openSUSE-Leap-Micro-5.5-2024-1867
Security update for fwupdate
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update of fwupdate fixes the following issues:
- rebuild the package with the new secure boot key (bsc#1209188).
- Update the email address of security team in SBAT (bsc#1221301)
- elf_aarch64_efi.lds: set the memory permission explicitly to
avoid ld warning like "LOAD segment with RWX permissions"
fwupdate-12-150100.11.15.2.src.rpm
fwupdate-12-150100.11.15.2.x86_64.rpm
fwupdate-efi-12-150100.11.15.2.x86_64.rpm
libfwup1-12-150100.11.15.2.x86_64.rpm
openSUSE-Leap-Micro-5.5-2023-2811
Recommended update for libfido2, python-fido2, yubikey-manager, yubikey-manager-qt
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for libfido2, python-fido2, yubikey-manager, yubikey-manager-qt fixes the following issues:
This update provides a feature update to the FIDO2 stack.
Changes in libfido2:
- Version 1.13.0 (2023-02-20)
* New API calls:
+ fido_assert_empty_allow_list;
+ fido_cred_empty_exclude_list.
* fido2-token: fix issue when listing large blobs.
- Version 1.12.0 (2022-09-22)
* Support for COSE_ES384.
* Improved support for FIDO 2.1 authenticators.
* New API calls:
+ es384_pk_free;
+ es384_pk_from_EC_KEY;
+ es384_pk_from_EVP_PKEY;
+ es384_pk_from_ptr;
+ es384_pk_new;
+ es384_pk_to_EVP_PKEY;
+ fido_cbor_info_certs_len;
+ fido_cbor_info_certs_name_ptr;
+ fido_cbor_info_certs_value_ptr;
+ fido_cbor_info_maxrpid_minpinlen;
+ fido_cbor_info_minpinlen;
+ fido_cbor_info_new_pin_required;
+ fido_cbor_info_rk_remaining;
+ fido_cbor_info_uv_attempts;
+ fido_cbor_info_uv_modality.
* Documentation and reliability fixes.
- Version 1.11.0 (2022-05-03)
* Experimental PCSC support; enable with -DUSE_PCSC.
* Improved OpenSSL 3.0 compatibility.
* Use RFC1951 raw deflate to compress CTAP 2.1 largeBlobs.
* winhello: advertise "uv" instead of "clientPin".
* winhello: support hmac-secret in fido_dev_get_assert().
* New API calls:
+ fido_cbor_info_maxlargeblob.
* Documentation and reliability fixes.
* Separate build and regress targets.
- Version 1.10.0 (2022-01-17)
* bio: fix CTAP2 canonical CBOR encoding in fido_bio_dev_enroll_*(); gh#480.
* New API calls:
- fido_dev_info_set;
- fido_dev_io_handle;
- fido_dev_new_with_info;
- fido_dev_open_with_info.
* Cygwin and NetBSD build fixes.
* Documentation and reliability fixes.
* Support for TPM 2.0 attestation of COSE_ES256 credentials.
- Version 1.9.0 (2021-10-27)
* Enabled NFC support on Linux.
* Support for FIDO 2.1 "minPinLength" extension.
* Support for COSE_EDDSA, COSE_ES256, and COSE_RS1 attestation.
* Support for TPM 2.0 attestation.
* Support for device timeouts; see fido_dev_set_timeout().
* New API calls:
- es256_pk_from_EVP_PKEY;
- fido_cred_attstmt_len;
- fido_cred_attstmt_ptr;
- fido_cred_pin_minlen;
- fido_cred_set_attstmt;
- fido_cred_set_pin_minlen;
- fido_dev_set_pin_minlen_rpid;
- fido_dev_set_timeout;
- rs256_pk_from_EVP_PKEY.
* Reliability and portability fixes.
* Better handling of HID devices without identification strings; gh#381.
- Update to version 1.8.0:
* Better support for FIDO 2.1 authenticators.
* Support for attestation format 'none'.
* New API calls:
- fido_assert_set_clientdata;
- fido_cbor_info_algorithm_cose;
- fido_cbor_info_algorithm_count;
- fido_cbor_info_algorithm_type;
- fido_cbor_info_transports_len;
- fido_cbor_info_transports_ptr;
- fido_cred_set_clientdata;
- fido_cred_set_id;
- fido_credman_set_dev_rk;
- fido_dev_is_winhello.
* fido2-token: new -Sc option to update a resident credential.
* Documentation and reliability fixes.
* HID access serialisation on Linux.
- Update to version 1.7.0:
* hid_win: detect devices with vendor or product IDs > 0x7fff
* Support for FIDO 2.1 authenticator configuration.
* Support for FIDO 2.1 UV token permissions.
* Support for FIDO 2.1 "credBlobs" and "largeBlobs" extensions.
* New API calls
* New fido_init flag to disable fido_dev_open’s U2F fallback
* Experimental NFC support on Linux.
- Enabled hidapi again, issues related to hidapi are fixed upstream
- Update to version 1.6.0:
* Documentation and reliability fixes.
* New API calls:
+ fido_cred_authdata_raw_len;
+ fido_cred_authdata_raw_ptr;
+ fido_cred_sigcount;
+ fido_dev_get_uv_retry_count;
+ fido_dev_supports_credman.
* Hardened Windows build.
* Native FreeBSD and NetBSD support.
* Use CTAP2 canonical CBOR when combining hmac-secret and credProtect.
- Create a udev subpackage and ship the udev rule.
Changes in python-fido2:
- update to 0.9.3:
* Don't fail device discovery when hidraw doesn't support HIDIOCGRAWUNIQ
* Support the latest Windows webauthn.h API (included in Windows 11).
* Add product name and serial number to HidDescriptors.
* Remove the need for the uhid-freebsd dependency on FreeBSD.
- Update to version 0.9.1
* Add new CTAP error codes and improve handling of unknown codes.
* Client: API changes to better support extensions.
* Client.make_credential now returns a AuthenticatorAttestationResponse,
which holds the AttestationObject and ClientData, as well as any
client extension results for the credential.
* Client.get_assertion now returns an AssertionSelection object,
which is used to select between multiple assertions
* Renames: The CTAP1 and CTAP2 classes have been renamed to
Ctap1 and Ctap2, respectively.
* ClientPin: The ClientPin API has been restructured to support
multiple PIN protocols, UV tokens, and token permissions.
* CTAP 2.1 PRE: Several new features have been added for CTAP 2.1
* HID: The platform specific HID code has been revamped
- Version 0.8.1 (released 2019-11-25)
* Bugfix: WindowsClient.make_credential error when resident key requirement is unspecified.
- Version 0.8.0 (released 2019-11-25)
* New fido2.webauthn classes modeled after the W3C WebAuthn spec introduced.
* CTAP2 send_cbor/make_credential/get_assertion and U2fClient request/authenticate timeout arguments replaced with event used to cancel a request.
* Fido2Client:
- make_credential/get_assertion now take WebAuthn options objects.
- timeout is now provided in ms in WebAuthn options objects. Event based cancelation also available by passing an Event.
* Fido2Server:
- ATTESTATION, USER_VERIFICATION, and AUTHENTICATOR_ATTACHMENT enums have been replaced with fido2.webauthn classes.
- RelyingParty has been replaced with PublicKeyCredentialRpEntity, and name is no longer optional.
- Options returned by register_begin/authenticate_begin now omit unspecified values if they are optional, instead of filling in default values.
- Fido2Server.allowed_algorithms now contains a list of PublicKeyCredentialParameters instead of algorithm identifiers.
- Fido2Server.timeout is now in ms and of type int.
* Support native WebAuthn API on Windows through WindowsClient.
- Version 0.7.2 (released 2019-10-24)
* Support for the TPM attestation format.
* Allow passing custom challenges to register/authenticate in Fido2Server.
* Bugfix: CTAP2 CANCEL command response handling fixed.
* Bugfix: Fido2Client fix handling of empty allow_list.
* Bugfix: Fix typo in CTAP2.get_assertions() causing it to fail.
- Version 0.7.1 (released 2019-09-20)
* Enforce canonical CBOR on Authenticator responses by default.
* PCSC: Support extended APDUs.
* Server: Verify that UP flag is set.
* U2FFido2Server: Implement AppID exclusion extension.
* U2FFido2Server: Allow custom U2F facet verification.
* Bugfix: U2FFido2Server.authenticate_complete now returns the result.
- Version 0.7.0 (released 2019-06-17)
* Add support for NFC devices using PCSC.
* Add support for the hmac-secret Authenticator extension.
* Honor max credential ID length and number of credentials to Authenticator.
* Add close() method to CTAP devices to explicitly release their resources.
- Version 0.6.0 (released 2019-05-10)
* Don't fail if CTAP2 Info contains unknown fields.
* Replace cbor loads/dumps functions with encode/decode/decode_from.
* Server: Add support for AuthenticatorAttachment.
* Server: Add support for more key algorithms.
* Client: Expose CTAP2 Info object as Fido2Client.info.
Changes in yubikey-manager:
- Update to version 4.0.9 (released 2022-06-17)
* Dependency: Add support for python-fido2 1.x
* Fix: Drop stated support for Click 6 as features from 7 are being used.
- Update to version 4.0.8 (released 2022-01-31)
* Bugfix: Fix error message for invalid modhex when programing a YubiOTP credential.
* Bugfix: Fix issue with displaying a Steam credential when it is the only account.
* Bugfix: Prevent installation of files in site-packages root.
* Bugfix: Fix cleanup logic in PIV for protected management key.
* Add support for token identifier when programming slot-based HOTP.
* Add support for programming NDEF in text mode.
* Dependency: Add support for Cryptography ⇐ 38.
- version update to 4.0.7
** Bugfix release: Fix broken naming for "YubiKey 4", and a small OATH issue with
touch Steam credentials.
- version 4.0.6 (released 2021-09-08)
** Improve handling of YubiKey device reboots.
** More consistently mask PIN/password input in prompts.
** Support switching mode over CCID for YubiKey Edge.
** Run pkill from PATH instead of fixed location.
- version 4.0.5 (released 2021-07-16)
** Bugfix: Fix PIV feature detection for some YubiKey NEO versions.
** Bugfix: Fix argument short form for --period when adding TOTP credentials.
** Bugfix: More strict validation for some arguments, resulting in better error messages.
** Bugfix: Correctly handle TOTP credentials using period != 30 AND touch_required.
** Bugfix: Fix prompting for access code in the otp settings command (now uses "-A -").
- Update to version 4.0.3
* Add support for fido reset over NFC.
* Bugfix: The --touch argument to piv change-management-key was
ignored.
* Bugfix: Don’t prompt for password when importing PIV key/cert
if file is invalid.
* Bugfix: Fix setting touch-eject/auto-eject for YubiKey 4 and NEO.
* Bugfix: Detect PKCS#12 format when outer sequence uses
indefinite length.
* Dependency: Add support for Click 8.
- Update to version 4.0.2
* Update device names
* Add read_info output to the --diagnose command, and show
exception types.
* Bugfix: Fix read_info for YubiKey Plus.
* Add support for YK5-based FIPS YubiKeys.
* Bugfix: Fix OTP device enumeration on Win32.
* Drop reliance on libusb and libykpersonalize.
* Support the "fido" and "otp" subcommands over NFC
* New "ykman --diagnose" command to aid in troubleshooting.
* New "ykman apdu" command for sending raw APDUs over the smart
card interface.
* New "yubikit" package added for custom development and advanced
scripting.
* OpenPGP: Add support for KDF enabled YubiKeys.
* Static password: Add support for FR, IT, UK and BEPO keyboard
layouts.
- Update to 3.1.1
* Add support for YubiKey 5C NFC
* OpenPGP: set-touch now performs compatibility checks before prompting for PIN
* OpenPGP: Improve error messages and documentation for set-touch
* PIV: read-object command no longer adds a trailing newline
* CLI: Hint at missing permissions when opening a device fails
* Linux: Improve error handling when pcscd is not running
* Windows: Improve how .DLL files are loaded, thanks to Marius Gabriel Mihai for reporting this!
* Bugfix: set-touch now accepts the cached-fixed option
* Bugfix: Fix crash in OtpController.prepare_upload_key() error parsing
* Bugfix: Fix crash in piv info command when a certificate slot contains an invalid certificate
* Library: PivController.read_certificate(slot) now wraps certificate parsing exceptions in new exception type InvalidCertificate
* Library: PivController.list_certificates() now returns None for slots containing invalid certificate, instead of raising an exception
- Version 3.1.0 (released 2019-08-20)
* Add support for YubiKey 5Ci
* OpenPGP: the info command now prints OpenPGP specification version as well
* OpenPGP: Update support for attestation to match OpenPGP v3.4
* PIV: Use UTC time for self-signed certificates
* OTP: Static password now supports the Norman keyboard layout
- Version 3.0.0 (released 2019-06-24)
* Add support for new YubiKey Preview and lightning form factor
* FIDO: Support for credential management
* OpenPGP: Support for OpenPGP attestation, cardholder certificates and
cached touch policies
* OTP: Add flag for using numeric keypad when sending digits
- Version 2.1.1 (released 2019-05-28)
* OTP: Add initial support for uploading Yubico OTP credentials to YubiCloud
* Don’t automatically select the U2F applet on YubiKey NEO, it might be
blocked by the OS
* ChalResp: Always pad challenge correctly
* Bugfix: Don’t crash with older versions of cryptography
* Bugfix: Password was always prompted in OATH command, even if sent as
argument
Changes in yubikey-manager-qt:
- update to 1.2.5:
* Compatibility update for ykman 5.0.1.
* Update to Python 3.11.
* Update product images.
- Update to version 1.2.4 (released 2021-10-26)
* Update device names and images.
* PIV: Fix import of certificate.
- Update to version 1.2.3
* Improved error handling when using Security Key Series devices.
* PIV: Fix generation of certificate in slot 9c.
- Update to version 1.2.2
* Fix detection of YubiKey Plus
* Compatibility update for yubikey-manager 4.0
* Bugfix: Device caching with multiple devices
* Drop dependencies on libusb and libykpers.
* Add additional product names and images
- update to 1.1.5
* Add support for YubiKey 5C NFC
- Update to version 1.1.4
* OTP: Add option to upload YubiOTP credential to YubiCloud
* Linux: Show hint about pcscd service if opening device fails
* Bugfix: Signal handling now compatible with Python 3.8
- Version 1.1.3 (released 2019-08-20)
* Add suppport for YubiKey 5Ci
* PIV: Use UTC time for self-signed certificates
- Version 1.1.2 (released 2019-06-24)
* Add support for new YubiKey Preview
* PIV: The popup for the management key now have a "Use default" option
* Windows: Fix issue with importing PIV certificates
* Bugfix: generate static password now works correctly
libfido2-1-1.13.0-150400.5.3.1.x86_64.rpm
libfido2-1.13.0-150400.5.3.1.src.rpm
libfido2-1-1.13.0-150400.5.3.1.s390x.rpm
libfido2-1-1.13.0-150400.5.3.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-81
Recommended update for ceph
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for ceph fixes the following issues:
- Fix FTBFS on gcc 13 (bsc#1201088)
- Fix FTBFS on s390x (bsc#1211090)
- ceph-volume: Fix regression in activate (bsc#1210243, bsc#1210314)
- cephadm: Fix NFS haproxy failover if active node disappears (bsc#1209621)
- cephadm: Mount host /etc/hosts for daemon containers in podman deployments (bsc#1210719)
- cmake: Patch boost source to support python 3.11 (bsc#1210944)
- mgr: Don't dump global config holding gil (bsc#1199880)
- mgr/cephadm: Fix handling of mgr upgrades with 3 or more mgrs (bsc#1210153)
- mgr/dashboard: allow to pass controls on iscsi disk create (bsc#1208820)
- mgr/dashboard: Fix SSO error: 'str' object has no attribute 'decode' (bsc#1210784)
ceph-16.2.13.66+g54799ee0666-150400.3.9.2.src.rpm
librados2-16.2.13.66+g54799ee0666-150400.3.9.2.x86_64.rpm
librbd1-16.2.13.66+g54799ee0666-150400.3.9.2.x86_64.rpm
librados2-16.2.13.66+g54799ee0666-150400.3.9.2.aarch64.rpm
librbd1-16.2.13.66+g54799ee0666-150400.3.9.2.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-3082
Security update for qemu
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for qemu fixes the following issues:
- CVE-2023-3301: Fixed incorrect cleanup of the vdpa/vhost-net structures if peer nic is present (bsc#1213414).
- CVE-2023-0330: Fixed reentrancy issues in the LSI controller (bsc#1207205).
- CVE-2023-2861: Fixed opening special files in 9pfs (bsc#1212968).
- CVE-2023-3255: Fixed infinite loop in inflate_buffer() leads to denial of service (bsc#1213001).
Bugfixes:
- hw/ide/piix: properly initialize the BMIBA register (bsc#bsc#1179993)
- Fixed issue where Guest did not run on XEN SLES15SP2 (bsc#1181740).
qemu-7.1.0-150500.49.6.1.src.rpm
qemu-7.1.0-150500.49.6.1.x86_64.rpm
qemu-accel-tcg-x86-7.1.0-150500.49.6.1.x86_64.rpm
qemu-audio-spice-7.1.0-150500.49.6.1.x86_64.rpm
qemu-block-curl-7.1.0-150500.49.6.1.x86_64.rpm
qemu-chardev-spice-7.1.0-150500.49.6.1.x86_64.rpm
qemu-guest-agent-7.1.0-150500.49.6.1.x86_64.rpm
qemu-hw-display-qxl-7.1.0-150500.49.6.1.x86_64.rpm
qemu-hw-display-virtio-gpu-7.1.0-150500.49.6.1.x86_64.rpm
qemu-hw-display-virtio-vga-7.1.0-150500.49.6.1.x86_64.rpm
qemu-hw-usb-redirect-7.1.0-150500.49.6.1.x86_64.rpm
qemu-ipxe-1.0.0+-150500.49.6.1.noarch.rpm
qemu-seabios-1.16.0_0_gd239552-150500.49.6.1.noarch.rpm
qemu-sgabios-8-150500.49.6.1.noarch.rpm
qemu-tools-7.1.0-150500.49.6.1.x86_64.rpm
qemu-ui-opengl-7.1.0-150500.49.6.1.x86_64.rpm
qemu-ui-spice-core-7.1.0-150500.49.6.1.x86_64.rpm
qemu-vgabios-1.16.0_0_gd239552-150500.49.6.1.noarch.rpm
qemu-x86-7.1.0-150500.49.6.1.x86_64.rpm
qemu-7.1.0-150500.49.6.1.s390x.rpm
qemu-audio-spice-7.1.0-150500.49.6.1.s390x.rpm
qemu-block-curl-7.1.0-150500.49.6.1.s390x.rpm
qemu-chardev-spice-7.1.0-150500.49.6.1.s390x.rpm
qemu-guest-agent-7.1.0-150500.49.6.1.s390x.rpm
qemu-hw-display-qxl-7.1.0-150500.49.6.1.s390x.rpm
qemu-hw-display-virtio-gpu-7.1.0-150500.49.6.1.s390x.rpm
qemu-hw-display-virtio-vga-7.1.0-150500.49.6.1.s390x.rpm
qemu-hw-usb-redirect-7.1.0-150500.49.6.1.s390x.rpm
qemu-s390x-7.1.0-150500.49.6.1.s390x.rpm
qemu-tools-7.1.0-150500.49.6.1.s390x.rpm
qemu-ui-opengl-7.1.0-150500.49.6.1.s390x.rpm
qemu-ui-spice-core-7.1.0-150500.49.6.1.s390x.rpm
qemu-7.1.0-150500.49.6.1.aarch64.rpm
qemu-arm-7.1.0-150500.49.6.1.aarch64.rpm
qemu-audio-spice-7.1.0-150500.49.6.1.aarch64.rpm
qemu-block-curl-7.1.0-150500.49.6.1.aarch64.rpm
qemu-chardev-spice-7.1.0-150500.49.6.1.aarch64.rpm
qemu-guest-agent-7.1.0-150500.49.6.1.aarch64.rpm
qemu-hw-display-qxl-7.1.0-150500.49.6.1.aarch64.rpm
qemu-hw-display-virtio-gpu-7.1.0-150500.49.6.1.aarch64.rpm
qemu-hw-display-virtio-vga-7.1.0-150500.49.6.1.aarch64.rpm
qemu-hw-usb-redirect-7.1.0-150500.49.6.1.aarch64.rpm
qemu-tools-7.1.0-150500.49.6.1.aarch64.rpm
qemu-ui-opengl-7.1.0-150500.49.6.1.aarch64.rpm
qemu-ui-spice-core-7.1.0-150500.49.6.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-3850
Recommended update for evolution
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for evolution and its dependencies fixes the following issues:
evolution:
- Handle frame flattening change in WebKitGTK 2.40 (bsc#1213858)
bogofilter, evolution-data-server, gcr, geocode-glib, gjs, glade, gnome-autoar,
gnome-desktop, gnome-online-accounts, gsl, gspell, gtkspell3, libcanberra, libgdata,
libgweather, libical, liboauth, libphonenumber, librest, libxkbcommon, mozjs78:
- Deliver missing direct and indirect dependencies of evolution
to SUSE Package Hub 15 SP{4,5} for aarch64, ppc64le and s390x
- There are NO code changes
libxkbcommon-1.3.0-150400.3.2.2.src.rpm
libxkbcommon0-1.3.0-150400.3.2.2.x86_64.rpm
libxkbcommon0-1.3.0-150400.3.2.2.s390x.rpm
libxkbcommon0-1.3.0-150400.3.2.2.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-3817
Security update for containerd
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update of containerd fixes the following issues:
- rebuild the package with the go 1.21 security release (bsc#1212475).
containerd-1.6.21-150000.95.1.src.rpm
containerd-1.6.21-150000.95.1.x86_64.rpm
containerd-1.6.21-150000.95.1.s390x.rpm
containerd-1.6.21-150000.95.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-3952
Security update for runc
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update of runc fixes the following issues:
- Update to runc v1.1.8.
Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.1.8>.
- rebuild the package with the go 1.21 security release (bsc#1212475).
runc-1.1.8-150000.49.1.src.rpm
runc-1.1.8-150000.49.1.x86_64.rpm
runc-1.1.8-150000.49.1.s390x.rpm
runc-1.1.8-150000.49.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-3637
Recommended update for cloud-netconfig
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for cloud-netconfig fixes the following issues:
- Update to version 1.8:
- Fix Automatic Addition of Secondary IP Addresses in Azure Using cloud-netconfig. (bsc#1214715)
cloud-netconfig-azure-1.8-150000.25.11.1.noarch.rpm
cloud-netconfig-azure-1.8-150000.25.11.1.src.rpm
cloud-netconfig-ec2-1.8-150000.25.11.1.noarch.rpm
cloud-netconfig-ec2-1.8-150000.25.11.1.src.rpm
cloud-netconfig-gce-1.8-150000.25.11.1.noarch.rpm
cloud-netconfig-gce-1.8-150000.25.11.1.src.rpm
openSUSE-Leap-Micro-5.5-2023-3780
Recommended update hidapi
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for hidapi ships the missing libhidapi-raw0 library to SLE and Leap Micro 5.3 and 5.4.
hidapi-0.10.1-150300.3.2.1.src.rpm
libhidapi-hidraw0-0.10.1-150300.3.2.1.x86_64.rpm
libhidapi-hidraw0-0.10.1-150300.3.2.1.s390x.rpm
libhidapi-hidraw0-0.10.1-150300.3.2.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1882
Security update for gstreamer-plugins-base
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for gstreamer-plugins-base fixes the following issues:
- CVE-2024-4453: Fixed lack of proper validation of user-supplied data when parsing EXIF metadata (bsc#1224806)
gstreamer-plugins-base-1.22.0-150500.3.8.2.src.rpm
gstreamer-plugins-base-1.22.0-150500.3.8.2.x86_64.rpm
libgstallocators-1_0-0-1.22.0-150500.3.8.2.x86_64.rpm
libgstapp-1_0-0-1.22.0-150500.3.8.2.x86_64.rpm
libgstaudio-1_0-0-1.22.0-150500.3.8.2.x86_64.rpm
libgstgl-1_0-0-1.22.0-150500.3.8.2.x86_64.rpm
libgstpbutils-1_0-0-1.22.0-150500.3.8.2.x86_64.rpm
libgstriff-1_0-0-1.22.0-150500.3.8.2.x86_64.rpm
libgsttag-1_0-0-1.22.0-150500.3.8.2.x86_64.rpm
libgstvideo-1_0-0-1.22.0-150500.3.8.2.x86_64.rpm
gstreamer-plugins-base-1.22.0-150500.3.8.2.s390x.rpm
libgstallocators-1_0-0-1.22.0-150500.3.8.2.s390x.rpm
libgstapp-1_0-0-1.22.0-150500.3.8.2.s390x.rpm
libgstaudio-1_0-0-1.22.0-150500.3.8.2.s390x.rpm
libgstgl-1_0-0-1.22.0-150500.3.8.2.s390x.rpm
libgstpbutils-1_0-0-1.22.0-150500.3.8.2.s390x.rpm
libgstriff-1_0-0-1.22.0-150500.3.8.2.s390x.rpm
libgsttag-1_0-0-1.22.0-150500.3.8.2.s390x.rpm
libgstvideo-1_0-0-1.22.0-150500.3.8.2.s390x.rpm
gstreamer-plugins-base-1.22.0-150500.3.8.2.aarch64.rpm
libgstallocators-1_0-0-1.22.0-150500.3.8.2.aarch64.rpm
libgstapp-1_0-0-1.22.0-150500.3.8.2.aarch64.rpm
libgstaudio-1_0-0-1.22.0-150500.3.8.2.aarch64.rpm
libgstgl-1_0-0-1.22.0-150500.3.8.2.aarch64.rpm
libgstpbutils-1_0-0-1.22.0-150500.3.8.2.aarch64.rpm
libgstriff-1_0-0-1.22.0-150500.3.8.2.aarch64.rpm
libgsttag-1_0-0-1.22.0-150500.3.8.2.aarch64.rpm
libgstvideo-1_0-0-1.22.0-150500.3.8.2.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-3822
Security update for supportutils
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for supportutils fixes the following issues:
Security fixes:
- CVE-2022-45154: Removed iSCSI passwords (bsc#1207598).
Other Fixes:
- Changes in version 3.1.26
+ powerpc plugin to collect the slots and active memory (bsc#1210950)
+ A Cleartext Storage of Sensitive Information vulnerability CVE-2022-45154
+ supportconfig: collect BPF information (pr#154)
+ Added additional iscsi information (pr#155)
- Added run time detection (bsc#1213127)
- Changes for supportutils version 3.1.25
+ Removed iSCSI passwords CVE-2022-45154 (bsc#1207598)
+ powerpc: Collect lsslot,amsstat, and opal elogs (pr#149)
+ powerpc: collect invscout logs (pr#150)
+ powerpc: collect RMC status logs (pr#151)
+ Added missing nvme nbft commands (bsc#1211599)
+ Fixed invalid nvme commands (bsc#1211598)
+ Added missing podman information (PED-1703, bsc#1181477)
+ Removed dependency on sysfstools
+ Check for systool use (bsc#1210015)
+ Added selinux checking (bsc#1209979)
+ Updated SLES_VER matrix
- Fixed missing status detail for apparmor (bsc#1196933)
- Corrected invalid argument list in docker.txt (bsc#1206608)
- Applies limit equally to sar data and text files (bsc#1207543)
- Collects hwinfo hardware logs (bsc#1208928)
- Collects lparnumascore logs (issue#148)
- Add dependency to `numactl` on ppc64le and `s390x`, this enforces
that `numactl --hardware` data is provided in supportconfigs
- Changes to supportconfig.rc version 3.1.11-35
+ Corrected _sanitize_file to include iscsi.conf and others (bsc#1206402)
- Changes to supportconfig version 3.1.11-46.4
+ Added plymouth_info
- Changes to getappcore version 1.53.02
+ The location of chkbin was updated earlier. This documents that
change (bsc#1205533, bsc#1204942)
supportutils-3.1.26-150300.7.35.21.1.noarch.rpm
supportutils-3.1.26-150300.7.35.21.1.src.rpm
openSUSE-Leap-Micro-5.5-2023-3666
Security update for libxml2
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for libxml2 fixes the following issues:
- CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768).
libxml2-2-2.10.3-150500.5.8.1.x86_64.rpm
libxml2-2.10.3-150500.5.8.1.src.rpm
libxml2-python-2.10.3-150500.5.8.1.src.rpm
libxml2-tools-2.10.3-150500.5.8.1.x86_64.rpm
python3-libxml2-2.10.3-150500.5.8.1.x86_64.rpm
libxml2-2-2.10.3-150500.5.8.1.s390x.rpm
libxml2-tools-2.10.3-150500.5.8.1.s390x.rpm
python3-libxml2-2.10.3-150500.5.8.1.s390x.rpm
libxml2-2-2.10.3-150500.5.8.1.aarch64.rpm
libxml2-tools-2.10.3-150500.5.8.1.aarch64.rpm
python3-libxml2-2.10.3-150500.5.8.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-3707
Security update for cups
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for cups fixes the following issues:
- CVE-2023-4504: Fixed heap overflow in OpenPrinting CUPS Postscript Parsing (bsc#1215204).
- CVE-2023-32360: Fixed Information leak through Cups-Get-Document operation (bsc#1214254).
cups-2.2.7-150000.3.51.2.src.rpm
cups-config-2.2.7-150000.3.51.2.x86_64.rpm
libcups2-2.2.7-150000.3.51.2.x86_64.rpm
cups-config-2.2.7-150000.3.51.2.s390x.rpm
libcups2-2.2.7-150000.3.51.2.s390x.rpm
cups-config-2.2.7-150000.3.51.2.aarch64.rpm
libcups2-2.2.7-150000.3.51.2.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-3654
Recommended update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer fixes the following issues:
Update to version 1.57.0
- Release notes https://github.com/kubevirt/containerized-data-importer/releases/tag/v1.57.0
containerized-data-importer-1.57.0-150500.6.3.1.src.rpm
containerized-data-importer-manifests-1.57.0-150500.6.3.1.x86_64.rpm
openSUSE-Leap-Micro-5.5-2023-3655
Recommended update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container fixes the following issues:
kubevirt was updated to fix:
- Fix leaking file descriptor
- Fix volume detach on hotplug attachment pod delete
- Fix leaking tickers
- Run helper pod as qemu user
- SCSI reservation: fix leftover mount and resource permissions
- Bump client-go (fix possible panic in discovery)
- Wait for new hotplug attachment pod to be ready
- Adapt the storage tests to the new populators flow
- Create export VM datavolumes compatible with populators
- Delete VMI prior to NFS server pod in tests
- Use compat cmdline options for virtiofsd
- Update to version 1.0.0
Release notes https://github.com/kubevirt/kubevirt/releases/tag/v1.0.0
- Switch to qemu user (107)
- Initial container for qemu-pr-helper
kubevirt-1.0.0-150500.8.3.1.src.rpm
kubevirt-manifests-1.0.0-150500.8.3.1.x86_64.rpm
kubevirt-virtctl-1.0.0-150500.8.3.1.x86_64.rpm
openSUSE-Leap-Micro-5.5-2023-3954
Security update for libeconf
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for libeconf fixes the following issues:
Update to version 0.5.2.
- CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in "econf_writeFile" function (bsc#1211078).
- CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in "read_file" function. (bsc#1211078)
libeconf-0.5.2-150400.3.6.1.src.rpm
libeconf0-0.5.2-150400.3.6.1.x86_64.rpm
libeconf0-0.5.2-150400.3.6.1.s390x.rpm
libeconf0-0.5.2-150400.3.6.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-3716
Recommended update for libnvme, nvme-cli
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for libnvme, nvme-cli fixes the following issues:
- Update to version 1.4+29.ga3cf0a
- Fix segfault in nvme_scan_subsystem() (bsc#1213993)
- Fix segfault converting NULL to JSON string (bsc#1213762)
libnvme-1.4+29.ga3cf0a-150500.4.9.1.src.rpm
libnvme-mi1-1.4+29.ga3cf0a-150500.4.9.1.x86_64.rpm
libnvme1-1.4+29.ga3cf0a-150500.4.9.1.x86_64.rpm
nvme-cli-2.4+25.g367eb9-150500.4.9.1.src.rpm
nvme-cli-2.4+25.g367eb9-150500.4.9.1.x86_64.rpm
libnvme-mi1-1.4+29.ga3cf0a-150500.4.9.1.s390x.rpm
libnvme1-1.4+29.ga3cf0a-150500.4.9.1.s390x.rpm
nvme-cli-2.4+25.g367eb9-150500.4.9.1.s390x.rpm
libnvme-mi1-1.4+29.ga3cf0a-150500.4.9.1.aarch64.rpm
libnvme1-1.4+29.ga3cf0a-150500.4.9.1.aarch64.rpm
nvme-cli-2.4+25.g367eb9-150500.4.9.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-3843
Recommended update for suse-build-key
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for suse-build-key fixes the following issues:
This update adds and runs a import-suse-build-key script.
It is run after installation with libzypp based installers. (jsc#PED-2777)
It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys.
To manually import them you can also run:
# rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc
# rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc
suse-build-key-12.0-150000.8.34.1.noarch.rpm
suse-build-key-12.0-150000.8.34.1.src.rpm
openSUSE-Leap-Micro-5.5-2023-3663
Recommended update for perl-Bootloader
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for perl-Bootloader fixes the following issues:
- bootloader_entry script can have an optional 'force-default'
argument (bsc#1215064)
- skip warning about unsupported options when in compat mode
perl-Bootloader-0.945-150400.3.9.1.src.rpm
perl-Bootloader-0.945-150400.3.9.1.x86_64.rpm
perl-Bootloader-0.945-150400.3.9.1.s390x.rpm
perl-Bootloader-0.945-150400.3.9.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-3828
Security update for python3
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for python3 fixes the following issues:
- CVE-2023-40217: Fixed TLS handshake bypass on closed sockets (bsc#1214692).
libpython3_6m1_0-3.6.15-150300.10.51.1.x86_64.rpm
python3-3.6.15-150300.10.51.1.src.rpm
python3-3.6.15-150300.10.51.1.x86_64.rpm
python3-base-3.6.15-150300.10.51.1.x86_64.rpm
python3-core-3.6.15-150300.10.51.1.src.rpm
libpython3_6m1_0-3.6.15-150300.10.51.1.s390x.rpm
python3-3.6.15-150300.10.51.1.s390x.rpm
python3-base-3.6.15-150300.10.51.1.s390x.rpm
libpython3_6m1_0-3.6.15-150300.10.51.1.aarch64.rpm
python3-3.6.15-150300.10.51.1.aarch64.rpm
python3-base-3.6.15-150300.10.51.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4052
Recommended update for babeltrace
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update ships missing babeltrace-devel to the Basesystem module
to allow building gdb source rpms. (bsc#1209275)
babeltrace-1.5.8-150300.3.2.1.src.rpm
babeltrace-1.5.8-150300.3.2.1.x86_64.rpm
babeltrace-1.5.8-150300.3.2.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-3798
Recommended update for libcontainers-common
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for libcontainers-common fixes the following issues:
- Require libcontainers-sles-mounts for *all* SLE products,
and not just SLES. (bsc#1215291)
libcontainers-common-20230214-150500.4.6.1.noarch.rpm
libcontainers-common-20230214-150500.4.6.1.src.rpm
libcontainers-sles-mounts-20230214-150500.4.6.1.noarch.rpm
openSUSE-Leap-Micro-5.5-2023-4162
Security update for gcc13
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for gcc13 fixes the following issues:
This update ship the GCC 13.2 compiler suite and its base libraries.
The compiler base libraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 12 ones.
The new compilers for C, C++, and Fortran are provided for SUSE Linux
Enterprise 15 SP4 and SP5, and provided in the "Development Tools" module.
The Go, D, Ada and Modula 2 language compiler parts are available
unsupported via the PackageHub repositories.
To use gcc13 compilers use:
- install "gcc13" or "gcc13-c++" or one of the other "gcc13-COMPILER" frontend packages.
- override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages.
For a full changelog with all new GCC13 features, check out
https://gcc.gnu.org/gcc-13/changes.html
Detailed changes:
* CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable
length stack allocations. (bsc#1214052)
- Turn cross compiler to s390x to a glibc cross. [bsc#1214460]
- Also handle -static-pie in the default-PIE specs
- Fixed missed optimization in Skia resulting in Firefox crashes when
building with LTO. [bsc#1212101]
- Make libstdc++6-devel packages own their directories since they
can be installed standalone. [bsc#1211427]
- Add new x86-related intrinsics (amxcomplexintrin.h).
- RISC-V: Add support for inlining subword atomic operations
- Use --enable-link-serialization rather that --enable-link-mutex,
the benefit of the former one is that the linker jobs are not
holding tokens of the make's jobserver.
- Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd
for the general state of BPF with GCC.
- Add bootstrap conditional to allow --without=bootstrap to be
specified to speed up local builds for testing.
- Bump included newlib to version 4.3.0.
- Also package libhwasan_preinit.o on aarch64.
- Configure external timezone database provided by the timezone
package. Make libstdc++6 recommend timezone to get a fully
working std::chrono. Install timezone when running the testsuite.
- Package libhwasan_preinit.o on x86_64.
- Fixed unwinding on aarch64 with pointer signing. [bsc#1206684]
- Enable PRU flavour for gcc13
- update floatn fixinclude pickup to check each header separately (bsc#1206480)
- Redo floatn fixinclude pick-up to simply keep what is there.
- Bump libgo SONAME to libgo22.
- Do not package libhwasan for biarch (32-bit architecture)
as the extension depends on 64-bit pointers.
- Adjust floatn fixincludes guard to work with SLE12 and earlier
SLE15.
- Depend on at least LLVM 13 for GCN cross compiler.
- Update embedded newlib to version 4.2.0
- Allow cross-pru-gcc12-bootstrap for armv7l architecture.
PRU architecture is used for real-time MCUs embedded into TI
armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for
armv7l in order to build both host applications and PRU firmware
during the same build.
gcc13-13.2.1+git7813-150000.1.3.3.src.rpm
libgcc_s1-13.2.1+git7813-150000.1.3.3.x86_64.rpm
libstdc++6-13.2.1+git7813-150000.1.3.3.x86_64.rpm
libgcc_s1-13.2.1+git7813-150000.1.3.3.s390x.rpm
libstdc++6-13.2.1+git7813-150000.1.3.3.s390x.rpm
libgcc_s1-13.2.1+git7813-150000.1.3.3.aarch64.rpm
libstdc++6-13.2.1+git7813-150000.1.3.3.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4194
Feature update for python3
low
SUSE Updates openSUSE-Leap-Micro 5.5
This feature update for python3 packages adds the following:
- First batch of python3.11 modules (jsc#PED-68)
- Rename sources of python3-kubernetes, python3-cryptography and python3-cryptography-vectors to accommodate
the new 3.11 versions, this 3 packages have no code changes.
python3-cryptography-3.3.2-150400.20.3.src.rpm
python3-cryptography-3.3.2-150400.20.3.x86_64.rpm
python3-cryptography-3.3.2-150400.20.3.s390x.rpm
python3-cryptography-3.3.2-150400.20.3.ppc64le.rpm
python3-cryptography-3.3.2-150400.20.3.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4153
Recommended update for systemd
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for systemd fixes the following issues:
- Fix mismatch of nss-resolve version in Package Hub (no source code changes)
libsystemd0-249.16-150400.8.35.5.x86_64.rpm
libudev1-249.16-150400.8.35.5.x86_64.rpm
systemd-249.16-150400.8.35.5.src.rpm
systemd-249.16-150400.8.35.5.x86_64.rpm
systemd-container-249.16-150400.8.35.5.x86_64.rpm
systemd-journal-remote-249.16-150400.8.35.5.x86_64.rpm
systemd-sysvinit-249.16-150400.8.35.5.x86_64.rpm
udev-249.16-150400.8.35.5.x86_64.rpm
libsystemd0-249.16-150400.8.35.5.s390x.rpm
libudev1-249.16-150400.8.35.5.s390x.rpm
systemd-249.16-150400.8.35.5.s390x.rpm
systemd-container-249.16-150400.8.35.5.s390x.rpm
systemd-journal-remote-249.16-150400.8.35.5.s390x.rpm
systemd-sysvinit-249.16-150400.8.35.5.s390x.rpm
udev-249.16-150400.8.35.5.s390x.rpm
libsystemd0-249.16-150400.8.35.5.aarch64.rpm
libudev1-249.16-150400.8.35.5.aarch64.rpm
systemd-249.16-150400.8.35.5.aarch64.rpm
systemd-container-249.16-150400.8.35.5.aarch64.rpm
systemd-journal-remote-249.16-150400.8.35.5.aarch64.rpm
systemd-sysvinit-249.16-150400.8.35.5.aarch64.rpm
udev-249.16-150400.8.35.5.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4154
Recommended update for aaa_base
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for aaa_base fixes the following issues:
- Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342)
aaa_base-84.87+git20180409.04c9dae-150300.10.6.2.src.rpm
aaa_base-84.87+git20180409.04c9dae-150300.10.6.2.x86_64.rpm
aaa_base-84.87+git20180409.04c9dae-150300.10.6.2.s390x.rpm
aaa_base-84.87+git20180409.04c9dae-150300.10.6.2.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4141
Security update for grub2
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for grub2 fixes the following issues:
Security fixes:
- CVE-2023-4692: Fixed an out-of-bounds write at fs/ntfs.c which may lead to unsigned code execution. (bsc#1215935)
- CVE-2023-4693: Fixed an out-of-bounds read at fs/ntfs.c which may lead to leak sensitive information. (bsc#1215936)
Other fixes:
- Fix a boot delay issue in PowerPC PXE boot (bsc#1201300)
grub2-2.06-150500.29.8.1.src.rpm
grub2-2.06-150500.29.8.1.x86_64.rpm
grub2-i386-pc-2.06-150500.29.8.1.noarch.rpm
grub2-snapper-plugin-2.06-150500.29.8.1.noarch.rpm
grub2-x86_64-efi-2.06-150500.29.8.1.noarch.rpm
grub2-x86_64-xen-2.06-150500.29.8.1.noarch.rpm
grub2-2.06-150500.29.8.1.s390x.rpm
grub2-s390x-emu-2.06-150500.29.8.1.s390x.rpm
grub2-2.06-150500.29.8.1.aarch64.rpm
grub2-arm64-efi-2.06-150500.29.8.1.noarch.rpm
openSUSE-Leap-Micro-5.5-2023-3978
Recommended update for nfs-utils
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for nfs-utils fixes the following issues:
- SLE15-SP5 and earlier don't use /usr/lib/modprobe.d (bsc#1200710)
- Avoid unhelpful warnings (bsc#1157881)
- Fix rpc.nfsd man pages (bsc#1209859)
- Cope better with duplicate entries in /etc/exports (bsc#1212594)
- Allow scope to be set in sysconfig: NFSD_SCOPE
nfs-client-2.1.1-150500.22.3.1.x86_64.rpm
nfs-kernel-server-2.1.1-150500.22.3.1.x86_64.rpm
nfs-utils-2.1.1-150500.22.3.1.src.rpm
nfs-client-2.1.1-150500.22.3.1.s390x.rpm
nfs-kernel-server-2.1.1-150500.22.3.1.s390x.rpm
nfs-client-2.1.1-150500.22.3.1.aarch64.rpm
nfs-kernel-server-2.1.1-150500.22.3.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-3971
Security update for the Linux Kernel
important
SUSE Updates openSUSE-Leap-Micro 5.5
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-38457: Fixed a use-after-free vulnerability in vmwgfx driver that allowed a local attacker to cause a denial of service (bsc#1203330).
- CVE-2022-40133: Fixed a use-after-free vulnerability in vmwgfx driver that allowed a local attacker to cause a denial of service (bsc#1203329).
- CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448).
- CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927).
- CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546).
- CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation (bsc#1213580).
- CVE-2023-37453: Fixed oversight in SuperSpeed initialization (bsc#1213123).
- CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666).
- CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601).
- CVE-2023-40283: Fixed use-after-free in l2cap_sock_ready_cb (bsc#1214233).
- CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149).
- CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970).
- CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work() (bsc#1213971).
- CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1213968).
- CVE-2023-4194: Fixed a type confusion in net tun_chr_open() (bsc#1214019).
- CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214120).
- CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that could allow a local attacker to crash the system due to a double-free (bsc#1214350).
- CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451).
- CVE-2023-4563: Fixed use-after-free in nft_verdict_dump due to a race between set GC and transaction (bsc#1214727).
- CVE-2023-4569: Fixed information leak in nft_set_catchall_flush in net/netfilter/nf_tables_api.c (bsc#1214729).
The following non-security bugs were fixed:
- ACPI/IORT: Update SMMUv3 DeviceID support (bsc#1214305).
- ACPI: processor: perflib: Avoid updating frequency QoS unnecessarily (git-fixes).
- ACPI: processor: perflib: Use the "no limit" frequency QoS (git-fixes).
- ACPI: x86: s2idle: Fix a logic error parsing AMD constraints table (git-fixes).
- ALSA: ac97: Fix possible error value of *rac97 (git-fixes).
- ALSA: hda/cs8409: Support new Dell Dolphin Variants (git-fixes).
- ALSA: hda/realtek - Remodified 3k pull low procedure (git-fixes).
- ALSA: hda/realtek: Add quirk for HP Victus 16-d1xxx to enable mute LED (git-fixes).
- ALSA: hda/realtek: Add quirk for mute LEDs on HP ENVY x360 15-eu0xxx (git-fixes).
- ALSA: hda/realtek: Add quirks for HP G11 Laptops (git-fixes).
- ALSA: hda/realtek: Switch Dell Oasis models to use SPI (git-fixes).
- ALSA: pcm: Fix missing fixup call in compat hw_refine ioctl (git-fixes).
- ALSA: usb-audio: Add support for Mythware XA001AU capture and playback interfaces (git-fixes).
- ALSA: usb-audio: Fix init call orders for UAC1 (git-fixes).
- ALSA: ymfpci: Fix the missing snd_card_free() call at probe error (git-fixes).
- ARM: dts: imx6dl: prtrvt, prtvt7, prti6q, prtwd2: fix USB related warnings (git-fixes).
- ARM: dts: imx6sll: fixup of operating points (git-fixes).
- ARM: spear: Do not use timer namespace for timer_shutdown() function (bsc#1213970).
- ASoC: SOF: Intel: fix SoundWire/HDaudio mutual exclusion (git-fixes).
- ASoC: amd: yc: Fix a non-functional mic on Lenovo 82SJ (git-fixes).
- ASoC: lower "no backend DAIs enabled for ... Port" log severity (git-fixes).
- ASoC: meson: axg-tdm-formatter: fix channel slot allocation (git-fixes).
- ASoC: rt5665: add missed regulator_bulk_disable (git-fixes).
- ASoC: stac9766: fix build errors with REGMAP_AC97 (git-fixes).
- ASoC: tegra: Fix SFC conversion for few rates (git-fixes).
- Bluetooth: Fix potential use-after-free when clear keys (git-fixes).
- Bluetooth: L2CAP: Fix use-after-free (git-fixes).
- Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb (git-fixes).
- Bluetooth: Remove unused declaration amp_read_loc_info() (git-fixes).
- Bluetooth: btusb: Add MT7922 bluetooth ID for the Asus Ally (git-fixes).
- Bluetooth: btusb: Do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- Bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() (git-fixes).
- CONFIG_NVME_VERBOSE_ERRORS=y gone with a82baa8083b
- CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT=13 gone with 7e152d55123
- Created new preempt kernel flavor Configs are cloned from the respective $arch/default configs. All changed configs appart from CONFIG_PREEMPT->y are a result of dependencies, namely many lock/unlock primitives are no longer inlined in the preempt kernel. TREE_RCU has been also changed to PREEMPT_RCU which is the default implementation for PREEMPT kernel.
- Documentation: devices.txt: Fix minors for ttyCPM* (git-fixes).
- Documentation: devices.txt: Remove ttyIOC* (git-fixes).
- Documentation: devices.txt: Remove ttySIOC* (git-fixes).
- Drivers: hv: Do not remap addresses that are above shared_gpa_boundary (bsc#1206453).
- Drivers: hv: Enable vmbus driver for nested root partition (bsc#1206453).
- Drivers: hv: Explicitly request decrypted in vmap_pfn() calls (bsc#1206453).
- Drivers: hv: Setup synic registers in case of nested root partition (bsc#1206453).
- Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (bsc#1206453).
- Drivers: hv: vmbus: Remove second mapping of VMBus monitor pages (bsc#1206453).
- Drivers: hv: vmbus: Remove second way of mapping ring buffers (bsc#1206453).
- Drivers: hv: vmbus: Remove the per-CPU post_msg_page (bsc#1206453).
- Drop amdgpu patch causing spamming (bsc#1215523)
- Drop cfg80211 lock fix patches that caused a regression (bsc#1213757)
- Drop rtsx patch that caused a regression (bsc#1214397,bsc#1214428)
- Enable Analog Devices Industrial Ethernet PHY driver (jsc#PED-4759)
- HID: add quirk for 03f0:464a HP Elite Presenter Mouse (git-fixes).
- HID: logitech-dj: Fix error handling in logi_dj_recv_switch_to_dj_mode() (git-fixes).
- HID: logitech-hidpp: Add USB and Bluetooth IDs for the Logitech G915 TKL Keyboard (git-fixes).
- HID: multitouch: Correct devm device reference for hidinput input_dev name (git-fixes).
- HID: wacom: remove the battery when the EKR is off (git-fixes).
- HWPOISON: offline support: fix spelling in Documentation/ABI/ (git-fixes).
- IB/hfi1: Fix possible panic during hotplug remove (git-fixes)
- IB/uverbs: Fix an potential error pointer dereference (git-fixes)
- Input: exc3000 - properly stop timer on shutdown (git-fixes).
- KVM: s390: fix sthyi error handling (git-fixes bsc#1214370).
- Kbuild: add -Wno-shift-negative-value where -Wextra is used (bsc#1214756).
- Kbuild: move to -std=gnu11 (bsc#1214756).
- PCI/ASPM: Avoid link retraining race (git-fixes).
- PCI/ASPM: Factor out pcie_wait_for_retrain() (git-fixes).
- PCI/ASPM: Return 0 or -ETIMEDOUT from pcie_retrain_link() (git-fixes).
- PCI: Mark NVIDIA T4 GPUs to avoid bus reset (git-fixes).
- PCI: acpiphp: Reassign resources on bridge if necessary (git-fixes).
- PCI: acpiphp: Use pci_assign_unassigned_bridge_resources() only for non-root bus (git-fixes).
- PCI: hv: Enable PCI pass-thru devices in Confidential VMs (bsc#1206453).
- PCI: hv: Replace retarget_msi_interrupt_params with (bsc#1206453).
- PCI: meson: Remove cast between incompatible function type (git-fixes).
- PCI: microchip: Correct the DED and SEC interrupt bit offsets (git-fixes).
- PCI: microchip: Remove cast between incompatible function type (git-fixes).
- PCI: pciehp: Use RMW accessors for changing LNKCTL (git-fixes).
- PCI: rockchip: Remove writes to unused registers (git-fixes).
- PCI: s390: Fix use-after-free of PCI resources with per-function hotplug (git-fixes).
- PCI: tegra194: Fix possible array out of bounds access (git-fixes).
- PM / devfreq: Fix leak in devfreq_dev_release() (git-fixes).
- RDMA/bnxt_re: Fix error handling in probe failure path (git-fixes)
- RDMA/bnxt_re: Fix max_qp count for virtual functions (git-fixes)
- RDMA/efa: Fix wrong resources deallocation order (git-fixes)
- RDMA/hns: Fix CQ and QP cache affinity (git-fixes)
- RDMA/hns: Fix incorrect post-send with direct wqe of wr-list (git-fixes)
- RDMA/hns: Fix port active speed (git-fixes)
- RDMA/irdma: Prevent zero-length STAG registration (git-fixes)
- RDMA/irdma: Replace one-element array with flexible-array member (git-fixes)
- RDMA/mlx5: Return the firmware result upon destroying QP/RQ (git-fixes)
- RDMA/qedr: Remove a duplicate assignment in irdma_query_ah() (git-fixes)
- RDMA/siw: Balance the reference of cep->kref in the error path (git-fixes)
- RDMA/siw: Correct wrong debug message (git-fixes)
- RDMA/umem: Set iova in ODP flow (git-fixes)
- README.BRANCH: Add Miroslav Franc as a SLE15-SP4 co-maintainer.
- Revert "IB/isert: Fix incorrect release of isert connection" (git-fixes)
- Revert "tracing: Add "(fault)" name injection to kernel probes" (git-fixes).
- SMB3: Do not send lease break acknowledgment if all file handles have been closed (git-fixes).
- Update patches.suse/cpufreq-intel_pstate-Fix-cpu-pstate.turbo_freq-initi.patch (git-fixes bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929).
- amba: bus: fix refcount leak (git-fixes).
- arm64: dts: imx8mn-var-som: add missing pull-up for onboard PHY reset pinmux (git-fixes).
- arm64: dts: qcom: qrb5165-rb5: fix thermal zone conflict (git-fixes).
- arm64: dts: rockchip: Disable HS400 for eMMC on ROCK Pi 4 (git-fixes).
- audit: fix possible soft lockup in __audit_inode_child() (git-fixes).
- backlight/bd6107: Compare against struct fb_info.device (git-fixes).
- backlight/gpio_backlight: Compare against struct fb_info.device (git-fixes).
- backlight/lv5207lp: Compare against struct fb_info.device (git-fixes).
- batman-adv: Do not get eth header before batadv_check_management_packet (git-fixes).
- batman-adv: Do not increase MTU when set by user (git-fixes).
- batman-adv: Fix TT global entry leak when client roamed back (git-fixes).
- batman-adv: Fix batadv_v_ogm_aggr_send memory leak (git-fixes).
- batman-adv: Hold rtnl lock during MTU update via netlink (git-fixes).
- batman-adv: Trigger events for auto adjusted MTU (git-fixes).
- bnx2x: fix page fault following EEH recovery (bsc#1214299).
- bpf: Disable preemption in bpf_event_output (git-fixes).
- bpftool: Print newline before '}' for struct with padding only fields (bsc#1211220 jsc#PED-3924).
- bus: mhi: host: Skip MHI reset if device is in RDDM (git-fixes).
- bus: ti-sysc: Fix build warning for 64-bit build (git-fixes).
- bus: ti-sysc: Fix cast to enum warning (git-fixes).
- bus: ti-sysc: Flush posted write on enable before reset (git-fixes).
- can: gs_usb: gs_usb_receive_bulk_callback(): count RX overflow errors also in case of OOM (git-fixes).
- ceph: defer stopping mdsc delayed_work (bsc#1214392).
- ceph: do not check for quotas on MDS stray dirs (bsc#1214238).
- ceph: never send metrics if disable_send_metrics is set (bsc#1214180).
- check-for-config-changes: ignore BUILTIN_RETURN_ADDRESS_STRIPS_PAC (bsc#1214380). gcc7 on SLE 15 does not support this while later gcc does.
- cifs: add missing return value check for cifs_sb_tlink (bsc#1193629).
- cifs: allow dumping keys for directories too (bsc#1193629).
- cifs: fix mid leak during reconnection after timeout threshold (git-fixes).
- cifs: if deferred close is disabled then close files immediately (git-fixes).
- cifs: is_network_name_deleted should return a bool (bsc#1193629).
- cifs: update internal module version number for cifs.ko (bsc#1193629).
- clk: Fix slab-out-of-bounds error in devm_clk_release() (git-fixes).
- clk: Fix undefined reference to `clk_rate_exclusive_{get,put}' (git-fixes).
- clk: imx8mp: fix sai4 clock (git-fixes).
- clk: imx: composite-8m: fix clock pauses when set_rate would be a no-op (git-fixes).
- clk: imx: pll14xx: dynamically configure PLL for 393216000/361267200Hz (git-fixes).
- clk: qcom: camcc-sc7180: fix async resume during probe (git-fixes).
- clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock (git-fixes).
- clk: qcom: gcc-sc7180: Fix up gcc_sdcc2_apps_clk_src (git-fixes).
- clk: qcom: gcc-sm8250: Fix gcc_sdcc2_apps_clk_src (git-fixes).
- clk: sunxi-ng: Modify mismatched function name (git-fixes).
- clocksource/drivers/arm_arch_timer: Do not use timer namespace for timer_shutdown() function (bsc#1213970).
- clocksource/drivers/hyper-v: Rework clocksource and sched clock setup (bsc#1206453).
- clocksource/drivers/sp804: Do not use timer namespace for timer_shutdown() function (bsc#1213970).
- clocksource: hyper-v: Add TSC page support for root partition (bsc#1206453).
- clocksource: hyper-v: Introduce TSC PFN getter (bsc#1206453).
- clocksource: hyper-v: Introduce a pointer to TSC page (bsc#1206453).
- clocksource: hyper-v: Use TSC PFN getter to map vvar page (bsc#1206453).
- clocksource: hyper-v: make sure Invariant-TSC is used if it is (bsc#1206453).
- cpu/SMT: Allow enabling partial SMT states via sysfs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/SMT: Create topology_smt_thread_allowed() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/SMT: Move SMT prototypes into cpu_smt.h (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/SMT: Move smt/control simple exit cases earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/SMT: Remove topology_smt_supported() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/SMT: Store the current/max number of threads (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpufreq: Fix the race condition while updating the transition_task of policy (git-fixes).
- cpufreq: intel_pstate: Adjust balance_performance EPP for Sapphire Rapids (bsc#1214659).
- cpufreq: intel_pstate: Enable HWP IO boost for all servers (bsc#1208949 jsc#PED-6003 jsc#PED-6004).
- cpufreq: intel_pstate: Fix scaling for hybrid-capable systems with disabled E-cores (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929).
- cpufreq: intel_pstate: Read all MSRs on the target CPU (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929).
- cpufreq: intel_pstate: hybrid: Rework HWP calibration (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929).
- cpufreq: intel_pstate: hybrid: Use known scaling factor for P-cores (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929).
- crypto: caam - fix unchecked return value error (git-fixes).
- crypto: stm32 - Properly handle pm_runtime_get failing (git-fixes).
- define more Hyper-V related constants (bsc#1206453).
- dma-buf/sw_sync: Avoid recursive lock during fence signal (git-fixes).
- dma-buf/sync_file: Fix docs syntax (git-fixes).
- dmaengine: idxd: Modify the dependence of attribute pasid_enabled (git-fixes).
- dmaengine: mcf-edma: Fix a potential un-allocated memory access (git-fixes).
- dmaengine: pl330: Return DMA_PAUSED when transaction is paused (git-fixes).
- dmaengine: ste_dma40: Add missing IRQ check in d40_probe (git-fixes).
- docs/process/howto: Replace C89 with C11 (bsc#1214756).
- docs: kernel-parameters: Refer to the correct bitmap function (git-fixes).
- docs: networking: replace skb_hwtstamp_tx with skb_tstamp_tx (git-fixes).
- docs: printk-formats: Fix hex printing of signed values (git-fixes).
- driver core: test_async: fix an error code (git-fixes).
- drivers: clk: keystone: Fix parameter judgment in _of_pll_clk_init() (git-fixes).
- drivers: usb: smsusb: fix error handling code in smsusb_init_device (git-fixes).
- drm/amd/display: Apply 60us prefetch for DCFCLK <= 300Mhz (git-fixes).
- drm/amd/display: Disable phantom OTG after enable for plane disable (git-fixes).
- drm/amd/display: Do not set drr on pipe commit (git-fixes).
- drm/amd/display: Enable dcn314 DPP RCO (git-fixes).
- drm/amd/display: Ensure that planes are in the same order (git-fixes).
- drm/amd/display: Implement workaround for writing to OTG_PIXEL_RATE_DIV register (git-fixes).
- drm/amd/display: Retain phantom plane/stream if validation fails (git-fixes).
- drm/amd/display: Skip DPP DTO update if root clock is gated (git-fixes).
- drm/amd/display: Use update plane and stream routine for DCN32x (git-fixes).
- drm/amd/display: check TG is non-null before checking if enabled (git-fixes).
- drm/amd/display: check attr flag before set cursor degamma on DCN3+ (git-fixes).
- drm/amd/display: disable RCO for DCN314 (git-fixes).
- drm/amd/display: do not wait for mpc idle if tg is disabled (git-fixes).
- drm/amd/display: fix access hdcp_workqueue assert (git-fixes).
- drm/amd/display: fix the build when DRM_AMD_DC_DCN is not set (git-fixes).
- drm/amd/display: limit DPIA link rate to HBR3 (git-fixes).
- drm/amd/display: phase3 mst hdcp for multiple displays (git-fixes).
- drm/amd/display: save restore hdcp state when display is unplugged from mst hub (git-fixes).
- drm/amd/display: trigger timing sync only if TG is running (git-fixes).
- drm/amd/pm/smu7: move variables to where they are used (git-fixes).
- drm/amd/pm: avoid unintentional shutdown due to temperature momentary fluctuation (git-fixes).
- drm/amd/pm: expose swctf threshold setting for legacy powerplay (git-fixes).
- drm/amd/pm: fix variable dereferenced issue in amdgpu_device_attr_create() (git-fixes).
- drm/amd/pm: fulfill powerplay peak profiling mode shader/memory clock settings (git-fixes).
- drm/amd/pm: fulfill swsmu peak profiling mode shader/memory clock settings (git-fixes).
- drm/amd/pm: skip the RLC stop when S0i3 suspend for SMU v13.0.4/11 (git-fixes).
- drm/amd: Disable S/G for APUs when 64GB or more host memory (git-fixes).
- drm/amd: flush any delayed gfxoff on suspend entry (git-fixes).
- drm/amdgpu/pm: fix throttle_status for other than MP1 11.0.7 (git-fixes).
- drm/amdgpu: Fix integer overflow in amdgpu_cs_pass1 (git-fixes).
- drm/amdgpu: Fix potential fence use-after-free v2 (git-fixes).
- drm/amdgpu: Remove unnecessary domain argument (git-fixes).
- drm/amdgpu: Use RMW accessors for changing LNKCTL (git-fixes).
- drm/amdgpu: add S/G display parameter (git-fixes).
- drm/amdgpu: add vram reservation based on vram_usagebyfirmware_v2_2 (git-fixes).
- drm/amdgpu: avoid integer overflow warning in amdgpu_device_resize_fb_bar() (git-fixes).
- drm/amdgpu: fix calltrace warning in amddrm_buddy_fini (git-fixes).
- drm/amdgpu: fix memory leak in mes self test (git-fixes).
- drm/amdgpu: fix possible UAF in amdgpu_cs_pass1() (git-fixes).
- drm/amdgpu: install stub fence into potential unused fence pointers (git-fixes).
- drm/amdgpu: keep irq count in amdgpu_irq_disable_all (git-fixes).
- drm/amdgpu: skip fence GFX interrupts disable/enable for S0ix (git-fixes).
- drm/armada: Fix off-by-one error in armada_overlay_get_property() (git-fixes).
- drm/ast: Fix DRAM init on AST2200 (git-fixes).
- drm/atomic-helper: Update reference to drm_crtc_force_disable_all() (git-fixes).
- drm/bridge: anx7625: Drop device lock before drm_helper_hpd_irq_event() (git-fixes).
- drm/bridge: anx7625: Use common macros for DP power sequencing commands (git-fixes).
- drm/bridge: anx7625: Use common macros for HDCP capabilities (git-fixes).
- drm/bridge: fix -Wunused-const-variable= warning (git-fixes).
- drm/bridge: tc358764: Fix debug print parameter order (git-fixes).
- drm/etnaviv: fix dumping of active MMU context (git-fixes).
- drm/gma500: Use drm_aperture_remove_conflicting_pci_framebuffers (git-fixes).
- drm/i915/sdvo: fix panel_type initialization (git-fixes).
- drm/i915: Fix premature release of request's reusable memory (git-fixes).
- drm/mediatek: Fix dereference before null check (git-fixes).
- drm/mediatek: Fix potential memory leak if vmap() fail (git-fixes).
- drm/mediatek: Remove freeing not dynamic allocated memory (git-fixes).
- drm/msm/a2xx: Call adreno_gpu_init() earlier (git-fixes).
- drm/msm/dpu: fix the irq index in dpu_encoder_phys_wb_wait_for_commit_done (git-fixes).
- drm/msm/mdp5: Do not leak some plane state (git-fixes).
- drm/msm: Update dev core dump to not print backwards (git-fixes).
- drm/mxsfb: Disable overlay plane in mxsfb_plane_overlay_atomic_disable() (git-fixes).
- drm/nouveau/disp: Revert a NULL check inside nouveau_connector_get_modes (git-fixes).
- drm/nouveau/disp: fix use-after-free in error handling of nouveau_connector_create (bsc#1214073).
- drm/nouveau/gr: enable memory loads on helper invocation on all channels (git-fixes).
- drm/nouveau/nvkm/dp: Add workaround to fix DP 1.3+ DPCD issues (git-fixes).
- drm/panel: simple: Add missing connector type and pixel format for AUO T215HVN01 (git-fixes).
- drm/panel: simple: Fix AUO G121EAN01 panel timings according to the docs (git-fixes).
- drm/qxl: fix UAF on handle creation (git-fixes).
- drm/radeon: Use RMW accessors for changing LNKCTL (git-fixes).
- drm/repaper: Reduce temporary buffer size in repaper_fb_dirty() (git-fixes).
- drm/rockchip: Do not spam logs in atomic check (git-fixes).
- drm/shmem-helper: Reset vma->vm_ops before calling dma_buf_mmap() (git-fixes).
- drm/stm: ltdc: fix late dereference check (git-fixes).
- drm/tegra: dpaux: Fix incorrect return value of platform_get_irq (git-fixes).
- drm/ttm: check null pointer before accessing when swapping (git-fixes).
- drm/ttm: never consider pinned BOs for eviction&swap (git-fixes).
- drm/vmwgfx: Fix shader stage validation (git-fixes).
- drm: adv7511: Fix low refresh rate register for ADV7533/5 (git-fixes).
- drm: rcar-du: remove R-Car H3 ES1.* workarounds (git-fixes).
- drm: xlnx: zynqmp_dpsub: Add missing check for dma_set_mask (git-fixes).
- dt-bindings: clock: xlnx,versal-clk: drop select:false (git-fixes).
- dt-bindings: clocks: imx8mp: make sai4 a dummy clock (git-fixes).
- dt-bindings: crypto: ti,sa2ul: make power-domains conditional (git-fixes).
- e1000: Fix typos in comments (jsc#PED-5738).
- e1000: Remove unnecessary use of kmap_atomic() (jsc#PED-5738).
- e1000: switch to napi_build_skb() (jsc#PED-5738).
- e1000: switch to napi_consume_skb() (jsc#PED-5738).
- exfat: fix unexpected EOF while reading dir (bsc#1214000).
- exfat: release s_lock before calling dir_emit() (bsc#1214000).
- exfat_iterate(): do not open-code file_inode(file) (bsc#1214000).
- fbdev/ep93xx-fb: Do not assign to struct fb_info.dev (git-fixes).
- fbdev: Fix sys_imageblit() for arbitrary image widths (git-fixes).
- fbdev: Improve performance of sys_imageblit() (git-fixes).
- fbdev: Update fbdev source file paths (git-fixes).
- fbdev: fix potential OOB read in fast_imageblit() (git-fixes).
- fbdev: mmp: fix value check in mmphw_probe() (git-fixes).
- file: reinstate f_pos locking optimization for regular files (bsc#1213759).
- firmware: arm_scmi: Drop OF node reference in the transport channel setup (git-fixes).
- firmware: cs_dsp: Fix new control name check (git-fixes).
- firmware: meson_sm: fix to avoid potential NULL pointer dereference (git-fixes).
- firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe (git-fixes).
- fprobe: Release rethook after the ftrace_ops is unregistered (git-fixes).
- fprobe: add unlock to match a succeeded ftrace_test_recursion_trylock (git-fixes).
- fs/sysv: Null check to prevent null-ptr-deref bug (git-fixes).
- fsi: aspeed: Reset master errors after CFAM reset (git-fixes).
- fsi: master-ast-cf: Add MODULE_FIRMWARE macro (git-fixes).
- ftrace: Fix possible warning on checking all pages used in ftrace_process_locs() (git-fixes).
- gpio: mvebu: Make use of devm_pwmchip_add (git-fixes).
- gpio: mvebu: fix irq domain leak (git-fixes).
- gpio: tps68470: Make tps68470_gpio_output() always set the initial value (git-fixes).
- hv_netvsc: Remove second mapping of send and recv buffers (bsc#1206453).
- hwmon: (pmbus/bel-pfe) Enable PMBUS_SKIP_STATUS_CHECK for pfe1100 (git-fixes).
- hwmon: (tmp513) Fix the channel number in tmp51x_is_visible() (git-fixes).
- hwrng: iproc-rng200 - Implement suspend and resume calls (git-fixes).
- hwrng: nomadik - keep clock enabled while hwrng is registered (git-fixes).
- hwrng: pic32 - use devm_clk_get_enabled (git-fixes).
- i2c: Delete error messages for failed memory allocations (git-fixes).
- i2c: Improve size determinations (git-fixes).
- i2c: bcm-iproc: Fix bcm_iproc_i2c_isr deadlock issue (git-fixes).
- i2c: designware: Correct length byte validation logic (git-fixes).
- i2c: designware: Handle invalid SMBus block data response length value (git-fixes).
- i2c: hisi: Only handle the interrupt of the driver's transfer (git-fixes).
- i2c: nomadik: Remove a useless call in the remove function (git-fixes).
- i2c: nomadik: Remove unnecessary goto label (git-fixes).
- i2c: nomadik: Use devm_clk_get_enabled() (git-fixes).
- i40e: Fix an NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes).
- iavf: fix potential races for FDIR filters (git-fixes).
- ice: Fix RDMA VSI removal during queue rebuild (git-fixes).
- ice: Fix crash by keep old cfg when update TCs more than queues (git-fixes).
- ice: Fix max_rate check while configuring TX rate limits (git-fixes).
- ice: Fix memory management in ice_ethtool_fdir.c (git-fixes).
- iio: adc: ina2xx: avoid NULL pointer dereference on OF device match (git-fixes).
- iio: adc: stx104: Implement and utilize register structures (git-fixes).
- iio: adc: stx104: Utilize iomap interface (git-fixes).
- iio: cros_ec: Fix the allocation size for cros_ec_command (git-fixes).
- intel/e1000:fix repeated words in comments (jsc#PED-5738).
- intel: remove unused macros (jsc#PED-5738).
- iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback (bsc#1212423).
- iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback (bsc#1212423).
- iommu/amd: Add PCI segment support for ivrs_ commands (git-fixes).
- iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support (bsc#1212423).
- iommu/amd: Do not identity map v2 capable device when snp is enabled (git-fixes).
- iommu/amd: Fix compile warning in init code (git-fixes).
- iommu/amd: Fix ill-formed ivrs_ioapic, ivrs_hpet and ivrs_acpihid options (git-fixes).
- iommu/amd: Fix ivrs_acpihid cmdline parsing code (git-fixes).
- iommu/amd: Fix pci device refcount leak in ppr_notifier() (git-fixes).
- iommu/amd: use full 64-bit value in build_completion_wait() (git-fixes).
- iommu/arm-smmu-v3: Make default domain type of HiSilicon PTT device to identity (git-fixes).
- iommu/arm-smmu-v3: check return value after calling platform_get_resource() (git-fixes).
- iommu/arm-smmu-v3: fix event handling soft lockup (git-fixes).
- iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe() (git-fixes).
- iommu/dart: Initialize DART_STREAMS_ENABLE (git-fixes).
- iommu/dma: Fix incorrect error return on iommu deferred attach (git-fixes).
- iommu/dma: Fix iova map result check bug (git-fixes).
- iommu/dma: return error code from iommu_dma_map_sg() (git-fixes).
- iommu/fsl_pamu: Fix resource leak in fsl_pamu_probe() (git-fixes).
- iommu/io-pgtable-arm-v7s: Add a quirk to allow pgtable PA up to 35bit (git-fixes).
- iommu/iova: Fix module config properly (git-fixes).
- iommu/mediatek: Add error path for loop of mm_dts_parse (git-fixes).
- iommu/mediatek: Add platform_device_put for recovering the device refcnt (git-fixes).
- iommu/mediatek: Check return value after calling platform_get_resource() (git-fixes).
- iommu/mediatek: Set dma_mask for PGTABLE_PA_35_EN (git-fixes).
- iommu/mediatek: Use component_match_add (git-fixes).
- iommu/mediatek: Validate number of phandles associated with "mediatek,larbs" (git-fixes).
- iommu/omap: Fix buffer overflow in debugfs (git-fixes).
- iommu/rockchip: fix permission bits in page table entries v2 (git-fixes).
- iommu/s390: Fix duplicate domain attachments (git-fixes).
- iommu/sun50i: Consider all fault sources for reset (git-fixes).
- iommu/sun50i: Fix R/W permission check (git-fixes).
- iommu/sun50i: Fix flush size (git-fixes).
- iommu/sun50i: Fix reset release (git-fixes).
- iommu/sun50i: Implement .iotlb_sync_map (git-fixes).
- iommu/sun50i: Remove IOMMU_DOMAIN_IDENTITY (git-fixes).
- iommu/vt-d: Add RPLS to quirk list to skip TE disabling (git-fixes).
- iommu/vt-d: Check correct capability for sagaw determination (git-fixes).
- iommu/vt-d: Clean up si_domain in the init_dmars() error path (git-fixes).
- iommu/vt-d: Correctly calculate sagaw value of IOMMU (git-fixes).
- iommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init() (git-fixes).
- iommu/vt-d: Fix PCI device refcount leak in has_external_pci() (git-fixes).
- iommu/vt-d: Fix kdump kernels boot failure with scalable mode (git-fixes).
- iommu/vt-d: Preset Access bit for IOVA in FL non-leaf paging entries (git-fixes).
- iommu/vt-d: Set SRE bit only when hardware has SRS cap (git-fixes).
- ipmi:ssif: Add check for kstrdup (git-fixes).
- ipmi:ssif: Fix a memory leak when scanning for an adapter (git-fixes).
- ipmi_si: fix a memleak in try_smi_init() (git-fixes).
- jffs2: correct logic when creating a hole in jffs2_write_begin (git-fixes).
- kabi/severities: Ignore newly added SRSO mitigation functions
- kabi: Allow extra bugsints (bsc#1213927).
- kernel-binary: Common dependencies cleanup Common dependencies are copied to a subpackage, there is no need for copying defines or build dependencies there.
- kernel-binary: Drop code for kerntypes support Kerntypes was a SUSE-specific feature dropped before SLE 12.
- kunit: make kunit_test_timeout compatible with comment (git-fixes).
- leds: Fix BUG_ON check for LED_COLOR_ID_MULTI that is always false (git-fixes).
- leds: multicolor: Use rounded division when calculating color components (git-fixes).
- leds: pwm: Fix error code in led_pwm_create_fwnode() (git-fixes).
- leds: trigger: tty: Do not use LED_ON/OFF constants, use led_blink_set_oneshot instead (git-fixes).
- leds: turris-omnia: Drop unnecessary mutex locking (git-fixes).
- lib/test_meminit: allocate pages up to order MAX_ORDER (git-fixes).
- lib/test_meminit: destroy cache in kmem_cache_alloc_bulk() test (git-fixes).
- libbpf: Fix BTF-to-C converter's padding logic (bsc#1211220 jsc#PED-3924).
- libbpf: Fix btf_dump's packed struct determination (bsc#1211220 jsc#PED-3924).
- libbpf: Fix single-line struct definition output in btf_dump (bsc#1211220 jsc#PED-3924).
- libceph: fix potential hang in ceph_osdc_notify() (bsc#1214393).
- md/raid0: Factor out helper for mapping and submitting a bio (bsc#1213916).
- md/raid0: Fix performance regression for large sequential writes (bsc#1213916).
- media: ad5820: Drop unsupported ad5823 from i2c_ and of_device_id tables (git-fixes).
- media: cx24120: Add retval check for cx24120_message_send() (git-fixes).
- media: dib7000p: Fix potential division by zero (git-fixes).
- media: dvb-usb: m920x: Fix a potential memory leak in m920x_i2c_xfer() (git-fixes).
- media: go7007: Remove redundant if statement (git-fixes).
- media: i2c: ccs: Check rules is non-NULL (git-fixes).
- media: i2c: rdacm21: Fix uninitialized value (git-fixes).
- media: i2c: tvp5150: check return value of devm_kasprintf() (git-fixes).
- media: ov2680: Add ov2680_fill_format() helper function (git-fixes).
- media: ov2680: Do not take the lock for try_fmt calls (git-fixes).
- media: ov2680: Fix ov2680_bayer_order() (git-fixes).
- media: ov2680: Fix ov2680_set_fmt() which == V4L2_SUBDEV_FORMAT_TRY not working (git-fixes).
- media: ov2680: Fix regulators being left enabled on ov2680_power_on() errors (git-fixes).
- media: ov2680: Fix vflip / hflip set functions (git-fixes).
- media: ov2680: Remove VIDEO_V4L2_SUBDEV_API ifdef-s (git-fixes).
- media: ov5640: Enable MIPI interface in ov5640_set_power_mipi() (git-fixes).
- media: rkvdec: increase max supported height for H.264 (git-fixes).
- media: v4l2-core: Fix a potential resource leak in v4l2_fwnode_parse_link() (git-fixes).
- media: v4l2-mem2mem: add lock to protect parameter num_rdy (git-fixes).
- media: venus: hfi_venus: Only consider sys_idle_indicator on V1 (git-fixes).
- media: venus: hfi_venus: Write to VIDC_CTRL_INIT after unmasking interrupts (git-fixes).
- misc: rtsx: judge ASPM Mode to set PETXCFG Reg (git-fixes).
- mkspec: Allow unsupported KMPs (bsc#1214386)
- mlxsw: pci: Add shutdown method in PCI driver (git-fixes).
- mmc: block: Fix in_flight[issue_type] value error (git-fixes).
- mmc: moxart: read scr register without changing byte order (git-fixes).
- mmc: wbsd: fix double mmc_free_host() in wbsd_init() (git-fixes).
- module: avoid allocation if module is already present and ready (bsc#1213921).
- module: extract patient module check into helper (bsc#1213921).
- module: move check_modinfo() early to early_mod_check() (bsc#1213921).
- module: move early sanity checks into a helper (bsc#1213921).
- mtd: rawnand: brcmnand: Fix crash during the panic_write (git-fixes).
- mtd: rawnand: brcmnand: Fix mtd oobsize (git-fixes).
- mtd: rawnand: brcmnand: Fix potential false time out warning (git-fixes).
- mtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write (git-fixes).
- mtd: rawnand: fsl_upm: Fix an off-by one test in fun_exec_op() (git-fixes).
- mtd: rawnand: fsmc: handle clk prepare error in fsmc_nand_resume() (git-fixes).
- mtd: rawnand: omap_elm: Fix incorrect type in assignment (git-fixes).
- mtd: rawnand: rockchip: Align hwecc vs. raw page helper layouts (git-fixes).
- mtd: rawnand: rockchip: fix oobfree offset and description (git-fixes).
- mtd: spi-nor: Check bus width while setting QE bit (git-fixes).
- mtd: spinand: toshiba: Fix ecc_get_status (git-fixes).
- n_tty: Rename tail to old_tail in n_tty_read() (git-fixes).
- net: hns3: fix wrong bw weight of disabled tc issue (git-fixes).
- net: ieee802154: at86rf230: Stop leaking skb's (git-fixes).
- net: mana: Fix MANA VF unload when hardware is unresponsive (git-fixes).
- net: phy: at803x: remove set/get wol callbacks for AR8032 (git-fixes).
- net: phy: broadcom: stub c45 read/write for 54810 (git-fixes).
- net: phy: fix IRQ-based wake-on-lan over hibernate / power off (git-fixes).
- net: stmmac: tegra: Properly allocate clock bulk data (bsc#1213733)
- net: usb: lan78xx: reorder cleanup operations to avoid UAF bugs (git-fixes).
- net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb (git-fixes).
- netfs: Fix lockdep warning from taking sb_writers whilst holding mmap_lock (bsc#1214742).
- netfs: Fix missing xas_retry() calls in xarray iteration (bsc#1213946 bsc#1214404).
- netfs: Fix missing xas_retry() calls in xarray iteration (bsc#1213946).
- netfs: fix parameter of cleanup() (bsc#1214743).
- nfsd: Remove incorrect check in nfsd4_validate_stateid (git-fixes).
- nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse (git-fixes).
- nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput (git-fixes).
- nvme-rdma: fix potential unbalanced freeze & unfreeze (bsc#1208902).
- nvme-tcp: fix potential unbalanced freeze & unfreeze (bsc#1208902).
- objtool/x86: Fix SRSO mess (git-fixes).
- objtool/x86: Fixup frame-pointer vs rethunk (git-fixes).
- objtool: Union instruction::{call_dest,jump_table} (git-fixes).
- old-flavors: Drop 2.6 kernels. 2.6 based kernels are EOL, upgrading from them is no longer suported.
- pcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db() (git-fixes).
- phy/rockchip: inno-hdmi: do not power on rk3328 post pll on reg write (git-fixes).
- phy/rockchip: inno-hdmi: round fractal pixclock in rk3328 recalc_rate (git-fixes).
- phy/rockchip: inno-hdmi: use correct vco_div_5 macro on rk3328 (git-fixes).
- phy: qcom-snps-femto-v2: keep cfg_ahb_clk enabled during runtime suspend (git-fixes).
- phy: qcom-snps-femto-v2: properly enable ref clock (git-fixes).
- phy: qcom-snps: Use dev_err_probe() to simplify code (git-fixes).
- phy: qcom-snps: correct struct qcom_snps_hsphy kerneldoc (git-fixes).
- pinctrl: amd: Mask wake bits on probe again (git-fixes).
- pinctrl: amd: Revert "pinctrl: amd: disable and mask interrupts on probe" (git-fixes).
- pinctrl: cherryview: fix address_space_handler() argument (git-fixes).
- pinctrl: mcp23s08: check return value of devm_kasprintf() (git-fixes).
- pinctrl: renesas: rza2: Add lock around pinctrl_generic{{add,remove}_group,{add,remove}_function} (git-fixes).
- platform/x86: dell-sysman: Fix reference leak (git-fixes).
- powerpc/64e: Fix kexec build error (bsc#1212091 ltc#199106).
