use-after-free in msm_gem with carveout (bsc#1152489) - drm/msm: Fix WARN_ON() splat in _free_object() (bsc#1152489) - drm/msm/gem: Add obj->lock wrappers (bsc#1152489) - drm/msm: Ratelimit invalid-fence message (git-fixes). - drm/msm: Set drvdata to NULL when msm_drm_init() fails (git-fixes). - drm/nouveau: bail out of nouveau_channel_new if channel init fails (bsc#1152489) - drm/nouveau/kms: handle mDP connectors (git-fixes). - drm/panfrost: Do not corrupt the queue mutex on open/close (bsc#1152472) - drm/panfrost: Fix job timeout handling (bsc#1152472) - drm/panfrost: Remove unused variables in panfrost_job_close() (bsc#1152472) - drm/radeon: fix AGP dependency (git-fixes). - drm: rcar-du: Fix crash when using LVDS1 clock for CRTC (bsc#1152489) - drm/sched: Cancel and flush all outstanding jobs before finish (git-fixes). - drm/sun4i: tcon: fix inverted DCLK polarity (bsc#1152489) - drm/tegra: sor: Grab runtime PM reference across reset (git-fixes). - drm/vc4: hdmi: Restore cec physical address on reconnect (bsc#1152472) - efi: use 32-bit alignment for efi_guid_t literals (git-fixes). - enetc: Fix reporting of h/w packet counters (git-fixes). - epoll: check for events when removing a timed out thread from the wait queue (git-fixes). - ethernet: alx: fix order of calls on resume (git-fixes). - exec: Move would_dump into flush_old_exec (git-fixes). - exfat: add missing MODULE_ALIAS_FS() (bsc#1182989). - exfat: add the dummy mount options to be backward compatible with staging/exfat (bsc#1182989). - extcon: Add stubs for extcon_register_notifier_all() functions (git-fixes). - extcon: Fix error handling in extcon_dev_register (git-fixes). - fbdev: aty: SPARC64 requires FB_ATY_CT (git-fixes). - firmware/efi: Fix a use after bug in efi_mem_reserve_persistent (git-fixes). - flow_dissector: fix byteorder of dissected ICMP ID (bsc#1154353). - fsl/fman: check dereferencing null pointer (git-fixes). - fsl/fman: fix dereference null return value (git-fixes). - fsl/fman: fix eth hash table allocation (git-fixes). - fsl/fman: fix unreachable code (git-fixes). - fsl/fman: use 32-bit unsigned integer (git-fixes). - fuse: fix bad inode (bsc#1184211). - fuse: fix live lock in fuse_iget() (bsc#1184211). - fuse: verify write return (git-fixes). - gcc-plugins: drop support for GCC <= 4.7 (bcs#1181862). - gcc-plugins: make it possible to disable CONFIG_GCC_PLUGINS again (bcs#1181862). - gcc-plugins: simplify GCC plugin-dev capability test (bsc#1181862). - gianfar: Account for Tx PTP timestamp in the skb headroom (git-fixes). - gianfar: Fix TX timestamping with a stacked DSA driver (git-fixes). - gianfar: Handle error code at MAC address change (git-fixes). - gianfar: Replace skb_realloc_headroom with skb_cow_head for PTP (git-fixes). - Goodix Fingerprint device is not a modem (git-fixes). - gpiolib: acpi: Add missing IRQF_ONESHOT (git-fixes). - gpio: pca953x: Set IRQ type when handle Intel Galileo Gen 2 (git-fixes). - gpio: zynq: fix reference leak in zynq_gpio functions (git-fixes). - HID: i2c-hid: Add I2C_HID_QUIRK_NO_IRQ_AFTER_RESET for ITE8568 EC on Voyo Winpad A15 (git-fixes). - HID: mf: add support for 0079:1846 Mayflash/Dragonrise USB Gamecube Adapter (git-fixes). - HSI: Fix PM usage counter unbalance in ssi_hw_init (git-fixes). - hwmon: (ina3221) Fix PM usage counter unbalance in ina3221_write_enable (git-fixes). - i2c: rcar: faster irq code to minimize HW race condition (git-fixes). - i2c: rcar: optimize cacheline to minimize HW race condition (git-fixes). - i40e: Fix parameters in aq_get_phy_register() (jsc#SLE-8025). - i40e: Fix sparse error: 'vsi->netdev' could be null (jsc#SLE-8025). - iavf: Fix incorrect adapter get in iavf_resume (git-fixes). - iavf: use generic power management (git-fixes). - ibmvnic: add comments for spinlock_t definitions (bsc#1183871 ltc#192139). - ibmvnic: always store valid MAC address (bsc#1182011 ltc#191844). - ibmvnic: avoid multiple line dereference (bsc#1183871 ltc#192139). - ibmvnic: fix block comments (bsc#1183871 ltc#192139). - ibmvnic: fix braces (bsc#1183871 ltc#192139). - ibmvnic: fix miscellaneous checks (bsc#1183871 ltc#192139). - ibmvnic: Fix possibly uninitialized old_num_tx_queues variable warning (jsc#SLE-17268). - ibmvnic: merge do_change_param_reset into do_reset (bsc#1183871 ltc#192139). - ibmvnic: prefer strscpy over strlcpy (bsc#1183871 ltc#192139). - ibmvnic: prefer 'unsigned long' over 'unsigned long int' (bsc#1183871 ltc#192139). - ibmvnic: remove excessive irqsave (bsc#1182485 ltc#191591). - ibmvnic: remove unnecessary rmb() inside ibmvnic_poll (bsc#1183871 ltc#192139). - ibmvnic: remove unused spinlock_t stats_lock definition (bsc#1183871 ltc#192139). - ibmvnic: rework to ensure SCRQ entry reads are properly ordered (bsc#1183871 ltc#192139). - ibmvnic: simplify reset_long_term_buff function (bsc#1183023 ltc#191791). - ibmvnic: substitute mb() with dma_wmb() for send_*crq* functions (bsc#1183023 ltc#191791). - ice: fix memory leak if register_netdev_fails (git-fixes). - ice: fix memory leak in ice_vsi_setup (git-fixes). - ice: Fix state bits on LLDP mode switch (jsc#SLE-7926). - ice: remove DCBNL_DEVRESET bit from PF state (jsc#SLE-7926). - ice: renegotiate link after FW DCB on (jsc#SLE-8464). - ice: report correct max number of TCs (jsc#SLE-7926). - ice: update the number of available RSS queues (jsc#SLE-7926). - igc: Fix igc_ptp_rx_pktstamp() (bsc#1160634). - iio: adc: ad7949: fix wrong ADC result due to incorrect bit mask (git-fixes). - iio:adc:qcom-spmi-vadc: add default scale to LR_MUX2_BAT_ID channel (git-fixes). - iio: adis16400: Fix an error code in adis16400_initial_setup() (git-fixes). - iio: gyro: mpu3050: Fix error handling in mpu3050_trigger_handler (git-fixes). - iio: hid-sensor-humidity: Fix alignment issue of timestamp channel (git-fixes). - iio: hid-sensor-prox: Fix scale not correct issue (git-fixes). - iio: hid-sensor-temperature: Fix issues of timestamp channel (git-fixes). - include/linux/sched/mm.h: use rcu_dereference in in_vfork() (git-fixes). - Input: applespi - do not wait for responses to commands indefinitely (git-fixes). - Input: elantech - fix protocol errors for some trackpoints in SMBus mode (git-fixes). - Input: i8042 - add ASUS Zenbook Flip to noselftest list (git-fixes). - Input: raydium_ts_i2c - do not send zero length (git-fixes). - Input: xpad - add support for PowerA Enhanced Wired Controller for Xbox Series X|S (git-fixes). - iommu/amd: Fix sleeping in atomic in increase_address_space() (bsc#1183277). - iommu/intel: Fix memleak in intel_irq_remapping_alloc (bsc#1183278). - iommu/qcom: add missing put_device() call in qcom_iommu_of_xlate() (bsc#1183637). - iommu/vt-d: Add get_domain_info() helper (bsc#1183279). - iommu/vt-d: Avoid panic if iommu init fails in tboot system (bsc#1183280). - iommu/vt-d: Correctly check addr alignment in qi_flush_dev_iotlb_pasid() (bsc#1183281). - iommu/vt-d: Do not use flush-queue when caching-mode is on (bsc#1183282). - iommu/vt-d: Fix general protection fault in aux_detach_device() (bsc#1183283). - iommu/vt-d: Fix ineffective devTLB invalidation for subdevices (bsc#1183284). - iommu/vt-d: Fix unaligned addresses for intel_flush_svm_range_dev() (bsc#1183285). - iommu/vt-d: Move intel_iommu info from struct intel_svm to struct intel_svm_dev (bsc#1183286). - iommu/vt-d: Use device numa domain if RHSA is missing (bsc#1184585). - ionic: linearize tso skb with too many frags (bsc#1167773). - kABI: powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes). - kbuild: add dummy toolchains to enable all cc-option etc. in Kconfig (bcs#1181862). - kbuild: change *FLAGS_<basetarget>.o to take the path relative to $(obj) (bcs#1181862). - kbuild: dummy-tools, fix inverted tests for gcc (bcs#1181862). - kbuild: dummy-tools, support MPROFILE_KERNEL checks for ppc (bsc#1181862). - kbuild: Fail if gold linker is detected (bcs#1181862). - kbuild: improve cc-option to clean up all temporary files (bsc#1178330). - kbuild: include scripts/Makefile.* only when relevant CONFIG is enabled (bcs#1181862). - kbuild: simplify GCC_PLUGINS enablement in dummy-tools/gcc (bcs#1181862). - kbuild: stop filtering out $(GCC_PLUGINS_CFLAGS) from cc-option base (bcs#1181862). - kbuild: use -S instead of -E for precise cc-option test in Kconfig (bsc#1178330). - kconfig: introduce m32-flag and m64-flag (bcs#1181862). - KVM: nVMX: Properly handle userspace interrupt window request (bsc#1183427). - KVM: SVM: Clear the CR4 register on reset (bsc#1183252). - KVM: x86: Add helpers to perform CPUID-based guest vendor check (bsc#1183445). - KVM: x86: Add RIP to the kvm_entry, i.e. VM-Enter, tracepoint Needed as a dependency of 0b40723a827 ('kvm: tracing: Fix unmatched kvm_entry and kvm_exit events', bsc#1182770). - KVM: x86: Allow guests to see MSR_IA32_TSX_CTRL even if tsx=off (bsc#1183287). - KVM: x86: do not reset microcode version on INIT or RESET (bsc#1183412). - KVM x86: Extend AMD specific guest behavior to Hygon virtual CPUs (bsc#1183447). - KVM: x86: list MSR_IA32_UCODE_REV as an emulated MSR (bsc#1183369). - KVM: x86: Return -E2BIG when KVM_GET_SUPPORTED_CPUID hits max entries (bsc#1183428). - KVM: x86: Set so called 'reserved CR3 bits in LM mask' at vCPU reset (bsc#1183288). - libbpf: Clear map_info before each bpf_obj_get_info_by_fd (bsc#1155518). - libbpf: Fix BTF dump of pointer-to-array-of-struct (bsc#1155518). - libbpf: Fix INSTALL flag order (bsc#1155518). - libbpf: Only create rx and tx XDP rings when necessary (bsc#1155518). - libbpf: Use SOCK_CLOEXEC when opening the netlink socket (bsc#1155518). - lib/syscall: fix syscall registers retrieval on 32-bit platforms (git-fixes). - locking/mutex: Fix non debug version of mutex_lock_io_nested() (git-fixes). - loop-be-paranoid-on-exit-and-prevent-new-additions-r.patch: (bsc#1171295). - mac80211: choose first enabled channel for monitor (git-fixes). - mac80211: fix double free in ibss_leave (git-fixes). - mac80211: fix rate mask reset (git-fixes). - mac80211: fix TXQ AC confusion (git-fixes). - mdio: fix mdio-thunder.c dependency & build error (git-fixes). - media: cros-ec-cec: do not bail on device_init_wakeup failure (git-fixes). - media: cx23885: add more quirks for reset DMA on some AMD IOMMU (git-fixes). - media: mceusb: Fix potential out-of-bounds shift (git-fixes). - media: mceusb: sanity check for prescaler value (git-fixes). - media: rc: compile rc-cec.c into rc-core (git-fixes). - media: usbtv: Fix deadlock on suspend (git-fixes). - media: uvcvideo: Allow entities with no pads (git-fixes). - media: v4l2-ctrls.c: fix shift-out-of-bounds in std_validate (git-fixes). - media: v4l: vsp1: Fix bru null pointer access (git-fixes). - media: v4l: vsp1: Fix uif null pointer access (git-fixes). - media: vicodec: add missing v4l2_ctrl_request_hdl_put() (git-fixes). - misc: eeprom_93xx46: Add quirk to support Microchip 93LC46B eeprom (git-fixes). - misc: fastrpc: restrict user apps from sending kernel RPC messages (git-fixes). - misc/pvpanic: Export module FDT device table (git-fixes). - misc: rtsx: init of rts522a add OCP power off when no card is present (git-fixes). - mISDN: fix crash in fritzpci (git-fixes). - mmc: core: Fix partition switch time for eMMC (git-fixes). - mmc: cqhci: Fix random crash when remove mmc module/card (git-fixes). - mmc: mxs-mmc: Fix a resource leak in an error handling path in 'mxs_mmc_probe()' (git-fixes). - mmc: sdhci-esdhc-imx: fix kernel panic when remove module (git-fixes). - mmc: sdhci-of-dwcmshc: set SDHCI_QUIRK2_PRESET_VALUE_BROKEN (git-fixes). - mm: hugetlbfs: fix cannot migrate the fallocated HugeTLB page (git-fixes). - mm, numa: fix bad pmd by atomically check for pmd_trans_huge when marking page tables prot_numa (bsc#1168777). - mount: fix mounting of detached mounts onto targets that reside on shared mounts (git-fixes). - mt76: dma: do not report truncated frames to mac80211 (git-fixes). - mwifiex: pcie: skip cancel_work_sync() on reset failure path (git-fixes). - net: arc_emac: Fix memleak in arc_mdio_probe (git-fixes). - net: atheros: switch from 'pci_' to 'dma_' API (git-fixes). - net: b44: fix error return code in b44_init_one() (git-fixes). - net: bonding: fix error return code of bond_neigh_init() (bsc#1154353). - net: cdc-phonet: fix data-interface release on probe failure (git-fixes). - net: core: introduce __netdev_notify_peers (bsc#1183871 ltc#192139). - netdevsim: init u64 stats for 32bit hardware (git-fixes). - net: dsa: rtl8366: Fix VLAN semantics (git-fixes). - net: dsa: rtl8366: Fix VLAN set-up (git-fixes). - net: dsa: rtl8366rb: Support all 4096 VLANs (git-fixes). - net: enic: Cure the enic api locking trainwreck (git-fixes). - net: ethernet: aquantia: Fix wrong return value (git-fixes). - net: ethernet: cavium: octeon_mgmt: use phy_start and phy_stop (git-fixes). - net: ethernet: ibm: ibmvnic: Fix some kernel-doc misdemeanours (bsc#1183871 ltc#192139). - net: ethernet: ti: cpsw: fix clean up of vlan mc entries for host port (git-fixes). - net: ethernet: ti: cpsw: fix error return code in cpsw_probe() (git-fixes). - net: fec: Fix phy_device lookup for phy_reset_after_clk_enable() (git-fixes). - net: fec: Fix PHY init after phy_reset_after_clk_enable() (git-fixes). - net: fec: Fix reference count leak in fec series ops (git-fixes). - net: gemini: Fix another missing clk_disable_unprepare() in probe (git-fixes). - net: gemini: Fix missing free_netdev() in error path of gemini_ethernet_port_probe() (git-fixes). - net: gianfar: Add of_node_put() before goto statement (git-fixes). - net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device (git-fixes). - net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling ether_setup (git-fixes). - net: hns3: Remove the left over redundant check & assignment (bsc#1154353). - net: korina: cast KSEG0 address to pointer in kfree (git-fixes). - net: korina: fix kfree of rx/tx descriptor array (git-fixes). - net: lantiq: Wait for the GPHY firmware to be ready (git-fixes). - net/mlx5: Disable devlink reload for lag devices (jsc#SLE-8464). - net/mlx5: Disable devlink reload for multi port slave device (jsc#SLE-8464). - net/mlx5: Disallow RoCE on lag device (jsc#SLE-8464). - net/mlx5: Disallow RoCE on multi port slave device (jsc#SLE-8464). - net/mlx5e: E-switch, Fix rate calculation division (jsc#SLE-8464). - net/mlx5e: E-switch, Fix rate calculation for overflow (jsc#SLE-8464). - net/mlx5: Fix PPLM register mapping (jsc#SLE-8464). - net: mvneta: fix double free of txq->buf (git-fixes). - net: mvneta: make tx buffer array agnostic (git-fixes). - net: pasemi: fix error return code in pasemi_mac_open() (git-fixes). - net: phy: broadcom: Only advertise EEE for supported modes (git-fixes). - net: qcom/emac: add missed clk_disable_unprepare in error path of emac_clks_phase1_init (git-fixes). - net: qualcomm: rmnet: Fix incorrect receive packet handling during cleanup (git-fixes). - net: sched: disable TCQ_F_NOLOCK for pfifo_fast (bsc#1183405) - netsec: restore phy power state after controller reset (bsc#1183757). - net: spider_net: Fix the size used in a 'dma_free_coherent()' call (git-fixes). - net: stmmac: Fix incorrect location to set real_num_rx|tx_queues (git-fixes). - net: stmmac: removed enabling eee in EEE set callback (git-fixes). - net: stmmac: use netif_tx_start|stop_all_queues() function (git-fixes). - net: stmmac: Use rtnl_lock/unlock on netif_set_real_num_rx_queues() call (git-fixes). - net: usb: ax88179_178a: fix missing stop entry in driver_info (git-fixes). - net: usb: qmi_wwan: allow qmimux add/del with master up (git-fixes). - net: usb: qmi_wwan: support ZTE P685M modem (git-fixes). - net: wan/lmc: unregister device when no matching device is found (git-fixes). - nfp: flower: fix pre_tun mask id allocation (bsc#1154353). - nvme: allocate the keep alive request using BLK_MQ_REQ_NOWAIT (bsc#1182077). - nvme-fabrics: fix kato initialization (bsc#1182591). - nvme-fabrics: only reserve a single tag (bsc#1182077). - nvme-fc: fix racing controller reset and create association (bsc#1183048). - nvme-hwmon: Return error code when registration fails (bsc#1177326). - nvme: merge nvme_keep_alive into nvme_keep_alive_work (bsc#1182077). - nvme: return an error if nvme_set_queue_count() fails (bsc#1180197). - nvmet-rdma: Fix list_del corruption on queue establishment failure (bsc#1183501). - objtool: Fix '.cold' section suffix check for newer versions of GCC (bsc#1169514). - objtool: Fix error handling for STD/CLD warnings (bsc#1169514). - objtool: Fix retpoline detection in asm code (bsc#1169514). - ovl: fix dentry leak in ovl_get_redirect (bsc#1184176). - ovl: fix out of date comment and unreachable code (bsc#1184176). - ovl: fix regression with re-formatted lower squashfs (bsc#1184176). - ovl: fix unneeded call to ovl_change_flags() (bsc#1184176). - ovl: fix value of i_ino for lower hardlink corner case (bsc#1184176). - ovl: initialize error in ovl_copy_xattr (bsc#1184176). - ovl: relax WARN_ON() when decoding lower directory file handle (bsc#1184176). - PCI: Add a REBAR size quirk for Sapphire RX 5600 XT Pulse (git-fixes). - PCI: Add function 1 DMA alias quirk for Marvell 9215 SATA controller (git-fixes). - PCI: Align checking of syscall user config accessors (git-fixes). - PCI: Decline to resize resources if boot config must be preserved (git-fixes). - PCI: Fix pci_register_io_range() memory leak (git-fixes). - PCI: mediatek: Add missing of_node_put() to fix reference leak (git-fixes). - PCI: qcom: Use PHY_REFCLK_USE_PAD only for ipq8064 (git-fixes). - PCI: xgene-msi: Fix race in installing chained irq handler (git-fixes). - pinctrl: rockchip: fix restore error in resume (git-fixes). - Platform: OLPC: Fix probe error handling (git-fixes). - platform/x86: acer-wmi: Add ACER_CAP_KBD_DOCK quirk for the Aspire Switch 10E SW3-016 (git-fixes). - platform/x86: acer-wmi: Add ACER_CAP_SET_FUNCTION_MODE capability flag (git-fixes). - platform/x86: acer-wmi: Add new force_caps module parameter (git-fixes). - platform/x86: acer-wmi: Add support for SW_TABLET_MODE on Switch devices (git-fixes). - platform/x86: acer-wmi: Cleanup accelerometer device handling (git-fixes). - platform/x86: acer-wmi: Cleanup ACER_CAP_FOO defines (git-fixes). - platform/x86: intel-hid: Support Lenovo ThinkPad X1 Tablet Gen 2 (git-fixes). - platform/x86: intel-vbtn: Stop reporting SW_DOCK events (git-fixes). - platform/x86: thinkpad_acpi: Allow the FnLock LED to change state (git-fixes). - PM: EM: postpone creating the debugfs dir till fs_initcall (git-fixes). - PM: runtime: Add pm_runtime_resume_and_get to deal with usage counter (bsc#1183366). - PM: runtime: Fix ordering in pm_runtime_get_suppliers() (git-fixes). - PM: runtime: Fix race getting/putting suppliers at probe (git-fixes). - post.sh: Return an error when module update fails (bsc#1047233 bsc#1184388). - powerpc/64s: Fix instruction encoding for lis in ppc_function_entry() (bsc#1065729). - powerpc/book3s64/radix: Remove WARN_ON in destroy_context() (bsc#1183692 ltc#191963). - powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes). - powerpc/pseries/mobility: handle premature return from H_JOIN (bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922). - powerpc/pseries/mobility: use struct for shared state (bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922). - powerpc/pseries/ras: Remove unused variable 'status' (bsc#1065729). - powerpc/sstep: Check instruction validity against ISA version before emulation (bsc#1156395). - powerpc/sstep: Fix darn emulation (bsc#1156395). - powerpc/sstep: Fix incorrect return from analyze_instr() (bsc#1156395). - powerpc/sstep: Fix load-store and update emulation (bsc#1156395). - printk: fix deadlock when kernel panic (bsc#1183018). - proc: fix lookup in /proc/net subdirectories after setns(2) (git-fixes). - pwm: rockchip: rockchip_pwm_probe(): Remove superfluous clk_unprepare() (git-fixes). - qlcnic: fix error return code in qlcnic_83xx_restart_hw() (git-fixes). - qxl: Fix uninitialised struct field head.surface_id (git-fixes). - random: fix the RNDRESEEDCRNG ioctl (git-fixes). - RAS/CEC: Correct ce_add_elem()'s returned values (bsc#1152489). - RDMA/hns: Disable RQ inline by default (jsc#SLE-8449). - RDMA/hns: Fix type of sq_signal_bits (jsc#SLE-8449). - RDMA/srp: Fix support for unpopulated and unbalanced NUMA nodes (bsc#1169709) - regulator: bd9571mwv: Fix AVS and DVFS voltage range (git-fixes). - Revert 'net: bonding: fix error return code of bond_neigh_init()' (bsc#1154353). - rpadlpar: fix potential drc_name corruption in store functions (bsc#1183416 ltc#191079). - rpm/check-for-config-changes: add -mrecord-mcount ignore Added by 3b15cdc15956 (tracing: move function tracer options to Kconfig) upstream. - rpm/check-for-config-changes: Also ignore AS_VERSION added in 5.12. - rpm/check-for-config-changes: comment on the list To explain what it actually is. - rpm/check-for-config-changes: declare sed args as an array So that we can reuse it in both seds. This also introduces IGNORED_CONFIGS_RE array which can be easily extended. - rpm/check-for-config-changes: define ignores more strictly * search for whole words, so make wildcards explicit * use ' for quoting * prepend CONFIG_ dynamically, so it need not be in the list - rpm/check-for-config-changes: sort the ignores They are growing so to make them searchable by humans. - rpm/kernel-binary.spec.in: Fix dependency of kernel-*-devel package (bsc#1184514) The devel package requires the kernel binary package itself for building modules externally. - rsi: Fix TX EAPOL packet handling against iwlwifi AP (git-fixes). - rsi: Move card interrupt handling to RX thread (git-fixes). - rsxx: Return -EFAULT if copy_to_user() fails (git-fixes). - s390/cio: return -EFAULT if copy_to_user() fails (git-fixes). - s390/cio: return -EFAULT if copy_to_user() fails (git-fixes). - s390/crypto: return -EFAULT if copy_to_user() fails (git-fixes). - s390/dasd: fix hanging IO request during DASD driver unbind (git-fixes). - s390/qeth: fix memory leak after failed TX Buffer allocation (git-fixes). - s390/qeth: fix notification for pending buffers during teardown (git-fixes). - s390/qeth: improve completion of pending TX buffers (git-fixes). - s390/qeth: schedule TX NAPI on QAOB completion (git-fixes). - s390/vtime: fix increased steal time accounting (bsc#1183859). - samples, bpf: Add missing munmap in xdpsock (bsc#1155518). - samples/bpf: Fix possible hang in xdpsock with multiple threads (bsc#1155518). - scsi: ibmvfc: Fix invalid state machine BUG_ON() (bsc#1184647 ltc#191231). - scsi: lpfc: Change wording of invalid pci reset log message (bsc#1182574). - scsi: lpfc: Correct function header comments related to ndlp reference counting (bsc#1182574). - scsi: lpfc: Fix ADISC handling that never frees nodes (bsc#1182574). - scsi: lpfc: Fix crash caused by switch reboot (bsc#1182574). - scsi: lpfc: Fix dropped FLOGI during pt2pt discovery recovery (bsc#1182574). - scsi: lpfc: Fix FLOGI failure due to accessing a freed node (bsc#1182574). - scsi: lpfc: Fix incorrect dbde assignment when building target abts wqe (bsc#1182574). - scsi: lpfc: Fix lpfc_els_retry() possible null pointer dereference (bsc#1182574). - scsi: lpfc: Fix nodeinfo debugfs output (bsc#1182574). - scsi: lpfc: Fix null pointer dereference in lpfc_prep_els_iocb() (bsc#1182574). - scsi: lpfc: Fix PLOGI ACC to be transmit after REG_LOGIN (bsc#1182574). - scsi: lpfc: Fix pt2pt connection does not recover after LOGO (bsc#1182574). - scsi: lpfc: Fix pt2pt state transition causing rmmod hang (bsc#1182574). - scsi: lpfc: Fix reftag generation sizing errors (bsc#1182574). - scsi: lpfc: Fix stale node accesses on stale RRQ request (bsc#1182574). - scsi: lpfc: Fix status returned in lpfc_els_retry() error exit path (bsc#1182574). - scsi: lpfc: Fix unnecessary null check in lpfc_release_scsi_buf (bsc#1182574). - scsi: lpfc: Fix use after free in lpfc_els_free_iocb (bsc#1182574). - scsi: lpfc: Fix vport indices in lpfc_find_vport_by_vpid() (bsc#1182574). - scsi: lpfc: Reduce LOG_TRACE_EVENT logging for vports (bsc#1182574). - scsi: lpfc: Update copyrights for 12.8.0.7 and 12.8.0.8 changes (bsc#1182574). - scsi: lpfc: Update lpfc version to 12.8.0.8 (bsc#1182574). - scsi: target: pscsi: Avoid OOM in pscsi_map_sg() (bsc#1183843). - scsi: target: pscsi: Clean up after failure in pscsi_map_sg() (bsc#1183843). - selftests/bpf: Mask bpf_csum_diff() return value to 16 bits in test_verifier (bsc#1155518). - selftests/bpf: No need to drop the packet when there is no geneve opt (bsc#1155518). - selftests/bpf: Set gopt opt_class to 0 if get tunnel opt failed (bsc#1155518). - selinux: fix error initialization in inode_doinit_with_dentry() (git-fixes). - selinux: Fix error return code in sel_ib_pkey_sid_slow() (git-fixes). - selinux: fix inode_doinit_with_dentry() LABEL_INVALID error handling (git-fixes). - smb3: add dynamic trace point to trace when credits obtained (bsc#1181507). - smb3: fix crediting for compounding when only one request in flight (bsc#1181507). - smb3: Fix out-of-bounds bug in SMB2_negotiate() (bsc#1183540). - soc/fsl: qbman: fix conflicting alignment attributes (git-fixes). - software node: Fix node registration (git-fixes). - spi: stm32: make spurious and overrun interrupts visible (git-fixes). - squashfs: fix inode lookup sanity checks (bsc#1183750). - squashfs: fix xattr id and id lookup sanity checks (bsc#1183750). - stop_machine: mark helpers __always_inline (git-fixes). - thermal/core: Add NULL pointer check before using cooling device stats (git-fixes). - udlfb: Fix memory leak in dlfb_usb_probe (git-fixes). - Update bug reference for USB-audio fixes (bsc#1182552 bsc#1183598) - USB: cdc-acm: downgrade message to debug (git-fixes). - USB: cdc-acm: fix double free on probe failure (git-fixes). - USB: cdc-acm: fix use-after-free after probe failure (git-fixes). - USB: cdc-acm: untangle a circular dependency between callback and softint (git-fixes). - USB: dwc2: Fix HPRT0.PrtSusp bit setting for HiKey 960 board (git-fixes). - USB: dwc2: Prevent core suspend when port connection flag is 0 (git-fixes). - USB: dwc3: gadget: Fix dep->interval for fullspeed interrupt (git-fixes). - USB: dwc3: gadget: Fix setting of DEPCFG.bInterval_m1 (git-fixes). - USB: dwc3: qcom: Add missing DWC3 OF node refcount decrement (git-fixes). - USB: dwc3: qcom: Honor wakeup enabled/disabled state (git-fixes). - USB: gadget: configfs: Fix KASAN use-after-free (git-fixes). - USB: gadget: f_uac1: stop playback on function disable (git-fixes). - USB: gadget: f_uac2: always increase endpoint max_packet_size by one audio slot (git-fixes). - USB: gadget: udc: amd5536udc_pci fix null-ptr-dereference (git-fixes). - USB: gadget: u_ether: Fix a configfs return code (git-fixes). - USBip: Fix incorrect double assignment to udc->ud.tcp_rx (git-fixes). - USBip: fix stub_dev to check for stream socket (git-fixes). - USBip: fix stub_dev usbip_sockfd_store() races leading to gpf (git-fixes). - USBip: fix vhci_hcd attach_store() races leading to gpf (git-fixes). - USBip: fix vhci_hcd to check for stream socket (git-fixes). - USBip: fix vudc to check for stream socket (git-fixes). - USBip: fix vudc usbip_sockfd_store races leading to gpf (git-fixes). - USBip: tools: fix build error for multiple definition (git-fixes). - USBip: vhci_hcd fix shift out-of-bounds in vhci_hub_control() (git-fixes). - USB: musb: Fix suspend with devices connected for a64 (git-fixes). - USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem (git-fixes). - USB: renesas_usbhs: Clear PIPECFG for re-enabling pipe with other EPNUM (git-fixes). - USB: replace hardcode maximum usb string length by definition (git-fixes). - USB: serial: ch341: add new Product ID (git-fixes). - USB: serial: cp210x: add ID for Acuity Brands nLight Air Adapter (git-fixes). - USB: serial: cp210x: add some more GE USB IDs (git-fixes). - USB: serial: ftdi_sio: fix FTX sub-integer prescaler (git-fixes). - USB: serial: io_edgeport: fix memory leak in edge_startup (git-fixes). - USB-storage: Add quirk to defeat Kindle's automatic unload (git-fixes). - USB: typec: tcpm: Invoke power_supply_changed for tcpm-source-psy- (git-fixes). - USB: usblp: fix a hang in poll() if disconnected (git-fixes). - USB: xhci: do not perform Soft Retry for some xHCI hosts (git-fixes). - USB: xhci: Fix ASMedia ASM1042A and ASM3242 DMA addressing (git-fixes). - USB: xhci-mtk: fix broken streams issue on 0.96 xHCI (git-fixes). - use __netdev_notify_peers in ibmvnic (bsc#1183871 ltc#192139). - video: fbdev: acornfb: remove free_unused_pages() (bsc#1152489) - video: hyperv_fb: Fix a double free in hvfb_probe (git-fixes). - VMCI: Use set_page_dirty_lock() when unregistering guest memory (git-fixes). - vt/consolemap: do font sum unsigned (git-fixes). - watchdog: mei_wdt: request stop on unregister (git-fixes). - wireguard: device: do not generate ICMP for non-IP packets (git-fixes). - wireguard: kconfig: use arm chacha even with no neon (git-fixes). - wireguard: selftests: test multiple parallel streams (git-fixes). - wlcore: Fix command execute failure 19 for wl12xx (git-fixes). - x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task (bsc#1152489). - x86: Introduce TS_COMPAT_RESTART to fix get_nr_restart_syscall() (bsc#1152489). - x86/ioapic: Ignore IRQ2 again (bsc#1152489). - x86/mem_encrypt: Correct physical address calculation in __set_clr_pte_enc() (bsc#1152489). - xen/events: avoid handling the same event on two cpus at the same time (git-fixes). - xen/events: do not unmask an event channel when an eoi is pending (git-fixes). - xen/events: fix setting irq affinity (bsc#1184583). - xen/events: reset affinity of 2-level event when tearing it down (git-fixes). - Xen/gnttab: handle p2m update errors on a per-slot basis (bsc#1183022 XSA-367). - xen-netback: respect gnttab_map_refs()'s return value (bsc#1183022 XSA-367). - xfs: group quota should return EDQUOT when prj quota enabled (bsc#1180980). - xhci: Fix repeated xhci wake after suspend due to uncleared internal wake state (git-fixes). - xhci: Improve detection of device initiated wake signal (git-fixes). Important SUSE bug 1047233 SUSE bug 1065729 SUSE bug 1113295 SUSE bug 1152472 SUSE bug 1152489 SUSE bug 1153274 SUSE bug 1154353 SUSE bug 1155518 SUSE bug 1156256 SUSE bug 1156395 SUSE bug 1159280 SUSE bug 1160634 SUSE bug 1167574 SUSE bug 1167773 SUSE bug 1168777 SUSE bug 1169514 SUSE bug 1169709 SUSE bug 1171295 SUSE bug 1173485 SUSE bug 1175995 SUSE bug 1177326 SUSE bug 1178163 SUSE bug 1178181 SUSE bug 1178330 SUSE bug 1179454 SUSE bug 1180197 SUSE bug 1180980 SUSE bug 1181383 SUSE bug 1181507 SUSE bug 1181674 SUSE bug 1181862 SUSE bug 1182011 SUSE bug 1182077 SUSE bug 1182485 SUSE bug 1182552 SUSE bug 1182574 SUSE bug 1182591 SUSE bug 1182595 SUSE bug 1182715 SUSE bug 1182716 SUSE bug 1182717 SUSE bug 1182770 SUSE bug 1182989 SUSE bug 1183015 SUSE bug 1183018 SUSE bug 1183022 SUSE bug 1183023 SUSE bug 1183048 SUSE bug 1183252 SUSE bug 1183277 SUSE bug 1183278 SUSE bug 1183279 SUSE bug 1183280 SUSE bug 1183281 SUSE bug 1183282 SUSE bug 1183283 SUSE bug 1183284 SUSE bug 1183285 SUSE bug 1183286 SUSE bug 1183287 SUSE bug 1183288 SUSE bug 1183366 SUSE bug 1183369 SUSE bug 1183386 SUSE bug 1183405 SUSE bug 1183412 SUSE bug 1183416 SUSE bug 1183427 SUSE bug 1183428 SUSE bug 1183445 SUSE bug 1183447 SUSE bug 1183501 SUSE bug 1183509 SUSE bug 1183530 SUSE bug 1183534 SUSE bug 1183540 SUSE bug 1183593 SUSE bug 1183596 SUSE bug 1183598 SUSE bug 1183637 SUSE bug 1183646 SUSE bug 1183662 SUSE bug 1183686 SUSE bug 1183692 SUSE bug 1183696 SUSE bug 1183750 SUSE bug 1183757 SUSE bug 1183775 SUSE bug 1183843 SUSE bug 1183859 SUSE bug 1183871 SUSE bug 1184074 SUSE bug 1184120 SUSE bug 1184167 SUSE bug 1184168 SUSE bug 1184170 SUSE bug 1184176 SUSE bug 1184192 SUSE bug 1184193 SUSE bug 1184194 SUSE bug 1184196 SUSE bug 1184198 SUSE bug 1184211 SUSE bug 1184217 SUSE bug 1184218 SUSE bug 1184219 SUSE bug 1184220 SUSE bug 1184224 SUSE bug 1184388 SUSE bug 1184391 SUSE bug 1184393 SUSE bug 1184485 SUSE bug 1184509 SUSE bug 1184511 SUSE bug 1184512 SUSE bug 1184514 SUSE bug 1184583 SUSE bug 1184585 SUSE bug 1184647 CVE-2019-18814 at SUSE CVE-2019-18814 at NVD CVE-2019-19769 at SUSE CVE-2019-19769 at NVD CVE-2020-25670 at SUSE CVE-2020-25670 at NVD CVE-2020-25671 at SUSE CVE-2020-25671 at NVD CVE-2020-25672 at SUSE CVE-2020-25672 at NVD CVE-2020-25673 at SUSE CVE-2020-25673 at NVD CVE-2020-27170 at SUSE CVE-2020-27170 at NVD CVE-2020-27171 at SUSE CVE-2020-27171 at NVD CVE-2020-27815 at SUSE CVE-2020-27815 at NVD CVE-2020-35519 at SUSE CVE-2020-35519 at NVD CVE-2020-36310 at SUSE CVE-2020-36310 at NVD CVE-2020-36311 at SUSE CVE-2020-36311 at NVD CVE-2020-36312 at SUSE CVE-2020-36312 at NVD CVE-2020-36322 at SUSE CVE-2020-36322 at NVD CVE-2021-27363 at SUSE CVE-2021-27363 at NVD CVE-2021-27364 at SUSE CVE-2021-27364 at NVD CVE-2021-27365 at SUSE CVE-2021-27365 at NVD CVE-2021-28038 at SUSE CVE-2021-28038 at NVD CVE-2021-28375 at SUSE CVE-2021-28375 at NVD CVE-2021-28660 at SUSE CVE-2021-28660 at NVD CVE-2021-28688 at SUSE CVE-2021-28688 at NVD CVE-2021-28950 at SUSE CVE-2021-28950 at NVD CVE-2021-28964 at SUSE CVE-2021-28964 at NVD CVE-2021-28971 at SUSE CVE-2021-28971 at NVD CVE-2021-28972 at SUSE CVE-2021-28972 at NVD CVE-2021-29154 at SUSE CVE-2021-29154 at NVD CVE-2021-29264 at SUSE CVE-2021-29264 at NVD CVE-2021-29265 at SUSE CVE-2021-29265 at NVD CVE-2021-29647 at SUSE CVE-2021-29647 at NVD CVE-2021-30002 at SUSE CVE-2021-30002 at NVD CVE-2021-3428 at SUSE CVE-2021-3428 at NVD CVE-2021-3444 at SUSE CVE-2021-3444 at NVD CVE-2021-3483 at SUSE CVE-2021-3483 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for qemu fixes the following issues: - CVE-2020-12829: Fix OOB access in sm501 device emulation (bsc#1172385) - CVE-2020-25723: Fix use-after-free in usb xhci packet handling (bsc#1178934) - CVE-2020-25084: Fix use-after-free in usb ehci packet handling (bsc#1176673) - CVE-2020-25625: Fix infinite loop (DoS) in usb hcd-ohci emulation (bsc#1176684) - CVE-2020-25624: Fix OOB access in usb hcd-ohci emulation (bsc#1176682) - CVE-2020-27617: Fix guest triggerable assert in shared network handling code (bsc#1178174) - CVE-2020-28916: Fix infinite loop (DoS) in e1000e device emulation (bsc#1179468) - CVE-2020-29443: Fix OOB access in atapi emulation (bsc#1181108) - CVE-2020-27821: Fix heap overflow in MSIx emulation (bsc#1179686) - CVE-2020-15469: Fix null pointer deref. (DoS) in mmio ops (bsc#1173612) - CVE-2021-20257: Fix infinite loop (DoS) in e1000 device emulation (bsc#1182577) - CVE-2021-3416: Fix OOB access (stack overflow) in rtl8139 NIC emulation (bsc#1182968) - CVE-2021-3416: Fix OOB access (stack overflow) in other NIC emulations (bsc#1182968) - CVE-2020-27616: Fix OOB access in ati-vga emulation (bsc#1178400) - CVE-2020-29129: Fix OOB access in SLIRP ARP/NCSI packet processing (bsc#1179466, CVE-2020-29130, bsc#1179467) - Fix package scripts to not use hard coded paths for temporary working directories and log files (bsc#1182425) - Add split-provides through forsplits/13 to cover updates of SLE15-SP2 to SLE15-SP3, and openSUSE equivalents (bsc#1184064) - Added a few more usability improvements for our git packaging workflow Important SUSE bug 1172385 SUSE bug 1173612 SUSE bug 1176673 SUSE bug 1176682 SUSE bug 1176684 SUSE bug 1178174 SUSE bug 1178400 SUSE bug 1178934 SUSE bug 1179466 SUSE bug 1179467 SUSE bug 1179468 SUSE bug 1179686 SUSE bug 1181108 SUSE bug 1182425 SUSE bug 1182577 SUSE bug 1182968 SUSE bug 1184064 CVE-2020-12829 at SUSE CVE-2020-12829 at NVD CVE-2020-15469 at SUSE CVE-2020-15469 at NVD CVE-2020-25084 at SUSE CVE-2020-25084 at NVD CVE-2020-25624 at SUSE CVE-2020-25624 at NVD CVE-2020-25625 at SUSE CVE-2020-25625 at NVD CVE-2020-25723 at SUSE CVE-2020-25723 at NVD CVE-2020-27616 at SUSE CVE-2020-27616 at NVD CVE-2020-27617 at SUSE CVE-2020-27617 at NVD CVE-2020-27821 at SUSE CVE-2020-27821 at NVD CVE-2020-28916 at SUSE CVE-2020-28916 at NVD CVE-2020-29129 at SUSE CVE-2020-29129 at NVD CVE-2020-29130 at SUSE CVE-2020-29130 at NVD CVE-2020-29443 at SUSE CVE-2020-29443 at NVD CVE-2021-20257 at SUSE CVE-2021-20257 at NVD CVE-2021-3416 at SUSE CVE-2021-3416 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for sudo fixes the following issues: - L3: Tenable Scan reports sudo is vulnerable to CVE-2021-3156 (bsc#1183936) Important SUSE bug 1183936 CVE-2021-3156 at SUSE CVE-2021-3156 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for ruby2.5 fixes the following issues: - Update to 2.5.9 - CVE-2021-28965: XML round-trip vulnerability in REXML (bsc#1184644) Moderate SUSE bug 1184644 CVE-2021-28965 at SUSE CVE-2021-28965 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401). Important SUSE bug 1184401 CVE-2021-20305 at SUSE CVE-2021-20305 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for permissions fixes the following issues: - etc/permissions: remove unnecessary entries (bsc#1182899) Important SUSE bug 1182899 cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for open-iscsi fixes the following issues: - Enabled asynchronous logins for iscsi.service (bsc#1183421) - Fixed a login issue when target is delayed Moderate SUSE bug 1179908 SUSE bug 1183421 CVE-2020-13987 at SUSE CVE-2020-13987 at NVD CVE-2020-13988 at SUSE CVE-2020-13988 at NVD CVE-2020-17437 at SUSE CVE-2020-17437 at NVD CVE-2020-17438 at SUSE CVE-2020-17438 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). Moderate SUSE bug 1185408 SUSE bug 1185409 SUSE bug 1185410 CVE-2021-3516 at SUSE CVE-2021-3516 at NVD CVE-2021-3517 at SUSE CVE-2021-3517 at NVD CVE-2021-3518 at SUSE CVE-2021-3518 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for python3 fixes the following issues: - CVE-2021-3426: Fixed an information disclosure via pydoc (bsc#1183374) Moderate SUSE bug 1183374 CVE-2021-3426 at SUSE CVE-2021-3426 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for shim fixes the following issues: - Update to the unified shim binary for SBAT support (bsc#1182057) + Merged EKU codesign check (bsc#1177315) - shim-install: Always assume 'removable' for Azure to avoid the endless reset loop (bsc#1185464). Important SUSE bug 1177315 SUSE bug 1182057 SUSE bug 1185464 cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-29650: Fixed an issue with the netfilter subsystem that allowed attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value (bnc#1184208). - CVE-2021-29155: Fixed an issue that was discovered in kernel/bpf/verifier.c that performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation was not correctly accounted for when restricting subsequent operations (bnc#1184942). The following non-security bugs were fixed: - ACPI: CPPC: Replace cppc_attr with kobj_attribute (git-fixes). - ALSA: core: remove redundant spin_lock pair in snd_card_disconnect (git-fixes). - ALSA: emu8000: Fix a use after free in snd_emu8000_create_mixer (git-fixes). - ALSA: hda/cirrus: Add error handling into CS8409 I2C functions (git-fixes). - ALSA: hda/cirrus: Add Headphone and Headset MIC Volume Control (git-fixes). - ALSA: hda/cirrus: Add jack detect interrupt support from CS42L42 companion codec (git-fixes). - ALSA: hda/cirrus: Add support for CS8409 HDA bridge and CS42L42 companion codec (git-fixes). - ALSA: hda/cirrus: Cleanup patch_cirrus.c code (git-fixes). - ALSA: hda/cirrus: Fix CS42L42 Headset Mic volume control name (git-fixes). - ALSA: hda/cirrus: Make CS8409 driver more generic by using fixups (git-fixes). - ALSA: hda/cirrus: Set Initial DMIC volume for Bullseye to -26 dB (git-fixes). - ALSA: hda/cirrus: Use CS8409 filter to fix abnormal sounds on Bullseye (git-fixes). - ALSA: hda/realtek: Add quirk for Intel Clevo PCx0Dx (git-fixes). - ALSA: hda/realtek: fix mic boost on Intel NUC 8 (git-fixes). - ALSA: hda/realtek: fix static noise on ALC285 Lenovo laptops (git-fixes). - ALSA: hda/realtek: GA503 use same quirks as GA401 (git-fixes). - ALSA: hda/realtek - Headset Mic issue on HP platform (git-fixes). - ALSA: hda/realtek: Remove redundant entry for ALC861 Haier/Uniwill devices (git-fixes). - ALSA: hda/realtek: Re-order ALC269 Acer quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 ASUS quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 Dell quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 HP quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 Lenovo quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 Sony quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC662 quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC882 Acer quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC882 Clevo quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC882 Sony quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order remaining ALC269 quirk table entries (git-fixes). - ALSA: sb: Fix two use after free in snd_sb_qsound_build (git-fixes). - ALSA: usb-audio: Add DJM450 to Pioneer format quirk (git-fixes). - ALSA: usb-audio: Add error checks for usb_driver_claim_interface() calls (git-fixes). - ALSA: usb-audio: Add MIDI quirk for Vox ToneLab EX (git-fixes). - ALSA: usb-audio: Configure Pioneer DJM-850 samplerate (git-fixes). - ALSA: usb-audio: DJM-750: ensure format is set (git-fixes). - ALSA: usb-audio: Explicitly set up the clock selector (git-fixes). - ALSA: usb-audio: Fix implicit sync clearance at stopping stream (git-fixes). - ALSA: usb-audio: Fix Pioneer DJM devices URB_CONTROL request direction to set samplerate (git-fixes). - ALSA: usb: midi: do not return -ENOMEM when usb_urb_ep_type_check fails (git-fixes). - arm: dts: add imx7d pcf2127 fix to blacklist - ASoC: ak5558: correct reset polarity (git-fixes). - ASoC: ak5558: Fix s/show/slow/ typo (git-fixes). - ASoC: Intel: kbl_da7219_max98927: Fix kabylake_ssp_fixup function (git-fixes). - ASoC: samsung: tm2_wm5110: check of of_parse return value (git-fixes). - ASoC: simple-card: fix possible uninitialized single_cpu local variable (git-fixes). - ASoC: SOF: Intel: HDA: fix core status verification (git-fixes). - ASoC: SOF: Intel: hda: remove unnecessary parentheses (git-fixes). - ata: libahci_platform: fix IRQ check (git-fixes). - ath10k: Fix ath10k_wmi_tlv_op_pull_peer_stats_info() unlock without lock (git-fixes). - ath9k: Fix error check in ath9k_hw_read_revisions() for PCI devices (git-fixes). - backlight: journada720: Fix Wmisleading-indentation warning (git-fixes). - blkcg: fix memleak for iolatency (git-fixes). - block, bfq: set next_rq to waker_bfqq->next_rq in waker injection (bsc#1168838). - block: recalculate segment count for multi-segment discards correctly (bsc#1184724). - block: rsxx: select CONFIG_CRC32 (git-fixes). - bluetooth: eliminate the potential race condition when removing the HCI controller (git-fixes). - bnxt_en: reverse order of TX disable and carrier off (git-fixes). - bsg: free the request before return error code (git-fixes). - btrfs: fix qgroup data rsv leak caused by falloc failure (bsc#1185549). - btrfs: fix race between swap file activation and snapshot creation (bsc#1185587). - btrfs: fix race between writes to swap files and scrub (bsc#1185586). - btrfs: track qgroup released data in own variable in insert_prealloc_file_extent (bsc#1185549). - bus: qcom: Put child node before return (git-fixes). - cfg80211: remove WARN_ON() in cfg80211_sme_connect (git-fixes). - clk: exynos7: Mark aclk_fsys1_200 as critical (git-fixes). - clk: mvebu: armada-37xx-periph: Fix switching CPU freq from 250 Mhz to 1 GHz (git-fixes). - clk: mvebu: armada-37xx-periph: Fix workaround for switching from L1 to L0 (git-fixes). - clk: mvebu: armada-37xx-periph: remove .set_parent method for CPU PM clock (git-fixes). - clk: qcom: a53-pll: Add missing MODULE_DEVICE_TABLE (git-fixes). - clk: uniphier: Fix potential infinite loop (git-fixes). - clk: zynqmp: move zynqmp_pll_set_mode out of round_rate callback (git-fixes). - coresight: etm4x: Fix issues on trcseqevr access (git-fixes). - coresight: etm4x: Fix save and restore of TRCVMIDCCTLR1 register (git-fixes). - coresight: tmc-etr: Fix barrier packet insertion for perf buffer (git-fixes). - cpufreq: armada-37xx: Fix determining base CPU frequency (git-fixes). - cpufreq: armada-37xx: Fix driver cleanup when registration failed (git-fixes). - cpufreq: armada-37xx: Fix setting TBG parent for load levels (git-fixes). - cpufreq: armada-37xx: Fix the AVS value for load L1 (git-fixes). - cpufreq: Kconfig: fix documentation links (git-fixes). - crypto: arm/curve25519 - Move '.fpu' after '.arch' (git-fixes). - crypto: rng - fix crypto_rng_reset() refcounting when !CRYPTO_STATS (git-fixes). - cxgb4: avoid collecting SGE_QBASE regs during traffic (git-fixes). - cxgb4/chtls/cxgbit: Keeping the max ofld immediate data size same in cxgb4 and ulds (git-fixes). - dmaengine: dw: Make it dependent to HAS_IOMEM (git-fixes). - dm: eliminate potential source of excessive kernel log noise (git-fixes). - dm era: Fix bitset memory leaks (git-fixes). - dm era: only resize metadata in preresume (git-fixes). - dm era: Recover committed writeset after crash (git-fixes). - dm era: Reinitialize bitset cache before digesting a new writeset (git-fixes). - dm era: Use correct value size in equality function of writeset tree (git-fixes). - dm era: Verify the data block size hasn't changed (git-fixes). - dm: fix bug with RCU locking in dm_blk_report_zones (git-fixes). - dm integrity: fix error reporting in bitmap mode after creation (git-fixes). - dm ioctl: fix error return code in target_message (git-fixes). - dm mpath: fix racey management of PG initialization (git-fixes). - dm raid: fix discard limits for raid1 (git-fixes). - dm: remove invalid sparse __acquires and __releases annotations (git-fixes). - dm writecache: fix the maximum number of arguments (git-fixes). - dm writecache: handle DAX to partitions on persistent memory correctly (git-fixes). - dm writecache: remove BUG() and fail gracefully instead (git-fixes). - dm zoned: select CONFIG_CRC32 (git-fixes). - dpaa_eth: copy timestamp fields to new skb in A-050385 workaround (git-fixes). - dpaa_eth: fix the RX headroom size alignment (git-fixes). - dpaa_eth: Remove unnecessary boolean expression in dpaa_get_headroom (git-fixes). - dpaa_eth: Use random MAC address when none is given (bsc#1184811). - drivers: net: xgene: Fix the order of the arguments of 'alloc_etherdev_mqs()' (git-fixes). - drm/amdkfd: fix build error with AMD_IOMMU_V2=m (git-fixes). - drm/ast: Add 25MHz refclk support (bsc#1174416). - drm/ast: Add support for 1152x864 mode (bsc#1174416). - drm/ast: Add support for AIP200 (bsc#1174416). - drm/ast: AST2500 fixups (bsc#1174416). - drm/ast: Correct mode table for AST2500 precatch (bsc#1174416). - drm/ast: Disable screen on register init (bsc#1174416). - drm/ast: Disable VGA decoding while driver is active (bsc#1174416). - drm/ast: drm/ast: Fix boot address for AST2500 (bsc#1174416). - drm/ast: Fix P2A config detection (bsc#1174416). - drm/ast: Fix register access in non-P2A mode for DP501 (bsc#1174416). - drm/ast: Keep MISC fields when enabling VGA (bsc#1174416). - drm/i915/gvt: Fix error code in intel_gvt_init_device() (git-fixes). - drm/imx: imx-ldb: fix out of bounds array access warning (git-fixes). - drm/msm: Fix a5xx/a6xx timestamps (git-fixes). - drm/omap: fix misleading indentation in pixinc() (git-fixes). - drm/radeon: fix copy of uninitialized variable back to userspace (git-fixes). - drm/tegra: dc: Do not set PLL clock to 0Hz (git-fixes). - e1000e: add rtnl_lock() to e1000_reset_task (git-fixes). - e1000e: Fix duplicate include guard (git-fixes). - e1000e: Fix error handling in e1000_set_d0_lplu_state_82571 (git-fixes). - enetc: Let the hardware auto-advance the taprio base-time of 0 (git-fixes). - enetc: Workaround for MDIO register access issue (git-fixes). - ethernet/netronome/nfp: Fix a use after free in nfp_bpf_ctrl_msg_rx (git-fixes). - ext4: do not try to set xattr into ea_inode if value is empty (bsc#1184730). - ext4: find old entry again if failed to rename whiteout (bsc#1184742). - ext4: fix potential error in ext4_do_update_inode (bsc#1184731). - ext4: fix potential htree index checksum corruption (bsc#1184728). - firmware: qcom-scm: Fix QCOM_SCM configuration (git-fixes). - fnic: use scsi_host_busy_iter() to traverse commands (bsc#1179851). - fotg210-udc: Complete OUT requests on short packets (git-fixes). - fotg210-udc: Do not DMA more than the buffer can take (git-fixes). - fotg210-udc: Fix DMA on EP0 for length > max packet size (git-fixes). - fotg210-udc: Fix EP0 IN requests bigger than two packets (git-fixes). - fotg210-udc: Mask GRP2 interrupts we do not handle (git-fixes). - fotg210-udc: Remove a dubious condition leading to fotg210_done (git-fixes). - fs: direct-io: fix missing sdio->boundary (bsc#1184736). - fs/jfs: fix potential integer overflow on shift of a int (bsc#1184741). - fsl/fman: reuse set_mac_address() in dtsec init() (bsc#1184811). - fsl/fman: tolerate missing MAC address in device tree (bsc#1184811). - gpio: omap: Save and restore sysconfig (git-fixes). - gpio: sysfs: Obey valid_mask (git-fixes). - HID: alps: fix error return code in alps_input_configured() (git-fixes). - HID: google: add don USB id (git-fixes). - HID: plantronics: Workaround for double volume key presses (git-fixes). - HID: wacom: Assign boolean values to a bool variable (git-fixes). - HID: wacom: set EV_KEY and EV_ABS only for non-HID_GENERIC type of devices (git-fixes). - i2c: cadence: add IRQ check (git-fixes). - i2c: emev2: add IRQ check (git-fixes). - i2c: img-scb: fix reference leak when pm_runtime_get_sync fails (git-fixes). - i2c: imx-lpi2c: fix reference leak when pm_runtime_get_sync fails (git-fixes). - i2c: jz4780: add IRQ check (git-fixes). - i2c: omap: fix reference leak when pm_runtime_get_sync fails (git-fixes). - i2c: sh7760: add IRQ check (git-fixes). - i2c: sh7760: fix IRQ error path (git-fixes). - i2c: sprd: fix reference leak when pm_runtime_get_sync fails (git-fixes). - i40e: Added Asym_Pause to supported link modes (git-fixes). - i40e: Add zero-initialization of AQ command structures (git-fixes). - i40e: Fix addition of RX filters after enabling FW LLDP agent (git-fixes). - i40e: Fix add TC filter for IPv6 (git-fixes). - i40e: Fix display statistics for veb_tc (git-fixes). - i40e: Fix endianness conversions (git-fixes). - i40e: Fix flow for IPv6 next header (extension header) (git-fixes). - i40e: Fix kernel oops when i40e driver removes VF's (git-fixes). - i40e: Fix overwriting flow control settings during driver loading (git-fixes). - i40e: Fix sparse errors in i40e_txrx.c (git-fixes). - i40e: Fix sparse warning: missing error code 'err' (git-fixes). - i40e: fix the panic when running bpf in xdpdrv mode (git-fixes). - ibmvnic: avoid calling napi_disable() twice (bsc#1065729). - ibmvnic: clean up the remaining debugfs data structures (bsc#1065729). - ibmvnic: correctly use dev_consume/free_skb_irq (jsc#SLE-17268 jsc#SLE-17043 bsc#1179243 ltc#189290 git-fixes). - ibmvnic: improve failover sysfs entry (bsc#1043990 ltc#155681 git-fixes). - ibmvnic: print adapter state as a string (bsc#1152457 ltc#174432 git-fixes). - ibmvnic: print reset reason as a string (bsc#1152457 ltc#174432 git-fixes). - ibmvnic: queue reset work in system_long_wq (bsc#1152457 ltc#174432 git-fixes). - ibmvnic: remove duplicate napi_schedule call in do_reset function (bsc#1065729). - ibmvnic: remove duplicate napi_schedule call in open function (bsc#1065729). - ice: Account for port VLAN in VF max packet size calculation (git-fixes). - ice: Cleanup fltr list in case of allocation issues (git-fixes). - ice: Fix for dereference of NULL pointer (git-fixes). - ice: Increase control queue timeout (git-fixes). - ice: prevent ice_open and ice_stop during reset (git-fixes). - igb: check timestamp validity (git-fixes). - igb: Fix duplicate include guard (git-fixes). - igc: Fix Pause Frame Advertising (git-fixes). - igc: Fix Supported Pause Frame Link Setting (git-fixes). - igc: reinit_locked() should be called with rtnl_lock (git-fixes). - iio:accel:adis16201: Fix wrong axis assignment that prevents loading (git-fixes). - ima: Free IMA measurement buffer after kexec syscall (git-fixes). - Input: i8042 - fix Pegatron C15B ID entry (git-fixes). - Input: nspire-keypad - enable interrupts only when opened (git-fixes). - Input: s6sy761 - fix coordinate read bit shift (git-fixes). - interconnect: core: fix error return code of icc_link_destroy() (git-fixes). - iopoll: introduce read_poll_timeout macro (git-fixes). - ipw2x00: potential buffer overflow in libipw_wx_set_encodeext() (git-fixes). - irqchip: Add support for Layerscape external interrupt lines (bsc#1185233). - irqchip/ls-extirq: add IRQCHIP_SKIP_SET_WAKE to the irqchip flags (bsc#1185233). - irqchip/ls-extirq: Add LS1043A, LS1088A external interrupt support (bsc#1185233). - isofs: release buffer head before return (bsc#1182613). - ixgbe: fail to create xfrm offload of IPsec tunnel mode SA (git-fixes). - jffs2: fix use after free in jffs2_sum_write_data() (bsc#1184740). - kABI: cover up change in struct kvm_arch (bsc#1184969). - kABI: Fix kABI caused by fixes for bsc#1174426 (bsc#1174426). - kABI: powerpc/pseries: Add shutdown() to vio_driver and vio_bus (bsc#1184209 ltc#190917). - kernel/smp: make csdlock timeout depend on boot parameter (bsc#1180846). - KVM: kvmclock: Fix vCPUs > 64 can't be online/hotpluged (bsc#1152489). - KVM: PPC: Book3S HV P9: Restore host CTRL SPR after guest exit (bsc#1156395). - KVM: PPC: Make the VMX instruction emulation routines static (bsc#1156395). - libnvdimm/label: Return -ENXIO for no slot in __blk_label_update (bsc#1185269). - libnvdimm/namespace: Fix reaping of invalidated block-window-namespace labels (bsc#1185269). - libnvdimm/region: Fix nvdimm_has_flush() to handle ND_REGION_ASYNC (bsc#1184969 git-fixes). - libnvdimm/security: ensure sysfs poll thread woke up and fetch updated attr (git-fixes). - liquidio: Fix unintented sign extension of a left shift of a u16 (git-fixes). - locking/qrwlock: Fix ordering in queued_write_lock_slowpath() (bsc#1185041). - mac80211: bail out if cipher schemes are invalid (git-fixes). - mac80211: clear sta->fast_rx when STA removed from 4-addr VLAN (git-fixes). - macvlan: macvlan_count_rx() needs to be aware of preemption (git-fixes). - media: dvbdev: Fix memory leak in dvb_media_device_free() (git-fixes). - media: m88rs6000t: avoid potential out-of-bounds reads on arrays (git-fixes). - media: mantis: remove orphan mantis_core.c (git-fixes). - media: omap4iss: return error code when omap4iss_get() failed (git-fixes). - media: platform: sunxi: sun6i-csi: fix error return code of sun6i_video_start_streaming() (git-fixes). - media: staging/intel-ipu3: Fix memory leak in imu_fmt (git-fixes). - media: staging/intel-ipu3: Fix race condition during set_fmt (git-fixes). - media: staging/intel-ipu3: Fix set_fmt error handling (git-fixes). - media: v4l2-ctrls.c: fix race condition in hdl->requests list (git-fixes). - memory: gpmc: fix out of bounds read and dereference on gpmc_cs[] (git-fixes). - memory: pl353: fix mask of ECC page_size config register (git-fixes). - mfd: lpc_sch: Partially revert 'Add support for Intel Quark X1000' (git-fixes). - mfd: stm32-timers: Avoid clearing auto reload register (git-fixes). - misc: lis3lv02d: Fix false-positive WARN on various HP models (git-fixes). - misc: vmw_vmci: explicitly initialize vmci_datagram payload (git-fixes). - misc: vmw_vmci: explicitly initialize vmci_notify_bm_set_msg struct (git-fixes). - mmc: core: Correct descriptions in mmc_of_parse() (git-fixes). - mmc: cqhci: Add cqhci_deactivate() (git-fixes). - mmc: mmc_spi: Drop unused NO_IRQ definition (git-fixes). - mmc: sdhci-of-arasan: Add missed checks for devm_clk_register() (git-fixes). - mmc: sdhci-of-dwcmshc: fix rpmb access (git-fixes). - mmc: sdhci-of-dwcmshc: implement specific set_uhs_signaling (git-fixes). - mmc: sdhci-of-esdhc: make sure delay chain locked for HS400 (git-fixes). - mmc: sdhci-of-esdhc: set timeout to max before tuning (git-fixes). - mmc: sdhci-pci: Fix SDHCI_RESET_ALL for CQHCI for Intel GLK-based controllers (git-fixes). - mmc: sdhci: Use Auto CMD Auto Select only when v4_mode is true (git-fixes). - mmc: uniphier-sd: Fix an error handling path in uniphier_sd_probe() (git-fixes). - mmc: uniphier-sd: Fix a resource leak in the remove function (git-fixes). - mm/rmap: fix potential pte_unmap on an not mapped pte (git-fixes). - Move upstreamed i915 fix into sorted section - mt7601u: fix always true expression (git-fixes). - mtd: Handle possible -EPROBE_DEFER from parse_mtd_partitions() (git-fixes). - mtd: rawnand: brcmnand: fix OOB R/W with Hamming ECC (git-fixes). - mtd: rawnand: fsmc: Fix error code in fsmc_nand_probe() (git-fixes). - mtd: rawnand: gpmi: Fix a double free in gpmi_nand_init (git-fixes). - mtd: rawnand: qcom: Return actual error code instead of -ENODEV (git-fixes). - mtd: require write permissions for locking and badblock ioctls (git-fixes). - mtd: spinand: core: add missing MODULE_DEVICE_TABLE() (git-fixes). - mtd: spi-nor: Rename 'n25q512a' to 'mt25qu512a (n25q512a)' (bsc#1167260). - mtd: spi-nor: Split mt25qu512a (n25q512a) entry into two (bsc#1167260). - nbd: fix a block_device refcount leak in nbd_release (git-fixes). - net: atlantic: fix out of range usage of active_vlans array (git-fixes). - net: atlantic: fix potential error handling (git-fixes). - net: atlantic: fix use after free kasan warn (git-fixes). - net: dsa: felix: implement port flushing on .phylink_mac_link_down (git-fixes). - net: enetc: remove bogus write to SIRXIDR from enetc_setup_rxbdr (git-fixes). - net: enetc: take the MDIO lock only once per NAPI poll cycle (git-fixes). - net: geneve: check skb is large enough for IPv4/IPv6 header (git-fixes). - net: geneve: modify IP header check in geneve6_xmit_skb and geneve_xmit_skb (git-fixes). - net: hns3: clear VF down state bit before request link status (git-fixes). - net: hns3: fix bug when calculating the TCAM table info (git-fixes). - net: hns3: fix query vlan mask value error for flow director (git-fixes). - net: hns3: Remove un-necessary 'else-if' in the hclge_reset_event() (git-fixes). - net: ll_temac: Add more error handling of dma_map_single() calls (git-fixes). - net: ll_temac: Fix race condition causing TX hang (git-fixes). - net: ll_temac: Fix RX buffer descriptor handling on GFP_ATOMIC pressure (git-fixes). - net: ll_temac: Handle DMA halt condition caused by buffer underrun (git-fixes). - net/mlx4_core: Add missed mlx4_free_cmd_mailbox() (git-fixes). - net/mlx5: Do not request more than supported EQs (git-fixes). - net/mlx5e: Do not match on Geneve options in case option masks are all zero (git-fixes). - net/mlx5e: Fix error path for ethtool set-priv-flag (git-fixes). - net/mlx5e: Fix ethtool indication of connector type (git-fixes). - net/mlx5e: fix ingress_ifindex check in mlx5e_flower_parse_meta (jsc#SLE-8464). - net:nfc:digital: Fix a double free in digital_tg_recv_dep_req (git-fixes). - net: phy: intel-xway: enable integrated led functions (git-fixes). - net: phy: marvell: fix m88e1011_set_downshift (git-fixes). - net: phy: marvell: fix m88e1111_set_downshift (git-fixes). - net/qlcnic: Fix a use after free in qlcnic_83xx_get_minidump_template (git-fixes). - net: smc911x: Adjust indentation in smc911x_phy_configure (git-fixes). - net: stmmac: fix missing IFF_MULTICAST check in dwmac4_set_filter (git-fixes). - net: stmmac: xgmac: fix missing IFF_MULTICAST checki in dwxgmac2_set_filter (git-fixes). - net: tulip: Adjust indentation in {dmfe, uli526x}_init_module (git-fixes). - nfc: pn533: prevent potential memory corruption (git-fixes). - nfp: flower: ignore duplicate merge hints from FW (git-fixes). - node: fix device cleanups in error handling code (git-fixes). - null_blk: fix passing of REQ_FUA flag in null_handle_rq (git-fixes). - nvme-fabrics: reject I/O to offline device (bsc#1181161). - nvme-tcp: fix possible hang when failing to set io queues (bsc#1181161). - ocfs2: fix a use after free on error (bsc#1184738). - pata_arasan_cf: fix IRQ check (git-fixes). - pata_ipx4xx_cf: fix IRQ check (git-fixes). - PCI/AER: Add pcie_walk_rcec() to RCEC AER handling (bsc#1174426). - PCI/AER: Add RCEC AER error injection support (bsc#1174426). - PCI/AER: Clear AER status from Root Port when resetting Downstream Port (bsc#1174426). - PCI/AER: Specify the type of Port that was reset (bsc#1174426). - PCI/AER: Use 'aer' variable for capability offset (bsc#1174426). - PCI/AER: Write AER Capability only when we control it (bsc#1174426). - PCI: designware-ep: Fix the Header Type check (git-fixes). - PCI/ERR: Add pcie_link_rcec() to associate RCiEPs (bsc#1174426). - PCI/ERR: Add pci_walk_bridge() to pcie_do_recovery() (bsc#1174426). - PCI/ERR: Avoid negated conditional for clarity (bsc#1174426). - PCI/ERR: Bind RCEC devices to the Root Port driver (bsc#1174426). - PCI/ERR: Cache RCEC EA Capability offset in pci_init_capabilities() (bsc#1174426). - PCI/ERR: Clear AER status only when we control AER (bsc#1174426). - PCI/ERR: Clear PCIe Device Status errors only if OS owns AER (bsc#1174426). - PCI/ERR: Clear status of the reporting device (bsc#1174426). - PCI/ERR: Recover from RCEC AER errors (bsc#1174426). - PCI/ERR: Recover from RCiEP AER errors (bsc#1174426). - PCI/ERR: Rename reset_link() to reset_subordinates() (bsc#1174426). - PCI/ERR: Retain status from error notification (bsc#1174426). - PCI/ERR: Simplify by computing pci_pcie_type() once (bsc#1174426). - PCI/ERR: Simplify by using pci_upstream_bridge() (bsc#1174426). - PCI/ERR: Use 'bridge' for clarity in pcie_do_recovery() (bsc#1174426). - PCI/PME: Add pcie_walk_rcec() to RCEC PME handling (bsc#1174426). - PCI/portdrv: Report reset for frozen channel (bsc#1174426). - PCI: tegra: Fix ASPM-L1SS advertisement disable code (git-fixes). - PCI: tegra: Move 'dbi' accesses to post common DWC initialization (git-fixes). - phy: marvell: ARMADA375_USBCLUSTER_PHY should not default to y, unconditionally (git-fixes). - pinctrl: core: Fix kernel doc string for pin_get_name() (git-fixes). - pinctrl: Ingenic: Add missing pins to the JZ4770 MAC MII group (git-fixes). - platform/x86: pmc_atom: Match all Beckhoff Automation baytrail boards with critclk_systems DMI table (git-fixes). - PM: runtime: Add documentation for pm_runtime_resume_and_get() (git-fixes). - powerepc/book3s64/hash: Align start/end address correctly with bolt mapping (bsc#1184957). - powerpc/64s: Fix pte update for kernel memory on radix (bsc#1055117 git-fixes). - powerpc/asm-offsets: GPR14 is not needed either (bsc#1065729). - powerpc/eeh: Fix EEH handling for hugepages in ioremap space (bsc#1156395). - powerpc/fadump: Mark fadump_calculate_reserve_size as __init (bsc#1065729). - powerpc/mm: Add cond_resched() while removing hpte mappings (bsc#1183289 ltc#191637). - powerpc/papr_scm: Fix build error due to wrong printf specifier (bsc#1184969). - powerpc/papr_scm: Implement support for H_SCM_FLUSH hcall (bsc#1184969). - powerpc/perf: Fix PMU constraint check for EBB events (bsc#1065729). - powerpc/prom: Mark identical_pvr_fixup as __init (bsc#1065729). - powerpc/pseries: Add shutdown() to vio_driver and vio_bus (bsc#1184209 ltc#190917). - powerpc/time: Enable sched clock for irqtime (bsc#1156395). - regmap: set debugfs_name to NULL after it is freed (git-fixes). - regulator: Avoid a double 'of_node_get' in 'regulator_of_get_init_node()' (git-fixes). - reintroduce cqhci_suspend for kABI (git-fixes). - reiserfs: update reiserfs_xattrs_initialized() condition (bsc#1184737). - rpm/constraints.in: bump disk space to 45GB on riscv64 - rpm/kernel-obs-build.spec.in: Include essiv with dm-crypt (boo#1183063). - rpm/macros.kernel-source: fix KMP failure in %install (bsc#1185244) - rpm/mkspec: Use tilde instead of dot for version string with rc (bsc#1184650) - rsi: Use resume_noirq for SDIO (git-fixes). - rsxx: remove extraneous 'const' qualifier (git-fixes). - rtc: ds1307: Fix wday settings for rx8130 (git-fixes). - rtc: fsl-ftm-alarm: add MODULE_TABLE() (bsc#1185454). - rtc: fsl-ftm-alarm: avoid struct rtc_time conversions (bsc#1185454). - rtc: fsl-ftm-alarm: enable acpi support (bsc#1185454). - rtc: fsl-ftm-alarm: fix freeze(s2idle) failed to wake (bsc#1185454). - rtc: fsl-ftm-alarm: report alarm to core (bsc#1185454). - rtc: fsl-ftm-alarm: switch to ktime_get_real_seconds (bsc#1185454). - rtc: fsl-ftm-alarm: switch to rtc_time64_to_tm/rtc_tm_to_time64 (bsc#1185454). - rtc: fsl-ftm-alarm: update acpi device id (bsc#1185454). - rtc: pcf2127: add alarm support (bsc#1185233). - rtc: pcf2127: add pca2129 device id (bsc#1185233). - rtc: pcf2127: add tamper detection support (bsc#1185233). - rtc: pcf2127: add watchdog feature support (bsc#1185233). - rtc: pcf2127: bugfix: watchdog build dependency (bsc#1185233). - rtc: pcf2127: cleanup register and bit defines (bsc#1185233). - rtc: pcf2127: convert to devm_rtc_allocate_device (bsc#1185233). - rtc: pcf2127: fix a bug when not specify interrupts property (bsc#1185233). - rtc: pcf2127: fix alarm handling (bsc#1185233). - rtc: pcf2127: fix pcf2127_nvmem_read/write() returns (bsc#1185233). - rtc: pcf2127: handle boot-enabled watchdog feature (bsc#1185233). - rtc: pcf2127: let the core handle rtc range (bsc#1185233). - rtc: pcf2127: move watchdog initialisation to a separate function (bsc#1185233). - rtc: pcf2127: only use watchdog when explicitly available (bsc#1185233). - rtc: pcf2127: properly set flag WD_CD for rtc chips(pcf2129, pca2129) (bsc#1185233). - rtc: pcf2127: remove unnecessary #ifdef (bsc#1185233). - rtc: pcf2127: set regmap max_register (bsc#1185233). - rtc: pcf2127: watchdog: handle nowayout feature (bsc#1185233). - rtlwifi: 8821ae: upgrade PHY and RF parameters (git-fixes). - rtw88: Fix array overrun in rtw_get_tx_power_params() (git-fixes). - sata_mv: add IRQ checks (git-fixes). - scsi: block: Fix a race in the runtime power management code (git-fixes). - scsi: core: add scsi_host_busy_iter() (bsc#1179851). - scsi: core: Only return started requests from scsi_host_find_tag() (bsc#1179851). - scsi: lpfc: Copyright updates for 12.8.0.9 patches (bsc#1185472). - scsi: lpfc: Eliminate use of LPFC_DRIVER_NAME in lpfc_attr.c (bsc#1185472). - scsi: lpfc: Fix a bunch of kernel-doc issues (bsc#1185472). - scsi: lpfc: Fix a bunch of kernel-doc misdemeanours (bsc#1185472). - scsi: lpfc: Fix a bunch of misnamed functions (bsc#1185472). - scsi: lpfc: Fix a few incorrectly named functions (bsc#1185472). - scsi: lpfc: Fix a typo (bsc#1185472). - scsi: lpfc: Fix crash when a REG_RPI mailbox fails triggering a LOGO response (bsc#1185472). - scsi: lpfc: Fix DMA virtual address ptr assignment in bsg (bsc#1185365). - scsi: lpfc: Fix error handling for mailboxes completed in MBX_POLL mode (bsc#1185472). - scsi: lpfc: Fix formatting and misspelling issues (bsc#1185472). - scsi: lpfc: Fix gcc -Wstringop-overread warning (bsc#1185472). - scsi: lpfc: Fix illegal memory access on Abort IOCBs (bsc#1183203). - scsi: lpfc: Fix incorrectly documented function lpfc_debugfs_commonxripools_data() (bsc#1185472). - scsi: lpfc: Fix incorrect naming of __lpfc_update_fcf_record() (bsc#1185472). - scsi: lpfc: Fix kernel-doc formatting issue (bsc#1185472). - scsi: lpfc: Fix lack of device removal on port swaps with PRLIs (bsc#1185472). - scsi: lpfc: Fix lpfc_hdw_queue attribute being ignored (bsc#1185472). - scsi: lpfc: Fix missing FDMI registrations after Mgmt Svc login (bsc#1185472). - scsi: lpfc: Fix NMI crash during rmmod due to circular hbalock dependency (bsc#1185472). - scsi: lpfc: Fix reference counting errors in lpfc_cmpl_els_rsp() (bsc#1185472). - scsi: lpfc: Fix rmmod crash due to bad ring pointers to abort_iotag (bsc#1185472). - scsi: lpfc: Fix silent memory allocation failure in lpfc_sli4_bsg_link_diag_test() (bsc#1185472). - scsi: lpfc: Fix some error codes in debugfs (bsc#1185472). - scsi: lpfc: Fix use-after-free on unused nodes after port swap (bsc#1185472). - scsi: lpfc: Fix various trivial errors in comments and log messages (bsc#1185472). - scsi: lpfc: Remove unsupported mbox PORT_CAPABILITIES logic (bsc#1185472). - scsi: lpfc: Standardize discovery object logging format (bsc#1185472). - scsi: lpfc: Update lpfc version to 12.8.0.9 (bsc#1185472). - scsi: qla2xxx: Add error counters to debugfs node (bsc#1185491). - scsi: qla2xxx: Add H:C:T info in the log message for fc ports (bsc#1185491). - scsi: qla2xxx: Always check the return value of qla24xx_get_isp_stats() (bsc#1185491). - scsi: qla2xxx: Assign boolean values to a bool variable (bsc#1185491). - scsi: qla2xxx: Check kzalloc() return value (bsc#1185491). - scsi: qla2xxx: Consolidate zio threshold setting for both FCP NVMe (bsc#1185491). - scsi: qla2xxx: Constify struct qla_tgt_func_tmpl (bsc#1185491). - scsi: qla2xxx: Do logout even if fabric scan retries got exhausted (bsc#1185491). - scsi: qla2xxx: Enable NVMe CONF (BIT_7) when enabling SLER (bsc#1185491). - scsi: qla2xxx: fc_remote_port_chkready() returns a SCSI result value (bsc#1185491). - scsi: qla2xxx: Fix a couple of misdocumented functions (bsc#1185491). - scsi: qla2xxx: Fix a couple of misnamed functions (bsc#1185491). - scsi: qla2xxx: Fix broken #endif placement (bsc#1185491). - scsi: qla2xxx: Fix crash in PCIe error handling (bsc#1185491). - scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand() (bsc#1185491). - scsi: qla2xxx: Fix endianness annotations (bsc#1185491). - scsi: qla2xxx: Fix incorrectly named function qla8044_check_temp() (bsc#1185491). - scsi: qla2xxx: Fix IOPS drop seen in some adapters (bsc#1185491). - scsi: qla2xxx: Fix mailbox Ch erroneous error (bsc#1185491). - scsi: qla2xxx: Fix mailbox recovery during PCIe error (bsc#1185491). - scsi: qla2xxx: Fix RISC RESET completion polling (bsc#1185491). - scsi: qla2xxx: Fix some incorrect formatting/spelling issues (bsc#1185491). - scsi: qla2xxx: Fix some memory corruption (bsc#1185491). - scsi: qla2xxx: Fix stuck session (bsc#1185491). - scsi: qla2xxx: Fix use after free in bsg (bsc#1185491). - scsi: qla2xxx: Implementation to get and manage host, target stats and initiator port (bsc#1185491). - scsi: qla2xxx: Move some messages from debug to normal log level (bsc#1185491). - scsi: qla2xxx: Remove redundant NULL check (bsc#1185491). - scsi: qla2xxx: Remove unnecessary NULL check (bsc#1185491). - scsi: qla2xxx: Remove unneeded if-null-free check (bsc#1185491). - scsi: qla2xxx: Replace __qla2x00_marker()'s missing underscores (bsc#1185491). - scsi: qla2xxx: Reserve extra IRQ vectors (bsc#1184436). - scsi: qla2xxx: Reuse existing error handling path (bsc#1185491). - scsi: qla2xxx: Simplify if statement (bsc#1185491). - scsi: qla2xxx: Simplify qla8044_minidump_process_control() (bsc#1185491). - scsi: qla2xxx: Simplify the calculation of variables (bsc#1185491). - scsi: qla2xxx: Suppress Coverity complaints about dseg_r* (bsc#1185491). - scsi: qla2xxx: Update default AER debug mask (bsc#1185491). - scsi: qla2xxx: Update version to 10.02.00.105-k (bsc#1185491). - scsi: qla2xxx: Update version to 10.02.00.106-k (bsc#1185491). - scsi: qla2xxx: Use dma_pool_zalloc() (bsc#1185491). - scsi: qla2xxx: Wait for ABTS response on I/O timeouts for NVMe (bsc#1185491). - scsi: smartpqi: Correct driver removal with HBA disks (bsc#1178089). - scsi: smartpqi: Correct pqi_sas_smp_handler busy condition (bsc#1178089). - scsi: smartpqi: Update version to 1.2.16-012 (bsc#1178089). - selftests/powerpc: Add pkey helpers for rights (bsc#1184934 ltc#191460). - selftests/powerpc: Add test for execute-disabled pkeys (bsc#1184934 ltc#191460). - selftests/powerpc: Add test for pkey siginfo verification (bsc#1184934 ltc#191460). - selftests/powerpc: Add wrapper for gettid (bsc#1184934 ltc#191460). - selftests/powerpc: Fix exit status of pkey tests (bsc#1184934 ltc#191460). - selftests/powerpc: Fix L1D flushing tests for Power10 (bsc#1184934 ltc#191460). - selftests/powerpc: Fix pkey syscall redefinitions (bsc#1184934 ltc#191460). - selftests/powerpc: Move pkey helpers to headers (bsc#1184934 ltc#191460). - selftests/powerpc: refactor entry and rfi_flush tests (bsc#1184934 ltc#191460). - soc: aspeed: fix a ternary sign expansion bug (git-fixes). - soc: qcom: mdt_loader: Detect truncated read of segments (git-fixes). - soc: qcom: mdt_loader: Validate that p_filesz p_memsz (git-fixes). - soundwire: bus: Fix device found flag correctly (git-fixes). - soundwire: stream: fix memory leak in stream config error path (git-fixes). - spi: fsl-dspi: fix NULL pointer dereference (bsc#1167260). - spi: fsl-dspi: fix use-after-free in remove path (bsc#1167260). - spi: fsl-dspi: fix wrong pointer in suspend/resume (bsc#1167260). - spi: fsl-lpspi: Fix PM reference leak in lpspi_prepare_xfer_hardware() (git-fixes). - spi: Introduce dspi_slave_abort() function for NXP's dspi SPI driver (bsc#1167260). - spi: spi-fsl-dspi: Accelerate transfers using larger word size if possible (bsc#1167260). - spi: spi-fsl-dspi: Add comments around dspi_pop_tx and dspi_push_rx functions (bsc#1167260). - spi: spi-fsl-dspi: Adding shutdown hook (bsc#1167260). - spi: spi-fsl-dspi: Add support for LS1028A (bsc#1167260). - spi: spi-fsl-dspi: Always use the TCFQ devices in poll mode (bsc#1167260). - spi: spi-fsl-dspi: Avoid NULL pointer in dspi_slave_abort for non-DMA mode (bsc#1167260). - spi: spi-fsl-dspi: Avoid reading more data than written in EOQ mode (bsc#1167260). - spi: spi-fsl-dspi: Change usage pattern of SPI_MCR_* and SPI_CTAR_* macros (bsc#1167260). - spi: spi-fsl-dspi: Convert TCFQ users to XSPI FIFO mode (bsc#1167260). - spi: spi-fsl-dspi: Convert the instantiations that support it to DMA (bsc#1167260). - spi: spi-fsl-dspi: delete EOQ transfer mode (bsc#1167260). - spi: spi-fsl-dspi: Demistify magic value in SPI_SR_CLEAR (bsc#1167260). - spi: spi-fsl-dspi: Do not access reserved fields in SPI_MCR (bsc#1167260). - spi: spi-fsl-dspi: Do not mask off undefined bits (bsc#1167260). - spi: spi-fsl-dspi: Exit the ISR with IRQ_NONE when it's not ours (bsc#1167260). - spi: spi-fsl-dspi: Fix 16-bit word order in 32-bit XSPI mode (bsc#1167260). - spi: spi-fsl-dspi: Fix bits-per-word acceleration in DMA mode (bsc#1167260). - spi: spi-fsl-dspi: Fix code alignment (bsc#1167260). - spi: spi-fsl-dspi: fix DMA mapping (bsc#1167260). - spi: spi-fsl-dspi: Fix external abort on interrupt in resume or exit paths (bsc#1167260). - spi: spi-fsl-dspi: Fix interrupt-less DMA mode taking an XSPI code path (bsc#1167260). - spi: spi-fsl-dspi: Fix little endian access to PUSHR CMD and TXDATA (bsc#1167260). - spi: spi-fsl-dspi: Fix lockup if device is removed during SPI transfer (bsc#1167260). - spi: spi-fsl-dspi: Fix lockup if device is shutdown during SPI transfer (bsc#1167260). - spi: spi-fsl-dspi: fix native data copy (bsc#1167260). - spi: spi-fsl-dspi: Fix race condition in TCFQ/EOQ interrupt (bsc#1167260). - spi: spi-fsl-dspi: Fix typos (bsc#1167260). - spi: spi-fsl-dspi: Free DMA memory with matching function (bsc#1167260). - spi: spi-fsl-dspi: Implement .max_message_size method for EOQ mode (bsc#1167260). - spi: spi-fsl-dspi: Initialize completion before possible interrupt (bsc#1167260). - spi: spi-fsl-dspi: LS2080A and LX2160A support XSPI mode (bsc#1167260). - spi: spi-fsl-dspi: Make bus-num property optional (bsc#1167260). - spi: spi-fsl-dspi: Move dspi_interrupt above dspi_transfer_one_message (bsc#1167260). - spi: spi-fsl-dspi: Move invariant configs out of dspi_transfer_one_message (bsc#1167260). - spi: spi-fsl-dspi: Optimize dspi_setup_accel for lowest interrupt count (bsc#1167260). - spi: spi-fsl-dspi: Parameterize the FIFO size and DMA buffer size (bsc#1167260). - spi: spi-fsl-dspi: Protect against races on dspi->words_in_flight (bsc#1167260). - spi: spi-fsl-dspi: Reduce indentation in dspi_release_dma() (bsc#1167260). - spi: spi-fsl-dspi: Reduce indentation level in dspi_interrupt (bsc#1167260). - spi: spi-fsl-dspi: remove git-fixes Remove git-fixes. Prepare to update the driver. References: bsc#1167260 - spi: spi-fsl-dspi: Remove impossible to reach error check (bsc#1167260). - spi: spi-fsl-dspi: Remove pointless assignment of master->transfer to NULL (bsc#1167260). - spi: spi-fsl-dspi: Remove unused chip->void_write_data (bsc#1167260). - spi: spi-fsl-dspi: Remove unused defines and includes (bsc#1167260). - spi: spi-fsl-dspi: Remove unused initialization of 'ret' in dspi_probe (bsc#1167260). - spi: spi-fsl-dspi: Rename fifo_{read,write} and {tx,cmd}_fifo_write (bsc#1167260). - spi: spi-fsl-dspi: Replace interruptible wait queue with a simple completion (bsc#1167260). - spi: spi-fsl-dspi: Replace legacy spi_master names with spi_controller (bsc#1167260). - spi: spi-fsl-dspi: set ColdFire to DMA mode (bsc#1167260). - spi: spi-fsl-dspi: Simplify bytes_per_word gymnastics (bsc#1167260). - spi: spi-fsl-dspi: Take software timestamp in dspi_fifo_write (bsc#1167260). - spi: spi-fsl-dspi: Use BIT() and GENMASK() macros (bsc#1167260). - spi: spi-fsl-dspi: Use dma_request_chan() instead dma_request_slave_channel() (bsc#1167260). - spi: spi-fsl-dspi: Use EOQ for last word in buffer even for XSPI mode (bsc#1167260). - spi: spi-fsl-dspi: Use poll mode in case the platform IRQ is missing (bsc#1167260). - spi: spi-fsl-dspi: Use reverse Christmas tree declaration order (bsc#1167260). - spi: spi-fsl-dspi: Use specific compatible strings for all SoC instantiations (bsc#1167260). - spi: spi-fsl-dspi: use XSPI mode instead of DMA for DPAA2 SoCs (bsc#1167260). - spi: spi-ti-qspi: Free DMA resources (git-fixes). - staging: fwserial: fix TIOCGSERIAL implementation (git-fixes). - staging: fwserial: fix TIOCSSERIAL implementation (git-fixes). - staging: fwserial: fix TIOCSSERIAL jiffies conversions (git-fixes). - staging: fwserial: fix TIOCSSERIAL permission check (git-fixes). - staging: rtl8192u: Fix potential infinite loop (git-fixes). - usb: CDC-ACM: fix poison/unpoison imbalance (bsc#1184984). - usb: CDC-ACM: fix poison/unpoison imbalance (git-fixes). - usb: cdc-acm: fix TIOCGSERIAL implementation (git-fixes). - usb: cdc-acm: fix unprivileged TIOCCSERIAL (git-fixes). - usb: dwc2: Fix hibernation between host and device modes (git-fixes). - usb: dwc2: Fix host mode hibernation exit with remote wakeup flow (git-fixes). - usb: dwc2: Fix session request interrupt handler (git-fixes). - usb: dwc3: gadget: Fix START_TRANSFER link state check (git-fixes). - usb: dwc3: keystone: use devm_platform_ioremap_resource() to simplify code (git-fixes). - usb: dwc3: meson-g12a: use devm_platform_ioremap_resource() to simplify code (git-fixes). - usb: dwc3: Switch to use device_property_count_u32() (git-fixes). - usb: gadget: aspeed: fix dma map failure (git-fixes). - usb: gadget: Fix double free of device descriptor pointers (git-fixes). - usb: gadget: pch_udc: Check for DMA mapping error (git-fixes). - usb: gadget: pch_udc: Check if driver is present before calling ->setup() (git-fixes). - usb: gadget: pch_udc: Move pch_udc_init() to satisfy kernel doc (git-fixes). - usb: gadget: pch_udc: Replace cpu_to_le32() by lower_32_bits() (git-fixes). - usb: gadget: pch_udc: Revert d3cb25a12138 completely (git-fixes). - usb: gadget: r8a66597: Add missing null check on return from platform_get_resource (git-fixes). - usb: gadget: udc: fix wrong pointer passed to IS_ERR() and PTR_ERR() (git-fixes). - usb: Remove dev_err() usage after platform_get_irq() (git-fixes). - usb: serial: ark3116: fix TIOCGSERIAL implementation (git-fixes). - usb: serial: f81232: fix TIOCGSERIAL implementation (git-fixes). - usb: serial: f81534: fix TIOCGSERIAL implementation (git-fixes). - usb: serial: fix return value for unsupported ioctls (git-fixes). - usb: serial: mos7720: fix TIOCGSERIAL implementation (git-fixes). - usb: serial: opticon: fix TIOCGSERIAL implementation (git-fixes). - usb: serial: quatech2: fix TIOCGSERIAL implementation (git-fixes). - usb: serial: ssu100: fix TIOCGSERIAL implementation (git-fixes). - usb: serial: usb_wwan: fix TIOCGSERIAL implementation (git-fixes). - usb: serial: usb_wwan: fix TIOCSSERIAL jiffies conversions (git-fixes). - usb: serial: usb_wwan: fix unprivileged TIOCCSERIAL (git-fixes). - usb: typec: tcpci: Check ROLE_CONTROL while interpreting CC_STATUS (git-fixes). - usb: typec: tcpm: Address incorrect values of tcpm psy for fixed supply (git-fixes). - usb: typec: tcpm: Honour pSnkStdby requirement during negotiation (git-fixes). - veth: Store queue_mapping independently of XDP prog presence (git-fixes). - vfio/pci: Add missing range check in vfio_pci_mmap (git-fixes). - virt_wifi: Return micros for BSS TSF values (git-fixes). - vxlan: move debug check after netdev unregister (git-fixes). - workqueue: Move the position of debug_work_activate() in __queue_work() (bsc#1184893). - x86/crash: Fix crash_setup_memmap_entries() out-of-bounds access (bsc#1152489). - x86/insn: Add some Intel instructions to the opcode map (bsc#1184760). - x86/insn: Add some more Intel instructions to the opcode map (bsc#1184760). - x86/microcode: Check for offline CPUs before requesting new microcode (bsc#1152489). - x86/mm: Fix NX bit clearing issue in kernel_map_pages_in_pgd (bsc#1152489). - x86/platform/uv: Set section block size for hubless architectures (bsc#1152489). - x86/reboot: Force all cpus to exit VMX root if VMX is supported (bsc#1152489). Important SUSE bug 1043990 SUSE bug 1055117 SUSE bug 1065729 SUSE bug 1152457 SUSE bug 1152489 SUSE bug 1156395 SUSE bug 1167260 SUSE bug 1168838 SUSE bug 1174416 SUSE bug 1174426 SUSE bug 1178089 SUSE bug 1179243 SUSE bug 1179851 SUSE bug 1180846 SUSE bug 1181161 SUSE bug 1182613 SUSE bug 1183063 SUSE bug 1183203 SUSE bug 1183289 SUSE bug 1184208 SUSE bug 1184209 SUSE bug 1184436 SUSE bug 1184514 SUSE bug 1184650 SUSE bug 1184724 SUSE bug 1184728 SUSE bug 1184730 SUSE bug 1184731 SUSE bug 1184736 SUSE bug 1184737 SUSE bug 1184738 SUSE bug 1184740 SUSE bug 1184741 SUSE bug 1184742 SUSE bug 1184760 SUSE bug 1184811 SUSE bug 1184893 SUSE bug 1184934 SUSE bug 1184942 SUSE bug 1184957 SUSE bug 1184969 SUSE bug 1184984 SUSE bug 1185041 SUSE bug 1185113 SUSE bug 1185233 SUSE bug 1185244 SUSE bug 1185269 SUSE bug 1185365 SUSE bug 1185454 SUSE bug 1185472 SUSE bug 1185491 SUSE bug 1185549 SUSE bug 1185586 SUSE bug 1185587 CVE-2021-29155 at SUSE CVE-2021-29155 at NVD CVE-2021-29650 at SUSE CVE-2021-29650 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for dtc fixes the following issues: - make all packaged binaries PIE-executables (bsc#1184122). Low SUSE bug 1184122 cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 The SUSE Linux Enterprise 15 SP2 kernel RT was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be 0 leading to out of bounds read (bsc#1184170). - CVE-2021-3428: Fixed an integer overflow in ext4_es_cache_extent (bsc#1173485). - CVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bsc#1184192 ). - CVE-2021-29265: Fixed an issue in usbip_sockfd_store which could have allowed attackers to cause a denial of service due to race conditions during an update of the local and shared status (bsc#1184167). - CVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet driver which could have allowed attackers to cause a system crash due to a calculation of negative fragment size (bsc#1184168). - CVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly (bsc#1184198). - CVE-2021-28971: Fixed an issue in intel_pmu_drain_pebs_nhm which could have caused a system crash because the PEBS status in a PEBS record was mishandled (bsc#1184196 ). - CVE-2021-28964: Fixed a race condition in get_old_root which could have allowed attackers to cause a denial of service (bsc#1184193). - CVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646). - CVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan (bsc#1183593 ). - CVE-2021-28375: Fixed an issue in fastrpc_internal_invoke which did not prevent user applications from sending kernel RPC messages (bsc#1183596). - CVE-2021-28038: Fixed an issue with the netback driver which was lacking necessary treatment of errors such as failed memory allocations (bsc#1183022). - CVE-2021-27365: Fixed an issue where an unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bsc#1182715). - CVE-2021-27364: Fixed an issue where an attacker could craft Netlink messages (bsc#1182717). - CVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure (bsc#1182716). - CVE-2020-35519: Fixed an out-of-bounds memory access was found in x25_bind (bsc#1183696). - CVE-2020-27815: Fixed an issue in JFS filesystem where could have allowed an attacker to execute code (bsc#1179454). - CVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183775). - CVE-2020-27170: Fixed potential side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183686). - CVE-2019-19769: Fixed a use-after-free in the perf_trace_lock_acquire function (bsc#1159280 ). - CVE-2019-18814: Fixed a use-after-free when aa_label_parse() fails in aa_audit_rule_init() (bsc#1156256). - CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673: Fixed multiple bugs in NFC subsytem (bsc#1178181). - CVE-2020-36311: Fixed a denial of service (soft lockup) by triggering destruction of a large SEV VM (bsc#1184511). - CVE-2021-29154: Fixed incorrect computation of branch displacements, allowing arbitrary code execution (bsc#1184391). - CVE-2021-30002: Fixed a memory leak for large arguments in video_usercopy (bsc#1184120). - CVE-2021-3483: Fixed a use-after-free in nosy.c (bsc#1184393). - CVE-2020-36310: Fixed infinite loop for certain nested page faults (bsc#1184512). - CVE-2020-36312: Fixed a memory leak upon a kmalloc failure (bsc#1184509 ). - CVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h due to a retry loop continually was finding the same bad inode (bsc#1184194). The following non-security bugs were fixed: - 0007-block-add-docs-for-gendisk-request_queue-refcount-he.patch: (bsc#1171295, git fixes (block drivers)). - 0008-block-revert-back-to-synchronous-request_queue-remov.patch: (bsc#1171295, git fixes (block drivers)). - 0009-blktrace-fix-debugfs-use-after-free.patch: (bsc#1171295, git fixes (block drivers)). - ACPI: bus: Constify is_acpi_node() and friends (part 2) (git-fixes). - ACPICA: Always create namespace nodes using acpi_ns_create_node() (git-fixes). - ACPICA: Enable sleep button on ACPI legacy wake (bsc#1181383). - ACPICA: Fix race in generic_serial_bus (I2C) and GPIO op_region parameter handling (git-fixes). - ACPI: scan: Rearrange memory allocation in acpi_device_add() (git-fixes). - ACPI: video: Add DMI quirk for GIGABYTE GB-BXBT-2807 (git-fixes). - ACPI: video: Add missing callback back for Sony VPCEH3U1E (git-fixes). - ALSA: aloop: Fix initialization of controls (git-fixes). - ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits (git-fixes). - ALSA: hda: Avoid spurious unsol event handling during S3/S4 (git-fixes). - ALSA: hda: Drop the BATCH workaround for AMD controllers (git-fixes). - ALSA: hda: generic: Fix the micmute led init state (git-fixes). - ALSA: hda/hdmi: Cancel pending works before suspend (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NH55RZQ (git-fixes). - ALSA: hda/realtek: Add quirk for Intel NUC 10 (git-fixes). - ALSA: hda/realtek: Apply dual codec quirks for MSI Godlike X570 board (git-fixes). - ALSA: hda/realtek: Apply headset-mic quirks for Xiaomi Redmibook Air (git-fixes). - ALSA: hda/realtek: apply pin quirk for XiaomiNotebook Pro (git-fixes). - ALSA: hda/realtek: Enable headset mic of Acer SWIFT with ALC256 (git-fixes). - ALSA: hda/realtek: fix a determine_headset_type issue for a Dell AIO (git-fixes). - ALSA: hda/realtek: Fix speaker amp setup on Acer Aspire E1 (git-fixes). - ALSA: usb: Add Plantronics C320-M USB ctrl msg delay quirk (bsc#1182552). - ALSA: usb-audio: Allow modifying parameters with succeeding hw_params calls (bsc#1182552). - ALSA: usb-audio: Apply sample rate quirk to Logitech Connect (git-fixes). - ALSA: usb-audio: Apply the control quirk to Plantronics headsets (bsc#1182552). - ALSA: usb-audio: Disable USB autosuspend properly in setup_disable_autosuspend() (bsc#1182552). - ALSA: usb-audio: Do not abort even if the clock rate differs (bsc#1182552). - ALSA: usb-audio: Drop bogus dB range in too low level (bsc#1182552). - ALSA: usb-audio: Fix 'cannot get freq eq' errors on Dell AE515 sound bar (bsc#1182552). - ALSA: usb-audio: fix NULL ptr dereference in usb_audio_probe (bsc#1182552). - ALSA: usb-audio: Fix 'RANGE setting not yet supported' errors (git-fixes). - ALSA: usb-audio: fix use after free in usb_audio_disconnect (bsc#1182552). - ALSA: usb-audio: Skip the clock selector inquiry for single connections (git-fixes). - ALSA: usb: Use DIV_ROUND_UP() instead of open-coding it (git-fixes). - amd/amdgpu: Disable VCN DPG mode for Picasso (git-fixes). - apparmor: check/put label on apparmor_sk_clone_security() (git-fixes). - appletalk: Fix skb allocation size in loopback case (git-fixes). - arm64: make STACKPROTECTOR_PER_TASK configurable (bsc#1181862). - ASoC: ak4458: Add MODULE_DEVICE_TABLE (git-fixes). - ASoC: ak5558: Add MODULE_DEVICE_TABLE (git-fixes). - ASoC: cs42l42: Always wait at least 3ms after reset (git-fixes). - ASoC: cs42l42: Do not enable/disable regulator at Bias Level (git-fixes). - ASoC: cs42l42: Fix Bitclock polarity inversion (git-fixes). - ASoC: cs42l42: Fix channel width support (git-fixes). - ASoC: cs42l42: Fix mixer volume control (git-fixes). - ASoC: cygnus: fix for_each_child.cocci warnings (git-fixes). - ASoC: es8316: Simplify adc_pga_gain_tlv table (git-fixes). - ASoC: fsl_esai: Fix TDM slot setup for I2S mode (git-fixes). - ASoC: fsl_ssi: Fix TDM slot setup for I2S mode (git-fixes). - ASoC: Intel: Add DMI quirk table to soc_intel_is_byt_cr() (git-fixes). - ASoC: intel: atom: Remove 44100 sample-rate from the media and deep-buffer DAI descriptions (git-fixes). - ASoC: intel: atom: Stop advertising non working S24LE support (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for ARCHOS Cesium 140 (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Acer One S1002 tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Estar Beauty HD MID 7316R tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Voyo Winpad A15 tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Fix HP Pavilion x2 10-p0XX OVCD current threshold (git-fixes). - ASoC: Intel: bytcr_rt5651: Add quirk for the Jumper EZpad 7 tablet (git-fixes). - ASoC: max98373: Added 30ms turn on/off time delay (git-fixes). - ASoC: rt5640: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes). - ASoC: rt5651: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes). - ASoC: rt5670: Add emulated 'DAC1 Playback Switch' control (git-fixes). - ASoC: rt5670: Remove ADC vol-ctrl mute bits poking from Sto1 ADC mixer settings (git-fixes). - ASoC: rt5670: Remove 'HP Playback Switch' control (git-fixes). - ASoC: rt5670: Remove 'OUT Channel Switch' control (git-fixes). - ASoC: sgtl5000: set DAP_AVC_CTRL register to correct default value on probe (git-fixes). - ASoC: simple-card-utils: Do not handle device clock (git-fixes). - ASoC: sunxi: sun4i-codec: fill ASoC card owner (git-fixes). - ASoC: wm8960: Fix wrong bclk and lrclk with pll enabled for some chips (git-fixes). - ath10k: fix wmi mgmt tx queue full due to race condition (git-fixes). - ath10k: hold RCU lock when calling ieee80211_find_sta_by_ifaddr() (git-fixes). - ath9k: fix transmitting to stations in dynamic SMPS mode (git-fixes). - atl1c: fix error return code in atl1c_probe() (git-fixes). - atl1e: fix error return code in atl1e_probe() (git-fixes). - batman-adv: initialize 'struct batadv_tvlv_tt_vlan_data'->reserved field (git-fixes). - binfmt_misc: fix possible deadlock in bm_register_write (git-fixes). - binfmt_misc: fix possible deadlock in bm_register_write (git-fixes). - blktrace-annotate-required-lock-on-do_blk_trace_setu.patch: (bsc#1171295). - blktrace-Avoid-sparse-warnings-when-assigning-q-blk_.patch: (bsc#1171295). - blktrace-break-out-of-blktrace-setup-on-concurrent-c.patch: (bsc#1171295). - block-clarify-context-for-refcount-increment-helpers.patch: (bsc#1171295). - block: rsxx: fix error return code of rsxx_pci_probe() (git-fixes). - Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data (git-fixes). - Bluetooth: hci_h5: Set HCI_QUIRK_SIMULTANEOUS_DISCOVERY for btrtl (git-fixes). - bnxt_en: reliably allocate IRQ table on reset to avoid crash (jsc#SLE-8371 bsc#1153274). - bpf: Add sanity check for upper ptr_limit (bsc#1183686 bsc#1183775). - bpf: Avoid warning when re-casting __bpf_call_base into __bpf_call_base_args (bsc#1155518). - bpf: Declare __bpf_free_used_maps() unconditionally (bsc#1155518). - bpf: Do not do bpf_cgroup_storage_set() for kuprobe/tp programs (bsc#1155518). - bpf: Fix 32 bit src register truncation on div/mod (bsc#1184170). - bpf_lru_list: Read double-checked variable once without lock (bsc#1155518). - bpf: Remove MTU check in __bpf_skb_max_len (bsc#1155518). - bpf: Simplify alu_limit masking for pointer arithmetic (bsc#1183686 bsc#1183775). - bpf,x64: Pad NOPs to make images converge more easily (bsc#1178163). - brcmfmac: Add DMI nvram filename quirk for Predia Basic tablet (git-fixes). - brcmfmac: Add DMI nvram filename quirk for Voyo winpad A15 tablet (git-fixes). - brcmfmac: clear EAP/association status bits on linkdown events (git-fixes). - btrfs: abort the transaction if we fail to inc ref in btrfs_copy_root (bsc#1184217). - btrfs: always pin deleted leaves when there are active tree mod log users (bsc#1184224). - btrfs: fix exhaustion of the system chunk array due to concurrent allocations (bsc#1183386). - btrfs: fix extent buffer leak on failure to copy root (bsc#1184218). - btrfs: fix race when cloning extent buffer during rewind of an old root (bsc#1184193). - btrfs: fix stale data exposure after cloning a hole with NO_HOLES enabled (bsc#1184220). - btrfs: fix subvolume/snapshot deletion not triggered on mount (bsc#1184219). - bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD (git-fixes). - bus: ti-sysc: Fix warning on unbind if reset is not deasserted (git-fixes). - can: c_can: move runtime PM enable/disable to c_can_platform (git-fixes). - can: c_can_pci: c_can_pci_remove(): fix use-after-free (git-fixes). - can: flexcan: assert FRZ bit in flexcan_chip_freeze() (git-fixes). - can: flexcan: enable RX FIFO after FRZ/HALT valid (git-fixes). - can: flexcan: flexcan_chip_freeze(): fix chip freeze for missing bitrate (git-fixes). - can: flexcan: invoke flexcan_chip_freeze() to enter freeze mode (git-fixes). - can: m_can: m_can_do_rx_poll(): fix extraneous msg loss warning (git-fixes). - can: peak_usb: add forgotten supported devices (git-fixes). - can: peak_usb: Revert 'can: peak_usb: add forgotten supported devices' (git-fixes). - can: skb: can_skb_set_owner(): fix ref counting if socket was closed before setting skb ownership (git-fixes). - cdc-acm: fix BREAK rx code path adding necessary calls (git-fixes). - certs: Fix blacklist flag type confusion (git-fixes). - cifs: change noisy error message to FYI (bsc#1181507). - cifs: check pointer before freeing (bsc#1183534). - cifs_debug: use %pd instead of messing with ->d_name (bsc#1181507). - cifs: do not send close in compound create+close requests (bsc#1181507). - cifs: New optype for session operations (bsc#1181507). - cifs: print MIDs in decimal notation (bsc#1181507). - cifs: return proper error code in statfs(2) (bsc#1181507). - cifs: Tracepoints and logs for tracing credit changes (bsc#1181507). - clk: fix invalid usage of list cursor in register (git-fixes). - clk: fix invalid usage of list cursor in unregister (git-fixes). - clk: socfpga: fix iomem pointer cast on 64-bit (git-fixes). - completion: Drop init_completion define (git-fixes). - configfs: fix a use-after-free in __configfs_open_file (git-fixes). - config: net: freescale: change xgmac-mdio to built-in References: bsc#1183015,bsc#1182595 - crypto: aesni - prevent misaligned buffers on the stack (git-fixes). - crypto: arm64/sha - add missing module aliases (git-fixes). - crypto: bcm - Rename struct device_private to bcm_device_private (git-fixes). - crypto: Kconfig - CRYPTO_MANAGER_EXTRA_TESTS requires the manager (git-fixes). - crypto: tcrypt - avoid signed overflow in byte count (git-fixes). - Delete patches.suse/sched-Reenable-interrupts-in-do_sched_yield.patch (bsc#1183530) - drivers/misc/vmw_vmci: restrict too big queue size in qp_host_alloc_queue (git-fixes). - drivers: video: fbcon: fix NULL dereference in fbcon_cursor() (git-fixes). - drm/amd/display: Guard against NULL pointer deref when get_i2c_info fails (git-fixes). - drm/amdgpu: Add check to prevent IH overflow (git-fixes). - drm/amdgpu: check alignment on CPU page for bo map (git-fixes). - drm/amdgpu: fix offset calculation in amdgpu_vm_bo_clear_mappings() (git-fixes). - drm/amdgpu: fix parameter error of RREG32_PCIE() in amdgpu_regs_pcie (git-fixes). - drm/amdkfd: Put ACPI table after using it (bsc#1152489) Backporting notes: * context changes - drm/amd/powerplay: fix spelling mistake 'smu_state_memroy_block' -> (bsc#1152489) Backporting notes: * rename amd/pm to amd/powerplay * context changes - drm/compat: Clear bounce structures (git-fixes). - drm/hisilicon: Fix use-after-free (git-fixes). - drm/i915: Fix invalid access to ACPI _DSM objects (bsc#1184074). - drm/i915: Reject 446-480MHz HDMI clock on GLK (git-fixes). - drm/mediatek: Fix aal size config (bsc#1152489) - drm: meson_drv add shutdown function (git-fixes). - drm/msm/a5xx: Remove overwriting A5XX_PC_DBG_ECO_CNTL register (git-fixes). - drm/msm/adreno: a5xx_power: Do not apply A540 lm_setup to other GPUs (git-fixes). - drm/msm/dsi: Correct io_start for MSM8994 (20nm PHY) (git-fixes). - drm/msm: Fix races managing the OOB state for timestamp vs (bsc#1152489) - drm/msm: fix shutdown hook in case GPU components failed to bind (git-fixes). - drm/msm: Fix use-after-free in msm_gem with carveout (bsc#1152489) - drm/msm: Fix WARN_ON() splat in _free_object() (bsc#1152489) - drm/msm/gem: Add obj->lock wrappers (bsc#1152489) - drm/msm: Ratelimit invalid-fence message (git-fixes). - drm/msm: Set drvdata to NULL when msm_drm_init() fails (git-fixes). - drm/nouveau: bail out of nouveau_channel_new if channel init fails (bsc#1152489) - drm/nouveau/kms: handle mDP connectors (git-fixes). - drm/panfrost: Do not corrupt the queue mutex on open/close (bsc#1152472) - drm/panfrost: Fix job timeout handling (bsc#1152472) - drm/panfrost: Remove unused variables in panfrost_job_close() (bsc#1152472) - drm/radeon: fix AGP dependency (git-fixes). - drm: rcar-du: Fix crash when using LVDS1 clock for CRTC (bsc#1152489) - drm/sched: Cancel and flush all outstanding jobs before finish (git-fixes). - drm/sun4i: tcon: fix inverted DCLK polarity (bsc#1152489) - drm/tegra: sor: Grab runtime PM reference across reset (git-fixes). - drm/vc4: hdmi: Restore cec physical address on reconnect (bsc#1152472) - efi: use 32-bit alignment for efi_guid_t literals (git-fixes). - enetc: Fix reporting of h/w packet counters (git-fixes). - epoll: check for events when removing a timed out thread from the wait queue (git-fixes). - ethernet: alx: fix order of calls on resume (git-fixes). - exec: Move would_dump into flush_old_exec (git-fixes). - exfat: add missing MODULE_ALIAS_FS() (bsc#1182989). - exfat: add the dummy mount options to be backward compatible with staging/exfat (bsc#1182989). - extcon: Add stubs for extcon_register_notifier_all() functions (git-fixes). - extcon: Fix error handling in extcon_dev_register (git-fixes). - fbdev: aty: SPARC64 requires FB_ATY_CT (git-fixes). - firmware/efi: Fix a use after bug in efi_mem_reserve_persistent (git-fixes). - flow_dissector: fix byteorder of dissected ICMP ID (bsc#1154353). - fsl/fman: check dereferencing null pointer (git-fixes). - fsl/fman: fix dereference null return value (git-fixes). - fsl/fman: fix eth hash table allocation (git-fixes). - fsl/fman: fix unreachable code (git-fixes). - fsl/fman: use 32-bit unsigned integer (git-fixes). - fuse: fix bad inode (bsc#1184211). - fuse: fix live lock in fuse_iget() (bsc#1184211). - fuse: verify write return (git-fixes). - gcc-plugins: drop support for GCC &lt;= 4.7 (bcs#1181862). - gcc-plugins: make it possible to disable CONFIG_GCC_PLUGINS again (bcs#1181862). - gcc-plugins: simplify GCC plugin-dev capability test (bsc#1181862). - gianfar: Account for Tx PTP timestamp in the skb headroom (git-fixes). - gianfar: Fix TX timestamping with a stacked DSA driver (git-fixes). - gianfar: Handle error code at MAC address change (git-fixes). - gianfar: Replace skb_realloc_headroom with skb_cow_head for PTP (git-fixes). - Goodix Fingerprint device is not a modem (git-fixes). - gpiolib: acpi: Add missing IRQF_ONESHOT (git-fixes). - gpio: pca953x: Set IRQ type when handle Intel Galileo Gen 2 (git-fixes). - gpio: zynq: fix reference leak in zynq_gpio functions (git-fixes). - HID: i2c-hid: Add I2C_HID_QUIRK_NO_IRQ_AFTER_RESET for ITE8568 EC on Voyo Winpad A15 (git-fixes). - HID: mf: add support for 0079:1846 Mayflash/Dragonrise USB Gamecube Adapter (git-fixes). - HSI: Fix PM usage counter unbalance in ssi_hw_init (git-fixes). - hwmon: (ina3221) Fix PM usage counter unbalance in ina3221_write_enable (git-fixes). - i2c: rcar: faster irq code to minimize HW race condition (git-fixes). - i2c: rcar: optimize cacheline to minimize HW race condition (git-fixes). - i40e: Fix parameters in aq_get_phy_register() (jsc#SLE-8025). - i40e: Fix sparse error: 'vsi->netdev' could be null (jsc#SLE-8025). - iavf: Fix incorrect adapter get in iavf_resume (git-fixes). - iavf: use generic power management (git-fixes). - ibmvnic: add comments for spinlock_t definitions (bsc#1183871 ltc#192139). - ibmvnic: always store valid MAC address (bsc#1182011 ltc#191844). - ibmvnic: avoid multiple line dereference (bsc#1183871 ltc#192139). - ibmvnic: fix block comments (bsc#1183871 ltc#192139). - ibmvnic: fix braces (bsc#1183871 ltc#192139). - ibmvnic: fix miscellaneous checks (bsc#1183871 ltc#192139). - ibmvnic: Fix possibly uninitialized old_num_tx_queues variable warning (jsc#SLE-17268). - ibmvnic: merge do_change_param_reset into do_reset (bsc#1183871 ltc#192139). - ibmvnic: prefer strscpy over strlcpy (bsc#1183871 ltc#192139). - ibmvnic: prefer 'unsigned long' over 'unsigned long int' (bsc#1183871 ltc#192139). - ibmvnic: remove excessive irqsave (bsc#1182485 ltc#191591). - ibmvnic: remove unnecessary rmb() inside ibmvnic_poll (bsc#1183871 ltc#192139). - ibmvnic: remove unused spinlock_t stats_lock definition (bsc#1183871 ltc#192139). - ibmvnic: rework to ensure SCRQ entry reads are properly ordered (bsc#1183871 ltc#192139). - ibmvnic: simplify reset_long_term_buff function (bsc#1183023 ltc#191791). - ibmvnic: substitute mb() with dma_wmb() for send_*crq* functions (bsc#1183023 ltc#191791). - ice: fix memory leak if register_netdev_fails (git-fixes). - ice: fix memory leak in ice_vsi_setup (git-fixes). - ice: Fix state bits on LLDP mode switch (jsc#SLE-7926). - ice: remove DCBNL_DEVRESET bit from PF state (jsc#SLE-7926). - ice: renegotiate link after FW DCB on (jsc#SLE-8464). - ice: report correct max number of TCs (jsc#SLE-7926). - ice: update the number of available RSS queues (jsc#SLE-7926). - igc: Fix igc_ptp_rx_pktstamp() (bsc#1160634). - iio: adc: ad7949: fix wrong ADC result due to incorrect bit mask (git-fixes). - iio:adc:qcom-spmi-vadc: add default scale to LR_MUX2_BAT_ID channel (git-fixes). - iio: adis16400: Fix an error code in adis16400_initial_setup() (git-fixes). - iio: gyro: mpu3050: Fix error handling in mpu3050_trigger_handler (git-fixes). - iio: hid-sensor-humidity: Fix alignment issue of timestamp channel (git-fixes). - iio: hid-sensor-prox: Fix scale not correct issue (git-fixes). - iio: hid-sensor-temperature: Fix issues of timestamp channel (git-fixes). - include/linux/sched/mm.h: use rcu_dereference in in_vfork() (git-fixes). - Input: applespi - do not wait for responses to commands indefinitely (git-fixes). - Input: elantech - fix protocol errors for some trackpoints in SMBus mode (git-fixes). - Input: i8042 - add ASUS Zenbook Flip to noselftest list (git-fixes). - Input: raydium_ts_i2c - do not send zero length (git-fixes). - Input: xpad - add support for PowerA Enhanced Wired Controller for Xbox Series X|S (git-fixes). - iommu/amd: Fix sleeping in atomic in increase_address_space() (bsc#1183277). - iommu/intel: Fix memleak in intel_irq_remapping_alloc (bsc#1183278). - iommu/qcom: add missing put_device() call in qcom_iommu_of_xlate() (bsc#1183637). - iommu/vt-d: Add get_domain_info() helper (bsc#1183279). - iommu/vt-d: Avoid panic if iommu init fails in tboot system (bsc#1183280). - iommu/vt-d: Correctly check addr alignment in qi_flush_dev_iotlb_pasid() (bsc#1183281). - iommu/vt-d: Do not use flush-queue when caching-mode is on (bsc#1183282). - iommu/vt-d: Fix general protection fault in aux_detach_device() (bsc#1183283). - iommu/vt-d: Fix ineffective devTLB invalidation for subdevices (bsc#1183284). - iommu/vt-d: Fix unaligned addresses for intel_flush_svm_range_dev() (bsc#1183285). - iommu/vt-d: Move intel_iommu info from struct intel_svm to struct intel_svm_dev (bsc#1183286). - ionic: linearize tso skb with too many frags (bsc#1167773). - kABI: powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes). - kbuild: add dummy toolchains to enable all cc-option etc. in Kconfig (bcs#1181862). - kbuild: change *FLAGS_&lt;basetarget>.o to take the path relative to $(obj) (bcs#1181862). - kbuild: dummy-tools, fix inverted tests for gcc (bcs#1181862). - kbuild: dummy-tools, support MPROFILE_KERNEL checks for ppc (bsc#1181862). - kbuild: Fail if gold linker is detected (bcs#1181862). - kbuild: improve cc-option to clean up all temporary files (bsc#1178330). - kbuild: include scripts/Makefile.