- powerpc/iommu: Fix iommu_table_in_use for a small default DMA window case (bsc#1212091 ltc#199106).
- powerpc/iommu: Incorrect DDW Table is referenced for SR-IOV device (bsc#1212091 ltc#199106).
- powerpc/iommu: TCEs are incorrectly manipulated with DLPAR add/remove of memory (bsc#1212091 ltc#199106).
- powerpc/iommu: do not set failed sg dma_address to DMA_MAPPING_ERROR (bsc#1212091 ltc#199106).
- powerpc/iommu: return error code from .map_sg() ops (bsc#1212091 ltc#199106).
- powerpc/kernel/iommu: Add new iommu_table_in_use() helper (bsc#1212091 ltc#199106).
- powerpc/kexec: Fix build failure from uninitialised variable (bsc#1212091 ltc#199106).
- powerpc/mm/altmap: Fix altmap boundary check (bsc#1120059 git-fixes).
- powerpc/pseries/ddw: Do not try direct mapping with persistent memory and one window (bsc#1212091 ltc#199106).
- powerpc/pseries/ddw: simplify enable_ddw() (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Add ddw_list_new_entry() helper (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Add ddw_property_create() and refactor enable_ddw() (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Add iommu_pseries_alloc_table() helper (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Add of_node_put() before break (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Allow DDW windows starting at 0x00 (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Check if the default window in use before removing it (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Create huge DMA window if no MMIO32 is present (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Find existing DDW with given property name (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Make use of DDW for indirect mapping (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Print ibm,query-pe-dma-windows parameters (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Rename "direct window" to "dma window" (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Reorganize iommu_table_setparms*() with new helper (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Replace hard-coded page shift (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Update remove_dma_window() to accept property name (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Use correct vfree for it_map (bsc#1212091 ltc#199106).
- powerpc/pseries: Add __init attribute to eligible functions (bsc#1212091 ltc#199106).
- powerpc/pseries: Honour current SMT state when DLPAR onlining CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- powerpc/pseries: Initialise CPU hotplug callbacks earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- powerpc/rtas: block error injection when locked down (bsc#1023051).
- powerpc/rtas: enture rtas_call is called with MMU enabled (bsc#1023051).
- powerpc/rtas: mandate RTAS syscall filtering (bsc#1023051).
- powerpc/rtas_flash: allow user copy to flash block cache objects (bsc#1194869).
- powerpc/security: Fix Speculation_Store_Bypass reporting on Power10 (bsc#1188885 ltc#193722 git-fixes).
- powerpc: Add HOTPLUG_SMT support (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). Update config files.
- powerpc: Move DMA64_PROPNAME define to a header (bsc#1214297 ltc#197503).
- powerpc: fix typos in comments (bsc#1212091 ltc#199106).
- pseries/iommu/ddw: Fix kdump to work in absence of ibm,dma-window (bsc#1214297 ltc#197503).
- pstore/ram: Check start of empty przs during init (git-fixes).
- pwm: Add a stub for devm_pwmchip_add() (git-fixes).
- pwm: meson: Simplify duplicated per-channel tracking (git-fixes).
- pwm: meson: fix handling of period/duty if greater than UINT_MAX (git-fixes).
- qed: Fix scheduling in a tasklet while getting stats (git-fixes).
- regmap: rbtree: Use alloc_flags for memory allocations (git-fixes).
- ring-buffer: Do not swap cpu_buffer during resize process (git-fixes).
- ring-buffer: Fix deadloop issue on reading trace_pipe (git-fixes).
- ring-buffer: Fix wrong stat of cpu_buffer->read (git-fixes).
- rpm/mkspec-dtb: support for nested subdirs
- rpmsg: glink: Add check for kstrdup (git-fixes).
- s390/ipl: add missing secure/has_secure file to ipl type 'unknown' (bsc#1214976).
- s390/purgatory: disable branch profiling (git-fixes bsc#1214372).
- s390/zcrypt: fix reply buffer calculations for CCA replies (bsc#1213949).
- sched/fair: Fix inaccurate tally of ttwu_move_affine (git fixes).
- sched/fair: Use recent_used_cpu to test p->cpus_ptr (git fixes).
- sched/psi: use kernfs polling functions for PSI trigger polling (bsc#1209799).
- scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() (git-fixes).
- scsi: 53c700: Check that command slot is not NULL (git-fixes).
- scsi: RDMA/srp: Fix residual handling (git-fixes)
- scsi: bsg: Increase number of devices (bsc#1210048).
- scsi: core: Do not wait for quiesce in scsi_device_block() (bsc#1209284).
- scsi: core: Do not wait for quiesce in scsi_stop_queue() (bsc#1209284).
- scsi: core: Fix legacy /proc parsing buffer overflow (git-fixes).
- scsi: core: Fix possible memory leak if device_add() fails (git-fixes).
- scsi: core: Improve warning message in scsi_device_block() (bsc#1209284).
- scsi: core: Merge scsi_internal_device_block() and device_block() (bsc#1209284).
- scsi: fnic: Replace return codes in fnic_clean_pending_aborts() (git-fixes).
- scsi: qedf: Fix NULL dereference in error handling (git-fixes).
- scsi: qedf: Fix firmware halt over suspend and resume (git-fixes).
- scsi: qedi: Fix firmware halt over suspend and resume (git-fixes).
- scsi: scsi_debug: Remove dead code (git-fixes).
- scsi: sg: Increase number of devices (bsc#1210048).
- scsi: snic: Fix double free in snic_tgt_create() (git-fixes).
- scsi: snic: Fix possible memory leak if device_add() fails (git-fixes).
- scsi: storvsc: Always set no_report_opcodes (git-fixes).
- scsi: storvsc: Fix handling of virtual Fibre Channel timeouts (git-fixes).
- scsi: storvsc: Handle SRB status value 0x30 (git-fixes).
- scsi: storvsc: Limit max_sectors for virtual Fibre Channel devices (git-fixes).
- scsi: zfcp: Defer fc_rport blocking until after ADISC response (git-fixes bsc#1214371).
- selftests/bpf: Test btf dump for struct with padding only fields (bsc#1211220 jsc#PED-3924).
- selftests/futex: Order calls to futex_lock_pi (git-fixes).
- selftests/harness: Actually report SKIP for signal tests (git-fixes).
- selftests/resctrl: Close perf value read fd on errors (git-fixes).
- selftests/resctrl: Do not leak buffer in fill_cache() (git-fixes).
- selftests/resctrl: Unmount resctrl FS if child fails to run benchmark (git-fixes).
- selftests/rseq: check if libc rseq support is registered (git-fixes).
- selftests: forwarding: Add a helper to skip test when using veth pairs (git-fixes).
- selftests: forwarding: Skip test when no interfaces are specified (git-fixes).
- selftests: forwarding: Switch off timeout (git-fixes).
- selftests: forwarding: ethtool: Skip when using veth pairs (git-fixes).
- selftests: forwarding: ethtool_extended_state: Skip when using veth pairs (git-fixes).
- selftests: forwarding: tc_actions: Use ncat instead of nc (git-fixes).
- selftests: forwarding: tc_actions: cleanup temporary files when test is aborted (git-fixes).
- selftests: forwarding: tc_flower: Relax success criterion (git-fixes).
- selftests: mirror_gre_changes: Tighten up the TTL test match (git-fixes).
- serial: sc16is7xx: fix broken port 0 uart init (git-fixes).
- serial: sc16is7xx: fix bug when first setting GPIO direction (git-fixes).
- serial: sprd: Assign sprd_port after initialized to avoid wrong access (git-fixes).
- serial: sprd: Fix DMA buffer leak issue (git-fixes).
- serial: tegra: handle clk prepare error in tegra_uart_hw_init() (git-fixes).
- sfc: fix crash when reading stats while NIC is resetting (git-fixes).
- smb3: do not set NTLMSSP_VERSION flag for negotiate not auth request (bsc#1193629).
- smb: client: Fix -Wstringop-overflow issues (bsc#1193629).
- smb: client: fix dfs link mount against w2k8 (bsc#1212142).
- smb: client: fix null auth (git-fixes).
- soc: aspeed: socinfo: Add kfree for kstrdup (git-fixes).
- soundwire: bus: pm_runtime_request_resume on peripheral attachment (git-fixes).
- soundwire: fix enumeration completion (git-fixes).
- spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe() (git-fixes).
- supported.conf: fix typos for -!optional markers
- swiotlb: Remove bounce buffer remapping for Hyper-V (bsc#1206453).
- target: compare and write backend driver sense handling (bsc#1177719 bsc#1213026).
- target_core_rbd: fix leak and reduce kmalloc calls (bsc#1212873).
- target_core_rbd: fix rbd_img_request.snap_id assignment (bsc#1212857).
- target_core_rbd: remove snapshot existence validation code (bsc#1212857).
- thunderbolt: Read retimer NVM authentication status prior tb_retimer_set_inbound_sbtx() (git-fixes).
- timers: Add shutdown mechanism to the internal functions (bsc#1213970).
- timers: Provide timer_shutdown[_sync]() (bsc#1213970).
- timers: Rename del_timer() to timer_delete() (bsc#1213970).
- timers: Rename del_timer_sync() to timer_delete_sync() (bsc#1213970).
- timers: Replace BUG_ON()s (bsc#1213970).
- timers: Silently ignore timers with a NULL function (bsc#1213970).
- timers: Split [try_to_]del_timer[_sync]() to prepare for shutdown mode (bsc#1213970).
- timers: Update kernel-doc for various functions (bsc#1213970).
- timers: Use del_timer_sync() even on UP (bsc#1213970).
- tracing/histograms: Add histograms to hist_vars if they have referenced variables (git-fixes).
- tracing/histograms: Return an error if we fail to add histogram to hist_vars list (git-fixes).
- tracing/probes: Fix not to count error code to total length (git-fixes).
- tracing/probes: Fix to avoid double count of the string length on the array (git-fixes).
- tracing/probes: Fix to record 0-length data_loc in fetch_store_string*() if fails (git-fixes).
- tracing/probes: Fix to update dynamic data counter if fetcharg uses it (git-fixes).
- tracing: Fix cpu buffers unavailable due to 'record_disabled' missed (git-fixes).
- tracing: Fix memleak due to race between current_tracer and trace (git-fixes).
- tracing: Fix memory leak of iter->temp when reading trace_pipe (git-fixes).
- tracing: Fix null pointer dereference in tracing_err_log_open() (git-fixes).
- tracing: Fix warning in trace_buffered_event_disable() (git-fixes).
- tty: fix hang on tty device with no_room set (git-fixes).
- tty: n_gsm: fix the UAF caused by race condition in gsm_cleanup_mux (git-fixes).
- tty: serial: fsl_lpuart: Add i.MXRT1050 support (git-fixes).
- tty: serial: fsl_lpuart: Clear the error flags by writing 1 for lpuart32 platforms (git-fixes).
- tty: serial: fsl_lpuart: make rx_watermark configurable for different platforms (git-fixes).
- tty: serial: fsl_lpuart: reduce RX watermark to 0 on LS1028A (git-fixes).
- ubifs: Fix memleak when insert_old_idx() failed (git-fixes).
- usb-storage: alauda: Fix uninit-value in alauda_check_media() (git-fixes).
- usb: chipidea: imx: add missing USB PHY DPDM wakeup setting (git-fixes).
- usb: chipidea: imx: do not request QoS for imx8ulp (git-fixes).
- usb: chipidea: imx: improve logic if samsung,picophy-* parameter is 0 (git-fixes).
- usb: common: usb-conn-gpio: Prevent bailing out if initial role is none (git-fixes).
- usb: dwc3: Fix typos in gadget.c (git-fixes).
- usb: dwc3: Properly handle processing of pending events (git-fixes).
- usb: dwc3: meson-g12a: do post init to fix broken usb after resumption (git-fixes).
- usb: gadget: Fix the memory leak in raw_gadget driver (git-fixes).
- usb: gadget: f_mass_storage: Fix unused variable warning (git-fixes).
- usb: gadget: u_serial: Avoid spinlock recursion in __gs_console_push (git-fixes).
- usb: ohci-at91: Fix the unhandle interrupt when resume (git-fixes).
- usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host() (git-fixes).
- usb: quirks: add quirk for Focusrite Scarlett (git-fixes).
- usb: serial: option: add Quectel EC200A module support (git-fixes).
- usb: serial: option: support Quectel EM060K_128 (git-fixes).
- usb: serial: simple: add Kaufmann RKS+CAN VCP (git-fixes).
- usb: serial: simple: sort driver entries (git-fixes).
- usb: typec: altmodes/displayport: Signal hpd when configuring pin assignment (git-fixes).
- usb: typec: tcpm: Fix response to vsafe0V event (git-fixes).
- usb: typec: tcpm: set initial svdm version based on pd revision (git-fixes).
- usb: zaurus: Add ID for A-300/B-500/C-700 (git-fixes).
- watchdog: sp5100_tco: support Hygon FCH/SCH (Server Controller Hub) (git-fixes).
- wifi: ath10k: Use RMW accessors for changing LNKCTL (git-fixes).
- wifi: ath11k: Use RMW accessors for changing LNKCTL (git-fixes).
- wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx (git-fixes).
- wifi: ath9k: protect WMI command response buffer replacement with a lock (git-fixes).
- wifi: ath9k: use IS_ERR() with debugfs_create_dir() (git-fixes).
- wifi: cfg80211: Fix return value in scan logic (git-fixes).
- wifi: cfg80211: fix sband iftype data lookup for AP_VLAN (git-fixes).
- wifi: mt76: mt7615: do not advertise 5 GHz on first phy of MT7615D (DBDC) (git-fixes).
- wifi: mt76: mt7915: fix power-limits while chan_switch (git-fixes).
- wifi: mt76: mt7921: do not support one stream on secondary antenna only (git-fixes).
- wifi: mt76: mt7921: fix non-PSC channel scan fail (git-fixes).
- wifi: mt76: testmode: add nla_policy for MT76_TM_ATTR_TX_LENGTH (git-fixes).
- wifi: mwifiex: Fix OOB and integer underflow when rx packets (git-fixes).
- wifi: mwifiex: Fix missed return in oob checks failed path (git-fixes).
- wifi: mwifiex: avoid possible NULL skb pointer dereference (git-fixes).
- wifi: mwifiex: fix error recovery in PCIE buffer descriptor management (git-fixes).
- wifi: mwifiex: fix memory leak in mwifiex_histogram_read() (git-fixes).
- wifi: nl80211/cfg80211: add forgotten nla_policy for BSS color attribute (git-fixes).
- wifi: radiotap: fix kernel-doc notation warnings (git-fixes).
- wifi: rtw89: debug: Fix error handling in rtw89_debug_priv_btc_manual_set() (git-fixes).
- x86/CPU/AMD: Disable XSAVES on AMD family 0x17 (git-fixes).
- x86/alternative: Make custom return thunk unconditional (git-fixes).
- x86/cpu/kvm: Provide UNTRAIN_RET_VM (git-fixes).
- x86/cpu: Clean up SRSO return thunk mess (git-fixes).
- x86/cpu: Cleanup the untrain mess (git-fixes).
- x86/cpu: Fix __x86_return_thunk symbol type (git-fixes).
- x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk() (git-fixes).
- x86/cpu: Rename original retbleed methods (git-fixes).
- x86/cpu: Rename srso_(.*)_alias to srso_alias_\1 (git-fixes).
- x86/hyperv: Add an interface to do nested hypercalls (bsc#1206453).
- x86/hyperv: Add support for detecting nested hypervisor (bsc#1206453).
- x86/hyperv: Change vTOM handling to use standard coco mechanisms (bsc#1206453).
- x86/hyperv: Remove BUG_ON() for kmap_local_page() (bsc#1206453).
- x86/hyperv: Reorder code to facilitate future work (bsc#1206453).
- x86/hyperv: Replace kmap() with kmap_local_page() (bsc#1206453).
- x86/ioremap: Add hypervisor callback for private MMIO mapping in coco (bsc#1206453).
- x86/mce: Make sure logged MCEs are processed after sysfs update (git-fixes).
- x86/mm: Handle decryption/re-encryption of bss_decrypted consistently (bsc#1206453).
- x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG (git-fixes).
- x86/retpoline,kprobes: Skip optprobe check for indirect jumps with retpolines and IBT (git-fixes).
- x86/retpoline: Do not clobber RFLAGS during srso_safe_ret() (git-fixes).
- x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635).
- x86/speculation: Add cpu_show_gds() prototype (git-fixes).
- x86/speculation: Mark all Skylake CPUs as vulnerable to GDS (git-fixes).
- x86/srso: Correct the mitigation status when SMT is disabled (git-fixes).
- x86/srso: Disable the mitigation on unaffected configurations (git-fixes).
- x86/srso: Explain the untraining sequences a bit more (git-fixes).
- x86/srso: Fix build breakage with the LLVM linker (git-fixes).
- x86/srso: Fix return thunks in generated code (git-fixes).
- x86/static_call: Fix __static_call_fixup() (git-fixes).
- x86/tdx: Add more registers to struct tdx_hypercall_args (bsc#1206453).
- x86/tdx: Do not corrupt frame-pointer in __tdx_hypercall() (bsc#1206453).
- x86/tdx: Expand __tdx_hypercall() to handle more arguments (bsc#1206453).
- x86/tdx: Fix typo in comment in __tdx_hypercall() (bsc#1206453).
- x86/tdx: Refactor __tdx_hypercall() to allow pass down more arguments (bsc#1206453).
- xfs: fix sb write verify for lazysbcount (bsc#1214661).
kernel-default-5.14.21-150500.55.28.1.nosrc.rpm
True
kernel-default-5.14.21-150500.55.28.1.x86_64.rpm
True
kernel-default-base-5.14.21-150500.55.28.1.150500.6.11.2.src.rpm
True
kernel-default-base-5.14.21-150500.55.28.1.150500.6.11.2.x86_64.rpm
True
kernel-default-5.14.21-150500.55.28.1.s390x.rpm
True
kernel-default-5.14.21-150500.55.28.1.aarch64.rpm
True
kernel-default-base-5.14.21-150500.55.28.1.150500.6.11.2.aarch64.rpm
True
openSUSE-Leap-Micro-5.5-2023-4304
Recommended update for cloud-regionsrv-client
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for cloud-regionsrv-client fixes the following issues:
- Update to version 10.1.3 (bsc#1214801):
* Fixes an issue when it is unable to register a 'payg' instance.
cloud-regionsrv-client-10.1.3-150000.6.99.1.noarch.rpm
cloud-regionsrv-client-10.1.3-150000.6.99.1.src.rpm
cloud-regionsrv-client-addon-azure-1.0.5-150000.6.99.1.noarch.rpm
cloud-regionsrv-client-generic-config-1.0.0-150000.6.99.1.noarch.rpm
cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.99.1.noarch.rpm
cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.99.1.noarch.rpm
cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.99.1.noarch.rpm
openSUSE-Leap-Micro-5.5-2023-3951
Recommended update for python3-jmespath, python3-ply
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for python3-jmespath and python3-ply fixes the following issue:
- the packages are required as dependencies for python3-salt, and were missing
on aarch64 based SLE Micro flavors so far.
There are no functional changes.
python-jmespath-0.9.3-150000.3.5.1.src.rpm
python-ply-3.10-150000.3.5.1.src.rpm
python3-jmespath-0.9.3-150000.3.5.1.noarch.rpm
python3-ply-3.10-150000.3.5.1.noarch.rpm
openSUSE-Leap-Micro-5.5-2023-3997
Security update for nghttp2
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for nghttp2 fixes the following issues:
- CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713).
libnghttp2-14-1.40.0-150200.9.1.x86_64.rpm
nghttp2-1.40.0-150200.9.1.src.rpm
libnghttp2-14-1.40.0-150200.9.1.s390x.rpm
libnghttp2-14-1.40.0-150200.9.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-3988
Security update for the Linux Kernel
important
SUSE Updates openSUSE-Leap-Micro 5.5
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-38457: Fixed a use-after-free vulnerability in vmwgfx driver that allowed a local attacker to cause a denial of service (bsc#1203330).
- CVE-2022-40133: Fixed a use-after-free vulnerability in vmwgfx driver that allowed a local attacker to cause a denial of service (bsc#1203329).
- CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995 CVE-2023-1192).
- CVE-2023-1859: Fixed a use-after-free flaw in xen_9pfs_front_removet that could lead to system crash and kernel information leak (bsc#1210169).
- CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448).
- CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927).
- CVE-2023-2177: Fixed null pointer dereference issue in the sctp network protocol that could lead to system crash or DoS (bsc#1210643).
- CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546).
- CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation (bsc#1213580).
- CVE-2023-37453: Fixed oversight in SuperSpeed initialization (bsc#1213123).
- CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666).
- CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601).
- CVE-2023-40283: Fixed use-after-free in l2cap_sock_ready_cb (bsc#1214233).
- CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149).
- CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970).
- CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work() (bsc#1213971).
- CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1213968).
- CVE-2023-4194: Fixed a type confusion in net tun_chr_open() (bsc#1214019).
- CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214120).
- CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that could allow a local attacker to crash the system due to a double-free (bsc#1214350).
- CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451).
- CVE-2023-4563: Fixed use-after-free in nft_verdict_dump due to a race between set GC and transaction (bsc#1214727).
- CVE-2023-4569: Fixed information leak in nft_set_catchall_flush in net/netfilter/nf_tables_api.c (bsc#1214729).
- CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221).
The following non-security bugs were fixed:
- ACPI/IORT: Update SMMUv3 DeviceID support (bsc#1214305).
- ACPI: processor: perflib: Avoid updating frequency QoS unnecessarily (git-fixes).
- ACPI: processor: perflib: Use the "no limit" frequency QoS (git-fixes).
- ACPI: x86: s2idle: Fix a logic error parsing AMD constraints table (git-fixes).
- ALSA: ac97: Fix possible error value of *rac97 (git-fixes).
- ALSA: hda/cirrus: Fix broken audio on hardware with two CS42L42 codecs (git-fixes).
- ALSA: hda/cs8409: Support new Dell Dolphin Variants (git-fixes).
- ALSA: hda/realtek - Remodified 3k pull low procedure (git-fixes).
- ALSA: hda/realtek: Add quirk for HP Victus 16-d1xxx to enable mute LED (git-fixes).
- ALSA: hda/realtek: Add quirk for mute LEDs on HP ENVY x360 15-eu0xxx (git-fixes).
- ALSA: hda/realtek: Add quirks for HP G11 Laptops (git-fixes).
- ALSA: hda/realtek: Switch Dell Oasis models to use SPI (git-fixes).
- ALSA: pcm: Fix missing fixup call in compat hw_refine ioctl (git-fixes).
- ALSA: usb-audio: Add support for Mythware XA001AU capture and playback interfaces (git-fixes).
- ALSA: usb-audio: Fix init call orders for UAC1 (git-fixes).
- ALSA: ymfpci: Fix the missing snd_card_free() call at probe error (git-fixes).
- ARM: dts: imx6dl: prtrvt, prtvt7, prti6q, prtwd2: fix USB related warnings (git-fixes).
- ARM: dts: imx6sll: fixup of operating points (git-fixes).
- ARM: pxa: remove use of symbol_get() (git-fixes).
- ARM: spear: Do not use timer namespace for timer_shutdown() function (bsc#1213970).
- ASoC: SOF: Intel: fix SoundWire/HDaudio mutual exclusion (git-fixes).
- ASoC: amd: yc: Fix a non-functional mic on Lenovo 82SJ (git-fixes).
- ASoC: lower "no backend DAIs enabled for ... Port" log severity (git-fixes).
- ASoC: meson: axg-tdm-formatter: fix channel slot allocation (git-fixes).
- ASoC: rt5665: add missed regulator_bulk_disable (git-fixes).
- ASoC: stac9766: fix build errors with REGMAP_AC97 (git-fixes).
- ASoC: tegra: Fix SFC conversion for few rates (git-fixes).
- Bluetooth: Fix potential use-after-free when clear keys (git-fixes).
- Bluetooth: L2CAP: Fix use-after-free (git-fixes).
- Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb (git-fixes).
- Bluetooth: Remove unused declaration amp_read_loc_info() (git-fixes).
- Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition (git-fixes).
- Bluetooth: btusb: Add MT7922 bluetooth ID for the Asus Ally (git-fixes).
- Bluetooth: btusb: Do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- Bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() (git-fixes).
- CONFIG_NVME_VERBOSE_ERRORS=y gone with a82baa8083b
- CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT=13 gone with 7e152d55123
- Documentation: devices.txt: Fix minors for ttyCPM* (git-fixes).
- Documentation: devices.txt: Remove ttyIOC* (git-fixes).
- Documentation: devices.txt: Remove ttySIOC* (git-fixes).
- Drivers: hv: Do not remap addresses that are above shared_gpa_boundary (bsc#1206453).
- Drivers: hv: Enable vmbus driver for nested root partition (bsc#1206453).
- Drivers: hv: Explicitly request decrypted in vmap_pfn() calls (bsc#1206453).
- Drivers: hv: Setup synic registers in case of nested root partition (bsc#1206453).
- Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (bsc#1206453).
- Drivers: hv: vmbus: Remove second mapping of VMBus monitor pages (bsc#1206453).
- Drivers: hv: vmbus: Remove second way of mapping ring buffers (bsc#1206453).
- Drivers: hv: vmbus: Remove the per-CPU post_msg_page (bsc#1206453).
- Drop amdgpu patch causing spamming (bsc#1215523)
- Drop cfg80211 lock fix patches that caused a regression (bsc#1213757)
- Drop rtsx patch that caused a regression (bsc#1214397,bsc#1214428)
- Enable Analog Devices Industrial Ethernet PHY driver (jsc#PED-4759)
- HID: add quirk for 03f0:464a HP Elite Presenter Mouse (git-fixes).
- HID: logitech-dj: Fix error handling in logi_dj_recv_switch_to_dj_mode() (git-fixes).
- HID: logitech-hidpp: Add USB and Bluetooth IDs for the Logitech G915 TKL Keyboard (git-fixes).
- HID: multitouch: Correct devm device reference for hidinput input_dev name (git-fixes).
- HID: wacom: remove the battery when the EKR is off (git-fixes).
- HWPOISON: offline support: fix spelling in Documentation/ABI/ (git-fixes).
- IB/hfi1: Fix possible panic during hotplug remove (git-fixes)
- IB/uverbs: Fix an potential error pointer dereference (git-fixes)
- Input: exc3000 - properly stop timer on shutdown (git-fixes).
- Input: tca6416-keypad - fix interrupt enable disbalance (git-fixes).
- KVM: SVM: Remove a duplicate definition of VMCB_AVIC_APIC_BAR_MASK (git-fixes).
- KVM: VMX: Fix header file dependency of asm/vmx.h (git-fixes).
- KVM: s390: fix sthyi error handling (git-fixes bsc#1214370).
- Kbuild: add -Wno-shift-negative-value where -Wextra is used (bsc#1214756).
- Kbuild: move to -std=gnu11 (bsc#1214756).
- PCI/ASPM: Avoid link retraining race (git-fixes).
- PCI/ASPM: Factor out pcie_wait_for_retrain() (git-fixes).
- PCI/ASPM: Return 0 or -ETIMEDOUT from pcie_retrain_link() (git-fixes).
- PCI: Free released resource after coalescing (git-fixes).
- PCI: Mark NVIDIA T4 GPUs to avoid bus reset (git-fixes).
- PCI: acpiphp: Reassign resources on bridge if necessary (git-fixes).
- PCI: acpiphp: Use pci_assign_unassigned_bridge_resources() only for non-root bus (git-fixes).
- PCI: hv: Enable PCI pass-thru devices in Confidential VMs (bsc#1206453).
- PCI: hv: Replace retarget_msi_interrupt_params with (bsc#1206453).
- PCI: meson: Remove cast between incompatible function type (git-fixes).
- PCI: microchip: Correct the DED and SEC interrupt bit offsets (git-fixes).
- PCI: microchip: Remove cast between incompatible function type (git-fixes).
- PCI: pciehp: Use RMW accessors for changing LNKCTL (git-fixes).
- PCI: rockchip: Remove writes to unused registers (git-fixes).
- PCI: s390: Fix use-after-free of PCI resources with per-function hotplug (git-fixes).
- PCI: tegra194: Fix possible array out of bounds access (git-fixes).
- PM / devfreq: Fix leak in devfreq_dev_release() (git-fixes).
- RDMA/bnxt_re: Fix error handling in probe failure path (git-fixes)
- RDMA/bnxt_re: Fix max_qp count for virtual functions (git-fixes)
- RDMA/efa: Fix wrong resources deallocation order (git-fixes)
- RDMA/hns: Fix CQ and QP cache affinity (git-fixes)
- RDMA/hns: Fix incorrect post-send with direct wqe of wr-list (git-fixes)
- RDMA/hns: Fix port active speed (git-fixes)
- RDMA/irdma: Prevent zero-length STAG registration (git-fixes)
- RDMA/irdma: Replace one-element array with flexible-array member (git-fixes)
- RDMA/mlx5: Return the firmware result upon destroying QP/RQ (git-fixes)
- RDMA/qedr: Remove a duplicate assignment in irdma_query_ah() (git-fixes)
- RDMA/siw: Balance the reference of cep->kref in the error path (git-fixes)
- RDMA/siw: Correct wrong debug message (git-fixes)
- RDMA/umem: Set iova in ODP flow (git-fixes)
- README.BRANCH: Add Miroslav Franc as a SLE15-SP4 co-maintainer.
- Revert "IB/isert: Fix incorrect release of isert connection" (git-fixes)
- Revert "PCI: Mark NVIDIA T4 GPUs to avoid bus reset" (git-fixes).
- Revert "scsi: qla2xxx: Fix buffer overrun" (bsc#1214928).
- Revert "tracing: Add "(fault)" name injection to kernel probes" (git-fixes).
- Update patches.suse/cpufreq-intel_pstate-Fix-cpu-pstate.turbo_freq-initi.patch (git-fixes bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929).
- amba: bus: fix refcount leak (git-fixes).
- arm64/hyperv: Use CPUHP_AP_HYPERV_ONLINE state to fix CPU online sequencing (bsc#1206453).
- arm64: csum: Fix OoB access in IP checksum code for negative lengths (git-fixes).
- arm64: dts: imx8mn-var-som: add missing pull-up for onboard PHY reset pinmux (git-fixes).
- arm64: dts: qcom: qrb5165-rb5: fix thermal zone conflict (git-fixes).
- arm64: dts: rockchip: Disable HS400 for eMMC on ROCK Pi 4 (git-fixes).
- ata: libata: disallow dev-initiated LPM transitions to unsupported states (git-fixes).
- ata: pata_falcon: fix IO base selection for Q40 (git-fixes).
- ata: pata_ftide010: Add missing MODULE_DESCRIPTION (git-fixes).
- ata: sata_gemini: Add missing MODULE_DESCRIPTION (git-fixes).
- audit: fix possible soft lockup in __audit_inode_child() (git-fixes).
- backlight/bd6107: Compare against struct fb_info.device (git-fixes).
- backlight/gpio_backlight: Compare against struct fb_info.device (git-fixes).
- backlight/lv5207lp: Compare against struct fb_info.device (git-fixes).
- backlight: gpio_backlight: Drop output GPIO direction check for initial power state (git-fixes).
- batman-adv: Do not get eth header before batadv_check_management_packet (git-fixes).
- batman-adv: Do not increase MTU when set by user (git-fixes).
- batman-adv: Fix TT global entry leak when client roamed back (git-fixes).
- batman-adv: Fix batadv_v_ogm_aggr_send memory leak (git-fixes).
- batman-adv: Hold rtnl lock during MTU update via netlink (git-fixes).
- batman-adv: Trigger events for auto adjusted MTU (git-fixes).
- bnx2x: fix page fault following EEH recovery (bsc#1214299).
- bpf: Clear the probe_addr for uprobe (git-fixes).
- bpf: Disable preemption in bpf_event_output (git-fixes).
- bpftool: Print newline before '}' for struct with padding only fields (bsc#1211220 jsc#PED-3924).
- btrfs: do not hold CPU for too long when defragging a file (bsc#1214988).
- bus: mhi: host: Skip MHI reset if device is in RDDM (git-fixes).
- bus: ti-sysc: Fix build warning for 64-bit build (git-fixes).
- bus: ti-sysc: Fix cast to enum warning (git-fixes).
- bus: ti-sysc: Flush posted write on enable before reset (git-fixes).
- can: gs_usb: gs_usb_receive_bulk_callback(): count RX overflow errors also in case of OOM (git-fixes).
- ceph: defer stopping mdsc delayed_work (bsc#1214392).
- ceph: do not check for quotas on MDS stray dirs (bsc#1214238).
- ceph: never send metrics if disable_send_metrics is set (bsc#1214180).
- check-for-config-changes: ignore BUILTIN_RETURN_ADDRESS_STRIPS_PAC (bsc#1214380). gcc7 on SLE 15 does not support this while later gcc does.
- cifs: add missing return value check for cifs_sb_tlink (bsc#1193629).
- cifs: allow dumping keys for directories too (bsc#1193629).
- cifs: fix mid leak during reconnection after timeout threshold (git-fixes).
- cifs: if deferred close is disabled then close files immediately (git-fixes).
- cifs: is_network_name_deleted should return a bool (bsc#1193629).
- cifs: update internal module version number for cifs.ko (bsc#1193629).
- clk: Fix slab-out-of-bounds error in devm_clk_release() (git-fixes).
- clk: Fix undefined reference to `clk_rate_exclusive_{get,put}' (git-fixes).
- clk: imx8mp: fix sai4 clock (git-fixes).
- clk: imx: composite-8m: fix clock pauses when set_rate would be a no-op (git-fixes).
- clk: imx: pll14xx: dynamically configure PLL for 393216000/361267200Hz (git-fixes).
- clk: qcom: camcc-sc7180: fix async resume during probe (git-fixes).
- clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock (git-fixes).
- clk: qcom: gcc-sc7180: Fix up gcc_sdcc2_apps_clk_src (git-fixes).
- clk: qcom: gcc-sm8250: Fix gcc_sdcc2_apps_clk_src (git-fixes).
- clk: sunxi-ng: Modify mismatched function name (git-fixes).
- clocksource/drivers/arm_arch_timer: Do not use timer namespace for timer_shutdown() function (bsc#1213970).
- clocksource/drivers/hyper-v: Rework clocksource and sched clock setup (bsc#1206453).
- clocksource/drivers/sp804: Do not use timer namespace for timer_shutdown() function (bsc#1213970).
- clocksource: hyper-v: Add TSC page support for root partition (bsc#1206453).
- clocksource: hyper-v: Introduce TSC PFN getter (bsc#1206453).
- clocksource: hyper-v: Introduce a pointer to TSC page (bsc#1206453).
- clocksource: hyper-v: Use TSC PFN getter to map vvar page (bsc#1206453).
- clocksource: hyper-v: make sure Invariant-TSC is used if it is (bsc#1206453).
- cpu/SMT: Allow enabling partial SMT states via sysfs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/SMT: Create topology_smt_thread_allowed() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/SMT: Move SMT prototypes into cpu_smt.h (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/SMT: Move smt/control simple exit cases earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/SMT: Remove topology_smt_supported() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/SMT: Store the current/max number of threads (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpufreq: Fix the race condition while updating the transition_task of policy (git-fixes).
- cpufreq: intel_pstate: Adjust balance_performance EPP for Sapphire Rapids (bsc#1214659).
- cpufreq: intel_pstate: Enable HWP IO boost for all servers (bsc#1208949 jsc#PED-6003 jsc#PED-6004).
- cpufreq: intel_pstate: Fix scaling for hybrid-capable systems with disabled E-cores (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929).
- cpufreq: intel_pstate: Read all MSRs on the target CPU (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929).
- cpufreq: intel_pstate: hybrid: Rework HWP calibration (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929).
- cpufreq: intel_pstate: hybrid: Use known scaling factor for P-cores (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929).
- crypto: caam - fix unchecked return value error (git-fixes).
- crypto: stm32 - Properly handle pm_runtime_get failing (git-fixes).
- define more Hyper-V related constants (bsc#1206453).
- dma-buf/sw_sync: Avoid recursive lock during fence signal (git-fixes).
- dma-buf/sync_file: Fix docs syntax (git-fixes).
- dmaengine: idxd: Modify the dependence of attribute pasid_enabled (git-fixes).
- dmaengine: mcf-edma: Fix a potential un-allocated memory access (git-fixes).
- dmaengine: pl330: Return DMA_PAUSED when transaction is paused (git-fixes).
- dmaengine: ste_dma40: Add missing IRQ check in d40_probe (git-fixes).
- docs/process/howto: Replace C89 with C11 (bsc#1214756).
- docs: kernel-parameters: Refer to the correct bitmap function (git-fixes).
- docs: networking: replace skb_hwtstamp_tx with skb_tstamp_tx (git-fixes).
- docs: printk-formats: Fix hex printing of signed values (git-fixes).
- driver core: test_async: fix an error code (git-fixes).
- drivers: clk: keystone: Fix parameter judgment in _of_pll_clk_init() (git-fixes).
- drivers: usb: smsusb: fix error handling code in smsusb_init_device (git-fixes).
- drm/amd/display: Add smu write msg id fail retry process (git-fixes).
- drm/amd/display: Apply 60us prefetch for DCFCLK <= 300Mhz (git-fixes).
- drm/amd/display: Disable phantom OTG after enable for plane disable (git-fixes).
- drm/amd/display: Do not set drr on pipe commit (git-fixes).
- drm/amd/display: Enable dcn314 DPP RCO (git-fixes).
- drm/amd/display: Ensure that planes are in the same order (git-fixes).
- drm/amd/display: Implement workaround for writing to OTG_PIXEL_RATE_DIV register (git-fixes).
- drm/amd/display: Remove wait while locked (git-fixes).
- drm/amd/display: Retain phantom plane/stream if validation fails (git-fixes).
- drm/amd/display: Skip DPP DTO update if root clock is gated (git-fixes).
- drm/amd/display: Use update plane and stream routine for DCN32x (git-fixes).
- drm/amd/display: check TG is non-null before checking if enabled (git-fixes).
- drm/amd/display: check attr flag before set cursor degamma on DCN3+ (git-fixes).
- drm/amd/display: disable RCO for DCN314 (git-fixes).
- drm/amd/display: do not wait for mpc idle if tg is disabled (git-fixes).
- drm/amd/display: enable cursor degamma for DCN3+ DRM legacy gamma (git-fixes).
- drm/amd/display: fix access hdcp_workqueue assert (git-fixes).
- drm/amd/display: fix the build when DRM_AMD_DC_DCN is not set (git-fixes).
- drm/amd/display: fix the white screen issue when >= 64GB DRAM (git-fixes).
- drm/amd/display: limit DPIA link rate to HBR3 (git-fixes).
- drm/amd/display: phase3 mst hdcp for multiple displays (git-fixes).
- drm/amd/display: prevent potential division by zero errors (git-fixes).
- drm/amd/display: register edp_backlight_control() for DCN301 (git-fixes).
- drm/amd/display: save restore hdcp state when display is unplugged from mst hub (git-fixes).
- drm/amd/display: trigger timing sync only if TG is running (git-fixes).
- drm/amd/pm/smu7: move variables to where they are used (git-fixes).
- drm/amd/pm: avoid unintentional shutdown due to temperature momentary fluctuation (git-fixes).
- drm/amd/pm: expose swctf threshold setting for legacy powerplay (git-fixes).
- drm/amd/pm: fix variable dereferenced issue in amdgpu_device_attr_create() (git-fixes).
- drm/amd/pm: fulfill powerplay peak profiling mode shader/memory clock settings (git-fixes).
- drm/amd/pm: fulfill swsmu peak profiling mode shader/memory clock settings (git-fixes).
- drm/amd/pm: skip the RLC stop when S0i3 suspend for SMU v13.0.4/11 (git-fixes).
- drm/amd: Disable S/G for APUs when 64GB or more host memory (git-fixes).
- drm/amd: flush any delayed gfxoff on suspend entry (git-fixes).
- drm/amdgpu/pm: fix throttle_status for other than MP1 11.0.7 (git-fixes).
- drm/amdgpu: Fix integer overflow in amdgpu_cs_pass1 (git-fixes).
- drm/amdgpu: Fix potential fence use-after-free v2 (git-fixes).
- drm/amdgpu: Remove unnecessary domain argument (git-fixes).
- drm/amdgpu: Use RMW accessors for changing LNKCTL (git-fixes).
- drm/amdgpu: add S/G display parameter (git-fixes).
- drm/amdgpu: add vram reservation based on vram_usagebyfirmware_v2_2 (git-fixes).
- drm/amdgpu: avoid integer overflow warning in amdgpu_device_resize_fb_bar() (git-fixes).
- drm/amdgpu: fix calltrace warning in amddrm_buddy_fini (git-fixes).
- drm/amdgpu: fix memory leak in mes self test (git-fixes).
- drm/amdgpu: fix possible UAF in amdgpu_cs_pass1() (git-fixes).
- drm/amdgpu: install stub fence into potential unused fence pointers (git-fixes).
- drm/amdgpu: keep irq count in amdgpu_irq_disable_all (git-fixes).
- drm/amdgpu: skip fence GFX interrupts disable/enable for S0ix (git-fixes).
- drm/armada: Fix off-by-one error in armada_overlay_get_property() (git-fixes).
- drm/ast: Fix DRAM init on AST2200 (git-fixes).
- drm/atomic-helper: Update reference to drm_crtc_force_disable_all() (git-fixes).
- drm/bridge: anx7625: Drop device lock before drm_helper_hpd_irq_event() (git-fixes).
- drm/bridge: anx7625: Use common macros for DP power sequencing commands (git-fixes).
- drm/bridge: anx7625: Use common macros for HDCP capabilities (git-fixes).
- drm/bridge: fix -Wunused-const-variable= warning (git-fixes).
- drm/bridge: tc358764: Fix debug print parameter order (git-fixes).
- drm/etnaviv: fix dumping of active MMU context (git-fixes).
- drm/gma500: Use drm_aperture_remove_conflicting_pci_framebuffers (git-fixes).
- drm/i915/gvt: Drop unused helper intel_vgpu_reset_gtt() (git-fixes).
- drm/i915/gvt: Put the page reference obtained by KVM's gfn_to_pfn() (git-fixes).
- drm/i915/gvt: Verify pfn is "valid" before dereferencing "struct page" (git-fixes).
- drm/i915/sdvo: fix panel_type initialization (git-fixes).
- drm/i915: Fix premature release of request's reusable memory (git-fixes).
- drm/i915: mark requests for GuC virtual engines to avoid use-after-free (git-fixes).
- drm/mediatek: Fix dereference before null check (git-fixes).
- drm/mediatek: Fix potential memory leak if vmap() fail (git-fixes).
- drm/mediatek: Remove freeing not dynamic allocated memory (git-fixes).
- drm/msm/a2xx: Call adreno_gpu_init() earlier (git-fixes).
- drm/msm/dpu: fix the irq index in dpu_encoder_phys_wb_wait_for_commit_done (git-fixes).
- drm/msm/mdp5: Do not leak some plane state (git-fixes).
- drm/msm: Update dev core dump to not print backwards (git-fixes).
- drm/mxsfb: Disable overlay plane in mxsfb_plane_overlay_atomic_disable() (git-fixes).
- drm/nouveau/disp: Revert a NULL check inside nouveau_connector_get_modes (git-fixes).
- drm/nouveau/disp: fix use-after-free in error handling of nouveau_connector_create (bsc#1214073).
- drm/nouveau/gr: enable memory loads on helper invocation on all channels (git-fixes).
- drm/nouveau/nvkm/dp: Add workaround to fix DP 1.3+ DPCD issues (git-fixes).
- drm/panel: simple: Add missing connector type and pixel format for AUO T215HVN01 (git-fixes).
- drm/panel: simple: Fix AUO G121EAN01 panel timings according to the docs (git-fixes).
- drm/qxl: fix UAF on handle creation (git-fixes).
- drm/radeon: Use RMW accessors for changing LNKCTL (git-fixes).
- drm/repaper: Reduce temporary buffer size in repaper_fb_dirty() (git-fixes).
- drm/rockchip: Do not spam logs in atomic check (git-fixes).
- drm/shmem-helper: Reset vma->vm_ops before calling dma_buf_mmap() (git-fixes).
- drm/stm: ltdc: fix late dereference check (git-fixes).
- drm/tegra: dpaux: Fix incorrect return value of platform_get_irq (git-fixes).
- drm/ttm: check null pointer before accessing when swapping (git-fixes).
- drm/ttm: never consider pinned BOs for eviction&swap (git-fixes).
- drm/vmwgfx: Fix shader stage validation (git-fixes).
- drm: adv7511: Fix low refresh rate register for ADV7533/5 (git-fixes).
- drm: gm12u320: Fix the timeout usage for usb_bulk_msg() (git-fixes).
- drm: rcar-du: remove R-Car H3 ES1.* workarounds (git-fixes).
- drm: xlnx: zynqmp_dpsub: Add missing check for dma_set_mask (git-fixes).
- dt-bindings: clock: xlnx,versal-clk: drop select:false (git-fixes).
- dt-bindings: clocks: imx8mp: make sai4 a dummy clock (git-fixes).
- dt-bindings: crypto: ti,sa2ul: make power-domains conditional (git-fixes).
- e1000: Fix typos in comments (jsc#PED-5738).
- e1000: Remove unnecessary use of kmap_atomic() (jsc#PED-5738).
- e1000: switch to napi_build_skb() (jsc#PED-5738).
- e1000: switch to napi_consume_skb() (jsc#PED-5738).
- exfat: fix unexpected EOF while reading dir (bsc#1214000).
- exfat: release s_lock before calling dir_emit() (bsc#1214000).
- exfat_iterate(): do not open-code file_inode(file) (bsc#1214000).
- fbdev/ep93xx-fb: Do not assign to struct fb_info.dev (git-fixes).
- fbdev: Fix sys_imageblit() for arbitrary image widths (git-fixes).
- fbdev: Improve performance of sys_imageblit() (git-fixes).
- fbdev: Update fbdev source file paths (git-fixes).
- fbdev: fix potential OOB read in fast_imageblit() (git-fixes).
- fbdev: mmp: fix value check in mmphw_probe() (git-fixes).
- file: reinstate f_pos locking optimization for regular files (bsc#1213759).
- firmware: arm_scmi: Drop OF node reference in the transport channel setup (git-fixes).
- firmware: cs_dsp: Fix new control name check (git-fixes).
- firmware: meson_sm: fix to avoid potential NULL pointer dereference (git-fixes).
- firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe (git-fixes).
- fprobe: Release rethook after the ftrace_ops is unregistered (git-fixes).
- fprobe: add unlock to match a succeeded ftrace_test_recursion_trylock (git-fixes).
- fs/sysv: Null check to prevent null-ptr-deref bug (git-fixes).
- fs: do not update freeing inode i_io_list (bsc#1214813).
- fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE (bsc#1214813).
- fsi: aspeed: Reset master errors after CFAM reset (git-fixes).
- fsi: master-ast-cf: Add MODULE_FIRMWARE macro (git-fixes).
- ftrace: Fix possible warning on checking all pages used in ftrace_process_locs() (git-fixes).
- gpio: mvebu: Make use of devm_pwmchip_add (git-fixes).
- gpio: mvebu: fix irq domain leak (git-fixes).
- gpio: tps68470: Make tps68470_gpio_output() always set the initial value (git-fixes).
- hv_netvsc: Remove second mapping of send and recv buffers (bsc#1206453).
- hwmon: (pmbus/bel-pfe) Enable PMBUS_SKIP_STATUS_CHECK for pfe1100 (git-fixes).
- hwmon: (tmp513) Fix the channel number in tmp51x_is_visible() (git-fixes).
- hwrng: iproc-rng200 - Implement suspend and resume calls (git-fixes).
- hwrng: nomadik - keep clock enabled while hwrng is registered (git-fixes).
- hwrng: pic32 - use devm_clk_get_enabled (git-fixes).
- i2c: Delete error messages for failed memory allocations (git-fixes).
- i2c: Improve size determinations (git-fixes).
- i2c: aspeed: Reset the i2c controller when timeout occurs (git-fixes).
- i2c: bcm-iproc: Fix bcm_iproc_i2c_isr deadlock issue (git-fixes).
- i2c: designware: Correct length byte validation logic (git-fixes).
- i2c: designware: Handle invalid SMBus block data response length value (git-fixes).
- i2c: hisi: Only handle the interrupt of the driver's transfer (git-fixes).
- i2c: nomadik: Remove a useless call in the remove function (git-fixes).
- i2c: nomadik: Remove unnecessary goto label (git-fixes).
- i2c: nomadik: Use devm_clk_get_enabled() (git-fixes).
- i3c: master: svc: fix probe failure when no i3c device exist (git-fixes).
- i40e: Fix an NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes).
- iavf: fix potential races for FDIR filters (git-fixes).
- ice: Fix RDMA VSI removal during queue rebuild (git-fixes).
- ice: Fix crash by keep old cfg when update TCs more than queues (git-fixes).
- ice: Fix max_rate check while configuring TX rate limits (git-fixes).
- ice: Fix memory management in ice_ethtool_fdir.c (git-fixes).
- idr: fix param name in idr_alloc_cyclic() doc (git-fixes).
- iio: adc: ina2xx: avoid NULL pointer dereference on OF device match (git-fixes).
- iio: adc: stx104: Implement and utilize register structures (git-fixes).
- iio: adc: stx104: Utilize iomap interface (git-fixes).
- iio: cros_ec: Fix the allocation size for cros_ec_command (git-fixes).
- intel/e1000:fix repeated words in comments (jsc#PED-5738).
- intel: remove unused macros (jsc#PED-5738).
- iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback (bsc#1212423).
- iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback (bsc#1212423).
- iommu/amd: Add PCI segment support for ivrs_ commands (git-fixes).
- iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support (bsc#1212423).
- iommu/amd: Do not identity map v2 capable device when snp is enabled (git-fixes).
- iommu/amd: Fix compile warning in init code (git-fixes).
- iommu/amd: Fix ill-formed ivrs_ioapic, ivrs_hpet and ivrs_acpihid options (git-fixes).
- iommu/amd: Fix ivrs_acpihid cmdline parsing code (git-fixes).
- iommu/amd: Fix pci device refcount leak in ppr_notifier() (git-fixes).
- iommu/amd: use full 64-bit value in build_completion_wait() (git-fixes).
- iommu/arm-smmu-v3: Make default domain type of HiSilicon PTT device to identity (git-fixes).
- iommu/arm-smmu-v3: check return value after calling platform_get_resource() (git-fixes).
- iommu/arm-smmu-v3: fix event handling soft lockup (git-fixes).
- iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe() (git-fixes).
- iommu/dart: Initialize DART_STREAMS_ENABLE (git-fixes).
- iommu/dma: Fix incorrect error return on iommu deferred attach (git-fixes).
- iommu/dma: Fix iova map result check bug (git-fixes).
- iommu/dma: return error code from iommu_dma_map_sg() (git-fixes).
- iommu/fsl_pamu: Fix resource leak in fsl_pamu_probe() (git-fixes).
- iommu/io-pgtable-arm-v7s: Add a quirk to allow pgtable PA up to 35bit (git-fixes).
- iommu/iova: Fix module config properly (git-fixes).
- iommu/mediatek: Add error path for loop of mm_dts_parse (git-fixes).
- iommu/mediatek: Add platform_device_put for recovering the device refcnt (git-fixes).
- iommu/mediatek: Check return value after calling platform_get_resource() (git-fixes).
- iommu/mediatek: Set dma_mask for PGTABLE_PA_35_EN (git-fixes).
- iommu/mediatek: Use component_match_add (git-fixes).
- iommu/mediatek: Validate number of phandles associated with "mediatek,larbs" (git-fixes).
- iommu/omap: Fix buffer overflow in debugfs (git-fixes).
- iommu/rockchip: fix permission bits in page table entries v2 (git-fixes).
- iommu/s390: Fix duplicate domain attachments (git-fixes).
- iommu/sun50i: Consider all fault sources for reset (git-fixes).
- iommu/sun50i: Fix R/W permission check (git-fixes).
- iommu/sun50i: Fix flush size (git-fixes).
- iommu/sun50i: Fix reset release (git-fixes).
- iommu/sun50i: Implement .iotlb_sync_map (git-fixes).
- iommu/sun50i: Remove IOMMU_DOMAIN_IDENTITY (git-fixes).
- iommu/vt-d: Add RPLS to quirk list to skip TE disabling (git-fixes).
- iommu/vt-d: Check correct capability for sagaw determination (git-fixes).
- iommu/vt-d: Clean up si_domain in the init_dmars() error path (git-fixes).
- iommu/vt-d: Correctly calculate sagaw value of IOMMU (git-fixes).
- iommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init() (git-fixes).
- iommu/vt-d: Fix PCI device refcount leak in has_external_pci() (git-fixes).
- iommu/vt-d: Fix kdump kernels boot failure with scalable mode (git-fixes).
- iommu/vt-d: Preset Access bit for IOVA in FL non-leaf paging entries (git-fixes).
- iommu/vt-d: Set SRE bit only when hardware has SRS cap (git-fixes).
- ipmi:ssif: Add check for kstrdup (git-fixes).
- ipmi:ssif: Fix a memory leak when scanning for an adapter (git-fixes).
- ipmi_si: fix a memleak in try_smi_init() (git-fixes).
- jffs2: correct logic when creating a hole in jffs2_write_begin (git-fixes).
- kabi/severities: Ignore newly added SRSO mitigation functions
- kabi/severities: ignore mlx4 internal symbols
- kabi: Allow extra bugsints (bsc#1213927).
- kabi: hide changes in enum ipl_type and struct sclp_info (jsc#PED-2023 jsc#PED-2025).
- kconfig: fix possible buffer overflow (git-fixes).
- kernel-binary: Common dependencies cleanup Common dependencies are copied to a subpackage, there is no need for copying defines or build dependencies there.
- kernel-binary: Drop code for kerntypes support Kerntypes was a SUSE-specific feature dropped before SLE 12.
- kselftest/runner.sh: Propagate SIGTERM to runner child (git-fixes).
- kunit: make kunit_test_timeout compatible with comment (git-fixes).
- leds: Fix BUG_ON check for LED_COLOR_ID_MULTI that is always false (git-fixes).
- leds: multicolor: Use rounded division when calculating color components (git-fixes).
- leds: pwm: Fix error code in led_pwm_create_fwnode() (git-fixes).
- leds: trigger: tty: Do not use LED_ON/OFF constants, use led_blink_set_oneshot instead (git-fixes).
- leds: turris-omnia: Drop unnecessary mutex locking (git-fixes).
- lib/test_meminit: allocate pages up to order MAX_ORDER (git-fixes).
- lib/test_meminit: destroy cache in kmem_cache_alloc_bulk() test (git-fixes).
- libbpf: Fix BTF-to-C converter's padding logic (bsc#1211220 jsc#PED-3924).
- libbpf: Fix btf_dump's packed struct determination (bsc#1211220 jsc#PED-3924).
- libbpf: Fix single-line struct definition output in btf_dump (bsc#1211220 jsc#PED-3924).
- libceph: fix potential hang in ceph_osdc_notify() (bsc#1214393).
- md/raid0: Factor out helper for mapping and submitting a bio (bsc#1213916).
- md/raid0: Fix performance regression for large sequential writes (bsc#1213916).
- media: ad5820: Drop unsupported ad5823 from i2c_ and of_device_id tables (git-fixes).
- media: cx24120: Add retval check for cx24120_message_send() (git-fixes).
- media: dib7000p: Fix potential division by zero (git-fixes).
- media: dvb-usb: m920x: Fix a potential memory leak in m920x_i2c_xfer() (git-fixes).
- media: go7007: Remove redundant if statement (git-fixes).
- media: i2c: ccs: Check rules is non-NULL (git-fixes).
- media: i2c: rdacm21: Fix uninitialized value (git-fixes).
- media: i2c: tvp5150: check return value of devm_kasprintf() (git-fixes).
- media: ov2680: Add ov2680_fill_format() helper function (git-fixes).
- media: ov2680: Do not take the lock for try_fmt calls (git-fixes).
- media: ov2680: Fix ov2680_bayer_order() (git-fixes).
- media: ov2680: Fix ov2680_set_fmt() which == V4L2_SUBDEV_FORMAT_TRY not working (git-fixes).
- media: ov2680: Fix regulators being left enabled on ov2680_power_on() errors (git-fixes).
- media: ov2680: Fix vflip / hflip set functions (git-fixes).
- media: ov2680: Remove VIDEO_V4L2_SUBDEV_API ifdef-s (git-fixes).
- media: ov5640: Enable MIPI interface in ov5640_set_power_mipi() (git-fixes).
- media: rkvdec: increase max supported height for H.264 (git-fixes).
- media: v4l2-core: Fix a potential resource leak in v4l2_fwnode_parse_link() (git-fixes).
- media: v4l2-mem2mem: add lock to protect parameter num_rdy (git-fixes).
- media: venus: hfi_venus: Only consider sys_idle_indicator on V1 (git-fixes).
- media: venus: hfi_venus: Write to VIDC_CTRL_INIT after unmasking interrupts (git-fixes).
- misc: rtsx: judge ASPM Mode to set PETXCFG Reg (git-fixes).
- mkspec: Allow unsupported KMPs (bsc#1214386)
- mlx4: Avoid resetting MLX4_INTFF_BONDING per driver (bsc#1187236).
- mlx4: Connect the ethernet part to the auxiliary bus (bsc#1187236).
- mlx4: Connect the infiniband part to the auxiliary bus (bsc#1187236).
- mlx4: Delete custom device management logic (bsc#1187236).
- mlx4: Get rid of the mlx4_interface.activate callback (bsc#1187236).
- mlx4: Get rid of the mlx4_interface.get_dev callback (bsc#1187236).
- mlx4: Move the bond work to the core driver (bsc#1187236).
- mlx4: Register mlx4 devices to an auxiliary virtual bus (bsc#1187236).
- mlx4: Rename member mlx4_en_dev.nb to netdev_nb (bsc#1187236).
- mlx4: Replace the mlx4_interface.event callback with a notifier (bsc#1187236).
- mlx4: Use 'void *' as the event param of mlx4_dispatch_event() (bsc#1187236).
- mlxsw: pci: Add shutdown method in PCI driver (git-fixes).
- mmc: block: Fix in_flight[issue_type] value error (git-fixes).
- mmc: moxart: read scr register without changing byte order (git-fixes).
- mmc: wbsd: fix double mmc_free_host() in wbsd_init() (git-fixes).
- module: avoid allocation if module is already present and ready (bsc#1213921).
- module: extract patient module check into helper (bsc#1213921).
- module: move check_modinfo() early to early_mod_check() (bsc#1213921).
- module: move early sanity checks into a helper (bsc#1213921).
- mtd: rawnand: brcmnand: Fix crash during the panic_write (git-fixes).
- mtd: rawnand: brcmnand: Fix mtd oobsize (git-fixes).
- mtd: rawnand: brcmnand: Fix potential false time out warning (git-fixes).
- mtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write (git-fixes).
- mtd: rawnand: fsl_upm: Fix an off-by one test in fun_exec_op() (git-fixes).
- mtd: rawnand: fsmc: handle clk prepare error in fsmc_nand_resume() (git-fixes).
- mtd: rawnand: omap_elm: Fix incorrect type in assignment (git-fixes).
- mtd: rawnand: rockchip: Align hwecc vs. raw page helper layouts (git-fixes).
- mtd: rawnand: rockchip: fix oobfree offset and description (git-fixes).
- mtd: spi-nor: Check bus width while setting QE bit (git-fixes).
- mtd: spinand: toshiba: Fix ecc_get_status (git-fixes).
- n_tty: Rename tail to old_tail in n_tty_read() (git-fixes).
- net/mlx4: Remove many unnecessary NULL values (bsc#1187236).
- net: hns3: fix wrong bw weight of disabled tc issue (git-fixes).
- net: ieee802154: at86rf230: Stop leaking skb's (git-fixes).
- net: mana: Fix MANA VF unload when hardware is unresponsive (git-fixes).
- net: phy: at803x: remove set/get wol callbacks for AR8032 (git-fixes).
- net: phy: broadcom: stub c45 read/write for 54810 (git-fixes).
- net: phy: fix IRQ-based wake-on-lan over hibernate / power off (git-fixes).
- net: phy: micrel: Correct bit assignments for phy_device flags (git-fixes).
- net: stmmac: tegra: Properly allocate clock bulk data (bsc#1213733)
- net: usb: lan78xx: reorder cleanup operations to avoid UAF bugs (git-fixes).
- net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb (git-fixes).
- netfs: Fix lockdep warning from taking sb_writers whilst holding mmap_lock (bsc#1214742).
- netfs: Fix missing xas_retry() calls in xarray iteration (bsc#1213946 bsc#1214404).
- netfs: Fix missing xas_retry() calls in xarray iteration (bsc#1213946).
- netfs: fix parameter of cleanup() (bsc#1214743).
- nfsd: Remove incorrect check in nfsd4_validate_stateid (git-fixes).
- nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse (git-fixes).
- nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput (git-fixes).
- ntb: Clean up tx tail index on link down (git-fixes).
- ntb: Drop packets when qp link is down (git-fixes).
- ntb: Fix calculation ntb_transport_tx_free_entry() (git-fixes).
- nvme-rdma: fix potential unbalanced freeze & unfreeze (bsc#1208902).
- nvme-tcp: fix potential unbalanced freeze & unfreeze (bsc#1208902).
- objtool/x86: Fix SRSO mess (git-fixes).
- objtool/x86: Fixup frame-pointer vs rethunk (git-fixes).
- objtool: Union instruction::{call_dest,jump_table} (git-fixes).
- old-flavors: Drop 2.6 kernels. 2.6 based kernels are EOL, upgrading from them is no longer suported.
- pcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db() (git-fixes).
- phy/rockchip: inno-hdmi: do not power on rk3328 post pll on reg write (git-fixes).
- phy/rockchip: inno-hdmi: round fractal pixclock in rk3328 recalc_rate (git-fixes).
- phy/rockchip: inno-hdmi: use correct vco_div_5 macro on rk3328 (git-fixes).
- phy: qcom-snps-femto-v2: keep cfg_ahb_clk enabled during runtime suspend (git-fixes).
- phy: qcom-snps-femto-v2: properly enable ref clock (git-fixes).
- phy: qcom-snps: Use dev_err_probe() to simplify code (git-fixes).
- phy: qcom-snps: correct struct qcom_snps_hsphy kerneldoc (git-fixes).
- pinctrl: amd: Mask wake bits on probe again (git-fixes).
- pinctrl: amd: Revert "pinctrl: amd: disable and mask interrupts on probe" (git-fixes).
- pinctrl: cherryview: fix address_space_handler() argument (git-fixes).
- pinctrl: mcp23s08: check return value of devm_kasprintf() (git-fixes).
- pinctrl: renesas: rza2: Add lock around pinctrl_generic{{add,remove}_group,{add,remove}_function} (git-fixes).
- platform/mellanox: mlxbf-pmc: Fix potential buffer overflows (git-fixes).
- platform/mellanox: mlxbf-pmc: Fix reading of unprogrammed events (git-fixes).
- platform/mellanox: mlxbf-tmfifo: Drop jumbo frames (git-fixes).
- platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more descriptors (git-fixes).
- platform/x86: dell-sysman: Fix reference leak (git-fixes).
- powerpc/64e: Fix kexec build error (bsc#1212091 ltc#199106).
- powerpc/iommu: Fix iommu_table_in_use for a small default DMA window case (bsc#1212091 ltc#199106).
- powerpc/iommu: Fix notifiers being shared by PCI and VIO buses (bsc#1065729).
- powerpc/iommu: Incorrect DDW Table is referenced for SR-IOV device (bsc#1212091 ltc#199106).
- powerpc/iommu: TCEs are incorrectly manipulated with DLPAR add/remove of memory (bsc#1212091 ltc#199106).
- powerpc/iommu: do not set failed sg dma_address to DMA_MAPPING_ERROR (bsc#1212091 ltc#199106).
- powerpc/iommu: return error code from .map_sg() ops (bsc#1212091 ltc#199106).
- powerpc/kernel/iommu: Add new iommu_table_in_use() helper (bsc#1212091 ltc#199106).
- powerpc/kexec: Fix build failure from uninitialised variable (bsc#1212091 ltc#199106).
- powerpc/mm/altmap: Fix altmap boundary check (bsc#1120059 git-fixes).
- powerpc/pseries/ddw: Do not try direct mapping with persistent memory and one window (bsc#1212091 ltc#199106).
- powerpc/pseries/ddw: simplify enable_ddw() (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Add ddw_list_new_entry() helper (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Add ddw_property_create() and refactor enable_ddw() (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Add iommu_pseries_alloc_table() helper (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Add of_node_put() before break (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Allow DDW windows starting at 0x00 (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Check if the default window in use before removing it (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Create huge DMA window if no MMIO32 is present (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Find existing DDW with given property name (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Make use of DDW for indirect mapping (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Print ibm,query-pe-dma-windows parameters (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Rename "direct window" to "dma window" (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Reorganize iommu_table_setparms*() with new helper (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Replace hard-coded page shift (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Update remove_dma_window() to accept property name (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Use correct vfree for it_map (bsc#1212091 ltc#199106).
- powerpc/pseries: Add __init attribute to eligible functions (bsc#1212091 ltc#199106).
- powerpc/pseries: Honour current SMT state when DLPAR onlining CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- powerpc/pseries: Initialise CPU hotplug callbacks earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- powerpc/rtas: block error injection when locked down (bsc#1023051).
- powerpc/rtas: enture rtas_call is called with MMU enabled (bsc#1023051).
- powerpc/rtas: mandate RTAS syscall filtering (bsc#1023051).
- powerpc/rtas_flash: allow user copy to flash block cache objects (bsc#1194869).
- powerpc/security: Fix Speculation_Store_Bypass reporting on Power10 (bsc#1188885 ltc#193722 git-fixes).
- powerpc/xics: Remove unnecessary endian conversion (bsc#1065729).
- powerpc: Add HOTPLUG_SMT support (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). Update config files.
- powerpc: Move DMA64_PROPNAME define to a header (bsc#1214297 ltc#197503).
- powerpc: fix typos in comments (bsc#1212091 ltc#199106).
- pseries/iommu/ddw: Fix kdump to work in absence of ibm,dma-window (bsc#1214297 ltc#197503).
- pstore/ram: Check start of empty przs during init (git-fixes).
- pwm: Add a stub for devm_pwmchip_add() (git-fixes).
- pwm: lpc32xx: Remove handling of PWM channels (git-fixes).
- pwm: meson: Simplify duplicated per-channel tracking (git-fixes).
- pwm: meson: fix handling of period/duty if greater than UINT_MAX (git-fixes).
- qed: Fix scheduling in a tasklet while getting stats (git-fixes).
- regmap: rbtree: Use alloc_flags for memory allocations (git-fixes).
- ring-buffer: Do not swap cpu_buffer during resize process (git-fixes).
- ring-buffer: Fix deadloop issue on reading trace_pipe (git-fixes).
- ring-buffer: Fix wrong stat of cpu_buffer->read (git-fixes).
- rpm/mkspec-dtb: support for nested subdirs.
- rpmsg: glink: Add check for kstrdup (git-fixes).
- rt: Add helper script to refresh RT configs based on the parent (SLE Realtime Extension).
- s390/dasd: fix command reject error on ESE devices (LTC#203630 bsc#1215123 git-fixes).
- s390/dasd: fix hanging device after request requeue (git-fixes LTC#203629 bsc#1215124).
- s390/ipl: add DEFINE_GENERIC_LOADPARM() (jsc#PED-2023).
- s390/ipl: add eckd dump support (jsc#PED-2025).
- s390/ipl: add eckd support (jsc#PED-2023).
- s390/ipl: add loadparm parameter to eckd ipl/reipl data (jsc#PED-2023).
- s390/ipl: add missing secure/has_secure file to ipl type 'unknown' (bsc#1214976).
- s390/ipl: use octal values instead of S_* macros (jsc#PED-2023).
- s390/purgatory: disable branch profiling (git-fixes bsc#1214372).
- s390/qeth: Do not call dev_close/dev_open (DOWN/UP) (bsc#1214873 git-fixes).
- s390/zcrypt: do not leak memory if dev_set_name() fails (git-fixes bsc#1215148).
- s390/zcrypt: fix reply buffer calculations for CCA replies (bsc#1213949).
- sched/fair: Fix inaccurate tally of ttwu_move_affine (git fixes).
- sched/fair: Use recent_used_cpu to test p->cpus_ptr (git fixes).
- sched/psi: use kernfs polling functions for PSI trigger polling (bsc#1209799).
- scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() (git-fixes).
- scsi: 53c700: Check that command slot is not NULL (git-fixes).
- scsi: RDMA/srp: Fix residual handling (git-fixes)
- scsi: bsg: Increase number of devices (bsc#1210048).
- scsi: core: Do not wait for quiesce in scsi_device_block() (bsc#1209284).
- scsi: core: Do not wait for quiesce in scsi_stop_queue() (bsc#1209284).
- scsi: core: Fix legacy /proc parsing buffer overflow (git-fixes).
- scsi: core: Fix possible memory leak if device_add() fails (git-fixes).
- scsi: core: Improve warning message in scsi_device_block() (bsc#1209284).
- scsi: core: Merge scsi_internal_device_block() and device_block() (bsc#1209284).
- scsi: fnic: Replace return codes in fnic_clean_pending_aborts() (git-fixes).
- scsi: lpfc: Do not abuse UUID APIs and LPFC_COMPRESS_VMID_SIZE (git-fixes).
- scsi: lpfc: Modify when a node should be put in device recovery mode during RSCN (git-fixes).
- scsi: lpfc: Remove reftag check in DIF paths (git-fixes).
- scsi: qedf: Fix NULL dereference in error handling (git-fixes).
- scsi: qedf: Fix firmware halt over suspend and resume (git-fixes).
- scsi: qedi: Fix firmware halt over suspend and resume (git-fixes).
- scsi: qla2xxx: Add logs for SFP temperature monitoring (bsc#1214928).
- scsi: qla2xxx: Allow 32-byte CDBs (bsc#1214928).
- scsi: qla2xxx: Error code did not return to upper layer (bsc#1214928).
- scsi: qla2xxx: Fix firmware resource tracking (bsc#1214928).
- scsi: qla2xxx: Fix smatch warn for qla_init_iocb_limit() (bsc#1214928).
- scsi: qla2xxx: Flush mailbox commands on chip reset (bsc#1214928).
- scsi: qla2xxx: Move resource to allow code reuse (bsc#1214928).
- scsi: qla2xxx: Remove unsupported ql2xenabledif option (bsc#1214928).
- scsi: qla2xxx: Remove unused declarations (bsc#1214928).
- scsi: qla2xxx: Remove unused variables in qla24xx_build_scsi_type_6_iocbs() (bsc#1214928).
- scsi: qla2xxx: Update version to 10.02.09.100-k (bsc#1214928).
- scsi: scsi_debug: Remove dead code (git-fixes).
- scsi: sg: Increase number of devices (bsc#1210048).
- scsi: snic: Fix double free in snic_tgt_create() (git-fixes).
- scsi: snic: Fix possible memory leak if device_add() fails (git-fixes).
- scsi: storvsc: Always set no_report_opcodes (git-fixes).
- scsi: storvsc: Fix handling of virtual Fibre Channel timeouts (git-fixes).
- scsi: storvsc: Handle SRB status value 0x30 (git-fixes).
- scsi: storvsc: Limit max_sectors for virtual Fibre Channel devices (git-fixes).
- scsi: zfcp: Defer fc_rport blocking until after ADISC response (git-fixes bsc#1214371).
- selftests/bpf: Test btf dump for struct with padding only fields (bsc#1211220 jsc#PED-3924).
- selftests/futex: Order calls to futex_lock_pi (git-fixes).
- selftests/harness: Actually report SKIP for signal tests (git-fixes).
- selftests/resctrl: Close perf value read fd on errors (git-fixes).
- selftests/resctrl: Do not leak buffer in fill_cache() (git-fixes).
- selftests/resctrl: Unmount resctrl FS if child fails to run benchmark (git-fixes).
- selftests/rseq: check if libc rseq support is registered (git-fixes).
- selftests: forwarding: Add a helper to skip test when using veth pairs (git-fixes).
- selftests: forwarding: Skip test when no interfaces are specified (git-fixes).
- selftests: forwarding: Switch off timeout (git-fixes).
- selftests: forwarding: ethtool: Skip when using veth pairs (git-fixes).
- selftests: forwarding: ethtool_extended_state: Skip when using veth pairs (git-fixes).
- selftests: forwarding: tc_actions: Use ncat instead of nc (git-fixes).
- selftests: forwarding: tc_actions: cleanup temporary files when test is aborted (git-fixes).
- selftests: forwarding: tc_flower: Relax success criterion (git-fixes).
- selftests: mirror_gre_changes: Tighten up the TTL test match (git-fixes).
- selftests: tracing: Fix to unmount tracefs for recovering environment (git-fixes).
- serial: sc16is7xx: fix broken port 0 uart init (git-fixes).
- serial: sc16is7xx: fix bug when first setting GPIO direction (git-fixes).
- serial: sprd: Assign sprd_port after initialized to avoid wrong access (git-fixes).
- serial: sprd: Fix DMA buffer leak issue (git-fixes).
- serial: tegra: handle clk prepare error in tegra_uart_hw_init() (git-fixes).
- sfc: fix crash when reading stats while NIC is resetting (git-fixes).
- smb3: Do not send lease break acknowledgment if all file handles have been closed (git-fixes).
- smb3: do not set NTLMSSP_VERSION flag for negotiate not auth request (bsc#1193629).
- smb: client: Fix -Wstringop-overflow issues (bsc#1193629).
- smb: client: fix dfs link mount against w2k8 (bsc#1212142).
- smb: client: fix null auth (git-fixes).
- soc: aspeed: socinfo: Add kfree for kstrdup (git-fixes).
- soundwire: bus: pm_runtime_request_resume on peripheral attachment (git-fixes).
- soundwire: fix enumeration completion (git-fixes).
- spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe() (git-fixes).
- supported.conf: fix typos for -!optional markers
- swiotlb: Remove bounce buffer remapping for Hyper-V (bsc#1206453).
- target: compare and write backend driver sense handling (bsc#1177719 bsc#1213026).
- target_core_rbd: fix leak and reduce kmalloc calls (bsc#1212873).
- target_core_rbd: fix rbd_img_request.snap_id assignment (bsc#1212857).
- target_core_rbd: remove snapshot existence validation code (bsc#1212857).
- tcpm: Avoid soft reset when partner does not support get_status (git-fixes).
- thunderbolt: Read retimer NVM authentication status prior tb_retimer_set_inbound_sbtx() (git-fixes).
- timers: Add shutdown mechanism to the internal functions (bsc#1213970).
- timers: Provide timer_shutdown[_sync]() (bsc#1213970).
- timers: Rename del_timer() to timer_delete() (bsc#1213970).
- timers: Rename del_timer_sync() to timer_delete_sync() (bsc#1213970).
- timers: Replace BUG_ON()s (bsc#1213970).
- timers: Silently ignore timers with a NULL function (bsc#1213970).
- timers: Split [try_to_]del_timer[_sync]() to prepare for shutdown mode (bsc#1213970).
- timers: Update kernel-doc for various functions (bsc#1213970).
- timers: Use del_timer_sync() even on UP (bsc#1213970).
- tracing/histograms: Add histograms to hist_vars if they have referenced variables (git-fixes).
- tracing/histograms: Return an error if we fail to add histogram to hist_vars list (git-fixes).
- tracing/probes: Fix not to count error code to total length (git-fixes).
- tracing/probes: Fix to avoid double count of the string length on the array (git-fixes).
- tracing/probes: Fix to record 0-length data_loc in fetch_store_string*() if fails (git-fixes).
- tracing/probes: Fix to update dynamic data counter if fetcharg uses it (git-fixes).
- tracing: Fix cpu buffers unavailable due to 'record_disabled' missed (git-fixes).
- tracing: Fix memleak due to race between current_tracer and trace (git-fixes).
- tracing: Fix memory leak of iter->temp when reading trace_pipe (git-fixes).
- tracing: Fix null pointer dereference in tracing_err_log_open() (git-fixes).
- tracing: Fix race issue between cpu buffer write and swap (git-fixes).
- tracing: Fix warning in trace_buffered_event_disable() (git-fixes).
- tracing: Remove extra space at the end of hwlat_detector/mode (git-fixes).
- tracing: Remove unnecessary copying of tr->current_trace (git-fixes).
- tty: fix hang on tty device with no_room set (git-fixes).
- tty: n_gsm: fix the UAF caused by race condition in gsm_cleanup_mux (git-fixes).
- tty: serial: fsl_lpuart: Add i.MXRT1050 support (git-fixes).
- tty: serial: fsl_lpuart: Clear the error flags by writing 1 for lpuart32 platforms (git-fixes).
- tty: serial: fsl_lpuart: make rx_watermark configurable for different platforms (git-fixes).
- tty: serial: fsl_lpuart: reduce RX watermark to 0 on LS1028A (git-fixes).
- ubifs: Fix memleak when insert_old_idx() failed (git-fixes).
- uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix (git-fixes).
- usb-storage: alauda: Fix uninit-value in alauda_check_media() (git-fixes).
- usb: chipidea: imx: add missing USB PHY DPDM wakeup setting (git-fixes).
- usb: chipidea: imx: do not request QoS for imx8ulp (git-fixes).
- usb: chipidea: imx: improve logic if samsung,picophy-* parameter is 0 (git-fixes).
- usb: common: usb-conn-gpio: Prevent bailing out if initial role is none (git-fixes).
- usb: dwc3: Fix typos in gadget.c (git-fixes).
- usb: dwc3: Properly handle processing of pending events (git-fixes).
- usb: dwc3: meson-g12a: do post init to fix broken usb after resumption (git-fixes).
- usb: gadget: Fix the memory leak in raw_gadget driver (git-fixes).
- usb: gadget: f_mass_storage: Fix unused variable warning (git-fixes).
- usb: gadget: u_serial: Avoid spinlock recursion in __gs_console_push (git-fixes).
- usb: ohci-at91: Fix the unhandle interrupt when resume (git-fixes).
- usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host() (git-fixes).
- usb: quirks: add quirk for Focusrite Scarlett (git-fixes).
- usb: serial: option: add FOXCONN T99W368/T99W373 product (git-fixes).
- usb: serial: option: add Quectel EC200A module support (git-fixes).
- usb: serial: option: add Quectel EM05G variant (0x030e) (git-fixes).
- usb: serial: option: support Quectel EM060K_128 (git-fixes).
- usb: serial: simple: add Kaufmann RKS+CAN VCP (git-fixes).
- usb: serial: simple: sort driver entries (git-fixes).
- usb: typec: altmodes/displayport: Signal hpd when configuring pin assignment (git-fixes).
- usb: typec: tcpci: clear the fault status bit (git-fixes).
- usb: typec: tcpci: move tcpci.h to include/linux/usb/ (git-fixes).
- usb: typec: tcpm: Fix response to vsafe0V event (git-fixes).
- usb: typec: tcpm: set initial svdm version based on pd revision (git-fixes).
- usb: zaurus: Add ID for A-300/B-500/C-700 (git-fixes).
- watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load (git-fixes).
- watchdog: sp5100_tco: support Hygon FCH/SCH (Server Controller Hub) (git-fixes).
- wifi: ath10k: Use RMW accessors for changing LNKCTL (git-fixes).
- wifi: ath11k: Use RMW accessors for changing LNKCTL (git-fixes).
- wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx (git-fixes).
- wifi: ath9k: protect WMI command response buffer replacement with a lock (git-fixes).
- wifi: ath9k: use IS_ERR() with debugfs_create_dir() (git-fixes).
- wifi: cfg80211: Fix return value in scan logic (git-fixes).
- wifi: cfg80211: fix sband iftype data lookup for AP_VLAN (git-fixes).
- wifi: mt76: mt7615: do not advertise 5 GHz on first phy of MT7615D (DBDC) (git-fixes).
- wifi: mt76: mt7915: fix power-limits while chan_switch (git-fixes).
- wifi: mt76: mt7921: do not support one stream on secondary antenna only (git-fixes).
- wifi: mt76: mt7921: fix non-PSC channel scan fail (git-fixes).
- wifi: mt76: testmode: add nla_policy for MT76_TM_ATTR_TX_LENGTH (git-fixes).
- wifi: mwifiex: Fix OOB and integer underflow when rx packets (git-fixes).
- wifi: mwifiex: Fix missed return in oob checks failed path (git-fixes).
- wifi: mwifiex: avoid possible NULL skb pointer dereference (git-fixes).
- wifi: mwifiex: fix error recovery in PCIE buffer descriptor management (git-fixes).
- wifi: mwifiex: fix memory leak in mwifiex_histogram_read() (git-fixes).
- wifi: nl80211/cfg80211: add forgotten nla_policy for BSS color attribute (git-fixes).
- wifi: radiotap: fix kernel-doc notation warnings (git-fixes).
- wifi: rtw89: debug: Fix error handling in rtw89_debug_priv_btc_manual_set() (git-fixes).
- word-at-a-time: use the same return type for has_zero regardless of endianness (bsc#1065729).
- x86/CPU/AMD: Disable XSAVES on AMD family 0x17 (git-fixes).
- x86/alternative: Fix race in try_get_desc() (git-fixes).
- x86/alternative: Make custom return thunk unconditional (git-fixes).
- x86/boot/e820: Fix typo in e820.c comment (git-fixes).
- x86/bugs: Reset speculation control settings on init (git-fixes).
- x86/cpu/kvm: Provide UNTRAIN_RET_VM (git-fixes).
- x86/cpu: Add Lunar Lake M (git-fixes).
- x86/cpu: Add model number for Intel Arrow Lake processor (git-fixes).
- x86/cpu: Clean up SRSO return thunk mess (git-fixes).
- x86/cpu: Cleanup the untrain mess (git-fixes).
- x86/cpu: Fix __x86_return_thunk symbol type (git-fixes).
- x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk() (git-fixes).
- x86/cpu: Rename original retbleed methods (git-fixes).
- x86/cpu: Rename srso_(.*)_alias to srso_alias_\1 (git-fixes).
- x86/fpu: Take task_struct* in copy_sigframe_from_user_to_xstate() (git-fixes).
- x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed (git-fixes).
- x86/hyperv: Add an interface to do nested hypercalls (bsc#1206453).
- x86/hyperv: Add hv_isolation_type_tdx() to detect TDX guests (bsc#1206453).
- x86/hyperv: Add support for detecting nested hypervisor (bsc#1206453).
- x86/hyperv: Change vTOM handling to use standard coco mechanisms (bsc#1206453).
- x86/hyperv: Fix hyperv_pcpu_input_arg handling when CPUs go online/offline (bsc#1206453).
- x86/hyperv: Remove BUG_ON() for kmap_local_page() (bsc#1206453).
- x86/hyperv: Reorder code to facilitate future work (bsc#1206453).
- x86/hyperv: Replace kmap() with kmap_local_page() (bsc#1206453).
- x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL (git-fixes).
- x86/ioapic: Do not return 0 from arch_dynirq_lower_bound() (git-fixes).
- x86/ioremap: Add hypervisor callback for private MMIO mapping in coco (bsc#1206453).
- x86/ioremap: Fix page aligned size calculation in __ioremap_caller() (git-fixes).
- x86/mce: Make sure logged MCEs are processed after sysfs update (git-fixes).
- x86/mce: Retrieve poison range from hardware (git-fixes).
- x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build (git-fixes).
- x86/mm: Avoid incomplete Global INVLPG flushes (git-fixes).
- x86/mm: Do not shuffle CPU entry areas without KASLR (git-fixes).
- x86/mm: Handle decryption/re-encryption of bss_decrypted consistently (bsc#1206453).
- x86/purgatory: remove PGO flags (git-fixes).
- x86/reboot: Disable virtualization in an emergency if SVM is supported (git-fixes).
- x86/resctl: fix scheduler confusion with 'current' (git-fixes).
- x86/resctrl: Fix task CLOSID/RMID update race (git-fixes).
- x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register (git-fixes).
- x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG (git-fixes).
- x86/retpoline,kprobes: Skip optprobe check for indirect jumps with retpolines and IBT (git-fixes).
- x86/retpoline: Do not clobber RFLAGS during srso_safe_ret() (git-fixes).
- x86/rtc: Remove __init for runtime functions (git-fixes).
- x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635).
- x86/sgx: Reduce delay and interference of enclave release (git-fixes).
- x86/speculation: Add cpu_show_gds() prototype (git-fixes).
- x86/speculation: Mark all Skylake CPUs as vulnerable to GDS (git-fixes).
- x86/srso: Correct the mitigation status when SMT is disabled (git-fixes).
- x86/srso: Disable the mitigation on unaffected configurations (git-fixes).
- x86/srso: Explain the untraining sequences a bit more (git-fixes).
- x86/srso: Fix build breakage with the LLVM linker (git-fixes).
- x86/srso: Fix return thunks in generated code (git-fixes).
- x86/static_call: Fix __static_call_fixup() (git-fixes).
- x86/tdx: Add more registers to struct tdx_hypercall_args (bsc#1206453).
- x86/tdx: Do not corrupt frame-pointer in __tdx_hypercall() (bsc#1206453).
- x86/tdx: Expand __tdx_hypercall() to handle more arguments (bsc#1206453).
- x86/tdx: Fix typo in comment in __tdx_hypercall() (bsc#1206453).
- x86/tdx: Refactor __tdx_hypercall() to allow pass down more arguments (bsc#1206453).
- x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows) (git-fixes).
- xfs: fix sb write verify for lazysbcount (bsc#1214661).
kernel-rt-5.14.21-150500.13.18.1.nosrc.rpm
True
kernel-rt-5.14.21-150500.13.18.1.x86_64.rpm
True
openSUSE-Leap-Micro-5.5-2023-3963
Security update for libX11
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for libX11 fixes the following issues:
- CVE-2023-43786: Fixed stack exhaustion from infinite recursion in PutSubImage() (bsc#1215684).
- CVE-2023-43787: Fixed integer overflow in XCreateImage() leading to a heap overflow (bsc#1215685).
- CVE-2023-43785: Fixed out-of-bounds memory access in _XkbReadKeySyms() (bsc#1215683).
libX11-1.6.5-150000.3.33.1.src.rpm
libX11-6-1.6.5-150000.3.33.1.x86_64.rpm
libX11-data-1.6.5-150000.3.33.1.noarch.rpm
libX11-xcb1-1.6.5-150000.3.33.1.x86_64.rpm
libX11-6-1.6.5-150000.3.33.1.s390x.rpm
libX11-xcb1-1.6.5-150000.3.33.1.s390x.rpm
libX11-6-1.6.5-150000.3.33.1.aarch64.rpm
libX11-xcb1-1.6.5-150000.3.33.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4143
Recommended update for brltty, harfbuzz, libcdr, libmspub, libreoffice, libzmf, tepl, vte
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update provides rebuilds of various packages against the newer icu73 to support GB18030-2023.
This set contains libreoffice, various libraries used by libreoffice and GNOME, and brltty.
harfbuzz-3.4.0-150400.3.8.1.src.rpm
libharfbuzz-gobject0-3.4.0-150400.3.8.1.x86_64.rpm
libharfbuzz0-3.4.0-150400.3.8.1.x86_64.rpm
typelib-1_0-HarfBuzz-0_0-3.4.0-150400.3.8.1.x86_64.rpm
libharfbuzz-gobject0-3.4.0-150400.3.8.1.s390x.rpm
libharfbuzz0-3.4.0-150400.3.8.1.s390x.rpm
typelib-1_0-HarfBuzz-0_0-3.4.0-150400.3.8.1.s390x.rpm
libharfbuzz-gobject0-3.4.0-150400.3.8.1.aarch64.rpm
libharfbuzz0-3.4.0-150400.3.8.1.aarch64.rpm
typelib-1_0-HarfBuzz-0_0-3.4.0-150400.3.8.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-3970
Recommended update for dracut
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for dracut fixes the following issues:
- Honor nvme-cli's /etc/nvme/config.json in NVMe/TCP (bsc#1215578)
dracut-055+suse.371.g5237e44a-150500.3.12.1.src.rpm
dracut-055+suse.371.g5237e44a-150500.3.12.1.x86_64.rpm
dracut-fips-055+suse.371.g5237e44a-150500.3.12.1.x86_64.rpm
dracut-055+suse.371.g5237e44a-150500.3.12.1.s390x.rpm
dracut-fips-055+suse.371.g5237e44a-150500.3.12.1.s390x.rpm
dracut-055+suse.371.g5237e44a-150500.3.12.1.aarch64.rpm
dracut-fips-055+suse.371.g5237e44a-150500.3.12.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-3994
Recommended update for git
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for git fixes the following issues:
- Downgrade openssh dependency to recommends (bsc#1215533)
git-2.35.3-150300.10.30.1.src.rpm
git-2.35.3-150300.10.30.1.x86_64.rpm
git-core-2.35.3-150300.10.30.1.x86_64.rpm
perl-Git-2.35.3-150300.10.30.1.x86_64.rpm
git-2.35.3-150300.10.30.1.s390x.rpm
git-core-2.35.3-150300.10.30.1.s390x.rpm
perl-Git-2.35.3-150300.10.30.1.s390x.rpm
git-2.35.3-150300.10.30.1.aarch64.rpm
git-core-2.35.3-150300.10.30.1.aarch64.rpm
perl-Git-2.35.3-150300.10.30.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4110
Security update for glibc
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for glibc fixes the following issues:
Security issue fixed:
- CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931)
Also a regression from a previous update was fixed:
- elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676)
glibc-2.31-150300.63.1.src.rpm
glibc-2.31-150300.63.1.x86_64.rpm
glibc-devel-2.31-150300.63.1.x86_64.rpm
glibc-locale-2.31-150300.63.1.x86_64.rpm
glibc-locale-base-2.31-150300.63.1.x86_64.rpm
glibc-2.31-150300.63.1.s390x.rpm
glibc-devel-2.31-150300.63.1.s390x.rpm
glibc-locale-2.31-150300.63.1.s390x.rpm
glibc-locale-base-2.31-150300.63.1.s390x.rpm
glibc-2.31-150300.63.1.aarch64.rpm
glibc-devel-2.31-150300.63.1.aarch64.rpm
glibc-locale-2.31-150300.63.1.aarch64.rpm
glibc-locale-base-2.31-150300.63.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4112
Recommended update for open-vm-tools
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for open-vm-tools fixes the following issue:
- Ship correct open-vm-tools version to 15-SP4 (bsc#1205927)
libvmtools0-12.3.0-150300.40.1.x86_64.rpm
open-vm-tools-12.3.0-150300.40.1.src.rpm
open-vm-tools-12.3.0-150300.40.1.x86_64.rpm
openSUSE-Leap-Micro-5.5-2023-4231
Recommended update for python-kiwi
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for python-kiwi fixes the following issues:
- Add SECURE_BOOT no when the firmware is efi (bsc#1211102)
dracut-kiwi-lib-9.24.43-150100.3.62.1.x86_64.rpm
dracut-kiwi-oem-dump-9.24.43-150100.3.62.1.x86_64.rpm
dracut-kiwi-oem-repart-9.24.43-150100.3.62.1.x86_64.rpm
python-kiwi-9.24.43-150100.3.62.1.src.rpm
dracut-kiwi-lib-9.24.43-150100.3.62.1.s390x.rpm
dracut-kiwi-oem-dump-9.24.43-150100.3.62.1.s390x.rpm
dracut-kiwi-oem-repart-9.24.43-150100.3.62.1.s390x.rpm
dracut-kiwi-lib-9.24.43-150100.3.62.1.aarch64.rpm
dracut-kiwi-oem-dump-9.24.43-150100.3.62.1.aarch64.rpm
dracut-kiwi-oem-repart-9.24.43-150100.3.62.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4088
Recommended update for libguestfs
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for libguestfs fixes the following issues:
- Unable to determine guest architecture (bsc#1215543, bsc#1215461)
- Non-functional network due to missing sysconfig-netconfig (bsc#1215586)
- Cannot find any suitable libguestfs supermin (bsc#1212972, bsc#1215664)
libguestfs-1.48.6-150500.3.8.1.src.rpm
libguestfs0-1.48.6-150500.3.8.1.x86_64.rpm
libguestfs0-1.48.6-150500.3.8.1.s390x.rpm
libguestfs0-1.48.6-150500.3.8.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4003
Recommended update for apparmor
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for apparmor fixes the following issues:
- Handle pam-config errors in pam_apparmor %post and %postun scripts (bsc#1215596)
apparmor-3.0.4-150500.11.9.1.src.rpm
apparmor-parser-3.0.4-150500.11.9.1.x86_64.rpm
libapparmor-3.0.4-150500.11.9.1.src.rpm
libapparmor1-3.0.4-150500.11.9.1.x86_64.rpm
pam_apparmor-3.0.4-150500.11.9.1.x86_64.rpm
apparmor-parser-3.0.4-150500.11.9.1.s390x.rpm
libapparmor1-3.0.4-150500.11.9.1.s390x.rpm
pam_apparmor-3.0.4-150500.11.9.1.s390x.rpm
apparmor-parser-3.0.4-150500.11.9.1.aarch64.rpm
libapparmor1-3.0.4-150500.11.9.1.aarch64.rpm
pam_apparmor-3.0.4-150500.11.9.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4138
Recommended update for systemd-rpm-macros
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for systemd-rpm-macros fixes the following issues:
- Switch to `systemd-hwdb` tool when updating the HW database. It's been
introduced in systemd v219 and replaces the deprecated command `udevadm hwdb`.
systemd-rpm-macros-14-150000.7.36.1.noarch.rpm
systemd-rpm-macros-14-150000.7.36.1.src.rpm
openSUSE-Leap-Micro-5.5-2023-4177
Recommended update for sssd
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for sssd fixes the following issues:
- LDAP password policy: return failure if there are no grace logins left (bsc#1214434)
libsss_certmap0-2.5.2-150500.10.6.1.x86_64.rpm
libsss_idmap0-2.5.2-150500.10.6.1.x86_64.rpm
libsss_nss_idmap0-2.5.2-150500.10.6.1.x86_64.rpm
sssd-2.5.2-150500.10.6.1.src.rpm
sssd-2.5.2-150500.10.6.1.x86_64.rpm
sssd-common-2.5.2-150500.10.6.1.x86_64.rpm
sssd-krb5-common-2.5.2-150500.10.6.1.x86_64.rpm
sssd-ldap-2.5.2-150500.10.6.1.x86_64.rpm
libsss_certmap0-2.5.2-150500.10.6.1.s390x.rpm
libsss_idmap0-2.5.2-150500.10.6.1.s390x.rpm
libsss_nss_idmap0-2.5.2-150500.10.6.1.s390x.rpm
sssd-2.5.2-150500.10.6.1.s390x.rpm
sssd-common-2.5.2-150500.10.6.1.s390x.rpm
sssd-krb5-common-2.5.2-150500.10.6.1.s390x.rpm
sssd-ldap-2.5.2-150500.10.6.1.s390x.rpm
libsss_certmap0-2.5.2-150500.10.6.1.aarch64.rpm
libsss_idmap0-2.5.2-150500.10.6.1.aarch64.rpm
libsss_nss_idmap0-2.5.2-150500.10.6.1.aarch64.rpm
sssd-2.5.2-150500.10.6.1.aarch64.rpm
sssd-common-2.5.2-150500.10.6.1.aarch64.rpm
sssd-krb5-common-2.5.2-150500.10.6.1.aarch64.rpm
sssd-ldap-2.5.2-150500.10.6.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4453
Recommended update for libjansson
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for libjansson ships the missing 32bit library to the Basesystem module of 15 SP5.
libjansson-2.14-150000.3.5.1.src.rpm
libjansson4-2.14-150000.3.5.1.x86_64.rpm
libjansson4-2.14-150000.3.5.1.s390x.rpm
libjansson4-2.14-150000.3.5.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4044
Security update for curl
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for curl fixes the following issues:
- CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888)
- CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889)
curl-8.0.1-150400.5.32.1.src.rpm
curl-8.0.1-150400.5.32.1.x86_64.rpm
libcurl4-8.0.1-150400.5.32.1.x86_64.rpm
curl-8.0.1-150400.5.32.1.s390x.rpm
libcurl4-8.0.1-150400.5.32.1.s390x.rpm
curl-8.0.1-150400.5.32.1.aarch64.rpm
libcurl4-8.0.1-150400.5.32.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4022
Security update for conmon
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for conmon fixes the following issues:
conmon is rebuild with go1.21 to capture current stability, bug and security fixes. (bsc#1215806)
conmon-2.1.7-150500.9.6.1.src.rpm
conmon-2.1.7-150500.9.6.1.x86_64.rpm
conmon-2.1.7-150500.9.6.1.s390x.rpm
conmon-2.1.7-150500.9.6.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4450
Recommended update for crypto-policies
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for crypto-policies fixes the following issues:
- Enable setting the kernel FIPS mode with the fips-mode-setup and fips-finish-install commands
(jsc#PED-5041)
- Adapt fips-mode-setup to use the pbl command from the perl-Bootloader package instead of grubby
and add a note for transactional systems
- Ship the man pages for fips-mode-setup and fips-finish-install
- Make the supported versions change in the update-crypto-policies(8) man page persistent
(bsc#1209998)
crypto-policies-20210917.c9d86d1-150400.3.6.1.noarch.rpm
crypto-policies-20210917.c9d86d1-150400.3.6.1.src.rpm
openSUSE-Leap-Micro-5.5-2023-4046
Security update for samba
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for samba fixes the following issues:
- CVE-2023-4091: Fixed a bug where a client can truncate file with read-only permissions. (bsc#1215904)
- CVE-2023-42669: Fixed a bug in "rpcecho" development server which allows Denial of Service via sleep() call on AD DC. (bsc#1215905)
- CVE-2023-42670: Fixed the procedure number which was out of range when starting Active Directory Users and Computers. (bsc#1215906)
- CVE-2023-3961: Fixed an unsanitized client pipe name passed to local_np_connect(). (bsc#1215907)
- CVE-2023-4154: Fixed a bug in dirsync which allows SYSTEM access with only "GUID_DRS_GET_CHANGES" right. (bsc#1215908)
samba-4.17.9+git.421.abde31ca5c2-150500.3.11.1.src.rpm
samba-client-libs-4.17.9+git.421.abde31ca5c2-150500.3.11.1.x86_64.rpm
samba-client-libs-4.17.9+git.421.abde31ca5c2-150500.3.11.1.s390x.rpm
samba-client-libs-4.17.9+git.421.abde31ca5c2-150500.3.11.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4071
Security update for the Linux Kernel
important
SUSE Updates openSUSE-Leap-Micro 5.5
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-39194: Fixed a flaw in the processing of state filters which could allow a local attackers to disclose sensitive information. (bsc#1215861)
- CVE-2023-39193: Fixed a flaw in the processing of state filters which could allow a local attackers to disclose sensitive information. (bsc#1215860)
- CVE-2023-39192: Fixed a flaw in the u32_match_it function which could allow a local attackers to disclose sensitive information. (bsc#1215858)
- CVE-2023-42754: Fixed a null pointer dereference in ipv4_link_failure which could lead an authenticated attacker to trigger a DoS. (bsc#1215467)
- CVE-2023-5345: fixed an use-after-free vulnerability in the fs/smb/client component which could be exploited to achieve local privilege escalation. (bsc#1215899)
- CVE-2023-4155: Fixed a flaw in KVM AMD Secure Encrypted Virtualization (SEV). An attacker can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages. (bsc#1214022)
- CVE-2023-4389: Fixed a reference counting issue in the Btrfs filesystem that could be exploited in order to leak internal kernel information or crash the system (bsc#1214351).
- CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges (bsc#1215150).
- CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95% (bsc#1212703).
- CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio (bsc#1215275).
- CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117).
- CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115).
- CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs which could be exploited to crash the system (bsc#1210169).
- CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221).
- CVE-2023-2177: Fixed a null pointer dereference issue in the sctp network protocol which could allow a user to crash the system (bsc#1210643).
- CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995).
The following non-security bugs were fixed:
- ALSA: hda/cirrus: Fix broken audio on hardware with two CS42L42 codecs (git-fixes).
- ALSA: hda/realtek: Splitting the UX3402 into two separate models (git-fixes).
- ARM: pxa: remove use of symbol_get() (git-fixes).
- arm64: csum: Fix OoB access in IP checksum code for negative lengths (git-fixes).
- arm64: module-plts: inline linux/moduleloader.h (git-fixes)
- arm64: module: Use module_init_layout_section() to spot init sections (git-fixes)
- arm64: sdei: abort running SDEI handlers during crash (git-fixes)
- arm64: tegra: Update AHUB clock parent and rate (git-fixes)
- arm64/fpsimd: Only provide the length to cpufeature for xCR registers (git-fixes)
- arm64/hyperv: Use CPUHP_AP_HYPERV_ONLINE state to fix CPU online sequencing (bsc#1206453).
- ASoC: amd: yc: Fix non-functional mic on Lenovo 82QF and 82UG (git-fixes).
- ASoC: hdaudio.c: Add missing check for devm_kstrdup (git-fixes).
- ASoC: imx-audmix: Fix return error with devm_clk_get() (git-fixes).
- ASoC: meson: spdifin: start hw on dai probe (git-fixes).
- ASoC: rt5640: Fix IRQ not being free-ed for HDA jack detect mode (git-fixes).
- ASoC: rt5640: Fix sleep in atomic context (git-fixes).
- ASoC: rt5640: Revert "Fix sleep in atomic context" (git-fixes).
- ASoC: soc-utils: Export snd_soc_dai_is_dummy() symbol (git-fixes).
- ASoC: SOF: core: Only call sof_ops_free() on remove if the probe was successful (git-fixes).
- ASoC: tegra: Fix redundant PLLA and PLLA_OUT0 updates (git-fixes).
- ata: libata: disallow dev-initiated LPM transitions to unsupported states (git-fixes).
- ata: pata_falcon: fix IO base selection for Q40 (git-fixes).
- ata: pata_ftide010: Add missing MODULE_DESCRIPTION (git-fixes).
- ata: sata_gemini: Add missing MODULE_DESCRIPTION (git-fixes).
- backlight: gpio_backlight: Drop output GPIO direction check for initial power state (git-fixes).
- blk-iocost: fix divide by 0 error in calc_lcoefs() (bsc#1214986).
- blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost (bsc#1214992).
- block/mq-deadline: use correct way to throttling write requests (bsc#1214993).
- Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition (git-fixes).
- bnx2x: new flag for track HW resource allocation (bsc#1202845 bsc#1215322).
- bpf: Clear the probe_addr for uprobe (git-fixes).
- btrfs: do not hold CPU for too long when defragging a file (bsc#1214988).
- clocksource: hyper-v: Mark hyperv tsc page unencrypted in sev-snp enlightened guest (bsc#1206453).
- drivers: hv: Mark percpu hvcall input arg page unencrypted in SEV-SNP enlightened guest (bsc#1206453).
- Drivers: hv: vmbus: Bring the post_msg_page back for TDX VMs with the paravisor (bsc#1206453).
- Drivers: hv: vmbus: Support >64 VPs for a fully enlightened TDX/SNP VM (bsc#1206453).
- Drivers: hv: vmbus: Support fully enlightened TDX guests (bsc#1206453).
- drm: gm12u320: Fix the timeout usage for usb_bulk_msg() (git-fixes).
- drm/amd/display: Add smu write msg id fail retry process (git-fixes).
- drm/amd/display: enable cursor degamma for DCN3+ DRM legacy gamma (git-fixes).
- drm/amd/display: fix the white screen issue when >= 64GB DRAM (git-fixes).
- drm/amd/display: prevent potential division by zero errors (git-fixes).
- drm/amd/display: register edp_backlight_control() for DCN301 (git-fixes).
- drm/amd/display: Remove wait while locked (git-fixes).
- drm/ast: Add BMC virtual connector (bsc#1152472) Backporting changes: * rename ast_device to ast_private
- drm/ast: report connection status on Display Port. (bsc#1152472) Backporting changes: * rename ast_device to ast_private * context changes
- drm/display: Do not assume dual mode adaptors support i2c sub-addressing (bsc#1213808).
- drm/i915: mark requests for GuC virtual engines to avoid use-after-free (git-fixes).
- drm/i915/gvt: Drop unused helper intel_vgpu_reset_gtt() (git-fixes).
- drm/i915/gvt: Put the page reference obtained by KVM's gfn_to_pfn() (git-fixes).
- drm/i915/gvt: Verify pfn is "valid" before dereferencing "struct page" (git-fixes).
- drm/meson: fix memory leak on ->hpd_notify callback (git-fixes).
- drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling (git-fixes).
- drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb() (git-fixes).
- ext4: avoid potential data overflow in next_linear_group (bsc#1214951).
- ext4: correct inline offset when handling xattrs in inode body (bsc#1214950).
- ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} (bsc#1214954).
- ext4: fix wrong unit use in ext4_mb_clear_bb (bsc#1214943).
- ext4: fix wrong unit use in ext4_mb_new_blocks (bsc#1214944).
- ext4: get block from bh in ext4_free_blocks for fast commit replay (bsc#1214942).
- ext4: reflect error codes from ext4_multi_mount_protect() to its callers (bsc#1214941).
- ext4: Remove ext4 locking of moved directory (bsc#1214957).
- ext4: set goal start correctly in ext4_mb_normalize_request (bsc#1214940).
- fs: do not update freeing inode i_io_list (bsc#1214813).
- fs: Establish locking order for unrelated directories (bsc#1214958).
- fs: Lock moved directories (bsc#1214959).
- fs: lockd: avoid possible wrong NULL parameter (git-fixes).
- fs: no need to check source (bsc#1215752).
- fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE (bsc#1214813).
- fuse: nlookup missing decrement in fuse_direntplus_link (bsc#1215581).
- gve: Add AF_XDP zero-copy support for GQI-QPL format (bsc#1214479).
- gve: Add XDP DROP and TX support for GQI-QPL format (bsc#1214479).
- gve: Add XDP REDIRECT support for GQI-QPL format (bsc#1214479).
- gve: Changes to add new TX queues (bsc#1214479).
- gve: Control path for DQO-QPL (bsc#1214479).
- gve: fix frag_list chaining (bsc#1214479).
- gve: Fix gve interrupt names (bsc#1214479).
- gve: RX path for DQO-QPL (bsc#1214479).
- gve: trivial spell fix Recive to Receive (bsc#1214479).
- gve: Tx path for DQO-QPL (bsc#1214479).
- gve: Unify duplicate GQ min pkt desc size constants (bsc#1214479).
- gve: use vmalloc_array and vcalloc (bsc#1214479).
- gve: XDP support GQI-QPL: helper function changes (bsc#1214479).
- hwrng: virtio - add an internal buffer (git-fixes).
- hwrng: virtio - always add a pending request (git-fixes).
- hwrng: virtio - do not wait on cleanup (git-fixes).
- hwrng: virtio - do not waste entropy (git-fixes).
- hwrng: virtio - Fix race on data_avail and actual data (git-fixes).
- i2c: aspeed: Reset the i2c controller when timeout occurs (git-fixes).
- i3c: master: svc: fix probe failure when no i3c device exist (git-fixes).
- i915/pmu: Move execlist stats initialization to execlist specific setup (git-fixes).
- idr: fix param name in idr_alloc_cyclic() doc (git-fixes).
- Input: tca6416-keypad - fix interrupt enable disbalance (git-fixes).
- iommu/virtio: Detach domain on endpoint release (git-fixes).
- iommu/virtio: Return size mapped for a detached domain (git-fixes).
- jbd2: check 'jh->b_transaction' before removing it from checkpoint (bsc#1214953).
- jbd2: correct the end of the journal recovery scan range (bsc#1214955).
- jbd2: fix a race when checking checkpoint buffer busy (bsc#1214949).
- jbd2: fix checkpoint cleanup performance regression (bsc#1214952).
- jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint (bsc#1214948).
- jbd2: recheck chechpointing non-dirty buffer (bsc#1214945).
- jbd2: remove journal_clean_one_cp_list() (bsc#1214947).
- jbd2: remove t_checkpoint_io_list (bsc#1214946).
- jbd2: restore t_checkpoint_io_list to maintain kABI (bsc#1214946).
- kabi: hide changes in enum ipl_type and struct sclp_info (jsc#PED-2023 jsc#PED-2025).
- kabi/severities: ignore mlx4 internal symbols
- kconfig: fix possible buffer overflow (git-fixes).
- kernel-binary: Move build-time definitions together Move source list and build architecture to buildrequires to aid in future reorganization of the spec template.
- kernel-binary: python3 is needed for build At least scripts/bpf_helpers_doc.py requires python3 since Linux 4.18 Other simimlar scripts may exist.
- kselftest/runner.sh: Propagate SIGTERM to runner child (git-fixes).
- KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes (git-fixes bsc#1215915).
- KVM: s390: interrupt: use READ_ONCE() before cmpxchg() (git-fixes bsc#1215896).
- KVM: s390: pv: fix external interruption loop not always detected (git-fixes bsc#1215916).
- KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (git-fixes bsc#1215894).
- KVM: s390: vsie: fix the length of APCB bitmap (git-fixes bsc#1215895).
- KVM: s390/diag: fix racy access of physical cpu number in diag 9c handler (git-fixes bsc#1215911).
- KVM: SVM: Remove a duplicate definition of VMCB_AVIC_APIC_BAR_MASK (git-fixes).
- KVM: VMX: Fix header file dependency of asm/vmx.h (git-fixes).
- KVM: x86: Fix KVM_CAP_SYNC_REGS's sync_regs() TOCTOU issues (git-fixes).
- KVM: x86/mmu: Include mmu.h in spte.h (git-fixes).
- loop: Fix use-after-free issues (bsc#1214991).
- loop: loop_set_status_from_info() check before assignment (bsc#1214990).
- mlx4: Avoid resetting MLX4_INTFF_BONDING per driver (bsc#1187236).
- mlx4: Connect the ethernet part to the auxiliary bus (bsc#1187236).
- mlx4: Connect the infiniband part to the auxiliary bus (bsc#1187236).
- mlx4: Delete custom device management logic (bsc#1187236).
- mlx4: Get rid of the mlx4_interface.activate callback (bsc#1187236).
- mlx4: Get rid of the mlx4_interface.get_dev callback (bsc#1187236).
- mlx4: Move the bond work to the core driver (bsc#1187236).
- mlx4: Register mlx4 devices to an auxiliary virtual bus (bsc#1187236).
- mlx4: Rename member mlx4_en_dev.nb to netdev_nb (bsc#1187236).
- mlx4: Replace the mlx4_interface.event callback with a notifier (bsc#1187236).
- mlx4: Use 'void *' as the event param of mlx4_dispatch_event() (bsc#1187236).
- module: Expose module_init_layout_section() (git-fixes)
- net: do not allow gso_size to be set to GSO_BY_FRAGS (git-fixes).
- net: mana: Add page pool for RX buffers (bsc#1214040).
- net: mana: Configure hwc timeout from hardware (bsc#1214037).
- net: phy: micrel: Correct bit assignments for phy_device flags (git-fixes).
- net: usb: qmi_wwan: add Quectel EM05GV2 (git-fixes).
- net/mlx4: Remove many unnecessary NULL values (bsc#1187236).
- NFS: Guard against READDIR loop when entry names exceed MAXNAMELEN (git-fixes).
- NFS/blocklayout: Use the passed in gfp flags (git-fixes).
- NFS/pNFS: Report EINVAL errors from connect() to the server (git-fixes).
- NFSD: da_addr_body field missing in some GETDEVICEINFO replies (git-fixes).
- NFSD: fix change_info in NFSv4 RENAME replies (git-fixes).
- NFSD: Fix race to FREE_STATEID and cl_revoked (git-fixes).
- NFSv4: Fix dropped lock for racing OPEN and delegation return (git-fixes).
- NFSv4: fix out path in __nfs4_get_acl_uncached (git-fixes).
- NFSv4.2: fix error handling in nfs42_proc_getxattr (git-fixes).
- NFSv4.2: fix handling of COPY ERR_OFFLOAD_NO_REQ (git-fixes).
- NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info (git-fixes).
- ntb: Clean up tx tail index on link down (git-fixes).
- ntb: Drop packets when qp link is down (git-fixes).
- ntb: Fix calculation ntb_transport_tx_free_entry() (git-fixes).
- nvme-auth: use chap->s2 to indicate bidirectional authentication (bsc#1214543).
- nvme-tcp: add recovery_delay to sysfs (bsc#1201284).
- nvme-tcp: delay error recovery until the next KATO interval (bsc#1201284).
- nvme-tcp: Do not terminate commands when in RESETTING (bsc#1201284).
- nvme-tcp: make 'err_work' a delayed work (bsc#1201284).
- PCI: Free released resource after coalescing (git-fixes).
- platform/mellanox: mlxbf-pmc: Fix potential buffer overflows (git-fixes).
- platform/mellanox: mlxbf-pmc: Fix reading of unprogrammed events (git-fixes).
- platform/mellanox: mlxbf-tmfifo: Drop jumbo frames (git-fixes).
- platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more descriptors (git-fixes).
- platform/x86: intel_scu_ipc: Check status after timeout in busy_loop() (git-fixes).
- platform/x86: intel_scu_ipc: Check status upon timeout in ipc_wait_for_interrupt() (git-fixes).
- platform/x86: intel_scu_ipc: Do not override scu in intel_scu_ipc_dev_simple_command() (git-fixes).
- platform/x86: intel_scu_ipc: Fail IPC send if still busy (git-fixes).
- pNFS: Fix assignment of xprtdata.cred (git-fixes).
- powerpc/fadump: make is_kdump_kernel() return false when fadump is active (bsc#1212639 ltc#202582).
- powerpc/iommu: Fix notifiers being shared by PCI and VIO buses (bsc#1065729).
- powerpc/xics: Remove unnecessary endian conversion (bsc#1065729).
- printk: ringbuffer: Fix truncating buffer size min_t cast (bsc#1215875).
- pwm: lpc32xx: Remove handling of PWM channels (git-fixes).
- quota: add new helper dquot_active() (bsc#1214998).
- quota: factor out dquot_write_dquot() (bsc#1214995).
- quota: fix dqput() to follow the guarantees dquot_srcu should provide (bsc#1214963).
- quota: fix warning in dqgrab() (bsc#1214962).
- quota: Properly disable quotas when add_dquot_ref() fails (bsc#1214961).
- quota: rename dquot_active() to inode_quota_active() (bsc#1214997).
- RDMA/siw: Fabricate a GID on tun and loopback devices (git-fixes)
- s390/dasd: fix command reject error on ESE devices (LTC#203630 bsc#1215123 git-fixes).
- s390/dasd: fix hanging device after request requeue (git-fixes LTC#203629 bsc#1215124).
- s390/ipl: add DEFINE_GENERIC_LOADPARM() (jsc#PED-2023).
- s390/ipl: add eckd dump support (jsc#PED-2025).
- s390/ipl: add eckd support (jsc#PED-2023).
- s390/ipl: add loadparm parameter to eckd ipl/reipl data (jsc#PED-2023).
- s390/ipl: use octal values instead of S_* macros (jsc#PED-2023).
- s390/qeth: Do not call dev_close/dev_open (DOWN/UP) (bsc#1214873 git-fixes).
- s390/zcrypt: do not leak memory if dev_set_name() fails (git-fixes bsc#1215148).
- scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() (git-fixes).
- scsi: 53c700: Check that command slot is not NULL (git-fixes).
- scsi: core: Fix legacy /proc parsing buffer overflow (git-fixes).
- scsi: core: Fix possible memory leak if device_add() fails (git-fixes).
- scsi: fnic: Replace return codes in fnic_clean_pending_aborts() (git-fixes).
- scsi: lpfc: Do not abuse UUID APIs and LPFC_COMPRESS_VMID_SIZE (git-fixes).
- scsi: lpfc: Early return after marking final NLP_DROPPED flag in dev_loss_tmo (git-fixes).
- scsi: lpfc: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git-fixes).
- scsi: lpfc: Modify when a node should be put in device recovery mode during RSCN (git-fixes).
- scsi: lpfc: Prevent use-after-free during rmmod with mapped NVMe rports (git-fixes).
- scsi: lpfc: Remove reftag check in DIF paths (git-fixes).
- scsi: qedf: Add synchronization between I/O completions and abort (bsc#1210658).
- scsi: qedf: Fix firmware halt over suspend and resume (git-fixes).
- scsi: qedf: Fix NULL dereference in error handling (git-fixes).
- scsi: qedi: Fix firmware halt over suspend and resume (git-fixes).
- scsi: qla2xxx: Add logs for SFP temperature monitoring (bsc#1214928).
- scsi: qla2xxx: Allow 32-byte CDBs (bsc#1214928).
- scsi: qla2xxx: Error code did not return to upper layer (bsc#1214928).
- scsi: qla2xxx: Fix firmware resource tracking (bsc#1214928).
- scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes).
- scsi: qla2xxx: Fix smatch warn for qla_init_iocb_limit() (bsc#1214928).
- scsi: qla2xxx: Flush mailbox commands on chip reset (bsc#1214928).
- scsi: qla2xxx: Move resource to allow code reuse (bsc#1214928).
- scsi: qla2xxx: Remove unsupported ql2xenabledif option (bsc#1214928).
- scsi: qla2xxx: Remove unused declarations (bsc#1214928).
- scsi: qla2xxx: Remove unused variables in qla24xx_build_scsi_type_6_iocbs() (bsc#1214928).
- scsi: qla2xxx: Update version to 10.02.09.100-k (bsc#1214928).
- scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() (git-fixes).
- scsi: scsi_debug: Remove dead code (git-fixes).
- scsi: snic: Fix double free in snic_tgt_create() (git-fixes).
- scsi: snic: Fix possible memory leak if device_add() fails (git-fixes).
- scsi: storvsc: Handle additional SRB status values (git-fixes).
- scsi: zfcp: Fix a double put in zfcp_port_enqueue() (git-fixes bsc#1215941).
- selftests: mlxsw: Fix test failure on Spectrum-4 (jsc#PED-1549).
- selftests: tracing: Fix to unmount tracefs for recovering environment (git-fixes).
- spi: Add TPM HW flow flag (bsc#1213534)
- spi: tegra210-quad: Enable TPM wait polling (bsc#1213534)
- spi: tegra210-quad: set half duplex flag (bsc#1213534)
- SUNRPC: Mark the cred for revalidation if the server rejects it (git-fixes).
- tcpm: Avoid soft reset when partner does not support get_status (git-fixes).
- tpm_tis_spi: Add hardware wait polling (bsc#1213534)
- tracing: Fix race issue between cpu buffer write and swap (git-fixes).
- tracing: Remove extra space at the end of hwlat_detector/mode (git-fixes).
- tracing: Remove unnecessary copying of tr->current_trace (git-fixes).
- uapi: stddef.h: Fix __DECLARE_FLEX_ARRAY for C++ (git-fixes).
- udf: Fix extension of the last extent in the file (bsc#1214964).
- udf: Fix file corruption when appending just after end of preallocated extent (bsc#1214965).
- udf: Fix off-by-one error when discarding preallocation (bsc#1214966).
- udf: Fix uninitialized array access for some pathnames (bsc#1214967).
- Update metadata
- uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix (git-fixes).
- usb: ehci: add workaround for chipidea PORTSC.PEC bug (git-fixes).
- usb: ehci: move new member has_ci_pec_bug into hole (git-fixes).
- usb: serial: option: add FOXCONN T99W368/T99W373 product (git-fixes).
- usb: serial: option: add Quectel EM05G variant (0x030e) (git-fixes).
- usb: typec: tcpci: clear the fault status bit (git-fixes).
- usb: typec: tcpci: move tcpci.h to include/linux/usb/ (git-fixes).
- vhost_vdpa: fix the crash in unmap a large memory (git-fixes).
- vhost-scsi: unbreak any layout for response (git-fixes).
- vhost: allow batching hint without size (git-fixes).
- vhost: allow batching hint without size (git-fixes).
- vhost: fix hung thread due to erroneous iotlb entries (git-fixes).
- vhost: handle error while adding split ranges to iotlb (git-fixes).
- virtio_net: add checking sq is full inside xdp xmit (git-fixes).
- virtio_net: Fix probe failed when modprobe virtio_net (git-fixes).
- virtio_net: reorder some funcs (git-fixes).
- virtio_net: separate the logic of checking whether sq is full (git-fixes).
- virtio_ring: fix avail_wrap_counter in virtqueue_add_packed (git-fixes).
- virtio-blk: set req->state to MQ_RQ_COMPLETE after polling I/O is finished (git-fixes).
- virtio-mmio: do not break lifecycle of vm_dev (git-fixes).
- virtio-net: fix race between set queues and probe (git-fixes).
- virtio-net: set queues after driver_ok (git-fixes).
- virtio-rng: make device ready before making request (git-fixes).
- virtio: acknowledge all features before access (git-fixes).
- vmcore: remove dependency with is_kdump_kernel() for exporting vmcore (bsc#1212639 ltc#202582).
- watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load (git-fixes).
- word-at-a-time: use the same return type for has_zero regardless of endianness (bsc#1065729).
- x86/alternative: Fix race in try_get_desc() (git-fixes).
- x86/boot/e820: Fix typo in e820.c comment (git-fixes).
- x86/bugs: Reset speculation control settings on init (git-fixes).
- x86/coco: Allow CPU online/offline for a TDX VM with the paravisor on Hyper-V (bsc#1206453).
- x86/coco: Export cc_vendor (bsc#1206453).
- x86/cpu: Add Lunar Lake M (git-fixes).
- x86/cpu: Add model number for Intel Arrow Lake processor (git-fixes).
- x86/fpu: Take task_struct* in copy_sigframe_from_user_to_xstate() (git-fixes).
- x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed (git-fixes).
- x86/hyperv: Add hv_isolation_type_tdx() to detect TDX guests (bsc#1206453).
- x86/hyperv: Add hv_write_efer() for a TDX VM with the paravisor (bsc#1206453).
- x86/hyperv: Add hyperv-specific handling for VMMCALL under SEV-ES (bsc#1206453).
- x86/hyperv: Add missing 'inline' to hv_snp_boot_ap() stub (bsc#1206453).
- x86/hyperv: Add sev-snp enlightened guest static key (bsc#1206453)
- x86/hyperv: Add smp support for SEV-SNP guest (bsc#1206453).
- x86/hyperv: Add VTL specific structs and hypercalls (bsc#1206453).
- x86/hyperv: Fix hyperv_pcpu_input_arg handling when CPUs go online/offline (bsc#1206453).
- x86/hyperv: Fix serial console interrupts for fully enlightened TDX guests (bsc#1206453).
- x86/hyperv: Fix undefined reference to isolation_type_en_snp without CONFIG_HYPERV (bsc#1206453).
- x86/hyperv: Introduce a global variable hyperv_paravisor_present (bsc#1206453).
- x86/hyperv: Mark hv_ghcb_terminate() as noreturn (bsc#1206453).
- x86/hyperv: Mark Hyper-V vp assist page unencrypted in SEV-SNP enlightened guest (bsc#1206453).
- x86/hyperv: Move the code in ivm.c around to avoid unnecessary ifdef's (bsc#1206453).
- x86/hyperv: Remove hv_isolation_type_en_snp (bsc#1206453).
- x86/hyperv: Set Virtual Trust Level in VMBus init message (bsc#1206453).
- x86/hyperv: Support hypercalls for fully enlightened TDX guests (bsc#1206453).
- x86/hyperv: Use TDX GHCI to access some MSRs in a TDX VM with the paravisor (bsc#1206453).
- x86/hyperv: Use vmmcall to implement Hyper-V hypercall in sev-snp enlightened guest (bsc#1206453).
- x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL (git-fixes).
- x86/ioapic: Do not return 0 from arch_dynirq_lower_bound() (git-fixes).
- x86/ioremap: Fix page aligned size calculation in __ioremap_caller() (git-fixes).
- x86/mce: Retrieve poison range from hardware (git-fixes).
- x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build (git-fixes).
- x86/mm: Avoid incomplete Global INVLPG flushes (git-fixes).
- x86/mm: Do not shuffle CPU entry areas without KASLR (git-fixes).
- x86/purgatory: remove PGO flags (git-fixes).
- x86/PVH: avoid 32-bit build warning when obtaining VGA console info (git-fixes).
- x86/reboot: Disable virtualization in an emergency if SVM is supported (git-fixes).
- x86/resctl: fix scheduler confusion with 'current' (git-fixes).
- x86/resctrl: Fix task CLOSID/RMID update race (git-fixes).
- x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register (git-fixes).
- x86/rtc: Remove __init for runtime functions (git-fixes).
- x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635).
- x86/sgx: Reduce delay and interference of enclave release (git-fixes).
- x86/srso: Do not probe microcode in a guest (git-fixes).
- x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes).
- x86/srso: Fix srso_show_state() side effect (git-fixes).
- x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes).
- x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows) (git-fixes).
- xen: remove a confusing comment on auto-translated guest I/O (git-fixes).
- xprtrdma: Remap Receive buffers after a reconnect (git-fixes).
kernel-default-5.14.21-150500.55.31.1.nosrc.rpm
True
kernel-default-5.14.21-150500.55.31.1.x86_64.rpm
True
kernel-default-base-5.14.21-150500.55.31.1.150500.6.13.1.src.rpm
True
kernel-default-base-5.14.21-150500.55.31.1.150500.6.13.1.x86_64.rpm
True
kernel-default-5.14.21-150500.55.31.1.s390x.rpm
True
kernel-default-5.14.21-150500.55.31.1.aarch64.rpm
True
kernel-default-base-5.14.21-150500.55.31.1.150500.6.13.1.aarch64.rpm
True
openSUSE-Leap-Micro-5.5-2023-4601
Recommended update for suseconnect-ng
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for suseconnect-ng fixes the following issues:
- Update to version 1.4.0~git0.b0f7c25bfdfa
- Added EULA display for addons (bsc#1170267)
- Fix zypper argument for auto-agreeing licenses (bsc#1214781)
- Enable building on SLE12 SP5 (jsc#PED-3179)
- Fixed `provides` to work with yast2-registration on SLE15 SP4 (bsc#1212799)
- Improve error message if product set more than once
suseconnect-ng-1.4.0~git0.b0f7c25bfdfa-150500.3.6.1.src.rpm
suseconnect-ng-1.4.0~git0.b0f7c25bfdfa-150500.3.6.1.x86_64.rpm
suseconnect-ng-1.4.0~git0.b0f7c25bfdfa-150500.3.6.1.s390x.rpm
suseconnect-ng-1.4.0~git0.b0f7c25bfdfa-150500.3.6.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4108
Security update for python-urllib3
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for python-urllib3 fixes the following issues:
- CVE-2023-43804: Fixed a potential cookie leak via HTTP redirect if
the user manually set the corresponding header (bsc#1215968).
python-urllib3-1.25.10-150300.4.6.1.src.rpm
python3-urllib3-1.25.10-150300.4.6.1.noarch.rpm
openSUSE-Leap-Micro-5.5-2023-4035
Security update for the Linux Kernel
important
SUSE Updates openSUSE-Leap-Micro 5.5
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-39194: Fixed an out of bounds read in the XFRM subsystem (bsc#1215861).
- CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860).
- CVE-2023-39192: Fixed an out of bounds read in the netfilter (bsc#1215858).
- CVE-2023-42754: Fixed a NULL pointer dereference in the IPv4 stack that could lead to denial of service (bsc#1215467).
- CVE-2023-4389: Fixed a reference counting issue in the Btrfs filesystem that could be exploited in order to leak internal kernel information or crash the system (bsc#1214351).
- CVE-2023-5345: fixed an use-after-free vulnerability in the fs/smb/client component which could be exploited to achieve local privilege escalation. (bsc#1215899)
- CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges (bsc#1215150).
- CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95% (bsc#1212703).
- CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio (bsc#1215275).
- CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117).
- CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115).
- CVE-2023-4155: Fixed a flaw in KVM AMD Secure Encrypted Virtualization (SEV). An attacker can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages. (bsc#1214022)
The following non-security bugs were fixed:
- ALSA: hda/realtek: Splitting the UX3402 into two separate models (git-fixes).
- arm64: module-plts: inline linux/moduleloader.h (git-fixes)
- arm64: module: Use module_init_layout_section() to spot init sections (git-fixes)
- arm64: sdei: abort running SDEI handlers during crash (git-fixes)
- arm64: tegra: Update AHUB clock parent and rate (git-fixes)
- arm64/fpsimd: Only provide the length to cpufeature for xCR registers (git-fixes)
- ASoC: amd: yc: Fix non-functional mic on Lenovo 82QF and 82UG (git-fixes).
- ASoC: hdaudio.c: Add missing check for devm_kstrdup (git-fixes).
- ASoC: imx-audmix: Fix return error with devm_clk_get() (git-fixes).
- ASoC: meson: spdifin: start hw on dai probe (git-fixes).
- ASoC: rt5640: Fix IRQ not being free-ed for HDA jack detect mode (git-fixes).
- ASoC: rt5640: Fix sleep in atomic context (git-fixes).
- ASoC: rt5640: Revert "Fix sleep in atomic context" (git-fixes).
- ASoC: soc-utils: Export snd_soc_dai_is_dummy() symbol (git-fixes).
- ASoC: SOF: core: Only call sof_ops_free() on remove if the probe was successful (git-fixes).
- ASoC: tegra: Fix redundant PLLA and PLLA_OUT0 updates (git-fixes).
- blk-iocost: fix divide by 0 error in calc_lcoefs() (bsc#1214986).
- blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost (bsc#1214992).
- block/mq-deadline: use correct way to throttling write requests (bsc#1214993).
- bnx2x: new flag for track HW resource allocation (bsc#1202845 bsc#1215322).
- clocksource: hyper-v: Mark hyperv tsc page unencrypted in sev-snp enlightened guest (bsc#1206453).
- drivers: hv: Mark percpu hvcall input arg page unencrypted in SEV-SNP enlightened guest (bsc#1206453).
- Drivers: hv: vmbus: Bring the post_msg_page back for TDX VMs with the paravisor (bsc#1206453).
- Drivers: hv: vmbus: Support >64 VPs for a fully enlightened TDX/SNP VM (bsc#1206453).
- Drivers: hv: vmbus: Support fully enlightened TDX guests (bsc#1206453).
- drm/ast: Add BMC virtual connector (bsc#1152472) Backporting changes: * rename ast_device to ast_private
- drm/ast: report connection status on Display Port. (bsc#1152472) Backporting changes: * rename ast_device to ast_private * context changes
- drm/display: Do not assume dual mode adaptors support i2c sub-addressing (bsc#1213808).
- drm/meson: fix memory leak on ->hpd_notify callback (git-fixes).
- drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling (git-fixes).
- drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb() (git-fixes).
- ext4: avoid potential data overflow in next_linear_group (bsc#1214951).
- ext4: correct inline offset when handling xattrs in inode body (bsc#1214950).
- ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} (bsc#1214954).
- ext4: fix wrong unit use in ext4_mb_clear_bb (bsc#1214943).
- ext4: fix wrong unit use in ext4_mb_new_blocks (bsc#1214944).
- ext4: get block from bh in ext4_free_blocks for fast commit replay (bsc#1214942).
- ext4: reflect error codes from ext4_multi_mount_protect() to its callers (bsc#1214941).
- ext4: Remove ext4 locking of moved directory (bsc#1214957).
- ext4: set goal start correctly in ext4_mb_normalize_request (bsc#1214940).
- fs: Establish locking order for unrelated directories (bsc#1214958).
- fs: Lock moved directories (bsc#1214959).
- fs: lockd: avoid possible wrong NULL parameter (git-fixes).
- fs: no need to check source (bsc#1215752).
- fuse: nlookup missing decrement in fuse_direntplus_link (bsc#1215581).
- gve: Add AF_XDP zero-copy support for GQI-QPL format (bsc#1214479).
- gve: Add XDP DROP and TX support for GQI-QPL format (bsc#1214479).
- gve: Add XDP REDIRECT support for GQI-QPL format (bsc#1214479).
- gve: Changes to add new TX queues (bsc#1214479).
- gve: Control path for DQO-QPL (bsc#1214479).
- gve: fix frag_list chaining (bsc#1214479).
- gve: Fix gve interrupt names (bsc#1214479).
- gve: RX path for DQO-QPL (bsc#1214479).
- gve: trivial spell fix Recive to Receive (bsc#1214479).
- gve: Tx path for DQO-QPL (bsc#1214479).
- gve: Unify duplicate GQ min pkt desc size constants (bsc#1214479).
- gve: use vmalloc_array and vcalloc (bsc#1214479).
- gve: XDP support GQI-QPL: helper function changes (bsc#1214479).
- hwrng: virtio - add an internal buffer (git-fixes).
- hwrng: virtio - always add a pending request (git-fixes).
- hwrng: virtio - do not wait on cleanup (git-fixes).
- hwrng: virtio - do not waste entropy (git-fixes).
- hwrng: virtio - Fix race on data_avail and actual data (git-fixes).
- i915/pmu: Move execlist stats initialization to execlist specific setup (git-fixes).
- iommu/virtio: Detach domain on endpoint release (git-fixes).
- iommu/virtio: Return size mapped for a detached domain (git-fixes).
- jbd2: check 'jh->b_transaction' before removing it from checkpoint (bsc#1214953).
- jbd2: correct the end of the journal recovery scan range (bsc#1214955).
- jbd2: fix a race when checking checkpoint buffer busy (bsc#1214949).
- jbd2: fix checkpoint cleanup performance regression (bsc#1214952).
- jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint (bsc#1214948).
- jbd2: recheck chechpointing non-dirty buffer (bsc#1214945).
- jbd2: remove journal_clean_one_cp_list() (bsc#1214947).
- jbd2: remove t_checkpoint_io_list (bsc#1214946).
- jbd2: restore t_checkpoint_io_list to maintain kABI (bsc#1214946).
- kernel-binary: Move build-time definitions together Move source list and build architecture to buildrequires to aid in future reorganization of the spec template.
- kernel-binary: python3 is needed for build At least scripts/bpf_helpers_doc.py requires python3 since Linux 4.18 Other simimlar scripts may exist.
- KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes (git-fixes bsc#1215915).
- KVM: s390: interrupt: use READ_ONCE() before cmpxchg() (git-fixes bsc#1215896).
- KVM: s390: pv: fix external interruption loop not always detected (git-fixes bsc#1215916).
- KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (git-fixes bsc#1215894).
- KVM: s390: vsie: fix the length of APCB bitmap (git-fixes bsc#1215895).
- KVM: s390/diag: fix racy access of physical cpu number in diag 9c handler (git-fixes bsc#1215911).
- KVM: x86: Fix KVM_CAP_SYNC_REGS's sync_regs() TOCTOU issues (git-fixes).
- KVM: x86/mmu: Include mmu.h in spte.h (git-fixes).
- loop: Fix use-after-free issues (bsc#1214991).
- loop: loop_set_status_from_info() check before assignment (bsc#1214990).
- module: Expose module_init_layout_section() (git-fixes)
- net: do not allow gso_size to be set to GSO_BY_FRAGS (git-fixes).
- net: mana: Add page pool for RX buffers (bsc#1214040).
- net: mana: Configure hwc timeout from hardware (bsc#1214037).
- net: usb: qmi_wwan: add Quectel EM05GV2 (git-fixes).
- NFS: Guard against READDIR loop when entry names exceed MAXNAMELEN (git-fixes).
- nfs/blocklayout: Use the passed in gfp flags (git-fixes).
- NFS/pNFS: Report EINVAL errors from connect() to the server (git-fixes).
- NFSD: da_addr_body field missing in some GETDEVICEINFO replies (git-fixes).
- nfsd: fix change_info in NFSv4 RENAME replies (git-fixes).
- nfsd: Fix race to FREE_STATEID and cl_revoked (git-fixes).
- NFSv4: Fix dropped lock for racing OPEN and delegation return (git-fixes).
- NFSv4: fix out path in __nfs4_get_acl_uncached (git-fixes).
- NFSv4.2: fix error handling in nfs42_proc_getxattr (git-fixes).
- NFSv4.2: fix handling of COPY ERR_OFFLOAD_NO_REQ (git-fixes).
- NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info (git-fixes).
- nvme-auth: use chap->s2 to indicate bidirectional authentication (bsc#1214543).
- nvme-tcp: add recovery_delay to sysfs (bsc#1201284).
- nvme-tcp: delay error recovery until the next KATO interval (bsc#1201284).
- nvme-tcp: Do not terminate commands when in RESETTING (bsc#1201284).
- nvme-tcp: make 'err_work' a delayed work (bsc#1201284).
- platform/x86: intel_scu_ipc: Check status after timeout in busy_loop() (git-fixes).
- platform/x86: intel_scu_ipc: Check status upon timeout in ipc_wait_for_interrupt() (git-fixes).
- platform/x86: intel_scu_ipc: Do not override scu in intel_scu_ipc_dev_simple_command() (git-fixes).
- platform/x86: intel_scu_ipc: Fail IPC send if still busy (git-fixes).
- pNFS: Fix assignment of xprtdata.cred (git-fixes).
- powerpc/fadump: make is_kdump_kernel() return false when fadump is active (bsc#1212639 ltc#202582).
- printk: ringbuffer: Fix truncating buffer size min_t cast (bsc#1215875).
- quota: add new helper dquot_active() (bsc#1214998).
- quota: factor out dquot_write_dquot() (bsc#1214995).
- quota: fix dqput() to follow the guarantees dquot_srcu should provide (bsc#1214963).
- quota: fix warning in dqgrab() (bsc#1214962).
- quota: Properly disable quotas when add_dquot_ref() fails (bsc#1214961).
- quota: rename dquot_active() to inode_quota_active() (bsc#1214997).
- RDMA/siw: Fabricate a GID on tun and loopback devices (git-fixes)
- scsi: lpfc: Early return after marking final NLP_DROPPED flag in dev_loss_tmo (git-fixes).
- scsi: lpfc: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git-fixes).
- scsi: lpfc: Prevent use-after-free during rmmod with mapped NVMe rports (git-fixes).
- scsi: qedf: Add synchronization between I/O completions and abort (bsc#1210658).
- scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes).
- scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() (git-fixes).
- scsi: storvsc: Handle additional SRB status values (git-fixes).
- scsi: zfcp: Fix a double put in zfcp_port_enqueue() (git-fixes bsc#1215941).
- selftests: mlxsw: Fix test failure on Spectrum-4 (jsc#PED-1549).
- spi: Add TPM HW flow flag (bsc#1213534)
- spi: tegra210-quad: Enable TPM wait polling (bsc#1213534)
- spi: tegra210-quad: set half duplex flag (bsc#1213534)
- SUNRPC: Mark the cred for revalidation if the server rejects it (git-fixes).
- tpm_tis_spi: Add hardware wait polling (bsc#1213534)
- uapi: stddef.h: Fix __DECLARE_FLEX_ARRAY for C++ (git-fixes).
- udf: Fix extension of the last extent in the file (bsc#1214964).
- udf: Fix file corruption when appending just after end of preallocated extent (bsc#1214965).
- udf: Fix off-by-one error when discarding preallocation (bsc#1214966).
- udf: Fix uninitialized array access for some pathnames (bsc#1214967).
- Update metadata
- usb: ehci: add workaround for chipidea PORTSC.PEC bug (git-fixes).
- usb: ehci: move new member has_ci_pec_bug into hole (git-fixes).
- vhost_vdpa: fix the crash in unmap a large memory (git-fixes).
- vhost-scsi: unbreak any layout for response (git-fixes).
- vhost: allow batching hint without size (git-fixes).
- vhost: allow batching hint without size (git-fixes).
- vhost: fix hung thread due to erroneous iotlb entries (git-fixes).
- vhost: handle error while adding split ranges to iotlb (git-fixes).
- virtio_net: add checking sq is full inside xdp xmit (git-fixes).
- virtio_net: Fix probe failed when modprobe virtio_net (git-fixes).
- virtio_net: reorder some funcs (git-fixes).
- virtio_net: separate the logic of checking whether sq is full (git-fixes).
- virtio_ring: fix avail_wrap_counter in virtqueue_add_packed (git-fixes).
- virtio-blk: set req->state to MQ_RQ_COMPLETE after polling I/O is finished (git-fixes).
- virtio-mmio: do not break lifecycle of vm_dev (git-fixes).
- virtio-net: fix race between set queues and probe (git-fixes).
- virtio-net: set queues after driver_ok (git-fixes).
- virtio-rng: make device ready before making request (git-fixes).
- virtio: acknowledge all features before access (git-fixes).
- vmcore: remove dependency with is_kdump_kernel() for exporting vmcore (bsc#1212639 ltc#202582).
- x86/coco: Allow CPU online/offline for a TDX VM with the paravisor on Hyper-V (bsc#1206453).
- x86/coco: Export cc_vendor (bsc#1206453).
- x86/hyperv: Add hv_write_efer() for a TDX VM with the paravisor (bsc#1206453).
- x86/hyperv: Add hyperv-specific handling for VMMCALL under SEV-ES (bsc#1206453).
- x86/hyperv: Add missing 'inline' to hv_snp_boot_ap() stub (bsc#1206453).
- x86/hyperv: Add sev-snp enlightened guest static key (bsc#1206453)
- x86/hyperv: Add smp support for SEV-SNP guest (bsc#1206453).
- x86/hyperv: Add VTL specific structs and hypercalls (bsc#1206453).
- x86/hyperv: Fix serial console interrupts for fully enlightened TDX guests (bsc#1206453).
- x86/hyperv: Fix undefined reference to isolation_type_en_snp without CONFIG_HYPERV (bsc#1206453).
- x86/hyperv: Introduce a global variable hyperv_paravisor_present (bsc#1206453).
- x86/hyperv: Mark hv_ghcb_terminate() as noreturn (bsc#1206453).
- x86/hyperv: Mark Hyper-V vp assist page unencrypted in SEV-SNP enlightened guest (bsc#1206453).
- x86/hyperv: Move the code in ivm.c around to avoid unnecessary ifdef's (bsc#1206453).
- x86/hyperv: Remove hv_isolation_type_en_snp (bsc#1206453).
- x86/hyperv: Set Virtual Trust Level in VMBus init message (bsc#1206453).
- x86/hyperv: Support hypercalls for fully enlightened TDX guests (bsc#1206453).
- x86/hyperv: Use TDX GHCI to access some MSRs in a TDX VM with the paravisor (bsc#1206453).
- x86/hyperv: Use vmmcall to implement Hyper-V hypercall in sev-snp enlightened guest (bsc#1206453).
- x86/PVH: avoid 32-bit build warning when obtaining VGA console info (git-fixes).
- x86/srso: Do not probe microcode in a guest (git-fixes).
- x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes).
- x86/srso: Fix srso_show_state() side effect (git-fixes).
- x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes).
- xen: remove a confusing comment on auto-translated guest I/O (git-fixes).
- xprtrdma: Remap Receive buffers after a reconnect (git-fixes).
kernel-rt-5.14.21-150500.13.21.1.nosrc.rpm
True
kernel-rt-5.14.21-150500.13.21.1.x86_64.rpm
True
openSUSE-Leap-Micro-5.5-2023-4054
Security update for xen
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for xen fixes the following issues:
- CVE-2023-34323: A transaction conflict can crash C Xenstored (XSA-440, bsc#1215744)
- CVE-2023-34326: Missing IOMMU TLB flushing (XSA-442, bsc#1215746)
- CVE-2023-34325: Multiple vulnerabilities in libfsimage disk handling (XSA-443, bsc#1215747)
- CVE-2023-34327: Debug Mask handling (XSA-444, bsc#1215748)
- CVE-2023-34328: Debug Mask handling (XSA-444, bsc#1215748)
xen-4.17.2_06-150500.3.12.1.src.rpm
xen-libs-4.17.2_06-150500.3.12.1.x86_64.rpm
openSUSE-Leap-Micro-5.5-2023-4076
Security update for cni
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update of cni fixes the following issues:
- rebuild the package with the go 1.21 security release (bsc#1212475).
cni-1.1.2-150500.3.2.1.src.rpm
cni-1.1.2-150500.3.2.1.x86_64.rpm
cni-1.1.2-150500.3.2.1.s390x.rpm
cni-1.1.2-150500.3.2.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4075
Security update for cni-plugins
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update of cni-plugins fixes the following issues:
- rebuild the package with the go 1.21 security release (bsc#1212475).
cni-plugins-1.1.1-150500.3.2.1.src.rpm
cni-plugins-1.1.1-150500.3.2.1.x86_64.rpm
cni-plugins-1.1.1-150500.3.2.1.s390x.rpm
cni-plugins-1.1.1-150500.3.2.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4089
Security update for opensc
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for opensc fixes the following issues:
- CVE-2023-40660: Fixed a PIN bypass that could be triggered when
cards tracked their own login state (bsc#1215762).
- CVE-2023-40661: Fixed several memory safety issues that could happen
during the card enrollment process using pkcs15-init (bsc#1215761).
opensc-0.22.0-150400.3.6.1.src.rpm
opensc-0.22.0-150400.3.6.1.x86_64.rpm
opensc-0.22.0-150400.3.6.1.s390x.rpm
opensc-0.22.0-150400.3.6.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4105
Recommended update for openssl-1_1
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for openssl-1_1 fixes the following issues:
- Displays "fips" in the version string (bsc#1215215)
libopenssl-1_1-devel-1.1.1l-150500.17.19.1.x86_64.rpm
libopenssl1_1-1.1.1l-150500.17.19.1.x86_64.rpm
libopenssl1_1-hmac-1.1.1l-150500.17.19.1.x86_64.rpm
openssl-1_1-1.1.1l-150500.17.19.1.src.rpm
openssl-1_1-1.1.1l-150500.17.19.1.x86_64.rpm
libopenssl-1_1-devel-1.1.1l-150500.17.19.1.s390x.rpm
libopenssl1_1-1.1.1l-150500.17.19.1.s390x.rpm
libopenssl1_1-hmac-1.1.1l-150500.17.19.1.s390x.rpm
openssl-1_1-1.1.1l-150500.17.19.1.s390x.rpm
libopenssl-1_1-devel-1.1.1l-150500.17.19.1.aarch64.rpm
libopenssl1_1-1.1.1l-150500.17.19.1.aarch64.rpm
libopenssl1_1-hmac-1.1.1l-150500.17.19.1.aarch64.rpm
openssl-1_1-1.1.1l-150500.17.19.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4388
Security update for salt
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for salt fixes the following issues:
Security issues fixed:
- CVE-2023-34049: arbitrary code execution via symlink attack (bsc#1215157)
Bugs fixed:
- Fix optimization_order opt to prevent testsuite fails
- Improve salt.utils.json.find_json to avoid fails (bsc#1213293)
- Use salt-call from salt bundle with transactional_update
- Only call native_str on curl_debug message in tornado when needed
- Implement the calling for batch async from the salt CLI
- Fix calculation of SLS context vars when trailing dots
on targetted sls/state (bsc#1213518)
- Rename salt-tests to python3-salt-testsuite
- Allow all primitive grain types for autosign_grains (bsc#1214477)
python-simplejson-3.17.2-150300.3.4.1.src.rpm
True
python3-simplejson-3.17.2-150300.3.4.1.x86_64.rpm
True
python3-simplejson-3.17.2-150300.3.4.1.s390x.rpm
True
python3-simplejson-3.17.2-150300.3.4.1.aarch64.rpm
True
openSUSE-Leap-Micro-5.5-2023-4386
Security update for salt
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for salt fixes the following issues:
Security issues fixed:
- CVE-2023-34049: arbitrary code execution via symlink attack (bsc#1215157)
Bugs fixed:
- Fix optimization_order opt to prevent testsuite fails
- Improve salt.utils.json.find_json to avoid fails (bsc#1213293)
- Use salt-call from salt bundle with transactional_update
- Only call native_str on curl_debug message in tornado when needed
- Implement the calling for batch async from the salt CLI
- Fix calculation of SLS context vars when trailing dots
on targetted sls/state (bsc#1213518)
- Rename salt-tests to python3-salt-testsuite
- Allow all primitive grain types for autosign_grains (bsc#1214477)
python3-salt-3006.0-150500.4.24.2.x86_64.rpm
True
salt-3006.0-150500.4.24.2.src.rpm
True
salt-3006.0-150500.4.24.2.x86_64.rpm
True
salt-minion-3006.0-150500.4.24.2.x86_64.rpm
True
salt-transactional-update-3006.0-150500.4.24.2.x86_64.rpm
True
python3-salt-3006.0-150500.4.24.2.s390x.rpm
True
salt-3006.0-150500.4.24.2.s390x.rpm
True
salt-minion-3006.0-150500.4.24.2.s390x.rpm
True
salt-transactional-update-3006.0-150500.4.24.2.s390x.rpm
True
python3-salt-3006.0-150500.4.24.2.aarch64.rpm
True
salt-3006.0-150500.4.24.2.aarch64.rpm
True
salt-minion-3006.0-150500.4.24.2.aarch64.rpm
True
salt-transactional-update-3006.0-150500.4.24.2.aarch64.rpm
True
openSUSE-Leap-Micro-5.5-2023-4936
Security update for docker, rootlesskit
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for docker, rootlesskit fixes the following issues:
docker:
- Update to Docker 24.0.7-ce. See upstream changelong online at
https://docs.docker.com/engine/release-notes/24.0/#2407>. bsc#1217513
* Deny containers access to /sys/devices/virtual/powercap by default.
- CVE-2020-8694 bsc#1170415
- CVE-2020-8695 bsc#1170446
- CVE-2020-12912 bsc#1178760
- Update to Docker 24.0.6-ce. See upstream changelong online at
https://docs.docker.com/engine/release-notes/24.0/#2406 . bsc#1215323
- Add a docker.socket unit file, but with socket activation effectively
disabled to ensure that Docker will always run even if you start the socket
individually. Users should probably just ignore this unit file. bsc#1210141
- Update to Docker 24.0.5-ce. See upstream changelong online at
https://docs.docker.com/engine/release-notes/24.0/#2405 . bsc#1213229
This update ships docker-rootless support in the docker-rootless-extra package. (jsc#PED-6180)
rootlesskit:
- new package, for docker rootless support. (jsc#PED-6180)
Updating docker will restart the docker service, which may stop some of your docker containers. Do you want to proceed with the update?
docker-24.0.7_ce-150000.190.4.src.rpm
docker-24.0.7_ce-150000.190.4.x86_64.rpm
docker-24.0.7_ce-150000.190.4.s390x.rpm
docker-24.0.7_ce-150000.190.4.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4139
Recommended update for containerd, runc
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for containerd, runc fixes the following issues:
runc was updated to v1.1.9. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.1.9
containerd was updated to containerd v1.7.7 for Docker v24.0.6-ce. Upstream release notes:
- https://github.com/containerd/containerd/releases/tag/v1.7.7
- https://github.com/containerd/containerd/releases/tag/v1.7.6 bsc#1215323
- Add `Provides: cri-runtime` to use containerd as container runtime in Factory
Kubernetes packages
containerd-1.7.7-150000.100.1.src.rpm
containerd-1.7.7-150000.100.1.x86_64.rpm
runc-1.1.9-150000.52.2.src.rpm
runc-1.1.9-150000.52.2.x86_64.rpm
containerd-1.7.7-150000.100.1.s390x.rpm
runc-1.1.9-150000.52.2.s390x.rpm
containerd-1.7.7-150000.100.1.aarch64.rpm
runc-1.1.9-150000.52.2.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4538
Recommended update for screen
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for screen fixes the following issue:
- screen is shipped to SUSE Linux Enterprise Micro 5.3, 5.4 and 5.5.
screen-4.6.2-150000.5.5.1.src.rpm
screen-4.6.2-150000.5.5.1.x86_64.rpm
screen-4.6.2-150000.5.5.1.s390x.rpm
screen-4.6.2-150000.5.5.1.ppc64le.rpm
screen-4.6.2-150000.5.5.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4268
Recommended update for pciutils
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for pciutils fixes the following issues:
- Buffer overflow error that would cause lspci to crash on systems with complex topologies (bsc#1215265)
libpci3-3.5.6-150300.13.6.1.x86_64.rpm
pciutils-3.5.6-150300.13.6.1.src.rpm
pciutils-3.5.6-150300.13.6.1.x86_64.rpm
libpci3-3.5.6-150300.13.6.1.s390x.rpm
pciutils-3.5.6-150300.13.6.1.s390x.rpm
libpci3-3.5.6-150300.13.6.1.aarch64.rpm
pciutils-3.5.6-150300.13.6.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4136
Security update for suse-module-tools
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for suse-module-tools fixes the following issues:
- Update to version 15.5.3:
- CVE-2023-1829: Blacklisted the Linux kernel tcindex classifier
module (bsc#1210335).
- CVE-2023-23559: Blacklisted the Linux kernel RNDIS modules
(bsc#1205767, jsc#PED-5731).
suse-module-tools-15.5.3-150500.3.6.1.src.rpm
suse-module-tools-15.5.3-150500.3.6.1.x86_64.rpm
suse-module-tools-15.5.3-150500.3.6.1.s390x.rpm
suse-module-tools-15.5.3-150500.3.6.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4192
Recommended update for libssh2_org
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for libssh2_org fixes the following issues:
- Upgrade to version 1.11.0 in SLE-15: [jsc#PED-7040]
Update to 1.11.0:
* Enhancements and bugfixes
- Adds support for encrypt-then-mac (ETM) MACs
- Adds support for AES-GCM crypto protocols
- Adds support for sk-ecdsa-sha2-nistp256 and sk-ssh-ed25519 keys
- Adds support for RSA certificate authentication
- Adds FIDO support with *_sk() functions
- Adds RSA-SHA2 key upgrading to OpenSSL, WinCNG, mbedTLS, OS400 backends
- Adds Agent Forwarding and libssh2_agent_sign()
- Adds support for Channel Signal message libssh2_channel_signal_ex()
- Adds support to get the user auth banner message libssh2_userauth_banner()
- Adds LIBSSH2_NO_{MD5, HMAC_RIPEMD, DSA, RSA, RSA_SHA1, ECDSA, ED25519,
AES_CBC, AES_CTR, BLOWFISH, RC4, CAST, 3DES} options
- Adds direct stream UNIX sockets with libssh2_channel_direct_streamlocal_ex()
- Adds wolfSSL support to CMake file
- Adds mbedTLS 3.x support
- Adds LibreSSL 3.5 support
- Adds support for CMake "unity" builds
- Adds CMake support for building shared and static libs in a single pass
- Adds symbol hiding support to CMake
- Adds support for libssh2.rc for all build tools
- Adds .zip, .tar.xz and .tar.bz2 release tarballs
- Enables ed25519 key support for LibreSSL 3.7.0 or higher
- Improves OpenSSL 1.1 and 3 compatibility
- Now requires OpenSSL 1.0.2 or newer
- Now requires CMake 3.1 or newer
- SFTP: Adds libssh2_sftp_open_ex_r() and libssh2_sftp_open_r() extended APIs
- SFTP: No longer has a packet limit when reading a directory
- SFTP: now parses attribute extensions if they exist
- SFTP: no longer will busy loop if SFTP fails to initialize
- SFTP: now clear various errors as expected
- SFTP: no longer skips files if the line buffer is too small
- SCP: add option to not quote paths
- SCP: Enables 64-bit offset support unconditionally
- Now skips leading \r and \n characters in banner_receive()
- Enables secure memory zeroing with all build tools on all platforms
- No longer logs SSH_MSG_REQUEST_FAILURE packets from keepalive
- Speed up base64 encoding by 7x
- Assert if there is an attempt to write a value that is too large
- WinCNG: fix memory leak in _libssh2_dh_secret()
- Added protection against possible null pointer dereferences
- Agent now handles overly large comment lengths
- Now ensure KEX replies don't include extra bytes
- Fixed possible buffer overflow when receiving SSH_MSG_USERAUTH_BANNER
- Fixed possible buffer overflow in keyboard interactive code path
- Fixed overlapping memcpy()
- Fixed Windows UWP builds
- Fixed DLL import name
- Renamed local RANDOM_PADDING macro to avoid unexpected define on Windows
- Support for building with gcc versions older than 8
- Improvements to CMake, Makefile, NMakefile, GNUmakefile, autoreconf files
- Restores ANSI C89 compliance
- Enabled new compiler warnings and fixed/silenced them
- Improved error messages
- Now uses CIFuzz
- Numerous minor code improvements
- Improvements to CI builds
- Improvements to unit tests
- Improvements to doc files
- Improvements to example files
- Removed "old gex" build option
- Removed no-encryption/no-mac builds
- Removed support for NetWare and Watcom wmake build files
- Bump to version 1.10.0
* Enhancements and bugfixes:
* support ECDSA certificate authentication
* fix detailed _libssh2_error being overwritten by generic errors
* unified error handling
* fix _libssh2_random() silently discarding errors
* don't error if using keys without RSA
* avoid OpenSSL latent error in FIPS mode
* fix EVP_Cipher interface change in openssl 3
* fix potential overwrite of buffer when reading stdout of command
* use string_buf in ecdh_sha2_nistp() to avoid attempting to parse malformed data
* correct a typo which may lead to stack overflow
* fix random big number generation to match openssl
* added key exchange group16-sha512 and group18-sha512.
* add support for an OSS Fuzzer fuzzing target
* adds support for ECDSA for both key exchange and host key algorithms
* clean up curve25519 code
* update the min, preferred and max DH group values based on RFC 8270.
* changed type of LIBSSH2_FX_* constants to unsigned long
* added diffie-hellman-group14-sha256 kex
* fix for use of uninitialized aes_ctr_cipher.key_len when using HAVE_OPAQUE_STRUCTS, regression
* fixes memory leaks and use after free AES EVP_CIPHER contexts when using OpenSSL 1.0.x.
* fixes crash with delayed compression option using Bitvise server.
* adds support for PKIX key reading
* use new API to parse data in packet_x11_open() for better bounds checking.
* double the static buffer size when reading and writing known hosts
* improved bounds checking in packet_queue_listener
* improve message parsing (CVE-2019-17498)
* improve bounds checking in kex_agree_methods()
* adding SSH agent forwarding.
* fix agent forwarding message, updated example.
* added integration test code and cmake target. Added example to cmake list.
* don't call `libssh2_crypto_exit()` until `_libssh2_initialized` count is down to zero.
* add an EWOULDBLOCK check for better portability
* fix off by one error when loading public keys with no id
* fix use-after-free crash on reinitialization of openssl backend
* preserve error info from agent_list_identities()
* make sure the error code is set in _libssh2_channel_open()
* fixed misspellings
* fix potential typecast error for `_libssh2_ecdsa_key_get_curve_type`
* rename _libssh2_ecdsa_key_get_curve_type to _libssh2_ecdsa_get_curve_type
libssh2-1-1.11.0-150000.4.19.1.x86_64.rpm
libssh2_org-1.11.0-150000.4.19.1.src.rpm
libssh2-1-1.11.0-150000.4.19.1.s390x.rpm
libssh2-1-1.11.0-150000.4.19.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4897
Optional update for openslp
low
SUSE Updates openSUSE-Leap-Micro 5.5
This update for openslp bumps the version number to ensure a clean upgrade path from SLE-12 to SLE-15.
This is a no-change rebuild of the packages already available in SLE-15.
openslp-2.0.0-150000.6.17.1.src.rpm
openslp-2.0.0-150000.6.17.1.x86_64.rpm
openslp-2.0.0-150000.6.17.1.s390x.rpm
openslp-2.0.0-150000.6.17.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4711
Recommended update for wireless-regdb
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for wireless-regdb fixes the following issues:
- Update all regulatory rules(v.20230901) for various countries (bsc#1029961)
wireless-regdb-20230901-150000.3.17.1.noarch.rpm
wireless-regdb-20230901-150000.3.17.1.src.rpm
openSUSE-Leap-Micro-5.5-2023-4200
Security update for nghttp2
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for nghttp2 fixes the following issues:
- CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174)
libnghttp2-14-1.40.0-150200.12.1.x86_64.rpm
nghttp2-1.40.0-150200.12.1.src.rpm
libnghttp2-14-1.40.0-150200.12.1.s390x.rpm
libnghttp2-14-1.40.0-150200.12.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4225
Security update for zchunk
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for zchunk fixes the following issues:
- CVE-2023-46228: Fixed a handle overflow errors in malformed zchunk files. (bsc#1216268)
libzck1-1.1.16-150400.3.7.1.x86_64.rpm
zchunk-1.1.16-150400.3.7.1.src.rpm
libzck1-1.1.16-150400.3.7.1.s390x.rpm
libzck1-1.1.16-150400.3.7.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4215
Security update for zlib
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for zlib fixes the following issues:
- CVE-2023-45853: Fixed an integer overflow that would lead to a
buffer overflow in the minizip subcomponent (bsc#1216378).
libz1-1.2.13-150500.4.3.1.x86_64.rpm
zlib-1.2.13-150500.4.3.1.src.rpm
zlib-devel-1.2.13-150500.4.3.1.x86_64.rpm
libz1-1.2.13-150500.4.3.1.s390x.rpm
zlib-devel-1.2.13-150500.4.3.1.s390x.rpm
libz1-1.2.13-150500.4.3.1.aarch64.rpm
zlib-devel-1.2.13-150500.4.3.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-22
Recommended update for libica, openssl-ibmca
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for libica, openssl-ibmca fixes the following issues:
Changes in libica:
- Added library in openssl3 flavor [bsc#1207472]
Changes in openssl-ibmca:
- Add a additional openssl engine for openssl 3 [bsc#1207472]
libica-4.2.1-150500.3.3.7.src.rpm
libica-tools-4.2.1-150500.3.3.7.s390x.rpm
libica4-4.2.1-150500.3.3.7.s390x.rpm
openssl-ibmca-2.4.0-150500.6.3.1.s390x.rpm
openssl-ibmca-2.4.0-150500.6.3.1.src.rpm
openSUSE-Leap-Micro-5.5-2023-4937
Recommended update for sg3_utils
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for sg3_utils fixes the following issues:
- Update to version 1.47+15.b6898b8
- L3-Question: rescan-scsi-bus.sh resize not detected (bsc#1215720).
- Packman Discord package upgrade lockout defeat inoperative (bsc#1216355).
- sg3_utils package doesn't rebuild initrd (bsc#1215772).
- rescan-scsi-bus.sh: improve cleanup on exit (gh#doug-gilbert/sg3_utils#44)
libsgutils2-1_47-2-1.47+15.b6898b8-150400.3.11.1.x86_64.rpm
sg3_utils-1.47+15.b6898b8-150400.3.11.1.src.rpm
sg3_utils-1.47+15.b6898b8-150400.3.11.1.x86_64.rpm
libsgutils2-1_47-2-1.47+15.b6898b8-150400.3.11.1.s390x.rpm
sg3_utils-1.47+15.b6898b8-150400.3.11.1.s390x.rpm
libsgutils2-1_47-2-1.47+15.b6898b8-150400.3.11.1.aarch64.rpm
sg3_utils-1.47+15.b6898b8-150400.3.11.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4310
Recommended update for libtirpc
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This Update for libtirpc to 1.3.4, fixing the following issues:
Update to 1.3.4 (bsc#1199467)
* binddynport.c honor ip_local_reserved_ports
- replaces: binddynport-honor-ip_local_reserved_ports.patch
* gss-api: expose gss major/minor error in authgss_refresh()
* rpcb_clnt.c: Eliminate double frees in delete_cache()
* rpcb_clnt.c: memory leak in destroy_addr
* portmapper: allow TCP-only portmapper
* getnetconfigent: avoid potential DoS issue by removing unnecessary sleep
* clnt_raw.c: fix a possible null pointer dereference
* bindresvport.c: fix a potential resource leakage
Update to 1.3.3:
* Fix DoS vulnerability in libtirpc
- replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch
* _rpc_dtablesize: use portable system call
* libtirpc: Fix use-after-free accessing the error number
* Fix potential memory leak of parms.r_addr
- replaces 0001-fix-parms.r_addr-memory-leak.patch
* rpcb_clnt.c add mechanism to try v2 protocol first
- preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch
* Eliminate deadlocks in connects with an MT environment
* clnt_dg_freeres() uncleared set active state may deadlock
* thread safe clnt destruction
* SUNRPC: mutexed access blacklist_read state variable
* SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c
Update to 1.3.2:
* Replace the final SunRPC licenses with BSD licenses
* blacklist: Add a few more well known ports
* libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS
Update to 1.3.1:
* Remove AUTH_DES interfaces from auth_des.h
The unsupported AUTH_DES authentication has be
compiled out since commit d918e41d889 (Wed Oct 9 2019)
replaced by API routines that return errors.