* only when relevant CONFIG is enabled (bcs#1181862). - kbuild: simplify GCC_PLUGINS enablement in dummy-tools/gcc (bcs#1181862). - kbuild: stop filtering out $(GCC_PLUGINS_CFLAGS) from cc-option base (bcs#1181862). - kbuild: use -S instead of -E for precise cc-option test in Kconfig (bsc#1178330). - kconfig: introduce m32-flag and m64-flag (bcs#1181862). - KVM: nVMX: Properly handle userspace interrupt window request (bsc#1183427). - KVM: SVM: Clear the CR4 register on reset (bsc#1183252). - KVM: x86: Add helpers to perform CPUID-based guest vendor check (bsc#1183445). - KVM: x86: Add RIP to the kvm_entry, i.e. VM-Enter, tracepoint Needed as a dependency of 0b40723a827 ('kvm: tracing: Fix unmatched kvm_entry and kvm_exit events', bsc#1182770). - KVM: x86: Allow guests to see MSR_IA32_TSX_CTRL even if tsx=off (bsc#1183287). - KVM: x86: do not reset microcode version on INIT or RESET (bsc#1183412). - KVM x86: Extend AMD specific guest behavior to Hygon virtual CPUs (bsc#1183447). - KVM: x86: list MSR_IA32_UCODE_REV as an emulated MSR (bsc#1183369). - KVM: x86: Return -E2BIG when KVM_GET_SUPPORTED_CPUID hits max entries (bsc#1183428). - KVM: x86: Set so called 'reserved CR3 bits in LM mask' at vCPU reset (bsc#1183288). - libbpf: Clear map_info before each bpf_obj_get_info_by_fd (bsc#1155518). - libbpf: Fix BTF dump of pointer-to-array-of-struct (bsc#1155518). - libbpf: Fix INSTALL flag order (bsc#1155518). - libbpf: Use SOCK_CLOEXEC when opening the netlink socket (bsc#1155518). - lib/syscall: fix syscall registers retrieval on 32-bit platforms (git-fixes). - locking/mutex: Fix non debug version of mutex_lock_io_nested() (git-fixes). - loop-be-paranoid-on-exit-and-prevent-new-additions-r.patch: (bsc#1171295). - mac80211: choose first enabled channel for monitor (git-fixes). - mac80211: fix double free in ibss_leave (git-fixes). - mac80211: fix rate mask reset (git-fixes). - mac80211: fix TXQ AC confusion (git-fixes). - mdio: fix mdio-thunder.c dependency & build error (git-fixes). - media: cros-ec-cec: do not bail on device_init_wakeup failure (git-fixes). - media: cx23885: add more quirks for reset DMA on some AMD IOMMU (git-fixes). - media: mceusb: Fix potential out-of-bounds shift (git-fixes). - media: mceusb: sanity check for prescaler value (git-fixes). - media: rc: compile rc-cec.c into rc-core (git-fixes). - media: usbtv: Fix deadlock on suspend (git-fixes). - media: uvcvideo: Allow entities with no pads (git-fixes). - media: v4l2-ctrls.c: fix shift-out-of-bounds in std_validate (git-fixes). - media: v4l: vsp1: Fix bru null pointer access (git-fixes). - media: v4l: vsp1: Fix uif null pointer access (git-fixes). - media: vicodec: add missing v4l2_ctrl_request_hdl_put() (git-fixes). - misc: eeprom_93xx46: Add quirk to support Microchip 93LC46B eeprom (git-fixes). - misc: fastrpc: restrict user apps from sending kernel RPC messages (git-fixes). - misc/pvpanic: Export module FDT device table (git-fixes). - misc: rtsx: init of rts522a add OCP power off when no card is present (git-fixes). - mISDN: fix crash in fritzpci (git-fixes). - mmc: core: Fix partition switch time for eMMC (git-fixes). - mmc: cqhci: Fix random crash when remove mmc module/card (git-fixes). - mmc: mxs-mmc: Fix a resource leak in an error handling path in 'mxs_mmc_probe()' (git-fixes). - mmc: sdhci-esdhc-imx: fix kernel panic when remove module (git-fixes). - mmc: sdhci-of-dwcmshc: set SDHCI_QUIRK2_PRESET_VALUE_BROKEN (git-fixes). - mm: hugetlbfs: fix cannot migrate the fallocated HugeTLB page (git-fixes). - mm, numa: fix bad pmd by atomically check for pmd_trans_huge when marking page tables prot_numa (bsc#1168777). - mount: fix mounting of detached mounts onto targets that reside on shared mounts (git-fixes). - mt76: dma: do not report truncated frames to mac80211 (git-fixes). - mwifiex: pcie: skip cancel_work_sync() on reset failure path (git-fixes). - net: arc_emac: Fix memleak in arc_mdio_probe (git-fixes). - net: atheros: switch from 'pci_' to 'dma_' API (git-fixes). - net: b44: fix error return code in b44_init_one() (git-fixes). - net: bonding: fix error return code of bond_neigh_init() (bsc#1154353). - net: cdc-phonet: fix data-interface release on probe failure (git-fixes). - net: core: introduce __netdev_notify_peers (bsc#1183871 ltc#192139). - netdevsim: init u64 stats for 32bit hardware (git-fixes). - net: dsa: rtl8366: Fix VLAN semantics (git-fixes). - net: dsa: rtl8366: Fix VLAN set-up (git-fixes). - net: dsa: rtl8366rb: Support all 4096 VLANs (git-fixes). - net: enic: Cure the enic api locking trainwreck (git-fixes). - net: ethernet: aquantia: Fix wrong return value (git-fixes). - net: ethernet: cavium: octeon_mgmt: use phy_start and phy_stop (git-fixes). - net: ethernet: ibm: ibmvnic: Fix some kernel-doc misdemeanours (bsc#1183871 ltc#192139). - net: ethernet: ti: cpsw: fix clean up of vlan mc entries for host port (git-fixes). - net: ethernet: ti: cpsw: fix error return code in cpsw_probe() (git-fixes). - net: fec: Fix phy_device lookup for phy_reset_after_clk_enable() (git-fixes). - net: fec: Fix PHY init after phy_reset_after_clk_enable() (git-fixes). - net: fec: Fix reference count leak in fec series ops (git-fixes). - net: gemini: Fix another missing clk_disable_unprepare() in probe (git-fixes). - net: gemini: Fix missing free_netdev() in error path of gemini_ethernet_port_probe() (git-fixes). - net: gianfar: Add of_node_put() before goto statement (git-fixes). - net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device (git-fixes). - net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling ether_setup (git-fixes). - net: hns3: Remove the left over redundant check & assignment (bsc#1154353). - net: korina: cast KSEG0 address to pointer in kfree (git-fixes). - net: korina: fix kfree of rx/tx descriptor array (git-fixes). - net: lantiq: Wait for the GPHY firmware to be ready (git-fixes). - net/mlx5: Disable devlink reload for lag devices (jsc#SLE-8464). - net/mlx5: Disable devlink reload for multi port slave device (jsc#SLE-8464). - net/mlx5: Disallow RoCE on lag device (jsc#SLE-8464). - net/mlx5: Disallow RoCE on multi port slave device (jsc#SLE-8464). - net/mlx5e: E-switch, Fix rate calculation division (jsc#SLE-8464). - net/mlx5e: E-switch, Fix rate calculation for overflow (jsc#SLE-8464). - net/mlx5: Fix PPLM register mapping (jsc#SLE-8464). - net: mvneta: fix double free of txq->buf (git-fixes). - net: mvneta: make tx buffer array agnostic (git-fixes). - net: pasemi: fix error return code in pasemi_mac_open() (git-fixes). - net: phy: broadcom: Only advertise EEE for supported modes (git-fixes). - net: qcom/emac: add missed clk_disable_unprepare in error path of emac_clks_phase1_init (git-fixes). - net: qualcomm: rmnet: Fix incorrect receive packet handling during cleanup (git-fixes). - net: sched: disable TCQ_F_NOLOCK for pfifo_fast (bsc#1183405) - netsec: restore phy power state after controller reset (bsc#1183757). - net: spider_net: Fix the size used in a 'dma_free_coherent()' call (git-fixes). - net: stmmac: Fix incorrect location to set real_num_rx|tx_queues (git-fixes). - net: stmmac: removed enabling eee in EEE set callback (git-fixes). - net: stmmac: use netif_tx_start|stop_all_queues() function (git-fixes). - net: stmmac: Use rtnl_lock/unlock on netif_set_real_num_rx_queues() call (git-fixes). - net: usb: ax88179_178a: fix missing stop entry in driver_info (git-fixes). - net: usb: qmi_wwan: allow qmimux add/del with master up (git-fixes). - net: usb: qmi_wwan: support ZTE P685M modem (git-fixes). - net: wan/lmc: unregister device when no matching device is found (git-fixes). - nfp: flower: fix pre_tun mask id allocation (bsc#1154353). - nvme: allocate the keep alive request using BLK_MQ_REQ_NOWAIT (bsc#1182077). - nvme-fabrics: fix kato initialization (bsc#1182591). - nvme-fabrics: only reserve a single tag (bsc#1182077). - nvme-fc: fix racing controller reset and create association (bsc#1183048). - nvme-hwmon: Return error code when registration fails (bsc#1177326). - nvme: merge nvme_keep_alive into nvme_keep_alive_work (bsc#1182077). - nvme: return an error if nvme_set_queue_count() fails (bsc#1180197). - nvmet-rdma: Fix list_del corruption on queue establishment failure (bsc#1183501). - objtool: Fix '.cold' section suffix check for newer versions of GCC (bsc#1169514). - objtool: Fix error handling for STD/CLD warnings (bsc#1169514). - objtool: Fix retpoline detection in asm code (bsc#1169514). - ovl: fix dentry leak in ovl_get_redirect (bsc#1184176). - ovl: fix out of date comment and unreachable code (bsc#1184176). - ovl: fix regression with re-formatted lower squashfs (bsc#1184176). - ovl: fix unneeded call to ovl_change_flags() (bsc#1184176). - ovl: fix value of i_ino for lower hardlink corner case (bsc#1184176). - ovl: initialize error in ovl_copy_xattr (bsc#1184176). - ovl: relax WARN_ON() when decoding lower directory file handle (bsc#1184176). - PCI: Add a REBAR size quirk for Sapphire RX 5600 XT Pulse (git-fixes). - PCI: Add function 1 DMA alias quirk for Marvell 9215 SATA controller (git-fixes). - PCI: Align checking of syscall user config accessors (git-fixes). - PCI: Decline to resize resources if boot config must be preserved (git-fixes). - PCI: Fix pci_register_io_range() memory leak (git-fixes). - PCI: mediatek: Add missing of_node_put() to fix reference leak (git-fixes). - PCI: qcom: Use PHY_REFCLK_USE_PAD only for ipq8064 (git-fixes). - PCI: xgene-msi: Fix race in installing chained irq handler (git-fixes). - pinctrl: rockchip: fix restore error in resume (git-fixes). - Platform: OLPC: Fix probe error handling (git-fixes). - platform/x86: acer-wmi: Add ACER_CAP_KBD_DOCK quirk for the Aspire Switch 10E SW3-016 (git-fixes). - platform/x86: acer-wmi: Add ACER_CAP_SET_FUNCTION_MODE capability flag (git-fixes). - platform/x86: acer-wmi: Add new force_caps module parameter (git-fixes). - platform/x86: acer-wmi: Add support for SW_TABLET_MODE on Switch devices (git-fixes). - platform/x86: acer-wmi: Cleanup accelerometer device handling (git-fixes). - platform/x86: acer-wmi: Cleanup ACER_CAP_FOO defines (git-fixes). - platform/x86: intel-hid: Support Lenovo ThinkPad X1 Tablet Gen 2 (git-fixes). - platform/x86: intel-vbtn: Stop reporting SW_DOCK events (git-fixes). - platform/x86: thinkpad_acpi: Allow the FnLock LED to change state (git-fixes). - PM: EM: postpone creating the debugfs dir till fs_initcall (git-fixes). - PM: runtime: Add pm_runtime_resume_and_get to deal with usage counter (bsc#1183366). - PM: runtime: Fix ordering in pm_runtime_get_suppliers() (git-fixes). - PM: runtime: Fix race getting/putting suppliers at probe (git-fixes). - post.sh: Return an error when module update fails (bsc#1047233 bsc#1184388). - powerpc/64s: Fix instruction encoding for lis in ppc_function_entry() (bsc#1065729). - powerpc/book3s64/radix: Remove WARN_ON in destroy_context() (bsc#1183692 ltc#191963). - powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes). - powerpc/pseries/mobility: handle premature return from H_JOIN (bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922). - powerpc/pseries/mobility: use struct for shared state (bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922). - powerpc/pseries/ras: Remove unused variable 'status' (bsc#1065729). - powerpc/sstep: Check instruction validity against ISA version before emulation (bsc#1156395). - powerpc/sstep: Fix darn emulation (bsc#1156395). - powerpc/sstep: Fix incorrect return from analyze_instr() (bsc#1156395). - powerpc/sstep: Fix load-store and update emulation (bsc#1156395). - printk: fix deadlock when kernel panic (bsc#1183018). - proc: fix lookup in /proc/net subdirectories after setns(2) (git-fixes). - pwm: rockchip: rockchip_pwm_probe(): Remove superfluous clk_unprepare() (git-fixes). - qlcnic: fix error return code in qlcnic_83xx_restart_hw() (git-fixes). - qxl: Fix uninitialised struct field head.surface_id (git-fixes). - random: fix the RNDRESEEDCRNG ioctl (git-fixes). - RAS/CEC: Correct ce_add_elem()'s returned values (bsc#1152489). - RDMA/hns: Disable RQ inline by default (jsc#SLE-8449). - RDMA/hns: Fix type of sq_signal_bits (jsc#SLE-8449). - RDMA/srp: Fix support for unpopulated and unbalanced NUMA nodes (bsc#1169709) - regulator: bd9571mwv: Fix AVS and DVFS voltage range (git-fixes). - Revert 'net: bonding: fix error return code of bond_neigh_init()' (bsc#1154353). - rpadlpar: fix potential drc_name corruption in store functions (bsc#1183416 ltc#191079). - rpm/check-for-config-changes: add -mrecord-mcount ignore Added by 3b15cdc15956 (tracing: move function tracer options to Kconfig) upstream. - rpm/check-for-config-changes: Also ignore AS_VERSION added in 5.12. - rpm/check-for-config-changes: comment on the list To explain what it actually is. - rpm/check-for-config-changes: declare sed args as an array So that we can reuse it in both seds. This also introduces IGNORED_CONFIGS_RE array which can be easily extended. - rpm/check-for-config-changes: define ignores more strictly * search for whole words, so make wildcards explicit * use ' for quoting * prepend CONFIG_ dynamically, so it need not be in the list - rpm/check-for-config-changes: sort the ignores They are growing so to make them searchable by humans. - rpm/kernel-binary.spec.in: Fix dependency of kernel-*-devel package (bsc#1184514) The devel package requires the kernel binary package itself for building modules externally. - rsi: Fix TX EAPOL packet handling against iwlwifi AP (git-fixes). - rsi: Move card interrupt handling to RX thread (git-fixes). - rsxx: Return -EFAULT if copy_to_user() fails (git-fixes). - s390/cio: return -EFAULT if copy_to_user() fails (git-fixes). - s390/cio: return -EFAULT if copy_to_user() fails (git-fixes). - s390/crypto: return -EFAULT if copy_to_user() fails (git-fixes). - s390/dasd: fix hanging IO request during DASD driver unbind (git-fixes). - s390/qeth: fix memory leak after failed TX Buffer allocation (git-fixes). - s390/qeth: fix notification for pending buffers during teardown (git-fixes). - s390/qeth: improve completion of pending TX buffers (git-fixes). - s390/qeth: schedule TX NAPI on QAOB completion (git-fixes). - s390/vtime: fix increased steal time accounting (bsc#1183859). - samples, bpf: Add missing munmap in xdpsock (bsc#1155518). - scsi: ibmvfc: Fix invalid state machine BUG_ON() (bsc#1184647 ltc#191231). - scsi: lpfc: Change wording of invalid pci reset log message (bsc#1182574). - scsi: lpfc: Correct function header comments related to ndlp reference counting (bsc#1182574). - scsi: lpfc: Fix ADISC handling that never frees nodes (bsc#1182574). - scsi: lpfc: Fix crash caused by switch reboot (bsc#1182574). - scsi: lpfc: Fix dropped FLOGI during pt2pt discovery recovery (bsc#1182574). - scsi: lpfc: Fix FLOGI failure due to accessing a freed node (bsc#1182574). - scsi: lpfc: Fix incorrect dbde assignment when building target abts wqe (bsc#1182574). - scsi: lpfc: Fix lpfc_els_retry() possible null pointer dereference (bsc#1182574). - scsi: lpfc: Fix nodeinfo debugfs output (bsc#1182574). - scsi: lpfc: Fix null pointer dereference in lpfc_prep_els_iocb() (bsc#1182574). - scsi: lpfc: Fix PLOGI ACC to be transmit after REG_LOGIN (bsc#1182574). - scsi: lpfc: Fix pt2pt connection does not recover after LOGO (bsc#1182574). - scsi: lpfc: Fix pt2pt state transition causing rmmod hang (bsc#1182574). - scsi: lpfc: Fix reftag generation sizing errors (bsc#1182574). - scsi: lpfc: Fix stale node accesses on stale RRQ request (bsc#1182574). - scsi: lpfc: Fix status returned in lpfc_els_retry() error exit path (bsc#1182574). - scsi: lpfc: Fix unnecessary null check in lpfc_release_scsi_buf (bsc#1182574). - scsi: lpfc: Fix use after free in lpfc_els_free_iocb (bsc#1182574). - scsi: lpfc: Fix vport indices in lpfc_find_vport_by_vpid() (bsc#1182574). - scsi: lpfc: Reduce LOG_TRACE_EVENT logging for vports (bsc#1182574). - scsi: lpfc: Update copyrights for 12.8.0.7 and 12.8.0.8 changes (bsc#1182574). - scsi: lpfc: Update lpfc version to 12.8.0.8 (bsc#1182574). - scsi: target: pscsi: Avoid OOM in pscsi_map_sg() (bsc#1183843). - scsi: target: pscsi: Clean up after failure in pscsi_map_sg() (bsc#1183843). - selftests/bpf: Mask bpf_csum_diff() return value to 16 bits in test_verifier (bsc#1155518). - selftests/bpf: No need to drop the packet when there is no geneve opt (bsc#1155518). - selftests/bpf: Set gopt opt_class to 0 if get tunnel opt failed (bsc#1155518). - selinux: fix error initialization in inode_doinit_with_dentry() (git-fixes). - selinux: Fix error return code in sel_ib_pkey_sid_slow() (git-fixes). - selinux: fix inode_doinit_with_dentry() LABEL_INVALID error handling (git-fixes). - smb3: add dynamic trace point to trace when credits obtained (bsc#1181507). - smb3: fix crediting for compounding when only one request in flight (bsc#1181507). - smb3: Fix out-of-bounds bug in SMB2_negotiate() (bsc#1183540). - soc/fsl: qbman: fix conflicting alignment attributes (git-fixes). - software node: Fix node registration (git-fixes). - spi: stm32: make spurious and overrun interrupts visible (git-fixes). - squashfs: fix inode lookup sanity checks (bsc#1183750). - squashfs: fix xattr id and id lookup sanity checks (bsc#1183750). - stop_machine: mark helpers __always_inline (git-fixes). - thermal/core: Add NULL pointer check before using cooling device stats (git-fixes). - udlfb: Fix memory leak in dlfb_usb_probe (git-fixes). - Update bug reference for USB-audio fixes (bsc#1182552 bsc#1183598) - USB: cdc-acm: downgrade message to debug (git-fixes). - USB: cdc-acm: fix double free on probe failure (git-fixes). - USB: cdc-acm: fix use-after-free after probe failure (git-fixes). - USB: cdc-acm: untangle a circular dependency between callback and softint (git-fixes). - USB: dwc2: Fix HPRT0.PrtSusp bit setting for HiKey 960 board (git-fixes). - USB: dwc2: Prevent core suspend when port connection flag is 0 (git-fixes). - USB: dwc3: gadget: Fix dep->interval for fullspeed interrupt (git-fixes). - USB: dwc3: gadget: Fix setting of DEPCFG.bInterval_m1 (git-fixes). - USB: dwc3: qcom: Add missing DWC3 OF node refcount decrement (git-fixes). - USB: dwc3: qcom: Honor wakeup enabled/disabled state (git-fixes). - USB: gadget: configfs: Fix KASAN use-after-free (git-fixes). - USB: gadget: f_uac1: stop playback on function disable (git-fixes). - USB: gadget: f_uac2: always increase endpoint max_packet_size by one audio slot (git-fixes). - USB: gadget: udc: amd5536udc_pci fix null-ptr-dereference (git-fixes). - USB: gadget: u_ether: Fix a configfs return code (git-fixes). - USBip: Fix incorrect double assignment to udc->ud.tcp_rx (git-fixes). - USBip: fix stub_dev to check for stream socket (git-fixes). - USBip: fix stub_dev usbip_sockfd_store() races leading to gpf (git-fixes). - USBip: fix vhci_hcd attach_store() races leading to gpf (git-fixes). - USBip: fix vhci_hcd to check for stream socket (git-fixes). - USBip: fix vudc to check for stream socket (git-fixes). - USBip: fix vudc usbip_sockfd_store races leading to gpf (git-fixes). - USBip: tools: fix build error for multiple definition (git-fixes). - USBip: vhci_hcd fix shift out-of-bounds in vhci_hub_control() (git-fixes). - USB: musb: Fix suspend with devices connected for a64 (git-fixes). - USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem (git-fixes). - USB: renesas_usbhs: Clear PIPECFG for re-enabling pipe with other EPNUM (git-fixes). - USB: replace hardcode maximum usb string length by definition (git-fixes). - USB: serial: ch341: add new Product ID (git-fixes). - USB: serial: cp210x: add ID for Acuity Brands nLight Air Adapter (git-fixes). - USB: serial: cp210x: add some more GE USB IDs (git-fixes). - USB: serial: ftdi_sio: fix FTX sub-integer prescaler (git-fixes). - USB: serial: io_edgeport: fix memory leak in edge_startup (git-fixes). - USB-storage: Add quirk to defeat Kindle's automatic unload (git-fixes). - USB: typec: tcpm: Invoke power_supply_changed for tcpm-source-psy- (git-fixes). - USB: usblp: fix a hang in poll() if disconnected (git-fixes). - USB: xhci: do not perform Soft Retry for some xHCI hosts (git-fixes). - USB: xhci: Fix ASMedia ASM1042A and ASM3242 DMA addressing (git-fixes). - USB: xhci-mtk: fix broken streams issue on 0.96 xHCI (git-fixes). - use __netdev_notify_peers in ibmvnic (bsc#1183871 ltc#192139). - video: fbdev: acornfb: remove free_unused_pages() (bsc#1152489) - video: hyperv_fb: Fix a double free in hvfb_probe (git-fixes). - VMCI: Use set_page_dirty_lock() when unregistering guest memory (git-fixes). - vt/consolemap: do font sum unsigned (git-fixes). - watchdog: mei_wdt: request stop on unregister (git-fixes). - wireguard: device: do not generate ICMP for non-IP packets (git-fixes). - wireguard: kconfig: use arm chacha even with no neon (git-fixes). - wireguard: selftests: test multiple parallel streams (git-fixes). - wlcore: Fix command execute failure 19 for wl12xx (git-fixes). - x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task (bsc#1152489). - x86: Introduce TS_COMPAT_RESTART to fix get_nr_restart_syscall() (bsc#1152489). - x86/ioapic: Ignore IRQ2 again (bsc#1152489). - x86/mem_encrypt: Correct physical address calculation in __set_clr_pte_enc() (bsc#1152489). - xen/events: avoid handling the same event on two cpus at the same time (git-fixes). - xen/events: do not unmask an event channel when an eoi is pending (git-fixes). - xen/events: fix setting irq affinity (bsc#1184583). - xen/events: reset affinity of 2-level event when tearing it down (git-fixes). - xen/gnttab: handle p2m update errors on a per-slot basis (bsc#1183022 XSA-367). - xen-netback: respect gnttab_map_refs()'s return value (bsc#1183022 XSA-367). - xfs: group quota should return EDQUOT when prj quota enabled (bsc#1180980). - xhci: Fix repeated xhci wake after suspend due to uncleared internal wake state (git-fixes). - xhci: Improve detection of device initiated wake signal (git-fixes). Important SUSE bug 1047233 SUSE bug 1065729 SUSE bug 1113295 SUSE bug 1152472 SUSE bug 1152489 SUSE bug 1153274 SUSE bug 1154353 SUSE bug 1155518 SUSE bug 1156256 SUSE bug 1156395 SUSE bug 1159280 SUSE bug 1160634 SUSE bug 1167773 SUSE bug 1168777 SUSE bug 1169514 SUSE bug 1169709 SUSE bug 1171295 SUSE bug 1173485 SUSE bug 1177326 SUSE bug 1178163 SUSE bug 1178181 SUSE bug 1178330 SUSE bug 1179454 SUSE bug 1180197 SUSE bug 1180980 SUSE bug 1181383 SUSE bug 1181507 SUSE bug 1181674 SUSE bug 1181862 SUSE bug 1182011 SUSE bug 1182077 SUSE bug 1182485 SUSE bug 1182552 SUSE bug 1182574 SUSE bug 1182591 SUSE bug 1182595 SUSE bug 1182712 SUSE bug 1182713 SUSE bug 1182715 SUSE bug 1182716 SUSE bug 1182717 SUSE bug 1182770 SUSE bug 1182989 SUSE bug 1183015 SUSE bug 1183018 SUSE bug 1183022 SUSE bug 1183023 SUSE bug 1183048 SUSE bug 1183252 SUSE bug 1183277 SUSE bug 1183278 SUSE bug 1183279 SUSE bug 1183280 SUSE bug 1183281 SUSE bug 1183282 SUSE bug 1183283 SUSE bug 1183284 SUSE bug 1183285 SUSE bug 1183286 SUSE bug 1183287 SUSE bug 1183288 SUSE bug 1183366 SUSE bug 1183369 SUSE bug 1183386 SUSE bug 1183405 SUSE bug 1183412 SUSE bug 1183416 SUSE bug 1183427 SUSE bug 1183428 SUSE bug 1183445 SUSE bug 1183447 SUSE bug 1183501 SUSE bug 1183509 SUSE bug 1183530 SUSE bug 1183534 SUSE bug 1183540 SUSE bug 1183593 SUSE bug 1183596 SUSE bug 1183598 SUSE bug 1183637 SUSE bug 1183646 SUSE bug 1183662 SUSE bug 1183686 SUSE bug 1183692 SUSE bug 1183696 SUSE bug 1183750 SUSE bug 1183757 SUSE bug 1183775 SUSE bug 1183843 SUSE bug 1183859 SUSE bug 1183871 SUSE bug 1184074 SUSE bug 1184120 SUSE bug 1184167 SUSE bug 1184168 SUSE bug 1184170 SUSE bug 1184176 SUSE bug 1184192 SUSE bug 1184193 SUSE bug 1184194 SUSE bug 1184196 SUSE bug 1184198 SUSE bug 1184211 SUSE bug 1184217 SUSE bug 1184218 SUSE bug 1184219 SUSE bug 1184220 SUSE bug 1184224 SUSE bug 1184388 SUSE bug 1184391 SUSE bug 1184393 SUSE bug 1184509 SUSE bug 1184511 SUSE bug 1184512 SUSE bug 1184514 SUSE bug 1184583 SUSE bug 1184647 CVE-2019-18814 at SUSE CVE-2019-18814 at NVD CVE-2019-19769 at SUSE CVE-2019-19769 at NVD CVE-2020-25670 at SUSE CVE-2020-25670 at NVD CVE-2020-25671 at SUSE CVE-2020-25671 at NVD CVE-2020-25672 at SUSE CVE-2020-25672 at NVD CVE-2020-25673 at SUSE CVE-2020-25673 at NVD CVE-2020-27170 at SUSE CVE-2020-27170 at NVD CVE-2020-27171 at SUSE CVE-2020-27171 at NVD CVE-2020-27815 at SUSE CVE-2020-27815 at NVD CVE-2020-35519 at SUSE CVE-2020-35519 at NVD CVE-2020-36310 at SUSE CVE-2020-36310 at NVD CVE-2020-36311 at SUSE CVE-2020-36311 at NVD CVE-2020-36312 at SUSE CVE-2020-36312 at NVD CVE-2021-27363 at SUSE CVE-2021-27363 at NVD CVE-2021-27364 at SUSE CVE-2021-27364 at NVD CVE-2021-27365 at SUSE CVE-2021-27365 at NVD CVE-2021-28038 at SUSE CVE-2021-28038 at NVD CVE-2021-28375 at SUSE CVE-2021-28375 at NVD CVE-2021-28660 at SUSE CVE-2021-28660 at NVD CVE-2021-28688 at SUSE CVE-2021-28688 at NVD CVE-2021-28950 at SUSE CVE-2021-28950 at NVD CVE-2021-28964 at SUSE CVE-2021-28964 at NVD CVE-2021-28971 at SUSE CVE-2021-28971 at NVD CVE-2021-28972 at SUSE CVE-2021-28972 at NVD CVE-2021-29154 at SUSE CVE-2021-29154 at NVD CVE-2021-29264 at SUSE CVE-2021-29264 at NVD CVE-2021-29265 at SUSE CVE-2021-29265 at NVD CVE-2021-29647 at SUSE CVE-2021-29647 at NVD CVE-2021-30002 at SUSE CVE-2021-30002 at NVD CVE-2021-3428 at SUSE CVE-2021-3428 at NVD CVE-2021-3444 at SUSE CVE-2021-3444 at NVD CVE-2021-3483 at SUSE CVE-2021-3483 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for grub2 fixes the following issues: - Fixed error with the shim_lock protocol that is not found on aarch64 (bsc#1185580). Moderate SUSE bug 1185580 cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for lz4 fixes the following issues: - CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438). Important SUSE bug 1185438 CVE-2021-3520 at SUSE CVE-2021-3520 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for libxml2 fixes the following issues: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). Important SUSE bug 1185408 SUSE bug 1185409 SUSE bug 1185410 SUSE bug 1185698 CVE-2021-3516 at SUSE CVE-2021-3516 at NVD CVE-2021-3517 at SUSE CVE-2021-3517 at NVD CVE-2021-3518 at SUSE CVE-2021-3518 at NVD CVE-2021-3537 at SUSE CVE-2021-3537 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for fribidi fixes the following issues: Security issues fixed: - CVE-2019-18397: Avoid buffer overflow. (bsc#1156260) Important SUSE bug 1156260 CVE-2019-18397 at SUSE CVE-2019-18397 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for hivex fixes the following issues: - CVE-2021-3504: hivex: missing bounds check within hivex_open() (bsc#1185013) Moderate SUSE bug 1185013 CVE-2021-3504 at SUSE CVE-2021-3504 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for curl fixes the following issues: - CVE-2021-22898: Fixed curl TELNET stack contents disclosure (bsc#1186114). - Allow partial chain verification [jsc#SLE-17956] * Have intermediate certificates in the trust store be treated as trust-anchors, in the same way as self-signed root CA certificates are. This allows users to verify servers using the intermediate cert only, instead of needing the whole chain. * Set FLAG_TRUSTED_FIRST unconditionally. * Do not check partial chains with CRL check. Moderate SUSE bug 1186114 CVE-2021-22898 at SUSE CVE-2021-22898 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for libX11 fixes the following issues: - CVE-2021-31535: Fixed missing request length checks in libX11 (bsc#1182506). Moderate SUSE bug 1182506 CVE-2021-31535 at SUSE CVE-2021-31535 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for gstreamer, gstreamer-plugins-bad, gstreamer-plugins-base, gstreamer-plugins-good, gstreamer-plugins-ugly fixes the following issues: gstreamer was updated to version 1.16.3 (bsc#1181255): - delay creation of threadpools - bin: Fix `deep-element-removed` log message - buffer: fix meta sequence number fallback on rpi - bufferlist: foreach: always remove as parent if buffer is changed - bus: Make setting/replacing/clearing the sync handler thread-safe - elementfactory: Fix missing features in case a feature moves to another filename - element: When removing a ghost pad also unset its target - meta: intern registered impl string - registry: Use a toolchain-specific registry file on Windows - systemclock: Invalid internal time calculation causes non-increasing clock time on Windows - value: don't write to `const char *` - value: Fix segfault comparing empty GValueArrays - Revert floating enforcing - aggregator: fix iteration direction in skip_buffers - sparsefile: fix possible crash when seeking - baseparse: cache fix - baseparse: fix memory leak when subclass skips whole input buffer - baseparse: Set the private duration before posting a duration-changed message - basetransform: allow not passthrough if generate_output is implemented - identity: Fix a minor leak using meta_str - queue: protect against lost wakeups for iterm_del condition - queue2: Avoid races when posting buffering messages - queue2: Fix missing/dropped buffering messages at startup - identity: Unblock condition variable on FLUSH_START - check: Use `g_thread_yield()` instead of `g_usleep(1)` - tests: use cpu_family for arch checks - gst-launch: Follow up to missing `s/g_print/gst_print/g` - gst-inspect: Add define guard for `g_log_writer_supports_color()` - gst-launch: go back down to `GST_STATE_NULL` in one step. - device-monitor: list hidden providers before listing devices - autotools build fixes for GNU make 4.3 gstreamer-plugins-good was updated to version 1.16.3 (bsc#1181255): - deinterlace: on-the-fly renegotiation - flacenc: Pass audio info from set_format() to query_total_samples() explicitly - flacparse: fix broken reordering of flac metadata - jack: Use jack_free(3) to release ports - jpegdec: check buffer size before dereferencing - pulse: fix discovery of newly added devices - qtdemux fuzzing fixes - qtdemux: Add 'mp3 ' fourcc that VLC seems to produce now - qtdemux: Specify REDIRECT information in error message - rtpbin: fix shutdown crash in rtpbin - rtpsession: rename RTCP thread - rtpvp8pay, rtpvp9pay: fix caps leak in set_caps() - rtpjpegdepay: outputs framed jpeg - rtpjitterbuffer: Properly free internal packets queue in finalize() - rtspsrc: Don't return TRUE for unhandled query - rtspsrc: Avoid stack overflow recursing waiting for response - rtspsrc: Use the correct type for storing the max-rtcp-rtp-time-diff property - rtspsrc: Error out when failling to receive message response - rtspsrc: Fix for segmentation fault when handling set/get_parameter requests - speex: Fix crash on Windows caused by cross-CRT issue - speexdec: Crash when stopping the pipeline - splitmuxsrc: Properly stop the loop if no part reader is present - use gst_element_class_set_metadata when passing dynamic strings - v4l2videodec: Increase internal bitstream pool size - v4l2: fix crash when handling unsupported video format - videocrop: allow properties to be animated by GstController - videomixer: Don't leak peer caps - vp8enc/vp8enc: set 1 for the default value of VP8E_SET_STATIC_THRESHOLD - wavenc: Fix writing of the channel mask with >2 channels gstreamer-plugins-bad was updated to version 1.16.3 (bsc#1181255): - amcvideodec: fix sync meta copying not taking a reference - audiobuffersplit: Perform discont tracking on running time - audiobuffersplit: Specify in the template caps that only interleaved audio is supported - audiobuffersplit: Unset DISCONT flag if not discontinuous - autoconvert: Fix lock-less exchange or free condition - autoconvert: fix compiler warnings with g_atomic on recent GLib versions - avfvideosrc: element requests camera permissions even with capture-screen property is true - codecparsers: h264parser: guard against ref_pic_markings overflow - dtlsconnection: Avoid segmentation fault when no srtp capabilities are negotiated - dtls/connection: fix EOF handling with openssl 1.1.1e - fdkaacdec: add support for mpegversion=2 - hls: Check nettle version to ensure AES128 support - ipcpipeline: Rework compiler checks - interlace: Increment phase_index before checking if we're at the end of the phase - lv2: Make it build with -fno-common - h264parser: Do not allocate too large size of memory for registered user data SEI - ladspa: fix unbounded integer properties - modplug: avoid division by zero - msdkdec: Fix GstMsdkContext leak - msdkenc: fix leaks on windows - musepackdec: Don't fail all queries if no sample rate is known yet - openslessink: Allow openslessink to handle 48kHz streams. - opencv: allow compilation against 4.2.x - proxysink: event_function needs to handle the event when it is disconnecetd from proxysrc - vulkan: Drop use of VK_RESULT_BEGIN_RANGE - wasapi: added missing lock release in case of error in gst_wasapi_xxx_reset - wasapi: Fix possible deadlock while downwards state change - waylandsink: Clear window when pipeline is stopped - webrtc: Support non-trickle ICE candidates in the SDP - webrtc: Unmap all non-binary buffers received via the datachannel - meson: build with neon 0.31 - Drop upstream fixed patch: gstreamer-h264parser-fix-overflow.patch - h264parser: guard against ref_pic_markings overflow (bsc#1181255 CVE-2021-3185) - Disable the kate/libtiger plugin. Kate streams for karaoke are not used anymore, and the source tarball for libtiger is no longer available upstream. (jsc#SLE-13843) gstreamer-plugins-ugly was updated to version 1.16.3 (bsc#1181255): + x264enc: corrected em_data value in CEA-708 CC SEI message gstreamer-plugins-base was updated to version 1.16.3 (bsc#1181255): - audioaggregator: Check all downstream allowed caps structures if they support the upstream rate - audioaggregator: Fix negotiation with downstream if there is no peer yet - audioencoder: fix segment event leak - discoverer: Fix caps handling in `pad-added` signal handler - discoverer: Start discovering next URI from right thread - fft: Update our kiss fft version, fixes thread-safety and concurrency issues and misc other things - gl: numerous memory fixes (use-after-free, leaks, missing NULL-ify) - gl/display/egl: ensure debug category is initialized - gstglwindow_x11: fix resize - pbutils: Add latest H.264 level values - rtpbuffer: fix header extension length validation - video: Fix NV12_64Z32 number of component - video-format: RGB16/15 are not 16 bit per component but only 5.333 and 5 - video: fix top/bottom field flags - videodecoder: don't copy interlace-mode from reference state - appsrc/appsink: Make setting/replacing callbacks thread-safe - compositor: Fix checkerboard filling for BGRx/RGBx and UYVY/YUY2/YVYU - decodebin3: only force streams-selected seqnum after a select-streams - glupload: Fix fallback from direct dmabuf to dmabuf upload method - glvideomixer: perform `_get_highest_precision()` on the GL thread - libvisual: use `gst_element_class_set_metadata()` when passing dynamic strings - oggstream: Workaround for broken PAR in VP8 BOS - subparse: accept WebVTT timestamps without an hour component - playbin: Handle error message with redirection indication - textrender: Fix AYUV output. - typefind: Consider MPEG-PS PSM to be a PES type - uridecodebin3: default to non-0 buffer-size and buffer-duration, otherwise it could potentially cause big memory allocations over time - videoaggregator: Don't configure NULL chroma-site/colorimetry - videorate/videoscale/audioresample: Ensure that the caps returned from... - build: Replace bashisms in configure for Wayland and GLES3 Important SUSE bug 1181255 CVE-2021-3185 at SUSE CVE-2021-3185 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for ceph fixes the following issues: - Update to 15.2.12-83-g528da226523: - (CVE-2021-3509) fix cookie injection issue (bsc#1186021) - (CVE-2021-3531) RGWSwiftWebsiteHandler::is_web_dir checks empty subdir_name (bsc#1186020) - (CVE-2021-3524) sanitize \r in s3 CORSConfiguration’s ExposeHeader (bsc#1185619) Important SUSE bug 1185619 SUSE bug 1186020 SUSE bug 1186021 CVE-2021-3509 at SUSE CVE-2021-3509 at NVD CVE-2021-3524 at SUSE CVE-2021-3524 at NVD CVE-2021-3531 at SUSE CVE-2021-3531 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for polkit fixes the following issues: - CVE-2021-3560: Fixed a local privilege escalation using polkit_system_bus_name_get_creds_sync() (bsc#1186497). Important SUSE bug 1186497 CVE-2021-3560 at SUSE CVE-2021-3560 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for python-py fixes the following issues: - CVE-2020-29651: Fixed regular expression denial of service in svnwc.py (bsc#1179805, bsc#1184505). Moderate SUSE bug 1179805 SUSE bug 1184505 CVE-2020-29651 at SUSE CVE-2020-29651 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-33200: Enforcing incorrect limits for pointer arithmetic operations by the BPF verifier could be abused to perform out-of-bounds reads and writes in kernel memory (bsc#1186484). - CVE-2021-33034: Fixed a use-after-free when destroying an hci_chan. This could lead to writing an arbitrary values. (bsc#1186111) - CVE-2020-26139: Fixed a denial-of-service when an Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. (bnc#1186062) - CVE-2021-23134: A Use After Free vulnerability in nfc sockets allowed local attackers to elevate their privileges. (bnc#1186060) - CVE-2021-3491: Fixed a potential heap overflow in mem_rw(). This vulnerability is related to the PROVIDE_BUFFERS operation, which allowed the MAX_RW_COUNT limit to be bypassed (bsc#1185642). - CVE-2021-32399: Fixed a race condition when removing the HCI controller (bnc#1184611). - CVE-2020-24586: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances this can be abused to inject arbitrary network packets and/or exfiltrate user data (bnc#1185859). - CVE-2020-24587: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed (bnc#1185859 bnc#1185862). - CVE-2020-26147: The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments, even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used (bnc#1185859). - CVE-2020-24588: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets. (bnc#1185861) - CVE-2020-26145: An issue was discovered with Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration. (bnc#1185860) - CVE-2020-26141: An issue was discovered in the ALFA driver for AWUS036H, where the Message Integrity Check (authenticity) of fragmented TKIP frames was not verified. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol. (bnc#1185987) The following non-security bugs were fixed: - ACPI / hotplug / PCI: Fix reference count leak in enable_slot() (git-fixes). - ACPI: GTDT: Do not corrupt interrupt mappings on watchdow probe failure (git-fixes). - ACPI: custom_method: fix a possible memory leak (git-fixes). - ACPI: custom_method: fix potential use-after-free issue (git-fixes). - ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro (git-fixes). - ALSA: bebob: enable to deliver MIDI messages for multiple ports (git-fixes). - ALSA: dice: fix stream format at middle sampling rate for Alesis iO 26 (git-fixes). - ALSA: dice: fix stream format for TC Electronic Konnekt Live at high sampling transfer frequency (git-fixes). - ALSA: firewire-lib: fix calculation for size of IR context payload (git-fixes). - ALSA: firewire-lib: fix check for the size of isochronous packet payload (git-fixes). - ALSA: hda/conexant: Re-order CX5066 quirk table entries (git-fixes). - ALSA: hda/realtek: ALC285 Thinkpad jack pin quirk is unreachable (git-fixes). - ALSA: hda/realtek: Add some CLOVE SSIDs of ALC293 (git-fixes). - ALSA: hda/realtek: Headphone volume is controlled by Front mixer (git-fixes). - ALSA: hda/realtek: reset eapd coeff to default value for alc287 (git-fixes). - ALSA: hda: fixup headset for ASUS GU502 laptop (git-fixes). - ALSA: hda: generic: change the DAC ctl name for LO+SPK or LO+HP (git-fixes). - ALSA: hdsp: do not disable if not enabled (git-fixes). - ALSA: hdspm: do not disable if not enabled (git-fixes). - ALSA: intel8x0: Do not update period unless prepared (git-fixes). - ALSA: line6: Fix racy initialization of LINE6 MIDI (git-fixes). - ALSA: rme9652: do not disable if not enabled (git-fixes). - ALSA: usb-audio: Validate MS endpoint descriptors (git-fixes). - ALSA: usb-audio: fix control-request direction (git-fixes). - ALSA: usb-audio: scarlett2: Fix device hang with ehci-pci (git-fixes). - ALSA: usb-audio: scarlett2: Improve driver startup messages (git-fixes). - ALSA: usb-audio: scarlett2: snd_scarlett_gen2_controls_create() can be static (git-fixes). - ARM64: vdso32: Install vdso32 from vdso_install (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Chuwi Hi8 tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Enable jack-detect support on Asus T100TAF (git-fixes). - ASoC: cs35l33: fix an error code in probe() (git-fixes). - ASoC: cs42l42: Regmap must use_single_read/write (git-fixes). - ASoC: rsnd: call rsnd_ssi_master_clk_start() from rsnd_ssi_init() (git-fixes). - ASoC: rsnd: core: Check convert rate in rsnd_hw_params (git-fixes). - ASoC: rt286: Generalize support for ALC3263 codec (git-fixes). - ASoC: rt286: Make RT286_SET_GPIO_* readable and writable (git-fixes). - Bluetooth: L2CAP: Fix handling LE modes by L2CAP_OPTIONS (git-fixes). - Bluetooth: SMP: Fail if remote and local public keys are identical (git-fixes). - Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default (git-fixes). - Bluetooth: check for zapped sk before connecting (git-fixes). - Bluetooth: initialize skb_queue_head at l2cap_chan_create() (git-fixes). - Drivers: hv: vmbus: Fix Suspend-to-Idle for Generation-2 VM (git-fixes). - Drivers: hv: vmbus: Increase wait time for VMbus unload (bsc#1185725). - Drivers: hv: vmbus: Initialize unload_event statically (bsc#1185725). - Drivers: hv: vmbus: Use after free in __vmbus_open() (git-fixes). - Input: elants_i2c - do not bind to i2c-hid compatible ACPI instantiated devices (git-fixes). - Input: silead - add workaround for x86 BIOS-es which bring the chip up in a stuck state (git-fixes). - KVM: s390: fix guarded storage control register handling (bsc#1133021). - Move upstreamed media fixes into sorted section - NFC: nci: fix memory leak in nci_allocate_device (git-fixes). - PCI/RCEC: Fix RCiEP device to RCEC association (git-fixes). - PCI: Allow VPD access for QLogic ISP2722 (git-fixes). - PCI: PM: Do not read power state in pci_enable_device_flags() (git-fixes). - PCI: Release OF node in pci_scan_device()'s error path (git-fixes). - PCI: endpoint: Fix missing destroy_workqueue() (git-fixes). - PCI: iproc: Fix return value of iproc_msi_irq_domain_alloc() (git-fixes). - PCI: thunder: Fix compile testing (git-fixes). - PM / devfreq: Use more accurate returned new_freq as resume_freq (git-fixes). - RDMA/addr: create addr_wq with WQ_MEM_RECLAIM flag (bsc#1183346). - RDMA/core: create ib_cm with WQ_MEM_RECLAIM flag (bsc#1183346). - RDMA/hns: Delete redundant abnormal interrupt status (git-fixes). - RDMA/hns: Delete redundant condition judgment related to eq (git-fixes). - RDMA/qedr: Fix error return code in qedr_iw_connect() (jsc#SLE-8215). - RDMA/srpt: Fix error return code in srpt_cm_req_recv() (git-fixes). - Revert 'arm64: vdso: Fix compilation with clang older than 8' (git-fixes). - Revert 'gdrom: fix a memory leak bug' (git-fixes). - Revert 'i3c master: fix missing destroy_workqueue() on error in i3c_master_register' (git-fixes). - Revert 'leds: lp5523: fix a missing check of return value of lp55xx_read' (git-fixes). - Revert 337f13046ff0 ('futex: Allow FUTEX_CLOCK_REALTIME with FUTEX_WAIT op') (git-fixes). - SUNRPC in case of backlog, hand free slots directly to waiting task (bsc#1185428). - SUNRPC: More fixes for backlog congestion (bsc#1185428). - USB: Add LPM quirk for Lenovo ThinkPad USB-C Dock Gen2 Ethernet (git-fixes). - USB: Add reset-resume quirk for WD19's Realtek Hub (git-fixes). - USB: serial: pl2303: add support for PL2303HXN (bsc#1186320). - USB: serial: pl2303: fix line-speed handling on newer chips (bsc#1186320). - USB: serial: ti_usb_3410_5052: fix TIOCSSERIAL permission check (git-fixes). - USB: trancevibrator: fix control-request direction (git-fixes). - amdgpu: avoid incorrect %hu format string (git-fixes). - arm64/mm: Fix pfn_valid() for ZONE_DEVICE based memory (git-fixes). - arm64: Add missing ISB after invalidating TLB in __primary_switch (git-fixes). - arm64: avoid -Woverride-init warning (git-fixes). - arm64: kasan: fix page_alloc tagging with DEBUG_VIRTUAL (git-fixes). - arm64: kdump: update ppos when reading elfcorehdr (git-fixes). - arm64: kexec_file: fix memory leakage in create_dtb() when fdt_open_into() fails (git-fixes). - arm64: link with -z norelro for LLD or aarch64-elf (git-fixes). - arm64: link with -z norelro regardless of CONFIG_RELOCATABLE (git-fixes). - arm64: ptrace: Fix seccomp of traced syscall -1 (NO_SYSCALL) (git-fixes). - arm64: ptrace: Use NO_SYSCALL instead of -1 in syscall_trace_enter() (git-fixes). - arm64: vdso32: make vdso32 install conditional (git-fixes). - arm: mm: use __pfn_to_section() to get mem_section (git-fixes). - ata: ahci: Disable SXS for Hisilicon Kunpeng920 (git-fixes). - blk-iocost: ioc_pd_free() shouldn't assume irq disabled (git-fixes). - blk-mq: Swap two calls in blk_mq_exit_queue() (git-fixes). - block/genhd: use atomic_t for disk_event->block (bsc#1185497). - block: Fix three kernel-doc warnings (git-fixes). - block: fix get_max_io_size() (git-fixes). - bnxt_en: Fix RX consumer index logic in the error path (git-fixes). - bnxt_en: fix ternary sign extension bug in bnxt_show_temp() (git-fixes). - bpf: Fix leakage of uninitialized bpf stack under speculation (bsc#1155518). - bpf: Fix masking negation logic upon negative dst register (bsc#1155518). - btrfs: fix race between transaction aborts and fsyncs leading to use-after-free (bsc#1186441). - btrfs: fix race when picking most recent mod log operation for an old root (bsc#1186439). - cdc-wdm: untangle a circular dependency between callback and softint (git-fixes). - cdrom: gdrom: deallocate struct gdrom_unit fields in remove_gdrom (git-fixes). - cdrom: gdrom: initialize global variable at init time (git-fixes). - ceph: do not clobber i_snap_caps on non-I_NEW inode (bsc#1186501). - ceph: fix inode leak on getattr error in __fh_to_dentry (bsc#1186501). - ceph: fix up error handling with snapdirs (bsc#1186501). - ceph: only check pool permissions for regular files (bsc#1186501). - cfg80211: scan: drop entry from hidden_list on overflow (git-fixes). - clk: socfpga: arria10: Fix memory leak of socfpga_clk on error return (git-fixes). - cpufreq: intel_pstate: Add Icelake servers support in no-HWP mode (bsc#1185758). - crypto: api - check for ERR pointers in crypto_destroy_tfm() (git-fixes). - crypto: mips/poly1305 - enable for all MIPS processors (git-fixes). - crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init (git-fixes). - crypto: qat - Fix a double free in adf_create_ring (git-fixes). - crypto: qat - do not release uninitialized resources (git-fixes). - crypto: qat - fix error path in adf_isr_resource_alloc() (git-fixes). - crypto: qat - fix unmap invalid dma address (git-fixes). - crypto: stm32/cryp - Fix PM reference leak on stm32-cryp.c (git-fixes). - crypto: stm32/hash - Fix PM reference leak on stm32-hash.c (git-fixes). - cxgb4: Fix unintentional sign extension issues (git-fixes). - dm: avoid filesystem lookup in dm_get_dev_t() (git-fixes). - dmaengine: dw-edma: Fix crash on loading/unloading driver (git-fixes). - docs: kernel-parameters: Add gpio_mockup_named_lines (git-fixes). - docs: kernel-parameters: Move gpio-mockup for alphabetic order (git-fixes). - drivers: hv: Fix whitespace errors (bsc#1185725). - drm/amd/display: Fix UBSAN warning for not a valid value for type '_Bool' (git-fixes). - drm/amd/display: Fix two cursor duplication when using overlay (git-fixes). - drm/amd/display: Force vsync flip when reconfiguring MPCC (git-fixes). - drm/amd/display: Reject non-zero src_y and src_x for video planes (git-fixes). - drm/amd/display: fix dml prefetch validation (git-fixes). - drm/amd/display: fixed divide by zero kernel crash during dsc enablement (git-fixes). - drm/amdgpu : Fix asic reset regression issue introduce by 8f211fe8ac7c4f (git-fixes). - drm/amdgpu: disable 3DCGCG on picasso/raven1 to avoid compute hang (git-fixes). - drm/amdgpu: fix NULL pointer dereference (git-fixes). - drm/amdgpu: mask the xgmi number of hops reported from psp to kfd (git-fixes). - drm/amdkfd: Fix cat debugfs hang_hws file causes system crash bug (git-fixes). - drm/i915: Avoid div-by-zero on gen2 (git-fixes). - drm/meson: fix shutdown crash when component not probed (git-fixes). - drm/msm/mdp5: Configure PP_SYNC_HEIGHT to double the vtotal (git-fixes). - drm/msm/mdp5: Do not multiply vclk line count by 100 (git-fixes). - drm/radeon/dpm: Disable sclk switching on Oland when two 4K 60Hz monitors are connected (git-fixes). - drm/radeon: Avoid power table parsing memory leaks (git-fixes). - drm/radeon: Fix off-by-one power_state index heap overwrite (git-fixes). - drm/vkms: fix misuse of WARN_ON (git-fixes). - drm: Added orientation quirk for OneGX1 Pro (git-fixes). - ethernet:enic: Fix a use after free bug in enic_hard_start_xmit (git-fixes). - extcon: arizona: Fix some issues when HPDET IRQ fires after the jack has been unplugged (git-fixes). - extcon: arizona: Fix various races on driver unbind (git-fixes). - fbdev: zero-fill colormap in fbcmap.c (git-fixes). - firmware: arm_scpi: Prevent the ternary sign expansion bug (git-fixes). - fs/epoll: restore waking from ep_done_scan() (bsc#1183868). - ftrace: Handle commands when closing set_ftrace_filter file (git-fixes). - futex: Change utime parameter to be 'const ... *' (git-fixes). - futex: Do not apply time namespace adjustment on FUTEX_LOCK_PI (bsc#1164648). - futex: Get rid of the val2 conditional dance (git-fixes). - futex: Make syscall entry points less convoluted (git-fixes). - genirq/irqdomain: Do not try to free an interrupt that has no (git-fixes) - genirq: Disable interrupts for force threaded handlers (git-fixes) - genirq: Reduce irqdebug cacheline bouncing (bsc#1185703 ltc#192641). - gpio: xilinx: Correct kernel doc for xgpio_probe() (git-fixes). - gpiolib: acpi: Add quirk to ignore EC wakeups on Dell Venue 10 Pro 5055 (git-fixes). - hrtimer: Update softirq_expires_next correctly after (git-fixes) - hwmon: (occ) Fix poll rate limiting (git-fixes). - i2c: Add I2C_AQ_NO_REP_START adapter quirk (git-fixes). - i2c: bail out early when RDWR parameters are wrong (git-fixes). - i2c: i801: Do not generate an interrupt on bus reset (git-fixes). - i2c: s3c2410: fix possible NULL pointer deref on read message after write (git-fixes). - i2c: sh_mobile: Use new clock calculation formulas for RZ/G2E (git-fixes). - i40e: Fix PHY type identifiers for 2.5G and 5G adapters (git-fixes). - i40e: Fix use-after-free in i40e_client_subtask() (git-fixes). - i40e: fix broken XDP support (git-fixes). - i40e: fix the restart auto-negotiation after FEC modified (git-fixes). - ibmvfc: Avoid move login if fast fail is enabled (bsc#1185938 ltc#192043). - ibmvfc: Handle move login failure (bsc#1185938 ltc#192043). - ibmvfc: Reinit target retries (bsc#1185938 ltc#192043). - ibmvnic: remove default label from to_string switch (bsc#1152457 ltc#174432 git-fixes). - ics932s401: fix broken handling of errors when word reading fails (git-fixes). - iio: adc: ad7124: Fix missbalanced regulator enable / disable on error (git-fixes). - iio: adc: ad7124: Fix potential overflow due to non sequential channel numbers (git-fixes). - iio: adc: ad7768-1: Fix too small buffer passed to iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: ad7793: Add missing error code in ad7793_setup() (git-fixes). - iio: gyro: fxas21002c: balance runtime power in error path (git-fixes). - iio: gyro: mpu3050: Fix reported temperature value (git-fixes). - iio: proximity: pulsedlight: Fix rumtime PM imbalance on error (git-fixes). - iio: tsl2583: Fix division by a zero lux_val (git-fixes). - intel_th: Consistency and off-by-one fix (git-fixes). - iommu/amd: Add support for map/unmap_resource (jsc#ECO-3482). - ipc/mqueue, msg, sem: Avoid relying on a stack reference past its expiry (bsc#1185988). - ipmi/watchdog: Stop watchdog timer when the current action is 'none' (bsc#1184855). - kernel-docs.spec.in: Build using an utf-8 locale. Sphinx cannot handle UTF-8 input in non-UTF-8 locale. - leds: lp5523: check return value of lp5xx_read and jump to cleanup code (git-fixes). - lpfc: Decouple port_template and vport_template (bsc#185032). - mac80211: clear the beacon's CRC after channel switch (git-fixes). - md-cluster: fix use-after-free issue when removing rdev (bsc#1184082). - md/raid1: properly indicate failure when ending a failed write request (bsc#1185680). - md: do not flush workqueue unconditionally in md_open (bsc#1184081). - md: factor out a mddev_find_locked helper from mddev_find (bsc#1184081). - md: md_open returns -EBUSY when entering racing area (bsc#1184081). - md: split mddev_find (bsc#1184081). - media: adv7604: fix possible use-after-free in adv76xx_remove() (git-fixes). - media: drivers: media: pci: sta2x11: fix Kconfig dependency on GPIOLIB (git-fixes). - media: dvb-usb: fix memory leak in dvb_usb_adapter_init (git-fixes). - media: em28xx: fix memory leak (git-fixes). - media: gspca/sq905.c: fix uninitialized variable (git-fixes). - media: i2c: adv7511-v4l2: fix possible use-after-free in adv7511_remove() (git-fixes). - media: i2c: adv7842: fix possible use-after-free in adv7842_remove() (git-fixes). - media: i2c: tda1997: Fix possible use-after-free in tda1997x_remove() (git-fixes). - media: imx: capture: Return -EPIPE from __capture_legacy_try_fmt() (git-fixes). - media: ite-cir: check for receive overflow (git-fixes). - media: media/saa7164: fix saa7164_encoder_register() memory leak bugs (git-fixes). - media: platform: sti: Fix runtime PM imbalance in regs_show (git-fixes). - media: tc358743: fix possible use-after-free in tc358743_remove() (git-fixes). - mfd: arizona: Fix rumtime PM imbalance on error (git-fixes). - misc/uss720: fix memory leak in uss720_probe (git-fixes). - mlxsw: spectrum_mr: Update egress RIF list before route's action (git-fixes). - mm: memcontrol: fix cpuhotplug statistics flushing (bsc#1185606). - mmc: block: Update ext_csd.cache_ctrl if it was written (git-fixes). - mmc: core: Do a power cycle when the CMD11 fails (git-fixes). - mmc: core: Set read only for SD cards with permanent write protect bit (git-fixes). - mmc: sdhci-pci-gli: increase 1.8V regulator wait (git-fixes). - mmc: sdhci-pci: Add PCI IDs for Intel LKF (git-fixes). - mmc: sdhci-pci: Fix initialization of some SD cards for Intel BYT-based controllers (git-fixes). - mmc: sdhci: Check for reset prior to DMA address unmap (git-fixes). - net, xdp: Update pkt_type if generic XDP changes unicast MAC (git-fixes). - net: enetc: fix link error again (git-fixes). - net: hns3: Fix for geneve tx checksum bug (git-fixes). - net: hns3: add check for HNS3_NIC_STATE_INITED in hns3_reset_notify_up_enet() (git-fixes). - net: hns3: clear unnecessary reset request in hclge_reset_rebuild (git-fixes). - net: hns3: disable phy loopback setting in hclge_mac_start_phy (git-fixes). - net: hns3: fix for vxlan gpe tx checksum bug (git-fixes). - net: hns3: fix incorrect configuration for igu_egu_hw_err (git-fixes). - net: hns3: initialize the message content in hclge_get_link_mode() (git-fixes). - net: hns3: use netif_tx_disable to stop the transmit queue (git-fixes). - net: thunderx: Fix unintentional sign extension issue (git-fixes). - net: usb: fix memory leak in smsc75xx_bind (git-fixes). - netdevice: Add missing IFF_PHONY_HEADROOM self-definition (git-fixes). - netfilter: conntrack: add new sysctl to disable RST check (bsc#1183947 bsc#1185950). - netfilter: conntrack: avoid misleading 'invalid' in log message (bsc#1183947 bsc#1185950). - netfilter: conntrack: improve RST handling when tuple is re-used (bsc#1183947 bsc#1185950). - nvme-core: add cancel tagset helpers (bsc#1183976). - nvme-fabrics: decode host pathing error for connect (bsc#1179827). - nvme-fc: check sgl supported by target (bsc#1179827). - nvme-fc: clear q_live at beginning of association teardown (bsc#1186479). - nvme-fc: return NVME_SC_HOST_ABORTED_CMD when a command has been aborted (bsc#1184259). - nvme-fc: set NVME_REQ_CANCELLED in nvme_fc_terminate_exchange() (bsc#1184259). - nvme-fc: short-circuit reconnect retries (bsc#1179827). - nvme-multipath: fix double initialization of ANA state (bsc#1178612, bsc#1184259). - nvme-multipath: reset bdev to ns head when failover (bsc#178378 bsc#1182999). - nvme-pci: Remove tag from process cq (git-fixes). - nvme-pci: Remove two-pass completions (git-fixes). - nvme-pci: Simplify nvme_poll_irqdisable (git-fixes). - nvme-pci: align io queue count with allocted nvme_queue in (git-fixes). - nvme-pci: avoid race between nvme_reap_pending_cqes() and nvme_poll() (git-fixes). - nvme-pci: dma read memory barrier for completions (git-fixes). - nvme-pci: fix 'slimmer CQ head update' (git-fixes). - nvme-pci: make sure write/poll_queues less or equal then cpu (git-fixes). - nvme-pci: remove last_sq_tail (git-fixes). - nvme-pci: remove volatile cqes (git-fixes). - nvme-pci: slimmer CQ head update (git-fixes). - nvme-pci: use simple suspend when a HMB is enabled (git-fixes). - nvme-tcp: Fix possible race of io_work and direct send (git-fixes). - nvme-tcp: Fix warning with CONFIG_DEBUG_PREEMPT (git-fixes). - nvme-tcp: add clean action for failed reconnection (bsc#1183976). - nvme-tcp: fix kconfig dependency warning when !CRYPTO (git-fixes). - nvme-tcp: fix misuse of __smp_processor_id with preemption (git-fixes). - nvme-tcp: fix possible hang waiting for icresp response (bsc#1179519). - nvme-tcp: use cancel tagset helper for tear down (bsc#1183976). - nvme: Fix NULL dereference for pci nvme controllers (bsc#1182378). - nvme: add 'kato' sysfs attribute (bsc#1179825). - nvme: add NVME_REQ_CANCELLED flag in nvme_cancel_request() (bsc#1184259). - nvme: define constants for identification values (git-fixes). - nvme: do not intialize hwmon for discovery controllers (bsc#1184259). - nvme: do not intialize hwmon for discovery controllers (git-fixes). - nvme: document nvme controller states (git-fixes). - nvme: explicitly update mpath disk capacity on revalidation (git-fixes). - nvme: expose reconnect_delay and ctrl_loss_tmo via sysfs (bsc#1182378). - nvme: fix controller instance leak (git-fixes). - nvme: fix deadlock in disconnect during scan_work and/or ana_work (git-fixes). - nvme: fix possible deadlock when I/O is blocked (git-fixes). - nvme: remove superfluous else in nvme_ctrl_loss_tmo_store (bsc#1182378). - nvme: retrigger ANA log update if group descriptor isn't found (git-fixes) - nvme: sanitize KATO setting (bsc#1179825). - nvme: simplify error logic in nvme_validate_ns() (bsc#1184259). - nvmet: fix a memory leak (git-fixes). - nvmet: seset ns->file when open fails (bsc#1183873). - nvmet: use new ana_log_size instead the old one (bsc#1184259). - nxp-i2c: restore includes for kABI (bsc#1185589). - nxp-nci: add NXP1002 id (bsc#1185589). - phy: phy-twl4030-usb: Fix possible use-after-free in twl4030_usb_remove() (git-fixes). - pinctrl: ingenic: Improve unreachable code generation (git-fixes). - pinctrl: samsung: use 'int' for register masks in Exynos (git-fixes). - platform/mellanox: mlxbf-tmfifo: Fix a memory barrier issue (git-fixes). - platform/x86: intel_pmc_core: Do not use global pmcdev in quirks (git-fixes). - platform/x86: thinkpad_acpi: Correct thermal sensor allocation (git-fixes). - posix-timers: Preserve return value in clock_adjtime32() (git-fixes) - power: supply: Use IRQF_ONESHOT (git-fixes). - power: supply: generic-adc-battery: fix possible use-after-free in gab_remove() (git-fixes). - power: supply: s3c_adc_battery: fix possible use-after-free in s3c_adc_bat_remove() (git-fixes). - powerpc/64s: Fix crashes when toggling entry flush barrier (bsc#1177666 git-fixes). - powerpc/64s: Fix crashes when toggling stf barrier (bsc#1087082 git-fixes). - qtnfmac: Fix possible buffer overflow in qtnf_event_handle_external_auth (git-fixes). - rtc: pcf2127: handle timestamp interrupts (bsc#1185495). - s390/dasd: fix hanging DASD driver unbind (bsc#1183932 LTC#192153). - s390/entry: save the caller of psw_idle (bsc#1185677). - s390/kdump: fix out-of-memory with PCI (bsc#1182257 LTC#191375). - sched/eas: Do not update misfit status if the task is pinned (git-fixes) - sched/fair: Avoid stale CPU util_est value for schedutil in (git-fixes) - sched/fair: Fix unfairness caused by missing load decay (git-fixes) - scripts/git_sort/git_sort.py: add bpf git repo - scsi: core: Run queue in case of I/O resource contention failure (bsc#1186416). - scsi: fnic: Kill 'exclude_id' argument to fnic_cleanup_io() (bsc#1179851). - scsi: libfc: Avoid invoking response handler twice if ep is already completed (bsc#1186573). - scsi: lpfc: Add a option to enable interlocked ABTS before job completion (bsc#1186451). - scsi: lpfc: Add ndlp kref accounting for resume RPI path (bsc#1186451). - scsi: lpfc: Fix 'Unexpected timeout' error in direct attach topology (bsc#1186451). - scsi: lpfc: Fix Node recovery when driver is handling simultaneous PLOGIs (bsc#1186451). - scsi: lpfc: Fix bad memory access during VPD DUMP mailbox command (bsc#1186451). - scsi: lpfc: Fix crash when lpfc_sli4_hba_setup() fails to initialize the SGLs (bsc#1186451). - scsi: lpfc: Fix node handling for Fabric Controller and Domain Controller (bsc#1186451). - scsi: lpfc: Fix non-optimized ERSP handling (bsc#1186451). - scsi: lpfc: Fix unreleased RPIs when NPIV ports are created (bsc#1186451). - scsi: lpfc: Ignore GID-FT response that may be received after a link flip (bsc#1186451). - scsi: lpfc: Reregister FPIN types if ELS_RDF is received from fabric controller (bsc#1186451). - scsi: lpfc: Update lpfc version to 12.8.0.10 (bsc#1186451). - sctp: delay auto_asconf init until binding the first addr (&lt;cover.1620748346.git.mkubecek@suse.cz>). - serial: core: fix suspicious security_locked_down() call (git-fixes). - serial: core: return early on unsupported ioctls (git-fixes). - serial: sh-sci: Fix off-by-one error in FIFO threshold register setting (git-fixes). - serial: stm32: fix incorrect characters on console (git-fixes). - serial: stm32: fix tx_empty condition (git-fixes). - serial: tegra: Fix a mask operation that is always true (git-fixes). - smc: disallow TCP_ULP in smc_setsockopt() (git-fixes). - spi: ath79: always call chipselect function (git-fixes). - spi: ath79: remove spi-master setup and cleanup assignment (git-fixes). - spi: dln2: Fix reference leak to master (git-fixes). - spi: omap-100k: Fix reference leak to master (git-fixes). - spi: qup: fix PM reference leak in spi_qup_remove() (git-fixes). - spi: spi-fsl-dspi: Fix a resource leak in an error handling path (git-fixes). - staging: emxx_udc: fix loop in _nbu2ss_nuke() (git-fixes). - staging: iio: cdc: ad7746: avoid overwrite of num_channels (git-fixes). - tcp: fix to update snd_wl1 in bulk receiver fast path (&lt;cover.1620748346.git.mkubecek@suse.cz>). - thermal/drivers/ti-soc-thermal/bandgap Remove unused variable 'val' (git-fixes). - thunderbolt: dma_port: Fix NVM read buffer bounds and offset issue (git-fixes). - tracing: Map all PIDs to command lines (git-fixes). - tty: amiserial: fix TIOCSSERIAL permission check (git-fixes). - tty: fix memory leak in vc_deallocate (git-fixes). - tty: moxa: fix TIOCSSERIAL jiffies conversions (git-fixes). - tty: moxa: fix TIOCSSERIAL permission check (git-fixes). - uio: uio_hv_generic: use devm_kzalloc() for private data alloc (git-fixes). - uio_hv_generic: Fix a memory leak in error handling paths (git-fixes). - uio_hv_generic: Fix another memory leak in error handling paths (git-fixes). - uio_hv_generic: add missed sysfs_remove_bin_file (git-fixes). - usb: core: hub: Fix PM reference leak in usb_port_resume() (git-fixes). - usb: core: hub: fix race condition about TRSMRCY of resume (git-fixes). - usb: dwc2: Fix gadget DMA unmap direction (git-fixes). - usb: dwc3: gadget: Enable suspend events (git-fixes). - usb: dwc3: gadget: Return success always for kick transfer in ep queue (git-fixes). - usb: dwc3: omap: improve extcon initialization (git-fixes). - usb: dwc3: pci: Enable usb2-gadget-lpm-disable for Intel Merrifield (git-fixes). - usb: fotg210-hcd: Fix an error message (git-fixes). - usb: gadget/function/f_fs string table fix for multiple languages (git-fixes). - usb: gadget: dummy_hcd: fix gpf in gadget_setup (git-fixes). - usb: gadget: f_uac1: validate input parameters (git-fixes). - usb: gadget: f_uac2: validate input parameters (git-fixes). - usb: gadget: udc: renesas_usb3: Fix a race in usb3_start_pipen() (git-fixes). - usb: gadget: uvc: add bInterval checking for HS mode (git-fixes). - usb: musb: fix PM reference leak in musb_irq_work() (git-fixes). - usb: sl811-hcd: improve misleading indentation (git-fixes). - usb: webcam: Invalid size of Processing Unit Descriptor (git-fixes). - usb: xhci: Fix port minor revision (git-fixes). - usb: xhci: Increase timeout for HC halt (git-fixes). - vgacon: Record video mode changes with VT_RESIZEX (git-fixes). - video: hyperv_fb: Add ratelimit on error message (bsc#1185725). - vrf: fix a comment about loopback device (git-fixes). - watchdog/softlockup: Remove obsolete check of last reported task (bsc#1185982). - watchdog/softlockup: report the overall time of softlockups (bsc#1185982). - watchdog: explicitly update timestamp when reporting softlockup (bsc#1185982). - watchdog: rename __touch_watchdog() to a better descriptive name (bsc#1185982). - whitespace cleanup - wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join (git-fixes). - wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt (git-fixes). - workqueue: Minor follow-ups to the rescuer destruction change (bsc#1185911). - workqueue: more destroy_workqueue() fixes (bsc#1185911). - x86/cpu: Initialize MSR_TSC_AUX if RDTSCP *or* RDPID is supported (bsc#1152489). - xhci: Do not use GFP_KERNEL in (potentially) atomic context (git-fixes). - xhci: check control context is valid before dereferencing it (git-fixes). - xhci: fix potential array out of bounds with several interrupters (git-fixes). - xsk: Respect device's headroom and tailroom on generic xmit path (git-fixes). Important SUSE bug 1087082 SUSE bug 1133021 SUSE bug 1152457 SUSE bug 1152489 SUSE bug 1155518 SUSE bug 1156395 SUSE bug 1164648 SUSE bug 1177666 SUSE bug 1178378 SUSE bug 1178418 SUSE bug 1178612 SUSE bug 1179519 SUSE bug 1179825 SUSE bug 1179827 SUSE bug 1179851 SUSE bug 1182257 SUSE bug 1182378 SUSE bug 1182999 SUSE bug 1183346 SUSE bug 1183868 SUSE bug 1183873 SUSE bug 1183932 SUSE bug 1183947 SUSE bug 1183976 SUSE bug 1184081 SUSE bug 1184082 SUSE bug 1184259 SUSE bug 1184611 SUSE bug 1184855 SUSE bug 1185428 SUSE bug 1185495 SUSE bug 1185497 SUSE bug 1185589 SUSE bug 1185606 SUSE bug 1185642 SUSE bug 1185645 SUSE bug 1185677 SUSE bug 1185680 SUSE bug 1185703 SUSE bug 1185725 SUSE bug 1185758 SUSE bug 1185859 SUSE bug 1185860 SUSE bug 1185861 SUSE bug 1185862 SUSE bug 1185863 SUSE bug 1185898 SUSE bug 1185899 SUSE bug 1185911 SUSE bug 1185938 SUSE bug 1185950 SUSE bug 1185982 SUSE bug 1185987 SUSE bug 1185988 SUSE bug 1186060 SUSE bug 1186061 SUSE bug 1186062 SUSE bug 1186111 SUSE bug 1186285 SUSE bug 1186320 SUSE bug 1186390 SUSE bug 1186416 SUSE bug 1186439 SUSE bug 1186441 SUSE bug 1186451 SUSE bug 1186460 SUSE bug 1186479 SUSE bug 1186484 SUSE bug 1186498 SUSE bug 1186501 SUSE bug 1186573 SUSE bug 1186681 CVE-2020-24586 at SUSE CVE-2020-24586 at NVD CVE-2020-24587 at SUSE CVE-2020-24587 at NVD CVE-2020-24588 at SUSE CVE-2020-24588 at NVD CVE-2020-26139 at SUSE CVE-2020-26139 at NVD CVE-2020-26141 at SUSE CVE-2020-26141 at NVD CVE-2020-26145 at SUSE CVE-2020-26145 at NVD CVE-2020-26147 at SUSE CVE-2020-26147 at NVD CVE-2021-23134 at SUSE CVE-2021-23134 at NVD CVE-2021-32399 at SUSE CVE-2021-32399 at NVD CVE-2021-33034 at SUSE CVE-2021-33034 at NVD CVE-2021-33200 at SUSE CVE-2021-33200 at NVD CVE-2021-3491 at SUSE CVE-2021-3491 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for qemu fixes the following issues: - CVE-2020-25085: Fix out-of-bounds access issue while doing multi block SDMA (bsc#1176681) - CVE-2020-10756: Fix out-of-bounds read information disclosure in icmp6_send_echoreply(bsc#1172380) - Fix issue where s390 guest fails to find zipl boot menu index (bsc#1183979) - QEMU BIOS fails to read stage2 loader on s390x (bsc#1186290) - Host CPU microcode revision will be visible inside VMs when the proper CPU-model is used (jsc#SLE-17785): - For the record, these issues are fixed in this package already. Most are alternate references to previously mentioned issues: (CVE-2019-15890, bsc#1149813, CVE-2020-8608, bsc#1163019, CVE-2020-14364, bsc#1175534, CVE-2020-25707, bsc#1178683, CVE-2020-25723, bsc#1178935, CVE-2020-29130, bsc#1179477, CVE-2020-29129, bsc#1179484, CVE-2021-20257, bsc#1182846, CVE-2021-3419, bsc#1182975) Important SUSE bug 1149813 SUSE bug 1163019 SUSE bug 1172380 SUSE bug 1175534 SUSE bug 1176681 SUSE bug 1178683 SUSE bug 1178935 SUSE bug 1179477 SUSE bug 1179484 SUSE bug 1182846 SUSE bug 1182975 SUSE bug 1183979 SUSE bug 1186290 CVE-2019-15890 at SUSE CVE-2019-15890 at NVD CVE-2020-10756 at SUSE CVE-2020-10756 at NVD CVE-2020-14364 at SUSE CVE-2020-14364 at NVD CVE-2020-25085 at SUSE CVE-2020-25085 at NVD CVE-2020-25707 at SUSE CVE-2020-25707 at NVD CVE-2020-25723 at SUSE CVE-2020-25723 at NVD CVE-2020-29129 at SUSE CVE-2020-29129 at NVD CVE-2020-29130 at SUSE CVE-2020-29130 at NVD CVE-2020-8608 at SUSE CVE-2020-8608 at NVD CVE-2021-20257 at SUSE CVE-2021-20257 at NVD CVE-2021-3419 at SUSE CVE-2021-3419 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for libX11 fixes the following issues: - Regression in the fix for CVE-2021-31535, causing segfaults for xforms applications like fdesign (bsc#1186643) Important SUSE bug 1186643 CVE-2021-31535 at SUSE CVE-2021-31535 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-29650: Fixed an issue with the netfilter subsystem that allowed attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value (bnc#1184208). - CVE-2021-29155: Fixed an issue that was discovered in kernel/bpf/verifier.c that performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation was not correctly accounted for when restricting subsequent operations (bnc#1184942). The following non-security bugs were fixed: - ACPI: CPPC: Replace cppc_attr with kobj_attribute (git-fixes). - ALSA: core: remove redundant spin_lock pair in snd_card_disconnect (git-fixes). - ALSA: emu8000: Fix a use after free in snd_emu8000_create_mixer (git-fixes). - ALSA: hda/cirrus: Add error handling into CS8409 I2C functions (git-fixes). - ALSA: hda/cirrus: Add Headphone and Headset MIC Volume Control (git-fixes). - ALSA: hda/cirrus: Add jack detect interrupt support from CS42L42 companion codec (git-fixes). - ALSA: hda/cirrus: Add support for CS8409 HDA bridge and CS42L42 companion codec (git-fixes). - ALSA: hda/cirrus: Cleanup patch_cirrus.c code (git-fixes). - ALSA: hda/cirrus: Fix CS42L42 Headset Mic volume control name (git-fixes). - ALSA: hda/cirrus: Make CS8409 driver more generic by using fixups (git-fixes). - ALSA: hda/cirrus: Set Initial DMIC volume for Bullseye to -26 dB (git-fixes). - ALSA: hda/cirrus: Use CS8409 filter to fix abnormal sounds on Bullseye (git-fixes). - ALSA: hda/realtek: Add quirk for Intel Clevo PCx0Dx (git-fixes). - ALSA: hda/realtek: fix mic boost on Intel NUC 8 (git-fixes). - ALSA: hda/realtek: fix static noise on ALC285 Lenovo laptops (git-fixes). - ALSA: hda/realtek: GA503 use same quirks as GA401 (git-fixes). - ALSA: hda/realtek - Headset Mic issue on HP platform (git-fixes). - ALSA: hda/realtek: Remove redundant entry for ALC861 Haier/Uniwill devices (git-fixes). - ALSA: hda/realtek: Re-order ALC269 Acer quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 ASUS quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 Dell quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 HP quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 Lenovo quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 Sony quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC662 quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC882 Acer quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC882 Clevo quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC882 Sony quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order remaining ALC269 quirk table entries (git-fixes). - ALSA: sb: Fix two use after free in snd_sb_qsound_build (git-fixes). - ALSA: usb-audio: Add DJM450 to Pioneer format quirk (git-fixes). - ALSA: usb-audio: Add error checks for usb_driver_claim_interface() calls (git-fixes). - ALSA: usb-audio: Add MIDI quirk for Vox ToneLab EX (git-fixes). - ALSA: usb-audio: Configure Pioneer DJM-850 samplerate (git-fixes). - ALSA: usb-audio: DJM-750: ensure format is set (git-fixes). - ALSA: usb-audio: Explicitly set up the clock selector (git-fixes). - ALSA: usb-audio: Fix implicit sync clearance at stopping stream (git-fixes). - ALSA: usb-audio: Fix Pioneer DJM devices URB_CONTROL request direction to set samplerate (git-fixes). - ALSA: usb: midi: do not return -ENOMEM when usb_urb_ep_type_check fails (git-fixes). - arm: dts: add imx7d pcf2127 fix to blacklist - ASoC: ak5558: correct reset polarity (git-fixes). - ASoC: ak5558: Fix s/show/slow/ typo (git-fixes). - ASoC: Intel: kbl_da7219_max98927: Fix kabylake_ssp_fixup function (git-fixes). - ASoC: samsung: tm2_wm5110: check of of_parse return value (git-fixes). - ASoC: simple-card: fix possible uninitialized single_cpu local variable (git-fixes). - ASoC: SOF: Intel: HDA: fix core status verification (git-fixes). - ASoC: SOF: Intel: hda: remove unnecessary parentheses (git-fixes). - ata: libahci_platform: fix IRQ check (git-fixes). - ath10k: Fix ath10k_wmi_tlv_op_pull_peer_stats_info() unlock without lock (git-fixes). - ath9k: Fix error check in ath9k_hw_read_revisions() for PCI devices (git-fixes). - backlight: journada720: Fix Wmisleading-indentation warning (git-fixes). - blkcg: fix memleak for iolatency (git-fixes). - block, bfq: set next_rq to waker_bfqq->next_rq in waker injection (bsc#1168838). - block: recalculate segment count for multi-segment discards correctly (bsc#1184724). - block: rsxx: select CONFIG_CRC32 (git-fixes). - bluetooth: eliminate the potential race condition when removing the HCI controller (git-fixes). - bnxt_en: reverse order of TX disable and carrier off (git-fixes). - bpf: Fix verifier jsgt branch analysis on max bound (bsc#1155518). - bpf, libbpf: Only create rx and tx XDP rings when necessary (bsc#1155518). - bpf, samples: Fix possible hang in xdpsock with multiple threads (bsc#1155518). - bpf, sockmap: Fix sk->prot unhash op reset (bsc#1155518). - bsg: free the request before return error code (git-fixes). - btrfs: fix qgroup data rsv leak caused by falloc failure (bsc#1185549). - btrfs: fix race between swap file activation and snapshot creation (bsc#1185587). - btrfs: fix race between writes to swap files and scrub (bsc#1185586). - btrfs: track qgroup released data in own variable in insert_prealloc_file_extent (bsc#1185549). - bus: qcom: Put child node before return (git-fixes). - cfg80211: remove WARN_ON() in cfg80211_sme_connect (git-fixes). - clk: exynos7: Mark aclk_fsys1_200 as critical (git-fixes). - clk: mvebu: armada-37xx-periph: Fix switching CPU freq from 250 Mhz to 1 GHz (git-fixes). - clk: mvebu: armada-37xx-periph: Fix workaround for switching from L1 to L0 (git-fixes). - clk: mvebu: armada-37xx-periph: remove .set_parent method for CPU PM clock (git-fixes). - clk: qcom: a53-pll: Add missing MODULE_DEVICE_TABLE (git-fixes). - clk: uniphier: Fix potential infinite loop (git-fixes). - clk: zynqmp: move zynqmp_pll_set_mode out of round_rate callback (git-fixes). - coresight: etm4x: Fix issues on trcseqevr access (git-fixes). - coresight: etm4x: Fix save and restore of TRCVMIDCCTLR1 register (git-fixes). - coresight: tmc-etr: Fix barrier packet insertion for perf buffer (git-fixes). - cpufreq: armada-37xx: Fix determining base CPU frequency (git-fixes). - cpufreq: armada-37xx: Fix driver cleanup when registration failed (git-fixes). - cpufreq: armada-37xx: Fix setting TBG parent for load levels (git-fixes). - cpufreq: armada-37xx: Fix the AVS value for load L1 (git-fixes). - cpufreq: Kconfig: fix documentation links (git-fixes). - crypto: arm/curve25519 - Move '.fpu' after '.arch' (git-fixes). - crypto: rng - fix crypto_rng_reset() refcounting when !CRYPTO_STATS (git-fixes). - cxgb4: avoid collecting SGE_QBASE regs during traffic (git-fixes). - cxgb4/chtls/cxgbit: Keeping the max ofld immediate data size same in cxgb4 and ulds (git-fixes). - dmaengine: dw: Make it dependent to HAS_IOMEM (git-fixes). - dm: eliminate potential source of excessive kernel log noise (git-fixes). - dm era: Fix bitset memory leaks (git-fixes). - dm era: only resize metadata in preresume (git-fixes). - dm era: Recover committed writeset after crash (git-fixes). - dm era: Reinitialize bitset cache before digesting a new writeset (git-fixes). - dm era: Use correct value size in equality function of writeset tree (git-fixes). - dm era: Verify the data block size hasn't changed (git-fixes). - dm: fix bug with RCU locking in dm_blk_report_zones (git-fixes). - dm integrity: fix error reporting in bitmap mode after creation (git-fixes). - dm ioctl: fix error return code in target_message (git-fixes). - dm mpath: fix racey management of PG initialization (git-fixes). - dm mpath: switch paths in dm_blk_ioctl() code path (bsc#1167574, bsc#1175995, bsc#1184485). - dm raid: fix discard limits for raid1 (git-fixes). - dm: remove invalid sparse __acquires and __releases annotations (git-fixes). - dm writecache: fix the maximum number of arguments (git-fixes). - dm writecache: handle DAX to partitions on persistent memory correctly (git-fixes). - dm writecache: remove BUG() and fail gracefully instead (git-fixes). - dm zoned: select CONFIG_CRC32 (git-fixes). - dpaa_eth: copy timestamp fields to new skb in A-050385 workaround (git-fixes). - dpaa_eth: fix the RX headroom size alignment (git-fixes). - dpaa_eth: Remove unnecessary boolean expression in dpaa_get_headroom (git-fixes). - dpaa_eth: Use random MAC address when none is given (bsc#1184811). - drivers: net: xgene: Fix the order of the arguments of 'alloc_etherdev_mqs()' (git-fixes). - drm/amdkfd: fix build error with AMD_IOMMU_V2=m (git-fixes). - drm/ast: Add 25MHz refclk support (bsc#1174416). - drm/ast: Add support for 1152x864 mode (bsc#1174416). - drm/ast: Add support for AIP200 (bsc#1174416). - drm/ast: AST2500 fixups (bsc#1174416). - drm/ast: Correct mode table for AST2500 precatch (bsc#1174416). - drm/ast: Disable screen on register init (bsc#1174416). - drm/ast: Disable VGA decoding while driver is active (bsc#1174416). - drm/ast: drm/ast: Fix boot address for AST2500 (bsc#1174416). - drm/ast: Fix P2A config detection (bsc#1174416). - drm/ast: Fix register access in non-P2A mode for DP501 (bsc#1174416). - drm/ast: Keep MISC fields when enabling VGA (bsc#1174416). - drm/i915/gvt: Fix error code in intel_gvt_init_device() (git-fixes). - drm/imx: imx-ldb: fix out of bounds array access warning (git-fixes). - drm/msm: Fix a5xx/a6xx timestamps (git-fixes). - drm/omap: fix misleading indentation in pixinc() (git-fixes). - drm/radeon: fix copy of uninitialized variable back to userspace (git-fixes). - drm/tegra: dc: Do not set PLL clock to 0Hz (git-fixes). - e1000e: add rtnl_lock() to e1000_reset_task (git-fixes). - e1000e: Fix duplicate include guard (git-fixes). - e1000e: Fix error handling in e1000_set_d0_lplu_state_82571 (git-fixes). - enetc: Let the hardware auto-advance the taprio base-time of 0 (git-fixes). - enetc: Workaround for MDIO register access issue (git-fixes). - ethernet/netronome/nfp: Fix a use after free in nfp_bpf_ctrl_msg_rx (git-fixes). - ext4: do not try to set xattr into ea_inode if value is empty (bsc#1184730). - ext4: find old entry again if failed to rename whiteout (bsc#1184742). - ext4: fix potential error in ext4_do_update_inode (bsc#1184731). - ext4: fix potential htree index checksum corruption (bsc#1184728). - firmware: qcom-scm: Fix QCOM_SCM configuration (git-fixes). - fnic: use scsi_host_busy_iter() to traverse commands (bsc#1179851). - fotg210-udc: Complete OUT requests on short packets (git-fixes). - fotg210-udc: Do not DMA more than the buffer can take (git-fixes). - fotg210-udc: Fix DMA on EP0 for length > max packet size (git-fixes). - fotg210-udc: Fix EP0 IN requests bigger than two packets (git-fixes). - fotg210-udc: Mask GRP2 interrupts we do not handle (git-fixes). - fotg210-udc: Remove a dubious condition leading to fotg210_done (git-fixes). - fs: direct-io: fix missing sdio->boundary (bsc#1184736). - fs/jfs: fix potential integer overflow on shift of a int (bsc#1184741). - fsl/fman: reuse set_mac_address() in dtsec init() (bsc#1184811). - fsl/fman: tolerate missing MAC address in device tree (bsc#1184811). - gpio: omap: Save and restore sysconfig (git-fixes). - gpio: sysfs: Obey valid_mask (git-fixes). - HID: alps: fix error return code in alps_input_configured() (git-fixes). - HID: google: add don USB id (git-fixes). - HID: plantronics: Workaround for double volume key presses (git-fixes). - HID: wacom: Assign boolean values to a bool variable (git-fixes). - HID: wacom: set EV_KEY and EV_ABS only for non-HID_GENERIC type of devices (git-fixes). - i2c: cadence: add IRQ check (git-fixes). - i2c: emev2: add IRQ check (git-fixes). - i2c: img-scb: fix reference leak when pm_runtime_get_sync fails (git-fixes). - i2c: imx-lpi2c: fix reference leak when pm_runtime_get_sync fails (git-fixes). - i2c: jz4780: add IRQ check (git-fixes). - i2c: omap: fix reference leak when pm_runtime_get_sync fails (git-fixes). - i2c: sh7760: add IRQ check (git-fixes). - i2c: sh7760: fix IRQ error path (git-fixes). - i2c: sprd: fix reference leak when pm_runtime_get_sync fails (git-fixes). - i40e: Added Asym_Pause to supported link modes (git-fixes). - i40e: Add zero-initialization of AQ command structures (git-fixes). - i40e: Fix addition of RX filters after enabling FW LLDP agent (git-fixes). - i40e: Fix add TC filter for IPv6 (git-fixes). - i40e: Fix display statistics for veb_tc (git-fixes). - i40e: Fix endianness conversions (git-fixes). - i40e: Fix flow for IPv6 next header (extension header) (git-fixes). - i40e: Fix kernel oops when i40e driver removes VF's (git-fixes). - i40e: Fix overwriting flow control settings during driver loading (git-fixes). - i40e: Fix sparse errors in i40e_txrx.c (git-fixes). - i40e: Fix sparse warning: missing error code 'err' (git-fixes). - i40e: fix the panic when running bpf in xdpdrv mode (git-fixes). - ibmvnic: avoid calling napi_disable() twice (bsc#1065729). - ibmvnic: clean up the remaining debugfs data structures (bsc#1065729). - ibmvnic: correctly use dev_consume/free_skb_irq (jsc#SLE-17268 jsc#SLE-17043 bsc#1179243 ltc#189290 git-fixes). - ibmvnic: improve failover sysfs entry (bsc#1043990 ltc#155681 git-fixes). - ibmvnic: print adapter state as a string (bsc#1152457 ltc#174432 git-fixes). - ibmvnic: print reset reason as a string (bsc#1152457 ltc#174432 git-fixes). - ibmvnic: queue reset work in system_long_wq (bsc#1152457 ltc#174432 git-fixes). - ibmvnic: remove duplicate napi_schedule call in do_reset function (bsc#1065729). - ibmvnic: remove duplicate napi_schedule call in open function (bsc#1065729). - ice: Account for port VLAN in VF max packet size calculation (git-fixes). - ice: Cleanup fltr list in case of allocation issues (git-fixes). - ice: Fix for dereference of NULL pointer (git-fixes). - ice: Increase control queue timeout (git-fixes). - ice: prevent ice_open and ice_stop during reset (git-fixes). - igb: check timestamp validity (git-fixes). - igb: Fix duplicate include guard (git-fixes). - igc: Fix Pause Frame Advertising (git-fixes). - igc: Fix Supported Pause Frame Link Setting (git-fixes). - igc: reinit_locked() should be called with rtnl_lock (git-fixes). - iio:accel:adis16201: Fix wrong axis assignment that prevents loading (git-fixes). - ima: Free IMA measurement buffer after kexec syscall (git-fixes). - Input: i8042 - fix Pegatron C15B ID entry (git-fixes). - Input: nspire-keypad - enable interrupts only when opened (git-fixes). - Input: s6sy761 - fix coordinate read bit shift (git-fixes). - interconnect: core: fix error return code of icc_link_destroy() (git-fixes). - iopoll: introduce read_poll_timeout macro (git-fixes). - iommu/vt-d: Use device numa domain if RHSA is missing (bsc#1184585). - ipw2x00: potential buffer overflow in libipw_wx_set_encodeext() (git-fixes). - irqchip: Add support for Layerscape external interrupt lines (bsc#1185233). - irqchip/ls-extirq: add IRQCHIP_SKIP_SET_WAKE to the irqchip flags (bsc#1185233). - irqchip/ls-extirq: Add LS1043A, LS1088A external interrupt support (bsc#1185233). - isofs: release buffer head before return (bsc#1182613). - ixgbe: fail to create xfrm offload of IPsec tunnel mode SA (git-fixes). - jffs2: fix use after free in jffs2_sum_write_data() (bsc#1184740). - kABI: cover up change in struct kvm_arch (bsc#1184969). - kABI: Fix kABI caused by fixes for bsc#1174426 (bsc#1174426). - kABI: powerpc/pseries: Add shutdown() to vio_driver and vio_bus (bsc#1184209 ltc#190917). - kernel/smp: make csdlock timeout depend on boot parameter (bsc#1180846). - KVM: kvmclock: Fix vCPUs > 64 can't be online/hotpluged (bsc#1152489). - KVM: PPC: Book3S HV P9: Restore host CTRL SPR after guest exit (bsc#1156395). - KVM: PPC: Make the VMX instruction emulation routines static (bsc#1156395). - libnvdimm/label: Return -ENXIO for no slot in __blk_label_update (bsc#1185269). - libnvdimm/namespace: Fix reaping of invalidated block-window-namespace labels (bsc#1185269). - libnvdimm/region: Fix nvdimm_has_flush() to handle ND_REGION_ASYNC (bsc#1184969 git-fixes). - libnvdimm/security: ensure sysfs poll thread woke up and fetch updated attr (git-fixes). - liquidio: Fix unintented sign extension of a left shift of a u16 (git-fixes). - locking/qrwlock: Fix ordering in queued_write_lock_slowpath() (bsc#1185041). - mac80211: bail out if cipher schemes are invalid (git-fixes). - mac80211: clear sta->fast_rx when STA removed from 4-addr VLAN (git-fixes). - macvlan: macvlan_count_rx() needs to be aware of preemption (git-fixes). - media: dvbdev: Fix memory leak in dvb_media_device_free() (git-fixes). - media: m88rs6000t: avoid potential out-of-bounds reads on arrays (git-fixes). - media: mantis: remove orphan mantis_core.c (git-fixes). - media: omap4iss: return error code when omap4iss_get() failed (git-fixes). - media: platform: sunxi: sun6i-csi: fix error return code of sun6i_video_start_streaming() (git-fixes). - media: staging/intel-ipu3: Fix memory leak in imu_fmt (git-fixes). - media: staging/intel-ipu3: Fix race condition during set_fmt (git-fixes). - media: staging/intel-ipu3: Fix set_fmt error handling (git-fixes). - media: v4l2-ctrls.c: fix race condition in hdl->requests list (git-fixes). - memory: gpmc: fix out of bounds read and dereference on gpmc_cs[] (git-fixes). - memory: pl353: fix mask of ECC page_size config register (git-fixes). - mfd: lpc_sch: Partially revert 'Add support for Intel Quark X1000' (git-fixes). - mfd: stm32-timers: Avoid clearing auto reload register (git-fixes). - misc: lis3lv02d: Fix false-positive WARN on various HP models (git-fixes). - misc: vmw_vmci: explicitly initialize vmci_datagram payload (git-fixes). - misc: vmw_vmci: explicitly initialize vmci_notify_bm_set_msg struct (git-fixes). - mmc: core: Correct descriptions in mmc_of_parse() (git-fixes). - mmc: cqhci: Add cqhci_deactivate() (git-fixes). - mmc: mmc_spi: Drop unused NO_IRQ definition (git-fixes). - mmc: sdhci-of-arasan: Add missed checks for devm_clk_register() (git-fixes). - mmc: sdhci-of-dwcmshc: fix rpmb access (git-fixes). - mmc: sdhci-of-dwcmshc: implement specific set_uhs_signaling (git-fixes). - mmc: sdhci-of-esdhc: make sure delay chain locked for HS400 (git-fixes). - mmc: sdhci-of-esdhc: set timeout to max before tuning (git-fixes). - mmc: sdhci-pci: Fix SDHCI_RESET_ALL for CQHCI for Intel GLK-based controllers (git-fixes). - mmc: sdhci: Use Auto CMD Auto Select only when v4_mode is true (git-fixes). - mmc: uniphier-sd: Fix an error handling path in uniphier_sd_probe() (git-fixes). - mmc: uniphier-sd: Fix a resource leak in the remove function (git-fixes). - mm/rmap: fix potential pte_unmap on an not mapped pte (git-fixes). - Move upstreamed i915 fix into sorted section - mt7601u: fix always true expression (git-fixes). - mtd: Handle possible -EPROBE_DEFER from parse_mtd_partitions() (git-fixes). - mtd: rawnand: brcmnand: fix OOB R/W with Hamming ECC (git-fixes). - mtd: rawnand: fsmc: Fix error code in fsmc_nand_probe() (git-fixes). - mtd: rawnand: gpmi: Fix a double free in gpmi_nand_init (git-fixes). - mtd: rawnand: qcom: Return actual error code instead of -ENODEV (git-fixes). - mtd: require write permissions for locking and badblock ioctls (git-fixes). - mtd: spinand: core: add missing MODULE_DEVICE_TABLE() (git-fixes). - mtd: spi-nor: Rename 'n25q512a' to 'mt25qu512a (n25q512a)' (bsc#1167260). - mtd: spi-nor: Split mt25qu512a (n25q512a) entry into two (bsc#1167260). - nbd: fix a block_device refcount leak in nbd_release (git-fixes). - net: atlantic: fix out of range usage of active_vlans array (git-fixes). - net: atlantic: fix potential error handling (git-fixes). - net: atlantic: fix use after free kasan warn (git-fixes). - net: dsa: felix: implement port flushing on .phylink_mac_link_down (git-fixes). - net: enetc: remove bogus write to SIRXIDR from enetc_setup_rxbdr (git-fixes). - net: enetc: take the MDIO lock only once per NAPI poll cycle (git-fixes). - net: geneve: check skb is large enough for IPv4/IPv6 header (git-fixes). - net: geneve: modify IP header check in geneve6_xmit_skb and geneve_xmit_skb (git-fixes). - net: hns3: clear VF down state bit before request link status (git-fixes). - net: hns3: fix bug when calculating the TCAM table info (git-fixes). - net: hns3: fix query vlan mask value error for flow director (git-fixes). - net: hns3: Remove un-necessary 'else-if' in the hclge_reset_event() (git-fixes). - net: ll_temac: Add more error handling of dma_map_single() calls (git-fixes). - net: ll_temac: Fix race condition causing TX hang (git-fixes). - net: ll_temac: Fix RX buffer descriptor handling on GFP_ATOMIC pressure (git-fixes). - net: ll_temac: Handle DMA halt condition caused by buffer underrun (git-fixes). - net/mlx4_core: Add missed mlx4_free_cmd_mailbox() (git-fixes). - net/mlx5: Do not request more than supported EQs (git-fixes). - net/mlx5e: Do not match on Geneve options in case option masks are all zero (git-fixes). - net/mlx5e: Fix error path for ethtool set-priv-flag (git-fixes). - net/mlx5e: Fix ethtool indication of connector type (git-fixes). - net/mlx5e: fix ingress_ifindex check in mlx5e_flower_parse_meta (jsc#SLE-8464). - net:nfc:digital: Fix a double free in digital_tg_recv_dep_req (git-fixes). - net: phy: intel-xway: enable integrated led functions (git-fixes). - net: phy: marvell: fix m88e1011_set_downshift (git-fixes). - net: phy: marvell: fix m88e1111_set_downshift (git-fixes). - net/qlcnic: Fix a use after free in qlcnic_83xx_get_minidump_template (git-fixes). - net: smc911x: Adjust indentation in smc911x_phy_configure (git-fixes). - net: stmmac: fix missing IFF_MULTICAST check in dwmac4_set_filter (git-fixes). - net: stmmac: xgmac: fix missing IFF_MULTICAST checki in dwxgmac2_set_filter (git-fixes). - net: tulip: Adjust indentation in {dmfe, uli526x}_init_module (git-fixes). - nfc: pn533: prevent potential memory corruption (git-fixes). - nfp: flower: ignore duplicate merge hints from FW (git-fixes). - node: fix device cleanups in error handling code (git-fixes). - null_blk: fix passing of REQ_FUA flag in null_handle_rq (git-fixes). - nvme-fabrics: reject I/O to offline device (bsc#1181161). - nvme-tcp: fix possible hang when failing to set io queues (bsc#1181161). - ocfs2: fix a use after free on error (bsc#1184738). - pata_arasan_cf: fix IRQ check (git-fixes). - pata_ipx4xx_cf: fix IRQ check (git-fixes). - PCI/AER: Add pcie_walk_rcec() to RCEC AER handling (bsc#1174426). - PCI/AER: Add RCEC AER error injection support (bsc#1174426). - PCI/AER: Clear AER status from Root Port when resetting Downstream Port (bsc#1174426). - PCI/AER: Specify the type of Port that was reset (bsc#1174426). - PCI/AER: Use 'aer' variable for capability offset (bsc#1174426). - PCI/AER: Write AER Capability only when we control it (bsc#1174426). - PCI: designware-ep: Fix the Header Type check (git-fixes). - PCI/ERR: Add pcie_link_rcec() to associate RCiEPs (bsc#1174426). - PCI/ERR: Add pci_walk_bridge() to pcie_do_recovery() (bsc#1174426). - PCI/ERR: Avoid negated conditional for clarity (bsc#1174426). - PCI/ERR: Bind RCEC devices to the Root Port driver (bsc#1174426). - PCI/ERR: Cache RCEC EA Capability offset in pci_init_capabilities() (bsc#1174426). - PCI/ERR: Clear AER status only when we control AER (bsc#1174426). - PCI/ERR: Clear PCIe Device Status errors only if OS owns AER (bsc#1174426). - PCI/ERR: Clear status of the reporting device (bsc#1174426). - PCI/ERR: Recover from RCEC AER errors (bsc#1174426). - PCI/ERR: Recover from RCiEP AER errors (bsc#1174426). - PCI/ERR: Rename reset_link() to reset_subordinates() (bsc#1174426). - PCI/ERR: Retain status from error notification (bsc#1174426). - PCI/ERR: Simplify by computing pci_pcie_type() once (bsc#1174426). - PCI/ERR: Simplify by using pci_upstream_bridge() (bsc#1174426). - PCI/ERR: Use 'bridge' for clarity in pcie_do_recovery() (bsc#1174426). - PCI/PME: Add pcie_walk_rcec() to RCEC PME handling (bsc#1174426). - PCI/portdrv: Report reset for frozen channel (bsc#1174426). - PCI: tegra: Fix ASPM-L1SS advertisement disable code (git-fixes). - PCI: tegra: Move 'dbi' accesses to post common DWC initialization (git-fixes). - phy: marvell: ARMADA375_USBCLUSTER_PHY should not default to y, unconditionally (git-fixes). - pinctrl: core: Fix kernel doc string for pin_get_name() (git-fixes). - pinctrl: Ingenic: Add missing pins to the JZ4770 MAC MII group (git-fixes). - platform/x86: pmc_atom: Match all Beckhoff Automation baytrail boards with critclk_systems DMI table (git-fixes). - PM: runtime: Add documentation for pm_runtime_resume_and_get() (git-fixes). - powerepc/book3s64/hash: Align start/end address correctly with bolt mapping (bsc#1184957). - powerpc/64s: Fix pte update for kernel memory on radix (bsc#1055117 git-fixes). - powerpc/asm-offsets: GPR14 is not needed either (bsc#1065729). - powerpc/eeh: Fix EEH handling for hugepages in ioremap space (bsc#1156395). - powerpc/fadump: Mark fadump_calculate_reserve_size as __init (bsc#1065729). - powerpc/mm: Add cond_resched() while removing hpte mappings (bsc#1183289 ltc#191637). - powerpc/papr_scm: Fix build error due to wrong printf specifier (bsc#1184969). - powerpc/papr_scm: Implement support for H_SCM_FLUSH hcall (bsc#1184969). - powerpc/perf: Fix PMU constraint check for EBB events (bsc#1065729). - powerpc/prom: Mark identical_pvr_fixup as __init (bsc#1065729). - powerpc/pseries: Add shutdown() to vio_driver and vio_bus (bsc#1184209 ltc#190917). - powerpc/time: Enable sched clock for irqtime (bsc#1156395). - regmap: set debugfs_name to NULL after it is freed (git-fixes). - regulator: Avoid a double 'of_node_get' in 'regulator_of_get_init_node()' (git-fixes). - reintroduce cqhci_suspend for kABI (git-fixes). - reiserfs: update reiserfs_xattrs_initialized() condition (bsc#1184737). - rpm/constraints.in: bump disk space to 45GB on riscv64 - rpm/kernel-obs-build.spec.in: Include essiv with dm-crypt (boo#1183063). - rpm/macros.kernel-source: fix KMP failure in %install (bsc#1185244) - rpm/mkspec: Use tilde instead of dot for version string with rc (bsc#1184650) - rsi: Use resume_noirq for SDIO (git-fixes). - rsxx: remove extraneous 'const' qualifier (git-fixes). - rtc: ds1307: Fix wday settings for rx8130 (git-fixes). - rtc: fsl-ftm-alarm: add MODULE_TABLE() (bsc#1185454). - rtc: fsl-ftm-alarm: avoid struct rtc_time conversions (bsc#1185454). - rtc: fsl-ftm-alarm: enable acpi support (bsc#1185454). - rtc: fsl-ftm-alarm: fix freeze(s2idle) failed to wake (bsc#1185454). - rtc: fsl-ftm-alarm: report alarm to core (bsc#1185454). - rtc: fsl-ftm-alarm: switch to ktime_get_real_seconds (bsc#1185454). - rtc: fsl-ftm-alarm: switch to rtc_time64_to_tm/rtc_tm_to_time64 (bsc#1185454). - rtc: fsl-ftm-alarm: update acpi device id (bsc#1185454). - rtc: pcf2127: add alarm support (bsc#1185233). - rtc: pcf2127: add pca2129 device id (bsc#1185233). - rtc: pcf2127: add tamper detection support (bsc#1185233). - rtc: pcf2127: add watchdog feature support (bsc#1185233). - rtc: pcf2127: bugfix: watchdog build dependency (bsc#1185233). - rtc: pcf2127: cleanup register and bit defines (bsc#1185233). - rtc: pcf2127: convert to devm_rtc_allocate_device (bsc#1185233). - rtc: pcf2127: fix a bug when not specify interrupts property (bsc#1185233). - rtc: pcf2127: fix alarm handling (bsc#1185233). - rtc: pcf2127: fix pcf2127_nvmem_read/write() returns (bsc#1185233). - rtc: pcf2127: handle boot-enabled watchdog feature (bsc#1185233). - rtc: pcf2127: let the core handle rtc range (bsc#1185233). - rtc: pcf2127: move watchdog initialisation to a separate function (bsc#1185233). - rtc: pcf2127: only use watchdog when explicitly available (bsc#1185233). - rtc: pcf2127: properly set flag WD_CD for rtc chips(pcf2129, pca2129) (bsc#1185233). - rtc: pcf2127: remove unnecessary #ifdef (bsc#1185233). - rtc: pcf2127: set regmap max_register (bsc#1185233). - rtc: pcf2127: watchdog: handle nowayout feature (bsc#1185233). - rtlwifi: 8821ae: upgrade PHY and RF parameters (git-fixes). - rtw88: Fix array overrun in rtw_get_tx_power_params() (git-fixes). - sata_mv: add IRQ checks (git-fixes). - scsi: block: Fix a race in the runtime power management code (git-fixes). - scsi: core: add scsi_host_busy_iter() (bsc#1179851). - scsi: core: Only return started requests from scsi_host_find_tag() (bsc#1179851). - scsi: lpfc: Copyright updates for 12.8.0.9 patches (bsc#1185472). - scsi: lpfc: Eliminate use of LPFC_DRIVER_NAME in lpfc_attr.c (bsc#1185472). - scsi: lpfc: Fix a bunch of kernel-doc issues (bsc#1185472). - scsi: lpfc: Fix a bunch of kernel-doc misdemeanours (bsc#1185472). - scsi: lpfc: Fix a bunch of misnamed functions (bsc#1185472). - scsi: lpfc: Fix a few incorrectly named functions (bsc#1185472). - scsi: lpfc: Fix a typo (bsc#1185472). - scsi: lpfc: Fix crash when a REG_RPI mailbox fails triggering a LOGO response (bsc#1185472). - scsi: lpfc: Fix DMA virtual address ptr assignment in bsg (bsc#1185365). - scsi: lpfc: Fix error handling for mailboxes completed in MBX_POLL mode (bsc#1185472). - scsi: lpfc: Fix formatting and misspelling issues (bsc#1185472). - scsi: lpfc: Fix gcc -Wstringop-overread warning (bsc#1185472). - scsi: lpfc: Fix illegal memory access on Abort IOCBs (bsc#1183203). - scsi: lpfc: Fix incorrectly documented function lpfc_debugfs_commonxripools_data() (bsc#1185472). - scsi: lpfc: Fix incorrect naming of __lpfc_update_fcf_record() (bsc#1185472). - scsi: lpfc: Fix kernel-doc formatting issue (bsc#1185472). - scsi: lpfc: Fix lack of device removal on port swaps with PRLIs (bsc#1185472). - scsi: lpfc: Fix lpfc_hdw_queue attribute being ignored (bsc#1185472). - scsi: lpfc: Fix missing FDMI registrations after Mgmt Svc login (bsc#1185472). - scsi: lpfc: Fix NMI crash during rmmod due to circular hbalock dependency (bsc#1185472). - scsi: lpfc: Fix reference counting errors in lpfc_cmpl_els_rsp() (bsc#1185472). - scsi: lpfc: Fix rmmod crash due to bad ring pointers to abort_iotag (bsc#1185472). - scsi: lpfc: Fix silent memory allocation failure in lpfc_sli4_bsg_link_diag_test() (bsc#1185472). - scsi: lpfc: Fix some error codes in debugfs (bsc#1185472). - scsi: lpfc: Fix use-after-free on unused nodes after port swap (bsc#1185472). - scsi: lpfc: Fix various trivial errors in comments and log messages (bsc#1185472). - scsi: lpfc: Remove unsupported mbox PORT_CAPABILITIES logic (bsc#1185472). - scsi: lpfc: Standardize discovery object logging format (bsc#1185472). - scsi: lpfc: Update lpfc version to 12.8.0.9 (bsc#1185472). - scsi: qla2xxx: Add error counters to debugfs node (bsc#1185491). - scsi: qla2xxx: Add H:C:T info in the log message for fc ports (bsc#1185491). - scsi: qla2xxx: Always check the return value of qla24xx_get_isp_stats() (bsc#1185491). - scsi: qla2xxx: Assign boolean values to a bool variable (bsc#1185491). - scsi: qla2xxx: Check kzalloc() return value (bsc#1185491). - scsi: qla2xxx: Consolidate zio threshold setting for both FCP NVMe (bsc#1185491). - scsi: qla2xxx: Constify struct qla_tgt_func_tmpl (bsc#1185491). - scsi: qla2xxx: Do logout even if fabric scan retries got exhausted (bsc#1185491). - scsi: qla2xxx: Enable NVMe CONF (BIT_7) when enabling SLER (bsc#1185491). - scsi: qla2xxx: fc_remote_port_chkready() returns a SCSI result value (bsc#1185491). - scsi: qla2xxx: Fix a couple of misdocumented functions (bsc#1185491). - scsi: qla2xxx: Fix a couple of misnamed functions (bsc#1185491). - scsi: qla2xxx: Fix broken #endif placement (bsc#1185491). - scsi: qla2xxx: Fix crash in PCIe error handling (bsc#1185491). - scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand() (bsc#1185491). - scsi: qla2xxx: Fix endianness annotations (bsc#1185491). - scsi: qla2xxx: Fix incorrectly named function qla8044_check_temp() (bsc#1185491). - scsi: qla2xxx: Fix IOPS drop seen in some adapters (bsc#1185491). - scsi: qla2xxx: Fix mailbox Ch erroneous error (bsc#1185491). - scsi: qla2xxx: Fix mailbox recovery during PCIe error (bsc#1185491). - scsi: qla2xxx: Fix RISC RESET completion polling (bsc#1185491). - scsi: qla2xxx: Fix some incorrect formatting/spelling issues (bsc#1185491). - scsi: qla2xxx: Fix some memory corruption (bsc#1185491). - scsi: qla2xxx: Fix stuck session (bsc#1185491). - scsi: qla2xxx: Fix use after free in bsg (bsc#1185491). - scsi: qla2xxx: Implementation to get and manage host, target stats and initiator port (bsc#1185491). - scsi: qla2xxx: Move some messages from debug to normal log level (bsc#1185491). - scsi: qla2xxx: Remove redundant NULL check (bsc#1185491). - scsi: qla2xxx: Remove unnecessary NULL check (bsc#1185491). - scsi: qla2xxx: Remove unneeded if-null-free check (bsc#1185491). - scsi: qla2xxx: Replace __qla2x00_marker()'s missing underscores (bsc#1185491). - scsi: qla2xxx: Reserve extra IRQ vectors (bsc#1184436). - scsi: qla2xxx: Reuse existing error handling path (bsc#1185491). - scsi: qla2xxx: Simplify if statement (bsc#1185491). - scsi: qla2xxx: Simplify qla8044_minidump_process_control() (bsc#1185491). - scsi: qla2xxx: Simplify the calculation of variables (bsc#1185491). - scsi: qla2xxx: Suppress Coverity complaints about dseg_r* (bsc#1185491). - scsi: qla2xxx: Update default AER debug mask (bsc#1185491). - scsi: qla2xxx: Update version to 10.02.00.105-k (bsc#1185491). - scsi: qla2xxx: Update version to 10.02.00.106-k (bsc#1185491). - scsi: qla2xxx: Use dma_pool_zalloc() (bsc#1185491). - scsi: qla2xxx: Wait for ABTS response on I/O timeouts for NVMe (bsc#1185491). - scsi: smartpqi: Correct driver removal with HBA disks (bsc#1178089). - scsi: smartpqi: Correct pqi_sas_smp_handler busy condition (bsc#1178089). - scsi: smartpqi: Update version to 1.2.16-012 (bsc#1178089). - selftests/powerpc: Add pkey helpers for rights (bsc#1184934 ltc#191460). - selftests/powerpc: Add test for execute-disabled pkeys (bsc#1184934 ltc#191460). - selftests/powerpc: Add test for pkey siginfo verification (bsc#1184934 ltc#191460). - selftests/powerpc: Add wrapper for gettid (bsc#1184934 ltc#191460). - selftests/powerpc: Fix exit status of pkey tests (bsc#1184934 ltc#191460). - selftests/powerpc: Fix L1D flushing tests for Power10 (bsc#1184934 ltc#191460). - selftests/powerpc: Fix pkey syscall redefinitions (bsc#1184934 ltc#191460). - selftests/powerpc: Move pkey helpers to headers (bsc#1184934 ltc#191460). - selftests/powerpc: refactor entry and rfi_flush tests (bsc#1184934 ltc#191460). - soc: aspeed: fix a ternary sign expansion bug (git-fixes). - soc: qcom: mdt_loader: Detect truncated read of segments (git-fixes). - soc: qcom: mdt_loader: Validate that p_filesz p_memsz (git-fixes). - soundwire: bus: Fix device found flag correctly (git-fixes). - soundwire: stream: fix memory leak in stream config error path (git-fixes). - spi: fsl-dspi: fix NULL pointer dereference (bsc#1167260). - spi: fsl-dspi: fix use-after-free in remove path (bsc#1167260). - spi: fsl-dspi: fix wrong pointer in suspend/resume (bsc#1167260). - spi: fsl-lpspi: Fix PM reference leak in lpspi_prepare_xfer_hardware() (git-fixes). - spi: Introduce dspi_slave_abort() function for NXP's dspi SPI driver (bsc#1167260). - spi: spi-fsl-dspi: Accelerate transfers using larger word size if possible (bsc#1167260). - spi: spi-fsl-dspi: Add comments around dspi_pop_tx and dspi_push_rx functions (bsc#1167260). - spi: spi-fsl-dspi: Adding shutdown hook (bsc#1167260). - spi: spi-fsl-dspi: Add support for LS1028A (bsc#1167260). - spi: spi-fsl-dspi: Always use the TCFQ devices in poll mode (bsc#1167260). - spi: spi-fsl-dspi: Avoid NULL pointer in dspi_slave_abort for non-DMA mode (bsc#1167260). - spi: spi-fsl-dspi: Avoid reading more data than written in EOQ mode (bsc#1167260). - spi: spi-fsl-dspi: Change usage pattern of SPI_MCR_* and SPI_CTAR_* macros (bsc#1167260). - spi: spi-fsl-dspi: Convert TCFQ users to XSPI FIFO mode (bsc#1167260). - spi: spi-fsl-dspi: Convert the instantiations that support it to DMA (bsc#1167260). - spi: spi-fsl-dspi: delete EOQ transfer mode (bsc#1167260). - spi: spi-fsl-dspi: Demistify magic value in SPI_SR_CLEAR (bsc#1167260). - spi: spi-fsl-dspi: Do not access reserved fields in SPI_MCR (bsc#1167260). - spi: spi-fsl-dspi: Do not mask off undefined bits (bsc#1167260). - spi: spi-fsl-dspi: Exit the ISR with IRQ_NONE when it's not ours (bsc#1167260). - spi: spi-fsl-dspi: Fix 16-bit word order in 32-bit XSPI mode (bsc#1167260). - spi: spi-fsl-dspi: Fix bits-per-word acceleration in DMA mode (bsc#1167260). - spi: spi-fsl-dspi: Fix code alignment (bsc#1167260). - spi: spi-fsl-dspi: fix DMA mapping (bsc#1167260). - spi: spi-fsl-dspi: Fix external abort on interrupt in resume or exit paths (bsc#1167260). - spi: spi-fsl-dspi: Fix interrupt-less DMA mode taking an XSPI code path (bsc#1167260). - spi: spi-fsl-dspi: Fix little endian access to PUSHR CMD and TXDATA (bsc#1167260). - spi: spi-fsl-dspi: Fix lockup if device is removed during SPI transfer (bsc#1167260). - spi: spi-fsl-dspi: Fix lockup if device is shutdown during SPI transfer (bsc#1167260). - spi: spi-fsl-dspi: fix native data copy (bsc#1167260). - spi: spi-fsl-dspi: Fix race condition in TCFQ/EOQ interrupt (bsc#1167260). - spi: spi-fsl-dspi: Fix typos (bsc#1167260). - spi: spi-fsl-dspi: Free DMA memory with matching function (bsc#1167260). - spi: spi-fsl-dspi: Implement .max_message_size method for EOQ mode (bsc#1167260). - spi: spi-fsl-dspi: Initialize completion before possible interrupt (bsc#1167260). - spi: spi-fsl-dspi: LS2080A and LX2160A support XSPI mode (bsc#1167260). - spi: spi-fsl-dspi: Make bus-num property optional (bsc#1167260). - spi: spi-fsl-dspi: Move dspi_interrupt above dspi_transfer_one_message (bsc#1167260). - spi: spi-fsl-dspi: Move invariant configs out of dspi_transfer_one_message (bsc#1167260). - spi: spi-fsl-dspi: Optimize dspi_setup_accel for lowest interrupt count (bsc#1167260). - spi: spi-fsl-dspi: Parameterize the FIFO size and DMA buffer size (bsc#1167260). - spi: spi-fsl-dspi: Protect against races on dspi->words_in_flight (bsc#1167260). - spi: spi-fsl-dspi: Reduce indentation in dspi_release_dma() (bsc#1167260). - spi: spi-fsl-dspi: Reduce indentation level in dspi_interrupt (bsc#1167260). - spi: spi-fsl-dspi: remove git-fixes Remove git-fixes. Prepare to update the driver. References: bsc#1167260 - spi: spi-fsl-dspi: Remove impossible to reach error check (bsc#1167260). - spi: spi-fsl-dspi: Remove pointless assignment of master->transfer to NULL (bsc#1167260). - spi: spi-fsl-dspi: Remove unused chip->void_write_data (bsc#1167260). - spi: spi-fsl-dspi: Remove unused defines and includes (bsc#1167260). - spi: spi-fsl-dspi: Remove unused initialization of 'ret' in dspi_probe (bsc#1167260). - spi: spi-fsl-dspi: Rename fifo_{read,write} and {tx,cmd}_fifo_write (bsc#1167260). - spi: spi-fsl-dspi: Replace interruptible wait queue with a simple completion (bsc#1167260). - spi: spi-fsl-dspi: Replace legacy spi_master names with spi_controller (bsc#1167260). - spi: spi-fsl-dspi: set ColdFire to DMA mode (bsc#1167260). - spi: spi-fsl-dspi: Simplify bytes_per_word gymnastics (bsc#1167260). - spi: spi-fsl-dspi: Take software timestamp in dspi_fifo_write (bsc#1167260). - spi: spi-fsl-dspi: Use BIT() and GENMASK() macros (bsc#1167260). - spi: spi-fsl-dspi: Use dma_request_chan() instead dma_request_slave_channel() (bsc#1167260). - spi: spi-fsl-dspi: Use EOQ for last word in buffer even for XSPI mode (bsc#1167260). - spi: spi-fsl-dspi: Use poll mode in case the platform IRQ is missing (bsc#1167260). - spi: spi-fsl-dspi: Use reverse Christmas tree declaration order (bsc#1167260). - spi: spi-fsl-dspi: Use specific compatible strings for all SoC instantiations (bsc#1167260). - spi: spi-fsl-dspi: use XSPI mode instead of DMA for DPAA2 SoCs (bsc#1167260). - spi: spi-ti-qspi: Free DMA resources (git-fixes). - staging: fwserial: fix TIOCGSERIAL implementation (git-fixes). - staging: fwserial: fix TIOCSSERIAL implementation (git-fixes). - staging: fwserial: fix TIOCSSERIAL jiffies conversions (git-fixes). - staging: fwserial: fix TIOCSSERIAL permission check (git-fixes). - staging: rtl8192u: Fix potential infinite loop (git-fixes). - usb: CDC-ACM: fix poison/unpoison imbalance (bsc#1184984). - usb: CDC-ACM: fix poison/unpoison imbalance (git-fixes). - usb: cdc-acm: fix TIOCGSERIAL implementation (git-fixes). - usb: cdc-acm: fix unprivileged TIOCCSERIAL (git-fixes). - usb: dwc2: Fix hibernation between host and device modes (git-fixes). - usb: dwc2: Fix host mode hibernation exit with remote wakeup flow (git-fixes). - usb: dwc2: Fix session request interrupt handler (git-fixes). - usb: dwc3: gadget: Fix START_TRANSFER link state check (git-fixes). - usb: dwc3: keystone: use devm_platform_ioremap_resource() to simplify code (git-fixes). - usb: dwc3: meson-g12a: use devm_platform_ioremap_resource() to simplify code (git-fixes). - usb: dwc3: Switch to use device_property_count_u32() (git-fixes). - usb: gadget: aspeed: fix dma map failure (git-fixes). - usb: gadget: Fix double free of device descriptor pointers (git-fixes). - usb: gadget: pch_udc: Check for DMA mapping error (git-fixes). - usb: gadget: pch_udc: Check if driver is present before calling ->setup() (git-fixes). - usb: gadget: pch_udc: Move pch_udc_init() to satisfy kernel doc (git-fixes). - usb: gadget: pch_udc: Replace cpu_to_le32() by lower_32_bits() (git-fixes). - usb: gadget: pch_udc: Revert d3cb25a12138 completely (git-fixes). - usb: gadget: r8a66597: Add missing null check on return from platform_get_resource (git-fixes). - usb: gadget: udc: fix wrong pointer passed to IS_ERR() and PTR_ERR() (git-fixes). - usb: Remove dev_err() usage after platform_get_irq() (git-fixes). - usb: serial: ark3116: fix TIOCGSERIAL implementation (git-fixes). - usb: serial: f81232: fix TIOCGSERIAL implementation (git-fixes). - usb: serial: f81534: fix TIOCGSERIAL implementation (git-fixes). - usb: serial: fix return value for unsupported ioctls (git-fixes). - usb: serial: mos7720: fix TIOCGSERIAL implementation (git-fixes). - usb: serial: opticon: fix TIOCGSERIAL implementation (git-fixes). - usb: serial: quatech2: fix TIOCGSERIAL implementation (git-fixes). - usb: serial: ssu100: fix TIOCGSERIAL implementation (git-fixes). - usb: serial: usb_wwan: fix TIOCGSERIAL implementation (git-fixes). - usb: serial: usb_wwan: fix TIOCSSERIAL jiffies conversions (git-fixes). - usb: serial: usb_wwan: fix unprivileged TIOCCSERIAL (git-fixes). - usb: typec: tcpci: Check ROLE_CONTROL while interpreting CC_STATUS (git-fixes). - usb: typec: tcpm: Address incorrect values of tcpm psy for fixed supply (git-fixes). - usb: typec: tcpm: Honour pSnkStdby requirement during negotiation (git-fixes). - veth: Store queue_mapping independently of XDP prog presence (git-fixes). - vfio/pci: Add missing range check in vfio_pci_mmap (git-fixes). - virt_wifi: Return micros for BSS TSF values (git-fixes). - vxlan: move debug check after netdev unregister (git-fixes). - workqueue: Move the position of debug_work_activate() in __queue_work() (bsc#1184893). - x86/crash: Fix crash_setup_memmap_entries() out-of-bounds access (bsc#1152489). - x86/insn: Add some Intel instructions to the opcode map (bsc#1184760). - x86/insn: Add some more Intel instructions to the opcode map (bsc#1184760). - x86/microcode: Check for offline CPUs before requesting new microcode (bsc#1152489). - x86/mm: Fix NX bit clearing issue in kernel_map_pages_in_pgd (bsc#1152489). - x86/platform/uv: Set section block size for hubless architectures (bsc#1152489). - x86/reboot: Force all cpus to exit VMX root if VMX is supported (bsc#1152489). Important SUSE bug 1043990 SUSE bug 1055117 SUSE bug 1065729 SUSE bug 1152457 SUSE bug 1152489 SUSE bug 1155518 SUSE bug 1156395 SUSE bug 1167260 SUSE bug 1167574 SUSE bug 1168838 SUSE bug 1174416 SUSE bug 1174426 SUSE bug 1175995 SUSE bug 1178089 SUSE bug 1179243 SUSE bug 1179851 SUSE bug 1180846 SUSE bug 1181161 SUSE bug 1182613 SUSE bug 1183063 SUSE bug 1183203 SUSE bug 1183289 SUSE bug 1184208 SUSE bug 1184209 SUSE bug 1184436 SUSE bug 1184485 SUSE bug 1184514 SUSE bug 1184585 SUSE bug 1184650 SUSE bug 1184724 SUSE bug 1184728 SUSE bug 1184730 SUSE bug 1184731 SUSE bug 1184736 SUSE bug 1184737 SUSE bug 1184738 SUSE bug 1184740 SUSE bug 1184741 SUSE bug 1184742 SUSE bug 1184760 SUSE bug 1184811 SUSE bug 1184893 SUSE bug 1184934 SUSE bug 1184942 SUSE bug 1184957 SUSE bug 1184969 SUSE bug 1184984 SUSE bug 1185041 SUSE bug 1185113 SUSE bug 1185233 SUSE bug 1185244 SUSE bug 1185269 SUSE bug 1185365 SUSE bug 1185454 SUSE bug 1185472 SUSE bug 1185491 SUSE bug 1185549 SUSE bug 1185586 SUSE bug 1185587 CVE-2021-29155 at SUSE CVE-2021-29155 at NVD CVE-2021-29650 at SUSE CVE-2021-29650 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for libxml2 fixes the following issues: - CVE-2021-3541: Fixed exponential entity expansion attack bypasses all existing protection mechanisms. (bsc#1186015) Moderate SUSE bug 1186015 CVE-2021-3541 at SUSE CVE-2021-3541 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for spice fixes the following issues: - CVE-2021-20201: client initiated renegotiation causing denial of service (bsc#1181686) Important SUSE bug 1181686 CVE-2021-20201 at SUSE CVE-2021-20201 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20210608 release. - CVE-2020-24513: A domain bypass transient execution vulnerability was discovered on some Intel Atom processors that use a micro-architectural incident channel. (INTEL-SA-00465 bsc#1179833) See also: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html - CVE-2020-24511: The IBRS feature to mitigate Spectre variant 2 transient execution side channel vulnerabilities may not fully prevent non-root (guest) branches from controlling the branch predictions of the root (host) (INTEL-SA-00464 bsc#1179836) See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html) - CVE-2020-24512: Fixed trivial data value cache-lines such as all-zero value cache-lines may lead to changes in cache-allocation or write-back behavior for such cache-lines (bsc#1179837 INTEL-SA-00464) See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html) - CVE-2020-24489: Fixed Intel VT-d device pass through potential local privilege escalation (INTEL-SA-00442 bsc#1179839) See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00442.html Other fixes: - Update for functional issues. Refer to [Third Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/637780)for details. - Update for functional issues. Refer to [Second Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848) for details. - Update for functional issues. Refer to [Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/613537) for details. - Update for functional issues. Refer to [Intel Xeon Processor D-1500, D-1500 NS and D-1600 NS Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-d-1500-specification-update.html) for details. - Update for functional issues. Refer to [Intel Xeon E7-8800 and E7-4800 v3 Processor Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e7-v3-spec-update.html) for details. - Update for functional issues. Refer to [Intel Xeon Processor E5 v3 Product Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e5-v3-spec-update.html?wapkw=processor+spec+update+e5) for details. - Update for functional issues. Refer to [10th Gen Intel Core Processor Families Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/10th-gen-core-families-specification-update.html) for details. - Update for functional issues. Refer to [8th and 9th Gen Intel Core Processor Family Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/8th-gen-core-spec-update.html) for details. - Update for functional issues. Refer to [7th Gen and 8th Gen (U Quad-Core) Intel Processor Families Specification Update](https://www.intel.com/content/www/us/en/processors/core/7th-gen-core-family-spec-update.html) for details. - Update for functional issues. Refer to [6th Gen Intel Processor Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/332689) for details. - Update for functional issues. Refer to [Intel Xeon E3-1200 v6 Processor Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e3-1200v6-spec-update.html) for details. - Update for functional issues. Refer to [Intel Xeon E-2100 and E-2200 Processor Family Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-e-2100-specification-update.html) for details. - New platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | CLX-SP | A0 | 06-55-05/b7 | | 03000010 | Xeon Scalable Gen2 | ICX-SP | C0 | 06-6a-05/87 | | 0c0002f0 | Xeon Scalable Gen3 | ICX-SP | D0 | 06-6a-06/87 | | 0d0002a0 | Xeon Scalable Gen3 | SNR | B0 | 06-86-04/01 | | 0b00000f | Atom P59xxB | SNR | B1 | 06-86-05/01 | | 0b00000f | Atom P59xxB | TGL | B1 | 06-8c-01/80 | | 00000088 | Core Gen11 Mobile | TGL-R | C0 | 06-8c-02/c2 | | 00000016 | Core Gen11 Mobile | TGL-H | R0 | 06-8d-01/c2 | | 0000002c | Core Gen11 Mobile | EHL | B1 | 06-96-01/01 | | 00000011 | Pentium J6426/N6415, Celeron J6412/J6413/N6210/N6211, Atom x6000E | JSL | A0/A1 | 06-9c-00/01 | | 0000001d | Pentium N6000/N6005, Celeron N4500/N4505/N5100/N5105 | RKL-S | B0 | 06-a7-01/02 | | 00000040 | Core Gen11 - Updated platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | HSX-E/EP | Cx/M1 | 06-3f-02/6f | 00000044 | 00000046 | Core Gen4 X series; Xeon E5 v3 | HSX-EX | E0 | 06-3f-04/80 | 00000016 | 00000019 | Xeon E7 v3 | SKL-U/Y | D0 | 06-4e-03/c0 | 000000e2 | 000000ea | Core Gen6 Mobile | SKL-U23e | K1 | 06-4e-03/c0 | 000000e2 | 000000ea | Core Gen6 Mobile | BDX-ML | B0/M0/R0 | 06-4f-01/ef | 0b000038 | 0b00003e | Xeon E5/E7 v4; Core i7-69xx/68xx | SKX-SP | B1 | 06-55-03/97 | 01000159 | 0100015b | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006a0a | 02006b06 | Xeon Scalable | SKX-D | M1 | 06-55-04/b7 | 02006a0a | 02006b06 | Xeon D-21xx | CLX-SP | B0 | 06-55-06/bf | 04003006 | 04003102 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05003006 | 05003102 | Xeon Scalable Gen2 | CPX-SP | A1 | 06-55-0b/bf | 0700001e | 07002302 | Xeon Scalable Gen3 | BDX-DE | V2/V3 | 06-56-03/10 | 07000019 | 0700001b | Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 | BDX-DE | Y0 | 06-56-04/10 | 0f000017 | 0f000019 | Xeon D-1557/59/67/71/77/81/87 | BDX-NS | A0 | 06-56-05/10 | 0e00000f | 0e000012 | Xeon D-1513N/23/33/43/53 | APL | D0 | 06-5c-09/03 | 00000040 | 00000044 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx | APL | E0 | 06-5c-0a/03 | 0000001e | 00000020 | Atom x5-E39xx | SKL-H/S | R0/N0 | 06-5e-03/36 | 000000e2 | 000000ea | Core Gen6; Xeon E3 v5 | DNV | B0 | 06-5f-01/01 | 0000002e | 00000034 | Atom C Series | GLK | B0 | 06-7a-01/01 | 00000034 | 00000036 | Pentium Silver N/J5xxx, Celeron N/J4xxx | GKL-R | R0 | 06-7a-08/01 | 00000018 | 0000001a | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | ICL-U/Y | D1 | 06-7e-05/80 | 000000a0 | 000000a6 | Core Gen10 Mobile | LKF | B2/B3 | 06-8a-01/10 | 00000028 | 0000002a | Core w/Hybrid Technology | AML-Y22 | H0 | 06-8e-09/10 | 000000de | 000000ea | Core Gen8 Mobile | KBL-U/Y | H0 | 06-8e-09/c0 | 000000de | 000000ea | Core Gen7 Mobile | CFL-U43e | D0 | 06-8e-0a/c0 | 000000e0 | 000000ea | Core Gen8 Mobile | WHL-U | W0 | 06-8e-0b/d0 | 000000de | 000000ea | Core Gen8 Mobile | AML-Y42 | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen10 Mobile | CML-Y42 | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen10 Mobile | WHL-U | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen8 Mobile | KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000de | 000000ea | Core Gen7; Xeon E3 v6 | CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000de | 000000ea | Core Gen8 Desktop, Mobile, Xeon E | CFL-S | B0 | 06-9e-0b/02 | 000000de | 000000ea | Core Gen8 | CFL-H/S | P0 | 06-9e-0c/22 | 000000de | 000000ea | Core Gen9 | CFL-H | R0 | 06-9e-0d/22 | 000000de | 000000ea | Core Gen9 Mobile | CML-H | R1 | 06-a5-02/20 | 000000e0 | 000000ea | Core Gen10 Mobile | CML-S62 | G1 | 06-a5-03/22 | 000000e0 | 000000ea | Core Gen10 | CML-S102 | Q0 | 06-a5-05/22 | 000000e0 | 000000ec | Core Gen10 | CML-U62 | A0 | 06-a6-00/80 | 000000e0 | 000000e8 | Core Gen10 Mobile | CML-U62 V2 | K0 | 06-a6-01/80 | 000000e0 | 000000ea | Core Gen10 Mobile Important SUSE bug 1179833 SUSE bug 1179836 SUSE bug 1179837 SUSE bug 1179839 CVE-2020-24489 at SUSE CVE-2020-24489 at NVD CVE-2020-24511 at SUSE CVE-2020-24511 at NVD CVE-2020-24512 at SUSE CVE-2020-24512 at NVD CVE-2020-24513 at SUSE CVE-2020-24513 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for containerd, docker, runc fixes the following issues: Docker was updated to 20.10.6-ce (bsc#1184768, bsc#1182947, bsc#1181594) * Switch version to use -ce suffix rather than _ce to avoid confusing other tools (bsc#1182476). * CVE-2021-21284: Fixed a potential privilege escalation when the root user in the remapped namespace has access to the host filesystem (bsc#1181732) * CVE-2021-21285: Fixed an issue where pulling a malformed Docker image manifest crashes the dockerd daemon (bsc#1181730). * btrfs quotas being removed by Docker regularly (bsc#1183855, bsc#1175081) runc was updated to v1.0.0~rc93 (bsc#1182451, bsc#1175821 bsc#1184962). * Use the upstream runc package (bsc#1181641, bsc#1181677, bsc#1175821). * Fixed /dev/null is not available (bsc#1168481). * CVE-2021-30465: Fixed a symlink-exchange attack vulnarability (bsc#1185405). containerd was updated to v1.4.4 * CVE-2021-21334: Fixed a potential information leak through environment variables (bsc#1183397). * Handle a requirement from docker (bsc#1181594). Important SUSE bug 1168481 SUSE bug 1175081 SUSE bug 1175821 SUSE bug 1181594 SUSE bug 1181641 SUSE bug 1181677 SUSE bug 1181730 SUSE bug 1181732 SUSE bug 1181749 SUSE bug 1182451 SUSE bug 1182476 SUSE bug 1182947 SUSE bug 1183024 SUSE bug 1183855 SUSE bug 1184768 SUSE bug 1184962 SUSE bug 1185405 CVE-2021-21284 at SUSE CVE-2021-21284 at NVD CVE-2021-21285 at SUSE CVE-2021-21285 at NVD CVE-2021-21334 at SUSE CVE-2021-21334 at NVD CVE-2021-30465 at SUSE CVE-2021-30465 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for libjpeg-turbo fixes the following issues: - CVE-2020-17541: Fixed a stack-based buffer overflow in the 'transform' component (bsc#1186764). Moderate SUSE bug 1186764 CVE-2020-17541 at SUSE CVE-2020-17541 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for salt fixes the following issues: Update to Salt release version 3002.2 (jsc#ECO-3212, jsc#SLE-18033, jsc#SLE-18028) - Check if dpkgnotify is executable (bsc#1186674) - Drop support for Python2. Obsoletes `python2-salt` package (jsc#SLE-18028) - virt module updates * network: handle missing ipv4 netmask attribute * more network support * PCI/USB host devices passthrough support - Set distro requirement to oldest supported version in requirements/base.txt - Bring missing part of async batch implementation back (CVE-2021-25315, bsc#1182382) - Always require `python3-distro` (bsc#1182293) - Remove deprecated warning that breaks minion execution when 'server_id_use_crc' opts is missing - Fix pkg states when DEB package has 'all' arch - Do not force beacons configuration to be a list. - Remove msgpack < 1.0.0 from base requirements (bsc#1176293) - msgpack support for version >= 1.0.0 (bsc#1171257) - Fix issue parsing errors in ansiblegate state module - Prevent command injection in the snapper module (bsc#1185281, CVE-2021-31607) - transactional_update: detect recursion in the executor - Add subpackage salt-transactional-update (jsc#SLE-18033) - Improvements on 'ansiblegate' module (bsc#1185092): * New methods: ansible.targets / ansible.discover_playbooks - Add support for Alibaba Cloud Linux 2 (Aliyun Linux) - Regression fix of salt-ssh on processing targets - Update target fix for salt-ssh and avoiding race condition on salt-ssh event processing (bsc#1179831, bsc#1182281) - Add notify beacon for Debian/Ubuntu systems - Fix zmq bug that causes salt-call to freeze (bsc#1181368) Critical SUSE bug 1171257 SUSE bug 1176293 SUSE bug 1179831 SUSE bug 1181368 SUSE bug 1182281 SUSE bug 1182293 SUSE bug 1182382 SUSE bug 1185092 SUSE bug 1185281 SUSE bug 1186674 CVE-2018-15750 at SUSE CVE-2018-15750 at NVD CVE-2018-15751 at SUSE CVE-2018-15751 at NVD CVE-2020-11651 at SUSE CVE-2020-11651 at NVD CVE-2020-11652 at SUSE CVE-2020-11652 at NVD CVE-2020-25592 at SUSE CVE-2020-25592 at NVD CVE-2021-25315 at SUSE CVE-2021-25315 at NVD CVE-2021-31607 at SUSE CVE-2021-31607 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for libnettle fixes the following issues: - CVE-2021-3580: Fixed a remote denial of service in the RSA decryption via manipulated ciphertext (bsc#1187060). Important SUSE bug 1187060 CVE-2021-3580 at SUSE CVE-2021-3580 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for ovmf fixes the following issues: - Fixed a possible buffer overflow in IScsiDxe (bsc#1186151) Important SUSE bug 1186151 cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for libgcrypt fixes the following issues: - CVE-2021-33560: Fixed a side-channel against ElGamal encryption, caused by missing exponent blinding (bsc#1187212). Important SUSE bug 1187212 CVE-2021-33560 at SUSE CVE-2021-33560 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for lua53 fixes the following issues: Update to version 5.3.6: - CVE-2020-24371: lgc.c mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage (bsc#1175449) - CVE-2020-24370: ldebug.c allows a negation overflow and segmentation fault in getlocal and setlocal (bsc#1175448) - Long brackets with a huge number of '=' overflow some internal buffer arithmetic. Moderate SUSE bug 1175448 SUSE bug 1175449 CVE-2020-24370 at SUSE CVE-2020-24370 at NVD CVE-2020-24371 at SUSE CVE-2020-24371 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-33200: Enforcing incorrect limits for pointer arithmetic operations by the BPF verifier could be abused to perform out-of-bounds reads and writes in kernel memory (bsc#1186484). - CVE-2021-33034: Fixed a use-after-free when destroying an hci_chan. This could lead to writing an arbitrary values. (bsc#1186111) - CVE-2020-26139: Fixed a denial-of-service when an Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. (bnc#1186062) - CVE-2021-23134: A Use After Free vulnerability in nfc sockets allowed local attackers to elevate their privileges. (bnc#1186060) - CVE-2021-3491: Fixed a potential heap overflow in mem_rw(). This vulnerability is related to the PROVIDE_BUFFERS operation, which allowed the MAX_RW_COUNT limit to be bypassed (bsc#1185642). - CVE-2021-32399: Fixed a race condition when removing the HCI controller (bnc#1184611). - CVE-2020-24586: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances this can be abused to inject arbitrary network packets and/or exfiltrate user data (bnc#1185859). - CVE-2020-24587: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed (bnc#1185859 bnc#1185862). - CVE-2020-26147: The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments, even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used (bnc#1185859). - CVE-2020-24588: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets. (bnc#1185861) - CVE-2020-26145: An issue was discovered with Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration. (bnc#1185860) - CVE-2020-26141: An issue was discovered in the ALFA driver for AWUS036H, where the Message Integrity Check (authenticity) of fragmented TKIP frames was not verified. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol. (bnc#1185987) The following non-security bugs were fixed: - ACPI / hotplug / PCI: Fix reference count leak in enable_slot() (git-fixes). - ACPI: GTDT: Do not corrupt interrupt mappings on watchdow probe failure (git-fixes). - ACPI: custom_method: fix a possible memory leak (git-fixes). - ACPI: custom_method: fix potential use-after-free issue (git-fixes). - ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro (git-fixes). - ALSA: bebob: enable to deliver MIDI messages for multiple ports (git-fixes). - ALSA: dice: fix stream format at middle sampling rate for Alesis iO 26 (git-fixes). - ALSA: dice: fix stream format for TC Electronic Konnekt Live at high sampling transfer frequency (git-fixes). - ALSA: firewire-lib: fix calculation for size of IR context payload (git-fixes). - ALSA: firewire-lib: fix check for the size of isochronous packet payload (git-fixes). - ALSA: hda/conexant: Re-order CX5066 quirk table entries (git-fixes). - ALSA: hda/realtek: ALC285 Thinkpad jack pin quirk is unreachable (git-fixes). - ALSA: hda/realtek: Add some CLOVE SSIDs of ALC293 (git-fixes). - ALSA: hda/realtek: Headphone volume is controlled by Front mixer (git-fixes). - ALSA: hda/realtek: reset eapd coeff to default value for alc287 (git-fixes). - ALSA: hda: fixup headset for ASUS GU502 laptop (git-fixes). - ALSA: hda: generic: change the DAC ctl name for LO+SPK or LO+HP (git-fixes). - ALSA: hdsp: do not disable if not enabled (git-fixes). - ALSA: hdspm: do not disable if not enabled (git-fixes). - ALSA: intel8x0: Do not update period unless prepared (git-fixes). - ALSA: line6: Fix racy initialization of LINE6 MIDI (git-fixes). - ALSA: rme9652: do not disable if not enabled (git-fixes). - ALSA: usb-audio: Validate MS endpoint descriptors (git-fixes). - ALSA: usb-audio: fix control-request direction (git-fixes). - ALSA: usb-audio: scarlett2: Fix device hang with ehci-pci (git-fixes). - ALSA: usb-audio: scarlett2: Improve driver startup messages (git-fixes). - ALSA: usb-audio: scarlett2: snd_scarlett_gen2_controls_create() can be static (git-fixes). - ARM64: vdso32: Install vdso32 from vdso_install (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Chuwi Hi8 tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Enable jack-detect support on Asus T100TAF (git-fixes). - ASoC: cs35l33: fix an error code in probe() (git-fixes). - ASoC: cs42l42: Regmap must use_single_read/write (git-fixes). - ASoC: rsnd: call rsnd_ssi_master_clk_start() from rsnd_ssi_init() (git-fixes). - ASoC: rsnd: core: Check convert rate in rsnd_hw_params (git-fixes). - ASoC: rt286: Generalize support for ALC3263 codec (git-fixes). - ASoC: rt286: Make RT286_SET_GPIO_* readable and writable (git-fixes). - Bluetooth: L2CAP: Fix handling LE modes by L2CAP_OPTIONS (git-fixes). - Bluetooth: SMP: Fail if remote and local public keys are identical (git-fixes). - Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default (git-fixes). - Bluetooth: check for zapped sk before connecting (git-fixes). - Bluetooth: initialize skb_queue_head at l2cap_chan_create() (git-fixes). - Drivers: hv: vmbus: Fix Suspend-to-Idle for Generation-2 VM (git-fixes). - Drivers: hv: vmbus: Increase wait time for VMbus unload (bsc#1185725). - Drivers: hv: vmbus: Initialize unload_event statically (bsc#1185725). - Drivers: hv: vmbus: Use after free in __vmbus_open() (git-fixes). - Input: elants_i2c - do not bind to i2c-hid compatible ACPI instantiated devices (git-fixes). - Input: silead - add workaround for x86 BIOS-es which bring the chip up in a stuck state (git-fixes). - KVM: s390: fix guarded storage control register handling (bsc#1133021). - Move upstreamed media fixes into sorted section - NFC: nci: fix memory leak in nci_allocate_device (git-fixes). - PCI/RCEC: Fix RCiEP device to RCEC association (git-fixes). - PCI: Allow VPD access for QLogic ISP2722 (git-fixes). - PCI: PM: Do not read power state in pci_enable_device_flags() (git-fixes). - PCI: Release OF node in pci_scan_device()'s error path (git-fixes). - PCI: endpoint: Fix missing destroy_workqueue() (git-fixes). - PCI: iproc: Fix return value of iproc_msi_irq_domain_alloc() (git-fixes). - PCI: thunder: Fix compile testing (git-fixes). - PM / devfreq: Use more accurate returned new_freq as resume_freq (git-fixes). - RDMA/addr: create addr_wq with WQ_MEM_RECLAIM flag (bsc#1183346). - RDMA/core: create ib_cm with WQ_MEM_RECLAIM flag (bsc#1183346). - RDMA/hns: Delete redundant abnormal interrupt status (git-fixes). - RDMA/hns: Delete redundant condition judgment related to eq (git-fixes). - RDMA/qedr: Fix error return code in qedr_iw_connect() (jsc#SLE-8215). - RDMA/srpt: Fix error return code in srpt_cm_req_recv() (git-fixes). - SUNRPC in case of backlog, hand free slots directly to waiting task (bsc#1185428). - SUNRPC: More fixes for backlog congestion (bsc#1185428). - USB: Add LPM quirk for Lenovo ThinkPad USB-C Dock Gen2 Ethernet (git-fixes). - USB: Add reset-resume quirk for WD19's Realtek Hub (git-fixes). - USB: serial: pl2303: add support for PL2303HXN (bsc#1186320). - USB: serial: pl2303: fix line-speed handling on newer chips (bsc#1186320). - USB: serial: ti_usb_3410_5052: fix TIOCSSERIAL permission check (git-fixes). - USB: trancevibrator: fix control-request direction (git-fixes). - amdgpu: avoid incorrect %hu format string (git-fixes). - arm64/mm: Fix pfn_valid() for ZONE_DEVICE based memory (git-fixes). - arm64: Add missing ISB after invalidating TLB in __primary_switch (git-fixes). - arm64: avoid -Woverride-init warning (git-fixes). - arm64: kasan: fix page_alloc tagging with DEBUG_VIRTUAL (git-fixes). - arm64: kdump: update ppos when reading elfcorehdr (git-fixes). - arm64: kexec_file: fix memory leakage in create_dtb() when fdt_open_into() fails (git-fixes). - arm64: link with -z norelro for LLD or aarch64-elf (git-fixes). - arm64: link with -z norelro regardless of CONFIG_RELOCATABLE (git-fixes). - arm64: ptrace: Fix seccomp of traced syscall -1 (NO_SYSCALL) (git-fixes). - arm64: ptrace: Use NO_SYSCALL instead of -1 in syscall_trace_enter() (git-fixes). - arm64: vdso32: make vdso32 install conditional (git-fixes). - arm: mm: use __pfn_to_section() to get mem_section (git-fixes). - ata: ahci: Disable SXS for Hisilicon Kunpeng920 (git-fixes). - blk-iocost: ioc_pd_free() shouldn't assume irq disabled (git-fixes). - blk-mq: Swap two calls in blk_mq_exit_queue() (git-fixes). - block/genhd: use atomic_t for disk_event->block (bsc#1185497). - block: Fix three kernel-doc warnings (git-fixes). - block: fix get_max_io_size() (git-fixes). - bnxt_en: Fix RX consumer index logic in the error path (git-fixes). - bnxt_en: fix ternary sign extension bug in bnxt_show_temp() (git-fixes). - bpf: Fix leakage of uninitialized bpf stack under speculation (bsc#1155518). - bpf: Fix masking negation logic upon negative dst register (bsc#1155518). - btrfs: fix race between transaction aborts and fsyncs leading to use-after-free (bsc#1186441). - btrfs: fix race when picking most recent mod log operation for an old root (bsc#1186439). - cdc-wdm: untangle a circular dependency between callback and softint (git-fixes). - cdrom: gdrom: deallocate struct gdrom_unit fields in remove_gdrom (git-fixes). - cdrom: gdrom: initialize global variable at init time (git-fixes). - ceph: do not clobber i_snap_caps on non-I_NEW inode (bsc#1186501). - ceph: fix inode leak on getattr error in __fh_to_dentry (bsc#1186501). - ceph: fix up error handling with snapdirs (bsc#1186501). - ceph: only check pool permissions for regular files (bsc#1186501). - cfg80211: scan: drop entry from hidden_list on overflow (git-fixes). - clk: socfpga: arria10: Fix memory leak of socfpga_clk on error return (git-fixes). - cpufreq: intel_pstate: Add Icelake servers support in no-HWP mode (bsc#1185758). - crypto: api - check for ERR pointers in crypto_destroy_tfm() (git-fixes). - crypto: mips/poly1305 - enable for all MIPS processors (git-fixes). - crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init (git-fixes). - crypto: qat - Fix a double free in adf_create_ring (git-fixes). - crypto: qat - do not release uninitialized resources (git-fixes). - crypto: qat - fix error path in adf_isr_resource_alloc() (git-fixes). - crypto: qat - fix unmap invalid dma address (git-fixes). - crypto: stm32/cryp - Fix PM reference leak on stm32-cryp.c (git-fixes). - crypto: stm32/hash - Fix PM reference leak on stm32-hash.c (git-fixes). - cxgb4: Fix unintentional sign extension issues (git-fixes). - dm: avoid filesystem lookup in dm_get_dev_t() (git-fixes). - dmaengine: dw-edma: Fix crash on loading/unloading driver (git-fixes). - docs: kernel-parameters: Add gpio_mockup_named_lines (git-fixes). - docs: kernel-parameters: Move gpio-mockup for alphabetic order (git-fixes). - drivers: hv: Fix whitespace errors (bsc#1185725). - drm/amd/display: Fix UBSAN warning for not a valid value for type '_Bool' (git-fixes). - drm/amd/display: Fix two cursor duplication when using overlay (git-fixes). - drm/amd/display: Force vsync flip when reconfiguring MPCC (git-fixes). - drm/amd/display: Reject non-zero src_y and src_x for video planes (git-fixes). - drm/amd/display: fix dml prefetch validation (git-fixes). - drm/amd/display: fixed divide by zero kernel crash during dsc enablement (git-fixes). - drm/amdgpu : Fix asic reset regression issue introduce by 8f211fe8ac7c4f (git-fixes). - drm/amdgpu: disable 3DCGCG on picasso/raven1 to avoid compute hang (git-fixes). - drm/amdgpu: fix NULL pointer dereference (git-fixes). - drm/amdgpu: mask the xgmi number of hops reported from psp to kfd (git-fixes). - drm/amdkfd: Fix cat debugfs hang_hws file causes system crash bug (git-fixes). - drm/i915: Avoid div-by-zero on gen2 (git-fixes). - drm/meson: fix shutdown crash when component not probed (git-fixes). - drm/msm/mdp5: Configure PP_SYNC_HEIGHT to double the vtotal (git-fixes). - drm/msm/mdp5: Do not multiply vclk line count by 100 (git-fixes). - drm/radeon/dpm: Disable sclk switching on Oland when two 4K 60Hz monitors are connected (git-fixes). - drm/radeon: Avoid power table parsing memory leaks (git-fixes). - drm/radeon: Fix off-by-one power_state index heap overwrite (git-fixes). - drm/vkms: fix misuse of WARN_ON (git-fixes). - drm: Added orientation quirk for OneGX1 Pro (git-fixes). - ethernet:enic: Fix a use after free bug in enic_hard_start_xmit (git-fixes). - extcon: arizona: Fix some issues when HPDET IRQ fires after the jack has been unplugged (git-fixes). - extcon: arizona: Fix various races on driver unbind (git-fixes). - fbdev: zero-fill colormap in fbcmap.c (git-fixes). - firmware: arm_scpi: Prevent the ternary sign expansion bug (git-fixes). - fs/epoll: restore waking from ep_done_scan() (bsc#1183868). - ftrace: Handle commands when closing set_ftrace_filter file (git-fixes). - futex: Change utime parameter to be 'const ... *' (git-fixes). - futex: Do not apply time namespace adjustment on FUTEX_LOCK_PI (bsc#1164648). - futex: Get rid of the val2 conditional dance (git-fixes). - futex: Make syscall entry points less convoluted (git-fixes). - genirq/irqdomain: Do not try to free an interrupt that has no (git-fixes) - genirq: Disable interrupts for force threaded handlers (git-fixes) - genirq: Reduce irqdebug cacheline bouncing (bsc#1185703 ltc#192641). - gpio: xilinx: Correct kernel doc for xgpio_probe() (git-fixes). - gpiolib: acpi: Add quirk to ignore EC wakeups on Dell Venue 10 Pro 5055 (git-fixes). - hrtimer: Update softirq_expires_next correctly after (git-fixes) - hwmon: (occ) Fix poll rate limiting (git-fixes). - i2c: Add I2C_AQ_NO_REP_START adapter quirk (git-fixes). - i2c: bail out early when RDWR parameters are wrong (git-fixes). - i2c: i801: Do not generate an interrupt on bus reset (git-fixes). - i2c: s3c2410: fix possible NULL pointer deref on read message after write (git-fixes). - i2c: sh_mobile: Use new clock calculation formulas for RZ/G2E (git-fixes). - i40e: Fix PHY type identifiers for 2.5G and 5G adapters (git-fixes). - i40e: Fix use-after-free in i40e_client_subtask() (git-fixes). - i40e: fix broken XDP support (git-fixes). - i40e: fix the restart auto-negotiation after FEC modified (git-fixes). - ibmvfc: Avoid move login if fast fail is enabled (bsc#1185938 ltc#192043). - ibmvfc: Handle move login failure (bsc#1185938 ltc#192043). - ibmvfc: Reinit target retries (bsc#1185938 ltc#192043). - ibmvnic: remove default label from to_string switch (bsc#1152457 ltc#174432 git-fixes). - ics932s401: fix broken handling of errors when word reading fails (git-fixes). - iio: adc: ad7124: Fix missbalanced regulator enable / disable on error (git-fixes). - iio: adc: ad7124: Fix potential overflow due to non sequential channel numbers (git-fixes). - iio: adc: ad7768-1: Fix too small buffer passed to iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: ad7793: Add missing error code in ad7793_setup() (git-fixes). - iio: gyro: fxas21002c: balance runtime power in error path (git-fixes). - iio: gyro: mpu3050: Fix reported temperature value (git-fixes). - iio: proximity: pulsedlight: Fix rumtime PM imbalance on error (git-fixes). - iio: tsl2583: Fix division by a zero lux_val (git-fixes). - intel_th: Consistency and off-by-one fix (git-fixes). - iommu/amd: Add support for map/unmap_resource (jsc#ECO-3482). - ipc/mqueue, msg, sem: Avoid relying on a stack reference past its expiry (bsc#1185988). - ipmi/watchdog: Stop watchdog timer when the current action is 'none' (bsc#1184855). - kernel-docs.spec.in: Build using an utf-8 locale. Sphinx cannot handle UTF-8 input in non-UTF-8 locale. - leds: lp5523: check return value of lp5xx_read and jump to cleanup code (git-fixes). - locking/seqlock: Tweak DEFINE_SEQLOCK() kernel doc (bsc#1176564 bsc#1162702). - lpfc: Decouple port_template and vport_template (bsc#185032). - mac80211: clear the beacon's CRC after channel switch (git-fixes). - md-cluster: fix use-after-free issue when removing rdev (bsc#1184082). - md/raid1: properly indicate failure when ending a failed write request (bsc#1185680). - md: do not flush workqueue unconditionally in md_open (bsc#1184081). - md: factor out a mddev_find_locked helper from mddev_find (bsc#1184081). - md: md_open returns -EBUSY when entering racing area (bsc#1184081). - md: split mddev_find (bsc#1184081). - media: adv7604: fix possible use-after-free in adv76xx_remove() (git-fixes). - media: drivers: media: pci: sta2x11: fix Kconfig dependency on GPIOLIB (git-fixes). - media: dvb-usb: fix memory leak in dvb_usb_adapter_init (git-fixes). - media: em28xx: fix memory leak (git-fixes). - media: gspca/sq905.c: fix uninitialized variable (git-fixes). - media: i2c: adv7511-v4l2: fix possible use-after-free in adv7511_remove() (git-fixes). - media: i2c: adv7842: fix possible use-after-free in adv7842_remove() (git-fixes). - media: i2c: tda1997: Fix possible use-after-free in tda1997x_remove() (git-fixes). - media: imx: capture: Return -EPIPE from __capture_legacy_try_fmt() (git-fixes). - media: ite-cir: check for receive overflow (git-fixes). - media: media/saa7164: fix saa7164_encoder_register() memory leak bugs (git-fixes). - media: platform: sti: Fix runtime PM imbalance in regs_show (git-fixes). - media: tc358743: fix possible use-after-free in tc358743_remove() (git-fixes). - mfd: arizona: Fix rumtime PM imbalance on error (git-fixes). - misc/uss720: fix memory leak in uss720_probe (git-fixes). - mlxsw: spectrum_mr: Update egress RIF list before route's action (git-fixes). - mm: memcontrol: fix cpuhotplug statistics flushing (bsc#1185606). - mmc: block: Update ext_csd.cache_ctrl if it was written (git-fixes). - mmc: core: Do a power cycle when the CMD11 fails (git-fixes). - mmc: core: Set read only for SD cards with permanent write protect bit (git-fixes). - mmc: sdhci-pci-gli: increase 1.8V regulator wait (git-fixes). - mmc: sdhci-pci: Add PCI IDs for Intel LKF (git-fixes). - mmc: sdhci-pci: Fix initialization of some SD cards for Intel BYT-based controllers (git-fixes). - mmc: sdhci: Check for reset prior to DMA address unmap (git-fixes). - net, xdp: Update pkt_type if generic XDP changes unicast MAC (git-fixes). - net: enetc: fix link error again (git-fixes). - net: hns3: Fix for geneve tx checksum bug (git-fixes). - net: hns3: add check for HNS3_NIC_STATE_INITED in hns3_reset_notify_up_enet() (git-fixes). - net: hns3: clear unnecessary reset request in hclge_reset_rebuild (git-fixes). - net: hns3: disable phy loopback setting in hclge_mac_start_phy (git-fixes). - net: hns3: fix for vxlan gpe tx checksum bug (git-fixes). - net: hns3: fix incorrect configuration for igu_egu_hw_err (git-fixes). - net: hns3: initialize the message content in hclge_get_link_mode() (git-fixes). - net: hns3: use netif_tx_disable to stop the transmit queue (git-fixes). - net: thunderx: Fix unintentional sign extension issue (git-fixes). - net: usb: fix memory leak in smsc75xx_bind (git-fixes). - net: xfrm: Localize sequence counter per network namespace (bsc#1185696). - net: xfrm: Use sequence counter with associated spinlock (bsc#1185696). - netdevice: Add missing IFF_PHONY_HEADROOM self-definition (git-fixes). - netfilter: conntrack: add new sysctl to disable RST check (bsc#1183947 bsc#1185950). - netfilter: conntrack: avoid misleading 'invalid' in log message (bsc#1183947 bsc#1185950). - netfilter: conntrack: improve RST handling when tuple is re-used (bsc#1183947 bsc#1185950). - nvme-core: add cancel tagset helpers (bsc#1183976). - nvme-fabrics: decode host pathing error for connect (bsc#1179827). - nvme-fc: check sgl supported by target (bsc#1179827). - nvme-fc: clear q_live at beginning of association teardown (bsc#1186479). - nvme-fc: return NVME_SC_HOST_ABORTED_CMD when a command has been aborted (bsc#1184259). - nvme-fc: set NVME_REQ_CANCELLED in nvme_fc_terminate_exchange() (bsc#1184259). - nvme-fc: short-circuit reconnect retries (bsc#1179827). - nvme-multipath: fix double initialization of ANA state (bsc#1178612, bsc#1184259). - nvme-multipath: reset bdev to ns head when failover (bsc#178378 bsc#1182999). - nvme-pci: Remove tag from process cq (git-fixes). - nvme-pci: Remove two-pass completions (git-fixes). - nvme-pci: Simplify nvme_poll_irqdisable (git-fixes). - nvme-pci: align io queue count with allocted nvme_queue in (git-fixes). - nvme-pci: avoid race between nvme_reap_pending_cqes() and nvme_poll() (git-fixes). - nvme-pci: dma read memory barrier for completions (git-fixes). - nvme-pci: fix 'slimmer CQ head update' (git-fixes). - nvme-pci: make sure write/poll_queues less or equal then cpu (git-fixes). - nvme-pci: remove last_sq_tail (git-fixes). - nvme-pci: remove volatile cqes (git-fixes). - nvme-pci: slimmer CQ head update (git-fixes). - nvme-pci: use simple suspend when a HMB is enabled (git-fixes). - nvme-tcp: Fix possible race of io_work and direct send (git-fixes). - nvme-tcp: Fix warning with CONFIG_DEBUG_PREEMPT (git-fixes). - nvme-tcp: add clean action for failed reconnection (bsc#1183976). - nvme-tcp: fix kconfig dependency warning when !CRYPTO (git-fixes). - nvme-tcp: fix misuse of __smp_processor_id with preemption (git-fixes). - nvme-tcp: fix possible hang waiting for icresp response (bsc#1179519). - nvme-tcp: use cancel tagset helper for tear down (bsc#1183976). - nvme: Fix NULL dereference for pci nvme controllers (bsc#1182378). - nvme: add 'kato' sysfs attribute (bsc#1179825). - nvme: add NVME_REQ_CANCELLED flag in nvme_cancel_request() (bsc#1184259). - nvme: define constants for identification values (git-fixes). - nvme: do not intialize hwmon for discovery controllers (bsc#1184259). - nvme: do not intialize hwmon for discovery controllers (git-fixes). - nvme: document nvme controller states (git-fixes). - nvme: explicitly update mpath disk capacity on revalidation (git-fixes). - nvme: expose reconnect_delay and ctrl_loss_tmo via sysfs (bsc#1182378). - nvme: fix controller instance leak (git-fixes). - nvme: fix deadlock in disconnect during scan_work and/or ana_work (git-fixes). - nvme: fix possible deadlock when I/O is blocked (git-fixes). - nvme: remove superfluous else in nvme_ctrl_loss_tmo_store (bsc#1182378). - nvme: retrigger ANA log update if group descriptor isn't found (git-fixes) - nvme: sanitize KATO setting (bsc#1179825). - nvme: simplify error logic in nvme_validate_ns() (bsc#1184259). - nvmet: fix a memory leak (git-fixes). - nvmet: seset ns->file when open fails (bsc#1183873). - nvmet: use new ana_log_size instead the old one (bsc#1184259). - nxp-i2c: restore includes for kABI (bsc#1185589). - nxp-nci: add NXP1002 id (bsc#1185589). - phy: phy-twl4030-usb: Fix possible use-after-free in twl4030_usb_remove() (git-fixes). - pinctrl: ingenic: Improve unreachable code generation (git-fixes). - pinctrl: samsung: use 'int' for register masks in Exynos (git-fixes). - platform/mellanox: mlxbf-tmfifo: Fix a memory barrier issue (git-fixes). - platform/x86: intel_pmc_core: Do not use global pmcdev in quirks (git-fixes). - platform/x86: thinkpad_acpi: Correct thermal sensor allocation (git-fixes). - posix-timers: Preserve return value in clock_adjtime32() (git-fixes) - power: supply: Use IRQF_ONESHOT (git-fixes). - power: supply: generic-adc-battery: fix possible use-after-free in gab_remove() (git-fixes). - power: supply: s3c_adc_battery: fix possible use-after-free in s3c_adc_bat_remove() (git-fixes). - powerpc/64s: Fix crashes when toggling entry flush barrier (bsc#1177666 git-fixes). - powerpc/64s: Fix crashes when toggling stf barrier (bsc#1087082 git-fixes). - qtnfmac: Fix possible buffer overflow in qtnf_event_handle_external_auth (git-fixes). - rtc: pcf2127: handle timestamp interrupts (bsc#1185495). - s390/dasd: fix hanging DASD driver unbind (bsc#1183932 LTC#192153). - s390/entry: save the caller of psw_idle (bsc#1185677). - s390/kdump: fix out-of-memory with PCI (bsc#1182257 LTC#191375). - sched/eas: Do not update misfit status if the task is pinned (git-fixes) - sched/fair: Avoid stale CPU util_est value for schedutil in (git-fixes) - sched/fair: Fix unfairness caused by missing load decay (git-fixes) - scripts/git_sort/git_sort.py: add bpf git repo - scsi: core: Run queue in case of I/O resource contention failure (bsc#1186416). - scsi: fnic: Kill 'exclude_id' argument to fnic_cleanup_io() (bsc#1179851). - scsi: libfc: Avoid invoking response handler twice if ep is already completed (bsc#1186573). - scsi: lpfc: Add a option to enable interlocked ABTS before job completion (bsc#1186451). - scsi: lpfc: Add ndlp kref accounting for resume RPI path (bsc#1186451). - scsi: lpfc: Fix 'Unexpected timeout' error in direct attach topology (bsc#1186451). - scsi: lpfc: Fix Node recovery when driver is handling simultaneous PLOGIs (bsc#1186451). - scsi: lpfc: Fix bad memory access during VPD DUMP mailbox command (bsc#1186451). - scsi: lpfc: Fix crash when lpfc_sli4_hba_setup() fails to initialize the SGLs (bsc#1186451). - scsi: lpfc: Fix node handling for Fabric Controller and Domain Controller (bsc#1186451). - scsi: lpfc: Fix non-optimized ERSP handling (bsc#1186451). - scsi: lpfc: Fix unreleased RPIs when NPIV ports are created (bsc#1186451). - scsi: lpfc: Ignore GID-FT response that may be received after a link flip (bsc#1186451). - scsi: lpfc: Reregister FPIN types if ELS_RDF is received from fabric controller (bsc#1186451). - scsi: lpfc: Update lpfc version to 12.8.0.10 (bsc#1186451). - sctp: delay auto_asconf init until binding the first addr - seqlock,lockdep: Fix seqcount_latch_init() (bsc#1176564 bsc#1162702). - serial: core: fix suspicious security_locked_down() call (git-fixes). - serial: core: return early on unsupported ioctls (git-fixes). - serial: sh-sci: Fix off-by-one error in FIFO threshold register setting (git-fixes). - serial: stm32: fix incorrect characters on console (git-fixes). - serial: stm32: fix tx_empty condition (git-fixes). - serial: tegra: Fix a mask operation that is always true (git-fixes). - smc: disallow TCP_ULP in smc_setsockopt() (git-fixes). - spi: ath79: always call chipselect function (git-fixes). - spi: ath79: remove spi-master setup and cleanup assignment (git-fixes). - spi: dln2: Fix reference leak to master (git-fixes). - spi: omap-100k: Fix reference leak to master (git-fixes). - spi: qup: fix PM reference leak in spi_qup_remove() (git-fixes). - spi: spi-fsl-dspi: Fix a resource leak in an error handling path (git-fixes). - staging: emxx_udc: fix loop in _nbu2ss_nuke() (git-fixes). - staging: iio: cdc: ad7746: avoid overwrite of num_channels (git-fixes). - tcp: fix to update snd_wl1 in bulk receiver fast path - thermal/drivers/ti-soc-thermal/bandgap Remove unused variable 'val' (git-fixes). - thunderbolt: dma_port: Fix NVM read buffer bounds and offset issue (git-fixes). - tracing: Map all PIDs to command lines (git-fixes). - tty: amiserial: fix TIOCSSERIAL permission check (git-fixes). - tty: fix memory leak in vc_deallocate (git-fixes). - tty: moxa: fix TIOCSSERIAL jiffies conversions (git-fixes). - tty: moxa: fix TIOCSSERIAL permission check (git-fixes). - uio: uio_hv_generic: use devm_kzalloc() for private data alloc (git-fixes). - uio_hv_generic: Fix a memory leak in error handling paths (git-fixes). - uio_hv_generic: Fix another memory leak in error handling paths (git-fixes). - uio_hv_generic: add missed sysfs_remove_bin_file (git-fixes). - usb: core: hub: Fix PM reference leak in usb_port_resume() (git-fixes). - usb: core: hub: fix race condition about TRSMRCY of resume (git-fixes). - usb: dwc2: Fix gadget DMA unmap direction (git-fixes). - usb: dwc3: gadget: Enable suspend events (git-fixes). - usb: dwc3: gadget: Return success always for kick transfer in ep queue (git-fixes). - usb: dwc3: omap: improve extcon initialization (git-fixes). - usb: dwc3: pci: Enable usb2-gadget-lpm-disable for Intel Merrifield (git-fixes). - usb: fotg210-hcd: Fix an error message (git-fixes). - usb: gadget/function/f_fs string table fix for multiple languages (git-fixes). - usb: gadget: dummy_hcd: fix gpf in gadget_setup (git-fixes). - usb: gadget: f_uac1: validate input parameters (git-fixes). - usb: gadget: f_uac2: validate input parameters (git-fixes). - usb: gadget: udc: renesas_usb3: Fix a race in usb3_start_pipen() (git-fixes). - usb: gadget: uvc: add bInterval checking for HS mode (git-fixes). - usb: musb: fix PM reference leak in musb_irq_work() (git-fixes). - usb: sl811-hcd: improve misleading indentation (git-fixes). - usb: webcam: Invalid size of Processing Unit Descriptor (git-fixes). - usb: xhci: Fix port minor revision (git-fixes). - usb: xhci: Increase timeout for HC halt (git-fixes). - vgacon: Record video mode changes with VT_RESIZEX (git-fixes). - video: hyperv_fb: Add ratelimit on error message (bsc#1185725). - vrf: fix a comment about loopback device (git-fixes). - watchdog/softlockup: Remove obsolete check of last reported task (bsc#1185982). - watchdog/softlockup: report the overall time of softlockups (bsc#1185982). - watchdog: explicitly update timestamp when reporting softlockup (bsc#1185982). - watchdog: rename __touch_watchdog() to a better descriptive name (bsc#1185982). - whitespace cleanup - wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join (git-fixes). - wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt (git-fixes). - workqueue: Minor follow-ups to the rescuer destruction change (bsc#1185911). - workqueue: more destroy_workqueue() fixes (bsc#1185911). - x86/cpu: Initialize MSR_TSC_AUX if RDTSCP *or* RDPID is supported (bsc#1152489). - xhci: Do not use GFP_KERNEL in (potentially) atomic context (git-fixes). - xhci: check control context is valid before dereferencing it (git-fixes). - xhci: fix potential array out of bounds with several interrupters (git-fixes). - xsk: Respect device's headroom and tailroom on generic xmit path (git-fixes). Important SUSE bug 1087082 SUSE bug 1133021 SUSE bug 1152457 SUSE bug 1152489 SUSE bug 1155518 SUSE bug 1156395 SUSE bug 1162702 SUSE bug 1164648 SUSE bug 1176564 SUSE bug 1177666 SUSE bug 1178418 SUSE bug 1178612 SUSE bug 1179827 SUSE bug 1179851 SUSE bug 1182378 SUSE bug 1182999 SUSE bug 1183346 SUSE bug 1183868 SUSE bug 1183873 SUSE bug 1183932 SUSE bug 1183947 SUSE bug 1184081 SUSE bug 1184082 SUSE bug 1184611 SUSE bug 1184855 SUSE bug 1185428 SUSE bug 1185497 SUSE bug 1185589 SUSE bug 1185606 SUSE bug 1185645 SUSE bug 1185677 SUSE bug 1185680 SUSE bug 1185696 SUSE bug 1185703 SUSE bug 1185725 SUSE bug 1185758 SUSE bug 1185859 SUSE bug 1185861 SUSE bug 1185863 SUSE bug 1185898 SUSE bug 1185899 SUSE bug 1185911 SUSE bug 1185938 SUSE bug 1185987 SUSE bug 1185988 SUSE bug 1186061 SUSE bug 1186285 SUSE bug 1186320 SUSE bug 1186439 SUSE bug 1186441 SUSE bug 1186460 SUSE bug 1186498 SUSE bug 1186501 SUSE bug 1186573 CVE-2020-24586 at SUSE CVE-2020-24586 at NVD CVE-2020-24587 at SUSE CVE-2020-24587 at NVD CVE-2020-24588 at SUSE CVE-2020-24588 at NVD CVE-2020-26139 at SUSE CVE-2020-26139 at NVD CVE-2020-26141 at SUSE CVE-2020-26141 at NVD CVE-2020-26145 at SUSE CVE-2020-26145 at NVD CVE-2020-26147 at SUSE CVE-2020-26147 at NVD CVE-2021-23134 at SUSE CVE-2021-23134 at NVD CVE-2021-32399 at SUSE CVE-2021-32399 at NVD CVE-2021-33034 at SUSE CVE-2021-33034 at NVD CVE-2021-33200 at SUSE CVE-2021-33200 at NVD CVE-2021-3491 at SUSE CVE-2021-3491 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for qemu fixes the following issues: Security issues fixed: - CVE-2021-3546: Fix out-of-bounds write in virgl_cmd_get_capset (bsc#1185981) - CVE-2021-3544: Fix memory leaks found in the virtio vhost-user GPU device (bsc#1186010) - CVE-2021-3545: Fix information disclosure due to uninitialized memory read (bsc#1185990) Non-security issues fixed: - Fix testsuite error (bsc#1184574) - Fix qemu crash with iothread when block commit after snapshot (bsc#1187013) - Fix qemu hang while cancelling migrating hugepage vm (bsc#1185591) - Use RCU to avoid race during scsi hotplug/hotunplug (bsc#1184574) Moderate SUSE bug 1184574 SUSE bug 1185591 SUSE bug 1185981 SUSE bug 1185990 SUSE bug 1186010 SUSE bug 1187013 CVE-2021-3544 at SUSE CVE-2021-3544 at NVD CVE-2021-3545 at SUSE CVE-2021-3545 at NVD CVE-2021-3546 at SUSE CVE-2021-3546 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for dbus-1 fixes the following issues: - CVE-2020-35512: Fixed a use-after-free or potential undefined behaviour caused by shared UID's (bsc#1187105) Important SUSE bug 1187105 CVE-2020-35512 at SUSE CVE-2020-35512 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for sqlite3 fixes the following issues: - Update to version 3.36.0 - CVE-2020-15358: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization (bsc#1173641) - CVE-2020-9327: NULL pointer dereference and segmentation fault because of generated column optimizations in isAuxiliaryVtabOperator (bsc#1164719) - CVE-2019-20218: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error (bsc#1160439) - CVE-2019-19959: memory-management error via ext/misc/zipfile.c involving embedded '\0' input (bsc#1160438) - CVE-2019-19923: improper handling of certain uses of SELECT DISTINCT in flattenSubquery may lead to null pointer dereference (bsc#1160309) - CVE-2019-19924: improper error handling in sqlite3WindowRewrite() (bsc#1159850) - CVE-2019-19925: improper handling of NULL pathname during an update of a ZIP archive (bsc#1159847) - CVE-2019-19926: improper handling of certain errors during parsing multiSelect in select.c (bsc#1159715) - CVE-2019-19880: exprListAppendList in window.c allows attackers to trigger an invalid pointer dereference (bsc#1159491) - CVE-2019-19603: during handling of CREATE TABLE and CREATE VIEW statements, does not consider confusion with a shadow table name (bsc#1158960) - CVE-2019-19646: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns (bsc#1158959) - CVE-2019-19645: alter.c allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements (bsc#1158958) - CVE-2019-19317: lookupName in resolve.c omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service (bsc#1158812) - CVE-2019-19244: sqlite3,sqlite2,sqlite: The function sqlite3Select in select.c allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage (bsc#1157818) - CVE-2015-3415: sqlite3VdbeExec comparison operator vulnerability (bsc#928701) - CVE-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names (bsc#928700) - CVE-2020-13434: integer overflow in sqlite3_str_vappendf (bsc#1172115) - CVE-2020-13630: (bsc#1172234: use-after-free in fts3EvalNextRow - CVE-2020-13631: virtual table allowed to be renamed to one of its shadow tables (bsc#1172236) - CVE-2020-13632: NULL pointer dereference via crafted matchinfo() query (bsc#1172240) - CVE-2020-13435: Malicious SQL statements could have crashed the process that is running SQLite (bsc#1172091) Important SUSE bug 1157818 SUSE bug 1158812 SUSE bug 1158958 SUSE bug 1158959 SUSE bug 1158960 SUSE bug 1159491 SUSE bug 1159715 SUSE bug 1159847 SUSE bug 1159850 SUSE bug 1160309 SUSE bug 1160438 SUSE bug 1160439 SUSE bug 1164719 SUSE bug 1172091 SUSE bug 1172115 SUSE bug 1172234 SUSE bug 1172236 SUSE bug 1172240 SUSE bug 1173641 SUSE bug 928700 SUSE bug 928701 CVE-2015-3414 at SUSE CVE-2015-3414 at NVD CVE-2015-3415 at SUSE CVE-2015-3415 at NVD CVE-2019-19244 at SUSE CVE-2019-19244 at NVD CVE-2019-19317 at SUSE CVE-2019-19317 at NVD CVE-2019-19603 at SUSE CVE-2019-19603 at NVD CVE-2019-19645 at SUSE CVE-2019-19645 at NVD CVE-2019-19646 at SUSE CVE-2019-19646 at NVD CVE-2019-19880 at SUSE CVE-2019-19880 at NVD CVE-2019-19923 at SUSE CVE-2019-19923 at NVD CVE-2019-19924 at SUSE CVE-2019-19924 at NVD CVE-2019-19925 at SUSE CVE-2019-19925 at NVD CVE-2019-19926 at SUSE CVE-2019-19926 at NVD CVE-2019-19959 at SUSE CVE-2019-19959 at NVD CVE-2019-20218 at SUSE CVE-2019-20218 at NVD CVE-2020-13434 at SUSE CVE-2020-13434 at NVD CVE-2020-13435 at SUSE CVE-2020-13435 at NVD CVE-2020-13630 at SUSE CVE-2020-13630 at NVD CVE-2020-13631 at SUSE CVE-2020-13631 at NVD CVE-2020-13632 at SUSE CVE-2020-13632 at NVD CVE-2020-15358 at SUSE CVE-2020-15358 at NVD CVE-2020-9327 at SUSE CVE-2020-9327 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3573: Fixed an UAF vulnerability in function that can allow attackers to corrupt kernel heaps and adopt further exploitations. (bsc#1186666) - CVE-2021-0605: Fixed an out-of-bounds read which could lead to local information disclosure in the kernel with System execution privileges needed. (bsc#1187601) - CVE-2021-0512: Fixed a possible out-of-bounds write which could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1187595) - CVE-2021-33624: Fixed a bug which allows unprivileged BPF program to leak the contents of arbitrary kernel memory (and therefore, of all physical memory) via a side-channel. (bsc#1187554) - CVE-2021-34693: Fixed a bug in net/can/bcm.c which could allow local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized. (bsc#1187452) - CVE-2021-0129: Fixed improper access control in BlueZ that may have allowed an authenticated user to potentially enable information disclosure via adjacent access (bnc#1186463). - CVE-2020-36385: Fixed a use-after-free via the ctx_list in some ucma_migrate_id situations where ucma_close is called (bnc#1187050). - CVE-2020-26558: Fixed Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 (bnc#1179610, bnc#1186463). - CVE-2020-36386: Fixed an out-of-bounds read issue in hci_extended_inquiry_result_evt (bnc#1187038). The following non-security bugs were fixed: - acpica: Clean up context mutex during object deletion (git-fixes). - alsa: hda/cirrus: Set Initial DMIC volume to -26 dB (git-fixes). - alsa: hda: Fix for mute key LED for HP Pavilion 15-CK0xx (git-fixes). - alsa: timer: Fix master timer notification (git-fixes). - alx: Fix an error handling path in 'alx_probe()' (git-fixes). - arch: Add arch-dependent support markers in supported.conf (bsc#1186672) - arch: Add the support for kernel-FLAVOR-optional subpackage (jsc#SLE-11796) - ASoC: Intel: bytcr_rt5640: Add quirk for the Glavey TM800A550L tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Lenovo Miix 3-830 tablet (git-fixes). - ASoC: max98088: fix ni clock divider calculation (git-fixes). - ASoC: rt5659: Fix the lost powers for the HDA header (git-fixes). - ASoC: sti-sas: add missing MODULE_DEVICE_TABLE (git-fixes). - ath6kl: return error code in ath6kl_wmi_set_roam_lrssi_cmd() (git-fixes). - batman-adv: Avoid WARN_ON timing related checks (git-fixes). - be2net: Fix an error handling path in 'be_probe()' (git-fixes). - blk-settings: align max_sectors on 'logical_block_size' boundary (bsc#1185195). - block: Discard page cache of zone reset target range (bsc#1187402). - block: return the correct bvec when checking for gaps (bsc#1187143). - block: return the correct bvec when checking for gaps (bsc#1187144). - bluetooth: fix the erroneous flush_work() order (git-fixes). - bluetooth: use correct lock to prevent UAF of hdev object (git-fixes). - bnxt_en: Call bnxt_ethtool_free() in bnxt_init_one() error path (jsc#SLE-8371 bsc#1153274). - bnxt_en: Fix TQM fastpath ring backing store computation (jsc#SLE-8371 bsc#1153274). - bnxt_en: Rediscover PHY capabilities after firmware reset (jsc#SLE-8371 bsc#1153274). - bpfilter: Specify the log level for the kmsg message (bsc#1155518). - brcmfmac: properly check for bus register errors (git-fixes). - btrfs: open device without device_list_mutex (bsc#1176771). - bus: ti-sysc: Fix flakey idling of uarts and stop using swsup_sidle_act (git-fixes). - can: mcba_usb: fix memory leak in mcba_usb (git-fixes). - ceph: must hold snap_rwsem when filling inode for async create (bsc#1187927). - cfg80211: avoid double free of PMSR request (git-fixes). - cfg80211: make certificate generation more robust (git-fixes). - cgroup1: do not allow '\n' in renaming (bsc#1187972). - char: hpet: add checks after calling ioremap (git-fixes). - CPU: Startup failed when SNC (sub-numa cluster) is enabled with 3 NIC add-on cards installed (bsc#1187263). - cxgb4: avoid accessing registers when clearing filters (git-fixes). - cxgb4: avoid link re-train during TC-MQPRIO configuration (jsc#SLE-8389). - cxgb4: fix wrong shift (git-fixes). - dax: Add a wakeup mode parameter to put_unlocked_entry() (bsc#1187411). - dax: Add an enum for specifying dax wakup mode (bsc#1187411). - dax: fix ENOMEM handling in grab_mapping_entry() (bsc#1184212). - dax: Wake up all waiters after invalidating dax entry (bsc#1187411). - dmaengine: ALTERA_MSGDMA depends on HAS_IOMEM (git-fixes). - dmaengine: pl330: fix wrong usage of spinlock flags in dma_cyclc (git-fixes). - dmaengine: qcom_hidma: comment platform_driver_register call (git-fixes). - dmaengine: QCOM_HIDMA_MGMT depends on HAS_IOMEM (git-fixes). - dmaengine: stedma40: add missing iounmap() on error in d40_probe() (git-fixes). - drm/amd/amdgpu: fix a potential deadlock in gpu reset (git-fixes). - drm/amd/amdgpu: fix refcount leak (git-fixes). - drm/amd/display: Allow bandwidth validation for 0 streams (git-fixes). - drm/amd/display: Disconnect non-DP with no EDID (git-fixes). - drm/amdgpu: Fix a use-after-free (git-fixes). - drm/amdgpu: make sure we unpin the UVD BO (git-fixes). - drm/tegra: sor: Do not leak runtime PM reference (git-fixes). - drm: Fix use-after-free read in drm_getunique() (git-fixes). - drm: Lock pointer access in drm_master_release() (git-fixes). - dt-bindings: reset: meson8b: fix duplicate reset IDs (git-fixes). - efi: Allow EFI_MEMORY_XP and EFI_MEMORY_RO both to be cleared (git-fixes). - efi: cper: fix snprintf() use in cper_dimm_err_location() (git-fixes). - ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed (bsc#1187408). - ext4: fix check to prevent false positive report of incorrect used inodes (bsc#1187404). - ext4: fix error code in ext4_commit_super (bsc#1187407). - ext4: fix memory leak in ext4_fill_super (bsc#1187409). - FCOE: fcoe_wwn_from_mac kABI fix (bsc#1187886). - fs/nfs: Use fatal_signal_pending instead of signal_pending (git-fixes). - fs: fix reporting supported extra file attributes for statx() (bsc#1187410). - ftrace: Do not blindly read the ip address in ftrace_bug() (git-fixes). - ftrace: Free the trampoline when ftrace_startup() fails (git-fixes). - fuse: BUG_ON correction in fuse_dev_splice_write() (bsc#1187356). - gpio: cadence: Add missing MODULE_DEVICE_TABLE (git-fixes). - gpu: Enable CONFIG_PCI_PF_STUB for Nvidia Ampere vGPU support (jsc#SLE-17882 jsc#ECO-3691) - gve: Add NULL pointer checks when freeing irqs (git-fixes). - gve: Correct SKB queue index validation (git-fixes). - gve: Upgrade memory barrier in poll routine (git-fixes). - HID: Add BUS_VIRTUAL to hid_connect logging (git-fixes). - HID: gt683r: add missing MODULE_DEVICE_TABLE (git-fixes). - HID: hid-input: add mapping for emoji picker key (git-fixes). - HID: hid-sensor-hub: Return error for hid_set_field() failure (git-fixes). - HID: i2c-hid: fix format string mismatch (git-fixes). - HID: i2c-hid: Skip ELAN power-on command after reset (git-fixes). - HID: magicmouse: fix NULL-deref on disconnect (git-fixes). - HID: multitouch: require Finger field to mark Win8 reports as MT (git-fixes). - HID: pidff: fix error return code in hid_pidff_init() (git-fixes). - HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for Saitek X65 (git-fixes). - HID: usbhid: fix info leak in hid_submit_ctrl (git-fixes). - HID: usbhid: Fix race between usbhid_close() and usbhid_stop() (git-fixes). - hwmon: (dell-smm-hwmon) Fix index values (git-fixes). - hwmon: (scpi-hwmon) shows the negative temperature properly (git-fixes). - i2c: mpc: Make use of i2c_recover_bus() (git-fixes). - i2c: qcom-geni: Suspend and resume the bus during SYSTEM_SLEEP_PM ops (git-fixes). - ice: add ndo_bpf callback for safe mode netdev ops (jsc#SLE-7926). - ice: Allow all LLDP packets from PF to Tx (jsc#SLE-7926). - ice: Fix VFR issues for AVF drivers that expect ATQLEN cleared (git-fixes). - isdn: mISDN: correctly handle ph_info allocation failure in hfcsusb_ph_info (git-fixes). - isdn: mISDN: netjet: Fix crash in nj_probe: (git-fixes). - isdn: mISDNinfineon: check/cleanup ioremap failure correctly in setup_io (git-fixes). - ixgbe: fix large MTU request from VF (git-fixes). - kABI workaround for struct lis3lv02d change (git-fixes). - kernel-binary.spec.in: Add Supplements: for -extra package on Leap kernel-$flavor-extra should supplement kernel-$flavor on Leap, like it does on SLED, and like the kernel-$flavor-optional package does. - kernel-binary.spec.in: build-id check requires elfutils. - kernel-binary.spec.in: Regenerate makefile when not using mkmakefile. - kernel-binary.spec: Only use mkmakefile when it exists Linux 5.13 no longer had a mkmakefile script - kernel: kexec_file: fix error return code of kexec_calculate_store_digests() (git-fixes). - kthread: prevent deadlock when kthread_mod_delayed_work() races with kthread_cancel_delayed_work_sync() (bsc#1187867). - kthread_worker: split code for canceling the delayed work timer (bsc#1187867). - kyber: fix out of bounds access when preempted (bsc#1187403). - lib: vdso: Remove CROSS_COMPILE_COMPAT_VDSO (bsc#1164648,jsc#SLE-11493). - libertas: register sysfs groups properly (git-fixes). - locking/mutex: clear MUTEX_FLAGS if wait_list is empty due to signal (git-fixes). - md: Fix missing unused status line of /proc/mdstat (git-fixes). - media: dvb: Add check on sp8870_readreg return (git-fixes). - media: dvb: Add check on sp8870_readreg return (git-fixes). - media: gspca: mt9m111: Check write_bridge for timeout (git-fixes). - media: gspca: mt9m111: Check write_bridge for timeout (git-fixes). - media: gspca: properly check for errors in po1030_probe() (git-fixes). - media: gspca: properly check for errors in po1030_probe() (git-fixes). - media: mtk-mdp: Check return value of of_clk_get (git-fixes). - media: mtk-mdp: Fix a refcounting bug on error in init (git-fixes). - media: s5p-g2d: Fix a memory leak in an error handling path in 'g2d_probe()' (git-fixes). - mei: request autosuspend after sending rx flow control (git-fixes). - mmc: meson-gx: use memcpy_to/fromio for dram-access-quirk (git-fixes). - module: limit enabling module.sig_enforce (git-fixes). - net/mlx4: Fix EEPROM dump support (git-fixes). - net/mlx5: Consider RoCE cap before init RDMA resources (git-fixes). - net/mlx5: DR, Create multi-destination flow table with level less than 64 (jsc#SLE-8464). - net/mlx5: Fix PBMC register mapping (git-fixes). - net/mlx5: Fix placement of log_max_flow_counter (git-fixes). - net/mlx5: Fix sleep while atomic in mlx5_eswitch_get_vepa (git-fixes). - net/mlx5e: Block offload of outer header csum for UDP tunnels (git-fixes). - net/mlx5e: Fix multipath lag activation (git-fixes). - net/mlx5e: Fix nullptr in add_vlan_push_action() (git-fixes). - net/mlx5e: Fix page reclaim for dead peer hairpin (git-fixes). - net/mlx5e: Remove dependency in IPsec initialization flows (git-fixes). - net/nfc/rawsock.c: fix a permission check bug (git-fixes). - net/sched: act_ct: handle DNAT tuple collision (bsc#1154353). - net/x25: Return the correct errno code (git-fixes). - net: bnx2: Fix error return code in bnx2_init_board() (git-fixes). - net: fix iteration for sctp transport seq_files (git-fixes). - net: hns3: Limiting the scope of vector_ring_chain variable (git-fixes). - net: hns3: put off calling register_netdev() until client initialize complete (bsc#1154353). - net: mvpp2: add mvpp2_phylink_to_port() helper (bsc#1187171). - netxen_nic: Fix an error handling path in 'netxen_nic_probe()' (git-fixes). - nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect (git-fixes). - NFC: SUSE specific brutal fix for runtime PM (bsc#1185589). - NFS: Deal correctly with attribute generation counter overflow (git-fixes). - NFS: Do not corrupt the value of pg_bytes_written in nfs_do_recoalesce() (git-fixes). - NFS: Do not discard pNFS layout segments that are marked for return (git-fixes). - NFS: Do not gratuitously clear the inode cache when lookup failed (git-fixes). - NFS: Do not revalidate the directory permissions on a lookup failure (git-fixes). - NFS: Fix a potential NULL dereference in nfs_get_client() (git-fixes). - NFS: fix an incorrect limit in filelayout_decode_layout() (git-fixes). - NFS: Fix an Oopsable condition in __nfs_pageio_add_request() (git-fixes). - NFS: Fix use-after-free in nfs4_init_client() (git-fixes). - nfsd: register pernet ops last, unregister first (git-fixes). - NFSD: Repair misuse of sv_lock in 5.10.16-rt30 (git-fixes). - NFSv4.2 fix handling of sr_eof in SEEK's reply (git-fixes). - NFSv4.2: Always flush out writes in nfs42_proc_fallocate() (git-fixes). - NFSv4.2: fix return value of _nfs4_get_security_label() (git-fixes). - NFSv4: Do not discard segments marked for return in _pnfs_return_layout() (git-fixes). - NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return() (git-fixes). - NFSv4: Fix deadlock between nfs4_evict_inode() and nfs4_opendata_get_inode() (git-fixes). - NFSv4: Fix v4.0/v4.1 SEEK_DATA return -ENOTSUPP when set NFS_V4_2 config (git-fixes). - ocfs2: fix data corruption by fallocate (bsc#1187412). - PCI/LINK: Remove bandwidth notification (bsc#1183712). - PCI: aardvark: Do not rely on jiffies while holding spinlock (git-fixes). - PCI: aardvark: Fix kernel panic during PIO transfer (git-fixes). - PCI: Add ACS quirk for Broadcom BCM57414 NIC (git-fixes). - PCI: Mark some NVIDIA GPUs to avoid bus reset (git-fixes). - PCI: Mark TI C667X to avoid bus reset (git-fixes). - PCI: Work around Huawei Intelligent NIC VF FLR erratum (git-fixes). - perf/x86/intel/uncore: Remove uncore extra PCI dev HSWEP_PCI_PCU_3 (bsc#1184685). - pid: take a reference when initializing `cad_pid` (bsc#1152489). - platform/x86: hp-wireless: add AMD's hardware id to the supported list (git-fixes). - platform/x86: hp_accel: Avoid invoking _INI to speed up resume (git-fixes). - platform/x86: intel_punit_ipc: Append MODULE_DEVICE_TABLE for ACPI (git-fixes). - platform/x86: touchscreen_dmi: Add info for the Mediacom Winpad 7.0 W700 tablet (git-fixes). - PM: sleep: Add pm_debug_messages kernel command line option (bsc#1186752). - pNFS/flexfiles: fix incorrect size check in decode_nfs_fh() (git-fixes). - pNFS/NFSv4: Fix a layout segment leak in pnfs_layout_process() (git-fixes). - qla2xxx: synchronize rport dev_loss_tmo setting (bsc#1182470 bsc#1185486). - qlcnic: Fix an error handling path in 'qlcnic_probe()' (git-fixes). - radeon: use memcpy_to/fromio for UVD fw upload (git-fixes). - regulator: bd70528: Fix off-by-one for buck123 .n_voltages setting (git-fixes). - regulator: core: resolve supply for boot-on/always-on regulators (git-fixes). - regulator: max77620: Use device_set_of_node_from_dev() (git-fixes). - Revert 'ath6kl: return error code in ath6kl_wmi_set_roam_lrssi_cmd()' (git-fixes). - Revert 'brcmfmac: add a check for the status of usb_register' (git-fixes). - Revert 'char: hpet: fix a missing check of ioremap' (git-fixes). - Revert 'char: hpet: fix a missing check of ioremap' (git-fixes). - Revert 'dmaengine: qcom_hidma: Check for driver register failure' (git-fixes). - Revert 'ecryptfs: replace BUG_ON with error handling code' (bsc#1187413). - Revert 'ibmvnic: simplify reset_long_term_buff function' (bsc#1186206 ltc#191041). - Revert 'isdn: mISDN: Fix potential NULL pointer dereference of kzalloc' (git-fixes). - Revert 'isdn: mISDNinfineon: fix potential NULL pointer dereference' (git-fixes). - Revert 'libertas: add checks for the return value of sysfs_create_group' (git-fixes). - Revert 'media: dvb: Add check on sp8870_readreg' (git-fixes). - Revert 'media: dvb: Add check on sp8870_readreg' (git-fixes). - Revert 'media: gspca: Check the return value of write_bridge for timeout' (git-fixes). - Revert 'media: gspca: Check the return value of write_bridge for timeout' (git-fixes). - Revert 'media: gspca: mt9m111: Check write_bridge for timeout' (git-fixes). - Revert 'media: gspca: mt9m111: Check write_bridge for timeout' (git-fixes). - Revert 'media: usb: gspca: add a missed check for goto_low_power' (git-fixes). - Revert 'net: liquidio: fix a NULL pointer dereference' (git-fixes). - Revert 'PCI: PM: Do not read power state in pci_enable_device_flags()' (git-fixes). - Revert 'qlcnic: Avoid potential NULL pointer dereference' (git-fixes). - Revert 'scsi: core: run queue if SCSI device queue isn't ready and queue is idle' (bsc#1186949). - Revert 'serial: max310x: pass return value of spi_register_driver' (git-fixes). - Revert 'video: hgafb: fix potential NULL pointer dereference' (git-fixes). - Revert 'video: imsttfb: fix potential NULL pointer dereferences' (bsc#1152489) - rpm/kernel-binary.spec.in: Correct Supplements in optional subpkg (jsc#SLE-11796) - rpm/kernel-binary.spec.in: Fix handling of +arch marker (bsc#1186672) - rpm/split-modules: Avoid errors even if Module.* are not present - s390/stack: fix possible register corruption with stack switch helper (bsc#1185677). - sched/debug: Fix cgroup_path[] serialization (git-fixes) - sched/fair: Keep load_avg and load_sum synced (git-fixes) - scsi: aacraid: Fix an oops in error handling (bsc#1187072). - scsi: aacraid: Remove erroneous fallthrough annotation (bsc#1186950). - scsi: aacraid: Use memdup_user() as a cleanup (bsc#1186951). - scsi: acornscsi: Fix an error handling path in acornscsi_probe() (bsc#1186952). - scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs() (bsc#1186953). - scsi: be2iscsi: Revert 'Fix a theoretical leak in beiscsi_create_eqs()' (bsc#1187067). - scsi: bfa: Fix error return in bfad_pci_init() (bsc#1186954). - scsi: bnx2fc: Fix Kconfig warning and CNIC build errors (bsc#1186955). - scsi: bnx2i: Requires MMU (bsc#1186956). - scsi: core: Fix race between handling STS_RESOURCE and completion (bsc#1187883). - scsi: csiostor: Fix wrong return value in csio_hw_prep_fw() (bsc#1186957). - scsi: cumana_2: Fix different dev_id between request_irq() and free_irq() (bsc#1186958). - scsi: cxgb3i: Fix some leaks in init_act_open() (bsc#1186959). - scsi: cxgb4i: Fix TLS dependency (bsc#1186960). - scsi: eesox: Fix different dev_id between request_irq() and free_irq() (bsc#1186961). - scsi: fcoe: Fix mismatched fcoe_wwn_from_mac declaration (bsc#1187886). - scsi: fnic: Fix error return code in fnic_probe() (bsc#1186962). - scsi: hisi_sas: Fix IRQ checks (bsc#1186963). - scsi: hisi_sas: Remove preemptible() (bsc#1186964). - scsi: jazz_esp: Add IRQ check (bsc#1186965). - scsi: libfc: Fix enum-conversion warning (bsc#1186966). - scsi: libsas: Fix error path in sas_notify_lldd_dev_found() (bsc#1186967). - scsi: libsas: Reset num_scatter if libata marks qc as NODATA (bsc#1187068). - scsi: libsas: Set data_dir as DMA_NONE if libata marks qc as NODATA (bsc#1186968). - scsi: lpfc: Fix ancient double free (bsc#1186969). - scsi: lpfc: Fix failure to transmit ABTS on FC link (git-fixes). - scsi: megaraid_sas: Check user-provided offsets (bsc#1186970). - scsi: megaraid_sas: Clear affinity hint (bsc#1186971). - scsi: megaraid_sas: Do not call disable_irq from process IRQ poll (bsc#1186972). - scsi: megaraid_sas: Fix MEGASAS_IOC_FIRMWARE regression (bsc#1186973). - scsi: megaraid_sas: Remove undefined ENABLE_IRQ_POLL macro (bsc#1186974). - scsi: mesh: Fix panic after host or bus reset (bsc#1186976). - scsi: mpt3sas: Do not use GFP_KERNEL in atomic context (bsc#1186977). - scsi: mpt3sas: Fix error return code of mpt3sas_base_attach() (bsc#1186978). - scsi: mpt3sas: Fix ioctl timeout (bsc#1186979). - scsi: myrs: Fix a double free in myrs_cleanup() (bsc#1186980). - scsi: pm80xx: Fix error return in pm8001_pci_probe() (bsc#1186981). - scsi: powertec: Fix different dev_id between request_irq() and free_irq() (bsc#1186982). - scsi: qedi: Check for buffer overflow in qedi_set_path() (bsc#1186983). - scsi: qedi: Fix error return code of qedi_alloc_global_queues() (bsc#1186984). - scsi: qedi: Fix missing destroy_workqueue() on error in __qedi_probe (bsc#1186985). - scsi: qla2xxx: Prevent PRLI in target mode (git-fixes). - scsi: qla4xxx: Fix an error handling path in 'qla4xxx_get_host_stats()' (bsc#1186986). - scsi: qla4xxx: Remove in_interrupt() (bsc#1186987). - scsi: scsi_debug: Add check for sdebug_max_queue during module init (bsc#1186988). - scsi: scsi_dh_alua: Retry RTPG on a different path after failure (bsc#1174978 bsc#1185701). - scsi: sd: Fix Opal support (bsc#1186989). - scsi: sni_53c710: Add IRQ check (bsc#1186990). - scsi: sun3x_esp: Add IRQ check (bsc#1186991). - scsi: ufs-qcom: Fix scheduling while atomic issue (bsc#1187002). - scsi: ufs: Add quirk to disallow reset of interrupt aggregation (bsc#1186992). - scsi: ufs: Add quirk to enable host controller without hce (bsc#1186993). - scsi: ufs: Add quirk to fix abnormal ocs fatal error (bsc#1186994). - scsi: ufs: Add quirk to fix mishandling utrlclr/utmrlclr (bsc#1186995). - scsi: ufs: core: Narrow down fast path in system suspend path (bsc#1186996). - scsi: ufs: Do not update urgent bkops level when toggling auto bkops (bsc#1186997). - scsi: ufs: Fix imprecise load calculation in devfreq window (bsc#1187795). - SCSI: ufs: fix ktime_t kabi change (bsc#1187795). - scsi: ufs: Fix race between shutdown and runtime resume flow (bsc#1186998). - scsi: ufs: Introduce UFSHCD_QUIRK_PRDT_BYTE_GRAN quirk (bsc#1187000). - scsi: ufs: Make ufshcd_print_trs() consider UFSHCD_QUIRK_PRDT_BYTE_GRAN (bsc#1187069). - scsi: ufs: Properly release resources if a task is aborted successfully (bsc#1187001). - scsi: ufs: ufshcd-pltfrm depends on HAS_IOMEM (bsc#1187980). - scsi: ufs: ufshcd-pltfrm: Fix deferred probing (bsc#1187003). - scsi: ufshcd: use an enum for quirks (bsc#1186999). - serial: max310x: unregister uart driver in case of failure and abort (git-fixes). - serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait' (git-fixes). - spi: spi-nxp-fspi: move the register operation after the clock enable (git-fixes). - spi: sprd: Add missing MODULE_DEVICE_TABLE (git-fixes). - spi: stm32-qspi: Always wait BUSY bit to be cleared in stm32_qspi_wait_cmd() (git-fixes). - staging: rtl8723bs: Fix uninitialized variables (git-fixes). - sunrpc: fix refcount leak for rpc auth modules (git-fixes). - SUNRPC: Handle major timeout in xprt_adjust_timeout() (git-fixes). - SUNRPC: Move fault injection call sites (git-fixes). - SUNRPC: Set memalloc_nofs_save() for sync tasks (git-fixes). - svcrdma: disable timeouts on rdma backchannel (git-fixes). - thermal/drivers/intel: Initialize RW trip to THERMAL_TEMP_INVALID (git-fixes). - tpm: fix error return code in tpm2_get_cc_attrs_tbl() (git-fixes). - tracing: Correct the length check which causes memory corruption (git-fixes). - tracing: Do no increment trace_clock_global() by one (git-fixes). - tracing: Do not stop recording cmdlines when tracing is off (git-fixes). - tracing: Do not stop recording comms if the trace file is being read (git-fixes). - tracing: Restructure trace_clock_global() to never block (git-fixes). - ttyprintk: Add TTY hangup callback (git-fixes). - usb: core: hub: Disable autosuspend for Cypress CY7C65632 (git-fixes). - usb: core: reduce power-on-good delay time of root hub (git-fixes). - usb: dwc3: core: fix kernel panic when do reboot (git-fixes). - usb: dwc3: core: fix kernel panic when do reboot (git-fixes). - usb: dwc3: debugfs: Add and remove endpoint dirs dynamically (git-fixes). - usb: dwc3: ep0: fix NULL pointer exception (git-fixes). - USB: f_ncm: ncm_bitrate (speed) is unsigned (git-fixes). - usb: f_ncm: only first packet of aggregate needs to start timer (git-fixes). - usb: f_ncm: only first packet of aggregate needs to start timer (git-fixes). - usb: fix various gadget panics on 10gbps cabling (git-fixes). - usb: fix various gadget panics on 10gbps cabling (git-fixes). - usb: fix various gadgets null ptr deref on 10gbps cabling (git-fixes). - usb: gadget: eem: fix wrong eem header operation (git-fixes). - usb: gadget: eem: fix wrong eem header operation (git-fixes). - usb: gadget: f_fs: Ensure io_completion_wq is idle during unbind (git-fixes). - usb: gadget: f_fs: Ensure io_completion_wq is idle during unbind (git-fixes). - usb: musb: fix MUSB_QUIRK_B_DISCONNECT_99 handling (git-fixes). - usb: pd: Set PD_T_SINK_WAIT_CAP to 310ms (git-fixes). - USB: serial: cp210x: fix alternate function for CP2102N QFN20 (git-fixes). - USB: serial: ftdi_sio: add IDs for IDS GmbH Products (git-fixes). - USB: serial: ftdi_sio: add NovaTech OrionMX product ID (git-fixes). - USB: serial: ftdi_sio: add NovaTech OrionMX product ID (git-fixes). - USB: serial: omninet: add device id for Zyxel Omni 56K Plus (git-fixes). - USB: serial: omninet: add device id for Zyxel Omni 56K Plus (git-fixes). - USB: serial: option: add Telit LE910-S1 compositions 0x7010, 0x7011 (git-fixes). - USB: serial: pl2303: add device id for ADLINK ND-6530 GC (git-fixes). - USB: serial: quatech2: fix control-request directions (git-fixes). - USB: serial: ti_usb_3410_5052: add startech.com device id (git-fixes). - usb: typec: mux: Fix copy-paste mistake in typec_mux_match (git-fixes). - usb: typec: mux: Fix matching with typec_altmode_desc (git-fixes). - usb: typec: tcpm: Use LE to CPU conversion when accessing msg->header (git-fixes). - usb: typec: ucsi: Clear PPM capability data in ucsi_init() error path (git-fixes). - usb: typec: wcove: Use LE to CPU conversion when accessing msg->header (git-fixes). - USB: usbfs: Do not WARN about excessively large memory allocations (git-fixes). - vfio/pci: Fix error return code in vfio_ecap_init() (git-fixes). - vfio/pci: zap_vma_ptes() needs MMU (git-fixes). - vfio/platform: fix module_put call in error flow (git-fixes). - video: hgafb: correctly handle card detect failure during probe (git-fixes). - video: hgafb: fix potential NULL pointer dereference (git-fixes). - vmlinux.lds.h: Avoid orphan section with !SMP (git-fixes). - vrf: fix maximum MTU (git-fixes). - vsock/vmci: log once the failed queue pair allocation (git-fixes). - wireguard: allowedips: initialize list head in selftest (git-fixes). - wireguard: do not use -O3 (git-fixes). - wireguard: peer: allocate in kmem_cache (git-fixes). - wireguard: peer: put frequently used members above cache lines (git-fixes). - wireguard: queueing: get rid of per-peer ring buffers (git-fixes). - wireguard: selftests: make sure rp_filter is disabled on vethc (git-fixes). - wireguard: selftests: remove old conntrack kconfig value (git-fixes). - wireguard: use synchronize_net rather than synchronize_rcu (git-fixes). - x86/apic: Mark _all_ legacy interrupts when IO/APIC is missing (bsc#1152489). - x86/fault: Do not send SIGSEGV twice on SEGV_PKUERR (bsc#1152489). - x86/pkru: Write hardware init value to PKRU when xstate is init (bsc#1152489). - x86/process: Check PF_KTHREAD and not current->mm for kernel threads (bsc#1152489). - x86: fix seq_file iteration for pat.c (git-fixes). - xen-blkback: fix compatibility bug with single page rings (git-fixes). - xen-pciback: reconfigure also from backend watch handler (git-fixes). - xen-pciback: redo VF placement in the virtual topology (git-fixes). - xen/evtchn: Change irq_info lock to raw_spinlock_t (git-fixes). - xfrm: policy: Read seqcount outside of rcu-read side in xfrm_policy_lookup_bytype (bsc#1185675). - xprtrdma: Avoid Receive Queue wrapping (git-fixes). - xprtrdma: rpcrdma_mr_pop() already does list_del_init() (git-fixes). Important SUSE bug 1152489 SUSE bug 1153274 SUSE bug 1154353 SUSE bug 1155518 SUSE bug 1164648 SUSE bug 1174978 SUSE bug 1176771 SUSE bug 1179610 SUSE bug 1182470 SUSE bug 1183712 SUSE bug 1184212 SUSE bug 1184685 SUSE bug 1185195 SUSE bug 1185486 SUSE bug 1185589 SUSE bug 1185675 SUSE bug 1185677 SUSE bug 1185701 SUSE bug 1186206 SUSE bug 1186463 SUSE bug 1186666 SUSE bug 1186672 SUSE bug 1186752 SUSE bug 1186949 SUSE bug 1186950 SUSE bug 1186951 SUSE bug 1186952 SUSE bug 1186953 SUSE bug 1186954 SUSE bug 1186955 SUSE bug 1186956 SUSE bug 1186957 SUSE bug 1186958 SUSE bug 1186959 SUSE bug 1186960 SUSE bug 1186961 SUSE bug 1186962 SUSE bug 1186963 SUSE bug 1186964 SUSE bug 1186965 SUSE bug 1186966 SUSE bug 1186967 SUSE bug 1186968 SUSE bug 1186969 SUSE bug 1186970 SUSE bug 1186971 SUSE bug 1186972 SUSE bug 1186973 SUSE bug 1186974 SUSE bug 1186976 SUSE bug 1186977 SUSE bug 1186978 SUSE bug 1186979 SUSE bug 1186980 SUSE bug 1186981 SUSE bug 1186982 SUSE bug 1186983 SUSE bug 1186984 SUSE bug 1186985 SUSE bug 1186986 SUSE bug 1186987 SUSE bug 1186988 SUSE bug 1186989 SUSE bug 1186990 SUSE bug 1186991 SUSE bug 1186992 SUSE bug 1186993 SUSE bug 1186994 SUSE bug 1186995 SUSE bug 1186996 SUSE bug 1186997 SUSE bug 1186998 SUSE bug 1186999 SUSE bug 1187000 SUSE bug 1187001 SUSE bug 1187002 SUSE bug 1187003 SUSE bug 1187038 SUSE bug 1187050 SUSE bug 1187067 SUSE bug 1187068 SUSE bug 1187069 SUSE bug 1187072 SUSE bug 1187143 SUSE bug 1187144 SUSE bug 1187171 SUSE bug 1187263 SUSE bug 1187356 SUSE bug 1187402 SUSE bug 1187403 SUSE bug 1187404 SUSE bug 1187407 SUSE bug 1187408 SUSE bug 1187409 SUSE bug 1187410 SUSE bug 1187411 SUSE bug 1187412 SUSE bug 1187413 SUSE bug 1187452 SUSE bug 1187554 SUSE bug 1187595 SUSE bug 1187601 SUSE bug 1187795 SUSE bug 1187867 SUSE bug 1187883 SUSE bug 1187886 SUSE bug 1187927 SUSE bug 1187972 SUSE bug 1187980 CVE-2020-26558 at SUSE CVE-2020-26558 at NVD CVE-2020-36385 at SUSE CVE-2020-36385 at NVD CVE-2020-36386 at SUSE CVE-2020-36386 at NVD CVE-2021-0129 at SUSE CVE-2021-0129 at NVD CVE-2021-0512 at SUSE CVE-2021-0512 at NVD CVE-2021-0605 at SUSE CVE-2021-0605 at NVD CVE-2021-33624 at SUSE CVE-2021-33624 at NVD CVE-2021-34693 at SUSE CVE-2021-34693 at NVD CVE-2021-3573 at SUSE CVE-2021-3573 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-33624: Fixed a bug which allows unprivileged BPF program to leak the contents of arbitrary kernel memory (and therefore, of all physical memory) via a side-channel. (bsc#1187554) - CVE-2019-25045: Fixed an use-after-free issue in the Linux kernel The XFRM subsystem, related to an xfrm_state_fini panic. (bsc#1187049) - CVE-2021-0605: Fixed an out-of-bounds read which could lead to local information disclosure in the kernel with System execution privileges needed. (bsc#1187601) - CVE-2021-0512: Fixed a possible out-of-bounds write which could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1187595) - CVE-2020-26558: Fixed a flaw in the Bluetooth LE and BR/EDR secure pairing that could permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing. (bsc#1179610) - CVE-2021-34693: Fixed a bug in net/can/bcm.c which could allow local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized. (bsc#1187452) - CVE-2021-0129: Fixed an improper access control in BlueZ that may have allowed an authenticated user to potentially enable information disclosure via adjacent access. (bsc#1186463) - CVE-2020-36386: Fixed an out-of-bounds read in hci_extended_inquiry_result_evt. (bsc#1187038) - CVE-2020-24588: Fixed a bug that could allow an adversary to abuse devices that support receiving non-SSP A-MSDU frames to inject arbitrary network packets. (bsc#1185861) The following non-security bugs were fixed: - ACPI: custom_method: fix a possible memory leak (git-fixes). - ACPI: custom_method: fix potential use-after-free issue (git-fixes). - ACPI: GTDT: Do not corrupt interrupt mappings on watchdow probe failure (git-fixes). - ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro (git-fixes). - ALSA: emu8000: Fix a use after free in snd_emu8000_create_mixer (git-fixes). - ALSA: hda/conexant: Re-order CX5066 quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 Lenovo quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC269 Sony quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC882 Acer quirk table entries (git-fixes). - ALSA: hda/realtek: Re-order ALC882 Sony quirk table entries (git-fixes). - ALSA: hda/realtek: Remove redundant entry for ALC861 Haier/Uniwill devices (git-fixes). - ALSA: hda/realtek: reset eapd coeff to default value for alc287 (git-fixes). - ALSA: hdsp: do not disable if not enabled (git-fixes). - ALSA: hdspm: do not disable if not enabled (git-fixes). - ALSA: line6: Fix racy initialization of LINE6 MIDI (git-fixes). - ALSA: rme9652: do not disable if not enabled (git-fixes). - ALSA: sb: Fix two use after free in snd_sb_qsound_build (git-fixes). - ALSA: timer: Fix master timer notification (git-fixes). - ALSA: usb-audio: Add MIDI quirk for Vox ToneLab EX (git-fixes). - alx: Fix an error handling path in 'alx_probe()' (git-fixes). - ASoC: cs35l33: fix an error code in probe() (git-fixes). - ASoC: cs42l42: Regmap must use_single_read/write (git-fixes). - ASoC: rt286: Generalize support for ALC3263 codec (git-fixes). - ASoC: rt286: Make RT286_SET_GPIO_* readable and writable (git-fixes). - ASoC: sti-sas: add missing MODULE_DEVICE_TABLE (git-fixes). - batman-adv: Avoid WARN_ON timing related checks (git-fixes). - blk-mq: Swap two calls in blk_mq_exit_queue() (bsc#1187453). - blk-wbt: Fix missed wakeup (bsc#1186627). - block: Discard page cache of zone reset target range (bsc#1187402). - Bluetooth: fix the erroneous flush_work() order (git-fixes). - Bluetooth: initialize skb_queue_head at l2cap_chan_create() (git-fixes). - Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default (git-fixes). - Bluetooth: SMP: Fail if remote and local public keys are identical (git-fixes). - Bluetooth: use correct lock to prevent UAF of hdev object (git-fixes). - bnxt_en: Fix PCI AER error recovery flow (git-fixes). - btrfs: account for new extents being deleted in total_bytes_pinned (bsc#1135481). - btrfs: add a comment explaining the data flush steps (bsc#1135481). - btrfs: add btrfs_reserve_data_bytes and use it (bsc#1135481). - btrfs: add flushing states for handling data reservations (bsc#1135481). - btrfs: add missing error handling after doing leaf/node binary search (bsc#1187833). - btrfs: add the data transaction commit logic into may_commit_transaction (bsc#1135481). - btrfs: call btrfs_try_granting_tickets when freeing reserved bytes (bsc#1135481). - btrfs: call btrfs_try_granting_tickets when reserving space (bsc#1135481). - btrfs: call btrfs_try_granting_tickets when unpinning anything (bsc#1135481). - btrfs: change insert_dirty_subvol to return errors (bsc#1187833). - btrfs: change nr to u64 in btrfs_start_delalloc_roots (bsc#1135481). - btrfs: check record_root_in_trans related failures in select_reloc_root (bsc#1187833). - btrfs: check return value of btrfs_commit_transaction in relocation (bsc#1187833). - btrfs: check tickets after waiting on ordered extents (bsc#1135481). - btrfs: cleanup error handling in prepare_to_merge (bsc#1187833). - btrfs: convert BUG_ON()'s in relocate_tree_block (bsc#1187833). - btrfs: convert BUG_ON()'s in select_reloc_root() to proper errors (bsc#1187833). - btrfs: convert logic BUG_ON()'s in replace_path to ASSERT()'s (bsc#1187833). - btrfs: convert some BUG_ON()'s to ASSERT()'s in do_relocation (bsc#1187833). - btrfs: do async reclaim for data reservations (bsc#1135481). - btrfs: do not force commit if we are data (bsc#1135481). - btrfs: do not leak reloc root if we fail to read the fs root (bsc#1187833). - btrfs: do not make defrag wait on async_delalloc_pages (bsc#1135481). - btrfs: do not panic in __add_reloc_root (bsc#1187833). - btrfs: do proper error handling in btrfs_update_reloc_root (bsc#1187833). - btrfs: do proper error handling in create_reloc_inode (bsc#1187833). - btrfs: do proper error handling in create_reloc_root (bsc#1187833). - btrfs: do proper error handling in merge_reloc_roots (bsc#1187833). - btrfs: do proper error handling in record_reloc_root_in_trans (bsc#1187833). - btrfs: drop the commit_cycles stuff for data reservations (bsc#1135481). - btrfs: fix possible infinite loop in data async reclaim (bsc#1135481). - btrfs: flush delayed refs when trying to reserve data space (bsc#1135481). - btrfs: handle __add_reloc_root failures in btrfs_recover_relocation (bsc#1187833). - btrfs: handle btrfs_cow_block errors in replace_path (bsc#1187833). - btrfs: handle btrfs_record_root_in_trans failure in btrfs_recover_log_trees (bsc#1187833). - btrfs: handle btrfs_record_root_in_trans failure in btrfs_rename (bsc#1187833). - btrfs: handle btrfs_record_root_in_trans failure in btrfs_rename_exchange (bsc#1187833). - btrfs: handle btrfs_record_root_in_trans failure in create_subvol (bsc#1187833). - btrfs: handle btrfs_record_root_in_trans failure in relocate_tree_block (bsc#1187833). - btrfs: handle btrfs_record_root_in_trans failure in start_transaction (bsc#1187833). - btrfs: handle btrfs_search_slot failure in replace_path (bsc#1187833). - btrfs: handle btrfs_update_reloc_root failure in commit_fs_roots (bsc#1187833). - btrfs: handle btrfs_update_reloc_root failure in insert_dirty_subvol (bsc#1187833). - btrfs: handle btrfs_update_reloc_root failure in prepare_to_merge (bsc#1187833). - btrfs: handle errors from select_reloc_root() (bsc#1187833). - btrfs: handle errors in reference count manipulation in replace_path (bsc#1187833). - btrfs: handle extent corruption with select_one_root properly (bsc#1187833). - btrfs: handle extent reference errors in do_relocation (bsc#1187833). - btrfs: handle record_root_in_trans failure in btrfs_record_root_in_trans (bsc#1187833). - btrfs: handle record_root_in_trans failure in create_pending_snapshot (bsc#1187833). - btrfs: handle record_root_in_trans failure in qgroup_account_snapshot (bsc#1187833). - btrfs: handle space_info::total_bytes_pinned inside the delayed ref itself (bsc#1135481). - btrfs: handle U64_MAX for shrink_delalloc (bsc#1135481). - btrfs: have proper error handling in btrfs_init_reloc_root (bsc#1187833). - btrfs: make ALLOC_CHUNK use the space info flags (bsc#1135481). - btrfs: make shrink_delalloc take space_info as an arg (bsc#1135481). - btrfs: reloc: clean dirty subvols if we fail to start a transaction (bsc#1187833). - btrfs: remove err variable from do_relocation (bsc#1187833). - btrfs: remove nr_async_bios (bsc#1135481). - btrfs: remove nr_async_submits and async_submit_draining (bsc#1135481). Preparation for ticketed data space flushing in btrfs. - btrfs: remove orig from shrink_delalloc (bsc#1135481). - btrfs: remove the extent item sanity checks in relocate_block_group (bsc#1187833). - btrfs: return an error from btrfs_record_root_in_trans (bsc#1187833). - btrfs: run delayed iputs before committing the transaction for data (bsc#1135481). - btrfs: serialize data reservations if we are flushing (bsc#1135481). - btrfs: shrink delalloc pages instead of full inodes (bsc#1135481). - btrfs: track ordered bytes instead of just dio ordered bytes (bsc#1135481). - btrfs: tree-checker: check for BTRFS_BLOCK_FLAG_FULL_BACKREF being set improperly (bsc#1187833). - btrfs: unset reloc control if we fail to recover (bsc#1187833). - btrfs: use btrfs_start_delalloc_roots in shrink_delalloc (bsc#1135481). - btrfs: use customized batch size for total_bytes_pinned (bsc#1135481). Turns out using the batched percpu api had an effect on timing w.r.t metadata/data reclaim. So backport this patch as well, side effect is it's also bringing the code closer to upstream so future backports shall be made easier. - btrfs: use tagged writepage to mitigate livelock of snapshot (bsc#1135481). Preparation for introducing ticketed space handling for data space. Due to the sequence of patches, the main patch has embedded in it changes from other patches which remove some unused arguments. This is done to ease backporting itself and shouldn't have any repercussions on functionality. - btrfs: use the btrfs_space_info_free_bytes_may_use helper for delalloc (bsc#1135481). - btrfs: use the same helper for data and metadata reservations (bsc#1135481). - btrfs: use ticketing for data space reservations (bsc#1135481). - btrfs: validate root::reloc_root after recording root in trans (bsc#1187833). - can: flexcan: disable completely the ECC mechanism (git-fixes). - can: mcba_usb: fix memory leak in mcba_usb (git-fixes). - can: xilinx_can: xcan_chip_start(): fix failure with invalid bus (git-fixes). - cfg80211: scan: drop entry from hidden_list on overflow (git-fixes). - cgroup1: do not allow '\n' in renaming (bsc#1187972). - char: hpet: add checks after calling ioremap (git-fixes). - cpufreq: Add NULL checks to show() and store() methods of cpufreq (bsc#1184040). - cpufreq: Avoid cpufreq_suspend() deadlock on system shutdown (bsc#1184040). - crypto: ccp - Fix a resource leak in an error handling path (12sp5). - cxgb4: avoid accessing registers when clearing filters (bsc#1136345 jsc#SLE-4681). - dax: Add a wakeup mode parameter to put_unlocked_entry() (bsc#1187411). - dax: Add an enum for specifying dax wakup mode (bsc#1187411). - dax: Wake up all waiters after invalidating dax entry (bsc#1187411). - dmaengine: pl330: fix wrong usage of spinlock flags in dma_cyclc (git-fixes). - dmaengine: QCOM_HIDMA_MGMT depends on HAS_IOMEM (git-fixes). - dmaengine: qcom_hidma: comment platform_driver_register call (git-fixes). - dmaengine: stedma40: add missing iounmap() on error in d40_probe() (git-fixes). - drbd: Remove uninitialized_var() usage (bsc#1186515). - drivers: video: fbcon: fix NULL dereference in fbcon_cursor() (bsc#1129770) Backporting changes: * move from driver/video/fbdev/core to driver/video/console * context changes - drm: Fix use-after-free read in drm_getunique() (git-fixes). - drm: Lock pointer access in drm_master_release() (git-fixes). - drm/amdgpu : Fix asic reset regression issue introduce by 8f211fe8ac7c4f (git-fixes). - drm/amdgpu: Fix a use-after-free (git-fixes). - drm/amdgpu: fix NULL pointer dereference (git-fixes). - drm/meson: fix shutdown crash when component not probed (git-fixes). - drm/msm/mdp5: Configure PP_SYNC_HEIGHT to double the vtotal (git-fixes). - drm/radeon: Fix off-by-one power_state index heap overwrite (git-fixes). - drm/radeon/dpm: Disable sclk switching on Oland when two 4K 60Hz monitors are connected (git-fixes). - efi: Allow EFI_MEMORY_XP and EFI_MEMORY_RO both to be cleared (git-fixes). - efi: cper: fix snprintf() use in cper_dimm_err_location() (git-fixes). - ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed (bsc#1187408). - ext4: fix check to prevent false positive report of incorrect used inodes (bsc#1187404). - ext4: fix error code in ext4_commit_super (bsc#1187407). - ext4: fix memory leak in ext4_fill_super (bsc#1187409). - extcon: arizona: Fix some issues when HPDET IRQ fires after the jack has been unplugged (git-fixes). - fbdev: zero-fill colormap in fbcmap.c (git-fixes). - FCOE: fcoe_wwn_from_mac kABI fix (bsc#1186528). - ftrace: Do not blindly read the ip address in ftrace_bug() (git-fixes). - ftrace: Free the trampoline when ftrace_startup() fails (git-fixes). - gpio: xilinx: Correct kernel doc for xgpio_probe() (git-fixes). - gpiolib: acpi: Add quirk to ignore EC wakeups on Dell Venue 10 Pro 5055 (git-fixes). - HID: pidff: fix error return code in hid_pidff_init() (git-fixes). - i2c: i801: Do not generate an interrupt on bus reset (git-fixes). - i2c: i801: Do not generate an interrupt on bus reset (git-fixes). - i2c: mpc: Make use of i2c_recover_bus() (git-fixes). - i2c: s3c2410: fix possible NULL pointer deref on read message after write (git-fixes). - i2c: sh7760: add IRQ check (git-fixes). - i2c: sh7760: fix IRQ error path (git-fixes). - iio: adc: ad7793: Add missing error code in ad7793_setup() (git-fixes). - iio: gyro: mpu3050: Fix reported temperature value (git-fixes). - iio: proximity: pulsedlight: Fix rumtime PM imbalance on error (git-fixes). - iio: tsl2583: Fix division by a zero lux_val (git-fixes). - ima: Free IMA measurement buffer after kexec syscall (git-fixes). - Input: elants_i2c - do not bind to i2c-hid compatible ACPI instantiated devices (git-fixes). - Input: silead - add workaround for x86 BIOS-es which bring the chip up in a stuck state (git-fixes). - intel_th: Consistency and off-by-one fix (git-fixes). - isdn: mISDN: netjet: Fix crash in nj_probe: (git-fixes). - isdn: mISDNinfineon: check/cleanup ioremap failure correctly in setup_io (git-fixes). - ixgbe: fix large MTU request from VF (git-fixes). - ixgbevf: add correct exception tracing for XDP (bsc#1113994 ). - kabi fix for NFSv4.1: Do not rebind to the same source port when reconnecting to the server (bnc#1186264). - kernel: kexec_file: fix error return code of kexec_calculate_store_digests() (git-fixes). - kthread_worker: split code for canceling the delayed work timer (bsc#1187867). - kthread: prevent deadlock when kthread_mod_delayed_work() races with kthread_cancel_delayed_work_sync() (bsc#1187867). - leds: lp5523: check return value of lp5xx_read and jump to cleanup code (git-fixes). - libertas: register sysfs groups properly (git-fixes). - mac80211: clear the beacon's CRC after channel switch (git-fixes). - md: Fix missing unused status line of /proc/mdstat (git-fixes). - media: adv7604: fix possible use-after-free in adv76xx_remove() (git-fixes). - media: dvb-usb: fix memory leak in dvb_usb_adapter_init (git-fixes). - media: dvb: Add check on sp8870_readreg return (git-fixes). - media: em28xx: fix memory leak (git-fixes). - media: gspca: properly check for errors in po1030_probe() (git-fixes). - media: gspca/sq905.c: fix uninitialized variable (git-fixes). - media: i2c: adv7842: fix possible use-after-free in adv7842_remove() (git-fixes). - media: ite-cir: check for receive overflow (git-fixes). - media: media/saa7164: fix saa7164_encoder_register() memory leak bugs (git-fixes). - mei: request autosuspend after sending rx flow control (git-fixes). - misc/uss720: fix memory leak in uss720_probe (git-fixes). - mlxsw: spectrum: Do not process learned records with a dummy FID (git-fixes). - mmc: core: Do a power cycle when the CMD11 fails (git-fixes). - mmc: core: Set read only for SD cards with permanent write protect bit (git-fixes). - Move nfs backports into sorted section - net: bnx2: Fix error return code in bnx2_init_board() (git-fixes). - net: caif: Fix debugfs on 64-bit platforms (git-fixes). - net: dsa: mv88e6xxx: Fix writing to a PHY page (git-fixes). - net: dsa: qca8k: Use up to 7 ports for all operations (git-fixes). - net: enic: Cure the enic api locking trainwreck (git-fixes). - net: fix iteration for sctp transport seq_files (git-fixes). - net: hns3: Limiting the scope of vector_ring_chain variable (bsc#1104353). - net: netcp: Fix an error message (git-fixes). - net: phy: intel-xway: enable integrated led functions (git-fixes). - net: qed: RDMA personality shouldn't fail VF load (git-fixes). - net: stmmac: Correctly take timestamp for PTPv2 (git-fixes). - net: stmmac: ensure that the device has released ownership before reading data (git-fixes). - net: usb: fix memory leak in smsc75xx_bind (git-fixes). - net/nfc/rawsock.c: fix a permission check bug (git-fixes). - net/smc: remove device from smcd_dev_list after failed device_add() (git-fixes). - nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect (git-fixes). - NFC: fix possible resource leak (git-fixes). - NFC: fix resource leak when target index is invalid (git-fixes). - NFC: nci: fix memory leak in nci_allocate_device (git-fixes). - NFS: Deal correctly with attribute generation counter overflow (git-fixes). - NFS: Do not corrupt the value of pg_bytes_written in nfs_do_recoalesce() (git-fixes). - NFS: Do not gratuitously clear the inode cache when lookup failed (git-fixes). - NFS: Do not revalidate the directory permissions on a lookup failure (git-fixes). - NFS: Fix a potential NULL dereference in nfs_get_client() (git-fixes). - NFS: fix an incorrect limit in filelayout_decode_layout() (git-fixes). - NFS: Fix an Oopsable condition in __nfs_pageio_add_request() (git-fixes). - NFS: Repair misuse of sv_lock in 5.10.16-rt30 (git-fixes). - NFS: Do not discard segments marked for return in _pnfs_return_layout() (git-fixes). - NFS: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return() (git-fixes). - NFS: Fix v4.0/v4.1 SEEK_DATA return -ENOTSUPP when set NFS_V4_2 config (git-fixes). - NFS: nfs4_proc_set_acl needs to restore NFS_CAP_UIDGID_NOMAP on error (git-fixes). - NFS: Do not rebind to the same source port when reconnecting to the server (bnc#1186264). - NFS: fix handling of sr_eof in SEEK's reply (git-fixes). - NFS: Always flush out writes in nfs42_proc_fallocate() (git-fixes). - NFS: fix return value of _nfs4_get_security_label() (git-fixes). - ocfs2: fix data corruption by fallocate (bsc#1187412). - parisc: parisc-agp requires SBA IOMMU driver (bsc#1129770) - PCI: PM: Do not read power state in pci_enable_device_flags() (git-fixes). - phy: phy-twl4030-usb: Fix possible use-after-free in twl4030_usb_remove() (git-fixes). - pid: take a reference when initializing `cad_pid` (bsc#1114648). - pinctrl: samsung: use 'int' for register masks in Exynos (git-fixes). - platform/mellanox: mlxbf-tmfifo: Fix a memory barrier issue (git-fixes). - platform/x86: hp-wireless: add AMD's hardware id to the supported list (git-fixes). - platform/x86: intel_punit_ipc: Append MODULE_DEVICE_TABLE for ACPI (git-fixes). - platform/x86: thinkpad_acpi: Correct thermal sensor allocation (git-fixes). - pNFS/flexfiles: fix incorrect size check in decode_nfs_fh() (git-fixes). - pNFS/NFSv4: Fix a layout segment leak in pnfs_layout_process() (git-fixes). - power: supply: generic-adc-battery: fix possible use-after-free in gab_remove() (git-fixes). - power: supply: s3c_adc_battery: fix possible use-after-free in s3c_adc_bat_remove() (git-fixes). - power: supply: Use IRQF_ONESHOT (git-fixes). - qla2xxx: synchronize rport dev_loss_tmo setting (bsc#1182470 bsc#1185486). - qlcnic: Add null check after calling netdev_alloc_skb (git-fixes). - ravb: fix invalid context bug while calling auto-negotiation by ethtool (git-fixes). - ravb: fix invalid context bug while changing link options by ethtool (git-fixes). - RDMA/mlx5: Recover from fatal event in dual port mode (bsc#1103991). - Revert 'ibmvnic: simplify reset_long_term_buff function' (bsc#1186206 ltc#191041). - Revert 'leds: lp5523: fix a missing check of return value of lp55xx_read' (git-fixes). - Revert 337f13046ff0 ('futex: Allow FUTEX_CLOCK_REALTIME with FUTEX_WAIT op') (git-fixes). - s390/stack: fix possible register corruption with stack switch helper (bsc#1185677). - scsi: aacraid: Fix an oops in error handling (bsc#1186698). - scsi: aacraid: Remove erroneous fallthrough annotation (bsc#1186516). - scsi: aacraid: Use memdup_user() as a cleanup (bsc#1186517). - scsi: acornscsi: Fix an error handling path in acornscsi_probe() (bsc#1186518). - scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs() (bsc#1186519). - scsi: be2iscsi: Revert 'Fix a theoretical leak in beiscsi_create_eqs()' (bsc#1186699). - scsi: bfa: Fix error return in bfad_pci_init() (bsc#1186520). - scsi: bnx2fc: Fix Kconfig warning and CNIC build errors (bsc#1186521). - scsi: bnx2i: Requires MMU (bsc#1186522). - scsi: csiostor: Fix wrong return value in csio_hw_prep_fw() (bsc#1186523). - scsi: cumana_2: Fix different dev_id between request_irq() and free_irq() (bsc#1186524). - scsi: cxgb3i: Fix some leaks in init_act_open() (bsc#1186525). - scsi: cxgb4i: Fix TLS dependency (bsc#1186526). - scsi: eesox: Fix different dev_id between request_irq() and free_irq() (bsc#1186527). - scsi: fcoe: Fix mismatched fcoe_wwn_from_mac declaration (bsc#1186528). - scsi: fnic: Fix error return code in fnic_probe() (bsc#1186529). - scsi: hisi_sas: Fix IRQ checks (bsc#1186530). - scsi: hisi_sas: Remove preemptible() (bsc#1186638). - scsi: jazz_esp: Add IRQ check (bsc#1186531). - scsi: libfc: Fix enum-conversion warning (bsc#1186532). - scsi: libsas: Fix error path in sas_notify_lldd_dev_found() (bsc#1186533). - scsi: libsas: Reset num_scatter if libata marks qc as NODATA (bsc#1186700). - scsi: libsas: Set data_dir as DMA_NONE if libata marks qc as NODATA (bsc#1186534). - scsi: lpfc: Fix failure to transmit ABTS on FC link (git-fixes). - scsi: megaraid_sas: Check user-provided offsets (bsc#1186535). - scsi: megaraid_sas: Fix MEGASAS_IOC_FIRMWARE regression (bsc#1186701). - scsi: mesh: Fix panic after host or bus reset (bsc#1186537). - scsi: mpt3sas: Fix error return code of mpt3sas_base_attach() (bsc#1186538). - scsi: pm80xx: Fix error return in pm8001_pci_probe() (bsc#1186539). - scsi: powertec: Fix different dev_id between request_irq() and free_irq() (bsc#1186540). - scsi: qedi: Check for buffer overflow in qedi_set_path() (bsc#1186541). - scsi: qedi: Fix error return code of qedi_alloc_global_queues() (bsc#1186542). - scsi: qedi: Fix missing destroy_workqueue() on error in __qedi_probe (bsc#1186543). - scsi: qla4xxx: Fix an error handling path in 'qla4xxx_get_host_stats()' (bsc#1186545). - scsi: qla4xxx: Remove in_interrupt() (bsc#1186546). - scsi: scsi_debug: Add check for sdebug_max_queue during module init (bsc#1186547). - scsi: scsi_dh_alua: Retry RTPG on a different path after failure (bsc#1174978 bsc#1185701). - scsi: sd: Fix optimal I/O size for devices that change reported values (bsc#1186548). - scsi: sg: add sg_remove_request in sg_write (bsc#1186635). - scsi: sni_53c710: Add IRQ check (bsc#1186549). - scsi: sun3x_esp: Add IRQ check (bsc#1186550). - scsi: ufs-qcom: Fix scheduling while atomic issue (bsc#1186556). - scsi: ufs: core: Narrow down fast path in system suspend path (bsc#1186551). - scsi: ufs: Do not update urgent bkops level when toggling auto bkops (bsc#1186552). - scsi: ufs: Fix imprecise load calculation in devfreq window (bsc#1187630). - scsi: ufs: fix ktime_t kabi change (bsc#1187630). - scsi: ufs: Fix race between shutdown and runtime resume flow (bsc#1186554). - scsi: ufs: Properly release resources if a task is aborted successfully (bsc#1186555). - scsi: ufs: ufshcd-pltfrm depends on HAS_IOMEM (bsc#1188010). - scsi: ufs: ufshcd-pltfrm: Fix deferred probing (bsc#1187631). - serial: max310x: unregister uart driver in case of failure and abort (git-fixes). - serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait' (git-fixes). - serial: sh-sci: Fix off-by-one error in FIFO threshold register setting (git-fixes). - serial: stm32: fix incorrect characters on console (git-fixes). - spi: dln2: Fix reference leak to master (git-fixes). - spi: omap-100k: Fix reference leak to master (git-fixes). - staging: emxx_udc: fix loop in _nbu2ss_nuke() (git-fixes). - staging: iio: cdc: ad7746: avoid overwrite of num_channels (git-fixes). - staging: rtl8723bs: Fix uninitialized variables (git-fixes). - SUNRPC: correct error code comment in xs_tcp_setup_socket() (git-fixes). - SUNRPC: fix refcount leak for rpc auth modules (git-fixes). - SUNRPC: More fixes for backlog congestion (bsc#1185428). - SUNRPC: Move fault injection call sites (git-fixes). - SUNRPC: prevent port reuse on transports which do not request it (bnc#1186264). - svcrdma: disable timeouts on rdma backchannel (git-fixes). - swiotlb: fix 'x86: Do not panic if can not alloc buffer for swiotlb' (git-fixes). - thunderbolt: dma_port: Fix NVM read buffer bounds and offset issue (git-fixes). - tls splice: check SPLICE_F_NONBLOCK instead of MSG_DONTWAIT (bsc#1103990). - tpm: fix error return code in tpm2_get_cc_attrs_tbl() (git-fixes). - tracing: Correct the length check which causes memory corruption (git-fixes). - tracing: Do no increment trace_clock_global() by one (git-fixes). - tracing: Restructure trace_clock_global() to never block (git-fixes). - ttyprintk: Add TTY hangup callback (git-fixes). - ubifs: Only check replay with inode type to judge if inode linked (bsc#1187455). - USB: Add LPM quirk for Lenovo ThinkPad USB-C Dock Gen2 Ethernet (git-fixes). - USB: Add reset-resume quirk for WD19's Realtek Hub (git-fixes). - USB: cdc-acm: always claim data interface (git-fixes). - USB: cdc-acm: do not log successful probe on later errors (git-fixes). - USB: core: hub: fix race condition about TRSMRCY of resume (git-fixes). - USB: dwc3: ep0: fix NULL pointer exception (git-fixes). - USB: dwc3: omap: improve extcon initialization (git-fixes). - USB: fotg210-hcd: Fix an error message (git-fixes). - USB: pd: Set PD_T_SINK_WAIT_CAP to 310ms (git-fixes). - USB: serial: ftdi_sio: add IDs for IDS GmbH Products (git-fixes). - USB: serial: ftdi_sio: add NovaTech OrionMX product ID (git-fixes). - USB: serial: omninet: add device id for Zyxel Omni 56K Plus (git-fixes). - USB: serial: option: add Telit LE910-S1 compositions 0x7010, 0x7011 (git-fixes). - USB: serial: pl2303: add device id for ADLINK ND-6530 GC (git-fixes). - USB: serial: quatech2: fix control-request directions (git-fixes). - USB: serial: ti_usb_3410_5052: add startech.com device id (git-fixes). - USB: serial: usb_wwan: fix TIOCSSERIAL jiffies conversions (git-fixes). - USB: sl811-hcd: improve misleading indentation (git-fixes). - USB: trancevibrator: fix control-request direction (git-fixes). - USB: typec: tcpm: Use LE to CPU conversion when accessing msg->header (git-fixes). - USB: typec: ucsi: Clear PPM capability data in ucsi_init() error path (git-fixes). - USB: typec: ucsi: Put fwnode in any case during ->probe() (git-fixes). - USB: xhci: Fix port minor revision (git-fixes). - USB: xhci: Increase timeout for HC halt (git-fixes). - vfio/pci: Fix error return code in vfio_ecap_init() (git-fixes). - vfio/pci: zap_vma_ptes() needs MMU (git-fixes). - vfio/platform: fix module_put call in error flow (git-fixes). - vgacon: Record video mode changes with VT_RESIZEX (git-fixes). - video: hgafb: correctly handle card detect failure during probe (bsc#1129770) - video: hgafb: fix potential NULL pointer dereference (bsc#1129770) Backporting changes: * context changes - vsock/vmci: log once the failed queue pair allocation (git-fixes). - wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join (git-fixes). - wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt (git-fixes). - x86: fix seq_file iteration for pat/memtype.c (git-fixes). - x86/cpu: Initialize MSR_TSC_AUX if RDTSCP *or* RDPID is supported (bsc#1114648). Important SUSE bug 1103990 SUSE bug 1103991 SUSE bug 1104353 SUSE bug 1113994 SUSE bug 1114648 SUSE bug 1129770 SUSE bug 1135481 SUSE bug 1136345 SUSE bug 1174978 SUSE bug 1179610 SUSE bug 1182470 SUSE bug 1184040 SUSE bug 1185428 SUSE bug 1185486 SUSE bug 1185677 SUSE bug 1185701 SUSE bug 1185861 SUSE bug 1185863 SUSE bug 1186206 SUSE bug 1186264 SUSE bug 1186463 SUSE bug 1186515 SUSE bug 1186516 SUSE bug 1186517 SUSE bug 1186518 SUSE bug 1186519 SUSE bug 1186520 SUSE bug 1186521 SUSE bug 1186522 SUSE bug 1186523 SUSE bug 1186524 SUSE bug 1186525 SUSE bug 1186526 SUSE bug 1186527 SUSE bug 1186528 SUSE bug 1186529 SUSE bug 1186530 SUSE bug 1186531 SUSE bug 1186532 SUSE bug 1186533 SUSE bug 1186534 SUSE bug 1186535 SUSE bug 1186537 SUSE bug 1186538 SUSE bug 1186539 SUSE bug 1186540 SUSE bug 1186541 SUSE bug 1186542 SUSE bug 1186543 SUSE bug 1186545 SUSE bug 1186546 SUSE bug 1186547 SUSE bug 1186548 SUSE bug 1186549 SUSE bug 1186550 SUSE bug 1186551 SUSE bug 1186552 SUSE bug 1186554 SUSE bug 1186555 SUSE bug 1186556 SUSE bug 1186627 SUSE bug 1186635 SUSE bug 1186638 SUSE bug 1186698 SUSE bug 1186699 SUSE bug 1186700 SUSE bug 1186701 SUSE bug 1187038 SUSE bug 1187049 SUSE bug 1187402 SUSE bug 1187404 SUSE bug 1187407 SUSE bug 1187408 SUSE bug 1187409 SUSE bug 1187411 SUSE bug 1187412 SUSE bug 1187452 SUSE bug 1187453 SUSE bug 1187455 SUSE bug 1187554 SUSE bug 1187595 SUSE bug 1187601 SUSE bug 1187630 SUSE bug 1187631 SUSE bug 1187833 SUSE bug 1187867 SUSE bug 1187972 SUSE bug 1188010 CVE-2019-25045 at SUSE CVE-2019-25045 at NVD CVE-2020-24588 at SUSE CVE-2020-24588 at NVD CVE-2020-26558 at SUSE CVE-2020-26558 at NVD CVE-2020-36386 at SUSE CVE-2020-36386 at NVD CVE-2021-0129 at SUSE CVE-2021-0129 at NVD CVE-2021-0512 at SUSE CVE-2021-0512 at NVD CVE-2021-0605 at SUSE CVE-2021-0605 at NVD CVE-2021-33624 at SUSE CVE-2021-33624 at NVD CVE-2021-34693 at SUSE CVE-2021-34693 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for containerd fixes the following issues: - CVE-2021-32760: Fixed a bug which allows untrusted container images to change permissions in the host's filesystem. (bsc#1188282) Moderate SUSE bug 1188282 CVE-2021-32760 at SUSE CVE-2021-32760 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-22555: A heap out-of-bounds write was discovered in net/netfilter/x_tables.c (bnc#1188116). - CVE-2021-33909: Extremely large seq buffer allocations in seq_file could lead to buffer underruns and code execution (bsc#1188062). - CVE-2021-3609: A use-after-free in can/bcm could have led to privilege escalation (bsc#1187215). - CVE-2021-3612: An out-of-bounds memory write flaw was found in the joystick devices subsystem in the way the user calls ioctl JSIOCSBTNMAP. This flaw allowed a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability (bnc#1187585 ). - CVE-2021-35039: kernel/module.c mishandled Signature Verification, aka CID-0c18f29aae7c. Without CONFIG_MODULE_SIG, verification that a kernel module is signed, for loading via init_module, did not occur for a module.sig_enforce=1 command-line argument (bnc#1188080). NOTE that SUSE kernels are configured with CONFIG_MODULE_SIG=y, so are not affected. The following non-security bugs were fixed: - ACPI: APEI: fix synchronous external aborts in user-mode (git-fixes). - ACPI: bus: Call kobject_put() in acpi_init() error path (git-fixes). - ACPICA: Fix memory leak caused by _CID repair function (git-fixes). - ACPI: EC: Make more Asus laptops use ECDT _GPE (git-fixes). - ACPI: processor idle: Fix up C-state latency if not ordered (git-fixes). - ACPI: property: Constify stubs for CONFIG_ACPI=n case (git-fixes). - ACPI: resources: Add checks for ACPI IRQ override (git-fixes). - ACPI: sysfs: Fix a buffer overrun problem with description_show() (git-fixes). - ALSA: hda/realtek: Add another ALC236 variant support (git-fixes). - ALSA: hda/realtek: Fix bass speaker DAC mapping for Asus UM431D (git-fixes). - ALSA: intel8x0: Fix breakage at ac97 clock measurement (git-fixes). - ALSA: isa: Fix error return code in snd_cmi8330_probe() (git-fixes). - ALSA: usb-audio: fix rate on Ozone Z90 USB headset (git-fixes). - ALSA: usb-audio: scarlett2: Fix wrong resume call (git-fixes). - ALSA: usb-audio: scarlett2: Read mixer volumes at init time (git-fixes). - ALSA: usb-audio: scarlett2: Read mux at init time (git-fixes). - amdgpu: fix GEM obj leak in amdgpu_display_user_framebuffer_create (bsc#1152472) - ASoC: atmel-i2s: Fix usage of capture and playback at the same time (git-fixes). - ASoC: cs42l42: Correct definition of CS42L42_ADC_PDN_MASK (git-fixes). - ASoC: hisilicon: fix missing clk_disable_unprepare() on error in hi6210_i2s_startup() (git-fixes). - ASoC: mediatek: mtk-btcvsd: Fix an error handling path in 'mtk_btcvsd_snd_probe()' (git-fixes). - ASoC: rsnd: tidyup loop on rsnd_adg_clk_query() (git-fixes). - ata: ahci_sunxi: Disable DIPM (git-fixes). - ath10k: add missing error return code in ath10k_pci_probe() (git-fixes). - ath10k: Fix an error code in ath10k_add_interface() (git-fixes). - ath10k: go to path err_unsupported when chip id is not supported (git-fixes). - ath10k: remove unused more_frags variable (git-fixes). - ath9k: Fix kernel NULL pointer dereference during ath_reset_internal() (git-fixes). - backlight: lm3630a_bl: Put fwnode in error case during ->probe() (git-fixes). - Bluetooth: Fix handling of HCI_LE_Advertising_Set_Terminated event (git-fixes). - Bluetooth: mgmt: Fix slab-out-of-bounds in tlv_data_is_valid (git-fixes). - brcmfmac: correctly report average RSSI in station info (git-fixes). - brcmfmac: fix setting of station info chains bitmask (git-fixes). - brcmsmac: mac80211_if: Fix a resource leak in an error handling path (git-fixes). - can: gw: synchronize rcu operations before removing gw job entry (git-fixes). - can: hi311x: hi3110_can_probe(): silence clang warning (git-fixes). - can: peak_pciefd: pucan_handle_status(): fix a potential starvation issue in TX path (git-fixes). - cfg80211: call cfg80211_leave_ocb when switching away from OCB (git-fixes). - char: pcmcia: error out if 'num_bytes_read' is greater than 4 in set_protocol() (git-fixes). - clk: actions: Fix bisp_factor_table based clocks on Owl S500 SoC (git-fixes). - clk: actions: Fix SD clocks factor table on Owl S500 SoC (git-fixes). - clk: actions: Fix UART clock dividers on Owl S500 SoC (git-fixes). - clk: meson: g12a: fix gp0 and hifi ranges (git-fixes). - clk: renesas: rcar-gen3: Update Z clock rate formula in comments (git-fixes). - clk: si5341: Avoid divide errors due to bogus register contents (git-fixes). - clk: si5341: Update initialization magic (git-fixes). - clk: zynqmp: pll: Remove some dead code (git-fixes). - clocksource: Retry clock read if long delays detected (git-fixes). - cpufreq: sc520_freq: add 'fallthrough' to one case (git-fixes). - crypto: ccp - Fix a resource leak in an error handling path (git-fixes). - crypto: ixp4xx - dma_unmap the correct address (git-fixes). - crypto: nitrox - fix unchecked variable in nitrox_register_interrupts (git-fixes). - crypto: nx - add missing MODULE_DEVICE_TABLE (git-fixes). - crypto: omap-sham - Fix PM reference leak in omap sham ops (git-fixes). - crypto: qat - check return code of qat_hal_rd_rel_reg() (git-fixes). - crypto: qat - remove unused macro in FW loader (git-fixes). - crypto: ux500 - Fix error return code in hash_hw_final() (git-fixes). - dmaengine: mediatek: do not issue a new desc if one is still current (git-fixes). - dmaengine: mediatek: free the proper desc in desc_free handler (git-fixes). - dmaengine: mediatek: use GFP_NOWAIT instead of GFP_ATOMIC in prep_dma (git-fixes). - dmaengine: rcar-dmac: Fix PM reference leak in rcar_dmac_probe() (git-fixes). - dmaengine: zynqmp_dma: Fix PM reference leak in zynqmp_dma_alloc_chan_resourc() (git-fixes). - docs: admin-guide: update description for kernel.hotplug sysctl (git-fixes). - dpaa2-eth: fix memory leak in XDP_REDIRECT (git-fixes). - drm/amdgpu: Do not query CE and UE errors (bsc#1152472) - drm: bridge/panel: Cleanup connector on bridge detach (bsc#1152489) - drm/mcde/panel: Inverse misunderstood flag (bsc#1152472) - drm/msm/dpu: Fix error return code in dpu_mdss_init() (git-fixes). - drm/msm: Small msm_gem_purge() fix (bsc#1152489) - drm/nouveau: wait for moving fence after pinning v2 (git-fixes). - drm: qxl: ensure surf.data is ininitialized (git-fixes). - drm/radeon: Fix a missing check bug in radeon_dp_mst_detect() (bsc#1152489) - drm/radeon: wait for moving fence after pinning (git-fixes). - drm/rockchip: cdn-dp-core: add missing clk_disable_unprepare() on error in cdn_dp_grf_write() (git-fixes). - drm/rockchip: dsi: move all lane config except LCDC mux to bind() (git-fixes). - drm/rockchip: dsi: remove extra component_del() call (git-fixes). - drm/stm: Fix bus_flags handling (bsc#1152472) - drm/vc4: hdmi: Make sure the controller is powered in detect (bsc#1152489) - extcon: extcon-max8997: Fix IRQ freeing at error path (git-fixes). - extcon: intel-mrfld: Sync hardware and software state on init (git-fixes). - extcon: max8997: Add missing modalias string (git-fixes). - extcon: sm5502: Drop invalid register write in sm5502_reg_data (git-fixes). - firmware: tegra: Fix error return code in tegra210_bpmp_init() (git-fixes). - Fix meta data in lpfc-decouple-port_template-and-vport_template.patch - fix patches metadata - fm10k: Fix an error handling path in 'fm10k_probe()' (git-fixes). - fpga: machxo2-spi: Address warning about unused variable (git-fixes). - fpga: stratix10-soc: Add missing fpga_mgr_free() call (git-fixes). - fuse: check connected before queueing on fpq->io (bsc#1188267). - fuse: ignore PG_workingset after stealing (bsc#1188268). - fuse: reject internal errno (bsc#1188269). - gpio: AMD8111 and TQMX86 require HAS_IOPORT_MAP (git-fixes). - gve: Fix an error handling path in 'gve_probe()' (git-fixes). - gve: Fix swapped vars when fetching max queues (git-fixes). - HID: do not use down_interruptible() when unbinding devices (git-fixes). - HID: wacom: Correct base usage for capacitive ExpressKey status bits (git-fixes). - hwmon: (max31722) Remove non-standard ACPI device IDs (git-fixes). - hwmon: (max31790) Fix fan speed reporting for fan7..12 (git-fixes). - hwmon: (max31790) Fix pwmX_enable attributes (git-fixes). - hwmon: (max31790) Report correct current pwm duty cycles (git-fixes). - hwrng: exynos - Fix runtime PM imbalance on error (git-fixes). - i2c: dev: Add __user annotation (git-fixes). - i2c: robotfuzz-osif: fix control-request directions (git-fixes). - ibmvnic: account for bufs already saved in indir_buf (jsc#SLE-17268 jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Allow device probe if the device is not ready at boot (bsc#1184114 ltc#192237). - ibmvnic: clean pending indirect buffs during reset (jsc#SLE-17268 jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: fix kernel build warning (bsc#1184114 ltc#192237). - ibmvnic: fix kernel build warning in strncpy (bsc#1184114 ltc#192237). - ibmvnic: fix kernel build warnings in build_hdr_descs_arr (bsc#1184114 ltc#192237). - ibmvnic: fix send_request_map incompatible argument (bsc#1184114 ltc#192237). - ibmvnic: free tx_pool if tso_pool alloc fails (bsc#1085224 ltc#164363). - ibmvnic: parenthesize a check (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139 git-fixes). - ibmvnic: set ltb->buff to NULL after freeing (bsc#1094840 ltc#167098). - ibmvnic: Use list_for_each_entry() to simplify code in ibmvnic.c (bsc#1184114 ltc#192237). - ibmvnic: Use 'skb_frag_address()' instead of hand coding it (bsc#1184114 ltc#192237). - ibmvnic: Use strscpy() instead of strncpy() (bsc#1184114 ltc#192237). - iio: accel: bma180: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: bma220: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: hid: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: kxcjk-1013: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio:accel:mxc4005: Drop unnecessary explicit casts in regmap_bulk_read calls (git-fixes). - iio: accel: mxc4005: Fix overread of data and alignment issue (git-fixes). - iio: accel: stk8312: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: stk8ba50: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: at91-sama5d2: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: hx711: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: mxs-lradc: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: ti-ads1015: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: ti-ads8688: Fix alignment of buffer in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: vf610: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adis16400: do not return ints in irq handlers (git-fixes). - iio: adis_buffer: do not return ints in irq handlers (git-fixes). - iio: at91-sama5d2_adc: remove usage of iio_priv_to_dev() helper (git-fixes). - iio: gyro: bmg160: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: humidity: am2315: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: light: isl29125: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: light: tcs3414: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: light: tcs3472: do not free unallocated IRQ (git-fixes). - iio: light: tcs3472: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: light: vcnl4035: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: ltr501: ltr501_read_ps(): add missing endianness conversion (git-fixes). - iio: ltr501: ltr559: fix initialization of LTR501_ALS_CONTR (git-fixes). - iio: ltr501: mark register holding upper 8 bits of ALS_DATA{0,1} and PS_DATA as volatile, too (git-fixes). - iio: magn: bmc150: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: magn: hmc5843: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: magn: rm3100: Fix alignment of buffer in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: potentiostat: lmp91000: Fix alignment of buffer in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: prox: as3935: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: prox: isl29501: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: prox: pulsed-light: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: prox: srf08: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: si1133: fix format string warnings (git-fixes). - Input: hil_kbd - fix error return code in hil_dev_connect() (git-fixes). - Input: usbtouchscreen - fix control-request directions (git-fixes). - kABI: restore struct tcpc_config definition (git-fixes). - kernel-binary.spec: Exctract s390 decompression code (jsc#SLE-17042). - leds: as3645a: Fix error return code in as3645a_parse_node() (git-fixes). - leds: ktd2692: Fix an error handling path (git-fixes). - leds: lm3532: select regmap I2C API (git-fixes). - lib/decompressors: remove set but not used variabled 'level' (git-fixes). - lib: vsprintf: Fix handling of number field widths in vsscanf (git-fixes). - mac80211_hwsim: drop pending frames on stop (git-fixes). - mac80211: remove iwlwifi specific workaround NDPs of null_response (git-fixes). - mac80211: remove iwlwifi specific workaround that broke sta NDP tx (git-fixes). - mac80211: remove warning in ieee80211_get_sband() (git-fixes). - math: Export mul_u64_u64_div_u64 (git-fixes). - media: au0828: fix a NULL vs IS_ERR() check (git-fixes). - media: bt8xx: Fix a missing check bug in bt878_probe (git-fixes). - media: cobalt: fix race condition in setting HPD (git-fixes). - media: cpia2: fix memory leak in cpia2_usb_probe (git-fixes). - media: dtv5100: fix control-request directions (git-fixes). - media: dvb_net: avoid speculation from net slot (git-fixes). - media: dvb-usb: fix wrong definition (git-fixes). - media: dvd_usb: memory leak in cinergyt2_fe_attach (git-fixes). - media: em28xx: Fix possible memory leak of em28xx struct (git-fixes). - media: exynos4-is: Fix a use after free in isp_video_release (git-fixes). - media: exynos-gsc: fix pm_runtime_get_sync() usage count (git-fixes). - media: Fix Media Controller API config checks (git-fixes). - media: gspca/gl860: fix zero-length control requests (git-fixes). - media: gspca/sq905: fix control-request direction (git-fixes). - media: gspca/sunplus: fix zero-length control requests (git-fixes). - media: I2C: change 'RST' to 'RSET' to fix multiple build errors (git-fixes). - media: imx-csi: Skip first few frames from a BT.656 source (git-fixes). - media: imx: imx7_mipi_csis: Fix logging of only error event counters (git-fixes). - media: mdk-mdp: fix pm_runtime_get_sync() usage count (git-fixes). - media: mtk-vcodec: fix PM runtime get logic (git-fixes). - media: pvrusb2: fix warning in pvr2_i2c_core_done (git-fixes). - media: rc: i2c: Fix an error message (git-fixes). - media: rtl28xxu: fix zero-length control request (git-fixes). - media: s5p-g2d: Fix a memory leak on ctx->fh.m2m_ctx (git-fixes). - media: s5p-jpeg: fix pm_runtime_get_sync() usage count (git-fixes). - media: sh_vou: fix pm_runtime_get_sync() usage count (git-fixes). - media: siano: fix device register error path (git-fixes). - media: siano: Fix out-of-bounds warnings in smscore_load_firmware_family2() (git-fixes). - media: st-hva: Fix potential NULL pointer dereferences (git-fixes). - media: sti/bdisp: fix pm_runtime_get_sync() usage count (git-fixes). - media: sti: fix obj-$(config) targets (git-fixes). - media: tc358743: Fix error return code in tc358743_probe_of() (git-fixes). - media: v4l2-async: Fix trivial documentation typo (git-fixes). - media: v4l2-core: Avoid the dangling pointer in v4l2_fh_release (git-fixes). - media: zr364xx: fix memory leak in zr364xx_start_readpipe (git-fixes). - memory: atmel-ebi: add missing of_node_put for loop iteration (git-fixes). - memory: fsl_ifc: fix leak of IO mapping on probe failure (git-fixes). - memory: fsl_ifc: fix leak of private memory on probe failure (git-fixes). - memory: pl353: Fix error return code in pl353_smc_probe() (git-fixes). - memstick: rtsx_usb_ms: fix UAF (git-fixes). - mmc: block: Disable CMDQ on the ioctl path (git-fixes). - mmc: core: clear flags before allowing to retune (git-fixes). - mmc: sdhci-esdhc-imx: remove unused is_imx6q_usdhc (git-fixes). - mmc: sdhci: Fix warning message when accessing RPMB in HS400 mode (git-fixes). - mmc: sdhci-sprd: use sdhci_sprd_writew (git-fixes). - mmc: usdhi6rol0: fix error return code in usdhi6_probe() (git-fixes). - mmc: via-sdmmc: add a check against NULL pointer dereference (git-fixes). - mmc: vub3000: fix control-request direction (git-fixes). - mm, futex: fix shared futex pgoff on shmem huge page (git fixes (kernel/futex)). - mt76: fix possible NULL pointer dereference in mt76_tx (git-fixes). - mtd: partitions: redboot: seek fis-index-block in the right node (git-fixes). - mtd: rawnand: marvell: add missing clk_disable_unprepare() on error in marvell_nfc_resume() (git-fixes). - mwifiex: re-fix for unaligned accesses (git-fixes). - nvme-rdma: fix in-casule data send for chained sgls (git-fixes). - nvme-rdma: introduce nvme_rdma_sgl structure (git-fixes). - nvme-tcp: rerun io_work if req_list is not empty (git-fixes). - nvme: verify MNAN value if ANA is enabled (bsc#1185791). - PCI: Add AMD RS690 quirk to enable 64-bit DMA (git-fixes). - pinctrl: stm32: fix the reported number of GPIO lines per bank (git-fixes). - platform/x86: toshiba_acpi: Fix missing error code in toshiba_acpi_setup_keyboard() (git-fixes). - ptp_qoriq: fix overflow in ptp_qoriq_adjfine() u64 calcalation (git-fixes). - r8152: Avoid memcpy() over-reading of ETH_SS_STATS (git-fixes). - r8169: Avoid memcpy() over-reading of ETH_SS_STATS (git-fixes). - random32: Fix implicit truncation warning in prandom_seed_state() (git-fixes). - regulator: da9052: Ensure enough delay time for .set_voltage_time_sel (git-fixes). - regulator: hi655x: Fix pass wrong pointer to config.driver_data (git-fixes). - regulator: uniphier: Add missing MODULE_DEVICE_TABLE (git-fixes). - reset: a10sr: add missing of_match_table reference (git-fixes). - reset: bail if try_module_get() fails (git-fixes). - reset: brcmstb: Add missing MODULE_DEVICE_TABLE (git-fixes). - Revert 'ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro' (git-fixes). - Revert 'ibmvnic: remove duplicate napi_schedule call in open function' (bsc#1065729). - rpm/kernel-binary.spec.in: Remove zdebug define used only once. - rsi: Assign beacon rate settings to the correct rate_info descriptor field (git-fixes). - rtc: fix snprintf() checking in is_rtc_hctosys() (git-fixes). - rtc: stm32: Fix unbalanced clk_disable_unprepare() on probe error path (git-fixes). - scsi: qedf: Do not put host in qedf_vport_create() unconditionally (bsc#1170511). - serial: 8250: Actually allow UPF_MAGIC_MULTIPLIER baud rates (git-fixes). - serial_cs: Add Option International GSM-Ready 56K/ISDN modem (git-fixes). - serial_cs: remove wrong GLOBETROTTER.cis entry (git-fixes). - serial: mvebu-uart: correctly calculate minimal possible baudrate (git-fixes). - serial: mvebu-uart: do not allow changing baudrate when uartclk is not available (git-fixes). - serial: mvebu-uart: fix calculation of clock divisor (git-fixes). - serial: tegra-tcu: Reorder channel initialization (git-fixes). - soc: fsl: qbman: Delete useless kfree code (bsc#1188176). - soc: fsl: qbman: Ensure device cleanup is run for kexec (bsc#1188176). - soundwire: stream: Fix test for DP prepare complete (git-fixes). - spi: fspi: dynamically alloc AHB memory (bsc#1188121). - spi: Make of_register_spi_device also set the fwnode (git-fixes). - spi: nxp-fspi: Use devm API to fix missed unregistration of controller (bsc#1188121). - spi: omap-100k: Fix the length judgment problem (git-fixes). - spi: spi-loopback-test: Fix 'tx_buf' might be 'rx_buf' (git-fixes). - spi: spi-nxp-fspi: Add ACPI support (bsc#1188121). - spi: spi-nxp-fspi: Add support for IP read only (bsc#1188121). - spi: spi-nxp-fspi: Enable the Octal Mode in MCR0 (bsc#1188121). - spi: spi-nxp-fspi: Fix a NULL vs IS_ERR() check in probe (bsc#1188121). - spi: spi-nxp-fspi: Implement errata workaround for LS1028A (bsc#1188121). - spi: spi-sun6i: Fix chipselect/clock bug (git-fixes). - spi: spi-topcliff-pch: Fix potential double free in pch_spi_process_messages() (git-fixes). - spi: stm32-qspi: Remove unused qspi field of struct stm32_qspi_flash (git-fixes). - spi: tegra114: Fix an error message (git-fixes). - ssb: Fix error return code in ssb_bus_scan() (git-fixes). - ssb: sdio: Do not overwrite const buffer if block_write fails (git-fixes). - staging: gdm724x: check for buffer overflow in gdm_lte_multi_sdu_pkt() (git-fixes). - staging: gdm724x: check for overflow in gdm_lte_netif_rx() (git-fixes). - staging: rtl8712: fix memory leak in rtl871x_load_fw_cb (git-fixes). - staging: rtl8712: remove redundant check in r871xu_drv_init (git-fixes). - thermal/drivers/rcar_gen3_thermal: Fix coefficient calculations (git-fixes). - tpm, tpm_tis: Decorate tpm_get_timeouts() with request_locality() (bsc#1188036). - tpm, tpm_tis: Decorate tpm_tis_gen_interrupt() with request_locality() (bsc#1188036). - tpm, tpm_tis: Extend locality handling to TPM2 in tpm_tis_gen_interrupt() (bsc#1188036). - tpm, tpm_tis: Reserve locality in tpm_tis_resume() (bsc#1188036). - tracepoint: Add tracepoint_probe_register_may_exist() for BPF tracing (git-fixes). - tracing/histograms: Fix parsing of 'sym-offset' modifier (git-fixes). - tracing: Resize tgid_map to pid_max, not PID_MAX_DEFAULT (git-fixes). - tracing: Simplify & fix saved_tgids logic (git-fixes). - tty: nozomi: Fix a resource leak in an error handling function (git-fixes). - tty: nozomi: Fix the error handling path of 'nozomi_card_init()' (git-fixes). - USB: cdc-acm: blacklist Heimann USB Appset device (git-fixes). - usb: dwc2: Do not reset the core after setting turnaround time (git-fixes). - usb: dwc3: Fix debugfs creation flow (git-fixes). - usb: gadget: eem: fix echo command packet response issue (git-fixes). - usb: gadget: f_fs: Fix setting of device and driver data cross-references (git-fixes). - usb: typec: Add the missed altmode_id_remove() in typec_register_altmode() (git-fixes). - usb: typec: fusb302: Always provide fwnode for the port (git-fixes). - usb: typec: fusb302: fix 'op-sink-microwatt' default that was in mW (git-fixes). - usb: typec: tcpm: Error handling for tcpm_register_partner_altmodes (git-fixes). - usb: typec: tcpm: Move mod_delayed_work(&port->vdm_state_machine) call into tcpm_queue_vdm() (git-fixes). - usb: typec: tcpm: move to SNK_UNATTACHED if sink removed for DRP (git-fixes). - usb: typec: tcpm: Refactor tcpm_handle_vdm_request (git-fixes). - usb: typec: tcpm: Refactor tcpm_handle_vdm_request payload handling (git-fixes). - usb: typec: tcpm: Remove tcpc_config configuration mechanism (git-fixes). - usb: typec: tcpm: set correct data role for non-DRD (git-fixes). - usb: typec: tcpm: Switch to use fwnode_property_count_uXX() (git-fixes). - usb: typec: tcpm: update power supply once partner accepts (git-fixes). - usb: typec: ucsi: Hold con->lock for the entire duration of ucsi_register_port() (git-fixes). - usb: typec: ucsi: Put fwnode in any case during ->probe() (git-fixes). - usb: typec: wcove: Fx wrong kernel doc format (git-fixes). - Use /usr/lib/modules as module dir when usermerge is active in the target distro. - vfio/pci: Handle concurrent vma faults (git-fixes). - vfs: Convert functionfs to use the new mount API (git -fixes). - video: fbdev: imxfb: Fix an error message (git-fixes). - visorbus: fix error return code in visorchipset_init() (git-fixes). - vmxnet3: fix cksum offload issues for tunnels with non-default udp ports (git-fixes). - watchdog: aspeed: fix hardware timeout calculation (git-fixes). - watchdog: sp805: Fix kernel doc description (git-fixes). - wcn36xx: Move hal_buf allocation to devm_kmalloc in probe (git-fixes). - wireless: carl9170: fix LEDS build errors & warnings (git-fixes). - x86/kvm: Disable all PV features on crash (bsc#1185308). - x86/kvm: Disable kvmclock on all CPUs on shutdown (bsc#1185308). - x86/kvm: Fix pr_info() for async PF setup/teardown (bsc#1185308). - x86/kvm: Teardown PV features on boot CPU as well (bsc#1185308). - x86/kvm: Unify kvm_pv_guest_cpu_reboot() with kvm_guest_cpu_offline() (bsc#1185308). - [xarray] iov_iter_fault_in_readable() should do nothing in xarray case (git-fixes). - xhci: solve a double free problem while doing s4 (git-fixes). Important SUSE bug 1065729 SUSE bug 1085224 SUSE bug 1094840 SUSE bug 1152472 SUSE bug 1152489 SUSE bug 1170511 SUSE bug 1179243 SUSE bug 1183871 SUSE bug 1184114 SUSE bug 1184804 SUSE bug 1185308 SUSE bug 1185791 SUSE bug 1187215 SUSE bug 1187585 SUSE bug 1188036 SUSE bug 1188062 SUSE bug 1188080 SUSE bug 1188116 SUSE bug 1188121 SUSE bug 1188176 SUSE bug 1188267 SUSE bug 1188268 SUSE bug 1188269 CVE-2021-22555 at SUSE CVE-2021-22555 at NVD CVE-2021-33909 at SUSE CVE-2021-33909 at NVD CVE-2021-35039 at SUSE CVE-2021-35039 at NVD CVE-2021-3609 at SUSE CVE-2021-3609 at NVD CVE-2021-3612 at SUSE CVE-2021-3612 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for curl fixes the following issues: - CVE-2021-22925: TELNET stack contents disclosure again. (bsc#1188220) - CVE-2021-22924: Bad connection reuse due to flawed path name checks. (bsc#1188219) - CVE-2021-22923: Insufficiently Protected Credentials. (bsc#1188218) - CVE-2021-22922: Wrong content via metalink not discarded. (bsc#1188217) Moderate SUSE bug 1188217 SUSE bug 1188218 SUSE bug 1188219 SUSE bug 1188220 CVE-2021-22922 at SUSE CVE-2021-22922 at NVD CVE-2021-22923 at SUSE CVE-2021-22923 at NVD CVE-2021-22924 at SUSE CVE-2021-22924 at NVD CVE-2021-22925 at SUSE CVE-2021-22925 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for libvirt fixes the following issues: - CVE-2021-3631: fix SELinux label generation logic (bsc#1187871) Moderate SUSE bug 1184253 SUSE bug 1187871 CVE-2021-3631 at SUSE CVE-2021-3631 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for qemu fixes the following issues: Security issues fixed: - CVE-2021-3595: Fixed slirp: invalid pointer initialization may lead to information disclosure (tftp) (bsc#1187366) - CVE-2021-3592: Fix for slirp: invalid pointer initialization may lead to information disclosure (bootp) (bsc#1187364) - CVE-2021-3594: Fix for slirp: invalid pointer initialization may lead to information disclosure (udp) (bsc#1187367) - CVE-2021-3593: Fix for slirp: invalid pointer initialization may lead to information disclosure (udp6) (bsc#1187365) - CVE-2021-3582: Fix possible mremap overflow in the pvrdma (bsc#1187499) - CVE-2021-3607: Ensure correct input on ring init (bsc#1187539) - CVE-2021-3608: Fix the ring init error flow (bsc#1187538) - CVE-2021-3611: Fix intel-hda segmentation fault due to stack overflow (bsc#1187529) Important SUSE bug 1187364 SUSE bug 1187365 SUSE bug 1187366 SUSE bug 1187367 SUSE bug 1187499 SUSE bug 1187529 SUSE bug 1187538 SUSE bug 1187539 CVE-2021-3582 at SUSE CVE-2021-3582 at NVD CVE-2021-3592 at SUSE CVE-2021-3592 at NVD CVE-2021-3593 at SUSE CVE-2021-3593 at NVD CVE-2021-3594 at SUSE CVE-2021-3594 at NVD CVE-2021-3595 at SUSE CVE-2021-3595 at NVD CVE-2021-3607 at SUSE CVE-2021-3607 at NVD CVE-2021-3608 at SUSE CVE-2021-3608 at NVD CVE-2021-3611 at SUSE CVE-2021-3611 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-22555: Fixed