* svc_dg: Free xp_netid during destroy
* Fix memory management issues of fd locks
* libtirpc: replace array with list for per-fd locks
* __svc_vc_dodestroy: fix double free of xp_ltaddr.buf
* __rpc_dtbsize: rlim_cur instead of rlim_max
* pkg-config: use the correct replacements for libdir/includedir
libtirpc-1.3.4-150300.3.20.1.src.rpm
libtirpc-netconfig-1.3.4-150300.3.20.1.x86_64.rpm
libtirpc3-1.3.4-150300.3.20.1.x86_64.rpm
libtirpc-netconfig-1.3.4-150300.3.20.1.s390x.rpm
libtirpc3-1.3.4-150300.3.20.1.s390x.rpm
libtirpc-netconfig-1.3.4-150300.3.20.1.aarch64.rpm
libtirpc3-1.3.4-150300.3.20.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4227
Security update for open-vm-tools
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for open-vm-tools fixes the following issues:
- CVE-2023-34058: Fixed a SAML token signature bypass issue
(bsc#1216432).
- CVE-2023-34059: Fixed a privilege escalation issue through
vmware-user-suid-wrapper (bsc#1216433).
libvmtools0-12.3.0-150300.43.1.x86_64.rpm
open-vm-tools-12.3.0-150300.43.1.src.rpm
open-vm-tools-12.3.0-150300.43.1.x86_64.rpm
openSUSE-Leap-Micro-5.5-2023-4583
Feature update for python-psutil
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for python-psutil, python-requests fixes the following issues:
- update python-psutil to 5.9.1 (bsc#1199282, bsc#1184753, jsc#SLE-24629, jsc#PM-3243, gh#giampaolo/psutil#2043)
- Fix tests: setuptools changed the builddir library path and does not find the
module from it. Use the installed platlib instead and exclude psutil.tests only later.
- remove the dependency on net-tools, since it conflicts with busybox-hostnmame which is default on MicroOS
- Update python-requests to 2.25.1 (bsc#1176785, bsc#1170175, jsc#ECO-3105, jsc#PM-2352, jsc#PED-7192)
- Fixed bug with unintended Authorization header stripping for redirects using default ports (bsc#1111622).
python-psutil-5.9.1-150300.3.6.1.src.rpm
python-requests-2.25.1-150300.3.6.1.src.rpm
python3-psutil-5.9.1-150300.3.6.1.x86_64.rpm
python3-requests-2.25.1-150300.3.6.1.noarch.rpm
python3-psutil-5.9.1-150300.3.6.1.s390x.rpm
python3-psutil-5.9.1-150300.3.6.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4716
Recommended update for git
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for git fixes the following issues:
- Add rule for /etc/gitconfig in gitweb.cgi apparmor profile (bsc#1216501).
- gitweb.cgi AppArmor profile
- make the profile a named profile
- add local/include to make custom additions easier
git-2.35.3-150300.10.33.1.src.rpm
git-2.35.3-150300.10.33.1.x86_64.rpm
git-core-2.35.3-150300.10.33.1.x86_64.rpm
perl-Git-2.35.3-150300.10.33.1.x86_64.rpm
git-2.35.3-150300.10.33.1.s390x.rpm
git-core-2.35.3-150300.10.33.1.s390x.rpm
perl-Git-2.35.3-150300.10.33.1.s390x.rpm
git-2.35.3-150300.10.33.1.aarch64.rpm
git-core-2.35.3-150300.10.33.1.aarch64.rpm
perl-Git-2.35.3-150300.10.33.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4534
Recommended update for libzypp, zypper
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for libzypp, zypper fixes the following issues:
- Preliminary disable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091)
- Fix comment typo on zypp.conf (bsc#1215979)
- Attempt to delay %transfiletrigger(postun|in) execution if rpm supports it (bsc#1041742)
- Make sure the old target is deleted before a new one is created (bsc#1203760)
- Return 104 also if info suggests near matches
- Rephrase upgrade message for openSUSE Tumbleweed (bsc#1212422)
- commit: Insert a headline to separate output of different rpm scripts (bsc#1041742)
libzypp-17.31.22-150400.3.43.1.src.rpm
True
libzypp-17.31.22-150400.3.43.1.x86_64.rpm
True
zypper-1.14.66-150400.3.35.1.src.rpm
True
zypper-1.14.66-150400.3.35.1.x86_64.rpm
True
zypper-needs-restarting-1.14.66-150400.3.35.1.noarch.rpm
True
libzypp-17.31.22-150400.3.43.1.s390x.rpm
True
zypper-1.14.66-150400.3.35.1.s390x.rpm
True
libzypp-17.31.22-150400.3.43.1.aarch64.rpm
True
zypper-1.14.66-150400.3.35.1.aarch64.rpm
True
openSUSE-Leap-Micro-5.5-2023-4467
Security update for python-urllib3
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for python-urllib3 fixes the following issues:
- CVE-2023-45803: Fix a request body leak that could occur when
receiving a 303 HTTP response (bsc#1216377).
python-urllib3-1.25.10-150300.4.9.1.src.rpm
python3-urllib3-1.25.10-150300.4.9.1.noarch.rpm
openSUSE-Leap-Micro-5.5-2023-4644
Recommended update for psmisc
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for psmisc fixes the following issues:
- Fix version number when building the package
psmisc-23.0-150000.6.25.1.src.rpm
psmisc-23.0-150000.6.25.1.x86_64.rpm
psmisc-23.0-150000.6.25.1.s390x.rpm
psmisc-23.0-150000.6.25.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4700
Recommended update for p11-kit
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for p11-kit fixes the following issues:
- Ensure that programs using <p11-kit/pkcs11x.h> can be compiled with CRYPTOKI_GNU.
Fixes GnuTLS builds (jsc#PED-6705).
libp11-kit0-0.23.22-150500.8.3.1.x86_64.rpm
p11-kit-0.23.22-150500.8.3.1.src.rpm
p11-kit-0.23.22-150500.8.3.1.x86_64.rpm
p11-kit-tools-0.23.22-150500.8.3.1.x86_64.rpm
libp11-kit0-0.23.22-150500.8.3.1.s390x.rpm
p11-kit-0.23.22-150500.8.3.1.s390x.rpm
p11-kit-tools-0.23.22-150500.8.3.1.s390x.rpm
libp11-kit0-0.23.22-150500.8.3.1.aarch64.rpm
p11-kit-0.23.22-150500.8.3.1.aarch64.rpm
p11-kit-tools-0.23.22-150500.8.3.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4503
Security update for avahi
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for avahi fixes the following issues:
- CVE-2023-38470: Ensure each label is at least one byte long (bsc#1215947).
- CVE-2023-38473: Fixed a reachable assertion when parsing a host name (bsc#1216419).
avahi-0.8-150400.7.10.1.src.rpm
avahi-0.8-150400.7.10.1.x86_64.rpm
libavahi-client3-0.8-150400.7.10.1.x86_64.rpm
libavahi-common3-0.8-150400.7.10.1.x86_64.rpm
libavahi-core7-0.8-150400.7.10.1.x86_64.rpm
avahi-0.8-150400.7.10.1.s390x.rpm
libavahi-client3-0.8-150400.7.10.1.s390x.rpm
libavahi-common3-0.8-150400.7.10.1.s390x.rpm
libavahi-core7-0.8-150400.7.10.1.s390x.rpm
avahi-0.8-150400.7.10.1.aarch64.rpm
libavahi-client3-0.8-150400.7.10.1.aarch64.rpm
libavahi-common3-0.8-150400.7.10.1.aarch64.rpm
libavahi-core7-0.8-150400.7.10.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4375
Security update for the Linux Kernel
important
SUSE Updates openSUSE-Leap-Micro 5.5
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215095)
- CVE-2023-46813: Fixed a local privilege escalation with user-space programs that have access to MMIO regions (bsc#1212649).
- CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize) that could cause a local DoS. (bsc#1210778)
- CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860).
- CVE-2023-5178: Fixed an use-after-free and a double-free flaw that could allow a malicious user to execute a remote code execution. (bsc#1215768)
- CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215518)
- CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745).
- CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046)
- CVE-2023-39191: Fixed a lack of validation of dynamic pointers within user-supplied eBPF programs that may have allowed an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code. (bsc#1215863)
The following non-security bugs were fixed:
- 9p: virtio: make sure 'offs' is initialized in zc_request (git-fixes).
- ACPI: irq: Fix incorrect return value in acpi_register_gsi() (git-fixes).
- ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA (git-fixes).
- ALSA: hda/realtek - ALC287 I2S speaker platform support (git-fixes).
- ALSA: hda/realtek - ALC287 merge RTK codec with CS CS35L41 AMP (git-fixes).
- ALSA: hda/realtek - Fixed ASUS platform headset Mic issue (git-fixes).
- ALSA: hda/realtek - Fixed two speaker platform (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG GU603ZV (git-fixes).
- ALSA: hda/realtek: Change model for Intel RVP board (git-fixes).
- ALSA: hda/relatek: Enable Mute LED on HP Laptop 15s-fq5xxx (git-fixes).
- ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre M70q (git-fixes).
- ALSA: hda: intel-dsp-cfg: add LunarLake support (git-fixes).
- ALSA: hda: intel-sdw-acpi: Use u8 type for link index (git-fixes).
- ALSA: usb-audio: Fix microphone sound on Nexigo webcam (git-fixes).
- ALSA: usb-audio: Fix microphone sound on Opencomm2 Headset (git-fixes).
- ASoC: amd: yc: Fix non-functional mic on Lenovo 82YM (git-fixes).
- ASoC: codecs: wcd938x-sdw: fix runtime PM imbalance on probe errors (git-fixes).
- ASoC: codecs: wcd938x-sdw: fix use after free on driver unbind (git-fixes).
- ASoC: codecs: wcd938x: drop bogus bind error handling (git-fixes).
- ASoC: codecs: wcd938x: fix unbind tear down order (git-fixes).
- ASoC: fsl: imx-pcm-rpmsg: Add SNDRV_PCM_INFO_BATCH flag (git-fixes).
- ASoC: imx-rpmsg: Set ignore_pmdown_time for dai_link (git-fixes).
- ASoC: pxa: fix a memory leak in probe() (git-fixes).
- Bluetooth: Avoid redundant authentication (git-fixes).
- Bluetooth: Fix a refcnt underflow problem for hci_conn (git-fixes).
- Bluetooth: ISO: Fix handling of listen for unicast (git-fixes).
- Bluetooth: Reject connection with the device which has same BD_ADDR (git-fixes).
- Bluetooth: avoid memcmp() out of bounds warning (git-fixes).
- Bluetooth: btusb: add shutdown function for QCA6174 (git-fixes).
- Bluetooth: hci_codec: Fix leaking content of local_codecs (git-fixes).
- Bluetooth: hci_event: Fix coding style (git-fixes).
- Bluetooth: hci_event: Fix using memcmp when comparing keys (git-fixes).
- Bluetooth: hci_event: Ignore NULL link key (git-fixes).
- Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name (git-fixes).
- Bluetooth: hci_sock: fix slab oob read in create_monitor_event (git-fixes).
- Bluetooth: vhci: Fix race when opening vhci device (git-fixes).
- Documentation: qat: change kernel version (PED-6401).
- Documentation: qat: rewrite description (PED-6401).
- Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (git-fixes).
- Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs (git-fixes).
- HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event (git-fixes).
- HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit (git-fixes).
- HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect (git-fixes).
- HID: multitouch: Add required quirk for Synaptics 0xcd7e device (git-fixes).
- HID: sony: Fix a potential memory leak in sony_probe() (git-fixes).
- HID: sony: remove duplicate NULL check before calling usb_free_urb() (git-fixes).
- IB/mlx4: Fix the size of a buffer in add_port_entries() (git-fixes)
- Input: goodix - ensure int GPIO is in input for gpio_count == 1 && gpio_int_idx == 0 case (git-fixes).
- Input: powermate - fix use-after-free in powermate_config_complete (git-fixes).
- Input: psmouse - fix fast_reconnect function for PS/2 mode (git-fixes).
- Input: xpad - add PXN V900 support (git-fixes).
- KVM: SVM: Do not kill SEV guest if SMAP erratum triggers in usermode (git-fixes).
- KVM: SVM: INTERCEPT_RDTSCP is never intercepted anyway (git-fixes).
- KVM: s390: fix gisa destroy operation might lead to cpu stalls (git-fixes bsc#1216512).
- KVM: x86/mmu: Reconstruct shadow page root if the guest PDPTEs is changed (git-fixes).
- KVM: x86: Fix clang -Wimplicit-fallthrough in do_host_cpuid() (git-fixes).
- KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (bsc#1213772).
- KVM: x86: Propagate the AMD Automatic IBRS feature to the guest (bsc#1213772).
- KVM: x86: add support for CPUID leaf 0x80000021 (bsc#1213772).
- KVM: x86: synthesize CPUID leaf 0x80000021h if useful (bsc#1213772).
- KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes).
- NFS: Fix O_DIRECT locking issues (bsc#1211162).
- NFS: Fix a few more clear_bit() instances that need release semantics (bsc#1211162).
- NFS: Fix a potential data corruption (bsc#1211162).
- NFS: Fix a use after free in nfs_direct_join_group() (bsc#1211162).
- NFS: Fix error handling for O_DIRECT write scheduling (bsc#1211162).
- NFS: More O_DIRECT accounting fixes for error paths (bsc#1211162).
- NFS: More fixes for nfs_direct_write_reschedule_io() (bsc#1211162).
- NFS: Use the correct commit info in nfs_join_page_group() (bsc#1211162).
- NFS: only issue commit in DIO codepath if we have uncommitted data (bsc#1211162).
- NFSD: Never call nfsd_file_gc() in foreground paths (bsc#1215545).
- RDMA/cma: Fix truncation compilation warning in make_cma_ports (git-fixes)
- RDMA/cma: Initialize ib_sa_multicast structure to 0 when join (git-fixes)
- RDMA/core: Require admin capabilities to set system parameters (git-fixes)
- RDMA/cxgb4: Check skb value for failure to allocate (git-fixes)
- RDMA/mlx5: Fix NULL string error (git-fixes)
- RDMA/mlx5: Fix mutex unlocking on error flow for steering anchor creation (git-fixes)
- RDMA/siw: Fix connection failure handling (git-fixes)
- RDMA/srp: Do not call scsi_done() from srp_abort() (git-fixes)
- RDMA/uverbs: Fix typo of sizeof argument (git-fixes)
- arm64/smmu: use TLBI ASID when invalidating entire range (bsc#1215921)
- ata: libata-core: Do not register PM operations for SAS ports (git-fixes).
- ata: libata-core: Fix ata_port_request_pm() locking (git-fixes).
- ata: libata-core: Fix port and device removal (git-fixes).
- ata: libata-sata: increase PMP SRST timeout to 10s (git-fixes).
- ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES (git-fixes).
- blk-cgroup: Fix NULL deref caused by blkg_policy_data being installed before init (bsc#1216062).
- blk-cgroup: support to track if policy is online (bsc#1216062).
- bonding: Fix extraction of ports from the packet headers (bsc#1214754).
- bonding: Return pointer to data after pull on skb (bsc#1214754).
- bonding: do not assume skb mac_header is set (bsc#1214754).
- bpf: Add copy_map_value_long to copy to remote percpu memory (git-fixes).
- bpf: Add missing btf_put to register_btf_id_dtor_kfuncs (git-fixes).
- bpf: Add override check to kprobe multi link attach (git-fixes).
- bpf: Add zero_map_value to zero map value with special fields (git-fixes).
- bpf: Cleanup check_refcount_ok (git-fixes).
- bpf: Fix max stack depth check for async callbacks (git-fixes).
- bpf: Fix offset calculation error in __copy_map_value and zero_map_value (git-fixes).
- bpf: Fix ref_obj_id for dynptr data slices in verifier (git-fixes).
- bpf: Fix resetting logic for unreferenced kptrs (git-fixes).
- bpf: Fix subprog idx logic in check_max_stack_depth (git-fixes).
- bpf: Gate dynptr API behind CAP_BPF (git-fixes).
- bpf: Prevent decl_tag from being referenced in func_proto arg (git-fixes).
- bpf: Repeat check_max_stack_depth for async callbacks (git-fixes).
- bpf: Tighten ptr_to_btf_id checks (git-fixes).
- bpf: fix precision propagation verbose logging (git-fixes).
- bpf: prevent decl_tag from being referenced in func_proto (git-fixes).
- bpf: propagate precision across all frames, not just the last one (git-fixes).
- bpf: propagate precision in ALU/ALU64 operations (git-fixes).
- bpf: propagate precision in ALU/ALU64 operations (git-fixes).
- btf: Export bpf_dynptr definition (git-fixes).
- btrfs: do not start transaction for scrub if the fs is mounted read-only (bsc#1214874).
- bus: ti-sysc: Fix missing AM35xx SoC matching (git-fixes).
- bus: ti-sysc: Use fsleep() instead of usleep_range() in sysc_reset() (git-fixes).
- ceph: add base64 endcoding routines for encrypted names (jsc#SES-1880).
- ceph: add encryption support to writepage and writepages (jsc#SES-1880).
- ceph: add fscrypt ioctls and ceph.fscrypt.auth vxattr (jsc#SES-1880).
- ceph: add helpers for converting names for userland presentation (jsc#SES-1880).
- ceph: add infrastructure for file encryption and decryption (jsc#SES-1880).
- ceph: add new mount option to enable sparse reads (jsc#SES-1880).
- ceph: add object version support for sync read (jsc#SES-1880).
- ceph: add read/modify/write to ceph_sync_write (jsc#SES-1880).
- ceph: add some fscrypt guardrails (jsc#SES-1880).
- ceph: add support for encrypted snapshot names (jsc#SES-1880).
- ceph: add support to readdir for encrypted names (jsc#SES-1880).
- ceph: add truncate size handling support for fscrypt (jsc#SES-1880).
- ceph: align data in pages in ceph_sync_write (jsc#SES-1880).
- ceph: allow encrypting a directory while not having Ax caps (jsc#SES-1880).
- ceph: create symlinks with encrypted and base64-encoded targets (jsc#SES-1880).
- ceph: decode alternate_name in lease info (jsc#SES-1880).
- ceph: do not use special DIO path for encrypted inodes (jsc#SES-1880).
- ceph: drop messages from MDS when unmounting (jsc#SES-1880).
- ceph: encode encrypted name in ceph_mdsc_build_path and dentry release (jsc#SES-1880).
- ceph: fix incorrect revoked caps assert in ceph_fill_file_size() (bsc#1216322).
- ceph: fix type promotion bug on 32bit systems (bsc#1216324).
- ceph: fix updating i_truncate_pagecache_size for fscrypt (jsc#SES-1880).
- ceph: fscrypt_auth handling for ceph (jsc#SES-1880).
- ceph: handle fscrypt fields in cap messages from MDS (jsc#SES-1880).
- ceph: implement -o test_dummy_encryption mount option (jsc#SES-1880).
- ceph: invalidate pages when doing direct/sync writes (jsc#SES-1880).
- ceph: make ceph_fill_trace and ceph_get_name decrypt names (jsc#SES-1880).
- ceph: make ceph_msdc_build_path use ref-walk (jsc#SES-1880).
- ceph: make d_revalidate call fscrypt revalidator for encrypted dentries (jsc#SES-1880).
- ceph: make ioctl cmds more readable in debug log (jsc#SES-1880).
- ceph: make num_fwd and num_retry to __u32 (jsc#SES-1880).
- ceph: mark directory as non-complete after loading key (jsc#SES-1880).
- ceph: pass the request to parse_reply_info_readdir() (jsc#SES-1880).
- ceph: plumb in decryption during reads (jsc#SES-1880).
- ceph: preallocate inode for ops that may create one (jsc#SES-1880).
- ceph: prevent snapshot creation in encrypted locked directories (jsc#SES-1880).
- ceph: remove unnecessary check for NULL in parse_longname() (bsc#1216333).
- ceph: send alternate_name in MClientRequest (jsc#SES-1880).
- ceph: set DCACHE_NOKEY_NAME flag in ceph_lookup/atomic_open() (jsc#SES-1880).
- ceph: size handling in MClientRequest, cap updates and inode traces (jsc#SES-1880).
- ceph: switch ceph_lookup/atomic_open() to use new fscrypt helper (jsc#SES-1880).
- ceph: use osd_req_op_extent_osd_iter for netfs reads (jsc#SES-1880).
- ceph: voluntarily drop Xx caps for requests those touch parent mtime (jsc#SES-1880).
- ceph: wait for OSD requests' callbacks to finish when unmounting (jsc#SES-1880).
- cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem (bsc#1215955).
- cgroup: Remove duplicates in cgroup v1 tasks file (bsc#1211307).
- clk: tegra: fix error return case for recalc_rate (git-fixes).
- counter: microchip-tcb-capture: Fix the use of internal GCLK logic (git-fixes).
- crypto: qat - Include algapi.h for low-level Crypto API (PED-6401).
- crypto: qat - Remove unused function declarations (PED-6401).
- crypto: qat - add fw_counters debugfs file (PED-6401).
- crypto: qat - add heartbeat counters check (PED-6401).
- crypto: qat - add heartbeat feature (PED-6401).
- crypto: qat - add internal timer for qat 4xxx (PED-6401).
- crypto: qat - add measure clock frequency (PED-6401).
- crypto: qat - add missing function declaration in adf_dbgfs.h (PED-6401).
- crypto: qat - add qat_zlib_deflate (PED-6401).
- crypto: qat - add support for 402xx devices (PED-6401).
- crypto: qat - change value of default idle filter (PED-6401).
- crypto: qat - delay sysfs initialization (PED-6401).
- crypto: qat - do not export adf_init_admin_pm() (PED-6401).
- crypto: qat - drop log level of msg in get_instance_node() (PED-6401).
- crypto: qat - drop obsolete heartbeat interface (PED-6401).
- crypto: qat - drop redundant adf_enable_aer() (PED-6401).
- crypto: qat - expose pm_idle_enabled through sysfs (PED-6401).
- crypto: qat - extend buffer list logic interface (PED-6401).
- crypto: qat - extend configuration for 4xxx (PED-6401).
- crypto: qat - fix apply custom thread-service mapping for dc service (PED-6401).
- crypto: qat - fix concurrency issue when device state changes (PED-6401).
- crypto: qat - fix crypto capability detection for 4xxx (PED-6401).
- crypto: qat - fix spelling mistakes from 'bufer' to 'buffer' (PED-6401).
- crypto: qat - make fw images name constant (PED-6401).
- crypto: qat - make state machine functions static (PED-6401).
- crypto: qat - move dbgfs init to separate file (PED-6401).
- crypto: qat - move returns to default case (PED-6401).
- crypto: qat - refactor device restart logic (PED-6401).
- crypto: qat - refactor fw config logic for 4xxx (PED-6401).
- crypto: qat - remove ADF_STATUS_PF_RUNNING flag from probe (PED-6401).
- crypto: qat - replace state machine calls (PED-6401).
- crypto: qat - replace the if statement with min() (PED-6401).
- crypto: qat - set deprecated capabilities as reserved (PED-6401).
- crypto: qat - unmap buffer before free for DH (PED-6401).
- crypto: qat - unmap buffers before free for RSA (PED-6401).
- crypto: qat - update slice mask for 4xxx devices (PED-6401).
- crypto: qat - use kfree_sensitive instead of memset/kfree() (PED-6401).
- dmaengine: idxd: use spin_lock_irqsave before wait_event_lock_irq (git-fixes).
- dmaengine: mediatek: Fix deadlock caused by synchronize_irq() (git-fixes).
- dmaengine: stm32-mdma: abort resume if no ongoing transfer (git-fixes).
- drm/amd/display: Do not check registers, if using AUX BL control (git-fixes).
- drm/amd/display: Do not set dpms_off for seamless boot (git-fixes).
- drm/amd/pm: add unique_id for gc 11.0.3 (git-fixes).
- drm/amd: Fix detection of _PR3 on the PCIe root port (git-fixes).
- drm/amdgpu/nbio4.3: set proper rmmio_remap.reg_offset for SR-IOV (git-fixes).
- drm/amdgpu/soc21: do not remap HDP registers for SR-IOV (git-fixes).
- drm/amdgpu: Handle null atom context in VBIOS info ioctl (git-fixes).
- drm/amdgpu: add missing NULL check (git-fixes).
- drm/amdkfd: Flush TLB after unmapping for GFX v9.4.3 (git-fixes).
- drm/amdkfd: Insert missing TLB flush on GFX10 and later (git-fixes).
- drm/amdkfd: Use gpu_offset for user queue's wptr (git-fixes).
- drm/atomic-helper: relax unregistered connector check (git-fixes).
- drm/bridge: ti-sn65dsi83: Do not generate HFP/HBP/HSA and EOT packet (git-fixes).
- drm/i915/gt: Fix reservation address in ggtt_reserve_guc_top (git-fixes).
- drm/i915/pmu: Check if pmu is closed before stopping event (git-fixes).
- drm/i915: Retry gtt fault when out of fence registers (git-fixes).
- drm/mediatek: Correctly free sg_table in gem prime vmap (git-fixes).
- drm/msm/dp: do not reinitialize phy unless retry during link training (git-fixes).
- drm/msm/dpu: change _dpu_plane_calc_bw() to use u64 to avoid overflow (git-fixes).
- drm/msm/dsi: fix irq_of_parse_and_map() error checking (git-fixes).
- drm/msm/dsi: skip the wait for video mode done if not applicable (git-fixes).
- drm/vmwgfx: fix typo of sizeof argument (git-fixes).
- drm: panel-orientation-quirks: Add quirk for One Mix 2S (git-fixes).
- firmware/imx-dsp: Fix use_after_free in imx_dsp_setup_channels() (git-fixes).
- firmware: arm_ffa: Do not set the memory region attributes for MEM_LEND (git-fixes).
- firmware: imx-dsp: Fix an error handling path in imx_dsp_setup_channels() (git-fixes).
- fix x86/mm: print the encryption features in hyperv is disabled
- fprobe: Ensure running fprobe_exit_handler() finished before calling rethook_free() (git-fixes).
- fscrypt: new helper function - fscrypt_prepare_lookup_partial() (jsc#SES-1880).
- gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config() (git-fixes).
- gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip (git-fixes).
- gpio: pxa: disable pinctrl calls for MMP_GPIO (git-fixes).
- gpio: tb10x: Fix an error handling path in tb10x_gpio_probe() (git-fixes).
- gpio: timberdale: Fix potential deadlock on &tgpio->lock (git-fixes).
- gpio: vf610: set value before the direction to avoid a glitch (git-fixes).
- gve: Do not fully free QPL pages on prefill errors (git-fixes).
- i2c: aspeed: Fix i2c bus hang in slave read (git-fixes).
- i2c: i801: unregister tco_pdev in i801_probe() error path (git-fixes).
- i2c: mux: Avoid potential false error message in i2c_mux_add_adapter (git-fixes).
- i2c: mux: demux-pinctrl: check the return value of devm_kstrdup() (git-fixes).
- i2c: mux: gpio: Add missing fwnode_handle_put() (git-fixes).
- i2c: mux: gpio: Replace custom acpi_get_local_address() (git-fixes).
- i2c: muxes: i2c-demux-pinctrl: Use of_get_i2c_adapter_by_node() (git-fixes).
- i2c: muxes: i2c-mux-gpmux: Use of_get_i2c_adapter_by_node() (git-fixes).
- i2c: muxes: i2c-mux-pinctrl: Use of_get_i2c_adapter_by_node() (git-fixes).
- i2c: npcm7xx: Fix callback completion ordering (git-fixes).
- i2c: stm32f7: Fix PEC handling in case of SMBUS transfers (git-fixes).
- ieee802154: ca8210: Fix a potential UAF in ca8210_probe (git-fixes).
- iio: adc: xilinx-xadc: Correct temperature offset/scale for UltraScale (git-fixes).
- iio: adc: xilinx-xadc: Do not clobber preset voltage/temperature thresholds (git-fixes).
- iio: exynos-adc: request second interupt only when touchscreen mode is used (git-fixes).
- iio: pressure: bmp280: Fix NULL pointer exception (git-fixes).
- iio: pressure: dps310: Adjust Timeout Settings (git-fixes).
- iio: pressure: ms5611: ms5611_prom_is_valid false negative bug (git-fixes).
- intel x86 platform vsec kABI workaround (bsc#1216202).
- io_uring/fs: remove sqe->rw_flags checking from LINKAT (git-fixes).
- io_uring/rw: defer fsnotify calls to task context (git-fixes).
- io_uring/rw: ensure kiocb_end_write() is always called (git-fixes).
- io_uring/rw: remove leftover debug statement (git-fixes).
- io_uring: Replace 0-length array with flexible array (git-fixes).
- io_uring: ensure REQ_F_ISREG is set async offload (git-fixes).
- io_uring: fix fdinfo sqe offsets calculation (git-fixes).
- io_uring: fix memory leak when removing provided buffers (git-fixes).
- iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback (bsc#1212423).
- iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback (bsc#1212423).
- iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support (bsc#1212423).
- iommu/arm-smmu-v3: Fix soft lockup triggered by (bsc#1215921)
- kABI: fix bpf Tighten-ptr_to_btf_id checks (git-fixes).
- kabi: blkcg_policy_data fix KABI (bsc#1216062).
- kabi: workaround for enum nft_trans_phase (bsc#1215104).
- kprobes: Prohibit probing on CFI preamble symbol (git-fixes).
- leds: Drop BUG_ON check for LED_COLOR_ID_MULTI (git-fixes).
- libceph: add CEPH_OSD_OP_ASSERT_VER support (jsc#SES-1880).
- libceph: add new iov_iter-based ceph_msg_data_type and ceph_osd_data_type (jsc#SES-1880).
- libceph: add sparse read support to OSD client (jsc#SES-1880).
- libceph: add sparse read support to msgr1 (jsc#SES-1880).
- libceph: add spinlock around osd->o_requests (jsc#SES-1880).
- libceph: allow ceph_osdc_new_request to accept a multi-op read (jsc#SES-1880).
- libceph: define struct ceph_sparse_extent and add some helpers (jsc#SES-1880).
- libceph: new sparse_read op, support sparse reads on msgr2 crc codepath (jsc#SES-1880).
- libceph: support sparse reads on msgr2 secure codepath (jsc#SES-1880).
- libceph: use kernel_connect() (bsc#1216323).
- misc: fastrpc: Clean buffers on remote invocation failures (git-fixes).
- mm, memcg: reconsider kmem.limit_in_bytes deprecation (bsc#1208788 bsc#1213705).
- mmc: core: Capture correct oemid-bits for eMMC cards (git-fixes).
- mmc: core: sdio: hold retuning if sdio in 1-bit mode (git-fixes).
- mmc: mtk-sd: Use readl_poll_timeout_atomic in msdc_reset_hw (git-fixes).
- mtd: physmap-core: Restore map_rom fallback (git-fixes).
- mtd: rawnand: arasan: Ensure program page operations are successful (git-fixes).
- mtd: rawnand: marvell: Ensure program page operations are successful (git-fixes).
- mtd: rawnand: pl353: Ensure program page operations are successful (git-fixes).
- mtd: rawnand: qcom: Unmap the right resource upon probe failure (git-fixes).
- mtd: spinand: micron: correct bitmask for ecc status (git-fixes).
- net/sched: fix netdevice reference leaks in attach_default_qdiscs() (git-fixes).
- net: ieee802154: adf7242: Fix some potential buffer overflow in adf7242_stats_show() (git-fixes).
- net: mana: Fix TX CQE error handling (bsc#1215986).
- net: mana: Fix oversized sge0 for GSO packets (bsc#1215986).
- net: nfc: llcp: Add lock when modifying device list (git-fixes).
- net: rfkill: gpio: prevent value glitch during probe (git-fixes).
- net: sched: add barrier to fix packet stuck problem for lockless qdisc (bsc#1216345).
- net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (bsc#1216345).
- net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read (git-fixes).
- net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git-fixes).
- net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git-fixes).
- net: usb: smsc95xx: Fix an error code in smsc95xx_reset() (git-fixes).
- net: usb: smsc95xx: Fix uninit-value access in smsc95xx_read_reg (git-fixes).
- net: use sk_is_tcp() in more places (git-fixes).
- netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain (git-fixes).
- netfilter: nf_tables: unbind non-anonymous set if rule construction fails (git-fixes).
- nfc: nci: assert requested protocol is valid (git-fixes).
- nfc: nci: fix possible NULL pointer dereference in send_acknowledge() (git-fixes).
- nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() (git-fixes).
- nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() (bsc#1214842).
- phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins (git-fixes).
- phy: mapphone-mdm6600: Fix runtime PM for remove (git-fixes).
- phy: mapphone-mdm6600: Fix runtime disable on probe (git-fixes).
- pinctrl: avoid unsafe code pattern in find_pinctrl() (git-fixes).
- pinctrl: renesas: rzn1: Enable missing PINMUX (git-fixes).
- platform/surface: platform_profile: Propagate error if profile registration fails (git-fixes).
- platform/x86/intel/pmt: Ignore uninitialized entries (bsc#1216202).
- platform/x86/intel/pmt: telemetry: Fix fixed region handling (bsc#1216202).
- platform/x86/intel/vsec: Rework early hardware code (bsc#1216202).
- platform/x86/intel: Fix 'rmmod pmt_telemetry' panic (bsc#1216202).
- platform/x86/intel: Fix pmt_crashlog array reference (bsc#1216202).
- platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e (git-fixes).
- platform/x86: asus-wmi: Map 0x2a code, Ignore 0x2b and 0x2c events (git-fixes).
- platform/x86: think-lmi: Fix reference leak (git-fixes).
- platform/x86: touchscreen_dmi: Add info for the Positivo C4128B (git-fixes).
- power: supply: ucs1002: fix error code in ucs1002_get_property() (git-fixes).
- quota: Fix slow quotaoff (bsc#1216621).
- r8152: Cancel hw_phy_work if we have an error in probe (git-fixes).
- r8152: Increase USB control msg timeout to 5000ms as per spec (git-fixes).
- r8152: Release firmware if we have an error in probe (git-fixes).
- r8152: Run the unload routine if we have errors during probe (git-fixes).
- r8152: check budget for r8152_poll() (git-fixes).
- regmap: fix NULL deref on lookup (git-fixes).
- regmap: rbtree: Fix wrong register marked as in-cache when creating new node (git-fixes).
- ring-buffer: Avoid softlockup in ring_buffer_resize() (git-fixes).
- ring-buffer: Do not attempt to read past "commit" (git-fixes).
- ring-buffer: Fix bytes info in per_cpu buffer stats (git-fixes).
- ring-buffer: Update "shortest_full" in polling (git-fixes).
- s390/cio: fix a memleak in css_alloc_subchannel (git-fixes bsc#1216510).
- s390/pci: fix iommu bitmap allocation (git-fixes bsc#1216511).
- s390: add z16 elf platform (git-fixes LTC#203789 bsc#1215956 LTC#203788 bsc#1215957).
- sched/cpuset: Bring back cpuset_mutex (bsc#1215955).
- sched/deadline,rt: Remove unused parameter from pick_next_[rt|dl]_entity() (git fixes (sched)).
- sched/rt: Fix live lock between select_fallback_rq() and RT push (git fixes (sched)).
- sched/rt: Fix sysctl_sched_rr_timeslice intial value (git fixes (sched)).
- scsi: be2iscsi: Add length check when parsing nlattrs (git-fixes).
- scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock (git-fixes).
- scsi: iscsi: Add length check for nlattr payload (git-fixes).
- scsi: iscsi: Add strlen() check in iscsi_if_set{_host}_param() (git-fixes).
- scsi: iscsi_tcp: restrict to TCP sockets (git-fixes).
- scsi: mpi3mr: Propagate sense data for admin queue SCSI I/O (git-fixes).
- scsi: mpt3sas: Perform additional retries if doorbell read returns 0 (git-fixes).
- scsi: pm8001: Setup IRQs on resume (git-fixes).
- scsi: qedf: Do not touch __user pointer in qedf_dbg_debug_cmd_read() directly (git-fixes).
- scsi: qedf: Do not touch __user pointer in qedf_dbg_fp_int_cmd_read() directly (git-fixes).
- scsi: qedf: Do not touch __user pointer in qedf_dbg_stop_io_on_error_cmd_read() directly (git-fixes).
- scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock (git-fixes).
- scsi: qla4xxx: Add length check when parsing nlattrs (git-fixes).
- selftests/bpf: Add more tests for check_max_stack_depth bug (git-fixes).
- selftests/bpf: Add reproducer for decl_tag in func_proto argument (git-fixes).
- selftests/bpf: Add reproducer for decl_tag in func_proto return type (git-fixes).
- selftests/bpf: Add selftest for check_stack_max_depth bug (git-fixes).
- selftests/bpf: Clean up sys_nanosleep uses (git-fixes).
- serial: 8250_port: Check IRQ data before use (git-fixes).
- soc: imx8m: Enable OCOTP clock for imx8mm before reading registers (git-fixes).
- spi: nxp-fspi: reset the FLSHxCR1 registers (git-fixes).
- spi: stm32: add a delay before SPI disable (git-fixes).
- spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain (git-fixes).
- spi: sun6i: reduce DMA RX transfer width to single byte (git-fixes).
- thunderbolt: Check that lane 1 is in CL0 before enabling lane bonding (git-fixes).
- thunderbolt: Restart XDomain discovery handshake after failure (git-fixes).
- thunderbolt: Workaround an IOMMU fault on certain systems with Intel Maple Ridge (git-fixes).
- tracing: Have current_trace inc the trace array ref count (git-fixes).
- tracing: Have event inject files inc the trace array ref count (git-fixes).
- tracing: Have option files inc the trace array ref count (git-fixes).
- tracing: Have tracing_max_latency inc the trace array ref count (git-fixes).
- tracing: Increase trace array ref count on enable and filter files (git-fixes).
- tracing: Make trace_marker{,_raw} stream-like (git-fixes).
- treewide: Spelling fix in comment (git-fixes).
- usb: cdnsp: Fixes issue with dequeuing not queued requests (git-fixes).
- usb: dwc3: Soft reset phy on probe for host (git-fixes).
- usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call (git-fixes).
- usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes).
- usb: hub: Guard against accesses to uninitialized BOS descriptors (git-fixes).
- usb: musb: Get the musb_qh poniter after musb_giveback (git-fixes).
- usb: musb: Modify the "HWVers" register address (git-fixes).
- usb: serial: option: add Fibocom to DELL custom modem FM101R-GL (git-fixes).
- usb: serial: option: add Telit LE910C4-WWX 0x1035 composition (git-fixes).
- usb: serial: option: add entry for Sierra EM9191 with new firmware (git-fixes).
- usb: typec: altmodes/displayport: Signal hpd low when exiting mode (git-fixes).
- usb: typec: ucsi: Clear EVENT_PENDING bit if ucsi_send_command fails (git-fixes).
- usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer (git-fixes).
- vmbus_testing: fix wrong python syntax for integer value comparison (git-fixes).
- vringh: do not use vringh_kiov_advance() in vringh_iov_xfer() (git-fixes).
- watchdog: iTCO_wdt: No need to stop the timer in probe (git-fixes).
- watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running (git-fixes).
- wifi: cfg80211: Fix 6GHz scan configuration (git-fixes).
- wifi: cfg80211: avoid leaking stack data into trace (git-fixes).
- wifi: iwlwifi: Ensure ack flag is properly cleared (git-fixes).
- wifi: iwlwifi: dbg_ini: fix structure packing (git-fixes).
- wifi: iwlwifi: mvm: Fix a memory corruption issue (git-fixes).
- wifi: mac80211: allow transmitting EAPOL frames with tainted key (git-fixes).
- wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling (git-fixes).
- wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet (git-fixes).
- wifi: mwifiex: Fix tlv_buf_left calculation (git-fixes).
- wifi: mwifiex: Sanity check tlv_len and tlv_bitmap_len (git-fixes).
- x86/cpu, kvm: Add the NO_NESTED_DATA_BP feature (bsc#1213772).
- x86/cpu, kvm: Add the Null Selector Clears Base feature (bsc#1213772).
- x86/cpu, kvm: Add the SMM_CTL MSR not present feature (bsc#1213772).
- x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (bsc#1213772).
- x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled (bsc#1213772).
- x86/cpu: Support AMD Automatic IBRS (bsc#1213772).
- x86/mm: Print the encryption features correctly when a paravisor is present (bsc#1206453).
- x86/platform/uv: Use alternate source for socket to node data (bsc#1215696).
- x86/sev: Check IOBM for IOIO exceptions from user-space (bsc#1212649).
- x86/sev: Check for user-space IOIO pointing to kernel space (bsc#1212649).
- x86/sev: Disable MMIO emulation from user mode (bsc#1212649).
- x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635).
- xen-netback: use default TX queue size for vifs (git-fixes).
- xhci: Keep interrupt disabled in initialization until host is running (git-fixes).
kernel-default-5.14.21-150500.55.36.1.nosrc.rpm
True
kernel-default-5.14.21-150500.55.36.1.x86_64.rpm
True
kernel-default-base-5.14.21-150500.55.36.1.150500.6.15.3.src.rpm
True
kernel-default-base-5.14.21-150500.55.36.1.150500.6.15.3.x86_64.rpm
True
kernel-default-5.14.21-150500.55.36.1.s390x.rpm
True
kernel-default-5.14.21-150500.55.36.1.aarch64.rpm
True
kernel-default-base-5.14.21-150500.55.36.1.150500.6.15.3.aarch64.rpm
True
openSUSE-Leap-Micro-5.5-2023-4591
Security update for squashfs
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for squashfs fixes the following issues:
- CVE-2015-4645,CVE-2015-4646: Multiple buffer overflows fixed in squashfs-tools (bsc#935380)
- CVE-2021-40153: Fixed an issue where an attacker might have been able to write a file outside of destination (bsc#1189936)
- CVE-2021-41072: Fixed an issue where an attacker might have been
able to write a file outside the destination directory via a
symlink (bsc#1190531).
update to 4.6.1:
* Race condition which can cause corruption of the "fragment
table" fixed. This is a regression introduced in August 2022,
and it has been seen when tailend packing is used (-tailends option).
* Fix build failure when the tools are being built without
extended attribute (XATTRs) support.
* Fix XATTR error message when an unrecognised prefix is
found
* Fix incorrect free of pointer when an unrecognised XATTR
prefix is found.
* Major improvements in extended attribute handling,
pseudo file handling, and miscellaneous new options and
improvements
* Extended attribute handling improved in Mksquashfs and
Sqfstar
* New Pseudo file xattr definition to add extended
attributes to files.
* New xattrs-add Action to add extended attributes to files
* Extended attribute handling improved in Unsquashfs
* Other major improvements
* Unsquashfs can now output Pseudo files to standard out.
* Mksquashfs can now input Pseudo files from standard in.
* Squashfs filesystems can now be converted (different
block size compression etc) without unpacking to an
intermediate filesystem or mounting, by piping the output of
Unsquashfs to Mksquashfs.
* Pseudo files are now supported by Sqfstar.
* "Non-anchored" excludes are now supported by Unsquashfs.
update to 4.5.1 (bsc#1190531, CVE-2021-41072):
* This release adds Manpages for Mksquashfs(1), Unsquashfs(1),
Sqfstar(1) and Sqfscat(1).
* The -help text output from the utilities has been improved
and extended as well (but the Manpages are now more
comprehensive).
* CVE-2021-41072 which is a writing outside of destination
exploit, has been fixed.
* The number of hard-links in the filesystem is now also
displayed by Mksquashfs in the output summary.
* The number of hard-links written by Unsquashfs is now
also displayed in the output summary.
* Unsquashfs will now write to a pre-existing destination
directory, rather than aborting.
* Unsquashfs now allows "." to used as the destination, to
extract to the current directory.
* The Unsquashfs progress bar now tracks empty files and
hardlinks, in addition to data blocks.
* -no-hardlinks option has been implemented for Sqfstar.
* More sanity checking for "corrupted" filesystems, including
checks for multiply linked directories and directory loops.
* Options that may cause filesystems to be unmountable have
been moved into a new "experts" category in the Mksquashfs
help text (and Manpage).
* Maximum cpiostyle filename limited to PATH_MAX. This
prevents attempts to overflow the stack, or cause system
calls to fail with a too long pathname.
* Don't always use "max open file limit" when calculating
length of queues, as a very large file limit can cause
Unsquashfs to abort. Instead use the smaller of max open
file limit and cache size.
* Fix Mksquashfs silently ignoring Pseudo file definitions
when appending.
* Don't abort if no XATTR support has been built in, and
there's XATTRs in the filesystem. This is a regression
introduced in 2019 in Version 4.4.
* Fix duplicate check when the last file block is sparse.
update to 4.5:
* Mksquashfs now supports "Actions".
* New sqfstar command which will create a Squashfs image from a tar archive.
* Tar style handling of source pathnames in Mksquashfs.
* Cpio style handling of source pathnames in Mksquashfs.
* New option to throttle the amount of CPU and I/O.
* Mksquashfs now allows no source directory to be specified.
* New Pseudo file "R" definition which allows a Regular file
o be created with data stored within the Pseudo file.
* Symbolic links are now followed in extract files
* Unsquashfs now supports "exclude" files.
* Max depth traversal option added.
* Unsquashfs can now output a "Pseudo file" representing the
input Squashfs filesystem.
* New -one-file-system option in Mksquashfs.
* New -no-hardlinks option in Mksquashfs.
* Exit code in Unsquashfs changed to distinguish between
non-fatal errors (exit 2), and fatal errors (exit 1).
* Xattr id count added in Unsquashfs "-stat" output.
* Unsquashfs "write outside directory" exploit fixed.
* Error handling in Unsquashfs writer thread fixed.
* Fix failure to truncate destination if appending aborted.
* Prevent Mksquashfs reading the destination file.
squashfs-4.6.1-150300.3.3.1.src.rpm
squashfs-4.6.1-150300.3.3.1.x86_64.rpm
squashfs-4.6.1-150300.3.3.1.s390x.rpm
squashfs-4.6.1-150300.3.3.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4525
Recommended update for samba
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for samba fixes the following issues:
- Update to samba 4.17.12
- Some filenames can cause assert to fail in openat_pathref_fsp_nosymlink
- reply_sesssetup_and_X() can dereference uninitialized tmp pointer
- Missing return in reply_exit_done()
- TREE_CONNECT without SETUP causes smbd to use uninitialized pointer
- Improve GetNChanges to address synchronization tool looping during the initial user sync phase
- Samba replication logs show (null) DN
- Renaming results in NT_STATUS_SHARING_VIOLATION if previously attempted to remove the destination
- Spotlight results return wrong date in result list
- Delays at reconnect with smb2_validate_sequence_number: bad message_id 2
- samba-tool ntacl get segfault if aio_pthread appended
- DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED can't be parsed
- File doesn't show when user doesn't have permission if aio_pthread is loaded
- net ads lookup with unspecified realm fails
- Regression DFS not working with widelinks = true (bsc#1213607);
- ctdb_killtcp fails to work with --enable-pcap and libpcap 1.9.1
- mdssvc: Do an early talloc_free() in _mdssvc_open()
- Windows client join fails if a second container CN=System exists somewhere
- Fix crossing automounter mount points (bsc#1215212)
samba-4.17.12+git.427.2619dc0bed-150500.3.14.1.src.rpm
samba-client-libs-4.17.12+git.427.2619dc0bed-150500.3.14.1.x86_64.rpm
samba-client-libs-4.17.12+git.427.2619dc0bed-150500.3.14.1.s390x.rpm
samba-client-libs-4.17.12+git.427.2619dc0bed-150500.3.14.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4440
Security update for ucode-intel
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for ucode-intel fixes the following issues:
- Updated to Intel CPU Microcode 20231114 pre-release (labeled 20231113). (bsc#1215278)
- CVE-2023-23583: Fixed potential CPU deadlocks or privilege escalation. (bsc#1215278)
ucode-intel-20231113-150200.32.1.src.rpm
ucode-intel-20231113-150200.32.1.x86_64.rpm
openSUSE-Leap-Micro-5.5-2023-4370
Security update for tiff
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for tiff fixes the following issues:
- CVE-2023-38289: Fixed a NULL pointer dereference in raw2tiff
(bsc#1213589).
- CVE-2023-38288: Fixed an integer overflow in raw2tiff (bsc#1213590).
- CVE-2023-3576: Fixed a memory leak in tiffcrop (bsc#1213273).
- CVE-2020-18768: Fixed an out of bounds read in tiffcp (bsc#1214574).
- CVE-2023-26966: Fixed an out of bounds read when transforming a
little-endian file to a big-endian output (bsc#1212881)
- CVE-2023-3618: Fixed a NULL pointer dereference while encoding FAX3
files (bsc#1213274).
- CVE-2023-2908: Fixed an undefined behavior issue when doing pointer
arithmetic on a NULL pointer (bsc#1212888).
- CVE-2023-3316: Fixed a NULL pointer dereference while opening a file
in an inaccessible path (bsc#1212535).
- CVE-2023-25433: Fixed a buffer overflow in tiffcrop (bsc#1212883).
libtiff5-4.0.9-150000.45.32.1.x86_64.rpm
tiff-4.0.9-150000.45.32.1.src.rpm
libtiff5-4.0.9-150000.45.32.1.s390x.rpm
libtiff5-4.0.9-150000.45.32.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4446
Recommended update for open-vm-tools
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for open-vm-tools fixes the following issues:
- Update to 12.3.5 (bsc#1216670)
libvmtools0-12.3.5-150300.46.1.x86_64.rpm
open-vm-tools-12.3.5-150300.46.1.src.rpm
open-vm-tools-12.3.5-150300.46.1.x86_64.rpm
openSUSE-Leap-Micro-5.5-2023-4343
Security update for the Linux Kernel
important
SUSE Updates openSUSE-Leap-Micro 5.5
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize) that could cause a local DoS. (bsc#1210778)
- CVE-2023-45862: Fixed an issue in the ENE UB6250 reader driver whwere an object could potentially extend beyond the end of an allocation causing. (bsc#1216051)
- CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860).
- CVE-2023-5178: Fixed an UAF in queue intialization setup. (bsc#1215768)
- CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215518)
- CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745).
- CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046)
- CVE-2023-39191: Fixed a lack of validation of dynamic pointers within user-supplied eBPF programs that may have allowed an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code. (bsc#1215863)
- CVE-2023-2860: Fixed an out-of-bounds read vulnerability in the processing of seg6 attributes. This flaw allowed a privileged local user to disclose sensitive information. (bsc#1211592)
The following non-security bugs were fixed:
- 9p: virtio: make sure 'offs' is initialized in zc_request (git-fixes).
- ACPI: irq: Fix incorrect return value in acpi_register_gsi() (git-fixes).
- ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA (git-fixes).
- ALSA: hda/realtek - ALC287 I2S speaker platform support (git-fixes).
- ALSA: hda/realtek - ALC287 merge RTK codec with CS CS35L41 AMP (git-fixes).
- ALSA: hda/realtek - Fixed ASUS platform headset Mic issue (git-fixes).
- ALSA: hda/realtek - Fixed two speaker platform (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG GU603ZV (git-fixes).
- ALSA: hda/realtek: Change model for Intel RVP board (git-fixes).
- ALSA: hda/relatek: Enable Mute LED on HP Laptop 15s-fq5xxx (git-fixes).
- ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre M70q (git-fixes).
- ALSA: hda: intel-dsp-cfg: add LunarLake support (git-fixes).
- ALSA: hda: intel-sdw-acpi: Use u8 type for link index (git-fixes).
- ALSA: usb-audio: Fix microphone sound on Nexigo webcam (git-fixes).
- ALSA: usb-audio: Fix microphone sound on Opencomm2 Headset (git-fixes).
- ASoC: amd: yc: Fix non-functional mic on Lenovo 82YM (git-fixes).
- ASoC: codecs: wcd938x-sdw: fix runtime PM imbalance on probe errors (git-fixes).
- ASoC: codecs: wcd938x-sdw: fix use after free on driver unbind (git-fixes).
- ASoC: codecs: wcd938x: drop bogus bind error handling (git-fixes).
- ASoC: codecs: wcd938x: fix unbind tear down order (git-fixes).
- ASoC: fsl: imx-pcm-rpmsg: Add SNDRV_PCM_INFO_BATCH flag (git-fixes).
- ASoC: imx-rpmsg: Set ignore_pmdown_time for dai_link (git-fixes).
- ASoC: pxa: fix a memory leak in probe() (git-fixes).
- Bluetooth: Avoid redundant authentication (git-fixes).
- Bluetooth: Fix a refcnt underflow problem for hci_conn (git-fixes).
- Bluetooth: ISO: Fix handling of listen for unicast (git-fixes).
- Bluetooth: Reject connection with the device which has same BD_ADDR (git-fixes).
- Bluetooth: avoid memcmp() out of bounds warning (git-fixes).
- Bluetooth: btusb: add shutdown function for QCA6174 (git-fixes).
- Bluetooth: hci_codec: Fix leaking content of local_codecs (git-fixes).
- Bluetooth: hci_event: Fix coding style (git-fixes).
- Bluetooth: hci_event: Fix using memcmp when comparing keys (git-fixes).
- Bluetooth: hci_event: Ignore NULL link key (git-fixes).
- Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name (git-fixes).
- Bluetooth: hci_sock: fix slab oob read in create_monitor_event (git-fixes).
- Bluetooth: vhci: Fix race when opening vhci device (git-fixes).
- Documentation: qat: change kernel version (PED-6401).
- Documentation: qat: rewrite description (PED-6401).
- Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (git-fixes).
- Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs (git-fixes).
- Fix metadata references
- HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event (git-fixes).
- HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit (git-fixes).
- HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect (git-fixes).
- HID: multitouch: Add required quirk for Synaptics 0xcd7e device (git-fixes).
- HID: sony: Fix a potential memory leak in sony_probe() (git-fixes).
- HID: sony: remove duplicate NULL check before calling usb_free_urb() (git-fixes).
- IB/mlx4: Fix the size of a buffer in add_port_entries() (git-fixes)
- Input: goodix - ensure int GPIO is in input for gpio_count == 1 && gpio_int_idx == 0 case (git-fixes).
- Input: powermate - fix use-after-free in powermate_config_complete (git-fixes).
- Input: psmouse - fix fast_reconnect function for PS/2 mode (git-fixes).
- Input: xpad - add PXN V900 support (git-fixes).
- KVM: SVM: Do not kill SEV guest if SMAP erratum triggers in usermode (git-fixes).
- KVM: SVM: INTERCEPT_RDTSCP is never intercepted anyway (git-fixes).
- KVM: s390: fix gisa destroy operation might lead to cpu stalls (git-fixes bsc#1216512).
- KVM: x86/mmu: Reconstruct shadow page root if the guest PDPTEs is changed (git-fixes).
- KVM: x86: Fix clang -Wimplicit-fallthrough in do_host_cpuid() (git-fixes).
- KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (bsc#1213772).
- KVM: x86: Propagate the AMD Automatic IBRS feature to the guest (bsc#1213772).
- KVM: x86: add support for CPUID leaf 0x80000021 (bsc#1213772).
- KVM: x86: synthesize CPUID leaf 0x80000021h if useful (bsc#1213772).
- KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes).
- NFS: Fix O_DIRECT locking issues (bsc#1211162).
- NFS: Fix a few more clear_bit() instances that need release semantics (bsc#1211162).
- NFS: Fix a potential data corruption (bsc#1211162).
- NFS: Fix a use after free in nfs_direct_join_group() (bsc#1211162).
- NFS: Fix error handling for O_DIRECT write scheduling (bsc#1211162).
- NFS: More O_DIRECT accounting fixes for error paths (bsc#1211162).
- NFS: More fixes for nfs_direct_write_reschedule_io() (bsc#1211162).
- NFS: Use the correct commit info in nfs_join_page_group() (bsc#1211162).
- NFSD: Never call nfsd_file_gc() in foreground paths (bsc#1215545).
- RDMA/cma: Fix truncation compilation warning in make_cma_ports (git-fixes)
- RDMA/cma: Initialize ib_sa_multicast structure to 0 when join (git-fixes)
- RDMA/core: Require admin capabilities to set system parameters (git-fixes)
- RDMA/cxgb4: Check skb value for failure to allocate (git-fixes)
- RDMA/mlx5: Fix NULL string error (git-fixes)
- RDMA/mlx5: Fix mutex unlocking on error flow for steering anchor creation (git-fixes)
- RDMA/siw: Fix connection failure handling (git-fixes)
- RDMA/srp: Do not call scsi_done() from srp_abort() (git-fixes)
- RDMA/uverbs: Fix typo of sizeof argument (git-fixes)
- Revert "pinctrl: avoid unsafe code pattern in find_pinctrl()" (git-fixes).
- Revert "tty: n_gsm: fix UAF in gsm_cleanup_mux" (git-fixes).
- USB: serial: option: add Fibocom to DELL custom modem FM101R-GL (git-fixes).
- USB: serial: option: add Telit LE910C4-WWX 0x1035 composition (git-fixes).
- USB: serial: option: add entry for Sierra EM9191 with new firmware (git-fixes).
- arm64/smmu: use TLBI ASID when invalidating entire range (bsc#1215921)
- ata: libata-core: Do not register PM operations for SAS ports (git-fixes).
- ata: libata-core: Fix ata_port_request_pm() locking (git-fixes).
- ata: libata-core: Fix port and device removal (git-fixes).
- ata: libata-sata: increase PMP SRST timeout to 10s (git-fixes).
- ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES (git-fixes).
- blk-cgroup: Fix NULL deref caused by blkg_policy_data being installed before init (bsc#1216062).
- blk-cgroup: support to track if policy is online (bsc#1216062).
- bonding: Fix extraction of ports from the packet headers (bsc#1214754).
- bonding: Return pointer to data after pull on skb (bsc#1214754).
- bonding: do not assume skb mac_header is set (bsc#1214754).
- bpf: Add copy_map_value_long to copy to remote percpu memory (git-fixes).
- bpf: Add missing btf_put to register_btf_id_dtor_kfuncs (git-fixes).
- bpf: Add override check to kprobe multi link attach (git-fixes).
- bpf: Add zero_map_value to zero map value with special fields (git-fixes).
- bpf: Cleanup check_refcount_ok (git-fixes).
- bpf: Fix max stack depth check for async callbacks (git-fixes).
- bpf: Fix offset calculation error in __copy_map_value and zero_map_value (git-fixes).
- bpf: Fix ref_obj_id for dynptr data slices in verifier (git-fixes).
- bpf: Fix resetting logic for unreferenced kptrs (git-fixes).
- bpf: Fix subprog idx logic in check_max_stack_depth (git-fixes).
- bpf: Gate dynptr API behind CAP_BPF (git-fixes).
- bpf: Prevent decl_tag from being referenced in func_proto arg (git-fixes).
- bpf: Repeat check_max_stack_depth for async callbacks (git-fixes).
- bpf: Tighten ptr_to_btf_id checks (git-fixes).
- bpf: fix precision propagation verbose logging (git-fixes).
- bpf: prevent decl_tag from being referenced in func_proto (git-fixes).
- bpf: propagate precision across all frames, not just the last one (git-fixes).
- bpf: propagate precision in ALU/ALU64 operations (git-fixes).
- btf: Export bpf_dynptr definition (git-fixes).
- btrfs: do not start transaction for scrub if the fs is mounted read-only (bsc#1214874).
- bus: ti-sysc: Fix missing AM35xx SoC matching (git-fixes).
- bus: ti-sysc: Use fsleep() instead of usleep_range() in sysc_reset() (git-fixes).
- ceph: add base64 endcoding routines for encrypted names (jsc#SES-1880).
- ceph: add encryption support to writepage and writepages (jsc#SES-1880).
- ceph: add fscrypt ioctls and ceph.fscrypt.auth vxattr (jsc#SES-1880).
- ceph: add helpers for converting names for userland presentation (jsc#SES-1880).
- ceph: add infrastructure for file encryption and decryption (jsc#SES-1880).
- ceph: add new mount option to enable sparse reads (jsc#SES-1880).
- ceph: add object version support for sync read (jsc#SES-1880).
- ceph: add read/modify/write to ceph_sync_write (jsc#SES-1880).
- ceph: add some fscrypt guardrails (jsc#SES-1880).
- ceph: add support for encrypted snapshot names (jsc#SES-1880).
- ceph: add support to readdir for encrypted names (jsc#SES-1880).
- ceph: add truncate size handling support for fscrypt (jsc#SES-1880).
- ceph: align data in pages in ceph_sync_write (jsc#SES-1880).
- ceph: allow encrypting a directory while not having Ax caps (jsc#SES-1880).
- ceph: create symlinks with encrypted and base64-encoded targets (jsc#SES-1880).
- ceph: decode alternate_name in lease info (jsc#SES-1880).
- ceph: do not use special DIO path for encrypted inodes (jsc#SES-1880).
- ceph: drop messages from MDS when unmounting (jsc#SES-1880).
- ceph: encode encrypted name in ceph_mdsc_build_path and dentry release (jsc#SES-1880).
- ceph: fix incorrect revoked caps assert in ceph_fill_file_size() (bsc#1216322).
- ceph: fix type promotion bug on 32bit systems (bsc#1216324).
- ceph: fix updating i_truncate_pagecache_size for fscrypt (jsc#SES-1880).
- ceph: fscrypt_auth handling for ceph (jsc#SES-1880).
- ceph: handle fscrypt fields in cap messages from MDS (jsc#SES-1880).
- ceph: implement -o test_dummy_encryption mount option (jsc#SES-1880).
- ceph: invalidate pages when doing direct/sync writes (jsc#SES-1880).
- ceph: make ceph_fill_trace and ceph_get_name decrypt names (jsc#SES-1880).
- ceph: make ceph_msdc_build_path use ref-walk (jsc#SES-1880).
- ceph: make d_revalidate call fscrypt revalidator for encrypted dentries (jsc#SES-1880).
- ceph: make ioctl cmds more readable in debug log (jsc#SES-1880).
- ceph: make num_fwd and num_retry to __u32 (jsc#SES-1880).
- ceph: mark directory as non-complete after loading key (jsc#SES-1880).
- ceph: pass the request to parse_reply_info_readdir() (jsc#SES-1880).
- ceph: plumb in decryption during reads (jsc#SES-1880).
- ceph: preallocate inode for ops that may create one (jsc#SES-1880).
- ceph: prevent snapshot creation in encrypted locked directories (jsc#SES-1880).
- ceph: remove unnecessary check for NULL in parse_longname() (bsc#1216333).
- ceph: send alternate_name in MClientRequest (jsc#SES-1880).
- ceph: set DCACHE_NOKEY_NAME flag in ceph_lookup/atomic_open() (jsc#SES-1880).
- ceph: size handling in MClientRequest, cap updates and inode traces (jsc#SES-1880).
- ceph: switch ceph_lookup/atomic_open() to use new fscrypt helper (jsc#SES-1880).
- ceph: use osd_req_op_extent_osd_iter for netfs reads (jsc#SES-1880).
- ceph: voluntarily drop Xx caps for requests those touch parent mtime (jsc#SES-1880).
- ceph: wait for OSD requests' callbacks to finish when unmounting (jsc#SES-1880).
- cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem (bsc#1215955).
- cgroup: Remove duplicates in cgroup v1 tasks file (bsc#1211307).
- clk: tegra: fix error return case for recalc_rate (git-fixes).
- counter: microchip-tcb-capture: Fix the use of internal GCLK logic (git-fixes).
- crypto: qat - Include algapi.h for low-level Crypto API (PED-6401).
- crypto: qat - Remove unused function declarations (PED-6401).
- crypto: qat - add fw_counters debugfs file (PED-6401).
- crypto: qat - add heartbeat counters check (PED-6401).
- crypto: qat - add heartbeat feature (PED-6401).
- crypto: qat - add internal timer for qat 4xxx (PED-6401).
- crypto: qat - add measure clock frequency (PED-6401).
- crypto: qat - add missing function declaration in adf_dbgfs.h (PED-6401).
- crypto: qat - add qat_zlib_deflate (PED-6401).
- crypto: qat - add support for 402xx devices (PED-6401).
- crypto: qat - change value of default idle filter (PED-6401).
- crypto: qat - delay sysfs initialization (PED-6401).
- crypto: qat - do not export adf_init_admin_pm() (PED-6401).
- crypto: qat - drop log level of msg in get_instance_node() (PED-6401).
- crypto: qat - drop obsolete heartbeat interface (PED-6401).
- crypto: qat - drop redundant adf_enable_aer() (PED-6401).
- crypto: qat - expose pm_idle_enabled through sysfs (PED-6401).
- crypto: qat - extend buffer list logic interface (PED-6401).
- crypto: qat - extend configuration for 4xxx (PED-6401).
- crypto: qat - fix apply custom thread-service mapping for dc service (PED-6401).
- crypto: qat - fix concurrency issue when device state changes (PED-6401).
- crypto: qat - fix crypto capability detection for 4xxx (PED-6401).
- crypto: qat - fix spelling mistakes from 'bufer' to 'buffer' (PED-6401).
- crypto: qat - make fw images name constant (PED-6401).
- crypto: qat - make state machine functions static (PED-6401).
- crypto: qat - move dbgfs init to separate file (PED-6401).
- crypto: qat - move returns to default case (PED-6401).
- crypto: qat - refactor device restart logic (PED-6401).
- crypto: qat - refactor fw config logic for 4xxx (PED-6401).
- crypto: qat - remove ADF_STATUS_PF_RUNNING flag from probe (PED-6401).
- crypto: qat - replace state machine calls (PED-6401).
- crypto: qat - replace the if statement with min() (PED-6401).
- crypto: qat - set deprecated capabilities as reserved (PED-6401).
- crypto: qat - unmap buffer before free for DH (PED-6401).
- crypto: qat - unmap buffers before free for RSA (PED-6401).
- crypto: qat - update slice mask for 4xxx devices (PED-6401).
- crypto: qat - use kfree_sensitive instead of memset/kfree() (PED-6401).
- dmaengine: idxd: use spin_lock_irqsave before wait_event_lock_irq (git-fixes).
- dmaengine: mediatek: Fix deadlock caused by synchronize_irq() (git-fixes).
- dmaengine: stm32-mdma: abort resume if no ongoing transfer (git-fixes).
- drm/amd/display: Do not check registers, if using AUX BL control (git-fixes).
- drm/amd/display: Do not set dpms_off for seamless boot (git-fixes).
- drm/amd/pm: add unique_id for gc 11.0.3 (git-fixes).
- drm/amd: Fix detection of _PR3 on the PCIe root port (git-fixes).
- drm/amdgpu/nbio4.3: set proper rmmio_remap.reg_offset for SR-IOV (git-fixes).
- drm/amdgpu/soc21: do not remap HDP registers for SR-IOV (git-fixes).
- drm/amdgpu: Handle null atom context in VBIOS info ioctl (git-fixes).
- drm/amdgpu: add missing NULL check (git-fixes).
- drm/amdkfd: Flush TLB after unmapping for GFX v9.4.3 (git-fixes).
- drm/amdkfd: Insert missing TLB flush on GFX10 and later (git-fixes).
- drm/amdkfd: Use gpu_offset for user queue's wptr (git-fixes).
- drm/atomic-helper: relax unregistered connector check (git-fixes).
- drm/bridge: ti-sn65dsi83: Do not generate HFP/HBP/HSA and EOT packet (git-fixes).
- drm/i915/gt: Fix reservation address in ggtt_reserve_guc_top (git-fixes).
- drm/i915: Retry gtt fault when out of fence registers (git-fixes).
- drm/mediatek: Correctly free sg_table in gem prime vmap (git-fixes).
- drm/msm/dp: do not reinitialize phy unless retry during link training (git-fixes).
- drm/msm/dpu: change _dpu_plane_calc_bw() to use u64 to avoid overflow (git-fixes).
- drm/msm/dsi: fix irq_of_parse_and_map() error checking (git-fixes).
- drm/msm/dsi: skip the wait for video mode done if not applicable (git-fixes).
- drm/vmwgfx: fix typo of sizeof argument (git-fixes).
- drm: panel-orientation-quirks: Add quirk for One Mix 2S (git-fixes).
- firmware: arm_ffa: Do not set the memory region attributes for MEM_LEND (git-fixes).
- firmware: imx-dsp: Fix an error handling path in imx_dsp_setup_channels() (git-fixes).
- fprobe: Ensure running fprobe_exit_handler() finished before calling rethook_free() (git-fixes).
- fscrypt: new helper function - fscrypt_prepare_lookup_partial() (jsc#SES-1880).
- gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config() (git-fixes).
- gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip (git-fixes).
- gpio: pxa: disable pinctrl calls for MMP_GPIO (git-fixes).
- gpio: tb10x: Fix an error handling path in tb10x_gpio_probe() (git-fixes).
- gpio: timberdale: Fix potential deadlock on &tgpio->lock (git-fixes).
- gpio: vf610: set value before the direction to avoid a glitch (git-fixes).
- gve: Do not fully free QPL pages on prefill errors (git-fixes).
- i2c: i801: unregister tco_pdev in i801_probe() error path (git-fixes).
- i2c: mux: Avoid potential false error message in i2c_mux_add_adapter (git-fixes).
- i2c: mux: demux-pinctrl: check the return value of devm_kstrdup() (git-fixes).
- i2c: mux: gpio: Add missing fwnode_handle_put() (git-fixes).
- i2c: mux: gpio: Replace custom acpi_get_local_address() (git-fixes).
- i2c: npcm7xx: Fix callback completion ordering (git-fixes).
- ieee802154: ca8210: Fix a potential UAF in ca8210_probe (git-fixes).
- iio: pressure: bmp280: Fix NULL pointer exception (git-fixes).
- iio: pressure: dps310: Adjust Timeout Settings (git-fixes).
- iio: pressure: ms5611: ms5611_prom_is_valid false negative bug (git-fixes).
- intel x86 platform vsec kABI workaround (bsc#1216202).
- io_uring/fs: remove sqe->rw_flags checking from LINKAT (git-fixes).
- io_uring/rw: defer fsnotify calls to task context (git-fixes).
- io_uring/rw: ensure kiocb_end_write() is always called (git-fixes).
- io_uring/rw: remove leftover debug statement (git-fixes).
- io_uring: Replace 0-length array with flexible array (git-fixes).
- io_uring: ensure REQ_F_ISREG is set async offload (git-fixes).
- io_uring: fix fdinfo sqe offsets calculation (git-fixes).
- io_uring: fix memory leak when removing provided buffers (git-fixes).
- iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback (bsc#1212423).
- iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback (bsc#1212423).
- iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support (bsc#1212423).
- iommu/arm-smmu-v3: Fix soft lockup triggered by (bsc#1215921)
- kABI: fix bpf Tighten-ptr_to_btf_id checks (git-fixes).
- kabi: blkcg_policy_data fix KABI (bsc#1216062).
- kabi: workaround for enum nft_trans_phase (bsc#1215104).
- kprobes: Prohibit probing on CFI preamble symbol (git-fixes).
- leds: Drop BUG_ON check for LED_COLOR_ID_MULTI (git-fixes).
- libceph: add CEPH_OSD_OP_ASSERT_VER support (jsc#SES-1880).
- libceph: add new iov_iter-based ceph_msg_data_type and ceph_osd_data_type (jsc#SES-1880).
- libceph: add sparse read support to OSD client (jsc#SES-1880).
- libceph: add sparse read support to msgr1 (jsc#SES-1880).
- libceph: add spinlock around osd->o_requests (jsc#SES-1880).
- libceph: allow ceph_osdc_new_request to accept a multi-op read (jsc#SES-1880).
- libceph: define struct ceph_sparse_extent and add some helpers (jsc#SES-1880).
- libceph: new sparse_read op, support sparse reads on msgr2 crc codepath (jsc#SES-1880).
- libceph: support sparse reads on msgr2 secure codepath (jsc#SES-1880).
- libceph: use kernel_connect() (bsc#1216323).
- mm, memcg: reconsider kmem.limit_in_bytes deprecation (bsc#1208788 bsc#1213705).
- mmc: core: Capture correct oemid-bits for eMMC cards (git-fixes).
- mmc: core: sdio: hold retuning if sdio in 1-bit mode (git-fixes).
- mmc: mtk-sd: Use readl_poll_timeout_atomic in msdc_reset_hw (git-fixes).
- mtd: physmap-core: Restore map_rom fallback (git-fixes).
- mtd: rawnand: arasan: Ensure program page operations are successful (git-fixes).
- mtd: rawnand: marvell: Ensure program page operations are successful (git-fixes).
- mtd: rawnand: pl353: Ensure program page operations are successful (git-fixes).
- mtd: rawnand: qcom: Unmap the right resource upon probe failure (git-fixes).
- mtd: spinand: micron: correct bitmask for ecc status (git-fixes).
- net/sched: fix netdevice reference leaks in attach_default_qdiscs() (git-fixes).
- net: mana: Fix TX CQE error handling (bsc#1215986).
- net: mana: Fix oversized sge0 for GSO packets (bsc#1215986).
- net: nfc: llcp: Add lock when modifying device list (git-fixes).
- net: rfkill: gpio: prevent value glitch during probe (git-fixes).
- net: sched: add barrier to fix packet stuck problem for lockless qdisc (bsc#1216345).
- net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (bsc#1216345).
- net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read (git-fixes).
- net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git-fixes).
- net: usb: smsc95xx: Fix an error code in smsc95xx_reset() (git-fixes).
- net: use sk_is_tcp() in more places (git-fixes).
- netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain (git-fixes).
- netfilter: nf_tables: unbind non-anonymous set if rule construction fails (git-fixes).
- nfc: nci: assert requested protocol is valid (git-fixes).
- nfc: nci: fix possible NULL pointer dereference in send_acknowledge() (git-fixes).
- nfs: only issue commit in DIO codepath if we have uncommitted data (bsc#1211162).
- nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() (git-fixes).
- nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() (bsc#1214842).
- phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins (git-fixes).
- phy: mapphone-mdm6600: Fix runtime PM for remove (git-fixes).
- phy: mapphone-mdm6600: Fix runtime disable on probe (git-fixes).
- pinctrl: avoid unsafe code pattern in find_pinctrl() (git-fixes).
- pinctrl: renesas: rzn1: Enable missing PINMUX (git-fixes).
- platform/surface: platform_profile: Propagate error if profile registration fails (git-fixes).
- platform/x86/intel/pmt: Ignore uninitialized entries (bsc#1216202).
- platform/x86/intel/pmt: telemetry: Fix fixed region handling (bsc#1216202).
- platform/x86/intel/vsec: Rework early hardware code (bsc#1216202).
- platform/x86/intel: Fix 'rmmod pmt_telemetry' panic (bsc#1216202).
- platform/x86/intel: Fix pmt_crashlog array reference (bsc#1216202).
- platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e (git-fixes).
- platform/x86: asus-wmi: Map 0x2a code, Ignore 0x2b and 0x2c events (git-fixes).
- platform/x86: think-lmi: Fix reference leak (git-fixes).
- platform/x86: touchscreen_dmi: Add info for the Positivo C4128B (git-fixes).
- power: supply: ucs1002: fix error code in ucs1002_get_property() (git-fixes).
- r8152: check budget for r8152_poll() (git-fixes).
- regmap: fix NULL deref on lookup (git-fixes).
- regmap: rbtree: Fix wrong register marked as in-cache when creating new node (git-fixes).
- remove unnecessary WARN_ON_ONCE() (bsc#1214823).
- ring-buffer: Avoid softlockup in ring_buffer_resize() (git-fixes).
- ring-buffer: Do not attempt to read past "commit" (git-fixes).
- ring-buffer: Fix bytes info in per_cpu buffer stats (git-fixes).
- ring-buffer: Update "shortest_full" in polling (git-fixes).
- s390/cio: fix a memleak in css_alloc_subchannel (git-fixes bsc#1216510).
- s390/pci: fix iommu bitmap allocation (git-fixes bsc#1216511).
- s390: add z16 elf platform (git-fixes LTC#203789 bsc#1215956 LTC#203788 bsc#1215957).
- sched/cpuset: Bring back cpuset_mutex (bsc#1215955).
- sched/deadline,rt: Remove unused parameter from pick_next_[rt|dl]_entity() (git fixes (sched)).
- sched/rt: Fix live lock between select_fallback_rq() and RT push (git fixes (sched)).
- sched/rt: Fix sysctl_sched_rr_timeslice intial value (git fixes (sched)).
- scsi: be2iscsi: Add length check when parsing nlattrs (git-fixes).
- scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock (git-fixes).
- scsi: iscsi: Add length check for nlattr payload (git-fixes).
- scsi: iscsi: Add strlen() check in iscsi_if_set{_host}_param() (git-fixes).
- scsi: iscsi_tcp: restrict to TCP sockets (git-fixes).
- scsi: mpi3mr: Propagate sense data for admin queue SCSI I/O (git-fixes).
- scsi: mpt3sas: Perform additional retries if doorbell read returns 0 (git-fixes).
- scsi: pm8001: Setup IRQs on resume (git-fixes).
- scsi: qedf: Do not touch __user pointer in qedf_dbg_debug_cmd_read() directly (git-fixes).
- scsi: qedf: Do not touch __user pointer in qedf_dbg_fp_int_cmd_read() directly (git-fixes).
- scsi: qedf: Do not touch __user pointer in qedf_dbg_stop_io_on_error_cmd_read() directly (git-fixes).
- scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock (git-fixes).
- scsi: qla4xxx: Add length check when parsing nlattrs (git-fixes).
- selftests/bpf: Add more tests for check_max_stack_depth bug (git-fixes).
- selftests/bpf: Add reproducer for decl_tag in func_proto argument (git-fixes).
- selftests/bpf: Add reproducer for decl_tag in func_proto return type (git-fixes).
- selftests/bpf: Add selftest for check_stack_max_depth bug (git-fixes).
- selftests/bpf: Clean up sys_nanosleep uses (git-fixes).
- serial: 8250_port: Check IRQ data before use (git-fixes).
- soc: imx8m: Enable OCOTP clock for imx8mm before reading registers (git-fixes).
- spi: nxp-fspi: reset the FLSHxCR1 registers (git-fixes).
- spi: stm32: add a delay before SPI disable (git-fixes).
- spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain (git-fixes).
- spi: sun6i: reduce DMA RX transfer width to single byte (git-fixes).
- thunderbolt: Check that lane 1 is in CL0 before enabling lane bonding (git-fixes).
- thunderbolt: Restart XDomain discovery handshake after failure (git-fixes).
- thunderbolt: Workaround an IOMMU fault on certain systems with Intel Maple Ridge (git-fixes).
- tracing: Have current_trace inc the trace array ref count (git-fixes).
- tracing: Have event inject files inc the trace array ref count (git-fixes).
- tracing: Have option files inc the trace array ref count (git-fixes).
- tracing: Have tracing_max_latency inc the trace array ref count (git-fixes).
- tracing: Increase trace array ref count on enable and filter files (git-fixes).
- tracing: Make trace_marker{,_raw} stream-like (git-fixes).
- usb: cdnsp: Fixes issue with dequeuing not queued requests (git-fixes).
- usb: dwc3: Soft reset phy on probe for host (git-fixes).
- usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call (git-fixes).
- usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes).
- usb: hub: Guard against accesses to uninitialized BOS descriptors (git-fixes).
- usb: musb: Get the musb_qh poniter after musb_giveback (git-fixes).
- usb: musb: Modify the "HWVers" register address (git-fixes).
- usb: typec: altmodes/displayport: Signal hpd low when exiting mode (git-fixes).
- usb: typec: ucsi: Clear EVENT_PENDING bit if ucsi_send_command fails (git-fixes).
- usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer (git-fixes).
- vmbus_testing: fix wrong python syntax for integer value comparison (git-fixes).
- vringh: do not use vringh_kiov_advance() in vringh_iov_xfer() (git-fixes).
- watchdog: iTCO_wdt: No need to stop the timer in probe (git-fixes).
- watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running (git-fixes).
- wifi: cfg80211: Fix 6GHz scan configuration (git-fixes).
- wifi: cfg80211: avoid leaking stack data into trace (git-fixes).
- wifi: iwlwifi: Ensure ack flag is properly cleared (git-fixes).
- wifi: iwlwifi: dbg_ini: fix structure packing (git-fixes).
- wifi: iwlwifi: mvm: Fix a memory corruption issue (git-fixes).
- wifi: mac80211: allow transmitting EAPOL frames with tainted key (git-fixes).
- wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling (git-fixes).
- wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet (git-fixes).
- wifi: mwifiex: Fix tlv_buf_left calculation (git-fixes).
- wifi: mwifiex: Sanity check tlv_len and tlv_bitmap_len (git-fixes).
- x86/cpu, kvm: Add the NO_NESTED_DATA_BP feature (bsc#1213772).
- x86/cpu, kvm: Add the Null Selector Clears Base feature (bsc#1213772).
- x86/cpu, kvm: Add the SMM_CTL MSR not present feature (bsc#1213772).
- x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (bsc#1213772).
- x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled (bsc#1213772).
- x86/cpu: Support AMD Automatic IBRS (bsc#1213772).
- x86/mm: Print the encryption features correctly when a paravisor is present (bsc#1206453).
- x86/platform/uv: Use alternate source for socket to node data (bsc#1215696).
- x86/sev: Check IOBM for IOIO exceptions from user-space (bsc#1212649).
- x86/sev: Check for user-space IOIO pointing to kernel space (bsc#1212649).
- x86/sev: Disable MMIO emulation from user mode (bsc#1212649).
- xen-netback: use default TX queue size for vifs (git-fixes).