an heap out-of-bounds write in net/netfilter/x_tables.c that could allow local provilege escalation. (bsc#1188116) - CVE-2021-3609: Fixed a race condition in the CAN BCM networking protocol which allows for local privilege escalation. (bsc#1187215) - CVE-2021-3612: Fixed an out-of-bounds memory write flaw which could allows a local user to crash the system or possibly escalate their privileges on the system. (bsc#1187585) - CVE-2021-35039: Fixed a bug where modules signature verification did not occur if CONFIG_MODULE_SIG is not set, regardless of the value of module.sig_enforce command-line argument. (bnc#1188080) The following non-security bugs were fixed: - ACPI: APEI: fix synchronous external aborts in user-mode (git-fixes). - ACPI: bus: Call kobject_put() in acpi_init() error path (git-fixes). - ACPI: EC: Make more Asus laptops use ECDT _GPE (git-fixes). - ACPI: Fix memory leak caused by _CID repair function (git-fixes). - ACPI: processor idle: Fix up C-state latency if not ordered (git-fixes). - ACPI: property: Constify stubs for CONFIG_ACPI=n case (git-fixes). - ACPI: resources: Add checks for ACPI IRQ override (git-fixes). - ACPI: sysfs: Fix a buffer overrun problem with description_show() (git-fixes). - ALSA: hda/realtek: Add another ALC236 variant support (git-fixes). - ALSA: hda/realtek: Fix bass speaker DAC mapping for Asus UM431D (git-fixes). - ALSA: intel8x0: Fix breakage at ac97 clock measurement (git-fixes). - ALSA: isa: Fix error return code in snd_cmi8330_probe() (git-fixes). - ALSA: usb-audio: fix rate on Ozone Z90 USB headset (git-fixes). - ALSA: usb-audio: scarlett2: Fix wrong resume call (git-fixes). - ALSA: usb-audio: scarlett2: Read mixer volumes at init time (git-fixes). - ALSA: usb-audio: scarlett2: Read mux at init time (git-fixes). - amdgpu: fix GEM obj leak in amdgpu_display_user_framebuffer_create (bsc#1152472) Backporting changes: * context changes - ASoC: atmel-i2s: Fix usage of capture and playback at the same time (git-fixes). - ASoC: cs42l42: Correct definition of CS42L42_ADC_PDN_MASK (git-fixes). - ASoC: hisilicon: fix missing clk_disable_unprepare() on error in hi6210_i2s_startup() (git-fixes). - ASoC: mediatek: mtk-btcvsd: Fix an error handling path in 'mtk_btcvsd_snd_probe()' (git-fixes). - ASoC: rsnd: tidyup loop on rsnd_adg_clk_query() (git-fixes). - ata: ahci_sunxi: Disable DIPM (git-fixes). - ath10k: add missing error return code in ath10k_pci_probe() (git-fixes). - ath10k: Fix an error code in ath10k_add_interface() (git-fixes). - ath10k: go to path err_unsupported when chip id is not supported (git-fixes). - ath10k: remove unused more_frags variable (git-fixes). - ath9k: Fix kernel NULL pointer dereference during ath_reset_internal() (git-fixes). - backlight: lm3630a_bl: Put fwnode in error case during ->probe() (git-fixes). - blk-mq: Add blk_mq_delay_run_hw_queues() API call (bsc#1180092). - blk-mq: In blk_mq_dispatch_rq_list() 'no budget' is a reason to kick (bsc#1180092). - blk-mq: insert flush request to the front of dispatch queue (bsc#1180092). - blk-mq: insert passthrough request into hctx->dispatch directly (bsc#1180092). - blk-mq: Put driver tag in blk_mq_dispatch_rq_list() when no budget (bsc#1180092). - blk-mq: Rerun dispatching in the case of budget contention (bsc#1180092). - Bluetooth: Fix handling of HCI_LE_Advertising_Set_Terminated event (git-fixes). - Bluetooth: mgmt: Fix slab-out-of-bounds in tlv_data_is_valid (git-fixes). - bpftool: Properly close va_list 'ap' by va_end() on error (bsc#1155518). - brcmfmac: correctly report average RSSI in station info (git-fixes). - brcmfmac: fix setting of station info chains bitmask (git-fixes). - brcmsmac: mac80211_if: Fix a resource leak in an error handling path (git-fixes). - can: gw: synchronize rcu operations before removing gw job entry (git-fixes). - can: hi311x: hi3110_can_probe(): silence clang warning (git-fixes). - can: peak_pciefd: pucan_handle_status(): fix a potential starvation issue in TX path (git-fixes). - cfg80211: call cfg80211_leave_ocb when switching away from OCB (git-fixes). - char: pcmcia: error out if 'num_bytes_read' is greater than 4 in set_protocol() (git-fixes). - clk: actions: Fix bisp_factor_table based clocks on Owl S500 SoC (git-fixes). - clk: actions: Fix SD clocks factor table on Owl S500 SoC (git-fixes). - clk: actions: Fix UART clock dividers on Owl S500 SoC (git-fixes). - clk: meson: g12a: fix gp0 and hifi ranges (git-fixes). - clk: si5341: Avoid divide errors due to bogus register contents (git-fixes). - clk: zynqmp: pll: Remove some dead code (git-fixes). - clocksource: Retry clock read if long delays detected (git-fixes). - cpufreq: sc520_freq: add 'fallthrough' to one case (git-fixes). - crypto: ccp - Fix a resource leak in an error handling path (git-fixes). - crypto: ixp4xx - dma_unmap the correct address (git-fixes). - crypto: nitrox - fix unchecked variable in nitrox_register_interrupts (git-fixes). - crypto: nx - add missing MODULE_DEVICE_TABLE (git-fixes). - crypto: omap-sham - Fix PM reference leak in omap sham ops (git-fixes). - crypto: qat - check return code of qat_hal_rd_rel_reg() (git-fixes). - crypto: qat - remove unused macro in FW loader (git-fixes). - crypto: ux500 - Fix error return code in hash_hw_final() (git-fixes). - dma-buf/sync_file: Do not leak fences on merge failure (git-fixes). - dmaengine: mediatek: do not issue a new desc if one is still current (git-fixes). - dmaengine: mediatek: free the proper desc in desc_free handler (git-fixes). - dmaengine: mediatek: use GFP_NOWAIT instead of GFP_ATOMIC in prep_dma (git-fixes). - dmaengine: rcar-dmac: Fix PM reference leak in rcar_dmac_probe() (git-fixes). - dmaengine: zynqmp_dma: Fix PM reference leak in zynqmp_dma_alloc_chan_resourc() (git-fixes). - dpaa2-eth: fix memory leak in XDP_REDIRECT (git-fixes). - drm: bridge/panel: Cleanup connector on bridge detach (bsc#1152489) Backporting changes: * context changes - drm: qxl: ensure surf.data is ininitialized (git-fixes). - drm/amdgpu: Do not query CE and UE errors (bsc#1152472) Backporting changes: * unsigned long -> uint32_t - drm/mcde/panel: Inverse misunderstood flag (bsc#1152472) Backporting changes: * only panel-samsung-s6d16d0.c exists - drm/msm: Small msm_gem_purge() fix (bsc#1152489) Backporting changes: * context changes * GEM_WARN_ON() -> WARN_ON() - drm/msm/dpu: Fix error return code in dpu_mdss_init() (git-fixes). - drm/nouveau: wait for moving fence after pinning v2 (git-fixes). - drm/radeon: Fix a missing check bug in radeon_dp_mst_detect() (bsc#1152489) Backporting changes: * context changes - drm/radeon: wait for moving fence after pinning (git-fixes). - drm/rockchip: cdn-dp-core: add missing clk_disable_unprepare() on error in cdn_dp_grf_write() (git-fixes). - drm/rockchip: dsi: move all lane config except LCDC mux to bind() (git-fixes). - drm/rockchip: dsi: remove extra component_del() call (git-fixes). - drm/stm: Fix bus_flags handling (bsc#1152472) - drm/vc4: hdmi: Make sure the controller is powered in detect (bsc#1152489) Backporting changes: * context changes * vc4_hdmi -> vc4->hdmi - extcon: extcon-max8997: Fix IRQ freeing at error path (git-fixes). - extcon: intel-mrfld: Sync hardware and software state on init (git-fixes). - extcon: max8997: Add missing modalias string (git-fixes). - extcon: sm5502: Drop invalid register write in sm5502_reg_data (git-fixes). - fbmem: add margin check to fb_check_caps() (git-fixes). - firmware: tegra: Fix error return code in tegra210_bpmp_init() (git-fixes). - fm10k: Fix an error handling path in 'fm10k_probe()' (git-fixes). - fpga: machxo2-spi: Address warning about unused variable (git-fixes). - fpga: stratix10-soc: Add missing fpga_mgr_free() call (git-fixes). - fuse: check connected before queueing on fpq->io (bsc#1188267). - fuse: ignore PG_workingset after stealing (bsc#1188268). - fuse: reject internal errno (bsc#1188269). - futex: fix shared futex pgoff on shmem huge page (git fixes (kernel/futex)). - gpio: AMD8111 and TQMX86 require HAS_IOPORT_MAP (git-fixes). - gve: Fix an error handling path in 'gve_probe()' (git-fixes). - gve: Fix swapped vars when fetching max queues (git-fixes). - HID: do not use down_interruptible() when unbinding devices (git-fixes). - HID: wacom: Correct base usage for capacitive ExpressKey status bits (git-fixes). - hwmon: (max31722) Remove non-standard ACPI device IDs (git-fixes). - hwmon: (max31790) Fix fan speed reporting for fan7..12 (git-fixes). - hwmon: (max31790) Fix pwmX_enable attributes (git-fixes). - hwmon: (max31790) Report correct current pwm duty cycles (git-fixes). - hwrng: exynos - Fix runtime PM imbalance on error (git-fixes). - i2c: dev: Add __user annotation (git-fixes). - i2c: robotfuzz-osif: fix control-request directions (git-fixes). - ibmvnic: account for bufs already saved in indir_buf (jsc#SLE-17268 jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Allow device probe if the device is not ready at boot (bsc#1184114 ltc#192237). - ibmvnic: clean pending indirect buffs during reset (jsc#SLE-17268 jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: fix kernel build warning (bsc#1184114 ltc#192237). - ibmvnic: fix kernel build warning in strncpy (bsc#1184114 ltc#192237). - ibmvnic: fix kernel build warnings in build_hdr_descs_arr (bsc#1184114 ltc#192237). - ibmvnic: fix send_request_map incompatible argument (bsc#1184114 ltc#192237). - ibmvnic: free tx_pool if tso_pool alloc fails (bsc#1085224 ltc#164363). - ibmvnic: parenthesize a check (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139 git-fixes). - ibmvnic: set ltb->buff to NULL after freeing (bsc#1094840 ltc#167098). - ibmvnic: Use 'skb_frag_address()' instead of hand coding it (bsc#1184114 ltc#192237). - ibmvnic: Use list_for_each_entry() to simplify code in ibmvnic.c (bsc#1184114 ltc#192237). - ibmvnic: Use strscpy() instead of strncpy() (bsc#1184114 ltc#192237). - iio: accel: bma180: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: bma220: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: hid: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: kxcjk-1013: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: mxc4005: Fix overread of data and alignment issue (git-fixes). - iio: accel: stk8312: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: accel: stk8ba50: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: at91-sama5d2: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: hx711: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: mxs-lradc: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: ti-ads1015: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: ti-ads8688: Fix alignment of buffer in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adc: vf610: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: adis_buffer: do not return ints in irq handlers (git-fixes). - iio: adis16400: do not return ints in irq handlers (git-fixes). - iio: at91-sama5d2_adc: remove usage of iio_priv_to_dev() helper (git-fixes). - iio: gyro: bmg160: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: humidity: am2315: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: light: isl29125: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: light: tcs3414: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: light: tcs3472: do not free unallocated IRQ (git-fixes). - iio: light: tcs3472: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: light: vcnl4035: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: ltr501: ltr501_read_ps(): add missing endianness conversion (git-fixes). - iio: ltr501: ltr559: fix initialization of LTR501_ALS_CONTR (git-fixes). - iio: ltr501: mark register holding upper 8 bits of ALS_DATA{0,1} and PS_DATA as volatile, too (git-fixes). - iio: magn: bmc150: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: magn: hmc5843: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: magn: rm3100: Fix alignment of buffer in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: potentiostat: lmp91000: Fix alignment of buffer in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: prox: as3935: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: prox: isl29501: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: prox: pulsed-light: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: prox: srf08: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes). - iio: si1133: fix format string warnings (git-fixes). - iio:accel:mxc4005: Drop unnecessary explicit casts in regmap_bulk_read calls (git-fixes). - Input: hil_kbd - fix error return code in hil_dev_connect() (git-fixes). - Input: usbtouchscreen - fix control-request directions (git-fixes). - kABI: restore struct tcpc_config definition (git-fixes). - leds: as3645a: Fix error return code in as3645a_parse_node() (git-fixes). - leds: ktd2692: Fix an error handling path (git-fixes). - leds: lm3532: select regmap I2C API (git-fixes). - lib: vsprintf: Fix handling of number field widths in vsscanf (git-fixes). - lib/decompressors: remove set but not used variabled 'level' (git-fixes). - libbpf: Fixes incorrect rx_ring_setup_done (bsc#1155518). - mac80211: drop pending frames on stop (git-fixes). - mac80211: remove iwlwifi specific workaround NDPs of null_response (git-fixes). - mac80211: remove iwlwifi specific workaround that broke sta NDP tx (git-fixes). - mac80211: remove warning in ieee80211_get_sband() (git-fixes). - math: Export mul_u64_u64_div_u64 (git-fixes). - media: au0828: fix a NULL vs IS_ERR() check (git-fixes). - media: bt8xx: Fix a missing check bug in bt878_probe (git-fixes). - media: cobalt: fix race condition in setting HPD (git-fixes). - media: cpia2: fix memory leak in cpia2_usb_probe (git-fixes). - media: dtv5100: fix control-request directions (git-fixes). - media: dvb_net: avoid speculation from net slot (git-fixes). - media: dvb-usb: fix wrong definition (git-fixes). - media: dvd_usb: memory leak in cinergyt2_fe_attach (git-fixes). - media: em28xx: Fix possible memory leak of em28xx struct (git-fixes). - media: exynos-gsc: fix pm_runtime_get_sync() usage count (git-fixes). - media: exynos4-is: Fix a use after free in isp_video_release (git-fixes). - media: Fix Media Controller API config checks (git-fixes). - media: gspca/gl860: fix zero-length control requests (git-fixes). - media: gspca/sq905: fix control-request direction (git-fixes). - media: gspca/sunplus: fix zero-length control requests (git-fixes). - media: I2C: change 'RST' to 'RSET' to fix multiple build errors (git-fixes). - media: imx-csi: Skip first few frames from a BT.656 source (git-fixes). - media: imx: imx7_mipi_csis: Fix logging of only error event counters (git-fixes). - media: mdk-mdp: fix pm_runtime_get_sync() usage count (git-fixes). - media: mtk-vcodec: fix PM runtime get logic (git-fixes). - media: pvrusb2: fix warning in pvr2_i2c_core_done (git-fixes). - media: rc: i2c: Fix an error message (git-fixes). - media: rtl28xxu: fix zero-length control request (git-fixes). - media: s5p-g2d: Fix a memory leak on ctx->fh.m2m_ctx (git-fixes). - media: s5p-jpeg: fix pm_runtime_get_sync() usage count (git-fixes). - media: sh_vou: fix pm_runtime_get_sync() usage count (git-fixes). - media: siano: fix device register error path (git-fixes). - media: siano: Fix out-of-bounds warnings in smscore_load_firmware_family2() (git-fixes). - media: st-hva: Fix potential NULL pointer dereferences (git-fixes). - media: sti: fix obj-$(config) targets (git-fixes). - media: sti/bdisp: fix pm_runtime_get_sync() usage count (git-fixes). - media: tc358743: Fix error return code in tc358743_probe_of() (git-fixes). - media: v4l2-async: Fix trivial documentation typo (git-fixes). - media: v4l2-core: Avoid the dangling pointer in v4l2_fh_release (git-fixes). - media: zr364xx: fix memory leak in zr364xx_start_readpipe (git-fixes). - memory: atmel-ebi: add missing of_node_put for loop iteration (git-fixes). - memory: fsl_ifc: fix leak of IO mapping on probe failure (git-fixes). - memory: fsl_ifc: fix leak of IO mapping on probe failure (git-fixes). - memory: fsl_ifc: fix leak of private memory on probe failure (git-fixes). - memory: fsl_ifc: fix leak of private memory on probe failure (git-fixes). - memory: pl353: Fix error return code in pl353_smc_probe() (git-fixes). - memstick: rtsx_usb_ms: fix UAF (git-fixes). - mmc: block: Disable CMDQ on the ioctl path (git-fixes). - mmc: core: clear flags before allowing to retune (git-fixes). - mmc: sdhci-esdhc-imx: remove unused is_imx6q_usdhc (git-fixes). - mmc: sdhci-sprd: use sdhci_sprd_writew (git-fixes). - mmc: sdhci: Fix warning message when accessing RPMB in HS400 mode (git-fixes). - mmc: usdhi6rol0: fix error return code in usdhi6_probe() (git-fixes). - mmc: via-sdmmc: add a check against NULL pointer dereference (git-fixes). - mmc: vub3000: fix control-request direction (git-fixes). - mt76: fix possible NULL pointer dereference in mt76_tx (git-fixes). - mtd: partitions: redboot: seek fis-index-block in the right node (git-fixes). - mtd: rawnand: marvell: add missing clk_disable_unprepare() on error in marvell_nfc_resume() (git-fixes). - mwifiex: re-fix for unaligned accesses (git-fixes). - nvme: fix in-casule data send for chained sgls (git-fixes). - nvme: introduce nvme_rdma_sgl structure (git-fixes). - nvme: rerun io_work if req_list is not empty (git-fixes). - nvme: verify MNAN value if ANA is enabled (bsc#1185791). - PCI: Add AMD RS690 quirk to enable 64-bit DMA (git-fixes). - pinctrl: stm32: fix the reported number of GPIO lines per bank (git-fixes). - platform/x86: toshiba_acpi: Fix missing error code in toshiba_acpi_setup_keyboard() (git-fixes). - ptp_qoriq: fix overflow in ptp_qoriq_adjfine() u64 calcalation (git-fixes). - r8152: Avoid memcpy() over-reading of ETH_SS_STATS (git-fixes). - r8169: Avoid memcpy() over-reading of ETH_SS_STATS (git-fixes). - random32: Fix implicit truncation warning in prandom_seed_state() (git-fixes). - regulator: da9052: Ensure enough delay time for .set_voltage_time_sel (git-fixes). - regulator: hi655x: Fix pass wrong pointer to config.driver_data (git-fixes). - regulator: uniphier: Add missing MODULE_DEVICE_TABLE (git-fixes). - reset: a10sr: add missing of_match_table reference (git-fixes). - reset: bail if try_module_get() fails (git-fixes). - reset: brcmstb: Add missing MODULE_DEVICE_TABLE (git-fixes). - Revert 'ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro' (git-fixes). - Revert 'ibmvnic: remove duplicate napi_schedule call in open function' (bsc#1065729). - rpm/kernel-binary.spec.in: Do not install usrmerged kernel on Leap (boo#1184804). - rpm/kernel-binary.spec.in: Remove zdebug define used only once. - rsi: Assign beacon rate settings to the correct rate_info descriptor field (git-fixes). - rtc: fix snprintf() checking in is_rtc_hctosys() (git-fixes). - rtc: stm32: Fix unbalanced clk_disable_unprepare() on probe error path (git-fixes). - scsi: qedf: Do not put host in qedf_vport_create() unconditionally (bsc#1170511). - serial: 8250: Actually allow UPF_MAGIC_MULTIPLIER baud rates (git-fixes). - serial: Add Option International GSM-Ready 56K/ISDN modem (git-fixes). - serial: mvebu-uart: correctly calculate minimal possible baudrate (git-fixes). - serial: mvebu-uart: do not allow changing baudrate when uartclk is not available (git-fixes). - serial: mvebu-uart: fix calculation of clock divisor (git-fixes). - serial: remove wrong GLOBETROTTER.cis entry (git-fixes). - serial: tegra-tcu: Reorder channel initialization (git-fixes). - soc: fsl: qbman: Delete useless kfree code (bsc#1188176). - soc: fsl: qbman: Ensure device cleanup is run for kexec (bsc#1188176). - soundwire: stream: Fix test for DP prepare complete (git-fixes). - spi: fspi: dynamically alloc AHB memory (bsc#1188121). - spi: Make of_register_spi_device also set the fwnode (git-fixes). - spi: nxp-fspi: Use devm API to fix missed unregistration of controller (bsc#1188121). - spi: omap-100k: Fix the length judgment problem (git-fixes). - spi: spi-loopback-test: Fix 'tx_buf' might be 'rx_buf' (git-fixes). - spi: spi-nxp-fspi: Add ACPI support (bsc#1188121). - spi: spi-nxp-fspi: Add support for IP read only (bsc#1188121). - spi: spi-nxp-fspi: Enable the Octal Mode in MCR0 (bsc#1188121). - spi: spi-nxp-fspi: Fix a NULL vs IS_ERR() check in probe (bsc#1188121). - spi: spi-nxp-fspi: Implement errata workaround for LS1028A (bsc#1188121). - spi: spi-sun6i: Fix chipselect/clock bug (git-fixes). - spi: spi-topcliff-pch: Fix potential double free in pch_spi_process_messages() (git-fixes). - spi: stm32-qspi: Remove unused qspi field of struct stm32_qspi_flash (git-fixes). - spi: tegra114: Fix an error message (git-fixes). - ssb: Fix error return code in ssb_bus_scan() (git-fixes). - ssb: sdio: Do not overwrite const buffer if block_write fails (git-fixes). - staging: gdm724x: check for buffer overflow in gdm_lte_multi_sdu_pkt() (git-fixes). - staging: gdm724x: check for overflow in gdm_lte_netif_rx() (git-fixes). - staging: rtl8712: fix memory leak in rtl871x_load_fw_cb (git-fixes). - staging: rtl8712: remove redundant check in r871xu_drv_init (git-fixes). - tcp: Remove superfluous BH-disable around listening_hash (bsc#1188525). - thermal/drivers/rcar_gen3_thermal: Fix coefficient calculations (git-fixes). - tpm: Decorate tpm_get_timeouts() with request_locality() (bsc#1188036). - tpm: Decorate tpm_tis_gen_interrupt() with request_locality() (bsc#1188036). - tpm: Extend locality handling to TPM2 in tpm_tis_gen_interrupt() (bsc#1188036). - tpm: Reserve locality in tpm_tis_resume() (bsc#1188036). - tracepoint: Add tracepoint_probe_register_may_exist() for BPF tracing (git-fixes). - tracing: Fix parsing of 'sym-offset' modifier (git-fixes). - tracing: Resize tgid_map to pid_max, not PID_MAX_DEFAULT (git-fixes). - tracing: Simplify and fix saved_tgids logic (git-fixes). - tty: nozomi: Fix a resource leak in an error handling function (git-fixes). - tty: nozomi: Fix the error handling path of 'nozomi_card_init()' (git-fixes). - Update patches.suse/Revert-ibmvnic-remove-duplicate-napi_schedule-call-i.patch (bsc#1065729 bsc#1188405 ltc#193509). - Update patches.suse/Revert-ibmvnic-simplify-reset_long_term_buff-functio.patch (bsc#1186206 ltc#191041 bsc#1188405 ltc#193509). - usb: dwc2: Do not reset the core after setting turnaround time (git-fixes). - usb: dwc3: Fix debugfs creation flow (git-fixes). - usb: gadget: eem: fix echo command packet response issue (git-fixes). - usb: gadget: f_fs: Fix setting of device and driver data cross-references (git-fixes). - usb: typec: Add the missed altmode_id_remove() in typec_register_altmode() (git-fixes). - usb: typec: fusb302: Always provide fwnode for the port (git-fixes). - usb: typec: fusb302: fix 'op-sink-microwatt' default that was in mW (git-fixes). - usb: typec: tcpm: Error handling for tcpm_register_partner_altmodes (git-fixes). - usb: typec: tcpm: Move mod_delayed_work(port->vdm_state_machine) call into tcpm_queue_vdm() (git-fixes). - usb: typec: tcpm: move to SNK_UNATTACHED if sink removed for DRP (git-fixes). - usb: typec: tcpm: Refactor tcpm_handle_vdm_request (git-fixes). - usb: typec: tcpm: Refactor tcpm_handle_vdm_request payload handling (git-fixes). - usb: typec: tcpm: Remove tcpc_config configuration mechanism (git-fixes). - usb: typec: tcpm: set correct data role for non-DRD (git-fixes). - usb: typec: tcpm: Switch to use fwnode_property_count_uXX() (git-fixes). - usb: typec: ucsi: Hold con->lock for the entire duration of ucsi_register_port() (git-fixes). - usb: typec: ucsi: Put fwnode in any case during ->probe() (git-fixes). - usb: typec: wcove: Fx wrong kernel doc format (git-fixes). - UsrMerge the kernel (boo#1184804) - vfio: Handle concurrent vma faults (git-fixes). - vfs: Convert functionfs to use the new mount API (git -fixes). - video: fbdev: imxfb: Fix an error message (git-fixes). - visorbus: fix error return code in visorchipset_init() (git-fixes). - vmxnet3: fix cksum offload issues for tunnels with non-default udp ports (git-fixes). - watchdog: aspeed: fix hardware timeout calculation (git-fixes). - watchdog: sp805: Fix kernel doc description (git-fixes). - wcn36xx: Move hal_buf allocation to devm_kmalloc in probe (git-fixes). - wireless: carl9170: fix LEDS build errors and warnings (git-fixes). - x86/kvm: Disable all PV features on crash (bsc#1185308). - x86/kvm: Disable kvmclock on all CPUs on shutdown (bsc#1185308). - x86/kvm: Fix pr_info() for async PF setup/teardown (bsc#1185308). - x86/kvm: Teardown PV features on boot CPU as well (bsc#1185308). - x86/kvm: Unify kvm_pv_guest_cpu_reboot() with kvm_guest_cpu_offline() (bsc#1185308). - xhci: solve a double free problem while doing s4 (git-fixes). Important SUSE bug 1065729 SUSE bug 1085224 SUSE bug 1094840 SUSE bug 1152472 SUSE bug 1152489 SUSE bug 1155518 SUSE bug 1170511 SUSE bug 1179243 SUSE bug 1180092 SUSE bug 1183871 SUSE bug 1184114 SUSE bug 1184804 SUSE bug 1185308 SUSE bug 1185791 SUSE bug 1186206 SUSE bug 1187215 SUSE bug 1187585 SUSE bug 1188036 SUSE bug 1188080 SUSE bug 1188116 SUSE bug 1188121 SUSE bug 1188176 SUSE bug 1188267 SUSE bug 1188268 SUSE bug 1188269 SUSE bug 1188405 SUSE bug 1188525 CVE-2021-22555 at SUSE CVE-2021-22555 at NVD CVE-2021-35039 at SUSE CVE-2021-35039 at NVD CVE-2021-3609 at SUSE CVE-2021-3609 at NVD CVE-2021-3612 at SUSE CVE-2021-3612 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3659: Fixed a NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (bsc#1188876). - CVE-2021-21781: Fixed a information disclosure vulnerability in the ARM SIGPAGE (bsc#1188445). - CVE-2021-22543: Fixed improper handling of VM_IO|VM_PFNMAP vmas in KVM, which could bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allowed users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation (bsc#1186482). - CVE-2021-37576: Fixed an issue on the powerpc platform, where a KVM guest OS user could cause host OS memory corruption via rtas_args.nargs (bsc#1188838). - CVE-2021-33909: Fixed an out-of-bounds write in the filesystem layer that allows to obtain full root privileges. (bsc#1188062) The following non-security bugs were fixed: - ACPI: AMBA: Fix resource name in /proc/iomem (git-fixes). - ACPI: video: Add quirk for the Dell Vostro 3350 (git-fixes). - ALSA: ac97: fix PM reference leak in ac97_bus_remove() (git-fixes). - ALSA: bebob: add support for ToneWeal FW66 (git-fixes). - ALSA: hda: Add IRQ check for platform_get_irq() (git-fixes). - ALSA: hdmi: Expose all pins on MSI MS-7C94 board (git-fixes). - ALSA: ppc: fix error return code in snd_pmac_probe() (git-fixes). - ALSA: sb: Fix potential ABBA deadlock in CSP driver (git-fixes). - ALSA: sb: Fix potential double-free of CSP mixer elements (git-fixes). - ALSA: usb-audio: Add registration quirk for JBL Quantum headsets (git-fixes). - ALSA: usb-audio: scarlett2: Fix 18i8 Gen 2 PCM Input count (git-fixes). - ALSA: usb-audio: scarlett2: Fix 6i6 Gen 2 line out descriptions (git-fixes). - ALSA: usb-audio: scarlett2: Fix data_mutex lock (git-fixes). - ALSA: usb-audio: scarlett2: Fix scarlett2_*_ctl_put() return values (git-fixes). - ALSA: usx2y: Do not call free_pages_exact() with NULL address (git-fixes). - ARM: ensure the signal page contains defined contents (bsc#1188445). - ASoC: Intel: kbl_da7219_max98357a: shrink platform_id below 20 characters (git-fixes). - ASoC: img: Fix PM reference leak in img_i2s_in_probe() (git-fixes). - ASoC: rt5631: Fix regcache sync errors on resume (git-fixes). - ASoC: soc-core: Fix the error return code in snd_soc_of_parse_audio_routing() (git-fixes). - ASoC: tegra: Set driver_name=tegra for all machine drivers (git-fixes). - Bluetooth: Fix the HCI to MGMT status conversion table (git-fixes). - Bluetooth: Shutdown controller after workqueues are flushed or cancelled (git-fixes). - Bluetooth: btusb: Fixed too many in-token issue for Mediatek Chip (git-fixes). - Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc (git-fixes). - Input: hideep - fix the uninitialized use in hideep_nvm_unlock() (git-fixes). - Input: ili210x - add missing negation for touch indication on ili210x (git-fixes). - KVM: LAPIC: Prevent setting the tscdeadline timer if the lapic is hw disabled (bsc#1188771). - KVM: nVMX: Consult only the 'basic' exit reason when routing nested exit (bsc#1188773). - KVM: nVMX: Ensure 64-bit shift when checking VMFUNC bitmap (bsc#1188774). - KVM: nVMX: Preserve exception priority irrespective of exiting behavior (bsc#1188777). - PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun (git-fixes). - PCI: Leave Apple Thunderbolt controllers on for s2idle or standby (git-fixes). - PCI: Leave Apple Thunderbolt controllers on for s2idle or standby (git-fixes). - PCI: aardvark: Fix checking for PIO Non-posted Request (git-fixes). - PCI: aardvark: Implement workaround for the readback value of VEND_ID (git-fixes). - PCI: aardvark: Implement workaround for the readback value of VEND_ID (git-fixes). - PCI: iproc: Fix multi-MSI base vector number allocation (git-fixes). - PCI: iproc: Fix multi-MSI base vector number allocation (git-fixes). - PCI: iproc: Support multi-MSI only on uniprocessor kernel (git-fixes). - PCI: quirks: fix false kABI positive (git-fixes). - PCI: tegra: Add missing MODULE_DEVICE_TABLE (git-fixes). - RDMA/cma: Fix incorrect Packet Lifetime calculation (jsc#SLE-8449). - RDMA/cma: Protect RMW with qp_mutex (git-fixes). - Revert 'ACPI: resources: Add checks for ACPI IRQ override' (git-fixes). - Revert 'USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem' (git-fixes). - Revert 'be2net: disable bh with spin_lock in be_process_mcc' (git-fixes). - USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick (git-fixes). - USB: serial: cp210x: fix comments for GE CS1000 (git-fixes). - USB: serial: option: add support for u-blox LARA-R6 family (git-fixes). - USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS (git-fixes). - backlight: lm3630a: Fix return code of .update_status() callback (git-fixes). - bcache: avoid oversized read request in cache missing code path (bsc#1184631). - bcache: remove bcache device self-defined readahead (bsc#1184631). - bnxt_en: Add missing check for BNXT_STATE_ABORT_ERR in bnxt_fw_rset_task() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Check abort error state in bnxt_half_open_nic() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Refresh RoCE capabilities in bnxt_ulp_probe() (jsc#SLE-8371 bsc#1153274). - bnxt_en: do not disable an already disabled PCI device (git-fixes). - bpf: Fix integer overflow in argument calculation for bpf_map_area_alloc (bsc#1154353). - cadence: force nonlinear buffers to be cloned (git-fixes). - can: ems_usb: fix memory leak (git-fixes). - can: esd_usb2: fix memory leak (git-fixes). - can: hi311x: fix a signedness bug in hi3110_cmd() (git-fixes). - can: mcba_usb_start(): add missing urb->transfer_dma initialization (git-fixes). - can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF (git-fixes). - can: usb_8dev: fix memory leak (git-fixes). - ceph: do not WARN if we're still opening a session to an MDS (bsc#1188748). - cifs: Fix preauth hash corruption (git-fixes). - cifs: Return correct error code from smb2_get_enc_key (git-fixes). - cifs: do not fail __smb_send_rqst if non-fatal signals are pending (git-fixes). - cifs: fix interrupted close commands (git-fixes). - cifs: fix memory leak in smb2_copychunk_range (git-fixes). - clk: renesas: r8a77995: Add ZA2 clock (git-fixes). - clk: tegra: Ensure that PLLU configuration is applied properly (git-fixes). - clocksource/arm_arch_timer: Improve Allwinner A64 timer workaround (git-fixes). - cpu/hotplug: Cure the cpusets trainwreck (git fixes (sched/hotplug)). - crypto: sun4i-ss - IV register does not work on A10 and A13 (git-fixes). - crypto: sun4i-ss - checking sg length is not sufficient (git-fixes). - crypto: sun4i-ss - initialize need_fallback (git-fixes). - crypto: virtio: Fix dest length calculation in __virtio_crypto_skcipher_do_req() (git-fixes). - crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req() (git-fixes). - cw1200: add missing MODULE_DEVICE_TABLE (git-fixes). - cxgb4: fix IRQ free race during driver unload (git-fixes). - dmaengine: fsl-qdma: check dma_set_mask return value (git-fixes). - drm/amd/amdgpu/sriov disable all ip hw status by default (git-fixes). - drm/amd/display: Set DISPCLK_MAX_ERRDET_CYCLES to 7 (git-fixes). - drm/amd/display: Update scaling settings on modeset (git-fixes). - drm/amd/display: Verify Gamma & Degamma LUT sizes in amdgpu_dm_atomic_check (git-fixes). - drm/amd/display: fix incorrrect valid irq check (git-fixes). - drm/amd/display: fix use_max_lb flag for 420 pixel formats (git-fixes). - drm/amdgpu: Update NV SIMD-per-CU to 2 (git-fixes). - drm/amdkfd: Walk through list with dqm lock hold (git-fixes). - drm/arm/malidp: Always list modifiers (git-fixes). - drm/bridge: cdns: Fix PM reference leak in cdns_dsi_transfer() (git-fixes). - drm/mediatek: Fix PM reference leak in mtk_crtc_ddp_hw_init() (git-fixes). - drm/msm/mdp4: Fix modifier support enabling (git-fixes). - drm/mxsfb: Do not select DRM_KMS_FB_HELPER (git-fixes). - drm/panel: raspberrypi-touchscreen: Prevent double-free (git-fixes). - drm/radeon: Add the missed drm_gem_object_put() in radeon_user_framebuffer_create() (git-fixes). - drm/sched: Avoid data corruptions (git-fixes). - drm/tegra: Do not set allow_fb_modifiers explicitly (git-fixes). - drm/vc4: fix argument ordering in vc4_crtc_get_margins() (git-fixes). - drm/virtio: Fix double free on probe failure (git-fixes). - drm/zte: Do not select DRM_KMS_FB_HELPER (git-fixes). - drm: Return -ENOTTY for non-drm ioctls (git-fixes). - e1000e: Check the PCIm state (git-fixes). - e1000e: Fix an error handling path in 'e1000_probe()' (git-fixes). - firmware/efi: Tell memblock about EFI iomem reservations (git-fixes). - firmware: arm_scmi: Fix possible scmi_linux_errmap buffer overflow (git-fixes). - firmware: arm_scmi: Fix range check for the maximum number of pending messages (git-fixes). - gpio: pca953x: Add support for the On Semi pca9655 (git-fixes). - gpio: zynq: Check return value of pm_runtime_get_sync (git-fixes). - gtp: fix an use-before-init in gtp_newlink() (git-fixes). - gve: Add DQO fields for core data structures (bsc#1176940). - gve: Add Gvnic stats AQ command and ethtool show/set-priv-flags (bsc#1176940). - gve: Add dqo descriptors (bsc#1176940). - gve: Add stats for gve (bsc#1176940). - gve: Add support for DQO RX PTYPE map (bsc#1176940). - gve: Add support for raw addressing device option (bsc#1176940). - gve: Add support for raw addressing in the tx path (bsc#1176940). - gve: Add support for raw addressing to the rx path (bsc#1176940). - gve: Batch AQ commands for creating and destroying queues (bsc#1176940). - gve: Check TX QPL was actually assigned (bsc#1176940). - gve: DQO: Add RX path (bsc#1176940). - gve: DQO: Add TX path (bsc#1176940). - gve: DQO: Add core netdev features (bsc#1176940). - gve: DQO: Add ring allocation and initialization (bsc#1176940). - gve: DQO: Configure interrupts on device up (bsc#1176940). - gve: DQO: Fix off by one in gve_rx_dqo() (bsc#1176940). - gve: DQO: Remove incorrect prefetch (bsc#1176940). - gve: Enable Link Speed Reporting in the driver (bsc#1176940). - gve: Fix warnings reported for DQO patchset (bsc#1176940). - gve: Get and set Rx copybreak via ethtool (bsc#1176940). - gve: Introduce a new model for device options (bsc#1176940). - gve: Introduce per netdev `enum gve_queue_format` (bsc#1176940). - gve: Make gve_rx_slot_page_info.page_offset an absolute offset (bsc#1176940). - gve: Move some static functions to a common file (bsc#1176940). - gve: NIC stats for report-stats and for ethtool (bsc#1176940). - gve: Propagate error codes to caller (bsc#1176940). - gve: Replace zero-length array with flexible-array member (bsc#1176940). - gve: Rx Buffer Recycling (bsc#1176940). - gve: Simplify code and axe the use of a deprecated API (bsc#1176940). - gve: Update adminq commands to support DQO queues (bsc#1176940). - gve: Use dev_info/err instead of netif_info/err (bsc#1176940). - gve: Use link status register to report link status (bsc#1176940). - gve: adminq: DQO specific device descriptor logic (bsc#1176940). - gve: gve_rx_copy: Move padding to an argument (bsc#1176940). - i2c: core: Disable client irq on reboot/shutdown (git-fixes). - i40e: Fix autoneg disabling for non-10GBaseT links (git-fixes). - i40e: Fix error handling in i40e_vsi_open (git-fixes). - iavf: Fix an error handling path in 'iavf_probe()' (git-fixes). - ibmvnic: Remove the proper scrq flush (bsc#1188504 ltc#192075). - ibmvnic: retry reset if there are no other resets (bsc#1184350 ltc#191533). - ice: Re-organizes reqstd/avail {R, T}XQ check/code for efficiency (jsc#SLE-7926). - igb: Check if num of q_vectors is smaller than max before array access (git-fixes). - igb: Fix an error handling path in 'igb_probe()' (git-fixes). - igb: Fix position of assignment to *ring (git-fixes). - igb: Fix use-after-free error during reset (git-fixes). - igc: Fix an error handling path in 'igc_probe()' (git-fixes). - igc: Fix use-after-free error during reset (git-fixes). - igc: change default return of igc_read_phy_reg() (git-fixes). - iio: accel: bma180: Use explicit member assignment (git-fixes). - iio: gyro: fxa21002c: Balance runtime pm + use pm_runtime_resume_and_get() (git-fixes). - iio: magn: bmc150: Balance runtime pm + use pm_runtime_resume_and_get() (git-fixes). - iwlwifi: mvm: do not change band on bound PHY contexts (git-fixes). - iwlwifi: pcie: free IML DMA memory allocation (git-fixes). - ixgbe: Fix an error handling path in 'ixgbe_probe()' (git-fixes). - ixgbe: Fix packet corruption due to missing DMA sync (git-fixes). - kABI workaround for pci/quirks.c (git-fixes). - kprobes: Do not expose probe addresses to non-CAP_SYSLOG (git-fixes). - kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler (git-fixes). - kprobes: Fix compiler warning for !CONFIG_KPROBES_ON_FTRACE (git-fixes). - kprobes: Fix to check probe enabled before disarm_kprobe_ftrace() (git-fixes). - kprobes: fix kill kprobe which has been marked as gone (git-fixes). - kvm: LAPIC: Restore guard to prevent illegal APIC register access (bsc#1188772). - kvm: i8254: remove redundant assignment to pointer s (bsc#1188770). - lib/decompress_unlz4.c: correctly handle zero-padding around initrds (git-fixes). - liquidio: Fix unintentional sign extension issue on left shift of u16 (git-fixes). - mISDN: fix possible use-after-free in HFC_cleanup() (git-fixes). - media, bpf: Do not copy more entries than user space requested (git-fixes). - media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf() (git-fixes). - media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K (git-fixes). - mfd: cpcap: Fix cpcap dmamask not set warnings (git-fixes). - mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE (git-fixes). - misc/libmasm/module: Fix two use after free in ibmasm_init_one (git-fixes). - misc: alcor_pci: fix inverted branch condition (git-fixes). - misc: alcor_pci: fix null-ptr-deref when there is no PCI bridge (git-fixes). - mmc: core: Allow UHS-I voltage switch for SDSC cards if supported (git-fixes). - mt76: mt7603: set 0 as min coverage_class value (git-fixes). - mt76: mt7615: fix endianness in mt7615_mcu_set_eeprom (git-fixes). - mt76: mt7615: increase MCU command timeout (git-fixes). - mt76: set dma-done flag for flushed descriptors (git-fixes). - mvpp2: suppress warning (git-fixes). - net/mlx5: Do not fail driver on failure to create debugfs (git-fixes). - net/mlx5e: Block offload of outer header csum for GRE tunnel (git-fixes). - net: Make PTP-specific drivers depend on PTP_1588_CLOCK (git-fixes). - net: atlantic: fix ip dst and ipv6 address filters (git-fixes). - net: dp83867: Fix OF_MDIO config check (git-fixes). - net: ethernet: ti: Remove TI_CPTS_MOD workaround (git-fixes). - net: gve: convert strlcpy to strscpy (bsc#1176940). - net: gve: remove duplicated allowed (bsc#1176940). - net: hns3: Clear the CMDQ registers before unmapping BAR region (git-fixes). - net: marvell: Fix OF_MDIO config check (git-fixes). - net: mvpp2: Put fwnode in error case during ->probe() (git-fixes). - net: phy: microchip_t1: add lan87xx_phy_init to initialize the lan87xx phy (git-fixes). - net: usb: fix possible use-after-free in smsc75xx_bind (git-fixes). - net: wilc1000: clean up resource in error path of init mon interface (git-fixes). - nfc: nfcsim: fix use after free during module unload (git-fixes). - pinctrl/amd: Add device HID for new AMD GPIO controller (git-fixes). - pinctrl: mcp23s08: Fix missing unlock on error in mcp23s08_irq() (git-fixes). - pinctrl: mcp23s08: fix race condition in irq handler (git-fixes). - platform/chrome: cros_ec_lightbar: Reduce ligthbar get version command (git-fixes). - platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios (git-fixes). - platform/x86: intel_int0002_vgpio: Only call enable_irq_wake() when using s2idle (git-fixes). - platform/x86: intel_int0002_vgpio: Pass irqchip when adding gpiochip (git-fixes). - platform/x86: intel_int0002_vgpio: Remove dev_err() usage after platform_get_irq() (git-fixes). - platform/x86: intel_int0002_vgpio: Use device_init_wakeup (git-fixes). - power: reset: gpio-poweroff: add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: ab8500: Avoid NULL pointers (git-fixes). - power: supply: ab8500: add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: charger-manager: add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: max17042: Do not enforce (incorrect) interrupt trigger type (git-fixes). - power: supply: sc2731_charger: Add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: sc27xx: Add missing MODULE_DEVICE_TABLE (git-fixes). - powerpc/64s: Move branch cache flushing bcctr variant to ppc-ops.h (bsc#1188885 ltc#193722). - powerpc/64s: rename pnv|pseries_setup_rfi_flush to _setup_security_mitigations (bsc#1188885 ltc#193722). - powerpc/mm: Fix lockup on kernel exec fault (bsc#1156395). - powerpc/papr_scm: Properly handle UUID types and API (bsc#1113295, git-fixes). - powerpc/pesries: Get STF barrier requirement from H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722). - powerpc/pseries: Get entry and uaccess flush required bits from H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722). - powerpc/pseries: add new branch prediction security bits for link stack (bsc#1188885 ltc#193722). - powerpc/pseries: export LPAR security flavor in lparcfg (bsc#1188885 ltc#193722). - powerpc/security: Add a security feature for STF barrier (bsc#1188885 ltc#193722). - powerpc/security: Allow for processors that flush the link stack using the special bcctr (bsc#1188885 ltc#193722). - powerpc/security: Fix link stack flush instruction (bsc#1188885 ltc#193722). - powerpc/security: change link stack flush state to the flush type enum (bsc#1188885 ltc#193722). - powerpc/security: make display of branch cache flush more consistent (bsc#1188885 ltc#193722). - powerpc/security: re-name count cache flush to branch cache flush (bsc#1188885 ltc#193722). - powerpc/security: split branch cache flush toggle from code patching (bsc#1188885 ltc#193722). - powerpc/stacktrace: Fix spurious 'stale' traces in raise_backtrace_ipi() (bsc#1156395). - powerpc/stacktrace: Include linux/delay.h (bsc#1156395). - powerpc: Offline CPU in stop_this_cpu() (bsc#1156395). - pwm: img: Fix PM reference leak in img_pwm_enable() (git-fixes). - pwm: imx1: Do not disable clocks at device remove time (git-fixes). - pwm: spear: Do not modify HW state in .remove callback (git-fixes). - qemu_fw_cfg: Make fw_cfg_rev_attr a proper kobj_attribute (git-fixes). - r8152: Fix a deadlock by doubly PM resume (bsc#1186194). - r8152: Fix potential PM refcount imbalance (bsc#1186194). - r8169: avoid link-up interrupt issue on RTL8106e if user enables ASPM (git-fixes). - ravb: Fix bit fields checking in ravb_hwtstamp_get() (git-fixes). - rbd: always kick acquire on 'acquired' and 'released' notifications (bsc#1188746). - rbd: do not hold lock_rwsem while running_list is being drained (bsc#1188747). - regulator: hi6421: Fix getting wrong drvdata (git-fixes). - regulator: hi6421: Use correct variable type for regmap api val argument (git-fixes). - replaced with upstream security mitigation cleanup - reset: ti-syscon: fix to_ti_syscon_reset_data macro (git-fixes). - rtc: max77686: Do not enforce (incorrect) interrupt trigger type (git-fixes). - rtc: mxc_v2: add missing MODULE_DEVICE_TABLE (git-fixes). - rtl8xxxu: Fix device info for RTL8192EU devices (git-fixes). - scsi: fc: Add 256GBit speed setting to SCSI FC transport (bsc#1188101). - sfp: Fix error handing in sfp_probe() (git-fixes). - soc/tegra: fuse: Fix Tegra234-only builds (git-fixes). - spi: cadence: Correct initialisation of runtime PM again (git-fixes). - spi: imx: add a check for speed_hz before calculating the clock (git-fixes). - spi: mediatek: fix fifo rx mode (git-fixes). - staging: rtl8723bs: fix macro value for 2.4Ghz only device (git-fixes). - thermal/core: Correct function name thermal_zone_device_unregister() (git-fixes). - tpm: efi: Use local variable for calculating final log size (git-fixes). - tracing: Do not reference char * as a string in histograms (git-fixes). - tty: serial: 8250: serial_cs: Fix a memory leak in error handling path (git-fixes). - tty: serial: fsl_lpuart: fix the potential risk of division or modulo by zero (git-fixes). - usb: dwc2: gadget: Fix sending zero length packet in DDMA mode (git-fixes). - usb: gadget: f_hid: fix endianness issue with descriptors (git-fixes). - usb: gadget: hid: fix error return code in hid_bind() (git-fixes). - usb: hub: Disable USB 3 device initiated lpm if exit latency is too high (git-fixes). - usb: hub: Fix link power management max exit latency (MEL) calculations (git-fixes). - usb: max-3421: Prevent corruption of freed memory (git-fixes). - usb: renesas_usbhs: Fix superfluous irqs happen after usb_pkt_pop() (git-fixes). - uuid: Add inline helpers to import / export UUIDs (bsc#1113295, git-fixes). - virtio_console: Assure used length from device is limited (git-fixes). - virtio_net: move tx vq operation under tx queue lock (git-fixes). - vxlan: add missing rcu_read_lock() in neigh_reduce() (git-fixes). - w1: ds2438: fixing bug that would always get page0 (git-fixes). - watchdog: Fix possible use-after-free by calling del_timer_sync() (git-fixes). - watchdog: Fix possible use-after-free in wdt_startup() (git-fixes). - watchdog: iTCO_wdt: Account for rebooting on second timeout (git-fixes). - watchdog: sc520_wdt: Fix possible use-after-free in wdt_turnoff() (git-fixes). - wilc1000: write value to WILC_INTR2_ENABLE register (git-fixes). - wireless: wext-spy: Fix out-of-bounds warning (git-fixes). - wl1251: Fix possible buffer overflow in wl1251_cmd_scan (git-fixes). - wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP (git-fixes). - workqueue: fix UAF in pwq_unbound_release_workfn() (bsc#1188973). - xen/events: reset active flag for lateeoi events later (git-fixes). - xfrm: xfrm_state_mtu should return at least 1280 for ipv6 (bsc#1185377). - xhci: Fix lost USB 2 remote wake (git-fixes). Important SUSE bug 1065729 SUSE bug 1085224 SUSE bug 1094840 SUSE bug 1113295 SUSE bug 1153274 SUSE bug 1154353 SUSE bug 1156395 SUSE bug 1176940 SUSE bug 1179243 SUSE bug 1183871 SUSE bug 1184114 SUSE bug 1184350 SUSE bug 1184631 SUSE bug 1185377 SUSE bug 1186194 SUSE bug 1186482 SUSE bug 1186483 SUSE bug 1187476 SUSE bug 1188062 SUSE bug 1188063 SUSE bug 1188101 SUSE bug 1188257 SUSE bug 1188405 SUSE bug 1188445 SUSE bug 1188504 SUSE bug 1188620 SUSE bug 1188683 SUSE bug 1188746 SUSE bug 1188747 SUSE bug 1188748 SUSE bug 1188770 SUSE bug 1188771 SUSE bug 1188772 SUSE bug 1188773 SUSE bug 1188774 SUSE bug 1188777 SUSE bug 1188838 SUSE bug 1188842 SUSE bug 1188876 SUSE bug 1188885 SUSE bug 1188973 CVE-2021-21781 at SUSE CVE-2021-21781 at NVD CVE-2021-22543 at SUSE CVE-2021-22543 at NVD CVE-2021-33909 at SUSE CVE-2021-33909 at NVD CVE-2021-3659 at SUSE CVE-2021-3659 at NVD CVE-2021-37576 at SUSE CVE-2021-37576 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3659: Fixed a NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (bsc#1188876). - CVE-2021-21781: Fixed a information disclosure vulnerability in the ARM SIGPAGE (bsc#1188445). - CVE-2021-22543: Fixed improper handling of VM_IO|VM_PFNMAP vmas in KVM, which could bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allowed users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation (bsc#1186482). - CVE-2021-37576: Fixed an issue on the powerpc platform, where a KVM guest OS user could cause host OS memory corruption via rtas_args.nargs (bsc#1188838). The following non-security bugs were fixed: - ACPI: AMBA: Fix resource name in /proc/iomem (git-fixes). - ACPI: video: Add quirk for the Dell Vostro 3350 (git-fixes). - ALSA: ac97: fix PM reference leak in ac97_bus_remove() (git-fixes). - ALSA: bebob: add support for ToneWeal FW66 (git-fixes). - ALSA: hda: Add IRQ check for platform_get_irq() (git-fixes). - ALSA: hdmi: Expose all pins on MSI MS-7C94 board (git-fixes). - ALSA: ppc: fix error return code in snd_pmac_probe() (git-fixes). - ALSA: sb: Fix potential ABBA deadlock in CSP driver (git-fixes). - ALSA: sb: Fix potential double-free of CSP mixer elements (git-fixes). - ALSA: usb-audio: Add registration quirk for JBL Quantum headsets (git-fixes). - ALSA: usb-audio: scarlett2: Fix 18i8 Gen 2 PCM Input count (git-fixes). - ALSA: usb-audio: scarlett2: Fix 6i6 Gen 2 line out descriptions (git-fixes). - ALSA: usb-audio: scarlett2: Fix data_mutex lock (git-fixes). - ALSA: usb-audio: scarlett2: Fix scarlett2_*_ctl_put() return values (git-fixes). - ALSA: usx2y: Do not call free_pages_exact() with NULL address (git-fixes). - ARM: ensure the signal page contains defined contents (bsc#1188445). - ASoC: Intel: kbl_da7219_max98357a: shrink platform_id below 20 characters (git-fixes). - ASoC: img: Fix PM reference leak in img_i2s_in_probe() (git-fixes). - ASoC: rt5631: Fix regcache sync errors on resume (git-fixes). - ASoC: soc-core: Fix the error return code in snd_soc_of_parse_audio_routing() (git-fixes). - ASoC: tegra: Set driver_name=tegra for all machine drivers (git-fixes). - Bluetooth: Fix the HCI to MGMT status conversion table (git-fixes). - Bluetooth: Shutdown controller after workqueues are flushed or cancelled (git-fixes). - Bluetooth: btusb: Fixed too many in-token issue for Mediatek Chip (git-fixes). - Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc (git-fixes). - Input: hideep - fix the uninitialized use in hideep_nvm_unlock() (git-fixes). - Input: ili210x - add missing negation for touch indication on ili210x (git-fixes). - KVM: LAPIC: Prevent setting the tscdeadline timer if the lapic is hw disabled (bsc#1188771). - KVM: nVMX: Consult only the 'basic' exit reason when routing nested exit (bsc#1188773). - KVM: nVMX: Ensure 64-bit shift when checking VMFUNC bitmap (bsc#1188774). - KVM: nVMX: Preserve exception priority irrespective of exiting behavior (bsc#1188777). - PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun (git-fixes). - PCI: Leave Apple Thunderbolt controllers on for s2idle or standby (git-fixes). - PCI: Leave Apple Thunderbolt controllers on for s2idle or standby (git-fixes). - PCI: aardvark: Fix checking for PIO Non-posted Request (git-fixes). - PCI: aardvark: Implement workaround for the readback value of VEND_ID (git-fixes). - PCI: aardvark: Implement workaround for the readback value of VEND_ID (git-fixes). - PCI: iproc: Fix multi-MSI base vector number allocation (git-fixes). - PCI: iproc: Fix multi-MSI base vector number allocation (git-fixes). - PCI: iproc: Support multi-MSI only on uniprocessor kernel (git-fixes). - PCI: quirks: fix false kABI positive (git-fixes). - PCI: tegra: Add missing MODULE_DEVICE_TABLE (git-fixes). - RDMA/cma: Fix incorrect Packet Lifetime calculation (jsc#SLE-8449). - RDMA/cma: Protect RMW with qp_mutex (git-fixes). - Revert 'ACPI: resources: Add checks for ACPI IRQ override' (git-fixes). - Revert 'USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem' (git-fixes). - Revert 'be2net: disable bh with spin_lock in be_process_mcc' (git-fixes). - USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick (git-fixes). - USB: serial: cp210x: fix comments for GE CS1000 (git-fixes). - USB: serial: option: add support for u-blox LARA-R6 family (git-fixes). - USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS (git-fixes). - backlight: lm3630a: Fix return code of .update_status() callback (git-fixes). - bcache: avoid oversized read request in cache missing code path (bsc#1184631). - bcache: remove bcache device self-defined readahead (bsc#1184631). - blk-mq: Add blk_mq_delay_run_hw_queues() API call (bsc#1180092). - blk-mq: In blk_mq_dispatch_rq_list() 'no budget' is a reason to kick (bsc#1180092). - blk-mq: Put driver tag in blk_mq_dispatch_rq_list() when no budget (bsc#1180092). - blk-mq: Rerun dispatching in the case of budget contention (bsc#1180092). - blk-mq: insert flush request to the front of dispatch queue (bsc#1180092). - blk-mq: insert passthrough request into hctx->dispatch directly (bsc#1180092). - bnxt_en: Add missing check for BNXT_STATE_ABORT_ERR in bnxt_fw_rset_task() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Check abort error state in bnxt_half_open_nic() (jsc#SLE-8371 bsc#1153274). - bnxt_en: Refresh RoCE capabilities in bnxt_ulp_probe() (jsc#SLE-8371 bsc#1153274). - bnxt_en: do not disable an already disabled PCI device (git-fixes). - bpf: Fix integer overflow in argument calculation for bpf_map_area_alloc (bsc#1154353). - bpftool: Properly close va_list 'ap' by va_end() on error (bsc#1155518). - cadence: force nonlinear buffers to be cloned (git-fixes). - can: ems_usb: fix memory leak (git-fixes). - can: esd_usb2: fix memory leak (git-fixes). - can: hi311x: fix a signedness bug in hi3110_cmd() (git-fixes). - can: mcba_usb_start(): add missing urb->transfer_dma initialization (git-fixes). - can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF (git-fixes). - can: usb_8dev: fix memory leak (git-fixes). - ceph: do not WARN if we're still opening a session to an MDS (bsc#1188748). - cifs: Fix preauth hash corruption (git-fixes). - cifs: Return correct error code from smb2_get_enc_key (git-fixes). - cifs: do not fail __smb_send_rqst if non-fatal signals are pending (git-fixes). - cifs: fix interrupted close commands (git-fixes). - cifs: fix memory leak in smb2_copychunk_range (git-fixes). - clk: renesas: r8a77995: Add ZA2 clock (git-fixes). - clk: tegra: Ensure that PLLU configuration is applied properly (git-fixes). - clocksource/arm_arch_timer: Improve Allwinner A64 timer workaround (git-fixes). - cpu/hotplug: Cure the cpusets trainwreck (git fixes (sched/hotplug)). - crypto: sun4i-ss - IV register does not work on A10 and A13 (git-fixes). - crypto: sun4i-ss - checking sg length is not sufficient (git-fixes). - crypto: sun4i-ss - initialize need_fallback (git-fixes). - crypto: virtio: Fix dest length calculation in __virtio_crypto_skcipher_do_req() (git-fixes). - crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req() (git-fixes). - cw1200: add missing MODULE_DEVICE_TABLE (git-fixes). - cxgb4: fix IRQ free race during driver unload (git-fixes). - dma-buf/sync_file: Do not leak fences on merge failure (git-fixes). - dmaengine: fsl-qdma: check dma_set_mask return value (git-fixes). - drm/amd/amdgpu/sriov disable all ip hw status by default (git-fixes). - drm/amd/display: Set DISPCLK_MAX_ERRDET_CYCLES to 7 (git-fixes). - drm/amd/display: Update scaling settings on modeset (git-fixes). - drm/amd/display: Verify Gamma & Degamma LUT sizes in amdgpu_dm_atomic_check (git-fixes). - drm/amd/display: fix incorrrect valid irq check (git-fixes). - drm/amd/display: fix use_max_lb flag for 420 pixel formats (git-fixes). - drm/amdgpu: Update NV SIMD-per-CU to 2 (git-fixes). - drm/amdkfd: Walk through list with dqm lock hold (git-fixes). - drm/arm/malidp: Always list modifiers (git-fixes). - drm/bridge: cdns: Fix PM reference leak in cdns_dsi_transfer() (git-fixes). - drm/mediatek: Fix PM reference leak in mtk_crtc_ddp_hw_init() (git-fixes). - drm/msm/mdp4: Fix modifier support enabling (git-fixes). - drm/mxsfb: Do not select DRM_KMS_FB_HELPER (git-fixes). - drm/panel: raspberrypi-touchscreen: Prevent double-free (git-fixes). - drm/radeon: Add the missed drm_gem_object_put() in radeon_user_framebuffer_create() (git-fixes). - drm/sched: Avoid data corruptions (git-fixes). - drm/tegra: Do not set allow_fb_modifiers explicitly (git-fixes). - drm/vc4: fix argument ordering in vc4_crtc_get_margins() (git-fixes). - drm/virtio: Fix double free on probe failure (git-fixes). - drm/zte: Do not select DRM_KMS_FB_HELPER (git-fixes). - drm: Return -ENOTTY for non-drm ioctls (git-fixes). - e1000e: Check the PCIm state (git-fixes). - e1000e: Fix an error handling path in 'e1000_probe()' (git-fixes). - fbmem: Do not delete the mode that is still in use (git-fixes). - fbmem: add margin check to fb_check_caps() (git-fixes). - firmware/efi: Tell memblock about EFI iomem reservations (git-fixes). - firmware: arm_scmi: Fix possible scmi_linux_errmap buffer overflow (git-fixes). - firmware: arm_scmi: Fix range check for the maximum number of pending messages (git-fixes). - gpio: pca953x: Add support for the On Semi pca9655 (git-fixes). - gpio: zynq: Check return value of pm_runtime_get_sync (git-fixes). - gtp: fix an use-before-init in gtp_newlink() (git-fixes). - gve: Add DQO fields for core data structures (bsc#1176940). - gve: Add Gvnic stats AQ command and ethtool show/set-priv-flags (bsc#1176940). - gve: Add dqo descriptors (bsc#1176940). - gve: Add stats for gve (bsc#1176940). - gve: Add support for DQO RX PTYPE map (bsc#1176940). - gve: Add support for raw addressing device option (bsc#1176940). - gve: Add support for raw addressing in the tx path (bsc#1176940). - gve: Add support for raw addressing to the rx path (bsc#1176940). - gve: Batch AQ commands for creating and destroying queues (bsc#1176940). - gve: Check TX QPL was actually assigned (bsc#1176940). - gve: DQO: Add RX path (bsc#1176940). - gve: DQO: Add TX path (bsc#1176940). - gve: DQO: Add core netdev features (bsc#1176940). - gve: DQO: Add ring allocation and initialization (bsc#1176940). - gve: DQO: Configure interrupts on device up (bsc#1176940). - gve: DQO: Fix off by one in gve_rx_dqo() (bsc#1176940). - gve: DQO: Remove incorrect prefetch (bsc#1176940). - gve: Enable Link Speed Reporting in the driver (bsc#1176940). - gve: Fix warnings reported for DQO patchset (bsc#1176940). - gve: Get and set Rx copybreak via ethtool (bsc#1176940). - gve: Introduce a new model for device options (bsc#1176940). - gve: Introduce per netdev `enum gve_queue_format` (bsc#1176940). - gve: Make gve_rx_slot_page_info.page_offset an absolute offset (bsc#1176940). - gve: Move some static functions to a common file (bsc#1176940). - gve: NIC stats for report-stats and for ethtool (bsc#1176940). - gve: Propagate error codes to caller (bsc#1176940). - gve: Replace zero-length array with flexible-array member (bsc#1176940). - gve: Rx Buffer Recycling (bsc#1176940). - gve: Simplify code and axe the use of a deprecated API (bsc#1176940). - gve: Update adminq commands to support DQO queues (bsc#1176940). - gve: Use dev_info/err instead of netif_info/err (bsc#1176940). - gve: Use link status register to report link status (bsc#1176940). - gve: adminq: DQO specific device descriptor logic (bsc#1176940). - gve: gve_rx_copy: Move padding to an argument (bsc#1176940). - i2c: core: Disable client irq on reboot/shutdown (git-fixes). - i40e: Fix autoneg disabling for non-10GBaseT links (git-fixes). - i40e: Fix error handling in i40e_vsi_open (git-fixes). - iavf: Fix an error handling path in 'iavf_probe()' (git-fixes). - ibmvnic: Remove the proper scrq flush (bsc#1188504 ltc#192075). - ibmvnic: retry reset if there are no other resets (bsc#1184350 ltc#191533). - ice: Re-organizes reqstd/avail {R, T}XQ check/code for efficiency (jsc#SLE-7926). - igb: Check if num of q_vectors is smaller than max before array access (git-fixes). - igb: Fix an error handling path in 'igb_probe()' (git-fixes). - igb: Fix position of assignment to *ring (git-fixes). - igb: Fix use-after-free error during reset (git-fixes). - igc: Fix an error handling path in 'igc_probe()' (git-fixes). - igc: Fix use-after-free error during reset (git-fixes). - igc: change default return of igc_read_phy_reg() (git-fixes). - iio: accel: bma180: Use explicit member assignment (git-fixes). - iio: gyro: fxa21002c: Balance runtime pm + use pm_runtime_resume_and_get() (git-fixes). - iio: magn: bmc150: Balance runtime pm + use pm_runtime_resume_and_get() (git-fixes). - iwlwifi: mvm: do not change band on bound PHY contexts (git-fixes). - iwlwifi: pcie: free IML DMA memory allocation (git-fixes). - ixgbe: Fix an error handling path in 'ixgbe_probe()' (git-fixes). - ixgbe: Fix packet corruption due to missing DMA sync (git-fixes). - kABI workaround for pci/quirks.c (git-fixes). - kprobes: Do not expose probe addresses to non-CAP_SYSLOG (git-fixes). - kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler (git-fixes). - kprobes: Fix compiler warning for !CONFIG_KPROBES_ON_FTRACE (git-fixes). - kprobes: Fix to check probe enabled before disarm_kprobe_ftrace() (git-fixes). - kprobes: fix kill kprobe which has been marked as gone (git-fixes). - kvm: LAPIC: Restore guard to prevent illegal APIC register access (bsc#1188772). - kvm: i8254: remove redundant assignment to pointer s (bsc#1188770). - lib/decompress_unlz4.c: correctly handle zero-padding around initrds (git-fixes). - libbpf: Fixes incorrect rx_ring_setup_done (bsc#1155518). - liquidio: Fix unintentional sign extension issue on left shift of u16 (git-fixes). - mISDN: fix possible use-after-free in HFC_cleanup() (git-fixes). - media, bpf: Do not copy more entries than user space requested (git-fixes). - media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf() (git-fixes). - media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K (git-fixes). - mfd: cpcap: Fix cpcap dmamask not set warnings (git-fixes). - mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE (git-fixes). - misc/libmasm/module: Fix two use after free in ibmasm_init_one (git-fixes). - misc: alcor_pci: fix inverted branch condition (git-fixes). - misc: alcor_pci: fix null-ptr-deref when there is no PCI bridge (git-fixes). - mmc: core: Allow UHS-I voltage switch for SDSC cards if supported (git-fixes). - mt76: mt7603: set 0 as min coverage_class value (git-fixes). - mt76: mt7615: fix endianness in mt7615_mcu_set_eeprom (git-fixes). - mt76: mt7615: increase MCU command timeout (git-fixes). - mt76: set dma-done flag for flushed descriptors (git-fixes). - mvpp2: suppress warning (git-fixes). - net/mlx5: Do not fail driver on failure to create debugfs (git-fixes). - net/mlx5e: Block offload of outer header csum for GRE tunnel (git-fixes). - net: Make PTP-specific drivers depend on PTP_1588_CLOCK (git-fixes). - net: atlantic: fix ip dst and ipv6 address filters (git-fixes). - net: dp83867: Fix OF_MDIO config check (git-fixes). - net: ethernet: ti: Remove TI_CPTS_MOD workaround (git-fixes). - net: gve: convert strlcpy to strscpy (bsc#1176940). - net: gve: remove duplicated allowed (bsc#1176940). - net: hns3: Clear the CMDQ registers before unmapping BAR region (git-fixes). - net: marvell: Fix OF_MDIO config check (git-fixes). - net: mvpp2: Put fwnode in error case during ->probe() (git-fixes). - net: phy: microchip_t1: add lan87xx_phy_init to initialize the lan87xx phy (git-fixes). - net: usb: fix possible use-after-free in smsc75xx_bind (git-fixes). - net: wilc1000: clean up resource in error path of init mon interface (git-fixes). - nfc: nfcsim: fix use after free during module unload (git-fixes). - pinctrl/amd: Add device HID for new AMD GPIO controller (git-fixes). - pinctrl: mcp23s08: Fix missing unlock on error in mcp23s08_irq() (git-fixes). - pinctrl: mcp23s08: fix race condition in irq handler (git-fixes). - platform/chrome: cros_ec_lightbar: Reduce ligthbar get version command (git-fixes). - platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios (git-fixes). - platform/x86: intel_int0002_vgpio: Only call enable_irq_wake() when using s2idle (git-fixes). - platform/x86: intel_int0002_vgpio: Pass irqchip when adding gpiochip (git-fixes). - platform/x86: intel_int0002_vgpio: Remove dev_err() usage after platform_get_irq() (git-fixes). - platform/x86: intel_int0002_vgpio: Use device_init_wakeup (git-fixes). - power: reset: gpio-poweroff: add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: ab8500: Avoid NULL pointers (git-fixes). - power: supply: ab8500: add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: charger-manager: add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: max17042: Do not enforce (incorrect) interrupt trigger type (git-fixes). - power: supply: sc2731_charger: Add missing MODULE_DEVICE_TABLE (git-fixes). - power: supply: sc27xx: Add missing MODULE_DEVICE_TABLE (git-fixes). - powerpc/64s: Move branch cache flushing bcctr variant to ppc-ops.h (bsc#1188885 ltc#193722). - powerpc/64s: rename pnv|pseries_setup_rfi_flush to _setup_security_mitigations (bsc#1188885 ltc#193722). - powerpc/mm: Fix lockup on kernel exec fault (bsc#1156395). - powerpc/papr_scm: Properly handle UUID types and API (bsc#1113295, git-fixes). - powerpc/pesries: Get STF barrier requirement from H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722). - powerpc/pseries: Get entry and uaccess flush required bits from H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722). - powerpc/pseries: add new branch prediction security bits for link stack (bsc#1188885 ltc#193722). - powerpc/pseries: export LPAR security flavor in lparcfg (bsc#1188885 ltc#193722). - powerpc/security: Add a security feature for STF barrier (bsc#1188885 ltc#193722). - powerpc/security: Allow for processors that flush the link stack using the special bcctr (bsc#1188885 ltc#193722). - powerpc/security: Fix link stack flush instruction (bsc#1188885 ltc#193722). - powerpc/security: change link stack flush state to the flush type enum (bsc#1188885 ltc#193722). - powerpc/security: make display of branch cache flush more consistent (bsc#1188885 ltc#193722). - powerpc/security: re-name count cache flush to branch cache flush (bsc#1188885 ltc#193722). - powerpc/security: split branch cache flush toggle from code patching (bsc#1188885 ltc#193722). - powerpc/stacktrace: Fix spurious 'stale' traces in raise_backtrace_ipi() (bsc#1156395). - powerpc/stacktrace: Include linux/delay.h (bsc#1156395). - powerpc: Offline CPU in stop_this_cpu() (bsc#1156395). - pwm: img: Fix PM reference leak in img_pwm_enable() (git-fixes). - pwm: imx1: Do not disable clocks at device remove time (git-fixes). - pwm: spear: Do not modify HW state in .remove callback (git-fixes). - qemu_fw_cfg: Make fw_cfg_rev_attr a proper kobj_attribute (git-fixes). - r8152: Fix a deadlock by doubly PM resume (bsc#1186194). - r8152: Fix potential PM refcount imbalance (bsc#1186194). - r8169: avoid link-up interrupt issue on RTL8106e if user enables ASPM (git-fixes). - ravb: Fix bit fields checking in ravb_hwtstamp_get() (git-fixes). - rbd: always kick acquire on 'acquired' and 'released' notifications (bsc#1188746). - rbd: do not hold lock_rwsem while running_list is being drained (bsc#1188747). - regulator: hi6421: Fix getting wrong drvdata (git-fixes). - regulator: hi6421: Use correct variable type for regmap api val argument (git-fixes). - replaced with upstream security mitigation cleanup - reset: ti-syscon: fix to_ti_syscon_reset_data macro (git-fixes). - rpm/kernel-binary.spec.in: Do not install usrmerged kernel on Leap (boo#1184804). - rtc: max77686: Do not enforce (incorrect) interrupt trigger type (git-fixes). - rtc: mxc_v2: add missing MODULE_DEVICE_TABLE (git-fixes). - rtl8xxxu: Fix device info for RTL8192EU devices (git-fixes). - scsi: fc: Add 256GBit speed setting to SCSI FC transport (bsc#1188101). - sfp: Fix error handing in sfp_probe() (git-fixes). - soc/tegra: fuse: Fix Tegra234-only builds (git-fixes). - spi: cadence: Correct initialisation of runtime PM again (git-fixes). - spi: imx: add a check for speed_hz before calculating the clock (git-fixes). - spi: mediatek: fix fifo rx mode (git-fixes). - staging: rtl8723bs: fix macro value for 2.4Ghz only device (git-fixes). - thermal/core: Correct function name thermal_zone_device_unregister() (git-fixes). - tpm: efi: Use local variable for calculating final log size (git-fixes). - tracing: Do not reference char * as a string in histograms (git-fixes). - tty: serial: 8250: serial_cs: Fix a memory leak in error handling path (git-fixes). - tty: serial: fsl_lpuart: fix the potential risk of division or modulo by zero (git-fixes). - usb: dwc2: gadget: Fix sending zero length packet in DDMA mode (git-fixes). - usb: gadget: f_hid: fix endianness issue with descriptors (git-fixes). - usb: gadget: hid: fix error return code in hid_bind() (git-fixes). - usb: hub: Disable USB 3 device initiated lpm if exit latency is too high (git-fixes). - usb: hub: Fix link power management max exit latency (MEL) calculations (git-fixes). - usb: max-3421: Prevent corruption of freed memory (git-fixes). - usb: renesas_usbhs: Fix superfluous irqs happen after usb_pkt_pop() (git-fixes). - uuid: Add inline helpers to import / export UUIDs (bsc#1113295, git-fixes). - virtio_console: Assure used length from device is limited (git-fixes). - virtio_net: move tx vq operation under tx queue lock (git-fixes). - vxlan: add missing rcu_read_lock() in neigh_reduce() (git-fixes). - w1: ds2438: fixing bug that would always get page0 (git-fixes). - watchdog: Fix possible use-after-free by calling del_timer_sync() (git-fixes). - watchdog: Fix possible use-after-free in wdt_startup() (git-fixes). - watchdog: iTCO_wdt: Account for rebooting on second timeout (git-fixes). - watchdog: sc520_wdt: Fix possible use-after-free in wdt_turnoff() (git-fixes). - wilc1000: write value to WILC_INTR2_ENABLE register (git-fixes). - wireless: wext-spy: Fix out-of-bounds warning (git-fixes). - wl1251: Fix possible buffer overflow in wl1251_cmd_scan (git-fixes). - wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP (git-fixes). - workqueue: fix UAF in pwq_unbound_release_workfn() (bsc#1188973). - xen/events: reset active flag for lateeoi events later (git-fixes). - xfrm: xfrm_state_mtu should return at least 1280 for ipv6 (bsc#1185377). - xhci: Fix lost USB 2 remote wake (git-fixes). Important SUSE bug 1065729 SUSE bug 1085224 SUSE bug 1094840 SUSE bug 1113295 SUSE bug 1153274 SUSE bug 1154353 SUSE bug 1155518 SUSE bug 1156395 SUSE bug 1176940 SUSE bug 1179243 SUSE bug 1180092 SUSE bug 1183871 SUSE bug 1184114 SUSE bug 1184350 SUSE bug 1184631 SUSE bug 1184804 SUSE bug 1185377 SUSE bug 1186194 SUSE bug 1186206 SUSE bug 1186482 SUSE bug 1186483 SUSE bug 1187476 SUSE bug 1188101 SUSE bug 1188405 SUSE bug 1188445 SUSE bug 1188504 SUSE bug 1188620 SUSE bug 1188683 SUSE bug 1188746 SUSE bug 1188747 SUSE bug 1188748 SUSE bug 1188770 SUSE bug 1188771 SUSE bug 1188772 SUSE bug 1188773 SUSE bug 1188774 SUSE bug 1188777 SUSE bug 1188838 SUSE bug 1188876 SUSE bug 1188885 SUSE bug 1188973 CVE-2021-21781 at SUSE CVE-2021-21781 at NVD CVE-2021-22543 at SUSE CVE-2021-22543 at NVD CVE-2021-3659 at SUSE CVE-2021-3659 at NVD CVE-2021-37576 at SUSE CVE-2021-37576 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for cpio fixes the following issues: - A regression in the previous update could lead to crashes (bsc#1189465) Critical SUSE bug 1189465 CVE-2021-38185 at SUSE CVE-2021-38185 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for qemu fixes the following issues: Security issues fixed: - usbredir: free call on invalid pointer in bufp_alloc (bsc#1189145, CVE-2021-3682) - NULL pointer dereference in ESP (bsc#1180433, CVE-2020-35504) (bsc#1180434, CVE-2020-35505) (bsc#1180435, CVE-2020-35506) - NULL pointer dereference issue in megasas-gen2 host bus adapter (bsc#1180432, CVE-2020-35503) - eepro100: stack overflow via infinite recursion (bsc#1182651, CVE-2021-20255) - usb: unbounded stack allocation in usbredir (bsc#1186012, CVE-2021-3527) Moderate SUSE bug 1180432 SUSE bug 1180433 SUSE bug 1180434 SUSE bug 1180435 SUSE bug 1182651 SUSE bug 1186012 SUSE bug 1189145 CVE-2020-35503 at SUSE CVE-2020-35503 at NVD CVE-2020-35504 at SUSE CVE-2020-35504 at NVD CVE-2020-35505 at SUSE CVE-2020-35505 at NVD CVE-2020-35506 at SUSE CVE-2020-35506 at NVD CVE-2021-20255 at SUSE CVE-2021-20255 at NVD CVE-2021-3527 at SUSE CVE-2021-3527 at NVD CVE-2021-3682 at SUSE CVE-2021-3682 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for krb5 fixes the following issues: - CVE-2021-36222: Fixed KDC null deref on bad encrypted challenge. (bsc#1188571) Important SUSE bug 1188571 CVE-2021-36222 at SUSE CVE-2021-36222 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for libmspack fixes the following issues: - CVE-2018-14681: Bad KWAJ file header extensions could cause a one or two byte overwrite. (bsc#1103032) - CVE-2018-14682: There is an off-by-one error in the TOLOWER() macro for CHM decompression. (bsc#1103032) - CVE-2018-14679: There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service. (bsc#1103032) Moderate SUSE bug 1103032 CVE-2018-14679 at SUSE CVE-2018-14679 at NVD CVE-2018-14681 at SUSE CVE-2018-14681 at NVD CVE-2018-14682 at SUSE CVE-2018-14682 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for dbus-1 fixes the following issues: - CVE-2020-12049: truncated messages lead to resource exhaustion. (bsc#1172505) Moderate SUSE bug 1172505 CVE-2020-12049 at SUSE CVE-2020-12049 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This patch updates the Python AWS SDK stack in SLE 15: General: # aws-cli - Version updated to upstream release v1.19.9 For a detailed list of all changes, please refer to the changelog file of this package. # python-boto3 - Version updated to upstream release 1.17.9 For a detailed list of all changes, please refer to the changelog file of this package. # python-botocore - Version updated to upstream release 1.20.9 For a detailed list of all changes, please refer to the changelog file of this package. # python-urllib3 - Version updated to upstream release 1.25.10 For a detailed list of all changes, please refer to the changelog file of this package. # python-service_identity - Added this new package to resolve runtime dependencies for other packages. Version: 18.1.0 # python-trustme - Added this new package to resolve runtime dependencies for other packages. Version: 0.6.0 Security fixes: # python-urllib3: - CVE-2020-26137: urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest() (bsc#1177120) Moderate SUSE bug 1102408 SUSE bug 1138715 SUSE bug 1138746 SUSE bug 1176389 SUSE bug 1177120 SUSE bug 1182421 SUSE bug 1182422 CVE-2020-26137 at SUSE CVE-2020-26137 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for openssl-1_1 fixes the following security issues: - CVE-2021-3711: A bug in the implementation of the SM2 decryption code could lead to buffer overflows. [bsc#1189520] - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521] Important SUSE bug 1189520 SUSE bug 1189521 CVE-2021-3711 at SUSE CVE-2021-3711 at NVD CVE-2021-3712 at SUSE CVE-2021-3712 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for xen fixes the following issues: Update to Xen 4.13.3 general bug fix release (bsc#1027519). Security issues fixed: - CVE-2021-28693: xen/arm: Boot modules are not scrubbed (bsc#1186428) - CVE-2021-28692: xen: inappropriate x86 IOMMU timeout detection / handling (bsc#1186429) - CVE-2021-0089: xen: Speculative Code Store Bypass (bsc#1186433) - CVE-2021-28690: xen: x86: TSX Async Abort protections not restored after S3 (bsc#1186434) - CVE-2021-28694,CVE-2021-28695,CVE-2021-28696: IOMMU page mapping issues on x86 (XSA-378)(bsc#1189373). - CVE-2021-28697: grant table v2 status pages may remain accessible after de-allocation (XSA-379)(bsc#1189376). - CVE-2021-28698: long running loops in grant table handling (XSA-380)(bsc#1189378). - CVE-2021-28699: inadequate grant-v2 status frames array bounds check (XSA-382)(bsc#1189380). - CVE-2021-28700: No memory limit for dom0less domUs (XSA-383)(bsc#1189381). Other issues fixed: - Fixed 'Panic on CPU 0: IO-APIC + timer doesn't work!' (bsc#1180491) - Fixed an issue with xencommons, where file format expecations by fillup did not allign (bsc#1185682) - Fixed shell macro expansion in the spec file, so that ExecStart= in xendomains-wait-disks.service is created correctly (bsc#1183877) - Upstream bug fixes (bsc#1027519) - Fixed Xen SLES11SP4 guest hangs on cluster (bsc#1188050). - xl monitoring process exits during xl save -p|-c keep the monitoring process running to cleanup the domU during shutdown (bsc#1176189). - Dom0 hangs when pinning CPUs for dom0 with HVM guest (bsc#1179246). - Prevent superpage allocation in the LAPIC and ACPI_INFO range (bsc#1189882). Important SUSE bug 1027519 SUSE bug 1137251 SUSE bug 1176189 SUSE bug 1179148 SUSE bug 1179246 SUSE bug 1180491 SUSE bug 1181989 SUSE bug 1183877 SUSE bug 1185682 SUSE bug 1186428 SUSE bug 1186429 SUSE bug 1186433 SUSE bug 1186434 SUSE bug 1188050 SUSE bug 1189373 SUSE bug 1189376 SUSE bug 1189378 SUSE bug 1189380 SUSE bug 1189381 SUSE bug 1189882 CVE-2021-0089 at SUSE CVE-2021-0089 at NVD CVE-2021-28690 at SUSE CVE-2021-28690 at NVD CVE-2021-28692 at SUSE CVE-2021-28692 at NVD CVE-2021-28693 at SUSE CVE-2021-28693 at NVD CVE-2021-28694 at SUSE CVE-2021-28694 at NVD CVE-2021-28695 at SUSE CVE-2021-28695 at NVD CVE-2021-28696 at SUSE CVE-2021-28696 at NVD CVE-2021-28697 at SUSE CVE-2021-28697 at NVD CVE-2021-28698 at SUSE CVE-2021-28698 at NVD CVE-2021-28699 at SUSE CVE-2021-28699 at NVD CVE-2021-28700 at SUSE CVE-2021-28700 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for libesmtp fixes the following issues: - CVE-2019-19977: Fixed stack-based buffer over-read in ntlm/ntlmstruct.c (bsc#1160462). Important SUSE bug 1160462 SUSE bug 1189097 CVE-2019-19977 at SUSE CVE-2019-19977 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for openssl-1_1 fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521). Low SUSE bug 1189521 CVE-2021-3712 at SUSE CVE-2021-3712 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for mozilla-nspr fixes the following issues: mozilla-nspr was updated to version 4.32: * implement new socket option PR_SockOpt_DontFrag * support larger DNS records by increasing the default buffer size for DNS queries * Lock access to PRCallOnceType members in PR_CallOnce* for thread safety bmo#1686138 * PR_GetSystemInfo supports a new flag PR_SI_RELEASE_BUILD to get information about the operating system build version. Mozilla NSS was updated to version 3.68: * bmo#1713562 - Fix test leak. * bmo#1717452 - NSS 3.68 should depend on NSPR 4.32. * bmo#1693206 - Implement PKCS8 export of ECDSA keys. * bmo#1712883 - DTLS 1.3 draft-43. * bmo#1655493 - Support SHA2 HW acceleration using Intel SHA Extension. * bmo#1713562 - Validate ECH public names. * bmo#1717610 - Add function to get seconds from epoch from pkix::Time. update to NSS 3.67 * bmo#1683710 - Add a means to disable ALPN. * bmo#1715720 - Fix nssckbi version number in NSS 3.67 (was supposed to be incremented in 3.66). * bmo#1714719 - Set NSS_USE_64 on riscv64 target when using GYP/Ninja. * bmo#1566124 - Fix counter increase in ppc-gcm-wrap.c. * bmo#1566124 - Fix AES_GCM mode on ppc64le for messages of length more than 255-byte. update to NSS 3.66 * bmo#1710716 - Remove Expired Sonera Class2 CA from NSS. * bmo#1710716 - Remove Expired Root Certificates from NSS - QuoVadis Root Certification Authority. * bmo#1708307 - Remove Trustis FPS Root CA from NSS. * bmo#1707097 - Add Certum Trusted Root CA to NSS. * bmo#1707097 - Add Certum EC-384 CA to NSS. * bmo#1703942 - Add ANF Secure Server Root CA to NSS. * bmo#1697071 - Add GLOBALTRUST 2020 root cert to NSS. * bmo#1712184 - NSS tools manpages need to be updated to reflect that sqlite is the default database. * bmo#1712230 - Don't build ppc-gcm.s with clang integrated assembler. * bmo#1712211 - Strict prototype error when trying to compile nss code that includes blapi.h. * bmo#1710773 - NSS needs FIPS 180-3 FIPS indicators. * bmo#1709291 - Add VerifyCodeSigningCertificateChain. update to NSS 3.65 * bmo#1709654 - Update for NetBSD configuration. * bmo#1709750 - Disable HPKE test when fuzzing. * bmo#1566124 - Optimize AES-GCM for ppc64le. * bmo#1699021 - Add AES-256-GCM to HPKE. * bmo#1698419 - ECH -10 updates. * bmo#1692930 - Update HPKE to final version. * bmo#1707130 - NSS should use modern algorithms in PKCS#12 files by default. * bmo#1703936 - New coverity/cpp scanner errors. * bmo#1697303 - NSS needs to update it's csp clearing to FIPS 180-3 standards. * bmo#1702663 - Need to support RSA PSS with Hashing PKCS #11 Mechanisms. * bmo#1705119 - Deadlock when using GCM and non-thread safe tokens. update to NSS 3.64 * bmo#1705286 - Properly detect mips64. * bmo#1687164 - Introduce NSS_DISABLE_CRYPTO_VSX and disable_crypto_vsx. * bmo#1698320 - replace __builtin_cpu_supports('vsx') with ppc_crypto_support() for clang. * bmo#1613235 - Add POWER ChaCha20 stream cipher vector acceleration. Fixed in 3.63 * bmo#1697380 - Make a clang-format run on top of helpful contributions. * bmo#1683520 - ECCKiila P384, change syntax of nested structs initialization to prevent build isses with GCC 4.8. * bmo#1683520 - [lib/freebl/ecl] P-384: allow zero scalars in dual scalar multiplication. * bmo#1683520 - ECCKiila P521, change syntax of nested structs initialization to prevent build isses with GCC 4.8. * bmo#1683520 - [lib/freebl/ecl] P-521: allow zero scalars in dual scalar multiplication. * bmo#1696800 - HACL* update March 2021 - c95ab70fcb2bc21025d8845281bc4bc8987ca683. * bmo#1694214 - tstclnt can't enable middlebox compat mode. * bmo#1694392 - NSS does not work with PKCS #11 modules not supporting profiles. * bmo#1685880 - Minor fix to prevent unused variable on early return. * bmo#1685880 - Fix for the gcc compiler version 7 to support setenv with nss build. * bmo#1693217 - Increase nssckbi.h version number for March 2021 batch of root CA changes, CA list version 2.48. * bmo#1692094 - Set email distrust after to 21-03-01 for Camerfirma's 'Chambers of Commerce' and 'Global Chambersign' roots. * bmo#1618407 - Symantec root certs - Set CKA_NSS_EMAIL_DISTRUST_AFTER. * bmo#1693173 - Add GlobalSign R45, E45, R46, and E46 root certs to NSS. * bmo#1683738 - Add AC RAIZ FNMT-RCM SERVIDORES SEGUROS root cert to NSS. * bmo#1686854 - Remove GeoTrust PCA-G2 and VeriSign Universal root certs from NSS. * bmo#1687822 - Turn off Websites trust bit for the “Staat der Nederlanden Root CA - G3” root cert in NSS. * bmo#1692094 - Turn off Websites Trust Bit for 'Chambers of Commerce Root - 2008' and 'Global Chambersign Root - 2008’. * bmo#1694291 - Tracing fixes for ECH. update to NSS 3.62 * bmo#1688374 - Fix parallel build NSS-3.61 with make * bmo#1682044 - pkix_Build_GatherCerts() + pkix_CacheCert_Add() can corrupt 'cachedCertTable' * bmo#1690583 - Fix CH padding extension size calculation * bmo#1690421 - Adjust 3.62 ABI report formatting for new libabigail * bmo#1690421 - Install packaged libabigail in docker-builds image * bmo#1689228 - Minor ECH -09 fixes for interop testing, fuzzing * bmo#1674819 - Fixup a51fae403328, enum type may be signed * bmo#1681585 - Add ECH support to selfserv * bmo#1681585 - Update ECH to Draft-09 * bmo#1678398 - Add Export/Import functions for HPKE context * bmo#1678398 - Update HPKE to draft-07 update to NSS 3.61 * bmo#1682071 - Fix issue with IKE Quick mode deriving incorrect key values under certain conditions. * bmo#1684300 - Fix default PBE iteration count when NSS is compiled with NSS_DISABLE_DBM. * bmo#1651411 - Improve constant-timeness in RSA operations. * bmo#1677207 - Upgrade Google Test version to latest release. * bmo#1654332 - Add aarch64-make target to nss-try. Update to NSS 3.60.1: Notable changes in NSS 3.60: * TLS 1.3 Encrypted Client Hello (draft-ietf-tls-esni-08) support has been added, replacing the previous ESNI (draft-ietf-tls-esni-01) implementation. See bmo#1654332 for more information. * December 2020 batch of Root CA changes, builtins library updated to version 2.46. See bmo#1678189, bmo#1678166, and bmo#1670769 for more information. Update to NSS 3.59.1: * bmo#1679290 - Fix potential deadlock with certain third-party PKCS11 modules Update to NSS 3.59: Notable changes: * Exported two existing functions from libnss: CERT_AddCertToListHeadWithData and CERT_AddCertToListTailWithData Bugfixes * bmo#1607449 - Lock cert->nssCertificate to prevent a potential data race * bmo#1672823 - Add Wycheproof test cases for HMAC, HKDF, and DSA * bmo#1663661 - Guard against NULL token in nssSlot_IsTokenPresent * bmo#1670835 - Support enabling and disabling signatures via Crypto Policy * bmo#1672291 - Resolve libpkix OCSP failures on SHA1 self-signed root certs when SHA1 signatures are disabled. * bmo#1644209 - Fix broken SelectedCipherSuiteReplacer filter to solve some test intermittents * bmo#1672703 - Tolerate the first CCS in TLS 1.3 to fix a regression in our CVE-2020-25648 fix that broke purple-discord (boo#1179382) * bmo#1666891 - Support key wrap/unwrap with RSA-OAEP * bmo#1667989 - Fix gyp linking on Solaris * bmo#1668123 - Export CERT_AddCertToListHeadWithData and CERT_AddCertToListTailWithData from libnss * bmo#1634584 - Set CKA_NSS_SERVER_DISTRUST_AFTER for Trustis FPS Root CA * bmo#1663091 - Remove unnecessary assertions in the streaming ASN.1 decoder that affected decoding certain PKCS8 private keys when using NSS debug builds * bmo#670839 - Use ARM crypto extension for AES, SHA1 and SHA2 on MacOS. update to NSS 3.58 Bugs fixed: * bmo#1641480 (CVE-2020-25648) Tighten CCS handling for middlebox compatibility mode. * bmo#1631890 - Add support for Hybrid Public Key Encryption (draft-irtf-cfrg-hpke) support for TLS Encrypted Client Hello (draft-ietf-tls-esni). * bmo#1657255 - Add CI tests that disable SHA1/SHA2 ARM crypto extensions. * bmo#1668328 - Handle spaces in the Python path name when using gyp on Windows. * bmo#1667153 - Add PK11_ImportDataKey for data object import. * bmo#1665715 - Pass the embedded SCT list extension (if present) to TrustDomain::CheckRevocation instead of the notBefore value. update to NSS 3.57 * The following CA certificates were Added: bmo#1663049 - CN=Trustwave Global Certification Authority SHA-256 Fingerprint: 97552015F5DDFC3C8788C006944555408894450084F100867086BC1A2BB58DC8 bmo#1663049 - CN=Trustwave Global ECC P256 Certification Authority SHA-256 Fingerprint: 945BBC825EA554F489D1FD51A73DDF2EA624AC7019A05205225C22A78CCFA8B4 bmo#1663049 - CN=Trustwave Global ECC P384 Certification Authority SHA-256 Fingerprint: 55903859C8C0C3EBB8759ECE4E2557225FF5758BBD38EBD48276601E1BD58097 * The following CA certificates were Removed: bmo#1651211 - CN=EE Certification Centre Root CA SHA-256 Fingerprint: 3E84BA4342908516E77573C0992F0979CA084E4685681FF195CCBA8A229B8A76 bmo#1656077 - O=Government Root Certification Authority; C=TW SHA-256 Fingerprint: 7600295EEFE85B9E1FD624DB76062AAAAE59818A54D2774CD4C0B2C01131E1B3 * Trust settings for the following CA certificates were Modified: bmo#1653092 - CN=OISTE WISeKey Global Root GA CA Websites (server authentication) trust bit removed. * https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.57_release_notes update to NSS 3.56 Notable changes * bmo#1650702 - Support SHA-1 HW acceleration on ARMv8 * bmo#1656981 - Use MPI comba and mulq optimizations on x86-64 MacOS. * bmo#1654142 - Add CPU feature detection for Intel SHA extension. * bmo#1648822 - Add stricter validation of DH keys in FIPS mode. * bmo#1656986 - Properly detect arm64 during GYP build architecture detection. * bmo#1652729 - Add build flag to disable RC2 and relocate to lib/freebl/deprecated. * bmo#1656429 - Correct RTT estimate used in 0-RTT anti-replay. * bmo#1588941 - Send empty certificate message when scheme selection fails. * bmo#1652032 - Fix failure to build in Windows arm64 makefile cross-compilation. * bmo#1625791 - Fix deadlock issue in nssSlot_IsTokenPresent. * bmo#1653975 - Fix 3.53 regression by setting 'all' as the default makefile target. * bmo#1659792 - Fix broken libpkix tests with unexpired PayPal cert. * bmo#1659814 - Fix interop.sh failures with newer tls-interop commit and dependencies. * bmo#1656519 - NSPR dependency updated to 4.28 update to NSS 3.55 Notable changes * P384 and P521 elliptic curve implementations are replaced with verifiable implementations from Fiat-Crypto [0] and ECCKiila [1]. * PK11_FindCertInSlot is added. With this function, a given slot can be queried with a DER-Encoded certificate, providing performance and usability improvements over other mechanisms. (bmo#1649633) * DTLS 1.3 implementation is updated to draft-38. (bmo#1647752) Relevant Bugfixes * bmo#1631583 (CVE-2020-6829, CVE-2020-12400) - Replace P384 and P521 with new, verifiable implementations from Fiat-Crypto and ECCKiila. * bmo#1649487 - Move overzealous assertion in VFY_EndWithSignature. * bmo#1631573 (CVE-2020-12401) - Remove unnecessary scalar padding. * bmo#1636771 (CVE-2020-12403) - Explicitly disable multi-part ChaCha20 (which was not functioning correctly) and more strictly enforce tag length. * bmo#1649648 - Don't memcpy zero bytes (sanitizer fix). * bmo#1649316 - Don't memcpy zero bytes (sanitizer fix). * bmo#1649322 - Don't memcpy zero bytes (sanitizer fix). * bmo#1653202 - Fix initialization bug in blapitest when compiled with NSS_DISABLE_DEPRECATED_SEED. * bmo#1646594 - Fix AVX2 detection in makefile builds. * bmo#1649633 - Add PK11_FindCertInSlot to search a given slot for a DER-encoded certificate. * bmo#1651520 - Fix slotLock race in NSC_GetTokenInfo. * bmo#1647752 - Update DTLS 1.3 implementation to draft-38. * bmo#1649190 - Run cipher, sdr, and ocsp tests under standard test cycle in CI. * bmo#1649226 - Add Wycheproof ECDSA tests. * bmo#1637222 - Consistently enforce IV requirements for DES and 3DES. * bmo#1067214 - Enforce minimum PKCS#1 v1.5 padding length in RSA_CheckSignRecover. * bmo#1646324 - Advertise PKCS#1 schemes for certificates in the signature_algorithms extension. update to NSS 3.54 Notable changes * Support for TLS 1.3 external pre-shared keys (bmo#1603042). * Use ARM Cryptography Extension for SHA256, when available (bmo#1528113) * The following CA certificates were Added: bmo#1645186 - certSIGN Root CA G2. bmo#1645174 - e-Szigno Root CA 2017. bmo#1641716 - Microsoft ECC Root Certificate Authority 2017. bmo#1641716 - Microsoft RSA Root Certificate Authority 2017. * The following CA certificates were Removed: bmo#1645199 - AddTrust Class 1 CA Root. bmo#1645199 - AddTrust External CA Root. bmo#1641718 - LuxTrust Global Root 2. bmo#1639987 - Staat der Nederlanden Root CA - G2. bmo#1618402 - Symantec Class 2 Public Primary Certification Authority - G4. bmo#1618402 - Symantec Class 1 Public Primary Certification Authority - G4. bmo#1618402 - VeriSign Class 3 Public Primary Certification Authority - G3. * A number of certificates had their Email trust bit disabled. See bmo#1618402 for a complete list. Bugs fixed * bmo#1528113 - Use ARM Cryptography Extension for SHA256. * bmo#1603042 - Add TLS 1.3 external PSK support. * bmo#1642802 - Add uint128 support for HACL* curve25519 on Windows. * bmo#1645186 - Add 'certSIGN Root CA G2' root certificate. * bmo#1645174 - Add Microsec's 'e-Szigno Root CA 2017' root certificate. * bmo#1641716 - Add Microsoft's non-EV root certificates. * bmo1621151 - Disable email trust bit for 'O=Government Root Certification Authority; C=TW' root. * bmo#1645199 - Remove AddTrust root certificates. * bmo#1641718 - Remove 'LuxTrust Global Root 2' root certificate. * bmo#1639987 - Remove 'Staat der Nederlanden Root CA - G2' root certificate. * bmo#1618402 - Remove Symantec root certificates and disable email trust bit. * bmo#1640516 - NSS 3.54 should depend on NSPR 4.26. * bmo#1642146 - Fix undefined reference to `PORT_ZAlloc_stub' in seed.c. * bmo#1642153 - Fix infinite recursion building NSS. * bmo#1642638 - Fix fuzzing assertion crash. * bmo#1642871 - Enable SSL_SendSessionTicket after resumption. * bmo#1643123 - Support SSL_ExportEarlyKeyingMaterial with External PSKs. * bmo#1643557 - Fix numerous compile warnings in NSS. * bmo#1644774 - SSL gtests to use ClearServerCache when resetting self-encrypt keys. * bmo#1645479 - Don't use SECITEM_MakeItem in secutil.c. * bmo#1646520 - Stricter enforcement of ASN.1 INTEGER encoding. Moderate SUSE bug 1029961 SUSE bug 1174697 SUSE bug 1176206 SUSE bug 1176934 SUSE bug 1179382 SUSE bug 1188891 CVE-2020-12400 at SUSE CVE-2020-12400 at NVD CVE-2020-12401 at SUSE CVE-2020-12401 at NVD CVE-2020-12403 at SUSE CVE-2020-12403 at NVD CVE-2020-25648 at SUSE CVE-2020-25648 at NVD CVE-2020-6829 at SUSE CVE-2020-6829 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for libcroco fixes the following issues: - CVE-2020-12825: Fixed recursion issue in block and any productions (bsc#1171685). Moderate SUSE bug 1171685 CVE-2020-12825 at SUSE CVE-2020-12825 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for xen fixes the following issues: - CVE-2021-28701: Fixed race condition in XENMAPSPACE_grant_table handling (XSA-384) (bsc#1189632). - Upstream bug fixes (bsc#1027519) Moderate SUSE bug 1027519 SUSE bug 1189632 CVE-2021-28701 at SUSE CVE-2021-28701 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 The SUSE Linux Enterprise 15 SP2 Realtime kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3759: Unaccounted ipc objects in Linux kernel could have lead to breaking memcg limits and DoS attacks (bsc#1190115). - CVE-2021-38160: Data corruption or loss could be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c (bsc#1190117) - CVE-2021-3640: Fixed a Use-After-Free vulnerability in function sco_sock_sendmsg() in the bluetooth stack (bsc#1188172). - CVE-2021-3753: Fixed race out-of-bounds in virtual terminal handling (bsc#1190025). - CVE-2021-3743: Fixed OOB Read in qrtr_endpoint_post (bsc#1189883). - CVE-2021-3739: Fixed a NULL pointer dereference when deleting device by invalid id (bsc#1189832 ). - CVE-2021-3732: Mounting overlayfs inside an unprivileged user namespace can reveal files (bsc#1189706). - CVE-2021-3653: Missing validation of the `int_ctl` VMCB field and allows a malicious L1 guest to enable AVIC support for the L2 guest. (bsc#1189399). - CVE-2021-3656: Missing validation of the the `virt_ext` VMCB field and allows a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS for the L2 guest (bsc#1189400). - CVE-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault (bnc#1189262). - CVE-2021-38207: drivers/net/ethernet/xilinx/ll_temac_main.c allowed remote attackers to cause a denial of service (buffer overflow and lockup) by sending heavy network traffic for about ten minutes (bnc#1189298). - CVE-2021-38205: drivers/net/ethernet/xilinx/xilinx_emaclite.c made it easier for attackers to defeat an ASLR protection mechanism because it prints a kernel pointer (i.e., the real IOMEM pointer) (bnc#1189292). - CVE-2021-38204: drivers/usb/host/max3421-hcd.c allowed physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations (bnc#1189291). - CVE-2021-3679: A lack of CPU resource in tracing module functionality was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service (bnc#1189057). - CVE-2021-34556: Fixed side-channel attack via a Speculative Store Bypass via unprivileged BPF program that could have obtain sensitive information from kernel memory (bsc#1188983). - CVE-2021-35477: Fixed BPF stack frame pointer which could have been abused to disclose content of arbitrary kernel memory (bsc#1188985). The following non-security bugs were fixed: - ACPI: NFIT: Fix support for virtual SPA ranges (git-fixes). - ACPI: processor: Clean up acpi_processor_evaluate_cst() (bsc#1175543) - ACPI: processor: Export acpi_processor_evaluate_cst() (bsc#1175543) - ACPI: processor: Export function to claim _CST control (bsc#1175543) - ACPI: processor: Introduce acpi_processor_evaluate_cst() (bsc#1175543) - ACPI: processor: Make ACPI_PROCESSOR_CSTATE depend on ACPI_PROCESSOR (bsc#1175543) - ALSA: hda - fix the 'Capture Switch' value change notifications (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9510 laptop (git-fixes). - ALSA: hda/realtek: Fix headset mic for Acer SWIFT SF314-56 (ALC256) (git-fixes). - ALSA: hda/realtek: add mic quirk for Acer SF314-42 (git-fixes). - ALSA: hda/via: Apply runtime PM workaround for ASUS B23E (git-fixes). - ALSA: hda: Add quirk for ASUS Flow x13 (git-fixes). - ALSA: pcm: fix divide error in snd_pcm_lib_ioctl (git-fixes). - ALSA: seq: Fix racy deletion of subscriber (git-fixes). - ALSA: usb-audio: Add registration quirk for JBL Quantum 600 (git-fixes). - ALSA: usb-audio: Fix regression on Sony WALKMAN NW-A45 DAC (git-fixes). - ALSA: usb-audio: Fix superfluous autosuspend recovery (git-fixes). - ALSA: usb-audio: fix incorrect clock source setting (git-fixes). - ASoC: Intel: Skylake: Leave data as is when invoking TLV IPCs (git-fixes). - ASoC: cs42l42: Correct definition of ADC Volume control (git-fixes). - ASoC: cs42l42: Do not allow SND_SOC_DAIFMT_LEFT_J (git-fixes). - ASoC: cs42l42: Fix LRCLK frame start edge (git-fixes). - ASoC: cs42l42: Fix inversion of ADC Notch Switch control (git-fixes). - ASoC: cs42l42: Remove duplicate control for WNF filter frequency (git-fixes). - ASoC: intel: atom: Fix breakage for PCM buffer address setup (git-fixes). - ASoC: intel: atom: Fix reference to PCM buffer address (git-fixes). - ASoC: ti: delete some dead code in omap_abe_probe() (git-fixes). - ASoC: tlv320aic31xx: Fix jack detection after suspend (git-fixes). - ASoC: tlv320aic31xx: fix reversed bclk/wclk master bits (git-fixes). - ASoC: wcd9335: Disable irq on slave ports in the remove function (git-fixes). - ASoC: wcd9335: Fix a double irq free in the remove function (git-fixes). - ASoC: wcd9335: Fix a memory leak in the error handling path of the probe function (git-fixes). - ASoC: xilinx: Fix reference to PCM buffer address (git-fixes). - Bluetooth: add timeout sanity check to hci_inquiry (git-fixes). - Bluetooth: defer cleanup of resources in hci_unregister_dev() (git-fixes). - Bluetooth: fix repeated calls to sco_sock_kill (git-fixes). - Bluetooth: hidp: use correct wait queue when removing ctrl_wait (git-fixes). - Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow (git-fixes). - Bluetooth: sco: prevent information leak in sco_conn_defer_accept() (git-fixes). - Documentation: admin-guide: PM: Add intel_idle document (bsc#1175543) - Drop watchdog iTCO_wdt patch that causes incompatible behavior (bsc#1189449) Also blacklisted - Fix breakage of swap over NFS (bsc#1188924). - Fix kabi of prepare_to_wait_exclusive() (bsc#1189575). - HID: i2c-hid: Fix Elan touchpad regression (git-fixes). - HID: input: do not report stylus battery state as 'full' (git-fixes). - KVM: VMX: Drop guest CPUID check for VMXE in vmx_set_cr4() (bsc#1188786). - KVM: VMX: Enable machine check support for 32bit targets (bsc#1188787). - KVM: VMX: Explicitly clear RFLAGS.CF and RFLAGS.ZF in VM-Exit RSB path (bsc#1188788). - KVM: nVMX: Really make emulated nested preemption timer pinned (bsc#1188780). - KVM: nVMX: Reset the segment cache when stuffing guest segs (bsc#1188781). - KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02 (bsc#1188782). - KVM: nVMX: Sync unsync'd vmcs02 state to vmcs12 on migration (bsc#1188783). - KVM: nVMX: Truncate bits 63:32 of VMCS field on nested check in !64-bit (bsc#1188784). - KVM: x86: bit 8 of non-leaf PDPEs is not reserved (bsc#1188790). - Move upstreamed BT fixes into sorted section - NFS: Correct size calculation for create reply length (bsc#1189870). - NFSv4.1: Do not rebind to the same source port when (bnc#1186264 bnc#1189021) - NFSv4/pNFS: Do not call _nfs4_pnfs_v3_ds_connect multiple times (git-fixes). - NFSv4: Initialise connection to the server in nfs4_alloc_client() (bsc#1040364). - PCI/MSI: Correct misleading comments (git-fixes). - PCI/MSI: Do not set invalid bits in MSI mask (git-fixes). - PCI/MSI: Enable and mask MSI-X early (git-fixes). - PCI/MSI: Enforce MSI[X] entry updates to be visible (git-fixes). - PCI/MSI: Enforce that MSI-X table entry is masked for update (git-fixes). - PCI/MSI: Mask all unused MSI-X entries (git-fixes). - PCI/MSI: Skip masking MSI-X on Xen PV (git-fixes). - PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown() (git-fixes). - PCI: Increase D3 delay for AMD Renoir/Cezanne XHCI (git-fixes). - PCI: PM: Avoid forcing PCI_D0 for wakeup reasons inconsistently (git-fixes). - PCI: PM: Enable PME if it can be signaled from D3cold (git-fixes). - README: Modernize build instructions. - Revert 'ACPICA: Fix memory leak caused by _CID repair function' (git-fixes). - Revert 'USB: serial: ch341: fix character loss at high transfer rates' (git-fixes). - Revert 'dmaengine: imx-sdma: refine to load context only once' (git-fixes). - Revert 'gpio: eic-sprd: Use devm_platform_ioremap_resource()' (git-fixes). - Revert 'mmc: sdhci-iproc: Set SDHCI_QUIRK_CAP_CLOCK_BASE_BROKEN on BCM2711' (git-fixes). - SUNRPC: 'Directory with parent 'rpc_clnt' already present!' (bsc#1168202 bsc#1188924). - SUNRPC: Fix the batch tasks count wraparound (git-fixes). - SUNRPC: Should wake up the privileged task firstly (git-fixes). - SUNRPC: defer slow parts of rpc_free_client() to a workqueue (bsc#1168202 bsc#1188924). - SUNRPC: fix use-after-free in rpc_free_client_work() (bsc#1168202 bsc#1188924). - SUNRPC: prevent port reuse on transports which do not request it (bnc#1186264 bnc#1189021). - USB: core: Avoid WARNings for 0-length descriptor requests (git-fixes). - USB: serial: ch341: fix character loss at high transfer rates (git-fixes). - USB: serial: ftdi_sio: add device ID for Auto-M3 OP-COM v2 (git-fixes). - USB: serial: option: add Telit FD980 composition 0x1056 (git-fixes). - USB: serial: option: add new VID/PID to support Fibocom FG150 (git-fixes). - USB: usbtmc: Fix RCU stall warning (git-fixes). - USB:ehci:fix Kunpeng920 ehci hardware problem (git-fixes). - Update patches.suse/ibmvnic-Allow-device-probe-if-the-device-is-not-read.patch (bsc#1167032 ltc#184087 bsc#1184114 ltc#192237). - VMCI: fix NULL pointer dereference when unmapping queue pair (git-fixes). - ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point() (git-fixes). - ath9k: Clear key cache explicitly on disabling hardware (git-fixes). - ath: Use safer key clearing with key cache entries (git-fixes). - bcma: Fix memory leak for internally-handled cores (git-fixes). - bdi: Do not use freezable workqueue (bsc#1189573). - blk-iolatency: error out if blk_get_queue() failed in iolatency_set_limit() (bsc#1189507). - blk-mq-sched: Fix blk_mq_sched_alloc_tags() error handling (bsc#1189506). - blk-wbt: introduce a new disable state to prevent false positive by rwb_enabled() (bsc#1189503). - blk-wbt: make sure throttle is enabled properly (bsc#1189504). - block: fix trace completion for chained bio (bsc#1189505). - brcmfmac: pcie: fix oops on failure to resume and reprobe (git-fixes). - btrfs: Rename __btrfs_alloc_chunk to btrfs_alloc_chunk (bsc#1189077). - btrfs: account for new extents being deleted in total_bytes_pinned (bsc#1135481). - btrfs: add a comment explaining the data flush steps (bsc#1135481). - btrfs: add btrfs_reserve_data_bytes and use it (bsc#1135481). - btrfs: add flushing states for handling data reservations (bsc#1135481). - btrfs: add the data transaction commit logic into may_commit_transaction (bsc#1135481). - btrfs: call btrfs_try_granting_tickets when freeing reserved bytes (bsc#1135481). - btrfs: call btrfs_try_granting_tickets when reserving space (bsc#1135481). - btrfs: call btrfs_try_granting_tickets when unpinning anything (bsc#1135481). - btrfs: change nr to u64 in btrfs_start_delalloc_roots (bsc#1135481). - btrfs: check tickets after waiting on ordered extents (bsc#1135481). - btrfs: do async reclaim for data reservations (bsc#1135481). - btrfs: don't force commit if we are data (bsc#1135481). - btrfs: drop the commit_cycles stuff for data reservations (bsc#1135481). - btrfs: factor out create_chunk() (bsc#1189077). - btrfs: factor out decide_stripe_size() (bsc#1189077). - btrfs: factor out gather_device_info() (bsc#1189077). - btrfs: factor out init_alloc_chunk_ctl (bsc#1189077). - btrfs: fix deadlock with concurrent chunk allocations involving system chunks (bsc#1189077). - btrfs: fix possible infinite loop in data async reclaim (bsc#1135481). - btrfs: flush delayed refs when trying to reserve data space (bsc#1135481). - btrfs: handle U64_MAX for shrink_delalloc (bsc#1135481). - btrfs: handle invalid profile in chunk allocation (bsc#1189077). - btrfs: handle space_info::total_bytes_pinned inside the delayed ref itself (bsc#1135481). - btrfs: introduce alloc_chunk_ctl (bsc#1189077). - btrfs: introduce chunk allocation policy (bsc#1189077). - btrfs: make ALLOC_CHUNK use the space info flags (bsc#1135481). - btrfs: make shrink_delalloc take space_info as an arg (bsc#1135481). - btrfs: move the chunk_mutex in btrfs_read_chunk_tree (bsc#1189077). - btrfs: parameterize dev_extent_min for chunk allocation (bsc#1189077). - btrfs: refactor find_free_dev_extent_start() (bsc#1189077). - btrfs: remove orig from shrink_delalloc (bsc#1135481). - btrfs: rework chunk allocation to avoid exhaustion of the system chunk array (bsc#1189077). - btrfs: run delayed iputs before committing the transaction for data (bsc#1135481). - btrfs: serialize data reservations if we are flushing (bsc#1135481). - btrfs: shrink delalloc pages instead of full inodes (bsc#1135481). - btrfs: track ordered bytes instead of just dio ordered bytes (bsc#1135481). - btrfs: use btrfs_start_delalloc_roots in shrink_delalloc (bsc#1135481). - btrfs: use the btrfs_space_info_free_bytes_may_use helper for delalloc (bsc#1135481). - btrfs: use the same helper for data and metadata reservations (bsc#1135481). - btrfs: use ticketing for data space reservations (bsc#1135481). - can: ti_hecc: Fix memleak in ti_hecc_probe (git-fixes). - can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange of the CAN RX and TX error counters (git-fixes). - ceph: clean up and optimize ceph_check_delayed_caps() (bsc#1187468). - ceph: reduce contention in ceph_check_delayed_caps() (bsc#1187468). - ceph: take snap_empty_lock atomically with snaprealm refcount change (bsc#1189427). - cfg80211: Fix possible memory leak in function cfg80211_bss_update (git-fixes). - cgroup1: fix leaked context root causing sporadic NULL deref in LTP (bsc#1190181). - cgroup: verify that source is a string (bsc#1190131). - cifs: Remove unused inline function is_sysvol_or_netlogon() (bsc#1185902). - cifs: avoid starvation when refreshing dfs cache (bsc#1185902). - cifs: constify get_normalized_path() properly (bsc#1185902). - cifs: do not cargo-cult strndup() (bsc#1185902). - cifs: do not send tree disconnect to ipc shares (bsc#1185902). - cifs: do not share tcp servers with dfs mounts (bsc#1185902). - cifs: do not share tcp sessions of dfs connections (bsc#1185902). - cifs: fix check of dfs interlinks (bsc#1185902). - cifs: fix path comparison and hash calc (bsc#1185902). - cifs: get rid of @noreq param in __dfs_cache_find() (bsc#1185902). - cifs: handle different charsets in dfs cache (bsc#1185902). - cifs: keep referral server sessions alive (bsc#1185902). - cifs: missing null pointer check in cifs_mount (bsc#1185902). - cifs: prevent NULL deref in cifs_compose_mount_options() (bsc#1185902). - cifs: set a minimum of 2 minutes for refreshing dfs cache (bsc#1185902). - clk: fix leak on devm_clk_bulk_get_all() unwind (git-fixes). - clk: kirkwood: Fix a clocking boot regression (git-fixes). - clk: stm32f4: fix post divisor setup for I2S/SAI PLLs (git-fixes). - cpuidle: Allow idle states to be disabled by default (bsc#1175543) - cpuidle: Consolidate disabled state checks (bsc#1175543) - cpuidle: Drop disabled field from struct cpuidle_state (bsc#1175543) - cpuidle: Fix cpuidle_driver_state_disabled() (bsc#1175543) - cpuidle: Introduce cpuidle_driver_state_disabled() for driver quirks (bsc#1175543) - cpuidle: cpuidle_state kABI fix (bsc#1175543) - crypto: ccp - Annotate SEV Firmware file names (bsc#1189212). - crypto: qat - use proper type for vf_mask (git-fixes). - crypto: x86/curve25519 - fix cpu feature checking logic in mod_exit (git-fixes). - dm integrity: fix missing goto in bitmap_flush_interval error handling (git-fixes). - dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails (git-fixes). - dm verity: fix DM_VERITY_OPTS_MAX value (git-fixes). - dmaengine: imx-dma: configure the generic DMA type to make it work (git-fixes). - dmaengine: imx-sdma: remove duplicated sdma_load_context (git-fixes). - dmaengine: of-dma: router_xlate to return -EPROBE_DEFER if controller is not yet available (git-fixes). - dmaengine: usb-dmac: Fix PM reference leak in usb_dmac_probe() (git-fixes). - dmaengine: xilinx_dma: Fix read-after-free bug when terminating transfers (git-fixes). - drivers/block/null_blk/main: Fix a double free in null_init (git-fixes). - drm/amdgpu/acp: Make PM domain really work (git-fixes). - drm/msi/mdp4: populate priv->kms in mdp4_kms_init (git-fixes). - drm/msm/dpu: make dpu_hw_ctl_clear_all_blendstages clear necessary LMs (git-fixes). - drm/msm/dsi: Fix some reference counted resource leaks (git-fixes). - drm/nouveau/disp: power down unused DP links during init (git-fixes). - drm/panfrost: Fix missing clk_disable_unprepare() on error in panfrost_clk_init() (git-fixes). - drm: Copy drm_wait_vblank to user before returning (git-fixes). - ext4: cleanup in-core orphan list if ext4_truncate() failed to get a transaction handle (bsc#1189568). - ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit (bsc#1189564). - ext4: fix avefreec in find_group_orlov (bsc#1189566). - ext4: fix kernel infoleak via ext4_extent_header (bsc#1189562). - ext4: fix potential htree corruption when growing large_dir directories (bsc#1189576). - ext4: remove check for zero nr_to_scan in ext4_es_scan() (bsc#1189565). - ext4: return error code when ext4_fill_flex_info() fails (bsc#1189563). - ext4: use ext4_grp_locked_error in mb_find_extent (bsc#1189567). - fanotify: fix copy_event_to_user() fid error clean up (bsc#1189574). - firmware_loader: fix use-after-free in firmware_fallback_sysfs (git-fixes). - firmware_loader: use -ETIMEDOUT instead of -EAGAIN in fw_load_sysfs_fallback (git-fixes). - fpga: altera-freeze-bridge: Address warning about unused variable (git-fixes). - fpga: xiilnx-spi: Address warning about unused variable (git-fixes). - fpga: zynqmp-fpga: Address warning about unused variable (git-fixes). - gpio: eic-sprd: break loop when getting NULL device resource (git-fixes). - gpio: tqmx86: really make IRQ optional (git-fixes). - i2c: dev: zero out array used for i2c reads from userspace (git-fixes). - i2c: highlander: add IRQ check (git-fixes). - i2c: iop3xx: fix deferred probing (git-fixes). - i2c: mt65xx: fix IRQ check (git-fixes). - i2c: s3c2410: fix IRQ check (git-fixes). - iio: adc: Fix incorrect exit of for-loop (git-fixes). - iio: adc: ti-ads7950: Ensure CS is deasserted after reading channels (git-fixes). - iio: humidity: hdc100x: Add margin to the conversion time (git-fixes). - intel_idle: Add module parameter to prevent ACPI _CST from being used (bsc#1175543) - intel_idle: Allow ACPI _CST to be used for selected known processors (bsc#1175543) - intel_idle: Annotate init time data structures (bsc#1175543) - intel_idle: Customize IceLake server support (bsc#1175543) - intel_idle: Disable ACPI _CST on Haswell (bsc#1175543, bsc#1177399, bsc#1180347, bsc#1180141) - intel_idle: Fix max_cstate for processor models without C-state tables (bsc#1175543) - intel_idle: Ignore _CST if control cannot be taken from the platform (bsc#1175543) - intel_idle: Refactor intel_idle_cpuidle_driver_init() (bsc#1175543) - intel_idle: Use ACPI _CST for processor models without C-state tables (bsc#1175543) - intel_idle: Use ACPI _CST on server systems (bsc#1175543) - iommu/amd: Fix extended features logging (bsc#1189213). - iommu/arm-smmu-v3: Decrease the queue size of evtq and priq (bsc#1189210). - iommu/arm-smmu-v3: add bit field SFM into GERROR_ERR_MASK (bsc#1189209). - iommu/dma: Fix IOVA reserve dma ranges (bsc#1189214). - iommu/dma: Fix compile warning in 32-bit builds (bsc#1189229). - iommu/vt-d: Check for allocation failure in aux_detach_device() (bsc#1189215). - iommu/vt-d: Define counter explicitly as unsigned int (bsc#1189216). - iommu/vt-d: Do not set then clear private data in prq_event_thread() (bsc#1189217). - iommu/vt-d: Fix sysfs leak in alloc_iommu() (bsc#1189218). - iommu/vt-d: Force to flush iotlb before creating superpage (bsc#1189219). - iommu/vt-d: Global devTLB flush when present context entry changed (bsc#1189220). - iommu/vt-d: Invalidate PASID cache when root/context entry changed (bsc#1189221). - iommu/vt-d: Reject unsupported page request modes (bsc#1189222). - iwlwifi: rs-fw: do not support stbc for HE 160 (git-fixes). - kABI fix of usb_dcd_config_params (git-fixes). - kABI: Fix kABI after fixing vcpu-id indexed arrays (git-fixes). - kabi fix for NFSv4.1: Do not rebind to the same source port when reconnecting to the server (bnc#1186264 bnc#1189021) - kabi fix for SUNRPC: defer slow parts of rpc_free_client() to a workqueue (bsc#1168202 bsc#1188924). - kernel, fs: Introduce and use set_restart_fn() and arch_set_restart_data() (bsc#1189153). - lib/mpi: use kcalloc in mpi_resize (git-fixes). - libata: fix ata_pio_sector for CONFIG_HIGHMEM (git-fixes). - mac80211: Fix insufficient headroom issue for AMSDU (git-fixes). - mailbox: sti: quieten kernel-doc warnings (git-fixes). - md/raid10: properly indicate failure when ending a failed write request (git-fixes). - media: TDA1997x: enable EDID support (git-fixes). - media: cxd2880-spi: Fix an error handling path (git-fixes). - media: drivers/media/usb: fix memory leak in zr364xx_probe (git-fixes). - media: dvb-usb: Fix error handling in dvb_usb_i2c_init (git-fixes). - media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init (git-fixes). - media: dvb-usb: fix uninit-value in vp702x_read_mac_addr (git-fixes). - media: em28xx-input: fix refcount bug in em28xx_usb_disconnect (git-fixes). - media: go7007: fix memory leak in go7007_usb_probe (git-fixes). - media: go7007: remove redundant initialization (git-fixes). - media: rtl28xxu: fix zero-length control request (git-fixes). - media: stkwebcam: fix memory leak in stk_camera_probe (git-fixes). - media: venus: venc: Fix potential null pointer dereference on pointer fmt (git-fixes). - media: videobuf2-core: dequeue if start_streaming fails (git-fixes). - media: zr364xx: fix memory leaks in probe() (git-fixes). - media: zr364xx: propagate errors from zr364xx_start_readpipe() (git-fixes). - memcg: enable accounting for file lock caches (bsc#1190115). - misc: atmel-ssc: lock with mutex instead of spinlock (git-fixes). - misc: rtsx: do not setting OC_POWER_DOWN reg in rtsx_pci_init_ocp() (git-fixes). - mm, vmscan: guarantee drop_slab_node() termination (VM Functionality, bsc#1189301). - mm/thp: unmap_mapping_page() to fix THP truncate_cleanup_page() (bsc#1189569). - mm: swap: properly update readahead statistics in unuse_pte_range() (bsc#1187619). - mmc: dw_mmc: Fix hang on data CRC error (git-fixes). - mmc: dw_mmc: Fix issue with uninitialized dma_slave_config (git-fixes). - mmc: moxart: Fix issue with uninitialized dma_slave_config (git-fixes). - mmc: sdhci-iproc: Cap min clock frequency on BCM2711 (git-fixes). - mmc: sdhci-iproc: Set SDHCI_QUIRK_CAP_CLOCK_BASE_BROKEN on BCM2711 (git-fixes). - mtd: cfi_cmdset_0002: fix crash when erasing/writing AMD cards (git-fixes). - mtd: rawnand: cafe: Fix a resource leak in the error handling path of 'cafe_nand_probe()' (git-fixes). - nbd: Aovid double completion of a request (git-fixes). - nbd: Fix NULL pointer in flush_workqueue (git-fixes). - nbd: do not update block size after device is started (git-fixes). - net/mlx5: Properly convey driver version to firmware (git-fixes). - net: dsa: mv88e6xxx: Avoid VTU corruption on 6097 (git-fixes). - net: dsa: mv88e6xxx: also read STU state in mv88e6250_g1_vtu_getnext (git-fixes). - net: stmmac: free tx skb buffer in stmmac_resume() (git-fixes). - nfs: fix acl memory leak of posix_acl_create() (git-fixes). - nvme-multipath: revalidate paths during rescan (bsc#1187211) - nvme-pci: Use u32 for nvme_dev.q_depth and nvme_queue.q_depth (bsc#1181972). - nvme-pci: fix NULL req in completion handler (bsc#1181972). - nvme-pci: limit maximum queue depth to 4095 (bsc#1181972). - nvme-pci: use unsigned for io queue depth (bsc#1181972). - nvme-tcp: Do not reset transport on data digest errors (bsc#1188418). - nvme-tcp: do not check blk_mq_tag_to_rq when receiving pdu data (bsc#1181972). - nvme: avoid possible double fetch in handling CQE (bsc#1181972). - nvme: code command_id with a genctr for use-after-free validation (bsc#1181972). - nvme: only call synchronize_srcu when clearing current path (bsc#1188067). - nvmet: use NVMET_MAX_NAMESPACES to set nn value (bsc#1189384). - ocfs2: fix snprintf() checking (bsc#1189581). - ocfs2: fix zero out valid data (bsc#1189579). - ocfs2: initialize ip_next_orphan (bsc#1186731). - ocfs2: issue zeroout to EOF blocks (bsc#1189582). - ocfs2: ocfs2_downconvert_lock failure results in deadlock (bsc#1188439). - overflow: Correct check_shl_overflow() comment (git-fixes). - ovl: allow upperdir inside lowerdir (bsc#1189323). - ovl: expand warning in ovl_d_real() (bsc#1189323). - ovl: fix missing revert_creds() on error path (bsc#1189323). - ovl: perform vfs_getxattr() with mounter creds (bsc#1189323). - ovl: skip getxattr of security labels (bsc#1189323). - params: lift param_set_uint_minmax to common code (bsc#1181972). - pcmcia: i82092: fix a null pointer dereference bug (git-fixes). - pinctrl: samsung: Fix pinctrl bank pin count (git-fixes). - pinctrl: single: Fix error return code in pcs_parse_bits_in_pinctrl_entry() (git-fixes). - pinctrl: stmfx: Fix hazardous u8[] to unsigned long cast (git-fixes). - platform/x86: pcengines-apuv2: Add missing terminating entries to gpio-lookup tables (git-fixes). - power: supply: max17042: handle fails of reading status register (git-fixes). - powerpc/papr_scm: Make 'perf_stats' invisible if perf-stats unavailable (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769 git-fixes). - powerpc/papr_scm: Reduce error severity if nvdimm stats inaccessible (bsc#1189197 ltc#193906). - powerpc/pseries: Fix regression while building external modules (bsc#1160010 ltc#183046 git-fixes). - powerpc/pseries: Fix update of LPAR security flavor after LPM (bsc#1188885 ltc#193722 git-fixes) - powerpc: Fix is_kvm_guest() / kvm_para_available() (bsc#1181148 ltc#190702 git-fixes). - regulator: rt5033: Fix n_voltages settings for BUCK and LDO (git-fixes). - regulator: vctrl: Avoid lockdep warning in enable/disable ops (git-fixes). - regulator: vctrl: Use locked regulator_get_voltage in probe path (git-fixes). - rpm/kernel-obs-build.spec.in: make builds reproducible (bsc#1189305) - rpm: Abolish image suffix (bsc#1189841). - rpm: Define $certs as rpm macro (bsc#1189841). - rpm: Fold kernel-devel and kernel-source scriptlets into spec files (bsc#1189841). - rpm: kernel-binary.spec: Define $image as rpm macro (bsc#1189841). - rpm: support gz and zst compression methods Extend commit 18fcdff43a00 ('rpm: support compressed modules') for compression methods other than xz. - rq-qos: fix missed wake-ups in rq_qos_throttle try two (bsc#1189575). - rsi: fix an error code in rsi_probe() (git-fixes). - rsi: fix error code in rsi_load_9116_firmware() (git-fixes). - s390/ap: Fix hanging ioctl caused by wrong msg counter (bsc#1188982 LTC#193817). - s390/boot: fix use of expolines in the DMA code (bsc#1188878 ltc#193771). - sched/fair: Correctly insert cfs_rq's to list on unthrottle (git-fixes) - sched/rt: Fix RT utilization tracking during policy change (git-fixes) - scsi: blkcg: Add app identifier support for blkcg (bsc#1189385 jsc#SLE-18970). - scsi: blkcg: Fix application ID config options (bsc#1189385 jsc#SLE-18970). - scsi: cgroup: Add cgroup_get_from_id() (bsc#1189385 jsc#SLE-18970). - scsi: core: Add scsi_prot_ref_tag() helper (bsc#1189392). - scsi: ibmvfc: Do not wait for initial device scan (bsc#1127650). - scsi: libfc: Fix array index out of bound exception (bsc#1188616). - scsi: lpfc: Add 256 Gb link speed support (bsc#1189385). - scsi: lpfc: Add PCI ID support for LPe37000/LPe38000 series adapters (bsc#1189385). - scsi: lpfc: Call discovery state machine when handling PLOGI/ADISC completions (bsc#1189385). - scsi: lpfc: Clear outstanding active mailbox during PCI function reset (bsc#1189385). - scsi: lpfc: Copyright updates for 12.8.0.11 patches (bsc#1189385). - scsi: lpfc: Copyright updates for 14.0.0.0 patches (bsc#1189385). - scsi: lpfc: Delay unregistering from transport until GIDFT or ADISC completes (bsc#1189385). - scsi: lpfc: Discovery state machine fixes for LOGO handling (bsc#1189385). - scsi: lpfc: Enable adisc discovery after RSCN by default (bsc#1189385). - scsi: lpfc: Fix KASAN slab-out-of-bounds in lpfc_unreg_rpi() routine (bsc#1189385). - scsi: lpfc: Fix NULL ptr dereference with NPIV ports for RDF handling (bsc#1189385). - scsi: lpfc: Fix NVMe support reporting in log message (bsc#1189385). - scsi: lpfc: Fix build error in lpfc_scsi.c (bsc#1189385). - scsi: lpfc: Fix cq_id truncation in rq create (bsc#1189385). - scsi: lpfc: Fix function description comments for vmid routines (bsc#1189385). - scsi: lpfc: Fix memory leaks in error paths while issuing ELS RDF/SCR request (bsc#1189385). - scsi: lpfc: Fix possible ABBA deadlock in nvmet_xri_aborted() (bsc#1189385). - scsi: lpfc: Fix target reset handler from falsely returning FAILURE (bsc#1189385). - scsi: lpfc: Improve firmware download logging (bsc#1189385). - scsi: lpfc: Keep NDLP reference until after freeing the IOCB after ELS handling (bsc#1189385). - scsi: lpfc: Move initialization of phba->poll_list earlier to avoid crash (git-fixes). - scsi: lpfc: Remove REG_LOGIN check requirement to issue an ELS RDF (bsc#1189385). - scsi: lpfc: Remove redundant assignment to pointer pcmd (bsc#1189385). - scsi: lpfc: Remove redundant assignment to pointer temp_hdr (bsc#1189385). - scsi: lpfc: Remove use of kmalloc() in trace event logging (bsc#1189385). - scsi: lpfc: Revise Topology and RAS support checks for new adapters (bsc#1189385). - scsi: lpfc: Skip issuing ADISC when node is in NPR state (bsc#1189385). - scsi: lpfc: Skip reg_vpi when link is down for SLI3 in ADISC cmpl path (bsc#1189385). - scsi: lpfc: Update lpfc version to 12.8.0.11 (bsc#1189385). - scsi: lpfc: Update lpfc version to 14.0.0.0 (bsc#1189385). - scsi: lpfc: Use PBDE feature enabled bit to determine PBDE support (bsc#1189385). - scsi: lpfc: Use list_move_tail() instead of list_del()/list_add_tail() (bsc#1189385). - scsi: lpfc: vmid: Add QFPA and VMID timeout check in worker thread (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Add datastructure for supporting VMID in lpfc (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Add support for VMID in mailbox command (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Append the VMID to the wqe before sending (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Functions to manage VMIDs (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Implement CT commands for appid (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Implement ELS commands for appid (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Introduce VMID in I/O path (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Timeout implementation for VMID (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: VMID parameter initialization (bsc#1189385 jsc#SLE-18970). - scsi: qla2xxx: Add heartbeat check (bsc#1189392). - scsi: qla2xxx: Fix error return code in qla82xx_write_flash_dword() (bsc#1189392). - scsi: qla2xxx: Fix spelling mistakes 'allloc' -> 'alloc' (bsc#1189392). - scsi: qla2xxx: Fix use after free in debug code (bsc#1189392). - scsi: qla2xxx: Log PCI address in qla_nvme_unregister_remote_port() (bsc#1189392). - scsi: qla2xxx: Remove duplicate declarations (bsc#1189392). - scsi: qla2xxx: Remove redundant assignment to rval (bsc#1189392). - scsi: qla2xxx: Remove redundant continue statement in a for-loop (bsc#1189392). - scsi: qla2xxx: Remove redundant initialization of variable num_cnt (bsc#1189392). - scsi: qla2xxx: Remove unused variable 'status' (bsc#1189392). - scsi: qla2xxx: Update version to 10.02.00.107-k (bsc#1189392). - scsi: qla2xxx: Use list_move_tail() instead of list_del()/list_add_tail() (bsc#1189392). - scsi: qla2xxx: Use the proper SCSI midlayer interfaces for PI (bsc#1189392). - scsi: qla2xxx: edif: Add authentication pass + fail bsgs (bsc#1189392). - scsi: qla2xxx: edif: Add detection of secure device (bsc#1189392). - scsi: qla2xxx: edif: Add doorbell notification for app (bsc#1189392). - scsi: qla2xxx: edif: Add encryption to I/O path (bsc#1189392). - scsi: qla2xxx: edif: Add extraction of auth_els from the wire (bsc#1189392). - scsi: qla2xxx: edif: Add getfcinfo and statistic bsgs (bsc#1189392). - scsi: qla2xxx: edif: Add key update (bsc#1189392). - scsi: qla2xxx: edif: Add send, receive, and accept for auth_els (bsc#1189392). - scsi: qla2xxx: edif: Add start + stop bsgs (bsc#1189392). - scsi: qla2xxx: edif: Increment command and completion counts (bsc#1189392). - scsi: scsi_transport_srp: Do not block target in SRP_PORT_LOST state (bsc#1184180). - scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal (bsc#1189392). - scsi: zfcp: Report port fc_security as unknown early during remote cable pull (git-fixes). - serial: 8250: Mask out floating 16/32-bit bus bits (git-fixes). - serial: 8250_mtk: fix uart corruption issue when rx power off (git-fixes). - serial: tegra: Only print FIFO error message when an error occurs (git-fixes). - slimbus: messaging: check for valid transaction id (git-fixes). - slimbus: messaging: start transaction ids from 1 instead of zero (git-fixes). - slimbus: ngd: reset dma setup during runtime pm (git-fixes). - soc: aspeed: lpc-ctrl: Fix boundary check for mmap (git-fixes). - soc: aspeed: p2a-ctrl: Fix boundary check for mmap (git-fixes). - soc: ixp4xx/qmgr: fix invalid __iomem access (git-fixes). - soc: ixp4xx: fix printing resources (git-fixes). - soc: qcom: rpmhpd: Use corner in power_off (git-fixes). - soc: qcom: smsm: Fix missed interrupts if state changes while masked (git-fixes). - spi: imx: mx51-ecspi: Fix CONFIGREG delay comment (git-fixes). - spi: imx: mx51-ecspi: Fix low-speed CONFIGREG delay calculation (git-fixes). - spi: imx: mx51-ecspi: Reinstate low-speed CONFIGREG delay (git-fixes). - spi: mediatek: Fix fifo transfer (git-fixes). - spi: meson-spicc: fix memory leak in meson_spicc_remove (git-fixes). - spi: spi-fsl-dspi: Fix issue with uninitialized dma_slave_config (git-fixes). - spi: spi-pic32: Fix issue with uninitialized dma_slave_config (git-fixes). - spi: sprd: Fix the wrong WDG_LOAD_VAL (git-fixes). - spi: stm32h7: fix full duplex irq handler handling (git-fixes). - staging: rtl8192u: Fix bitwise vs logical operator in TranslateRxSignalStuff819xUsb() (git-fixes). - staging: rtl8712: get rid of flush_scheduled_work (git-fixes). - staging: rtl8723bs: Fix a resource leak in sd_int_dpc (git-fixes). - tracing / histogram: Fix NULL pointer dereference on strcmp() on NULL event name (git-fixes). - tracing / histogram: Give calculation hist_fields a size (git-fixes). - tracing: Reject string operand in the histogram expression (git-fixes). - tty: serial: fsl_lpuart: fix the wrong mapbase value (git-fixes). - ubifs: Fix error return code in alloc_wbufs() (bsc#1189585). - ubifs: Fix memleak in ubifs_init_authentication (bsc#1189583). - ubifs: Only check replay with inode type to judge if inode linked (bsc#1187455). - ubifs: Set/Clear I_LINKABLE under i_lock for whiteout inode (bsc#1189587). - ubifs: journal: Fix error return code in ubifs_jnl_write_inode() (bsc#1189586). - usb: bdc: Fix an error handling path in 'bdc_probe()' when no suitable DMA config is available (git-fixes). - usb: dwc2: Postponed gadget registration to the udc class driver (git-fixes). - usb: dwc3: Add support for DWC_usb32 IP (git-fixes). - usb: dwc3: Disable phy suspend after power-on reset (git-fixes). - usb: dwc3: Separate field holding multiple properties (git-fixes). - usb: dwc3: Stop active transfers before halting the controller (git-fixes). - usb: dwc3: Use clk_bulk_prepare_enable() (git-fixes). - usb: dwc3: Use devres to get clocks (git-fixes). - usb: dwc3: core: Properly default unspecified speed (git-fixes). - usb: dwc3: core: do not do suspend for device mode if already suspended (git-fixes). - usb: dwc3: debug: Remove newline printout (git-fixes). - usb: dwc3: gadget: Check MPS of the request length (git-fixes). - usb: dwc3: gadget: Clear DCTL.ULSTCHNGREQ before set (git-fixes). - usb: dwc3: gadget: Clear DEP flags after stop transfers in ep disable (git-fixes). - usb: dwc3: gadget: Disable gadget IRQ during pullup disable (git-fixes). - usb: dwc3: gadget: Do not send unintended link state change (git-fixes). - usb: dwc3: gadget: Do not setup more than requested (git-fixes). - usb: dwc3: gadget: Fix dwc3_calc_trbs_left() (git-fixes). - usb: dwc3: gadget: Fix handling ZLP (git-fixes). - usb: dwc3: gadget: Give back staled requests (git-fixes). - usb: dwc3: gadget: Handle ZLP for sg requests (git-fixes). - usb: dwc3: gadget: Prevent EP queuing while stopping transfers (git-fixes). - usb: dwc3: gadget: Properly track pending and queued SG (git-fixes). - usb: dwc3: gadget: Restart DWC3 gadget when enabling pullup (git-fixes). - usb: dwc3: gadget: Set BESL config parameter (git-fixes). - usb: dwc3: gadget: Set link state to RX_Detect on disconnect (git-fixes). - usb: dwc3: gadget: Stop EP0 transfers during pullup disable (git-fixes). - usb: dwc3: gadget: Workaround Mirosoft's BESL check (git-fixes). - usb: dwc3: meson-g12a: add IRQ check (git-fixes). - usb: dwc3: meson-g12a: check return of dwc3_meson_g12a_usb_init (git-fixes). - usb: dwc3: of-simple: add a shutdown (git-fixes). - usb: dwc3: st: Add of_dev_put() in probe function (git-fixes). - usb: dwc3: st: Add of_node_put() before return in probe function (git-fixes). - usb: dwc3: support continuous runtime PM with dual role (git-fixes). - usb: ehci-orion: Handle errors of clk_prepare_enable() in probe (git-fixes). - usb: gadget: Export recommended BESL values (git-fixes). - usb: gadget: f_hid: added GET_IDLE and SET_IDLE handlers (git-fixes). - usb: gadget: f_hid: fixed NULL pointer dereference (git-fixes). - usb: gadget: f_hid: idle uses the highest byte for duration (git-fixes). - usb: gadget: mv_u3d: request_irq() after initializing UDC (git-fixes). - usb: gadget: udc: at91: add IRQ check (git-fixes). - usb: gadget: udc: renesas_usb3: Fix soc_device_match() abuse (git-fixes). - usb: host: ohci-tmio: add IRQ check (git-fixes). - usb: host: xhci-rcar: Do not reload firmware after the completion (git-fixes). - usb: mtu3: fix the wrong HS mult value (git-fixes). - usb: mtu3: use @mult for HS isoc or intr (git-fixes). - usb: phy: fsl-usb: add IRQ check (git-fixes). - usb: phy: tahvo: add IRQ check (git-fixes). - usb: phy: twl6030: add IRQ checks (git-fixes). - virt_wifi: fix error on connect (git-fixes). - virtio_pci: Support surprise removal of virtio pci device (git-fixes). - wireguard: allowedips: allocate nodes in kmem_cache (git-fixes). - wireguard: allowedips: free empty intermediate nodes when removing single node (git-fixes). - wireguard: allowedips: remove nodes in O(1) (git-fixes). - writeback: fix obtain a reference to a freeing memcg css (bsc#1189577). - x86/fpu: Limit xstate copy size in xstateregs_set() (bsc#1152489). - x86/fpu: Make init_fpstate correct with optimized XSAVE (bsc#1152489). - x86/fpu: Reset state for all signal restore failures (bsc#1152489). - x86/kvm: fix vcpu-id indexed array sizes (git-fixes). - x86/signal: Detect and prevent an alternate signal stack overflow (bsc#1152489). - xen/events: Fix race in set_evtchn_to_irq (git-fixes). - xprtrdma: Pad optimization, revisited (bsc#1189760). Important SUSE bug 1040364 SUSE bug 1127650 SUSE bug 1135481 SUSE bug 1152489 SUSE bug 1160010 SUSE bug 1167032 SUSE bug 1168202 SUSE bug 1174969 SUSE bug 1175052 SUSE bug 1175543 SUSE bug 1177399 SUSE bug 1180141 SUSE bug 1180347 SUSE bug 1181148 SUSE bug 1181972 SUSE bug 1184114 SUSE bug 1184180 SUSE bug 1185675 SUSE bug 1185902 SUSE bug 1186264 SUSE bug 1186731 SUSE bug 1187211 SUSE bug 1187455 SUSE bug 1187468 SUSE bug 1187619 SUSE bug 1188067 SUSE bug 1188172 SUSE bug 1188418 SUSE bug 1188439 SUSE bug 1188616 SUSE bug 1188780 SUSE bug 1188781 SUSE bug 1188782 SUSE bug 1188783 SUSE bug 1188784 SUSE bug 1188786 SUSE bug 1188787 SUSE bug 1188788 SUSE bug 1188790 SUSE bug 1188878 SUSE bug 1188885 SUSE bug 1188924 SUSE bug 1188982 SUSE bug 1188983 SUSE bug 1188985 SUSE bug 1189021 SUSE bug 1189057 SUSE bug 1189077 SUSE bug 1189153 SUSE bug 1189197 SUSE bug 1189209 SUSE bug 1189210 SUSE bug 1189212 SUSE bug 1189213 SUSE bug 1189214 SUSE bug 1189215 SUSE bug 1189216 SUSE bug 1189217 SUSE bug 1189218 SUSE bug 1189219 SUSE bug 1189220 SUSE bug 1189221 SUSE bug 1189222 SUSE bug 1189229 SUSE bug 1189262 SUSE bug 1189291 SUSE bug 1189292 SUSE bug 1189298 SUSE bug 1189301 SUSE bug 1189305 SUSE bug 1189323 SUSE bug 1189384 SUSE bug 1189385 SUSE bug 1189392 SUSE bug 1189399 SUSE bug 1189400 SUSE bug 1189427 SUSE bug 1189449 SUSE bug 1189503 SUSE bug 1189504 SUSE bug 1189505 SUSE bug 1189506 SUSE bug 1189507 SUSE bug 1189562 SUSE bug 1189563 SUSE bug 1189564 SUSE bug 1189565 SUSE bug 1189566 SUSE bug 1189567 SUSE bug 1189568 SUSE bug 1189569 SUSE bug 1189573 SUSE bug 1189574 SUSE bug 1189575 SUSE bug 1189576 SUSE bug 1189577 SUSE bug 1189579 SUSE bug 1189581 SUSE bug 1189582 SUSE bug 1189583 SUSE bug 1189585 SUSE bug 1189586 SUSE bug 1189587 SUSE bug 1189706 SUSE bug 1189760 SUSE bug 1189832 SUSE bug 1189841 SUSE bug 1189870 SUSE bug 1189883 SUSE bug 1190025 SUSE bug 1190115 SUSE bug 1190117 SUSE bug 1190131 SUSE bug 1190181 CVE-2021-34556 at SUSE CVE-2021-34556 at NVD CVE-2021-35477 at SUSE CVE-2021-35477 at NVD CVE-2021-3640 at SUSE CVE-2021-3640 at NVD CVE-2021-3653 at SUSE CVE-2021-3653 at NVD CVE-2021-3656 at SUSE CVE-2021-3656 at NVD CVE-2021-3679 at SUSE CVE-2021-3679 at NVD CVE-2021-3732 at SUSE CVE-2021-3732 at NVD CVE-2021-3739 at SUSE CVE-2021-3739 at NVD CVE-2021-3743 at SUSE CVE-2021-3743 at NVD CVE-2021-3753 at SUSE CVE-2021-3753 at NVD CVE-2021-3759 at SUSE CVE-2021-3759 at NVD CVE-2021-38160 at SUSE CVE-2021-38160 at NVD CVE-2021-38198 at SUSE CVE-2021-38198 at NVD CVE-2021-38204 at SUSE CVE-2021-38204 at NVD CVE-2021-38205 at SUSE CVE-2021-38205 at NVD CVE-2021-38207 at SUSE CVE-2021-38207 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for hivex fixes the following issues: - CVE-2021-3622: Fixed stack overflow due to recursive call of _get_children() (bsc#1189060). Moderate SUSE bug 1189060 CVE-2021-3622 at SUSE CVE-2021-3622 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3759: Unaccounted ipc objects in Linux kernel could have lead to breaking memcg limits and DoS attacks (bsc#1190115). - CVE-2021-38160: Data corruption or loss could be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c (bsc#1190117) - CVE-2021-3640: Fixed a Use-After-Free vulnerability in function sco_sock_sendmsg() in the bluetooth stack (bsc#1188172). - CVE-2021-3753: Fixed race out-of-bounds in virtual terminal handling (bsc#1190025). - CVE-2021-3743: Fixed OOB Read in qrtr_endpoint_post (bsc#1189883). - CVE-2021-3739: Fixed a NULL pointer dereference when deleting device by invalid id (bsc#1189832 ). - CVE-2021-3732: Mounting overlayfs inside an unprivileged user namespace can reveal files (bsc#1189706). - CVE-2021-3653: Missing validation of the `int_ctl` VMCB field and allows a malicious L1 guest to enable AVIC support for the L2 guest. (bsc#1189399). - CVE-2021-3656: Missing validation of the the `virt_ext` VMCB field and allows a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS for the L2 guest (bsc#1189400). - CVE-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault (bnc#1189262). - CVE-2021-38207: drivers/net/ethernet/xilinx/ll_temac_main.c allowed remote attackers to cause a denial of service (buffer overflow and lockup) by sending heavy network traffic for about ten minutes (bnc#1189298). - CVE-2021-38205: drivers/net/ethernet/xilinx/xilinx_emaclite.c made it easier for attackers to defeat an ASLR protection mechanism because it prints a kernel pointer (i.e., the real IOMEM pointer) (bnc#1189292). - CVE-2021-38204: drivers/usb/host/max3421-hcd.c allowed physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations (bnc#1189291). - CVE-2021-3679: A lack of CPU resource in tracing module functionality was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service (bnc#1189057). - CVE-2021-34556: Fixed side-channel attack via a Speculative Store Bypass via unprivileged BPF program that could have obtain sensitive information from kernel memory (bsc#1188983). - CVE-2021-35477: Fixed BPF stack frame pointer which could have been abused to disclose content of arbitrary kernel memory (bsc#1188985). The following non-security bugs were fixed: - ACPI: NFIT: Fix support for virtual SPA ranges (git-fixes). - ACPI: processor: Clean up acpi_processor_evaluate_cst() (bsc#1175543) - ACPI: processor: Export acpi_processor_evaluate_cst() (bsc#1175543) - ACPI: processor: Export function to claim _CST control (bsc#1175543) - ACPI: processor: Introduce acpi_processor_evaluate_cst() (bsc#1175543) - ACPI: processor: Make ACPI_PROCESSOR_CSTATE depend on ACPI_PROCESSOR (bsc#1175543) - ALSA: hda - fix the 'Capture Switch' value change notifications (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9510 laptop (git-fixes). - ALSA: hda/realtek: Fix headset mic for Acer SWIFT SF314-56 (ALC256) (git-fixes). - ALSA: hda/realtek: add mic quirk for Acer SF314-42 (git-fixes). - ALSA: hda/via: Apply runtime PM workaround for ASUS B23E (git-fixes). - ALSA: hda: Add quirk for ASUS Flow x13 (git-fixes). - ALSA: pcm: fix divide error in snd_pcm_lib_ioctl (git-fixes). - ALSA: seq: Fix racy deletion of subscriber (git-fixes). - ALSA: usb-audio: Add registration quirk for JBL Quantum 600 (git-fixes). - ALSA: usb-audio: Fix regression on Sony WALKMAN NW-A45 DAC (git-fixes). - ALSA: usb-audio: Fix superfluous autosuspend recovery (git-fixes). - ALSA: usb-audio: fix incorrect clock source setting (git-fixes). - ASoC: Intel: Skylake: Leave data as is when invoking TLV IPCs (git-fixes). - ASoC: cs42l42: Correct definition of ADC Volume control (git-fixes). - ASoC: cs42l42: Do not allow SND_SOC_DAIFMT_LEFT_J (git-fixes). - ASoC: cs42l42: Fix LRCLK frame start edge (git-fixes). - ASoC: cs42l42: Fix inversion of ADC Notch Switch control (git-fixes). - ASoC: cs42l42: Remove duplicate control for WNF filter frequency (git-fixes). - ASoC: intel: atom: Fix breakage for PCM buffer address setup (git-fixes). - ASoC: intel: atom: Fix reference to PCM buffer address (git-fixes). - ASoC: ti: delete some dead code in omap_abe_probe() (git-fixes). - ASoC: tlv320aic31xx: Fix jack detection after suspend (git-fixes). - ASoC: tlv320aic31xx: fix reversed bclk/wclk master bits (git-fixes). - ASoC: wcd9335: Disable irq on slave ports in the remove function (git-fixes). - ASoC: wcd9335: Fix a double irq free in the remove function (git-fixes). - ASoC: wcd9335: Fix a memory leak in the error handling path of the probe function (git-fixes). - ASoC: xilinx: Fix reference to PCM buffer address (git-fixes). - Bluetooth: add timeout sanity check to hci_inquiry (git-fixes). - Bluetooth: defer cleanup of resources in hci_unregister_dev() (git-fixes). - Bluetooth: fix repeated calls to sco_sock_kill (git-fixes). - Bluetooth: hidp: use correct wait queue when removing ctrl_wait (git-fixes). - Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow (git-fixes). - Bluetooth: sco: prevent information leak in sco_conn_defer_accept() (git-fixes). - Documentation: admin-guide: PM: Add intel_idle document (bsc#1175543) - Drop watchdog iTCO_wdt patch that causes incompatible behavior (bsc#1189449) Also blacklisted - Fix breakage of swap over NFS (bsc#1188924). - Fix kabi of prepare_to_wait_exclusive() (bsc#1189575). - HID: i2c-hid: Fix Elan touchpad regression (git-fixes). - HID: input: do not report stylus battery state as 'full' (git-fixes). - KVM: VMX: Drop guest CPUID check for VMXE in vmx_set_cr4() (bsc#1188786). - KVM: VMX: Enable machine check support for 32bit targets (bsc#1188787). - KVM: VMX: Explicitly clear RFLAGS.CF and RFLAGS.ZF in VM-Exit RSB path (bsc#1188788). - KVM: nVMX: Really make emulated nested preemption timer pinned (bsc#1188780). - KVM: nVMX: Reset the segment cache when stuffing guest segs (bsc#1188781). - KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02 (bsc#1188782). - KVM: nVMX: Sync unsync'd vmcs02 state to vmcs12 on migration (bsc#1188783). - KVM: nVMX: Truncate bits 63:32 of VMCS field on nested check in !64-bit (bsc#1188784). - KVM: x86: bit 8 of non-leaf PDPEs is not reserved (bsc#1188790). - Move upstreamed BT fixes into sorted section - NFS: Correct size calculation for create reply length (bsc#1189870). - NFSv4.1: Do not rebind to the same source port when (bnc#1186264 bnc#1189021) - NFSv4/pNFS: Do not call _nfs4_pnfs_v3_ds_connect multiple times (git-fixes). - NFSv4: Initialise connection to the server in nfs4_alloc_client() (bsc#1040364). - PCI/MSI: Correct misleading comments (git-fixes). - PCI/MSI: Do not set invalid bits in MSI mask (git-fixes). - PCI/MSI: Enable and mask MSI-X early (git-fixes). - PCI/MSI: Enforce MSI[X] entry updates to be visible (git-fixes). - PCI/MSI: Enforce that MSI-X table entry is masked for update (git-fixes). - PCI/MSI: Mask all unused MSI-X entries (git-fixes). - PCI/MSI: Skip masking MSI-X on Xen PV (git-fixes). - PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown() (git-fixes). - PCI: Increase D3 delay for AMD Renoir/Cezanne XHCI (git-fixes). - PCI: PM: Avoid forcing PCI_D0 for wakeup reasons inconsistently (git-fixes). - PCI: PM: Enable PME if it can be signaled from D3cold (git-fixes). - README: Modernize build instructions. - Revert 'ACPICA: Fix memory leak caused by _CID repair function' (git-fixes). - Revert 'USB: serial: ch341: fix character loss at high transfer rates' (git-fixes). - Revert 'dmaengine: imx-sdma: refine to load context only once' (git-fixes). - Revert 'gpio: eic-sprd: Use devm_platform_ioremap_resource()' (git-fixes). - Revert 'mmc: sdhci-iproc: Set SDHCI_QUIRK_CAP_CLOCK_BASE_BROKEN on BCM2711' (git-fixes). - SUNRPC: 'Directory with parent 'rpc_clnt' already present!' (bsc#1168202 bsc#1188924). - SUNRPC: Fix the batch tasks count wraparound (git-fixes). - SUNRPC: Should wake up the privileged task firstly (git-fixes). - SUNRPC: defer slow parts of rpc_free_client() to a workqueue (bsc#1168202 bsc#1188924). - SUNRPC: fix use-after-free in rpc_free_client_work() (bsc#1168202 bsc#1188924). - SUNRPC: prevent port reuse on transports which do not request it (bnc#1186264 bnc#1189021). - USB: core: Avoid WARNings for 0-length descriptor requests (git-fixes). - USB: serial: ch341: fix character loss at high transfer rates (git-fixes). - USB: serial: ftdi_sio: add device ID for Auto-M3 OP-COM v2 (git-fixes). - USB: serial: option: add Telit FD980 composition 0x1056 (git-fixes). - USB: serial: option: add new VID/PID to support Fibocom FG150 (git-fixes). - USB: usbtmc: Fix RCU stall warning (git-fixes). - USB:ehci:fix Kunpeng920 ehci hardware problem (git-fixes). - Update patches.suse/ibmvnic-Allow-device-probe-if-the-device-is-not-read.patch (bsc#1167032 ltc#184087 bsc#1184114 ltc#192237). - VMCI: fix NULL pointer dereference when unmapping queue pair (git-fixes). - ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point() (git-fixes). - ath9k: Clear key cache explicitly on disabling hardware (git-fixes). - ath: Use safer key clearing with key cache entries (git-fixes). - bcma: Fix memory leak for internally-handled cores (git-fixes). - bdi: Do not use freezable workqueue (bsc#1189573). - blk-iolatency: error out if blk_get_queue() failed in iolatency_set_limit() (bsc#1189507). - blk-mq-sched: Fix blk_mq_sched_alloc_tags() error handling (bsc#1189506). - blk-wbt: introduce a new disable state to prevent false positive by rwb_enabled() (bsc#1189503). - blk-wbt: make sure throttle is enabled properly (bsc#1189504). - block: fix trace completion for chained bio (bsc#1189505). - brcmfmac: pcie: fix oops on failure to resume and reprobe (git-fixes). - btrfs: Rename __btrfs_alloc_chunk to btrfs_alloc_chunk (bsc#1189077). - btrfs: account for new extents being deleted in total_bytes_pinned (bsc#1135481). - btrfs: add a comment explaining the data flush steps (bsc#1135481). - btrfs: add btrfs_reserve_data_bytes and use it (bsc#1135481). - btrfs: add flushing states for handling data reservations (bsc#1135481). - btrfs: add the data transaction commit logic into may_commit_transaction (bsc#1135481). - btrfs: call btrfs_try_granting_tickets when freeing reserved bytes (bsc#1135481). - btrfs: call btrfs_try_granting_tickets when reserving space (bsc#1135481). - btrfs: call btrfs_try_granting_tickets when unpinning anything (bsc#1135481). - btrfs: change nr to u64 in btrfs_start_delalloc_roots (bsc#1135481). - btrfs: check tickets after waiting on ordered extents (bsc#1135481). - btrfs: do async reclaim for data reservations (bsc#1135481). - btrfs: don't force commit if we are data (bsc#1135481). - btrfs: drop the commit_cycles stuff for data reservations (bsc#1135481). - btrfs: factor out create_chunk() (bsc#1189077). - btrfs: factor out decide_stripe_size() (bsc#1189077). - btrfs: factor out gather_device_info() (bsc#1189077). - btrfs: factor out init_alloc_chunk_ctl (bsc#1189077). - btrfs: fix deadlock with concurrent chunk allocations involving system chunks (bsc#1189077). - btrfs: fix possible infinite loop in data async reclaim (bsc#1135481). - btrfs: flush delayed refs when trying to reserve data space (bsc#1135481). - btrfs: handle U64_MAX for shrink_delalloc (bsc#1135481). - btrfs: handle invalid profile in chunk allocation (bsc#1189077). - btrfs: handle space_info::total_bytes_pinned inside the delayed ref itself (bsc#1135481). - btrfs: introduce alloc_chunk_ctl (bsc#1189077). - btrfs: introduce chunk allocation policy (bsc#1189077). - btrfs: make ALLOC_CHUNK use the space info flags (bsc#1135481). - btrfs: make shrink_delalloc take space_info as an arg (bsc#1135481). - btrfs: move the chunk_mutex in btrfs_read_chunk_tree (bsc#1189077). - btrfs: parameterize dev_extent_min for chunk allocation (bsc#1189077). - btrfs: refactor find_free_dev_extent_start() (bsc#1189077). - btrfs: remove orig from shrink_delalloc (bsc#1135481). - btrfs: rework chunk allocation to avoid exhaustion of the system chunk array (bsc#1189077). - btrfs: run delayed iputs before committing the transaction for data (bsc#1135481). - btrfs: serialize data reservations if we are flushing (bsc#1135481). - btrfs: shrink delalloc pages instead of full inodes (bsc#1135481). - btrfs: track ordered bytes instead of just dio ordered bytes (bsc#1135481). - btrfs: use btrfs_start_delalloc_roots in shrink_delalloc (bsc#1135481). - btrfs: use the btrfs_space_info_free_bytes_may_use helper for delalloc (bsc#1135481). - btrfs: use the same helper for data and metadata reservations (bsc#1135481). - btrfs: use ticketing for data space reservations (bsc#1135481). - can: ti_hecc: Fix memleak in ti_hecc_probe (git-fixes). - can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange of the CAN RX and TX error counters (git-fixes). - ceph: clean up and optimize ceph_check_delayed_caps() (bsc#1187468). - ceph: reduce contention in ceph_check_delayed_caps() (bsc#1187468). - ceph: take snap_empty_lock atomically with snaprealm refcount change (bsc#1189427). - cfg80211: Fix possible memory leak in function cfg80211_bss_update (git-fixes). - cgroup1: fix leaked context root causing sporadic NULL deref in LTP (bsc#1190181). - cgroup: verify that source is a string (bsc#1190131). - cifs: Remove unused inline function is_sysvol_or_netlogon() (bsc#1185902). - cifs: avoid starvation when refreshing dfs cache (bsc#1185902). - cifs: constify get_normalized_path() properly (bsc#1185902). - cifs: do not cargo-cult strndup() (bsc#1185902). - cifs: do not send tree disconnect to ipc shares (bsc#1185902). - cifs: do not share tcp servers with dfs mounts (bsc#1185902). - cifs: do not share tcp sessions of dfs connections (bsc#1185902). - cifs: fix check of dfs interlinks (bsc#1185902). - cifs: fix path comparison and hash calc (bsc#1185902). - cifs: get rid of @noreq param in __dfs_cache_find() (bsc#1185902). - cifs: handle different charsets in dfs cache (bsc#1185902). - cifs: keep referral server sessions alive (bsc#1185902). - cifs: missing null pointer check in cifs_mount (bsc#1185902). - cifs: prevent NULL deref in cifs_compose_mount_options() (bsc#1185902). - cifs: set a minimum of 2 minutes for refreshing dfs cache (bsc#1185902). - clk: fix leak on devm_clk_bulk_get_all() unwind (git-fixes). - clk: kirkwood: Fix a clocking boot regression (git-fixes). - clk: stm32f4: fix post divisor setup for I2S/SAI PLLs (git-fixes). - cpuidle: Allow idle states to be disabled by default (bsc#1175543) - cpuidle: Consolidate disabled state checks (bsc#1175543) - cpuidle: Drop disabled field from struct cpuidle_state (bsc#1175543) - cpuidle: Fix cpuidle_driver_state_disabled() (bsc#1175543) - cpuidle: Introduce cpuidle_driver_state_disabled() for driver quirks (bsc#1175543) - cpuidle: cpuidle_state kABI fix (bsc#1175543) - crypto: ccp - Annotate SEV Firmware file names (bsc#1189212). - crypto: qat - use proper type for vf_mask (git-fixes). - crypto: x86/curve25519 - fix cpu feature checking logic in mod_exit (git-fixes). - dm integrity: fix missing goto in bitmap_flush_interval error handling (git-fixes). - dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails (git-fixes). - dm verity: fix DM_VERITY_OPTS_MAX value (git-fixes). - dmaengine: imx-dma: configure the generic DMA type to make it work (git-fixes). - dmaengine: imx-sdma: remove duplicated sdma_load_context (git-fixes). - dmaengine: of-dma: router_xlate to return -EPROBE_DEFER if controller is not yet available (git-fixes). - dmaengine: usb-dmac: Fix PM reference leak in usb_dmac_probe() (git-fixes). - dmaengine: xilinx_dma: Fix read-after-free bug when terminating transfers (git-fixes). - drivers/block/null_blk/main: Fix a double free in null_init (git-fixes). - drm/amdgpu/acp: Make PM domain really work (git-fixes). - drm/msi/mdp4: populate priv->kms in mdp4_kms_init (git-fixes). - drm/msm/dpu: make dpu_hw_ctl_clear_all_blendstages clear necessary LMs (git-fixes). - drm/msm/dsi: Fix some reference counted resource leaks (git-fixes). - drm/nouveau/disp: power down unused DP links during init (git-fixes). - drm/panfrost: Fix missing clk_disable_unprepare() on error in panfrost_clk_init() (git-fixes). - drm: Copy drm_wait_vblank to user before returning (git-fixes). - ext4: cleanup in-core orphan list if ext4_truncate() failed to get a transaction handle (bsc#1189568). - ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit (bsc#1189564). - ext4: fix avefreec in find_group_orlov (bsc#1189566). - ext4: fix kernel infoleak via ext4_extent_header (bsc#1189562). - ext4: fix potential htree corruption when growing large_dir directories (bsc#1189576). - ext4: remove check for zero nr_to_scan in ext4_es_scan() (bsc#1189565). - ext4: return error code when ext4_fill_flex_info() fails (bsc#1189563). - ext4: use ext4_grp_locked_error in mb_find_extent (bsc#1189567). - fanotify: fix copy_event_to_user() fid error clean up (bsc#1189574). - firmware_loader: fix use-after-free in firmware_fallback_sysfs (git-fixes). - firmware_loader: use -ETIMEDOUT instead of -EAGAIN in fw_load_sysfs_fallback (git-fixes). - fpga: altera-freeze-bridge: Address warning about unused variable (git-fixes). - fpga: xiilnx-spi: Address warning about unused variable (git-fixes). - fpga: zynqmp-fpga: Address warning about unused variable (git-fixes). - gpio: eic-sprd: break loop when getting NULL device resource (git-fixes). - gpio: tqmx86: really make IRQ optional (git-fixes). - i2c: dev: zero out array used for i2c reads from userspace (git-fixes). - i2c: highlander: add IRQ check (git-fixes). - i2c: iop3xx: fix deferred probing (git-fixes). - i2c: mt65xx: fix IRQ check (git-fixes). - i2c: s3c2410: fix IRQ check (git-fixes). - iio: adc: Fix incorrect exit of for-loop (git-fixes). - iio: adc: ti-ads7950: Ensure CS is deasserted after reading channels (git-fixes). - iio: humidity: hdc100x: Add margin to the conversion time (git-fixes). - intel_idle: Add module parameter to prevent ACPI _CST from being used (bsc#1175543) - intel_idle: Allow ACPI _CST to be used for selected known processors (bsc#1175543) - intel_idle: Annotate init time data structures (bsc#1175543) - intel_idle: Customize IceLake server support (bsc#1175543) - intel_idle: Disable ACPI _CST on Haswell (bsc#1175543, bsc#1177399, bsc#1180347, bsc#1180141) - intel_idle: Fix max_cstate for processor models without C-state tables (bsc#1175543) - intel_idle: Ignore _CST if control cannot be taken from the platform (bsc#1175543) - intel_idle: Refactor intel_idle_cpuidle_driver_init() (bsc#1175543) - intel_idle: Use ACPI _CST for processor models without C-state tables (bsc#1175543) - intel_idle: Use ACPI _CST on server systems (bsc#1175543) - iommu/amd: Fix extended features logging (bsc#1189213). - iommu/arm-smmu-v3: Decrease the queue size of evtq and priq (bsc#1189210). - iommu/arm-smmu-v3: add bit field SFM into GERROR_ERR_MASK (bsc#1189209). - iommu/dma: Fix IOVA reserve dma ranges (bsc#1189214). - iommu/dma: Fix compile warning in 32-bit builds (bsc#1189229). - iommu/vt-d: Check for allocation failure in aux_detach_device() (bsc#1189215). - iommu/vt-d: Define counter explicitly as unsigned int (bsc#1189216). - iommu/vt-d: Do not set then clear private data in prq_event_thread() (bsc#1189217). - iommu/vt-d: Fix sysfs leak in alloc_iommu() (bsc#1189218). - iommu/vt-d: Force to flush iotlb before creating superpage (bsc#1189219). - iommu/vt-d: Global devTLB flush when present context entry changed (bsc#1189220). - iommu/vt-d: Invalidate PASID cache when root/context entry changed (bsc#1189221). - iommu/vt-d: Reject unsupported page request modes (bsc#1189222). - iwlwifi: rs-fw: do not support stbc for HE 160 (git-fixes). - kABI fix of usb_dcd_config_params (git-fixes). - kABI: Fix kABI after fixing vcpu-id indexed arrays (git-fixes). - kabi fix for NFSv4.1: Do not rebind to the same source port when reconnecting to the server (bnc#1186264 bnc#1189021) - kabi fix for SUNRPC: defer slow parts of rpc_free_client() to a workqueue (bsc#1168202 bsc#1188924). - kernel, fs: Introduce and use set_restart_fn() and arch_set_restart_data() (bsc#1189153). - lib/mpi: use kcalloc in mpi_resize (git-fixes). - libata: fix ata_pio_sector for CONFIG_HIGHMEM (git-fixes). - mac80211: Fix insufficient headroom issue for AMSDU (git-fixes). - mailbox: sti: quieten kernel-doc warnings (git-fixes). - md/raid10: properly indicate failure when ending a failed write request (git-fixes). - media: TDA1997x: enable EDID support (git-fixes). - media: cxd2880-spi: Fix an error handling path (git-fixes). - media: drivers/media/usb: fix memory leak in zr364xx_probe (git-fixes). - media: dvb-usb: Fix error handling in dvb_usb_i2c_init (git-fixes). - media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init (git-fixes). - media: dvb-usb: fix uninit-value in vp702x_read_mac_addr (git-fixes). - media: em28xx-input: fix refcount bug in em28xx_usb_disconnect (git-fixes). - media: go7007: fix memory leak in go7007_usb_probe (git-fixes). - media: go7007: remove redundant initialization (git-fixes). - media: rtl28xxu: fix zero-length control request (git-fixes). - media: stkwebcam: fix memory leak in stk_camera_probe (git-fixes). - media: venus: venc: Fix potential null pointer dereference on pointer fmt (git-fixes). - media: videobuf2-core: dequeue if start_streaming fails (git-fixes). - media: zr364xx: fix memory leaks in probe() (git-fixes). - media: zr364xx: propagate errors from zr364xx_start_readpipe() (git-fixes). - memcg: enable accounting for file lock caches (bsc#1190115). - misc: atmel-ssc: lock with mutex instead of spinlock (git-fixes). - misc: rtsx: do not setting OC_POWER_DOWN reg in rtsx_pci_init_ocp() (git-fixes). - mm, vmscan: guarantee drop_slab_node() termination (VM Functionality, bsc#1189301). - mm/thp: unmap_mapping_page() to fix THP truncate_cleanup_page() (bsc#1189569). - mm: swap: properly update readahead statistics in unuse_pte_range() (bsc#1187619). - mmc: dw_mmc: Fix hang on data CRC error (git-fixes). - mmc: dw_mmc: Fix issue with uninitialized dma_slave_config (git-fixes). - mmc: moxart: Fix issue with uninitialized dma_slave_config (git-fixes). - mmc: sdhci-iproc: Cap min clock frequency on BCM2711 (git-fixes). - mmc: sdhci-iproc: Set SDHCI_QUIRK_CAP_CLOCK_BASE_BROKEN on BCM2711 (git-fixes). - mtd: cfi_cmdset_0002: fix crash when erasing/writing AMD cards (git-fixes). - mtd: rawnand: cafe: Fix a resource leak in the error handling path of 'cafe_nand_probe()' (git-fixes). - nbd: Aovid double completion of a request (git-fixes). - nbd: Fix NULL pointer in flush_workqueue (git-fixes). - nbd: do not update block size after device is started (git-fixes). - net/mlx5: Properly convey driver version to firmware (git-fixes). - net: dsa: mv88e6xxx: Avoid VTU corruption on 6097 (git-fixes). - net: dsa: mv88e6xxx: also read STU state in mv88e6250_g1_vtu_getnext (git-fixes). - net: stmmac: free tx skb buffer in stmmac_resume() (git-fixes). - nfs: fix acl memory leak of posix_acl_create() (git-fixes). - nvme-multipath: revalidate paths during rescan (bsc#1187211) - nvme-pci: Use u32 for nvme_dev.q_depth and nvme_queue.q_depth (bsc#1181972). - nvme-pci: fix NULL req in completion handler (bsc#1181972). - nvme-pci: limit maximum queue depth to 4095 (bsc#1181972). - nvme-pci: use unsigned for io queue depth (bsc#1181972). - nvme-tcp: Do not reset transport on data digest errors (bsc#1188418). - nvme-tcp: do not check blk_mq_tag_to_rq when receiving pdu data (bsc#1181972). - nvme: avoid possible double fetch in handling CQE (bsc#1181972). - nvme: code command_id with a genctr for use-after-free validation (bsc#1181972). - nvme: only call synchronize_srcu when clearing current path (bsc#1188067). - nvmet: use NVMET_MAX_NAMESPACES to set nn value (bsc#1189384). - ocfs2: fix snprintf() checking (bsc#1189581). - ocfs2: fix zero out valid data (bsc#1189579). - ocfs2: initialize ip_next_orphan (bsc#1186731). - ocfs2: issue zeroout to EOF blocks (bsc#1189582). - ocfs2: ocfs2_downconvert_lock failure results in deadlock (bsc#1188439). - overflow: Correct check_shl_overflow() comment (git-fixes). - ovl: allow upperdir inside lowerdir (bsc#1189323). - ovl: expand warning in ovl_d_real() (bsc#1189323). - ovl: fix missing revert_creds() on error path (bsc#1189323). - ovl: perform vfs_getxattr() with mounter creds (bsc#1189323). - ovl: skip getxattr of security labels (bsc#1189323). - params: lift param_set_uint_minmax to common code (bsc#1181972). - pcmcia: i82092: fix a null pointer dereference bug (git-fixes). - pinctrl: samsung: Fix pinctrl bank pin count (git-fixes). - pinctrl: single: Fix error return code in pcs_parse_bits_in_pinctrl_entry() (git-fixes). - pinctrl: stmfx: Fix hazardous u8[] to unsigned long cast (git-fixes). - platform/x86: pcengines-apuv2: Add missing terminating entries to gpio-lookup tables (git-fixes). - power: supply: max17042: handle fails of reading status register (git-fixes). - powerpc/papr_scm: Make 'perf_stats' invisible if perf-stats unavailable (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769 git-fixes). - powerpc/papr_scm: Reduce error severity if nvdimm stats inaccessible (bsc#1189197 ltc#193906). - powerpc/pseries: Fix regression while building external modules (bsc#1160010 ltc#183046 git-fixes). - powerpc/pseries: Fix update of LPAR security flavor after LPM (bsc#1188885 ltc#193722 git-fixes) - powerpc: Fix is_kvm_guest() / kvm_para_available() (bsc#1181148 ltc#190702 git-fixes). - regulator: rt5033: Fix n_voltages settings for BUCK and LDO (git-fixes). - regulator: vctrl: Avoid lockdep warning in enable/disable ops (git-fixes). - regulator: vctrl: Use locked regulator_get_voltage in probe path (git-fixes). - rpm/kernel-obs-build.spec.in: make builds reproducible (bsc#1189305) - rpm: Abolish image suffix (bsc#1189841). - rpm: Define $certs as rpm macro (bsc#1189841). - rpm: Fold kernel-devel and kernel-source scriptlets into spec files (bsc#1189841). - rpm: kernel-binary.spec: Define $image as rpm macro (bsc#1189841). - rpm: support gz and zst compression methods Extend commit 18fcdff43a00 ('rpm: support compressed modules') for compression methods other than xz. - rq-qos: fix missed wake-ups in rq_qos_throttle try two (bsc#1189575). - rsi: fix an error code in rsi_probe() (git-fixes). - rsi: fix error code in rsi_load_9116_firmware() (git-fixes). - s390/ap: Fix hanging ioctl caused by wrong msg counter (bsc#1188982 LTC#193817). - s390/boot: fix use of expolines in the DMA code (bsc#1188878 ltc#193771). - sched/fair: Correctly insert cfs_rq's to list on unthrottle (git-fixes) - sched/rt: Fix RT utilization tracking during policy change (git-fixes) - scsi: blkcg: Add app identifier support for blkcg (bsc#1189385 jsc#SLE-18970). - scsi: blkcg: Fix application ID config options (bsc#1189385 jsc#SLE-18970). - scsi: cgroup: Add cgroup_get_from_id() (bsc#1189385 jsc#SLE-18970). - scsi: core: Add scsi_prot_ref_tag() helper (bsc#1189392). - scsi: ibmvfc: Do not wait for initial device scan (bsc#1127650). - scsi: libfc: Fix array index out of bound exception (bsc#1188616). - scsi: lpfc: Add 256 Gb link speed support (bsc#1189385). - scsi: lpfc: Add PCI ID support for LPe37000/LPe38000 series adapters (bsc#1189385). - scsi: lpfc: Call discovery state machine when handling PLOGI/ADISC completions (bsc#1189385). - scsi: lpfc: Clear outstanding active mailbox during PCI function reset (bsc#1189385). - scsi: lpfc: Copyright updates for 12.8.0.11 patches (bsc#1189385). - scsi: lpfc: Copyright updates for 14.0.0.0 patches (bsc#1189385). - scsi: lpfc: Delay unregistering from transport until GIDFT or ADISC completes (bsc#1189385). - scsi: lpfc: Discovery state machine fixes for LOGO handling (bsc#1189385). - scsi: lpfc: Enable adisc discovery after RSCN by default (bsc#1189385). - scsi: lpfc: Fix KASAN slab-out-of-bounds in lpfc_unreg_rpi() routine (bsc#1189385). - scsi: lpfc: Fix NULL ptr dereference with NPIV ports for RDF handling (bsc#1189385). - scsi: lpfc: Fix NVMe support reporting in log message (bsc#1189385). - scsi: lpfc: Fix build error in lpfc_scsi.c (bsc#1189385). - scsi: lpfc: Fix cq_id truncation in rq create (bsc#1189385). - scsi: lpfc: Fix function description comments for vmid routines (bsc#1189385). - scsi: lpfc: Fix memory leaks in error paths while issuing ELS RDF/SCR request (bsc#1189385). - scsi: lpfc: Fix possible ABBA deadlock in nvmet_xri_aborted() (bsc#1189385). - scsi: lpfc: Fix target reset handler from falsely returning FAILURE (bsc#1189385). - scsi: lpfc: Improve firmware download logging (bsc#1189385). - scsi: lpfc: Keep NDLP reference until after freeing the IOCB after ELS handling (bsc#1189385). - scsi: lpfc: Move initialization of phba->poll_list earlier to avoid crash (git-fixes). - scsi: lpfc: Remove REG_LOGIN check requirement to issue an ELS RDF (bsc#1189385). - scsi: lpfc: Remove redundant assignment to pointer pcmd (bsc#1189385). - scsi: lpfc: Remove redundant assignment to pointer temp_hdr (bsc#1189385). - scsi: lpfc: Remove use of kmalloc() in trace event logging (bsc#1189385). - scsi: lpfc: Revise Topology and RAS support checks for new adapters (bsc#1189385). - scsi: lpfc: Skip issuing ADISC when node is in NPR state (bsc#1189385). - scsi: lpfc: Skip reg_vpi when link is down for SLI3 in ADISC cmpl path (bsc#1189385). - scsi: lpfc: Update lpfc version to 12.8.0.11 (bsc#1189385). - scsi: lpfc: Update lpfc version to 14.0.0.0 (bsc#1189385). - scsi: lpfc: Use PBDE feature enabled bit to determine PBDE support (bsc#1189385). - scsi: lpfc: Use list_move_tail() instead of list_del()/list_add_tail() (bsc#1189385). - scsi: lpfc: vmid: Add QFPA and VMID timeout check in worker thread (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Add datastructure for supporting VMID in lpfc (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Add support for VMID in mailbox command (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Append the VMID to the wqe before sending (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Functions to manage VMIDs (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Implement CT commands for appid (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Implement ELS commands for appid (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Introduce VMID in I/O path (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Timeout implementation for VMID (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: VMID parameter initialization (bsc#1189385 jsc#SLE-18970). - scsi: qla2xxx: Add heartbeat check (bsc#1189392). - scsi: qla2xxx: Fix error return code in qla82xx_write_flash_dword() (bsc#1189392). - scsi: qla2xxx: Fix spelling mistakes 'allloc' -> 'alloc' (bsc#1189392). - scsi: qla2xxx: Fix use after free in debug code (bsc#1189392). - scsi: qla2xxx: Log PCI address in qla_nvme_unregister_remote_port() (bsc#1189392). - scsi: qla2xxx: Remove duplicate declarations (bsc#1189392). - scsi: qla2xxx: Remove redundant assignment to rval (bsc#1189392). - scsi: qla2xxx: Remove redundant continue statement in a for-loop (bsc#1189392). - scsi: qla2xxx: Remove redundant initialization of variable num_cnt (bsc#1189392). - scsi: qla2xxx: Remove unused variable 'status' (bsc#1189392). - scsi: qla2xxx: Update version to 10.02.00.107-k (bsc#1189392). - scsi: qla2xxx: Use list_move_tail() instead of list_del()/list_add_tail() (bsc#1189392). - scsi: qla2xxx: Use the proper SCSI midlayer interfaces for PI (bsc#1189392). - scsi: qla2xxx: edif: Add authentication pass + fail bsgs (bsc#1189392). - scsi: qla2xxx: edif: Add detection of secure device (bsc#1189392). - scsi: qla2xxx: edif: Add doorbell notification for app (bsc#1189392). - scsi: qla2xxx: edif: Add encryption to I/O path (bsc#1189392). - scsi: qla2xxx: edif: Add extraction of auth_els from the wire (bsc#1189392). - scsi: qla2xxx: edif: Add getfcinfo and statistic bsgs (bsc#1189392). - scsi: qla2xxx: edif: Add key update (bsc#1189392). - scsi: qla2xxx: edif: Add send, receive, and accept for auth_els (bsc#1189392). - scsi: qla2xxx: edif: Add start + stop bsgs (bsc#1189392). - scsi: qla2xxx: edif: Increment command and completion counts (bsc#1189392). - scsi: scsi_transport_srp: Do not block target in SRP_PORT_LOST state (bsc#1184180). - scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal (bsc#1189392). - scsi: zfcp: Report port fc_security as unknown early during remote cable pull (git-fixes). - serial: 8250: Mask out floating 16/32-bit bus bits (git-fixes). - serial: 8250_mtk: fix uart corruption issue when rx power off (git-fixes). - serial: tegra: Only print FIFO error message when an error occurs (git-fixes). - slimbus: messaging: check for valid transaction id (git-fixes). - slimbus: messaging: start transaction ids from 1 instead of zero (git-fixes). - slimbus: ngd: reset dma setup during runtime pm (git-fixes). - soc: aspeed: lpc-ctrl: Fix boundary check for mmap (git-fixes). - soc: aspeed: p2a-ctrl: Fix boundary check for mmap (git-fixes). - soc: ixp4xx/qmgr: fix invalid __iomem access (git-fixes). - soc: ixp4xx: fix printing resources (git-fixes). - soc: qcom: rpmhpd: Use corner in power_off (git-fixes). - soc: qcom: smsm: Fix missed interrupts if state changes while masked (git-fixes). - spi: imx: mx51-ecspi: Fix CONFIGREG delay comment (git-fixes). - spi: imx: mx51-ecspi: Fix low-speed CONFIGREG delay calculation (git-fixes). - spi: imx: mx51-ecspi: Reinstate low-speed CONFIGREG delay (git-fixes). - spi: mediatek: Fix fifo transfer (git-fixes). - spi: meson-spicc: fix memory leak in meson_spicc_remove (git-fixes). - spi: spi-fsl-dspi: Fix issue with uninitialized dma_slave_config (git-fixes). - spi: spi-pic32: Fix issue with uninitialized dma_slave_config (git-fixes). - spi: sprd: Fix the wrong WDG_LOAD_VAL (git-fixes). - spi: stm32h7: fix full duplex irq handler handling (git-fixes). - staging: rtl8192u: Fix bitwise vs logical operator in TranslateRxSignalStuff819xUsb() (git-fixes). - staging: rtl8712: get rid of flush_scheduled_work (git-fixes). - staging: rtl8723bs: Fix a resource leak in sd_int_dpc (git-fixes). - tracing / histogram: Fix NULL pointer dereference on strcmp() on NULL event name (git-fixes). - tracing / histogram: Give calculation hist_fields a size (git-fixes). - tracing: Reject string operand in the histogram expression (git-fixes). - tty: serial: fsl_lpuart: fix the wrong mapbase value (git-fixes). - ubifs: Fix error return code in alloc_wbufs() (bsc#1189585). - ubifs: Fix memleak in ubifs_init_authentication (bsc#1189583). - ubifs: Only check replay with inode type to judge if inode linked (bsc#1187455). - ubifs: Set/Clear I_LINKABLE under i_lock for whiteout inode (bsc#1189587). - ubifs: journal: Fix error return code in ubifs_jnl_write_inode() (bsc#1189586). - usb: bdc: Fix an error handling path in 'bdc_probe()' when no suitable DMA config is available (git-fixes). - usb: dwc2: Postponed gadget registration to the udc class driver (git-fixes). - usb: dwc3: Add support for DWC_usb32 IP (git-fixes). - usb: dwc3: Disable phy suspend after power-on reset (git-fixes). - usb: dwc3: Separate field holding multiple properties (git-fixes). - usb: dwc3: Stop active transfers before halting the controller (git-fixes). - usb: dwc3: Use clk_bulk_prepare_enable() (git-fixes). - usb: dwc3: Use devres to get clocks (git-fixes). - usb: dwc3: core: Properly default unspecified speed (git-fixes). - usb: dwc3: core: do not do suspend for device mode if already suspended (git-fixes). - usb: dwc3: debug: Remove newline printout (git-fixes). - usb: dwc3: gadget: Check MPS of the request length (git-fixes). - usb: dwc3: gadget: Clear DCTL.ULSTCHNGREQ before set (git-fixes). - usb: dwc3: gadget: Clear DEP flags after stop transfers in ep disable (git-fixes). - usb: dwc3: gadget: Disable gadget IRQ during pullup disable (git-fixes). - usb: dwc3: gadget: Do not send unintended link state change (git-fixes). - usb: dwc3: gadget: Do not setup more than requested (git-fixes). - usb: dwc3: gadget: Fix dwc3_calc_trbs_left() (git-fixes). - usb: dwc3: gadget: Fix handling ZLP (git-fixes). - usb: dwc3: gadget: Give back staled requests (git-fixes). - usb: dwc3: gadget: Handle ZLP for sg requests (git-fixes). - usb: dwc3: gadget: Prevent EP queuing while stopping transfers (git-fixes). - usb: dwc3: gadget: Properly track pending and queued SG (git-fixes). - usb: dwc3: gadget: Restart DWC3 gadget when enabling pullup (git-fixes). - usb: dwc3: gadget: Set BESL config parameter (git-fixes). - usb: dwc3: gadget: Set link state to RX_Detect on disconnect (git-fixes). - usb: dwc3: gadget: Stop EP0 transfers during pullup disable (git-fixes). - usb: dwc3: gadget: Workaround Mirosoft's BESL check (git-fixes). - usb: dwc3: meson-g12a: add IRQ check (git-fixes). - usb: dwc3: meson-g12a: check return of dwc3_meson_g12a_usb_init (git-fixes). - usb: dwc3: of-simple: add a shutdown (git-fixes). - usb: dwc3: st: Add of_dev_put() in probe function (git-fixes). - usb: dwc3: st: Add of_node_put() before return in probe function (git-fixes). - usb: dwc3: support continuous runtime PM with dual role (git-fixes). - usb: ehci-orion: Handle errors of clk_prepare_enable() in probe (git-fixes). - usb: gadget: Export recommended BESL values (git-fixes). - usb: gadget: f_hid: added GET_IDLE and SET_IDLE handlers (git-fixes). - usb: gadget: f_hid: fixed NULL pointer dereference (git-fixes). - usb: gadget: f_hid: idle uses the highest byte for duration (git-fixes). - usb: gadget: mv_u3d: request_irq() after initializing UDC (git-fixes). - usb: gadget: udc: at91: add IRQ check (git-fixes). - usb: gadget: udc: renesas_usb3: Fix soc_device_match() abuse (git-fixes). - usb: host: ohci-tmio: add IRQ check (git-fixes). - usb: host: xhci-rcar: Do not reload firmware after the completion (git-fixes). - usb: mtu3: fix the wrong HS mult value (git-fixes). - usb: mtu3: use @mult for HS isoc or intr (git-fixes). - usb: phy: fsl-usb: add IRQ check (git-fixes). - usb: phy: tahvo: add IRQ check (git-fixes). - usb: phy: twl6030: add IRQ checks (git-fixes). - virt_wifi: fix error on connect (git-fixes). - virtio_pci: Support surprise removal of virtio pci device (git-fixes). - wireguard: allowedips: allocate nodes in kmem_cache (git-fixes). - wireguard: allowedips: free empty intermediate nodes when removing single node (git-fixes). - wireguard: allowedips: remove nodes in O(1) (git-fixes). - writeback: fix obtain a reference to a freeing memcg css (bsc#1189577). - x86/fpu: Limit xstate copy size in xstateregs_set() (bsc#1152489). - x86/fpu: Make init_fpstate correct with optimized XSAVE (bsc#1152489). - x86/fpu: Reset state for all signal restore failures (bsc#1152489). - x86/kvm: fix vcpu-id indexed array sizes (git-fixes). - x86/signal: Detect and prevent an alternate signal stack overflow (bsc#1152489). - xen/events: Fix race in set_evtchn_to_irq (git-fixes). - xprtrdma: Pad optimization, revisited (bsc#1189760). Important SUSE bug 1040364 SUSE bug 1127650 SUSE bug 1135481 SUSE bug 1152489 SUSE bug 1160010 SUSE bug 1167032 SUSE bug 1168202 SUSE bug 1174969 SUSE bug 1175052 SUSE bug 1175543 SUSE bug 1177399 SUSE bug 1180141 SUSE bug 1180347 SUSE bug 1181148 SUSE bug 1181972 SUSE bug 1184114 SUSE bug 1184180 SUSE bug 1185675 SUSE bug 1185902 SUSE bug 1186264 SUSE bug 1186731 SUSE bug 1187211 SUSE bug 1187455 SUSE bug 1187468 SUSE bug 1187619 SUSE bug 1188067 SUSE bug 1188172 SUSE bug 1188418 SUSE bug 1188439 SUSE bug 1188616 SUSE bug 1188780 SUSE bug 1188781 SUSE bug 1188782 SUSE bug 1188783 SUSE bug 1188784 SUSE bug 1188786 SUSE bug 1188787 SUSE bug 1188788 SUSE bug 1188790 SUSE bug 1188878 SUSE bug 1188885 SUSE bug 1188924 SUSE bug 1188982 SUSE bug 1188983 SUSE bug 1188985 SUSE bug 1189021 SUSE bug 1189057 SUSE bug 1189077 SUSE bug 1189153 SUSE bug 1189197 SUSE bug 1189209 SUSE bug 1189210 SUSE bug 1189212 SUSE bug 1189213 SUSE bug 1189214 SUSE bug 1189215 SUSE bug 1189216 SUSE bug 1189217 SUSE bug 1189218 SUSE bug 1189219 SUSE bug 1189220 SUSE bug 1189221 SUSE bug 1189222 SUSE bug 1189229 SUSE bug 1189262 SUSE bug 1189291 SUSE bug 1189292 SUSE bug 1189298 SUSE bug 1189301 SUSE bug 1189305 SUSE bug 1189323 SUSE bug 1189384 SUSE bug 1189385 SUSE bug 1189392 SUSE bug 1189399 SUSE bug 1189400 SUSE bug 1189427 SUSE bug 1189449 SUSE bug 1189503 SUSE bug 1189504 SUSE bug 1189505 SUSE bug 1189506 SUSE bug 1189507 SUSE bug 1189562 SUSE bug 1189563 SUSE bug 1189564 SUSE bug 1189565 SUSE bug 1189566 SUSE bug 1189567 SUSE bug 1189568 SUSE bug 1189569 SUSE bug 1189573 SUSE bug 1189574 SUSE bug 1189575 SUSE bug 1189576 SUSE bug 1189577 SUSE bug 1189579 SUSE bug 1189581 SUSE bug 1189582 SUSE bug 1189583 SUSE bug 1189585 SUSE bug 1189586 SUSE bug 1189587 SUSE bug 1189706 SUSE bug 1189760 SUSE bug 1189832 SUSE bug 1189841 SUSE bug 1189870 SUSE bug 1189883 SUSE bug 1190025 SUSE bug 1190115 SUSE bug 1190117 SUSE bug 1190131 SUSE bug 1190181 CVE-2021-34556 at SUSE CVE-2021-34556 at NVD CVE-2021-35477 at SUSE CVE-2021-35477 at NVD CVE-2021-3640 at SUSE CVE-2021-3640 at NVD CVE-2021-3653 at SUSE CVE-2021-3653 at NVD CVE-2021-3656 at SUSE CVE-2021-3656 at NVD CVE-2021-3679 at SUSE CVE-2021-3679 at NVD CVE-2021-3732 at SUSE CVE-2021-3732 at NVD CVE-2021-3739 at SUSE CVE-2021-3739 at NVD CVE-2021-3743 at SUSE CVE-2021-3743 at NVD CVE-2021-3753 at SUSE CVE-2021-3753 at NVD CVE-2021-3759 at SUSE CVE-2021-3759 at NVD CVE-2021-38160 at SUSE CVE-2021-38160 at NVD CVE-2021-38198 at SUSE CVE-2021-38198 at NVD CVE-2021-38204 at SUSE CVE-2021-38204 at NVD CVE-2021-38205 at SUSE CVE-2021-38205 at NVD CVE-2021-38207 at SUSE CVE-2021-38207 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for curl fixes the following issues: - CVE-2021-22947: Fixed STARTTLS protocol injection via MITM (bsc#1190374). - CVE-2021-22946: Fixed protocol downgrade required TLS bypassed (bsc#1190373). Moderate SUSE bug 1190373 SUSE bug 1190374 CVE-2021-22946 at SUSE CVE-2021-22946 at NVD CVE-2021-22947 at SUSE CVE-2021-22947 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 The SUSE Linux Enterprise 15 SP2 kernel was updated to 3.12.31 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bnc#1191193) - CVE-2021-3752: Fixed a use after free vulnerability in the Linux kernel's bluetooth module. (bsc#1190023) - CVE-2021-40490: Fixed a race condition discovered in the ext4 subsystem that could leat to local priviledge escalation. (bnc#1190159) - CVE-2021-3744: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1189884) - CVE-2021-3764: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1190534) - CVE-2021-3669: Fixed a bug that doesn't allow /proc/sysvipc/shm to scale with large shared memory segment counts which could lead to resource exhaustion and DoS. (bsc#1188986) The following non-security bugs were fixed: - ALSA: firewire-motu: fix truncated bytes in message tracepoints (git-fixes). - apparmor: remove duplicate macro list_entry_is_head() (git-fixes). - ASoC: fsl_micfil: register platform component before registering cpu dai (git-fixes). - ASoC: mediatek: common: handle NULL case in suspend/resume function (git-fixes). - ASoC: rockchip: i2s: Fix regmap_ops hang (git-fixes). - ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B (git-fixes). - ASoC: SOF: Fix DSP oops stack dump output contents (git-fixes). - ath9k: fix OOB read ar9300_eeprom_restore_internal (git-fixes). - ath9k: fix sleeping in atomic context (git-fixes). - backlight: pwm_bl: Improve bootloader/kernel device handover (git-fixes). - blk-mq: do not deactivate hctx if managed irq isn't used (bsc#1185762). - blk-mq: kABI fixes for blk_mq_queue_map (bsc#1185762). - blk-mq: mark if one queue map uses managed irq (bsc#1185762). - Bluetooth: skip invalid hci_sync_conn_complete_evt (git-fixes). - bnx2x: fix an error code in bnx2x_nic_load() (git-fixes). - bnxt_en: Add missing DMA memory barriers (git-fixes). - bnxt_en: Disable aRFS if running on 212 firmware (git-fixes). - bnxt_en: Do not enable legacy TX push on older firmware (git-fixes). - bnxt_en: Store the running firmware version code (git-fixes). - bnxt: count Tx drops (git-fixes). - bnxt: disable napi before canceling DIM (git-fixes). - bnxt: do not lock the tx queue from napi poll (git-fixes). - bnxt: make sure xmit_more + errors does not miss doorbells (git-fixes). - btrfs: prevent rename2 from exchanging a subvol with a directory from different parents (bsc#1190626). - clk: at91: clk-generated: Limit the requested rate to our range (git-fixes). - clk: at91: clk-generated: pass the id of changeable parent at registration (git-fixes). - console: consume APC, DM, DCS (git-fixes). - cuse: fix broken release (bsc#1190596). - cxgb4: dont touch blocked freelist bitmap after free (git-fixes). - debugfs: Return error during {full/open}_proxy_open() on rmmod (bsc#1173746). - devlink: Break parameter notification sequence to be before/after unload/load driver (bsc#1154353). - dmaengine: ioat: depends on !UML (git-fixes). - dmaengine: sprd: Add missing MODULE_DEVICE_TABLE (git-fixes). - dmaengine: xilinx_dma: Set DMA mask for coherent APIs (git-fixes). - docs: Fix infiniband uverbs minor number (git-fixes). - drivers: gpu: amd: Initialize amdgpu_dm_backlight_caps object to 0 in amdgpu_dm_update_backlight_caps (git-fixes). - drm: avoid blocking in drm_clients_info's rcu section (git-fixes). - drm/amd/amdgpu: Update debugfs link_settings output link_rate field in hex (git-fixes). - drm/amd/display: Fix timer_per_pixel unit error (git-fixes). - drm/amdgpu: Fix BUG_ON assert (git-fixes). - drm/gma500: Fix end of loop tests for list_for_each_entry (git-fixes). - drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV (git-fixes). - drm/panfrost: Clamp lock region to Bifrost minimum (git-fixes). - e1000e: Do not take care about recovery NVM checksum (jsc#SLE-8100). - e1000e: Fix the max snoop/no-snoop latency for 10M (git-fixes). - EDAC/i10nm: Fix NVDIMM detection (bsc#1152489). - EDAC/synopsys: Fix wrong value type assignment for edac_mode (bsc#1152489). - erofs: fix up erofs_lookup tracepoint (git-fixes). - fbmem: do not allow too huge resolutions (git-fixes). - fpga: machxo2-spi: Fix missing error code in machxo2_write_complete() (git-fixes). - fpga: machxo2-spi: Return an error on failure (git-fixes). - fuse: flush extending writes (bsc#1190595). - fuse: truncate pagecache on atomic_o_trunc (bsc#1190705). - genirq: add device_has_managed_msi_irq (bsc#1185762). - gpio: uniphier: Fix void functions to remove return value (git-fixes). - gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port() (git-fixes). - gve: fix the wrong AdminQ buffer overflow check (bsc#1176940). - hv_netvsc: Make netvsc/VF binding check both MAC and serial number (jsc#SLE-18779, bsc#1185726). - hv: mana: remove netdev_lockdep_set_classes usage (jsc#SLE-18779, bsc#1185726). - hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs (git-fixes). - hwmon: (tmp421) fix rounding for negative values (git-fixes). - hwmon: (tmp421) report /PVLD condition as fault (git-fixes). - i40e: Add additional info to PHY type error (git-fixes). - i40e: Fix firmware LLDP agent related warning (git-fixes). - i40e: Fix log TC creation failure when max num of queues is exceeded (git-fixes). - i40e: Fix logic of disabling queues (git-fixes). - i40e: Fix queue-to-TC mapping on Tx (git-fixes). - iavf: Fix ping is lost after untrusted VF had tried to change MAC (jsc#SLE-7940). - iavf: Set RSS LUT and key in reset handle path (git-fixes). - ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510). - ibmvnic: Consolidate code in replenish_rx_pool() (bsc#1190758 ltc#191943). - ibmvnic: Fix up some comments and messages (bsc#1190758 ltc#191943). - ibmvnic: init_tx_pools move loop-invariant code (bsc#1190758 ltc#191943). - ibmvnic: Reuse LTB when possible (bsc#1190758 ltc#191943). - ibmvnic: Reuse rx pools when possible (bsc#1190758 ltc#191943). - ibmvnic: Reuse tx pools when possible (bsc#1190758 ltc#191943). - ibmvnic: Use bitmap for LTB map_ids (bsc#1190758 ltc#191943). - ibmvnic: Use/rename local vars in init_rx_pools (bsc#1190758 ltc#191943). - ibmvnic: Use/rename local vars in init_tx_pools (bsc#1190758 ltc#191943). - ice: Prevent probing virtual functions (git-fixes). - iio: dac: ad5624r: Fix incorrect handling of an optional regulator (git-fixes). - include/linux/list.h: add a macro to test if entry is pointing to the head (git-fixes). - iomap: Fix negative assignment to unsigned sis->pages in iomap_swapfile_activate (bsc#1190784). - ionic: cleanly release devlink instance (bsc#1167773). - ionic: count csum_none when offload enabled (bsc#1167773). - ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#1190115). - ipc/util.c: use binary search for max_idx (bsc#1159886). - ipvs: allow connection reuse for unconfirmed conntrack (bsc#1190467). - ipvs: avoid expiring many connections from timer (bsc#1190467). - ipvs: Fix up kabi for expire_nodest_conn_work addition (bsc#1190467). - ipvs: queue delayed work to expire no destination connections if expire_nodest_conn=1 (bsc#1190467). - iwlwifi: mvm: fix a memory leak in iwl_mvm_mac_ctxt_beacon_changed (git-fixes). - kernel-binary.spec: Check for no kernel signing certificates. Also remove unused variable. - kernel-binary.spec: Do not fail silently when KMP is empty (bsc#1190358). Copy the code from kernel-module-subpackage that deals with empty KMPs. - kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167 bsc#1191240 ltc#194716). - kernel-binary.spec.in Stop templating the scriptlets for subpackages (bsc#1190358). The script part for base package case is completely separate from the part for subpackages. Remove the part for subpackages from the base package script and use the KMP scripts for subpackages instead. - libata: fix ata_host_start() (git-fixes). - mac80211-hwsim: fix late beacon hrtimer handling (git-fixes). - mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug (git-fixes). - mac80211: fix use-after-free in CCMP/GCMP RX (git-fixes). - mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap (git-fixes). - mac80211: mesh: fix potentially unaligned access (git-fixes). - media: cedrus: Fix SUNXI tile size calculation (git-fixes). - media: coda: fix frame_mem_ctrl for YUV420 and YVU420 formats (git-fixes). - media: dib8000: rewrite the init prbs logic (git-fixes). - media: imx258: Limit the max analogue gain to 480 (git-fixes). - media: imx258: Rectify mismatch of VTS value (git-fixes). - media: rc-loopback: return number of emitters rather than error (git-fixes). - media: TDA1997x: fix tda1997x_query_dv_timings() return value (git-fixes). - media: uvc: do not do DMA on stack (git-fixes). - media: v4l2-dv-timings.c: fix wrong condition in two for-loops (git-fixes). - mfd: Do not use irq_create_mapping() to resolve a mapping (git-fixes). - mlx4: Fix missing error code in mlx4_load_one() (git-fixes). - mm: always have io_remap_pfn_range() set pgprot_decrypted() (git-fixes). - mm/swap: consider max pages in iomap_swapfile_add_extent (bsc#1190785). - mmc: core: Return correct emmc response in case of ioctl error (git-fixes). - mmc: rtsx_pci: Fix long reads when clock is prescaled (git-fixes). - mmc: sdhci-of-arasan: Check return value of non-void funtions (git-fixes). - net: mana: Add a driver for Microsoft Azure Network Adapter (MANA) (jsc#SLE-18779, bsc#1185726). - net: mana: Add support for EQ sharing (jsc#SLE-18779, bsc#1185726). - net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-18779, bsc#1185726). - net: mana: Fix a memory leak in an error handling path in (jsc#SLE-18779, bsc#1185726). - net: mana: fix PCI_HYPERV dependency (jsc#SLE-18779, bsc#1185726). - net: mana: Move NAPI from EQ to CQ (jsc#SLE-18779, bsc#1185726). - net: mana: Prefer struct_size over open coded arithmetic (jsc#SLE-18779, bsc#1185726). - net: mana: remove redundant initialization of variable err (jsc#SLE-18779, bsc#1185726). - net: mana: Use int to check the return value of mana_gd_poll_cq() (jsc#SLE-18779, bsc#1185726). - net: mana: Use struct_size() in kzalloc() (jsc#SLE-18779, bsc#1185726). - net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32 (git-fixes). - net: sched: sch_teql: fix null-pointer dereference (bsc#1190717). - net/mlx5: E-Switch, handle devcom events only for ports on the same device (git-fixes). - net/mlx5: Fix flow table chaining (git-fixes). - net/mlx5: Fix return value from tracer initialization (git-fixes). - net/mlx5: Unload device upon firmware fatal error (git-fixes). - net/mlx5e: Avoid creating tunnel headers for local route (git-fixes). - net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev() (git-fixes). - net/mlx5e: Prohibit inner indir TIRs in IPoIB (git-fixes). - netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state (bsc#1190062). - nfp: update ethtool reporting of pauseframe control (git-fixes). - NFS: change nfs_access_get_cached to only report the mask (bsc#1190746). - NFS: do not store 'struct cred *' in struct nfs_access_entry (bsc#1190746). - NFS: pass cred explicitly for access tests (bsc#1190746). - nvme: avoid race in shutdown namespace removal (bsc#1188067). - nvme: fix refcounting imbalance when all paths are down (bsc#1188067). - parport: remove non-zero check on count (git-fixes). - PCI: aardvark: Fix checking for PIO status (git-fixes). - PCI: aardvark: Fix masking and unmasking legacy INTx interrupts (git-fixes). - PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO response (git-fixes). - PCI: Add ACS quirks for Cavium multi-function devices (git-fixes). - PCI: Add ACS quirks for NXP LX2xx0 and LX2xx2 platforms (git-fixes). - PCI: Add AMD GPU multi-function power dependencies (git-fixes). - PCI: ibmphp: Fix double unmap of io_mem (git-fixes). - PCI: pci-bridge-emul: Add PCIe Root Capabilities Register (git-fixes). - PCI: pci-bridge-emul: Fix array overruns, improve safety (git-fixes). - PCI: pci-bridge-emul: Fix big-endian support (git-fixes). - PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported (git-fixes). - PCI: Use pci_update_current_state() in pci_enable_device_flags() (git-fixes). - PM: base: power: do not try to use non-existing RTC for storing data (git-fixes). - PM: EM: Increase energy calculation precision (git-fixes). - power: supply: axp288_fuel_gauge: Report register-address on readb / writeb errors (git-fixes). - power: supply: max17042_battery: fix typo in MAx17042_TOFF (git-fixes). - powercap: intel_rapl: add support for Sapphire Rapids (jsc#SLE-15289). - powerpc: fix function annotations to avoid section mismatch warnings with gcc-10 (bsc#1148868). - powerpc/drmem: Make LMB walk a bit more flexible (bsc#1190543 ltc#194523). - powerpc/perf: Drop the case of returning 0 as instruction pointer (bsc#1065729). - powerpc/perf: Fix crash in perf_instruction_pointer() when ppmu is not set (bsc#1065729). - powerpc/perf: Fix the check for SIAR value (bsc#1065729). - powerpc/perf: Use regs->nip when SIAR is zero (bsc#1065729). - powerpc/perf: Use stack siar instead of mfspr (bsc#1065729). - powerpc/perf: Use the address from SIAR register to set cpumode flags (bsc#1065729). - powerpc/perf/hv-gpci: Fix counter value parsing (bsc#1065729). - powerpc/powernv: Fix machine check reporting of async store errors (bsc#1065729). - powerpc/pseries: Prevent free CPU ids being reused on another node (bsc#1190620 ltc#194498). - powerpc/pseries/dlpar: use rtas_get_sensor() (bsc#1065729). - pseries/drmem: update LMBs after LPM (bsc#1190543 ltc#194523). - pwm: img: Do not modify HW state in .remove() callback (git-fixes). - pwm: rockchip: Do not modify HW state in .remove() callback (git-fixes). - pwm: stm32-lp: Do not modify HW state in .remove() callback (git-fixes). - qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom (git-fixes). - RDMA/bnxt_re: Remove unpaired rtnl unlock in bnxt_re_dev_init() (bsc#1170774). - Re-enable UAS for LaCie Rugged USB3-FW with fk quirk (git-fixes). - regmap: fix page selection for noinc reads (git-fixes). - regmap: fix page selection for noinc writes (git-fixes). - regmap: fix the offset of register error log (git-fixes). - Restore kabi after NFS: pass cred explicitly for access tests (bsc#1190746). - rpm: Abolish scritplet templating (bsc#1189841). Outsource kernel-binary and KMP scriptlets to suse-module-tools. This allows fixing bugs in the scriptlets as well as defining initrd regeneration policy independent of the kernel packages. - rpm/kernel-binary.spec: Use only non-empty certificates. - rpm/kernel-binary.spec.in: avoid conflicting suse-release suse-release had arbitrary values in staging, we can't use it for dependencies. The filesystem one has to be enough (boo#1184804). - rtc: rx8010: select REGMAP_I2C (git-fixes). - rtc: tps65910: Correct driver module alias (git-fixes). - s390/unwind: use current_frame_address() to unwind current task (bsc#1185677). - sched/fair: Add ancestors of unthrottled undecayed cfs_rq (bsc#1191292). - scsi: core: Add helper to return number of logical blocks in a request (bsc#1190576). - scsi: core: Introduce the scsi_cmd_to_rq() function (bsc#1190576). - scsi: fc: Add EDC ELS definition (bsc#1190576). - scsi: fc: Update formal FPIN descriptor definitions (bsc#1190576). - scsi: lpfc: Add bsg support for retrieving adapter cmf data (bsc#1190576). - scsi: lpfc: Add cm statistics buffer support (bsc#1190576). - scsi: lpfc: Add cmf_info sysfs entry (bsc#1190576). - scsi: lpfc: Add cmfsync WQE support (bsc#1190576). - scsi: lpfc: Add debugfs support for cm framework buffers (bsc#1190576). - scsi: lpfc: Add EDC ELS support (bsc#1190576). - scsi: lpfc: Add MIB feature enablement support (bsc#1190576). - scsi: lpfc: Add rx monitoring statistics (bsc#1190576). - scsi: lpfc: Add SET_HOST_DATA mbox cmd to pass date/time info to firmware (bsc#1190576). - scsi: lpfc: Add support for cm enablement buffer (bsc#1190576). - scsi: lpfc: Add support for maintaining the cm statistics buffer (bsc#1190576). - scsi: lpfc: Add support for the CM framework (bsc#1190576). - scsi: lpfc: Adjust bytes received vales during cmf timer interval (bsc#1190576). - scsi: lpfc: Copyright updates for 14.0.0.1 patches (bsc#1190576). - scsi: lpfc: Do not release final kref on Fport node while ABTS outstanding (bsc#1190576). - scsi: lpfc: Do not remove ndlp on PRLI errors in P2P mode (bsc#1190576). - scsi: lpfc: Expand FPIN and RDF receive logging (bsc#1190576). - scsi: lpfc: Fix compilation errors on kernels with no CONFIG_DEBUG_FS (bsc#1190576). - scsi: lpfc: Fix CPU to/from endian warnings introduced by ELS processing (bsc#1190576). - scsi: lpfc: Fix EEH support for NVMe I/O (bsc#1190576). - scsi: lpfc: Fix FCP I/O flush functionality for TMF routines (bsc#1190576). - scsi: lpfc: Fix gcc -Wstringop-overread warning, again (bsc#1190576). - scsi: lpfc: Fix hang on unload due to stuck fport node (bsc#1190576). - scsi: lpfc: Fix I/O block after enabling managed congestion mode (bsc#1190576). - scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() (bsc#1190576). - scsi: lpfc: Fix NVMe I/O failover to non-optimized path (bsc#1190576). - scsi: lpfc: Fix premature rpi release for unsolicited TPLS and LS_RJT (bsc#1190576). - scsi: lpfc: Fix rediscovery of tape device after LIP (bsc#1190576). - scsi: lpfc: Fix sprintf() overflow in lpfc_display_fpin_wwpn() (bsc#1190576). - scsi: lpfc: Improve PBDE checks during SGL processing (bsc#1190576). - scsi: lpfc: Remove unneeded variable (bsc#1190576). - scsi: lpfc: Update lpfc version to 14.0.0.1 (bsc#1190576). - scsi: lpfc: Update lpfc version to 14.0.0.2 (bsc#1190576). - scsi: lpfc: Use correct scnprintf() limit (bsc#1190576). - scsi: lpfc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190576). - scsi: lpfc: Use the proper SCSI midlayer interfaces for PI (bsc#1190576). - scsi: lpfc: Zero CGN stats only during initial driver load and stat reset (bsc#1190576). - scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V (bsc#1189297). - serial: 8250_pci: make setup_port() parameters explicitly unsigned (git-fixes). - serial: 8250: Define RX trigger levels for OxSemi 950 devices (git-fixes). - serial: mvebu-uart: fix driver's tx_empty callback (git-fixes). - serial: sh-sci: fix break handling for sysrq (git-fixes). - spi: Fix tegra20 build with CONFIG_PM=n (git-fixes). - staging: board: Fix uninitialized spinlock when attaching genpd (git-fixes). - staging: ks7010: Fix the initialization of the 'sleep_status' structure (git-fixes). - staging: rts5208: Fix get_ms_information() heap buffer size (git-fixes). - thermal/core: Potential buffer overflow in thermal_build_list_of_policies() (git-fixes). - time: Handle negative seconds correctly in timespec64_to_ns() (git-fixes). - tty: Fix data race between tiocsti() and flush_to_ldisc() (git-fixes). - tty: serial: jsm: hold port lock when reporting modem line changes (git-fixes). - tty: synclink_gt, drop unneeded forward declarations (git-fixes). - usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c (git-fixes). - usb: core: hcd: Add support for deferring roothub registration (git-fixes). - usb: dwc2: Add missing cleanups when usb_add_gadget_udc() fails (git-fixes). - usb: dwc2: Avoid leaving the error_debugfs label unused (git-fixes). - usb: dwc2: gadget: Fix ISOC flow for BDMA and Slave (git-fixes). - usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA (git-fixes). - usb: EHCI: ehci-mv: improve error handling in mv_ehci_enable() (git-fixes). - usb: gadget: r8a66597: fix a loop in set_feature() (git-fixes). - usb: gadget: u_ether: fix a potential null pointer dereference (git-fixes). - usb: host: fotg210: fix the actual_length of an iso packet (git-fixes). - usb: host: fotg210: fix the endpoint's transactional opportunities calculation (git-fixes). - usb: musb: musb_dsps: request_irq() after initializing musb (git-fixes). - usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned() (git-fixes). - usb: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter (git-fixes). - usb: serial: option: add device id for Foxconn T99W265 (git-fixes). - usb: serial: option: add Telit LN920 compositions (git-fixes). - usb: serial: option: remove duplicate USB device ID (git-fixes). - usbip: give back URBs for unsent unlink requests during cleanup (git-fixes). - usbip:vhci_hcd USB port can get stuck in the disabled state (git-fixes). - video: fbdev: asiliantfb: Error out if 'pixclock' equals zero (git-fixes). - video: fbdev: kyro: Error out if 'pixclock' equals zero (git-fixes). - video: fbdev: kyro: fix a DoS bug by restricting user input (git-fixes). - video: fbdev: riva: Error out if 'pixclock' equals zero (git-fixes). - vmxnet3: add support for 32 Tx/Rx queues (bsc#1190406). - vmxnet3: add support for ESP IPv6 RSS (bsc#1190406). - vmxnet3: increase maximum configurable mtu to 9190 (bsc#1190406). - vmxnet3: prepare for version 6 changes (bsc#1190406). - vmxnet3: remove power of 2 limitation on the queues (bsc#1190406). - vmxnet3: set correct hash type based on rss information (bsc#1190406). - vmxnet3: update to version 6 (bsc#1190406). - watchdog/sb_watchdog: fix compilation problem due to COMPILE_TEST (git-fixes). - x86/alternatives: Teach text_poke_bp() to emulate instructions (bsc#1185302). - x86/apic/msi: Plug non-maskable MSI affinity race (bsc#1184439). - x86/cpu: Fix core name for Sapphire Rapids (jsc#SLE-15289). - x86/mm: Fix kern_addr_valid() to cope with existing but not present entries (bsc#1152489). - x86/resctrl: Fix a maybe-uninitialized build warning treated as error (bsc#1152489). - x86/resctrl: Fix default monitoring groups reporting (bsc#1152489). - xfs: allow mount/remount when stripe width alignment is zero (bsc#1188651). - xfs: sync lazy sb accounting on quiesce of read-only mounts (bsc#1190679). - xgene-v2: Fix a resource leak in the error handling path of 'xge_probe()' (git-fixes). - xhci: Set HCD flag to defer primary roothub registration (git-fixes). Important SUSE bug 1065729 SUSE bug 1148868 SUSE bug 1152489 SUSE bug 1154353 SUSE bug 1159886 SUSE bug 1167773 SUSE bug 1170774 SUSE bug 1173746 SUSE bug 1176940 SUSE bug 1184439 SUSE bug 1184804 SUSE bug 1185302 SUSE bug 1185677 SUSE bug 1185726 SUSE bug 1185762 SUSE bug 1187167 SUSE bug 1188067 SUSE bug 1188651 SUSE bug 1188986 SUSE bug 1189297 SUSE bug 1189841 SUSE bug 1189884 SUSE bug 1190023 SUSE bug 1190062 SUSE bug 1190115 SUSE bug 1190159 SUSE bug 1190358 SUSE bug 1190406 SUSE bug 1190432 SUSE bug 1190467 SUSE bug 1190523 SUSE bug 1190534 SUSE bug 1190543 SUSE bug 1190576 SUSE bug 1190595 SUSE bug 1190596 SUSE bug 1190598 SUSE bug 1190620 SUSE bug 1190626 SUSE bug 1190679 SUSE bug 1190705 SUSE bug 1190717 SUSE bug 1190746 SUSE bug 1190758 SUSE bug 1190784 SUSE bug 1190785 SUSE bug 1191172 SUSE bug 1191193 SUSE bug 1191240 SUSE bug 1191292 CVE-2020-3702 at SUSE CVE-2020-3702 at NVD CVE-2021-3669 at SUSE CVE-2021-3669 at NVD CVE-2021-3744 at SUSE CVE-2021-3744 at NVD CVE-2021-3752 at SUSE CVE-2021-3752 at NVD CVE-2021-3764 at SUSE CVE-2021-3764 at NVD CVE-2021-40490 at SUSE CVE-2021-40490 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for glibc fixes the following issues: - CVE-2021-35942: wordexp: handle overflow in positional parameter number (bsc#1187911) - CVE-2021-33574: Use __pthread_attr_copy in mq_notify (bsc#1186489) Moderate SUSE bug 1186489 SUSE bug 1187911 CVE-2021-33574 at SUSE CVE-2021-33574 at NVD CVE-2021-35942 at SUSE CVE-2021-35942 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for rpm fixes the following issues: Security issues fixed: - CVE-2021-3421, CVE-2021-20271, CVE-2021-20266: Multiple header check improvements (bsc#1183543, bsc#1183545, bsc#1183632) - PGP hardening changes (bsc#1185299) - Fixed potential access of freed mem in ndb's glue code (bsc#1179416) Maintaince issues fixed: - Fixed zstd detection (bsc#1187670) - Added ndb rofs support (bsc#1188548) - Fixed deadlock when multiple rpm processes try tp acquire the database lock (bsc#1183659) Important SUSE bug 1179416 SUSE bug 1183543 SUSE bug 1183545 SUSE bug 1183632 SUSE bug 1183659 SUSE bug 1185299 SUSE bug 1187670 SUSE bug 1188548 CVE-2021-20266 at SUSE CVE-2021-20266 at NVD CVE-2021-20271 at SUSE CVE-2021-20271 at NVD CVE-2021-3421 at SUSE CVE-2021-3421 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 The SUSE Linux Enterprise 15 SP2 kernel was updated. The following security bugs were fixed: - CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bnc#1191193) - CVE-2021-3752: Fixed a use after free vulnerability in the Linux kernel's bluetooth module. (bsc#1190023) - CVE-2021-40490: Fixed a race condition discovered in the ext4 subsystem that could leat to local priviledge escalation. (bnc#1190159) - CVE-2021-3744: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1189884) - CVE-2021-3764: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1190534) - CVE-2021-3669: Fixed a bug that doesn't allow /proc/sysvipc/shm to scale with large shared memory segment counts which could lead to resource exhaustion and DoS. (bsc#1188986) The following non-security bugs were fixed: - ALSA: firewire-motu: fix truncated bytes in message tracepoints (git-fixes). - apparmor: remove duplicate macro list_entry_is_head() (git-fixes). - ASoC: fsl_micfil: register platform component before registering cpu dai (git-fixes). - ASoC: mediatek: common: handle NULL case in suspend/resume function (git-fixes). - ASoC: rockchip: i2s: Fix regmap_ops hang (git-fixes). - ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B (git-fixes). - ASoC: SOF: Fix DSP oops stack dump output contents (git-fixes). - ath9k: fix OOB read ar9300_eeprom_restore_internal (git-fixes). - ath9k: fix sleeping in atomic context (git-fixes). - blk-mq: do not deactivate hctx if managed irq isn't used (bsc#1185762). - blk-mq: kABI fixes for blk_mq_queue_map (bsc#1185762). - blk-mq: mark if one queue map uses managed irq (bsc#1185762). - Bluetooth: skip invalid hci_sync_conn_complete_evt (git-fixes). - bnx2x: fix an error code in bnx2x_nic_load() (git-fixes). - bnxt_en: Add missing DMA memory barriers (git-fixes). - bnxt_en: Disable aRFS if running on 212 firmware (git-fixes). - bnxt_en: Do not enable legacy TX push on older firmware (git-fixes). - bnxt_en: Store the running firmware version code (git-fixes). - bnxt: count Tx drops (git-fixes). - bnxt: disable napi before canceling DIM (git-fixes). - bnxt: do not lock the tx queue from napi poll (git-fixes). - bnxt: make sure xmit_more + errors does not miss doorbells (git-fixes). - btrfs: prevent rename2 from exchanging a subvol with a directory from different parents (bsc#1190626). - clk: at91: clk-generated: Limit the requested rate to our range (git-fixes). - clk: at91: clk-generated: pass the id of changeable parent at registration (git-fixes). - console: consume APC, DM, DCS (git-fixes). - cuse: fix broken release (bsc#1190596). - cxgb4: dont touch blocked freelist bitmap after free (git-fixes). - debugfs: Return error during {full/open}_proxy_open() on rmmod (bsc#1173746). - devlink: Break parameter notification sequence to be before/after unload/load driver (bsc#1154353). - dmaengine: ioat: depends on !UML (git-fixes). - dmaengine: sprd: Add missing MODULE_DEVICE_TABLE (git-fixes). - dmaengine: xilinx_dma: Set DMA mask for coherent APIs (git-fixes). - docs: Fix infiniband uverbs minor number (git-fixes). - drivers: gpu: amd: Initialize amdgpu_dm_backlight_caps object to 0 in amdgpu_dm_update_backlight_caps (git-fixes). - drm: avoid blocking in drm_clients_info's rcu section (git-fixes). - drm/amd/amdgpu: Update debugfs link_settings output link_rate field in hex (git-fixes). - drm/amd/display: Fix timer_per_pixel unit error (git-fixes). - drm/amdgpu: Fix BUG_ON assert (git-fixes). - drm/gma500: Fix end of loop tests for list_for_each_entry (git-fixes). - drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV (git-fixes). - drm/panfrost: Clamp lock region to Bifrost minimum (git-fixes). - e1000e: Do not take care about recovery NVM checksum (jsc#SLE-8100). - e1000e: Fix the max snoop/no-snoop latency for 10M (git-fixes). - EDAC/i10nm: Fix NVDIMM detection (bsc#1152489). - EDAC/synopsys: Fix wrong value type assignment for edac_mode (bsc#1152489). - erofs: fix up erofs_lookup tracepoint (git-fixes). - fbmem: do not allow too huge resolutions (git-fixes). - fpga: machxo2-spi: Fix missing error code in machxo2_write_complete() (git-fixes). - fpga: machxo2-spi: Return an error on failure (git-fixes). - fuse: flush extending writes (bsc#1190595). - fuse: truncate pagecache on atomic_o_trunc (bsc#1190705). - genirq: add device_has_managed_msi_irq (bsc#1185762). - gpio: uniphier: Fix void functions to remove return value (git-fixes). - gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port() (git-fixes). - gve: fix the wrong AdminQ buffer overflow check (bsc#1176940). - hv_netvsc: Make netvsc/VF binding check both MAC and serial number (jsc#SLE-18779, bsc#1185726). - hv: mana: remove netdev_lockdep_set_classes usage (jsc#SLE-18779, bsc#1185726). - hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs (git-fixes). - hwmon: (tmp421) fix rounding for negative values (git-fixes). - hwmon: (tmp421) report /PVLD condition as fault (git-fixes). - i40e: Add additional info to PHY type error (git-fixes). - i40e: Fix firmware LLDP agent related warning (git-fixes). - i40e: Fix log TC creation failure when max num of queues is exceeded (git-fixes). - i40e: Fix logic of disabling queues (git-fixes). - i40e: Fix queue-to-TC mapping on Tx (git-fixes). - iavf: Fix ping is lost after untrusted VF had tried to change MAC (jsc#SLE-7940). - iavf: Set RSS LUT and key in reset handle path (git-fixes). - ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510). - ibmvnic: Consolidate code in replenish_rx_pool() (bsc#1190758 ltc#191943). - ibmvnic: Fix up some comments and messages (bsc#1190758 ltc#191943). - ibmvnic: init_tx_pools move loop-invariant code (bsc#1190758 ltc#191943). - ibmvnic: Reuse LTB when possible (bsc#1190758 ltc#191943). - ibmvnic: Reuse rx pools when possible (bsc#1190758 ltc#191943). - ibmvnic: Reuse tx pools when possible (bsc#1190758 ltc#191943). - ibmvnic: Use bitmap for LTB map_ids (bsc#1190758 ltc#191943). - ibmvnic: Use/rename local vars in init_rx_pools (bsc#1190758 ltc#191943). - ibmvnic: Use/rename local vars in init_tx_pools (bsc#1190758 ltc#191943). - ice: Prevent probing virtual functions (git-fixes). - iio: dac: ad5624r: Fix incorrect handling of an optional regulator (git-fixes). - include/linux/list.h: add a macro to test if entry is pointing to the head (git-fixes). - iomap: Fix negative assignment to unsigned sis->pages in iomap_swapfile_activate (bsc#1190784). - ionic: cleanly release devlink instance (bsc#1167773). - ionic: count csum_none when offload enabled (bsc#1167773). - ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#1190115). - ipc/util.c: use binary search for max_idx (bsc#1159886). - ipvs: allow connection reuse for unconfirmed conntrack (bsc#1190467). - ipvs: avoid expiring many connections from timer (bsc#1190467). - ipvs: Fix up kabi for expire_nodest_conn_work addition (bsc#1190467). - ipvs: queue delayed work to expire no destination connections if expire_nodest_conn=1 (bsc#1190467). - iwlwifi: mvm: fix a memory leak in iwl_mvm_mac_ctxt_beacon_changed (git-fixes). - kernel-binary.spec: Check for no kernel signing certificates. Also remove unused variable. - kernel-binary.spec: Do not fail silently when KMP is empty (bsc#1190358). Copy the code from kernel-module-subpackage that deals with empty KMPs. - kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167 bsc#1191240 ltc#194716). - kernel-binary.spec.in Stop templating the scriptlets for subpackages (bsc#1190358). The script part for base package case is completely separate from the part for subpackages. Remove the part for subpackages from the base package script and use the KMP scripts for subpackages instead. - libata: fix ata_host_start() (git-fixes). - mac80211-hwsim: fix late beacon hrtimer handling (git-fixes). - mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug (git-fixes). - mac80211: fix use-after-free in CCMP/GCMP RX (git-fixes). - mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap (git-fixes). - mac80211: mesh: fix potentially unaligned access (git-fixes). - media: cedrus: Fix SUNXI tile size calculation (git-fixes). - media: coda: fix frame_mem_ctrl for YUV420 and YVU420 formats (git-fixes). - media: dib8000: rewrite the init prbs logic (git-fixes). - media: imx258: Limit the max analogue gain to 480 (git-fixes). - media: imx258: Rectify mismatch of VTS value (git-fixes). - media: rc-loopback: return number of emitters rather than error (git-fixes). - media: TDA1997x: fix tda1997x_query_dv_timings() return value (git-fixes). - media: uvc: do not do DMA on stack (git-fixes). - media: v4l2-dv-timings.c: fix wrong condition in two for-loops (git-fixes). - mfd: Do not use irq_create_mapping() to resolve a mapping (git-fixes). - mlx4: Fix missing error code in mlx4_load_one() (git-fixes). - mm: always have io_remap_pfn_range() set pgprot_decrypted() (git-fixes). - mm/swap: consider max pages in iomap_swapfile_add_extent (bsc#1190785). - mmc: core: Return correct emmc response in case of ioctl error (git-fixes). - mmc: rtsx_pci: Fix long reads when clock is prescaled (git-fixes). - mmc: sdhci-of-arasan: Check return value of non-void funtions (git-fixes). - net: mana: Add a driver for Microsoft Azure Network Adapter (MANA) (jsc#SLE-18779, bsc#1185726). - net: mana: Add support for EQ sharing (jsc#SLE-18779, bsc#1185726). - net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-18779, bsc#1185726). - net: mana: Fix a memory leak in an error handling path in (jsc#SLE-18779, bsc#1185726). - net: mana: fix PCI_HYPERV dependency (jsc#SLE-18779, bsc#1185726). - net: mana: Move NAPI from EQ to CQ (jsc#SLE-18779, bsc#1185726). - net: mana: Prefer struct_size over open coded arithmetic (jsc#SLE-18779, bsc#1185726). - net: mana: remove redundant initialization of variable err (jsc#SLE-18779, bsc#1185726). - net: mana: Use int to check the return value of mana_gd_poll_cq() (jsc#SLE-18779, bsc#1185726). - net: mana: Use struct_size() in kzalloc() (jsc#SLE-18779, bsc#1185726). - net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32 (git-fixes). - net: sched: sch_teql: fix null-pointer dereference (bsc#1190717). - net/mlx5: E-Switch, handle devcom events only for ports on the same device (git-fixes). - net/mlx5: Fix flow table chaining (git-fixes). - net/mlx5: Fix return value from tracer initialization (git-fixes). - net/mlx5: Unload device upon firmware fatal error (git-fixes). - net/mlx5e: Avoid creating tunnel headers for local route (git-fixes). - net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev() (git-fixes). - net/mlx5e: Prohibit inner indir TIRs in IPoIB (git-fixes). - netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state (bsc#1190062). - nfp: update ethtool reporting of pauseframe control (git-fixes). - NFS: change nfs_access_get_cached to only report the mask (bsc#1190746). - NFS: do not store 'struct cred *' in struct nfs_access_entry (bsc#1190746). - NFS: pass cred explicitly for access tests (bsc#1190746). - nvme: avoid race in shutdown namespace removal (bsc#1188067). - nvme: fix refcounting imbalance when all paths are down (bsc#1188067). - parport: remove non-zero check on count (git-fixes). - PCI: aardvark: Fix checking for PIO status (git-fixes). - PCI: aardvark: Fix masking and unmasking legacy INTx interrupts (git-fixes). - PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO response (git-fixes). - PCI: Add ACS quirks for Cavium multi-function devices (git-fixes). - PCI: Add ACS quirks for NXP LX2xx0 and LX2xx2 platforms (git-fixes). - PCI: Add AMD GPU multi-function power dependencies (git-fixes). - PCI: ibmphp: Fix double unmap of io_mem (git-fixes). - PCI: pci-bridge-emul: Add PCIe Root Capabilities Register (git-fixes). - PCI: pci-bridge-emul: Fix array overruns, improve safety (git-fixes). - PCI: pci-bridge-emul: Fix big-endian support (git-fixes). - PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported (git-fixes). - PCI: Use pci_update_current_state() in pci_enable_device_flags() (git-fixes). - PM: base: power: do not try to use non-existing RTC for storing data (git-fixes). - PM: EM: Increase energy calculation precision (git-fixes). - power: supply: axp288_fuel_gauge: Report register-address on readb / writeb errors (git-fixes). - power: supply: max17042_battery: fix typo in MAx17042_TOFF (git-fixes). - powercap: intel_rapl: add support for Sapphire Rapids (jsc#SLE-15289). - powerpc: fix function annotations to avoid section mismatch warnings with gcc-10 (bsc#1148868). - powerpc/drmem: Make LMB walk a bit more flexible (bsc#1190543 ltc#194523). - powerpc/perf: Drop the case of returning 0 as instruction pointer (bsc#1065729). - powerpc/perf: Fix crash in perf_instruction_pointer() when ppmu is not set (bsc#1065729). - powerpc/perf: Fix the check for SIAR value (bsc#1065729). - powerpc/perf: Use regs->nip when SIAR is zero (bsc#1065729). - powerpc/perf: Use stack siar instead of mfspr (bsc#1065729). - powerpc/perf: Use the address from SIAR register to set cpumode flags (bsc#1065729). - powerpc/perf/hv-gpci: Fix counter value parsing (bsc#1065729). - powerpc/powernv: Fix machine check reporting of async store errors (bsc#1065729). - powerpc/pseries: Prevent free CPU ids being reused on another node (bsc#1190620 ltc#194498). - powerpc/pseries/dlpar: use rtas_get_sensor() (bsc#1065729). - pseries/drmem: update LMBs after LPM (bsc#1190543 ltc#194523). - pwm: img: Do not modify HW state in .remove() callback (git-fixes). - pwm: rockchip: Do not modify HW state in .remove() callback (git-fixes). - pwm: stm32-lp: Do not modify HW state in .remove() callback (git-fixes). - qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom (git-fixes). - RDMA/bnxt_re: Remove unpaired rtnl unlock in bnxt_re_dev_init() (bsc#1170774). - Re-enable UAS for LaCie Rugged USB3-FW with fk quirk (git-fixes). - regmap: fix page selection for noinc reads (git-fixes). - regmap: fix page selection for noinc writes (git-fixes). - regmap: fix the offset of register error log (git-fixes). - Restore kabi after NFS: pass cred explicitly for access tests (bsc#1190746). - rpm: Abolish scritplet templating (bsc#1189841). Outsource kernel-binary and KMP scriptlets to suse-module-tools. This allows fixing bugs in the scriptlets as well as defining initrd regeneration policy independent of the kernel packages. - rpm/kernel-binary.spec: Use only non-empty certificates. - rpm/kernel-binary.spec.in: avoid conflicting suse-release suse-release had arbitrary values in staging, we can't use it for dependencies. The filesystem one has to be enough (boo#1184804). - rtc: rx8010: select REGMAP_I2C (git-fixes). - rtc: tps65910: Correct driver module alias (git-fixes). - s390/unwind: use current_frame_address() to unwind current task (bsc#1185677). - sched/fair: Add ancestors of unthrottled undecayed cfs_rq (bsc#1191292). - scsi: core: Add helper to return number of logical blocks in a request (bsc#1190576). - scsi: core: Introduce the scsi_cmd_to_rq() function (bsc#1190576). - scsi: fc: Add EDC ELS definition (bsc#1190576). - scsi: fc: Update formal FPIN descriptor definitions (bsc#1190576). - scsi: lpfc: Add bsg support for retrieving adapter cmf data (bsc#1190576). - scsi: lpfc: Add cm statistics buffer support (bsc#1190576). - scsi: lpfc: Add cmf_info sysfs entry (bsc#1190576). - scsi: lpfc: Add cmfsync WQE support (bsc#1190576). - scsi: lpfc: Add debugfs support for cm framework buffers (bsc#1190576). - scsi: lpfc: Add EDC ELS support (bsc#1190576). - scsi: lpfc: Add MIB feature enablement support (bsc#1190576). - scsi: lpfc: Add rx monitoring statistics (bsc#1190576). - scsi: lpfc: Add SET_HOST_DATA mbox cmd to pass date/time info to firmware (bsc#1190576). - scsi: lpfc: Add support for cm enablement buffer (bsc#1190576). - scsi: lpfc: Add support for maintaining the cm statistics buffer (bsc#1190576). - scsi: lpfc: Add support for the CM framework (bsc#1190576). - scsi: lpfc: Adjust bytes received vales during cmf timer interval (bsc#1190576). - scsi: lpfc: Copyright updates for 14.0.0.1 patches (bsc#1190576). - scsi: lpfc: Do not release final kref on Fport node while ABTS outstanding (bsc#1190576). - scsi: lpfc: Do not remove ndlp on PRLI errors in P2P mode (bsc#1190576). - scsi: lpfc: Expand FPIN and RDF receive logging (bsc#1190576). - scsi: lpfc: Fix compilation errors on kernels with no CONFIG_DEBUG_FS (bsc#1190576). - scsi: lpfc: Fix CPU to/from endian warnings introduced by ELS processing (bsc#1190576). - scsi: lpfc: Fix EEH support for NVMe I/O (bsc#1190576). - scsi: lpfc: Fix FCP I/O flush functionality for TMF routines (bsc#1190576). - scsi: lpfc: Fix gcc -Wstringop-overread warning, again (bsc#1190576). - scsi: lpfc: Fix hang on unload due to stuck fport node (bsc#1190576). - scsi: lpfc: Fix I/O block after enabling managed congestion mode (bsc#1190576). - scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() (bsc#1190576). - scsi: lpfc: Fix NVMe I/O failover to non-optimized path (bsc#1190576). - scsi: lpfc: Fix premature rpi release for unsolicited TPLS and LS_RJT (bsc#1190576). - scsi: lpfc: Fix rediscovery of tape device after LIP (bsc#1190576). - scsi: lpfc: Fix sprintf() overflow in lpfc_display_fpin_wwpn() (bsc#1190576). - scsi: lpfc: Improve PBDE checks during SGL processing (bsc#1190576). - scsi: lpfc: Remove unneeded variable (bsc#1190576). - scsi: lpfc: Update lpfc version to 14.0.0.1 (bsc#1190576). - scsi: lpfc: Update lpfc version to 14.0.0.2 (bsc#1190576). - scsi: lpfc: Use correct scnprintf() limit (bsc#1190576). - scsi: lpfc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190576). - scsi: lpfc: Use the proper SCSI midlayer interfaces for PI (bsc#1190576). - scsi: lpfc: Zero CGN stats only during initial driver load and stat reset (bsc#1190576). - scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V (bsc#1189297). - serial: 8250_pci: make setup_port() parameters explicitly unsigned (git-fixes). - serial: 8250: Define RX trigger levels for OxSemi 950 devices (git-fixes). - serial: mvebu-uart: fix driver's tx_empty callback (git-fixes). - serial: sh-sci: fix break handling for sysrq (git-fixes). - spi: Fix tegra20 build with CONFIG_PM=n (git-fixes). - staging: board: Fix uninitialized spinlock when attaching genpd (git-fixes). - staging: ks7010: Fix the initialization of the 'sleep_status' structure (git-fixes). - staging: rts5208: Fix get_ms_information() heap buffer size (git-fixes). - thermal/core: Potential buffer overflow in thermal_build_list_of_policies() (git-fixes). - time: Handle negative seconds correctly in timespec64_to_ns() (git-fixes). - tty: Fix data race between tiocsti() and flush_to_ldisc() (git-fixes). - tty: serial: jsm: hold port lock when reporting modem line changes (git-fixes). - tty: synclink_gt, drop unneeded forward declarations (git-fixes). - usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c (git-fixes). - usb: core: hcd: Add support for deferring roothub registration (git-fixes). - usb: dwc2: Add missing cleanups when usb_add_gadget_udc() fails (git-fixes). - usb: dwc2: Avoid leaving the error_debugfs label unused (git-fixes). - usb: dwc2: gadget: Fix ISOC flow for BDMA and Slave (git-fixes). - usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA (git-fixes). - usb: EHCI: ehci-mv: improve error handling in mv_ehci_enable() (git-fixes). - usb: gadget: r8a66597: fix a loop in set_feature() (git-fixes). - usb: gadget: u_ether: fix a potential null pointer dereference (git-fixes). - usb: host: fotg210: fix the actual_length of an iso packet (git-fixes). - usb: host: fotg210: fix the endpoint's transactional opportunities calculation (git-fixes). - usb: musb: musb_dsps: request_irq() after initializing musb (git-fixes). - usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned() (git-fixes). - usb: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter (git-fixes). - usb: serial: option: add device id for Foxconn T99W265 (git-fixes). - usb: serial: option: add Telit LN920 compositions (git-fixes). - usb: serial: option: remove duplicate USB device ID (git-fixes). - usbip: give back URBs for unsent unlink requests during cleanup (git-fixes). - usbip:vhci_hcd USB port can get stuck in the disabled state (git-fixes). - video: fbdev: asiliantfb: Error out if 'pixclock' equals zero (git-fixes). - video: fbdev: kyro: Error out if 'pixclock' equals zero (git-fixes). - video: fbdev: kyro: fix a DoS bug by restricting user input (git-fixes). - video: fbdev: riva: Error out if 'pixclock' equals zero (git-fixes). - vmxnet3: add support for 32 Tx/Rx queues (bsc#1190406). - vmxnet3: add support for ESP IPv6 RSS (bsc#1190406). - vmxnet3: increase maximum configurable mtu to 9190 (bsc#1190406). - vmxnet3: prepare for version 6 changes (bsc#1190406). - vmxnet3: remove power of 2 limitation on the queues (bsc#1190406). - vmxnet3: set correct hash type based on rss information (bsc#1190406). - vmxnet3: update to version 6 (bsc#1190406). - watchdog/sb_watchdog: fix compilation problem due to COMPILE_TEST (git-fixes). - x86/alternatives: Teach text_poke_bp() to emulate instructions (bsc#1185302). - x86/apic/msi: Plug non-maskable MSI affinity race (bsc#1184439). - x86/cpu: Fix core name for Sapphire Rapids (jsc#SLE-15289). - x86/mm: Fix kern_addr_valid() to cope with existing but not present entries (bsc#1152489). - x86/resctrl: Fix a maybe-uninitialized build warning treated as error (bsc#1152489). - x86/resctrl: Fix default monitoring groups reporting (bsc#1152489). - xfs: allow mount/remount when stripe width alignment is zero (bsc#1188651). - xfs: sync lazy sb accounting on quiesce of read-only mounts (bsc#1190679). - xgene-v2: Fix a resource leak in the error handling path of 'xge_probe()' (git-fixes). - xhci: Set HCD flag to defer primary roothub registration (git-fixes). Important SUSE bug 1065729 SUSE bug 1148868 SUSE bug 1152489 SUSE bug 1154353 SUSE bug 1159886 SUSE bug 1167773 SUSE bug 1170774 SUSE bug 1173746 SUSE bug 1176940 SUSE bug 1184439 SUSE bug 1184804 SUSE bug 1185302 SUSE bug 1185677 SUSE bug 1185726 SUSE bug 1185762 SUSE bug 1187167 SUSE bug 1188067 SUSE bug 1188651 SUSE bug 1188986 SUSE bug 1189297 SUSE bug 1189841 SUSE bug 1189884 SUSE bug 1190023 SUSE bug 1190062 SUSE bug 1190115 SUSE bug 1190159 SUSE bug 1190358 SUSE bug 1190406 SUSE bug 1190432 SUSE bug 1190467 SUSE bug 1190523 SUSE bug 1190534 SUSE bug 1190543 SUSE bug 1190576 SUSE bug 1190595 SUSE bug 1190596 SUSE bug 1190598 SUSE bug 1190620 SUSE bug 1190626 SUSE bug 1190679 SUSE bug 1190705 SUSE bug 1190717 SUSE bug 1190746 SUSE bug 1190758 SUSE bug 1190784 SUSE bug 1190785 SUSE bug 1191172 SUSE bug 1191193 SUSE bug 1191240 SUSE bug 1191292 CVE-2020-3702 at SUSE CVE-2020-3702 at NVD CVE-2021-3669 at SUSE CVE-2021-3669 at NVD CVE-2021-3744 at SUSE CVE-2021-3744 at NVD CVE-2021-3752 at SUSE CVE-2021-3752 at NVD CVE-2021-3764 at SUSE CVE-2021-3764 at NVD CVE-2021-40490 at SUSE CVE-2021-40490 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for krb5 fixes the following issues: - CVE-2021-37750: Fixed KDC null pointer dereference via a FAST inner body that lacks a server field (bsc#1189929). Moderate SUSE bug 1189929 CVE-2021-37750 at SUSE CVE-2021-37750 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for ncurses fixes the following issues: - CVE-2021-39537: Fixed an heap-based buffer overflow in _nc_captoinfo. (bsc#1190793) Moderate SUSE bug 1190793 CVE-2021-39537 at SUSE CVE-2021-39537 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for containerd, docker, runc fixes the following issues: Docker was updated to 20.10.9-ce. (bsc#1191355) See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. CVE-2021-41092 CVE-2021-41089 CVE-2021-41091 CVE-2021-41103 container was updated to v1.4.11, to fix CVE-2021-41103. bsc#1191355 - CVE-2021-32760: Fixed that a archive package allows chmod of file outside of unpack target directory (bsc#1188282) - Install systemd service file as well (bsc#1190826) Update to runc v1.0.2. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.2 * Fixed a failure to set CPU quota period in some cases on cgroup v1. * Fixed the inability to start a container with the 'adding seccomp filter rule for syscall ...' error, caused by redundant seccomp rules (i.e. those that has action equal to the default one). Such redundant rules are now skipped. * Made release builds reproducible from now on. * Fixed a rare debug log race in runc init, which can result in occasional harmful 'failed to decode ...' errors from runc run or exec. * Fixed the check in cgroup v1 systemd manager if a container needs to be frozen before Set, and add a setting to skip such freeze unconditionally. The previous fix for that issue, done in runc 1.0.1, was not working. Update to runc v1.0.1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.1 * Fixed occasional runc exec/run failure ('interrupted system call') on an Azure volume. * Fixed 'unable to find groups ... token too long' error with /etc/group containing lines longer than 64K characters. * cgroup/systemd/v1: fix leaving cgroup frozen after Set if a parent cgroup is frozen. This is a regression in 1.0.0, not affecting runc itself but some of libcontainer users (e.g Kubernetes). * cgroupv2: bpf: Ignore inaccessible existing programs in case of permission error when handling replacement of existing bpf cgroup programs. This fixes a regression in 1.0.0, where some SELinux policies would block runc from being able to run entirely. * cgroup/systemd/v2: don't freeze cgroup on Set. * cgroup/systemd/v1: avoid unnecessary freeze on Set. - fix issues with runc under openSUSE MicroOS's SELinux policy. bsc#1187704 Update to runc v1.0.0. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.0 ! The usage of relative paths for mountpoints will now produce a warning (such configurations are outside of the spec, and in future runc will produce an error when given such configurations). * cgroupv2: devices: rework the filter generation to produce consistent results with cgroupv1, and always clobber any existing eBPF program(s) to fix runc update and avoid leaking eBPF programs (resulting in errors when managing containers). * cgroupv2: correctly convert 'number of IOs' statistics in a cgroupv1-compatible way. * cgroupv2: support larger than 32-bit IO statistics on 32-bit architectures. * cgroupv2: wait for freeze to finish before returning from the freezing code, optimize the method for checking whether a cgroup is frozen. * cgroups/systemd: fixed 'retry on dbus disconnect' logic introduced in rc94 * cgroups/systemd: fixed returning 'unit already exists' error from a systemd cgroup manager (regression in rc94) + cgroupv2: support SkipDevices with systemd driver + cgroup/systemd: return, not ignore, stop unit error from Destroy + Make 'runc --version' output sane even when built with go get or otherwise outside of our build scripts. + cgroups: set SkipDevices during runc update (so we don't modify cgroups at all during runc update). + cgroup1: blkio: support BFQ weights. + cgroupv2: set per-device io weights if BFQ IO scheduler is available. Update to runc v1.0.0~rc95. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc95 This release of runc contains a fix for CVE-2021-30465, and users are strongly recommended to update (especially if you are providing semi-limited access to spawn containers to untrusted users). (bsc#1185405) Update to runc v1.0.0~rc94. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc94 Breaking Changes: * cgroupv1: kernel memory limits are now always ignored, as kmemcg has been effectively deprecated by the kernel. Users should make use of regular memory cgroup controls. Regression Fixes: * seccomp: fix 32-bit compilation errors * runc init: fix a hang caused by deadlock in seccomp/ebpf loading code * runc start: fix 'chdir to cwd: permission denied' for some setups Important SUSE bug 1102408 SUSE bug 1185405 SUSE bug 1187704 SUSE bug 1188282 SUSE bug 1190826 SUSE bug 1191015 SUSE bug 1191121 SUSE bug 1191334 SUSE bug 1191355 SUSE bug 1191434 CVE-2021-30465 at SUSE CVE-2021-30465 at NVD CVE-2021-32760 at SUSE CVE-2021-32760 at NVD CVE-2021-41089 at SUSE CVE-2021-41089 at NVD CVE-2021-41091 at SUSE CVE-2021-41091 at NVD CVE-2021-41092 at SUSE CVE-2021-41092 at NVD CVE-2021-41103 at SUSE CVE-2021-41103 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for util-linux fixes the following issues: Update to version 2.33.2 to provide seamless update from SLE12 SP5 to SLE15 SP2: - CVE-2021-37600: Fixed an integer overflow which could lead to a buffer overflow in get_sem_elements() in sys-utils/ipcutils.c (bsc#1188921). - agetty: Fix 8-bit processing in get_logname() (bsc#1125886). - mount: Fix 'mount' output for net file systems (bsc#1122417). - ipcs: Avoid overflows (bsc#1178236) Moderate SUSE bug 1122417 SUSE bug 1125886 SUSE bug 1178236 SUSE bug 1188921 CVE-2021-37600 at SUSE CVE-2021-37600 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for pcre fixes the following issues: Update pcre to version 8.45: - CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974). - CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973) Moderate SUSE bug 1172973 SUSE bug 1172974 CVE-2019-20838 at SUSE CVE-2019-20838 at NVD CVE-2020-14155 at SUSE CVE-2020-14155 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for dnsmasq fixes the following issues: Update to version 2.86 - CVE-2021-3448: fixed outgoing port used when --server is used with an interface name. (bsc#1183709) - CVE-2020-14312: Set --local-service by default (bsc#1173646). - Open inotify socket only when used (bsc#1180914). Moderate SUSE bug 1173646 SUSE bug 1180914 SUSE bug 1183709 CVE-2020-14312 at SUSE CVE-2020-14312 at NVD CVE-2021-3448 at SUSE CVE-2021-3448 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for salt fixes the following issues: - Support querying for JSON data in external sql pillar. - Exclude the full path of a download URL to prevent injection of malicious code. (bsc#1190265, CVE-2021-21996) Moderate SUSE bug 1190265 CVE-2021-21996 at SUSE CVE-2021-21996 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for libvirt fixes the following issues: - CVE-2021-3667: Fixed a DoS vulnerability in the libvirt virStoragePoolLookupByTargetPath API. (bsc#1188843) Moderate SUSE bug 1177902 SUSE bug 1186398 SUSE bug 1188232 SUSE bug 1188843 SUSE bug 1190420 SUSE bug 1190693 SUSE bug 1190695 CVE-2021-3667 at SUSE CVE-2021-3667 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for qemu fixes the following issues: Security issues fixed: - CVE-2021-3713: Fix out-of-bounds write in UAS (USB Attached SCSI) device emulation (bsc#1189702) - CVE-2021-3748: Fix heap use-after-free in virtio_net_receive_rcu (bsc#1189938) Non-security issues fixed: - Add transfer length item in block limits page of scsi vpd (bsc#1190425) - Fix qemu crash while deleting xen-block (bsc#1189234) Important SUSE bug 1189234 SUSE bug 1189702 SUSE bug 1189938 SUSE bug 1190425 CVE-2021-3713 at SUSE CVE-2021-3713 at NVD CVE-2021-3748 at SUSE CVE-2021-3748 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 The SUSE Linux Enterprise 15 SP2 Real Time kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3772: Fixed sctp vtag check in sctp_sf_ootb (bsc#1190351). - CVE-2021-3655: Fixed a missing size validations on inbound SCTP packets, which may have allowed the kernel to read uninitialized memory (bsc#1188563). - CVE-2021-43056: Fixed possible KVM host crash via malicious KVM guest on Power8 (bnc#1192107). - CVE-2021-3896: Fixed a array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c (bsc#1191958). - CVE-2021-3760: Fixed a use-after-free vulnerability with the ndev->rf_conn_info object (bsc#1190067). - CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673). - CVE-2021-3542: Fixed heap buffer overflow in firedtv driver (bsc#1186063). - CVE-2021-3715: Fixed a use-after-free in route4_change() in net/sched/cls_route.c (bsc#1190349). - CVE-2021-42252: Fixed an issue inside aspeed_lpc_ctrl_mmap that could have allowed local attackers to access the Aspeed LPC control interface to overwrite memory in the kernel and potentially execute privileges (bnc#1190479). - CVE-2021-41864: Fixed prealloc_elems_and_freelist that allowed unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write (bnc#1191317). - CVE-2021-42008: Fixed a slab out-of-bounds write in the decode_data function in drivers/net/hamradio/6pack.c. Input from a process that had the CAP_NET_ADMIN capability could have lead to root access (bsc#1191315). The following non-security bugs were fixed: - ACPI: bgrt: Fix CFI violation (git-fixes). - ACPI: fix NULL pointer dereference (git-fixes). - ALSA: hda/realtek - ALC236 headset MIC recording issue (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PC50HS (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo X170KM-G (git-fixes). - ALSA: hda/realtek: Complete partial device name to avoid ambiguity (git-fixes). - ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW (git-fixes). - ALSA: hda: avoid write to STATESTS if controller is in reset (git-fixes). - ALSA: seq: Fix a potential UAF by wrong private_free call order (git-fixes). - ALSA: usb-audio: Add quirk for VF0770 (git-fixes). - ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset (git-fixes). - ASoC: DAPM: Fix missing kctl change notifications (git-fixes). - ASoC: wm8960: Fix clock configuration on slave mode (git-fixes). - Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731). - HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS (git-fixes). - HID: betop: fix slab-out-of-bounds Write in betop_probe (git-fixes). - HID: u2fzero: ignore incomplete packets without data (git-fixes). - HID: usbhid: free raw_report buffers in usbhid_stop (git-fixes). - HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device IDs (git-fixes). - ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241). - IPv6: reply ICMP error if the first fragment do not include all headers (bsc#1191241). - Input: snvs_pwrkey - add clk handling (git-fixes). - Input: xpad - add support for another USB ID of Nacon GC-100 (git-fixes). - KVM: PPC: Book3S HV Nested: Reflect guest PMU in-use to L0 when guest SPRs are live (bsc#1156395). - KVM: PPC: Book3S HV Nested: Sanitise H_ENTER_NESTED TM state (bsc#1156395). - KVM: PPC: Book3S HV: Save host FSCR in the P7/8 path (bsc#1065729). - KVM: PPC: Book3S HV: Tolerate treclaim. in fake-suspend mode changing registers (bsc#1156395). - KVM: PPC: Fix clearing never mapped TCEs in realmode (bsc#1156395). - KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak (bsc#1156395). - NFC: digital: fix possible memory leak in digital_in_send_sdd_req() (git-fixes). - NFC: digital: fix possible memory leak in digital_tg_listen_mdaa() (git-fixes). - NFS: Do uncached readdir when we're seeking a cookie in an empty page cache (bsc#1191628). - PCI: Fix pci_host_bridge struct device release/free handling (git-fixes). - USB: cdc-acm: clean up probe error labels (git-fixes). - USB: cdc-acm: fix minor-number release (git-fixes). - USB: serial: option: add Quectel EC200S-CN module support (git-fixes). - USB: serial: option: add Telit LE910Cx composition 0x1204 (git-fixes). - USB: serial: option: add prod. id for Quectel EG91 (git-fixes). - USB: serial: qcserial: add EM9191 QDL support (git-fixes). - USB: xhci: dbc: fix tty registration race (git-fixes). - acpi/arm64: fix next_platform_timer() section mismatch error (git-fixes). - ata: ahci_platform: fix null-ptr-deref in ahci_platform_enable_regulators() (git-fixes). - ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init() (git-fixes). - audit: fix possible null-pointer dereference in audit_filter_rules (git-fixes). - bfq: Remove merged request already in bfq_requests_merged() (bsc#1191456). - blk: Fix lock inversion between ioc lock and bfqd lock (bsc#1191456). - blktrace: Fix uaf in blk_trace access after removing by sysfs (bsc#1191452). - block: bfq: fix bfq_set_next_ioprio_data() (bsc#1191451). - bnxt_en: Fix TX timeout when TX ring size is set to the smallest (git-fixes). - bpf: Add bpf_patch_call_args prototype to include/linux/bpf.h (git-fixes). - bpf: Fix a typo of reuseport map in bpf.h (git-fixes). - bpf: Fix up bpf_skb_adjust_room helper's skb csum setting (git-fixes). - can: dev: can_restart: fix use after free bug (git-fixes). - can: peak_pci: peak_pci_remove(): fix UAF (git-fixes). - can: peak_usb: fix use after free bugs (git-fixes). - can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification (git-fixes). - can: rcar_can: fix suspend/resume (git-fixes). - can: ti_hecc: ti_hecc_probe(): add missed clk_disable_unprepare() in error path (git-fixes). - can: xilinx_can: handle failure cases of pm_runtime_get_sync (git-fixes). - cb710: avoid NULL pointer subtraction (git-fixes). - ceph: fix handling of 'meta' errors (bsc#1192041). - ceph: skip existing superblocks that are blocklisted or shut down when mounting (bsc#1192040). - cfg80211: scan: fix RCU in cfg80211_add_nontrans_list() (git-fixes). - drm/amd/display: Pass PCI deviceid into DC (git-fixes). - drm/amdgpu: fix gart.bo pin_count leak (git-fixes). - drm/msm/dsi: Fix an error code in msm_dsi_modeset_init() (git-fixes). - drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling (git-fixes). - drm/msm: Fix null pointer dereference on pointer edp (git-fixes). - drm/nouveau/debugfs: fix file release memory leak (git-fixes). - drm/panel: olimex-lcd-olinuxino: select CRC32 (git-fixes). - e1000e: Fix packet loss on Tiger Lake and later (git-fixes). - e100: fix buffer overrun in e100_get_regs (git-fixes). - e100: fix length calculation in e100_get_regs_len (git-fixes). - e100: handle eeprom as little endian (git-fixes). - ext4: fix reserved space counter leakage (bsc#1191450). - ext4: report correct st_size for encrypted symlinks (bsc#1191449). - fs, mm: fix race in unlinking swapfile (bsc#1191455). - fscrypt: add fscrypt_symlink_getattr() for computing st_size (bsc#1191449). - gpio: pca953x: Improve bias setting (git-fixes). - gve: Avoid freeing NULL pointer (git-fixes). - gve: Correct available tx qpl check (git-fixes). - gve: Properly handle errors in gve_assign_qpl (bsc#1176940). - gve: fix gve_get_stats() (git-fixes). - gve: report 64bit tx_bytes counter from gve_handle_report_stats() (bsc#1176940). - hso: fix bailout in error case of probe (git-fixes). - i2c: acpi: fix resource leak in reconfiguration device addition (git-fixes). - i40e: Fix ATR queue selection (git-fixes). - i40e: Fix freeing of uninitialized misc IRQ vector (git-fixes). - i40e: fix endless loop under rtnl (git-fixes). - iavf: fix double unlock of crit_lock (git-fixes). - ice: Add missing E810 device ids (jsc#SLE-7966 bsc#1157177). - iio: adc128s052: Fix the error handling path of 'adc128_probe()' (git-fixes). - iio: adc: aspeed: set driver data when adc probe (git-fixes). - iio: dac: ti-dac5571: fix an error code in probe() (git-fixes). - iio: light: opt3001: Fixed timeout error when 0 lux (git-fixes). - iio: mtk-auxadc: fix case IIO_CHAN_INFO_PROCESSED (git-fixes). - iio: ssp_sensors: add more range checking in ssp_parse_dataframe() (git-fixes). - iio: ssp_sensors: fix error code in ssp_print_mcu_debug() (git-fixes). - ionic: do not remove netdev->dev_addr when syncing uc list (bsc#1167773). - ipv6/netfilter: Discard first fragment not including all headers (bsc#1191241). - isdn: cpai: check ctr->cnr to avoid array index out of bound (git-fixes). - isdn: mISDN: Fix sleeping function called from invalid context (git-fixes). - ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup (git-fixes). - kabi: block: Fix kabi of blk_mq_sched_try_insert_merge() (bsc#1191456). - kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167). - kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as well. Fixes: e98096d5cf85 ('rpm: Abolish scritplet templating (bsc#1189841).') - kernel-spec-macros: Since rpm 4.17 %verbose is unusable (bsc#1191229). - lan78xx: select CRC32 (git-fixes). - libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD (git-fixes). - mac80211: Drop frames from invalid MAC address in ad-hoc mode (git-fixes). - mac80211: check return value of rhashtable_init (git-fixes). - mei: me: add Ice Lake-N device id (git-fixes). - mlx5: count all link events (git-fixes). - mlxsw: thermal: Fix out-of-bounds memory accesses (git-fixes). - mmc: dw_mmc: exynos: fix the finding clock sample value (git-fixes). - mmc: meson-gx: do not use memcpy_to/fromio for dram-access-quirk (git-fixes). - mmc: vub300: fix control-message timeouts (git-fixes). - net/af_unix: fix a data-race in unix_dgram_poll (bsc#1154353). - net/mlx4_en: Do not allow aRFS for encapsulated packets (git-fixes). - net/mlx4_en: Resolve bad operstate value (git-fixes). - net/mlx5: FWTrace, cancel work on alloc pd error flow (git-fixes). - net/mlx5: Fix unpublish devlink parameters (jsc#SLE-8464). - net/mlx5e: Mutually exclude RX-FCS and RX-port-timestamp (git-fixes). - net: batman-adv: fix error handling (git-fixes). - net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size() (git-fixes). - net: can: ems_usb: fix use-after-free in ems_usb_disconnect() (git-fixes). - net: cdc_eem: fix tx fixup skb leak (git-fixes). - net: cdc_ncm: correct overhead in delayed_ndp_size (git-fixes). - net: hns3: fix vf reset workqueue cannot exit (bsc#1154353). - net: hso: add failure handler for add_net_device (git-fixes). - net: hso: fix NULL-deref on disconnect regression (git-fixes). - net: hso: fix null-ptr-deref during tty device unregistration (git-fixes). - net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241). - net: lan78xx: fix division by zero in send path (git-fixes). - net: mana: Fix error handling in mana_create_rxq() (git-fixes, bsc#1191800). - net: usb: Fix uninit-was-stored issue in asix_read_phy_addr() (git-fixes). - netfilter: conntrack: collect all entries in one cycle (bsc#1173604). - nfc: fix error handling of nfc_proto_register() (git-fixes). - nfc: port100: fix using -ERRNO as command type mask (git-fixes). - nvme-fc: avoid race between time out and tear down (bsc#1185762). - nvme-fc: remove freeze/unfreeze around update_nr_hw_queues (bsc#1185762). - nvme-fc: update hardware queues before using them (bsc#1185762). - nvme-pci: Fix abort command id (git-fixes). - nvme-pci: fix error unwind in nvme_map_data (bsc#1191934). - nvme-pci: refactor nvme_unmap_data (bsc#1191934). - nvme: add command id quirk for apple controllers (git-fixes). - ocfs2: fix data corruption after conversion from inline format (bsc#1190795). - pata_legacy: fix a couple uninitialized variable bugs (git-fixes). - phy: mdio: fix memory leak (git-fixes). - platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call (git-fixes). - platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from run_smbios_call (git-fixes). - powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729). - powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729). - powerpc/bpf: Use bctrl for making function calls (bsc#1065729). - powerpc/lib: Fix emulate_step() std test (bsc#1065729). - powerpc/pseries: Fix build error when NUMA=n (bsc#1190620 ltc#194498 git-fixes). - powerpc/xive: Discard disabled interrupts in get_irqchip_state() (bsc#1085030 git-fixes). - pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init (git-fixes). - ptp_pch: Load module automatically if ID matches (git-fixes). - ptp_pch: Restore dependency on PCI (git-fixes). - qed: Fix missing error code in qed_slowpath_start() (git-fixes). - qed: Handle management FW error (git-fixes). - qed: rdma - do not wait for resources under hw error recovery flow (git-fixes). - regmap: Fix possible double-free in regcache_rbtree_exit() (git-fixes). - rpm: fix kmp install path - rpm: use _rpmmacrodir (boo#1191384) - scsi: lpfc: Allow PLOGI retry if previous PLOGI was aborted (bsc#1192145). - scsi: lpfc: Allow fabric node recovery if recovery is in progress before devloss (bsc#1192145). - scsi: lpfc: Correct sysfs reporting of loop support after SFP status change (bsc#1192145). - scsi: lpfc: Fix link down processing to address NULL pointer dereference (bsc#1192145). - scsi: lpfc: Fix memory overwrite during FC-GS I/O abort handling (bsc#1191349). - scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine (bsc#1192145). - scsi: lpfc: Revert LOG_TRACE_EVENT back to LOG_INIT prior to driver_resource_setup() (bsc#1192145). - scsi: lpfc: Update lpfc version to 14.0.0.3 (bsc#1192145). - scsi: lpfc: Wait for successful restart of SLI3 adapter during host sg_reset (bsc#1192145). - scsi: qla2xxx: Add debug print of 64G link speed (bsc#1190941). - scsi: qla2xxx: Add host attribute to trigger MPI hang (bsc#1190941). - scsi: qla2xxx: Add support for mailbox passthru (bsc#1190941). - scsi: qla2xxx: Adjust request/response queue size for 28xx (bsc#1190941). - scsi: qla2xxx: Call process_response_queue() in Tx path (bsc#1190941). - scsi: qla2xxx: Changes to support FCP2 Target (bsc#1190941). - scsi: qla2xxx: Changes to support kdump kernel (bsc#1190941). - scsi: qla2xxx: Changes to support kdump kernel for NVMe BFS (bsc#1190941). - scsi: qla2xxx: Check for firmware capability before creating QPair (bsc#1190941). - scsi: qla2xxx: Display 16G only as supported speeds for 3830c card (bsc#1190941). - scsi: qla2xxx: Do not call fc_block_scsi_eh() during bus reset (bsc#1190941). - scsi: qla2xxx: Fix NPIV create erroneous error (bsc#1190941). - scsi: qla2xxx: Fix NVMe retry (bsc#1190941). - scsi: qla2xxx: Fix NVMe session down detection (bsc#1190941). - scsi: qla2xxx: Fix NVMe | FCP personality change (bsc#1190941). - scsi: qla2xxx: Fix crash in NVMe abort path (bsc#1190941). - scsi: qla2xxx: Fix excessive messages during device logout (bsc#1190941). - scsi: qla2xxx: Fix hang during NVMe session tear down (bsc#1190941). - scsi: qla2xxx: Fix hang on NVMe command timeouts (bsc#1190941). - scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file (bsc#1190941). - scsi: qla2xxx: Fix port type info (bsc#1190941). - scsi: qla2xxx: Fix unsafe removal from linked list (bsc#1190941). - scsi: qla2xxx: Fix use after free in eh_abort path (bsc#1190941). - scsi: qla2xxx: Move heartbeat handling from DPC thread to workqueue (bsc#1190941). - scsi: qla2xxx: Open-code qla2xxx_eh_device_reset() (bsc#1190941). - scsi: qla2xxx: Open-code qla2xxx_eh_target_reset() (bsc#1190941). - scsi: qla2xxx: Remove redundant initialization of pointer req (bsc#1190941). - scsi: qla2xxx: Restore initiator in dual mode (bsc#1190941). - scsi: qla2xxx: Show OS name and version in FDMI-1 (bsc#1190941). - scsi: qla2xxx: Suppress unnecessary log messages during login (bsc#1190941). - scsi: qla2xxx: Sync queue idx with queue_pair_map idx (bsc#1190941). - scsi: qla2xxx: Update version to 10.02.06.100-k (bsc#1190941). - scsi: qla2xxx: Update version to 10.02.06.200-k (bsc#1190941). - scsi: qla2xxx: Update version to 10.02.07.100-k (bsc#1190941). - scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190941). - scsi: qla2xxx: edif: Add N2N support for EDIF (bsc#1190941). - scsi: qla2xxx: edif: Do secure PLOGI when auth app is present (bsc#1190941). - scsi: qla2xxx: edif: Fix EDIF enable flag (bsc#1190941). - scsi: qla2xxx: edif: Fix returnvar.cocci warnings (bsc#1190941). - scsi: qla2xxx: edif: Fix stale session (bsc#1190941). - scsi: qla2xxx: edif: Reject AUTH ELS on session down (bsc#1190941). - scsi: qla2xxx: edif: Use link event to wake up app (bsc#1190941). - sctp: check asoc peer.asconf_capable before processing asconf (bsc#1190351). - soc: qcom: mdt_loader: Drop PT_LOAD check on hash segment (git-fixes). - spi: spi-nxp-fspi: do not depend on a specific node name erratum workaround (git-fixes). - tpm: ibmvtpm: Avoid error message when process gets signal while waiting (bsc#1065729). - usb: hso: fix error handling code of hso_create_net_device (git-fixes). - usb: hso: remove the bailout parameter (git-fixes). - usb: musb: dsps: Fix the probe error path (git-fixes). - video: fbdev: gbefb: Only instantiate device when built for IP32 (git-fixes). - virtio: write back F_VERSION_1 before validate (git-fixes). - watchdog: orion: use 0 for unset heartbeat (git-fixes). - x86/pat: Pass valid address to sanitize_phys() (bsc#1152489). - x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions (bsc#1152489). - x86/resctrl: Free the ctrlval arrays when domain_setup_mon_state() fails (bsc#1152489). - xen: fix setting of max_pfn in shared_info (git-fixes). - xen: reset legacy rtc flag for PV domU (git-fixes). - xfs: Fixed non-directory creation in SGID directories introduced by CVE-2018-13405 patch (bsc#1190006). - xfs: ensure that the inode uid/gid match values match the icdinode ones (bsc#1190006). - xfs: fix log intent recovery ENOSPC shutdowns when inactivating inodes (bsc#1190642). - xfs: merge the projid fields in struct xfs_icdinode (bsc#1190006). - xfs: remove the icdinode di_uid/di_gid members (bsc#1190006). - xhci: Enable trust tx length quirk for Fresco FL11 USB controller (git-fixes). - xhci: Fix command ring pointer corruption while aborting a command (git-fixes). - xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes). - xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes). Important SUSE bug 1065729 SUSE bug 1085030 SUSE bug 1152489 SUSE bug 1154353 SUSE bug 1156395 SUSE bug 1157177 SUSE bug 1167773 SUSE bug 1172073 SUSE bug 1173604 SUSE bug 1176940 SUSE bug 1184673 SUSE bug 1185762 SUSE bug 1186063 SUSE bug 1187167 SUSE bug 1188563 SUSE bug 1189841 SUSE bug 1190006 SUSE bug 1190067 SUSE bug 1190349 SUSE bug 1190351 SUSE bug 1190479 SUSE bug 1190620 SUSE bug 1190642 SUSE bug 1190795 SUSE bug 1190941 SUSE bug 1191229 SUSE bug 1191241 SUSE bug 1191315 SUSE bug 1191317 SUSE bug 1191349 SUSE bug 1191384 SUSE bug 1191449 SUSE bug 1191450 SUSE bug 1191451 SUSE bug 1191452 SUSE bug 1191455 SUSE bug 1191456 SUSE bug 1191628 SUSE bug 1191731 SUSE bug 1191800 SUSE bug 1191934 SUSE bug 1191958 SUSE bug 1192040 SUSE bug 1192041 SUSE bug 1192107 SUSE bug 1192145 CVE-2021-3542 at SUSE CVE-2021-3542 at NVD CVE-2021-3655 at SUSE CVE-2021-3655 at NVD CVE-2021-3715 at SUSE CVE-2021-3715 at NVD CVE-2021-3760 at SUSE CVE-2021-3760 at NVD CVE-2021-3772 at SUSE CVE-2021-3772 at NVD CVE-2021-3896 at SUSE CVE-2021-3896 at NVD CVE-2021-41864 at SUSE CVE-2021-41864 at NVD CVE-2021-42008 at SUSE CVE-2021-42008 at NVD CVE-2021-42252 at SUSE CVE-2021-42252 at NVD CVE-2021-42739 at SUSE CVE-2021-42739 at NVD CVE-2021-43056 at SUSE CVE-2021-43056 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3772: Fixed sctp vtag check in sctp_sf_ootb (bsc#1190351). - CVE-2021-3655: Fixed a missing size validations on inbound SCTP packets, which may have allowed the kernel to read uninitialized memory (bsc#1188563). - CVE-2021-43056: Fixed possible KVM host crash via malicious KVM guest on Power8 (bnc#1192107). - CVE-2021-3896: Fixed a array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c (bsc#1191958). - CVE-2021-3760: Fixed a use-after-free vulnerability with the ndev->rf_conn_info object (bsc#1190067). - CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673). - CVE-2021-3542: Fixed heap buffer overflow in firedtv driver (bsc#1186063). - CVE-2021-3715: Fixed a use-after-free in route4_change() in net/sched/cls_route.c (bsc#1190349). - CVE-2021-42252: Fixed an issue inside aspeed_lpc_ctrl_mmap that could have allowed local attackers to access the Aspeed LPC control interface to overwrite memory in the kernel and potentially execute privileges (bnc#1190479). - CVE-2021-41864: Fixed prealloc_elems_and_freelist that allowed unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write (bnc#1191317). - CVE-2021-42008: Fixed a slab out-of-bounds write in the decode_data function in drivers/net/hamradio/6pack.c. Input from a process that had the CAP_NET_ADMIN capability could have lead to root access (bsc#1191315). The following non-security bugs were fixed: - ACPI: bgrt: Fix CFI violation (git-fixes). - ACPI: fix NULL pointer dereference (git-fixes). - ALSA: hda/realtek - ALC236 headset MIC recording issue (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PC50HS (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo X170KM-G (git-fixes). - ALSA: hda/realtek: Complete partial device name to avoid ambiguity (git-fixes). - ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW (git-fixes). - ALSA: hda: avoid write to STATESTS if controller is in reset (git-fixes). - ALSA: seq: Fix a potential UAF by wrong private_free call order (git-fixes). - ALSA: usb-audio: Add quirk for VF0770 (git-fixes). - ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset (git-fixes). - ASoC: DAPM: Fix missing kctl change notifications (git-fixes). - ASoC: wm8960: Fix clock configuration on slave mode (git-fixes). - Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731). - HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS (git-fixes). - HID: betop: fix slab-out-of-bounds Write in betop_probe (git-fixes). - HID: u2fzero: ignore incomplete packets without data (git-fixes). - HID: usbhid: free raw_report buffers in usbhid_stop (git-fixes). - HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device IDs (git-fixes). - ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241). - IPv6: reply ICMP error if the first fragment do not include all headers (bsc#1191241). - Input: snvs_pwrkey - add clk handling (git-fixes). - Input: xpad - add support for another USB ID of Nacon GC-100 (git-fixes). - KVM: PPC: Book3S HV Nested: Reflect guest PMU in-use to L0 when guest SPRs are live (bsc#1156395). - KVM: PPC: Book3S HV Nested: Sanitise H_ENTER_NESTED TM state (bsc#1156395). - KVM: PPC: Book3S HV: Save host FSCR in the P7/8 path (bsc#1065729). - KVM: PPC: Book3S HV: Tolerate treclaim. in fake-suspend mode changing registers (bsc#1156395). - KVM: PPC: Fix clearing never mapped TCEs in realmode (bsc#1156395). - KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak (bsc#1156395). - NFC: digital: fix possible memory leak in digital_in_send_sdd_req() (git-fixes). - NFC: digital: fix possible memory leak in digital_tg_listen_mdaa() (git-fixes). - NFS: dir_cookie is a pointer to the cookie in older kernels, not the cookie itself (bsc#1191628 bsc#1192549). - NFS: Do uncached readdir when we're seeking a cookie in an empty page cache (bsc#1191628). - PCI: Fix pci_host_bridge struct device release/free handling (git-fixes). - USB: cdc-acm: clean up probe error labels (git-fixes). - USB: cdc-acm: fix minor-number release (git-fixes). - USB: serial: option: add Quectel EC200S-CN module support (git-fixes). - USB: serial: option: add Telit LE910Cx composition 0x1204 (git-fixes). - USB: serial: option: add prod. id for Quectel EG91 (git-fixes). - USB: serial: qcserial: add EM9191 QDL support (git-fixes). - USB: xhci: dbc: fix tty registration race (git-fixes). - acpi/arm64: fix next_platform_timer() section mismatch error (git-fixes). - ata: ahci_platform: fix null-ptr-deref in ahci_platform_enable_regulators() (git-fixes). - ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init() (git-fixes). - audit: fix possible null-pointer dereference in audit_filter_rules (git-fixes). - bfq: Remove merged request already in bfq_requests_merged() (bsc#1191456). - blk: Fix lock inversion between ioc lock and bfqd lock (bsc#1191456). - blktrace: Fix uaf in blk_trace access after removing by sysfs (bsc#1191452). - block: bfq: fix bfq_set_next_ioprio_data() (bsc#1191451). - bnxt_en: Fix TX timeout when TX ring size is set to the smallest (git-fixes). - bpf: Add bpf_patch_call_args prototype to include/linux/bpf.h (git-fixes). - bpf: Fix a typo of reuseport map in bpf.h (git-fixes). - bpf: Fix up bpf_skb_adjust_room helper's skb csum setting (git-fixes). - can: dev: can_restart: fix use after free bug (git-fixes). - can: peak_pci: peak_pci_remove(): fix UAF (git-fixes). - can: peak_usb: fix use after free bugs (git-fixes). - can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification (git-fixes). - can: rcar_can: fix suspend/resume (git-fixes). - can: ti_hecc: ti_hecc_probe(): add missed clk_disable_unprepare() in error path (git-fixes). - can: xilinx_can: handle failure cases of pm_runtime_get_sync (git-fixes). - cb710: avoid NULL pointer subtraction (git-fixes). - ceph: fix handling of 'meta' errors (bsc#1192041). - ceph: skip existing superblocks that are blocklisted or shut down when mounting (bsc#1192040). - cfg80211: scan: fix RCU in cfg80211_add_nontrans_list() (git-fixes). - drm/amd/display: Pass PCI deviceid into DC (git-fixes). - drm/amdgpu: fix gart.bo pin_count leak (git-fixes). - drm/msm/dsi: Fix an error code in msm_dsi_modeset_init() (git-fixes). - drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling (git-fixes). - drm/msm: Fix null pointer dereference on pointer edp (git-fixes). - drm/nouveau/debugfs: fix file release memory leak (git-fixes). - drm/panel: olimex-lcd-olinuxino: select CRC32 (git-fixes). - e1000e: Fix packet loss on Tiger Lake and later (git-fixes). - e100: fix buffer overrun in e100_get_regs (git-fixes). - e100: fix length calculation in e100_get_regs_len (git-fixes). - e100: handle eeprom as little endian (git-fixes). - ext4: fix reserved space counter leakage (bsc#1191450). - ext4: report correct st_size for encrypted symlinks (bsc#1191449). - fs, mm: fix race in unlinking swapfile (bsc#1191455). - fscrypt: add fscrypt_symlink_getattr() for computing st_size (bsc#1191449). - ftrace: Fix scripts/recordmcount.pl due to new binutils (bsc#1192267). - gpio: pca953x: Improve bias setting (git-fixes). - gve: Avoid freeing NULL pointer (git-fixes). - gve: Correct available tx qpl check (git-fixes). - gve: Properly handle errors in gve_assign_qpl (bsc#1176940). - gve: fix gve_get_stats() (git-fixes). - gve: report 64bit tx_bytes counter from gve_handle_report_stats() (bsc#1176940). - hso: fix bailout in error case of probe (git-fixes). - i2c: acpi: fix resource leak in reconfiguration device addition (git-fixes). - i40e: Fix ATR queue selection (git-fixes). - i40e: Fix freeing of uninitialized misc IRQ vector (git-fixes). - i40e: fix endless loop under rtnl (git-fixes). - iavf: fix double unlock of crit_lock (git-fixes). - ice: Add missing E810 device ids (jsc#SLE-7966 bsc#1157177). - iio: adc128s052: Fix the error handling path of 'adc128_probe()' (git-fixes). - iio: adc: aspeed: set driver data when adc probe (git-fixes). - iio: dac: ti-dac5571: fix an error code in probe() (git-fixes). - iio: light: opt3001: Fixed timeout error when 0 lux (git-fixes). - iio: mtk-auxadc: fix case IIO_CHAN_INFO_PROCESSED (git-fixes). - iio: ssp_sensors: add more range checking in ssp_parse_dataframe() (git-fixes). - iio: ssp_sensors: fix error code in ssp_print_mcu_debug() (git-fixes). - ionic: do not remove netdev->dev_addr when syncing uc list (bsc#1167773). - ipv6/netfilter: Discard first fragment not including all headers (bsc#1191241). - isdn: cpai: check ctr->cnr to avoid array index out of bound (git-fixes). - isdn: mISDN: Fix sleeping function called from invalid context (git-fixes). - ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup (git-fixes). - kabi: block: Fix kabi of blk_mq_sched_try_insert_merge() (bsc#1191456). - kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167). - kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as well. Fixes: e98096d5cf85 ('rpm: Abolish scritplet templating (bsc#1189841).') - kernel-spec-macros: Since rpm 4.17 %verbose is unusable (bsc#1191229). - lan78xx: select CRC32 (git-fixes). - libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD (git-fixes). - mac80211: Drop frames from invalid MAC address in ad-hoc mode (git-fixes). - mac80211: check return value of rhashtable_init (git-fixes). - mei: me: add Ice Lake-N device id (git-fixes). - mlx5: count all link events (git-fixes). - mlxsw: thermal: Fix out-of-bounds memory accesses (git-fixes). - mmc: dw_mmc: exynos: fix the finding clock sample value (git-fixes). - mmc: meson-gx: do not use memcpy_to/fromio for dram-access-quirk (git-fixes). - mmc: vub300: fix control-message timeouts (git-fixes). - net/af_unix: fix a data-race in unix_dgram_poll (bsc#1154353). - net/mlx4_en: Do not allow aRFS for encapsulated packets (git-fixes). - net/mlx4_en: Resolve bad operstate value (git-fixes). - net/mlx5: FWTrace, cancel work on alloc pd error flow (git-fixes). - net/mlx5: Fix unpublish devlink parameters (jsc#SLE-8464). - net/mlx5e: Mutually exclude RX-FCS and RX-port-timestamp (git-fixes). - net: batman-adv: fix error handling (git-fixes). - net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size() (git-fixes). - net: can: ems_usb: fix use-after-free in ems_usb_disconnect() (git-fixes). - net: cdc_eem: fix tx fixup skb leak (git-fixes). - net: cdc_ncm: correct overhead in delayed_ndp_size (git-fixes). - net: hns3: fix vf reset workqueue cannot exit (bsc#1154353). - net: hso: add failure handler for add_net_device (git-fixes). - net: hso: fix NULL-deref on disconnect regression (git-fixes). - net: hso: fix null-ptr-deref during tty device unregistration (git-fixes). - net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241). - net: lan78xx: fix division by zero in send path (git-fixes). - net: mana: Fix error handling in mana_create_rxq() (git-fixes, bsc#1191800). - net: usb: Fix uninit-was-stored issue in asix_read_phy_addr() (git-fixes). - netfilter: conntrack: collect all entries in one cycle (bsc#1173604). - nfc: fix error handling of nfc_proto_register() (git-fixes). - nfc: port100: fix using -ERRNO as command type mask (git-fixes). - nvme-fc: avoid race between time out and tear down (bsc#1185762). - nvme-fc: remove freeze/unfreeze around update_nr_hw_queues (bsc#1185762). - nvme-fc: update hardware queues before using them (bsc#1185762). - nvme-pci: Fix abort command id (git-fixes). - nvme-pci: fix error unwind in nvme_map_data (bsc#1191934). - nvme-pci: refactor nvme_unmap_data (bsc#1191934). - nvme: add command id quirk for apple controllers (git-fixes). - ocfs2: fix data corruption after conversion from inline format (bsc#1190795). - pata_legacy: fix a couple uninitialized variable bugs (git-fixes). - phy: mdio: fix memory leak (git-fixes). - platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call (git-fixes). - platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from run_smbios_call (git-fixes). - powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729). - powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729). - powerpc/bpf: Use bctrl for making function calls (bsc#1065729). - powerpc/lib: Fix emulate_step() std test (bsc#1065729). - powerpc/pseries: Fix build error when NUMA=n (bsc#1190620 ltc#194498 git-fixes). - powerpc/xive: Discard disabled interrupts in get_irqchip_state() (bsc#1085030 git-fixes). - pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init (git-fixes). - ptp_pch: Load module automatically if ID matches (git-fixes). - ptp_pch: Restore dependency on PCI (git-fixes). - qed: Fix missing error code in qed_slowpath_start() (git-fixes). - qed: Handle management FW error (git-fixes). - qed: rdma - do not wait for resources under hw error recovery flow (git-fixes). - regmap: Fix possible double-free in regcache_rbtree_exit() (git-fixes). - rpm: fix kmp install path - rpm: use _rpmmacrodir (boo#1191384) - scsi: lpfc: Allow PLOGI retry if previous PLOGI was aborted (bsc#1192145). - scsi: lpfc: Allow fabric node recovery if recovery is in progress before devloss (bsc#1192145). - scsi: lpfc: Correct sysfs reporting of loop support after SFP status change (bsc#1192145). - scsi: lpfc: Fix link down processing to address NULL pointer dereference (bsc#1192145). - scsi: lpfc: Fix memory overwrite during FC-GS I/O abort handling (bsc#1191349). - scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine (bsc#1192145). - scsi: lpfc: Revert LOG_TRACE_EVENT back to LOG_INIT prior to driver_resource_setup() (bsc#1192145). - scsi: lpfc: Update lpfc version to 14.0.0.3 (bsc#1192145). - scsi: lpfc: Wait for successful restart of SLI3 adapter during host sg_reset (bsc#1192145). - scsi: qla2xxx: Add debug print of 64G link speed (bsc#1190941). - scsi: qla2xxx: Add host attribute to trigger MPI hang (bsc#1190941). - scsi: qla2xxx: Add support for mailbox passthru (bsc#1190941). - scsi: qla2xxx: Adjust request/response queue size for 28xx (bsc#1190941). - scsi: qla2xxx: Call process_response_queue() in Tx path (bsc#1190941). - scsi: qla2xxx: Changes to support FCP2 Target (bsc#1190941). - scsi: qla2xxx: Changes to support kdump kernel (bsc#1190941). - scsi: qla2xxx: Changes to support kdump kernel for NVMe BFS (bsc#1190941). - scsi: qla2xxx: Check for firmware capability before creating QPair (bsc#1190941). - scsi: qla2xxx: Display 16G only as supported speeds for 3830c card (bsc#1190941). - scsi: qla2xxx: Do not call fc_block_scsi_eh() during bus reset (bsc#1190941). - scsi: qla2xxx: Fix NPIV create erroneous error (bsc#1190941). - scsi: qla2xxx: Fix NVMe retry (bsc#1190941). - scsi: qla2xxx: Fix NVMe session down detection (bsc#1190941). - scsi: qla2xxx: Fix NVMe | FCP personality change (bsc#1190941). - scsi: qla2xxx: Fix crash in NVMe abort path (bsc#1190941). - scsi: qla2xxx: Fix excessive messages during device logout (bsc#1190941). - scsi: qla2xxx: Fix hang during NVMe session tear down (bsc#1190941). - scsi: qla2xxx: Fix hang on NVMe command timeouts (bsc#1190941). - scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file (bsc#1190941). - scsi: qla2xxx: Fix port type info (bsc#1190941). - scsi: qla2xxx: Fix unsafe removal from linked list (bsc#1190941). - scsi: qla2xxx: Fix use after free in eh_abort path (bsc#1190941). - scsi: qla2xxx: Move heartbeat handling from DPC thread to workqueue (bsc#1190941). - scsi: qla2xxx: Open-code qla2xxx_eh_device_reset() (bsc#1190941). - scsi: qla2xxx: Open-code qla2xxx_eh_target_reset() (bsc#1190941). - scsi: qla2xxx: Remove redundant initialization of pointer req (bsc#1190941). - scsi: qla2xxx: Restore initiator in dual mode (bsc#1190941). - scsi: qla2xxx: Show OS name and version in FDMI-1 (bsc#1190941). - scsi: qla2xxx: Suppress unnecessary log messages during login (bsc#1190941). - scsi: qla2xxx: Sync queue idx with queue_pair_map idx (bsc#1190941). - scsi: qla2xxx: Update version to 10.02.06.100-k (bsc#1190941). - scsi: qla2xxx: Update version to 10.02.06.200-k (bsc#1190941). - scsi: qla2xxx: Update version to 10.02.07.100-k (bsc#1190941). - scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190941). - scsi: qla2xxx: edif: Add N2N support for EDIF (bsc#1190941). - scsi: qla2xxx: edif: Do secure PLOGI when auth app is present (bsc#1190941). - scsi: qla2xxx: edif: Fix EDIF enable flag (bsc#1190941). - scsi: qla2xxx: edif: Fix returnvar.cocci warnings (bsc#1190941). - scsi: qla2xxx: edif: Fix stale session (bsc#1190941). - scsi: qla2xxx: edif: Reject AUTH ELS on session down (bsc#1190941). - scsi: qla2xxx: edif: Use link event to wake up app (bsc#1190941). - sctp: check asoc peer.asconf_capable before processing asconf (bsc#1190351). - soc: qcom: mdt_loader: Drop PT_LOAD check on hash segment (git-fixes). - spi: spi-nxp-fspi: do not depend on a specific node name erratum workaround (git-fixes). - tpm: ibmvtpm: Avoid error message when process gets signal while waiting (bsc#1065729). - usb: hso: fix error handling code of hso_create_net_device (git-fixes). - usb: hso: remove the bailout parameter (git-fixes). - usb: musb: dsps: Fix the probe error path (git-fixes). - video: fbdev: gbefb: Only instantiate device when built for IP32 (git-fixes). - virtio: write back F_VERSION_1 before validate (git-fixes). - watchdog: orion: use 0 for unset heartbeat (git-fixes). - x86/pat: Pass valid address to sanitize_phys() (bsc#1152489). - x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions (bsc#1152489). - x86/resctrl: Free the ctrlval arrays when domain_setup_mon_state() fails (bsc#1152489). - xen: fix setting of max_pfn in shared_info (git-fixes). - xen: reset legacy rtc flag for PV domU (git-fixes). - xfs: Fixed non-directory creation in SGID directories introduced by CVE-2018-13405 patch (bsc#1190006). - xfs: ensure that the inode uid/gid match values match the icdinode ones (bsc#1190006). - xfs: fix log intent recovery ENOSPC shutdowns when inactivating inodes (bsc#1190642). - xfs: merge the projid fields in struct xfs_icdinode (bsc#1190006). - xfs: remove the icdinode di_uid/di_gid members (bsc#1190006). - xhci: Enable trust tx length quirk for Fresco FL11 USB controller (git-fixes). - xhci: Fix command ring pointer corruption while aborting a command (git-fixes). - xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes). - xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes). Important SUSE bug 1065729 SUSE bug 1085030 SUSE bug 1152489 SUSE bug 1154353 SUSE bug 1156395 SUSE bug 1157177 SUSE bug 1167773 SUSE bug 1172073 SUSE bug 1173604 SUSE bug 1176940 SUSE bug 1184673 SUSE bug 1185762 SUSE bug 1186063 SUSE bug 1187167 SUSE bug 1188563 SUSE bug 1189841 SUSE bug 1190006 SUSE bug 1190067 SUSE bug 1190349 SUSE bug 1190351 SUSE bug 1190479 SUSE bug 1190620 SUSE bug 1190642 SUSE bug 1190795 SUSE bug 1190941 SUSE bug 1191229 SUSE bug 1191241 SUSE bug 1191315 SUSE bug 1191317 SUSE bug 1191349 SUSE bug 1191384 SUSE bug 1191449 SUSE bug 1191450 SUSE bug 1191451 SUSE bug 1191452 SUSE bug 1191455 SUSE bug 1191456 SUSE bug 1191628 SUSE bug 1191731 SUSE bug 1191800 SUSE bug 1191934 SUSE bug 1191958 SUSE bug 1192040 SUSE bug 1192041 SUSE bug 1192107 SUSE bug 1192145 SUSE bug 1192267 SUSE bug 1192549 CVE-2021-3542 at SUSE CVE-2021-3542 at NVD CVE-2021-3655 at SUSE CVE-2021-3655 at NVD CVE-2021-3715 at SUSE CVE-2021-3715 at NVD CVE-2021-3760 at SUSE CVE-2021-3760 at NVD CVE-2021-3772 at SUSE CVE-2021-3772 at NVD CVE-2021-3896 at SUSE CVE-2021-3896 at NVD CVE-2021-41864 at SUSE CVE-2021-41864 at NVD CVE-2021-42008 at SUSE CVE-2021-42008 at NVD CVE-2021-42252 at SUSE CVE-2021-42252 at NVD CVE-2021-42739 at SUSE CVE-2021-42739 at NVD CVE-2021-43056 at SUSE CVE-2021-43056 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for glibc fixes the following issues: - libio: do not attempt to free wide buffers of legacy streams (bsc#1183085) - CVE-2016-10228: Rewrite iconv option parsing to fix security issue (bsc#1027496) Moderate SUSE bug 1027496 SUSE bug 1183085 CVE-2016-10228 at SUSE CVE-2016-10228 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for ruby2.5 fixes the following issues: - CVE-2021-31799: Fixed Command injection vulnerability in RDoc (bsc#1190375). - CVE-2021-31810: Fixed trusting FTP PASV responses vulnerability in Net:FTP (bsc#1188161). - CVE-2021-32066: Fixed StartTLS stripping vulnerability in Net:IMAP (bsc#1188160). Important SUSE bug 1188160 SUSE bug 1188161 SUSE bug 1190375 CVE-2021-31799 at SUSE CVE-2021-31799 at NVD CVE-2021-31810 at SUSE CVE-2021-31810 at NVD CVE-2021-32066 at SUSE CVE-2021-32066 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for xen fixes the following issues: - CVE-2021-28702: Fixed PCI devices with RMRRs not deassigned correctly (XSA-386) (bsc#1191363). - CVE-2021-28704, CVE-2021-28707, CVE-2021-28708: Fixed PoD operations on misaligned GFNs (XSA-388) (bsc#1192557). - CVE-2021-28705, CVE-2021-28709: Fixed issues with partially successful P2M updates on x86 (XSA-389) (bsc#1192559). - CVE-2021-28706: Fixed guests may exceed their designated memory limit (XSA-385) (bsc#1192554). - Update to Xen 4.13.4 bug fix release (bsc#1027519). Moderate SUSE bug 1027519 SUSE bug 1191363 SUSE bug 1192554 SUSE bug 1192557 SUSE bug 1192559 CVE-2021-28702 at SUSE CVE-2021-28702 at NVD CVE-2021-28704 at SUSE CVE-2021-28704 at NVD CVE-2021-28705 at SUSE CVE-2021-28705 at NVD CVE-2021-28706 at SUSE CVE-2021-28706 at NVD CVE-2021-28707 at SUSE CVE-2021-28707 at NVD CVE-2021-28708 at SUSE CVE-2021-28708 at NVD CVE-2021-28709 at SUSE CVE-2021-28709 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for aaa_base fixes the following issues: - Allowed ping and ICMP commands without CAP_NET_RAW (bsc#1174504). - Add $HOME/.local/bin to PATH, if it exists (bsc#1192248). - Fixed get_kernel_version.c to work also for recent kernels on the s390/X platform (bsc#1191563). - Support xz compressed kernel (bsc#1162581) Moderate SUSE bug 1162581 SUSE bug 1174504 SUSE bug 1191563 SUSE bug 1192248 cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - Unprivileged BPF has been disabled by default to reduce attack surface as too many security issues have happened in the past (jsc#SLE-22573) You can reenable via systemctl setting /proc/sys/kernel/unprivileged_bpf_disabled to 0. (kernel.unprivileged_bpf_disabled = 0) - CVE-2021-0941: In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192045). - CVE-2021-31916: An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel A bound check failure allowed an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability (bnc#1192781). - CVE-2021-20322: Make the ipv4 and ipv6 ICMP exception caches less predictive to avoid information leaks about UDP ports in use. (bsc#1191790) - CVE-2021-34981: Fixed file refcounting in cmtp when cmtp_attach_device fails (bsc#1191961). - CVE-2021-43389: There was an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958). - CVE-2021-37159: hso_free_net_device in drivers/net/usb/hso.c called unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free (bnc#1188601). The following non-security bugs were fixed: - ABI: sysfs-kernel-slab: Document some stats (git-fixes). - ALSA: hda: Reduce udelay() at SKL+ position reporting (git-fixes). - ALSA: ua101: fix division by zero at probe (git-fixes). - ALSA: usb-audio: Add Audient iD14 to mixer map quirk table (git-fixes). - ALSA: usb-audio: Add Schiit Hel device to mixer map quirk table (git-fixes). - ASoC: cs42l42: Correct some register default values (git-fixes). - ASoC: cs42l42: Defer probe if request_threaded_irq() returns EPROBE_DEFER (git-fixes). - ASoC: cs42l42: Do not set defaults for volatile registers (git-fixes). - ASoC: dt-bindings: cs42l42: Correct description of ts-inv (git-fixes). - ASoC: mediatek: mt8195: Remove unsued irqs_lock (git-fixes). - ASoC: rockchip: Use generic dmaengine code (git-fixes). - ata: sata_mv: Fix the error handling of mv_chip_id() (git-fixes). - ath10k: fix control-message timeout (git-fixes). - ath10k: fix division by zero in send path (git-fixes). - ath10k: fix max antenna gain unit (git-fixes). - ath10k: Fix missing frame timestamp for beacon/probe-resp (git-fixes). - ath6kl: fix control-message timeout (git-fixes). - ath6kl: fix division by zero in send path (git-fixes). - ath9k: Fix potential interrupt storm on queue reset (git-fixes). - auxdisplay: ht16k33: Connect backlight to fbdev (git-fixes). - auxdisplay: ht16k33: Fix frame buffer device blanking (git-fixes). - auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty string (git-fixes). - b43: fix a lower bounds test (git-fixes). - b43legacy: fix a lower bounds test (git-fixes). - Bluetooth: btmtkuart: fix a memleak in mtk_hci_wmt_sync (git-fixes). - Bluetooth: fix init and cleanup of sco_conn.timeout_work (git-fixes). - bpf: Add kconfig knob for disabling unpriv bpf by default (jsc#SLE-22573) - bpf: Disallow unprivileged bpf by default (jsc#SLE-22573). - bpf: Fix potential race in tail call compatibility check (git-fixes). - btrfs: block-group: Rework documentation of check_system_chunk function (bsc#1192896). - btrfs: fix deadlock between chunk allocation and chunk btree modifications (bsc#1192896). - btrfs: fix memory ordering between normal and ordered work functions (git-fixes). - btrfs: update comments for chunk allocation -ENOSPC cases (bsc#1192896). - cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem (git-fixes). - config: disable unprivileged BPF by default (jsc#SLE-22573) - crypto: caam - disable pkc for non-E SoCs (git-fixes). - crypto: qat - detect PFVF collision after ACK (git-fixes). - crypto: qat - disregard spurious PFVF interrupts (git-fixes). - driver core: add a min_align_mask field to struct device_dma_parameters (bsc#1191851). - drm/amdgpu: fix warning for overflow check (git-fixes). - drm/msm: Fix potential NULL dereference in DPU SSPP (git-fixes). - drm: prevent spectre issue in vmw_execbuf_ioctl (bsc#1192802). - drm/sun4i: Fix macros in sun8i_csc.h (git-fixes). - drm/v3d: fix wait for TMU write combiner flush (git-fixes). - EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell (bsc#1152489). - exfat: fix erroneous discard when clear cluster bit (git-fixes). - exfat: handle wrong stream entry size in exfat_readdir() (git-fixes). - exfat: properly set s_time_gran (bsc#1192328). - exfat: truncate atimes to 2s granularity (bsc#1192328). - firmware/psci: fix application of sizeof to pointer (git-fixes). - fuse: fix page stealing (bsc#1192718). - genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP (bsc#1152489). - gpio: mpc8xxx: Use 'devm_gpiochip_add_data()' to simplify the code and avoid a leak (git-fixes). - HID: u2fzero: clarify error check and length calculations (git-fixes). - HID: u2fzero: properly handle timeouts in usb_submit_urb (git-fixes). - hwmon: Fix possible memleak in __hwmon_device_register() (git-fixes). - hwmon: (pmbus/lm25066) Add offset coefficients (git-fixes). - hwmon: (pmbus/lm25066) Let compiler determine outer dimension of lm25066_coeff (git-fixes). - hwrng: mtk - Force runtime pm ops for sleep ops (git-fixes). - ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510). - ibmvnic: delay complete() (bsc#1094840 ltc#167098 git-fixes). - ibmvnic: do not stop queue in xmit (bsc#1192273 ltc#194629). - ibmvnic: Process crqs after enabling interrupts (bsc#1192273 ltc#194629). - iio: dac: ad5446: Fix ad5622_write() return value (git-fixes). - Input: elantench - fix misreporting trackpoint coordinates (bsc#1192918). - Input: i8042 - Add quirk for Fujitsu Lifebook T725 (bsc#1191980). - kABI: Fix kABI after 36950f2da1ea (bsc#1191851). - kernel-*-subpackage: Add dependency on kernel scriptlets (bsc#1192740). - KVM: s390: extend kvm_s390_shadow_fault to return entry pointer (bsc#1133021). - KVM: s390: index kvm->arch.idle_mask by vcpu_idx (bsc#1133021). - KVM: s390: split kvm_s390_logical_to_effective (bsc#1133021). - KVM: s390: VSIE: correctly handle MVPG when in VSIE (bsc#1133021). - libertas: Fix possible memory leak in probe and disconnect (git-fixes). - libertas_tf: Fix possible memory leak in probe and disconnect (git-fixes). - media: cedrus: Fix SUNXI tile size calculation (git-fixes). - media: cx23885: Fix snd_card_free call on null card pointer (git-fixes). - media: cxd2880-spi: Fix a null pointer dereference on error handling path (git-fixes). - media: dvb-frontends: mn88443x: Handle errors of clk_prepare_enable() (git-fixes). - media: dvb-usb: fix ununit-value in az6027_rc_query (git-fixes). - media: em28xx: add missing em28xx_close_extension (git-fixes). - media: em28xx: Do not use ops->suspend if it is NULL (git-fixes). - media: i2c: ths8200 needs V4L2_ASYNC (git-fixes). - media: ite-cir: IR receiver stop working after receive overflow (git-fixes). - media: mtk-vpu: Fix a resource leak in the error handling path of 'mtk_vpu_probe()' (git-fixes). - media: mxl111sf: change mutex_init() location (git-fixes). - media: radio-wl1273: Avoid card name truncation (git-fixes). - media: si470x: Avoid card name truncation (git-fixes). - media: staging/intel-ipu3: css: Fix wrong size comparison imgu_css_fw_init (git-fixes). - media: TDA1997x: handle short reads of hdmi info frame (git-fixes). - media: tm6000: Avoid card name truncation (git-fixes). - media: v4l2-ioctl: Fix check_ext_ctrls (git-fixes). - media: v4l2-ioctl: S_CTRL output the right value (git-fixes). - memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe (git-fixes). - memstick: avoid out-of-range warning (git-fixes). - memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host() (git-fixes). - mmc: mxs-mmc: disable regulator on error and in the remove function (git-fixes). - mmc: sdhci: Map more voltage level to SDHCI_POWER_330 (git-fixes). - mmc: sdhci-omap: Fix NULL pointer exception if regulator is not configured (git-fixes). - mm/hugetlb: initialize hugetlb_usage in mm_init (bsc#1192906). - mt76: mt76x02: fix endianness warnings in mt76x02_mac.c (git-fixes). - mwifiex: fix division by zero in fw download path (git-fixes). - mwifiex: Send DELBA requests according to spec (git-fixes). - net: dsa: felix: re-enable TX flow control in ocelot_port_flush() (git-fixes). - net: mscc: ocelot: fix hardware timestamp dequeue logic. - net: mscc: ocelot: warn when a PTP IRQ is raised for an unknown skb (git-fixes). - nvme-pci: set min_align_mask (bsc#1191851). - ocfs2: do not zero pages beyond i_size (bsc#1190795). - ocfs2: fix data corruption on truncate (bsc#1190795). - PCI: aardvark: Do not clear status bits of masked interrupts (git-fixes). - PCI: aardvark: Do not spam about PIO Response Status (git-fixes). - PCI: aardvark: Do not unmask unused interrupts (git-fixes). - PCI: aardvark: Fix checking for link up via LTSSM state (git-fixes). - PCI: aardvark: Fix reporting Data Link Layer Link Active (git-fixes). - PCI: aardvark: Fix return value of MSI domain .alloc() method (git-fixes). - PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG (git-fixes). - PCI/ACPI: Check for _OSC support in acpi_pci_osc_control_set() (bsc#1169263). - PCI/ACPI: Clarify message about _OSC failure (bsc#1169263). - PCI/ACPI: Move _OSC query checks to separate function (bsc#1169263). - PCI/ACPI: Move supported and control calculations to separate functions (bsc#1169263). - PCI/ACPI: Remove OSC_PCI_SUPPORT_MASKS and OSC_PCI_CONTROL_MASKS (bsc#1169263). - PCI/ACPI: Remove unnecessary osc_lock (bsc#1169263). - PCI: pci-bridge-emul: Fix emulation of W1C bits (git-fixes). - PCI: uniphier: Serialize INTx masking/unmasking and fix the bit operation (git-fixes). - pinctrl: core: fix possible memory leak in pinctrl_enable() (git-fixes). - platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning (git-fixes). - power: supply: bq27xxx: Fix kernel crash on IRQ handler register error (git-fixes). - power: supply: max17042_battery: Prevent int underflow in set_soc_threshold (git-fixes). - power: supply: max17042_battery: use VFSOC for capacity when no rsns (git-fixes). - power: supply: rt5033 battery: Change voltage values to ca 5V (git-fixes). - printk/console: Allow to disable console output by using console='' or console=null (bsc#1192753). - printk: handle blank console arguments passed in (bsc#1192753). - qtnfmac: fix potential Spectre vulnerabilities (bsc#1192802). - r8152: add a helper function about setting EEE (git-fixes). - r8152: Add macpassthru support for ThinkPad Thunderbolt 3 Dock Gen 2 (git-fixes). - r8152: Disable PLA MCU clock speed down (git-fixes). - r8152: disable U2P3 for RTL8153B (git-fixes). - r8152: divide the tx and rx bottom functions (git-fixes). - r8152: do not enable U1U2 with USB_SPEED_HIGH for RTL8153B (git-fixes). - r8152: fix runtime resume for linking change (git-fixes). - r8152: replace array with linking list for rx information (git-fixes). - r8152: reset flow control patch when linking on for RTL8153B (git-fixes). - r8152: saving the settings of EEE (git-fixes). - r8152: separate the rx buffer size (git-fixes). - r8152: use alloc_pages for rx buffer (git-fixes). - regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-dvs-idx property (git-fixes). - regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled (git-fixes). - Revert 'ibmvnic: check failover_pending in login response' (bsc#1190523 ltc#194510). - Revert 'platform/x86: i2c-multi-instantiate: Do not create platform device for INT3515 ACPI nodes' (git-fixes). - Revert 'r8152: adjust the settings about MAC clock speed down for RTL8153' (git-fixes). - Revert 'scsi: ufs: fix a missing check of devm_reset_control_get' (git-fixes). - Revert 'x86/kvm: fix vcpu-id indexed array sizes' (git-fixes). - rndis_host: set proper input size for OID_GEN_PHYSICAL_MEDIUM request (git-fixes). - rsi: fix control-message timeout (git-fixes). - rsi: Fix module dev_oper_mode parameter description (git-fixes). - rsi: stop thread firstly in rsi_91x_init() error handling (git-fixes). - rtl8187: fix control-message timeouts (git-fixes). - s390/qeth: fix deadlock during failing recovery (git-fixes). - s390/qeth: Fix deadlock in remove_discipline (git-fixes). - s390/qeth: fix NULL deref in qeth_clear_working_pool_list() (git-fixes). - scsi: be2iscsi: Fix an error handling path in beiscsi_dev_probe() (git-fixes). - scsi: BusLogic: Fix missing pr_cont() use (git-fixes). - scsi: core: Fix spelling in a source code comment (git-fixes). - scsi: csiostor: Add module softdep on cxgb4 (git-fixes). - scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn() (git-fixes). - scsi: dc395: Fix error case unwinding (git-fixes). - scsi: fdomain: Fix error return code in fdomain_probe() (git-fixes). - scsi: FlashPoint: Rename si_flags field (git-fixes). - scsi: iscsi: Fix iface sysfs attr detection (git-fixes). - scsi: libsas: Use _safe() loop in sas_resume_port() (git-fixes). - scsi: mpt3sas: Fix error return value in _scsih_expander_add() (git-fixes). - scsi: qedf: Add pointer checks in qedf_update_link_speed() (git-fixes). - scsi: qedf: Fix error codes in qedf_alloc_global_queues() (git-fixes). - scsi: qedi: Fix error codes in qedi_alloc_global_queues() (git-fixes). - scsi: qla2xxx: Fix a memory leak in an error path of qla2x00_process_els() (git-fixes). - scsi: qla2xxx: Make sure that aborted commands are freed (git-fixes). - scsi: smartpqi: Fix an error code in pqi_get_raid_map() (git-fixes). - scsi: snic: Fix an error message (git-fixes). - scsi: ufs-pci: Add quirk for broken auto-hibernate for Intel EHL (git-fixes). - scsi: ufs: ufshcd-pltfrm: Fix memory leak due to probe defer (git-fixes). - serial: 8250_dw: Drop wrong use of ACPI_PTR() (git-fixes). - serial: xilinx_uartps: Fix race condition causing stuck TX (git-fixes). - staging: r8712u: fix control-message timeout (git-fixes). - staging: rtl8192u: fix control-message timeouts (git-fixes). - stmmac: platform: Fix signedness bug in stmmac_probe_config_dt() (git-fixes). - swiotlb: add a IO_TLB_SIZE define (bsc#1191851). - swiotlb: clean up swiotlb_tbl_unmap_single (bsc#1191851). - swiotlb: do not modify orig_addr in swiotlb_tbl_sync_single (bsc#1191851). - swiotlb: factor out an io_tlb_offset helper (bsc#1191851). - swiotlb: factor out a nr_slots helper (bsc#1191851). - swiotlb: refactor swiotlb_tbl_map_single (bsc#1191851). - swiotlb: respect min_align_mask (bsc#1191851). - swiotlb: Split size parameter to map/unmap APIs (bsc#1191851). - tpm: Check for integer overflow in tpm2_map_response_body() (git-fixes). - tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker together (bsc#1192745). - Update config files: Add CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set - usb: gadget: hid: fix error code in do_config() (git-fixes). - usb: iowarrior: fix control-message timeouts (git-fixes). - usb: max-3421: Use driver data instead of maintaining a list of bound devices (git-fixes). - usb: musb: Balance list entry in musb_gadget_queue (git-fixes). - usbnet: fix error return code in usbnet_probe() (git-fixes). - usbnet: sanity check for maxpacket (git-fixes). - usb: serial: keyspan: fix memleak on probe errors (git-fixes). - video: fbdev: chipsfb: use memset_io() instead of memset() (git-fixes). - virtio-gpu: fix possible memory allocation failure (git-fixes). - wcn36xx: Add ability for wcn36xx_smd_dump_cmd_req to pass two's complement (git-fixes). - wcn36xx: add proper DMA memory barriers in rx path (git-fixes). - wcn36xx: Fix HT40 capability for 2Ghz band (git-fixes). - x86/ioapic: Force affinity setup before startup (bsc#1152489). - x86/msi: Force affinity setup before startup (bsc#1152489). - x86/sme: Use #define USE_EARLY_PGTABLE_L5 in mem_encrypt_identity.c (bsc#1152489). - x86/xen: Mark cpu_bringup_and_idle() as dead_end_function (git-fixes). - xen: Fix implicit type conversion (git-fixes). - xen-pciback: Fix return in pm_ctrl_init() (git-fixes). - xfs: do not allow log writes if the data device is readonly (bsc#1192229). - zram-avoid-race-between-zram_remove-and-disksize_sto.patch: (bsc#1170269). - zram-don-t-fail-to-remove-zram-during-unloading-modu.patch: (bsc#1170269). - zram-fix-race-between-zram_reset_device-and-disksize.patch: (bsc#1170269). - zram-replace-fsync_bdev-with-sync_blockdev.patch: (bsc#1170269). Important SUSE bug 1094840 SUSE bug 1133021 SUSE bug 1152489 SUSE bug 1169263 SUSE bug 1170269 SUSE bug 1188601 SUSE bug 1190523 SUSE bug 1190795 SUSE bug 1191790 SUSE bug 1191851 SUSE bug 1191958 SUSE bug 1191961 SUSE bug 1191980 SUSE bug 1192045 SUSE bug 1192229 SUSE bug 1192273 SUSE bug 1192328 SUSE bug 1192718 SUSE bug 1192740 SUSE bug 1192745 SUSE bug 1192750 SUSE bug 1192753 SUSE bug 1192781 SUSE bug 1192802 SUSE bug 1192896 SUSE bug 1192906 SUSE bug 1192918 CVE-2021-0941 at SUSE CVE-2021-0941 at NVD CVE-2021-20322 at SUSE CVE-2021-20322 at NVD CVE-2021-31916 at SUSE CVE-2021-31916 at NVD CVE-2021-34981 at SUSE CVE-2021-34981 at NVD CVE-2021-37159 at SUSE CVE-2021-37159 at NVD CVE-2021-43389 at SUSE CVE-2021-43389 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for mozilla-nss fixes the following issues: Update to version 3.68.1: - CVE-2021-43527: Fixed a Heap overflow in NSS when verifying DER-encoded DSA or RSA-PSS signatures (bsc#1193170). Important SUSE bug 1193170 CVE-2021-43527 at SUSE CVE-2021-43527 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for glib-networking fixes the following issues: Update to version 2.62.4: - CVE-2020-13645: Fixed a connection failure when the server identity is unset (bsc#1172460). Important SUSE bug 1172460 CVE-2020-13645 at SUSE CVE-2020-13645 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for python-Babel fixes the following issues: - CVE-2021-42771: Fixed relative path traversal that may lead to arbitrary locale files loading and arbitrary code execution (bsc#1185768). Important SUSE bug 1185768 CVE-2021-42771 at SUSE CVE-2021-42771 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for gmp fixes the following issues: - CVE-2021-43618: Fixed buffer overflow via crafted input in mpz/inp_raw.c (bsc#1192717). Moderate SUSE bug 1192717 CVE-2021-43618 at SUSE CVE-2021-43618 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - Unprivileged BPF has been disabled by default to reduce attack surface as too many security issues have happened in the past (jsc#SLE-22573) You can reenable via systemctl setting /proc/sys/kernel/unprivileged_bpf_disabled to 0. (kernel.unprivileged_bpf_disabled = 0) - CVE-2021-0941: In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192045). - CVE-2021-31916: An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel A bound check failure allowed an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability (bnc#1192781). - CVE-2021-20322: Make the ipv4 and ipv6 ICMP exception caches less predictive to avoid information leaks about UDP ports in use. (bsc#1191790) - CVE-2021-34981: Fixed file refcounting in cmtp when cmtp_attach_device fails (bsc#1191961). - CVE-2021-43389: There was an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958). - CVE-2021-37159: hso_free_net_device in drivers/net/usb/hso.c called unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free (bnc#1188601). - CVE-2020-27820: Fixed a use-after-free in nouveau's postclose() handler that could have happened during device or driver removal (bnc#1179599). The following non-security bugs were fixed: - ABI: sysfs-kernel-slab: Document some stats (git-fixes). - ALSA: hda: Reduce udelay() at SKL+ position reporting (git-fixes). - ALSA: ua101: fix division by zero at probe (git-fixes). - ALSA: usb-audio: Add Audient iD14 to mixer map quirk table (git-fixes). - ALSA: usb-audio: Add Schiit Hel device to mixer map quirk table (git-fixes). - ASoC: cs42l42: Correct some register default values (git-fixes). - ASoC: cs42l42: Defer probe if request_threaded_irq() returns EPROBE_DEFER (git-fixes). - ASoC: cs42l42: Do not set defaults for volatile registers (git-fixes). - ASoC: dt-bindings: cs42l42: Correct description of ts-inv (git-fixes). - ASoC: mediatek: mt8195: Remove unsued irqs_lock (git-fixes). - ASoC: rockchip: Use generic dmaengine code (git-fixes). - ata: sata_mv: Fix the error handling of mv_chip_id() (git-fixes). - ath10k: fix control-message timeout (git-fixes). - ath10k: fix division by zero in send path (git-fixes). - ath10k: fix max antenna gain unit (git-fixes). - ath10k: Fix missing frame timestamp for beacon/probe-resp (git-fixes). - ath6kl: fix control-message timeout (git-fixes). - ath6kl: fix division by zero in send path (git-fixes). - ath9k: Fix potential interrupt storm on queue reset (git-fixes). - auxdisplay: ht16k33: Connect backlight to fbdev (git-fixes). - auxdisplay: ht16k33: Fix frame buffer device blanking (git-fixes). - auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty string (git-fixes). - b43: fix a lower bounds test (git-fixes). - b43legacy: fix a lower bounds test (git-fixes). - Bluetooth: btmtkuart: fix a memleak in mtk_hci_wmt_sync (git-fixes). - Bluetooth: fix init and cleanup of sco_conn.timeout_work (git-fixes). - bnxt_en: reject indirect blk offload when hw-tc-offload is off (jsc#SLE-8372 bsc#1153275). - bpf: Add kconfig knob for disabling unpriv bpf by default (jsc#SLE-22573) - bpf: Disallow unprivileged bpf by default (jsc#SLE-22573). - bpf: Fix potential race in tail call compatibility check (git-fixes). - btrfs: block-group: Rework documentation of check_system_chunk function (bsc#1192896). - btrfs: do not ignore error from btrfs_next_leaf() when inserting checksums (bsc#1193002). - btrfs: fix deadlock between chunk allocation and chunk btree modifications (bsc#1192896). - btrfs: fix fsync failure and transaction abort after writes to prealloc extents (bsc#1193002). - btrfs: fix lost inode on log replay after mix of fsync, rename and inode eviction (bsc#1192998). - btrfs: fix memory ordering between normal and ordered work functions (git-fixes). - btrfs: fix race causing unnecessary inode logging during link and rename (bsc#1192998). - btrfs: make checksum item extension more efficient (bsc#1193002). - btrfs: update comments for chunk allocation -ENOSPC cases (bsc#1192896). - cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem (git-fixes). - config: disable unprivileged BPF by default (jsc#SLE-22573) - crypto: caam - disable pkc for non-E SoCs (git-fixes). - crypto: qat - detect PFVF collision after ACK (git-fixes). - crypto: qat - disregard spurious PFVF interrupts (git-fixes). - driver core: add a min_align_mask field to struct device_dma_parameters (bsc#1191851). - drm/amdgpu: fix warning for overflow check (git-fixes). - drm/msm: Fix potential NULL dereference in DPU SSPP (git-fixes). - drm/sun4i: Fix macros in sun8i_csc.h (git-fixes). - drm/v3d: fix wait for TMU write combiner flush (git-fixes). - drm: prevent spectre issue in vmw_execbuf_ioctl (bsc#1192802). - EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell (bsc#1152489). - elfcore: fix building with clang (bsc#1169514). - exfat: fix erroneous discard when clear cluster bit (git-fixes). - exfat: handle wrong stream entry size in exfat_readdir() (git-fixes). - exfat: properly set s_time_gran (bsc#1192328). - exfat: truncate atimes to 2s granularity (bsc#1192328). - firmware/psci: fix application of sizeof to pointer (git-fixes). - fuse: fix page stealing (bsc#1192718). - genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP (bsc#1152489). - gpio: mpc8xxx: Use 'devm_gpiochip_add_data()' to simplify the code and avoid a leak (git-fixes). - gve: Add netif_set_xps_queue call (bsc#1176940). - gve: Add rx buffer pagecnt bias (bsc#1176940). - gve: Allow pageflips on larger pages (bsc#1176940). - gve: DQO: avoid unused variable warnings (bsc#1176940). - gve: Track RX buffer allocation failures (bsc#1176940). - HID: u2fzero: clarify error check and length calculations (git-fixes). - HID: u2fzero: properly handle timeouts in usb_submit_urb (git-fixes). - hwmon: (pmbus/lm25066) Add offset coefficients (git-fixes). - hwmon: (pmbus/lm25066) Let compiler determine outer dimension of lm25066_coeff (git-fixes). - hwmon: Fix possible memleak in __hwmon_device_register() (git-fixes). - hwrng: mtk - Force runtime pm ops for sleep ops (git-fixes). - ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510). - ibmvnic: delay complete() (bsc#1094840 ltc#167098 git-fixes). - ibmvnic: do not stop queue in xmit (bsc#1192273 ltc#194629). - ibmvnic: Process crqs after enabling interrupts (bsc#1192273 ltc#194629). - iio: dac: ad5446: Fix ad5622_write() return value (git-fixes). - Input: elantench - fix misreporting trackpoint coordinates (bsc#1192918). - Input: i8042 - Add quirk for Fujitsu Lifebook T725 (bsc#1191980). - kABI: Fix kABI after 36950f2da1ea (bsc#1191851). - kernel-*-subpackage: Add dependency on kernel scriptlets (bsc#1192740). - KVM: s390: extend kvm_s390_shadow_fault to return entry pointer (bsc#1133021). - KVM: s390: index kvm->arch.idle_mask by vcpu_idx (bsc#1133021). - KVM: s390: split kvm_s390_logical_to_effective (bsc#1133021). - KVM: s390: VSIE: correctly handle MVPG when in VSIE (bsc#1133021). - libertas: Fix possible memory leak in probe and disconnect (git-fixes). - libertas_tf: Fix possible memory leak in probe and disconnect (git-fixes). - media: cedrus: Fix SUNXI tile size calculation (git-fixes). - media: cx23885: Fix snd_card_free call on null card pointer (git-fixes). - media: cxd2880-spi: Fix a null pointer dereference on error handling path (git-fixes). - media: dvb-frontends: mn88443x: Handle errors of clk_prepare_enable() (git-fixes). - media: dvb-usb: fix ununit-value in az6027_rc_query (git-fixes). - media: em28xx: add missing em28xx_close_extension (git-fixes). - media: em28xx: Do not use ops->suspend if it is NULL (git-fixes). - media: i2c: ths8200 needs V4L2_ASYNC (git-fixes). - media: ite-cir: IR receiver stop working after receive overflow (git-fixes). - media: mtk-vpu: Fix a resource leak in the error handling path of 'mtk_vpu_probe()' (git-fixes). - media: mxl111sf: change mutex_init() location (git-fixes). - media: radio-wl1273: Avoid card name truncation (git-fixes). - media: si470x: Avoid card name truncation (git-fixes). - media: staging/intel-ipu3: css: Fix wrong size comparison imgu_css_fw_init (git-fixes). - media: TDA1997x: handle short reads of hdmi info frame (git-fixes). - media: tm6000: Avoid card name truncation (git-fixes). - media: v4l2-ioctl: Fix check_ext_ctrls (git-fixes). - media: v4l2-ioctl: S_CTRL output the right value (git-fixes). - memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe (git-fixes). - memstick: avoid out-of-range warning (git-fixes). - memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host() (git-fixes). - mm/hugetlb: initialize hugetlb_usage in mm_init (bsc#1192906). - mmc: mxs-mmc: disable regulator on error and in the remove function (git-fixes). - mmc: sdhci-omap: Fix NULL pointer exception if regulator is not configured (git-fixes). - mmc: sdhci: Map more voltage level to SDHCI_POWER_330 (git-fixes). - mt76: mt76x02: fix endianness warnings in mt76x02_mac.c (git-fixes). - mwifiex: fix division by zero in fw download path (git-fixes). - mwifiex: Send DELBA requests according to spec (git-fixes). - net: dsa: felix: re-enable TX flow control in ocelot_port_flush() (git-fixes). - net: mscc: ocelot: fix hardware timestamp dequeue logic. - net: mscc: ocelot: warn when a PTP IRQ is raised for an unknown skb (git-fixes). - nvme-pci: set min_align_mask (bsc#1191851). - objtool: Support Clang non-section symbols in ORC generation (bsc#1169514). - ocfs2: do not zero pages beyond i_size (bsc#1190795). - ocfs2: fix data corruption on truncate (bsc#1190795). - PCI/ACPI: Check for _OSC support in acpi_pci_osc_control_set() (bsc#1169263). - PCI/ACPI: Clarify message about _OSC failure (bsc#1169263). - PCI/ACPI: Move _OSC query checks to separate function (bsc#1169263). - PCI/ACPI: Move supported and control calculations to separate functions (bsc#1169263). - PCI/ACPI: Remove OSC_PCI_SUPPORT_MASKS and OSC_PCI_CONTROL_MASKS (bsc#1169263). - PCI/ACPI: Remove unnecessary osc_lock (bsc#1169263). - PCI: aardvark: Do not clear status bits of masked interrupts (git-fixes). - PCI: aardvark: Do not spam about PIO Response Status (git-fixes). - PCI: aardvark: Do not unmask unused interrupts (git-fixes). - PCI: aardvark: Fix checking for link up via LTSSM state (git-fixes). - PCI: aardvark: Fix reporting Data Link Layer Link Active (git-fixes). - PCI: aardvark: Fix return value of MSI domain .alloc() method (git-fixes). - PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG (git-fixes). - PCI: pci-bridge-emul: Fix emulation of W1C bits (git-fixes). - PCI: uniphier: Serialize INTx masking/unmasking and fix the bit operation (git-fixes). - pinctrl: core: fix possible memory leak in pinctrl_enable() (git-fixes). - platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning (git-fixes). - power: supply: bq27xxx: Fix kernel crash on IRQ handler register error (git-fixes). - power: supply: max17042_battery: Prevent int underflow in set_soc_threshold (git-fixes). - power: supply: max17042_battery: use VFSOC for capacity when no rsns (git-fixes). - power: supply: rt5033 battery: Change voltage values to ca 5V (git-fixes). - printk/console: Allow to disable console output by using console='' or console=null (bsc#1192753). - printk: handle blank console arguments passed in (bsc#1192753). - printk: Remove printk.h inclusion in percpu.h (bsc#1192987). - qtnfmac: fix potential Spectre vulnerabilities (bsc#1192802). - r8152: add a helper function about setting EEE (git-fixes). - r8152: Add macpassthru support for ThinkPad Thunderbolt 3 Dock Gen 2 (git-fixes). - r8152: Disable PLA MCU clock speed down (git-fixes). - r8152: disable U2P3 for RTL8153B (git-fixes). - r8152: divide the tx and rx bottom functions (git-fixes). - r8152: do not enable U1U2 with USB_SPEED_HIGH for RTL8153B (git-fixes). - r8152: fix runtime resume for linking change (git-fixes). - r8152: replace array with linking list for rx information (git-fixes). - r8152: reset flow control patch when linking on for RTL8153B (git-fixes). - r8152: saving the settings of EEE (git-fixes). - r8152: separate the rx buffer size (git-fixes). - r8152: use alloc_pages for rx buffer (git-fixes). - regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-dvs-idx property (git-fixes). - regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled (git-fixes). - Revert 'ibmvnic: check failover_pending in login response' (bsc#1190523 ltc#194510). - Revert 'platform/x86: i2c-multi-instantiate: Do not create platform device for INT3515 ACPI nodes' (git-fixes). - Revert 'r8152: adjust the settings about MAC clock speed down for RTL8153' (git-fixes). - Revert 'scsi: ufs: fix a missing check of devm_reset_control_get' (git-fixes). - Revert 'x86/kvm: fix vcpu-id indexed array sizes' (git-fixes). - rndis_host: set proper input size for OID_GEN_PHYSICAL_MEDIUM request (git-fixes). - rsi: fix control-message timeout (git-fixes). - rsi: Fix module dev_oper_mode parameter description (git-fixes). - rsi: stop thread firstly in rsi_91x_init() error handling (git-fixes). - rtl8187: fix control-message timeouts (git-fixes). - s390/qeth: fix deadlock during failing recovery (git-fixes). - s390/qeth: Fix deadlock in remove_discipline (git-fixes). - s390/qeth: fix NULL deref in qeth_clear_working_pool_list() (git-fixes). - scsi: be2iscsi: Fix an error handling path in beiscsi_dev_probe() (git-fixes). - scsi: BusLogic: Fix missing pr_cont() use (git-fixes). - scsi: core: Fix spelling in a source code comment (git-fixes). - scsi: csiostor: Add module softdep on cxgb4 (git-fixes). - scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn() (git-fixes). - scsi: dc395: Fix error case unwinding (git-fixes). - scsi: fdomain: Fix error return code in fdomain_probe() (git-fixes). - scsi: FlashPoint: Rename si_flags field (git-fixes). - scsi: iscsi: Fix iface sysfs attr detection (git-fixes). - scsi: libsas: Use _safe() loop in sas_resume_port() (git-fixes). - scsi: mpt3sas: Fix error return value in _scsih_expander_add() (git-fixes). - scsi: qedf: Add pointer checks in qedf_update_link_speed() (git-fixes). - scsi: qedf: Fix error codes in qedf_alloc_global_queues() (git-fixes). - scsi: qedi: Fix error codes in qedi_alloc_global_queues() (git-fixes). - scsi: qla2xxx: Fix a memory leak in an error path of qla2x00_process_els() (git-fixes). - scsi: qla2xxx: Make sure that aborted commands are freed (git-fixes). - scsi: smartpqi: Fix an error code in pqi_get_raid_map() (git-fixes). - scsi: snic: Fix an error message (git-fixes). - scsi: ufs-pci: Add quirk for broken auto-hibernate for Intel EHL (git-fixes). - scsi: ufs: ufshcd-pltfrm: Fix memory leak due to probe defer (git-fixes). - serial: 8250_dw: Drop wrong use of ACPI_PTR() (git-fixes). - serial: xilinx_uartps: Fix race condition causing stuck TX (git-fixes). - staging: r8712u: fix control-message timeout (git-fixes). - staging: rtl8192u: fix control-message timeouts (git-fixes). - stmmac: platform: Fix signedness bug in stmmac_probe_config_dt() (git-fixes). - swiotlb: add a IO_TLB_SIZE define (bsc#1191851). - swiotlb: clean up swiotlb_tbl_unmap_single (bsc#1191851). - swiotlb: do not modify orig_addr in swiotlb_tbl_sync_single (bsc#1191851). - swiotlb: factor out a nr_slots helper (bsc#1191851). - swiotlb: factor out an io_tlb_offset helper (bsc#1191851). - swiotlb: refactor swiotlb_tbl_map_single (bsc#1191851). - swiotlb: respect min_align_mask (bsc#1191851). - swiotlb: Split size parameter to map/unmap APIs (bsc#1191851). - tpm: Check for integer overflow in tpm2_map_response_body() (git-fixes). - tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker together (bsc#1192745). - Update config files: Add CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set - usb: gadget: hid: fix error code in do_config() (git-fixes). - usb: iowarrior: fix control-message timeouts (git-fixes). - usb: max-3421: Use driver data instead of maintaining a list of bound devices (git-fixes). - usb: musb: Balance list entry in musb_gadget_queue (git-fixes). - usb: serial: keyspan: fix memleak on probe errors (git-fixes). - usbnet: fix error return code in usbnet_probe() (git-fixes). - usbnet: sanity check for maxpacket (git-fixes). - video: fbdev: chipsfb: use memset_io() instead of memset() (git-fixes). - virtio-gpu: fix possible memory allocation failure (git-fixes). - wcn36xx: Add ability for wcn36xx_smd_dump_cmd_req to pass two's complement (git-fixes). - wcn36xx: add proper DMA memory barriers in rx path (git-fixes). - wcn36xx: Fix HT40 capability for 2Ghz band (git-fixes). - x86/ioapic: Force affinity setup before startup (bsc#1152489). - x86/msi: Force affinity setup before startup (bsc#1152489). - x86/sme: Use #define USE_EARLY_PGTABLE_L5 in mem_encrypt_identity.c (bsc#1152489). - x86/xen: Mark cpu_bringup_and_idle() as dead_end_function (git-fixes). - xen-pciback: Fix return in pm_ctrl_init() (git-fixes). - xen: Fix implicit type conversion (git-fixes). - xfs: do not allow log writes if the data device is readonly (bsc#1192229). - zram-avoid-race-between-zram_remove-and-disksize_sto.patch: (bsc#1170269). - zram-don-t-fail-to-remove-zram-during-unloading-modu.patch: (bsc#1170269). - zram-fix-race-between-zram_reset_device-and-disksize.patch: (bsc#1170269). - zram-replace-fsync_bdev-with-sync_blockdev.patch: (bsc#1170269). Important SUSE bug 1094840 SUSE bug 1133021 SUSE bug 1152489 SUSE bug 1153275 SUSE bug 1169263 SUSE bug 1169514 SUSE bug 1170269 SUSE bug 1176940 SUSE bug 1179599 SUSE bug 1188601 SUSE bug 1190523 SUSE bug 1190795 SUSE bug 1191790 SUSE bug 1191851 SUSE bug 1191958 SUSE bug 1191961 SUSE bug 1191980 SUSE bug 1192045 SUSE bug 1192229 SUSE bug 1192273 SUSE bug 1192328 SUSE bug 1192718 SUSE bug 1192740 SUSE bug 1192745 SUSE bug 1192750 SUSE bug 1192753 SUSE bug 1192781 SUSE bug 1192802 SUSE bug 1192896 SUSE bug 1192906 SUSE bug 1192918 SUSE bug 1192987 SUSE bug 1192998 SUSE bug 1193002 CVE-2020-27820 at SUSE CVE-2020-27820 at NVD CVE-2021-0941 at SUSE CVE-2021-0941 at NVD CVE-2021-20322 at SUSE CVE-2021-20322 at NVD CVE-2021-31916 at SUSE CVE-2021-31916 at NVD CVE-2021-34981 at SUSE CVE-2021-34981 at NVD CVE-2021-37159 at SUSE CVE-2021-37159 at NVD CVE-2021-43389 at SUSE CVE-2021-43389 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for python3 fixes the following issues: - CVE-2021-3737: Fixed http client infinite line reading (DoS) after a http 100. (bsc#1189241) - CVE-2021-3733: Fixed ReDoS in urllib.request. (bsc#1189287) - CVE-2021-3426: Fixed an information disclosure via pydoc. (bsc#1183374) - Rebuild to get new headers, avoid building in support for stropts.h (bsc#1187338). Moderate SUSE bug 1180125 SUSE bug 1183374 SUSE bug 1183858 SUSE bug 1185588 SUSE bug 1187338 SUSE bug 1187668 SUSE bug 1189241 SUSE bug 1189287 CVE-2021-3426 at SUSE CVE-2021-3426 at NVD CVE-2021-3733 at SUSE CVE-2021-3733 at NVD CVE-2021-3737 at SUSE CVE-2021-3737 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for p11-kit fixes the following issues: - CVE-2020-29361: Fixed multiple integer overflows in rpc code (bsc#1180064) - Add support for CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER (bsc#1187993). Important SUSE bug 1180064 SUSE bug 1187993 CVE-2020-29361 at SUSE CVE-2020-29361 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for runc fixes the following issues: Update to runc v1.0.3. * CVE-2021-43784: Fixed a potential vulnerability related to the internal usage of netlink, which is believed to not be exploitable with any released versions of runc (bsc#1193436) * Fixed inability to start a container with read-write bind mount of a read-only fuse host mount. * Fixed inability to start when read-only /dev in set in spec. * Fixed not removing sub-cgroups upon container delete, when rootless cgroup v2 is used with older systemd. * Fixed returning error from GetStats when hugetlb is unsupported (which causes excessive logging for kubernetes). Moderate SUSE bug 1193436 CVE-2021-43784 at SUSE CVE-2021-43784 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for permissions fixes the following issues: - Update to version 20181225: * drop ping capabilities in favor of ICMP_PROTO sockets (bsc#1174504) Moderate SUSE bug 1174504 cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for kernel-firmware fixes the following issues: - CVE-2019-15126: Updated Broadcom firmware to fix Kr00k bug (bsc#1167162). Low SUSE bug 1167162 CVE-2019-15126 at SUSE CVE-2019-15126 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-26930: Fixed an improper error handling in blkback's grant mapping (XSA-365 bsc#1181843). - CVE-2021-26931: Fixed an issue where Linux kernel was treating grant mapping errors as bugs (XSA-362 bsc#1181753). - CVE-2021-26932: Fixed improper error handling issues in Linux grant mapping (XSA-361 bsc#1181747). by remote attackers to read or write files via directory traversal in an XCOPY request (bsc#178372). - CVE-2020-12362: Fixed an integer overflow in the firmware which may have allowed a privileged user to potentially enable an escalation of privilege via local access (bsc#1181720). - CVE-2020-12363: Fixed an improper input validation which may have allowed a privileged user to potentially enable a denial of service via local access (bsc#1181735). - CVE-2020-12364: Fixed a null pointer reference which may have allowed a privileged user to potentially enable a denial of service via local access (bsc#1181736 ). - CVE-2020-12373: Fixed an expired pointer dereference which may have allowed a privileged user to potentially enable a denial of service via local access (bsc#1181738). - CVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write implementation which could have granted unintended write access because of a race condition in a THP mapcount check (bsc#1179660, bsc#1179428). The following non-security bugs were fixed: - ACPI: configfs: add missing check after configfs_register_default_group() (git-fixes). - ACPI: property: Fix fwnode string properties matching (git-fixes). - ACPI: property: Satisfy kernel doc validator (part 1) (git-fixes). - ACPI: property: Satisfy kernel doc validator (part 2) (git-fixes). - ALSA: hda: Add another CometLake-H PCI ID (git-fixes). - ALSA: hda/hdmi: Drop bogus check at closing a stream (git-fixes). - ALSA: hda/realtek: modify EAPD in the ALC886 (git-fixes). - ALSA: pcm: Assure sync with the pending stop operation at suspend (git-fixes). - ALSA: pcm: Call sync_stop at disconnection (git-fixes). - ALSA: pcm: Do not call sync_stop if it hasn't been stopped (git-fixes). - ALSA: usb-audio: Add implicit fb quirk for BOSS GP-10 (git-fixes). - ALSA: usb-audio: Correct document for snd_usb_endpoint_free_all() (git-fixes). - ALSA: usb-audio: Do not avoid stopping the stream at disconnection (git-fixes). - ALSA: usb-audio: Fix PCM buffer allocation in non-vmalloc mode (git-fixes). - ALSA: usb-audio: Handle invalid running state at releasing EP (git-fixes). - ALSA: usb-audio: More strict state change in EP (git-fixes). - amba: Fix resource leak for drivers without .remove (git-fixes). - arm64: Update config file. Set CONFIG_WATCHDOG_SYSFS to true (bsc#1182560) - ASoC: cpcap: fix microphone timeslot mask (git-fixes). - ASoC: cs42l56: fix up error handling in probe (git-fixes). - ASoC: simple-card-utils: Fix device module clock (git-fixes). - ASoC: SOF: debug: Fix a potential issue on string buffer termination (git-fixes). - ata: ahci_brcm: Add back regulators management (git-fixes). - ata: sata_nv: Fix retrieving of active qcs (git-fixes). - ath10k: Fix error handling in case of CE pipe init failure (git-fixes). - ath9k: fix data bus crash when setting nf_override via debugfs (git-fixes). - bcache: fix overflow in offset_to_stripe() (git-fixes). - blk-mq: call commit_rqs while list empty but error happen (bsc#1182442). - blk-mq: insert request not through ->queue_rq into sw/scheduler queue (bsc#1182443). - blk-mq: move cancel of hctx->run_work to the front of blk_exit_queue (bsc#1182444). - block: fix inflight statistics of part0 (bsc#1182445). - block: respect queue limit of max discard segment (bsc#1182441). - block: virtio_blk: fix handling single range discard request (bsc#1182439). - Bluetooth: btqcomsmd: Fix a resource leak in error handling paths in the probe function (git-fixes). - Bluetooth: btusb: Fix memory leak in btusb_mtk_wmt_recv (git-fixes). - Bluetooth: drop HCI device reference before return (git-fixes). - Bluetooth: Fix initializing response id after clearing struct (git-fixes). - Bluetooth: hci_uart: Fix a race for write_work scheduling (git-fixes). - Bluetooth: Put HCI device if inquiry procedure interrupts (git-fixes). - bnxt_en: Fix accumulation of bp->net_stats_prev (git-fixes). - bnxt_en: fix error return code in bnxt_init_board() (git-fixes). - bnxt_en: fix error return code in bnxt_init_one() (git-fixes). - bnxt_en: Improve stats context resource accounting with RDMA driver loaded (git-fixes). - bnxt_en: read EEPROM A2h address using page 0 (git-fixes). - bnxt_en: Release PCI regions when DMA mask setup fails during probe (git-fixes). - bonding: Fix reference count leak in bond_sysfs_slave_add (git-fixes). - bonding: set dev->needed_headroom in bond_setup_by_slave() (git-fixes). - bonding: wait for sysfs kobject destruction before freeing struct slave (git-fixes). - bpf, cgroup: Fix optlen WARN_ON_ONCE toctou (bsc#1155518). - bpf, cgroup: Fix problematic bounds check (bsc#1155518). - btrfs: add assertion for empty list of transactions at late stage of umount (bsc#1182626). - btrfs: Cleanup try_flush_qgroup (bsc#1182047). - btrfs: Do not flush from btrfs_delayed_inode_reserve_metadata (bsc#1182047). - btrfs: Fix race between extent freeing/allocation when using bitmaps (bsc#1181574). - btrfs: fix race between RO remount and the cleaner task (bsc#1182626). - btrfs: fix transaction leak and crash after cleaning up orphans on RO mount (bsc#1182626). - btrfs: fix transaction leak and crash after RO remount caused by qgroup rescan (bsc#1182626). - btrfs: Free correct amount of space in btrfs_delayed_inode_reserve_metadata (bsc#1182047). - btrfs: lift read-write mount setup from mount and remount (bsc#1182626). - btrfs: Remove btrfs_inode from btrfs_delayed_inode_reserve_metadata (bsc#1182047). - btrfs: run delayed iputs when remounting RO to avoid leaking them (bsc#1182626). - btrfs: Simplify code flow in btrfs_delayed_inode_reserve_metadata (bsc#1182047). - btrfs: Unlock extents in btrfs_zero_range in case of errors (bsc#1182047). - caif: no need to check return value of debugfs_create functions (git-fixes). - ceph: fix flush_snap logic after putting caps (bsc#1182854). - cgroup: Fix memory leak when parsing multiple source parameters (bsc#1182683). - cgroup: fix psi monitor for root cgroup (bsc#1182686). - cgroup-v1: add disabled controller check in cgroup1_parse_param() (bsc#1182684). - chelsio/chtls: correct function return and return type (git-fixes). - chelsio/chtls: correct netdevice for vlan interface (git-fixes). - chelsio/chtls: fix a double free in chtls_setkey() (git-fixes). - chelsio/chtls: fix always leaking ctrl_skb (git-fixes). - chelsio/chtls: fix deadlock issue (git-fixes). - chelsio/chtls: fix memory leaks caused by a race (git-fixes). - chelsio/chtls: fix memory leaks in CPL handlers (git-fixes). - chelsio/chtls: fix panic during unload reload chtls (git-fixes). - chelsio/chtls: fix socket lock (git-fixes). - chelsio/chtls: fix tls record info to user (git-fixes). - Cherry-pick ibmvnic patches from SP3 (jsc#SLE-17268). - chtls: Added a check to avoid NULL pointer dereference (git-fixes). - chtls: Fix chtls resources release sequence (git-fixes). - chtls: Fix hardware tid leak (git-fixes). - chtls: Fix panic when route to peer not configured (git-fixes). - chtls: Remove invalid set_tcb call (git-fixes). - chtls: Replace skb_dequeue with skb_peek (git-fixes). - cifs: check all path components in resolved dfs target (bsc#1181710). - cifs: fix nodfs mount option (bsc#1181710). - cifs: introduce helper for finding referral server (bsc#1181710). - cifs: report error instead of invalid when revalidating a dentry fails (bsc#1177440). - cirrus: cs89x0: remove set but not used variable 'lp' (git-fixes). - cirrus: cs89x0: use devm_platform_ioremap_resource() to simplify code (git-fixes). - clk: meson: clk-pll: fix initializing the old rate (fallback) for a PLL (git-fixes). - clk: meson: clk-pll: make 'ret' a signed integer (git-fixes). - clk: meson: clk-pll: propagate the error from meson_clk_pll_set_rate() (git-fixes). - clk: qcom: gcc-msm8998: Fix Alpha PLL type for all GPLLs (git-fixes). - clk: sunxi-ng: h6: Fix CEC clock (git-fixes). - clk: sunxi-ng: h6: Fix clock divider range on some clocks (git-fixes). - clk: sunxi-ng: mp: fix parent rate change flag check (git-fixes). - clocksource/drivers/ixp4xx: Select TIMER_OF when needed (git-fixes). - cpufreq: brcmstb-avs-cpufreq: Fix resource leaks in ->remove() (git-fixes). - cpufreq: brcmstb-avs-cpufreq: Free resources in error path (git-fixes). - cpuset: fix race between hotplug work and later CPU offline (bsc#1182676). - crypto: ecdh_helper - Ensure 'len >= secret.len' in decode_key() (git-fixes). - crypto: talitos - Work around SEC6 ERRATA (AES-CTR mode data size error) (git-fixes). - cxgb3: fix error return code in t3_sge_alloc_qset() (git-fixes). - cxgb4: fix all-mask IP address comparison (git-fixes). - cxgb4: fix checks for max queues to allocate (git-fixes). - cxgb4: fix endian conversions for L4 ports in filters (git-fixes). - cxgb4: fix set but unused variable when DCB is disabled (git-fixes). - cxgb4: fix SGE queue dump destination buffer context (git-fixes). - cxgb4: fix the panic caused by non smac rewrite (git-fixes). - cxgb4: move DCB version extern to header file (git-fixes). - cxgb4: move handling L2T ARP failures to caller (git-fixes). - cxgb4: move PTP lock and unlock to caller in Tx path (git-fixes). - cxgb4: parse TC-U32 key values and masks natively (git-fixes). - cxgb4: remove cast when saving IPv4 partial checksum (git-fixes). - cxgb4: set up filter action after rewrites (git-fixes). - cxgb4: use correct type for all-mask IP address comparison (git-fixes). - cxgb4: use unaligned conversion for fetching timestamp (git-fixes). - dmaengine: fsldma: Fix a resource leak in an error handling path of the probe function (git-fixes). - dmaengine: fsldma: Fix a resource leak in the remove function (git-fixes). - dmaengine: hsu: disable spurious interrupt (git-fixes). - dmaengine: owl-dma: Fix a resource leak in the remove function (git-fixes). - dm crypt: avoid truncating the logical block size (git-fixes). - dm: fix bio splitting and its bio completion order for regular IO (git-fixes). - dm thin: fix use-after-free in metadata_pre_commit_callback (bsc#1177529). - dm thin metadata: Avoid returning cmd->bm wild pointer on error (bsc#1177529). - dm thin metadata: fix lockdep complaint (bsc#1177529). - dm thin metadata: Fix use-after-free in dm_bm_set_read_only (bsc#1177529). - dm: use noio when sending kobject event (bsc#1177529). - docs: filesystems: vfs: correct flag name (bsc#1182856). - dpaa2-eth: fix return codes used in ndo_setup_tc (git-fixes). - drivers: hv: vmbus: Avoid use-after-free in vmbus_onoffer_rescind() (git-fixes). - drivers: net: davinci_mdio: fix potential NULL dereference in davinci_mdio_probe() (git-fixes). - drivers: soc: atmel: add null entry at the end of at91_soc_allowed_list[] (git-fixes). - drivers: soc: atmel: Avoid calling at91_soc_init on non AT91 SoCs (git-fixes). - drm/amd/display: Change function decide_dp_link_settings to avoid infinite looping (git-fixes). - drm/amd/display: Decrement refcount of dc_sink before reassignment (git-fixes). - drm/amd/display: Fix 10/12 bpc setup in DCE output bit depth reduction (git-fixes). - drm/amd/display: Fix dc_sink kref count in emulated_link_detect (git-fixes). - drm/amd/display: Fix HDMI deep color output for DCE 6-11 (git-fixes). - drm/amd/display: Free atomic state after drm_atomic_commit (git-fixes). - drm/amd/display: Revert 'Fix EDID parsing after resume from suspend' (git-fixes). - drm/amdgpu: Fix macro name _AMDGPU_TRACE_H_ in preprocessor if condition (git-fixes). - drm/fb-helper: Add missed unlocks in setcmap_legacy() (git-fixes). - drm/gma500: Fix error return code in psb_driver_load() (git-fixes). - drm/meson: Unbind all connectors on module removal (bsc#1152472) - drm/sun4i: dw-hdmi: always set clock rate (bsc#1152472) - drm/sun4i: dw-hdmi: Fix max. frequency for H6 (bsc#1152472) - drm/sun4i: Fix H6 HDMI PHY configuration (bsc#1152472) - drm/sun4i: tcon: set sync polarity for tcon1 channel (bsc#1152472) - drm/vc4: hvs: Fix buffer overflow with the dlist handling (bsc#1152489) - Drop HID logitech patch that caused a regression (bsc#1182259) - exec: Always set cap_ambient in cap_bprm_set_creds (git-fixes). - exfat: Avoid allocating upcase table using kcalloc() (git-fixes). - ext4: do not remount read-only with errors=continue on reboot (bsc#1182464). - ext4: fix a memory leak of ext4_free_data (bsc#1182447). - ext4: fix bug for rename with RENAME_WHITEOUT (bsc#1182449). - ext4: fix deadlock with fs freezing and EA inodes (bsc#1182463). - ext4: fix superblock checksum failure when setting password salt (bsc#1182465). - ext4: prevent creating duplicate encrypted filenames (bsc#1182446). - fgraph: Initialize tracing_graph_pause at task creation (git-fixes). - firmware_loader: align .builtin_fw to 8 (git-fixes). - fscrypt: add fscrypt_is_nokey_name() (bsc#1182446). - fscrypt: rename DCACHE_ENCRYPTED_NAME to DCACHE_NOKEY_NAME (bsc#1182446). - fs: fix lazytime expiration handling in __writeback_single_inode() (bsc#1182466). - gma500: clean up error handling in init (git-fixes). - gpio: pcf857x: Fix missing first interrupt (git-fixes). - HID: core: detect and skip invalid inputs to snto32() (git-fixes). - HID: make arrays usage and value to be the same (git-fixes). - HID: wacom: Ignore attempts to overwrite the touch_max value from HID (git-fixes). - hwrng: timeriomem - Fix cooldown period calculation (git-fixes). - i2c: brcmstb: Fix brcmstd_send_i2c_cmd condition (git-fixes). - i2c: iproc: handle only slave interrupts which are enabled (git-fixes). - i2c: mediatek: Move suspend and resume handling to NOIRQ phase (git-fixes). - i2c: stm32f7: fix configuration of the digital filter (git-fixes). - i3c: master: dw: Drop redundant disec call (git-fixes). - i40e: acquire VSI pointer only after VF is initialized (jsc#SLE-8025). - i40e: avoid premature Rx buffer reuse (git-fixes). - i40e: Fix Error I40E_AQ_RC_EINVAL when removing VFs (git-fixes). - i40e: Fix MAC address setting for a VF via Host/VM (git-fixes). - i40e: Fix removing driver while bare-metal VFs pass traffic (git-fixes). - i40e: Revert 'i40e: do not report link up for a VF who hasn't enabled queues' (jsc#SLE-8025). - iavf: fix double-release of rtnl_lock (git-fixes). - iavf: fix error return code in iavf_init_get_resources() (git-fixes). - iavf: fix speed reporting over virtchnl (git-fixes). - iavf: Fix updating statistics (git-fixes). - ibmvnic: add memory barrier to protect long term buffer (bsc#1182485 ltc#191591). - ibmvnic: change IBMVNIC_MAX_IND_DESCS to 16 (bsc#1182485 ltc#191591). - ibmvnic: Clean up TX code and TX buffer data structure (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Clear failover_pending if unable to schedule (bsc#1181960 ltc#190997). - ibmvnic: compare adapter->init_done_rc with more readable ibmvnic_rc_codes (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Correctly re-enable interrupts in NAPI polling routine (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: create send_control_ip_offload (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: create send_query_ip_offload (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: device remove has higher precedence over reset (bsc#1065729). - ibmvnic: Do not replenish RX buffers after every polling loop (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Ensure that CRQ entry read are correctly ordered (bsc#1182485 ltc#191591). - ibmvnic: Ensure that device queue memory is cache-line aligned (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Ensure that SCRQ entry reads are correctly ordered (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: fix a race between open and reset (bsc#1176855 ltc#187293). - ibmvnic: fix login buffer memory leak (bsc#1081134 ltc#164631). - ibmvnic: fix NULL pointer dereference in ibmvic_reset_crq (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: fix rx buffer tracking and index management in replenish_rx_pool partial success (bsc#1179929 ltc#189960). - ibmvnic: Fix TX completion error handling (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Fix use-after-free of VNIC login response buffer (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: handle inconsistent login with reset (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Harden device Command Response Queue handshake (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: improve ibmvnic_init and ibmvnic_reset_init (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Introduce batched RX buffer descriptor transmission (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Introduce indirect subordinate Command Response Queue buffer (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Introduce xmit_more support using batched subCRQ hcalls (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: merge ibmvnic_reset_init and ibmvnic_init (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: no reset timeout for 5 seconds after reset (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: reduce wait for completion time (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: remove never executed if statement (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Remove send_subcrq function (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: rename ibmvnic_send_req_caps to send_request_cap (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: rename send_cap_queries to send_query_cap (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: rename send_map_query to send_query_map (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: send_login should check for crq errors (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: serialize access to work queue on remove (bsc#1065729). - ibmvnic: Set to CLOSED state even on error (bsc#1084610 ltc#165122 git-fixes). - ibmvnic: skip send_request_unmap for timeout reset (bsc#1182485 ltc#191591). - ibmvnic: skip tx timeout reset while in resetting (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: stop free_all_rwi on failed reset (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: store RX and TX subCRQ handle array in ibmvnic_adapter struct (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: track pending login (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: update MAINTAINERS (jsc#SLE-17043 bsc#1179243 ltc#189290). - ibmvnic: Use netdev_alloc_skb instead of alloc_skb to replenish RX buffers (jsc#SLE-17043 bsc#1179243 ltc#189290). - ice: Do not allow more channels than LAN MSI-X available (jsc#SLE-7926). - ice: Fix MSI-X vector fallback logic (jsc#SLE-7926). - igc: check return value of ret_val in igc_config_fc_after_link_up (git-fixes). - igc: fix link speed advertising (git-fixes). - igc: Fix returning wrong statistics (git-fixes). - igc: Report speed and duplex as unknown when device is runtime suspended (git-fixes). - igc: set the default return value to -IGC_ERR_NVM in igc_write_nvm_srwr (git-fixes). - include/linux/memremap.h: remove stale comments (git-fixes). - Input: elo - fix an error code in elo_connect() (git-fixes). - Input: i8042 - unbreak Pegatron C15B (git-fixes). - Input: joydev - prevent potential read overflow in ioctl (git-fixes). - Input: sur40 - fix an error code in sur40_probe() (git-fixes). - Input: xpad - sync supported devices with fork on GitHub (git-fixes). - iwlwifi: mvm: do not send RFH_QUEUE_CONFIG_CMD with no queues (git-fixes). - iwlwifi: mvm: guard against device removal in reprobe (git-fixes). - iwlwifi: mvm: invalidate IDs of internal stations at mvm start (git-fixes). - iwlwifi: mvm: skip power command when unbinding vif during CSA (git-fixes). - iwlwifi: mvm: take mutex for calling iwl_mvm_get_sync_time() (git-fixes). - iwlwifi: pcie: add a NULL check in iwl_pcie_txq_unmap (git-fixes). - iwlwifi: pcie: fix context info memory leak (git-fixes). - iwlwifi: pcie: reschedule in long-running memory reads (git-fixes). - iwlwifi: pcie: use jiffies for memory read spin time limit (git-fixes). - ixgbe: avoid premature Rx buffer reuse (git-fixes). - ixgbe: Fix XDP redirect on archs with PAGE_SIZE above 4K (git-fixes). - kABI: Fix kABI after AMD SEV PCID fixes (bsc#1178995). - kABI: Fix kABI after modifying struct __call_single_data (bsc#1180846). - kABI: Fix kABI for extended APIC-ID support (bsc#1181259, jsc#ECO-3191). - kABI: repair, after 'nVMX: Emulate MTF when performinginstruction emulation' kvm_x86_ops is part of kABI as it's used by LTTng. But it's only read and never allocated in there, so growing it (without altering existing members' offsets) is fine. - kernel-binary.spec: Add back initrd and image symlink ghosts to filelist (bsc#1182140). Fixes: 76a9256314c3 ('rpm/kernel-{source,binary}.spec: do not include ghost symlinks (boo#1179082).') - kernel/smp: add boot parameter for controlling CSD lock debugging (bsc#1180846). - kernel/smp: add more data to CSD lock debugging (bsc#1180846). - kernel/smp: prepare more CSD lock debugging (bsc#1180846). - kernel/smp: Provide CSD lock timeout diagnostics (bsc#1180846). - KVM: arm64: Assume write fault on S1PTW permission fault on instruction fetch (bsc#1181818). - KVM: arm64: Remove S1PTW check from kvm_vcpu_dabt_iswrite() (bsc#1181818). - KVM: nVMX: do not clear mtf_pending when nested events are blocked (bsc#1182489). - KVM: nVMX: Emulate MTF when performing instruction emulation (bsc#1182380). - KVM: nVMX: Handle pending #DB when injecting INIT VM-exit. Pulling in as a dependency of: 'KVM: nVMX: Emulate MTF when performing instruction emulation' (bsc#1182380). - KVM: SVM: Update cr3_lm_rsvd_bits for AMD SEV guests (bsc#1178995). - KVM: tracing: Fix unmatched kvm_entry and kvm_exit events (bsc#1182770). - KVM: VMX: Condition ENCLS-exiting enabling on CPU support for SGX1 (bsc#1182798). - KVM: x86: Allocate new rmap and large page tracking when moving memslot (bsc#1182800). - KVM: x86: allow KVM_STATE_NESTED_MTF_PENDING in kvm_state flags (bsc#1182490). - KVM: x86: clear stale x86_emulate_ctxt->intercept value (bsc#1182381). - KVM: x86: do not notify userspace IOAPIC on edge-triggered interrupt EOI (bsc#1182374). - KVM: x86: Gracefully handle __vmalloc() failure during VM allocation (bsc#1182801). - KVM: x86: Introduce cr3_lm_rsvd_bits in kvm_vcpu_arch (bsc#1178995). - KVM: x86: remove stale comment from struct x86_emulate_ctxt (bsc#1182406). - libnvdimm/dimm: Avoid race between probe and available_slots_show() (bsc#1170442). - lib/vsprintf: no_hash_pointers prints all addresses as unhashed (bsc#1182599). - linux/clk.h: use correct kernel-doc notation for 2 functions (git-fixes). - mac80211: 160MHz with extended NSS BW in CSA (git-fixes). - mac80211: fix fast-rx encryption check (git-fixes). - mac80211: fix potential overflow when multiplying to u32 integers (git-fixes). - mac80211: pause TX while changing interface type (git-fixes). - macros.kernel-source: Use spec_install_pre for certificate installation (boo#1182672). Since rpm 4.16 files installed during build phase are lost. - MAINTAINERS: remove John Allen from ibmvnic (jsc#SLE-17043 bsc#1179243 ltc#189290). - matroxfb: avoid -Warray-bounds warning (bsc#1152472) - media: aspeed: fix error return code in aspeed_video_setup_video() (git-fixes). - media: camss: missing error code in msm_video_register() (git-fixes). - media: cx25821: Fix a bug when reallocating some dma memory (git-fixes). - media: em28xx: Fix use-after-free in em28xx_alloc_urbs (git-fixes). - media: i2c: ov5670: Fix PIXEL_RATE minimum value (git-fixes). - media: ipu3-cio2: Fix mbus_code processing in cio2_subdev_set_fmt() (git-fixes). - media: lmedm04: Fix misuse of comma (git-fixes). - media: media/pci: Fix memleak in empress_init (git-fixes). - media: mt9v111: Remove unneeded device-managed puts (git-fixes). - media: pwc: Use correct device for DMA (bsc#1181133). - media: pxa_camera: declare variable when DEBUG is defined (git-fixes). - media: qm1d1c0042: fix error return code in qm1d1c0042_init() (git-fixes). - media: software_node: Fix refcounts in software_node_get_next_child() (git-fixes). - media: tm6000: Fix memleak in tm6000_start_stream (git-fixes). - media: vsp1: Fix an error handling path in the probe function (git-fixes). - mei: hbm: call mei_set_devstate() on hbm stop response (git-fixes). - memory: ti-aemif: Drop child node when jumping out loop (git-fixes). - mfd: bd9571mwv: Use devm_mfd_add_devices() (git-fixes). - mfd: wm831x-auxadc: Prevent use after free in wm831x_auxadc_read_irq() (git-fixes). - misc: eeprom_93xx46: Add module alias to avoid breaking support for non device tree users (git-fixes). - misc: eeprom_93xx46: Fix module alias to enable module autoprobe (git-fixes). - mlxsw: core: Add validation of transceiver temperature thresholds (git-fixes). - mlxsw: core: Fix memory leak on module removal (git-fixes). - mlxsw: core: Fix use-after-free in mlxsw_emad_trans_finish() (git-fixes). - mlxsw: core: Free EMAD transactions using kfree_rcu() (git-fixes). - mlxsw: core: Increase critical threshold for ASIC thermal zone (git-fixes). - mlxsw: core: Increase scope of RCU read-side critical section (git-fixes). - mlxsw: core: Use variable timeout for EMAD retries (git-fixes). - mlxsw: spectrum_acl: Fix mlxsw_sp_acl_tcam_group_add()'s error path (git-fixes). - mlxsw: spectrum: Fix use-after-free of split/unsplit/type_set in case reload fails (git-fixes). - mmc: core: Limit retries when analyse of SDIO tuples fails (git-fixes). - mmc: renesas_sdhi_internal_dmac: Fix DMA buffer alignment from 8 to 128-bytes (git-fixes). - mmc: sdhci-sprd: Fix some resource leaks in the remove function (git-fixes). - mmc: usdhi6rol0: Fix a resource leak in the error handling path of the probe (git-fixes). - mm/pmem: avoid inserting hugepage PTE entry with fsdax if hugepage support is disabled (bsc#1181896 ltc#191273). - mm: proc: Invalidate TLB after clearing soft-dirty page state (bsc#1163776 ltc#183929 git-fixes). - mm: thp: kABI: move the added flag to the end of enum (bsc#1181896 ltc#191273). - mt76: dma: fix a possible memory leak in mt76_add_fragment() (git-fixes). - net: ag71xx: add missed clk_disable_unprepare in error path of probe (git-fixes). - net: axienet: Fix error return code in axienet_probe() (git-fixes). - net: bcmgenet: Fix WoL with password after deep sleep (git-fixes). - net: bcmgenet: keep MAC in reset until PHY is up (git-fixes). - net: bcmgenet: re-remove bcmgenet_hfb_add_filter (git-fixes). - net: bcmgenet: set Rx mode before starting netif (git-fixes). - net: bcmgenet: use hardware padding of runt frames (git-fixes). - net: broadcom CNIC: requires MMU (git-fixes). - net: caif: Fix debugfs on 64-bit platforms (git-fixes). - net/cxgb4: Check the return from t4_query_params properly (git-fixes). - net: cxgb4: fix return error value in t4_prep_fw (git-fixes). - net: dsa: bcm_sf2: Fix overflow checks (git-fixes). - net: dsa: lantiq_gswip: fix and improve the unsupported interface error (git-fixes). - net: dsa: mt7530: Change the LINK bit to reflect the link status (git-fixes). - net: dsa: mt7530: set CPU port to fallback mode (git-fixes). - net: ena: set initial DMA width to avoid intel iommu issue (git-fixes). - net: ethernet: ave: Fix error returns in ave_init (git-fixes). - net: ethernet: mlx4: Avoid assigning a value to ring_cons but not used it anymore in mlx4_en_xmit() (git-fixes). - net: ethernet: ti: ale: fix allmulti for nu type ale (git-fixes). - net: ethernet: ti: ale: fix seeing unreg mcast packets with promisc and allmulti disabled (git-fixes). - net: ethernet: ti: ale: modify vlan/mdb api for switchdev (git-fixes). - net: ethernet: ti: cpsw: allow untagged traffic on host port (git-fixes). - net: ethernet: ti: fix some return value check of cpsw_ale_create() (git-fixes). - net: gemini: Fix missing clk_disable_unprepare() in error path of gemini_ethernet_port_probe() (git-fixes). - net: gro: do not keep too many GRO packets in napi->rx_list (bsc#1154353). - net: hns3: add a check for queue_id in hclge_reset_vf_queue() (git-fixes). - net: hns3: add a missing uninit debugfs when unload driver (git-fixes). - net: hns3: add reset check for VF updating port based VLAN (git-fixes). - net: hns3: clear port base VLAN when unload PF (git-fixes). - net: hns3: fix aRFS FD rules leftover after add a user FD rule (git-fixes). - net: hns3: fix a TX timeout issue (git-fixes). - net: hns3: fix desc filling bug when skb is expanded or lineared (git-fixes). - net: hns3: fix for mishandle of asserting VF reset fail (git-fixes). - net: hns3: fix for VLAN config when reset failed (git-fixes). - net: hns3: fix RSS config lost after VF reset (git-fixes). - net: hns3: fix set and get link ksettings issue (git-fixes). - net: hns3: fix 'tc qdisc del' failed issue (git-fixes). - net: hns3: fix the number of queues actually used by ARQ (git-fixes). - net: hns3: fix use-after-free when doing self test (git-fixes). - net: hns3: fix VF VLAN table entries inconsistent issue (git-fixes). - net: hns: fix return value check in __lb_other_process() (git-fixes). - net: lpc-enet: fix error return code in lpc_mii_init() (git-fixes). - net: macb: fix call to pm_runtime in the suspend/resume functions (git-fixes). - net: macb: fix wakeup test in runtime suspend/resume routines (git-fixes). - net: macb: mark device wake capable when 'magic-packet' property present (git-fixes). - net/mlx4_core: fix a memory leak bug (git-fixes). - net/mlx4_core: Fix init_hca fields offset (git-fixes). - net/mlx4_en: Avoid scheduling restart task if it is already running (bsc#1181854). - net/mlx4_en: Handle TX error CQE (bsc#1181854). - net/mlx5: Add handling of port type in rule deletion (git-fixes). - net/mlx5: Annotate mutex destroy for root ns (git-fixes). - net/mlx5: Clear LAG notifier pointer after unregister (git-fixes). - net/mlx5: Disable QoS when min_rates on all VFs are zero (git-fixes). - net/mlx5: Do not call timecounter cyc2time directly from 1PPS flow (git-fixes). - net/mlx5: Do not maintain a case of del_sw_func being null (git-fixes). - net/mlx5e: Correctly handle changing the number of queues when the interface is down (git-fixes). - net/mlx5e: Do not trigger IRQ multiple times on XSK wakeup to avoid WQ overruns (git-fixes). - net/mlx5e: en_accel, Add missing net/geneve.h include (git-fixes). - net/mlx5e: Encapsulate updating netdev queues into a function (git-fixes). - net/mlx5e: E-switch, Fix rate calculation for overflow (jsc#SLE-8464). - net/mlx5e: fix bpf_prog reference count leaks in mlx5e_alloc_rq (git-fixes). - net/mlx5e: Fix configuration of XPS cpumasks and netdev queues in corner cases (git-fixes). - net/mlx5e: Fix endianness handling in pedit mask (git-fixes). - net/mlx5e: Fix error path of device attach (git-fixes). - net/mlx5e: Fix memleak in mlx5e_create_l2_table_groups (git-fixes). - net/mlx5e: Fix two double free cases (git-fixes). - net/mlx5e: Fix VLAN cleanup flow (git-fixes). - net/mlx5e: Fix VLAN create flow (git-fixes). - net/mlx5e: Get the latest values from counters in switchdev mode (git-fixes). - net/mlx5e: IPoIB, Drop multicast packets that this interface sent (git-fixes). - net/mlx5e: kTLS, Fix wrong value in record tracker enum (git-fixes). - net/mlx5e: Reduce tc unsupported key print level (git-fixes). - net/mlx5e: Rename hw_modify to preactivate (git-fixes). - net/mlx5e: Set of completion request bit should not clear other adjacent bits (git-fixes). - net/mlx5: E-switch, Destroy TSAR after reload interface (git-fixes). - net/mlx5: E-Switch, Hold mutex when querying drop counter in legacy mode (git-fixes). - net/mlx5: E-Switch, Use vport metadata matching by default (git-fixes). - net/mlx5: E-Switch, Use vport metadata matching only when mandatory (git-fixes). - net/mlx5e: Use preactivate hook to set the indirection table (git-fixes). - net/mlx5e: vxlan: Use RCU for vxlan table lookup (git-fixes). - net/mlx5: Fix a bug of using ptp channel index as pin index (git-fixes). - net/mlx5: Fix deletion of duplicate rules (git-fixes). - net/mlx5: Fix failing fw tracer allocation on s390 (git-fixes). - net/mlx5: Fix memory leak on flow table creation error flow (git-fixes). - net/mlx5: Fix request_irqs error flow (git-fixes). - net/mlx5: Fix wrong address reclaim when command interface is down (git-fixes). - net/mlx5: Query PPS pin operational status before registering it (git-fixes). - net/mlx5: Verify Hardware supports requested ptp function on a given pin (git-fixes). - net: moxa: Fix a potential double 'free_irq()' (git-fixes). - net: mscc: ocelot: ANA_AUTOAGE_AGE_PERIOD holds a value in seconds, not ms (git-fixes). - net: mscc: ocelot: fix address ageing time (again) (git-fixes). - net: mscc: ocelot: properly account for VLAN header length when setting MRU (git-fixes). - net: mvpp2: Add TCAM entry to drop flow control pause frames (git-fixes). - net: mvpp2: disable force link UP during port init procedure (git-fixes). - net: mvpp2: Fix error return code in mvpp2_open() (git-fixes). - net: mvpp2: Fix GoP port 3 Networking Complex Control configurations (git-fixes). - net: mvpp2: fix memory leak in mvpp2_rx (git-fixes). - net: mvpp2: fix pkt coalescing int-threshold configuration (git-fixes). - net: mvpp2: prs: fix PPPoE with ipv6 packet parse (git-fixes). - net: mvpp2: Remove Pause and Asym_Pause support (git-fixes). - net: mvpp2: TCAM entry enable should be written after SRAM data (git-fixes). - net: netsec: Correct dma sync for XDP_TX frames (git-fixes). - net: nixge: fix potential memory leak in nixge_probe() (git-fixes). - net: octeon: mgmt: Repair filling of RX ring (git-fixes). - net: phy: at803x: use operating parameters from PHY-specific status (git-fixes). - net: phy: extract link partner advertisement reading (git-fixes). - net: phy: extract pause mode (git-fixes). - net: phy: marvell10g: fix null pointer dereference (git-fixes). - net: phy: marvell10g: fix temperature sensor on 2110 (git-fixes). - net: phy: read MII_CTRL1000 in genphy_read_status only if needed (git-fixes). - net: qca_spi: fix receive buffer size check (git-fixes). - net: qca_spi: Move reset_count to struct qcaspi (git-fixes). - net: qede: fix PTP initialization on recovery (git-fixes). - net: qede: fix use-after-free on recovery and AER handling (git-fixes). - net: qede: stop adding events on an already destroyed workqueue (git-fixes). - net: qed: fix async event callbacks unregistering (git-fixes). - net: qed: fix excessive QM ILT lines consumption (git-fixes). - net: qed: fix 'maybe uninitialized' warning (git-fixes). - net: qed: fix NVMe login fails over VFs (git-fixes). - net: qed: RDMA personality shouldn't fail VF load (git-fixes). - net: re-solve some conflicts after net -> net-next merge (bsc#1176855 ltc#187293). - net: rmnet: do not allow to add multiple bridge interfaces (git-fixes). - net: rmnet: do not allow to change mux id if mux id is duplicated (git-fixes). - net: rmnet: fix bridge mode bugs (git-fixes). - net: rmnet: fix lower interface leak (git-fixes). - net: rmnet: fix NULL pointer dereference in rmnet_changelink() (git-fixes). - net: rmnet: fix NULL pointer dereference in rmnet_newlink() (git-fixes). - net: rmnet: fix packet forwarding in rmnet bridge mode (git-fixes). - net: rmnet: fix suspicious RCU usage (git-fixes). - net: rmnet: print error message when command fails (git-fixes). - net: rmnet: remove rcu_read_lock in rmnet_force_unassociate_device() (git-fixes). - net: rmnet: use upper/lower device infrastructure (git-fixes). - net, sctp, filter: remap copy_from_user failure error (bsc#1181637). - net: smc91x: Fix possible memory leak in smc_drv_probe() (git-fixes). - net/sonic: Add mutual exclusion for accessing shared state (git-fixes). - net: stmmac: 16KB buffer must be 16 byte aligned (git-fixes). - net: stmmac: Always arm TX Timer at end of transmission start (git-fixes). - net: stmmac: Do not accept invalid MTU values (git-fixes). - net: stmmac: dwmac-sunxi: Provide TX and RX fifo sizes (git-fixes). - net: stmmac: Enable 16KB buffer size (git-fixes). - net: stmmac: fix disabling flexible PPS output (git-fixes). - net: stmmac: fix length of PTP clock's name string (git-fixes). - net: stmmac: Fix the TX IOC in xmit path (git-fixes). - net: stmmac: RX buffer size must be 16 byte aligned (git-fixes). - net: stmmac: selftests: Flow Control test can also run with ASYM Pause (git-fixes). - net: stmmac: selftests: Needs to check the number of Multicast regs (git-fixes). - net: stmmac: xgmac: Clear previous RX buffer size (git-fixes). - net: sun: fix missing release regions in cas_init_one() (git-fixes). - net: team: fix memory leak in __team_options_register (git-fixes). - net: thunderx: initialize VF's mailbox mutex before first usage (git-fixes). - net: usb: qmi_wwan: added support for Thales Cinterion PLSx3 modem family (git-fixes). - net: usb: qmi_wwan: Adding support for Cinterion MV31 (git-fixes). - nvme-hwmon: rework to avoid devm allocation (bsc#1177326). - nvme-multipath: Early exit if no path is available (bsc#1180964). - nvme: re-read ANA log on NS CHANGED AEN (bsc#1179137). - nvmet-tcp: Fix NULL dereference when a connect data comes in h2cdata pdu (bsc#1182547). - objtool: Do not fail on missing symbol table (bsc#1169514). - perf/x86/intel/uncore: Factor out uncore_pci_find_dev_pmu() (bsc#1180989). - perf/x86/intel/uncore: Factor out uncore_pci_get_dev_die_info() (bsc#1180989). - perf/x86/intel/uncore: Factor out uncore_pci_pmu_register() (bsc#1180989). - perf/x86/intel/uncore: Factor out uncore_pci_pmu_unregister() (bsc#1180989). - perf/x86/intel/uncore: Generic support for the PCI sub driver (bsc#1180989). - perf/x86/intel/uncore: Store the logical die id instead of the physical die id (bsc#1180989). - perf/x86/intel/uncore: With > 8 nodes, get pci bus die id from NUMA info (bsc#1180989). - phy: cpcap-usb: Fix warning for missing regulator_disable (git-fixes). - phy: rockchip-emmc: emmc_phy_init() always return 0 (git-fixes). - platform/x86: hp-wmi: Disable tablet-mode reporting by default (git-fixes). - platform/x86: intel-vbtn: Support for tablet mode on Dell Inspiron 7352 (git-fixes). - platform/x86: touchscreen_dmi: Add swap-x-y quirk for Goodix touchscreen on Estar Beauty HD tablet (git-fixes). - powerpc/book3s64/hash: Add cond_resched to avoid soft lockup warning (bsc#1182571 ltc#191345). - powerpc/boot: Delete unneeded .globl _zimage_start (bsc#1156395). - powerpc: Fix alignment bug within the init sections (bsc#1065729). - powerpc/fpu: Drop cvt_fd() and cvt_df() (bsc#1156395). - powerpc/hvcall: add token and codes for H_VASI_SIGNAL (bsc#1181674 ltc#189159). - powerpc: kABI: add back suspend_disable_cpu in machdep_calls (bsc#1181674 ltc#189159). - powerpc/machdep: remove suspend_disable_cpu() (bsc#1181674 ltc#189159). - powerpc/mm/pkeys: Make pkey access check work on execute_only_key (bsc#1181544 ltc#191080 git-fixes). - powerpc/numa: Fix build when CONFIG_NUMA=n (bsc#1132477 ltc#175530). - powerpc/numa: make vphn_enabled, prrn_enabled flags const (bsc#1181674 ltc#189159). - powerpc/numa: remove ability to enable topology updates (bsc#1181674 ltc#189159). - powerpc/numa: remove arch_update_cpu_topology (bsc#1181674 ltc#189159). - powerpc/numa: Remove late request for home node associativity (bsc#1181674 ltc#189159). - powerpc/numa: remove prrn_is_enabled() (bsc#1181674 ltc#189159). - powerpc/numa: remove start/stop_topology_update() (bsc#1181674 ltc#189159). - powerpc/numa: remove timed_topology_update() (bsc#1181674 ltc#189159). - powerpc/numa: remove unreachable topology timer code (bsc#1181674 ltc#189159). - powerpc/numa: remove unreachable topology update code (bsc#1181674 ltc#189159). - powerpc/numa: remove unreachable topology workqueue code (bsc#1181674 ltc#189159). - powerpc/numa: remove vphn_enabled and prrn_enabled internal flags (bsc#1181674 ltc#189159). - powerpc/numa: stub out numa_update_cpu_topology() (bsc#1181674 ltc#189159). - powerpc/perf: Exclude kernel samples while counting events in user space (bsc#1065729). - powerpc/perf/hv-24x7: Dont create sysfs event files for dummy events (bsc#1182118 ltc#190624). - powerpc/pkeys: Avoid using lockless page table walk (bsc#1181544 ltc#191080). - powerpc/pkeys: Check vma before returning key fault error to the user (bsc#1181544 ltc#191080). - powerpc/powernv/memtrace: Do not leak kernel memory to user space (bsc#1156395). - powerpc/powernv/memtrace: Fix crashing the kernel when enabling concurrently (bsc#1156395). - powerpc/powernv/npu: Do not attempt NPU2 setup on POWER8NVL NPU (bsc#1156395). - powerpc/prom: Fix 'ibm,arch-vec-5-platform-support' scan (bsc#1182602 ltc#190924). - powerpc/pseries/dlpar: handle ibm, configure-connector delay status (bsc#1181985 ltc#188074). - powerpc/pseries: Do not enforce MSI affinity with kdump (bsc#1181655 ltc#190855). - powerpc/pseries/eeh: Make pseries_pcibios_bus_add_device() static (bsc#1078720, git-fixes). - powerpc/pseries: extract host bridge from pci_bus prior to bus removal (bsc#1182171 ltc#190900). - powerpc/pseries/hibernation: drop pseries_suspend_begin() from suspend ops (bsc#1181674 ltc#189159). - powerpc/pseries/hibernation: pass stream id via function arguments (bsc#1181674 ltc#189159). - powerpc/pseries/hibernation: perform post-suspend fixups later (bsc#1181674 ltc#189159). - powerpc/pseries/hibernation: remove prepare_late() callback (bsc#1181674 ltc#189159). - powerpc/pseries/hibernation: remove pseries_suspend_cpu() (bsc#1181674 ltc#189159). - powerpc/pseries/hibernation: switch to rtas_ibm_suspend_me() (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: add missing break to default case (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: Add pr_debug() for device tree changes (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: do not error on absence of ibm, update-nodes (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: error message improvements (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: extract VASI session polling logic (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: refactor node lookup during DT update (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: retry partition suspend after error (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: Set pr_fmt() (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: signal suspend cancellation to platform (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: use rtas_activate_firmware() on resume (bsc#1181674 ltc#189159). - powerpc/pseries/mobility: use stop_machine for join/suspend (bsc#1181674 ltc#189159). - powerpc/pseries/ras: Make init_ras_hotplug_IRQ() static (bsc#1065729. git-fixes). - powerpc/pseries: remove dlpar_cpu_readd() (bsc#1181674 ltc#189159). - powerpc/pseries: remove memory 're-add' implementation (bsc#1181674 ltc#189159). - powerpc/pseries: remove obsolete memory hotplug DT notifier code (bsc#1181674 ltc#189159). - powerpc/pseries: remove prrn special case from DT update path (bsc#1181674 ltc#189159). - powerpc/rtas: add rtas_activate_firmware() (bsc#1181674 ltc#189159). - powerpc/rtas: add rtas_ibm_suspend_me() (bsc#1181674 ltc#189159). - powerpc/rtas: complete ibm,suspend-me status codes (bsc#1181674 ltc#189159). - powerpc/rtas: dispatch partition migration requests to pseries (bsc#1181674 ltc#189159). - powerpc/rtasd: simplify handle_rtas_event(), emit message on events (bsc#1181674 ltc#189159). - powerpc/rtas: prevent suspend-related sys_rtas use on LE (bsc#1181674 ltc#189159). - powerpc/rtas: remove rtas_ibm_suspend_me_unsafe() (bsc#1181674 ltc#189159). - powerpc/rtas: remove rtas_suspend_cpu() (bsc#1181674 ltc#189159). - powerpc/rtas: remove