- xhci: Keep interrupt disabled in initialization until host is running (git-fixes).
kernel-rt-5.14.21-150500.13.24.1.nosrc.rpm
True
kernel-rt-5.14.21-150500.13.24.1.x86_64.rpm
True
openSUSE-Leap-Micro-5.5-2023-4759
Recommended update for open-iscsi
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for open-iscsi fixes the following issue:
- Upgrade to upstream version 2.1.9 (bsc#1210514) with tag "2.1.9-suse"
(bsc#1210514)
* replacing open-iscsi-2.1.8-suse.tar.bz2 with open-iscsi-2.1.9-suse.tar.bz2
* several fixes to harden iscsiuio (v0.7.8.8), including:
- logging now uses syslog
- shutdown now waits for helper threads to complete
- netlink socket cleanup
* some minor bug fixes, some helping builds on musl
iscsiuio-0.7.8.8-150500.46.3.1.x86_64.rpm
libopeniscsiusr0-0.2.0-150500.46.3.1.x86_64.rpm
open-iscsi-2.1.9-150500.46.3.1.src.rpm
open-iscsi-2.1.9-150500.46.3.1.x86_64.rpm
iscsiuio-0.7.8.8-150500.46.3.1.s390x.rpm
libopeniscsiusr0-0.2.0-150500.46.3.1.s390x.rpm
open-iscsi-2.1.9-150500.46.3.1.s390x.rpm
iscsiuio-0.7.8.8-150500.46.3.1.aarch64.rpm
libopeniscsiusr0-0.2.0-150500.46.3.1.aarch64.rpm
open-iscsi-2.1.9-150500.46.3.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4478
Recommended update for grub2
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for grub2 fixes the following issues:
- Fix failure to identify recent ext4 filesystem (bsc#1216010)
- Fix reading files from btrfs with "implicit" holes
- Fix fadump not working with 1GB/2GB/4GB LMB[P10] (bsc#1216253)
- Fix detection of encrypted disk's uuid in powerpc (bsc#1216075)
grub2-2.06-150500.29.11.1.src.rpm
grub2-2.06-150500.29.11.1.x86_64.rpm
grub2-i386-pc-2.06-150500.29.11.1.noarch.rpm
grub2-snapper-plugin-2.06-150500.29.11.1.noarch.rpm
grub2-x86_64-efi-2.06-150500.29.11.1.noarch.rpm
grub2-x86_64-xen-2.06-150500.29.11.1.noarch.rpm
grub2-2.06-150500.29.11.1.s390x.rpm
grub2-s390x-emu-2.06-150500.29.11.1.s390x.rpm
grub2-2.06-150500.29.11.1.aarch64.rpm
grub2-arm64-efi-2.06-150500.29.11.1.noarch.rpm
openSUSE-Leap-Micro-5.5-2023-4427
Security update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed fixes the following issues:
Security issue fixed:
- CVE-2023-31022: Fixed NULL ptr deref in kernel module layer
Changes in kernel-firmware-nvidia-gspx-G06:
- update firmware to version 535.129.03
- update firmware to version 535.113.01
Changes in nvidia-open-driver-G06-signed:
- Update to version 535.129.03
- Add a devel package so other modules can be built against this
one. [jira#PED-4964]
- disabled build of nvidia-peermem module; it's no longer needed
and never worked anyway (it was only a stub) [bsc#1211892]
- preamble: added conflict to nvidia-gfxG05-kmp to prevent users
from accidently installing conflicting proprietary kernelspace
drivers from CUDA repository
- Update to version 535.113.01
- kmp-post.sh/kmp-postun.sh:
* add/remove nosimplefb=1 kernel option in order to fix Linux
console also on sle15-sp6/Leap 15.6 kernel, which will come
with simpledrm support
kernel-firmware-nvidia-gspx-G06-535.129.03-150500.11.9.1.nosrc.rpm
kernel-firmware-nvidia-gspx-G06-535.129.03-150500.11.9.1.x86_64.rpm
nvidia-open-driver-G06-signed-535.129.03-150500.3.13.1.src.rpm
nvidia-open-driver-G06-signed-kmp-default-535.129.03_k5.14.21_150500.55.31-150500.3.13.1.x86_64.rpm
kernel-firmware-nvidia-gspx-G06-535.129.03-150500.11.9.1.aarch64.rpm
nvidia-open-driver-G06-signed-kmp-default-535.129.03_k5.14.21_150500.55.31-150500.3.13.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4456
Recommended update for selinux-policy
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for selinux-policy fixes the following issues:
- Update to version 20230511+git9.1b35a6ab
- Allow keepalived to manage its tmp files (bsc#1216060)
selinux-policy-20230511+git9.1b35a6ab-150500.3.3.1.noarch.rpm
selinux-policy-20230511+git9.1b35a6ab-150500.3.3.1.src.rpm
selinux-policy-devel-20230511+git9.1b35a6ab-150500.3.3.1.noarch.rpm
selinux-policy-targeted-20230511+git9.1b35a6ab-150500.3.3.1.noarch.rpm
openSUSE-Leap-Micro-5.5-2023-4457
Recommended update for nvme-cli
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for nvme-cli fixes the following issues:
- Update to version 2.4+31.gf7ec09:
* NetApp udev rule updates (bsc#1215994)
* Connection reuse issue when multiple Host NQNs are used for the same host (bsc#1213768)
nvme-cli-2.4+31.gf7ec09-150500.4.12.1.src.rpm
nvme-cli-2.4+31.gf7ec09-150500.4.12.1.x86_64.rpm
nvme-cli-2.4+31.gf7ec09-150500.4.12.1.s390x.rpm
nvme-cli-2.4+31.gf7ec09-150500.4.12.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4458
Security update for gcc13
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for gcc13 fixes the following issues:
This update ship the GCC 13.2 compiler suite and its base libraries.
The compiler base libraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 12 ones.
The new compilers for C, C++, and Fortran are provided for SUSE Linux
Enterprise 15 SP4 and SP5, and provided in the "Development Tools" module.
The Go, D, Ada and Modula 2 language compiler parts are available
unsupported via the PackageHub repositories.
To use gcc13 compilers use:
- install "gcc13" or "gcc13-c++" or one of the other "gcc13-COMPILER" frontend packages.
- override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages.
For a full changelog with all new GCC13 features, check out
https://gcc.gnu.org/gcc-13/changes.html
Detailed changes:
* CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable
length stack allocations. (bsc#1214052)
- Work around third party app crash during C++ standard library initialization. [bsc#1216664]
- Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427)
- Bump included newlib to version 4.3.0.
- Update to GCC trunk head (r13-5254-g05b9868b182bb9)
- Redo floatn fixinclude pick-up to simply keep what is there.
- Turn cross compiler to s390x to a glibc cross. [bsc#1214460]
- Also handle -static-pie in the default-PIE specs
- Fixed missed optimization in Skia resulting in Firefox crashes when
building with LTO. [bsc#1212101]
- Make libstdc++6-devel packages own their directories since they
can be installed standalone. [bsc#1211427]
- Add new x86-related intrinsics (amxcomplexintrin.h).
- RISC-V: Add support for inlining subword atomic operations
- Use --enable-link-serialization rather that --enable-link-mutex,
the benefit of the former one is that the linker jobs are not
holding tokens of the make's jobserver.
- Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd
for the general state of BPF with GCC.
- Add bootstrap conditional to allow --without=bootstrap to be
specified to speed up local builds for testing.
- Bump included newlib to version 4.3.0.
- Also package libhwasan_preinit.o on aarch64.
- Configure external timezone database provided by the timezone
package. Make libstdc++6 recommend timezone to get a fully
working std::chrono. Install timezone when running the testsuite.
- Package libhwasan_preinit.o on x86_64.
- Fixed unwinding on aarch64 with pointer signing. [bsc#1206684]
- Enable PRU flavour for gcc13
- update floatn fixinclude pickup to check each header separately (bsc#1206480)
- Redo floatn fixinclude pick-up to simply keep what is there.
- Bump libgo SONAME to libgo22.
- Do not package libhwasan for biarch (32-bit architecture)
as the extension depends on 64-bit pointers.
- Adjust floatn fixincludes guard to work with SLE12 and earlier
SLE15.
- Depend on at least LLVM 13 for GCN cross compiler.
- Update embedded newlib to version 4.2.0
- Allow cross-pru-gcc12-bootstrap for armv7l architecture.
PRU architecture is used for real-time MCUs embedded into TI
armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for
armv7l in order to build both host applications and PRU firmware
during the same build.
gcc13-13.2.1+git7813-150000.1.6.1.src.rpm
libgcc_s1-13.2.1+git7813-150000.1.6.1.x86_64.rpm
libstdc++6-13.2.1+git7813-150000.1.6.1.x86_64.rpm
libgcc_s1-13.2.1+git7813-150000.1.6.1.s390x.rpm
libstdc++6-13.2.1+git7813-150000.1.6.1.s390x.rpm
libgcc_s1-13.2.1+git7813-150000.1.6.1.aarch64.rpm
libstdc++6-13.2.1+git7813-150000.1.6.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4475
Security update for xen
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for xen fixes the following issues:
- CVE-2023-20588: AMD CPU transitional execution leak via division by zero (XSA-439) (bsc#1215474).
- CVE-2023-34322: top-level shadow reference dropped too early for 64-bit PV guests (XSA-438) (bsc#1215145).
- CVE-2023-34325: Multiple vulnerabilities in libfsimage disk handling (XSA-443) (bsc#1215747).
- CVE-2023-34326: x86/AMD: missing IOMMU TLB flushing (XSA-442) (bsc#1215746).
- CVE-2023-34327,CVE-2023-34328: x86/AMD: Debug Mask handling (XSA-444) (bsc#1215748).
- CVE-2023-46835: x86/AMD: mismatch in IOMMU quarantine page table levels (XSA-445) (bsc#1216654).
- CVE-2023-46836: x86: BTC/SRSO fixes not fully effective (XSA-446) (bsc#1216807).
- Upstream bug fixes (bsc#1027519)
xen-4.17.2_08-150500.3.15.1.src.rpm
True
xen-libs-4.17.2_08-150500.3.15.1.x86_64.rpm
True
openSUSE-Leap-Micro-5.5-2023-4703
Recommended update for dracut
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for dracut fixes the following issues:
- Update to version 055+suse.375.g1167ed75
- Fix network device naming in udev-rules (bsc#1192986)
dracut-055+suse.375.g1167ed75-150500.3.15.1.src.rpm
dracut-055+suse.375.g1167ed75-150500.3.15.1.x86_64.rpm
dracut-fips-055+suse.375.g1167ed75-150500.3.15.1.x86_64.rpm
dracut-055+suse.375.g1167ed75-150500.3.15.1.s390x.rpm
dracut-fips-055+suse.375.g1167ed75-150500.3.15.1.s390x.rpm
dracut-055+suse.375.g1167ed75-150500.3.15.1.aarch64.rpm
dracut-fips-055+suse.375.g1167ed75-150500.3.15.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4504
Security update for libxml2
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for libxml2 fixes the following issues:
- CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129).
libxml2-2-2.10.3-150500.5.11.1.x86_64.rpm
libxml2-2.10.3-150500.5.11.1.src.rpm
libxml2-python-2.10.3-150500.5.11.1.src.rpm
libxml2-tools-2.10.3-150500.5.11.1.x86_64.rpm
python3-libxml2-2.10.3-150500.5.11.1.x86_64.rpm
libxml2-2-2.10.3-150500.5.11.1.s390x.rpm
libxml2-tools-2.10.3-150500.5.11.1.s390x.rpm
python3-libxml2-2.10.3-150500.5.11.1.s390x.rpm
libxml2-2-2.10.3-150500.5.11.1.aarch64.rpm
libxml2-tools-2.10.3-150500.5.11.1.aarch64.rpm
python3-libxml2-2.10.3-150500.5.11.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4723
Recommended update for libtirpc
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for libtirpc fixes the following issue:
- fix sed parsing in specfile (bsc#1216862)
libtirpc-1.3.4-150300.3.23.1.src.rpm
libtirpc-netconfig-1.3.4-150300.3.23.1.x86_64.rpm
libtirpc3-1.3.4-150300.3.23.1.x86_64.rpm
libtirpc-netconfig-1.3.4-150300.3.23.1.s390x.rpm
libtirpc3-1.3.4-150300.3.23.1.s390x.rpm
libtirpc-netconfig-1.3.4-150300.3.23.1.aarch64.rpm
libtirpc3-1.3.4-150300.3.23.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4620
Recommended update for libhugetlbfs
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for libhugetlbfs fixes the following issue:
- Add patch for upstream issue (bsc#1216576, bsc#1213639)
libhugetlbfs-2.20-150000.3.8.1.src.rpm
libhugetlbfs-2.20-150000.3.8.1.x86_64.rpm
libhugetlbfs-2.20-150000.3.8.1.s390x.rpm
libhugetlbfs-2.20-150000.3.8.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4642
Recommended update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed fixes the following issues:
Changes in kernel-firmware-nvidia-gspx-G06:
- update firmware to version 545.29.02
Changes in nvidia-open-driver-G06-signed:
- Update to 545.29.02
- added fbdev=1 option for nvidia-drm module, which gives us a proper
framebuffer console now ...
- nosimplefb kernel option no longer needed with usage of nvidia-drm's
fbdev=1 option
- nvidia's NVreg_OpenRmEnableUnsupportedGpus=1 option no longer
needed; GeForce and Workstation GPUs now officially supported
- support added for H100/H800 GPUs (Hopper)
- no longer try to overwrite NVreg_OpenRMEnableSupporteGpus driver
option setting; apparently it's ignored by the driver (boo#1215981,
comment#26)
- use different modprobe.d config file to resolve conflict with
older driver package (boo#1217370); overwrite
NVreg_OpenRMEnableSupporteGpus driver option setting (disable it),
since letting it enabled is supposed to break booting (boo#1215981,
comment#23)
kernel-firmware-nvidia-gspx-G06-545.29.02-150500.11.12.1.nosrc.rpm
kernel-firmware-nvidia-gspx-G06-545.29.02-150500.11.12.1.x86_64.rpm
nvidia-open-driver-G06-signed-545.29.02-150500.3.18.1.src.rpm
nvidia-open-driver-G06-signed-kmp-default-545.29.02_k5.14.21_150500.55.36-150500.3.18.1.x86_64.rpm
kernel-firmware-nvidia-gspx-G06-545.29.02-150500.11.12.1.aarch64.rpm
nvidia-open-driver-G06-signed-kmp-default-545.29.02_k5.14.21_150500.55.36-150500.3.18.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4517
Security update for python3-setuptools
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for python3-setuptools fixes the following issues:
- CVE-2022-40897: Fixed Regular Expression Denial of Service (ReDoS) in package_index.py (bsc#1206667).
python3-setuptools-44.1.1-150400.9.6.1.noarch.rpm
python3-setuptools-44.1.1-150400.9.6.1.src.rpm
openSUSE-Leap-Micro-5.5-2023-4518
Security update for openssl-1_1
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for openssl-1_1 fixes the following issues:
- CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922).
libopenssl-1_1-devel-1.1.1l-150500.17.22.1.x86_64.rpm
libopenssl1_1-1.1.1l-150500.17.22.1.x86_64.rpm
libopenssl1_1-hmac-1.1.1l-150500.17.22.1.x86_64.rpm
openssl-1_1-1.1.1l-150500.17.22.1.src.rpm
openssl-1_1-1.1.1l-150500.17.22.1.x86_64.rpm
libopenssl-1_1-devel-1.1.1l-150500.17.22.1.s390x.rpm
libopenssl1_1-1.1.1l-150500.17.22.1.s390x.rpm
libopenssl1_1-hmac-1.1.1l-150500.17.22.1.s390x.rpm
openssl-1_1-1.1.1l-150500.17.22.1.s390x.rpm
libopenssl-1_1-devel-1.1.1l-150500.17.22.1.aarch64.rpm
libopenssl1_1-1.1.1l-150500.17.22.1.aarch64.rpm
libopenssl1_1-hmac-1.1.1l-150500.17.22.1.aarch64.rpm
openssl-1_1-1.1.1l-150500.17.22.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4500
Security update for ucode-intel
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for ucode-intel fixes the following issues:
- Updated to Intel CPU Microcode 20231114 release. (bsc#1215278)
- CVE-2023-23583: Fixed potential CPU deadlocks or privilege escalation. (bsc#1215278)
ucode-intel-20231114-150200.35.1.src.rpm
ucode-intel-20231114-150200.35.1.x86_64.rpm
openSUSE-Leap-Micro-5.5-2023-4550
Security update for fdo-client
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for fdo-client fixes the following issues:
- Removed build key via utils/keys_gen.sh. (bsc#1216293)
fdo-client-1.0.0+git20210816.baa09b5-150500.3.3.1.src.rpm
fdo-client-1.0.0+git20210816.baa09b5-150500.3.3.1.x86_64.rpm
fdo-client-devel-1.0.0+git20210816.baa09b5-150500.3.3.1.x86_64.rpm
fdo-client-1.0.0+git20210816.baa09b5-150500.3.3.1.s390x.rpm
fdo-client-devel-1.0.0+git20210816.baa09b5-150500.3.3.1.s390x.rpm
fdo-client-1.0.0+git20210816.baa09b5-150500.3.3.1.aarch64.rpm
fdo-client-devel-1.0.0+git20210816.baa09b5-150500.3.3.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-363
Recommended update for s390-tools
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for s390-tools fixes the following issues:
- Applied patch for (jsc#PED-6539, jsc#PED-6373)
- Updated read_values.c (bsc#1214466, bsc#1214534)
- Updated SUSE's tools and their corresponding man pages (bsc#1216257)
- Updated cputype script
- IBM s390-tools version 2.30 build errors and warnings (bsc#1217838)
- [Build 44.1] SCC registration failed: RuntimeError: ExecuteError (bsc#1217923)
- [SLEM][6.0][Build10.15][s390x] Many kernel errors and systemd-coredump in journal log (bsc#1219227)
- Impl: DASD autoquiesce support - s390-tools part (jsc#PED-4604)
- Impl: [Post GA] Provide s390-tools on x86_64 to enable Secure Execution in the Cloud (jsc#PED-578)
- Impl: Userspace Tool for IBK Request Generation and Insertion (s390-tools) (jsc#PED-5783)
- Impl: Support AP related data in SE Header (s390-tools) (jsc#PED-6649)
- Impl: Secure Execution - Secure guest tool to bind and associate APQNs (s390-tools) (jsc#PED-6785)
- Impl: Provide s390-tools on x86_64 to enable Secure Execution in the Cloud (jsc#PED-7136)
- Impl: Provide s390-tools on x86_64 to enable Secure Execution in the Cloud (jsc#PED-7138)
s390-tools-2.30.0-150500.9.10.1.src.rpm
s390-tools-2.30.0-150500.9.10.1.x86_64.rpm
libekmfweb1-2.30.0-150500.9.10.1.s390x.rpm
libkmipclient1-2.30.0-150500.9.10.1.s390x.rpm
s390-tools-2.30.0-150500.9.10.1.s390x.rpm
openSUSE-Leap-Micro-5.5-2023-4672
Security update for suse-build-key
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for suse-build-key fixes the following issues:
This update runs a import-suse-build-key script.
The previous libzypp-post-script based installation is replaced
with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777).
- suse-build-key-import.service
- suse-build-key-import.timer
It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys.
After successful import the timer is disabled.
To manually import them you can also run:
# rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc
# rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc
suse-build-key-12.0-150000.8.37.1.noarch.rpm
suse-build-key-12.0-150000.8.37.1.src.rpm
openSUSE-Leap-Micro-5.5-2023-4619
Security update for sqlite3
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for sqlite3 fixes the following issues:
- CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660).
libsqlite3-0-3.44.0-150000.3.23.1.x86_64.rpm
sqlite3-3.44.0-150000.3.23.1.src.rpm
sqlite3-tcl-3.44.0-150000.3.23.1.x86_64.rpm
libsqlite3-0-3.44.0-150000.3.23.1.s390x.rpm
sqlite3-tcl-3.44.0-150000.3.23.1.s390x.rpm
libsqlite3-0-3.44.0-150000.3.23.1.aarch64.rpm
sqlite3-tcl-3.44.0-150000.3.23.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4557
Security update for vim
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for vim fixes the following issues:
Updated to version 9.0 with patch level 2103, fixes the following security problems
* CVE-2023-5344: vim: Heap-based Buffer Overflow in vim prior to 9.0.1969 (bsc#1215940)
* CVE-2023-5441: vim: segfault in exmode when redrawing (bsc#1216001)
* CVE-2023-5535: vim: use-after-free from buf_contents_changed() (bsc#1216167)
* CVE-2023-46246: vim: Integer Overflow in :history command (bsc#1216696)
* CVE-2023-4738: vim: heap-buffer-overflow in vim_regsub_both (bsc#1214922)
* CVE-2023-4735: vim: OOB Write ops.c (bsc#1214924)
* CVE-2023-4734: vim: segmentation fault in function f_fullcommand (bsc#1214925)
* CVE-2023-4733: vim: use-after-free in function buflist_altfpos (bsc#1215004)
* CVE-2023-4752: vim: Heap Use After Free in function ins_compl_get_exp (bsc#1215006)
* CVE-2023-4781: vim: heap-buffer-overflow in function vim_regsub_both (bsc#1215033)
vim-9.0.2103-150500.20.6.1.src.rpm
vim-data-common-9.0.2103-150500.20.6.1.noarch.rpm
vim-small-9.0.2103-150500.20.6.1.x86_64.rpm
vim-small-9.0.2103-150500.20.6.1.s390x.rpm
vim-small-9.0.2103-150500.20.6.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4699
Recommended update for gpg2
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for gpg2 fixes the following issues:
- `dirmngr-client --validate` is broken for DER-encoded files (bsc#1217212)
gpg2-2.2.27-150300.3.8.1.src.rpm
gpg2-2.2.27-150300.3.8.1.x86_64.rpm
gpg2-2.2.27-150300.3.8.1.s390x.rpm
gpg2-2.2.27-150300.3.8.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4628
Recommended update for podman
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for podman fixes the following issues:
This update ships podman version 4.7.2:
* WSL: Fixed podman compose command.
* Fixed a bug in podman compose to try all configured providers before throwing an error (#20502).
* Mask /sys/devices/virtual/powercap ( GHSA-jq35-85cj-fj4p)
- podman-docker: Provides docker to avoid conflicts
when using podman with docker-compose (bsc#1215926)
- Update to version 4.7.1:
* Bugfixes
* Fixed a bug involving non-English locales of Windows where machine installs using user-mode networking were rejected due to erroneous version detection (#20209).
* Fixed a regression in --env-file handling (#19565).
* Fixed a bug where podman inspect would fail when stat'ing a device failed.
* API
* The network list compat API endpoint is now much faster (#20035).
- Build against latest stable Go version (bsc#1215807)
- Update to version 4.7.0:
* Security
* Now the io.containers.capabilities LABEL in an image can be an empty string.
* Features
* New command set: podman farm [create,list,remove,update] has been created to "farm" out builds to machines running Podman for different architectures.
* New command: podman compose as a thin wrapper around an external compose provider such as docker-compose or podman-compose.
* FreeBSD: podman run --device is now supported.
* Linux: Add a new --module flag for Podman.
* Podmansh: Timeout is now configurable using the podmansh_timeout option in containers.conf.
* SELinux: Add support for confined users to create containers but restrict them from creating privileged containers.
* WSL: Registers shared socket bindings on Windows, to allow other WSL distributions easy remote access (#15190).
* WSL: Enabling user-mode-networking on older WSL2 generations will now detect an error with upgrade guidance.
* The podman build command now supports two new options: --layer-label and --cw.
* The podman kube generate command now supports generation of k8s DaemonSet kind (#18899).
* The podman kube generate and podman kube play commands now support the k8s TerminationGracePeriodSeconds field (RH BZ#2218061).
* The podman kube generate and podman kube play commands now support securityContext.procMount: Unmasked (#19881).
* The podman generate kube command now supports a --podman-only flag to allow podman-only reserved annotations to be used in the generated YAML file. These annotations cannot be used by Kubernetes.
* The podman kube generate now supports a --no-trunc flag that supports YAML files with annotations longer than 63 characters. Warning: if an annotation is longer than 63 chars, then the generated yaml file is not Kubernetes compatible.
* An infra name annotation io.podman.annotations.infra.name is added in the generated yaml when the pod create command has --infra-name set. This annotation can also be used with kube play when wanting to customize the infra container name (#18312).
* The syntax of --uidmap and --gidmap has been extended to lookup the parent user namespace and to extend default mappings (#18333).
* The podman kube commands now support the List kind (#19052).
* The podman kube play command now supports environment variables in kube.yaml (#15983).
* The podman push and podman manifest push commands now support the --force-compression optionto prevent reusing other blobs (#18860).
* The podman manifest push command now supports --add-compression to push with compressed variants.
* The podman manifest push command now honors the add_compression field from containers.conf if --add-compression is not set.
* The podman run and podman create --mount commands now support the ramfs type (#19659).
* When running under systemd (e.g., via Quadlet), Podman will extend the start timeout in 30 second steps up to a maximum of 5 minutes when pulling an image.
* The --add-host option now accepts the special string host-gateway instead of an IP Address, which will be mapped to the host IP address.
* The podman generate systemd command is deprecated. Use Quadlet for running containers and pods under systemd.
* The podman secret rm command now supports an --ignore option.
* The --env-file option now supports multiline variables (#18724).
* The --read-only-tmpfs flag now affects /dev and /dev/shm as well as /run, /tmp, /var/tmp (#12937).
* The Podman --mount option now supports bind mounts passed as globs.
* The --mount option can now be specified in containers.conf using the mounts field.
* The podman stats now has an --all option to get all containers stats (#19252).
* There is now a new --sdnotify=healthy policy where Podman sends the READY message once the container turns healthy (#6160).
* Temporary files created when dealing with images in /var/tmp will automatically be cleaned up on reboot.
* There is now a new filter option since for podman volume ls and podman volume prune (#19228).
* The podman inspect command now has tab-completion support (#18672).
* The podman kube play command now has support for the use of reserved annotations in the generated YAML.
* The progress bar is now displayed when decompressing a Podman machine image (#19240).
* The podman secret inspect command supports a new option --showsecret which will output the actual secret.
* The podman secret create now supports a --replace option, which allows you to modify secrets without replacing containers.
* The podman login command can now read the secret for a registry from its secret database created with podman secret create (#18667).
* The remote Podman client’s podman play kube command now works with the --userns option (#17392).
* Changes
* The /tmp and /var/tmp inside of a podman kube play will no longer be noexec.
* The limit of inotify instances has been bumped from 128 to 524288 for podman machine (#19848).
* The podman kube play has been improved to only pull a newer image for the "latest" tag (#19801).
* Pulling from an oci transport will use the optional name for naming the image.
* The podman info command will always display the existence of the Podman socket.
* The echo server example in socket_activation.md has been rewritten to use quadlet instead of podman generate systemd.
* Kubernetes support table documentation correctly show volumes support.
* The podman auto-update manpage and documentation has been updated and now includes references to Quadlet.
* Quadlet
* Quadlet now supports setting Ulimit values.
* Quadlet now supports setting the PidsLimit option in a container.
* Quadlet unit files allow DNS field in Network group and DNS, DNSSearch, and DNSOption field in Container group (#19884).
* Quadlet now supports ShmSize option in unit files.
* Quadlet now recursively calls in user directories for unit files.
* Quadlet now allows the user to set the service working directory relative to the YAML or Unit files (17177).
* Quadlet now allows setting user-defined names for Volume and Network units via the VolumeName and NetworkName directives, respectively.
* Kube quadlets can now support autoupdate.
* Bugfixes
* Fixed an issue where containers were being restarted after a podman kill.
* Fixed a bug where events could report incorrect healthcheck results (#19237).
* Fixed a bug where running a container in a pod didn't fail if volumes or mounts were specified in the containers.conf file.
* Fixed a bug where pod cgroup limits were not being honored after a reboot (#19175).
* Fixed a bug where podman rm -af could fail to remove containers under some circumstances (#18874).
* Fixed a bug in rootless to clamp oom_score_adj to current value if it is too low (#19829).
* Fixed a bug where --hostuser was being parsed in base 8 instead of base 10 (#19800).
* Fixed a bug where kube down would error when an object did not exist (#19711).
* Fixed a bug where containers created via DOCKER API without specifying StopTimeout had StopTimeout defaulting to 0 seconds (#19139).
* Fixed a bug in podman exec to set umask to match the container it's execing into (#19713).
* Fixed a bug where podman kube play failed to set a container's Umask to the default 0022.
* Fixed a bug to automatically reassign Podman's machine ssh port on Windows when it conflicts with in-use system ports (#19554).
* Fixed a bug where locales weren't passed to conmon correctly, resulting in a crash if some characters were specified over CLI (containers/common/#272).
* Fixed a bug where podman top would sometimes not print the full output (#19504).
* Fixed a bug were podman logs --tail could return incorrect lines when the k8s-file logger is used (#19545).
* Fixed a bug where podman stop did not ignore cidfile not existing when user specified --ignore flag (#19546).
* Fixed a bug where a container with an image volume and an inheri...
- Update to version 4.6.2:
* Changes
* Fixed a performance issue when calculating diff sizes in overlay. The podman system df command should see a significant performance improvement (#19467).
* Bugfixes
* Fixed a bug where containers in a pod would use the pod restart policy over the set container restart policy (#19671).
* API
* Fixed a bug in the Compat Build endpoint where the pull query parameter did not parse 0/1 as a boolean (#17778).
* Misc
* Updated the containers/storage library to v1.48.1
- Update to version 4.6.1:
* Quadlet
* Quadlet now selects the first Quadlet file found when multiple Quadlets exist with the same name.
* API
* Fixed a bug in the container kill endpoint to correctly return 409 when a container is not running (#19368).
* Misc
* Updated Buildah to v1.31.2
* Updated the containers/common library to v0.55.3
- Recommend gvisor-tap-vsock, required for `podmand machine`
- Update to version 4.6.0:
* Features
* The podman manifest inspect command now supports the --authfile option, for authentication purposes.
* The podman wait command now supports --condition={healthy,unhealthy}, allowing waits on successful health checks.
* The podman push command now supports a new option, --compression-level, which specifies the compression level to use (#18939).
* The podman machine start command, when run with --log-level=debug, now creates a console window to display the virtual machine while booting.
* Podman now supports a new option, --imagestore, which allows images to be stored in a different directory than the graphroot.
* The --ip-range option to the podman network create command now accepts a new syntax, <startIP>-<endIP>, which allows more flexibility when limiting the ip range that Podman assigns.
* [Tech Preview] A new command, podmansh, has been added, which executes a user shell within a container when the user logs into the system. The container that the users get added to can be defined via a Podman Quadlet file. This feature is currently a Tech Preview which means it's ready for users to try out but changes can be expected in upcoming versions.
* The podman network create command supports a new --option, bclim, for the macvlan driver.
* The podman network create command now supports adding static routes using the --route option.
* The podman network create command supports a new --option, no_default_route for all drivers.
* The podman info command now prints network information about the binary path, package version, program version and DNS information (#18443).
* The podman info command now displays the number of free locks available, helping to debug lock exhaustion scenarios.
* The podman info command now outputs information about pasta, if it exists in helper_binaries_dir or $PATH.
* The remote Podman client’s podman build command now accepts Containerfiles that are not in the context directory (#18239).
* The remote Podman client’s podman play kube command now supports the --configmap option (#17513).
* The podman kube play command now supports multi-doc YAML files for configmap arguments. (#18537).
* The podman pod create command now supports a new flag, --restart, which sets the restart policy for all the containers in a pod.
* The --format={{.Restarts}} option to the podman ps command now shows the number of times a container has been restarted based on its restart policy.
* The --format={{.Restarts}} option to the podman pod ps command now shows the total number of container restarts in a pod.
* The podman machine provider can now be specified via the CONTAINERS_MACHINE_PROVIDER environment variable, as well as via the provider field in containers.conf (#17116).
* A default list of pasta arguments can now be set in containers.conf via pasta_options.
* The podman machine init and podman machine set commands now support a new option, --user-mode-networking, which improves interops with VPN configs that drop traffic from WSL networking, on Windows.
* The remote Podman client’s podman push command now supports the --digestfile option (#18216).
* Podman now supports a new option, --out, that allows redirection or suppression of STDOUT (#18120).
* Changes
* When looking up an image by digest, the entire repository of the specified value is now considered. This aligns with Docker's behavior since v20.10.20. Previously, both the repository and the tag was ignored and Podman looked for an image with only a matching digest. Ignoring the name, repository, and tag of the specified value can lead to security issues and is considered harmful.
* The podman system service command now emits a warning when binding to a TCP socket. This is not a secure configuration and the Podman team recommends against using it.
* The podman top command no longer depends on ps(1) being present in the container image and now uses the one from the host (#19001).
* The --filter id=xxx option will now treat xxx as a CID prefix, and not as a regular expression (#18471).
* The --filter option now requires multiple --filter flags to specify multiple filters. It will no longer support the comma syntax (--filter label=a,label=b).
* The slirp4netns binary for will now be searched for in paths specified by the helper_binaries_dir option in containers.conf (#18239).
* Podman machine now updates /run/docker.sock within the guest to be consistent with its rootless/rootful setting (#18480).
* The podman system df command now counts files which podman generates for use with specific containers as part of the disk space used by those containers, and which can be reclaimed by removing those containers. It also counts space used by files it associates with specific images and volumes as being used by those images and volumes.
* The podman build command now returns a clearer error message when the Containerfile cannot be found. (#16354).
* Containers created with --pid=host will no longer print errors on podman stop (#18460).
* The podman manifest push command no longer requires a destination to be specified. If a destination is not provided, the source is used as the destination (#18360).
* The podman system reset command now warns the user that the graphroot and runroot directories will be deleted (#18349), (#18295).
* The package and package-install targets in Makefile have now been fixed and also renamed to rpm and rpm-install respectively for clarity (#18817).
* Quadlet
* Quadlet now exits with a non-zero exit code when errors are found (#18778).
* Rootless podman quadlet files can now be installed in /etc/containers/systemd/users directory.
* Quadlet now supports the AutoUpdate option.
* Quadlet now supports the Mask and Unmask options.
* Quadlet now supports the WorkingDir option, which specifies the default working dir in a container.
* Quadlet now supports the Sysctl option, which sets namespaced kernel parameters for containers (#18727).
* Quadlet now supports the SecurityLabelNetsted=true option, which allows nested SELinux containers.
* Quadlet now supports the Pull option in .container files (#18779).
* Quadlet now supports the ExitCode field in .kube files, which reflects the exit codes of failed containers.
* Quadlet now supports PodmanArgs field.
* Quadlet now supports the HostName field, which sets the container's host name, in .container files (#18486).
* Bugfixes
* Fixed a bug where the podman machine start command would fail with a 255 exit code. It now waits for systemd-user sessions to be up, and for SSH to be ready, addressing the flaky machine starts (#17403).
* Fixed a bug where the podman auto update command did not correctly use authentication files when contacting container registries.
* Fixed a bug where --label option to the podman volume ls command would return volumes that matched any of the filters, not all of them (#19219).
* Fixed a bug where the podman kube play command did not recognize containerPort names inside Kubernetes liveness probes. Now, liveness probes support both containerPort names as well as port numbers (#18645).
* Fixed a bug where the --dns option to the podman run command was ignored for macvlan networks (#19169).
* Fixed a bug in the podman system service command where setting LISTEN_FDS when listening on TCP would misbehave.
* Fixed a bug where hostnames were not recognized as a network alias. Containers can now resolve other hostnames, in addition to their names (#17370).
* Fixed a bug where the podman pod run command would error after a reboot on a non-systemd system (#19175).
* Fixed a bug where the --syslog option returned a fatal error when no syslog server was found (#19075).
* Fixed a bug where the --mount option would parse the readonly option incorrectly (#18995).
* Fixed a bug where hook executables invoked by the podman run command set an incorrect working directory. It now sets the correct working directory pointing to the container bundle directory (#18907).
* Fixed a bug where the -device-cgroup-rule option was silently ignored in rootless mode ([#18698](https://github.com/containers/podman/issu...
- Don't unconditionally Obsolete podman-cni-config, ensure clean upgrade path.
- Prefer Podman's new network stack (netavark) exclusively on ALP
- Remove unused podman-cni-config subpackage, add systemd
- Update to version 4.5.1:
* Security
* Do not include image annotations when building spec. These annotations can have security implications - crun, for example, allows rootless containers to preserve the user's groups through an annotation.
* Quadlet
* Fixed a bug in quadlet to recognize the systemd optional prefix '-'.
* Bugfixes
* Fixed a bug where fully resolving symlink paths included the version number, breaking the path to homebrew-installed qemu files (#18111).
* Fixed a bug where Podman was splitting the filter map slightly differently compared to Docker (#18092).
* Fixed a bug where running make package did not work on RHEL 8 environments (#18421).
* Fixed a bug to allow comma separated dns server IP addresses in podman network create --dns and podman network update --dns-add/--dns-drop (#18663).
* Fixed a bug to correctly stop containers created with --restart=always in all cases (#18259).
* Fixed a bug in podman-remote logs to correctly display errors reported by the server.
* Fixed a bug to correctly tear down the network stack again when an error happened during the setup.
* Fixed a bug in the remote API exec inspect call to correctly display updated information, e.g. when the exec process died (#18424).
* Fixed a bug so that podman save on windows can now write to stdout by default (#18147).
* Fixed a bug where podman machine rm with the qemu backend now correctly removes the machine connection after the confirmation message not before (#18330).
* Fixed a problem where podman machine connections would try to connect to the ipv6 localhost ipv6 (::1) (#16470).
* API
* Fixed a bug in the compat container create endpoint which could result in a "duplicate mount destination" error when the volume path was not "clean", e.g. included a final slash at the end. (#18454).
* The compat API now correctly accepts a tag in the images/create?fromSrc endpoint (#18597).
- Update to version 4.5.0:
* Features
* The podman kube play command now supports the hostIPC field (#17157).
* The podman kube play command now supports a new flag, --wait, that keeps the workload running in foreground until killed with a sigkill or sigterm. The workloads are cleaned up and removed when killed (#14522).
* The podman kube generate and podman kube play commands now support SELinux filetype labels.
* The podman kube play command now supports sysctl options (#16711).
* The podman kube generate command now supports generating the Deployments (#17712).
* The podman machine inspect command now shows information about named pipe addresses on Windows (#16860).
* The --userns=keep-id option for podman create, run, and kube play now works for root containers by copying the current mapping into a new user namespace (#17337).
* A new command has been added, podman secret exists, to verify if a secret with the given name exists.
* The podman kube generate and podman kube play commands now support ulimit annotations (#16404).
* The podman create, run, pod create, and pod clone commands now support a new option, --shm-size-systemd, that allows limiting tmpfs sizes for systemd-specific mounts (#17037).
* The podman create and run commands now support a new option, --group-entry which customizes the entry that is written to the /etc/group file within the container when the --user option is used (#14965).
* The podman create and podman run commands now support a new option, --security-opt label=nested, which allows SELinux labeling within a confined container.
* A new command, podman machine os apply has been added, which applies OS changes to a Podman machine, from an OCI image.
* The podman search command now supports two new options: --cert-dir and --creds.
* Defaults for the --cgroup-config option for podman create and podman run can now be set in containers.conf.
* Podman now supports auto updates for containers running inside a pod (#17181).
* Podman can now use a SQLite database as a backend for increased stability. The default remains the old database, BoltDB. The database to use is selected through the database_backend field in containers.conf.
* Netavark plugin support has been added. The netavark network backend now allows users to create custom network drivers. podman network create -d <plugin> can be used to create a network config for your plugin and then Podman will use it like any other config and takes care of setup/teardown on container start/stop. This requires at least Netavark version 1.6.
* DHCP with macvlan and the netavark backend is now supported.
* Changes
* Remote builds using the podman build command no longer allows .containerignore or .dockerignore files to be symlinks outside the build context.
* The podman system reset command now clears build caches.
* The podman play kube command now adds ctrName as an alias to the pod network (#16544).
* The podman kube generate command no longer adds hostPort to the pod spec when generating service kinds.
* Using a private cgroup namespace with systemd containers on a cgroups v1 system will explicitly error (this configuration has never worked) (#17727).
* The SYS_CHROOT capability has been re-added to the default set of capabilities.
* Listing large quantities of images with the podman images command has seen a significant performance improvement (#17828).
* Quadlet
* Quadlet now supports the Rootfs= option, allowing containers to be based on rootfs in addition to image.
* Quadlet now supports the Secret key in the Container group.
* Quadlet now supports the Logdriver key in .container and .kube units.
* Quadlet now supports the Mount key in .container files (#17632).
* Quadlet now supports specifying static IPv4 and IPv6 addresses in .container files via the IP= and IP6= options.
* Quadlet now supports health check configuration in .container files.
* Quadlet now supports relative paths in the Volume key in .container files (#17418).
* Quadlet now supports setting the UID and GID options for --userns=keep-id (#17908).
* Quadlet now supports adding tmpfs filesystems through the Tmpfs key in .container files (#17907).
* Quadlet now supports the UserNS option in .container files, which will replace the existing RemapGid, RemapUid, RemapUidSize and RemapUsers options in a future release (#17984).
* Quadlet now includes a --version option.
* Quadlet now forbids specifying SELinux label types, including disabling selinux separation.
* Quadlet now does not set log-driver by default.
* Fixed a bug where Quadlet did not recognize paths starting with systemd specifiers as absolute (#17906).
* Bugfixes
* Fixed a bug in the network list API where a race condition would cause the list to fail if a container had just been removed (#17341).
* Fixed a bug in the podman image scp command to correctly use identity settings.
* Fixed a bug in the remote Podman client's podman build command where building from stdin would fail. podman --remote build -f - now works correctly (#17495).
* Fixed a bug in the podman volume prune command where exclusive (!=) filters would fail (#17051).
* Fixed a bug in the --volume option in the podman create, run, pod create, and pod clone commands where specifying relative mappings or idmapped mounts would fail (#17517).
* Fixed a bug in the podman kube play command where a secret would be created, but nothing would be printed on the terminal (#17071).
* Fixed a bug in the podman kube down command where secrets were not removed.
* Fixed a bug where cleaning up after an exited container could segfault on non-Linux operating systems.
* Fixed a bug where the podman inspect command did not properly list the network configuration of containers created with --net=none or --net=host (#17385).
* Fixed a bug where containers created with user-specified SELinux labels that created anonymous or named volumes would create those volumes with incorrect labels.
* Fixed a bug where the podman checkpoint restore command could panic.
* Fixed a bug in the podman events command where events could be returned more than once after a log file rotation (#17665).
* Fixed a bug where errors from systemd when restarting units during a podman auto-update command were not reported.
* Fixed a bug where containers created with the --health-on-failure=restart option were not restarting when the health state turned unhealthy (#17777).
* Fixed a bug where containers using the slirp4netns network mode with the cidr option and a custom user namespace did not set proper DNS IPs in resolv.conf.
* Fixed a bug where the podman auto-update command could fail to restart systemd units (#17607).
* Fixed a bug where the podman play kube command did not properly handle secret.items in volumes (#17829).
* Fixed a bug where the podman generate kube command could generate pods with invalid names and hostnames (#18054).
* Fixed a bug where names of limits (such as RLIMIT_NOFILE) passed to the --ulimit option to podman create and podman run were case-sensitive (#18077).
* Fixed a possible corruption issue with the configuration state of podman machine during system failures on Mac, Linux, and Windows.
* API
* The Compat Stats endpoint for Containers now returns the Id key as lowercase id to match Docker (#17869).
* Fixed a bug where the Compat top endpoint incorrectly returned titles as a string instead of a list (#17524).
* Misc
* The podman version command no longer joins the rootless user namespace (#17657).
* The podman-events --stream option is no longer hidden and is now documented.
* Updated Buildah to v1.30.0
* Updated the containers/storage library to v1.46.1
* Updated the containers/image library to v5.25.0
* Updated the containers/common library to v0.52.0
- Don't build against EoL go versions, fixes bsc#1210299
podman-4.7.2-150500.3.3.1.src.rpm
podman-4.7.2-150500.3.3.1.x86_64.rpm
podman-docker-4.7.2-150500.3.3.1.noarch.rpm
podman-remote-4.7.2-150500.3.3.1.x86_64.rpm
podmansh-4.7.2-150500.3.3.1.x86_64.rpm
podman-4.7.2-150500.3.3.1.s390x.rpm
podman-remote-4.7.2-150500.3.3.1.s390x.rpm
podmansh-4.7.2-150500.3.3.1.s390x.rpm
podman-4.7.2-150500.3.3.1.ppc64le.rpm
podman-remote-4.7.2-150500.3.3.1.ppc64le.rpm
podmansh-4.7.2-150500.3.3.1.ppc64le.rpm
podman-4.7.2-150500.3.3.1.aarch64.rpm
podman-remote-4.7.2-150500.3.3.1.aarch64.rpm
podmansh-4.7.2-150500.3.3.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-88
Recommended update for libsolv, zypper, libzypp
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for libsolv, zypper, libzypp fixes the following issues:
- Expand RepoVars in URLs downloading a .repo file (bsc#1212160)
- Fix search/info commands ignoring --ignore-unknown (bsc#1217593)
- CheckAccessDeleted: fix 'running in container' filter (bsc#1218291)
- Open rpmdb just once during execution of %posttrans scripts (bsc#1216412)
- Make sure reboot-needed is remembered until next boot (bsc#1217873)
- Stop using boost version 1 timer library (bsc#1215294)
- Updated to version 0.7.27
- Add zstd support for the installcheck tool
- Add putinowndirpool cache to make file list handling in repo_write much faster
- Do not use deprecated headerUnload with newer rpm versions
- Support complex deps in SOLVABLE_PREREQ_IGNOREINST
- Fix minimization not prefering installed packages in some cases
- Reduce memory usage in repo_updateinfoxml
- Fix lock-step interfering with architecture selection
- Fix choice rule handing for package downgrades
- Fix complex dependencies with an "else" part sometimes leading to unsolved dependencies
libsolv-0.7.27-150400.3.11.2.src.rpm
True
libsolv-tools-0.7.27-150400.3.11.2.x86_64.rpm
True
libzypp-17.31.27-150400.3.49.1.src.rpm
True
libzypp-17.31.27-150400.3.49.1.x86_64.rpm
True
zypper-1.14.68-150400.3.40.2.src.rpm
True
zypper-1.14.68-150400.3.40.2.x86_64.rpm
True
zypper-needs-restarting-1.14.68-150400.3.40.2.noarch.rpm
True
libsolv-tools-0.7.27-150400.3.11.2.s390x.rpm
True
libzypp-17.31.27-150400.3.49.1.s390x.rpm
True
zypper-1.14.68-150400.3.40.2.s390x.rpm
True
libsolv-tools-0.7.27-150400.3.11.2.aarch64.rpm
True
libzypp-17.31.27-150400.3.49.1.aarch64.rpm
True
zypper-1.14.68-150400.3.40.2.aarch64.rpm
True
openSUSE-Leap-Micro-5.5-2023-4603
Recommended update for selinux-policy
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for selinux-policy fixes the following issues:
- Extend module list for targeted policy
* timedatex
* rrdcached
* stratisd
* ica (bsc#1215405)
* fedoratp
* stalld
* rhcd
* wireguard
selinux-policy-20230511+git9.1b35a6ab-150500.3.6.1.noarch.rpm
selinux-policy-20230511+git9.1b35a6ab-150500.3.6.1.src.rpm
selinux-policy-devel-20230511+git9.1b35a6ab-150500.3.6.1.noarch.rpm
selinux-policy-targeted-20230511+git9.1b35a6ab-150500.3.6.1.noarch.rpm
openSUSE-Leap-Micro-5.5-2023-4623
Security update for traceroute
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for traceroute fixes the following issues:
- CVE-2023-46316: wrapper scripts do not properly parse command lines (bsc#1216591).
traceroute-2.0.21-150000.3.3.1.src.rpm
traceroute-2.0.21-150000.3.3.1.x86_64.rpm
traceroute-2.0.21-150000.3.3.1.s390x.rpm
traceroute-2.0.21-150000.3.3.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4760
Optional update for llvm15
low
SUSE Updates openSUSE-Leap-Micro 5.5
This optional update for llvm15 fixes the following issues:
- Add missing LLVM 15 binary packages to Package Hub 15 SP5 (bsc#1217091)
* clang15-devel
* clang15-doc
* libclang13
* llvm15
* llvm15-devel
* llvm15-doc
* llvm15-gold
* llvm15-opt-viewer
* llvm15-polly
* llvm15-polly-devel
* llvm15-vim-plugins
* libomp15-devel
* libLTO15
libLLVM15-15.0.7-150500.4.4.1.x86_64.rpm
llvm15-15.0.7-150500.4.4.1.src.rpm
libLLVM15-15.0.7-150500.4.4.1.s390x.rpm
libLLVM15-15.0.7-150500.4.4.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4973
Recommended update for duktape
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update of duktape fixes the following issue:
- duktape-devel is shipped to Basesystem module (bsc#1216296).
duktape-2.6.0-150500.4.2.1.src.rpm
libduktape206-2.6.0-150500.4.2.1.x86_64.rpm
libduktape206-2.6.0-150500.4.2.1.s390x.rpm
libduktape206-2.6.0-150500.4.2.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4624
Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container fixes the following issues:
Update to version 1.1.0
- Release notes https://github.com/kubevirt/kubevirt/releases/tag/v1.1.0
Update to version 1.0.1
- Release notes https://github.com/kubevirt/kubevirt/releases/tag/v1.0.1
kubevirt-1.1.0-150500.8.6.1.src.rpm
kubevirt-manifests-1.1.0-150500.8.6.1.x86_64.rpm
kubevirt-virtctl-1.1.0-150500.8.6.1.x86_64.rpm
openSUSE-Leap-Micro-5.5-2023-4652
Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer fixes the following issues:
Update to version 1.58.0
- Release notes https://github.com/kubevirt/containerized-data-importer/releases/tag/v1.58.0
containerized-data-importer-1.58.0-150500.6.6.1.src.rpm
containerized-data-importer-manifests-1.58.0-150500.6.6.1.x86_64.rpm
openSUSE-Leap-Micro-5.5-2023-4678
Feature update for lvm2
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for lvm2 fixes the following issues:
Updated lvm2 from LVM2.2.03.16 to LVM2.2.03.22 (jsc#PED-6753,jsc#PED-6754):
- Version 2.03.22:
* Fixed issues with LVM filters no longer working with SUSE Linux Enterprise 15 Service Pack 5 (bsc#1216938)
* Fixed pv_major/pv_minor report field types so they are integers, not strings.
* Added `lvmdevices --delnotfound` to delete entries for missing devices.
* Always use cachepool name for metadata backup LV for `lvconvert --repair`.
* Make metadata backup LVs read-only after pool's `lvconvert --repair`.
* Improve VDO and Thin support with lvmlockd.
* Handle `lvextend --usepolicies` for pools for all activation variants.
* Fixed memleak in vgchange autoactivation setup.
* Update py-compile building script.
* Support conversion from thick to fully provisioned thin LV.
* Cache/Thin-pool can use error and zero volumes for testing.
* Individual thin volume can be cached, but cannot take snapshot.
* Better internal support for handling error and zero target (for testing).
* Resize COW above trimmed maximal size is does not return error.
* Support parsing of vdo geometry format version 4.
* Added lvm.conf thin_restore and cache_restore settings.
* Handle multiple mounts while resizing volume with a FS.
* Handle leading/trailing spaces in sys_wwid and sys_serial used by deivce_id.
* Enhance lvm_import_vdo and use snapshot when converting VDO volume.
* Fixed parsing of VDO metadata.
* Fixed failing `-S|--select` for non-reporting cmds if using LV info/status fields.
* Allow snapshots of raid+integrity LV.
* Fixed multisegment RAID1 allocator to prevent using single disk for more legs.
- Version 2.03.21:
* Fixed activation of vdo-pool for with 0 length headers (converted pools).
* Avoid printing internal init messages when creation integration devices.
* Allow (write)cache over raid+integrity LV.
- Version 2.03.20:
* Fixed segfault if using `-S|--select` with log/report_command_log=1 setting.
* Configure now fails when requested lvmlockd dependencies are missing.
* Added some configure Gentoo enhancements for static builds.
- Version 2.03.19:
* Configure supports `--with-systemd-run` executed from udev rules.
* Enhancement for build with MuslC systemd and non-bash system shells (dash).
* Do not reset SYSTEMD_READY variable in udev for PVs on MD and loop devices.
* Ensure udev is processing origin LV before its thick snapshots LVs.
* Fixed and improve runtime memory size detection for VDO volumes.
- Version 2.03.18:
* Fixed issues reported by coverity scan.
* Fixed warning for thin pool overprovisioning on lvextend (2.03.17).
* Added support for writecache metadata_only and pause_writeback settings.
* Fixed missing error messages in lvmdbusd.
- Version 2.03.17:
* Added new options (`--fs, --fsmode`) for FS handling when resizing LVs.
* Fixed `lvremove -S|--select LV` to not also remove its historical LV right away.
* Fixed lv_active field type to binary so --select and --binary applies properly.
* Switch to use mallinfo2 and use it only with glibc.
* Error out in lvm shell if using a cmd argument not supported in the shell.
* Fixed lvm shell's lastlog command to report previous pre-command failures.
* Extend VDO and VDOPOOL without flushing and locking fs.
* Added `--valuesonly` option to lvmconfig to print only values without keys.
* Updates configure with recent autoconf tooling.
* Fixed `lvconvert --test --type vdo-pool` execution.
* Added json_std output format for more JSON standard compliant version of output.
* Fixed vdo_slab_size_mb value for converted VDO volume.
* Fixed many corner cases in device_id, including handling of S/N duplicates.
* Fixed various issues in lvmdbusd.
device-mapper-2.03.22_1.02.196-150500.7.9.1.x86_64.rpm
libdevmapper-event1_03-2.03.22_1.02.196-150500.7.9.1.x86_64.rpm
libdevmapper1_03-2.03.22_1.02.196-150500.7.9.1.x86_64.rpm
liblvm2cmd2_03-2.03.22-150500.7.9.1.x86_64.rpm
lvm2-2.03.22-150500.7.9.1.src.rpm
lvm2-2.03.22-150500.7.9.1.x86_64.rpm
lvm2-device-mapper-2.03.22-150500.7.9.1.src.rpm
device-mapper-2.03.22_1.02.196-150500.7.9.1.s390x.rpm
libdevmapper-event1_03-2.03.22_1.02.196-150500.7.9.1.s390x.rpm
libdevmapper1_03-2.03.22_1.02.196-150500.7.9.1.s390x.rpm
liblvm2cmd2_03-2.03.22-150500.7.9.1.s390x.rpm
lvm2-2.03.22-150500.7.9.1.s390x.rpm
device-mapper-2.03.22_1.02.196-150500.7.9.1.aarch64.rpm
libdevmapper-event1_03-2.03.22_1.02.196-150500.7.9.1.aarch64.rpm
libdevmapper1_03-2.03.22_1.02.196-150500.7.9.1.aarch64.rpm
liblvm2cmd2_03-2.03.22-150500.7.9.1.aarch64.rpm
lvm2-2.03.22-150500.7.9.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4843
Security update for python3-cryptography
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for python3-cryptography fixes the following issues:
- CVE-2023-49083: Fixed a NULL pointer dereference when loading certificates from a PKCS#7 bundle (bsc#1217592).
python3-cryptography-3.3.2-150400.23.1.src.rpm
python3-cryptography-3.3.2-150400.23.1.x86_64.rpm
python3-cryptography-3.3.2-150400.23.1.s390x.rpm
python3-cryptography-3.3.2-150400.23.1.ppc64le.rpm
python3-cryptography-3.3.2-150400.23.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4659
Security update for curl
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for curl fixes the following issues:
- CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573).
- CVE-2023-46219: HSTS long file name clears contents (bsc#1217574).
curl-8.0.1-150400.5.36.1.src.rpm
curl-8.0.1-150400.5.36.1.x86_64.rpm
libcurl4-8.0.1-150400.5.36.1.x86_64.rpm
curl-8.0.1-150400.5.36.1.s390x.rpm
libcurl4-8.0.1-150400.5.36.1.s390x.rpm
curl-8.0.1-150400.5.36.1.aarch64.rpm
libcurl4-8.0.1-150400.5.36.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4662
Security update for qemu
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for qemu fixes the following issues:
- CVE-2021-3638: hw/display/ati_2d: Fix buffer overflow in ati_2d_blt (bsc#1188609)
- CVE-2023-3180: virtio-crypto: verify src and dst buffer length for sym request (bsc#1213925)
- CVE-2023-3354: io: remove io watch if TLS channel is closed during handshake (bsc#1212850)
- [openSUSE] roms/ipxe: Backport 0aa2e4ec9635, in preparation of binutils 2.41 (bsc#1215311)
- target/s390x: Fix the "ignored match" case in VSTRS (bsc#1213210)
- linux-user/elfload: Enable vxe2 on s390x (bsc#1213210)
qemu-7.1.0-150500.49.9.2.src.rpm
qemu-7.1.0-150500.49.9.2.x86_64.rpm
qemu-accel-tcg-x86-7.1.0-150500.49.9.2.x86_64.rpm
qemu-audio-spice-7.1.0-150500.49.9.2.x86_64.rpm
qemu-block-curl-7.1.0-150500.49.9.2.x86_64.rpm
qemu-chardev-spice-7.1.0-150500.49.9.2.x86_64.rpm
qemu-guest-agent-7.1.0-150500.49.9.2.x86_64.rpm
qemu-hw-display-qxl-7.1.0-150500.49.9.2.x86_64.rpm
qemu-hw-display-virtio-gpu-7.1.0-150500.49.9.2.x86_64.rpm
qemu-hw-display-virtio-vga-7.1.0-150500.49.9.2.x86_64.rpm
qemu-hw-usb-redirect-7.1.0-150500.49.9.2.x86_64.rpm
qemu-ipxe-1.0.0+-150500.49.9.2.noarch.rpm
qemu-seabios-1.16.0_0_gd239552-150500.49.9.2.noarch.rpm
qemu-sgabios-8-150500.49.9.2.noarch.rpm
qemu-tools-7.1.0-150500.49.9.2.x86_64.rpm
qemu-ui-opengl-7.1.0-150500.49.9.2.x86_64.rpm
qemu-ui-spice-core-7.1.0-150500.49.9.2.x86_64.rpm
qemu-vgabios-1.16.0_0_gd239552-150500.49.9.2.noarch.rpm
qemu-x86-7.1.0-150500.49.9.2.x86_64.rpm
qemu-7.1.0-150500.49.9.2.s390x.rpm
qemu-audio-spice-7.1.0-150500.49.9.2.s390x.rpm
qemu-block-curl-7.1.0-150500.49.9.2.s390x.rpm
qemu-chardev-spice-7.1.0-150500.49.9.2.s390x.rpm
qemu-guest-agent-7.1.0-150500.49.9.2.s390x.rpm
qemu-hw-display-qxl-7.1.0-150500.49.9.2.s390x.rpm
qemu-hw-display-virtio-gpu-7.1.0-150500.49.9.2.s390x.rpm
qemu-hw-display-virtio-vga-7.1.0-150500.49.9.2.s390x.rpm
qemu-hw-usb-redirect-7.1.0-150500.49.9.2.s390x.rpm
qemu-s390x-7.1.0-150500.49.9.2.s390x.rpm
qemu-tools-7.1.0-150500.49.9.2.s390x.rpm
qemu-ui-opengl-7.1.0-150500.49.9.2.s390x.rpm
qemu-ui-spice-core-7.1.0-150500.49.9.2.s390x.rpm
qemu-7.1.0-150500.49.9.2.aarch64.rpm
qemu-arm-7.1.0-150500.49.9.2.aarch64.rpm
qemu-audio-spice-7.1.0-150500.49.9.2.aarch64.rpm
qemu-block-curl-7.1.0-150500.49.9.2.aarch64.rpm
qemu-chardev-spice-7.1.0-150500.49.9.2.aarch64.rpm
qemu-guest-agent-7.1.0-150500.49.9.2.aarch64.rpm
qemu-hw-display-qxl-7.1.0-150500.49.9.2.aarch64.rpm
qemu-hw-display-virtio-gpu-7.1.0-150500.49.9.2.aarch64.rpm
qemu-hw-display-virtio-vga-7.1.0-150500.49.9.2.aarch64.rpm
qemu-hw-usb-redirect-7.1.0-150500.49.9.2.aarch64.rpm
qemu-tools-7.1.0-150500.49.9.2.aarch64.rpm
qemu-ui-opengl-7.1.0-150500.49.9.2.aarch64.rpm
qemu-ui-spice-core-7.1.0-150500.49.9.2.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4660
Security update for kernel-firmware
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for kernel-firmware fixes the following issues:
Update AMD ucode to 20231030 (bsc#1215831):
- CVE-2022-23820: Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution.
- CVE-2021-46774: Insufficient input validation in ABL may enable a privileged attacker to perform arbitrary DRAM writes, potentially resulting in code execution and privilege escalation.
- CVE-2023-20533: Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker using DMA to read/write from/to invalid DRAM address potentially resulting in denial-of-service.
0 CVE-2023-20519: A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest's migration agent resulting in a potential loss of guest integrity.
- CVE-2023-20566: Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity.
- CVE-2023-20521: TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.
- CVE-2021-46766: Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality.
- CVE-2022-23830: SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory integrity.
- CVE-2023-20526: Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality.
- CVE-2021-26345: Failure to validate the value in APCB may allow an attacker with physical access to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service.
- CVE-2023-20592: Issue with INVD instruction aka CacheWarpAttack (bsc#1215823).
kernel-firmware-20230724-150500.3.9.1.src.rpm
True
kernel-firmware-all-20230724-150500.3.9.1.noarch.rpm
True
kernel-firmware-amdgpu-20230724-150500.3.9.1.noarch.rpm
True
kernel-firmware-ath10k-20230724-150500.3.9.1.noarch.rpm
True
kernel-firmware-ath11k-20230724-150500.3.9.1.noarch.rpm
True
kernel-firmware-atheros-20230724-150500.3.9.1.noarch.rpm
True
kernel-firmware-bluetooth-20230724-150500.3.9.1.noarch.rpm
True
kernel-firmware-bnx2-20230724-150500.3.9.1.noarch.rpm
True
kernel-firmware-brcm-20230724-150500.3.9.1.noarch.rpm
True
kernel-firmware-chelsio-20230724-150500.3.9.1.noarch.rpm
True
kernel-firmware-dpaa2-20230724-150500.3.9.1.noarch.rpm
True
kernel-firmware-i915-20230724-150500.3.9.1.noarch.rpm
True
kernel-firmware-intel-20230724-150500.3.9.1.noarch.rpm
True
kernel-firmware-iwlwifi-20230724-150500.3.9.1.noarch.rpm
True
kernel-firmware-liquidio-20230724-150500.3.9.1.noarch.rpm
True
kernel-firmware-marvell-20230724-150500.3.9.1.noarch.rpm
True
kernel-firmware-media-20230724-150500.3.9.1.noarch.rpm
True
kernel-firmware-mediatek-20230724-150500.3.9.1.noarch.rpm
True
kernel-firmware-mellanox-20230724-150500.3.9.1.noarch.rpm
True
kernel-firmware-mwifiex-20230724-150500.3.9.1.noarch.rpm
True
kernel-firmware-network-20230724-150500.3.9.1.noarch.rpm
True
kernel-firmware-nfp-20230724-150500.3.9.1.noarch.rpm
True
kernel-firmware-nvidia-20230724-150500.3.9.1.noarch.rpm
True
kernel-firmware-platform-20230724-150500.3.9.1.noarch.rpm
True
kernel-firmware-prestera-20230724-150500.3.9.1.noarch.rpm
True
kernel-firmware-qcom-20230724-150500.3.9.1.noarch.rpm
True
kernel-firmware-qlogic-20230724-150500.3.9.1.noarch.rpm
True
kernel-firmware-radeon-20230724-150500.3.9.1.noarch.rpm
True
kernel-firmware-realtek-20230724-150500.3.9.1.noarch.rpm
True
kernel-firmware-serial-20230724-150500.3.9.1.noarch.rpm
True
kernel-firmware-sound-20230724-150500.3.9.1.noarch.rpm
True
kernel-firmware-ti-20230724-150500.3.9.1.noarch.rpm
True
kernel-firmware-ueagle-20230724-150500.3.9.1.noarch.rpm
True
kernel-firmware-usb-network-20230724-150500.3.9.1.noarch.rpm
True
ucode-amd-20230724-150500.3.9.1.noarch.rpm
True
openSUSE-Leap-Micro-5.5-2024-297
Recommended update for transactional-update
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for transactional-update fixes the following issue:
- Version 4.1.6
dracut-transactional-update-4.1.6-150500.3.3.1.noarch.rpm
libtukit4-4.1.6-150500.3.3.1.x86_64.rpm
transactional-update-4.1.6-150500.3.3.1.src.rpm
transactional-update-4.1.6-150500.3.3.1.x86_64.rpm
transactional-update-zypp-config-4.1.6-150500.3.3.1.noarch.rpm
tukit-4.1.6-150500.3.3.1.x86_64.rpm
tukitd-4.1.6-150500.3.3.1.x86_64.rpm
libtukit4-4.1.6-150500.3.3.1.s390x.rpm
transactional-update-4.1.6-150500.3.3.1.s390x.rpm
tukit-4.1.6-150500.3.3.1.s390x.rpm
tukitd-4.1.6-150500.3.3.1.s390x.rpm
libtukit4-4.1.6-150500.3.3.1.aarch64.rpm
transactional-update-4.1.6-150500.3.3.1.aarch64.rpm
tukit-4.1.6-150500.3.3.1.aarch64.rpm
tukitd-4.1.6-150500.3.3.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4647
Security update for haproxy
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for haproxy fixes the following issues:
- CVE-2023-45539: Fixed misinterpretation of a path_end rule with # as part of the URI component (bsc#1217653).
haproxy-2.4.22+git0.f8e3218e2-150400.3.19.1.src.rpm
haproxy-2.4.22+git0.f8e3218e2-150400.3.19.1.x86_64.rpm
haproxy-2.4.22+git0.f8e3218e2-150400.3.19.1.s390x.rpm
haproxy-2.4.22+git0.f8e3218e2-150400.3.19.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4983
Security update for gnutls
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for gnutls fixes the following issues:
- CVE-2023-5981: Fixed timing side-channel inside RSA-PSK key exchange (bsc#1217277).
gnutls-3.7.3-150400.4.38.1.src.rpm
gnutls-3.7.3-150400.4.38.1.x86_64.rpm
libgnutls30-3.7.3-150400.4.38.1.x86_64.rpm
libgnutls30-hmac-3.7.3-150400.4.38.1.x86_64.rpm
gnutls-3.7.3-150400.4.38.1.s390x.rpm
libgnutls30-3.7.3-150400.4.38.1.s390x.rpm
libgnutls30-hmac-3.7.3-150400.4.38.1.s390x.rpm
gnutls-3.7.3-150400.4.38.1.aarch64.rpm
libgnutls30-3.7.3-150400.4.38.1.aarch64.rpm
libgnutls30-hmac-3.7.3-150400.4.38.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4902
Security update for openssh
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for openssh fixes the following issues:
- CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity (bsc#1217950).
the following non-security bug was fixed:
- Fix the 'no route to host' error when connecting via ProxyJump
openssh-8.4p1-150300.3.27.1.src.rpm
openssh-8.4p1-150300.3.27.1.x86_64.rpm
openssh-clients-8.4p1-150300.3.27.1.x86_64.rpm
openssh-common-8.4p1-150300.3.27.1.x86_64.rpm
openssh-fips-8.4p1-150300.3.27.1.x86_64.rpm
openssh-server-8.4p1-150300.3.27.1.x86_64.rpm
openssh-8.4p1-150300.3.27.1.s390x.rpm
openssh-clients-8.4p1-150300.3.27.1.s390x.rpm
openssh-common-8.4p1-150300.3.27.1.s390x.rpm
openssh-fips-8.4p1-150300.3.27.1.s390x.rpm
openssh-server-8.4p1-150300.3.27.1.s390x.rpm
openssh-8.4p1-150300.3.27.1.aarch64.rpm
openssh-clients-8.4p1-150300.3.27.1.aarch64.rpm
openssh-common-8.4p1-150300.3.27.1.aarch64.rpm
openssh-fips-8.4p1-150300.3.27.1.aarch64.rpm
openssh-server-8.4p1-150300.3.27.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4670
Recommended update for regionServiceClientConfigGCE
critical
SUSE Updates openSUSE-Leap-Micro 5.5
This update for regionServiceClientConfigGCE fixes the following issue:
- Update to version 4.0.1 (bsc#1217538)
regionServiceClientConfigGCE-4.0.1-150000.4.12.1.noarch.rpm
regionServiceClientConfigGCE-4.0.1-150000.4.12.1.src.rpm
openSUSE-Leap-Micro-5.5-2023-4669
Recommended update for regionServiceClientConfigAzure
critical
SUSE Updates openSUSE-Leap-Micro 5.5
This update for regionServiceClientConfigAzure fixes the following issue:
- Update to version 2.0.1 (bsc#1217537)
regionServiceClientConfigAzure-2.0.1-150000.3.19.1.noarch.rpm
regionServiceClientConfigAzure-2.0.1-150000.3.19.1.src.rpm
openSUSE-Leap-Micro-5.5-2023-4668
Recommended update for regionServiceClientConfigEC2
critical
SUSE Updates openSUSE-Leap-Micro 5.5
This update for regionServiceClientConfigEC2 fixes the following issue:
- Update to version 4.1.1 (bsc#1217536)
regionServiceClientConfigEC2-4.1.1-150000.3.27.1.noarch.rpm
regionServiceClientConfigEC2-4.1.1-150000.3.27.1.src.rpm
openSUSE-Leap-Micro-5.5-2023-4671
Recommended update for man
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update of man fixes the following problem:
- The "man" commands is delivered to SUSE Linux Enterprise Micro
to allow browsing man pages.
groff-1.22.4-150400.5.2.1.src.rpm
groff-1.22.4-150400.5.2.1.x86_64.rpm
system-group-hardware-20170617-150400.24.2.1.noarch.rpm
system-group-kvm-20170617-150400.24.2.1.noarch.rpm
system-group-libvirt-20170617-150400.24.2.1.noarch.rpm
system-group-wheel-20170617-150400.24.2.1.noarch.rpm
system-user-lp-20170617-150400.24.2.1.noarch.rpm
system-user-nobody-20170617-150400.24.2.1.noarch.rpm
system-user-qemu-20170617-150400.24.2.1.noarch.rpm
system-user-tftp-20170617-150400.24.2.1.noarch.rpm
system-user-tss-20170617-150400.24.2.1.noarch.rpm
system-users-20170617-150400.24.2.1.src.rpm
openSUSE-Leap-Micro-5.5-2024-21
Recommended update for net-snmp
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for net-snmp fixes the following issues:
Update to net-snmp-5.9.4 (bsc#1214364).
- libsnmp:
- Remove the SNMP_SWIPE_MEM() macro Remove this macro since it is not
used in the Net-SNMP code base.
- DISPLAY-HINT fixes
- Miscellanious improvements to the transports
- Handle multiple oldEngineID configuration lines
- fixes for DNS names longer than 63 characters
- agent:
- Added a ignoremount configuration option for the HOST-MIB
- disallow SETs with a NULL varbind
- fix the --enable-minimalist build
- apps:
- snmpset: allow SET with NULL varbind for testing
- snmptrapd: improved MySQL logging code
- general:
- configure: Remove -Wno-deprecated as it is no longer needed
- miscellanious ther bug fixes, build fixes and cleanups
- Re-add support for hostname netgroups that was removed accidentally and
previously added with FATE#316305 (bsc#1207697).
'@hostgroup' can be specified for multiple hosts
- Hardening systemd services setting "ProtectHome=true" caused home directory
size and allocation to be listed incorrectly (bsc#1206044).
libsnmp40-5.9.4-150300.15.11.1.x86_64.rpm
net-snmp-5.9.4-150300.15.11.1.src.rpm
snmp-mibs-5.9.4-150300.15.11.1.x86_64.rpm
libsnmp40-5.9.4-150300.15.11.1.s390x.rpm
snmp-mibs-5.9.4-150300.15.11.1.s390x.rpm
libsnmp40-5.9.4-150300.15.11.1.aarch64.rpm
snmp-mibs-5.9.4-150300.15.11.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-53
Recommended update for python-kiwi
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for python-kiwi fixes the following issues:
- Add `partx` to module-setup of kiwi-lib (bsc#1216465)
- Change partprobe fallback to partx (bsc#1216465):
Informing the kernel about a new partition geometry can be done in a
busy state and is also effective for new devices and new mounts based
on the new geometry. busy state mounts of course will not see it until
swap of the busy state but a complete refuse of operation like it
happens with blockdev is imho not required. Just as partprobe, partx
is less restrictive on the busy state. That's why this commit changes
the partprobe fallback to use partx instead of blockdev
- Create live persistent storage without busy state (bsc#1216465):
With the former logic the live ISO was already mounted when an
eventual persistent storage partition was created. This leads
to an issue on re-reading the partition table, not for all but
several tools. This commit changes the order of tasks such that
the setup of the persistent write storage is performed prior
mounting the live ISO. In addition to this change an alternative
method using blockdev to re-read the partition was added in case
partprobe is not present. This also allows to get rid of the
parted dependency which provides partprobe
- Add alternative re-reading of the partition table (bsc#1216465):
dracut-kiwi-lib-9.24.43-150100.3.65.1.x86_64.rpm
dracut-kiwi-oem-dump-9.24.43-150100.3.65.1.x86_64.rpm
dracut-kiwi-oem-repart-9.24.43-150100.3.65.1.x86_64.rpm
python-kiwi-9.24.43-150100.3.65.1.src.rpm
dracut-kiwi-lib-9.24.43-150100.3.65.1.s390x.rpm
dracut-kiwi-oem-dump-9.24.43-150100.3.65.1.s390x.rpm
dracut-kiwi-oem-repart-9.24.43-150100.3.65.1.s390x.rpm
dracut-kiwi-lib-9.24.43-150100.3.65.1.aarch64.rpm
dracut-kiwi-oem-dump-9.24.43-150100.3.65.1.aarch64.rpm
dracut-kiwi-oem-repart-9.24.43-150100.3.65.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4680
Recommended update for selinux-policy
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for selinux-policy fixes the following issues:
- Trigger rebuild of the policy when pcre2 gets updated to avoid regex version mismatch errors (bsc#1216747)
selinux-policy-20230511+git9.1b35a6ab-150500.3.9.1.noarch.rpm
selinux-policy-20230511+git9.1b35a6ab-150500.3.9.1.src.rpm
selinux-policy-devel-20230511+git9.1b35a6ab-150500.3.9.1.noarch.rpm
selinux-policy-targeted-20230511+git9.1b35a6ab-150500.3.9.1.noarch.rpm
openSUSE-Leap-Micro-5.5-2024-50
Recommended update for python-instance-billing-flavor-check
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for python-instance-billing-flavor-check fixes the following issues:
- Run the command as sudo only (bsc#1217696, bsc#1217695)
- Handle exception for Python 3.4
python-cssselect-1.0.3-150000.3.5.1.src.rpm
python3-cssselect-1.0.3-150000.3.5.1.noarch.rpm
openSUSE-Leap-Micro-5.5-2023-4901
Security update for avahi
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for avahi fixes the following issues:
- CVE-2023-38472: Fixed reachable assertion in avahi_rdata_parse (bsc#1216853).
avahi-0.8-150400.7.13.1.src.rpm
avahi-0.8-150400.7.13.1.x86_64.rpm
libavahi-client3-0.8-150400.7.13.1.x86_64.rpm
libavahi-common3-0.8-150400.7.13.1.x86_64.rpm
libavahi-core7-0.8-150400.7.13.1.x86_64.rpm
avahi-0.8-150400.7.13.1.s390x.rpm
libavahi-client3-0.8-150400.7.13.1.s390x.rpm
libavahi-common3-0.8-150400.7.13.1.s390x.rpm
libavahi-core7-0.8-150400.7.13.1.s390x.rpm
avahi-0.8-150400.7.13.1.aarch64.rpm
libavahi-client3-0.8-150400.7.13.1.aarch64.rpm
libavahi-common3-0.8-150400.7.13.1.aarch64.rpm
libavahi-core7-0.8-150400.7.13.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4727
Security update for catatonit, containerd, runc
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update of runc and containerd fixes the following issues:
containerd:
- Update to containerd v1.7.8. Upstream release notes:
https://github.com/containerd/containerd/releases/tag/v1.7.8
* CVE-2022-1996: Fixed CORS bypass in go-restful (bsc#1200528)
catatonit:
- Update to catatonit v0.2.0.
* Change license to GPL-2.0-or-later.
- Update to catatont v0.1.7
* This release adds the ability for catatonit to be used as the only
process in a pause container, by passing the -P flag (in this mode no
subprocess is spawned and thus no signal forwarding is done).
- Update to catatonit v0.1.6, which fixes a few bugs -- mainly ones related to
socket activation or features somewhat adjacent to socket activation (such as
passing file descriptors).
runc:
- Update to runc v1.1.10. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.1.10
containerd-1.7.8-150000.103.1.src.rpm
containerd-1.7.8-150000.103.1.x86_64.rpm
runc-1.1.10-150000.55.1.src.rpm
runc-1.1.10-150000.55.1.x86_64.rpm
containerd-1.7.8-150000.103.1.s390x.rpm
runc-1.1.10-150000.55.1.s390x.rpm
containerd-1.7.8-150000.103.1.aarch64.rpm
runc-1.1.10-150000.55.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4985
Recommended update for samba
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for samba fixes the following issues:
- Add "net offlinejoin composeodj" command (bsc#1214076)
samba-4.17.12+git.444.922f3bd625-150500.3.17.1.src.rpm
samba-client-libs-4.17.12+git.444.922f3bd625-150500.3.17.1.x86_64.rpm
samba-client-libs-4.17.12+git.444.922f3bd625-150500.3.17.1.s390x.rpm
samba-client-libs-4.17.12+git.444.922f3bd625-150500.3.17.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-143
Recommended update for nvidia-open-driver-G06-signed
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for nvidia-open-driver-G06-signed fixes the following issues:
- Update to 545.29.06
- no longer try to overwrite NVreg_OpenRmEnableUnsupportedGpus driver
NVreg_OpenRmEnableUnsupportedGpus driver option setting (disable it),
kernel-firmware-nvidia-gspx-G06-545.29.06-150500.11.15.1.nosrc.rpm
kernel-firmware-nvidia-gspx-G06-545.29.06-150500.11.15.1.x86_64.rpm
nvidia-open-driver-G06-signed-545.29.06-150500.3.21.5.src.rpm
nvidia-open-driver-G06-signed-kmp-default-545.29.06_k5.14.21_150500.55.39-150500.3.21.5.x86_64.rpm
kernel-firmware-nvidia-gspx-G06-545.29.06-150500.11.15.1.aarch64.rpm
nvidia-open-driver-G06-signed-kmp-default-545.29.06_k5.14.21_150500.55.39-150500.3.21.5.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4730
Security update for the Linux Kernel
important
SUSE Updates openSUSE-Leap-Micro 5.5
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-6176: Fixed a denial of service in the cryptographic algorithm scatterwalk functionality (bsc#1217332).
- CVE-2023-2006: Fixed a race condition in the RxRPC network protocol (bsc#1210447).
- CVE-2023-5633: Fixed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface (bsc#1216527).
- CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet() (bsc#1216976).
- CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which could be exploited to achieve local privilege escalation (bsc#1215420).
- CVE-2023-6039: Fixed a use-after-free in lan78xx_disconnect in drivers/net/usb/lan78xx.c (bsc#1217068).
- CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path() (bsc#1216058).
- CVE-2023-5158: Fixed a denial of service in vringh_kiov_advance() in drivers/vhost/vringh.c in the host side of a virtio ring (bsc#1215710).
- CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may not be adequate for frames larger than the MTU (bsc#1216259).
- CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216584).
- CVE-2023-39198: Fixed a race condition leading to use-after-free in qxl_mode_dumb_create() (bsc#1216965).
- CVE-2023-25775: Fixed improper access control in the Intel Ethernet Controller RDMA driver (bsc#1216959).
- CVE-2023-46862: Fixed a NULL pointer dereference in io_uring_show_fdinfo() (bsc#1216693).
The following non-security bugs were fixed:
- ACPI: FPDT: properly handle invalid FPDT subtables (git-fixes).
- ACPI: resource: Do IRQ override on TongFang GMxXGxx (git-fixes).
- ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CVA (git-fixes).
- ACPI: sysfs: Fix create_pnp_modalias() and create_of_modalias() (git-fixes).
- ALSA: hda/realtek - ALC287 Realtek I2S speaker platform support (git-fixes).
- ALSA: hda/realtek - Add Dell ALC295 to pin fall back table (git-fixes).
- ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS UX7602ZM (git-fixes).
- ALSA: hda/realtek: Add quirks for ASUS 2024 Zenbooks (git-fixes).
- ALSA: hda/realtek: Add quirks for HP Laptops (git-fixes).
- ALSA: hda/realtek: Add support dual speaker for Dell (git-fixes).
- ALSA: hda/realtek: Enable Mute LED on HP 255 G10 (git-fixes).
- ALSA: hda/realtek: Enable Mute LED on HP 255 G8 (git-fixes).
- ALSA: hda: ASUS UM5302LA: Added quirks for cs35L41/10431A83 on i2c bus (git-fixes).
- ALSA: hda: Disable power-save on KONTRON SinglePC (bsc#1217140).
- ALSA: hda: Fix possible null-ptr-deref when assigning a stream (git-fixes).
- ALSA: hda: cs35l41: Fix unbalanced pm_runtime_get() (git-fixes).
- ALSA: hda: cs35l41: Undo runtime PM changes at driver exit time (git-fixes).
- ALSA: hda: intel-dsp-config: Fix JSL Chromebook quirk detection (git-fixes).
- ALSA: info: Fix potential deadlock at disconnection (git-fixes).
- ALSA: usb-audio: add quirk flag to enable native DSD for McIntosh devices (git-fixes).
- ARM: 9321/1: memset: cast the constant byte to unsigned char (git-fixes).
- ASoC: Intel: Skylake: Fix mem leak when parsing UUIDs fails (git-fixes).
- ASoC: SOF: core: Ensure sof_ops_free() is still called when probe never ran (git-fixes).
- ASoC: ams-delta.c: use component after check (git-fixes).
- ASoC: codecs: wsa-macro: fix uninitialized stack variables with name prefix (git-fixes).
- ASoC: cs35l41: Undo runtime PM changes at driver exit time (git-fixes).
- ASoC: cs35l41: Verify PM runtime resume errors in IRQ handler (git-fixes).
- ASoC: fsl: Fix PM disable depth imbalance in fsl_easrc_probe (git-fixes).
- ASoC: fsl: mpc5200_dma.c: Fix warning of Function parameter or member not described (git-fixes).
- ASoC: hdmi-codec: register hpd callback on component probe (git-fixes).
- ASoC: rt5650: fix the wrong result of key button (git-fixes).
- ASoC: simple-card: fixup asoc_simple_probe() error handling (git-fixes).
- ASoC: ti: omap-mcbsp: Fix runtime PM underflow warnings (git-fixes).