unused rtas_suspend_last_cpu() (bsc#1181674 ltc#189159). - powerpc/rtas: remove unused rtas_suspend_me_data (bsc#1181674 ltc#189159). - powerpc/rtas: rtas_ibm_suspend_me -> rtas_ibm_suspend_me_unsafe (bsc#1181674 ltc#189159). - power: reset: at91-sama5d2_shdwc: fix wkupdbc mask (git-fixes). - pseries/drmem: do not cache node id in drmem_lmb struct (bsc#1132477 ltc#175530). - pseries/hotplug-memory: hot-add: skip redundant LMB lookup (bsc#1132477 ltc#175530). - qed: fix error return code in qed_iwarp_ll2_start() (git-fixes). - qed: Fix race condition between scheduling and destroying the slowpath workqueue (git-fixes). - qed: Populate nvm-file attributes while reading nvm config partition (git-fixes). - qed: select CONFIG_CRC32 (git-fixes). - qlcnic: fix missing release in qlcnic_83xx_interrupt_test (git-fixes). - quota: Fix memory leak when handling corrupted quota file (bsc#1182650). - quota: Sanity-check quota file headers on load (bsc#1182461). - r8169: fix resuming from suspend on RTL8105e if machine runs on battery (git-fixes). - r8169: fix WoL on shutdown if CONFIG_DEBUG_SHIRQ is set (git-fixes). - rcu/nocb: Perform deferred wake up before last idle's (git-fixes) - rcu/nocb: Trigger self-IPI on late deferred wake up before (git-fixes) - rcu: Pull deferred rcuog wake up to rcu_eqs_enter() callers (git-fixes) - RDMA/efa: Add EFA 0xefa1 PCI ID (bsc#1176248). - RDMA/efa: Count admin commands errors (bsc#1176248). - RDMA/efa: Count mmap failures (bsc#1176248). - RDMA/efa: Do not delay freeing of DMA pages (bsc#1176248). - RDMA/efa: Drop double zeroing for sg_init_table() (bsc#1176248). - RDMA/efa: Expose maximum TX doorbell batch (bsc#1176248). - RDMA/efa: Expose minimum SQ size (bsc#1176248). - RDMA/efa: Fix setting of wrong bit in get/set_feature commands (bsc#1176248). - RDMA/efa: Properly document the interrupt mask register (bsc#1176248). - RDMA/efa: Remove redundant udata check from alloc ucontext response (bsc#1176248). - RDMA/efa: Report create CQ error counter (bsc#1176248). - RDMA/efa: Report host information to the device (bsc#1176248). - RDMA/efa: Unified getters/setters for device structs bitmask access (bsc#1176248). - RDMA/efa: Use in-kernel offsetofend() to check field availability (bsc#1176248). - RDMA/efa: User/kernel compatibility handshake mechanism (bsc#1176248). - RDMA/efa: Use the correct current and new states in modify QP (git-fixes). - regulator: axp20x: Fix reference cout leak (git-fixes). - regulator: core: Avoid debugfs: Directory ... already present! error (git-fixes). - regulator: core: avoid regulator_resolve_supply() race condition (git-fixes). - regulator: Fix lockdep warning resolving supplies (git-fixes). - regulator: s5m8767: Drop regulators OF node reference (git-fixes). - regulator: s5m8767: Fix reference count leak (git-fixes). - reiserfs: add check for an invalid ih_entry_count (bsc#1182462). - reset: hisilicon: correct vendor prefix (git-fixes). - Revert 'ibmvnic: remove never executed if statement' (jsc#SLE-17043 bsc#1179243 ltc#189290). - Revert 'net: bcmgenet: remove unused function in bcmgenet.c' (git-fixes). - Revert 'platform/x86: ideapad-laptop: Switch touchpad attribute to be RO' (git-fixes). - Revert 'RDMA/mlx5: Fix devlink deadlock on net namespace deletion' (jsc#SLE-8464). - rpm/kernel-subpackage-build: Workaround broken bot (https://github.com/openSUSE/openSUSE-release-tools/issues/2439) - rpm/post.sh: Avoid purge-kernel for the first installed kernel (bsc#1180058) - rtc: s5m: select REGMAP_I2C (git-fixes). - rxrpc: Fix memory leak in rxrpc_lookup_local (bsc#1154353 bnc#1151927 5.3.9). - s390/vfio-ap: clean up vfio_ap resources when KVM pointer invalidated (git-fixes). - s390/vfio-ap: No need to disable IRQ after queue reset (git-fixes). - sched: Reenable interrupts in do_sched_yield() (git-fixes) - scsi: lpfc: Fix EEH encountering oops with NVMe traffic (bsc#1181958). - sh_eth: check sh_eth_cpu_data::cexcr when dumping registers (git-fixes). - sh_eth: check sh_eth_cpu_data::no_tx_cntrs when dumping registers (git-fixes). - sh_eth: check sh_eth_cpu_data::no_xdfar when dumping registers (git-fixes). - smp: Add source and destination CPUs to __call_single_data (bsc#1180846). - smsc95xx: avoid memory leak in smsc95xx_bind (git-fixes). - smsc95xx: check return value of smsc95xx_reset (git-fixes). - soc: aspeed: snoop: Add clock control logic (git-fixes). - spi: atmel: Put allocated master before return (git-fixes). - spi: pxa2xx: Fix the controller numbering for Wildcat Point (git-fixes). - spi: spi-synquacer: fix set_cs handling (git-fixes). - spi: stm32: properly handle 0 byte transfer (git-fixes). - squashfs: add more sanity checks in id lookup (git-fixes bsc#1182266). - squashfs: add more sanity checks in inode lookup (git-fixes bsc#1182267). - squashfs: add more sanity checks in xattr id lookup (git-fixes bsc#1182268). - staging: rtl8723bs: wifi_regd.c: Fix incorrect number of regulatory rules (git-fixes). - target: disallow emulate_legacy_capacity with RBD object-map (bsc#1177109). - team: set dev->needed_headroom in team_setup_by_port() (git-fixes). - tpm: Remove tpm_dev_wq_lock (git-fixes). - tpm_tis: Clean up locality release (git-fixes). - tpm_tis: Fix check_locality for correct locality acquisition (git-fixes). - tracing: Check length before giving out the filter buffer (git-fixes). - tracing: Do not count ftrace events in top level enable output (git-fixes). - tracing/kprobe: Fix to support kretprobe events on unloaded modules (git-fixes). - tracing/kprobes: Do the notrace functions check without kprobes on ftrace (git-fixes). - tun: fix return value when the number of iovs exceeds MAX_SKB_FRAGS (git-fixes). - ubifs: Fix error return code in ubifs_init_authentication() (bsc#1182459). - ubifs: Fix ubifs_tnc_lookup() usage in do_kill_orphans() (bsc#1182454). - ubifs: prevent creating duplicate encrypted filenames (bsc#1182457). - ubifs: ubifs_add_orphan: Fix a memory leak bug (bsc#1182456). - ubifs: ubifs_jnl_write_inode: Fix a memory leak bug (bsc#1182455). - ubifs: wbuf: Do not leak kernel memory to flash (bsc#1182458). - Update config files: activate CONFIG_CSD_LOCK_WAIT_DEBUG for x86 (bsc#1180846). - Update config files: Set ledtrig-default-on as builtin (bsc#1182128) - USB: dwc2: Abort transaction after errors with unknown reason (git-fixes). - USB: dwc2: Fix endpoint direction check in ep_from_windex (git-fixes). - USB: dwc2: Make 'trimming xfer length' a debug message (git-fixes). - USB: dwc3: fix clock issue during resume in OTG mode (git-fixes). - USB: gadget: legacy: fix an error code in eth_bind() (git-fixes). - USB: gadget: u_audio: Free requests only after callback (git-fixes). - USB: mUSB: Fix runtime PM race in musb_queue_resume_work (git-fixes). - USB: quirks: add quirk to start video capture on ELMO L-12F document camera reliable (git-fixes). - USB: quirks: sort quirk entries (git-fixes). - USB: renesas_usbhs: Clear pipe running flag in USBhs_pkt_pop() (git-fixes). - USB: serial: cp210x: add new VID/PID for supporting Teraoka AD2000 (git-fixes). - USB: serial: cp210x: add pid/vid for WSDA-200-USB (git-fixes). - USB: serial: mos7720: fix error code in mos7720_write() (git-fixes). - USB: serial: mos7720: improve OOM-handling in read_mos_reg() (git-fixes). - USB: serial: mos7840: fix error code in mos7840_write() (git-fixes). - USB: serial: option: Adding support for Cinterion MV31 (git-fixes). - USB: usblp: do not call usb_set_interface if there's a single alt (git-fixes). - veth: Adjust hard_start offset on redirect XDP frames (git-fixes). - vfs: Convert squashfs to use the new mount API (git-fixes bsc#1182265). - virtio_net: Fix error code in probe() (git-fixes). - virtio_net: Fix recursive call to cpus_read_lock() (git-fixes). - virtio_net: Keep vnet header zeroed if XDP is loaded for small buffer (git-fixes). - virt: vbox: Do not use wait_event_interruptible when called from kernel context (git-fixes). - vmxnet3: Remove buf_info from device accessible structures (bsc#1181671). - vxlan: fix memleak of fdb (git-fixes). - wext: fix NULL-ptr-dereference with cfg80211's lack of commit() (git-fixes). - writeback: Drop I_DIRTY_TIME_EXPIRE (bsc#1182460). - x86/alternatives: Sync bp_patching update for avoiding NULL pointer exception (bsc#1152489). - x86/apic: Add extra serialization for non-serializing MSRs (bsc#1152489). - x86/apic: Support 15 bits of APIC ID in IOAPIC/MSI where available (bsc#1181259, jsc#ECO-3191). - x86/ioapic: Handle Extended Destination ID field in RTE (bsc#1181259, jsc#ECO-3191). - x86/kvm: Add KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181259, jsc#ECO-3191). - x86/kvm: Reserve KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181259 jsc#ECO-3191). - x86/msi: Only use high bits of MSI address for DMAR unit (bsc#1181259, jsc#ECO-3191). - xen/netback: avoid race in xenvif_rx_ring_slots_available() (bsc#1065600). - xen/netback: fix spurious event detection for common event case (bsc#1182175). - xfs: ensure inobt record walks always make forward progress (git-fixes bsc#1182272). - xfs: fix an ABBA deadlock in xfs_rename (git-fixes bsc#1182558). - xfs: fix parent pointer scrubber bailing out on unallocated inodes (git-fixes bsc#1182276). - xfs: fix the forward progress assertion in xfs_iwalk_run_callbacks (git-fixes bsc#1182430). - xfs: fix the minrecs logic when dealing with inode root child blocks (git-fixes bsc#1182273). - xfs: ratelimit xfs_discard_page messages (bsc#1182283). - xfs: reduce quota reservation when doing a dax unwritten extent conversion (git-fixes bsc#1182561). - xfs: return corresponding errcode if xfs_initialize_perag() fail (git-fixes bsc#1182275). - xfs: scrub should mark a directory corrupt if any entries cannot be iget'd (git-fixes bsc#1182278). - xfs: strengthen rmap record flags checking (git-fixes bsc#1182271). - xhci: fix bounce buffer usage for non-sg list case (git-fixes). The kernel-default-base packaging was changed: - Added squashfs for kiwi installiso support (bsc#1182341) - Added fuse (bsc#1182507) - Added modules which got lost when migrating away from supported.conf (bsc#1182110): * am53c974 had a typo * cls_bpf, iscsi_ibft, libahci, libata, openvswitch, sch_ingress - Also added vport-* modules for Open vSwitch Important SUSE bug 1065600 SUSE bug 1065729 SUSE bug 1078720 SUSE bug 1081134 SUSE bug 1084610 SUSE bug 1132477 SUSE bug 1151927 SUSE bug 1152472 SUSE bug 1152489 SUSE bug 1154353 SUSE bug 1155518 SUSE bug 1156395 SUSE bug 1163776 SUSE bug 1169514 SUSE bug 1170442 SUSE bug 1176248 SUSE bug 1176855 SUSE bug 1177109 SUSE bug 1177326 SUSE bug 1177440 SUSE bug 1177529 SUSE bug 1178142 SUSE bug 1178995 SUSE bug 1179082 SUSE bug 1179137 SUSE bug 1179243 SUSE bug 1179428 SUSE bug 1179660 SUSE bug 1179929 SUSE bug 1180058 SUSE bug 1180846 SUSE bug 1180964 SUSE bug 1180989 SUSE bug 1181133 SUSE bug 1181259 SUSE bug 1181544 SUSE bug 1181574 SUSE bug 1181637 SUSE bug 1181655 SUSE bug 1181671 SUSE bug 1181674 SUSE bug 1181710 SUSE bug 1181720 SUSE bug 1181735 SUSE bug 1181736 SUSE bug 1181738 SUSE bug 1181747 SUSE bug 1181753 SUSE bug 1181818 SUSE bug 1181843 SUSE bug 1181854 SUSE bug 1181896 SUSE bug 1181958 SUSE bug 1181960 SUSE bug 1181985 SUSE bug 1182047 SUSE bug 1182110 SUSE bug 1182118 SUSE bug 1182128 SUSE bug 1182140 SUSE bug 1182171 SUSE bug 1182175 SUSE bug 1182259 SUSE bug 1182265 SUSE bug 1182266 SUSE bug 1182267 SUSE bug 1182268 SUSE bug 1182271 SUSE bug 1182272 SUSE bug 1182273 SUSE bug 1182275 SUSE bug 1182276 SUSE bug 1182278 SUSE bug 1182283 SUSE bug 1182341 SUSE bug 1182374 SUSE bug 1182380 SUSE bug 1182381 SUSE bug 1182406 SUSE bug 1182430 SUSE bug 1182439 SUSE bug 1182441 SUSE bug 1182442 SUSE bug 1182443 SUSE bug 1182444 SUSE bug 1182445 SUSE bug 1182446 SUSE bug 1182447 SUSE bug 1182449 SUSE bug 1182454 SUSE bug 1182455 SUSE bug 1182456 SUSE bug 1182457 SUSE bug 1182458 SUSE bug 1182459 SUSE bug 1182460 SUSE bug 1182461 SUSE bug 1182462 SUSE bug 1182463 SUSE bug 1182464 SUSE bug 1182465 SUSE bug 1182466 SUSE bug 1182485 SUSE bug 1182489 SUSE bug 1182490 SUSE bug 1182507 SUSE bug 1182547 SUSE bug 1182558 SUSE bug 1182560 SUSE bug 1182561 SUSE bug 1182571 SUSE bug 1182599 SUSE bug 1182602 SUSE bug 1182626 SUSE bug 1182650 SUSE bug 1182672 SUSE bug 1182676 SUSE bug 1182683 SUSE bug 1182684 SUSE bug 1182686 SUSE bug 1182770 SUSE bug 1182798 SUSE bug 1182800 SUSE bug 1182801 SUSE bug 1182854 SUSE bug 1182856 CVE-2020-12362 at SUSE CVE-2020-12362 at NVD CVE-2020-12363 at SUSE CVE-2020-12363 at NVD CVE-2020-12364 at SUSE CVE-2020-12364 at NVD CVE-2020-12373 at SUSE CVE-2020-12373 at NVD CVE-2020-29368 at SUSE CVE-2020-29368 at NVD CVE-2020-29374 at SUSE CVE-2020-29374 at NVD CVE-2021-26930 at SUSE CVE-2021-26930 at NVD CVE-2021-26931 at SUSE CVE-2021-26931 at NVD CVE-2021-26932 at SUSE CVE-2021-26932 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) - Fixed unresolved error codes in FIPS (bsc#1182959). Moderate SUSE bug 1182331 SUSE bug 1182333 SUSE bug 1182959 CVE-2021-23840 at SUSE CVE-2021-23840 at NVD CVE-2021-23841 at SUSE CVE-2021-23841 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) Important SUSE bug 1182328 SUSE bug 1182362 CVE-2021-27218 at SUSE CVE-2021-27218 at NVD CVE-2021-27219 at SUSE CVE-2021-27219 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for nghttp2 fixes the following issues: - CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358) Important SUSE bug 1172442 SUSE bug 1181358 CVE-2020-11080 at SUSE CVE-2020-11080 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for ruby2.5 fixes the following issues: - CVE-2020-25613: Fixed a potential HTTP Request Smuggling in WEBrick (bsc#1177125). - Enable optimizations also on ARM64 (bsc#1177222) Important SUSE bug 1177125 SUSE bug 1177222 CVE-2020-25613 at SUSE CVE-2020-25613 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for gnutls fixes the following issues: - CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456). - CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457). Important SUSE bug 1183456 SUSE bug 1183457 CVE-2021-20231 at SUSE CVE-2021-20231 at NVD CVE-2021-20232 at SUSE CVE-2021-20232 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for python3 fixes the following issues: - python36 was updated to 3.6.13 - CVE-2021-23336: Fixed a potential web cache poisoning by using a semicolon in query parameters use of semicolon as a query string separator (bsc#1182379). Moderate SUSE bug 1182379 CVE-2021-23336 at SUSE CVE-2021-23336 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for zstd fixes the following issues: - CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371). - CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370). Moderate SUSE bug 1183370 SUSE bug 1183371 CVE-2021-24031 at SUSE CVE-2021-24031 at NVD CVE-2021-24032 at SUSE CVE-2021-24032 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for openssl-1_1 fixes the security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852] Important SUSE bug 1183852 CVE-2021-3449 at SUSE CVE-2021-3449 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for tar fixes the following issues: CVE-2021-20193: Memory leak in read_header() in list.c (bsc#1181131) Low SUSE bug 1181131 CVE-2021-20193 at SUSE CVE-2021-20193 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for the Azure SDK and CLI adds support for the AHB (Azure Hybrid Benefit). (bsc#1176784, jsc#ECO=3105) Moderate SUSE bug 1125671 SUSE bug 1140565 SUSE bug 1154393 SUSE bug 1174514 SUSE bug 1175289 SUSE bug 1176784 SUSE bug 1176785 SUSE bug 1178168 CVE-2020-14343 at SUSE CVE-2020-14343 at NVD CVE-2020-25659 at SUSE CVE-2020-25659 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for protobuf fixes the following issues: - CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258). Moderate SUSE bug 1195258 CVE-2021-22570 at SUSE CVE-2021-22570 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for salt fixes the following issues: - CVE-2022-22935: Sign authentication replies to prevent MiTM (bsc#1197417) - CVE-2022-22934: Sign pillar data to prevent MiTM attacks. (bsc#1197417) - CVE-2022-22936: Prevent job and fileserver replays (bsc#1197417) - CVE-2022-22941: Fixed targeting bug, especially visible when using syndic and user auth. (bsc#1197417) Important SUSE bug 1197417 CVE-2022-22934 at SUSE CVE-2022-22934 at NVD CVE-2022-22935 at SUSE CVE-2022-22935 at NVD CVE-2022-22936 at SUSE CVE-2022-22936 at NVD CVE-2022-22941 at SUSE CVE-2022-22941 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). Important SUSE bug 1197459 CVE-2018-25032 at SUSE CVE-2018-25032 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for yaml-cpp fixes the following issues: - CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227). - CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230). - CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004). - CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021). Moderate SUSE bug 1121227 SUSE bug 1121230 SUSE bug 1122004 SUSE bug 1122021 CVE-2018-20573 at SUSE CVE-2018-20573 at NVD CVE-2018-20574 at SUSE CVE-2018-20574 at NVD CVE-2019-6285 at SUSE CVE-2019-6285 at NVD CVE-2019-6292 at SUSE CVE-2019-6292 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for virglrenderer fixes the following issues: - CVE-2022-0175: Fixed missing initialization of res->ptr (bsc#1194601). Important SUSE bug 1194601 CVE-2022-0175 at SUSE CVE-2022-0175 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for mozilla-nss fixes the following issues: Mozilla NSS 3.68.3 (bsc#1197903): - CVE-2022-1097: Fixed memory safety violations that could occur when PKCS#11 tokens are removed while in use. Important SUSE bug 1197903 CVE-2022-1097 at SUSE CVE-2022-1097 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for libsolv, libzypp, zypper fixes the following issues: Security relevant fix: - Harden package signature checks (bsc#1184501). libsolv update to 0.7.22: - reworked choice rule generation to cover more usecases - support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514) - support parsing of Debian's Multi-Arch indicator - fix segfault on conflict resolution when using bindings - fix split provides not working if the update includes a forbidden vendor change - support strict repository priorities new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY - support zstd compressed control files in debian packages - add an ifdef allowing to rename Solvable dependency members ('requires' is a keyword in C++20) - support setting/reading userdata in solv files new functions: repowriter_set_userdata, solv_read_userdata - support queying of the custom vendor check function new function: pool_get_custom_vendorcheck - support solv files with an idarray block - allow accessing the toolversion at runtime libzypp update to 17.30.0: - ZConfig: Update solver settings if target changes (bsc#1196368) - Fix possible hang in singletrans mode (bsc#1197134) - Do 2 retries if mount is still busy. - Fix package signature check (bsc#1184501) Pay attention that header and payload are secured by a valid signature and report more detailed which signature is missing. - Retry umount if device is busy (bsc#1196061, closes #381) A previously released ISO image may need a bit more time to release it's loop device. So we wait a bit and retry. - Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925) - Fix handling of ISO media in releaseAll (bsc#1196061) - Hint on common ptf resolver conflicts (bsc#1194848) - Hint on ptf<>patch resolver conflicts (bsc#1194848) zypper update to 1.14.52: - info: print the packages upstream URL if available (fixes #426) - info: Fix SEGV with not installed PTFs (bsc#1196317) - Don't prevent less restrictive umasks (bsc#1195999) Important SUSE bug 1184501 SUSE bug 1194848 SUSE bug 1195999 SUSE bug 1196061 SUSE bug 1196317 SUSE bug 1196368 SUSE bug 1196514 SUSE bug 1196925 SUSE bug 1197134 cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) Important SUSE bug 1198062 CVE-2022-1271 at SUSE CVE-2022-1271 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 The SUSE Linux Enterprise 15 SP2 kernel was updated. The following security bugs were fixed: - CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c which could lead to an use-after-free if there is a corrupted quota file. (bnc#1197366) - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462) - CVE-2022-0850: Fixed a kernel information leak vulnerability in iov_iter.c. (bsc#1196761) - CVE-2022-1055: Fixed a use-after-free in tc_new_tfilter that could allow a local attacker to gain privilege escalation. (bnc#1197702) - CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock. (bsc#1197331) - CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel. (bnc#1198031) - CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c vulnerability in the Linux kernel. (bnc#1198032) - CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel. (bnc#1198033) - CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197227) - CVE-2022-0854: Fixed a memory leak flaw was found in the Linux kernels DMA subsystem. This flaw allowed a local user to read random memory from the kernel space. (bnc#1196823) - CVE-2022-26966: Fixed an issue in drivers/net/usb/sr9700.c, which allowed attackers to obtain sensitive information from the memory via crafted frame lengths from a USB device. (bsc#1196836) - CVE-2021-39698: Fixed a possible memory corruption due to a use after free in aio_poll_complete_work. This could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1196956) - CVE-2021-0920: Fixed a race condition during UNIX socket garbage collection that could lead to local privilege escalation. (bsc#119373) - CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042: Fixed multiple issues which could have lead to read/write access to memory pages or denial of service. These issues are related to the Xen PV device frontend drivers. (bsc#1196488) - CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could crash the system or corrupt the system memory. (bsc#1196830) The following non-security bugs were fixed: - ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32 (bsc#1196018). - cifs: use the correct max-length for dentry_path_raw() (bsc1196196). - drm: add a locked version of drm_is_current_master (bsc#1197914). - drm: drm_file struct kABI compatibility workaround (bsc#1197914). - drm: protect drm_master pointers in drm_lease.c (bsc#1197914). - drm: serialize drm_file.master with a new spinlock (bsc#1197914). - drm: use the lookup lock in drm_is_current_master (bsc#1197914). - net: tipc: validate domain record count on input (bsc#1195254). - llc: fix netdevice reference leaks in llc_ui_bind() (git-fixes). - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (bsc#1196018). - net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468). - netfilter: conntrack: do not refresh sctp entries in closed state (bsc#1197389). - powerpc/mm/numa: skip NUMA_NO_NODE onlining in parse_numa_properties() (bsc#1179639 ltc#189002 git-fixes). - SUNRPC: avoid race between mod_timer() and del_timer_sync() (bnc#1195403). - usb: host: xen-hcd: add missing unlock in error path (git-fixes). - xen/usb: do not use gnttab_end_foreign_access() in xenhcd_gnttab_done() (bsc#1196488, XSA-396). Important SUSE bug 1179639 SUSE bug 1189562 SUSE bug 1193731 SUSE bug 1194943 SUSE bug 1195051 SUSE bug 1195254 SUSE bug 1195353 SUSE bug 1195403 SUSE bug 1195939 SUSE bug 1196018 SUSE bug 1196196 SUSE bug 1196468 SUSE bug 1196488 SUSE bug 1196761 SUSE bug 1196823 SUSE bug 1196830 SUSE bug 1196836 SUSE bug 1196956 SUSE bug 1197227 SUSE bug 1197331 SUSE bug 1197366 SUSE bug 1197389 SUSE bug 1197462 SUSE bug 1197702 SUSE bug 1197914 SUSE bug 1198031 SUSE bug 1198032 SUSE bug 1198033 CVE-2021-0920 at SUSE CVE-2021-0920 at NVD CVE-2021-39698 at SUSE CVE-2021-39698 at NVD CVE-2021-45868 at SUSE CVE-2021-45868 at NVD CVE-2022-0850 at SUSE CVE-2022-0850 at NVD CVE-2022-0854 at SUSE CVE-2022-0854 at NVD CVE-2022-1016 at SUSE CVE-2022-1016 at NVD CVE-2022-1048 at SUSE CVE-2022-1048 at NVD CVE-2022-1055 at SUSE CVE-2022-1055 at NVD CVE-2022-23036 at SUSE CVE-2022-23036 at NVD CVE-2022-23037 at SUSE CVE-2022-23037 at NVD CVE-2022-23038 at SUSE CVE-2022-23038 at NVD CVE-2022-23039 at SUSE CVE-2022-23039 at NVD CVE-2022-23040 at SUSE CVE-2022-23040 at NVD CVE-2022-23041 at SUSE CVE-2022-23041 at NVD CVE-2022-23042 at SUSE CVE-2022-23042 at NVD CVE-2022-26490 at SUSE CVE-2022-26490 at NVD CVE-2022-26966 at SUSE CVE-2022-26966 at NVD CVE-2022-27666 at SUSE CVE-2022-27666 at NVD CVE-2022-28388 at SUSE CVE-2022-28388 at NVD CVE-2022-28389 at SUSE CVE-2022-28389 at NVD CVE-2022-28390 at SUSE CVE-2022-28390 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-0854: Fixed a memory leak flaw was found in the Linux kernels DMA subsystem. This flaw allowed a local user to read random memory from the kernel space (bnc#1196823). - CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c vulnerability in the Linux kernel (bnc#1198032). - CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel (bnc#1198033). - CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel (bnc#1198031). - CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock (bsc#1197331). - CVE-2022-1055: Fixed a use-after-free in tc_new_tfilter that could allow a local attacker to gain privilege escalation (bnc#1197702). - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation (bnc#1197462). - CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c which could lead to an use-after-free if there is a corrupted quota file (bnc#1197366). - CVE-2022-26966: Fixed an issue in drivers/net/usb/sr9700.c, which allowed attackers to obtain sensitive information from the memory via crafted frame lengths from a USB device (bsc#1196836). - CVE-2021-39698: Fixed a possible memory corruption due to a use after free in aio_poll_complete_work. This could lead to local escalation of privilege with no additional execution privileges needed (bsc#1196956). - CVE-2021-0920: Fixed a local privilege escalation due to a use-after-free bug in unix_gc (bsc#1193731). - CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042: Fixed multiple issues which could have lead to read/write access to memory pages or denial of service. These issues are related to the Xen PV device frontend drivers (bsc#1196488). - CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could trigger crash the system or corrupt system memory (bsc#1196830). - CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image (bsc#1196079). - CVE-2022-25375: The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory (bsc#1196235). - CVE-2022-25258: The USB Gadget subsystem lacked certain validation of interface OS descriptor requests, which could have lead to memory corruption (bsc#1196096). - CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were not considered, which lead to a move_data_page NULL pointer dereference (bsc#1195987). - CVE-2022-24959: Fixed a memory leak in yam_siocdevprivate() in drivers/net/hamradio/yam.c (bsc#1195897). - CVE-2022-24958: drivers/usb/gadget/legacy/inode.c mishandled dev->buf release (bsc#1195905). - CVE-2022-0516: Fixed missing check in ioctl related to KVM in s390 allows kernel memory read/write (bsc#1195516). - CVE-2022-24448: Fixed an issue in fs/nfs/dir.c. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should have occured, but the server instead returned uninitialized data in the file descriptor (bsc#1195612). - CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543). - CVE-2022-28748: Fixed various information leaks that could be caused by malicious USB devices (bsc#1196018). - CVE-2022-0644: Fixed a denial of service by a local user. A assertion failure could be triggered in kernel_read_file_from_fd() (bsc#1196155) - CVE-2022-0850: Fixed a kernel information leak vulnerability in iov_iter.c (bsc#1196761). - CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution (bsc#1197227). The following non-security bugs were fixed: - cifs: use the correct max-length for dentry_path_raw() (bsc#1196196). - gve: multiple bugfixes (jsc#SLE-23652). - net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468). - netfilter: conntrack: do not refresh sctp entries in closed state (bsc#1197389). - powerpc/mm/numa: skip NUMA_NO_NODE onlining in parse_numa_properties() (bsc#1179639). - scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (bsc#1189126). - scsi: target: iscsi: Fix cmd abort fabric stop race (bsc#1195286). Important SUSE bug 1179639 SUSE bug 1189126 SUSE bug 1189562 SUSE bug 1193731 SUSE bug 1194516 SUSE bug 1194943 SUSE bug 1195051 SUSE bug 1195254 SUSE bug 1195286 SUSE bug 1195353 SUSE bug 1195403 SUSE bug 1195516 SUSE bug 1195543 SUSE bug 1195612 SUSE bug 1195897 SUSE bug 1195905 SUSE bug 1195939 SUSE bug 1195987 SUSE bug 1196018 SUSE bug 1196079 SUSE bug 1196095 SUSE bug 1196155 SUSE bug 1196196 SUSE bug 1196235 SUSE bug 1196468 SUSE bug 1196488 SUSE bug 1196612 SUSE bug 1196761 SUSE bug 1196776 SUSE bug 1196823 SUSE bug 1196830 SUSE bug 1196836 SUSE bug 1196956 SUSE bug 1197227 SUSE bug 1197331 SUSE bug 1197366 SUSE bug 1197389 SUSE bug 1197462 SUSE bug 1197702 SUSE bug 1198031 SUSE bug 1198032 SUSE bug 1198033 CVE-2021-0920 at SUSE CVE-2021-0920 at NVD CVE-2021-39698 at SUSE CVE-2021-39698 at NVD CVE-2021-44879 at SUSE CVE-2021-44879 at NVD CVE-2021-45868 at SUSE CVE-2021-45868 at NVD CVE-2022-0487 at SUSE CVE-2022-0487 at NVD CVE-2022-0492 at SUSE CVE-2022-0492 at NVD CVE-2022-0516 at SUSE CVE-2022-0516 at NVD CVE-2022-0617 at SUSE CVE-2022-0617 at NVD CVE-2022-0644 at SUSE CVE-2022-0644 at NVD CVE-2022-0850 at SUSE CVE-2022-0850 at NVD CVE-2022-0854 at SUSE CVE-2022-0854 at NVD CVE-2022-1016 at SUSE CVE-2022-1016 at NVD CVE-2022-1048 at SUSE CVE-2022-1048 at NVD CVE-2022-1055 at SUSE CVE-2022-1055 at NVD CVE-2022-23036 at SUSE CVE-2022-23036 at NVD CVE-2022-23037 at SUSE CVE-2022-23037 at NVD CVE-2022-23038 at SUSE CVE-2022-23038 at NVD CVE-2022-23039 at SUSE CVE-2022-23039 at NVD CVE-2022-23040 at SUSE CVE-2022-23040 at NVD CVE-2022-23041 at SUSE CVE-2022-23041 at NVD CVE-2022-23042 at SUSE CVE-2022-23042 at NVD CVE-2022-24448 at SUSE CVE-2022-24448 at NVD CVE-2022-24958 at SUSE CVE-2022-24958 at NVD CVE-2022-24959 at SUSE CVE-2022-24959 at NVD CVE-2022-25258 at SUSE CVE-2022-25258 at NVD CVE-2022-25375 at SUSE CVE-2022-25375 at NVD CVE-2022-26490 at SUSE CVE-2022-26490 at NVD CVE-2022-26966 at SUSE CVE-2022-26966 at NVD CVE-2022-27666 at SUSE CVE-2022-27666 at NVD CVE-2022-28388 at SUSE CVE-2022-28388 at NVD CVE-2022-28389 at SUSE CVE-2022-28389 at NVD CVE-2022-28390 at SUSE CVE-2022-28390 at NVD CVE-2022-28748 at SUSE CVE-2022-28748 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for xen fixes the following issues: - CVE-2022-26356: Fixed potential race conditions in dirty memory tracking that could cause a denial of service in the host (bsc#1197423). - CVE-2022-26357: Fixed a potential race condition in memory cleanup for hosts using VT-d IOMMU hardware, which could lead to a denial of service in the host (bsc#1197425). - CVE-2022-26358,CVE-2022-26359,CVE-2022-26360,CVE-2022-26361: Fixed various memory corruption issues for hosts using VT-d or AMD-Vi IOMMU hardware. These could be leveraged by an attacker to cause a denial of service in the host (bsc#1197426). - CVE-2022-0001, CVE-2022-0002, CVE-2021-26401: Added BHB speculation issue mitigations (bsc#1196915). Important SUSE bug 1194267 SUSE bug 1196915 SUSE bug 1197423 SUSE bug 1197425 SUSE bug 1197426 CVE-2021-26401 at SUSE CVE-2021-26401 at NVD CVE-2022-0001 at SUSE CVE-2022-0001 at NVD CVE-2022-0002 at SUSE CVE-2022-0002 at NVD CVE-2022-26356 at SUSE CVE-2022-26356 at NVD CVE-2022-26357 at SUSE CVE-2022-26357 at NVD CVE-2022-26358 at SUSE CVE-2022-26358 at NVD CVE-2022-26359 at SUSE CVE-2022-26359 at NVD CVE-2022-26360 at SUSE CVE-2022-26360 at NVD CVE-2022-26361 at SUSE CVE-2022-26361 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for dnsmasq fixes the following issues: - CVE-2022-0934: Fixed an invalid memory access that could lead to remote denial of service via crafted packet (bsc#1197872). Important SUSE bug 1197872 CVE-2022-0934 at SUSE CVE-2022-0934 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for salt fixes the following issues: - Fix regression preventing bootstrapping new clients caused by redundant dependency on psutil (bsc#1197533) - Prevent data pollution between actions processed at the same time (bsc#1197637) - Fix salt-ssh opts poisoning (bsc#1197637) - Clear network interfaces cache on grains request (bsc#1196050) - Add salt-ssh with Salt Bundle support (venv-salt-minion) - Fix Salt-API failure due to an exception from the scheduled SSH-Push Tasks (bsc#1182851, bsc#1196432) - Restrict 'state.orchestrate_single' to pass a pillar value if it exists (bsc#1194632) Important SUSE bug 1182851 SUSE bug 1194632 SUSE bug 1196050 SUSE bug 1196432 SUSE bug 1197417 SUSE bug 1197533 SUSE bug 1197637 CVE-2022-22934 at SUSE CVE-2022-22934 at NVD CVE-2022-22935 at SUSE CVE-2022-22935 at NVD CVE-2022-22936 at SUSE CVE-2022-22936 at NVD CVE-2022-22941 at SUSE CVE-2022-22941 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for permissions fixes the following issues: - Update to version 20181225: setuid bit for cockpit session binary (bsc#1169614). Moderate SUSE bug 1169614 cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for glib2 fixes the following issues: - CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533). Low SUSE bug 1183533 CVE-2021-28153 at SUSE CVE-2021-28153 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for ruby2.5 fixes the following issues: - CVE-2022-28739: Fixed a buffer overrun in String-to-Float conversion (bsc#1198441). - CVE-2021-41817: Fixed a regular expression denial of service in Date Parsing Methods (bsc#1193035). - CVE-2021-32066: Fixed a StartTLS stripping vulnerability in Net:IMAP (bsc#1188160). - CVE-2021-31810: Fixed a trusting FTP PASV responses vulnerability in Net:FTP (bsc#1188161). - CVE-2021-31799: Fixed a command injection vulnerability in RDoc (bsc#1190375). Important SUSE bug 1188160 SUSE bug 1188161 SUSE bug 1190375 SUSE bug 1193035 SUSE bug 1198441 CVE-2021-31799 at SUSE CVE-2021-31799 at NVD CVE-2021-31810 at SUSE CVE-2021-31810 at NVD CVE-2021-32066 at SUSE CVE-2021-32066 at NVD CVE-2021-41817 at SUSE CVE-2021-41817 at NVD CVE-2022-28739 at SUSE CVE-2022-28739 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for tar fixes the following issues: - CVE-2021-20193: Fixed a memory leak in read_header() in list.c (bsc#1181131). - CVE-2019-9923: Fixed a null-pointer dereference in pax_decode_header in sparse.c (bsc#1130496). - CVE-2018-20482: Fixed infinite read loop in sparse_dump_region in sparse.c (bsc#1120610). - Update to GNU tar 1.34: * Fix extraction over pipe * Fix memory leak in read_header (CVE-2021-20193) (bsc#1181131) * Fix extraction when . and .. are unreadable * Gracefully handle duplicate symlinks when extracting * Re-initialize supplementary groups when switching to user privileges - Update to GNU tar 1.33: * POSIX extended format headers do not include PID by default * --delay-directory-restore works for archives with reversed member ordering * Fix extraction of a symbolic link hardlinked to another symbolic link * Wildcards in exclude-vcs-ignore mode don't match slash * Fix the --no-overwrite-dir option * Fix handling of chained renames in incremental backups * Link counting works for file names supplied with -T * Accept only position-sensitive (file-selection) options in file list files - prepare usrmerge (bsc#1029961) - Update to GNU 1.32 * Fix the use of --checkpoint without explicit --checkpoint-action * Fix extraction with the -U option * Fix iconv usage on BSD-based systems * Fix possible NULL dereference (savannah bug #55369) [bsc#1130496] [CVE-2019-9923] * Improve the testsuite - Update to GNU 1.31 * Fix heap-buffer-overrun with --one-top-level, bug introduced with the addition of that option in 1.28 * Support for zstd compression * New option '--zstd' instructs tar to use zstd as compression program. When listing, extractng and comparing, zstd compressed archives are recognized automatically. When '-a' option is in effect, zstd compression is selected if the destination archive name ends in '.zst' or '.tzst'. * The -K option interacts properly with member names given in the command line. Names of members to extract can be specified along with the '-K NAME' option. In this case, tar will extract NAME and those of named members that appear in the archive after it, which is consistent with the semantics of the option. Previous versions of tar extracted NAME, those of named members that appeared before it, and everything after it. * Fix CVE-2018-20482 - When creating archives with the --sparse option, previous versions of tar would loop endlessly if a sparse file had been truncated while being archived. Moderate SUSE bug 1029961 SUSE bug 1120610 SUSE bug 1130496 SUSE bug 1181131 CVE-2018-20482 at SUSE CVE-2018-20482 at NVD CVE-2019-9923 at SUSE CVE-2019-9923 at NVD CVE-2021-20193 at SUSE CVE-2021-20193 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for gzip fixes the following issues: - CVE-2022-1271: Fix escaping of malicious filenames. (bsc#1198062) Important SUSE bug 1198062 SUSE bug 1198922 CVE-2022-1271 at SUSE CVE-2022-1271 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for e2fsprogs fixes the following issues: - CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault and possibly arbitrary code execution. (bsc#1198446) Important SUSE bug 1198446 CVE-2022-1304 at SUSE CVE-2022-1304 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for containerd, docker fixes the following issues: - CVE-2022-24769: Fixed incorrect default inheritable capabilities (bsc#1197517). - CVE-2022-23648: Fixed directory traversal issue (bsc#1196441). - CVE-2022-27191: Fixed a crash in a golang.org/x/crypto/ssh server (bsc#1197284). - CVE-2021-43565: Fixed a panic in golang.org/x/crypto by empty plaintext packet (bsc#1193930). Important SUSE bug 1193930 SUSE bug 1196441 SUSE bug 1197284 SUSE bug 1197517 CVE-2021-43565 at SUSE CVE-2021-43565 at NVD CVE-2022-23648 at SUSE CVE-2022-23648 at NVD CVE-2022-24769 at SUSE CVE-2022-24769 at NVD CVE-2022-27191 at SUSE CVE-2022-27191 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for expat fixes the following issues: - CVE-2021-45960: Fixed left shift in the storeAtts function in xmlparse.c that can lead to realloc misbehavior (bsc#1194251). - CVE-2021-46143: Fixed integer overflow in m_groupSize in doProlog (bsc#1194362). - CVE-2022-22822: Fixed integer overflow in addBinding in xmlparse.c (bsc#1194474). - CVE-2022-22823: Fixed integer overflow in build_model in xmlparse.c (bsc#1194476). - CVE-2022-22824: Fixed integer overflow in defineAttribute in xmlparse.c (bsc#1194477). - CVE-2022-22825: Fixed integer overflow in lookup in xmlparse.c (bsc#1194478). - CVE-2022-22826: Fixed integer overflow in nextScaffoldPart in xmlparse.c (bsc#1194479). - CVE-2022-22827: Fixed integer overflow in storeAtts in xmlparse.c (bsc#1194480). Important SUSE bug 1194251 SUSE bug 1194362 SUSE bug 1194474 SUSE bug 1194476 SUSE bug 1194477 SUSE bug 1194478 SUSE bug 1194479 SUSE bug 1194480 CVE-2021-45960 at SUSE CVE-2021-45960 at NVD CVE-2021-46143 at SUSE CVE-2021-46143 at NVD CVE-2022-22822 at SUSE CVE-2022-22822 at NVD CVE-2022-22823 at SUSE CVE-2022-22823 at NVD CVE-2022-22824 at SUSE CVE-2022-22824 at NVD CVE-2022-22825 at SUSE CVE-2022-22825 at NVD CVE-2022-22826 at SUSE CVE-2022-22826 at NVD CVE-2022-22827 at SUSE CVE-2022-22827 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 The SUSE MicroOS 5.0 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-4001: Fixed a race condition when the EBPF map is frozen. (bsc#1192990) - CVE-2021-4002: Added a missing TLB flush that could lead to leak or corruption of data in hugetlbfs. (bsc#1192946) - CVE-2021-28711: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening blkfront against event channel storms. (bsc#1193440) - CVE-2021-28712: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening netfront against event channel storms. (bsc#1193440) - CVE-2021-28713: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening hvc_xen against event channel storms. (bsc#1193440) - CVE-2021-28714: Fixed an issue where a guest could force Linux netback driver to hog large amounts of kernel memory by fixing rx queue stall detection. (bsc#1193442) - CVE-2021-28715: Fixed an issue where a guest could force Linux netback driver to hog large amounts of kernel memory by do not queueing unlimited number of packages. (bsc#1193442) - CVE-2021-33098: Fixed improper input validation in the Intel(R) Ethernet ixgbe driver that could allow an authenticate user to cause a denial of service (bnc#1192877). - CVE-2021-43975: Fixed a flaw in hw_atl_utils_fw_rpc_wait that could allow an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. (bnc#1192845) - CVE-2021-43976: Fixed a flaw that could allow an attacker (who can connect a crafted USB device) to cause a denial of service. (bnc#1192847) The following non-security bugs were fixed: - acpi: battery: Accept charges over the design capacity as full (git-fixes). - acpi: pmic: Fix intel_pmic_regs_handler() read accesses (git-fixes). - acpica: Avoid evaluating methods too early during system resume (git-fixes). - alsa: ISA: not for M68K (git-fixes). - alsa: ctxfi: Fix out-of-range access (git-fixes). - alsa: gus: fix null pointer dereference on pointer block (git-fixes). - alsa: hda/realtek: Add a quirk for Acer Spin SP513-54N (git-fixes). - alsa: hda/realtek: Add quirk for ASUS UX550VE (git-fixes). - alsa: hda/realtek: Add quirk for Clevo PC70HS (git-fixes). - alsa: hda/realtek: Add quirk for HP EliteBook 840 G7 mute LED (git-fixes). - alsa: hda: hdac_ext_stream: fix potential locking issues (git-fixes). - alsa: hda: hdac_stream: fix potential locking issue in snd_hdac_stream_assign() (git-fixes). - alsa: synth: missing check for possible NULL after the call to kstrdup (git-fixes). - alsa: timer: Fix use-after-free problem (git-fixes). - alsa: timer: Unconditionally unlink slave instances, too (git-fixes). - alsa: usb-audio: Add registration quirk for JBL Quantum 400 (git-fixes). - arm: 8986/1: hw_breakpoint: Do not invoke overflow handler on uaccess watchpoints (git-fixes) - arm: 9007/1: l2c: fix prefetch bits init in L2X0_AUX_CTRL using DT (git-fixes) - arm: 9019/1: kprobes: Avoid fortify_panic() when copying optprobe (git-fixes) - arm: 9046/1: decompressor: Do not clear SCTLR.nTLSMD for ARMv7+ cores (git-fixes) - arm: 9064/1: hw_breakpoint: Do not directly check the event's (git-fixes) - arm: 9071/1: uprobes: Do not hook on thumb instructions (git-fixes) - arm: 9081/1: fix gcc-10 thumb2-kernel regression (git-fixes) - arm: 9091/1: Revert 'mm: qsd8x50: Fix incorrect permission faults' (git-fixes) - arm: 9133/1: mm: proc-macros: ensure *_tlb_fns are 4B aligned (git-fixes) - arm: 9134/1: remove duplicate memcpy() definition (git-fixes) - arm: 9139/1: kprobes: fix arch_init_kprobes() prototype (git-fixes) - arm: 9141/1: only warn about XIP address when not compile testing (git-fixes) - arm: 9155/1: fix early early_iounmap() (git-fixes) - arm: OMAP2+: Fix legacy mode dss_reset (git-fixes) - arm: OMAP2+: omap_device: fix idling of devices during probe (git-fixes) - arm: at91: pm: add missing put_device() call in at91_pm_sram_init() (git-fixes) - arm: at91: pm: of_node_put() after its usage (git-fixes) - arm: bcm: Select ARM_TIMER_SP804 for ARCH_BCM_NSP (git-fixes) - arm: dts sunxi: Relax a bit the CMA pool allocation range (git-fixes) - arm: dts: BCM5301X: Add interrupt properties to GPIO node (git-fixes) - arm: dts: BCM5301X: Fix I2C controller interrupt (git-fixes) - arm: dts: BCM5301X: Fixed QSPI compatible string (git-fixes) - arm: dts: Configure missing thermal interrupt for 4430 (git-fixes) - arm: dts: Fix dcan driver probe failed on am437x platform (git-fixes) - arm: dts: Fix duovero smsc interrupt for suspend (git-fixes) - arm: dts: NSP: Correct FA2 mailbox node (git-fixes) - arm: dts: NSP: Disable PL330 by default, add dma-coherent property (git-fixes) - arm: dts: NSP: Fixed QSPI compatible string (git-fixes) - arm: dts: Remove non-existent i2c1 from 98dx3236 (git-fixes) - arm: dts: am335x-pocketbeagle: Fix mmc0 Write Protect (git-fixes) - arm: dts: am335x: align ti,pindir-d0-out-d1-in property with dt-shema (git-fixes) - arm: dts: am437x-l4: fix typo in can@0 node (git-fixes) - arm: dts: armada-38x: fix NETA lockup when repeatedly switching speeds (git-fixes) - arm: dts: armada388-helios4: assign pinctrl to LEDs (git-fixes) - arm: dts: armada388-helios4: assign pinctrl to each fan (git-fixes) - arm: dts: aspeed: s2600wf: Fix VGA memory region location (git-fixes) - arm: dts: aspeed: tiogapass: Remove vuart (git-fixes) - arm: dts: at91-sama5d27_som1: fix phy address to 7 (git-fixes) - arm: dts: at91: add pinctrl-{names, 0} for all gpios (git-fixes) - arm: dts: at91: at91sam9rl: fix ADC triggers (git-fixes) - arm: dts: at91: sama5d2: fix CAN message ram offset and size (git-fixes) - arm: dts: at91: sama5d2: map securam as device (git-fixes) - arm: dts: at91: sama5d2_ptc_ek: fix sdmmc0 node description (git-fixes) - arm: dts: at91: sama5d2_ptc_ek: fix vbus pin (git-fixes) - arm: dts: at91: sama5d2_xplained: classd: pull-down the R1 and R3 lines (git-fixes) - arm: dts: at91: sama5d3_xplained: add pincontrol for USB Host (git-fixes) - arm: dts: at91: sama5d4: fix pinctrl muxing (git-fixes) - arm: dts: at91: sama5d4_xplained: add pincontrol for USB Host (git-fixes) - arm: dts: at91: tse850: the emac&lt;->phy interface is rmii (git-fixes) - arm: dts: bcm: HR2: Fixed QSPI compatible string (git-fixes) - arm: dts: colibri-imx6ull: limit SDIO clock to 25MHz (git-fixes) - arm: dts: dra76x: m_can: fix order of clocks (git-fixes) - arm: dts: exynos: correct MUIC interrupt trigger level on Midas (git-fixes) - arm: dts: exynos: correct PMIC interrupt trigger level on Arndale (git-fixes) - arm: dts: exynos: correct PMIC interrupt trigger level on Artik 5 (git-fixes) - arm: dts: exynos: correct PMIC interrupt trigger level on Midas (git-fixes) - arm: dts: exynos: correct PMIC interrupt trigger level on Monk (git-fixes) - arm: dts: exynos: correct PMIC interrupt trigger level on Odroid X/U3 (git-fixes) - arm: dts: exynos: correct PMIC interrupt trigger level on Odroid XU3 (git-fixes) - arm: dts: exynos: correct PMIC interrupt trigger level on Rinato (git-fixes) - arm: dts: exynos: correct PMIC interrupt trigger level on SMDK5250 (git-fixes) - arm: dts: exynos: correct PMIC interrupt trigger level on Snow (git-fixes) - arm: dts: exynos: correct PMIC interrupt trigger level on Spring (git-fixes) - arm: dts: exynos: correct fuel gauge interrupt trigger level on Midas (git-fixes) - arm: dts: exynos: fix PWM LED max brightness on Odroid HC1 (git-fixes) - arm: dts: exynos: fix PWM LED max brightness on Odroid XU/XU3 (git-fixes) - arm: dts: exynos: fix PWM LED max brightness on Odroid XU4 (git-fixes) - arm: dts: exynos: fix USB 3.0 VBUS control and over-current pins on (git-fixes) - arm: dts: exynos: fix USB 3.0 pins supply being turned off on Odroid (git-fixes) - arm: dts: exynos: fix roles of USB 3.0 ports on Odroid XU (git-fixes) - arm: dts: gemini-rut1xx: remove duplicate ethernet node (git-fixes) - arm: dts: gose: Fix ports node name for adv7180 (git-fixes) - arm: dts: gose: Fix ports node name for adv7612 (git-fixes) - arm: dts: imx50-evk: Fix the chip select 1 IOMUX (git-fixes) - arm: dts: imx6: pbab01: Set vmmc supply for both SD interfaces (git-fixes) - arm: dts: imx6dl-yapp4: Fix RGMII connection to QCA8334 switch (git-fixes) - arm: dts: imx6q-dhcom: Add PU,VDD1P1,VDD2P5 regulators (git-fixes) - arm: dts: imx6q-dhcom: Add gpios pinctrl for i2c bus recovery (git-fixes) - arm: dts: imx6q-dhcom: Fix ethernet plugin detection problems (git-fixes) - arm: dts: imx6q-dhcom: Fix ethernet reset time properties (git-fixes) - arm: dts: imx6qdl-gw52xx: fix duplicate regulator naming (git-fixes) - arm: dts: imx6qdl-gw551x: Do not use 'simple-audio-card,dai-link' (git-fixes) - arm: dts: imx6qdl-gw551x: fix audio SSI (git-fixes) - arm: dts: imx6qdl-icore: Fix OTG_ID pin and sdcard detect (git-fixes) - arm: dts: imx6qdl-kontron-samx6i: fix I2C_PM scl pin (git-fixes) - arm: dts: imx6qdl-kontron-samx6i: fix i2c_lcd/cam default status (git-fixes) - arm: dts: imx6qdl-sr-som: Increase the PHY reset duration to 10ms (git-fixes) - arm: dts: imx6qdl-udoo: fix rgmii phy-mode for ksz9031 phy (git-fixes) - arm: dts: imx6sl: fix rng node (git-fixes) - arm: dts: imx6sx-sabreauto: Fix the phy-mode on fec2 (git-fixes) - arm: dts: imx6sx-sdb: Fix the phy-mode on fec2 (git-fixes) - arm: dts: imx6sx: Add missing UART RTS/CTS pins mux (git-fixes) - arm: dts: imx6sx: Improve UART pins macro defines (git-fixes) - arm: dts: imx6sx: fix the pad QSPI1B_SCLK mux mode for uart3 (git-fixes) - arm: dts: imx7d-meerkat96: Fix the 'tuning-step' property (git-fixes) - arm: dts: imx7d-pico: Fix the 'tuning-step' property (git-fixes) - arm: dts: imx7ulp: Correct gpio ranges (git-fixes) - arm: dts: imx: Fix USB host power regulator polarity on M53Menlo (git-fixes) - arm: dts: imx: Swap M53Menlo pinctrl_power_button/pinctrl_power_out (git-fixes) - arm: dts: imx: emcon-avari: Fix nxp,pca8574 #gpio-cells (git-fixes) - arm: dts: logicpd-som-lv-baseboard: Fix broken audio (git-fixes) - arm: dts: logicpd-som-lv-baseboard: Fix missing video (git-fixes) - arm: dts: logicpd-torpedo-baseboard: Fix broken audio (git-fixes) - arm: dts: lpc32xx: Revert set default clock rate of HCLK PLL (git-fixes) - arm: dts: ls1021a: fix QuadSPI-memory reg range (git-fixes) - arm: dts: meson8: Use a higher default GPU clock frequency (git-fixes) - arm: dts: meson8: remove two invalid interrupt lines from the GPU (git-fixes) - arm: dts: meson8b: ec100: Fix the pwm regulator supply properties (git-fixes) - arm: dts: meson8b: mxq: Fix the pwm regulator supply properties (git-fixes) - arm: dts: meson8b: odroidc1: Fix the pwm regulator supply properties (git-fixes) - arm: dts: meson: fix PHY deassert timing requirements (git-fixes) - arm: dts: mt7623: add missing pause for switchport (git-fixes) - arm: dts: omap3-gta04a4: accelerometer irq fix (git-fixes) - arm: dts: omap3430-sdp: Fix NAND device node (git-fixes) - arm: dts: owl-s500: Fix incorrect PPI interrupt specifiers (git-fixes) - arm: dts: pandaboard: fix pinmux for gpio user button of Pandaboard (git-fixes) - arm: dts: qcom: apq8064: Use 27MHz PXO clock as DSI PLL reference (git-fixes) - arm: dts: qcom: msm8974: Add xo_board reference clock to DSI0 PHY (git-fixes) - arm: dts: r8a7779, marzen: Fix DU clock names (git-fixes) - arm: dts: s5pv210: Set keep-power-in-suspend for SDHCI1 on Aries (git-fixes) - arm: dts: socfpga: Align L2 cache-controller nodename with dtschema (git-fixes) - arm: dts: socfpga: fix register entry for timer3 on Arria10 (git-fixes) - arm: dts: stm32: fix a typo for DAC io-channel-cells on stm32f429 (git-fixes) - arm: dts: stm32: fix a typo for DAC io-channel-cells on stm32h743 (git-fixes) - arm: dts: sun6i: a31-hummingbird: Enable RGMII RX/TX delay on (git-fixes) - arm: dts: sun7i: a20: bananapro: Fix ethernet phy-mode (git-fixes) - arm: dts: sun7i: bananapi-m1-plus: Enable RGMII RX/TX delay on (git-fixes) - arm: dts: sun7i: bananapi: Enable RGMII RX/TX delay on Ethernet PHY (git-fixes) - arm: dts: sun7i: cubietruck: Enable RGMII RX/TX delay on Ethernet PHY (git-fixes) - arm: dts: sun7i: pcduino3-nano: enable RGMII RX/TX delay on PHY (git-fixes) - arm: dts: sun8i-h2-plus-bananapi-m2-zero: Fix led polarity (git-fixes) - arm: dts: sun8i: a83t: Enable both RGMII RX/TX delay on Ethernet PHY (git-fixes) - arm: dts: sun8i: h3: orangepi-plus2e: Enable RGMII RX/TX delay on (git-fixes) - arm: dts: sun8i: r40: bananapi-m2-berry: Fix dcdc1 regulator (git-fixes) - arm: dts: sun8i: r40: bananapi-m2-ultra: Fix dcdc1 regulator (git-fixes) - arm: dts: sun8i: r40: bananapi-m2-ultra: Fix ethernet node (git-fixes) - arm: dts: sun8i: v3s: fix GIC node memory range (git-fixes) - arm: dts: sun8i: v40: bananapi-m2-berry: Fix ethernet node (git-fixes) - arm: dts: sun9i: Enable both RGMII RX/TX delay on Ethernet PHY (git-fixes) - arm: dts: sunxi: bananapi-m2-plus-v1.2: Fix CPU supply voltages (git-fixes) - arm: dts: sunxi: bananapi-m2-plus: Enable RGMII RX/TX delay on (git-fixes) - arm: dts: turris-omnia: add SFP node (git-fixes) - arm: dts: turris-omnia: add comphy handle to eth2 (git-fixes) - arm: dts: turris-omnia: configure LED[2]/INTn pin as interrupt pin (git-fixes) - arm: dts: turris-omnia: describe switch interrupt (git-fixes) - arm: dts: turris-omnia: enable HW buffer management (git-fixes) - arm: dts: turris-omnia: fix hardware buffer management (git-fixes) - arm: dts: uniphier: Change phy-mode to RGMII-ID to enable delay pins (git-fixes) - arm: dts: vf610-zii-dev-rev-b: Remove #address-cells and #size-cells (git-fixes) - arm: dts: vfxxx: Add syscon compatible with OCOTP (git-fixes) - arm: exynos: MCPM: Restore big.LITTLE cpuidle support (git-fixes) - arm: exynos: add missing of_node_put for loop iteration (git-fixes) - arm: footbridge: fix PCI interrupt mapping (git-fixes) - arm: imx5: add missing put_device() call in imx_suspend_alloc_ocram() (git-fixes) - arm: imx6: disable the GIC CPU interface before calling stby-poweroff (git-fixes) - arm: imx: add missing clk_disable_unprepare() (git-fixes) - arm: imx: add missing iounmap() (git-fixes) - arm: imx: build suspend-imx6.S with arm instruction set (git-fixes) - arm: imx: fix missing 3rd argument in macro imx_mmdc_perf_init (git-fixes) - arm: mvebu: drop pointless check for coherency_base (git-fixes) - arm: p2v: fix handling of LPAE translation in BE mode (git-fixes) - arm: s3c24xx: fix missing system reset (git-fixes) - arm: s3c24xx: fix mmc gpio lookup tables (git-fixes) - arm: s3c: irq-s3c24xx: Fix return value check for s3c24xx_init_intc() (git-fixes) - arm: samsung: do not build plat/pm-common for Exynos (git-fixes) - arm: samsung: fix PM debug build with DEBUG_LL but !MMU (git-fixes) - arm: socfpga: PM: add missing put_device() call in socfpga_setup_ocram_self_refresh() (git-fixes) - asoc: DAPM: Cover regression by kctl change notification fix (git-fixes). - asoc: SOF: Intel: hda-dai: fix potential locking issue (git-fixes). - asoc: nau8824: Add DMI quirk mechanism for active-high jack-detect (git-fixes). - asoc: qdsp6: q6routing: Conditionally reset FrontEnd Mixer (git-fixes). - asoc: topology: Add missing rwsem around snd_ctl_remove() calls (git-fixes). - ath10k: fix invalid dma_addr_t token assignment (git-fixes). - ath10k: high latency fixes for beacon buffer (git-fixes). - ath: dfs_pattern_detector: Fix possible null-pointer dereference in channel_detector_create() (git-fixes). - block: Fix use-after-free issue accessing struct io_cq (bsc#1193042). - bluetooth: fix use-after-free error in lock_sock_nested() (git-fixes). - bpf, arm: Fix register clobbering in div/mod implementation (git-fixes) - brcmfmac: Add DMI nvram filename quirk for Cyberbook T116 tablet (git-fixes). - cfg80211: call cfg80211_stop_ap when switch from P2P_GO type (git-fixes). - cifs/smb3: Fix data inconsistent when punch hole (bsc#1176544). - cifs/smb3: Fix data inconsistent when zero file range (bsc#1176536). - cifs: Add SMB 2 support for getting and setting SACLs (bsc#1192606). - cifs: Add get_security_type_str function to return sec type (bsc#1192606). - cifs: Add missing sentinel to smb3_fs_parameters (bsc#1192606). - cifs: Add new mount parameter 'acdirmax' to allow caching directory metadata (bsc#1192606). - cifs: Add new parameter 'acregmax' for distinct file and directory metadata timeout (bsc#1192606). - cifs: Add support for setting owner info, dos attributes, and create time (bsc#1164565). - cifs: Add tracepoints for errors on flush or fsync (bsc#1164565). - cifs: Add witness information to debug data dump (bsc#1192606). - cifs: Adjust indentation in smb2_open_file (bsc#1164565). - cifs: Adjust key sizes and key generation routines for AES256 encryption (bsc#1192606). - cifs: Allocate crypto structures on the fly for calculating signatures of incoming packets (bsc#1192606). - cifs: Allocate encryption header through kmalloc (bsc#1192606). - cifs: Always update signing key of first channel (bsc#1192606). - cifs: Avoid doing network I/O while holding cache lock (bsc#1164565). - cifs: Avoid error pointer dereference (bsc#1192606). - cifs: Avoid field over-reading memcpy() (bsc#1192606). - cifs: Change SIDs in ACEs while transferring file ownership (bsc#1192606). - cifs: Clarify SMB1 code for POSIX Create (bsc#1192606). - cifs: Clarify SMB1 code for POSIX Lock (bsc#1192606). - cifs: Clarify SMB1 code for POSIX delete file (bsc#1192606). - cifs: Clarify SMB1 code for SetFileSize (bsc#1192606). - cifs: Clarify SMB1 code for UnixCreateSymLink (bsc#1192606). - cifs: Clarify SMB1 code for UnixSetPathInfo (bsc#1192606). - cifs: Clarify SMB1 code for delete (bsc#1192606). - cifs: Clarify SMB1 code for rename open file (bsc#1192606). - cifs: Clean up DFS referral cache (bsc#1164565). - cifs: Close cached root handle only if it had a lease (bsc#1164565). - cifs: Close open handle after interrupted close (bsc#1164565). - cifs: Constify static struct genl_ops (bsc#1192606). - cifs: Convert to use the fallthrough macro (bsc#1192606). - cifs: Create a new shared file holding smb2 pdu definitions (bsc#1192606). - cifs: Deal with some warnings from W=1 (bsc#1192606). - cifs: Delete a stray unlock in cifs_swn_reconnect() (bsc#1192606). - cifs: Display local UID details for SMB sessions in DebugData (bsc#1192606). - cifs: Do not display RDMA transport on reconnect (bsc#1164565). - cifs: Do not leak EDEADLK to dgetents64 for STATUS_USER_SESSION_DELETED (bsc#1192606). - cifs: Do not miss cancelled OPEN responses (bsc#1164565). - cifs: Do not use iov_iter::type directly (bsc#1192606). - cifs: Do not use the original cruid when following DFS links for multiuser mounts (bsc#1192606). - cifs: Enable sticky bit with cifsacl mount option (bsc#1192606). - cifs: Fix NULL pointer dereference in mid callback (bsc#1164565). - cifs: Fix NULL-pointer dereference in smb2_push_mandatory_locks (bnc#1151927 5.3.16). - cifs: Fix SMB2 oplock break processing (bsc#1154355 bnc#1151927 5.3.16). - cifs: Fix an error pointer dereference in cifs_mount() (bsc#1178270). - cifs: Fix bug which the return value by asynchronous read is error (bsc#1192606). - cifs: Fix cached_fid refcnt leak in open_shroot (bsc#1192606). - cifs: Fix chmod with modefromsid when an older ACE already exists (bsc#1192606). - cifs: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs (bnc#1151927 5.3.10). - cifs: Fix cifsacl ACE mask for group and others (bsc#1192606). - cifs: Fix double add page to memcg when cifs_readpages (bsc#1192606). - cifs: Fix fall-through warnings for Clang (bsc#1192606). - cifs: Fix in error types returned for out-of-credit situations (bsc#1192606). - cifs: Fix incomplete memory allocation on setxattr path (bsc#1179211). - cifs: Fix inconsistent IS_ERR and PTR_ERR (bsc#1192606). - cifs: Fix inconsistent indenting (bsc#1192606). - cifs: Fix leak when handling lease break for cached root fid (bsc#1176242). - cifs: Fix lookup of SMB connections on multichannel (bsc#1192606). - cifs: Fix lookup of root ses in DFS referral cache (bsc#1164565). - cifs: Fix memory allocation in __smb2_handle_cancelled_cmd() (bsc#1164565). - cifs: Fix missed free operations (bnc#1151927 5.3.8). - cifs: Fix mode output in debugging statements (bsc#1164565). - cifs: Fix mount options set in automount (bsc#1164565). - cifs: Fix null pointer check in cifs_read (bsc#1192606). - cifs: Fix oplock handling for SMB 2.1+ protocols (bnc#1151927 5.3.4). - cifs: Fix potential deadlock when updating vol in cifs_reconnect() (bsc#1164565). - cifs: Fix potential softlockups while refreshing DFS cache (bsc#1164565). - cifs: Fix preauth hash corruption (git-fixes). - cifs: Fix retrieval of DFS referrals in cifs_mount() (bsc#1164565). - cifs: Fix retry mid list corruption on reconnects (bnc#1151927 5.3.10). - cifs: Fix return value in __update_cache_entry (bsc#1164565). - cifs: Fix some error pointers handling detected by static checker (bsc#1192606). - cifs: Fix spelling of 'security' (bsc#1192606). - cifs: Fix support for remount when not changing rsize/wsize (bsc#1192606). - cifs: Fix task struct use-after-free on reconnect (bsc#1164565). - cifs: Fix the target file was deleted when rename failed (bsc#1192606). - cifs: Fix unix perm bits to cifsacl conversion for 'other' bits (bsc#1192606). - cifs: Fix use after free of file info structures (bnc#1151927 5.3.8). - cifs: Fix use-after-free bug in cifs_reconnect() (bsc#1164565). - cifs: Force reval dentry if LOOKUP_REVAL flag is set (bnc#1151927 5.3.7). - cifs: Force revalidate inode when dentry is stale (bnc#1151927 5.3.7). - cifs: Get rid of kstrdup_const()'d paths (bsc#1164565). - cifs: Grab a reference for the dentry of the cached directory during the lifetime of the cache (bsc#1192606). - cifs: Gracefully handle QueryInfo errors during open (bnc#1151927 5.3.7). - cifs: Handle witness client move notification (bsc#1192606). - cifs: Identify a connection by a conn_id (bsc#1192606). - cifs: If a corrupted DACL is returned by the server, bail out (bsc#1192606). - cifs: In the new mount api we get the full devname as source= (bsc#1192606). - cifs: Increment num_remote_opens stats counter even in case of smb2_query_dir_first (bsc#1192606). - cifs: Introduce helpers for finding TCP connection (bsc#1164565). - cifs: Make extract_hostname function public (bsc#1192606). - cifs: Make extract_sharename function public (bsc#1192606). - cifs: Merge is_path_valid() into get_normalized_path() (bsc#1164565). - cifs: Move SMB2_Create definitions to the shared area (bsc#1192606). - cifs: Move more definitions into the shared area (bsc#1192606). - cifs: New optype for session operations (bsc#1181507). - cifs: On cifs_reconnect, resolve the hostname again (bsc#1192606). - cifs: Optimize readdir on reparse points (bsc#1164565). - cifs: Print the address and port we are connecting to in generic_ip_connect() (bsc#1192606). - cifs: Properly process SMB3 lease breaks (bsc#1164565). - cifs: Re-indent cifs_swn_reconnect() (bsc#1192606). - cifs: Reformat DebugData and index connections by conn_id (bsc#1192606). - cifs: Register generic netlink family (bsc#1192606). Update configs with CONFIG_SWN_UPCALL unset. - cifs: Remove the superfluous break (bsc#1192606). - cifs: Remove unused inline function is_sysvol_or_netlogon() (bsc#1185902). - cifs: Remove useless variable (bsc#1192606). - cifs: Replace HTTP links with HTTPS ones (bsc#1192606). - cifs: Respect O_SYNC and O_DIRECT flags during reconnect (bsc#1164565). - cifs: Retain old ACEs when converting between mode bits and ACL (bsc#1192606). - cifs: Return correct error code from smb2_get_enc_key (git-fixes). - cifs: Return directly after a failed build_path_from_dentry() in cifs_do_create() (bsc#1164565). - cifs: Return the error from crypt_message when enc/dec key not found (bsc#1179426). - cifs: Send witness register and unregister commands to userspace daemon (bsc#1192606). - cifs: Send witness register messages to userspace daemon in echo task (bsc#1192606). - cifs: Set cifs_MOUNT_USE_PREFIX_PATH flag on setting cifs_sb->prepath (bsc#1192606). - cifs: Set witness notification handler for messages from userspace daemon (bsc#1192606). - cifs: Silently ignore unknown oplock break handle (bsc#1192606). - cifs: Simplify reconnect code when dfs upcall is enabled (bsc#1192606). - cifs: Spelling s/EACCESS/EACCES/ (bsc#1192606). - cifs: Standardize logging output (bsc#1192606). - cifs: To match file servers, make sure the server hostname matches (bsc#1192606). - cifs: Tracepoints and logs for tracing credit changes (bsc#1181507). - cifs: Unlock on errors in cifs_swn_reconnect() (bsc#1192606). - cifs: Use #define in cifs_dbg (bsc#1164565). - cifs: Use common error handling code in smb2_ioctl_query_info() (bsc#1164565). - cifs: Use memdup_user() rather than duplicating its implementation (bsc#1164565). - cifs: Warn less noisily on default mount (bsc#1192606). - cifs: add FALLOC_FL_INSERT_RANGE support (bsc#1192606). - cifs: add NULL check for ses->tcon_ipc (bsc#1178270). - cifs: add SMB2_open() arg to return POSIX data (bsc#1164565). - cifs: add SMB3 change notification support (bsc#1164565). - cifs: add a debug macro that prints \\server\share for errors (bsc#1164565). - cifs: add a function to get a cached dir based on its dentry (bsc#1192606). - cifs: add a helper to find an existing readable handle to a file (bsc#1154355). - cifs: add a timestamp to track when the lease of the cached dir was taken (bsc#1192606). - cifs: add an smb3_fs_context to cifs_sb (bsc#1192606). - cifs: add files to host new mount api (bsc#1192606). - cifs: add fs_context param to parsing helpers (bsc#1192606). - cifs: add initial reconfigure support (bsc#1192606). - cifs: add missing mount option to /proc/mounts (bsc#1164565). - cifs: add missing parsing of backupuid (bsc#1192606). - cifs: add mount parameter tcpnodelay (bsc#1192606). - cifs: add multichannel mount options and data structs (bsc#1192606). - cifs: add new debugging macro cifs_server_dbg (bsc#1164565). - cifs: add passthrough for smb2 setinfo (bsc#1164565). - cifs: add server param (bsc#1192606). - cifs: add shutdown support (bsc#1192606). - cifs: add smb2 POSIX info level (bsc#1164565). - cifs: add support for FALLOC_FL_COLLAPSE_RANGE (bsc#1192606). - cifs: add support for fallocate mode 0 for non-sparse files (bsc#1164565). - cifs: add support for flock (bsc#1164565). - cifs: add witness mount option and data structs (bsc#1192606). - cifs: added WARN_ON for all the count decrements (bsc#1192606). - cifs: allocate buffer in the caller of build_path_from_dentry() (bsc#1192606). - cifs: allow chmod to set mode bits using special sid (bsc#1164565). - cifs: allow syscalls to be restarted in __smb_send_rqst() (bsc#1176956). - cifs: allow unlock flock and OFD lock across fork (bsc#1192606). - cifs: ask for more credit on async read/write code paths (bsc#1192606). - cifs: avoid extra calls in posix_info_parse (bsc#1192606). - cifs: avoid starvation when refreshing dfs cache (bsc#1185902). - cifs: avoid using MID 0xFFFF (bnc#1151927 5.3.8). - cifs: call wake_up(&server->response_q) inside of cifs_reconnect() (bsc#1164565). - cifs: change confusing field serverName (to ip_addr) (bsc#1192606). - cifs: change format of cifs_FULL_KEY_DUMP ioctl (bsc#1192606). - cifs: change noisy error message to FYI (bsc#1181507). - cifs: check all path components in resolved dfs target (bsc#1181710). - cifs: check new file size when extending file by fallocate (bsc#1192606). - cifs: check pointer before freeing (bsc#1183534). - cifs: check the timestamp for the cached dirent when deciding on revalidate (bsc#1192606). - cifs: cifs_atomic_open(): fix double-put on late allocation failure (bsc#1192606). - cifs: cifs_debug: use %pd instead of messing with ->d_name (bsc#1192606). - cifs: cifs_md4 convert to SPDX identifier (bsc#1192606). - cifs: cifspdu.h: Replace one-element array with flexible-array member (bsc#1192606). - cifs: cifspdu.h: Replace zero-length array with flexible-array member (bsc#1192606). - cifs: clarify SMB1 code for UnixCreateHardLink (bsc#1192606). - cifs: clarify comment about timestamp granularity for old servers (bsc#1192606). - cifs: clarify hostname vs ip address in /proc/fs/cifs/DebugData (bsc#1192606). - cifs: cleanup a few le16 vs. le32 uses in cifsacl.c (bsc#1192606). - cifs: cleanup misc.c (bsc#1192606). - cifs: clear PF_MEMALLOC before exiting demultiplex thread (bsc#1192606). - cifs: close the shared root handle on tree disconnect (bsc#1164565). - cifs: compute full_path already in cifs_readdir() (bsc#1192606). - cifs: connect individual channel servers to primary channel server (bsc#1192606). - cifs: connect: style: Simplify bool comparison (bsc#1192606). - cifs: constify get_normalized_path() properly (bsc#1185902). - cifs: constify path argument of ->make_node() (bsc#1192606). - cifs: constify pathname arguments in a bunch of helpers (bsc#1192606). - cifs: convert list_for_each to entry variant (bsc#1192606, jsc#SLE-20042). - cifs: convert list_for_each to entry variant in cifs_debug.c (bsc#1192606). - cifs: convert list_for_each to entry variant in smb2misc.c (bsc#1192606). - cifs: convert revalidate of directories to using directory metadata cache timeout (bsc#1192606). - cifs: convert to use be32_add_cpu() (bsc#1192606). - cifs: correct comments explaining internal semaphore usage in the module (bsc#1192606). - cifs: correct four aliased mount parms to allow use of previous names (bsc#1192606). - cifs: create a MD4 module and switch cifs.ko to use it (bsc#1192606). - cifs: create a helper function to parse the query-directory response buffer (bsc#1164565). - cifs: create a helper to find a writeable handle by path name (bsc#1154355). - cifs: create sd context must be a multiple of 8 (bsc#1192606). - cifs: delete duplicated words in header files (bsc#1192606). - cifs: detect dead connections only when echoes are enabled (bsc#1192606). - cifs: do d_move in rename (bsc#1164565). - cifs: do not allow changing posix_paths during remount (bsc#1192606). - cifs: do not cargo-cult strndup() (bsc#1185902). - cifs: do not create a temp nls in cifs_setup_ipc (bsc#1192606). - cifs: do not disable noperm if multiuser mount option is not provided (bsc#1192606). - cifs: do not duplicate fscache cookie for secondary channels (bsc#1192606). - cifs: do not fail __smb_send_rqst if non-fatal signals are pending (git-fixes). - cifs: do not ignore the SYNC flags in getattr (bsc#1164565). - cifs: do not leak -EAGAIN for stat() during reconnect (bsc#1164565). - cifs: do not negotiate session if session already exists (bsc#1192606). - cifs: do not send close in compound create+close requests (bsc#1181507). - cifs: do not send tree disconnect to ipc shares (bsc#1185902). - cifs: do not share tcons with DFS (bsc#1178270). - cifs: do not share tcp servers with dfs mounts (bsc#1185902). - cifs: do not share tcp sessions of dfs connections (bsc#1185902). - cifs: do not use 'pre:' for MODULE_SOFTDEP (bsc#1164565). - cifs: do_cifs_create(): do not set ->i_mode of something we had not created (bsc#1192606). - cifs: document and cleanup dfs mount (bsc#1178270). - cifs: dump Security Type info in DebugData (bsc#1192606). - cifs: dump channel info in DebugData (bsc#1192606). - cifs: dump the session id and keys also for SMB2 sessions (bsc#1192606). - cifs: enable change notification for SMB2.1 dialect (bsc#1164565). - cifs: enable extended stats by default (bsc#1192606). - cifs: ensure correct super block for DFS reconnect (bsc#1178270). - cifs: escape spaces in share names (bsc#1192606). - cifs: export supported mount options via new mount_params /proc file (bsc#1192606). - cifs: fail i/o on soft mounts if sessionsetup errors out (bsc#1164565). - cifs: fiemap: do not return EINVAL if get nothing (bsc#1192606). - cifs: fix DFS failover (bsc#1192606). - cifs: fix DFS mount with cifsacl/modefromsid (bsc#1178270). - cifs: fix NULL dereference in match_prepath (bsc#1164565). - cifs: fix NULL dereference in smb2_check_message() (bsc#1192606). - cifs: fix SMB1 error path in cifs_get_file_info_unix (bsc#1192606). - cifs: fix a comment for the timeouts when sending echos (bsc#1164565). - cifs: fix a memleak with modefromsid (bsc#1192606). - cifs: fix a sign extension bug (bsc#1192606). - cifs: fix a white space issue in cifs_get_inode_info() (bsc#1164565). - cifs: fix allocation size on newly created files (bsc#1192606). - cifs: fix channel signing (bsc#1192606). - cifs: fix check of dfs interlinks (bsc#1185902). - cifs: fix check of tcon dfs in smb1 (bsc#1178270). - cifs: fix chown and chgrp when idsfromsid mount option enabled (bsc#1192606). - cifs: fix credit accounting for extra channel (bsc#1192606). - cifs: fix dereference on ses before it is null checked (bsc#1164565). - cifs: fix dfs domain referrals (bsc#1192606). - cifs: fix dfs-links (bsc#1192606). - cifs: fix doc warnings in cifs_dfs_ref.c (bsc#1192606). - cifs: fix double free error on share and prefix (bsc#1178270). - cifs: fix fallocate when trying to allocate a hole (bsc#1192606). - cifs: fix handling of escaped ',' in the password mount argument (bsc#1192606). - cifs: fix incorrect check for null pointer in header_assemble (bsc#1192606). - cifs: fix incorrect kernel doc comments (bsc#1192606). - cifs: fix interrupted close commands (git-fixes). - cifs: fix ipv6 formating in cifs_ses_add_channel (bsc#1192606). - cifs: fix leak in cifs_smb3_do_mount() ctx (bsc#1192606). - cifs: fix leaked reference on requeued write (bsc#1178270). - cifs: fix max ea value size (bnc#1151927 5.3.4). - cifs: fix memory leak in smb2_copychunk_range (git-fixes). - cifs: fix memory leak of smb3_fs_context_dup::server_hostname (bsc#1192606). - cifs: fix minor typos in comments and log messages (bsc#1192606). - cifs: fix missing null session check in mount (bsc#1192606). - cifs: fix missing spinlock around update to ses->status (bsc#1192606). - cifs: fix mode bits from dir listing when mounted with modefromsid (bsc#1164565). - cifs: fix mount option display for sec=krb5i (bsc#1161907). - cifs: fix mounts to subdirectories of target (bsc#1192606). - cifs: fix nodfs mount option (bsc#1181710). - cifs: fix out-of-bound memory access when calling smb3_notify() at mount point (bsc#1192606). - cifs: fix path comparison and hash calc (bsc#1185902). - cifs: fix possible uninitialized access and race on iface_list (bsc#1192606). - cifs: fix potential mismatch of UNC paths (bsc#1164565). - cifs: fix potential use-after-free bugs (bsc#1192606, jsc#SLE-20042). - cifs: fix potential use-after-free in cifs_echo_request() (bsc#1139944). - cifs: fix print of hdr_flags in dfscache_proc_show() (bsc#1192606, jsc#SLE-20042). - cifs: fix reference leak for tlink (bsc#1192606). - cifs: fix regression when mounting shares with prefix paths (bsc#1192606). - cifs: fix rename() by ensuring source handle opened with DELETE bit (bsc#1164565). - cifs: fix rsize/wsize to be negotiated values (bsc#1192606). - cifs: fix soft mounts hanging in the reconnect code (bsc#1164565). - cifs: fix soft mounts hanging in the reconnect code (bsc#1164565). - cifs: fix string declarations and assignments in tracepoints (bsc#1192606). - cifs: fix the out of range assignment to bit fields in parse_server_interfaces (bsc#1192606). - cifs: fix trivial typo (bsc#1192606). - cifs: fix uninitialised lease_key in open_shroot() (bsc#1178270). - cifs: fix uninitialized variable in smb3_fs_context_parse_param (bsc#1192606). - cifs: fix unitialized variable poential problem with network I/O cache lock patch (bsc#1164565). - cifs: fix unneeded null check (bsc#1192606). - cifs: fix use after free in cifs_smb3_do_mount() (bsc#1192606). - cifs: fix wrong release in sess_alloc_buffer() failed path (bsc#1192606). - cifs: for compound requests, use open handle if possible (bsc#1192606). - cifs: fork arc4 and create a separate module for it for cifs and other users (bsc#1192606). - cifs: get mode bits from special sid on stat (bsc#1164565). - cifs: get rid of @noreq param in __dfs_cache_find() (bsc#1185902). - cifs: get rid of cifs_sb->mountdata (bsc#1192606). - cifs: get rid of unused parameter in reconn_setup_dfs_targets() (bsc#1178270). - cifs: handle 'guest' mount parameter (bsc#1192606). - cifs: handle 'nolease' option for vers=1.0 (bsc#1192606). - cifs: handle -EINTR in cifs_setattr (bsc#1192606). - cifs: handle ERRBaduid for SMB1 (bsc#1192606). - cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect (bsc#1178270). - cifs: handle different charsets in dfs cache (bsc#1185902). - cifs: handle empty list of targets in cifs_reconnect() (bsc#1178270). - cifs: handle hostnames that resolve to same ip in failover (bsc#1178270). - cifs: handle prefix paths in reconnect (bsc#1164565). - cifs: handle reconnect of tcon when there is no cached dfs referral (bsc#1192606). - cifs: have ->mkdir() handle race with another client sanely (bsc#1192606). - cifs: have cifs_fattr_to_inode() refuse to change type on live inode (bsc#1192606). - cifs: ignore auto and noauto options if given (bsc#1192606). - cifs: ignore cached share root handle closing errors (bsc#1166780). - cifs: improve fallocate emulation (bsc#1192606). - cifs: improve read performance for page size 64KB & cache=strict & vers=2.1+ (bsc#1192606). - cifs: introduce cifs_ses_mark_for_reconnect() helper (bsc#1192606). - cifs: introduce helper for finding referral server (bsc#1181710). - cifs: introduce new helper for cifs_reconnect() (bsc#1192606, jsc#SLE-20042). - cifs: keep referral server sessions alive (bsc#1185902). - cifs: log mount errors using cifs_errorf() (bsc#1192606). - cifs: log warning message (once) if out of disk space (bsc#1164565). - cifs: make build_path_from_dentry() return const char * (bsc#1192606). - cifs: make const array static, makes object smaller (bsc#1192606). - cifs: make fs_context error logging wrapper (bsc#1192606). - cifs: make locking consistent around the server session status (bsc#1192606). - cifs: make multichannel warning more visible (bsc#1192606). - cifs: make sure we do not overflow the max EA buffer size (bsc#1164565). - cifs: make use of cap_unix(ses) in cifs_reconnect_tcon() (bsc#1164565). - cifs: map STATUS_ACCOUNT_LOCKED_OUT to -EACCES (bsc#1192606). - cifs: merge __{cifs,smb2}_reconnect[_tcon]() into cifs_tree_connect() (bsc#1178270). - cifs: minor fix to two debug messages (bsc#1192606). - cifs: minor kernel style fixes for comments (bsc#1192606). - cifs: minor simplification to smb2_is_network_name_deleted (bsc#1192606). - cifs: minor update to comments around the cifs_tcp_ses_lock mutex (bsc#1192606). - cifs: minor updates to Kconfig (bsc#1192606). - cifs: misc: Use array_size() in if-statement controlling expression (bsc#1192606). - cifs: missed ref-counting smb session in find (bsc#1192606). - cifs: missing null check for newinode pointer (bsc#1192606). - cifs: missing null pointer check in cifs_mount (bsc#1185902). - cifs: modefromsid: make room for 4 ACE (bsc#1164565). - cifs: modefromsid: write mode ACE first (bsc#1164565). - cifs: move NEGOTIATE_PROTOCOL definitions out into the common area (bsc#1192606). - cifs: move SMB FSCTL definitions to common code (bsc#1192606). - cifs: move [brw]size from cifs_sb to cifs_sb->ctx (bsc#1192606). - cifs: move cache mount options to fs_context.ch (bsc#1192606). - cifs: move cifsFileInfo_put logic into a work-queue (bsc#1154355). - cifs: move cifs_cleanup_volume_info[_content] to fs_context.c (bsc#1192606). - cifs: move cifs_parse_devname to fs_context.c (bsc#1192606). - cifs: move debug print out of spinlock (bsc#1192606). - cifs: move security mount options into fs_context.ch (bsc#1192606). - cifs: move smb version mount options into fs_context.c (bsc#1192606). - cifs: move some variables off the stack in smb2_ioctl_query_info (bsc#1192606). - cifs: move the check for nohandlecache into open_shroot (bsc#1192606). - cifs: move the enum for cifs parameters into fs_context.h (bsc#1192606). - cifs: move update of flags into a separate function (bsc#1192606). - cifs: multichannel: always zero struct cifs_io_parms (bsc#1192606). - cifs: multichannel: move channel selection above transport layer (bsc#1192606). - cifs: multichannel: move channel selection in function (bsc#1192606). - cifs: multichannel: try to rebind when reconnecting a channel (bsc#1192606). - cifs: multichannel: use pointer for binding channel (bsc#1192606). - cifs: nosharesock should be set on new server (bsc#1192606). - cifs: nosharesock should not share socket with future sessions (bsc#1192606). - cifs: only update prefix path of DFS links in cifs_tree_connect() (bsc#1178270). - cifs: only write 64kb at a time when fallocating a small region of a file (bsc#1192606). - cifs: pass a path to open_shroot and check if it is the root or not (bsc#1192606). - cifs: pass the dentry instead of the inode down to the revalidation check functions (bsc#1192606). - cifs: plumb smb2 POSIX dir enumeration (bsc#1164565). - cifs: populate server_hostname for extra channels (bsc#1192606). - cifs: potential unintitliazed error code in cifs_getattr() (bsc#1164565). - cifs: prepare SMB2_Flush to be usable in compounds (bsc#1154355). - cifs: prepare SMB2_query_directory to be used with compounding (bsc#1164565). - cifs: prevent NULL deref in cifs_compose_mount_options() (bsc#1185902). - cifs: prevent truncation from long to int in wait_for_free_credits (bsc#1192606). - cifs: print MIDs in decimal notation (bsc#1181507). - cifs: print warning mounting with vers=1.0 (bsc#1164565). - cifs: properly invalidate cached root handle when closing it (bsc#1192606). - cifs: protect session channel fields with chan_lock (bsc#1192606). - cifs: protect srv_count with cifs_tcp_ses_lock (bsc#1192606). - cifs: protect updating server->dstaddr with a spinlock (bsc#1192606). - cifs: reduce number of referral requests in DFS link lookups (bsc#1178270). - cifs: reduce stack use in smb2_compound_op (bsc#1192606). - cifs: refactor cifs_get_inode_info() (bsc#1164565). - cifs: refactor create_sd_buf() and and avoid corrupting the buffer (bsc#1192606). - cifs: release lock earlier in dequeue_mid error case (bsc#1192606). - cifs: remove [gu]id/backup[gu]id/file_mode/dir_mode from cifs_sb (bsc#1192606). - cifs: remove actimeo from cifs_sb (bsc#1192606). - cifs: remove bogus debug code (bsc#1179427). - cifs: remove ctx argument from cifs_setup_cifs_sb (bsc#1192606). - cifs: remove duplicated prototype (bsc#1192606). - cifs: remove old dead code (bsc#1192606). - cifs: remove pathname for file from SPDX header (bsc#1192606). - cifs: remove redundant assignment to pointer pneg_ctxt (bsc#1164565). - cifs: remove redundant assignment to variable rc (bsc#1164565). - cifs: remove redundant initialization of variable rc (bsc#1192606). - cifs: remove redundant initialization of variable rc (bsc#1192606). - cifs: remove set but not used variable 'server' (bsc#1164565). - cifs: remove set but not used variables 'cinode' and 'netfid' (bsc#1164565). - cifs: remove set but not used variables (bsc#1164565). - cifs: remove some minor warnings pointed out by kernel test robot (bsc#1192606). - cifs: remove the devname argument to cifs_compose_mount_options (bsc#1192606). - cifs: remove the retry in cifs_poxis_lock_set (bsc#1192606). - cifs: remove two cases where rc is set unnecessarily in sid_to_id (bsc#1192606). - cifs: remove unnecessary copies of tcon->crfid.fid (bsc#1192606). - cifs: remove unused variable 'server' (bsc#1192606). - cifs: remove unused variable 'sid_user' (bsc#1164565). - cifs: remove unused variable (bsc#1164565). - cifs: remove various function description warnings (bsc#1192606). - cifs: rename a variable in SendReceive() (bsc#1164565). - cifs: rename cifs_common to smbfs_common (bsc#1192606). - cifs: rename dup_vol to smb3_fs_context_dup and move it into fs_context.c (bsc#1192606). - cifs: rename posix create rsp (bsc#1164565). - cifs: rename reconn_inval_dfs_target() (bsc#1178270). - cifs: rename smb_vol as smb3_fs_context and move it to fs_context.h (bsc#1192606). - cifs: rename the *_shroot* functions to *_cached_dir* (bsc#1192606). - cifs: report error instead of invalid when revalidating a dentry fails (bsc#1177440). - cifs: retry lookup and readdir when EAGAIN is returned (bsc#1192606). - cifs: return cached_fid from open_shroot (bsc#1192606). - cifs: return proper error code in statfs(2) (bsc#1181507). - cifs: returning mount parm processing errors correctly (bsc#1192606). - cifs: revalidate mapping when we open files for SMB1 POSIX (bsc#1192606). - cifs: send workstation name during ntlmssp session setup (bsc#1192606). - cifs: set a minimum of 120s for next dns resolution (bsc#1192606). - cifs: set a minimum of 2 minutes for refreshing dfs cache (bsc#1185902). - cifs: set correct max-buffer-size for smb2_ioctl_init() (bsc#1164565). - cifs: set server->cipher_type to AES-128-CCM for SMB3.0 (bsc#1192606). - cifs: set up next DFS target before generic_ip_connect() (bsc#1178270). - cifs: simplify SWN code with dummy funcs instead of ifdefs (bsc#1192606). - cifs: simplify handling of cifs_sb/ctx->local_nls (bsc#1192606). - cifs: smb1: Try failing back to SetFileInfo if SetPathInfo fails (bsc#1192606). - cifs: smb2pdu.h: Replace zero-length array with flexible-array member (bsc#1192606). - cifs: smbd: Add messages on RDMA session destroy and reconnection (bsc#1164565). - cifs: smbd: Calculate the correct maximum packet size for segmented SMBDirect send/receive (bsc#1192606). - cifs: smbd: Check and extend sender credits in interrupt context (bsc#1192606). - cifs: smbd: Check send queue size before posting a send (bsc#1192606). - cifs: smbd: Do not schedule work to send immediate packet on every receive (bsc#1192606). - cifs: smbd: Invalidate and deregister memory registration on re-send for direct I/O (bsc#1164565). - cifs: smbd: Merge code to track pending packets (bsc#1192606). - cifs: smbd: Only queue work for error recovery on memory registration (bsc#1164565). - cifs: smbd: Properly process errors on ib_post_send (bsc#1192606). - cifs: smbd: Return -EAGAIN when transport is reconnecting (bsc#1164565). - cifs: smbd: Return -ECONNABORTED when trasnport is not in connected state (bsc#1164565). - cifs: smbd: Return -EINVAL when the number of iovs exceeds SMBDIRECT_MAX_SGE (bsc#1164565). - cifs: smbd: Update receive credits before sending and deal with credits roll back on failure before sending (bsc#1192606). - cifs: sort interface list by speed (bsc#1192606). - cifs: split out dfs code from cifs_reconnect() (bsc#1192606, jsc#SLE-20042). - cifs: store a pointer to the root dentry in cifs_sb_info once we have completed mounting the share (bsc#1192606). - cifs: style: replace one-element array with flexible-array (bsc#1192606). - cifs: support nested dfs links over reconnect (bsc#1192606, jsc#SLE-20042). - cifs: support share failover when remounting (bsc#1192606, jsc#SLE-20042). - cifs: switch build_path_from_dentry() to using dentry_path_raw() (bsc#1192606). - cifs: switch servers depending on binding state (bsc#1192606). - cifs: switch to new mount api (bsc#1192606). - cifs: try harder to open new channels (bsc#1192606). - cifs: try opening channels after mounting (bsc#1192606). - cifs: uncomplicate printing the iocharset parameter (bsc#1192606). - cifs: update FSCTL definitions (bsc#1192606). - cifs: update ctime and mtime during truncate (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal version number (bsc#1192606). - cifs: update internal version number (bsc#1192606). - cifs: update internal version number (bsc#1192606). - cifs: update internal version number (bsc#1192606). - cifs: update mnt_cifs_flags during reconfigure (bsc#1192606). - cifs: update new ACE pointer after populate_new_aces (bsc#1192606). - cifs: update super_operations to show_devname (bsc#1192606). - cifs: use PTR_ERR_OR_ZERO() to simplify code (bsc#1164565). - cifs: use SPDX-Licence-Identifier (bsc#1192606). - cifs: use cifsInodeInfo->open_file_lock while iterating to avoid a panic (bnc#1151927 5.3.7). - cifs: use compounding for open and first query-dir for readdir() (bsc#1164565). - cifs: use discard iterator to discard unneeded network data more efficiently (bsc#1192606). - cifs: use echo_interval even when connection not ready (bsc#1192606). - cifs: use existing handle for compound_op(OP_SET_INFO) when possible (bsc#1154355). - cifs: use helpers when parsing uid/gid mount options and validate them (bsc#1192606). - cifs: use mod_delayed_work() for &server->reconnect if already queued (bsc#1164565). - cifs: use the expiry output of dns_query to schedule next resolution (bsc#1192606). - cifs: warn and fail if trying to use rootfs without the config option (bsc#1192606). - cifs: we do not allow changing username/password/unc/... during remount (bsc#1192606). - clk: imx: imx6ul: Move csi_sel mux to correct base register (git-fixes). - clk: ingenic: Fix bugs with divided dividers (git-fixes). - crypto: ecc - fix CRYPTO_DEFAULT_RNG dependency (git-fixes). - crypto: s5p-sss - Add error handling in s5p_aes_probe() (git-fixes). - dmaengine: at_xdmac: fix AT_XDMAC_CC_PERID() macro (git-fixes). - dmaengine: dmaengine_desc_callback_valid(): Check for `callback_result` (git-fixes). - drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga and dvi connectors (git-fixes). - drm/msm: Do hw_init() before capturing GPU state (git-fixes). - drm/nouveau: hdmigv100.c: fix corrupted HDMI Vendor InfoFrame (git-fixes). - drm/panel-orientation-quirks: add Valve Steam Deck (git-fixes). - drm/plane-helper: fix uninitialized variable reference (git-fixes). - drm/vc4: fix error code in vc4_create_object() (git-fixes). - drm: panel-orientation-quirks: Add quirk for Aya Neo 2021 (git-fixes). - drm: panel-orientation-quirks: Add quirk for GPD Win3 (git-fixes). - drm: panel-orientation-quirks: Add quirk for KD Kurio Smart C15200 2-in-1 (git-fixes). - drm: panel-orientation-quirks: Add quirk for the Samsung Galaxy Book 10.6 (git-fixes). - drm: panel-orientation-quirks: Update the Lenovo Ideapad D330 quirk (v2) (git-fixes). - edac/amd64: Handle three rank interleaving mode (bsc#1152489). - elfcore: correct reference to CONFIG_UML (git-fixes). - fs: cifs: Assign boolean values to a bool variable (bsc#1192606). - fs: cifs: Fix atime update check vs mtime (bsc#1164565). - fs: cifs: Fix resource leak (bsc#1192606). - fs: cifs: Initialize filesystem timestamp ranges (bsc#1164565). - fs: cifs: Remove repeated struct declaration (bsc#1192606). - fs: cifs: Remove unnecessary struct declaration (bsc#1192606). - fs: cifs: Simplify bool comparison (bsc#1192606). - fs: cifs: cifssmb.c: use true,false for bool variable (bsc#1164565). - fs: cifs: cifsssmb: remove redundant assignment to variable ret (bsc#1164565). - fs: cifs: fix gcc warning in sid_to_id (bsc#1192606). - fs: cifs: fix misspellings using codespell tool (bsc#1192606). - fs: cifs: mute -Wunused-const-variable message (bnc#1151927 5.3.9). - fs: cifs: remove unneeded variable in smb3_fs_context_dup (bsc#1192606). - fs: cifs: sess.c: Remove set but not used variable 'capabilities' (bsc#1164565). - fs: cifs: smb2ops.c: use true,false for bool variable (bsc#1164565). - fs: cifs: smb2pdu.c: Make SMB2_notify_init static (bsc#1164565). - fuse: release pipe buf after last use (bsc#1193318). - i2c: cbus-gpio: set atomic transfer callback (git-fixes). - i2c: stm32f7: flush TX FIFO upon transfer errors (git-fixes). - i2c: stm32f7: recover the bus on access timeout (git-fixes). - i2c: stm32f7: stop dma transfer in case of NACK (git-fixes). - i2c: xlr: Fix a resource leak in the error handling path of 'xlr_i2c_probe()' (git-fixes). - i40e: Fix failed opcode appearing if handling messages from VF (git-fixes). - i40e: Fix ping is lost after configuring ADq on VF (git-fixes). - i40e: Fix pre-set max number of queues for VF (git-fixes). - iavf: Fix reporting when setting descriptor count (git-fixes). - iavf: Prevent changing static ITR values if adaptive moderation is on (git-fixes). - iavf: Restore VLAN filters after link down (git-fixes). - iavf: do not clear a lock we do not hold (git-fixes). - ibmvnic: drop bad optimization in reuse_rx_pools() (bsc#1193349 ltc#195568). - ibmvnic: drop bad optimization in reuse_tx_pools() (bsc#1193349 ltc#195568). - ice: avoid bpf_prog refcount underflow (jsc#SLE-7926). - ice: fix vsi->txq_map sizing (jsc#SLE-7926). - ice: ignore dropped packets during init (git-fixes). - igb: fix netpoll exit with traffic (git-fixes). - igc: Remove _I_PHY_ID checking (bsc#1193169). - igc: Remove phy->type checking (bsc#1193169). - iio: imu: st_lsm6dsx: Avoid potential array overflow in st_lsm6dsx_set_odr() (git-fixes). - input: iforce - fix control-message timeout (git-fixes). - iommu/amd: Relocate GAMSup check to early_enable_iommus (git-fixes). - iommu/amd: Remove iommu_init_ga() (git-fixes). - iommu: Check if group is NULL before remove device (git-fixes). - ipmi: Disable some operations during a panic (git-fixes). - kabi: hide changes to struct uv_info (git-fixes). - kernel-obs-build: include the preferred kernel parameters Currently the Open Build Service hardcodes the kernel boot parameters globally. Recently functionality was added to control the parameters by the kernel-obs-build package, so make use of that. parameters here will overwrite what is used by OBS otherwise. - kernel-obs-build: inform build service about virtio-serial Inform the build worker code that this kernel supports virtio-serial, which improves performance and relability of logging. - kernel-obs-build: remove duplicated/unused parameters lbs=0 - this parameters is just giving 'unused parameter' and it looks like I can not find any version that implemented this. rd.driver.pre=binfmt_misc is not needed when setup_obs is used, it alread loads the kernel module. quiet and panic=1 will now be also always added by OBS, so we do not have to set it here anymore. - lib/xz: Avoid overlapping memcpy() with invalid input with in-place decompression (git-fixes). - lib/xz: Validate the value before assigning it to an enum variable (git-fixes). - libata: fix checking of DMA state (git-fixes). - linux/parser.h: add include guards (bsc#1192606). - lpfc: Reintroduce old IRQ probe logic (bsc#1183897). - md: fix a lock order reversal in md_alloc (git-fixes). - media: imx: set a media_device bus_info string (git-fixes). - media: ipu3-imgu: VIDIOC_QUERYCAP: Fix bus_info (git-fixes). - media: ipu3-imgu: imgu_fmt: Handle properly try (git-fixes). - media: ir-kbd-i2c: improve responsiveness of hauppauge zilog receivers (git-fixes). - media: mceusb: return without resubmitting URB in case of -EPROTO error (git-fixes). - media: mt9p031: Fix corrupted frame after restarting stream (git-fixes). - media: netup_unidvb: handle interrupt properly according to the firmware (git-fixes). - media: rcar-csi2: Add checking to rcsi2_start_receiver() (git-fixes). - media: s5p-mfc: fix possible null-pointer dereference in s5p_mfc_probe() (git-fixes). - media: stm32: Potential NULL pointer dereference in dcmi_irq_thread() (git-fixes). - media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte() (git-fixes). - media: uvcvideo: Return -EIO for control errors (git-fixes). - media: uvcvideo: Set capability in s_param (git-fixes). - media: uvcvideo: Set unique vdev name based in type (git-fixes). - memstick: r592: Fix a UAF bug when removing the driver (git-fixes). - mm: reclaim mustn't enter FS for swap-over-NFS (bsc#1191876). - mmc: dw_mmc: Dont wait for DRTO on Write RSP error (git-fixes). - mmc: winbond: do not build on M68K (git-fixes). - mtd: core: do not remove debugfs directory if device is in use (git-fixes). - mwifiex: Properly initialize private structure on interface type changes (git-fixes). - mwifiex: Read a PCI register after writing the TX ring write pointer (git-fixes). - mwifiex: Run SET_BSS_MODE when changing from P2P to STATION vif-type (git-fixes). - mwl8k: Fix use-after-free in mwl8k_fw_state_machine() (git-fixes). - net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources() (git-fixes). - net/mlx5: Update error handler for UCTX and UMEM (git-fixes). - net/mlx5e: reset XPS on error flow if netdev isn't registered yet (git-fixes). - net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero (git-fixes). - net: linkwatch: fix failure to restore device state across suspend/resume (bsc#1192511). - net: mana: Allow setting the number of queues while the NIC is down (jsc#SLE-18779, bsc#1185726). - net: mana: Fix memory leak in mana_hwc_create_wq (jsc#SLE-18779, bsc#1185726). - net: mana: Fix spelling mistake 'calledd' -> 'called' (jsc#SLE-18779, bsc#1185726). - net: mana: Fix the netdev_err()'s vPort argument in mana_init_port() (jsc#SLE-18779, bsc#1185726). - net: mana: Improve the HWC error handling (jsc#SLE-18779, bsc#1185726). - net: mana: Support hibernation and kexec (jsc#SLE-18779, bsc#1185726). - net: mana: Use kcalloc() instead of kzalloc() (jsc#SLE-18779, bsc#1185726). - net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() (git-fixes). - net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of '0' if no IRQ is available (git-fixes). - net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of '0' if no IRQ is available (git-fixes). - nfc: add NCI_UNREG flag to eliminate the race (git-fixes). - nfc: pn533: Fix double free when pn533_fill_fragment_skbs() fails (git-fixes). - nfc: reorder the logic in nfc_{un,}register_device (git-fixes). - nfc: reorganize the functions in nci_request (git-fixes). - nfp: Fix memory leak in nfp_cpp_area_cache_add() (git-fixes). - nfp: checking parameter process for rx-usecs/tx-usecs is invalid (git-fixes). - nfs: Do not set NFS_INO_DATA_INVAL_DEFER and NFS_INO_INVALID_DATA (git-fixes). - nfs: Fix a regression in nfs_set_open_stateid_locked() (git-fixes). - nfs: Fix deadlocks in nfs_scan_commit_list() (git-fixes). - nfs: Fix up commit deadlocks (git-fixes). - nfs: do not take i_rwsem for swap IO (bsc#1191876). - nfs: move generic_write_checks() call from nfs_file_direct_write() to nfs_file_write() (bsc#1191876). - nfsd4: Handle the NFSv4 READDIR 'dircount' hint being zero (git-fixes). - nfsd: do not alloc under spinlock in rpc_parse_scope_id (git-fixes). - nfsd: fix error handling of register_pernet_subsys() in init_nfsd() (git-fixes). - nvme-multipath: Skip not ready namespaces when revalidating paths (bsc#1191793 bsc#1192507 bsc#1192969). - nvme-pci: add NO APST quirk for Kioxia device (git-fixes). - pci/msi: Deal with devices lying about their MSI mask capability (git-fixes). - pci: Add PCI_EXP_DEVCTL_PAYLOAD_* macros (git-fixes). - pci: Mark Atheros QCA6174 to avoid bus reset (git-fixes). - perf/x86/intel/uncore: Fix Intel ICX IIO event constraints (git-fixes). - perf/x86/intel/uncore: Fix M2M event umask for Ice Lake server (git-fixes). - perf/x86/intel/uncore: Fix the scale of the IMC free-running events (git-fixes). - perf/x86/intel/uncore: Support extra IMC channel on Ice Lake server (git-fixes). - perf: Correctly handle failed perf_get_aux_event() (git-fixes). - platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()' (git-fixes). - platform/x86: wmi: do not fail if disabling fails (git-fixes). - pm: hibernate: Get block device exclusively in swsusp_check() (git-fixes). - pm: hibernate: use correct mode for swsusp_close() (git-fixes). - pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds (git-fixes). - powerpc/paravirt: correct preempt debug splat in vcpu_is_preempted() (bsc#1181148 ltc#190702 git-fixes). - powerpc/paravirt: vcpu_is_preempted() commentary (bsc#1181148 ltc#190702 git-fixes). - powerpc/pseries: Move some PAPR paravirt functions to their own file (bsc#1181148 ltc#190702 git-fixes). - powerpc/watchdog: Avoid holding wd_smp_lock over printk and smp_send_nmi_ipi (bsc#1187541 ltc#192129). - powerpc/watchdog: Fix missed watchdog reset due to memory ordering race (bsc#1187541 ltc#192129). - powerpc/watchdog: Fix wd_smp_last_reset_tb reporting (bsc#1187541 ltc#192129). - powerpc/watchdog: read TB close to where it is used (bsc#1187541 ltc#192129). - powerpc/watchdog: tighten non-atomic read-modify-write access (bsc#1187541 ltc#192129). - powerpc: fix unbalanced node refcount in check_kvm_guest() (jsc#SLE-15869 jsc#SLE-16321 git-fixes). - qede: validate non LSO skb length (git-fixes). - r8169: Add device 10ec:8162 to driver r8169 (git-fixes). - recordmcount.pl: fix typo in s390 mcount regex (bsc#1192267). - recordmcount.pl: look for jgnop instruction as well as bcrl on s390 (bsc#1192267). - reset: socfpga: add empty driver allowing consumers to probe (git-fixes). - ring-buffer: Protect ring_buffer_reset() from reentrancy (bsc#1179960). - rt2x00: do not mark device gone on EPROTO errors during start (git-fixes). - rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer() (bsc#1154353 bnc#1151927 5.3.9). - s390/uv: fully validate the VMA before calling follow_page() (git-fixes). - s390: mm: Fix secure storage access exception handling (git-fixes). - scsi: iscsi: Adjust iface sysfs attr detection (git-fixes). - scsi: lpfc: Fix non-recovery of remote ports following an unsolicited LOGO (bsc#1189126). - scsi: mpt3sas: Fix kernel panic during drive powercycle test (git-fixes). - scsi: mpt3sas: Fix system going into read-only mode (git-fixes). - scsi: qla2xxx: Fix gnl list corruption (git-fixes). - scsi: qla2xxx: Relogin during fabric disturbance (git-fixes). - scsi: qla2xxx: Turn off target reset during issue_lip (git-fixes). - serial: 8250_pci: Fix ACCES entries in pci_serial_quirks array (git-fixes). - serial: 8250_pci: rewrite pericom_do_set_divisor() (git-fixes). - serial: core: fix transmit-buffer reset and memleak (git-fixes). - smb2: clarify rc initialization in smb2_reconnect (bsc#1192606). - smb2: fix use-after-free in smb2_ioctl_query_info() (bsc#1192606). - smb3: Add debug message for new file creation with idsfromsid mount option (bsc#1192606). - smb3: Add defines for new information level, FileIdInformation (bsc#1164565). - smb3: Add missing reparse tags (bsc#1164565). - smb3: Add new compression flags (bsc#1192606). - smb3: Add new info level for query directory (bsc#1192606). - smb3: Add new parm 'nodelete' (bsc#1192606). - smb3: Add support for SMB311 query info (non-compounded) (bsc#1192606). - smb3: Add support for getting and setting SACLs (bsc#1192606). - smb3: Add support for lookup with posix extensions query info (bsc#1192606). - smb3: Add support for negotiating signing algorithm (bsc#1192606). - smb3: Add support for query info using posix extensions (level 100) (bsc#1192606). - smb3: Add tracepoints for new compound posix query info (bsc#1192606). - smb3: Additional compression structures (bsc#1192606). - smb3: Avoid Mid pending list corruption (bsc#1192606). - smb3: Backup intent flag missing from some more ops (bsc#1164565). - smb3: Call cifs reconnect from demultiplex thread (bsc#1192606). - smb3: Fix crash in SMB2_open_init due to uninitialized field in compounding path (bsc#1164565). - smb3: Fix ids returned in POSIX query dir (bsc#1192606). - smb3: Fix mkdir when idsfromsid configured on mount (bsc#1192606). - smb3: Fix out-of-bounds bug in SMB2_negotiate() (bsc#1183540). - smb3: Fix persistent handles reconnect (bnc#1151927 5.3.11). - smb3: Fix regression in time handling (bsc#1164565). - smb3: Handle error case during offload read path (bsc#1192606). - smb3: Honor 'handletimeout' flag for multiuser mounts (bsc#1176558). - smb3: Honor 'posix' flag for multiuser mounts (bsc#1176559). - smb3: Honor 'seal' flag for multiuser mounts (bsc#1176545). - smb3: Honor lease disabling for multiuser mounts (git-fixes). - smb3: Honor persistent/resilient handle flags for multiuser mounts (bsc#1176546). - smb3: Incorrect size for netname negotiate context (bsc#1154355). - smb3: Minor cleanup of protocol definitions (bsc#1192606). - smb3: Resolve data corruption of TCP server info fields (bsc#1192606). - smb3: add additional null check in SMB2_ioctl (bsc#1192606). - smb3: add additional null check in SMB2_open (bsc#1192606). - smb3: add additional null check in SMB2_tcon (bsc#1192606). - smb3: add additional null check in SMB311_posix_mkdir (bsc#1192606). - smb3: add debug messages for closing unmatched open (bsc#1164565). - smb3: add defines for new crypto algorithms (bsc#1192606). - smb3: add defines for new signing negotiate context (bsc#1192606). - smb3: add dynamic trace point to trace when credits obtained (bsc#1181507). - smb3: add dynamic trace points for socket connection (bsc#1192606). - smb3: add dynamic tracepoints for flush and close (bsc#1164565). - smb3: add indatalen that can be a non-zero value to calculation of credit charge in smb2 ioctl (bsc#1192606). - smb3: add missing flag definitions (bsc#1164565). - smb3: add missing worker function for SMB3 change notify (bsc#1164565). - smb3: add mount option to allow RW caching of share accessed by only 1 client (bsc#1164565). - smb3: add mount option to allow forced caching of read only share (bsc#1164565). - smb3: add new module load parm enable_gcm_256 (bsc#1192606). - smb3: add new module load parm require_gcm_256 (bsc#1192606). - smb3: add one more dynamic tracepoint missing from strict fsync path (bsc#1164565). - smb3: add rasize mount parameter to improve readahead performance (bsc#1192606). - smb3: add some missing definitions from MS-FSCC (bsc#1192606). - smb3: add some more descriptive messages about share when mounting cache=ro (bsc#1164565). - smb3: add support for recognizing WSL reparse tags (bsc#1192606). - smb3: add support for stat of WSL reparse points for special file types (bsc#1192606). - smb3: add support for using info level for posix extensions query (bsc#1192606). - smb3: allow decryption keys to be dumped by admin for debugging (bsc#1164565). - smb3: allow disabling requesting leases (bnc#1151927 5.3.4). - smb3: allow dumping GCM256 keys to improve debugging of encrypted shares (bsc#1192606). - smb3: allow dumping keys for multiuser mounts (bsc#1192606). - smb3: allow parallelizing decryption of reads (bsc#1164565). - smb3: allow skipping signature verification for perf sensitive configurations (bsc#1164565). - smb3: allow uid and gid owners to be set on create with idsfromsid mount option (bsc#1192606). - smb3: avoid confusing warning message on mount to Azure (bsc#1192606). - smb3: change noisy error message to FYI (bsc#1192606). - smb3: cleanup some recent endian errors spotted by updated sparse (bsc#1164565). - smb3: correct server pointer dereferencing check to be more consistent (bsc#1192606). - smb3: correct smb3 ACL security descriptor (bsc#1192606). - smb3: default to minimum of two channels when multichannel specified (bsc#1192606). - smb3: display max smb3 requests in flight at any one time (bsc#1164565). - smb3: do not attempt multichannel to server which does not support it (bsc#1192606). - smb3: do not error on fsync when readonly (bsc#1192606). - smb3: do not fail if no encryption required but server does not support it (bsc#1192606). - smb3: do not log warning message if server does not populate salt (bsc#1192606). - smb3: do not setup the fscache_super_cookie until fsinfo initialized (bsc#1192606). - smb3: do not try to cache root directory if dir leases not supported (bsc#1192606). - smb3: dump in_send and num_waiters stats counters by default (bsc#1164565). - smb3: enable negotiating stronger encryption by default (bsc#1192606). - smb3: enable offload of decryption of large reads via mount option (bsc#1164565). - smb3: enable swap on SMB3 mounts (bsc#1192606). - smb3: extend fscache mount volume coherency check (bsc#1192606). - smb3: fix access denied on change notify request to some servers (bsc#1192606). - smb3: fix cached file size problems in duplicate extents (reflink) (bsc#1192606). - smb3: fix crediting for compounding when only one request in flight (bsc#1181507). - smb3: fix default permissions on new files when mounting with modefromsid (bsc#1164565). - smb3: fix incorrect number of credits when ioctl MaxOutputResponse > 64K (bsc#1192606). - smb3: fix leak in 'open on server' perf counter (bnc#1151927 5.3.4). - smb3: fix mode passed in on create for modetosid mount option (bsc#1164565). - smb3: fix mount failure to some servers when compression enabled (bsc#1192606). - smb3: fix performance regression with setting mtime (bsc#1164565). - smb3: fix posix extensions mount option (bsc#1192606). - smb3: fix possible access to uninitialized pointer to DACL (bsc#1192606). - smb3: fix potential null dereference in decrypt offload (bsc#1164565). - smb3: fix problem with null cifs super block with previous patch (bsc#1164565). - smb3: fix readpage for large swap cache (bsc#1192606). - smb3: fix refcount underflow warning on unmount when no directory leases (bsc#1164565). - smb3: fix signing verification of large reads (bsc#1154355). - smb3: fix stat when special device file and mounted with modefromsid (bsc#1192606). - smb3: fix typo in compression flag (bsc#1192606). - smb3: fix typo in header file (bsc#1192606). - smb3: fix typo in mount options displayed in /proc/mounts (bsc#1192606). - smb3: fix uninitialized value for port in witness protocol move (bsc#1192606). - smb3: fix unmount hang in open_shroot (bnc#1151927 5.3.4). - smb3: fix unneeded error message on change notify (bsc#1192606). - smb3: if max_channels set to more than one channel request multichannel (bsc#1192606). - smb3: improve check for when we send the security descriptor context on create (bsc#1164565). - smb3: improve handling of share deleted (and share recreated) (bsc#1154355). - smb3: incorrect file id in requests compounded with open (bsc#1192606). - smb3: limit noisy error (bsc#1192606). - smb3: log warning if CSC policy conflicts with cache mount option (bsc#1164565). - smb3: minor update to compression header definitions (bsc#1192606). - smb3: missing ACL related flags (bsc#1164565). - smb3: negotiate current dialect (SMB3.1.1) when version 3 or greater requested (bsc#1192606). - smb3: only offload decryption of read responses if multiple requests (bsc#1164565). - smb3: pass mode bits into create calls (bsc#1164565). - smb3: prevent races updating CurrentMid (bsc#1192606). - smb3: print warning if server does not support requested encryption type (bsc#1192606). - smb3: print warning once if posix context returned on open (bsc#1164565). - smb3: query attributes on file close (bsc#1164565). - smb3: rc uninitialized in one fallocate path (bsc#1192606). - smb3: remind users that witness protocol is experimental (bsc#1192606). - smb3: remove confusing dmesg when mounting with encryption ('seal') (bsc#1164565). - smb3: remove confusing mount warning when no SPNEGO info on negprot rsp (bsc#1192606). - smb3: remove dead code for non compounded posix query info (bsc#1192606). - smb3: remove noisy debug message and minor cleanup (bsc#1164565). - smb3: remove overly noisy debug line in signing errors (bsc#1192606). - smb3: remove static checker warning (bsc#1192606). - smb3: remove trivial dfs compile warning (bsc#1192606, jsc#SLE-20042). - smb3: remove two unused variables (bsc#1192606). - smb3: remove unused flag passed into close functions (bsc#1164565). - smb3: rename nonces used for GCM and CCM encryption (bsc#1192606). - smb3: set COMPOUND_FID to FileID field of subsequent compound request (bsc#1192606). - smb3: set gcm256 when requested (bsc#1192606). - smb3: smbdirect support can be configured by default (bsc#1192606). - smb3: update comments clarifying SPNEGO info in negprot response (bsc#1192606). - smb3: update protocol header definitions based to include new flags (bsc#1192606). - smb3: update structures for new compression protocol definitions (bsc#1192606). - smb3: use SMB2_SIGNATURE_SIZE define (bsc#1192606). - smb3: warn on confusing error scenario with sec=krb5 (bsc#1176548). - smb3: when mounting with multichannel include it in requested capabilities (bsc#1192606). - smbdirect: missing rc checks while waiting for rdma events (bsc#1192606). - soc/tegra: Fix an error handling path in tegra_powergate_power_up() (git-fixes). - soc/tegra: pmc: Fix imbalanced clock disabling in error code path (git-fixes). - spi: bcm-qspi: Fix missing clk_disable_unprepare() on error in bcm_qspi_probe() (git-fixes). - spi: spl022: fix Microwire full duplex mode (git-fixes). - sunrpc/auth: async tasks mustn't block waiting for memory (bsc#1191876). - sunrpc/call_alloc: async tasks mustn't block waiting for memory (bsc#1191876). - sunrpc/xprt: async tasks mustn't block waiting for memory (bsc#1191876). - sunrpc: improve 'swap' handling: scheduling and PF_MEMALLOC (bsc#1191876). - sunrpc: remove scheduling boost for 'SWAPPER' tasks (bsc#1191876). - swiotlb: Fix the type of index (git-fixes). - tlb: mmu_gather: add tlb_flush_*_range APIs - tracing: Add length protection to histogram string copies (git-fixes). - tracing: Change STR_VAR_MAX_LEN (git-fixes). - tracing: Check pid filtering when creating events (git-fixes). - tracing: Fix pid filtering when triggers are attached (git-fixes). - tty: hvc: replace BUG_ON() with negative return value (git-fixes). - tty: serial: msm_serial: Deactivate RX DMA for polling support (git-fixes). - tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc (git-fixes). - update structure definitions from updated protocol documentation (bsc#1192606). - usb-storage: Add compatibility quirk flags for iODD 2531/2541 (git-fixes). - usb: dwc2: gadget: Fix ISOC flow for elapsed frames (git-fixes). - usb: dwc2: hcd_queue: Fix use of floating point literal (git-fixes). - usb: host: ohci-tmio: check return value after calling platform_get_resource() (git-fixes). - usb: musb: tusb6010: check return value after calling platform_get_resource() (git-fixes). - usb: serial: option: add Fibocom FM101-GL variants (git-fixes). - usb: serial: option: add Telit LE910S1 0x9200 composition (git-fixes). - usb: typec: fusb302: Fix masking of comparator and bc_lvl interrupts (git-fixes). - usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect (git-fixes). - usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect (git-fixes). - usb: xhci: Enable runtime-pm by default on AMD Yellow Carp platform (git-fixes). - vfs: do not parse forbidden flags (bsc#1192606). - x86/cpu: Fix migration safety with X86_BUG_NULL_SEL (bsc#1152489). - x86/pkey: Fix undefined behaviour with PKRU_WD_BIT (bsc#1152489). - x86/pvh: add prototype for xen_pvh_init() (git-fixes). - x86/xen: Add xenpv_restore_regs_and_return_to_usermode() (bsc#1152489). - xen/blkfront: do not take local copy of a request from the ring page (git-fixes). - xen/blkfront: do not trust the backend response data blindly (git-fixes). - xen/blkfront: read response from backend only once (git-fixes). - xen/netfront: disentangle tx_skb_freelist (git-fixes). - xen/netfront: do not read data from request on the ring page (git-fixes). - xen/netfront: do not trust the backend response data blindly (git-fixes). - xen/netfront: read response from backend only once (git-fixes). - xen/pvh: add missing prototype to header (git-fixes). - xen: sync include/xen/interface/io/ring.h with Xen's newest version (git-fixes). - xhci: Fix USB 3.1 enumeration issues by increasing roothub power-on-good delay (git-fixes). - xhci: Fix commad ring abort, write all 64 bits to CRCR register (bsc#1192569). - xhci: Fix commad ring abort, write all 64 bits to CRCR register (git-fixes). - zram: fix return value on writeback_store (git-fixes). - zram: off by one in read_block_state() (git-fixes). Important SUSE bug 1139944 SUSE bug 1151927 SUSE bug 1152489 SUSE bug 1154353 SUSE bug 1154355 SUSE bug 1161907 SUSE bug 1164565 SUSE bug 1166780 SUSE bug 1176242 SUSE bug 1176536 SUSE bug 1176544 SUSE bug 1176545 SUSE bug 1176546 SUSE bug 1176548 SUSE bug 1176558 SUSE bug 1176559 SUSE bug 1176956 SUSE bug 1177440 SUSE bug 1178270 SUSE bug 1179211 SUSE bug 1179426 SUSE bug 1179427 SUSE bug 1179960 SUSE bug 1181148 SUSE bug 1181507 SUSE bug 1181710 SUSE bug 1183534 SUSE bug 1183540 SUSE bug 1183897 SUSE bug 1185726 SUSE bug 1185902 SUSE bug 1187541 SUSE bug 1189126 SUSE bug 1191793 SUSE bug 1191876 SUSE bug 1192267 SUSE bug 1192507 SUSE bug 1192511 SUSE bug 1192569 SUSE bug 1192606 SUSE bug 1192845 SUSE bug 1192847 SUSE bug 1192877 SUSE bug 1192946 SUSE bug 1192969 SUSE bug 1192990 SUSE bug 1193042 SUSE bug 1193169 SUSE bug 1193318 SUSE bug 1193349 SUSE bug 1193440 SUSE bug 1193442 CVE-2021-28711 at SUSE CVE-2021-28711 at NVD CVE-2021-28712 at SUSE CVE-2021-28712 at NVD CVE-2021-28713 at SUSE CVE-2021-28713 at NVD CVE-2021-28714 at SUSE CVE-2021-28714 at NVD CVE-2021-28715 at SUSE CVE-2021-28715 at NVD CVE-2021-33098 at SUSE CVE-2021-33098 at NVD CVE-2021-4001 at SUSE CVE-2021-4001 at NVD CVE-2021-4002 at SUSE CVE-2021-4002 at NVD CVE-2021-43975 at SUSE CVE-2021-43975 at NVD CVE-2021-43976 at SUSE CVE-2021-43976 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for json-c fixes the following issues: - CVE-2020-12762: Fixed integer overflow and out-of-bounds write. (bsc#1171479) Important SUSE bug 1171479 CVE-2020-12762 at SUSE CVE-2020-12762 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for polkit fixes the following issues: - CVE-2021-4034: Fixed a local privilege escalation in pkexec (bsc#1194568). Important SUSE bug 1194568 CVE-2021-4034 at SUSE CVE-2021-4034 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 The SUSE Linux Enterprise 15 SP2 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-0185: Incorrect param length parsing in legacy_parse_param which could have led to a local privilege escalation (bsc#1194517). - CVE-2022-0322: Fixed a denial of service in SCTP sctp_addto_chunk (bsc#1194985). - CVE-2021-44733: Fixed a use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel that occured because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object (bnc#1193767). - CVE-2021-4197: Fixed a cgroup issue where lower privileged processes could write to fds of lower privileged ones that could lead to privilege escalation (bsc#1194302). - CVE-2021-4135: Fixed an information leak in the nsim_bpf_map_alloc function (bsc#1193927). - CVE-2021-4202: Fixed a race condition during NFC device remove which could lead to a use-after-free memory corruption (bsc#1194529) - CVE-2021-4083: A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allowed a local user to crash the system or escalate their privileges on the system. (bnc#1193727). - CVE-2021-4149: Fixed a locking condition in btrfs which could lead to system deadlocks (bsc#1194001). - CVE-2021-45485: The IPv6 implementation in net/ipv6/output_core.c had an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses (bnc#1194094). - CVE-2021-45486: The IPv4 implementation in net/ipv4/route.c had an information leak because the hash table is very small (bnc#1194087). - CVE-2021-4001: A race condition was found in the Linux kernel's ebpf verifier between bpf_map_update_elem and bpf_map_freeze due to a missing lock in kernel/bpf/syscall.c. In this flaw, a local user with a special privilege (cap_sys_admin or cap_bpf) can modify the frozen mapped address space. (bnc#1192990). - CVE-2021-28715: Guest can force Linux netback driver to hog large amounts of kernel memory. Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them. There are some measures taken for avoiding to pile up too much data, but those can be bypassed by the guest: There was a timeout how long the client side of an interface can stop consuming new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default). Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time. (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in its RX queue ring page and the next package would require more than one free slot, which may be the case when using GSO, XDP, or software hashing. () - CVE-2021-28714: Guest can force Linux netback driver to hog large amounts of kernel memory. Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them. There are some measures taken for avoiding to pile up too much data, but those can be bypassed by the guest: There was a timeout how long the client side of an interface can stop consuming new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default). Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time. (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in its RX queue ring page and the next package would require more than one free slot, which may be the case when using GSO, XDP, or software hashing (bnc#1193442). - CVE-2021-28713: Rogue backends can cause DoS of guests via high frequency events. Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as 'driver domains'. Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. (bsc#1193440) - CVE-2021-28712: Rogue backends can cause DoS of guests via high frequency events. Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as 'driver domains'. Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. (bsc#1193440) - CVE-2021-28711: Rogue backends can cause DoS of guests via high frequency events. Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as 'driver domains'. Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time (bnc#1193440). - CVE-2020-27825: A use-after-free flaw was found in kernel/trace/ring_buffer.c. There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local attacker with special user privilege to a kernel information leak threat (bnc#1179960). - CVE-2021-43975: hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allowed an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value (bnc#1192845). - CVE-2021-33098: Improper input validation in the Intel(R) Ethernet ixgbe driver for Linux before version 3.17.3 may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1192877). - CVE-2021-43976: mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allowed an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic) (bnc#1192847). - CVE-2021-4002: Incorrect TLBs flushing after huge_pmd_unshare could lead to exposing hugepages to other users (bsc#1192946). - CVE-2020-27820: A use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if 'unbind' the driver) (bnc#1179599). The following non-security bugs were fixed: - smb3: print warning once if posix context returned on open (bsc#1164565). - ACPI: PMIC: Fix intel_pmic_regs_handler() read accesses (git-fixes). - ACPI: battery: Accept charges over the design capacity as full (git-fixes). - ACPICA: Avoid evaluating methods too early during system resume (git-fixes). - ALSA: ISA: not for M68K (git-fixes). - ALSA: ctxfi: Fix out-of-range access (git-fixes). - ALSA: gus: fix null pointer dereference on pointer block (git-fixes). - ALSA: hda/realtek: Add a quirk for Acer Spin SP513-54N (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS UX550VE (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PC70HS (git-fixes). - ALSA: hda/realtek: Add quirk for HP EliteBook 840 G7 mute LED (git-fixes). - ALSA: hda: hdac_ext_stream: fix potential locking issues (git-fixes). - ALSA: hda: hdac_stream: fix potential locking issue in snd_hdac_stream_assign() (git-fixes). - ALSA: synth: missing check for possible NULL after the call to kstrdup (git-fixes). - ALSA: timer: Fix use-after-free problem (git-fixes). - ALSA: timer: Unconditionally unlink slave instances, too (git-fixes). - ALSA: usb-audio: Add registration quirk for JBL Quantum 400 (git-fixes). - ARM: 8970/1: decompressor: increase tag size (git-fixes). - ARM: 8974/1: use SPARSMEM_STATIC when SPARSEMEM is enabled (git-fixes) - ARM: 8986/1: hw_breakpoint: Do not invoke overflow handler on uaccess watchpoints (git-fixes) - ARM: 9007/1: l2c: fix prefetch bits init in L2X0_AUX_CTRL using DT (git-fixes) - ARM: 9019/1: kprobes: Avoid fortify_panic() when copying optprobe (git-fixes) - ARM: 9046/1: decompressor: Do not clear SCTLR.nTLSMD for ARMv7+ cores (git-fixes) - ARM: 9064/1: hw_breakpoint: Do not directly check the event's (git-fixes) - ARM: 9071/1: uprobes: Do not hook on thumb instructions (git-fixes) - ARM: 9081/1: fix gcc-10 thumb2-kernel regression (git-fixes) - ARM: 9091/1: Revert 'mm: qsd8x50: Fix incorrect permission faults' (git-fixes) - ARM: 9133/1: mm: proc-macros: ensure *_tlb_fns are 4B aligned (git-fixes) - ARM: 9134/1: remove duplicate memcpy() definition (git-fixes) - ARM: 9139/1: kprobes: fix arch_init_kprobes() prototype (git-fixes) - ARM: 9141/1: only warn about XIP address when not compile testing (git-fixes) - ARM: 9155/1: fix early early_iounmap() (git-fixes) - ARM: OMAP2+: Fix legacy mode dss_reset (git-fixes) - ARM: OMAP2+: omap_device: fix idling of devices during probe (git-fixes) - ARM: OMAP2+: pm33xx-core: Make am43xx_get_rtc_base_addr static (git-fixes) - ARM: at91: pm: add missing put_device() call in at91_pm_sram_init() (git-fixes) - ARM: at91: pm: of_node_put() after its usage (git-fixes) - ARM: at91: pm: use proper master clock register offset (git-fixes) - ARM: bcm: Select ARM_TIMER_SP804 for ARCH_BCM_NSP (git-fixes) - ARM: dts sunxi: Relax a bit the CMA pool allocation range (git-fixes) - ARM: dts: BCM5301X: Add interrupt properties to GPIO node (git-fixes) - ARM: dts: BCM5301X: Fix I2C controller interrupt (git-fixes) - ARM: dts: BCM5301X: Fixed QSPI compatible string (git-fixes) - ARM: dts: Configure missing thermal interrupt for 4430 (git-fixes) - ARM: dts: Fix dcan driver probe failed on am437x platform (git-fixes) - ARM: dts: Fix duovero smsc interrupt for suspend (git-fixes) - ARM: dts: N900: fix onenand timings (git-fixes). - ARM: dts: NSP: Correct FA2 mailbox node (git-fixes) - ARM: dts: NSP: Disable PL330 by default, add dma-coherent property (git-fixes) - ARM: dts: NSP: Fixed QSPI compatible string (git-fixes) - ARM: dts: Remove non-existent i2c1 from 98dx3236 (git-fixes) - ARM: dts: am335x-pocketbeagle: Fix mmc0 Write Protect (git-fixes) - ARM: dts: am335x: align ti,pindir-d0-out-d1-in property with dt-shema (git-fixes) - ARM: dts: am437x-idk-evm: Fix incorrect OPP node names (git-fixes) - ARM: dts: am437x-l4: fix typo in can@0 node (git-fixes) - ARM: dts: armada-38x: fix NETA lockup when repeatedly switching speeds (git-fixes) - ARM: dts: armada388-helios4: assign pinctrl to LEDs (git-fixes) - ARM: dts: armada388-helios4: assign pinctrl to each fan (git-fixes) - ARM: dts: aspeed: s2600wf: Fix VGA memory region location (git-fixes) - ARM: dts: aspeed: tiogapass: Remove vuart (git-fixes) - ARM: dts: at91-sama5d27_som1: fix phy address to 7 (git-fixes) - ARM: dts: at91: add pinctrl-{names, 0} for all gpios (git-fixes) - ARM: dts: at91: at91sam9rl: fix ADC triggers (git-fixes) - ARM: dts: at91: sama5d2: fix CAN message ram offset and size (git-fixes) - ARM: dts: at91: sama5d2: map securam as device (git-fixes) - ARM: dts: at91: sama5d2_ptc_ek: fix sdmmc0 node description (git-fixes) - ARM: dts: at91: sama5d2_ptc_ek: fix vbus pin (git-fixes) - ARM: dts: at91: sama5d2_xplained: classd: pull-down the R1 and R3 lines (git-fixes) - ARM: dts: at91: sama5d3_xplained: add pincontrol for USB Host (git-fixes) - ARM: dts: at91: sama5d4: fix pinctrl muxing (git-fixes) - ARM: dts: at91: sama5d4_xplained: add pincontrol for USB Host (git-fixes) - ARM: dts: at91: tse850: the emac&lt;->phy interface is rmii (git-fixes) - ARM: dts: bcm2835-rpi-zero-w: Fix led polarity (git-fixes) - ARM: dts: bcm: HR2: Fix PPI interrupt types (git-fixes) - ARM: dts: bcm: HR2: Fixed QSPI compatible string (git-fixes) - ARM: dts: colibri-imx6ull: limit SDIO clock to 25MHz (git-fixes) - ARM: dts: dra76x: m_can: fix order of clocks (git-fixes) - ARM: dts: dra7xx-clocks: Fixup IPU1 mux clock parent source (git-fixes) - ARM: dts: exynos: Fix GPIO polarity for thr GalaxyS3 CM36651 sensor's bus (git-fixes) - ARM: dts: exynos: correct MUIC interrupt trigger level on Midas (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on Arndale (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on Artik 5 (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on Midas (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on Monk (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on Odroid X/U3 (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on Odroid XU3 (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on Rinato (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on SMDK5250 (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on Snow (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on Spring (git-fixes) - ARM: dts: exynos: correct fuel gauge interrupt trigger level on Midas (git-fixes) - ARM: dts: exynos: fix PWM LED max brightness on Odroid HC1 (git-fixes) - ARM: dts: exynos: fix PWM LED max brightness on Odroid XU/XU3 (git-fixes) - ARM: dts: exynos: fix PWM LED max brightness on Odroid XU4 (git-fixes) - ARM: dts: exynos: fix USB 3.0 VBUS control and over-current pins on (git-fixes) - ARM: dts: exynos: fix USB 3.0 pins supply being turned off on Odroid (git-fixes) - ARM: dts: exynos: fix roles of USB 3.0 ports on Odroid XU (git-fixes) - ARM: dts: gemini-rut1xx: remove duplicate ethernet node (git-fixes) - ARM: dts: gose: Fix ports node name for adv7180 (git-fixes) - ARM: dts: gose: Fix ports node name for adv7612 (git-fixes) - ARM: dts: imx27-phytec-phycard-s-rdk: Fix the I2C1 pinctrl entries (git-fixes) - ARM: dts: imx50-evk: Fix the chip select 1 IOMUX (git-fixes) - ARM: dts: imx6: Use gpc for FEC interrupt controller to fix wake on LAN (git-fixes) - ARM: dts: imx6: pbab01: Set vmmc supply for both SD interfaces (git-fixes) - ARM: dts: imx6: phycore-som: fix arm and soc minimum voltage (git-fixes) - ARM: dts: imx6: phycore-som: fix emmc supply (git-fixes) - ARM: dts: imx6dl-colibri-eval-v3: fix sram compatible properties (git-fixes). - ARM: dts: imx6dl-yapp4: Fix RGMII connection to QCA8334 switch (git-fixes) - ARM: dts: imx6dl-yapp4: Fix Ursa board Ethernet connection (git-fixes) - ARM: dts: imx6q-dhcom: Add PU,VDD1P1,VDD2P5 regulators (git-fixes) - ARM: dts: imx6q-dhcom: Add gpios pinctrl for i2c bus recovery (git-fixes) - ARM: dts: imx6q-dhcom: Fix ethernet plugin detection problems (git-fixes) - ARM: dts: imx6q-dhcom: Fix ethernet reset time properties (git-fixes) - ARM: dts: imx6qdl-gw52xx: fix duplicate regulator naming (git-fixes) - ARM: dts: imx6qdl-gw551x: Do not use 'simple-audio-card,dai-link' (git-fixes) - ARM: dts: imx6qdl-gw551x: fix audio SSI (git-fixes) - ARM: dts: imx6qdl-icore: Fix OTG_ID pin and sdcard detect (git-fixes) - ARM: dts: imx6qdl-kontron-samx6i: fix I2C_PM scl pin (git-fixes) - ARM: dts: imx6qdl-kontron-samx6i: fix i2c_lcd/cam default status (git-fixes) - ARM: dts: imx6qdl-sr-som: Increase the PHY reset duration to 10ms (git-fixes) - ARM: dts: imx6sl: fix rng node (git-fixes) - ARM: dts: imx6sx-sabreauto: Fix the phy-mode on fec2 (git-fixes) - ARM: dts: imx6sx-sdb: Fix the phy-mode on fec2 (git-fixes) - ARM: dts: imx6sx: Add missing UART RTS/CTS pins mux (git-fixes) - ARM: dts: imx6sx: Improve UART pins macro defines (git-fixes) - ARM: dts: imx6sx: fix the pad QSPI1B_SCLK mux mode for uart3 (git-fixes) - ARM: dts: imx7-colibri: Fix frequency for sd/mmc (git-fixes) - ARM: dts: imx7-colibri: fix muxing of usbc_det pin (git-fixes) - ARM: dts: imx7-colibri: prepare module device tree for FlexCAN (git-fixes) - ARM: dts: imx7d-meerkat96: Fix the 'tuning-step' property (git-fixes) - ARM: dts: imx7d-pico: Fix the 'tuning-step' property (git-fixes) - ARM: dts: imx7d: Correct speed grading fuse settings (git-fixes) - ARM: dts: imx7d: fix opp-supported-hw (git-fixes) - ARM: dts: imx7ulp: Correct gpio ranges (git-fixes) - ARM: dts: imx: Fix USB host power regulator polarity on M53Menlo (git-fixes) - ARM: dts: imx: Swap M53Menlo pinctrl_power_button/pinctrl_power_out (git-fixes) - ARM: dts: imx: emcon-avari: Fix nxp,pca8574 #gpio-cells (git-fixes) - ARM: dts: logicpd-som-lv-baseboard: Fix broken audio (git-fixes) - ARM: dts: logicpd-som-lv-baseboard: Fix missing video (git-fixes) - ARM: dts: logicpd-torpedo-baseboard: Fix broken audio (git-fixes) - ARM: dts: lpc32xx: Revert set default clock rate of HCLK PLL (git-fixes) - ARM: dts: ls1021a: Restore MDIO compatible to gianfar (git-fixes) - ARM: dts: ls1021a: fix QuadSPI-memory reg range (git-fixes) - ARM: dts: meson8: Use a higher default GPU clock frequency (git-fixes) - ARM: dts: meson8: remove two invalid interrupt lines from the GPU (git-fixes) - ARM: dts: meson8b: ec100: Fix the pwm regulator supply properties (git-fixes) - ARM: dts: meson8b: mxq: Fix the pwm regulator supply properties (git-fixes) - ARM: dts: meson8b: odroidc1: Fix the pwm regulator supply properties (git-fixes) - ARM: dts: meson: fix PHY deassert timing requirements (git-fixes) - ARM: dts: omap3430-sdp: Fix NAND device node (git-fixes) - ARM: dts: owl-s500: Fix incorrect PPI interrupt specifiers (git-fixes) - ARM: dts: oxnas: Fix clear-mask property (git-fixes) - ARM: dts: pandaboard: fix pinmux for gpio user button of Pandaboard (git-fixes) - ARM: dts: qcom: apq8064: Use 27MHz PXO clock as DSI PLL reference (git-fixes) - ARM: dts: qcom: msm8974: Add xo_board reference clock to DSI0 PHY (git-fixes) - ARM: dts: r7s9210: Remove bogus clock-names from OSTM nodes (git-fixes) - ARM: dts: r8a73a4: Add missing CMT1 interrupts (git-fixes) - ARM: dts: r8a7740: Add missing extal2 to CPG node (git-fixes) - ARM: dts: r8a7779, marzen: Fix DU clock names (git-fixes) - ARM: dts: renesas: Fix IOMMU device node names (git-fixes) - ARM: dts: s5pv210: Set keep-power-in-suspend for SDHCI1 on Aries (git-fixes) - ARM: dts: socfpga: Align L2 cache-controller nodename with dtschema (git-fixes) - ARM: dts: socfpga: fix register entry for timer3 on Arria10 (git-fixes) - ARM: dts: stm32: fix a typo for DAC io-channel-cells on stm32f429 (git-fixes) - ARM: dts: stm32: fix a typo for DAC io-channel-cells on stm32h743 (git-fixes) - ARM: dts: sun6i: a31-hummingbird: Enable RGMII RX/TX delay on (git-fixes) - ARM: dts: sun7i: a20: bananapro: Fix ethernet phy-mode (git-fixes) - ARM: dts: sun7i: bananapi-m1-plus: Enable RGMII RX/TX delay on (git-fixes) - ARM: dts: sun7i: bananapi: Enable RGMII RX/TX delay on Ethernet PHY (git-fixes) - ARM: dts: sun7i: cubietruck: Enable RGMII RX/TX delay on Ethernet PHY (git-fixes) - ARM: dts: sun7i: pcduino3-nano: enable RGMII RX/TX delay on PHY (git-fixes) - ARM: dts: sun8i-a83t-tbs-a711: Fix USB OTG mode detection (git-fixes) - ARM: dts: sun8i-h2-plus-bananapi-m2-zero: Fix led polarity (git-fixes) - ARM: dts: sun8i: a83t: Enable both RGMII RX/TX delay on Ethernet PHY (git-fixes) - ARM: dts: sun8i: h3: orangepi-plus2e: Enable RGMII RX/TX delay on (git-fixes) - ARM: dts: sun8i: r40: Move AHCI device node based on address order (git-fixes) - ARM: dts: sun8i: r40: bananapi-m2-berry: Fix dcdc1 regulator (git-fixes) - ARM: dts: sun8i: r40: bananapi-m2-ultra: Fix dcdc1 regulator (git-fixes) - ARM: dts: sun8i: r40: bananapi-m2-ultra: Fix ethernet node (git-fixes) - ARM: dts: sun8i: v3s: fix GIC node memory range (git-fixes) - ARM: dts: sun8i: v40: bananapi-m2-berry: Fix ethernet node (git-fixes) - ARM: dts: sun9i: Enable both RGMII RX/TX delay on Ethernet PHY (git-fixes) - ARM: dts: sunxi: Fix DE2 clocks register range (git-fixes) - ARM: dts: sunxi: bananapi-m2-plus-v1.2: Fix CPU supply voltages (git-fixes) - ARM: dts: sunxi: bananapi-m2-plus: Enable RGMII RX/TX delay on (git-fixes) - ARM: dts: turris-omnia: add SFP node (git-fixes) - ARM: dts: turris-omnia: add comphy handle to eth2 (git-fixes) - ARM: dts: turris-omnia: configure LED[2]/INTn pin as interrupt pin (git-fixes) - ARM: dts: turris-omnia: describe switch interrupt (git-fixes) - ARM: dts: turris-omnia: enable HW buffer management (git-fixes) - ARM: dts: turris-omnia: fix hardware buffer management (git-fixes) - ARM: dts: uniphier: Change phy-mode to RGMII-ID to enable delay pins (git-fixes) - ARM: dts: uniphier: Set SCSSI clock and reset IDs for each channel (git-fixes). - ARM: dts: vf610-zii-dev-rev-b: Remove #address-cells and #size-cells (git-fixes) - ARM: dts: vfxxx: Add syscon compatible with OCOTP (git-fixes) - ARM: exynos: MCPM: Restore big.LITTLE cpuidle support (git-fixes) - ARM: exynos: add missing of_node_put for loop iteration (git-fixes) - ARM: footbridge: fix PCI interrupt mapping (git-fixes) - ARM: imx5: add missing put_device() call in imx_suspend_alloc_ocram() (git-fixes) - ARM: imx6: disable the GIC CPU interface before calling stby-poweroff (git-fixes) - ARM: imx: add missing clk_disable_unprepare() (git-fixes) - ARM: imx: add missing iounmap() (git-fixes) - ARM: imx: build suspend-imx6.S with arm instruction set (git-fixes) - ARM: imx: fix missing 3rd argument in macro imx_mmdc_perf_init (git-fixes) - ARM: mvebu: drop pointless check for coherency_base (git-fixes) - ARM: p2v: fix handling of LPAE translation in BE mode (git-fixes) - ARM: s3c24xx: fix missing system reset (git-fixes) - ARM: s3c24xx: fix mmc gpio lookup tables (git-fixes) - ARM: s3c: irq-s3c24xx: Fix return value check for s3c24xx_init_intc() (git-fixes) - ARM: samsung: do not build plat/pm-common for Exynos (git-fixes) - ARM: samsung: fix PM debug build with DEBUG_LL but !MMU (git-fixes) - ARM: socfpga: PM: add missing put_device() call in socfpga_setup_ocram_self_refresh() (git-fixes) - ASoC: DAPM: Cover regression by kctl change notification fix (git-fixes). - ASoC: SOF: Intel: hda-dai: fix potential locking issue (git-fixes). - ASoC: nau8824: Add DMI quirk mechanism for active-high jack-detect (git-fixes). - ASoC: qdsp6: q6routing: Conditionally reset FrontEnd Mixer (git-fixes). - ASoC: topology: Add missing rwsem around snd_ctl_remove() calls (git-fixes). - Add SMB 2 support for getting and setting SACLs (bsc#1192606). - Add to supported.conf: fs/smbfs_common/cifs_arc4 fs/smbfs_common/cifs_md4 - Blacklist SCSI commit that breaks kABI (git-fixes) - Bluetooth: fix use-after-free error in lock_sock_nested() (git-fixes). - CIFS: Add support for setting owner info, dos attributes, and create time (bsc#1164565). - CIFS: Clarify SMB1 code for POSIX Create (bsc#1192606). - CIFS: Clarify SMB1 code for POSIX Lock (bsc#1192606). - CIFS: Clarify SMB1 code for POSIX delete file (bsc#1192606). - CIFS: Clarify SMB1 code for SetFileSize (bsc#1192606). - CIFS: Clarify SMB1 code for UnixCreateSymLink (bsc#1192606). - CIFS: Clarify SMB1 code for UnixSetPathInfo (bsc#1192606). - CIFS: Clarify SMB1 code for delete (bsc#1192606). - CIFS: Clarify SMB1 code for rename open file (bsc#1192606). - CIFS: Close cached root handle only if it had a lease (bsc#1164565). - CIFS: Close open handle after interrupted close (bsc#1164565). - CIFS: Do not miss cancelled OPEN responses (bsc#1164565). - CIFS: Fix NULL pointer dereference in mid callback (bsc#1164565). - CIFS: Fix NULL-pointer dereference in smb2_push_mandatory_locks (bnc#1151927 5.3.16). - CIFS: Fix SMB2 oplock break processing (bsc#1154355 bnc#1151927 5.3.16). - CIFS: Fix bug which the return value by asynchronous read is error (bsc#1192606). - CIFS: Fix oplock handling for SMB 2.1+ protocols (bnc#1151927 5.3.4). - CIFS: Fix retry mid list corruption on reconnects (bnc#1151927 5.3.10). - CIFS: Fix task struct use-after-free on reconnect (bsc#1164565). - CIFS: Fix use after free of file info structures (bnc#1151927 5.3.8). - CIFS: Force reval dentry if LOOKUP_REVAL flag is set (bnc#1151927 5.3.7). - CIFS: Force revalidate inode when dentry is stale (bnc#1151927 5.3.7). - CIFS: Gracefully handle QueryInfo errors during open (bnc#1151927 5.3.7). - CIFS: Increment num_remote_opens stats counter even in case of smb2_query_dir_first (bsc#1192606). - CIFS: Properly process SMB3 lease breaks (bsc#1164565). - CIFS: Respect O_SYNC and O_DIRECT flags during reconnect (bsc#1164565). - CIFS: Return directly after a failed build_path_from_dentry() in cifs_do_create() (bsc#1164565). - CIFS: Spelling s/EACCESS/EACCES/ (bsc#1192606). - CIFS: Use common error handling code in smb2_ioctl_query_info() (bsc#1164565). - CIFS: Use memdup_user() rather than duplicating its implementation (bsc#1164565). - CIFS: Warn less noisily on default mount (bsc#1192606). - CIFS: avoid using MID 0xFFFF (bnc#1151927 5.3.8). - CIFS: check new file size when extending file by fallocate (bsc#1192606). - CIFS: fiemap: do not return EINVAL if get nothing (bsc#1192606). - CIFS: fix a white space issue in cifs_get_inode_info() (bsc#1164565). - CIFS: fix max ea value size (bnc#1151927 5.3.4). - CIFS: refactor cifs_get_inode_info() (bsc#1164565). - CIFS: remove set but not used variables 'cinode' and 'netfid' (bsc#1164565). - Convert trailing spaces and periods in path components (bsc#1179424). - EDAC/amd64: Handle three rank interleaving mode (bsc#1152489). - Handle STATUS_IO_TIMEOUT gracefully (bsc#1192606). - Input: iforce - fix control-message timeout (git-fixes). - MM: reclaim mustn't enter FS for swap-over-NFS (bsc#1191876). - Mark commit as not needed (git-fixes) - Move upstreamed i8042 patch into sorted section - NFC: add NCI_UNREG flag to eliminate the race (git-fixes). - NFC: reorder the logic in nfc_{un,}register_device (git-fixes). - NFC: reorganize the functions in nci_request (git-fixes). - NFS: Do not set NFS_INO_DATA_INVAL_DEFER and NFS_INO_INVALID_DATA (git-fixes). - NFS: Fix deadlocks in nfs_scan_commit_list() (git-fixes). - NFS: Fix up commit deadlocks (git-fixes). - NFS: do not take i_rwsem for swap IO (bsc#1191876). - NFS: move generic_write_checks() call from nfs_file_direct_write() to nfs_file_write() (bsc#1191876). - NFSv4: Fix a regression in nfs_set_open_stateid_locked() (git-fixes). - PCI/MSI: Deal with devices lying about their MSI mask capability (git-fixes). - PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros (git-fixes). - PCI: Mark Atheros QCA6174 to avoid bus reset (git-fixes). - PM: hibernate: Get block device exclusively in swsusp_check() (git-fixes). - PM: hibernate: use correct mode for swsusp_close() (git-fixes). - Pass consistent param->type to fs_parse() (bsc#1192606). - Replace HTTP links with HTTPS ones: CIFS (bsc#1192606). - Revert 'ARM: sti: Implement dummy L2 cache's write_sec' (git-fixes) - Revert 'arm: sun8i: orangepi-pc-plus: Set EMAC activity LEDs to (git-fixes) - Revert 'cifs: Fix the target file was deleted when rename failed.' (bsc#1192606). - SMB3.1.1: Add support for negotiating signing algorithm (bsc#1192606). - SMB3.1.1: Fix ids returned in POSIX query dir (bsc#1192606). - SMB3.1.1: add defines for new signing negotiate context (bsc#1192606). - SMB3.1.1: do not log warning message if server does not populate salt (bsc#1192606). - SMB3.1.1: fix mount failure to some servers when compression enabled (bsc#1192606). - SMB3.1.1: remove confusing mount warning when no SPNEGO info on negprot rsp (bsc#1192606). - SMB3.1.1: update comments clarifying SPNEGO info in negprot response (bsc#1192606). - SMB311: Add support for query info using posix extensions (level 100) (bsc#1192606). - SMB3: Add new compression flags (bsc#1192606). - SMB3: Add new info level for query directory (bsc#1192606). - SMB3: Add support for getting and setting SACLs (bsc#1192606). - SMB3: Additional compression structures (bsc#1192606). - SMB3: Backup intent flag missing from some more ops (bsc#1164565). - SMB3: Fix crash in SMB2_open_init due to uninitialized field in compounding path (bsc#1164565). - SMB3: Fix mkdir when idsfromsid configured on mount (bsc#1192606). - SMB3: Fix persistent handles reconnect (bnc#1151927 5.3.11). - SMB3: Honor 'handletimeout' flag for multiuser mounts (bsc#1176558). - SMB3: Honor 'posix' flag for multiuser mounts (bsc#1176559). - SMB3: Honor 'seal' flag for multiuser mounts (bsc#1176545). - SMB3: Honor lease disabling for multiuser mounts (git-fixes). - SMB3: Honor persistent/resilient handle flags for multiuser mounts (bsc#1176546). - SMB3: Minor cleanup of protocol definitions (bsc#1192606). - SMB3: Resolve data corruption of TCP server info fields (bsc#1192606). - SMB3: add support for recognizing WSL reparse tags (bsc#1192606). - SMB3: avoid confusing warning message on mount to Azure (bsc#1192606). - SMB3: fix readpage for large swap cache (bsc#1192606). - SMB3: incorrect file id in requests compounded with open (bsc#1192606). - SMB3: update structures for new compression protocol definitions (bsc#1192606). - SUNRPC/auth: async tasks mustn't block waiting for memory (bsc#1191876). - SUNRPC/call_alloc: async tasks mustn't block waiting for memory (bsc#1191876). - SUNRPC/xprt: async tasks mustn't block waiting for memory (bsc#1191876). - SUNRPC: improve 'swap' handling: scheduling and PF_MEMALLOC (bsc#1191876). - SUNRPC: remove scheduling boost for 'SWAPPER' tasks (bsc#1191876). - TCON Reconnect during STATUS_NETWORK_NAME_DELETED (bsc#1192606). - USB: serial: option: add Fibocom FM101-GL variants (git-fixes). - USB: serial: option: add Telit LE910S1 0x9200 composition (git-fixes). - Update configs to add CONFIG_SMBFS_COMMON=m. - Update patches.suse/qla2xxx-synchronize-rport-dev_loss_tmo-setting.patch (bsc#1189158) - arm: dts: dra76x: Fix mmc3 max-frequency (git-fixes) - arm: dts: imx6qdl-udoo: fix rgmii phy-mode for ksz9031 phy (git-fixes) - arm: dts: mt7623: add missing pause for switchport (git-fixes) - arm: dts: omap3-gta04a4: accelerometer irq fix (git-fixes) - ath10k: fix invalid dma_addr_t token assignment (git-fixes). - ath10k: high latency fixes for beacon buffer (git-fixes). - ath: dfs_pattern_detector: Fix possible null-pointer dereference in channel_detector_create() (git-fixes). - block: Fix use-after-free issue accessing struct io_cq (bsc#1193042). - bnxt_en: reject indirect blk offload when hw-tc-offload is off (jsc#SLE-8372 bsc#1153275). - bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed (git-fixes). - bpf, arm: Fix register clobbering in div/mod implementation (git-fixes) - brcmfmac: Add DMI nvram filename quirk for Cyberbook T116 tablet (git-fixes). - btrfs: do not ignore error from btrfs_next_leaf() when inserting checksums (bsc#1193002). - btrfs: fix fsync failure and transaction abort after writes to prealloc extents (bsc#1193002). - btrfs: fix lost inode on log replay after mix of fsync, rename and inode eviction (bsc#1192998). - btrfs: fix race causing unnecessary inode logging during link and rename (bsc#1192998). - btrfs: make checksum item extension more efficient (bsc#1193002). - cfg80211: call cfg80211_stop_ap when switch from P2P_GO type (git-fixes). - cifs/smb3: Fix data inconsistent when punch hole (bsc#1176544). - cifs/smb3: Fix data inconsistent when zero file range (bsc#1176536). - cifs: Add get_security_type_str function to return sec type (bsc#1192606). - cifs: Add missing sentinel to smb3_fs_parameters (bsc#1192606). - cifs: Add new mount parameter 'acdirmax' to allow caching directory metadata (bsc#1192606). - cifs: Add new parameter 'acregmax' for distinct file and directory metadata timeout (bsc#1192606). - cifs: Add tracepoints for errors on flush or fsync (bsc#1164565). - cifs: Add witness information to debug data dump (bsc#1192606). - cifs: Adjust indentation in smb2_open_file (bsc#1164565). - cifs: Adjust key sizes and key generation routines for AES256 encryption (bsc#1192606). - cifs: Allocate crypto structures on the fly for calculating signatures of incoming packets (bsc#1192606). - cifs: Allocate encryption header through kmalloc (bsc#1192606). - cifs: Always update signing key of first channel (bsc#1192606). - cifs: Avoid doing network I/O while holding cache lock (bsc#1164565). - cifs: Avoid error pointer dereference (bsc#1192606). - cifs: Avoid field over-reading memcpy() (bsc#1192606). - cifs: Change SIDs in ACEs while transferring file ownership (bsc#1192606). - cifs: Clean up DFS referral cache (bsc#1164565). - cifs: Constify static struct genl_ops (bsc#1192606). - cifs: Convert to use the fallthrough macro (bsc#1192606). - cifs: Create a new shared file holding smb2 pdu definitions (bsc#1192606). - cifs: Deal with some warnings from W=1 (bsc#1192606). - cifs: Delete a stray unlock in cifs_swn_reconnect() (bsc#1192606). - cifs: Display local UID details for SMB sessions in DebugData (bsc#1192606). - cifs: Do not display RDMA transport on reconnect (bsc#1164565). - cifs: Do not leak EDEADLK to dgetents64 for STATUS_USER_SESSION_DELETED (bsc#1192606). - cifs: Do not use iov_iter::type directly (bsc#1192606). - cifs: Do not use the original cruid when following DFS links for multiuser mounts (bsc#1192606). - cifs: Enable sticky bit with cifsacl mount option (bsc#1192606). - cifs: Fix an error pointer dereference in cifs_mount() (bsc#1178270). - cifs: Fix cached_fid refcnt leak in open_shroot (bsc#1192606). - cifs: Fix chmod with modefromsid when an older ACE already exists (bsc#1192606). - cifs: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs (bnc#1151927 5.3.10). - cifs: Fix cifsacl ACE mask for group and others (bsc#1192606). - cifs: Fix double add page to memcg when cifs_readpages (bsc#1192606). - cifs: Fix fall-through warnings for Clang (bsc#1192606). - cifs: Fix in error types returned for out-of-credit situations (bsc#1192606). - cifs: Fix incomplete memory allocation on setxattr path (bsc#1179211). - cifs: Fix inconsistent IS_ERR and PTR_ERR (bsc#1192606). - cifs: Fix inconsistent indenting (bsc#1192606). - cifs: Fix leak when handling lease break for cached root fid (bsc#1176242). - cifs: Fix lookup of SMB connections on multichannel (bsc#1192606). - cifs: Fix lookup of root ses in DFS referral cache (bsc#1164565). - cifs: Fix memory allocation in __smb2_handle_cancelled_cmd() (bsc#1164565). - cifs: Fix missed free operations (bnc#1151927 5.3.8). - cifs: Fix mode output in debugging statements (bsc#1164565). - cifs: Fix mount options set in automount (bsc#1164565). - cifs: Fix null pointer check in cifs_read (bsc#1192606). - cifs: Fix potential deadlock when updating vol in cifs_reconnect() (bsc#1164565). - cifs: Fix potential softlockups while refreshing DFS cache (bsc#1164565). - cifs: Fix preauth hash corruption (git-fixes). - cifs: Fix retrieval of DFS referrals in cifs_mount() (bsc#1164565). - cifs: Fix return value in __update_cache_entry (bsc#1164565). - cifs: Fix some error pointers handling detected by static checker (bsc#1192606). - cifs: Fix spelling of 'security' (bsc#1192606). - cifs: Fix support for remount when not changing rsize/wsize (bsc#1192606). - cifs: Fix the target file was deleted when rename failed (bsc#1192606). - cifs: Fix unix perm bits to cifsacl conversion for 'other' bits (bsc#1192606). - cifs: Fix use-after-free bug in cifs_reconnect() (bsc#1164565). - cifs: Get rid of kstrdup_const()'d paths (bsc#1164565). - cifs: Grab a reference for the dentry of the cached directory during the lifetime of the cache (bsc#1192606). - cifs: Handle witness client move notification (bsc#1192606). - cifs: Identify a connection by a conn_id (bsc#1192606). - cifs: If a corrupted DACL is returned by the server, bail out (bsc#1192606). - cifs: In the new mount api we get the full devname as source= (bsc#1192606). - cifs: Introduce helpers for finding TCP connection (bsc#1164565). - cifs: Make extract_hostname function public (bsc#1192606). - cifs: Make extract_sharename function public (bsc#1192606). - cifs: Merge is_path_valid() into get_normalized_path() (bsc#1164565). - cifs: Move SMB2_Create definitions to the shared area (bsc#1192606). - cifs: Move more definitions into the shared area (bsc#1192606). - cifs: New optype for session operations (bsc#1181507). - cifs: On cifs_reconnect, resolve the hostname again (bsc#1192606). - cifs: Optimize readdir on reparse points (bsc#1164565). - cifs: Print the address and port we are connecting to in generic_ip_connect() (bsc#1192606). - cifs: Re-indent cifs_swn_reconnect() (bsc#1192606). - cifs: Reformat DebugData and index connections by conn_id (bsc#1192606). - cifs: Register generic netlink family (bsc#1192606). Update configs with CONFIG_SWN_UPCALL unset. - cifs: Remove the superfluous break (bsc#1192606). - cifs: Remove unused inline function is_sysvol_or_netlogon() (bsc#1185902). - cifs: Remove useless variable (bsc#1192606). - cifs: Retain old ACEs when converting between mode bits and ACL (bsc#1192606). - cifs: Return correct error code from smb2_get_enc_key (git-fixes). - cifs: Return the error from crypt_message when enc/dec key not found (bsc#1179426). - cifs: Send witness register and unregister commands to userspace daemon (bsc#1192606). - cifs: Send witness register messages to userspace daemon in echo task (bsc#1192606). - cifs: Set CIFS_MOUNT_USE_PREFIX_PATH flag on setting cifs_sb->prepath (bsc#1192606). - cifs: Set witness notification handler for messages from userspace daemon (bsc#1192606). - cifs: Silently ignore unknown oplock break handle (bsc#1192606). - cifs: Simplify reconnect code when dfs upcall is enabled (bsc#1192606). - cifs: Standardize logging output (bsc#1192606). - cifs: To match file servers, make sure the server hostname matches (bsc#1192606). - cifs: Tracepoints and logs for tracing credit changes (bsc#1181507). - cifs: Unlock on errors in cifs_swn_reconnect() (bsc#1192606). - cifs: Use #define in cifs_dbg (bsc#1164565). - cifs: add FALLOC_FL_INSERT_RANGE support (bsc#1192606). - cifs: add NULL check for ses->tcon_ipc (bsc#1178270). - cifs: add SMB2_open() arg to return POSIX data (bsc#1164565). - cifs: add SMB3 change notification support (bsc#1164565). - cifs: add a debug macro that prints \\server\share for errors (bsc#1164565). - cifs: add a function to get a cached dir based on its dentry (bsc#1192606). - cifs: add a helper to find an existing readable handle to a file (bsc#1154355). - cifs: add a timestamp to track when the lease of the cached dir was taken (bsc#1192606). - cifs: add an smb3_fs_context to cifs_sb (bsc#1192606). - cifs: add files to host new mount api (bsc#1192606). - cifs: add fs_context param to parsing helpers (bsc#1192606). - cifs: add initial reconfigure support (bsc#1192606). - cifs: add missing mount option to /proc/mounts (bsc#1164565). - cifs: add missing parsing of backupuid (bsc#1192606). - cifs: add mount parameter tcpnodelay (bsc#1192606). - cifs: add multichannel mount options and data structs (bsc#1192606). - cifs: add new debugging macro cifs_server_dbg (bsc#1164565). - cifs: add passthrough for smb2 setinfo (bsc#1164565). - cifs: add server param (bsc#1192606). - cifs: add shutdown support (bsc#1192606). - cifs: add smb2 POSIX info level (bsc#1164565). - cifs: add support for FALLOC_FL_COLLAPSE_RANGE (bsc#1192606). - cifs: add support for fallocate mode 0 for non-sparse files (bsc#1164565). - cifs: add support for flock (bsc#1164565). - cifs: add witness mount option and data structs (bsc#1192606). - cifs: added WARN_ON for all the count decrements (bsc#1192606). - cifs: allocate buffer in the caller of build_path_from_dentry() (bsc#1192606). - cifs: allow chmod to set mode bits using special sid (bsc#1164565). - cifs: allow syscalls to be restarted in __smb_send_rqst() (bsc#1176956). - cifs: allow unlock flock and OFD lock across fork (bsc#1192606). - cifs: ask for more credit on async read/write code paths (bsc#1192606). - cifs: avoid extra calls in posix_info_parse (bsc#1192606). - cifs: avoid starvation when refreshing dfs cache (bsc#1185902). - cifs: call wake_up(&server->response_q) inside of cifs_reconnect() (bsc#1164565). - cifs: change confusing field serverName (to ip_addr) (bsc#1192606). - cifs: change format of CIFS_FULL_KEY_DUMP ioctl (bsc#1192606). - cifs: change noisy error message to FYI (bsc#1181507). - cifs: check all path components in resolved dfs target (bsc#1181710). - cifs: check pointer before freeing (bsc#1183534). - cifs: check the timestamp for the cached dirent when deciding on revalidate (bsc#1192606). - cifs: cifs_md4 convert to SPDX identifier (bsc#1192606). - cifs: cifspdu.h: Replace one-element array with flexible-array member (bsc#1192606). - cifs: cifspdu.h: Replace zero-length array with flexible-array member (bsc#1192606). - cifs: clarify SMB1 code for UnixCreateHardLink (bsc#1192606). - cifs: clarify comment about timestamp granularity for old servers (bsc#1192606). - cifs: clarify hostname vs ip address in /proc/fs/cifs/DebugData (bsc#1192606). - cifs: cleanup a few le16 vs. le32 uses in cifsacl.c (bsc#1192606). - cifs: cleanup misc.c (bsc#1192606). - cifs: clear PF_MEMALLOC before exiting demultiplex thread (bsc#1192606). - cifs: close the shared root handle on tree disconnect (bsc#1164565). - cifs: compute full_path already in cifs_readdir() (bsc#1192606). - cifs: connect individual channel servers to primary channel server (bsc#1192606). - cifs: connect: style: Simplify bool comparison (bsc#1192606). - cifs: constify get_normalized_path() properly (bsc#1185902). - cifs: constify path argument of ->make_node() (bsc#1192606). - cifs: constify pathname arguments in a bunch of helpers (bsc#1192606). - cifs: convert list_for_each to entry variant (bsc#1192606, jsc#SLE-20042). - cifs: convert list_for_each to entry variant in cifs_debug.c (bsc#1192606). - cifs: convert list_for_each to entry variant in smb2misc.c (bsc#1192606). - cifs: convert revalidate of directories to using directory metadata cache timeout (bsc#1192606). - cifs: convert to use be32_add_cpu() (bsc#1192606). - cifs: correct comments explaining internal semaphore usage in the module (bsc#1192606). - cifs: correct four aliased mount parms to allow use of previous names (bsc#1192606). - cifs: create a MD4 module and switch cifs.ko to use it (bsc#1192606). - cifs: create a helper function to parse the query-directory response buffer (bsc#1164565). - cifs: create a helper to find a writeable handle by path name (bsc#1154355). - cifs: create sd context must be a multiple of 8 (bsc#1192606). - cifs: delete duplicated words in header files (bsc#1192606). - cifs: detect dead connections only when echoes are enabled (bsc#1192606). - cifs: do d_move in rename (bsc#1164565). - cifs: do not allow changing posix_paths during remount (bsc#1192606). - cifs: do not cargo-cult strndup() (bsc#1185902). - cifs: do not create a temp nls in cifs_setup_ipc (bsc#1192606). - cifs: do not disable noperm if multiuser mount option is not provided (bsc#1192606). - cifs: do not duplicate fscache cookie for secondary channels (bsc#1192606). - cifs: do not fail __smb_send_rqst if non-fatal signals are pending (git-fixes). - cifs: do not ignore the SYNC flags in getattr (bsc#1164565). - cifs: do not leak -EAGAIN for stat() during reconnect (bsc#1164565). - cifs: do not negotiate session if session already exists (bsc#1192606). - cifs: do not send close in compound create+close requests (bsc#1181507). - cifs: do not send tree disconnect to ipc shares (bsc#1185902). - cifs: do not share tcons with DFS (bsc#1178270). - cifs: do not share tcp servers with dfs mounts (bsc#1185902). - cifs: do not share tcp sessions of dfs connections (bsc#1185902). - cifs: do not use 'pre:' for MODULE_SOFTDEP (bsc#1164565). - cifs: document and cleanup dfs mount (bsc#1178270). - cifs: dump Security Type info in DebugData (bsc#1192606). - cifs: dump channel info in DebugData (bsc#1192606). - cifs: dump the session id and keys also for SMB2 sessions (bsc#1192606). - cifs: enable change notification for SMB2.1 dialect (bsc#1164565). - cifs: enable extended stats by default (bsc#1192606). - cifs: ensure correct super block for DFS reconnect (bsc#1178270). - cifs: escape spaces in share names (bsc#1192606). - cifs: export supported mount options via new mount_params /proc file (bsc#1192606). - cifs: fail i/o on soft mounts if sessionsetup errors out (bsc#1164565). - cifs: fix DFS failover (bsc#1192606). - cifs: fix DFS mount with cifsacl/modefromsid (bsc#1178270). - cifs: fix NULL dereference in match_prepath (bsc#1164565). - cifs: fix NULL dereference in smb2_check_message() (bsc#1192606). - cifs: fix SMB1 error path in cifs_get_file_info_unix (bsc#1192606). - cifs: fix a comment for the timeouts when sending echos (bsc#1164565). - cifs: fix a memleak with modefromsid (bsc#1192606). - cifs: fix a sign extension bug (bsc#1192606). - cifs: fix allocation size on newly created files (bsc#1192606). - cifs: fix channel signing (bsc#1192606). - cifs: fix check of dfs interlinks (bsc#1185902). - cifs: fix check of tcon dfs in smb1 (bsc#1178270). - cifs: fix chown and chgrp when idsfromsid mount option enabled (bsc#1192606). - cifs: fix credit accounting for extra channel (bsc#1192606). - cifs: fix dereference on ses before it is null checked (bsc#1164565). - cifs: fix dfs domain referrals (bsc#1192606). - cifs: fix dfs-links (bsc#1192606). - cifs: fix doc warnings in cifs_dfs_ref.c (bsc#1192606). - cifs: fix double free error on share and prefix (bsc#1178270). - cifs: fix fallocate when trying to allocate a hole (bsc#1192606). - cifs: fix handling of escaped ',' in the password mount argument (bsc#1192606). - cifs: fix incorrect check for null pointer in header_assemble (bsc#1192606). - cifs: fix incorrect kernel doc comments (bsc#1192606). - cifs: fix interrupted close commands (git-fixes). - cifs: fix ipv6 formating in cifs_ses_add_channel (bsc#1192606). - cifs: fix leak in cifs_smb3_do_mount() ctx (bsc#1192606). - cifs: fix leaked reference on requeued write (bsc#1178270). - cifs: fix memory leak in smb2_copychunk_range (git-fixes). - cifs: fix memory leak of smb3_fs_context_dup::server_hostname (bsc#1192606). - cifs: fix minor typos in comments and log messages (bsc#1192606). - cifs: fix missing null session check in mount (bsc#1192606). - cifs: fix missing spinlock around update to ses->status (bsc#1192606). - cifs: fix mode bits from dir listing when mounted with modefromsid (bsc#1164565). - cifs: fix mount option display for sec=krb5i (bsc#1161907). - cifs: fix mounts to subdirectories of target (bsc#1192606). - cifs: fix nodfs mount option (bsc#1181710). - cifs: fix out-of-bound memory access when calling smb3_notify() at mount point (bsc#1192606). - cifs: fix path comparison and hash calc (bsc#1185902). - cifs: fix possible uninitialized access and race on iface_list (bsc#1192606). - cifs: fix potential mismatch of UNC paths (bsc#1164565). - cifs: fix potential use-after-free bugs (bsc#1192606, jsc#SLE-20042). - cifs: fix potential use-after-free in cifs_echo_request() (bsc#1139944). - cifs: fix print of hdr_flags in dfscache_proc_show() (bsc#1192606, jsc#SLE-20042). - cifs: fix reference leak for tlink (bsc#1192606). - cifs: fix regression when mounting shares with prefix paths (bsc#1192606). - cifs: fix rename() by ensuring source handle opened with DELETE bit (bsc#1164565). - cifs: fix rsize/wsize to be negotiated values (bsc#1192606). - cifs: fix soft mounts hanging in the reconnect code (bsc#1164565). - cifs: fix soft mounts hanging in the reconnect code (bsc#1164565). - cifs: fix string declarations and assignments in tracepoints (bsc#1192606). - cifs: fix the out of range assignment to bit fields in parse_server_interfaces (bsc#1192606). - cifs: fix trivial typo (bsc#1192606). - cifs: fix uninitialised lease_key in open_shroot() (bsc#1178270). - cifs: fix uninitialized variable in smb3_fs_context_parse_param (bsc#1192606). - cifs: fix unitialized variable poential problem with network I/O cache lock patch (bsc#1164565). - cifs: fix unneeded null check (bsc#1192606). - cifs: fix use after free in cifs_smb3_do_mount() (bsc#1192606). - cifs: fix wrong release in sess_alloc_buffer() failed path (bsc#1192606). - cifs: for compound requests, use open handle if possible (bsc#1192606). - cifs: fork arc4 and create a separate module for it for cifs and other users (bsc#1192606). - cifs: get mode bits from special sid on stat (bsc#1164565). - cifs: get rid of @noreq param in __dfs_cache_find() (bsc#1185902). - cifs: get rid of cifs_sb->mountdata (bsc#1192606). - cifs: get rid of unused parameter in reconn_setup_dfs_targets() (bsc#1178270). - cifs: handle 'guest' mount parameter (bsc#1192606). - cifs: handle 'nolease' option for vers=1.0 (bsc#1192606). - cifs: handle -EINTR in cifs_setattr (bsc#1192606). - cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect (bsc#1178270). - cifs: handle different charsets in dfs cache (bsc#1185902). - cifs: handle empty list of targets in cifs_reconnect() (bsc#1178270). - cifs: handle hostnames that resolve to same ip in failover (bsc#1178270). - cifs: handle prefix paths in reconnect (bsc#1164565). - cifs: handle reconnect of tcon when there is no cached dfs referral (bsc#1192606). - cifs: have ->mkdir() handle race with another client sanely (bsc#1192606). - cifs: have cifs_fattr_to_inode() refuse to change type on live inode (bsc#1192606). - cifs: ignore auto and noauto options if given (bsc#1192606). - cifs: ignore cached share root handle closing errors (bsc#1166780). - cifs: improve fallocate emulation (bsc#1192606). - cifs: improve read performance for page size 64KB & cache=strict & vers=2.1+ (bsc#1192606). - cifs: introduce cifs_ses_mark_for_reconnect() helper (bsc#1192606). - cifs: introduce helper for finding referral server (bsc#1181710). - cifs: introduce new helper for cifs_reconnect() (bsc#1192606, jsc#SLE-20042). - cifs: keep referral server sessions alive (bsc#1185902). - cifs: log mount errors using cifs_errorf() (bsc#1192606). - cifs: log warning message (once) if out of disk space (bsc#1164565). - cifs: make build_path_from_dentry() return const char * (bsc#1192606). - cifs: make const array static, makes object smaller (bsc#1192606). - cifs: make fs_context error logging wrapper (bsc#1192606). - cifs: make locking consistent around the server session status (bsc#1192606). - cifs: make multichannel warning more visible (bsc#1192606). - cifs: make sure we do not overflow the max EA buffer size (bsc#1164565). - cifs: make use of cap_unix(ses) in cifs_reconnect_tcon() (bsc#1164565). - cifs: map STATUS_ACCOUNT_LOCKED_OUT to -EACCES (bsc#1192606). - cifs: merge __{cifs,smb2}_reconnect[_tcon]() into cifs_tree_connect() (bsc#1178270). - cifs: minor fix to two debug messages (bsc#1192606). - cifs: minor kernel style fixes for comments (bsc#1192606). - cifs: minor simplification to smb2_is_network_name_deleted (bsc#1192606). - cifs: minor update to comments around the cifs_tcp_ses_lock mutex (bsc#1192606). - cifs: minor updates to Kconfig (bsc#1192606). - cifs: misc: Use array_size() in if-statement controlling expression (bsc#1192606). - cifs: missed ref-counting smb session in find (bsc#1192606). - cifs: missing null check for newinode pointer (bsc#1192606). - cifs: missing null pointer check in cifs_mount (bsc#1185902). - cifs: modefromsid: make room for 4 ACE (bsc#1164565). - cifs: modefromsid: write mode ACE first (bsc#1164565). - cifs: move NEGOTIATE_PROTOCOL definitions out into the common area (bsc#1192606). - cifs: move SMB FSCTL definitions to common code (bsc#1192606). - cifs: move [brw]size from cifs_sb to cifs_sb->ctx (bsc#1192606). - cifs: move cache mount options to fs_context.ch (bsc#1192606). - cifs: move cifsFileInfo_put logic into a work-queue (bsc#1154355). - cifs: move cifs_cleanup_volume_info[_content] to fs_context.c (bsc#1192606). - cifs: move cifs_parse_devname to fs_context.c (bsc#1192606). - cifs: move debug print out of spinlock (bsc#1192606). - cifs: move security mount options into fs_context.ch (bsc#1192606). - cifs: move smb version mount options into fs_context.c (bsc#1192606). - cifs: move some variables off the stack in smb2_ioctl_query_info (bsc#1192606). - cifs: move the check for nohandlecache into open_shroot (bsc#1192606). - cifs: move the enum for cifs parameters into fs_context.h (bsc#1192606). - cifs: move update of flags into a separate function (bsc#1192606). - cifs: multichannel: always zero struct cifs_io_parms (bsc#1192606). - cifs: multichannel: move channel selection above transport layer (bsc#1192606). - cifs: multichannel: move channel selection in function (bsc#1192606). - cifs: multichannel: try to rebind when reconnecting a channel (bsc#1192606). - cifs: multichannel: use pointer for binding channel (bsc#1192606). - cifs: nosharesock should be set on new server (bsc#1192606). - cifs: nosharesock should not share socket with future sessions (bsc#1192606). - cifs: only update prefix path of DFS links in cifs_tree_connect() (bsc#1178270). - cifs: only write 64kb at a time when fallocating a small region of a file (bsc#1192606). - cifs: pass a path to open_shroot and check if it is the root or not (bsc#1192606). - cifs: pass the dentry instead of the inode down to the revalidation check functions (bsc#1192606). - cifs: plumb smb2 POSIX dir enumeration (bsc#1164565). - cifs: populate server_hostname for extra channels (bsc#1192606). - cifs: potential unintitliazed error code in cifs_getattr() (bsc#1164565). - cifs: prepare SMB2_Flush to be usable in compounds (bsc#1154355). - cifs: prepare SMB2_query_directory to be used with compounding (bsc#1164565). - cifs: prevent NULL deref in cifs_compose_mount_options() (bsc#1185902). - cifs: prevent truncation from long to int in wait_for_free_credits (bsc#1192606). - cifs: print MIDs in decimal notation (bsc#1181507). - cifs: print warning mounting with vers=1.0 (bsc#1164565). - cifs: properly invalidate cached root handle when closing it (bsc#1192606). - cifs: protect session channel fields with chan_lock (bsc#1192606). - cifs: protect srv_count with cifs_tcp_ses_lock (bsc#1192606). - cifs: protect updating server->dstaddr with a spinlock (bsc#1192606). - cifs: reduce number of referral requests in DFS link lookups (bsc#1178270). - cifs: reduce stack use in smb2_compound_op (bsc#1192606). - cifs: refactor create_sd_buf() and and avoid corrupting the buffer (bsc#1192606). - cifs: release lock earlier in dequeue_mid error case (bsc#1192606). - cifs: remove [gu]id/backup[gu]id/file_mode/dir_mode from cifs_sb (bsc#1192606). - cifs: remove actimeo from cifs_sb (bsc#1192606). - cifs: remove bogus debug code (bsc#1179427). - cifs: remove ctx argument from cifs_setup_cifs_sb (bsc#1192606). - cifs: remove duplicated prototype (bsc#1192606). - cifs: remove old dead code (bsc#1192606). - cifs: remove pathname for file from SPDX header (bsc#1192606). - cifs: remove redundant assignment to pointer pneg_ctxt (bsc#1164565). - cifs: remove redundant assignment to variable rc (bsc#1164565). - cifs: remove redundant initialization of variable rc (bsc#1192606). - cifs: remove redundant initialization of variable rc (bsc#1192606). - cifs: remove set but not used variable 'server' (bsc#1164565). - cifs: remove set but not used variables (bsc#1164565). - cifs: remove some minor warnings pointed out by kernel test robot (bsc#1192606). - cifs: remove the devname argument to cifs_compose_mount_options (bsc#1192606). - cifs: remove the retry in cifs_poxis_lock_set (bsc#1192606). - cifs: remove two cases where rc is set unnecessarily in sid_to_id (bsc#1192606). - cifs: remove unnecessary copies of tcon->crfid.fid (bsc#1192606). - cifs: remove unused variable 'server' (bsc#1192606). - cifs: remove unused variable 'sid_user' (bsc#1164565). - cifs: remove unused variable (bsc#1164565). - cifs: remove various function description warnings (bsc#1192606). - cifs: rename a variable in SendReceive() (bsc#1164565). - cifs: rename cifs_common to smbfs_common (bsc#1192606). - cifs: rename dup_vol to smb3_fs_context_dup and move it into fs_context.c (bsc#1192606). - cifs: rename posix create rsp (bsc#1164565). - cifs: rename reconn_inval_dfs_target() (bsc#1178270). - cifs: rename smb_vol as smb3_fs_context and move it to fs_context.h (bsc#1192606). - cifs: rename the *_shroot* functions to *_cached_dir* (bsc#1192606). - cifs: report error instead of invalid when revalidating a dentry fails (bsc#1177440). - cifs: retry lookup and readdir when EAGAIN is returned (bsc#1192606). - cifs: return cached_fid from open_shroot (bsc#1192606). - cifs: return proper error code in statfs(2) (bsc#1181507). - cifs: returning mount parm processing errors correctly (bsc#1192606). - cifs: revalidate mapping when we open files for SMB1 POSIX (bsc#1192606). - cifs: send workstation name during ntlmssp session setup (bsc#1192606). - cifs: set a minimum of 120s for next dns resolution (bsc#1192606). - cifs: set a minimum of 2 minutes for refreshing dfs cache (bsc#1185902). - cifs: set correct max-buffer-size for smb2_ioctl_init() (bsc#1164565). - cifs: set server->cipher_type to AES-128-CCM for SMB3.0 (bsc#1192606). - cifs: set up next DFS target before generic_ip_connect() (bsc#1178270). - cifs: simplify SWN code with dummy funcs instead of ifdefs (bsc#1192606). - cifs: simplify handling of cifs_sb/ctx->local_nls (bsc#1192606). - cifs: smb1: Try failing back to SetFileInfo if SetPathInfo fails (bsc#1192606). - cifs: smb2pdu.h: Replace zero-length array with flexible-array member (bsc#1192606). - cifs: smbd: Add messages on RDMA session destroy and reconnection (bsc#1164565). - cifs: smbd: Calculate the correct maximum packet size for segmented SMBDirect send/receive (bsc#1192606). - cifs: smbd: Check and extend sender credits in interrupt context (bsc#1192606). - cifs: smbd: Check send queue size before posting a send (bsc#1192606). - cifs: smbd: Do not schedule work to send immediate packet on every receive (bsc#1192606). - cifs: smbd: Invalidate and deregister memory registration on re-send for direct I/O (bsc#1164565). - cifs: smbd: Merge code to track pending packets (bsc#1192606). - cifs: smbd: Only queue work for error recovery on memory registration (bsc#1164565). - cifs: smbd: Properly process errors on ib_post_send (bsc#1192606). - cifs: smbd: Return -EAGAIN when transport is reconnecting (bsc#1164565). - cifs: smbd: Return -ECONNABORTED when trasnport is not in connected state (bsc#1164565). - cifs: smbd: Return -EINVAL when the number of iovs exceeds SMBDIRECT_MAX_SGE (bsc#1164565). - cifs: smbd: Update receive credits before sending and deal with credits roll back on failure before sending (bsc#1192606). - cifs: sort interface list by speed (bsc#1192606). - cifs: split out dfs code from cifs_reconnect() (bsc#1192606, jsc#SLE-20042). - cifs: store a pointer to the root dentry in cifs_sb_info once we have completed mounting the share (bsc#1192606). - cifs: style: replace one-element array with flexible-array (bsc#1192606). - cifs: support nested dfs links over reconnect (bsc#1192606, jsc#SLE-20042). - cifs: support share failover when remounting (bsc#1192606, jsc#SLE-20042). - cifs: switch build_path_from_dentry() to using dentry_path_raw() (bsc#1192606). - cifs: switch servers depending on binding state (bsc#1192606). - cifs: switch to new mount api (bsc#1192606). - cifs: try harder to open new channels (bsc#1192606). - cifs: try opening channels after mounting (bsc#1192606). - cifs: uncomplicate printing the iocharset parameter (bsc#1192606). - cifs: update FSCTL definitions (bsc#1192606). - cifs: update ctime and mtime during truncate (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal version number (bsc#1192606). - cifs: update internal version number (bsc#1192606). - cifs: update internal version number (bsc#1192606). - cifs: update internal version number (bsc#1192606). - cifs: update mnt_cifs_flags during reconfigure (bsc#1192606). - cifs: update new ACE pointer after populate_new_aces (bsc#1192606). - cifs: update super_operations to show_devname (bsc#1192606). - cifs: use PTR_ERR_OR_ZERO() to simplify code (bsc#1164565). - cifs: use SPDX-Licence-Identifier (bsc#1192606). - cifs: use cifsInodeInfo->open_file_lock while iterating to avoid a panic (bnc#1151927 5.3.7). - cifs: use compounding for open and first query-dir for readdir() (bsc#1164565). - cifs: use discard iterator to discard unneeded network data more efficiently (bsc#1192606). - cifs: use echo_interval even when connection not ready (bsc#1192606). - cifs: use existing handle for compound_op(OP_SET_INFO) when possible (bsc#1154355). - cifs: use helpers when parsing uid/gid mount options and validate them (bsc#1192606). - cifs: use mod_delayed_work() for &server->reconnect if already queued (bsc#1164565). - cifs: use the expiry output of dns_query to schedule next resolution (bsc#1192606). - cifs: warn and fail if trying to use rootfs without the config option (bsc#1192606). - cifs: we do not allow changing username/password/unc/... during remount (bsc#1192606). - cifs_atomic_open(): fix double-put on late allocation failure (bsc#1192606). - cifs_debug: use %pd instead of messing with ->d_name (bsc#1192606). - cifs`: handle ERRBaduid for SMB1 (bsc#1192606). - clk: imx: imx6ul: Move csi_sel mux to correct base register (git-fixes). - clk: ingenic: Fix bugs with divided dividers (git-fixes). - crypto: ecc - fix CRYPTO_DEFAULT_RNG dependency (git-fixes). - crypto: pcrypt - Delay write to padata->info (git-fixes). - crypto: s5p-sss - Add error handling in s5p_aes_probe() (git-fixes). - cxgb4: fix eeprom len when diagnostics not implemented (git-fixes). - dmaengine: at_xdmac: fix AT_XDMAC_CC_PERID() macro (git-fixes). - dmaengine: dmaengine_desc_callback_valid(): Check for `callback_result` (git-fixes). - do_cifs_create(): do not set ->i_mode of something we had not created (bsc#1192606). - drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga and dvi connectors (git-fixes). - drm/msm: Do hw_init() before capturing GPU state (git-fixes). - drm/nouveau: hdmigv100.c: fix corrupted HDMI Vendor InfoFrame (git-fixes). - drm/panel-orientation-quirks: add Valve Steam Deck (git-fixes). - drm/plane-helper: fix uninitialized variable reference (git-fixes). - drm/vc4: fix error code in vc4_create_object() (git-fixes). - drm: panel-orientation-quirks: Add quirk for Aya Neo 2021 (git-fixes). - drm: panel-orientation-quirks: Add quirk for GPD Win3 (git-fixes). - drm: panel-orientation-quirks: Add quirk for KD Kurio Smart C15200 2-in-1 (git-fixes). - drm: panel-orientation-quirks: Add quirk for the Samsung Galaxy Book 10.6 (git-fixes). - drm: panel-orientation-quirks: Update the Lenovo Ideapad D330 quirk (v2) (git-fixes). - elfcore: correct reference to CONFIG_UML (git-fixes). - elfcore: fix building with clang (bsc#1169514). - ext4: Avoid trim error on fs with small groups (bsc#1191271). - fget: clarify and improve __fget_files() implementation (bsc#1193727). - fix memory leak in large read decrypt offload (bsc#1164565). - fs/cifs/: fix misspellings using codespell tool (bsc#1192606). - fs/cifs/cifssmb.c: use true,false for bool variable (bsc#1164565). - fs/cifs/sess.c: Remove set but not used variable 'capabilities' (bsc#1164565). - fs/cifs/smb2ops.c: use true,false for bool variable (bsc#1164565). - fs/cifs/smb2pdu.c: Make SMB2_notify_init static (bsc#1164565). - fs/cifs: Assign boolean values to a bool variable (bsc#1192606). - fs/cifs: Fix resource leak (bsc#1192606). - fs/cifs: Simplify bool comparison (bsc#1192606). - fs/cifs: fix gcc warning in sid_to_id (bsc#1192606). - fs: cifs: Fix atime update check vs mtime (bsc#1164565). - fs: cifs: Initialize filesystem timestamp ranges (bsc#1164565). - fs: cifs: Remove repeated struct declaration (bsc#1192606). - fs: cifs: Remove unnecessary struct declaration (bsc#1192606). - fs: cifs: cifsssmb: remove redundant assignment to variable ret (bsc#1164565). - fs: cifs: mute -Wunused-const-variable message (bnc#1151927 5.3.9). - fs: cifs: remove unneeded variable in smb3_fs_context_dup (bsc#1192606). - fuse: release pipe buf after last use (bsc#1193318). - gve: Add netif_set_xps_queue call (bsc#1176940). - gve: Add rx buffer pagecnt bias (bsc#1176940). - gve: Allow pageflips on larger pages (bsc#1176940). - gve: DQO: avoid unused variable warnings (bsc#1176940). - gve: Do lazy cleanup in TX path (git-fixes). - gve: Switch to use napi_complete_done (git-fixes). - gve: Track RX buffer allocation failures (bsc#1176940). - i2c: cbus-gpio: set atomic transfer callback (git-fixes). - i2c: stm32f7: flush TX FIFO upon transfer errors (git-fixes). - i2c: stm32f7: recover the bus on access timeout (git-fixes). - i2c: stm32f7: stop dma transfer in case of NACK (git-fixes). - i2c: xlr: Fix a resource leak in the error handling path of 'xlr_i2c_probe()' (git-fixes). - i40e: Fix NULL ptr dereference on VSI filter sync (git-fixes). - i40e: Fix changing previously set num_queue_pairs for PFs (git-fixes). - i40e: Fix correct max_pkt_size on VF RX queue (git-fixes). - i40e: Fix creation of first queue by omitting it if is not power of two (git-fixes). - i40e: Fix display error code in dmesg (git-fixes). - i40e: Fix failed opcode appearing if handling messages from VF (git-fixes). - i40e: Fix ping is lost after configuring ADq on VF (git-fixes). - i40e: Fix pre-set max number of queues for VF (git-fixes). - i40e: Fix warning message and call stack during rmmod i40e driver (git-fixes). - iavf: Fix failure to exit out from last all-multicast mode (git-fixes). - iavf: Fix for the false positive ASQ/ARQ errors while issuing VF reset (git-fixes). - iavf: Fix reporting when setting descriptor count (git-fixes). - iavf: Prevent changing static ITR values if adaptive moderation is on (git-fixes). - iavf: Restore VLAN filters after link down (git-fixes). - iavf: check for null in iavf_fix_features (git-fixes). - iavf: do not clear a lock we do not hold (git-fixes). - iavf: free q_vectors before queues in iavf_disable_vf (git-fixes). - iavf: prevent accidental free of filter structure (git-fixes). - iavf: validate pointers (git-fixes). - ibmvnic: drop bad optimization in reuse_rx_pools() (bsc#1193349 ltc#195568). - ibmvnic: drop bad optimization in reuse_tx_pools() (bsc#1193349 ltc#195568). - ice: Delete always true check of PF pointer (git-fixes). - ice: avoid bpf_prog refcount underflow (jsc#SLE-7926). - ice: fix vsi->txq_map sizing (jsc#SLE-7926). - ice: ignore dropped packets during init (git-fixes). - igb: fix netpoll exit with traffic (git-fixes). - igc: Remove _I_PHY_ID checking (bsc#1193169). - igc: Remove phy->type checking (bsc#1193169). - iio: imu: st_lsm6dsx: Avoid potential array overflow in st_lsm6dsx_set_odr() (git-fixes). - iommu/amd: Relocate GAMSup check to early_enable_iommus (git-fixes). - iommu/amd: Remove iommu_init_ga() (git-fixes). - iommu: Check if group is NULL before remove device (git-fixes). - ipmi: Disable some operations during a panic (git-fixes). - kernel-source.spec: install-kernel-tools also required on 15.4 - kprobes: Limit max data_size of the kretprobe instances (bsc#1193669). - lib/xz: Avoid overlapping memcpy() with invalid input with in-place decompression (git-fixes). - lib/xz: Validate the value before assigning it to an enum variable (git-fixes). - libata: fix checking of DMA state (git-fixes). - linux/parser.h: add include guards (bsc#1192606). - livepatch: Avoid CPU hogging with cond_resched (bsc#1071995). - lpfc: Reintroduce old IRQ probe logic (bsc#1183897). - md: fix a lock order reversal in md_alloc (git-fixes). - media: Revert 'media: uvcvideo: Set unique vdev name based in type' (bsc#1193255). - media: imx: set a media_device bus_info string (git-fixes). - media: ipu3-imgu: VIDIOC_QUERYCAP: Fix bus_info (git-fixes). - media: ipu3-imgu: imgu_fmt: Handle properly try (git-fixes). - media: ir-kbd-i2c: improve responsiveness of hauppauge zilog receivers (git-fixes). - media: mceusb: return without resubmitting URB in case of -EPROTO error (git-fixes). - media: mt9p031: Fix corrupted frame after restarting stream (git-fixes). - media: netup_unidvb: handle interrupt properly according to the firmware (git-fixes). - media: rcar-csi2: Add checking to rcsi2_start_receiver() (git-fixes). - media: s5p-mfc: fix possible null-pointer dereference in s5p_mfc_probe() (git-fixes). - media: stm32: Potential NULL pointer dereference in dcmi_irq_thread() (git-fixes). - media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte() (git-fixes). - media: uvcvideo: Return -EIO for control errors (git-fixes). - media: uvcvideo: Set capability in s_param (git-fixes). - media: uvcvideo: Set unique vdev name based in type (git-fixes). - memstick: r592: Fix a UAF bug when removing the driver (git-fixes). - mmc: dw_mmc: Dont wait for DRTO on Write RSP error (git-fixes). - mmc: winbond: do not build on M68K (git-fixes). - moxart: fix potential use-after-free on remove path (bsc#1194516). - mtd: core: do not remove debugfs directory if device is in use (git-fixes). - mwifiex: Properly initialize private structure on interface type changes (git-fixes). - mwifiex: Read a PCI register after writing the TX ring write pointer (git-fixes). - mwifiex: Run SET_BSS_MODE when changing from P2P to STATION vif-type (git-fixes). - mwl8k: Fix use-after-free in mwl8k_fw_state_machine() (git-fixes). - net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources() (git-fixes). - net/mlx5: Update error handler for UCTX and UMEM (git-fixes). - net/mlx5e: reset XPS on error flow if netdev isn't registered yet (git-fixes). - net: asix: fix uninit value bugs (git-fixes). - net: bnx2x: fix variable dereferenced before check (git-fixes). - net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero (git-fixes). - net: delete redundant function declaration (git-fixes). - net: hso: fix control-request directions (git-fixes). - net: hso: fix muxed tty registration (git-fixes). - net: linkwatch: fix failure to restore device state across suspend/resume (bsc#1192511). - net: mana: Allow setting the number of queues while the NIC is down (jsc#SLE-18779, bsc#1185726). - net: mana: Fix memory leak in mana_hwc_create_wq (jsc#SLE-18779, bsc#1185726). - net: mana: Fix spelling mistake 'calledd' -> 'called' (jsc#SLE-18779, bsc#1185726). - net: mana: Fix the netdev_err()'s vPort argument in mana_init_port() (jsc#SLE-18779, bsc#1185726). - net: mana: Improve the HWC error handling (jsc#SLE-18779, bsc#1185726). - net: mana: Support hibernation and kexec (jsc#SLE-18779, bsc#1185726). - net: mana: Use kcalloc() instead of kzalloc() (jsc#SLE-18779, bsc#1185726). - net: pegasus: fix uninit-value in get_interrupt_interval (git-fixes). - net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() (git-fixes). - net: usb: Merge cpu_to_le32s + memcpy to put_unaligned_le32 (git-fixes). - net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of '0' if no IRQ is available (git-fixes). - net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of '0' if no IRQ is available (git-fixes). - nfc: pn533: Fix double free when pn533_fill_fragment_skbs() fails (git-fixes). - nfp: Fix memory leak in nfp_cpp_area_cache_add() (git-fixes). - nfp: checking parameter process for rx-usecs/tx-usecs is invalid (git-fixes). - nfsd4: Handle the NFSv4 READDIR 'dircount' hint being zero (git-fixes). - nfsd: do not alloc under spinlock in rpc_parse_scope_id (git-fixes). - nfsd: fix error handling of register_pernet_subsys() in init_nfsd() (git-fixes). - nvme-multipath: Skip not ready namespaces when revalidating paths (bsc#1191793 bsc#1192507 bsc#1192969). - nvme-pci: add NO APST quirk for Kioxia device (git-fixes). - objtool: Support Clang non-section symbols in ORC generation (bsc#1169514). - perf/x86/intel/uncore: Fix Intel ICX IIO event constraints (git-fixes). - perf/x86/intel/uncore: Fix M2M event umask for Ice Lake server (git-fixes). - perf/x86/intel/uncore: Fix the scale of the IMC free-running events (git-fixes). - perf/x86/intel/uncore: Support extra IMC channel on Ice Lake server (git-fixes). - perf: Correctly handle failed perf_get_aux_event() (git-fixes). - platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()' (git-fixes). - platform/x86: wmi: do not fail if disabling fails (git-fixes). - pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds (git-fixes). - powerpc/fadump: Fix inaccurate CPU state info in vmcore generated with panic (bsc#1193901 ltc#194976). - powerpc/paravirt: correct preempt debug splat in vcpu_is_preempted() (bsc#1181148 ltc#190702 git-fixes). - powerpc/paravirt: vcpu_is_preempted() commentary (bsc#1181148 ltc#190702 git-fixes). - powerpc/pseries: Move some PAPR paravirt functions to their own file (bsc#1181148 ltc#190702 git-fixes). - powerpc/watchdog: Avoid holding wd_smp_lock over printk and smp_send_nmi_ipi (bsc#1187541 ltc#192129). - powerpc/watchdog: Fix missed watchdog reset due to memory ordering race (bsc#1187541 ltc#192129). - powerpc/watchdog: Fix wd_smp_last_reset_tb reporting (bsc#1187541 ltc#192129). - powerpc/watchdog: read TB close to where it is used (bsc#1187541 ltc#192129). - powerpc/watchdog: tighten non-atomic read-modify-write access (bsc#1187541 ltc#192129). - powerpc: fix unbalanced node refcount in check_kvm_guest() (jsc#SLE-15869 jsc#SLE-16321 git-fixes). - powerpc: handle kdump appropriately with crash_kexec_post_notifiers option (bsc#1193901 ltc#194976). - printk: Remove printk.h inclusion in percpu.h (bsc#1192987). - qede: validate non LSO skb length (git-fixes). - r8152: limit the RX buffer size of RTL8153A for USB 2.0 (git-fixes). - r8169: Add device 10ec:8162 to driver r8169 (git-fixes). - recordmcount.pl: fix typo in s390 mcount regex (bsc#1192267). - recordmcount.pl: look for jgnop instruction as well as bcrl on s390 (bsc#1192267). - reset: socfpga: add empty driver allowing consumers to probe (git-fixes). - ring-buffer: Protect ring_buffer_reset() from reentrancy (bsc#1179960). - rpm/kernel-binary.spec.in: do not strip vmlinux again (bsc#1193306) - rpm/kernel-obs-build.spec.in: move to zstd for the initrd - rt2x00: do not mark device gone on EPROTO errors during start (git-fixes). - rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer() (bsc#1154353 bnc#1151927 5.3.9). - s390/uv: fully validate the VMA before calling follow_page() (git-fixes). - s390: mm: Fix secure storage access exception handling (git-fixes). - scsi: iscsi: Adjust iface sysfs attr detection (git-fixes). - scsi: lpfc: Fix non-recovery of remote ports following an unsolicited LOGO (bsc#1189126). - scsi: mpt3sas: Fix kernel panic during drive powercycle test (git-fixes). - scsi: mpt3sas: Fix system going into read-only mode (git-fixes). - scsi: qla2xxx: Fix gnl list corruption (git-fixes). - scsi: qla2xxx: Relogin during fabric disturbance (git-fixes). - scsi: qla2xxx: Turn off target reset during issue_lip (git-fixes). - serial: 8250_pci: Fix ACCES entries in pci_serial_quirks array (git-fixes). - serial: 8250_pci: rewrite pericom_do_set_divisor() (git-fixes). - serial: core: fix transmit-buffer reset and memleak (git-fixes). - series.conf: whitespace and comment cleanup No effect on expanded tree. - smb2: clarify rc initialization in smb2_reconnect (bsc#1192606). - smb2: fix use-after-free in smb2_ioctl_query_info() (bsc#1192606). - smb3.1.1: add new module load parm enable_gcm_256 (bsc#1192606). - smb3.1.1: add new module load parm require_gcm_256 (bsc#1192606). - smb3.1.1: allow dumping GCM256 keys to improve debugging of encrypted shares (bsc#1192606). - smb3.1.1: allow dumping keys for multiuser mounts (bsc#1192606). - smb3.1.1: do not fail if no encryption required but server does not support it (bsc#1192606). - smb3.1.1: enable negotiating stronger encryption by default (bsc#1192606). - smb3.1.1: fix typo in compression flag (bsc#1192606). - smb3.1.1: print warning if server does not support requested encryption type (bsc#1192606). - smb3.1.1: rename nonces used for GCM and CCM encryption (bsc#1192606). - smb3.1.1: set gcm256 when requested (bsc#1192606). - smb311: Add support for SMB311 query info (non-compounded) (bsc#1192606). - smb311: Add support for lookup with posix extensions query info (bsc#1192606). - smb311: Add tracepoints for new compound posix query info (bsc#1192606). - smb311: add support for using info level for posix extensions query (bsc#1192606). - smb311: remove dead code for non compounded posix query info (bsc#1192606). - smb3: Add debug message for new file creation with idsfromsid mount option (bsc#1192606). - smb3: Add defines for new information level, FileIdInformation (bsc#1164565). - smb3: Add missing reparse tags (bsc#1164565). - smb3: Add new parm 'nodelete' (bsc#1192606). - smb3: Avoid Mid pending list corruption (bsc#1192606). - smb3: Call cifs reconnect from demultiplex thread (bsc#1192606). - smb3: Fix out-of-bounds bug in SMB2_negotiate() (bsc#1183540). - smb3: Fix regression in time handling (bsc#1164565). - smb3: Handle error case during offload read path (bsc#1192606). - smb3: Incorrect size for netname negotiate context (bsc#1154355). - smb3: add additional null check in SMB2_ioctl (bsc#1192606). - smb3: add additional null check in SMB2_open (bsc#1192606). - smb3: add additional null check in SMB2_tcon (bsc#1192606). - smb3: add additional null check in SMB311_posix_mkdir (bsc#1192606). - smb3: add debug messages for closing unmatched open (bsc#1164565). - smb3: add defines for new crypto algorithms (bsc#1192606). - smb3: add dynamic trace point to trace when credits obtained (bsc#1181507). - smb3: add dynamic trace points for socket connection (bsc#1192606). - smb3: add dynamic tracepoints for flush and close (bsc#1164565). - smb3: add indatalen that can be a non-zero value to calculation of credit charge in smb2 ioctl (bsc#1192606). - smb3: add missing flag definitions (bsc#1164565). - smb3: add missing worker function for SMB3 change notify (bsc#1164565). - smb3: add mount option to allow RW caching of share accessed by only 1 client (bsc#1164565). - smb3: add mount option to allow forced caching of read only share (bsc#1164565). - smb3: add one more dynamic tracepoint missing from strict fsync path (bsc#1164565). - smb3: add rasize mount parameter to improve readahead performance (bsc#1192606). - smb3: add some missing definitions from MS-FSCC (bsc#1192606). - smb3: add some more descriptive messages about share when mounting cache=ro (bsc#1164565). - smb3: add support for stat of WSL reparse points for special file types (bsc#1192606). - smb3: allow decryption keys to be dumped by admin for debugging (bsc#1164565). - smb3: allow disabling requesting leases (bnc#1151927 5.3.4). - smb3: allow parallelizing decryption of reads (bsc#1164565). - smb3: allow skipping signature verification for perf sensitive configurations (bsc#1164565). - smb3: allow uid and gid owners to be set on create with idsfromsid mount option (bsc#1192606). - smb3: change noisy error message to FYI (bsc#1192606). - smb3: cleanup some recent endian errors spotted by updated sparse (bsc#1164565). - smb3: correct server pointer dereferencing check to be more consistent (bsc#1192606). - smb3: correct smb3 ACL security descriptor (bsc#1192606). - smb3: default to minimum of two channels when multichannel specified (bsc#1192606). - smb3: display max smb3 requests in flight at any one time (bsc#1164565). - smb3: do not attempt multichannel to server which does not support it (bsc#1192606). - smb3: do not error on fsync when readonly (bsc#1192606). - smb3: do not setup the fscache_super_cookie until fsinfo initialized (bsc#1192606). - smb3: do not try to cache root directory if dir leases not supported (bsc#1192606). - smb3: dump in_send and num_waiters stats counters by default (bsc#1164565). - smb3: enable offload of decryption of large reads via mount option (bsc#1164565). - smb3: enable swap on SMB3 mounts (bsc#1192606). - smb3: extend fscache mount volume coherency check (bsc#1192606). - smb3: fix access denied on change notify request to some servers (bsc#1192606). - smb3: fix cached file size problems in duplicate extents (reflink) (bsc#1192606). - smb3: fix crediting for compounding when only one request in flight (bsc#1181507). - smb3: fix default permissions on new files when mounting with modefromsid (bsc#1164565). - smb3: fix incorrect number of credits when ioctl MaxOutputResponse > 64K (bsc#1192606). - smb3: fix leak in 'open on server' perf counter (bnc#1151927 5.3.4). - smb3: fix mode passed in on create for modetosid mount option (bsc#1164565). - smb3: fix performance regression with setting mtime (bsc#1164565). - smb3: fix posix extensions mount option (bsc#1192606). - smb3: fix possible access to uninitialized pointer to DACL (bsc#1192606). - smb3: fix potential null dereference in decrypt offload (bsc#1164565). - smb3: fix problem with null cifs super block with previous patch (bsc#1164565). - smb3: fix refcount underflow warning on unmount when no directory leases (bsc#1164565). - smb3: fix signing verification of large reads (bsc#1154355). - smb3: fix stat when special device file and mounted with modefromsid (bsc#1192606). - smb3: fix typo in header file (bsc#1192606). - smb3: fix typo in mount options displayed in /proc/mounts (bsc#1192606). - smb3: fix uninitialized value for port in witness protocol move (bsc#1192606). - smb3: fix unmount hang in open_shroot (bnc#1151927 5.3.4). - smb3: fix unneeded error message on change notify (bsc#1192606). - smb3: if max_channels set to more than one channel request multichannel (bsc#1192606). - smb3: improve check for when we send the security descriptor context on create (bsc#1164565). - smb3: improve handling of share deleted (and share recreated) (bsc#1154355). - smb3: limit noisy error (bsc#1192606). - smb3: log warning if CSC policy conflicts with cache mount option (bsc#1164565). - smb3: minor update to compression header definitions (bsc#1192606). - smb3: missing ACL related flags (bsc#1164565). - smb3: negotiate current dialect (SMB3.1.1) when version 3 or greater requested (bsc#1192606). - smb3: only offload decryption of read responses if multiple requests (bsc#1164565). - smb3: pass mode bits into create calls (bsc#1164565). - smb3: prevent races updating CurrentMid (bsc#1192606). - smb3: query attributes on file close (bsc#1164565). - smb3: rc uninitialized in one fallocate path (bsc#1192606). - smb3: remind users that witness protocol is experimental (bsc#1192606). - smb3: remove confusing dmesg when mounting with encryption ('seal') (bsc#1164565). - smb3: remove noisy debug message and minor cleanup (bsc#1164565). - smb3: remove overly noisy debug line in signing errors (bsc#1192606). - smb3: remove static checker warning (bsc#1192606). - smb3: remove trivial dfs compile warning (bsc#1192606, jsc#SLE-20042). - smb3: remove two unused variables (bsc#1192606). - smb3: remove unused flag passed into close functions (bsc#1164565). - smb3: set COMPOUND_FID to FileID field of subsequent compound request (bsc#1192606). - smb3: smbdirect support can be configured by default (bsc#1192606). - smb3: update protocol header definitions based to include new flags (bsc#1192606). - smb3: use SMB2_SIGNATURE_SIZE define (bsc#1192606). - smb3: warn on confusing error scenario with sec=krb5 (bsc#1176548). - smb3: when mounting with multichannel include it in requested capabilities (bsc#1192606). - smbdirect: missing rc checks while waiting for rdma events (bsc#1192606). - soc/tegra: Fix an error handling path in tegra_powergate_power_up() (git-fixes). - soc/tegra: pmc: Fix imbalanced clock disabling in error code path (git-fixes). - spi: bcm-qspi: Fix missing clk_disable_unprepare() on error in bcm_qspi_probe() (git-fixes). - spi: spl022: fix Microwire full duplex mode (git-fixes). - swiotlb-xen: avoid double free (git-fixes). - swiotlb: Fix the type of index (git-fixes). - tlb: mmu_gather: add tlb_flush_*_range APIs - tpm: fix potential NULL pointer access in tpm_del_char_device (bsc#1184209 ltc#190917 git-fixes bsc#1193660 ltc#195634). - tracing/histogram: Do not copy the fixed-size char array field over the field size (git-fixes). - tracing: Add length protection to histogram string copies (git-fixes). - tracing: Change STR_VAR_MAX_LEN (git-fixes). - tracing: Check pid filtering when creating events (git-fixes). - tracing: Fix pid filtering when triggers are attached (git-fixes). - tracing: use %ps format string to print symbols (git-fixes). - tty: hvc: replace BUG_ON() with negative return value (git-fixes). - tty: serial: msm_serial: Deactivate RX DMA for polling support (git-fixes). - tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc (git-fixes). - update structure definitions from updated protocol documentation (bsc#1192606). - usb-storage: Add compatibility quirk flags for iODD 2531/2541 (git-fixes). - usb: dwc2: gadget: Fix ISOC flow for elapsed frames (git-fixes). - usb: dwc2: hcd_queue: Fix use of floating point literal (git-fixes). - usb: host: ohci-tmio: check return value after calling platform_get_resource() (git-fixes). - usb: musb: tusb6010: check return value after calling platform_get_resource() (git-fixes). - usb: typec: fusb302: Fix masking of comparator and bc_lvl interrupts (git-fixes). - usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect (git-fixes). - usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect (git-fixes). - usb: xhci: Enable runtime-pm by default on AMD Yellow Carp platform (git-fixes). - vfs: check fd has read access in kernel_read_file_from_fd() (bsc#1194888). - vfs: do not parse forbidden flags (bsc#1192606). - x86/Xen: swap NX determination and GDT setup on BSP (git-fixes). - x86/cpu: Fix migration safety with X86_BUG_NULL_SEL (bsc#1152489). - x86/pkey: Fix undefined behaviour with PKRU_WD_BIT (bsc#1152489). - x86/pvh: add prototype for xen_pvh_init() (git-fixes). - x86/xen: Add xenpv_restore_regs_and_return_to_usermode() (bsc#1152489). - xen/blkfront: do not take local copy of a request from the ring page (git-fixes). - xen/blkfront: do not trust the backend response data blindly (git-fixes). - xen/blkfront: read response from backend only once (git-fixes). - xen/netfront: disentangle tx_skb_freelist (git-fixes). - xen/netfront: do not read data from request on the ring page (git-fixes). - xen/netfront: do not trust the backend response data blindly (git-fixes). - xen/netfront: read response from backend only once (git-fixes). - xen/privcmd: fix error handling in mmap-resource processing (git-fixes). - xen/pvh: add missing prototype to header (git-fixes). - xen/x86: fix PV trap handling on secondary processors (git-fixes). - xen: sync include/xen/interface/io/ring.h with Xen's newest version (git-fixes). - xhci: Fix USB 3.1 enumeration issues by increasing roothub power-on-good delay (git-fixes). - xhci: Fix commad ring abort, write all 64 bits to CRCR register (bsc#1192569). - xhci: Fix commad ring abort, write all 64 bits to CRCR register (git-fixes). - zram: fix return value on writeback_store (git-fixes). - zram: off by one in read_block_state() (git-fixes). Important SUSE bug 1071995 SUSE bug 1139944 SUSE bug 1151927 SUSE bug 1152489 SUSE bug 1153275 SUSE bug 1154353 SUSE bug 1154355 SUSE bug 1161907 SUSE bug 1164565 SUSE bug 1166780 SUSE bug 1169514 SUSE bug 1176242 SUSE bug 1176536 SUSE bug 1176544 SUSE bug 1176545 SUSE bug 1176546 SUSE bug 1176548 SUSE bug 1176558 SUSE bug 1176559 SUSE bug 1176940 SUSE bug 1176956 SUSE bug 1177440 SUSE bug 1178270 SUSE bug 1179211 SUSE bug 1179424 SUSE bug 1179426 SUSE bug 1179427 SUSE bug 1179599 SUSE bug 1179960 SUSE bug 1181148 SUSE bug 1181507 SUSE bug 1181710 SUSE bug 1183534 SUSE bug 1183540 SUSE bug 1183897 SUSE bug 1184209 SUSE bug 1185726 SUSE bug 1185902 SUSE bug 1187541 SUSE bug 1189126 SUSE bug 1189158 SUSE bug 1191271 SUSE bug 1191793 SUSE bug 1191876 SUSE bug 1192267 SUSE bug 1192507 SUSE bug 1192511 SUSE bug 1192569 SUSE bug 1192606 SUSE bug 1192845 SUSE bug 1192847 SUSE bug 1192877 SUSE bug 1192946 SUSE bug 1192969 SUSE bug 1192987 SUSE bug 1192990 SUSE bug 1192998 SUSE bug 1193002 SUSE bug 1193042 SUSE bug 1193169 SUSE bug 1193255 SUSE bug 1193306 SUSE bug 1193318 SUSE bug 1193349 SUSE bug 1193440 SUSE bug 1193442 SUSE bug 1193660 SUSE bug 1193669 SUSE bug 1193727 SUSE bug 1193767 SUSE bug 1193901 SUSE bug 1193927 SUSE bug 1194001 SUSE bug 1194087 SUSE bug 1194094 SUSE bug 1194302 SUSE bug 1194516 SUSE bug 1194517 SUSE bug 1194529 SUSE bug 1194888 SUSE bug 1194985 CVE-2020-27820 at SUSE CVE-2020-27820 at NVD CVE-2020-27825 at SUSE CVE-2020-27825 at NVD CVE-2021-28711 at SUSE CVE-2021-28711 at NVD CVE-2021-28712 at SUSE CVE-2021-28712 at NVD CVE-2021-28713 at SUSE CVE-2021-28713 at NVD CVE-2021-28714 at SUSE CVE-2021-28714 at NVD CVE-2021-28715 at SUSE CVE-2021-28715 at NVD CVE-2021-33098 at SUSE CVE-2021-33098 at NVD CVE-2021-4001 at SUSE CVE-2021-4001 at NVD CVE-2021-4002 at SUSE CVE-2021-4002 at NVD CVE-2021-4083 at SUSE CVE-2021-4083 at NVD CVE-2021-4135 at SUSE CVE-2021-4135 at NVD CVE-2021-4149 at SUSE CVE-2021-4149 at NVD CVE-2021-4197 at SUSE CVE-2021-4197 at NVD CVE-2021-4202 at SUSE CVE-2021-4202 at NVD CVE-2021-43975 at SUSE CVE-2021-43975 at NVD CVE-2021-43976 at SUSE CVE-2021-43976 at NVD CVE-2021-44733 at SUSE CVE-2021-44733 at NVD CVE-2021-45485 at SUSE CVE-2021-45485 at NVD CVE-2021-45486 at SUSE CVE-2021-45486 at NVD CVE-2022-0185 at SUSE CVE-2022-0185 at NVD CVE-2022-0322 at SUSE CVE-2022-0322 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for qemu fixes the following issues: - CVE-2020-13253: Fixed an OOB access that could crash the guest resulting in DoS (bsc#1172033) - CVE-2021-20196: Fixed null pointer dereference that may lead to guest crash (bsc#1181361). Low SUSE bug 1172033 SUSE bug 1181361 CVE-2020-13253 at SUSE CVE-2020-13253 at NVD CVE-2021-20196 at SUSE CVE-2021-20196 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-4083: Fixed race condition in Unix domain socket garbage collection that could lead to read memory after free (bsc#1193727). - CVE-2021-4135: Fixed an information leak in the nsim_bpf_map_alloc function (bsc#1193927). - CVE-2021-4149: Fixed improper lock operation in btrfs that allowed users to crash the kernel or deadlock the system (bsc#1194001). - CVE-2021-4197: Fixed a cgroup issue where lower privileged processes could write to fds of lower privileged ones that could lead to privilege escalation (bsc#1194302). - CVE-2021-4202: Fixed race condition in nci_request() that could cause use-after-free (bsc#1194529). - CVE-2021-44733: Fixed a use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel that occured because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object (bnc#1193767). - CVE-2021-45485: Fixed an information leak because of certain use of a hash table which use IPv6 source addresses (bsc#1194094). - CVE-2021-45486: Fixed an information leak because the hash table is very small in net/ipv4/route.c (bnc#1194087). - CVE-2022-0185: Incorrect param length parsing in legacy_parse_param which could have led to a local privilege escalation (bsc#1194517). - CVE-2022-0322: Fixed a denial of service in SCTP sctp_addto_chunk (bsc#1194985). The following non-security bugs were fixed: - ext4: Avoid trim error on fs with small groups (bsc#1191271). - fget: clarify and improve __fget_files() implementation (bsc#1193727). - kabi/severities: Add a kabi exception for drivers/tee/tee - kprobes: Limit max data_size of the kretprobe instances (bsc#1193669). - livepatch: Avoid CPU hogging with cond_resched (bsc#1071995). - media: Revert 'media: uvcvideo: Set unique vdev name based in type' (bsc#1193255). - moxart: fix potential use-after-free on remove path (bsc#1194516). - powerpc/fadump: Fix inaccurate CPU state info in vmcore generated with panic (bsc#1193901). - powerpc: handle kdump appropriately with crash_kexec_post_notifiers option (bsc#1193901). - tpm: fix potential NULL pointer access in tpm_del_char_device (bsc#1184209, bsc#1193660). - vfs: check fd has read access in kernel_read_file_from_fd() (bsc#1194888). Important SUSE bug 1071995 SUSE bug 1184209 SUSE bug 1191271 SUSE bug 1193255 SUSE bug 1193660 SUSE bug 1193669 SUSE bug 1193727 SUSE bug 1193767 SUSE bug 1193901 SUSE bug 1193927 SUSE bug 1194001 SUSE bug 1194087 SUSE bug 1194094 SUSE bug 1194302 SUSE bug 1194516 SUSE bug 1194517 SUSE bug 1194529 SUSE bug 1194888 SUSE bug 1194985 CVE-2021-4083 at SUSE CVE-2021-4083 at NVD CVE-2021-4135 at SUSE CVE-2021-4135 at NVD CVE-2021-4149 at SUSE CVE-2021-4149 at NVD CVE-2021-4197 at SUSE CVE-2021-4197 at NVD CVE-2021-4202 at SUSE CVE-2021-4202 at NVD CVE-2021-44733 at SUSE CVE-2021-44733 at NVD CVE-2021-45485 at SUSE CVE-2021-45485 at NVD CVE-2021-45486 at SUSE CVE-2021-45486 at NVD CVE-2022-0185 at SUSE CVE-2022-0185 at NVD CVE-2022-0322 at SUSE CVE-2022-0322 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for containerd, docker fixes the following issues: - CVE-2021-41089: Fixed 'cp' can chmod host files (bsc#1191015). - CVE-2021-41091: Fixed flaw that could lead to data directory traversal in moby (bsc#1191434). - CVE-2021-41092: Fixed exposed user credentials with a misconfigured configuration file (bsc#1191334). - CVE-2021-41103: Fixed file access to local users in containerd (bsc#1191121). - CVE-2021-41190: Fixed OCI manifest and index parsing confusion (bsc#1193273). Moderate SUSE bug 1191015 SUSE bug 1191121 SUSE bug 1191334 SUSE bug 1191434 SUSE bug 1193273 CVE-2021-41089 at SUSE CVE-2021-41089 at NVD CVE-2021-41091 at SUSE CVE-2021-41091 at NVD CVE-2021-41092 at SUSE CVE-2021-41092 at NVD CVE-2021-41103 at SUSE CVE-2021-41103 at NVD CVE-2021-41190 at SUSE CVE-2021-41190 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 The SUSE Linux Enterprise 15 SP2 LTSS kernel was updated receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195254). - CVE-2021-45095: Fixed refcount leak in pep_sock_accept in net/phonet/pep.c (bnc#1193867). - CVE-2022-22942: Fixed stale file descriptors on failed usercopy (bsc#1195065). - CVE-2021-22600: Fixed double free bug in packet_set_ring() in net/packet/af_packet.c that could have been exploited by a local user through crafted syscalls to escalate privileges or deny service (bnc#1195184). - CVE-2021-39657: Fixed out of bounds read due to a missing bounds check in ufshcd_eh_device_reset_handler of ufshcd.c. This could lead to local information disclosure with System execution privileges needed (bnc#1193864). - CVE-2021-39648: Fixed possible disclosure of kernel heap memory due to a race condition in gadget_dev_desc_UDC_show of configfs.c. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1193861). - CVE-2022-0330: Fixed flush TLBs before releasing backing store (bsc#1194880). The following non-security bugs were fixed: - bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds() (bsc#1194227). - btrfs: tree-checker: Add EXTENT_ITEM and METADATA_ITEM check (bsc#1195009). - btrfs: tree-checker: annotate all error branches as unlikely (bsc#1195009). - btrfs: tree-checker: check for BTRFS_BLOCK_FLAG_FULL_BACKREF being set improperly (bsc#1195009). - hv_netvsc: Set needed_headroom according to VF (bsc#1193506). - net, xdp: Introduce xdp_init_buff utility routine (bsc#1193506). - net, xdp: Introduce xdp_prepare_buff utility routine (bsc#1193506). - net: allow retransmitting a TCP packet if original is still in queue (bsc#1188605 bsc#1187428). - net: mana: Add RX fencing (bsc#1193506). - net: mana: Add XDP support (bsc#1193506). - net: sch_generic: aviod concurrent reset and enqueue op for lockless qdisc (bsc#1183405). - net: sched: add barrier to ensure correct ordering for lockless qdisc (bsc#1183405). - net: sched: avoid unnecessary seqcount operation for lockless qdisc (bsc#1183405). - net: sched: fix packet stuck problem for lockless qdisc (bsc#1183405). - net: sched: fix tx action reschedule issue with stopped queue (bsc#1183405). - net: sched: fix tx action rescheduling issue during deactivation (bsc#1183405). - net: sched: replaced invalid qdisc tree flush helper in qdisc_replace (bsc#1183405). - net_sched: avoid resetting active qdisc for multiple times (bsc#1183405). - net_sched: get rid of unnecessary dev_qdisc_reset() (bsc#1183405). - net_sched: use qdisc_reset() in qdisc_destroy() (bsc#1183405). - nvme: add 'iopolicy' module parameter (bsc#1177599 bsc#1193096). - xfrm: fix MTU regression (bsc#1185377, bsc#1194048). Critical SUSE bug 1177599 SUSE bug 1183405 SUSE bug 1185377 SUSE bug 1188605 SUSE bug 1193096 SUSE bug 1193506 SUSE bug 1193861 SUSE bug 1193864 SUSE bug 1193867 SUSE bug 1194048 SUSE bug 1194227 SUSE bug 1194880 SUSE bug 1195009 SUSE bug 1195065 SUSE bug 1195184 SUSE bug 1195254 CVE-2021-22600 at SUSE CVE-2021-22600 at NVD CVE-2021-39648 at SUSE CVE-2021-39648 at NVD CVE-2021-39657 at SUSE CVE-2021-39657 at NVD CVE-2021-45095 at SUSE CVE-2021-45095 at NVD CVE-2022-0330 at SUSE CVE-2022-0330 at NVD CVE-2022-0435 at SUSE CVE-2022-0435 at NVD CVE-2022-22942 at SUSE CVE-2022-22942 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for libvirt fixes the following issues: - CVE-2021-4147: libxl: Fix libvirtd deadlocks and segfaults. (bsc#1194041) - CVE-2021-3975: Add missing lock in qemuProcessHandleMonitorEOF. (bsc#1192876) Important SUSE bug 1183411 SUSE bug 1191668 SUSE bug 1192017 SUSE bug 1192876 SUSE bug 1193981 SUSE bug 1194041 CVE-2021-3975 at SUSE CVE-2021-3975 at NVD CVE-2021-4147 at SUSE CVE-2021-4147 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for xen fixes the following issues: - CVE-2022-23033: Fixed guest_physmap_remove_page not removing the p2m mappings. (XSA-393) (bsc#1194576) - CVE-2022-23034: Fixed possible DoS by a PV guest Xen while unmapping a grant. (XSA-394) (bsc#1194581) - CVE-2022-23035: Fixed insufficient cleanup of passed-through device IRQs. (XSA-395) (bsc#1194588) Important SUSE bug 1194576 SUSE bug 1194581 SUSE bug 1194588 CVE-2022-23033 at SUSE CVE-2022-23033 at NVD CVE-2022-23034 at SUSE CVE-2022-23034 at NVD CVE-2022-23035 at SUSE CVE-2022-23035 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for virglrenderer fixes the following issues: - CVE-2022-0135: Fixed out-of-bonds write in read_transfer_data() (bsc#1195389). Important SUSE bug 1195389 CVE-2022-0135 at SUSE CVE-2022-0135 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for expat fixes the following issues: - CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer (bsc#1195054). - CVE-2022-23990: Fixed integer overflow in the doProlog function (bsc#1195217). Important SUSE bug 1195054 SUSE bug 1195217 CVE-2022-23852 at SUSE CVE-2022-23852 at NVD CVE-2022-23990 at SUSE CVE-2022-23990 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for polkit fixes the following issues: - CVE-2021-4115: Fixed a denial of service via file descriptor leak (bsc#1195542). Moderate SUSE bug 1195542 CVE-2021-4115 at SUSE CVE-2021-4115 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195254). - CVE-2021-45095: Fixed refcount leak in pep_sock_accept in net/phonet/pep.c (bnc#1193867). - CVE-2022-22942: Fixed stale file descriptors on failed usercopy (bsc#1195065). - CVE-2021-22600: Fixed double free bug in packet_set_ring() in net/packet/af_packet.c that could have been exploited by a local user through crafted syscalls to escalate privileges or deny service (bnc#1195184). - CVE-2021-39657: Fixed out of bounds read due to a missing bounds check in ufshcd_eh_device_reset_handler of ufshcd.c. This could lead to local information disclosure with System execution privileges needed (bnc#1193864). - CVE-2021-39648: Fixed possible disclosure of kernel heap memory due to a race condition in gadget_dev_desc_UDC_show of configfs.c. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1193861). - CVE-2022-0330: Fixed flush TLBs before releasing backing store (bsc#1194880). The following non-security bugs were fixed: - bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds() (bsc#1194227). - btrfs: tree-checker: Add EXTENT_ITEM and METADATA_ITEM check (bsc#1195009). - btrfs: tree-checker: annotate all error branches as unlikely (bsc#1195009). - btrfs: tree-checker: check for BTRFS_BLOCK_FLAG_FULL_BACKREF being set improperly (bsc#1195009). - hv_netvsc: Set needed_headroom according to VF (bsc#1193506). - net, xdp: Introduce xdp_init_buff utility routine (bsc#1193506). - net, xdp: Introduce xdp_prepare_buff utility routine (bsc#1193506). - net: allow retransmitting a TCP packet if original is still in queue (bsc#1188605 bsc#1187428). - net: mana: Add RX fencing (bsc#1193506). - net: mana: Add XDP support (bsc#1193506). - net: sch_generic: aviod concurrent reset and enqueue op for lockless qdisc (bsc#1183405). - net: sched: add barrier to ensure correct ordering for lockless qdisc (bsc#1183405). - net: sched: avoid unnecessary seqcount operation for lockless qdisc (bsc#1183405). - net: sched: fix packet stuck problem for lockless qdisc (bsc#1183405). - net: sched: fix tx action reschedule issue with stopped queue (bsc#1183405). - net: sched: fix tx action rescheduling issue during deactivation (bsc#1183405). - net: sched: replaced invalid qdisc tree flush helper in qdisc_replace (bsc#1183405). - net_sched: avoid resetting active qdisc for multiple times (bsc#1183405). - net_sched: get rid of unnecessary dev_qdisc_reset() (bsc#1183405). - net_sched: use qdisc_reset() in qdisc_destroy() (bsc#1183405). - nvme: add 'iopolicy' module parameter (bsc#1177599 bsc#1193096). - xfrm: fix MTU regression (bsc#1185377, bsc#1194048). Critical SUSE bug 1177599 SUSE bug 1183405 SUSE bug 1185377 SUSE bug 1187428 SUSE bug 1188605 SUSE bug 1193096 SUSE bug 1193506 SUSE bug 1193861 SUSE bug 1193864 SUSE bug 1193867 SUSE bug 1194048 SUSE bug 1194227 SUSE bug 1194880 SUSE bug 1195009 SUSE bug 1195065 SUSE bug 1195184 SUSE bug 1195254 CVE-2021-22600 at SUSE CVE-2021-22600 at NVD CVE-2021-39648 at SUSE CVE-2021-39648 at NVD CVE-2021-39657 at SUSE CVE-2021-39657 at NVD CVE-2021-45095 at SUSE CVE-2021-45095 at NVD CVE-2022-0330 at SUSE CVE-2022-0330 at NVD CVE-2022-22942 at SUSE CVE-2022-22942 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20220207 release. - CVE-2021-0146: Fixed a potential security vulnerability in some Intel Processors may allow escalation of privilege (bsc#1192615) - CVE-2021-0127: Intel Processor Breakpoint Control Flow (bsc#1195779) - CVE-2021-0145: Fast store forward predictor - Cross Domain Training (bsc#1195780) - CVE-2021-33120: Out of bounds read for some Intel Atom processors (bsc#1195781) - Security updates for [INTEL-SA-00528](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00528.html) - Security updates for [INTEL-SA-00532](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00532.html) Important SUSE bug 1192615 SUSE bug 1195779 SUSE bug 1195780 SUSE bug 1195781 CVE-2021-0127 at SUSE CVE-2021-0127 at NVD CVE-2021-0145 at SUSE CVE-2021-0145 at NVD CVE-2021-0146 at SUSE CVE-2021-0146 at NVD CVE-2021-33120 at SUSE CVE-2021-33120 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for libmspack fixes the following issues: - CVE-2018-18586: Fixed directory traversal in chmextract by adding anti '../' and leading slash protection (bsc#1113040). Low SUSE bug 1113040 CVE-2018-18586 at SUSE CVE-2018-18586 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). Important SUSE bug 1196036 CVE-2022-24407 at SUSE CVE-2022-24407 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). Important SUSE bug 1196025 SUSE bug 1196026 SUSE bug 1196168 SUSE bug 1196169 SUSE bug 1196171 CVE-2022-25235 at SUSE CVE-2022-25235 at NVD CVE-2022-25236 at SUSE CVE-2022-25236 at NVD CVE-2022-25313 at SUSE CVE-2022-25313 at NVD CVE-2022-25314 at SUSE CVE-2022-25314 at NVD CVE-2022-25315 at SUSE CVE-2022-25315 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for wpa_supplicant fixes the following issues: - CVE-2022-23303: Fixed side-channel attacks in SAE (bsc#1194732). - CVE-2022-23304: Fixed side-channel attacks in EAP-pwd (bsc#1194733). Important SUSE bug 1194732 SUSE bug 1194733 CVE-2022-23303 at SUSE CVE-2022-23303 at NVD CVE-2022-23304 at SUSE CVE-2022-23304 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for gnutls fixes the following issues: - CVE-2021-4209: Fixed null pointer dereference in MD_UPDATE (bsc#1196167). Moderate SUSE bug 1196167 CVE-2021-4209 at SUSE CVE-2021-4209 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for containerd fixes the following issues: - CVE-2022-23648: A specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host (bsc#1196441). Moderate SUSE bug 1196441 CVE-2022-23648 at SUSE CVE-2022-23648 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for kernel-firmware fixes the following issues: - Update Intel Wireless firmware for 9xxx (CVE-2021-0161, CVE-2021-0164,CVE-2021-0165,CVE-2021-0066,CVE-2021-0166, CVE-2021-0168,CVE-2021-0170,CVE-2021-0172,CVE-2021-0173, CVE-2021-0174,CVE-2021-0175,CVE-2021-0076,CVE-2021-0176, CVE-2021-0183,CVE-2021-0072,INTEL-SA-00539,bsc#1196333): iwlwifi-9000-pu-b0-jf-b0-46.ucode iwlwifi-9000-pu-b0-jf-b0-46.ucode - Update Intel Bluetooth firmware (CVE-2021-33139,CVE-2021-33155, INTEL-SA-00604,bsc#1195786) Important SUSE bug 1195786 SUSE bug 1196333 CVE-2021-0066 at SUSE CVE-2021-0066 at NVD CVE-2021-0072 at SUSE CVE-2021-0072 at NVD CVE-2021-0076 at SUSE CVE-2021-0076 at NVD CVE-2021-0161 at SUSE CVE-2021-0161 at NVD CVE-2021-0164 at SUSE CVE-2021-0164 at NVD CVE-2021-0165 at SUSE CVE-2021-0165 at NVD CVE-2021-0166 at SUSE CVE-2021-0166 at NVD CVE-2021-0168 at SUSE CVE-2021-0168 at NVD CVE-2021-0170 at SUSE CVE-2021-0170 at NVD CVE-2021-0172 at SUSE CVE-2021-0172 at NVD CVE-2021-0173 at SUSE CVE-2021-0173 at NVD CVE-2021-0174 at SUSE CVE-2021-0174 at NVD CVE-2021-0175 at SUSE CVE-2021-0175 at NVD CVE-2021-0176 at SUSE CVE-2021-0176 at NVD CVE-2021-0183 at SUSE CVE-2021-0183 at NVD CVE-2021-33139 at SUSE CVE-2021-33139 at NVD CVE-2021-33155 at SUSE CVE-2021-33155 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for vim fixes the following issues: - CVE-2022-0318: Fixed heap-based buffer overflow (bsc#1195004). - CVE-2021-3796: Fixed use-after-free in nv_replace() in normal.c (bsc#1190570). - CVE-2021-3872: Fixed heap-based buffer overflow in win_redr_status() drawscreen.c (bsc#1191893). - CVE-2021-3927: Fixed heap-based buffer overflow (bsc#1192481). - CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478). - CVE-2021-4019: Fixed heap-based buffer overflow (bsc#1193294). - CVE-2021-3984: Fixed illegal memory access when C-indenting could have led to heap buffer overflow (bsc#1193298). - CVE-2021-3778: Fixed heap-based buffer overflow in regexp_nfa.c (bsc#1190533). - CVE-2021-4193: Fixed out-of-bounds read (bsc#1194216). - CVE-2021-46059: Fixed pointer dereference vulnerability via the vim_regexec_multi function at regexp.c (bsc#1194556). - CVE-2022-0319: Fixded out-of-bounds read (bsc#1195066). - CVE-2022-0351: Fixed uncontrolled recursion in eval7() (bsc#1195126). - CVE-2022-0361: Fixed buffer overflow (bsc#1195126). - CVE-2022-0413: Fixed use-after-free in src/ex_cmds.c (bsc#1195356). Important SUSE bug 1190533 SUSE bug 1190570 SUSE bug 1191893 SUSE bug 1192478 SUSE bug 1192481 SUSE bug 1193294 SUSE bug 1193298 SUSE bug 1194216 SUSE bug 1194556 SUSE bug 1195004 SUSE bug 1195066 SUSE bug 1195126 SUSE bug 1195202 SUSE bug 1195356 CVE-2021-3778 at SUSE CVE-2021-3778 at NVD CVE-2021-3796 at SUSE CVE-2021-3796 at NVD CVE-2021-3872 at SUSE CVE-2021-3872 at NVD CVE-2021-3927 at SUSE CVE-2021-3927 at NVD CVE-2021-3928 at SUSE CVE-2021-3928 at NVD CVE-2021-3984 at SUSE CVE-2021-3984 at NVD CVE-2021-4019 at SUSE CVE-2021-4019 at NVD CVE-2021-4193 at SUSE CVE-2021-4193 at NVD CVE-2021-46059 at SUSE CVE-2021-46059 at NVD CVE-2022-0318 at SUSE CVE-2022-0318 at NVD CVE-2022-0319 at SUSE CVE-2022-0319 at NVD CVE-2022-0351 at SUSE CVE-2022-0351 at NVD CVE-2022-0361 at SUSE CVE-2022-0361 at NVD CVE-2022-0413 at SUSE CVE-2022-0413 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer (BHB), named 'Branch Target Injection' and 'Intra-Mode Branch History Injection' are now mitigated. The following security bugs were fixed: - CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580). - CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc#1191580). - CVE-2022-0847: Fixed a vulnerability were a local attackers could overwrite data in arbitrary (read-only) files (bsc#1196584). - CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079) - CVE-2022-0644: Fixed a denial of service by a local user. A assertion failure could be triggered in kernel_read_file_from_fd() (bsc#1196155). - CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were not considered, which lead to a move_data_page NULL pointer dereference (bsc#1195987). - CVE-2022-24959: Fixed a memory leak in yam_siocdevprivate() in drivers/net/hamradio/yam.c (bsc#1195897). - CVE-2022-0487: A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove() in drivers/memstick/host/rtsx_usb_ms.c (bsc#1194516). - CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543). - CVE-2022-24448: Fixed an issue in fs/nfs/dir.c. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should have occured, but the server instead returned uninitialized data in the file descriptor (bsc#1195612). - CVE-2022-25375: The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory (bsc#1196235). - CVE-2022-0516: Fixed missing check in ioctl related to KVM in s390 allows kernel memory read/write (bsc#1195516). - CVE-2022-25258: The USB Gadget subsystem lacked certain validation of interface OS descriptor requests, which could have lead to memory corruption (bsc#1196096). - CVE-2022-24958: drivers/usb/gadget/legacy/inode.c mishandled dev->buf release (bsc#1195905). The following non-security bugs were fixed: - btrfs: check for missing device in btrfs_trim_fs (bsc#1195701). - gve: Add RX context (jsc#SLE-23652). - gve: Add a jumbo-frame device option (jsc#SLE-23652). - gve: Add consumed counts to ethtool stats (jsc#SLE-23652). - gve: Add optional metadata descriptor type GVE_TXD_MTD (jsc#SLE-23652). - gve: Correct order of processing device options (jsc#SLE-23652). - gve: Fix GFP flags when allocing pages (jsc#SLE-23652). - gve: Implement packet continuation for RX (jsc#SLE-23652). - gve: Implement suspend/resume/shutdown (jsc#SLE-23652). - gve: Move the irq db indexes out of the ntfy block struct (jsc#SLE-23652). - gve: Recording rx queue before sending to napi (jsc#SLE-23652). - gve: Update gve_free_queue_page_list signature (jsc#SLE-23652). - gve: Use kvcalloc() instead of kvzalloc() (jsc#SLE-23652). - gve: fix for null pointer dereference (jsc#SLE-23652). - gve: fix the wrong AdminQ buffer queue index check (jsc#SLE-23652). - gve: fix unmatched u64_stats_update_end() (jsc#SLE-23652). - gve: remove memory barrier around seqno (jsc#SLE-23652). - lib/iov_iter: initialize 'flags' in new pipe_buffer (bsc#1196584). - net: tipc: validate domain record count on input (bsc#1195254). - nfsd: allow delegation state ids to be revoked and then freed (bsc#1192483). - nfsd: allow lock state ids to be revoked and then freed (bsc#1192483). - nfsd: allow open state ids to be revoked and then freed (bsc#1192483). - nfsd: do not admin-revoke NSv4.0 state ids (bsc#1192483). - nfsd: prepare for supporting admin-revocation of state (bsc#1192483). - powerpc/pseries/ddw: Revert 'Extend upper limit for huge DMA window for persistent memory' (bsc#1195995 ltc#196394). - scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (bsc#1189126). - scsi: target: iscsi: Fix cmd abort fabric stop race (bsc#1195286). Important SUSE bug 1189126 SUSE bug 1191580 SUSE bug 1192483 SUSE bug 1194516 SUSE bug 1195254 SUSE bug 1195286 SUSE bug 1195516 SUSE bug 1195543 SUSE bug 1195612 SUSE bug 1195701 SUSE bug 1195897 SUSE bug 1195905 SUSE bug 1195908 SUSE bug 1195947 SUSE bug 1195949 SUSE bug 1195987 SUSE bug 1195995 SUSE bug 1196079 SUSE bug 1196095 SUSE bug 1196132 SUSE bug 1196155 SUSE bug 1196235 SUSE bug 1196584 SUSE bug 1196601 SUSE bug 1196612 SUSE bug 1196776 CVE-2021-44879 at SUSE CVE-2021-44879 at NVD CVE-2022-0001 at SUSE CVE-2022-0001 at NVD CVE-2022-0002 at SUSE CVE-2022-0002 at NVD CVE-2022-0487 at SUSE CVE-2022-0487 at NVD CVE-2022-0492 at SUSE CVE-2022-0492 at NVD CVE-2022-0516 at SUSE CVE-2022-0516 at NVD CVE-2022-0617 at SUSE CVE-2022-0617 at NVD CVE-2022-0644 at SUSE CVE-2022-0644 at NVD CVE-2022-0847 at SUSE CVE-2022-0847 at NVD CVE-2022-24448 at SUSE CVE-2022-24448 at NVD CVE-2022-24958 at SUSE CVE-2022-24958 at NVD CVE-2022-24959 at SUSE CVE-2022-24959 at NVD CVE-2022-25258 at SUSE CVE-2022-25258 at NVD CVE-2022-25375 at SUSE CVE-2022-25375 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer (BHB), named 'Branch Target Injection' and 'Intra-Mode Branch History Injection' are now mitigated. The following security bugs were fixed: - CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580). - CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc#1191580). - CVE-2022-0847: Fixed a vulnerability were a local attackers could overwrite data in arbitrary (read-only) files (bsc#1196584). The following non-security bugs were fixed: - btrfs: check for missing device in btrfs_trim_fs (bsc#1195701). - lib/iov_iter: initialize 'flags' in new pipe_buffer (bsc#1196584). - nfsd: allow delegation state ids to be revoked and then freed (bsc#1192483). - nfsd: allow open state ids to be revoked and then freed (bsc#1192483). - nfsd: do not admin-revoke NSv4.0 state ids (bsc#1192483). - nfsd: prepare for supporting admin-revocation of state (bsc#1192483). - powerpc/pseries/ddw: Revert 'Extend upper limit for huge DMA window for persistent memory' (bsc#1195995 ltc#196394). Important SUSE bug 1191580 SUSE bug 1192483 SUSE bug 1195701 SUSE bug 1195995 SUSE bug 1196584 CVE-2022-0001 at SUSE CVE-2022-0001 at NVD CVE-2022-0002 at SUSE CVE-2022-0002 at NVD CVE-2022-0847 at SUSE CVE-2022-0847 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for openssh fixes the following issues: - CVE-2021-41617: Fixed a potential privilege escalation for non-default configuration settings (bsc#1190975). Important SUSE bug 1190975 CVE-2021-41617 at SUSE CVE-2021-41617 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 glibc was updated to fix the following issues: Security issues fixed: - CVE-2022-23219: Fixed Buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768) - CVE-2022-23218: Buffer overflow in sunrpc svcunix_create (bsc#1194770) - CVE-2021-3999: Fixed getcwd to set errno to ERANGE for size == 1 (bsc#1194640) - CVE-2015-8985: Fixed Assertion failure in pop_fail_stack when executing a malformed regexp (bsc#1193625) Also the following bug was fixed: - Fix pthread_rwlock_try*lock stalls (bsc#1195560) Important SUSE bug 1193625 SUSE bug 1194640 SUSE bug 1194768 SUSE bug 1194770 SUSE bug 1195560 CVE-2015-8985 at SUSE CVE-2015-8985 at NVD CVE-2021-3999 at SUSE CVE-2021-3999 at NVD CVE-2022-23218 at SUSE CVE-2022-23218 at NVD CVE-2022-23219 at SUSE CVE-2022-23219 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for expat fixes the following issues: - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). Important SUSE bug 1196025 SUSE bug 1196784 CVE-2022-25236 at SUSE CVE-2022-25236 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for chrony fixes the following issues: Chrony was updated to 4.1, bringing features and bugfixes. Update to 4.1 * Add support for NTS servers specified by IP address (matching Subject Alternative Name in server certificate) * Add source-specific configuration of trusted certificates * Allow multiple files and directories with trusted certificates * Allow multiple pairs of server keys and certificates * Add copy option to server/pool directive * Increase PPS lock limit to 40% of pulse interval * Perform source selection immediately after loading dump files * Reload dump files for addresses negotiated by NTS-KE server * Update seccomp filter and add less restrictive level * Restart ongoing name resolution on online command * Fix dump files to not include uncorrected offset * Fix initstepslew to accept time from own NTP clients * Reset NTP address and port when no longer negotiated by NTS-KE server - Ensure the correct pool packages are installed for openSUSE and SLE (bsc#1180689). - Fix pool package dependencies, so that SLE prefers chrony-pool-suse over chrony-pool-empty. (bsc#1194229) - Enable syscallfilter unconditionally [bsc#1181826]. Update to 4.0 - Enhancements - Add support for Network Time Security (NTS) authentication - Add support for AES-CMAC keys (AES128, AES256) with Nettle - Add authselectmode directive to control selection of unauthenticated sources - Add binddevice, bindacqdevice, bindcmddevice directives - Add confdir directive to better support fragmented configuration - Add sourcedir directive and 'reload sources' command to support dynamic NTP sources specified in files - Add clockprecision directive - Add dscp directive to set Differentiated Services Code Point (DSCP) - Add -L option to limit log messages by severity - Add -p option to print whole configuration with included files - Add -U option to allow start under non-root user - Allow maxsamples to be set to 1 for faster update with -q/-Q option - Avoid replacing NTP sources with sources that have unreachable address - Improve pools to repeat name resolution to get 'maxsources' sources - Improve source selection with trusted sources - Improve NTP loop test to prevent synchronisation to itself - Repeat iburst when NTP source is switched from offline state to online - Update clock synchronisation status and leap status more frequently - Update seccomp filter - Add 'add pool' command - Add 'reset sources' command to drop all measurements - Add authdata command to print details about NTP authentication - Add selectdata command to print details about source selection - Add -N option and sourcename command to print original names of sources - Add -a option to some commands to print also unresolved sources - Add -k, -p, -r options to clients command to select, limit, reset data - Bug fixes - Don’t set interface for NTP responses to allow asymmetric routing - Handle RTCs that don’t support interrupts - Respond to command requests with correct address on multihomed hosts - Removed features - Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320) - Drop support for long (non-standard) MACs in NTPv4 packets (chrony 2.x clients using non-MD5/SHA1 keys need to use option 'version 3') - Drop support for line editing with GNU Readline - By default we don't write log files but log to journald, so only recommend logrotate. - Adjust and rename the sysconfig file, so that it matches the expectations of chronyd.service (bsc#1173277). Update to 3.5.1: * Create new file when writing pidfile (CVE-2020-14367, bsc#1174911) - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) - Use iburst in the default pool statements to speed up initial synchronisation (bsc#1172113). Update to 3.5: + Add support for more accurate reading of PHC on Linux 5.0 + Add support for hardware timestamping on interfaces with read-only timestamping configuration + Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris + Update seccomp filter to work on more architectures + Validate refclock driver options + Fix bindaddress directive on FreeBSD + Fix transposition of hardware RX timestamp on Linux 4.13 and later + Fix building on non-glibc systems - Fix location of helper script in chrony-dnssrv@.service (bsc#1128846). - Read runtime servers from /var/run/netconfig/chrony.servers to fix bsc#1099272. - Move chrony-helper to /usr/lib/chrony/helper, because there should be no executables in /usr/share. Update to version 3.4 * Enhancements + Add filter option to server/pool/peer directive + Add minsamples and maxsamples options to hwtimestamp directive + Add support for faster frequency adjustments in Linux 4.19 + Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd without root privileges to remove it on exit + Disable sub-second polling intervals for distant NTP sources + Extend range of supported sub-second polling intervals + Get/set IPv4 destination/source address of NTP packets on FreeBSD + Make burst options and command useful with short polling intervals + Modify auto_offline option to activate when sending request failed + Respond from interface that received NTP request if possible + Add onoffline command to switch between online and offline state according to current system network configuration + Improve example NetworkManager dispatcher script * Bug fixes + Avoid waiting in Linux getrandom system call + Fix PPS support on FreeBSD and NetBSD Update to version 3.3 * Enhancements: + Add burst option to server/pool directive + Add stratum and tai options to refclock directive + Add support for Nettle crypto library + Add workaround for missing kernel receive timestamps on Linux + Wait for late hardware transmit timestamps + Improve source selection with unreachable sources + Improve protection against replay attacks on symmetric mode + Allow PHC refclock to use socket in /var/run/chrony + Add shutdown command to stop chronyd + Simplify format of response to manual list command + Improve handling of unknown responses in chronyc * Bug fixes: + Respond to NTPv1 client requests with zero mode + Fix -x option to not require CAP_SYS_TIME under non-root user + Fix acquisitionport directive to work with privilege separation + Fix handling of socket errors on Linux to avoid high CPU usage + Fix chronyc to not get stuck in infinite loop after clock step Moderate SUSE bug 1099272 SUSE bug 1115529 SUSE bug 1128846 SUSE bug 1162964 SUSE bug 1172113 SUSE bug 1173277 SUSE bug 1174075 SUSE bug 1174911 SUSE bug 1180689 SUSE bug 1181826 SUSE bug 1187906 SUSE bug 1190926 SUSE bug 1194229 CVE-2020-14367 at SUSE CVE-2020-14367 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for openssl-1_1 fixes the following issues: openssl-1_1: - CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877). - Fix PAC pointer authentication in ARM (bsc#1195856) - Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792) - FIPS: Fix function and reason error codes (bsc#1182959) - Enable zlib compression support (bsc#1195149) glibc: - Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1 linux-glibc-devel: - Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1 libxcrypt: - Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1 zlib: - Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1 Important SUSE bug 1182959 SUSE bug 1195149 SUSE bug 1195792 SUSE bug 1195856 SUSE bug 1196877 CVE-2022-0778 at SUSE CVE-2022-0778 at NVD cpe:/o:suse:suse-microos:5.0 SUSE Linux Enterprise Micro 5.0 This update for slirp4netns fixes the following issues: - CVE-2020-29130: Fixed an invalid memory access while processing ARP packets (bsc#1179467). Moderate SUSE bug 1179467 CVE-2020-29130 at SUSE CVE-2020-29130 at NVD cpe:/o:suse:suse-microos:5.0