- Bluetooth: btusb: Add 0bda:b85b for Fn-Link RTL8852BE (git-fixes).
- Bluetooth: btusb: Add RTW8852BE device 13d3:3570 to device tables (git-fixes).
- Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0cb8:0xc559 (git-fixes).
- Bluetooth: btusb: Add date->evt_skb is NULL check (git-fixes).
- Documentation: networking: correct possessive "its" (bsc#1215458).
- Drivers: hv: vmbus: Remove unused extern declaration vmbus_ontimer() (git-fixes).
- Fix termination state for idr_for_each_entry_ul() (git-fixes).
- HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W (git-fixes).
- HID: hyperv: Replace one-element array with flexible-array member (git-fixes).
- HID: hyperv: avoid struct memcpy overrun warning (git-fixes).
- HID: hyperv: remove unused struct synthhid_msg (git-fixes).
- HID: lenovo: Detect quirk-free fw on cptkbd and stop applying workaround (git-fixes).
- HID: logitech-hidpp: Do not restart IO, instead defer hid_connect() only (git-fixes).
- HID: logitech-hidpp: Move get_wireless_feature_index() check to hidpp_connect_event() (git-fixes).
- HID: logitech-hidpp: Remove HIDPP_QUIRK_NO_HIDINPUT quirk (git-fixes).
- HID: logitech-hidpp: Revert "Do not restart communication if not necessary" (git-fixes).
- Input: synaptics-rmi4 - fix use after free in rmi_unregister_function() (git-fixes).
- Input: synaptics-rmi4 - handle reset delay when using SMBus trsnsport (git-fixes).
- Input: xpad - add VID for Turtle Beach controllers (git-fixes).
- NFS: Fix access to page->mapping (bsc#1216788).
- PCI/ASPM: Fix L1 substate handling in aspm_attr_store_common() (git-fixes).
- PCI/sysfs: Protect driver's D3cold preference from user space (git-fixes).
- PCI: Disable ATS for specific Intel IPU E2000 devices (bsc#1215458).
- PCI: Extract ATS disabling to a helper function (bsc#1215458).
- PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD device (git-fixes).
- PCI: Use FIELD_GET() in Sapphire RX 5600 XT Pulse quirk (git-fixes).
- PCI: Use FIELD_GET() to extract Link Width (git-fixes).
- PCI: exynos: Do not discard .remove() callback (git-fixes).
- PCI: keystone: Do not discard .probe() callback (git-fixes).
- PCI: keystone: Do not discard .remove() callback (git-fixes).
- PCI: tegra194: Use FIELD_GET()/FIELD_PREP() with Link Width fields (git-fixes).
- PCI: vmd: Correct PCI Header Type Register's multi-function check (git-fixes).
- PM / devfreq: rockchip-dfi: Make pmu regmap mandatory (git-fixes).
- PM: hibernate: Use __get_safe_page() rather than touching the list (git-fixes).
- USB: dwc2: write HCINT with INTMASK applied (bsc#1214286).
- USB: dwc3: qcom: fix ACPI platform device leak (git-fixes).
- USB: dwc3: qcom: fix resource leaks on probe deferral (git-fixes).
- USB: dwc3: qcom: fix software node leak on probe errors (git-fixes).
- USB: dwc3: qcom: fix wakeup after probe deferral (git-fixes).
- USB: serial: option: add Fibocom L7xx modules (git-fixes).
- USB: serial: option: add Luat Air72*U series products (git-fixes).
- USB: serial: option: do not claim interface 4 for ZTE MF290 (git-fixes).
- USB: serial: option: fix FM101R-GL defines (git-fixes).
- USB: usbip: fix stub_dev hub disconnect (git-fixes).
- arm/xen: fix xen_vcpu_info allocation alignment (git-fixes).
- arm64: Add Cortex-A520 CPU part definition (git-fixes)
- arm64: allow kprobes on EL0 handlers (git-fixes)
- arm64: armv8_deprecated move emulation functions (git-fixes)
- arm64: armv8_deprecated: fix unused-function error (git-fixes)
- arm64: armv8_deprecated: fold ops into insn_emulation (git-fixes)
- arm64: armv8_deprecated: move aarch32 helper earlier (git-fixes)
- arm64: armv8_deprecated: rework deprected instruction handling (git-fixes)
- arm64: consistently pass ESR_ELx to die() (git-fixes)
- arm64: die(): pass 'err' as long (git-fixes)
- arm64: factor insn read out of call_undef_hook() (git-fixes)
- arm64: factor out EL1 SSBS emulation hook (git-fixes)
- arm64: report EL1 UNDEFs better (git-fixes)
- arm64: rework BTI exception handling (git-fixes)
- arm64: rework EL0 MRS emulation (git-fixes)
- arm64: rework FPAC exception handling (git-fixes)
- arm64: split EL0/EL1 UNDEF handlers (git-fixes)
- ata: pata_isapnp: Add missing error check for devm_ioport_map() (git-fixes).
- atl1c: Work around the DMA RX overflow issue (git-fixes).
- atm: iphase: Do PCI error checks on own line (git-fixes).
- blk-mq: Do not clear driver tags own mapping (bsc#1217366).
- blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping() (bsc#1217366).
- bluetooth: Add device 0bda:887b to device tables (git-fixes).
- bluetooth: Add device 13d3:3571 to device tables (git-fixes).
- btrfs: always log symlinks in full mode (bsc#1214840).
- can: dev: can_put_echo_skb(): do not crash kernel if can_priv::echo_skb is accessed out of bounds (git-fixes).
- can: dev: can_restart(): do not crash kernel if carrier is OK (git-fixes).
- can: dev: can_restart(): fix race condition between controller restart and netif_carrier_on() (git-fixes).
- can: isotp: add local echo tx processing for consecutive frames (git-fixes).
- can: isotp: fix race between isotp_sendsmg() and isotp_release() (git-fixes).
- can: isotp: fix tx state handling for echo tx processing (git-fixes).
- can: isotp: handle wait_event_interruptible() return values (git-fixes).
- can: isotp: isotp_bind(): return -EINVAL on incorrect CAN ID formatting (git-fixes).
- can: isotp: isotp_sendmsg(): fix TX state detection and wait behavior (git-fixes).
- can: isotp: remove re-binding of bound socket (git-fixes).
- can: isotp: sanitize CAN ID checks in isotp_bind() (git-fixes).
- can: isotp: set max PDU size to 64 kByte (git-fixes).
- can: isotp: split tx timer into transmission and timeout (git-fixes).
- can: sja1000: Fix comment (git-fixes).
- clk: Sanitize possible_parent_show to Handle Return Value of of_clk_get_parent_name (git-fixes).
- clk: imx: Select MXC_CLK for CLK_IMX8QXP (git-fixes).
- clk: imx: imx8mq: correct error handling path (git-fixes).
- clk: imx: imx8qxp: Fix elcdif_pll clock (git-fixes).
- clk: keystone: pll: fix a couple NULL vs IS_ERR() checks (git-fixes).
- clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data (git-fixes).
- clk: mediatek: clk-mt6765: Add check for mtk_alloc_clk_data (git-fixes).
- clk: mediatek: clk-mt6779: Add check for mtk_alloc_clk_data (git-fixes).
- clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data (git-fixes).
- clk: mediatek: clk-mt7629-eth: Add check for mtk_alloc_clk_data (git-fixes).
- clk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data (git-fixes).
- clk: npcm7xx: Fix incorrect kfree (git-fixes).
- clk: qcom: clk-rcg2: Fix clock rate overflow for high parent frequencies (git-fixes).
- clk: qcom: config IPQ_APSS_6018 should depend on QCOM_SMEM (git-fixes).
- clk: qcom: gcc-sm8150: Fix gcc_sdcc2_apps_clk_src (git-fixes).
- clk: qcom: ipq6018: drop the CLK_SET_RATE_PARENT flag from PLL clocks (git-fixes).
- clk: qcom: mmcc-msm8998: Do not check halt bit on some branch clks (git-fixes).
- clk: qcom: mmcc-msm8998: Fix the SMMU GDSC (git-fixes).
- clk: scmi: Free scmi_clk allocated when the clocks with invalid info are skipped (git-fixes).
- clk: ti: Add ti_dt_clk_name() helper to use clock-output-names (git-fixes).
- clk: ti: Update component clocks to use ti_dt_clk_name() (git-fixes).
- clk: ti: Update pll and clockdomain clocks to use ti_dt_clk_name() (git-fixes).
- clk: ti: change ti_clk_register[_omap_hw]() API (git-fixes).
- clk: ti: fix double free in of_ti_divider_clk_setup() (git-fixes).
- clocksource/drivers/timer-atmel-tcb: Fix initialization on SAM9 hardware (git-fixes).
- clocksource/drivers/timer-imx-gpt: Fix potential memory leak (git-fixes).
- crypto: caam/jr - fix Chacha20 + Poly1305 self test failure (git-fixes).
- crypto: caam/qi2 - fix Chacha20 + Poly1305 self test failure (git-fixes).
- crypto: hisilicon/hpre - Fix a erroneous check after snprintf() (git-fixes).
- dmaengine: pxa_dma: Remove an erroneous BUG_ON() in pxad_free_desc() (git-fixes).
- dmaengine: ste_dma40: Fix PM disable depth imbalance in d40_probe (git-fixes).
- dmaengine: stm32-mdma: correct desc prep when channel running (git-fixes).
- dmaengine: ti: edma: handle irq_of_parse_and_map() errors (git-fixes).
- drm/amd/display: Avoid NULL dereference of timing generator (git-fixes).
- drm/amd/display: Change the DMCUB mailbox memory location from FB to inbox (git-fixes).
- drm/amd/display: Refactor dm_get_plane_scale helper (git-fixes).
- drm/amd/display: remove useless check in should_enable_fbc() (git-fixes).
- drm/amd/display: use full update for clip size increase of large plane source (git-fixes).
- drm/amd/pm: Handle non-terminated overdrive commands (git-fixes).
- drm/amd: Disable ASPM for VI w/ all Intel systems (git-fixes).
- drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga (git-fixes).
- drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 (git-fixes).
- drm/amd: Move helper for dynamic speed switch check out of smu13 (git-fixes).
- drm/amd: Update `update_pcie_parameters` functions to use uint8_t arguments (git-fixes).
- drm/amdgpu/vkms: fix a possible null pointer dereference (git-fixes).
- drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL (git-fixes).
- drm/amdgpu: Fix potential null pointer derefernce (git-fixes).
- drm/amdgpu: Remove unnecessary domain argument (git-fixes).
- drm/amdgpu: Reserve fences for VM update (git-fixes).
- drm/amdgpu: add drv_vram_usage_va for virt data exchange (bsc#1215802).
- drm/amdgpu: add vram reservation based on vram_usagebyfirmware_v2_2 (git-fixes).
- drm/amdgpu: do not use ATRM for external devices (git-fixes).
- drm/amdgpu: fix error handling in amdgpu_bo_list_get() (git-fixes).
- drm/amdgpu: fix software pci_unplug on some chips (git-fixes).
- drm/amdgpu: not to save bo in the case of RAS err_event_athub (git-fixes).
- drm/amdgpu: skip vram reserve on firmware_v2_2 for bare-metal (bsc#1215802).
- drm/amdkfd: Fix a race condition of vram buffer unref in svm code (git-fixes).
- drm/amdkfd: Fix shift out-of-bounds issue (git-fixes).
- drm/amdkfd: fix some race conditions in vram buffer alloc/free of svm code (git-fixes).
- drm/bridge: Fix kernel-doc typo in desc of output_bus_cfg in drm_bridge_state (git-fixes).
- drm/bridge: lt8912b: Add missing drm_bridge_attach call (git-fixes).
- drm/bridge: lt8912b: Fix bridge_detach (git-fixes).
- drm/bridge: lt8912b: Fix crash on bridge detach (git-fixes).
- drm/bridge: lt8912b: Manually disable HPD only if it was enabled (git-fixes).
- drm/bridge: lt8912b: Register and attach our DSI device at probe (git-fixes).
- drm/bridge: lt8912b: Switch to devm MIPI-DSI helpers (git-fixes).
- drm/bridge: lt9611uxc: Register and attach our DSI device at probe (git-fixes).
- drm/bridge: lt9611uxc: Switch to devm MIPI-DSI helpers (git-fixes).
- drm/bridge: lt9611uxc: fix the race in the error path (git-fixes).
- drm/bridge: lt9611uxc: fix the race in the error path (git-fixes).
- drm/bridge: tc358768: Clean up clock period code (git-fixes).
- drm/bridge: tc358768: Disable non-continuous clock mode (git-fixes).
- drm/bridge: tc358768: Fix bit updates (git-fixes).
- drm/bridge: tc358768: Fix tc358768_ns_to_cnt() (git-fixes).
- drm/bridge: tc358768: Fix use of uninitialized variable (git-fixes).
- drm/bridge: tc358768: Print logical values, not raw register values (git-fixes).
- drm/bridge: tc358768: Rename dsibclk to hsbyteclk (git-fixes).
- drm/bridge: tc358768: Use dev for dbg prints, not priv->dev (git-fixes).
- drm/bridge: tc358768: Use struct videomode (git-fixes).
- drm/bridge: tc358768: remove unused variable (git-fixes).
- drm/dp_mst: Fix NULL deref in get_mst_branch_device_by_guid_helper() (git-fixes).
- drm/gma500: Fix call trace when psb_gem_mm_init() fails (git-fixes).
- drm/gud: Use size_add() in call to struct_size() (git-fixes).
- drm/i915: Fix potential spectre vulnerability (git-fixes).
- drm/i915: Flush WC GGTT only on required platforms (git-fixes).
- drm/komeda: drop all currently held locks if deadlock happens (git-fixes).
- drm/mediatek: Fix iommu fault by swapping FBs after updating plane state (git-fixes).
- drm/mediatek: Fix iommu fault during crtc enabling (git-fixes).
- drm/mipi-dsi: Create devm device attachment (git-fixes).
- drm/mipi-dsi: Create devm device registration (git-fixes).
- drm/msm/dp: skip validity check for DP CTS EDID checksum (git-fixes).
- drm/msm/dsi: free TX buffer in unbind (git-fixes).
- drm/msm/dsi: use msm_gem_kernel_put to free TX buffer (git-fixes).
- drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference (git-fixes).
- drm/panel: fix a possible null pointer dereference (git-fixes).
- drm/panel: simple: Fix Innolux G101ICE-L01 bus flags (git-fixes).
- drm/panel: simple: Fix Innolux G101ICE-L01 timings (git-fixes).
- drm/panel: st7703: Pick different reset sequence (git-fixes).
- drm/qxl: prevent memory leak (git-fixes).
- drm/radeon: fix a possible null pointer dereference (git-fixes).
- drm/radeon: possible buffer overflow (git-fixes).
- drm/rockchip: Fix type promotion bug in rockchip_gem_iommu_map() (git-fixes).
- drm/rockchip: cdn-dp: Fix some error handling paths in cdn_dp_probe() (git-fixes).
- drm/rockchip: vop: Fix call to crtc reset helper (git-fixes).
- drm/rockchip: vop: Fix color for RGB888/BGR888 format on VOP full (git-fixes).
- drm/rockchip: vop: Fix reset of state in duplicate state crtc funcs (git-fixes).
- drm/syncobj: fix DRM_SYNCOBJ_WAIT_FLAGS_WAIT_AVAILABLE (git-fixes).
- drm/ttm: Reorder sys manager cleanup step (git-fixes).
- drm/vc4: fix typo (git-fixes).
- drm/vmwgfx: Remove the duplicate bo_free function (bsc#1216527)
- drm/vmwgfx: Rename vmw_buffer_object to vmw_bo (bsc#1216527)
- drm: bridge: it66121: Fix invalid connector dereference (git-fixes).
- drm: mediatek: mtk_dsi: Fix NO_EOT_PACKET settings/handling (git-fixes).
- drm: vmwgfx_surface.c: copy user-array safely (git-fixes).
- dt-bindings: usb: hcd: add missing phy name to example (git-fixes).
- dt-bindings: usb: qcom,dwc3: fix example wakeup interrupt types (git-fixes).
- fbdev: atyfb: only use ioremap_uc() on i386 and ia64 (git-fixes).
- fbdev: fsl-diu-fb: mark wr_reg_wa() static (git-fixes).
- fbdev: imsttfb: Fix error path of imsttfb_probe() (git-fixes).
- fbdev: imsttfb: Release framebuffer and dealloc cmap on error path (git-fixes).
- fbdev: imsttfb: fix a resource leak in probe (git-fixes).
- fbdev: imsttfb: fix double free in probe() (git-fixes).
- fbdev: omapfb: Drop unused remove function (git-fixes).
- fbdev: uvesafb: Call cn_del_callback() at the end of uvesafb_exit() (git-fixes).
- firewire: core: fix possible memory leak in create_units() (git-fixes).
- gpio: mockup: fix kerneldoc (git-fixes).
- gpio: mockup: remove unused field (git-fixes).
- gpu: host1x: Correct allocated size for contexts (git-fixes).
- hid: cp2112: Fix duplicate workqueue initialization (git-fixes).
- hv: simplify sysctl registration (git-fixes).
- hv_netvsc: Fix race of register_netdevice_notifier and VF register (git-fixes).
- hv_netvsc: Mark VF as slave before exposing it to user-mode (git-fixes).
- hv_netvsc: fix netvsc_send_completion to avoid multiple message length checks (git-fixes).
- hv_netvsc: fix race of netvsc and VF register_netdevice (git-fixes).
- hwmon: (coretemp) Fix potentially truncated sysfs attribute name (git-fixes).
- i2c: core: Run atomic i2c xfer when !preemptible (git-fixes).
- i2c: designware: Disable TX_EMPTY irq while waiting for block length byte (git-fixes).
- i2c: dev: copy userspace array safely (git-fixes).
- i2c: i801: fix potential race in i801_block_transaction_byte_by_byte (git-fixes).
- i2c: iproc: handle invalid slave state (git-fixes).
- i2c: sun6i-p2wi: Prevent potential division by zero (git-fixes).
- i3c: Fix potential refcount leak in i3c_master_register_new_i3c_devs (git-fixes).
- i3c: master: cdns: Fix reading status register (git-fixes).
- i3c: master: mipi-i3c-hci: Fix a kernel panic for accessing DAT_data (git-fixes).
- i3c: master: svc: fix SDA keep low when polling IBIWON timeout happen (git-fixes).
- i3c: master: svc: fix check wrong status register in irq handler (git-fixes).
- i3c: master: svc: fix ibi may not return mandatory data byte (git-fixes).
- i3c: master: svc: fix race condition in ibi work thread (git-fixes).
- i3c: master: svc: fix wrong data return when IBI happen during start frame (git-fixes).
- i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler (git-fixes).
- i915/perf: Fix NULL deref bugs with drm_dbg() calls (git-fixes).
- idpf: add RX splitq napi poll support (bsc#1215458).
- idpf: add SRIOV support and other ndo_ops (bsc#1215458).
- idpf: add TX splitq napi poll support (bsc#1215458).
- idpf: add controlq init and reset checks (bsc#1215458).
- idpf: add core init and interrupt request (bsc#1215458).
- idpf: add create vport and netdev configuration (bsc#1215458).
- idpf: add ethtool callbacks (bsc#1215458).
- idpf: add module register and probe functionality (bsc#1215458).
- idpf: add ptypes and MAC filter support (bsc#1215458).
- idpf: add singleq start_xmit and napi poll (bsc#1215458).
- idpf: add splitq start_xmit (bsc#1215458).
- idpf: cancel mailbox work in error path (bsc#1215458).
- idpf: configure resources for RX queues (bsc#1215458).
- idpf: configure resources for TX queues (bsc#1215458).
- idpf: fix potential use-after-free in idpf_tso() (bsc#1215458).
- idpf: initialize interrupts and enable vport (bsc#1215458).
- idpf: set scheduling mode for completion queue (bsc#1215458).
- irqchip/stm32-exti: add missing DT IRQ flag translation (git-fixes).
- leds: pwm: Do not disable the PWM when the LED should be off (git-fixes).
- leds: trigger: ledtrig-cpu:: Fix 'output may be truncated' issue for 'cpu' (git-fixes).
- leds: turris-omnia: Do not use SMBUS calls (git-fixes).
- lsm: fix default return value for inode_getsecctx (git-fixes).
- lsm: fix default return value for vm_enough_memory (git-fixes).
- media: bttv: fix use after free error due to btv->timeout timer (git-fixes).
- media: ccs: Correctly initialise try compose rectangle (git-fixes).
- media: ccs: Fix driver quirk struct documentation (git-fixes).
- media: cedrus: Fix clock/reset sequence (git-fixes).
- media: cobalt: Use FIELD_GET() to extract Link Width (git-fixes).
- media: gspca: cpia1: shift-out-of-bounds in set_flicker (git-fixes).
- media: i2c: max9286: Fix some redundant of_node_put() calls (git-fixes).
- media: imon: fix access to invalid resource for the second interface (git-fixes).
- media: lirc: drop trailing space from scancode transmit (git-fixes).
- media: qcom: camss: Fix VFE-17x vfe_disable_output() (git-fixes).
- media: qcom: camss: Fix missing vfe_lite clocks check (git-fixes).
- media: qcom: camss: Fix pm_domain_on sequence in probe (git-fixes).
- media: qcom: camss: Fix vfe_get() error jump (git-fixes).
- media: sharp: fix sharp encoding (git-fixes).
- media: siano: Drop unnecessary error check for debugfs_create_dir/file() (git-fixes).
- media: venus: hfi: add checks to handle capabilities from firmware (git-fixes).
- media: venus: hfi: add checks to perform sanity on queue pointers (git-fixes).
- media: venus: hfi: fix the check to handle session buffer requirement (git-fixes).
- media: venus: hfi_parser: Add check to keep the number of codecs within range (git-fixes).
- media: vidtv: mux: Add check and kfree for kstrdup (git-fixes).
- media: vidtv: psi: Add check for kstrdup (git-fixes).
- media: vivid: avoid integer overflow (git-fixes).
- mfd: arizona-spi: Set pdata.hpdet_channel for ACPI enumerated devs (git-fixes).
- mfd: core: Ensure disabled devices are skipped without aborting (git-fixes).
- mfd: dln2: Fix double put in dln2_probe (git-fixes).
- misc: pci_endpoint_test: Add Device ID for R-Car S4-8 PCIe controller (git-fixes).
- mm/hmm: fault non-owner device private entries (bsc#1216844, jsc#PED-7237, git-fixes).
- mmc: block: Be sure to wait while busy in CQE error recovery (git-fixes).
- mmc: block: Do not lose cache flush during CQE error recovery (git-fixes).
- mmc: block: Retry commands in CQE error recovery (git-fixes).
- mmc: cqhci: Fix task clearing in CQE error recovery (git-fixes).
- mmc: cqhci: Increase recovery halt timeout (git-fixes).
- mmc: cqhci: Warn of halt or task clear failure (git-fixes).
- mmc: meson-gx: Remove setting of CMD_CFG_ERROR (git-fixes).
- mmc: sdhci-pci-gli: A workaround to allow GL9750 to enter ASPM L1.2 (git-fixes).
- mmc: sdhci-pci-gli: GL9750: Mask the replay timer timeout of AER (git-fixes).
- mmc: sdhci_am654: fix start loop index for TAP value parsing (git-fixes).
- mmc: vub300: fix an error code (git-fixes).
- modpost: fix tee MODULE_DEVICE_TABLE built on big-endian host (git-fixes).
- mt76: dma: use kzalloc instead of devm_kzalloc for txwi (git-fixes).
- mtd: cfi_cmdset_0001: Byte swap OTP info (git-fixes).
- mtd: rawnand: arasan: Include ECC syndrome along with in-band data while checking for ECC failure (git-fixes).
- net-memcg: Fix scope of sockmem pressure indicators (bsc#1216759).
- net: Avoid address overwrite in kernel_connect (bsc#1216861).
- net: add macro netif_subqueue_completed_wake (bsc#1215458).
- net: fix use-after-free in tw_timer_handler (bsc#1217195).
- net: mana: Fix return type of mana_start_xmit() (git-fixes).
- net: piggy back on the memory barrier in bql when waking queues (bsc#1215458).
- net: provide macros for commonly copied lockless queue stop/wake code (bsc#1215458).
- net: usb: ax88179_178a: fix failed operations during ax88179_reset (git-fixes).
- nvme: update firmware version after commit (bsc#1215292).
- pcmcia: cs: fix possible hung task and memory leak pccardd() (git-fixes).
- pcmcia: ds: fix possible name leak in error path in pcmcia_device_add() (git-fixes).
- pcmcia: ds: fix refcount leak in pcmcia_device_add() (git-fixes).
- pinctrl: avoid reload of p state in list iteration (git-fixes).
- platform/x86/intel-uncore-freq: Return error on write frequency (bsc#1217147).
- platform/x86/intel-uncore-freq: Split common and enumeration part (bsc#1217147).
- platform/x86/intel-uncore-freq: Support for cluster level controls (bsc#1217147).
- platform/x86/intel-uncore-freq: Uncore frequency control via TPMI (bsc#1217147).
- platform/x86/intel-uncore-freq: tpmi: Provide cluster level control (bsc#1217147).
- platform/x86/intel/tpmi: ADD tpmi external interface for tpmi feature drivers (bsc#1217147).
- platform/x86/intel/tpmi: Fix double free reported by Smatch (bsc#1217147).
- platform/x86/intel/tpmi: Process CPU package mapping (bsc#1217147).
- platform/x86/intel/uncore-freq: Display uncore current frequency (bsc#1217147).
- platform/x86/intel/uncore-freq: Move to uncore-frequency folder (bsc#1217147).
- platform/x86/intel/uncore-freq: Use sysfs API to create attributes (bsc#1217147).
- platform/x86/intel/vsec: Add TPMI ID (bsc#1217147).
- platform/x86/intel/vsec: Enhance and Export intel_vsec_add_aux() (bsc#1217147).
- platform/x86/intel/vsec: Support private data (bsc#1217147).
- platform/x86/intel/vsec: Use mutex for ida_alloc() and ida_free() (bsc#1217147).
- platform/x86/intel: Intel TPMI enumeration driver (bsc#1217147).
- platform/x86/intel: tpmi: Fix double free in tpmi_create_device() (bsc#1217147).
- platform/x86: intel-uncore-freq: Add client processors (bsc#1217147).
- platform/x86: intel-uncore-freq: Conditionally create attribute for read frequency (bsc#1217147).
- platform/x86: intel-uncore-freq: Prevent driver loading in guests (bsc#1217147).
- platform/x86: intel-uncore-freq: Use sysfs_emit() to instead of scnprintf() (bsc#1217147).
- platform/x86: intel-uncore-freq: fix uncore_freq_common_init() error codes (bsc#1217147).
- platform/x86: intel-uncore-frequency: Move to intel sub-directory (bsc#1217147).
- platform/x86: intel-uncore-frequency: use default_groups in kobj_type (bsc#1217147).
- platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e (git-fixes).
- platform/x86: wmi: Fix opening of char device (git-fixes).
- platform/x86: wmi: Fix probe failure when failing to register WMI devices (git-fixes).
- platform/x86: wmi: remove unnecessary initializations (git-fixes).
- powerpc/perf/hv-24x7: Update domain value check (bsc#1215931).
- powerpc/vas: Limit open window failure messages in log bufffer (bsc#1216687 ltc#203927).
- powerpc: Do not clobber f0/vs0 during fp|altivec register save (bsc#1217780).
- pwm: Fix double shift bug (git-fixes).
- pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume (git-fixes).
- pwm: sti: Reduce number of allocations and drop usage of chip_data (git-fixes).
- r8152: Check for unplug in r8153b_ups_en() / r8153c_ups_en() (git-fixes).
- r8152: Check for unplug in rtl_phy_patch_request() (git-fixes).
- regmap: Ensure range selector registers are updated after cache sync (git-fixes).
- regmap: debugfs: Fix a erroneous check after snprintf() (git-fixes).
- regmap: prevent noinc writes from clobbering cache (git-fixes).
- s390/ap: fix AP bus crash on early config change callback invocation (git-fixes bsc#1217687).
- s390/cio: unregister device when the only path is gone (git-fixes bsc#1217609).
- s390/cmma: fix detection of DAT pages (LTC#203997 bsc#1217086).
- s390/cmma: fix handling of swapper_pg_dir and invalid_pg_dir (LTC#203997 bsc#1217086).
- s390/cmma: fix initial kernel address space page table walk (LTC#203997 bsc#1217086).
- s390/crashdump: fix TOD programmable field size (git-fixes bsc#1217205).
- s390/dasd: fix hanging device after request requeue (git-fixes LTC#203629 bsc#1215124).
- s390/dasd: protect device queue against concurrent access (git-fixes bsc#1217515).
- s390/dasd: use correct number of retries for ERP requests (git-fixes bsc#1217598).
- s390/ipl: add missing IPL_TYPE_ECKD_DUMP case to ipl_init() (git-fixes bsc#1217511).
- s390/ipl: add missing secure/has_secure file to ipl type 'unknown' (bsc#1214976 git-fixes).
- s390/mm: add missing arch_set_page_dat() call to gmap allocations (LTC#203997 bsc#1217086).
- s390/mm: add missing arch_set_page_dat() call to vmem_crst_alloc() (LTC#203997 bsc#1217086).
- s390/pkey: fix/harmonize internal keyblob headers (git-fixes bsc#1217200).
- s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling (git-fixes bsc#1217599).
- sbitmap: fix batched wait_cnt accounting (bsc#1217095 bsc#1217196).
- sbitmap: fix up kABI for sbitmap_queue_wake_up() (bsc#1217095 bsc#1217196).
- sbsa_gwdt: Calculate timeout with 64-bit math (git-fixes).
- scsi: lpfc: Copyright updates for 14.2.0.16 patches (bsc#1217731).
- scsi: lpfc: Correct maximum PCI function value for RAS fw logging (bsc#1217731).
- scsi: lpfc: Eliminate unnecessary relocking in lpfc_check_nlp_post_devloss() (bsc#1217731).
- scsi: lpfc: Enhance driver logging for selected discovery events (bsc#1217731).
- scsi: lpfc: Fix list_entry null check warning in lpfc_cmpl_els_plogi() (bsc#1217731).
- scsi: lpfc: Fix possible file string name overflow when updating firmware (bsc#1217731).
- scsi: lpfc: Introduce LOG_NODE_VERBOSE messaging flag (bsc#1217124).
- scsi: lpfc: Refactor and clean up mailbox command memory free (bsc#1217731).
- scsi: lpfc: Reject received PRLIs with only initiator fcn role for NPIV ports (bsc#1217124).
- scsi: lpfc: Remove unnecessary zero return code assignment in lpfc_sli4_hba_setup (bsc#1217124).
- scsi: lpfc: Return early in lpfc_poll_eratt() when the driver is unloading (bsc#1217731).
- scsi: lpfc: Treat IOERR_SLI_DOWN I/O completion status the same as pci offline (bsc#1217124).
- scsi: lpfc: Update lpfc version to 14.2.0.15 (bsc#1217124).
- scsi: lpfc: Update lpfc version to 14.2.0.16 (bsc#1217731).
- scsi: lpfc: Validate ELS LS_ACC completion payload (bsc#1217124).
- scsi: qla2xxx: Fix double free of dsd_list during driver load (git-fixes).
- scsi: qla2xxx: Use FIELD_GET() to extract PCIe capability fields (git-fixes).
- selftests/efivarfs: create-read: fix a resource leak (git-fixes).
- selftests/pidfd: Fix ksft print formats (git-fixes).
- selftests/resctrl: Ensure the benchmark commands fits to its array (git-fixes).
- selftests/resctrl: Reduce failures due to outliers in MBA/MBM tests (git-fixes).
- selftests/resctrl: Remove duplicate feature check from CMT test (git-fixes).
- seq_buf: fix a misleading comment (git-fixes).
- serial: exar: Revert "serial: exar: Add support for Sealevel 7xxxC serial cards" (git-fixes).
- serial: meson: Use platform_get_irq() to get the interrupt (git-fixes).
- soc: qcom: llcc: Handle a second device without data corruption (git-fixes).
- spi: nxp-fspi: use the correct ioremap function (git-fixes).
- spi: spi-zynq-qspi: add spi-mem to driver kconfig dependencies (git-fixes).
- spi: tegra: Fix missing IRQ check in tegra_slink_probe() (git-fixes).
- staging: media: ipu3: remove ftrace-like logging (git-fixes).
- string.h: add array-wrappers for (v)memdup_user() (git-fixes).
- supported.conf: marked idpf supported
- thermal: core: prevent potential string overflow (git-fixes).
- tty/sysrq: replace smp_processor_id() with get_cpu() (git-fixes).
- tty: 8250: Add Brainboxes Oxford Semiconductor-based quirks (git-fixes).
- tty: 8250: Add support for Brainboxes UP cards (git-fixes).
- tty: 8250: Add support for Intashield IS-100 (git-fixes).
- tty: 8250: Add support for Intashield IX cards (git-fixes).
- tty: 8250: Add support for additional Brainboxes PX cards (git-fixes).
- tty: 8250: Add support for additional Brainboxes UC cards (git-fixes).
- tty: 8250: Fix port count of PX-257 (git-fixes).
- tty: 8250: Fix up PX-803/PX-857 (git-fixes).
- tty: 8250: Remove UC-257 and UC-431 (git-fixes).
- tty: Fix uninit-value access in ppp_sync_receive() (git-fixes).
- tty: n_gsm: fix race condition in status line change on dead connections (git-fixes).
- tty: serial: meson: fix hard LOCKUP on crtscts mode (git-fixes).
- tty: tty_jobctrl: fix pid memleak in disassociate_ctty() (git-fixes).
- tty: vcc: Add check for kstrdup() in vcc_probe() (git-fixes).
- usb: cdnsp: Fix deadlock issue during using NCM gadget (git-fixes).
- usb: chipidea: Fix DMA overwrite for Tegra (git-fixes).
- usb: chipidea: Simplify Tegra DMA alignment code (git-fixes).
- usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency (git-fixes).
- usb: dwc3: Fix default mode initialization (git-fixes).
- usb: dwc3: set the dma max_seg_size (git-fixes).
- usb: gadget: f_ncm: Always set current gadget in ncm_bind() (git-fixes).
- usb: raw-gadget: properly handle interrupted requests (git-fixes).
- usb: storage: set 1.50 as the lower bcdDevice for older "Super Top" compatibility (git-fixes).
- usb: typec: tcpm: Fix NULL pointer dereference in tcpm_pd_svdm() (git-fixes).
- usb: typec: tcpm: Skip hard reset when in error recovery (git-fixes).
- virtchnl: add virtchnl version 2 ops (bsc#1215458).
- wifi: ath10k: Do not touch the CE interrupt registers after power up (git-fixes).
- wifi: ath10k: fix clang-specific fortify warning (git-fixes).
- wifi: ath11k: debugfs: fix to work with multiple PCI devices (git-fixes).
- wifi: ath11k: fix dfs radar event locking (git-fixes).
- wifi: ath11k: fix gtk offload status event locking (git-fixes).
- wifi: ath11k: fix htt pktlog locking (git-fixes).
- wifi: ath11k: fix temperature event locking (git-fixes).
- wifi: ath9k: fix clang-specific fortify warnings (git-fixes).
- wifi: iwlwifi: Use FW rate for non-data frames (git-fixes).
- wifi: iwlwifi: call napi_synchronize() before freeing rx/tx queues (git-fixes).
- wifi: iwlwifi: empty overflow queue during flush (git-fixes).
- wifi: iwlwifi: honor the enable_ini value (git-fixes).
- wifi: iwlwifi: pcie: synchronize IRQs before NAPI (git-fixes).
- wifi: mac80211: do not return unset power in ieee80211_get_tx_power() (git-fixes).
- wifi: mac80211: fix # of MSDU in A-MSDU calculation (git-fixes).
- wifi: mt76: mt7603: rework/fix rx pse hang check (git-fixes).
- wifi: rtlwifi: fix EDCA limit set by BT coexistence (git-fixes).
- wifi: rtw88: debug: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git-fixes).
- x86/alternative: Add a __alt_reloc_selftest() prototype (git-fixes).
- x86/cpu: Clear SVM feature if disabled by BIOS (bsc#1214700).
- x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs (git-fixes).
- x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4 (git-fixes).
- x86/hyperv: Add HV_EXPOSE_INVARIANT_TSC define (git-fixes).
- x86/hyperv: Improve code for referencing hyperv_pcpu_input_arg (git-fixes).
- x86/hyperv: Make hv_get_nmi_reason public (git-fixes).
- x86/hyperv: fix a warning in mshyperv.h (git-fixes).
- x86/sev: Do not try to parse for the CC blob on non-AMD hardware (git-fixes).
- x86/sev: Fix calculation of end address based on number of pages (git-fixes).
- x86/sev: Use the GHCB protocol when available for SNP CPUID requests (git-fixes).
- x86: Move gds_ucode_mitigated() declaration to header (git-fixes).
- xfs: add attr state machine tracepoints (git-fixes).
- xfs: can't use kmem_zalloc() for attribute buffers (bsc#1216909).
- xfs: can't use kmem_zalloc() for attribute buffers (bsc#1216909).
- xfs: constify btree function parameters that are not modified (git-fixes).
- xfs: convert AGF log flags to unsigned (git-fixes).
- xfs: convert AGI log flags to unsigned (git-fixes).
- xfs: convert attr type flags to unsigned (git-fixes).
- xfs: convert bmap extent type flags to unsigned (git-fixes).
- xfs: convert bmapi flags to unsigned (git-fixes).
- xfs: convert btree buffer log flags to unsigned (git-fixes).
- xfs: convert buffer flags to unsigned (git-fixes).
- xfs: convert buffer log item flags to unsigned (git-fixes).
- xfs: convert da btree operations flags to unsigned (git-fixes).
- xfs: convert dquot flags to unsigned (git-fixes).
- xfs: convert inode lock flags to unsigned (git-fixes).
- xfs: convert log item tracepoint flags to unsigned (git-fixes).
- xfs: convert log ticket and iclog flags to unsigned (git-fixes).
- xfs: convert quota options flags to unsigned (git-fixes).
- xfs: convert scrub type flags to unsigned (git-fixes).
- xfs: disambiguate units for ftrace fields tagged "blkno", "block", or "bno" (git-fixes).
- xfs: disambiguate units for ftrace fields tagged "count" (git-fixes).
- xfs: disambiguate units for ftrace fields tagged "len" (git-fixes).
- xfs: disambiguate units for ftrace fields tagged "offset" (git-fixes).
- xfs: make the key parameters to all btree key comparison functions const (git-fixes).
- xfs: make the key parameters to all btree query range functions const (git-fixes).
- xfs: make the keys and records passed to btree inorder functions const (git-fixes).
- xfs: make the pointer passed to btree set_root functions const (git-fixes).
- xfs: make the start pointer passed to btree alloc_block functions const (git-fixes).
- xfs: make the start pointer passed to btree update_lastrec functions const (git-fixes).
- xfs: mark the record passed into btree init_key functions as const (git-fixes).
- xfs: mark the record passed into xchk_btree functions as const (git-fixes).
- xfs: remove xfs_btree_cur_t typedef (git-fixes).
- xfs: rename i_disk_size fields in ftrace output (git-fixes).
- xfs: resolve fork names in trace output (git-fixes).
- xfs: standardize AG block number formatting in ftrace output (git-fixes).
- xfs: standardize AG number formatting in ftrace output (git-fixes).
- xfs: standardize daddr formatting in ftrace output (git-fixes).
- xfs: standardize inode generation formatting in ftrace output (git-fixes).
- xfs: standardize inode number formatting in ftrace output (git-fixes).
- xfs: standardize remaining xfs_buf length tracepoints (git-fixes).
- xfs: standardize rmap owner number formatting in ftrace output (git-fixes).
- xhci: Enable RPM on controllers that support low-power states (git-fixes).
- xhci: Loosen RPM as default policy to cover for AMD xHC 1.1 (git-fixes).
kernel-default-5.14.21-150500.55.39.1.nosrc.rpm
True
kernel-default-5.14.21-150500.55.39.1.x86_64.rpm
True
kernel-default-base-5.14.21-150500.55.39.1.150500.6.17.1.src.rpm
True
kernel-default-base-5.14.21-150500.55.39.1.150500.6.17.1.x86_64.rpm
True
kernel-default-5.14.21-150500.55.39.1.s390x.rpm
True
kernel-default-5.14.21-150500.55.39.1.aarch64.rpm
True
kernel-default-base-5.14.21-150500.55.39.1.150500.6.17.1.aarch64.rpm
True
openSUSE-Leap-Micro-5.5-2024-11
Recommended update for procps
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for procps fixes the following issues:
- Update procps to 3.3.17 (jsc#PED-3244 jsc#PED-6369)
- For support up to 2048 CPU as well (bsc#1185417)
- Allow `-´ as leading character to ignore possible errors on systctl entries (bsc#1209122)
- Get the first CPU summary correct (bsc#1121753)
- Enable pidof for SLE-15 as this is provided by sysvinit-tools
- Use a check on syscall __NR_pidfd_open to decide if
the pwait tool and its manual page will be build
- Do not truncate output of w with option -n
- Prefer logind over utmp (jsc#PED-3144)
- Don't install translated man pages for non-installed binaries
(uptime, kill).
- Fix directory for Ukrainian man pages translations.
- Move localized man pages to lang package.
- Update to procps-ng-3.3.17
* library: Incremented to 8:3:0
(no removals or additions, internal changes only)
* all: properly handle utf8 cmdline translations
* kill: Pass int to signalled process
* pgrep: Pass int to signalled process
* pgrep: Check sanity of SG_ARG_MAX
* pgrep: Add older than selection
* pidof: Quiet mode
* pidof: show worker threads
* ps.1: Mention stime alias
* ps: check also match on truncated 16 char comm names
* ps: Add exe output option
* ps: A lot more sorting available
* pwait: New command waits for a process
* sysctl: Match systemd directory order
* sysctl: Document directory order
* top: ensure config file backward compatibility
* top: add command line 'e' for symmetry with 'E'
* top: add '4' toggle for two abreast cpu display
* top: add '!' toggle for combining multiple cpus
* top: fix potential SEGV involving -p switch
* vmstat: Wide mode gives wider proc columns
* watch: Add environment variable for interval
* watch: Add no linewrap option
* watch: Support more colors
* free,uptime,slabtop: complain about extra ops
- Package translations in procps-lang.
- Fix pgrep: cannot allocate 4611686018427387903 bytes when ulimit -s is unlimited.
- Enable pidof by default
- Update to procps-ng-3.3.16
* library: Increment to 8:2:0
No removals or functions
Internal changes only, so revision is incremented.
Previous version should have been 8:1:0 not 8:0:1
* docs: Use correct symbols for -h option in free.1
* docs: ps.1 now warns about command name length
* docs: install translated man pages
* pgrep: Match on runstate
* snice: Fix matching on pid
* top: can now exploit 256-color terminals
* top: preserves 'other filters' in configuration file
* top: can now collapse/expand forest view children
* top: parent %CPU time includes collapsed children
* top: improve xterm support for vim navigation keys
* top: avoid segmentation fault at program termination
* "ps -C" does not allow anymore an argument longer than 15 characters (bsc#1158830)
libprocps8-3.3.17-150000.7.37.1.x86_64.rpm
procps-3.3.17-150000.7.37.1.src.rpm
procps-3.3.17-150000.7.37.1.x86_64.rpm
libprocps8-3.3.17-150000.7.37.1.s390x.rpm
procps-3.3.17-150000.7.37.1.s390x.rpm
libprocps8-3.3.17-150000.7.37.1.ppc64le.rpm
libprocps8-3.3.17-150000.7.37.1.aarch64.rpm
procps-3.3.17-150000.7.37.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4732
Security update for the Linux Kernel
important
SUSE Updates openSUSE-Leap-Micro 5.5
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-2006: Fixed a race condition in the RxRPC network protocol (bsc#1210447).
- CVE-2023-25775: Fixed improper access control in the Intel Ethernet Controller RDMA driver (bsc#1216959).
- CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215095)
- CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet() (bsc#1216976).
- CVE-2023-39198: Fixed a race condition leading to use-after-free in qxl_mode_dumb_create() (bsc#1216965).
- CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which could be exploited to achieve local privilege escalation (bsc#1215420).
- CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path() (bsc#1216058).
- CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may not be adequate for frames larger than the MTU (bsc#1216259).
- CVE-2023-46813: Fixed SEV-ES local priv escalation (bsc#1212649).
- CVE-2023-46862: Fixed a NULL pointer dereference in io_uring_show_fdinfo() (bsc#1216693).
- CVE-2023-5158: Fixed a denial of service in vringh_kiov_advance() in drivers/vhost/vringh.c in the host side of a virtio ring (bsc#1215710).
- CVE-2023-5633: Fixed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface (bsc#1216527).
- CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216584).
- CVE-2023-6039: Fixed a use-after-free in lan78xx_disconnect in drivers/net/usb/lan78xx.c (bsc#1217068).
- CVE-2023-6176: Fixed a denial of service in the cryptographic algorithm scatterwalk functionality (bsc#1217332).
The following non-security bugs were fixed:
- acpi: fpdt: properly handle invalid fpdt subtables (git-fixes).
- acpi: resource: do irq override on tongfang gmxxgxx (git-fixes).
- acpi: resource: skip irq override on asus expertbook b1402cva (git-fixes).
- acpi: sysfs: fix create_pnp_modalias() and create_of_modalias() (git-fixes).
- alsa: hda/realtek - add dell alc295 to pin fall back table (git-fixes).
- alsa: hda/realtek - alc287 realtek i2s speaker platform support (git-fixes).
- alsa: hda/realtek - enable internal speaker of asus k6500zc (git-fixes).
- alsa: hda/realtek: add quirk for asus ux7602zm (git-fixes).
- alsa: hda/realtek: add quirks for asus 2024 zenbooks (git-fixes).
- alsa: hda/realtek: add quirks for hp laptops (git-fixes).
- alsa: hda/realtek: add support dual speaker for dell (git-fixes).
- alsa: hda/realtek: enable mute led on hp 255 g10 (git-fixes).
- alsa: hda/realtek: enable mute led on hp 255 g8 (git-fixes).
- alsa: hda: asus um5302la: added quirks for cs35l41/10431a83 on i2c bus (git-fixes).
- alsa: hda: cs35l41: fix unbalanced pm_runtime_get() (git-fixes).
- alsa: hda: cs35l41: undo runtime pm changes at driver exit time (git-fixes).
- alsa: hda: disable power-save on kontron singlepc (bsc#1217140).
- alsa: hda: fix possible null-ptr-deref when assigning a stream (git-fixes).
- alsa: hda: intel-dsp-config: fix jsl chromebook quirk detection (git-fixes).
- alsa: info: fix potential deadlock at disconnection (git-fixes).
- alsa: usb-audio: add quirk flag to enable native dsd for mcintosh devices (git-fixes).
- arm/xen: fix xen_vcpu_info allocation alignment (git-fixes).
- arm64: add cortex-a520 cpu part definition (git-fixes)
- arm64: allow kprobes on el0 handlers (git-fixes)
- arm64: armv8_deprecated move emulation functions (git-fixes)
- arm64: armv8_deprecated: fix unused-function error (git-fixes)
- arm64: armv8_deprecated: fold ops into insn_emulation (git-fixes)
- arm64: armv8_deprecated: move aarch32 helper earlier (git-fixes)
- arm64: armv8_deprecated: rework deprected instruction handling (git-fixes)
- arm64: consistently pass esr_elx to die() (git-fixes)
- arm64: die(): pass 'err' as long (git-fixes)
- arm64: factor insn read out of call_undef_hook() (git-fixes)
- arm64: factor out el1 ssbs emulation hook (git-fixes)
- arm64: report el1 undefs better (git-fixes)
- arm64: rework bti exception handling (git-fixes)
- arm64: rework el0 mrs emulation (git-fixes)
- arm64: rework fpac exception handling (git-fixes)
- arm64: split el0/el1 undef handlers (git-fixes)
- arm: 9321/1: memset: cast the constant byte to unsigned char (git-fixes).
- asoc: ams-delta.c: use component after check (git-fixes).
- asoc: codecs: wsa-macro: fix uninitialized stack variables with name prefix (git-fixes).
- asoc: cs35l41: undo runtime pm changes at driver exit time (git-fixes).
- asoc: cs35l41: verify pm runtime resume errors in irq handler (git-fixes).
- asoc: fsl: fix pm disable depth imbalance in fsl_easrc_probe (git-fixes).
- asoc: fsl: mpc5200_dma.c: fix warning of function parameter or member not described (git-fixes).
- asoc: hdmi-codec: register hpd callback on component probe (git-fixes).
- asoc: intel: skylake: fix mem leak when parsing uuids fails (git-fixes).
- asoc: rt5650: fix the wrong result of key button (git-fixes).
- asoc: simple-card: fixup asoc_simple_probe() error handling (git-fixes).
- asoc: sof: core: ensure sof_ops_free() is still called when probe never ran (git-fixes).
- asoc: ti: omap-mcbsp: fix runtime pm underflow warnings (git-fixes).
- ata: pata_isapnp: add missing error check for devm_ioport_map() (git-fixes).
- atl1c: work around the dma rx overflow issue (git-fixes).
- atm: iphase: do pci error checks on own line (git-fixes).
- blk-mq: do not clear driver tags own mapping (bsc#1217366).
- blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping() (bsc#1217366).
- bluetooth: add device 0bda:887b to device tables (git-fixes).
- bluetooth: add device 13d3:3571 to device tables (git-fixes).
- bluetooth: btusb: add 0bda:b85b for fn-link rtl8852be (git-fixes).
- bluetooth: btusb: add date->evt_skb is null check (git-fixes).
- bluetooth: btusb: add realtek rtl8852be support id 0x0cb8:0xc559 (git-fixes).
- bluetooth: btusb: add rtw8852be device 13d3:3570 to device tables (git-fixes).
- btrfs: always log symlinks in full mode (bsc#1214840).
- can: dev: can_put_echo_skb(): do not crash kernel if can_priv::echo_skb is accessed out of bounds (git-fixes).
- can: dev: can_restart(): do not crash kernel if carrier is ok (git-fixes).
- can: dev: can_restart(): fix race condition between controller restart and netif_carrier_on() (git-fixes).
- can: isotp: add local echo tx processing for consecutive frames (git-fixes).
- can: isotp: fix race between isotp_sendsmg() and isotp_release() (git-fixes).
- can: isotp: fix tx state handling for echo tx processing (git-fixes).
- can: isotp: handle wait_event_interruptible() return values (git-fixes).
- can: isotp: isotp_bind(): return -einval on incorrect can id formatting (git-fixes).
- can: isotp: isotp_sendmsg(): fix tx state detection and wait behavior (git-fixes).
- can: isotp: remove re-binding of bound socket (git-fixes).
- can: isotp: sanitize can id checks in isotp_bind() (git-fixes).
- can: isotp: set max pdu size to 64 kbyte (git-fixes).
- can: isotp: split tx timer into transmission and timeout (git-fixes).
- can: sja1000: fix comment (git-fixes).
- clk: imx: imx8mq: correct error handling path (git-fixes).
- clk: imx: imx8qxp: fix elcdif_pll clock (git-fixes).
- clk: imx: select mxc_clk for clk_imx8qxp (git-fixes).
- clk: keystone: pll: fix a couple null vs is_err() checks (git-fixes).
- clk: mediatek: clk-mt2701: add check for mtk_alloc_clk_data (git-fixes).
- clk: mediatek: clk-mt6765: add check for mtk_alloc_clk_data (git-fixes).
- clk: mediatek: clk-mt6779: add check for mtk_alloc_clk_data (git-fixes).
- clk: mediatek: clk-mt6797: add check for mtk_alloc_clk_data (git-fixes).
- clk: mediatek: clk-mt7629-eth: add check for mtk_alloc_clk_data (git-fixes).
- clk: mediatek: clk-mt7629: add check for mtk_alloc_clk_data (git-fixes).
- clk: npcm7xx: fix incorrect kfree (git-fixes).
- clk: qcom: clk-rcg2: fix clock rate overflow for high parent frequencies (git-fixes).
- clk: qcom: config ipq_apss_6018 should depend on qcom_smem (git-fixes).
- clk: qcom: gcc-sm8150: fix gcc_sdcc2_apps_clk_src (git-fixes).
- clk: qcom: ipq6018: drop the clk_set_rate_parent flag from pll clocks (git-fixes).
- clk: qcom: mmcc-msm8998: do not check halt bit on some branch clks (git-fixes).
- clk: qcom: mmcc-msm8998: fix the smmu gdsc (git-fixes).
- clk: sanitize possible_parent_show to handle return value of of_clk_get_parent_name (git-fixes).
- clk: scmi: free scmi_clk allocated when the clocks with invalid info are skipped (git-fixes).
- clk: ti: add ti_dt_clk_name() helper to use clock-output-names (git-fixes).
- clk: ti: change ti_clk_register[_omap_hw]() api (git-fixes).
- clk: ti: fix double free in of_ti_divider_clk_setup() (git-fixes).
- clk: ti: update component clocks to use ti_dt_clk_name() (git-fixes).
- clk: ti: update pll and clockdomain clocks to use ti_dt_clk_name() (git-fixes).
- clocksource/drivers/timer-atmel-tcb: fix initialization on sam9 hardware (git-fixes).
- clocksource/drivers/timer-imx-gpt: fix potential memory leak (git-fixes).
- crypto: caam/jr - fix chacha20 + poly1305 self test failure (git-fixes).
- crypto: caam/qi2 - fix chacha20 + poly1305 self test failure (git-fixes).
- crypto: hisilicon/hpre - fix a erroneous check after snprintf() (git-fixes).
- disable loongson drivers loongson is a mips architecture, it does not make sense to build loongson drivers on other architectures.
- dmaengine: pxa_dma: remove an erroneous bug_on() in pxad_free_desc() (git-fixes).
- dmaengine: ste_dma40: fix pm disable depth imbalance in d40_probe (git-fixes).
- dmaengine: stm32-mdma: correct desc prep when channel running (git-fixes).
- dmaengine: ti: edma: handle irq_of_parse_and_map() errors (git-fixes).
- docs: net: move the probe and open/close sections of driver.rst up (bsc#1215458).
- docs: net: reformat driver.rst from a list to sections (bsc#1215458).
- docs: net: use c syntax highlight in driver.rst (bsc#1215458).
- documentation: networking: correct possessive "its" (bsc#1215458).
- drivers: hv: vmbus: remove unused extern declaration vmbus_ontimer() (git-fixes).
- drm/amd/display: avoid null dereference of timing generator (git-fixes).
- drm/amd/display: change the dmcub mailbox memory location from fb to inbox (git-fixes).
- drm/amd/display: refactor dm_get_plane_scale helper (git-fixes).
- drm/amd/display: remove useless check in should_enable_fbc() (git-fixes).
- drm/amd/display: use full update for clip size increase of large plane source (git-fixes).
- drm/amd/pm: handle non-terminated overdrive commands (git-fixes).
- drm/amd: disable aspm for vi w/ all intel systems (git-fixes).
- drm/amd: fix ubsan array-index-out-of-bounds for polaris and tonga (git-fixes).
- drm/amd: fix ubsan array-index-out-of-bounds for smu7 (git-fixes).
- drm/amd: move helper for dynamic speed switch check out of smu13 (git-fixes).
- drm/amd: update `update_pcie_parameters` functions to use uint8_t arguments (git-fixes).
- drm/amdgpu/vkms: fix a possible null pointer dereference (git-fixes).
- drm/amdgpu: add drv_vram_usage_va for virt data exchange (bsc#1215802).
- drm/amdgpu: add vram reservation based on vram_usagebyfirmware_v2_2 (git-fixes).
- drm/amdgpu: do not use atrm for external devices (git-fixes).
- drm/amdgpu: fix a null pointer access when the smc_rreg pointer is null (git-fixes).
- drm/amdgpu: fix error handling in amdgpu_bo_list_get() (git-fixes).
- drm/amdgpu: fix potential null pointer derefernce (git-fixes).
- drm/amdgpu: fix software pci_unplug on some chips (git-fixes).
- drm/amdgpu: not to save bo in the case of ras err_event_athub (git-fixes).
- drm/amdgpu: remove unnecessary domain argument (git-fixes).
- drm/amdgpu: reserve fences for vm update (git-fixes).
- drm/amdgpu: skip vram reserve on firmware_v2_2 for bare-metal (bsc#1215802).
- drm/amdkfd: fix a race condition of vram buffer unref in svm code (git-fixes).
- drm/amdkfd: fix shift out-of-bounds issue (git-fixes).
- drm/amdkfd: fix some race conditions in vram buffer alloc/free of svm code (git-fixes).
- drm/bridge: fix kernel-doc typo in desc of output_bus_cfg in drm_bridge_state (git-fixes).
- drm/bridge: lt8912b: add missing drm_bridge_attach call (git-fixes).
- drm/bridge: lt8912b: fix bridge_detach (git-fixes).
- drm/bridge: lt8912b: fix crash on bridge detach (git-fixes).
- drm/bridge: lt8912b: manually disable hpd only if it was enabled (git-fixes).
- drm/bridge: lt8912b: register and attach our dsi device at probe (git-fixes).
- drm/bridge: lt8912b: switch to devm mipi-dsi helpers (git-fixes).
- drm/bridge: lt9611uxc: fix the race in the error path (git-fixes).
- drm/bridge: lt9611uxc: register and attach our dsi device at probe (git-fixes).
- drm/bridge: lt9611uxc: switch to devm mipi-dsi helpers (git-fixes).
- drm/bridge: tc358768: clean up clock period code (git-fixes).
- drm/bridge: tc358768: disable non-continuous clock mode (git-fixes).
- drm/bridge: tc358768: fix bit updates (git-fixes).
- drm/bridge: tc358768: fix tc358768_ns_to_cnt() (git-fixes).
- drm/bridge: tc358768: fix use of uninitialized variable (git-fixes).
- drm/bridge: tc358768: print logical values, not raw register values (git-fixes).
- drm/bridge: tc358768: remove unused variable (git-fixes).
- drm/bridge: tc358768: rename dsibclk to hsbyteclk (git-fixes).
- drm/bridge: tc358768: use dev for dbg prints, not priv->dev (git-fixes).
- drm/bridge: tc358768: use struct videomode (git-fixes).
- drm/dp_mst: fix null deref in get_mst_branch_device_by_guid_helper() (git-fixes).
- drm/gma500: fix call trace when psb_gem_mm_init() fails (git-fixes).
- drm/gud: use size_add() in call to struct_size() (git-fixes).
- drm/i915/pmu: check if pmu is closed before stopping event (git-fixes).
- drm/i915: fix potential spectre vulnerability (git-fixes).
- drm/i915: flush wc ggtt only on required platforms (git-fixes).
- drm/komeda: drop all currently held locks if deadlock happens (git-fixes).
- drm/mediatek: fix iommu fault by swapping fbs after updating plane state (git-fixes).
- drm/mediatek: fix iommu fault during crtc enabling (git-fixes).
- drm/mipi-dsi: create devm device attachment (git-fixes).
- drm/mipi-dsi: create devm device registration (git-fixes).
- drm/msm/dp: skip validity check for dp cts edid checksum (git-fixes).
- drm/msm/dsi: free tx buffer in unbind (git-fixes).
- drm/msm/dsi: use msm_gem_kernel_put to free tx buffer (git-fixes).
- drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference (git-fixes).
- drm/panel: fix a possible null pointer dereference (git-fixes).
- drm/panel: simple: fix innolux g101ice-l01 bus flags (git-fixes).
- drm/panel: simple: fix innolux g101ice-l01 timings (git-fixes).
- drm/panel: st7703: pick different reset sequence (git-fixes).
- drm/qxl: prevent memory leak (git-fixes).
- drm/radeon: fix a possible null pointer dereference (git-fixes).
- drm/radeon: possible buffer overflow (git-fixes).
- drm/rockchip: cdn-dp: fix some error handling paths in cdn_dp_probe() (git-fixes).
- drm/rockchip: fix type promotion bug in rockchip_gem_iommu_map() (git-fixes).
- drm/rockchip: vop: fix call to crtc reset helper (git-fixes).
- drm/rockchip: vop: fix color for rgb888/bgr888 format on vop full (git-fixes).
- drm/rockchip: vop: fix reset of state in duplicate state crtc funcs (git-fixes).
- drm/syncobj: fix drm_syncobj_wait_flags_wait_available (git-fixes).
- drm/ttm: reorder sys manager cleanup step (git-fixes).
- drm/vc4: fix typo (git-fixes).
- drm/vmwgfx: remove the duplicate bo_free function (bsc#1216527)
- drm/vmwgfx: rename vmw_buffer_object to vmw_bo (bsc#1216527)
- drm: bridge: it66121: fix invalid connector dereference (git-fixes).
- drm: mediatek: mtk_dsi: fix no_eot_packet settings/handling (git-fixes).
- drm: vmwgfx_surface.c: copy user-array safely (git-fixes).
- dt-bindings: usb: hcd: add missing phy name to example (git-fixes).
- dt-bindings: usb: qcom,dwc3: fix example wakeup interrupt types (git-fixes).
- ensure ia32_emulation is always enabled for kernel-obs-build if ia32_emulation is disabled by default, ensure it is enabled back for obs kernel to allow building 32bit binaries (jsc#ped-3184) [ms: always pass the parameter, no need to grep through the config which may not be very reliable]
- fbdev: atyfb: only use ioremap_uc() on i386 and ia64 (git-fixes).
- fbdev: fsl-diu-fb: mark wr_reg_wa() static (git-fixes).
- fbdev: imsttfb: fix a resource leak in probe (git-fixes).
- fbdev: imsttfb: fix double free in probe() (git-fixes).
- fbdev: imsttfb: fix error path of imsttfb_probe() (git-fixes).
- fbdev: imsttfb: release framebuffer and dealloc cmap on error path (git-fixes).
- fbdev: omapfb: drop unused remove function (git-fixes).
- fbdev: uvesafb: call cn_del_callback() at the end of uvesafb_exit() (git-fixes).
- firewire: core: fix possible memory leak in create_units() (git-fixes).
- firmware/imx-dsp: fix use_after_free in imx_dsp_setup_channels() (git-fixes).
- fix termination state for idr_for_each_entry_ul() (git-fixes).
- fix x86/mm: print the encryption features in hyperv is disabled
- gpio: mockup: fix kerneldoc (git-fixes).
- gpio: mockup: remove unused field (git-fixes).
- gpu: host1x: correct allocated size for contexts (git-fixes).
- hid: add quirk for dell pro wireless keyboard and mouse km5221w (git-fixes).
- hid: cp2112: fix duplicate workqueue initialization (git-fixes).
- hid: hyperv: avoid struct memcpy overrun warning (git-fixes).
- hid: hyperv: remove unused struct synthhid_msg (git-fixes).
- hid: hyperv: replace one-element array with flexible-array member (git-fixes).
- hid: lenovo: detect quirk-free fw on cptkbd and stop applying workaround (git-fixes).
- hid: logitech-hidpp: do not restart io, instead defer hid_connect() only (git-fixes).
- hid: logitech-hidpp: move get_wireless_feature_index() check to hidpp_connect_event() (git-fixes).
- hid: logitech-hidpp: remove hidpp_quirk_no_hidinput quirk (git-fixes).
- hid: logitech-hidpp: revert "do not restart communication if not necessary" (git-fixes).
- hv: simplify sysctl registration (git-fixes).
- hv_netvsc: fix netvsc_send_completion to avoid multiple message length checks (git-fixes).
- hv_netvsc: fix race of netvsc and vf register_netdevice (git-fixes).
- hv_netvsc: fix race of register_netdevice_notifier and vf register (git-fixes).
- hv_netvsc: mark vf as slave before exposing it to user-mode (git-fixes).
- hwmon: (coretemp) fix potentially truncated sysfs attribute name (git-fixes).
- i2c: aspeed: fix i2c bus hang in slave read (git-fixes).
- i2c: core: run atomic i2c xfer when !preemptible (git-fixes).
- i2c: designware: disable tx_empty irq while waiting for block length byte (git-fixes).
- i2c: dev: copy userspace array safely (git-fixes).
- i2c: i801: fix potential race in i801_block_transaction_byte_by_byte (git-fixes).
- i2c: iproc: handle invalid slave state (git-fixes).
- i2c: muxes: i2c-demux-pinctrl: use of_get_i2c_adapter_by_node() (git-fixes).
- i2c: muxes: i2c-mux-gpmux: use of_get_i2c_adapter_by_node() (git-fixes).
- i2c: muxes: i2c-mux-pinctrl: use of_get_i2c_adapter_by_node() (git-fixes).
- i2c: stm32f7: fix pec handling in case of smbus transfers (git-fixes).
- i2c: sun6i-p2wi: prevent potential division by zero (git-fixes).
- i3c: fix potential refcount leak in i3c_master_register_new_i3c_devs (git-fixes).
- i3c: master: cdns: fix reading status register (git-fixes).
- i3c: master: mipi-i3c-hci: fix a kernel panic for accessing dat_data (git-fixes).
- i3c: master: svc: fix check wrong status register in irq handler (git-fixes).
- i3c: master: svc: fix ibi may not return mandatory data byte (git-fixes).
- i3c: master: svc: fix race condition in ibi work thread (git-fixes).
- i3c: master: svc: fix sda keep low when polling ibiwon timeout happen (git-fixes).
- i3c: master: svc: fix wrong data return when ibi happen during start frame (git-fixes).
- i3c: mipi-i3c-hci: fix out of bounds access in hci_dma_irq_handler (git-fixes).
- i915/perf: fix null deref bugs with drm_dbg() calls (git-fixes).
- idpf: add controlq init and reset checks (bsc#1215458).
- idpf: add core init and interrupt request (bsc#1215458).
- idpf: add create vport and netdev configuration (bsc#1215458).
- idpf: add ethtool callbacks (bsc#1215458).
- idpf: add module register and probe functionality (bsc#1215458).
- idpf: add ptypes and mac filter support (bsc#1215458).
- idpf: add rx splitq napi poll support (bsc#1215458).
- idpf: add singleq start_xmit and napi poll (bsc#1215458).
- idpf: add splitq start_xmit (bsc#1215458).
- idpf: add sriov support and other ndo_ops (bsc#1215458).
- idpf: add tx splitq napi poll support (bsc#1215458).
- idpf: cancel mailbox work in error path (bsc#1215458).
- idpf: configure resources for rx queues (bsc#1215458).
- idpf: configure resources for tx queues (bsc#1215458).
- idpf: fix potential use-after-free in idpf_tso() (bsc#1215458).
- idpf: initialize interrupts and enable vport (bsc#1215458).
- idpf: set scheduling mode for completion queue (bsc#1215458).
- iio: adc: xilinx-xadc: correct temperature offset/scale for ultrascale (git-fixes).
- iio: adc: xilinx-xadc: do not clobber preset voltage/temperature thresholds (git-fixes).
- iio: exynos-adc: request second interupt only when touchscreen mode is used (git-fixes).
- input: synaptics-rmi4 - fix use after free in rmi_unregister_function() (git-fixes).
- input: synaptics-rmi4 - handle reset delay when using smbus trsnsport (git-fixes).
- input: xpad - add vid for turtle beach controllers (git-fixes).
- irqchip/stm32-exti: add missing dt irq flag translation (git-fixes).
- kabi/severities: ignore kabi in rxrpc (bsc#1210447) the rxrpc module is built since sle15-sp3 but it is not shipped as part of any sle product, only in leap (in kernel-*-optional).
- kernel-binary: suse-module-tools is also required when installed requires(pre) adds dependency for the specific sciptlet. however, suse-module-tools also ships modprobe.d files which may be needed at posttrans time or any time the kernel is on the system for generating ramdisk. add plain requires as well.
- kernel-source: move provides after sources
- kernel/fork: beware of __put_task_struct() calling context (bsc#1216761).
- leds: pwm: do not disable the pwm when the led should be off (git-fixes).
- leds: trigger: ledtrig-cpu:: fix 'output may be truncated' issue for 'cpu' (git-fixes).
- leds: turris-omnia: do not use smbus calls (git-fixes).
- lsm: fix default return value for inode_getsecctx (git-fixes).
- lsm: fix default return value for vm_enough_memory (git-fixes).
- media: bttv: fix use after free error due to btv->timeout timer (git-fixes).
- media: ccs: correctly initialise try compose rectangle (git-fixes).
- media: ccs: fix driver quirk struct documentation (git-fixes).
- media: cedrus: fix clock/reset sequence (git-fixes).
- media: cobalt: use field_get() to extract link width (git-fixes).
- media: gspca: cpia1: shift-out-of-bounds in set_flicker (git-fixes).
- media: i2c: max9286: fix some redundant of_node_put() calls (git-fixes).
- media: imon: fix access to invalid resource for the second interface (git-fixes).
- media: lirc: drop trailing space from scancode transmit (git-fixes).
- media: qcom: camss: fix missing vfe_lite clocks check (git-fixes).
- media: qcom: camss: fix pm_domain_on sequence in probe (git-fixes).
- media: qcom: camss: fix vfe-17x vfe_disable_output() (git-fixes).
- media: qcom: camss: fix vfe_get() error jump (git-fixes).
- media: sharp: fix sharp encoding (git-fixes).
- media: siano: drop unnecessary error check for debugfs_create_dir/file() (git-fixes).
- media: venus: hfi: add checks to handle capabilities from firmware (git-fixes).
- media: venus: hfi: add checks to perform sanity on queue pointers (git-fixes).
- media: venus: hfi: fix the check to handle session buffer requirement (git-fixes).
- media: venus: hfi_parser: add check to keep the number of codecs within range (git-fixes).
- media: vidtv: mux: add check and kfree for kstrdup (git-fixes).
- media: vidtv: psi: add check for kstrdup (git-fixes).
- media: vivid: avoid integer overflow (git-fixes).
- mfd: arizona-spi: set pdata.hpdet_channel for acpi enumerated devs (git-fixes).
- mfd: core: ensure disabled devices are skipped without aborting (git-fixes).
- mfd: dln2: fix double put in dln2_probe (git-fixes).
- misc: fastrpc: clean buffers on remote invocation failures (git-fixes).
- misc: pci_endpoint_test: add device id for r-car s4-8 pcie controller (git-fixes).
- mm/hmm: fault non-owner device private entries (bsc#1216844, jsc#ped-7237, git-fixes).
- mmc: block: be sure to wait while busy in cqe error recovery (git-fixes).
- mmc: block: do not lose cache flush during cqe error recovery (git-fixes).
- mmc: block: retry commands in cqe error recovery (git-fixes).
- mmc: cqhci: fix task clearing in cqe error recovery (git-fixes).
- mmc: cqhci: increase recovery halt timeout (git-fixes).
- mmc: cqhci: warn of halt or task clear failure (git-fixes).
- mmc: meson-gx: remove setting of cmd_cfg_error (git-fixes).
- mmc: sdhci-pci-gli: a workaround to allow gl9750 to enter aspm l1.2 (git-fixes).
- mmc: sdhci-pci-gli: gl9750: mask the replay timer timeout of aer (git-fixes).
- mmc: sdhci_am654: fix start loop index for tap value parsing (git-fixes).
- mmc: vub300: fix an error code (git-fixes).
- modpost: fix tee module_device_table built on big-endian host (git-fixes).
- mt76: dma: use kzalloc instead of devm_kzalloc for txwi (git-fixes).
- mtd: cfi_cmdset_0001: byte swap otp info (git-fixes).
- mtd: rawnand: arasan: include ecc syndrome along with in-band data while checking for ecc failure (git-fixes).
- net-memcg: fix scope of sockmem pressure indicators (bsc#1216759).
- net: add macro netif_subqueue_completed_wake (bsc#1215458).
- net: avoid address overwrite in kernel_connect (bsc#1216861).
- net: fix use-after-free in tw_timer_handler (bsc#1217195).
- net: ieee802154: adf7242: fix some potential buffer overflow in adf7242_stats_show() (git-fixes).
- net: mana: fix return type of mana_start_xmit() (git-fixes).
- net: piggy back on the memory barrier in bql when waking queues (bsc#1215458).
- net: provide macros for commonly copied lockless queue stop/wake code (bsc#1215458).
- net: usb: ax88179_178a: fix failed operations during ax88179_reset (git-fixes).
- net: usb: smsc95xx: fix uninit-value access in smsc95xx_read_reg (git-fixes).
- nfs: fix access to page->mapping (bsc#1216788).
- nvme: update firmware version after commit (bsc#1215292).
- pci/aspm: fix l1 substate handling in aspm_attr_store_common() (git-fixes).
- pci/sysfs: protect driver's d3cold preference from user space (git-fixes).
- pci: disable ats for specific intel ipu e2000 devices (bsc#1215458).
- pci: extract ats disabling to a helper function (bsc#1215458).
- pci: exynos: do not discard .remove() callback (git-fixes).
- pci: keystone: do not discard .probe() callback (git-fixes).
- pci: keystone: do not discard .remove() callback (git-fixes).
- pci: prevent xhci driver from claiming amd vangogh usb3 drd device (git-fixes).
- pci: tegra194: use field_get()/field_prep() with link width fields (git-fixes).
- pci: use field_get() in sapphire rx 5600 xt pulse quirk (git-fixes).
- pci: use field_get() to extract link width (git-fixes).
- pci: vmd: correct pci header type register's multi-function check (git-fixes).
- pcmcia: cs: fix possible hung task and memory leak pccardd() (git-fixes).
- pcmcia: ds: fix possible name leak in error path in pcmcia_device_add() (git-fixes).
- pcmcia: ds: fix refcount leak in pcmcia_device_add() (git-fixes).
- pinctrl: avoid reload of p state in list iteration (git-fixes).
- platform/x86/intel-uncore-freq: return error on write frequency (bsc#1217147).
- platform/x86/intel-uncore-freq: split common and enumeration part (bsc#1217147).
- platform/x86/intel-uncore-freq: support for cluster level controls (bsc#1217147).
- platform/x86/intel-uncore-freq: tpmi: provide cluster level control (bsc#1217147).
- platform/x86/intel-uncore-freq: uncore frequency control via tpmi (bsc#1217147).
- platform/x86/intel/tpmi: add tpmi external interface for tpmi feature drivers (bsc#1217147).
- platform/x86/intel/tpmi: fix double free reported by smatch (bsc#1217147).
- platform/x86/intel/tpmi: process cpu package mapping (bsc#1217147).
- platform/x86/intel/uncore-freq: display uncore current frequency (bsc#1217147).
- platform/x86/intel/uncore-freq: move to uncore-frequency folder (bsc#1217147).
- platform/x86/intel/uncore-freq: use sysfs api to create attributes (bsc#1217147).
- platform/x86/intel/vsec: add tpmi id (bsc#1217147).
- platform/x86/intel/vsec: enhance and export intel_vsec_add_aux() (bsc#1217147).
- platform/x86/intel/vsec: support private data (bsc#1217147).
- platform/x86/intel/vsec: use mutex for ida_alloc() and ida_free() (bsc#1217147).
- platform/x86/intel: intel tpmi enumeration driver (bsc#1217147).
- platform/x86/intel: tpmi: fix double free in tpmi_create_device() (bsc#1217147).
- platform/x86: intel-uncore-freq: add client processors (bsc#1217147).
- platform/x86: intel-uncore-freq: conditionally create attribute for read frequency (bsc#1217147).
- platform/x86: intel-uncore-freq: fix uncore_freq_common_init() error codes (bsc#1217147).
- platform/x86: intel-uncore-freq: prevent driver loading in guests (bsc#1217147).
- platform/x86: intel-uncore-freq: use sysfs_emit() to instead of scnprintf() (bsc#1217147).
- platform/x86: intel-uncore-frequency: move to intel sub-directory (bsc#1217147).
- platform/x86: intel-uncore-frequency: use default_groups in kobj_type (bsc#1217147).
- platform/x86: thinkpad_acpi: add battery quirk for thinkpad x120e (git-fixes).
- platform/x86: wmi: fix opening of char device (git-fixes).
- platform/x86: wmi: fix probe failure when failing to register wmi devices (git-fixes).
- platform/x86: wmi: remove unnecessary initializations (git-fixes).
- pm / devfreq: rockchip-dfi: make pmu regmap mandatory (git-fixes).
- pm: hibernate: use __get_safe_page() rather than touching the list (git-fixes).
- powerpc/perf/hv-24x7: update domain value check (bsc#1215931).
- powerpc/vas: limit open window failure messages in log bufffer (bsc#1216687 ltc#203927).
- powerpc: do not clobber f0/vs0 during fp|altivec register save (bsc#1217780).
- pwm: brcmstb: utilize appropriate clock apis in suspend/resume (git-fixes).
- pwm: fix double shift bug (git-fixes).
- pwm: sti: reduce number of allocations and drop usage of chip_data (git-fixes).
- quota: fix slow quotaoff (bsc#1216621).
- r8152: cancel hw_phy_work if we have an error in probe (git-fixes).
- r8152: check for unplug in r8153b_ups_en() / r8153c_ups_en() (git-fixes).
- r8152: check for unplug in rtl_phy_patch_request() (git-fixes).
- r8152: increase usb control msg timeout to 5000ms as per spec (git-fixes).
- r8152: release firmware if we have an error in probe (git-fixes).
- r8152: run the unload routine if we have errors during probe (git-fixes).
- regmap: debugfs: fix a erroneous check after snprintf() (git-fixes).
- regmap: ensure range selector registers are updated after cache sync (git-fixes).
- regmap: prevent noinc writes from clobbering cache (git-fixes).
- revert "i2c: pxa: move to generic gpio recovery" (git-fixes).
- revert "mmc: core: capture correct oemid-bits for emmc cards" (git-fixes).
- revert "tracing: fix warning in trace_buffered_event_disable()" (bsc#1217036)
- revert amdgpu patches that caused a regression (bsc#1215802)
- rpm/check-for-config-changes: add as_wruss to ignored_configs_re add as_wruss as an ignored_configs_re entry in check-for-config-changes to fix build on x86_32. there was a fix submitted to upstream but it was not accepted: https://lore.kernel.org/all/20231031140504.gczuejkmpxsredh3ma@fat_crate.local/ so carry this in ignored_configs_re instead.
- rpm/check-for-config-changes: add have_shadow_call_stack to ignored_configs_re not supported by our compiler.
- rpm/mkspec-dtb: add riscv64 dtb-allwinner subpackage
- run scripts/renamepatches for sle15-sp4
- s390/ap: fix ap bus crash on early config change callback invocation (git-fixes bsc#1217687).
- s390/cio: unregister device when the only path is gone (git-fixes bsc#1217609).
- s390/cmma: fix detection of dat pages (ltc#203997 bsc#1217086).
- s390/cmma: fix handling of swapper_pg_dir and invalid_pg_dir (ltc#203997 bsc#1217086).
- s390/cmma: fix initial kernel address space page table walk (ltc#203997 bsc#1217086).
- s390/crashdump: fix tod programmable field size (git-fixes bsc#1217205).
- s390/dasd: fix hanging device after request requeue (git-fixes ltc#203629 bsc#1215124).
- s390/dasd: protect device queue against concurrent access (git-fixes bsc#1217515).
- s390/dasd: use correct number of retries for erp requests (git-fixes bsc#1217598).
- s390/ipl: add missing ipl_type_eckd_dump case to ipl_init() (git-fixes bsc#1217511).
- s390/ipl: add missing secure/has_secure file to ipl type 'unknown' (bsc#1214976 git-fixes).
- s390/mm: add missing arch_set_page_dat() call to gmap allocations (ltc#203997 bsc#1217086).
- s390/mm: add missing arch_set_page_dat() call to vmem_crst_alloc() (ltc#203997 bsc#1217086).
- s390/pkey: fix/harmonize internal keyblob headers (git-fixes bsc#1217200).
- s390/ptrace: fix ptrace_get_last_break error handling (git-fixes bsc#1217599).
- sbitmap: fix batched wait_cnt accounting (bsc#1217095 bsc#1217196).
- sbitmap: fix up kabi for sbitmap_queue_wake_up() (bsc#1217095 bsc#1217196).
- sbsa_gwdt: calculate timeout with 64-bit math (git-fixes).
- scsi: lpfc: copyright updates for 14.2.0.16 patches (bsc#1217731).
- scsi: lpfc: correct maximum pci function value for ras fw logging (bsc#1217731).
- scsi: lpfc: eliminate unnecessary relocking in lpfc_check_nlp_post_devloss() (bsc#1217731).
- scsi: lpfc: enhance driver logging for selected discovery events (bsc#1217731).
- scsi: lpfc: fix list_entry null check warning in lpfc_cmpl_els_plogi() (bsc#1217731).
- scsi: lpfc: fix possible file string name overflow when updating firmware (bsc#1217731).
- scsi: lpfc: introduce log_node_verbose messaging flag (bsc#1217124).
- scsi: lpfc: refactor and clean up mailbox command memory free (bsc#1217731).
- scsi: lpfc: reject received prlis with only initiator fcn role for npiv ports (bsc#1217124).
- scsi: lpfc: remove unnecessary zero return code assignment in lpfc_sli4_hba_setup (bsc#1217124).
- scsi: lpfc: return early in lpfc_poll_eratt() when the driver is unloading (bsc#1217731).
- scsi: lpfc: treat ioerr_sli_down i/o completion status the same as pci offline (bsc#1217124).
- scsi: lpfc: update lpfc version to 14.2.0.15 (bsc#1217124).
- scsi: lpfc: update lpfc version to 14.2.0.16 (bsc#1217731).
- scsi: lpfc: validate els ls_acc completion payload (bsc#1217124).
- scsi: qla2xxx: fix double free of dsd_list during driver load (git-fixes).
- scsi: qla2xxx: use field_get() to extract pcie capability fields (git-fixes).
- selftests/efivarfs: create-read: fix a resource leak (git-fixes).
- selftests/pidfd: fix ksft print formats (git-fixes).
- selftests/resctrl: ensure the benchmark commands fits to its array (git-fixes).
- selftests/resctrl: reduce failures due to outliers in mba/mbm tests (git-fixes).
- selftests/resctrl: remove duplicate feature check from cmt test (git-fixes).
- seq_buf: fix a misleading comment (git-fixes).
- serial: exar: revert "serial: exar: add support for sealevel 7xxxc serial cards" (git-fixes).
- serial: meson: use platform_get_irq() to get the interrupt (git-fixes).
- soc: qcom: llcc: handle a second device without data corruption (git-fixes).
- spi: nxp-fspi: use the correct ioremap function (git-fixes).
- spi: spi-zynq-qspi: add spi-mem to driver kconfig dependencies (git-fixes).
- spi: tegra: fix missing irq check in tegra_slink_probe() (git-fixes).
- staging: media: ipu3: remove ftrace-like logging (git-fixes).
- string.h: add array-wrappers for (v)memdup_user() (git-fixes).
- supported.conf: marked idpf supported
- thermal: core: prevent potential string overflow (git-fixes).
- treewide: spelling fix in comment (git-fixes).
- tty/sysrq: replace smp_processor_id() with get_cpu() (git-fixes).
- tty: 8250: add brainboxes oxford semiconductor-based quirks (git-fixes).
- tty: 8250: add support for additional brainboxes px cards (git-fixes).
- tty: 8250: add support for additional brainboxes uc cards (git-fixes).
- tty: 8250: add support for brainboxes up cards (git-fixes).
- tty: 8250: add support for intashield is-100 (git-fixes).
- tty: 8250: add support for intashield ix cards (git-fixes).
- tty: 8250: fix port count of px-257 (git-fixes).
- tty: 8250: fix up px-803/px-857 (git-fixes).
- tty: 8250: remove uc-257 and uc-431 (git-fixes).
- tty: fix uninit-value access in ppp_sync_receive() (git-fixes).
- tty: n_gsm: fix race condition in status line change on dead connections (git-fixes).
- tty: serial: meson: fix hard lockup on crtscts mode (git-fixes).
- tty: tty_jobctrl: fix pid memleak in disassociate_ctty() (git-fixes).
- tty: vcc: add check for kstrdup() in vcc_probe() (git-fixes).
- update ath11k hibernation fix patch set (bsc#1207948)
- update metadata s390-ipl-add-missing-secure-has_secure-file-to-ipl-type-unknown (bsc#1214976 git-fixes).
- usb: cdnsp: fix deadlock issue during using ncm gadget (git-fixes).
- usb: chipidea: fix dma overwrite for tegra (git-fixes).
- usb: chipidea: simplify tegra dma alignment code (git-fixes).
- usb: dwc2: fix possible null pointer dereference caused by driver concurrency (git-fixes).
- usb: dwc2: write hcint with intmask applied (bsc#1214286).
- usb: dwc3: fix default mode initialization (git-fixes).
- usb: dwc3: qcom: fix acpi platform device leak (git-fixes).
- usb: dwc3: qcom: fix resource leaks on probe deferral (git-fixes).
- usb: dwc3: qcom: fix software node leak on probe errors (git-fixes).
- usb: dwc3: qcom: fix wakeup after probe deferral (git-fixes).
- usb: dwc3: set the dma max_seg_size (git-fixes).
- usb: gadget: f_ncm: always set current gadget in ncm_bind() (git-fixes).
- usb: raw-gadget: properly handle interrupted requests (git-fixes).
- usb: serial: option: add fibocom l7xx modules (git-fixes).
- usb: serial: option: do not claim interface 4 for zte mf290 (git-fixes).
- usb: serial: option: fix fm101r-gl defines (git-fixes).
- usb: storage: set 1.50 as the lower bcddevice for older "super top" compatibility (git-fixes).
- usb: typec: tcpm: fix null pointer dereference in tcpm_pd_svdm() (git-fixes).
- usb: typec: tcpm: skip hard reset when in error recovery (git-fixes).
- usb: usbip: fix stub_dev hub disconnect (git-fixes).
- virtchnl: add virtchnl version 2 ops (bsc#1215458).
- wifi: ath10k: do not touch the ce interrupt registers after power up (git-fixes).
- wifi: ath10k: fix clang-specific fortify warning (git-fixes).
- wifi: ath11k: debugfs: fix to work with multiple pci devices (git-fixes).
- wifi: ath11k: fix dfs radar event locking (git-fixes).
- wifi: ath11k: fix gtk offload status event locking (git-fixes).
- wifi: ath11k: fix htt pktlog locking (git-fixes).
- wifi: ath11k: fix temperature event locking (git-fixes).
- wifi: ath9k: fix clang-specific fortify warnings (git-fixes).
- wifi: iwlwifi: call napi_synchronize() before freeing rx/tx queues (git-fixes).
- wifi: iwlwifi: empty overflow queue during flush (git-fixes).
- wifi: iwlwifi: honor the enable_ini value (git-fixes).
- wifi: iwlwifi: pcie: synchronize irqs before napi (git-fixes).
- wifi: iwlwifi: use fw rate for non-data frames (git-fixes).
- wifi: mac80211: do not return unset power in ieee80211_get_tx_power() (git-fixes).
- wifi: mac80211: fix # of msdu in a-msdu calculation (git-fixes).
- wifi: mt76: mt7603: rework/fix rx pse hang check (git-fixes).
- wifi: rtlwifi: fix edca limit set by bt coexistence (git-fixes).
- wifi: rtw88: debug: fix the null vs is_err() bug for debugfs_create_file() (git-fixes).
- x86/alternative: add a __alt_reloc_selftest() prototype (git-fixes).
- x86/cpu: clear svm feature if disabled by bios (bsc#1214700).
- x86/cpu: fix amd erratum #1485 on zen4-based cpus (git-fixes).
- x86/fpu: set x86_feature_osxsave feature after enabling osxsave in cr4 (git-fixes).
- x86/hyperv: add hv_expose_invariant_tsc define (git-fixes).
- x86/hyperv: fix a warning in mshyperv.h (git-fixes).
- x86/hyperv: improve code for referencing hyperv_pcpu_input_arg (git-fixes).
- x86/hyperv: make hv_get_nmi_reason public (git-fixes).
- x86/sev: do not try to parse for the cc blob on non-amd hardware (git-fixes).
- x86/sev: fix calculation of end address based on number of pages (git-fixes).
- x86/sev: use the ghcb protocol when available for snp cpuid requests (git-fixes).
- x86: move gds_ucode_mitigated() declaration to header (git-fixes).
- xfs: add attr state machine tracepoints (git-fixes).
- xfs: can't use kmem_zalloc() for attribute buffers (bsc#1216909).
- xfs: constify btree function parameters that are not modified (git-fixes).
- xfs: convert agf log flags to unsigned (git-fixes).
- xfs: convert agi log flags to unsigned (git-fixes).
- xfs: convert attr type flags to unsigned (git-fixes).
- xfs: convert bmap extent type flags to unsigned (git-fixes).
- xfs: convert bmapi flags to unsigned (git-fixes).
- xfs: convert btree buffer log flags to unsigned (git-fixes).
- xfs: convert buffer flags to unsigned (git-fixes).
- xfs: convert buffer log item flags to unsigned (git-fixes).
- xfs: convert da btree operations flags to unsigned (git-fixes).
- xfs: convert dquot flags to unsigned (git-fixes).
- xfs: convert inode lock flags to unsigned (git-fixes).
- xfs: convert log item tracepoint flags to unsigned (git-fixes).
- xfs: convert log ticket and iclog flags to unsigned (git-fixes).
- xfs: convert quota options flags to unsigned (git-fixes).
- xfs: convert scrub type flags to unsigned (git-fixes).
- xfs: disambiguate units for ftrace fields tagged "blkno", "block", or "bno" (git-fixes).
- xfs: disambiguate units for ftrace fields tagged "count" (git-fixes).
- xfs: disambiguate units for ftrace fields tagged "len" (git-fixes).
- xfs: disambiguate units for ftrace fields tagged "offset" (git-fixes).
- xfs: make the key parameters to all btree key comparison functions const (git-fixes).
- xfs: make the key parameters to all btree query range functions const (git-fixes).
- xfs: make the keys and records passed to btree inorder functions const (git-fixes).
- xfs: make the pointer passed to btree set_root functions const (git-fixes).
- xfs: make the start pointer passed to btree alloc_block functions const (git-fixes).
- xfs: make the start pointer passed to btree update_lastrec functions const (git-fixes).
- xfs: mark the record passed into btree init_key functions as const (git-fixes).
- xfs: mark the record passed into xchk_btree functions as const (git-fixes).
- xfs: remove xfs_btree_cur_t typedef (git-fixes).
- xfs: rename i_disk_size fields in ftrace output (git-fixes).
- xfs: resolve fork names in trace output (git-fixes).
- xfs: standardize ag block number formatting in ftrace output (git-fixes).
- xfs: standardize ag number formatting in ftrace output (git-fixes).
- xfs: standardize daddr formatting in ftrace output (git-fixes).
- xfs: standardize inode generation formatting in ftrace output (git-fixes).
- xfs: standardize inode number formatting in ftrace output (git-fixes).
- xfs: standardize remaining xfs_buf length tracepoints (git-fixes).
- xfs: standardize rmap owner number formatting in ftrace output (git-fixes).
- xhci: Loosen RPM as default policy to cover for AMD xHC 1.1 (git-fixes).
- xhci: enable rpm on controllers that support low-power states (git-fixes).
kernel-rt-5.14.21-150500.13.27.2.nosrc.rpm
True
kernel-rt-5.14.21-150500.13.27.2.x86_64.rpm
True
openSUSE-Leap-Micro-5.5-2023-4869
Security update for tiff
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for tiff fixes the following issues:
- CVE-2023-2731: Fix null pointer deference in LZWDecode() (bsc#1211478).
- CVE-2023-1916: Fix out-of-bounds read in extractImageSection() (bsc#1210231).
- CVE-2023-26965: Fix heap-based use after free in loadImage() (bsc#1212398).
- CVE-2022-40090: Fix infinite loop in TIFFReadDirectory() (bsc#1214680).
libtiff5-4.0.9-150000.45.35.1.x86_64.rpm
tiff-4.0.9-150000.45.35.1.src.rpm
libtiff5-4.0.9-150000.45.35.1.s390x.rpm
libtiff5-4.0.9-150000.45.35.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-16
Recommended update for biosdevname
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for biosdevname fixes the following issues:
Update to version 0.7.3.7.g495ab76 (bsc#1217455):
* Add SMBIOS 3.x support
* Read DMI entries from /sys/firmware/dmi/tables/DMI
* Add buffer read helper using read explicitly
* man: fix all_ethN indentation
* Netronome biosdevname support (#8)
* Prevent infinite recursion in dmidecode.c::smbios_setslot by (#7)
* Add support for ExaNIC network cards (#5)
biosdevname-0.7.3.7.g495ab76-150000.5.6.1.src.rpm
biosdevname-0.7.3.7.g495ab76-150000.5.6.1.x86_64.rpm
openSUSE-Leap-Micro-5.5-2024-73
Recommended update for sssd
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for sssd fixes the following issues:
- Only send cldap-ping to our local domain; (bsc#1217319); (gh#SSSD/sssd#5822)
- Do not write kdc info file for GC lookup; (bsc#1217319); (gh#SSSD/sssd#5956)
- sssd Unable to obtain cached rules filling up sssd_sudo.log
libsss_certmap0-2.5.2-150500.10.11.1.x86_64.rpm
libsss_idmap0-2.5.2-150500.10.11.1.x86_64.rpm
libsss_nss_idmap0-2.5.2-150500.10.11.1.x86_64.rpm
sssd-2.5.2-150500.10.11.1.src.rpm
sssd-2.5.2-150500.10.11.1.x86_64.rpm
sssd-common-2.5.2-150500.10.11.1.x86_64.rpm
sssd-krb5-common-2.5.2-150500.10.11.1.x86_64.rpm
sssd-ldap-2.5.2-150500.10.11.1.x86_64.rpm
libsss_certmap0-2.5.2-150500.10.11.1.s390x.rpm
libsss_idmap0-2.5.2-150500.10.11.1.s390x.rpm
libsss_nss_idmap0-2.5.2-150500.10.11.1.s390x.rpm
sssd-2.5.2-150500.10.11.1.s390x.rpm
sssd-common-2.5.2-150500.10.11.1.s390x.rpm
sssd-krb5-common-2.5.2-150500.10.11.1.s390x.rpm
sssd-ldap-2.5.2-150500.10.11.1.s390x.rpm
libsss_certmap0-2.5.2-150500.10.11.1.aarch64.rpm
libsss_idmap0-2.5.2-150500.10.11.1.aarch64.rpm
libsss_nss_idmap0-2.5.2-150500.10.11.1.aarch64.rpm
sssd-2.5.2-150500.10.11.1.aarch64.rpm
sssd-common-2.5.2-150500.10.11.1.aarch64.rpm
sssd-krb5-common-2.5.2-150500.10.11.1.aarch64.rpm
sssd-ldap-2.5.2-150500.10.11.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-62
Recommended update for libxcrypt
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for libxcrypt fixes the following issues:
- fix variable name for datamember [bsc#1215496]
- added patches fix https://github.com/besser82/libxcrypt/commit/b212d601549a0fc84cbbcaf21b931f903787d7e2
libcrypt1-4.4.15-150300.4.7.1.x86_64.rpm
libxcrypt-4.4.15-150300.4.7.1.src.rpm
libxcrypt-devel-4.4.15-150300.4.7.1.x86_64.rpm
libcrypt1-4.4.15-150300.4.7.1.s390x.rpm
libxcrypt-devel-4.4.15-150300.4.7.1.s390x.rpm
libcrypt1-4.4.15-150300.4.7.1.aarch64.rpm
libxcrypt-devel-4.4.15-150300.4.7.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4962
Recommended update for curl
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for curl fixes the following issues:
- libssh: Implement SFTP packet size limit (bsc#1216987)
This update also ships curl to the INSTALLER channel.
curl-8.0.1-150400.5.41.1.src.rpm
True
curl-8.0.1-150400.5.41.1.x86_64.rpm
True
libcurl4-8.0.1-150400.5.41.1.x86_64.rpm
True
curl-8.0.1-150400.5.41.1.s390x.rpm
True
libcurl4-8.0.1-150400.5.41.1.s390x.rpm
True
curl-8.0.1-150400.5.41.1.aarch64.rpm
True
libcurl4-8.0.1-150400.5.41.1.aarch64.rpm
True
openSUSE-Leap-Micro-5.5-2023-4891
Security update for ncurses
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for ncurses fixes the following issues:
- CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014)
- Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384)
libncurses6-6.1-150000.5.20.1.x86_64.rpm
ncurses-6.1-150000.5.20.1.src.rpm
ncurses-utils-6.1-150000.5.20.1.x86_64.rpm
terminfo-6.1-150000.5.20.1.x86_64.rpm
terminfo-base-6.1-150000.5.20.1.x86_64.rpm
libncurses6-6.1-150000.5.20.1.s390x.rpm
ncurses-utils-6.1-150000.5.20.1.s390x.rpm
terminfo-6.1-150000.5.20.1.s390x.rpm
terminfo-base-6.1-150000.5.20.1.s390x.rpm
libncurses6-6.1-150000.5.20.1.aarch64.rpm
ncurses-utils-6.1-150000.5.20.1.aarch64.rpm
terminfo-6.1-150000.5.20.1.aarch64.rpm
terminfo-base-6.1-150000.5.20.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-70
Security update for tar
low
SUSE Updates openSUSE-Leap-Micro 5.5
This update for tar fixes the following issues:
- CVE-2023-39804: Fixed extension attributes in PAX archives incorrect hanling (bsc#1217969).
tar-1.34-150000.3.34.1.src.rpm
tar-1.34-150000.3.34.1.x86_64.rpm
tar-1.34-150000.3.34.1.s390x.rpm
tar-1.34-150000.3.34.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-26
Recommended update for mozilla-nss
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for mozilla-nss fixes the following issues:
Mozilla NSS was updated to NSS 3.90.1
* regenerate NameConstraints test certificates.
* add OSXSAVE and XCR0 tests to AVX2 detection.
libfreebl3-3.90.1-150400.3.35.2.x86_64.rpm
libsoftokn3-3.90.1-150400.3.35.2.x86_64.rpm
mozilla-nss-3.90.1-150400.3.35.2.src.rpm
mozilla-nss-3.90.1-150400.3.35.2.x86_64.rpm
mozilla-nss-certs-3.90.1-150400.3.35.2.x86_64.rpm
mozilla-nss-tools-3.90.1-150400.3.35.2.x86_64.rpm
libfreebl3-3.90.1-150400.3.35.2.s390x.rpm
libsoftokn3-3.90.1-150400.3.35.2.s390x.rpm
mozilla-nss-3.90.1-150400.3.35.2.s390x.rpm
mozilla-nss-certs-3.90.1-150400.3.35.2.s390x.rpm
mozilla-nss-tools-3.90.1-150400.3.35.2.s390x.rpm
libfreebl3-3.90.1-150400.3.35.2.aarch64.rpm
libsoftokn3-3.90.1-150400.3.35.2.aarch64.rpm
mozilla-nss-3.90.1-150400.3.35.2.aarch64.rpm
mozilla-nss-certs-3.90.1-150400.3.35.2.aarch64.rpm
mozilla-nss-tools-3.90.1-150400.3.35.2.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4945
Security update for xen
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for xen fixes the following issues:
- CVE-2023-46836: Fixed BTC/SRSO fixes not fully effective (bsc#1216807).
- CVE-2023-46835: Fixed mismatch in IOMMU quarantine page table levels on x86/AMD (bsc#1216654).
Update to Xen 4.17.3 bug fix release (bsc#1027519).
xen-4.17.3_02-150500.3.18.1.src.rpm
xen-libs-4.17.3_02-150500.3.18.1.x86_64.rpm
openSUSE-Leap-Micro-5.5-2023-4968
Security update for jbigkit
low
SUSE Updates openSUSE-Leap-Micro 5.5
This update for jbigkit fixes the following issues:
- CVE-2022-1210: Fixed denial of service in TIFF File Handler (bsc#1198146).
jbigkit-2.1-150000.3.5.1.src.rpm
libjbig2-2.1-150000.3.5.1.x86_64.rpm
libjbig2-2.1-150000.3.5.1.s390x.rpm
libjbig2-2.1-150000.3.5.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-6
Security update for libssh2_org
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for libssh2_org fixes the following issues:
- CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity (Terrapin Attack) (bsc#1218127).
libssh2-1-1.11.0-150000.4.22.1.x86_64.rpm
libssh2_org-1.11.0-150000.4.22.1.src.rpm
libssh2-1-1.11.0-150000.4.22.1.s390x.rpm
libssh2-1-1.11.0-150000.4.22.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2023-4966
Recommended update for cloud-regionsrv-client
critical
SUSE Updates openSUSE-Leap-Micro 5.5
This update for cloud-regionsrv-client fixes the following issues:
- Update to version 10.1.5 (bsc#1217583)
+ Fix fallback path when IPv6 network path is not usable
+ Enable an IPv6 fallback path in IMDS access if it cannot be accessed over IPv4
+ Enable IMDS access over IPv6
- Update to version 10.1.4 (bsc#1217451)
+ Fetch cert for new update server during failover
cloud-regionsrv-client-10.1.5-150000.6.102.1.noarch.rpm
cloud-regionsrv-client-10.1.5-150000.6.102.1.src.rpm
cloud-regionsrv-client-addon-azure-1.0.5-150000.6.102.1.noarch.rpm
cloud-regionsrv-client-generic-config-1.0.0-150000.6.102.1.noarch.rpm
cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.102.1.noarch.rpm
cloud-regionsrv-client-plugin-ec2-1.0.3-150000.6.102.1.noarch.rpm
cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.102.1.noarch.rpm
openSUSE-Leap-Micro-5.5-2023-4965
Security update for ppp
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for ppp fixes the following issues:
- CVE-2022-4603: Fixed improper validation of array index of the component pppdump (bsc#1218251).
ppp-2.4.7-150000.5.13.1.src.rpm
ppp-2.4.7-150000.5.13.1.x86_64.rpm
ppp-2.4.7-150000.5.13.1.s390x.rpm
ppp-2.4.7-150000.5.13.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-214
Recommended update for systemd
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for systemd fixes the following issues:
- resolved: actually check authenticated flag of SOA transaction
- core/mount: Make device deps from /proc/self/mountinfo and .mount unit file exclusive
- core: Add trace logging to mount_add_device_dependencies()
- core/mount: Remove default deps from /proc/self/mountinfo when it is updated (bsc#1217460)
- core/mount: Set Mount.from_proc_self_mountinfo flag before adding default dependencies
- core: wrap some long comment
- utmp-wtmp: Handle EINTR gracefully when waiting to write to tty
- utmp-wtmp: Fix error in case isatty() fails
- homed: Handle EINTR gracefully when waiting for device node
- resolved: Handle EINTR returned from fd_wait_for_event() better
- sd-netlink: Handle EINTR from poll() gracefully, as success
- varlink: Handle EINTR gracefully when waiting for EIO via ppoll()
- stdio-bridge: Don't be bothered with EINTR
- sd-bus: Handle EINTR return from bus_poll() (bsc#1215241)
- core: Replace slice dependencies as they get added (bsc#1214668)
libsystemd0-249.17-150400.8.40.1.x86_64.rpm
True
libudev1-249.17-150400.8.40.1.x86_64.rpm
True
systemd-249.17-150400.8.40.1.src.rpm
True
systemd-249.17-150400.8.40.1.x86_64.rpm
True
systemd-container-249.17-150400.8.40.1.x86_64.rpm
True
systemd-journal-remote-249.17-150400.8.40.1.x86_64.rpm
True
systemd-sysvinit-249.17-150400.8.40.1.x86_64.rpm
True
udev-249.17-150400.8.40.1.x86_64.rpm
True
libsystemd0-249.17-150400.8.40.1.s390x.rpm
True
libudev1-249.17-150400.8.40.1.s390x.rpm
True
systemd-249.17-150400.8.40.1.s390x.rpm
True
systemd-container-249.17-150400.8.40.1.s390x.rpm
True
systemd-journal-remote-249.17-150400.8.40.1.s390x.rpm
True
systemd-sysvinit-249.17-150400.8.40.1.s390x.rpm
True
udev-249.17-150400.8.40.1.s390x.rpm
True
libsystemd0-249.17-150400.8.40.1.aarch64.rpm
True
libudev1-249.17-150400.8.40.1.aarch64.rpm
True
systemd-249.17-150400.8.40.1.aarch64.rpm
True
systemd-container-249.17-150400.8.40.1.aarch64.rpm
True
systemd-journal-remote-249.17-150400.8.40.1.aarch64.rpm
True
systemd-sysvinit-249.17-150400.8.40.1.aarch64.rpm
True
udev-249.17-150400.8.40.1.aarch64.rpm
True
openSUSE-Leap-Micro-5.5-2024-147
Recommended update for ignition
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for ignition fixes the following issues:
- Update to version 2.17.0:
- Updates from version 2.16.x [jsc#SMO-314] [bsc#1217533]:
- Fix segmentation fault if filesystem section of Ignition JSON doesn't contain path entry
- Increased required Go version
ignition-2.17.0-150500.3.3.1.src.rpm
ignition-2.17.0-150500.3.3.1.x86_64.rpm
ignition-dracut-grub2-2.17.0-150500.3.3.1.x86_64.rpm
ignition-2.17.0-150500.3.3.1.s390x.rpm
ignition-dracut-grub2-2.17.0-150500.3.3.1.s390x.rpm
ignition-2.17.0-150500.3.3.1.aarch64.rpm
ignition-dracut-grub2-2.17.0-150500.3.3.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-39
Recommended update for samba
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for samba fixes the following issues:
- Add idmap_nss option 'use_upn' for NSS modules able to handle UPNs or DOMAIN/user name format (bsc#1215369)
- Avoid unnecessary locking in idmap parent setup (bsc#1215369)
samba-4.17.12+git.455.b299ac1e60-150500.3.20.1.src.rpm
samba-client-libs-4.17.12+git.455.b299ac1e60-150500.3.20.1.x86_64.rpm
samba-client-libs-4.17.12+git.455.b299ac1e60-150500.3.20.1.s390x.rpm
samba-client-libs-4.17.12+git.455.b299ac1e60-150500.3.20.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-54
Recommended update for NetworkManager
important
SUSE Updates openSUSE-Leap-Micro 5.5
This recommended update for NetworkManager fixes the following issues:
- No-change rebuild to include NetworkManager-wwan in the SLE-Module-Desktop-Applications_15-SP5 channels (bsc#1218248)
NetworkManager-1.38.6-150500.3.2.1.src.rpm
NetworkManager-1.38.6-150500.3.2.1.x86_64.rpm
NetworkManager-bluetooth-1.38.6-150500.3.2.1.x86_64.rpm
NetworkManager-cloud-setup-1.38.6-150500.3.2.1.x86_64.rpm
NetworkManager-pppoe-1.38.6-150500.3.2.1.x86_64.rpm
NetworkManager-tui-1.38.6-150500.3.2.1.x86_64.rpm
NetworkManager-wwan-1.38.6-150500.3.2.1.x86_64.rpm
libnm0-1.38.6-150500.3.2.1.x86_64.rpm
typelib-1_0-NM-1_0-1.38.6-150500.3.2.1.x86_64.rpm
NetworkManager-1.38.6-150500.3.2.1.s390x.rpm
NetworkManager-bluetooth-1.38.6-150500.3.2.1.s390x.rpm
NetworkManager-cloud-setup-1.38.6-150500.3.2.1.s390x.rpm
NetworkManager-pppoe-1.38.6-150500.3.2.1.s390x.rpm
NetworkManager-tui-1.38.6-150500.3.2.1.s390x.rpm
NetworkManager-wwan-1.38.6-150500.3.2.1.s390x.rpm
libnm0-1.38.6-150500.3.2.1.s390x.rpm
typelib-1_0-NM-1_0-1.38.6-150500.3.2.1.s390x.rpm
NetworkManager-1.38.6-150500.3.2.1.aarch64.rpm
NetworkManager-bluetooth-1.38.6-150500.3.2.1.aarch64.rpm
NetworkManager-cloud-setup-1.38.6-150500.3.2.1.aarch64.rpm
NetworkManager-pppoe-1.38.6-150500.3.2.1.aarch64.rpm
NetworkManager-tui-1.38.6-150500.3.2.1.aarch64.rpm
NetworkManager-wwan-1.38.6-150500.3.2.1.aarch64.rpm
libnm0-1.38.6-150500.3.2.1.aarch64.rpm
typelib-1_0-NM-1_0-1.38.6-150500.3.2.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-145
Recommended update for btrfsprogs
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for btrfsprogs fixes the following issue:
- btrfs-progs: fix defrag -c option parsing (bsc#1218029)
btrfsprogs-5.14-150500.10.3.1.src.rpm
btrfsprogs-5.14-150500.10.3.1.x86_64.rpm
btrfsprogs-udev-rules-5.14-150500.10.3.1.noarch.rpm
libbtrfs0-5.14-150500.10.3.1.x86_64.rpm
btrfsprogs-5.14-150500.10.3.1.s390x.rpm
libbtrfs0-5.14-150500.10.3.1.s390x.rpm
btrfsprogs-5.14-150500.10.3.1.aarch64.rpm
libbtrfs0-5.14-150500.10.3.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-124
Recommended update for suseconnect-ng
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for suseconnect-ng fixes the following issues:
- Update to version 1.5.0
- Configure docker credentials for registry authentication
- Feature: Support usage from Agama + Cockpit for ALP Micro system registration (bsc#1218364)
- Add --json output option
suseconnect-ng-1.5.0~git0.d27a8e2-150500.3.9.1.src.rpm
suseconnect-ng-1.5.0~git0.d27a8e2-150500.3.9.1.x86_64.rpm
suseconnect-ng-1.5.0~git0.d27a8e2-150500.3.9.1.s390x.rpm
suseconnect-ng-1.5.0~git0.d27a8e2-150500.3.9.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-136
Security update for pam
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for pam fixes the following issues:
- CVE-2024-22365: Fixed a local denial of service during PAM login
due to a missing check during path manipulation (bsc#1218475).
- Check localtime_r() return value to fix crashing (bsc#1217000)
pam-1.3.0-150000.6.66.1.src.rpm
pam-1.3.0-150000.6.66.1.x86_64.rpm
pam-1.3.0-150000.6.66.1.s390x.rpm
pam-1.3.0-150000.6.66.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-255
Recommended update for multipath-tools
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for multipath-tools fixes the following issues:
- Fixed ANA prioritizer enablement logic (bsc#1218326)
kpartx-0.9.4+77+suse.1f7a63b-150500.3.6.1.x86_64.rpm
libmpath0-0.9.4+77+suse.1f7a63b-150500.3.6.1.x86_64.rpm
multipath-tools-0.9.4+77+suse.1f7a63b-150500.3.6.1.src.rpm
multipath-tools-0.9.4+77+suse.1f7a63b-150500.3.6.1.x86_64.rpm
kpartx-0.9.4+77+suse.1f7a63b-150500.3.6.1.s390x.rpm
libmpath0-0.9.4+77+suse.1f7a63b-150500.3.6.1.s390x.rpm
multipath-tools-0.9.4+77+suse.1f7a63b-150500.3.6.1.s390x.rpm
kpartx-0.9.4+77+suse.1f7a63b-150500.3.6.1.aarch64.rpm
libmpath0-0.9.4+77+suse.1f7a63b-150500.3.6.1.aarch64.rpm
multipath-tools-0.9.4+77+suse.1f7a63b-150500.3.6.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-105
Recommended update for grub2 and efibootmgr
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for grub2 and efibootmgr fixes the following issues:
grub2:
- Deliver missing grub2-arm64-efi and grub2-powerpc-ieee1275 to SUSE Manager 4.3 (no source changes) (bsc#1217237)
efibootmgr:
- Deliver missing efibootmgr to SUSE Manager 4.3 (no source changes) (bsc#1217237)
efibootmgr-17-150400.3.2.2.src.rpm
efibootmgr-17-150400.3.2.2.x86_64.rpm
efibootmgr-17-150400.3.2.2.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-254
Recommended update for containerd
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for containerd fixes the following issues:
- Fix permissions of address file (bsc#1217952)
- Update to version 1.7.10
containerd-1.7.10-150000.106.1.src.rpm
containerd-1.7.10-150000.106.1.x86_64.rpm
containerd-1.7.10-150000.106.1.s390x.rpm
containerd-1.7.10-150000.106.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-160
Security update for the Linux Kernel
important
SUSE Updates openSUSE-Leap-Micro 5.5
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2020-26555: Fixed Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B that may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN (bsc#1179610 bsc#1215237).
- CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race condition in bt_sock_recvmsg (bsc#1218559).
- CVE-2023-6121: Fixed an out-of-bounds read vulnerability in the NVMe-oF/TCP subsystem that could lead to information leak (bsc#1217250).
- CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218447).
- CVE-2023-6546: Fixed a race condition in the GSM 0710 tty multiplexor via the GSMIOC_SETCONF ioctl that could lead to local privilege escalation (bsc#1218335).
- CVE-2023-6606: Fixed an out-of-bounds read vulnerability in smbCalcSize in fs/smb/client/netmisc.c that could allow a local attacker to crash the system or leak internal kernel information (bsc#1217947).
- CVE-2023-6610: Fixed an out-of-bounds read vulnerability in smb2_dump_detail in fs/smb/client/smb2ops.c that could allow a local attacker to crash the system or leak internal kernel information (bsc#1217946).
- CVE-2023-6622: Fixed a null pointer dereference vulnerability in nft_dynset_init() that could allow a local attacker with CAP_NET_ADMIN user privilege to trigger a denial of service (bsc#1217938).
- CVE-2023-6931: Fixed a heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component that could lead to local privilege escalation. (bsc#1218258).
- CVE-2023-6932: Fixed a use-after-free vulnerability in the Linux kernel's ipv4: igmp component that could lead to local privilege escalation (bsc#1218253).
The following non-security bugs were fixed:
- Documentation: KVM: add separate directories for architecture-specific documentation (jsc#PED-7167).
- Documentation: KVM: update amd-memory-encryption.rst references (jsc#PED-7167).
- Documentation: KVM: update msr.rst reference (jsc#PED-7167).
- Documentation: KVM: update s390-diag.rst reference (jsc#PED-7167).
- Documentation: KVM: update s390-pv.rst reference (jsc#PED-7167).
- Documentation: drop more IDE boot options and ide-cd.rst (git-fixes).
- Documentation: qat: Use code block for qat sysfs example (git-fixes).
- Drop Documentation/ide/ (git-fixes).
- Fix crash in vmw_context_cotables_unref when 3d support is enabled (bsc#1218738)
- Fix crash on screen resize (bsc#1218229)
- Fix drm gem object underflow (bsc#1218092)
- Revert "PCI/ASPM: Remove pcie_aspm_pm_state_change()" (git-fixes).
- Revert "PCI: acpiphp: Reassign resources on bridge if necessary" (git-fixes).
- Revert "md: unlock mddev before reap sync_thread in action_store" (git-fixes).
- Revert "swiotlb: panic if nslabs is too small" (git-fixes).
- Revert "xhci: Loosen RPM as default policy to cover for AMD xHC 1.1" (git-fixes).
- Update: drm/vmwgfx: Keep a gem reference to user bos in surfaces
- acpi: video: Add backlight=native DMI quirk for Lenovo Ideapad Z470 (git-fixes).
- acpi: x86: s2idle: Catch multiple ACPI_TYPE_PACKAGE objects (git-fixes).
- acpica: Add AML_NO_OPERAND_RESOLVE flag to Timer (git-fixes).
- afs: Fix afs_server_list to be cleaned up with RCU (git-fixes).
- afs: Fix dynamic root lookup DNS check (git-fixes).
- afs: Fix file locking on R/O volumes to operate in local mode (git-fixes).
- afs: Fix overwriting of result of DNS query (git-fixes).
- afs: Fix refcount underflow from error handling race (git-fixes).
- afs: Fix the dynamic root's d_delete to always delete unused dentries (git-fixes).
- afs: Fix use-after-free due to get/remove race in volume tree (git-fixes).
- afs: Make error on cell lookup failure consistent with OpenAFS (git-fixes).
- afs: Return ENOENT if no cell DNS record can be found (git-fixes).
- alsa: hda - Fix speaker and headset mic pin config for CHUWI CoreBook XPro (git-fixes).
- alsa: hda/hdmi: add force-connect quirk for NUC5CPYB (git-fixes).
- alsa: hda/hdmi: add force-connect quirks for ASUSTeK Z170 variants (git-fixes).
- alsa: hda/realtek: Add Framework laptop 16 to quirks (git-fixes).
- alsa: hda/realtek: Add quirk for ASUS ROG GV302XA (git-fixes).
- alsa: hda/realtek: Add supported ALC257 for ChromeOS (git-fixes).
- alsa: hda/realtek: Apply mute LED quirk for HP15-db (git-fixes).
- alsa: hda/realtek: Enable headset on Lenovo M90 Gen5 (git-fixes).
- alsa: hda/realtek: Fix mute and mic-mute LEDs for HP ProBook 440 G6 (git-fixes).
- alsa: hda/realtek: Headset Mic VREF to 100% (git-fixes).
- alsa: hda/realtek: add new Framework laptop to quirks (git-fixes).
- alsa: hda/realtek: enable SND_PCI_QUIRK for hp pavilion 14-ec1xxx series (git-fixes).
- alsa: hda/realtek: fix mute/micmute LEDs for a HP ZBook (git-fixes).
- alsa: hda/realtek: fix speakers on XPS 9530 (2023) (git-fixes).
- alsa: hda: intel-dsp-cfg: add LunarLake support (git-fixes).
- alsa: pcm: fix out-of-bounds in snd_pcm_state_names (git-fixes).
- alsa: seq: oss: Fix racy open/close of MIDI devices (git-fixes).
- alsa: usb-audio: Add Pioneer DJM-450 mixer controls (git-fixes).
- alsa: usb-audio: Increase delay in MOTU M quirk (git-fixes).
- apparmor: Free up __cleanup() name (jsc#PED-7167).
- arm64: dts: arm: add missing cache properties (git-fixes)
- arm64: dts: imx8mm: Add sound-dai-cells to micfil node (git-fixes)
- arm64: dts: imx8mn: Add sound-dai-cells to micfil node (git-fixes)
- arm64: dts: imx8mq-librem5: Remove dis_u3_susphy_quirk from (git-fixes)
- arm64: kdump: Skip kmemleak scan reserved memory for kdump (jsc#PED-7167).
- arm64: mm: Fix "rodata=on" when CONFIG_RODATA_FULL_DEFAULT_ENABLED=y (git-fixes)
- arm: OMAP2+: Fix null pointer dereference and memory leak in omap_soc_device_init (git-fixes).
- arm: PL011: Fix DMA support (git-fixes).
- asoc: fsl_rpmsg: Fix error handler with pm_runtime_enable (git-fixes).
- asoc: hdmi-codec: fix missing report for jack initial status (git-fixes).
- asoc: meson: g12a-toacodec: Fix event generation (git-fixes).
- asoc: meson: g12a-toacodec: Validate written enum values (git-fixes).
- asoc: meson: g12a-tohdmitx: Fix event generation for S/PDIF mux (git-fixes).
- asoc: meson: g12a-tohdmitx: Validate written enum values (git-fixes).
- asoc: wm_adsp: fix memleak in wm_adsp_buffer_populate (git-fixes).
- bitmap: unify find_bit operations (jsc#PED-7167).
- block: fix revalidate performance regression (bsc#1216057).
- bluetooth: Fix deadlock in vhci_send_frame (git-fixes).
- bluetooth: L2CAP: Send reject on command corrupted request (git-fixes).
- bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE (git-fixes).
- bluetooth: btusb: Add new PID/VID 0489:e0f2 for MT7921 (bsc#1218461).
- bluetooth: hci_event: Fix not checking if HCI_OP_INQUIRY has been sent (git-fixes).
- bluetooth: hci_event: shut up a false-positive warning (git-fixes).
- bluetooth: hci_qca: Fix the teardown problem for real (git-fixes).
- bnxt: do not handle XDP in netpoll (jsc#PED-1495).
- bnxt_en: Clear resource reservation during resume (jsc#PED-1495).
- bnxt_en: Fix HWTSTAMP_FILTER_ALL packet timestamp logic (jsc#PED-1495).
- bnxt_en: Fix max_mtu setting for multi-buf XDP (jsc#PED-1495).
- bnxt_en: Fix page pool logic for page size >= 64K (jsc#PED-1495).
- bnxt_en: Fix wrong return value check in bnxt_close_nic() (jsc#PED-1495).
- bnxt_en: Flush XDP for bnxt_poll_nitroa0()'s NAPI (jsc#PED-1495).
- bpf: Adjust insufficient default bpf_jit_limit (bsc#1218234 git-fixes).
- bus: ti-sysc: Flush posted write only after srst_udelay (git-fixes).
- ceph: fix incorrect revoked caps assert in ceph_fill_file_size() (bsc#1217980).
- ceph: fix type promotion bug on 32bit systems (bsc#1217982).
- cleanup: Make no_free_ptr() __must_check (jsc#PED-7167).
- clocksource: Add a Kconfig option for WATCHDOG_MAX_SKEW (bsc#1215885 bsc#1217217).
- clocksource: Enable TSC watchdog checking of HPET and PMTMR only when requested (bsc#1215885 bsc#1217217).
- clocksource: Handle negative skews in "skew is too large" messages (bsc#1215885 bsc#1217217).
- clocksource: Improve "skew is too large" messages (bsc#1215885 bsc#1217217).
- clocksource: Improve read-back-delay message (bsc#1215885 bsc#1217217).
- clocksource: Loosen clocksource watchdog constraints (bsc#1215885 bsc#1217217).
- clocksource: Print clocksource name when clocksource is tested unstable (bsc#1215885 bsc#1217217).
- clocksource: Verify HPET and PMTMR when TSC unverified (bsc#1215885 bsc#1217217).
- configfs-tsm: Introduce a shared ABI for attestation reports (jsc#PED-7167).
- crypto: ccp - Add SEV_INIT rc error logging on init (jsc#PED-7167).
- crypto: ccp - Add SEV_INIT_EX support (jsc#PED-7167).
- crypto: ccp - Add a header for multiple drivers to use `__psp_pa` (jsc#PED-7167).
- crypto: ccp - Add a quirk to firmware update (jsc#PED-7167).
- crypto: ccp - Add psp_init_on_probe module parameter (jsc#PED-7167).
- crypto: ccp - Drop TEE support for IRQ handler (jsc#PED-7167).
- crypto: ccp - Ensure psp_ret is always init'd in __sev_platform_init_locked() (jsc#PED-7167).
- crypto: ccp - Fail the PSP initialization when writing psp data file failed (jsc#PED-7167).
- crypto: ccp - Fix the INIT_EX data file open failure (jsc#PED-7167).
- crypto: ccp - Fix whitespace in sev_cmd_buffer_len() (jsc#PED-7167).
- crypto: ccp - Flush the SEV-ES TMR memory before giving it to firmware (jsc#PED-7167).
- crypto: ccp - Initialize PSP when reading psp data file failed (jsc#PED-7167).
- crypto: ccp - Log when resetting PSP SEV state (jsc#PED-7167).
- crypto: ccp - Move SEV_INIT retry for corrupted data (jsc#PED-7167).
- crypto: ccp - Move some PSP mailbox bit definitions into common header (jsc#PED-7167).
- crypto: ccp - Name -1 return value as SEV_RET_NO_FW_CALL (jsc#PED-7167).
- crypto: ccp - Refactor out sev_fw_alloc() (jsc#PED-7167).
- crypto: ccp - remove unneeded semicolon (jsc#PED-7167).
- crypto: ccp: Get rid of __sev_platform_init_locked()'s local function pointer (jsc#PED-7167).
- dm verity: initialize fec io before freeing it (git-fixes).
- dm-verity: do not use blocking calls from tasklets (git-fixes).
- dm: add cond_resched() to dm_wq_requeue_work() (git-fixes).
- dm: do not attempt to queue IO under RCU protection (git-fixes).
- dm: fix __send_duplicate_bios() to always allow for splitting IO (bsc#1215952).
- dm: fix improper splitting for abnormal bios (bsc#1215952).
- dm: verity-loadpin: Add NULL pointer check for 'bdev' parameter (git-fixes).
- dm_blk_ioctl: implement path failover for SG_IO (bsc#1183045, bsc#1216776).
- dmaengine: ioat: Free up __cleanup() name (jsc#PED-7167).
- doc/README.SUSE: Add how to update the config for module signing (jsc#PED-5021)
- doc/README.SUSE: Remove how to build modules using kernel-source (jsc#PED-5021)
- doc/README.SUSE: Simplify the list of references (jsc#PED-5021)
- drm/amd/amdgpu: Fix warnings in amdgpu/amdgpu_display.c (git-fixes).
- drm/amdgpu/sdma5.2: add begin/end_use ring callbacks (bsc#1212139).
- drm/amdgpu: Add EEPROM I2C address support for ip discovery (git-fixes).
- drm/amdgpu: Add I2C EEPROM support on smu v13_0_6 (git-fixes).
- drm/amdgpu: Add support for RAS table at 0x40000 (git-fixes).
- drm/amdgpu: Decouple RAS EEPROM addresses from chips (git-fixes).
- drm/amdgpu: Remove redundant I2C EEPROM address (git-fixes).
- drm/amdgpu: Remove second moot switch to set EEPROM I2C address (git-fixes).
- drm/amdgpu: Return from switch early for EEPROM I2C address (git-fixes).
- drm/amdgpu: Update EEPROM I2C address for smu v13_0_0 (git-fixes).
- drm/amdgpu: Update ras eeprom support for smu v13_0_0 and v13_0_10 (git-fixes).
- drm/amdgpu: correct chunk_ptr to a pointer to chunk (git-fixes).
- drm/amdgpu: correct the amdgpu runtime dereference usage count (git-fixes).
- drm/amdgpu: fix tear down order in amdgpu_vm_pt_free (git-fixes).
- drm/amdgpu: simplify amdgpu_ras_eeprom.c (git-fixes).
- drm/bridge: parade-ps8640: Never store more than msg->size bytes in AUX xfer (git-fixes).
- drm/bridge: ps8640: Fix size mismatch warning w/ len (git-fixes).
- drm/bridge: tc358768: select CONFIG_VIDEOMODE_HELPERS (git-fixes).
- drm/bridge: ti-sn65dsi86: Never store more than msg->size bytes in AUX xfer (git-fixes).
- drm/i915/display: Drop check for doublescan mode in modevalid (git-fixes).
- drm/i915/dp: Fix passing the correct DPCD_REV for drm_dp_set_phy_test_pattern (git-fixes).
- drm/i915/dpt: Only do the POT stride remap when using DPT (git-fixes).
- drm/i915/lvds: Use REG_BIT() & co (git-fixes).
- drm/i915/mtl: limit second scaler vertical scaling in ver >= 14 (git-fixes).
- drm/i915/sdvo: stop caching has_hdmi_monitor in struct intel_sdvo (git-fixes).
- drm/i915: Fix intel_atomic_setup_scalers() plane_state handling (git-fixes).
- drm/i915: Fix remapped stride with CCS on ADL+ (git-fixes).
- drm/i915: Reject async flips with bigjoiner (git-fixes).
- drm/i915: Relocate intel_atomic_setup_scalers() (git-fixes).
- drm/i915: fix MAX_ORDER usage in i915_gem_object_get_pages_internal() (jsc#PED-7167).
- drm/mediatek: Add spinlock for setting vblank event in atomic_begin (git-fixes).
- drm/mgag200: Fix gamma lut not initialized for G200ER, G200EV, G200SE (git-fixes).
- efi/libstub: Implement support for unaccepted memory (jsc#PED-7167).
- efi/unaccepted: Avoid load_unaligned_zeropad() stepping into unaccepted memory (jsc#PED-7167).
- efi/unaccepted: Fix off-by-one when checking for overlapping ranges (jsc#PED-7167).
- efi/unaccepted: Fix soft lockups caused by parallel memory acceptance (jsc#PED-7167).
- efi/unaccepted: Make sure unaccepted table is mapped (jsc#PED-7167).
- efi/unaccepted: Use ACPI reclaim memory for unaccepted memory table (jsc#PED-7167).
- efi/x86: Get full memory map in allocate_e820() (jsc#PED-7167).
- efi: Add unaccepted memory support (jsc#PED-7167).
- efi: libstub: avoid efi_get_memory_map() for allocating the virt map (jsc#PED-7167).
- efi: libstub: install boot-time memory map as config table (jsc#PED-7167).
- efi: libstub: remove DT dependency from generic stub (jsc#PED-7167).
- efi: libstub: remove pointless goto kludge (jsc#PED-7167).
- efi: libstub: simplify efi_get_memory_map() and struct efi_boot_memmap (jsc#PED-7167).
- efi: libstub: unify initrd loading between architectures (jsc#PED-7167).
- floppy: fix MAX_ORDER usage (jsc#PED-7167).
- fprobe: Fix to ensure the number of active retprobes is not zero (git-fixes).
- fs/jfs: Add check for negative db_l2nbperpage (git-fixes).
- fs/jfs: Add validity check for db_maxag and db_agpref (git-fixes).
- fs/jfs: prevent double-free in dbUnmount() after failed jfs_remount() (git-fixes).
- fs/remap: constrain dedupe of EOF blocks (git-fixes).
- fs: avoid empty option when generating legacy mount string (git-fixes).
- fs: fix an infinite loop in iomap_fiemap (git-fixes).
- fs: ocfs2: namei: check return value of ocfs2_add_entry() (git-fixes).
- genwqe: fix MAX_ORDER usage (jsc#PED-7167).
- gfs2: Add wrapper for iomap_file_buffered_write (git-fixes).
- gfs2: Check sb_bsize_shift after reading superblock (git-fixes).
- gfs2: Clean up function may_grant (git-fixes).
- gfs2: Fix filesystem block deallocation for short writes (git-fixes).
- gfs2: Fix gfs2_release for non-writers regression (git-fixes).
- gfs2: Fix inode height consistency check (git-fixes).
- gfs2: Fix length of holes reported at end-of-file (git-fixes).
- gfs2: Fix possible data races in gfs2_show_options() (git-fixes).
- gfs2: Improve gfs2_make_fs_rw error handling (git-fixes).
- gfs2: Make sure FITRIM minlen is rounded up to fs block size (git-fixes).
- gfs2: Silence "suspicious RCU usage in gfs2_permission" warning (git-fixes).
- gfs2: Switch from strlcpy to strscpy (git-fixes).
- gfs2: fix an oops in gfs2_permission (git-fixes).
- gfs2: gfs2_setattr_size error path fix (git-fixes).
- gfs2: ignore negated quota changes (git-fixes).
- gfs2: jdata writepage fix (git-fixes).
- gfs2: use i_lock spin_lock for inode qadata (git-fixes).
- gpiolib: sysfs: Fix error handling on failed export (git-fixes).
- gve: Fixes for napi_poll when budget is 0 (git-fixes).
- gve: Use size_add() in call to struct_size() (git-fixes).
- hid: add ALWAYS_POLL quirk for Apple kb (git-fixes).
- hid: glorious: fix Glorious Model I HID report (git-fixes).
- hid: hid-asus: add const to read-only outgoing usb buffer (git-fixes).
- hid: hid-asus: reset the backlight brightness level on resume (git-fixes).
- hid: lenovo: Restrict detection of patched firmware only to USB cptkbd (git-fixes).
- hid: multitouch: Add quirk for HONOR GLO-GXXX touchpad (git-fixes).
- hwmon: (acpi_power_meter) Fix 4.29 MW bug (git-fixes).
- hwmon: (nzxt-kraken2) Fix error handling path in kraken2_probe() (git-fixes).
- i2c: aspeed: Handle the coalesced stop conditions with the start conditions (git-fixes).
- i2c: core: Fix atomic xfer check for non-preempt config (git-fixes).
- i2c: designware: Fix corrupted memory seen in the ISR (git-fixes).
- i40e: Fix I40E_FLAG_VF_VLAN_PRUNING value (jsc#PED-372).
- i40e: Fix VF VLAN offloading when port VLAN is configured (jsc#PED-372).
- i40e: Fix unexpected MFS warning message (jsc#PED-372).
- i40e: Fix wrong check for I40E_TXR_FLAGS_WB_ON_ITR (jsc#PED-372).
- i40e: fix misleading debug logs (jsc#PED-372).
- i40e: fix potential NULL pointer dereferencing of pf->vf i40e_sync_vsi_filters() (jsc#PED-372).
- i40e: fix potential memory leaks in i40e_remove() (jsc#PED-372).
- i40e: prevent crash on probe if hw registers have invalid values (jsc#PED-372).
- ib/mlx5: Fix init stage error handling to avoid double free of same QP and UAF (git-fixes)
- ib/mlx5: Fix rdma counter binding for RAW QP (git-fixes)
- igb: Avoid starting unnecessary workqueues (jsc#PED-370).
- igb: Change IGB_MIN to allow set rx/tx value between 64 and 80 (jsc#PED-370).
- igb: Fix potential memory leak in igb_add_ethtool_nfc_entry (jsc#PED-370).
- igb: clean up in all error paths when enabling SR-IOV (jsc#PED-370).
- igb: disable virtualization features on 82580 (jsc#PED-370).
- igbvf: Change IGBVF_MIN to allow set rx/tx value between 64 and 80 (jsc#PED-370).
- igc: Change IGC_MIN to allow set rx/tx value between 64 and 80 (jsc#PED-375).
- igc: Expose tx-usecs coalesce setting to user (jsc#PED-375).
- igc: Fix ambiguity in the ethtool advertising (jsc#PED-375).
- igc: Fix infinite initialization loop with early XDP redirect (jsc#PED-375).
- igc: Fix the typo in the PTM Control macro (jsc#PED-375).
- iio: adc: ti_am335x_adc: Fix return value check of tiadc_request_dma() (git-fixes).
- iio: common: ms_sensors: ms_sensors_i2c: fix humidity conversion time table (git-fixes).
- iio: imu: inv_mpu6050: fix an error code problem in inv_mpu6050_read_raw (git-fixes).
- iio: triggered-buffer: prevent possible freeing of wrong buffer (git-fixes).
- input: i8042 - add quirk for TUXEDO Gemini 17 Gen1/Clevo PD70PN (git-fixes).
- input: ipaq-micro-keys - add error handling for devm_kmemdup (git-fixes).
- input: soc_button_array - add mapping for airplane mode button (git-fixes).
- input: xpad - add HyperX Clutch Gladiate Support (git-fixes).
- interconnect: Treat xlate() returning NULL node as an error (git-fixes).
- iomap: Fix iomap_dio_rw return value for user copies (git-fixes).
- iommu: fix MAX_ORDER usage in __iommu_dma_alloc_pages() (jsc#PED-7167).
- iov_iter, x86: Be consistent about the __user tag on copy_mc_to_user() (git-fixes).
- jfs: fix array-index-out-of-bounds in dbFindLeaf (git-fixes).
- jfs: fix array-index-out-of-bounds in diAlloc (git-fixes).
- jfs: fix invalid free of JFS_IP(ipimap)->i_imap in diUnmount (git-fixes).
- jfs: validate max amount of blocks before allocation (git-fixes).
- kABI: Preserve the type of rethook::handler (git-fixes).
- kABI: restore void return to typec_altmode_attention (git-fixes).
- kabi/severities: ignore kABI for asus-wmi drivers Tolerate the kABI changes, as used only locally for asus-wmi stuff
- kabi/severities: make snp_issue_guest_request PASS (jsc#PED-7167)
- kabi: fix of_reserved_mem_* due to struct vm_struct became defined (jsc#PED-7167).
- kabi: fix sev-dev due to fs_struct became defined (jsc#PED-7167).
- kabi: fix struct efi after adding unaccepted memory table (jsc#PED-7167).
- kabi: fix struct zone kabi after adding unaccepted_pages and NR_UNACCEPTED (jsc#PED-7167).
- kbuild: Drop -Wdeclaration-after-statement (jsc#PED-7167).
- kconfig: fix memory leak from range properties (git-fixes).
- kprobes: consistent rcu api usage for kretprobe holder (git-fixes).
- kvm: arm64: Prevent kmemleak from accessing pKVM memory (jsc#PED-7167).
- kvm: s390/mm: Properly reset no-dat (git-fixes bsc#1218056).
- kvm: s390: vsie: fix wrong VIR 37 when MSO is used (git-fixes bsc#1217933).
- lib/vsprintf: Fix %pfwf when current node refcount == 0 (git-fixes).
- libceph: use kernel_connect() (bsc#1217981).
- locking: Introduce __cleanup() based infrastructure (jsc#PED-7167).
- locks: fix KASAN: use-after-free in trace_event_raw_event_filelock_lock (git-fixes).
- md/bitmap: do not set max_write_behind if there is no write mostly device (git-fixes).
- md/md-bitmap: hold 'reconfig_mutex' in backlog_store() (git-fixes).
- md/md-bitmap: remove unnecessary local variable in backlog_store() (git-fixes).
- md/raid0: add discard support for the 'original' layout (git-fixes).
- md/raid10: do not call bio_start_io_acct twice for bio which experienced read error (git-fixes).
- md/raid10: factor out code from wait_barrier() to stop_waiting_barrier() (git-fixes).
- md/raid10: factor out dereference_rdev_and_rrdev() (git-fixes).
- md/raid10: fix io loss while replacement replace rdev (git-fixes).
- md/raid10: fix leak of 'r10bio->remaining' for recovery (git-fixes).
- md/raid10: fix memleak for 'conf->bio_split' (git-fixes).
- md/raid10: fix memleak of md thread (git-fixes).
- md/raid10: fix null-ptr-deref in raid10_sync_request (git-fixes).
- md/raid10: fix null-ptr-deref of mreplace in raid10_sync_request (git-fixes).
- md/raid10: fix overflow of md/safe_mode_delay (git-fixes).
- md/raid10: fix task hung in raid10d (git-fixes).
- md/raid10: fix the condition to call bio_end_io_acct() (git-fixes).
- md/raid10: fix wrong setting of max_corr_read_errors (git-fixes).
- md/raid10: prevent soft lockup while flush writes (git-fixes).
- md/raid10: use dereference_rdev_and_rrdev() to get devices (git-fixes).
- md/raid1: fix error: ISO C90 forbids mixed declarations (git-fixes).
- md/raid1: free the r1bio before waiting for blocked rdev (git-fixes).
- md/raid1: hold the barrier until handle_read_error() finishes (git-fixes).
- md/raid5-cache: fix a deadlock in r5l_exit_log() (git-fixes).
- md/raid5-cache: fix null-ptr-deref for r5l_flush_stripe_to_raid() (git-fixes).
- md/raid5: fix miscalculation of 'end_sector' in raid5_read_one_chunk() (git-fixes).
- md: Put the right device in md_seq_next (bsc#1217822).
- md: Set MD_BROKEN for RAID1 and RAID10 (git-fixes).
- md: avoid signed overflow in slot_store() (git-fixes).
- md: do not update recovery_cp when curr_resync is ACTIVE (git-fixes).
- md: drop queue limitation for RAID1 and RAID10 (git-fixes).
- md: raid0: account for split bio in iostat accounting (git-fixes).
- md: raid10 add nowait support (git-fixes).
- md: raid1: fix potential OOB in raid1_remove_disk() (git-fixes).
- md: restore 'noio_flag' for the last mddev_resume() (git-fixes).
- md: select BLOCK_LEGACY_AUTOLOAD (git-fixes).
- memblock: exclude MEMBLOCK_NOMAP regions from kmemleak (jsc#PED-7167).
- memblock: make memblock_find_in_range method private (jsc#PED-7167).
- misc: mei: client.c: fix problem of return '-EOVERFLOW' in mei_cl_write (git-fixes).
- misc: mei: client.c: return negative error code in mei_cl_write (git-fixes).
- mkspec: Add multibuild support (JSC-SLE#5501, boo#1211226, bsc#1218184) When MULTIBUILD option in config.sh is enabled generate a _multibuild file listing all spec files.
- mm/page_alloc: make deferred page init free pages in MAX_ORDER blocks (jsc#PED-7167).
- mm/pgtable: Fix multiple -Wstringop-overflow warnings (jsc#PED-7167).
- mm/slab: Add __free() support for kvfree (jsc#PED-7167).
- mm/slub: fix MAX_ORDER usage in calculate_order() (jsc#PED-7167).
- mm: Add PAGE_ALIGN_DOWN macro (jsc#PED-7167).
- mm: Add support for unaccepted memory (jsc#PED-7167).
- mm: add pageblock_align() macro (jsc#PED-7167).
- mm: add pageblock_aligned() macro (jsc#PED-7167).
- mm: avoid passing 0 to __ffs() (jsc#PED-7167).
- mm: kmem: drop __GFP_NOFAIL when allocating objcg vectors (bsc#1218515).
- mm: move kvmalloc-related functions to slab.h (jsc#PED-7167).
- mm: new primitive kvmemdup() (jsc#PED-7167).
- mm: reuse pageblock_start/end_pfn() macro (jsc#PED-7167).
- mmc: meson-mx-sdhc: Fix initialization frozen issue (git-fixes).
- mmc: rpmb: fixes pause retune on all RPMB partitions (git-fixes).
- mmc: sdhci-sprd: Fix eMMC init failure after hw reset (git-fixes).
- neighbor: tracing: Move pin6 inside CONFIG_IPV6=y section (git-fixes).
- net/rose: Fix Use-After-Free in rose_ioctl (git-fixes).
- net/smc: Fix pos miscalculation in statistics (bsc#1218139).
- net/tg3: fix race condition in tg3_reset_task() (bsc#1217801).
- net: 9p: avoid freeing uninit memory in p9pdu_vreadf (git-fixes).
- net: bnxt: fix a potential use-after-free in bnxt_init_tc (jsc#PED-1495).
- net: ena: Destroy correct number of xdp queues upon failure (git-fixes).
- net: ena: Fix XDP redirection error (git-fixes).
- net: ena: Fix xdp drops handling due to multibuf packets (git-fixes).
- net: ena: Flush XDP packets on error (git-fixes).
- net: mana: select PAGE_POOL (git-fixes).
- net: rfkill: gpio: set GPIO direction (git-fixes).
- net: usb: ax88179_178a: avoid failed operations when device is disconnected (git-fixes).
- net: usb: ax88179_178a: clean up pm calls (git-fixes).
- net: usb: ax88179_178a: wol optimizations (git-fixes).
- net: usb: qmi_wwan: claim interface 4 for ZTE MF290 (git-fixes).
- nfc: llcp_core: Hold a ref to llcp_local->dev when holding a ref to llcp_local (git-fixes).
- nfs: Fix O_DIRECT locking issues (bsc#1211162).
- nfs: Fix a few more clear_bit() instances that need release semantics (bsc#1211162).
- nfs: Fix a potential data corruption (bsc#1211162).
- nfs: Fix a use after free in nfs_direct_join_group() (bsc#1211162).
- nfs: Fix error handling for O_DIRECT write scheduling (bsc#1211162).
- nfs: More O_DIRECT accounting fixes for error paths (bsc#1211162).
- nfs: More fixes for nfs_direct_write_reschedule_io() (bsc#1211162).
- nfs: Use the correct commit info in nfs_join_page_group() (bsc#1211162).
- nfs: only issue commit in DIO codepath if we have uncommitted data (bsc#1211162).
- nilfs2: fix missing error check for sb_set_blocksize call (git-fixes).
- nilfs2: prevent WARNING in nilfs_sufile_set_segment_usage() (git-fixes).
- nlm: Defend against file_lock changes after vfs_test_lock() (bsc#1217692).
- null_blk: fix poll request timeout handling (git-fixes).
- nvme-core: check for too small lba shift (bsc#1214117).
- nvme-pci: Add sleep quirk for Kingston drives (git-fixes).
- nvme-pci: always return an ERR_PTR from nvme_pci_alloc_dev (git-fixes).
- nvme-pci: do not set the NUMA node of device if it has none (git-fixes).
- nvme-pci: factor out a nvme_pci_alloc_dev helper (git-fixes).
- nvme-rdma: do not try to stop unallocated queues (git-fixes).
- nvme: sanitize metadata bounce buffer for reads (git-fixes).
- nvmet-auth: complete a request only after freeing the dhchap pointers (git-fixes).
- of: reserved_mem: Have kmemleak ignore dynamically allocated reserved mem (jsc#PED-7167).
- orangefs: Fix kmemleak in orangefs_prepare_debugfs_help_string() (git-fixes).
- orangefs: Fix kmemleak in orangefs_{kernel,client}_debug_init() (git-fixes).
- orangefs: Fix sysfs not cleanup when dev init failed (git-fixes).
- orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc() (git-fixes).
- padata: Fix refcnt handling in padata_free_shell() (git-fixes).
- parport: Add support for Brainboxes IX/UC/PX parallel cards (git-fixes).
- pci: loongson: Limit MRRS to 256 (git-fixes).
- perf/core: fix MAX_ORDER usage in rb_alloc_aux_page() (jsc#PED-7167).
- pinctrl: at91-pio4: use dedicated lock class for IRQ (git-fixes).
- platform/surface: aggregator: fix recv_buf() return value (git-fixes).
- platform/x86: asus-wmi: Add support for ROG X13 tablet mode (git-fixes).
- platform/x86: asus-wmi: Adjust tablet/lidflip handling to use enum (git-fixes).
- platform/x86: asus-wmi: Fix kbd_dock_devid tablet-switch reporting (git-fixes).
- platform/x86: asus-wmi: Move i8042 filter install to shared asus-wmi code (git-fixes).
- platform/x86: asus-wmi: Simplify tablet-mode-switch handling (git-fixes).
- platform/x86: asus-wmi: Simplify tablet-mode-switch probing (git-fixes).
- platform/x86: wmi: Allow duplicate GUIDs for drivers that use struct wmi_driver (git-fixes).
- platform/x86: wmi: Skip blocks with zero instances (git-fixes).
- powerpc/pseries/vas: Migration suspend waits for no in-progress open windows (bsc#1218397 ltc#204523).
- qed/red_ll2: Fix undefined behavior bug in struct qed_ll2_info (jsc#PED-1526).
- qed: Fix a potential use-after-free in qed_cxt_tables_alloc (jsc#PED-1526).
- qed: fix LL2 RX buffer allocation (jsc#PED-1526).
- qede: fix firmware halt over suspend and resume (jsc#PED-1526).
- qla2xxx: add debug log for deprecated hw detected (bsc#1216032).
- r8152: Add RTL8152_INACCESSIBLE checks to more loops (git-fixes).
- r8152: Add RTL8152_INACCESSIBLE to r8153_aldps_en() (git-fixes).
- r8152: Add RTL8152_INACCESSIBLE to r8153_pre_firmware_1() (git-fixes).
- r8152: Add RTL8152_INACCESSIBLE to r8156b_wait_loading_flash() (git-fixes).
- r8152: Rename RTL8152_UNPLUG to RTL8152_INACCESSIBLE (git-fixes).
- r8169: Fix PCI error on system resume (git-fixes).
- rdma/bnxt_re: Correct module description string (jsc#PED-1495).
- rdma/core: Use size_{add,sub,mul}() in calls to struct_size() (git-fixes)
- rdma/hfi1: Use FIELD_GET() to extract Link Width (git-fixes)
- rdma/hfi1: Workaround truncation compilation error (git-fixes)
- rdma/hns: Add check for SL (git-fixes)
- rdma/hns: Fix printing level of asynchronous events (git-fixes)
- rdma/hns: Fix signed-unsigned mixed comparisons (git-fixes)
- rdma/hns: Fix uninitialized ucmd in hns_roce_create_qp_common() (git-fixes)
- rdma/hns: The UD mode can only be configured with DCQCN (git-fixes)
- regmap: fix bogus error on regcache_sync success (git-fixes).
- reiserfs: Check the return value from __getblk() (git-fixes).
- reiserfs: Replace 1-element array with C99 style flex-array (git-fixes).
- remove unnecessary WARN_ON_ONCE() (bsc#1214823 bsc#1218569).
- reset: Fix crash when freeing non-existent optional resets (git-fixes).
- restore renamed device IDs for USB HID devices (git-fixes).
- rethook: Fix to use WRITE_ONCE() for rethook:: Handler (git-fixes).
- rethook: Use __rcu pointer for rethook::handler (git-fixes).
- ring-buffer: Do not try to put back write_stamp (git-fixes).
- ring-buffer: Do not update before stamp when switching sub-buffers (git-fixes).
- ring-buffer: Fix a race in rb_time_cmpxchg() for 32 bit archs (git-fixes).
- ring-buffer: Fix memory leak of free page (git-fixes).
- ring-buffer: Fix slowpath of interrupted event (git-fixes).
- ring-buffer: Fix wake ups when buffer_percent is set to 100 (git-fixes).
- ring-buffer: Fix writing to the buffer with max_data_size (git-fixes).
- ring-buffer: Force absolute timestamp on discard of event (git-fixes).
- ring-buffer: Have saved event hold the entire event (git-fixes).
- ring-buffer: Remove useless update to write_stamp in rb_try_to_discard() (git-fixes).
- s390/vx: fix save/restore of fpu kernel context (git-fixes bsc#1218357).
- scsi: lpfc: use unsigned type for num_sge (bsc#1214747).
- serial: 8250: 8250_omap: Clear UART_HAS_RHR_IT_DIS bit (git-fixes).
- serial: 8250: 8250_omap: Do not start RX DMA on THRI interrupt (git-fixes).
- serial: sc16is7xx: address RX timeout interrupt errata (git-fixes).
- soundwire: stream: fix NULL pointer dereference for multi_link (git-fixes).
- spi: atmel: Fix clock issue when using devices with different polarities (git-fixes).
- statfs: enforce statfs[64] structure initialization (git-fixes).
- supported.conf: add drivers/virt/coco/tsm (jsc#PED-7167)
- swiotlb: always set the number of areas before allocating the pool (git-fixes).
- swiotlb: do not panic! (git-fixes).
- swiotlb: fix a braino in the alignment check fix (bsc#1216559).
- swiotlb: fix debugfs reporting of reserved memory pools (git-fixes).
- swiotlb: fix slot alignment checks (bsc#1216559).
- swiotlb: fix the deadlock in swiotlb_do_find_slots (git-fixes).
- swiotlb: mark swiotlb_memblock_alloc() as __init (git-fixes).
- swiotlb: reduce the number of areas to match actual memory pool size (git-fixes).
- swiotlb: reduce the swiotlb buffer size on allocation failure (git-fixes).
- swiotlb: use the calculated number of areas (git-fixes).
- tracing / synthetic: Disable events after testing in synth_event_gen_test_init() (git-fixes).
- tracing/kprobes: Fix the description of variable length arguments (git-fixes).
- tracing/kprobes: Fix the order of argument descriptions (git-fixes).
- tracing/perf: Add interrupt_context_level() helper (git-fixes).
- tracing/synthetic: fix kernel-doc warnings (git-fixes).
- tracing: Always update snapshot buffer size (git-fixes).
- tracing: Disable preemption when using the filter buffer (bsc#1217036).
- tracing: Disable snapshot buffer when stopping instance tracers (git-fixes).
- tracing: Fix a possible race when disabling buffered events (bsc#1217036).
- tracing: Fix a warning when allocating buffered events fails (bsc#1217036).
- tracing: Fix blocked reader of snapshot buffer (git-fixes).
- tracing: Fix incomplete locking when disabling buffered events (bsc#1217036).
- tracing: Fix warning in trace_buffered_event_disable() (git-fixes, bsc#1217036).
- tracing: Have the user copy of synthetic event address use correct context (git-fixes).
- tracing: Reuse logic from perf's get_recursion_context() (git-fixes).
- tracing: Set actual size after ring buffer resize (git-fixes).
- tracing: Stop current tracer when resizing buffer (git-fixes).
- tracing: Update snapshot buffer on resize if it is allocated (git-fixes).
- tracing: Use __this_cpu_read() in trace_event_buffer_lock_reserver() (bsc#1217036).
- tracing: relax trace_event_eval_update() execution with cond_resched() (git-fixes).
- uapi: propagate __struct_group() attributes to the container union (jsc#SLE-18978).
- ubifs: Fix memory leak of bud->log_hash (git-fixes).
- ubifs: fix possible dereference after free (git-fixes).
- usb-storage: Add quirk for incorrect WP on Kingston DT Ultimate 3.0 G3 (git-fixes).
- usb: aqc111: check packet for fixup for true limit (git-fixes).
- usb: config: fix iteration issue in 'usb_get_bos_descriptor()' (git-fixes).
- usb: host: xhci-plat: fix possible kernel oops while resuming (git-fixes).
- usb: hub: Guard against accesses to uninitialized BOS descriptors (git-fixes).
- usb: serial: ftdi_sio: update Actisense PIDs constant names (git-fixes).
- usb: serial: option: add Foxconn T99W265 with new baseline (git-fixes).
- usb: serial: option: add Quectel EG912Y module support (git-fixes).
- usb: serial: option: add Quectel RM500Q R13 firmware support (git-fixes).
- usb: typec: bus: verify partner exists in typec_altmode_attention (git-fixes).
- usb: typec: class: fix typec_altmode_put_partner to put plugs (git-fixes).
- usb: typec: ucsi: acpi: add quirk for ASUS Zenbook UM325 (git-fixes).
- virt/coco/sev-guest: Double-buffer messages (jsc#PED-7167).
- virt: coco: Add a coco/Makefile and coco/Kconfig (jsc#PED-7167).
- virt: sevguest: Add TSM_REPORTS support for SNP_GET_EXT_REPORT (jsc#PED-7167).
- virt: sevguest: Fix passing a stack buffer as a scatterlist target (jsc#PED-7167).
- virt: sevguest: Prep for kernel internal get_ext_report() (jsc#PED-7167).
- virt: tdx-guest: Add Quote generation support using TSM_REPORTS (jsc#PED-7167).
- vsprintf/kallsyms: Prevent invalid data when printing symbol (bsc#1217602).
- wifi: cfg80211: Add my certificate (git-fixes).
- wifi: cfg80211: fix certs build to not depend on file order (git-fixes).
- wifi: iwlwifi: pcie: add another missing bh-disable for rxq->lock (git-fixes).
- wifi: iwlwifi: pcie: do not synchronize IRQs from IRQ (git-fixes).
- wifi: mac80211: mesh: check element parsing succeeded (git-fixes).
- wifi: mac80211: mesh_plink: fix matches_local logic (git-fixes).
- x86/CPU/AMD: Check vendor in the AMD microcode callback (git-fixes).
- x86/alternatives: Disable KASAN in apply_alternatives() (git-fixes).
- x86/alternatives: Disable interrupts and sync when optimizing NOPs in place (git-fixes).
- x86/alternatives: Sync core before enabling interrupts (git-fixes).
- x86/boot/compressed: Handle unaccepted memory (jsc#PED-7167).
- x86/boot/compressed: Reserve more memory for page tables (git-fixes).
- x86/boot: Add an efi.h header for the decompressor (jsc#PED-7167).
- x86/boot: Centralize __pa()/__va() definitions (jsc#PED-7167).
- x86/boot: Fix incorrect startup_gdt_descr.size (git-fixes).
- x86/cpu/amd: Enable Zenbleed fix for AMD Custom APU 0405 (git-fixes).
- x86/cpu: Do not write CSTAR MSR on Intel CPUs (jsc#PED-7167).
- x86/cpu: Fix amd_check_microcode() declaration (git-fixes).
- x86/efi: Safely enable unaccepted memory in UEFI (jsc#PED-7167).
- x86/entry: Convert INT 0x80 emulation to IDTENTRY (bsc#1217927).
- x86/entry: Do not allow external 0x80 interrupts (bsc#1217927).
- x86/fpu/xstate: Prevent false-positive warning in __copy_xstate_uabi_buf() (git-fixes).
- x86/fpu: Invalidate FPU state correctly on exec() (git-fixes).
- x86/platform/uv: Use alternate source for socket to node data (bsc#1215696 bsc#1217790).
- x86/purgatory: Remove LTO flags (git-fixes).
- x86/resctrl: Fix kernel-doc warnings (git-fixes).
- x86/sev-es: Replace open-coded hlt-loop with sev_es_terminate() (jsc#PED-7167).
- x86/sev-es: Use insn_decode_mmio() for MMIO implementation (jsc#PED-7167).
- x86/sev: Add SNP-specific unaccepted memory support (jsc#PED-7167).
- x86/sev: Allow for use of the early boot GHCB for PSC requests (jsc#PED-7167).
- x86/sev: Change npages to unsigned long in snp_accept_memory() (jsc#PED-7167).
- x86/sev: Change snp_guest_issue_request()'s fw_err argument (jsc#PED-7167).
- x86/sev: Fix address space sparse warning (jsc#PED-7167).
- x86/sev: Get rid of special sev_es_enable_key (jsc#PED-7167).
- x86/sev: Mark snp_abort() noreturn (jsc#PED-7167).
- x86/sev: Put PSC struct on the stack in prep for unaccepted memory support (jsc#PED-7167).
- x86/sev: Use large PSC requests if applicable (jsc#PED-7167).
- x86/smp: Use dedicated cache-line for mwait_play_dead() (git-fixes).
- x86/srso: Add SRSO mitigation for Hygon processors (git-fixes).
- x86/srso: Fix SBPB enablement for (possible) future fixed HW (git-fixes).
- x86/srso: Fix vulnerability reporting for missing microcode (git-fixes).
- x86/tdx: Add unaccepted memory support (jsc#PED-7167).
- x86/tdx: Disable NOTIFY_ENABLES (jsc#PED-7167).
- x86/tdx: Make _tdx_hypercall() and __tdx_module_call() available in boot stub (jsc#PED-7167).
- x86/tdx: Refactor try_accept_one() (jsc#PED-7167).
- x86/tdx: Relax SEPT_VE_DISABLE check for debug TD (jsc#PED-7167).
- x86/tdx: Use ReportFatalError to report missing SEPT_VE_DISABLE (jsc#PED-7167).
- x86/tsc: Add option to force frequency recalibration with HW timer (bsc#1215885 bsc#1217217).
- x86/tsc: Be consistent about use_tsc_delay() (bsc#1215885 bsc#1217217).
- x86/tsc: Extend watchdog check exemption to 4-Sockets platform (bsc#1215885 bsc#1217217).
- x86/unwind/orc: Unwind ftrace trampolines with correct ORC entry (git-fixes).
- xfs: Rename __xfs_attr_rmtval_remove (git-fixes).
- xfs: Use kvcalloc() instead of kvzalloc() (git-fixes).
- xfs: aborting inodes on shutdown may need buffer lock (git-fixes).
- xfs: add selinux labels to whiteout inodes (git-fixes).
- xfs: clean up "%Ld/%Lu" which does not meet C standard (git-fixes).
- xfs: convert flex-array declarations in struct xfs_attrlist* (git-fixes).
- xfs: convert flex-array declarations in xfs attr leaf blocks (git-fixes).
- xfs: convert flex-array declarations in xfs attr shortform objects (git-fixes).
- xfs: decode scrub flags in ftrace output (git-fixes).
- xfs: dump log intent items that cannot be recovered due to corruption (git-fixes).
- xfs: fix a bug in the online fsck directory leaf1 bestcount check (git-fixes).
- xfs: fix agf_fllast when repairing an empty AGFL (git-fixes).
- xfs: fix incorrect unit conversion in scrub tracepoint (git-fixes).
- xfs: fix silly whitespace problems with kernel libxfs (git-fixes).
- xfs: fix uninit warning in xfs_growfs_data (git-fixes).
- xfs: fix units conversion error in xfs_bmap_del_extent_delay (git-fixes).
- xfs: make sure maxlen is still congruent with prod when rounding down (git-fixes).
- xfs: remove kmem_alloc_io() (git-fixes).
- xfs: remove the xfs_dinode_t typedef (git-fixes).
- xfs: remove the xfs_dqblk_t typedef (git-fixes).
- xfs: remove the xfs_dsb_t typedef (git-fixes).
- xfs: rename xfs_has_attr() (git-fixes).
- xfs: replace snprintf in show functions with sysfs_emit (git-fixes).
- xfs: return EINTR when a fatal signal terminates scrub (git-fixes).
- xfs: sb verifier does not handle uncached sb buffer (git-fixes).
- xfs: simplify two-level sysctl registration for xfs_table (git-fixes).
- xfs: sysfs: use default_groups in kobj_type (git-fixes).
- xfs: use swap() to make dabtree code cleaner (git-fixes).
- xhci: Clear EHB bit only at end of interrupt handler (git-fixes).
kernel-default-5.14.21-150500.55.44.1.nosrc.rpm
True
kernel-default-5.14.21-150500.55.44.1.x86_64.rpm
True
kernel-default-base-5.14.21-150500.55.44.1.150500.6.19.2.src.rpm
True
kernel-default-base-5.14.21-150500.55.44.1.150500.6.19.2.x86_64.rpm
True
kernel-default-5.14.21-150500.55.44.1.s390x.rpm
True
kernel-default-5.14.21-150500.55.44.1.aarch64.rpm
True
kernel-default-base-5.14.21-150500.55.44.1.150500.6.19.2.aarch64.rpm
True
openSUSE-Leap-Micro-5.5-2024-234
Recommended update for sssd
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for sssd fixes the following issues:
- Update shadowLastChanged attribute during LDAP password change (bsc#1218537)
libsss_certmap0-2.5.2-150500.10.14.1.x86_64.rpm
libsss_idmap0-2.5.2-150500.10.14.1.x86_64.rpm
libsss_nss_idmap0-2.5.2-150500.10.14.1.x86_64.rpm
sssd-2.5.2-150500.10.14.1.src.rpm
sssd-2.5.2-150500.10.14.1.x86_64.rpm
sssd-common-2.5.2-150500.10.14.1.x86_64.rpm
sssd-krb5-common-2.5.2-150500.10.14.1.x86_64.rpm
sssd-ldap-2.5.2-150500.10.14.1.x86_64.rpm
libsss_certmap0-2.5.2-150500.10.14.1.s390x.rpm
libsss_idmap0-2.5.2-150500.10.14.1.s390x.rpm
libsss_nss_idmap0-2.5.2-150500.10.14.1.s390x.rpm
sssd-2.5.2-150500.10.14.1.s390x.rpm
sssd-common-2.5.2-150500.10.14.1.s390x.rpm
sssd-krb5-common-2.5.2-150500.10.14.1.s390x.rpm
sssd-ldap-2.5.2-150500.10.14.1.s390x.rpm
libsss_certmap0-2.5.2-150500.10.14.1.aarch64.rpm
libsss_idmap0-2.5.2-150500.10.14.1.aarch64.rpm
libsss_nss_idmap0-2.5.2-150500.10.14.1.aarch64.rpm
sssd-2.5.2-150500.10.14.1.aarch64.rpm
sssd-common-2.5.2-150500.10.14.1.aarch64.rpm
sssd-krb5-common-2.5.2-150500.10.14.1.aarch64.rpm
sssd-ldap-2.5.2-150500.10.14.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-140
Security update for libssh
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for libssh fixes the following issues:
Security fixes:
- CVE-2023-6004: Fixed command injection using proxycommand (bsc#1218209)
- CVE-2023-48795: Fixed potential downgrade attack using strict kex (bsc#1218126)
- CVE-2023-6918: Fixed missing checks for return values of MD functions (bsc#1218186)
- CVE-2023-1667: Fixed NULL dereference during rekeying with algorithm guessing (bsc#1211188)
- CVE-2023-2283: Fixed possible authorization bypass in pki_verify_data_signature under low-memory conditions (bsc#1211190)
Other fixes:
- Update to version 0.9.8
- Allow @ in usernames when parsing from URI composes
- Update to version 0.9.7
- Fix several memory leaks in GSSAPI handling code
libssh-0.9.8-150400.3.3.1.src.rpm
libssh-config-0.9.8-150400.3.3.1.x86_64.rpm
libssh4-0.9.8-150400.3.3.1.x86_64.rpm
libssh-config-0.9.8-150400.3.3.1.s390x.rpm
libssh4-0.9.8-150400.3.3.1.s390x.rpm
libssh-config-0.9.8-150400.3.3.1.aarch64.rpm
libssh4-0.9.8-150400.3.3.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-427
Recommended update for supportutils
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for supportutils fixes the following issues:
- Update to version 3.1.28
- Correctly detects Xen Dom0 (bsc#1218201)
- Fixed smart disk error (bsc#1218282)
- Remove supportutils requires for util-linux-systemd and kmod (bsc#1193173)
- Added missing klp information to kernel-livepatch.txt (bsc#1216390)
- Fixed plugins creating empty files when using supportconfig.rc (bsc#1216388)
- Provides long listing for /etc/sssd/sssd.conf (bsc#1211547)
- Optimize lsof usage (bsc#1183663)
- Collects chrony or ntp as needed (bsc#1196293)
- Fixed podman display issue (bsc#1217287)
- Added nvme-stas configuration to nvme.txt (bsc#1216049)
- Added timed command to fs-files.txt (bsc#1216827)
- Collects zypp history file issue#166 (bsc#1216522)
supportutils-3.1.28-150300.7.35.24.1.noarch.rpm
supportutils-3.1.28-150300.7.35.24.1.src.rpm
openSUSE-Leap-Micro-5.5-2024-238
Security update for cpio
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for cpio fixes the following issues:
- CVE-2023-7207: Fixed a path traversal issue that could lead to an
arbitrary file write during archive extraction (bsc#1218571).
cpio-2.13-150400.3.3.1.src.rpm
cpio-2.13-150400.3.3.1.x86_64.rpm
cpio-2.13-150400.3.3.1.s390x.rpm
cpio-2.13-150400.3.3.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-231
Recommended update for suse-module-tools
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for suse-module-tools fixes the following issues:
- Update to version 15.5.4
- Add symlink /boot/.vmlinuz.hmac (bsc#1217775)
suse-module-tools-15.5.4-150500.3.9.1.src.rpm
suse-module-tools-15.5.4-150500.3.9.1.x86_64.rpm
suse-module-tools-15.5.4-150500.3.9.1.s390x.rpm
suse-module-tools-15.5.4-150500.3.9.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-615
Recommended update for netcfg
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for netcfg fixes the following issues:
- Add krb-prop entry (bsc#1211886)
netcfg-11.6-150000.3.6.1.noarch.rpm
netcfg-11.6-150000.3.6.1.src.rpm
openSUSE-Leap-Micro-5.5-2024-115
Security update for the Linux Kernel
important
SUSE Updates openSUSE-Leap-Micro 5.5
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218447).
- CVE-2023-6610: Fixed an out of bounds read in the SMB client when printing debug information (bsc#1217946).
- CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race condition in bt_sock_recvmsg (bsc#1218559).
- CVE-2020-26555: Fixed Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B that may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN (bsc#1179610 bsc#1215237).
- CVE-2023-6606: Fixed an out of bounds read in the SMB client when receiving a malformed length from a server (bsc#1217947).
- CVE-2023-6546: Fixed a race condition in the GSM 0710 tty multiplexor via the GSMIOC_SETCONF ioctl that could lead to local privilege escalation (bsc#1218335).
- CVE-2023-6931: Fixed a heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component that could lead to local privilege escalation. (bsc#1218258).
- CVE-2023-6932: Fixed a use-after-free vulnerability in the Linux kernel's ipv4: igmp component that could lead to local privilege escalation (bsc#1218253).
- CVE-2023-6622: Fixed a null pointer dereference vulnerability in nft_dynset_init() that could allow a local attacker with CAP_NET_ADMIN user privilege to trigger a denial of service (bsc#1217938).
- CVE-2023-6121: Fixed an out-of-bounds read vulnerability in the NVMe-oF/TCP subsystem that could lead to information leak (bsc#1217250).
The following non-security bugs were fixed:
- Documentation: KVM: add separate directories for architecture-specific documentation (jsc#PED-7167).
- Documentation: KVM: update amd-memory-encryption.rst references (jsc#PED-7167).
- Documentation: KVM: update msr.rst reference (jsc#PED-7167).
- Documentation: KVM: update s390-diag.rst reference (jsc#PED-7167).
- Documentation: KVM: update s390-pv.rst reference (jsc#PED-7167).
- Documentation: drop more IDE boot options and ide-cd.rst (git-fixes).
- Documentation: qat: Use code block for qat sysfs example (git-fixes).
- Drop Documentation/ide/ (git-fixes).
- Fix crash on screen resize (bsc#1218229)
- Fix drm gem object underflow (bsc#1218092)
- KVM: arm64: Prevent kmemleak from accessing pKVM memory (jsc#PED-7167).
- KVM: s390/mm: Properly reset no-dat (git-fixes bsc#1218056).
- KVM: s390: vsie: fix wrong VIR 37 when MSO is used (git-fixes bsc#1217933).
- Revert "PCI/ASPM: Remove pcie_aspm_pm_state_change()" (git-fixes).
- Revert "PCI: acpiphp: Reassign resources on bridge if necessary" (git-fixes).
- Revert "md: unlock mddev before reap sync_thread in action_store" (git-fixes).
- Revert "swiotlb: panic if nslabs is too small" (git-fixes).
- Revert "xhci: Loosen RPM as default policy to cover for AMD xHC 1.1" (git-fixes).
- USB: serial: ftdi_sio: update Actisense PIDs constant names (git-fixes).
- USB: serial: option: add Foxconn T99W265 with new baseline (git-fixes).
- USB: serial: option: add Quectel EG912Y module support (git-fixes).
- USB: serial: option: add Quectel RM500Q R13 firmware support (git-fixes).
- Update: drm/vmwgfx: Keep a gem reference to user bos in surfaces
- acpi: video: Add backlight=native DMI quirk for Lenovo Ideapad Z470 (git-fixes).
- acpi: x86: s2idle: Catch multiple ACPI_TYPE_PACKAGE objects (git-fixes).
- acpica: Add AML_NO_OPERAND_RESOLVE flag to Timer (git-fixes).
- afs: Fix afs_server_list to be cleaned up with RCU (git-fixes).
- afs: Fix dynamic root lookup DNS check (git-fixes).
- afs: Fix file locking on R/O volumes to operate in local mode (git-fixes).
- afs: Fix overwriting of result of DNS query (git-fixes).
- afs: Fix refcount underflow from error handling race (git-fixes).
- afs: Fix the dynamic root's d_delete to always delete unused dentries (git-fixes).
- afs: Fix use-after-free due to get/remove race in volume tree (git-fixes).
- afs: Make error on cell lookup failure consistent with OpenAFS (git-fixes).
- afs: Return ENOENT if no cell DNS record can be found (git-fixes).
- alsa: hda - Fix speaker and headset mic pin config for CHUWI CoreBook XPro (git-fixes).
- alsa: hda/hdmi: add force-connect quirk for NUC5CPYB (git-fixes).
- alsa: hda/hdmi: add force-connect quirks for ASUSTeK Z170 variants (git-fixes).
- alsa: hda/realtek: Add Framework laptop 16 to quirks (git-fixes).
- alsa: hda/realtek: Add quirk for ASUS ROG GV302XA (git-fixes).
- alsa: hda/realtek: Add supported ALC257 for ChromeOS (git-fixes).
- alsa: hda/realtek: Apply mute LED quirk for HP15-db (git-fixes).
- alsa: hda/realtek: Enable headset on Lenovo M90 Gen5 (git-fixes).
- alsa: hda/realtek: Fix mute and mic-mute LEDs for HP ProBook 440 G6 (git-fixes).
- alsa: hda/realtek: Headset Mic VREF to 100% (git-fixes).
- alsa: hda/realtek: add new Framework laptop to quirks (git-fixes).
- alsa: hda/realtek: enable SND_PCI_QUIRK for hp pavilion 14-ec1xxx series (git-fixes).
- alsa: hda/realtek: fix mute/micmute LEDs for a HP ZBook (git-fixes).
- alsa: hda/realtek: fix speakers on XPS 9530 (2023) (git-fixes).
- alsa: hda: intel-dsp-cfg: add LunarLake support (git-fixes).
- alsa: pcm: fix out-of-bounds in snd_pcm_state_names (git-fixes).
- alsa: seq: oss: Fix racy open/close of MIDI devices (git-fixes).
- alsa: usb-audio: Add Pioneer DJM-450 mixer controls (git-fixes).
- alsa: usb-audio: Increase delay in MOTU M quirk (git-fixes).
- apparmor: Free up __cleanup() name (jsc#PED-7167).
- arm64: dts: arm: add missing cache properties (git-fixes)
- arm64: dts: imx8mm: Add sound-dai-cells to micfil node (git-fixes)
- arm64: dts: imx8mn: Add sound-dai-cells to micfil node (git-fixes)
- arm64: dts: imx8mq-librem5: Remove dis_u3_susphy_quirk from (git-fixes)
- arm64: kdump: Skip kmemleak scan reserved memory for kdump (jsc#PED-7167).
- arm64: mm: Fix "rodata=on" when CONFIG_RODATA_FULL_DEFAULT_ENABLED=y (git-fixes)
- arm: oMAP2+: Fix null pointer dereference and memory leak in omap_soc_device_init (git-fixes).
- arm: pL011: Fix DMA support (git-fixes).
- asoc: fsl_rpmsg: Fix error handler with pm_runtime_enable (git-fixes).
- asoc: hdmi-codec: fix missing report for jack initial status (git-fixes).
- asoc: meson: g12a-toacodec: Fix event generation (git-fixes).
- asoc: meson: g12a-toacodec: Validate written enum values (git-fixes).
- asoc: meson: g12a-tohdmitx: Fix event generation for S/PDIF mux (git-fixes).
- asoc: meson: g12a-tohdmitx: Validate written enum values (git-fixes).
- asoc: wm_adsp: fix memleak in wm_adsp_buffer_populate (git-fixes).
- bitmap: unify find_bit operations (jsc#PED-7167).
- block: fix revalidate performance regression (bsc#1216057).
- bluetooth: Fix deadlock in vhci_send_frame (git-fixes).
- bluetooth: L2CAP: Send reject on command corrupted request (git-fixes).
- bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE (git-fixes).
- bluetooth: btusb: Add new PID/VID 0489:e0f2 for MT7921 (bsc#1218461).
- bluetooth: hci_event: Fix not checking if HCI_OP_INQUIRY has been sent (git-fixes).
- bluetooth: hci_event: shut up a false-positive warning (git-fixes).
- bluetooth: hci_qca: Fix the teardown problem for real (git-fixes).
- bnxt: do not handle XDP in netpoll (jsc#PED-1495).
- bnxt_en: Clear resource reservation during resume (jsc#PED-1495).
- bnxt_en: Fix HWTSTAMP_FILTER_ALL packet timestamp logic (jsc#PED-1495).
- bnxt_en: Fix max_mtu setting for multi-buf XDP (jsc#PED-1495).
- bnxt_en: Fix page pool logic for page size >= 64K (jsc#PED-1495).
- bnxt_en: Fix wrong return value check in bnxt_close_nic() (jsc#PED-1495).
- bnxt_en: Flush XDP for bnxt_poll_nitroa0()'s NAPI (jsc#PED-1495).
- bpf: Adjust insufficient default bpf_jit_limit (bsc#1218234 git-fixes).
- bus: ti-sysc: Flush posted write only after srst_udelay (git-fixes).
- ceph: fix incorrect revoked caps assert in ceph_fill_file_size() (bsc#1217980).
- ceph: fix type promotion bug on 32bit systems (bsc#1217982).
- cleanup: Make no_free_ptr() __must_check (jsc#PED-7167).
- clocksource: Add a Kconfig option for WATCHDOG_MAX_SKEW (bsc#1215885 bsc#1217217).
- clocksource: Enable TSC watchdog checking of HPET and PMTMR only when requested (bsc#1215885 bsc#1217217).
- clocksource: Handle negative skews in "skew is too large" messages (bsc#1215885 bsc#1217217).
- clocksource: Improve "skew is too large" messages (bsc#1215885 bsc#1217217).
- clocksource: Improve read-back-delay message (bsc#1215885 bsc#1217217).
- clocksource: Loosen clocksource watchdog constraints (bsc#1215885 bsc#1217217).
- clocksource: Print clocksource name when clocksource is tested unstable (bsc#1215885 bsc#1217217).
- clocksource: Verify HPET and PMTMR when TSC unverified (bsc#1215885 bsc#1217217).
- configfs-tsm: Introduce a shared ABI for attestation reports (jsc#PED-7167).
- crypto: ccp - Add SEV_INIT rc error logging on init (jsc#PED-7167).
- crypto: ccp - Add SEV_INIT_EX support (jsc#PED-7167).
- crypto: ccp - Add a header for multiple drivers to use `__psp_pa` (jsc#PED-7167).
- crypto: ccp - Add a quirk to firmware update (jsc#PED-7167).
- crypto: ccp - Add psp_init_on_probe module parameter (jsc#PED-7167).
- crypto: ccp - Drop TEE support for IRQ handler (jsc#PED-7167).
- crypto: ccp - Ensure psp_ret is always init'd in __sev_platform_init_locked() (jsc#PED-7167).
- crypto: ccp - Fail the PSP initialization when writing psp data file failed (jsc#PED-7167).
- crypto: ccp - Fix the INIT_EX data file open failure (jsc#PED-7167).
- crypto: ccp - Fix whitespace in sev_cmd_buffer_len() (jsc#PED-7167).
- crypto: ccp - Flush the SEV-ES TMR memory before giving it to firmware (jsc#PED-7167).
- crypto: ccp - Initialize PSP when reading psp data file failed (jsc#PED-7167).
- crypto: ccp - Log when resetting PSP SEV state (jsc#PED-7167).
- crypto: ccp - Move SEV_INIT retry for corrupted data (jsc#PED-7167).
- crypto: ccp - Move some PSP mailbox bit definitions into common header (jsc#PED-7167).
- crypto: ccp - Name -1 return value as SEV_RET_NO_FW_CALL (jsc#PED-7167).
- crypto: ccp - Refactor out sev_fw_alloc() (jsc#PED-7167).
- crypto: ccp - remove unneeded semicolon (jsc#PED-7167).
- crypto: ccp: Get rid of __sev_platform_init_locked()'s local function pointer (jsc#PED-7167).
- dm verity: initialize fec io before freeing it (git-fixes).
- dm-verity: do not use blocking calls from tasklets (git-fixes).
- dm: add cond_resched() to dm_wq_requeue_work() (git-fixes).
- dm: do not attempt to queue IO under RCU protection (git-fixes).
- dm: fix __send_duplicate_bios() to always allow for splitting IO (bsc#1215952).
- dm: fix improper splitting for abnormal bios (bsc#1215952).
- dm: verity-loadpin: Add NULL pointer check for 'bdev' parameter (git-fixes).
- dm_blk_ioctl: implement path failover for SG_IO (bsc#1183045, bsc#1216776).
- dmaengine: ioat: Free up __cleanup() name (jsc#PED-7167).
- doc/README.SUSE: Add how to update the config for module signing (jsc#PED-5021)
- doc/README.SUSE: Remove how to build modules using kernel-source (jsc#PED-5021)
- doc/README.SUSE: Simplify the list of references (jsc#PED-5021)
- drm/amd/amdgpu: Fix warnings in amdgpu/amdgpu_display.c (git-fixes).
- drm/amdgpu/sdma5.2: add begin/end_use ring callbacks (bsc#1212139).
- drm/amdgpu: Add EEPROM I2C address support for ip discovery (git-fixes).
- drm/amdgpu: Add I2C EEPROM support on smu v13_0_6 (git-fixes).
- drm/amdgpu: Add support for RAS table at 0x40000 (git-fixes).
- drm/amdgpu: Decouple RAS EEPROM addresses from chips (git-fixes).
- drm/amdgpu: Remove redundant I2C EEPROM address (git-fixes).
- drm/amdgpu: Remove second moot switch to set EEPROM I2C address (git-fixes).
- drm/amdgpu: Return from switch early for EEPROM I2C address (git-fixes).
- drm/amdgpu: Update EEPROM I2C address for smu v13_0_0 (git-fixes).
- drm/amdgpu: Update ras eeprom support for smu v13_0_0 and v13_0_10 (git-fixes).
- drm/amdgpu: correct chunk_ptr to a pointer to chunk (git-fixes).
- drm/amdgpu: correct the amdgpu runtime dereference usage count (git-fixes).
- drm/amdgpu: fix tear down order in amdgpu_vm_pt_free (git-fixes).
- drm/amdgpu: simplify amdgpu_ras_eeprom.c (git-fixes).
- drm/bridge: parade-ps8640: Never store more than msg->size bytes in AUX xfer (git-fixes).
- drm/bridge: ps8640: Fix size mismatch warning w/ len (git-fixes).
- drm/bridge: tc358768: select CONFIG_VIDEOMODE_HELPERS (git-fixes).
- drm/bridge: ti-sn65dsi86: Never store more than msg->size bytes in AUX xfer (git-fixes).
- drm/i915/display: Drop check for doublescan mode in modevalid (git-fixes).
- drm/i915/dp: Fix passing the correct DPCD_REV for drm_dp_set_phy_test_pattern (git-fixes).
- drm/i915/dpt: Only do the POT stride remap when using DPT (git-fixes).
- drm/i915/lvds: Use REG_BIT() & co (git-fixes).
- drm/i915/mtl: limit second scaler vertical scaling in ver >= 14 (git-fixes).
- drm/i915/sdvo: stop caching has_hdmi_monitor in struct intel_sdvo (git-fixes).
- drm/i915: Fix intel_atomic_setup_scalers() plane_state handling (git-fixes).
- drm/i915: Fix remapped stride with CCS on ADL+ (git-fixes).
- drm/i915: Reject async flips with bigjoiner (git-fixes).
- drm/i915: Relocate intel_atomic_setup_scalers() (git-fixes).
- drm/i915: fix MAX_ORDER usage in i915_gem_object_get_pages_internal() (jsc#PED-7167).
- drm/mediatek: Add spinlock for setting vblank event in atomic_begin (git-fixes).
- drm/mgag200: Fix gamma lut not initialized for G200ER, G200EV, G200SE (git-fixes).
- efi/libstub: Implement support for unaccepted memory (jsc#PED-7167).
- efi/unaccepted: Avoid load_unaligned_zeropad() stepping into unaccepted memory (jsc#PED-7167).
- efi/unaccepted: Fix off-by-one when checking for overlapping ranges (jsc#PED-7167).
- efi/unaccepted: Fix soft lockups caused by parallel memory acceptance (jsc#PED-7167).
- efi/unaccepted: Make sure unaccepted table is mapped (jsc#PED-7167).
- efi/unaccepted: Use ACPI reclaim memory for unaccepted memory table (jsc#PED-7167).
- efi/x86: Get full memory map in allocate_e820() (jsc#PED-7167).
- efi: Add unaccepted memory support (jsc#PED-7167).
- efi: libstub: avoid efi_get_memory_map() for allocating the virt map (jsc#PED-7167).
- efi: libstub: install boot-time memory map as config table (jsc#PED-7167).
- efi: libstub: remove DT dependency from generic stub (jsc#PED-7167).
- efi: libstub: remove pointless goto kludge (jsc#PED-7167).
- efi: libstub: simplify efi_get_memory_map() and struct efi_boot_memmap (jsc#PED-7167).
- efi: libstub: unify initrd loading between architectures (jsc#PED-7167).
- floppy: fix MAX_ORDER usage (jsc#PED-7167).
- fprobe: Fix to ensure the number of active retprobes is not zero (git-fixes).
- fs/jfs: Add check for negative db_l2nbperpage (git-fixes).
- fs/jfs: Add validity check for db_maxag and db_agpref (git-fixes).
- fs/jfs: prevent double-free in dbUnmount() after failed jfs_remount() (git-fixes).
- fs/remap: constrain dedupe of EOF blocks (git-fixes).
- fs: avoid empty option when generating legacy mount string (git-fixes).
- fs: fix an infinite loop in iomap_fiemap (git-fixes).
- fs: ocfs2: namei: check return value of ocfs2_add_entry() (git-fixes).
- genwqe: fix MAX_ORDER usage (jsc#PED-7167).
- gfs2: Add wrapper for iomap_file_buffered_write (git-fixes).
- gfs2: Check sb_bsize_shift after reading superblock (git-fixes).
- gfs2: Clean up function may_grant (git-fixes).
- gfs2: Fix filesystem block deallocation for short writes (git-fixes).
- gfs2: Fix gfs2_release for non-writers regression (git-fixes).
- gfs2: Fix inode height consistency check (git-fixes).
- gfs2: Fix length of holes reported at end-of-file (git-fixes).
- gfs2: Fix possible data races in gfs2_show_options() (git-fixes).
- gfs2: Improve gfs2_make_fs_rw error handling (git-fixes).
- gfs2: Make sure FITRIM minlen is rounded up to fs block size (git-fixes).
- gfs2: Silence "suspicious RCU usage in gfs2_permission" warning (git-fixes).
- gfs2: Switch from strlcpy to strscpy (git-fixes).
- gfs2: fix an oops in gfs2_permission (git-fixes).
- gfs2: gfs2_setattr_size error path fix (git-fixes).
- gfs2: ignore negated quota changes (git-fixes).
- gfs2: jdata writepage fix (git-fixes).
- gfs2: use i_lock spin_lock for inode qadata (git-fixes).
- gpiolib: sysfs: Fix error handling on failed export (git-fixes).
- gve: Fixes for napi_poll when budget is 0 (git-fixes).
- gve: Use size_add() in call to struct_size() (git-fixes).
- hid: add ALWAYS_POLL quirk for Apple kb (git-fixes).
- hid: glorious: fix Glorious Model I HID report (git-fixes).
- hid: hid-asus: add const to read-only outgoing usb buffer (git-fixes).
- hid: hid-asus: reset the backlight brightness level on resume (git-fixes).
- hid: lenovo: Restrict detection of patched firmware only to USB cptkbd (git-fixes).
- hid: multitouch: Add quirk for HONOR GLO-GXXX touchpad (git-fixes).
- hwmon: (acpi_power_meter) Fix 4.29 MW bug (git-fixes).
- hwmon: (nzxt-kraken2) Fix error handling path in kraken2_probe() (git-fixes).
- i2c: aspeed: Handle the coalesced stop conditions with the start conditions (git-fixes).
- i2c: core: Fix atomic xfer check for non-preempt config (git-fixes).
- i2c: designware: Fix corrupted memory seen in the ISR (git-fixes).
- i40e: Fix I40E_FLAG_VF_VLAN_PRUNING value (jsc#PED-372).
- i40e: Fix VF VLAN offloading when port VLAN is configured (jsc#PED-372).
- i40e: Fix unexpected MFS warning message (jsc#PED-372).
- i40e: Fix wrong check for I40E_TXR_FLAGS_WB_ON_ITR (jsc#PED-372).
- i40e: fix misleading debug logs (jsc#PED-372).
- i40e: fix potential NULL pointer dereferencing of pf->vf i40e_sync_vsi_filters() (jsc#PED-372).
- i40e: fix potential memory leaks in i40e_remove() (jsc#PED-372).
- i40e: prevent crash on probe if hw registers have invalid values (jsc#PED-372).
- ib/mlx5: Fix init stage error handling to avoid double free of same QP and UAF (git-fixes)
- ib/mlx5: Fix rdma counter binding for RAW QP (git-fixes)
- igb: Avoid starting unnecessary workqueues (jsc#PED-370).
- igb: Change IGB_MIN to allow set rx/tx value between 64 and 80 (jsc#PED-370).
- igb: Fix potential memory leak in igb_add_ethtool_nfc_entry (jsc#PED-370).
- igb: clean up in all error paths when enabling SR-IOV (jsc#PED-370).
- igb: disable virtualization features on 82580 (jsc#PED-370).
- igbvf: Change IGBVF_MIN to allow set rx/tx value between 64 and 80 (jsc#PED-370).
- igc: Change IGC_MIN to allow set rx/tx value between 64 and 80 (jsc#PED-375).
- igc: Expose tx-usecs coalesce setting to user (jsc#PED-375).
- igc: Fix ambiguity in the ethtool advertising (jsc#PED-375).
- igc: Fix infinite initialization loop with early XDP redirect (jsc#PED-375).
- igc: Fix the typo in the PTM Control macro (jsc#PED-375).
- iio: adc: ti_am335x_adc: Fix return value check of tiadc_request_dma() (git-fixes).
- iio: common: ms_sensors: ms_sensors_i2c: fix humidity conversion time table (git-fixes).
- iio: imu: inv_mpu6050: fix an error code problem in inv_mpu6050_read_raw (git-fixes).
- iio: triggered-buffer: prevent possible freeing of wrong buffer (git-fixes).
- input: i8042 - add quirk for TUXEDO Gemini 17 Gen1/Clevo PD70PN (git-fixes).
- input: ipaq-micro-keys - add error handling for devm_kmemdup (git-fixes).
- input: soc_button_array - add mapping for airplane mode button (git-fixes).
- input: xpad - add HyperX Clutch Gladiate Support (git-fixes).
- interconnect: Treat xlate() returning NULL node as an error (git-fixes).
- iomap: Fix iomap_dio_rw return value for user copies (git-fixes).
- iommu: fix MAX_ORDER usage in __iommu_dma_alloc_pages() (jsc#PED-7167).
- iov_iter, x86: Be consistent about the __user tag on copy_mc_to_user() (git-fixes).
- jfs: fix array-index-out-of-bounds in dbFindLeaf (git-fixes).
- jfs: fix array-index-out-of-bounds in diAlloc (git-fixes).
- jfs: fix invalid free of JFS_IP(ipimap)->i_imap in diUnmount (git-fixes).
- jfs: validate max amount of blocks before allocation (git-fixes).
- kABI: Preserve the type of rethook::handler (git-fixes).
- kABI: restore void return to typec_altmode_attention (git-fixes).
- kabi/severities: ignore kABI for asus-wmi drivers Tolerate the kABI changes, as used only locally for asus-wmi stuff
- kabi/severities: make snp_issue_guest_request PASS (jsc#PED-7167)
- kabi: fix of_reserved_mem_* due to struct vm_struct became defined (jsc#PED-7167).
- kabi: fix sev-dev due to fs_struct became defined (jsc#PED-7167).
- kabi: fix struct efi after adding unaccepted memory table (jsc#PED-7167).
- kabi: fix struct zone kabi after adding unaccepted_pages and NR_UNACCEPTED (jsc#PED-7167).
- kbuild: Drop -Wdeclaration-after-statement (jsc#PED-7167).
- kconfig: fix memory leak from range properties (git-fixes).
- kernel-source: Remove config-options.changes (jsc#PED-5021)
- kprobes: consistent rcu api usage for kretprobe holder (git-fixes).
- lib/vsprintf: Fix %pfwf when current node refcount == 0 (git-fixes).
- libceph: use kernel_connect() (bsc#1217981).
- locking: Introduce __cleanup() based infrastructure (jsc#PED-7167).
- locks: fix KASAN: use-after-free in trace_event_raw_event_filelock_lock (git-fixes).
- md/bitmap: do not set max_write_behind if there is no write mostly device (git-fixes).
- md/md-bitmap: hold 'reconfig_mutex' in backlog_store() (git-fixes).
- md/md-bitmap: remove unnecessary local variable in backlog_store() (git-fixes).
- md/raid0: add discard support for the 'original' layout (git-fixes).
- md/raid10: do not call bio_start_io_acct twice for bio which experienced read error (git-fixes).
- md/raid10: factor out code from wait_barrier() to stop_waiting_barrier() (git-fixes).
- md/raid10: factor out dereference_rdev_and_rrdev() (git-fixes).
- md/raid10: fix io loss while replacement replace rdev (git-fixes).
- md/raid10: fix leak of 'r10bio->remaining' for recovery (git-fixes).
- md/raid10: fix memleak for 'conf->bio_split' (git-fixes).
- md/raid10: fix memleak of md thread (git-fixes).
- md/raid10: fix null-ptr-deref in raid10_sync_request (git-fixes).
- md/raid10: fix null-ptr-deref of mreplace in raid10_sync_request (git-fixes).
- md/raid10: fix overflow of md/safe_mode_delay (git-fixes).
- md/raid10: fix task hung in raid10d (git-fixes).
- md/raid10: fix the condition to call bio_end_io_acct() (git-fixes).
- md/raid10: fix wrong setting of max_corr_read_errors (git-fixes).
- md/raid10: prevent soft lockup while flush writes (git-fixes).
- md/raid10: use dereference_rdev_and_rrdev() to get devices (git-fixes).
- md/raid1: fix error: ISO C90 forbids mixed declarations (git-fixes).
- md/raid1: free the r1bio before waiting for blocked rdev (git-fixes).
- md/raid1: hold the barrier until handle_read_error() finishes (git-fixes).
- md/raid5-cache: fix a deadlock in r5l_exit_log() (git-fixes).
- md/raid5-cache: fix null-ptr-deref for r5l_flush_stripe_to_raid() (git-fixes).
- md/raid5: fix miscalculation of 'end_sector' in raid5_read_one_chunk() (git-fixes).
- md: Put the right device in md_seq_next (bsc#1217822).
- md: Set MD_BROKEN for RAID1 and RAID10 (git-fixes).
- md: avoid signed overflow in slot_store() (git-fixes).
- md: do not update recovery_cp when curr_resync is ACTIVE (git-fixes).
- md: drop queue limitation for RAID1 and RAID10 (git-fixes).
- md: raid0: account for split bio in iostat accounting (git-fixes).
- md: raid10 add nowait support (git-fixes).
- md: raid1: fix potential OOB in raid1_remove_disk() (git-fixes).
- md: restore 'noio_flag' for the last mddev_resume() (git-fixes).
- md: select BLOCK_LEGACY_AUTOLOAD (git-fixes).
- memblock: exclude MEMBLOCK_NOMAP regions from kmemleak (jsc#PED-7167).
- memblock: make memblock_find_in_range method private (jsc#PED-7167).
- misc: mei: client.c: fix problem of return '-EOVERFLOW' in mei_cl_write (git-fixes).
- misc: mei: client.c: return negative error code in mei_cl_write (git-fixes).
- mkspec: Add multibuild support (JSC-SLE#5501, boo#1211226, bsc#1218184) When MULTIBUILD option in config.sh is enabled generate a _multibuild file listing all spec files.
- mm/page_alloc: make deferred page init free pages in MAX_ORDER blocks (jsc#PED-7167).
- mm/pgtable: Fix multiple -Wstringop-overflow warnings (jsc#PED-7167).
- mm/slab: Add __free() support for kvfree (jsc#PED-7167).
- mm/slub: fix MAX_ORDER usage in calculate_order() (jsc#PED-7167).
- mm: Add PAGE_ALIGN_DOWN macro (jsc#PED-7167).
- mm: Add support for unaccepted memory (jsc#PED-7167).
- mm: add pageblock_align() macro (jsc#PED-7167).
- mm: add pageblock_aligned() macro (jsc#PED-7167).
- mm: avoid passing 0 to __ffs() (jsc#PED-7167).
- mm: kmem: drop __GFP_NOFAIL when allocating objcg vectors (bsc#1218515).
- mm: move kvmalloc-related functions to slab.h (jsc#PED-7167).
- mm: new primitive kvmemdup() (jsc#PED-7167).
- mm: reuse pageblock_start/end_pfn() macro (jsc#PED-7167).
- mmc: meson-mx-sdhc: Fix initialization frozen issue (git-fixes).
- mmc: rpmb: fixes pause retune on all RPMB partitions (git-fixes).
- mmc: sdhci-sprd: Fix eMMC init failure after hw reset (git-fixes).
- neighbor: tracing: Move pin6 inside CONFIG_IPV6=y section (git-fixes).
- net/rose: Fix Use-After-Free in rose_ioctl (git-fixes).
- net/smc: Fix pos miscalculation in statistics (bsc#1218139).
- net/tg3: fix race condition in tg3_reset_task() (bsc#1217801).
- net: 9p: avoid freeing uninit memory in p9pdu_vreadf (git-fixes).
- net: bnxt: fix a potential use-after-free in bnxt_init_tc (jsc#PED-1495).
- net: ena: Destroy correct number of xdp queues upon failure (git-fixes).
- net: ena: Fix XDP redirection error (git-fixes).
- net: ena: Fix xdp drops handling due to multibuf packets (git-fixes).
- net: ena: Flush XDP packets on error (git-fixes).
- net: mana: select PAGE_POOL (git-fixes).
- net: rfkill: gpio: set GPIO direction (git-fixes).
- net: usb: ax88179_178a: avoid failed operations when device is disconnected (git-fixes).
- net: usb: ax88179_178a: clean up pm calls (git-fixes).
- net: usb: ax88179_178a: wol optimizations (git-fixes).
- net: usb: qmi_wwan: claim interface 4 for ZTE MF290 (git-fixes).
- nfc: llcp_core: Hold a ref to llcp_local->dev when holding a ref to llcp_local (git-fixes).
- nfs: Fix O_DIRECT locking issues (bsc#1211162).
- nfs: Fix a few more clear_bit() instances that need release semantics (bsc#1211162).
- nfs: Fix a potential data corruption (bsc#1211162).
- nfs: Fix a use after free in nfs_direct_join_group() (bsc#1211162).
- nfs: Fix error handling for O_DIRECT write scheduling (bsc#1211162).
- nfs: More O_DIRECT accounting fixes for error paths (bsc#1211162).
- nfs: More fixes for nfs_direct_write_reschedule_io() (bsc#1211162).
- nfs: Use the correct commit info in nfs_join_page_group() (bsc#1211162).
- nfs: only issue commit in DIO codepath if we have uncommitted data (bsc#1211162).
- nilfs2: fix missing error check for sb_set_blocksize call (git-fixes).
- nilfs2: prevent WARNING in nilfs_sufile_set_segment_usage() (git-fixes).
- nlm: Defend against file_lock changes after vfs_test_lock() (bsc#1217692).
- null_blk: fix poll request timeout handling (git-fixes).
- nvme-core: check for too small lba shift (bsc#1214117).
- nvme-pci: Add sleep quirk for Kingston drives (git-fixes).
- nvme-pci: always return an ERR_PTR from nvme_pci_alloc_dev (git-fixes).
- nvme-pci: do not set the NUMA node of device if it has none (git-fixes).
- nvme-pci: factor out a nvme_pci_alloc_dev helper (git-fixes).
- nvme-rdma: do not try to stop unallocated queues (git-fixes).
- nvme: sanitize metadata bounce buffer for reads (git-fixes).
- nvmet-auth: complete a request only after freeing the dhchap pointers (git-fixes).
- of: reserved_mem: Have kmemleak ignore dynamically allocated reserved mem (jsc#PED-7167).
- orangefs: Fix kmemleak in orangefs_prepare_debugfs_help_string() (git-fixes).
- orangefs: Fix kmemleak in orangefs_{kernel,client}_debug_init() (git-fixes).
- orangefs: Fix sysfs not cleanup when dev init failed (git-fixes).
- orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc() (git-fixes).
- padata: Fix refcnt handling in padata_free_shell() (git-fixes).
- parport: Add support for Brainboxes IX/UC/PX parallel cards (git-fixes).
- pci: loongson: Limit MRRS to 256 (git-fixes).
- perf/core: fix MAX_ORDER usage in rb_alloc_aux_page() (jsc#PED-7167).
- pinctrl: at91-pio4: use dedicated lock class for IRQ (git-fixes).
- platform/surface: aggregator: fix recv_buf() return value (git-fixes).
- platform/x86: asus-wmi: Add support for ROG X13 tablet mode (git-fixes).
- platform/x86: asus-wmi: Adjust tablet/lidflip handling to use enum (git-fixes).
- platform/x86: asus-wmi: Fix kbd_dock_devid tablet-switch reporting (git-fixes).
- platform/x86: asus-wmi: Move i8042 filter install to shared asus-wmi code (git-fixes).
- platform/x86: asus-wmi: Simplify tablet-mode-switch handling (git-fixes).
- platform/x86: asus-wmi: Simplify tablet-mode-switch probing (git-fixes).
- platform/x86: wmi: Allow duplicate GUIDs for drivers that use struct wmi_driver (git-fixes).
- platform/x86: wmi: Skip blocks with zero instances (git-fixes).
- powerpc/pseries/vas: Migration suspend waits for no in-progress open windows (bsc#1218397 ltc#204523).
- qed/red_ll2: Fix undefined behavior bug in struct qed_ll2_info (jsc#PED-1526).
- qed: Fix a potential use-after-free in qed_cxt_tables_alloc (jsc#PED-1526).
- qed: fix LL2 RX buffer allocation (jsc#PED-1526).
- qede: fix firmware halt over suspend and resume (jsc#PED-1526).
- qla2xxx: add debug log for deprecated hw detected (bsc#1216032).
- r8152: Add RTL8152_INACCESSIBLE checks to more loops (git-fixes).
- r8152: Add RTL8152_INACCESSIBLE to r8153_aldps_en() (git-fixes).
- r8152: Add RTL8152_INACCESSIBLE to r8153_pre_firmware_1() (git-fixes).
- r8152: Add RTL8152_INACCESSIBLE to r8156b_wait_loading_flash() (git-fixes).
- r8152: Rename RTL8152_UNPLUG to RTL8152_INACCESSIBLE (git-fixes).
- r8169: Fix PCI error on system resume (git-fixes).
- rdma/bnxt_re: Correct module description string (jsc#PED-1495).
- rdma/core: Use size_{add,sub,mul}() in calls to struct_size() (git-fixes)
- rdma/hfi1: Use FIELD_GET() to extract Link Width (git-fixes)
- rdma/hfi1: Workaround truncation compilation error (git-fixes)
- rdma/hns: Add check for SL (git-fixes)
- rdma/hns: Fix printing level of asynchronous events (git-fixes)
- rdma/hns: Fix signed-unsigned mixed comparisons (git-fixes)
- rdma/hns: Fix uninitialized ucmd in hns_roce_create_qp_common() (git-fixes)
- rdma/hns: The UD mode can only be configured with DCQCN (git-fixes)
- regmap: fix bogus error on regcache_sync success (git-fixes).
- reiserfs: Check the return value from __getblk() (git-fixes).
- reiserfs: Replace 1-element array with C99 style flex-array (git-fixes).
- remove unnecessary WARN_ON_ONCE() (bsc#1214823 bsc#1218569).
- reset: Fix crash when freeing non-existent optional resets (git-fixes).
- restore renamed device IDs for USB HID devices (git-fixes).
- rethook: Fix to use WRITE_ONCE() for rethook:: Handler (git-fixes).
- rethook: Use __rcu pointer for rethook::handler (git-fixes).
- ring-buffer: Do not try to put back write_stamp (git-fixes).
- ring-buffer: Do not update before stamp when switching sub-buffers (git-fixes).
- ring-buffer: Fix a race in rb_time_cmpxchg() for 32 bit archs (git-fixes).
- ring-buffer: Fix memory leak of free page (git-fixes).
- ring-buffer: Fix slowpath of interrupted event (git-fixes).
- ring-buffer: Fix wake ups when buffer_percent is set to 100 (git-fixes).
- ring-buffer: Fix writing to the buffer with max_data_size (git-fixes).
- ring-buffer: Force absolute timestamp on discard of event (git-fixes).
- ring-buffer: Have saved event hold the entire event (git-fixes).
- ring-buffer: Remove useless update to write_stamp in rb_try_to_discard() (git-fixes).
- s390/vx: fix save/restore of fpu kernel context (git-fixes bsc#1218357).
- scsi: lpfc: use unsigned type for num_sge (bsc#1214747).
- serial: 8250: 8250_omap: Clear UART_HAS_RHR_IT_DIS bit (git-fixes).
- serial: 8250: 8250_omap: Do not start RX DMA on THRI interrupt (git-fixes).
- serial: sc16is7xx: address RX timeout interrupt errata (git-fixes).
- soundwire: stream: fix NULL pointer dereference for multi_link (git-fixes).
- spi: atmel: Fix clock issue when using devices with different polarities (git-fixes).
- statfs: enforce statfs[64] structure initialization (git-fixes).
- supported.conf: add drivers/virt/coco/tsm (jsc#PED-7167)
- swiotlb: always set the number of areas before allocating the pool (git-fixes).
- swiotlb: do not panic! (git-fixes).
- swiotlb: fix a braino in the alignment check fix (bsc#1216559).
- swiotlb: fix debugfs reporting of reserved memory pools (git-fixes).
- swiotlb: fix slot alignment checks (bsc#1216559).
- swiotlb: fix the deadlock in swiotlb_do_find_slots (git-fixes).
- swiotlb: mark swiotlb_memblock_alloc() as __init (git-fixes).
- swiotlb: reduce the number of areas to match actual memory pool size (git-fixes).
- swiotlb: reduce the swiotlb buffer size on allocation failure (git-fixes).
- swiotlb: use the calculated number of areas (git-fixes).
- tracing / synthetic: Disable events after testing in synth_event_gen_test_init() (git-fixes).
- tracing/kprobes: Fix the description of variable length arguments (git-fixes).
- tracing/kprobes: Fix the order of argument descriptions (git-fixes).
- tracing/perf: Add interrupt_context_level() helper (git-fixes).
- tracing/synthetic: fix kernel-doc warnings (git-fixes).
- tracing: Always update snapshot buffer size (git-fixes).
- tracing: Disable preemption when using the filter buffer (bsc#1217036).
- tracing: Disable snapshot buffer when stopping instance tracers (git-fixes).
- tracing: Fix a possible race when disabling buffered events (bsc#1217036).
- tracing: Fix a warning when allocating buffered events fails (bsc#1217036).
- tracing: Fix blocked reader of snapshot buffer (git-fixes).
- tracing: Fix incomplete locking when disabling buffered events (bsc#1217036).
- tracing: Fix warning in trace_buffered_event_disable() (git-fixes, bsc#1217036).
- tracing: Have the user copy of synthetic event address use correct context (git-fixes).
- tracing: Reuse logic from perf's get_recursion_context() (git-fixes).
- tracing: Set actual size after ring buffer resize (git-fixes).
- tracing: Stop current tracer when resizing buffer (git-fixes).
- tracing: Update snapshot buffer on resize if it is allocated (git-fixes).
- tracing: Use __this_cpu_read() in trace_event_buffer_lock_reserver() (bsc#1217036).
- tracing: relax trace_event_eval_update() execution with cond_resched() (git-fixes).
- uapi: propagate __struct_group() attributes to the container union (jsc#SLE-18978).
- ubifs: Fix memory leak of bud->log_hash (git-fixes).
- ubifs: fix possible dereference after free (git-fixes).
- usb-storage: Add quirk for incorrect WP on Kingston DT Ultimate 3.0 G3 (git-fixes).
- usb: aqc111: check packet for fixup for true limit (git-fixes).
- usb: config: fix iteration issue in 'usb_get_bos_descriptor()' (git-fixes).
- usb: host: xhci-plat: fix possible kernel oops while resuming (git-fixes).
- usb: hub: Guard against accesses to uninitialized BOS descriptors (git-fixes).
- usb: typec: bus: verify partner exists in typec_altmode_attention (git-fixes).
- usb: typec: class: fix typec_altmode_put_partner to put plugs (git-fixes).
- usb: typec: ucsi: acpi: add quirk for ASUS Zenbook UM325 (git-fixes).
- virt/coco/sev-guest: Double-buffer messages (jsc#PED-7167).
- virt: coco: Add a coco/Makefile and coco/Kconfig (jsc#PED-7167).
- virt: sevguest: Add TSM_REPORTS support for SNP_GET_EXT_REPORT (jsc#PED-7167).
- virt: sevguest: Fix passing a stack buffer as a scatterlist target (jsc#PED-7167).
- virt: sevguest: Prep for kernel internal get_ext_report() (jsc#PED-7167).
- virt: tdx-guest: Add Quote generation support using TSM_REPORTS (jsc#PED-7167).
- vsprintf/kallsyms: Prevent invalid data when printing symbol (bsc#1217602).
- wifi: cfg80211: Add my certificate (git-fixes).
- wifi: cfg80211: fix certs build to not depend on file order (git-fixes).
- wifi: iwlwifi: pcie: add another missing bh-disable for rxq->lock (git-fixes).
- wifi: iwlwifi: pcie: do not synchronize IRQs from IRQ (git-fixes).
- wifi: mac80211: mesh: check element parsing succeeded (git-fixes).
- wifi: mac80211: mesh_plink: fix matches_local logic (git-fixes).
- x86/CPU/AMD: Check vendor in the AMD microcode callback (git-fixes).
- x86/alternatives: Disable KASAN in apply_alternatives() (git-fixes).
- x86/alternatives: Disable interrupts and sync when optimizing NOPs in place (git-fixes).
- x86/alternatives: Sync core before enabling interrupts (git-fixes).
- x86/boot/compressed: Handle unaccepted memory (jsc#PED-7167).
- x86/boot/compressed: Reserve more memory for page tables (git-fixes).
- x86/boot: Add an efi.h header for the decompressor (jsc#PED-7167).
- x86/boot: Centralize __pa()/__va() definitions (jsc#PED-7167).
- x86/boot: Fix incorrect startup_gdt_descr.size (git-fixes).
- x86/cpu/amd: Enable Zenbleed fix for AMD Custom APU 0405 (git-fixes).
- x86/cpu: Do not write CSTAR MSR on Intel CPUs (jsc#PED-7167).
- x86/cpu: Fix amd_check_microcode() declaration (git-fixes).
- x86/efi: Safely enable unaccepted memory in UEFI (jsc#PED-7167).
- x86/entry: Convert INT 0x80 emulation to IDTENTRY (bsc#1217927).
- x86/entry: Do not allow external 0x80 interrupts (bsc#1217927).
- x86/fpu/xstate: Prevent false-positive warning in __copy_xstate_uabi_buf() (git-fixes).
- x86/fpu: Invalidate FPU state correctly on exec() (git-fixes).
- x86/platform/uv: Use alternate source for socket to node data (bsc#1215696 bsc#1217790).
- x86/purgatory: Remove LTO flags (git-fixes).
- x86/resctrl: Fix kernel-doc warnings (git-fixes).
- x86/sev-es: Replace open-coded hlt-loop with sev_es_terminate() (jsc#PED-7167).
- x86/sev-es: Use insn_decode_mmio() for MMIO implementation (jsc#PED-7167).
- x86/sev: Add SNP-specific unaccepted memory support (jsc#PED-7167).
- x86/sev: Allow for use of the early boot GHCB for PSC requests (jsc#PED-7167).
- x86/sev: Change npages to unsigned long in snp_accept_memory() (jsc#PED-7167).
- x86/sev: Change snp_guest_issue_request()'s fw_err argument (jsc#PED-7167).
- x86/sev: Fix address space sparse warning (jsc#PED-7167).
- x86/sev: Get rid of special sev_es_enable_key (jsc#PED-7167).
- x86/sev: Mark snp_abort() noreturn (jsc#PED-7167).
- x86/sev: Put PSC struct on the stack in prep for unaccepted memory support (jsc#PED-7167).
- x86/sev: Use large PSC requests if applicable (jsc#PED-7167).
- x86/smp: Use dedicated cache-line for mwait_play_dead() (git-fixes).
- x86/srso: Add SRSO mitigation for Hygon processors (git-fixes).
- x86/srso: Fix SBPB enablement for (possible) future fixed HW (git-fixes).
- x86/srso: Fix vulnerability reporting for missing microcode (git-fixes).
- x86/tdx: Add unaccepted memory support (jsc#PED-7167).
- x86/tdx: Disable NOTIFY_ENABLES (jsc#PED-7167).
- x86/tdx: Make _tdx_hypercall() and __tdx_module_call() available in boot stub (jsc#PED-7167).
- x86/tdx: Refactor try_accept_one() (jsc#PED-7167).
- x86/tdx: Relax SEPT_VE_DISABLE check for debug TD (jsc#PED-7167).
- x86/tdx: Use ReportFatalError to report missing SEPT_VE_DISABLE (jsc#PED-7167).
- x86/tsc: Add option to force frequency recalibration with HW timer (bsc#1215885 bsc#1217217).
- x86/tsc: Be consistent about use_tsc_delay() (bsc#1215885 bsc#1217217).
- x86/tsc: Extend watchdog check exemption to 4-Sockets platform (bsc#1215885 bsc#1217217).
- x86/unwind/orc: Unwind ftrace trampolines with correct ORC entry (git-fixes).
- xfs: Rename __xfs_attr_rmtval_remove (git-fixes).
- xfs: Use kvcalloc() instead of kvzalloc() (git-fixes).
- xfs: aborting inodes on shutdown may need buffer lock (git-fixes).
- xfs: add selinux labels to whiteout inodes (git-fixes).
- xfs: clean up "%Ld/%Lu" which does not meet C standard (git-fixes).
- xfs: convert flex-array declarations in struct xfs_attrlist* (git-fixes).
- xfs: convert flex-array declarations in xfs attr leaf blocks (git-fixes).
- xfs: convert flex-array declarations in xfs attr shortform objects (git-fixes).
- xfs: decode scrub flags in ftrace output (git-fixes).
- xfs: dump log intent items that cannot be recovered due to corruption (git-fixes).
- xfs: fix a bug in the online fsck directory leaf1 bestcount check (git-fixes).
- xfs: fix agf_fllast when repairing an empty AGFL (git-fixes).
- xfs: fix incorrect unit conversion in scrub tracepoint (git-fixes).
- xfs: fix silly whitespace problems with kernel libxfs (git-fixes).
- xfs: fix uninit warning in xfs_growfs_data (git-fixes).
- xfs: fix units conversion error in xfs_bmap_del_extent_delay (git-fixes).
- xfs: make sure maxlen is still congruent with prod when rounding down (git-fixes).
- xfs: remove kmem_alloc_io() (git-fixes).
- xfs: remove the xfs_dinode_t typedef (git-fixes).
- xfs: remove the xfs_dqblk_t typedef (git-fixes).
- xfs: remove the xfs_dsb_t typedef (git-fixes).
- xfs: rename xfs_has_attr() (git-fixes).
- xfs: replace snprintf in show functions with sysfs_emit (git-fixes).
- xfs: return EINTR when a fatal signal terminates scrub (git-fixes).
- xfs: sb verifier does not handle uncached sb buffer (git-fixes).
- xfs: simplify two-level sysctl registration for xfs_table (git-fixes).
- xfs: sysfs: use default_groups in kobj_type (git-fixes).
- xfs: use swap() to make dabtree code cleaner (git-fixes).
- xhci: Clear EHB bit only at end of interrupt handler (git-fixes).
kernel-rt-5.14.21-150500.13.30.1.nosrc.rpm
True
kernel-rt-5.14.21-150500.13.30.1.x86_64.rpm
True
openSUSE-Leap-Micro-5.5-2024-285
Recommended update for libxkbcommon
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for libxkbcommon fixes the following issues:
- enable 32bit libxkbregistry0 and libxkbregistry0-devel
for use by Wine. (bsc#1218639)
libxkbcommon-1.3.0-150400.3.5.1.src.rpm
libxkbcommon0-1.3.0-150400.3.5.1.x86_64.rpm
libxkbcommon0-1.3.0-150400.3.5.1.s390x.rpm
libxkbcommon0-1.3.0-150400.3.5.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-408
Recommended update for podman
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for podman fixes the following issues:
- Update to version 4.8.3:
* Update RELEASE_NOTES.md
* update module golang.org/x/crypto [security]
* Error on HyperV VM start when gvproxy has failed to start
- Refactor network backend dependencies:
* podman requires either netavark or cni-plugins. On ALP, require
netavark, otherwise prefer netavark but don't force it.
* This fixes missing cni-plugins in some scenarios
* Default to netavark everywhere where it's available
- Update to version 4.8.2:
* Update RELEASE_NOTES.md
* Kube Play - set ReportWriter when building an image
* Fix user-mode net init flag on first time install
- Default to the new networking backend, netavark, on openSUSE (bsc#1217828)
- Update to version 4.8.1:
* Handle symlinks when checking DB vs runtime configs
* libpod: Detect whether we have a private UTS namespace on FreeBSD
* pkg/bindings: add new APIVersionError error type
* fix podman-remote exec regression with v4.8
* sqlite: fix issue in ValidateDBConfig()
* sqlite: fix missing Commit() in RemovePodContainers()
* sqlite: set busy timeout to 100s
* Fix locking error in WSL machine rm -f
* Gating test fixes
* If API calls for kube play --replace, then replace pod
* Fix wsl.conf generation when user-mode-networking is disabled
- Update to version 4.8.0:
* Bump to Buildah v1.33.2
* [CI:DOCS] Update release notes
* machine applehv: create better error on start failure
* Cirrus: Update operating branch
* rootless_tutorial: modernize
* Update to libhvee 0.5.0
* vmtypes names cannot be used as machine names
* Add support for --compat-auth-file in login/logout
* Update tests for a c/common error message change
* Update c/image and c/common to latest, c/buildah to main
* CI: test overlay and vfs
* [CI:DOCS] Add link to podman py docs
* Test fixes for debian
* pasta tests: remove some skips
* VM images: bump to 2023-11-16
* fix(deps): update module k8s.io/kubernetes to v1.28.4 [security]
* [CI:DOCS] Machine test timeout env var
* Quadlet - add support for UID and GID Mapping
* Quadlet - Allow using symlink on the base search paths
* [skip-ci] Update dessant/lock-threads action to v5
* Avoid empty SSH keys on applehv
* qemu,parseUSB: minor refactor
* fix(deps): update module github.com/gorilla/handlers to v1.5.2
* docs: fix relabeling command
* Pass secrets from the host down to internal podman containers
* (Temporary) Emergency CI fix: quay search is broken
* Update podman-stats.1.md.in
* [CI:BUILD] packit: handle builds for RC releases
* Quadlet test - add case for multi = sign in mount
* set RLIMIT_NOFILE soft limit to match the hard limit on mac
* rootless: use functionalities from c/storage
* CI: e2e: fix a smattering of test bugs that slipped in
* fix(deps): update module github.com/onsi/ginkgo/v2 to v2.13.1
* vendor: update c/storage
* Improve the documentation of quadlet
* Fix socket mapping socket mapping nits
* fix(deps): update module golang.org/x/tools to v0.15.0
* fix(deps): update github.com/containers/libhvee digest to 9651e31
* [skip-ci] Update github/issue-labeler action to v3.3
* Document --userns=auto behaviour for rootless users
* machine: qemu: add usb host passthrough
* fix(deps): update module golang.org/x/net to v0.18.0
* fix(deps): update module github.com/onsi/gomega to v1.30.0
* Refactor Ignition configuration for virt providers
* [CI:BUILD] rpm: disable GOPROXY
* Automatic code cleanups [JetBrains]
* Refactor key machine objects
* systests: add [NNN] prefix in logs, NNN = filename
* systests: add a last-minute check for db backend
* applehv: allow virtiofs to mount to root
* Run codespell on podman
* update completion scripts for cobra v1.8.0
* Fix man page display of podman-kube-generate
* Try to fix the broken formatting of man podman-kube-apply(1).
* fix(deps): update module golang.org/x/text to v0.14.0
* docs: make CNI removal explicit
* fix(deps): update module github.com/gorilla/mux to v1.8.1
* fix(deps): update module github.com/spf13/cobra to v1.8.0
* fix(deps): update module golang.org/x/sync to v0.5.0
* fix(deps): update module github.com/mattn/go-sqlite3 to v1.14.18
* Podman push --help should reveal default compression
* Update container-device-interface (CDI) to v0.6.2
* fix: adjust helper string in machine_common
* fix: adjust helper string in machine_common
* remote,test: remove .dockerignore which is a symlink
* [CI:DOCS] Update dependency golangci/golangci-lint to v1.55.2
* fix: adjust helper string in machine_common
* vendor: update github.com/coreos/go-systemd/v22 to latest main
* CI: default to sqlite
* vendor: update c/common
* check system connections before machine init
* Consume OCI images for machine image
* freebsd: drop dead code
* libpod: make removePodCgroup linux specific
* containers: drop special handling for ErrCgroupV1Rootless
* compose: fix compose provider debug message
* image: replace GetStoreImage with ResolveReference
* vendor: bump c/image to 373c52a9466f
* Refactor machine socket mapping
* AppleHV: Fix machine rm error message
* Add status messages to podman --remote commit
* End-of-Life policy for github issues
* fix(deps): update module github.com/shirou/gopsutil/v3 to v3.23.10
* Support passing of Ulimits as -1 to mean max
* fix(deps): update github.com/docker/go-connections digest to 0b8c1f4
* fix(deps): update github.com/crc-org/vfkit digest to f3c783d
* Log gvproxy and server9 to file on log-level=debug
* Change to using gopsutil for cross-OS process ops
* Initial addition of 9p code to Podman
* libpod: fix /etc/hostname with --uts=host
* systests: stty test: retry once on flake
* systests: pasta: avoid hangs
* Fix secrets scanning GHA Workflow
* [skip-ci] Update dawidd6/action-send-mail action to v3.9.0
* docs: clarify systemd cgroup mount
* podman build --remote URI Dockerfile shoud not be treated as file
* Small fixes for wacko CI environments
* Do not add powercap mask if no paths are masked
* compose: try all possible providers before throwing an error
* podman kube play --replace should force removal of pods and containers
* Sort kube options alphabetically
* container.conf: support attributed string slices
* CI: podman farm tests cleanup
* Mask /sys/devices/virtual/powercap
* Update module github.com/google/uuid to v1.4.0
* fix(deps): update module github.com/docker/docker to v24.0.7+incompatible
* fix(deps): update module go.etcd.io/bbolt to v1.3.8
* CI: systest: safer random_rfc1918_subnet
* CI: e2e: safer GetPort()
* Fix broken code block markup in Introduction.rst
* chore(deps): update module google.golang.org/grpc to v1.57.1 [security]
* chore: remove npipe const and use vmtype const for checking
* Update module github.com/onsi/gomega to v1.29.0
* CI: try to fix more networking flakes
* fix: check wsl npipe when executing podman compose
* [CI:DOCS] Update dependency golangci/golangci-lint to v1.55.1
* Quadlet - explicit support for read-only-tmpfs
* compat API: fix image-prune --all
* Makefile - allow more control over Ginkgo parameters
* Add e2e tests for farm build
* vendor c/{buildah,common}: appendable containers.conf strings, Part 1
* Add podman farm build command
* Add emulation package
* Use buildah default isolation when working with podman play kube
* docs(API): Fix compat network (dis-)connect
* test/e2e: do not import buildah
* pkg/specgen: remove config_unsupported.go
* pkg/parallel/ctr: add !remote tag
* pkg/domain/filters: add !remote tag
* pkg/ps: add !remote tag
* pkg/systemd/generate: add !remote tag
* libpod: add !remote tag
* pkg/autoupdate: add !remote tag
* vendor latest c/common
* libpod: remove build support non linux/freebsd
* Fix typo
* test/apiv2: adapt apiv2 test on cgroups v1 environment
* ginkgo setup: retry cache pulls
* Support size option when creating tmpfs volumes
* not mounted layers should be reported as info not error
* CI: stop using registry.k8s.io
* fix(deps): update module github.com/vbatts/git-validation to v1.2.1
* test fixes for c/common tag chnages
* vendor latest c/common
* hyperV: Update lastUp time
* [CI:DOCS] Update dependency golangci/golangci-lint to v1.55.0
* lint: disable testifylint
* lint: fix warnings found by perfsprint
* lint: fix warnings found by inamedparam
* lint: fix warnings found by protogetter
* libpod: skip DBUS_SESSION_BUS_ADDRESS in conmon
* Use node hostname in kube play when hostNetwork=true
* cirrus setup: special-case perl unicode
* network: document ports and macvlan interaction
* quadlet: document cgroupv2 requirement
* [skip-ci] Update actions/checkout digest to b4ffde6
* Revert "Emergency workaround for CI breakage"
* remote: exec: do not leak session IDs on errors
* fix(deps): update github.com/containers/storage digest to 79aa304
* fix(deps): update module k8s.io/kubernetes to v1.28.3
* System tests: fix broken silence127
* Add TERM iff TERM not defined in container when podman exec -t
* Emergency workaround for CI breakage
* Kill gvproxy when machine rm -f
* Fix path for omvf vars on Darwin/arm64
* Allow systemd specifiers in User and Group Quadlet keys
* libpod: rename confusing import name
* use FindInitBinary() for init binary
* vendor latest c/common
* exec: do not leak session IDs on errors
* systests: cp test: lots of cleanup
* Define better error message for container name conflicts with external storage.
* Quadlet - support ImageName for .image files
* test/system: ignore 127 if it is the expected rc
* test/apiv2/20-containers.at: fix NanoCPUs tests on cgroups v1
* image history: fix walking layers
* fix(api): Ensure compatibality for network connect
* [CI:DOCS] Add cross-build target info.
* machine set: document --rootful better
* libpod: restart+userns cleanup netns correctly
* Minor log and doc fixes
* Quadlet man page - discuss volume removal explicitly
* Quadlet - add support for KubeDownForce
* System Test - Quadlet kube oneshot
* Fix output of podman --remote top
* buildah-bud: test relative TMPDIR
* Fix handling of --read-only-tmpfs flag
* Vendor common and buildah main
* remote,build: wire unsetlabels
* test: build with TMPDIR as relative
* docs: add unsetlabel
* vendor: bump buildah to v1.32.1-0.20231012130144-244170240d85
* fix(deps): update module github.com/vbauerster/mpb/v8 to v8.6.2
* fix: pull error response docker rest api compatibility
* Show client info even if remote connection fails
* fix(deps): update github.com/containers/libhvee digest to e51be96
* Run codespell
* SetLock for all virt providers
* Machine: Teardown on init failure
* healthcheck: make sure to always show health_status events
* Apply suggestions from code review
* [CI:DOCS]rtd: implement v2 build file
* Quadlet - support oneshot .kube files
* libpod: fix deadlock while parallel container create
* fix(deps): update module golang.org/x/net to v0.17.0
* api: add `compatMode` paramenter to libpod's pull endpoint
* api: break out compat image pull
* fix(deps): update module github.com/cpuguy83/go-md2man/v2 to v2.0.3
* use sqlite as default database
* vendor latest c/common
* fix(deps): update module github.com/nxadm/tail to v1.4.11
* Check for image with /libpod/containers/create
* container: always check if mountpoint is mounted
* fix(deps): update module github.com/onsi/ginkgo/v2 to v2.13.0
* vendor: update c/storage
* api: drop debug statement
* Quadlet - add support for global arguments
* Add system test
* fix(deps): update module golang.org/x/tools to v0.14.0
* Don't ignore containerfiles outside of build context
* fix(deps): update github.com/containers/libhvee digest to fcf1cc2
* fix(deps): update module golang.org/x/term to v0.13.0
* Update module golang.org/x/sys to v0.13.0
* [CI:DOCS] Add updating version on podman.io to release process
* containers.conf: add `privileged` field to containers table
* Implement secrets/credential scanning
* Cirrus: Execute Windows podman-machine e2e tests
* vendor: bump c/storage
* Update module golang.org/x/sync to v0.4.0
* [CI:DOCS] update swagger version on docs.podman.io
* Create Qemu command wrapper
* Adjust to path name change for resolved unit
* Revert "Fix WSL systemd detection"
* [CI:BUILD] rpm/copr: gvforwarder recommends for RHEL
* [CI:DOCS] update kube play delete endpoint docs
* [CI:DOCS] Remove dead link from README
* test/system: --env-file test fixes
* Revert "feat(env): support multiline in env-file"
* Revert "docs(env-file): improve document description"
* Revert "fix(env): parsing --env incorrect in cli"
* Filter health_check and exec events for logging in console
* inspect: ignore ENOENT during device lookup
* test, manifest: test push retry
* Fix locale issues with WSL version detection
* vendor: update module github.com/docker/distribution to v2.8.3+incompatible
* vendor: bump c/common to v0.56.1-0.20231002091908-745eaa498509
* Update github.com/containers/libhvee digest to e9b1811
* windows: Use prebuilt gvproxy/win-sshproxy binaries
* Volume create - fast exit when ignore is set and volume exists
* Update golang.org/x/exp digest to 9212866
* Update github.com/opencontainers/runtime-spec digest to c0e9043
* remove selinux tag as not needed anymore
* [skip-ci] Improve podmansh(1)
* Build applehv for Intel Macs
* Revert "GHA Workflow: Faster discussion-locking"
* update vfkit vendored code
* Add DefaultMode to kube play
* Fix broken podman images filters
* Remove `c.ExtraFiles` line in machine
* podman: run --replace prints only the new container id
* New machines should show Never as LastUp
* podman machine: disable zincati update service
* Revert "cirrus setup: install en_US.UTF-8 locale"
* Cirrus: CI VM images w/ newer automation-library
* CI VMs: bump to f39 + f38
* [CI:DOCS] Update podman load doc
* Update mac installer to latest gvproxy release
* Fix WSL systemd detection
* Add documentation for the vrf option on netavark
* fix(deps): update github.com/containers/common digest to 9342cdd
* fix: typos in links, path and code example
* e2e: ExitCleanly(): manual special cases
* e2e: ExitCleanly(): the final fron^Wcommit
* [CI:DOCS] Add win-sshproxy target to winmake
* wsl: enable machine init tests
* Update docs/source/markdown/options/rdt-class.md
* move IntelRdtClosID to HostConfig
* use default when user does not provide rdt-class
* Add documentation for Intel RDT support
* Add test for Intel RDT support
* Add Intel RDT support
* [CI:DOCS] Fix podman form update --help examples
* Quadlet container mount - support non key=val options
* test/e2e: default to netavark
* [skip-ci] Update dawidd6/action-send-mail action to v3.9.0
* fix(deps): update module github.com/containers/gvisor-tap-vsock to v0.7.1
* fix(deps): update github.com/containers/common digest to 4619314
* applehv: enable machine tests for start
* applehv: machine tests for stop and rm
* Update machine tests README
* Add podman socket info to machine inspect
* Fix podman machine info test for hyperV
* libpod: pass entire environment to conmon
* e2e: ExitCleanly(): manual fixes to get tests working
* e2e: ExitCleanly(): a few more
* FCOS+podman-next: correct GHA conditional syntax
* pkg/machine/e2e: wsl stop
* wsl: machine tests for inspect
* wsl: machine tests for ssh
* fix(deps): update github.com/containers/common digest to e18cda8
* wsl: machine start test
* wsl machine tests: set
* wsl: machine tests
* Skip proxy test for hyperV
* Enable machine e2e test for applehv
* hyperV: Respect rootful option on machine init
* [CI:BUILD] FCOS image: enable nightly build
* e2e: use safe fedora-minimal image
* hyperv: machine e2e tests for set command
* podman build: correct default pull policy
* fix handling of static/volume dir
* unbreak CI: useradd not found
* hyperv: set more realistic starting state
* hyperv: use StopWithForce with remove
* Fix all ports exposed by kube play
* Fix setting timezone on HyperV
* fix(deps): update github.com/containers/gvisor-tap-vsock digest to 97028a6
* Fix farm update to check for connections
* Adjust machine CPU tests
* Bump version on main
* [CI:BUILD] Packit: show SHORT_SHA in `podman --version` for COPR builds
* Vendor c/common
* pod rm: do not log error if anonymous volume is still used
* e2e: ExitCleanly(): manual fixes to get tests passing
* e2e: ExitCleanly(): a few more
* fixes for pkg/machine/e2e on hyperv
* test: fix rootless propagation test
* [CI:BUILD] packit: tag @containers/packit-build team on copr build failures
* Enable disk resizing for applehv
* Various updates for hyperv and machine e2e tests
* test: update fedoraMinimal version
* specgen, rootless: fix mount of cgroup without a netns
* Automatically remove anonymous volumes when removing a container
* Use ActiveServiceDestination in ssh remoteConnectionUsername
* fix(deps): update github.com/containers/gvisor-tap-vsock digest to 9298405
* e2e: ExitCleanly(): generate_kube_test.go
* e2e: generate kube -> kube generate
* e2e: ExitCleanly(): generate_kube_test.go
* windows cannot "do" extra files
* e2e: ExitCleanly(): Fixes for breaking tests
* play kube -> kube play
* e2e: ExitCleanly(): play_kube_test.go
* introduce pkg/strongunits
* Makefile equiv Powershell script
* pass --syslog to the cleanup process
* vendor of containers/common
* fix --authfile auto-update test
* compat API: speed up network list
* Change priority for cli-flags for remotely operating Podman
* libpod: remove unused ContainerState() fucntion
* [CI:BUILD] Packit: Enable failure notifications for cockpit tests
* e2e: ExitCleanly(): more low-hanging fruit
* e2e: ExitCleanly(): more low-hanging fruit
* fix(deps): update module github.com/onsi/ginkgo/v2 to v2.12.1
* Enable machine e2e tests for WSL
* systests: tighter checks for unwanted warnings
* GHA Workflow: Faster discussion-locking
* [CI:BUILD] FCOS + podman-next image: pull in wasm
* [CI:BUILD] rpm: remove gvproxy subpackage
* [CI:DOCS] Tweak podman to Podman in a few farm man pages
* Docs on sig-proxy are wrong, we support TTY
* e2e: ExitCleanly(): low-hanging fruit, part 2
* e2e: ExitCleanly(): low-hanging fruit, part 1
* Buildtag out unix commands for common OS files
* systests: clean up after tests; fix missing path in logs
* [CI:BUILD] followup PR for fcos with podman-next
* Implement gvproxy networking using cmdline wrapper
* fix, test: rmi should work with images w/o layers
* vendor: bump c/common to v0.56.1-0.20230919073449-d1d9d38d8282
* Quadlet Image test - rearrange test function
* e2e: continuing ExitCleanly() work: manual tweaks
* e2e: continuing ExitCleanly() work
* [CI:DOCS] Improve podman-tag man page
* [CI:DOCS] Improve podman-build man page
* [CI:DOCS] Include precheck to release process
* [CI:DOCS] consistentize filter options in man pages
* Quadlet - add support for .image units
* --env-host: use default from containers.conf
* error when --module is specified on the command level
* man page crossrefs: add --filter autocompletes
* Fix specification of unix:///run
* Add label! filter and tests to containers and pods
* Add test for legacy address without two slashes
* Use url with scheme and path for the unix address
- Use crun only on selected archs
podman-4.8.3-150500.3.6.1.src.rpm
podman-4.8.3-150500.3.6.1.x86_64.rpm
podman-docker-4.8.3-150500.3.6.1.noarch.rpm
podman-remote-4.8.3-150500.3.6.1.x86_64.rpm
podmansh-4.8.3-150500.3.6.1.x86_64.rpm
podman-4.8.3-150500.3.6.1.s390x.rpm
podman-remote-4.8.3-150500.3.6.1.s390x.rpm
podmansh-4.8.3-150500.3.6.1.s390x.rpm
podman-4.8.3-150500.3.6.1.ppc64le.rpm
podman-remote-4.8.3-150500.3.6.1.ppc64le.rpm
podmansh-4.8.3-150500.3.6.1.ppc64le.rpm
podman-4.8.3-150500.3.6.1.aarch64.rpm
podman-remote-4.8.3-150500.3.6.1.aarch64.rpm
podmansh-4.8.3-150500.3.6.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-627
Recommended update for open-lldp
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for open-lldp fixes the following issues:
- open-lldp was updated to version v1.1+77.75e83b6fb98e:
* Fixed issue with `lldpad.service` failing in login/sched nodes (bsc#1212749)
* Fixed various NULL pointer dereference issues
* dcbx: Fixed memory vulnerability (UAF)
* dcbx: Fixed leak when receiving legacy TLVs with mismatched mode
* lldp: Reject frames with duplicate TLVs
* dcbx: Free manifest in rchange callback
* dcbx: Avoid memory leak if ifup is called twice
* ctrl_iface: Fixed a memory leak in ctrl_iface_deinit
* lldp: Avoid sending uninitialized data
* Reverted "Use interface index instead of name in libconfig"
* agent: Reset frame status on message delete
* basman: Use return address when pulling address
* 8021Qaz: Check for rx block validity
* 8021qaz: Fixed squelch initialization errors
* macvtap: Fixed error condition
* vdp22: converted command parsing to null term
* vdp22: convert command parsing to null term
liblldp_clif1-1.1+77.75e83b6-150500.3.3.1.x86_64.rpm
open-lldp-1.1+77.75e83b6-150500.3.3.1.src.rpm
open-lldp-1.1+77.75e83b6-150500.3.3.1.x86_64.rpm
liblldp_clif1-1.1+77.75e83b6-150500.3.3.1.s390x.rpm
open-lldp-1.1+77.75e83b6-150500.3.3.1.s390x.rpm
liblldp_clif1-1.1+77.75e83b6-150500.3.3.1.aarch64.rpm
open-lldp-1.1+77.75e83b6-150500.3.3.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-183
Security update for bluez
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for bluez fixes the following issues:
- CVE-2023-50229: Fixed an out of bounds write in the primary version
counter for the Phone Book Access Profile implementation
(bsc#1218300).
- CVE-2023-50230: Fixed an out of bounds write in the secondary
version counter for the Phone Book Access Profile implementation
(bsc#1218301).
bluez-5.65-150500.3.6.1.src.rpm
libbluetooth3-5.65-150500.3.6.1.x86_64.rpm
libbluetooth3-5.65-150500.3.6.1.s390x.rpm
libbluetooth3-5.65-150500.3.6.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-149
Recommended update for selinux-policy
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for selinux-policy fixes the following issues:
- Allow rebootmgr to read the system state (bsc#1205931)
- Allow keepalived_t read+write kernel_t pipes (bsc#1216060)
selinux-policy-20230511+git13.edb03d70-150500.3.12.1.noarch.rpm
selinux-policy-20230511+git13.edb03d70-150500.3.12.1.src.rpm
selinux-policy-devel-20230511+git13.edb03d70-150500.3.12.1.noarch.rpm
selinux-policy-targeted-20230511+git13.edb03d70-150500.3.12.1.noarch.rpm
openSUSE-Leap-Micro-5.5-2024-458
Recommended update for hwdata
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for hwdata fixes the following issues:
- Update to version 0.378
- Update pci, usb and vendor ids
hwdata-0.378-150000.3.65.1.noarch.rpm
hwdata-0.378-150000.3.65.1.src.rpm
openSUSE-Leap-Micro-5.5-2024-187
Recommended update for python-chardet
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for python-chardet fixes the following issues:
- Fix update-alternative in %postun (bsc#1218765)
python-chardet-3.0.4-150000.5.3.1.src.rpm
python3-chardet-3.0.4-150000.5.3.1.noarch.rpm
openSUSE-Leap-Micro-5.5-2024-534
Recommended update for supportutils-plugin-suse-public-cloud
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for supportutils-plugin-suse-public-cloud fixes the following issues:
- Update to version 1.0.9 (bsc#1218762, bsc#1218763)
- Remove duplicate data collection for the plugin itself
- Collect archive metering data when available
- Query billing flavor status
supportutils-plugin-suse-public-cloud-1.0.9-150000.3.20.1.noarch.rpm
supportutils-plugin-suse-public-cloud-1.0.9-150000.3.20.1.src.rpm
openSUSE-Leap-Micro-5.5-2024-638
Security update for gnutls
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for gnutls fixes the following issues:
- CVE-2024-0567: Fixed an incorrect rejection of certificate chains
with distributed trust (bsc#1218862).
- CVE-2024-0553: Fixed a timing attack against the RSA-PSK key
exchange, which could lead to the leakage of sensitive data
(bsc#1218865).
gnutls-3.7.3-150400.4.41.3.src.rpm
gnutls-3.7.3-150400.4.41.3.x86_64.rpm
libgnutls30-3.7.3-150400.4.41.3.x86_64.rpm
libgnutls30-hmac-3.7.3-150400.4.41.3.x86_64.rpm
gnutls-3.7.3-150400.4.41.3.s390x.rpm
libgnutls30-3.7.3-150400.4.41.3.s390x.rpm
libgnutls30-hmac-3.7.3-150400.4.41.3.s390x.rpm
gnutls-3.7.3-150400.4.41.3.aarch64.rpm
libgnutls30-3.7.3-150400.4.41.3.aarch64.rpm
libgnutls30-hmac-3.7.3-150400.4.41.3.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-295
Security update for runc
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for runc fixes the following issues:
Update to runc v1.1.11:
- CVE-2024-21626: Fixed container breakout. (bsc#1218894)
runc-1.1.11-150000.58.1.src.rpm
runc-1.1.11-150000.58.1.x86_64.rpm
runc-1.1.11-150000.58.1.s390x.rpm
runc-1.1.11-150000.58.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-173
Recommended update for suseconnect-ng
critical
SUSE Updates openSUSE-Leap-Micro 5.5
This update for suseconnect-ng contains the following fix:
- Update to version 1.6.0:
* Disable EULA display for addons. (bsc#1218649 and bsc#1217961)
suseconnect-ng-1.6.0~git0.31371c8-150500.3.12.1.src.rpm
suseconnect-ng-1.6.0~git0.31371c8-150500.3.12.1.x86_64.rpm
suseconnect-ng-1.6.0~git0.31371c8-150500.3.12.1.s390x.rpm
suseconnect-ng-1.6.0~git0.31371c8-150500.3.12.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-457
Recommended update for python-kiwi
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for python-kiwi fixes the following issues:
- Fix overwrite of kiwi_oemunattended: ensure that the overwrite happens in the early initialize
method which provides the environment for all code running in the dracut module
- Allow install disk overwrite from cmdline (jsc#PED-7180): add rd.kiwi.oem.installdevice=DEVICE,
which configures the disk device that should be used in an OEM installation
dracut-kiwi-lib-9.24.43-150100.3.68.1.x86_64.rpm
dracut-kiwi-oem-dump-9.24.43-150100.3.68.1.x86_64.rpm
dracut-kiwi-oem-repart-9.24.43-150100.3.68.1.x86_64.rpm
python-kiwi-9.24.43-150100.3.68.1.src.rpm
dracut-kiwi-lib-9.24.43-150100.3.68.1.s390x.rpm
dracut-kiwi-oem-dump-9.24.43-150100.3.68.1.s390x.rpm
dracut-kiwi-oem-repart-9.24.43-150100.3.68.1.s390x.rpm
dracut-kiwi-lib-9.24.43-150100.3.68.1.aarch64.rpm
dracut-kiwi-oem-dump-9.24.43-150100.3.68.1.aarch64.rpm
dracut-kiwi-oem-repart-9.24.43-150100.3.68.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-870
Security update for glibc
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for glibc fixes the following issues:
Security issues fixed:
- qsort: harden handling of degenerated / non transient compare function (bsc#1218866)
Other issues fixed:
- getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163)
- aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113)
glibc-2.31-150300.68.1.src.rpm
glibc-2.31-150300.68.1.x86_64.rpm
glibc-devel-2.31-150300.68.1.x86_64.rpm
glibc-locale-2.31-150300.68.1.x86_64.rpm
glibc-locale-base-2.31-150300.68.1.x86_64.rpm
glibc-2.31-150300.68.1.s390x.rpm
glibc-devel-2.31-150300.68.1.s390x.rpm
glibc-locale-2.31-150300.68.1.s390x.rpm
glibc-locale-base-2.31-150300.68.1.s390x.rpm
glibc-2.31-150300.68.1.aarch64.rpm
glibc-devel-2.31-150300.68.1.aarch64.rpm
glibc-locale-2.31-150300.68.1.aarch64.rpm
glibc-locale-base-2.31-150300.68.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-244
Recommended update for util-linux
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for util-linux fixes the following issues:
- Fix performance degradation (bsc#1207987)
libblkid1-2.37.4-150500.9.3.1.x86_64.rpm
libfdisk1-2.37.4-150500.9.3.1.x86_64.rpm
libmount1-2.37.4-150500.9.3.1.x86_64.rpm
libsmartcols1-2.37.4-150500.9.3.1.x86_64.rpm
libuuid1-2.37.4-150500.9.3.1.x86_64.rpm
util-linux-2.37.4-150500.9.3.1.src.rpm
util-linux-2.37.4-150500.9.3.1.x86_64.rpm
util-linux-systemd-2.37.4-150500.9.3.1.src.rpm
util-linux-systemd-2.37.4-150500.9.3.1.x86_64.rpm
libblkid1-2.37.4-150500.9.3.1.s390x.rpm
libfdisk1-2.37.4-150500.9.3.1.s390x.rpm
libmount1-2.37.4-150500.9.3.1.s390x.rpm
libsmartcols1-2.37.4-150500.9.3.1.s390x.rpm
libuuid1-2.37.4-150500.9.3.1.s390x.rpm
util-linux-2.37.4-150500.9.3.1.s390x.rpm
util-linux-systemd-2.37.4-150500.9.3.1.s390x.rpm
libblkid1-2.37.4-150500.9.3.1.aarch64.rpm
libfdisk1-2.37.4-150500.9.3.1.aarch64.rpm
libmount1-2.37.4-150500.9.3.1.aarch64.rpm
libsmartcols1-2.37.4-150500.9.3.1.aarch64.rpm
libuuid1-2.37.4-150500.9.3.1.aarch64.rpm
util-linux-2.37.4-150500.9.3.1.aarch64.rpm
util-linux-systemd-2.37.4-150500.9.3.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-266
Security update for xen
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for xen fixes the following issues:
- CVE-2023-46839: Fixed phantom functions assigned to incorrect contexts (XSA-449) (bsc#1218851)
- CVE-2023-46840: Fixed VT-d: Failure to quarantine devices in !HVM builds (XSA-450) (bsc#1219080)
xen-4.17.3_04-150500.3.21.1.src.rpm
True
xen-libs-4.17.3_04-150500.3.21.1.x86_64.rpm
True
openSUSE-Leap-Micro-5.5-2024-772
Security update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed fixes the following issues:
Update to 550.54.14:
* Added vGPU Host and vGPU Guest support. For vGPU Host, please
refer to the README.vgpu packaged in the vGPU Host Package for
more details.
Security issues fixed:
* CVE-2024-0074: A user could trigger a NULL ptr dereference.
* CVE-2024-0075: A user could overwrite the end of a buffer, leading to crashes or code execution.
* CVE-2022-42265: A unprivileged user could trigger an integer overflow which could lead to crashes or code execution.
- create /run/udev/static_node-tags/uaccess/nvidia${devid} symlinks
also during modprobing the nvidia module; this changes the issue
of not having access to /dev/nvidia${devid}, when gfxcard has
been replaced by a different gfx card after installing the driver
- provide nvidia-open-driver-G06-kmp (jsc#PED-7117)
This makes it easy to replace the package from nVidia's
CUDA repository with this presigned package
kernel-firmware-nvidia-gspx-G06-550.54.14-150500.11.18.1.nosrc.rpm
kernel-firmware-nvidia-gspx-G06-550.54.14-150500.11.18.1.x86_64.rpm
nvidia-open-driver-G06-signed-550.54.14-150500.3.36.1.src.rpm
nvidia-open-driver-G06-signed-kmp-default-550.54.14_k5.14.21_150500.55.49-150500.3.36.1.x86_64.rpm
kernel-firmware-nvidia-gspx-G06-550.54.14-150500.11.18.1.aarch64.rpm
nvidia-open-driver-G06-signed-kmp-default-550.54.14_k5.14.21_150500.55.49-150500.3.36.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-322
Recommended update for aaa_base
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for aaa_base fixes the following issues:
- Set JAVA_HOME correctly (bsc#1107342, bsc#1215434)
aaa_base-84.87+git20180409.04c9dae-150300.10.9.1.src.rpm
aaa_base-84.87+git20180409.04c9dae-150300.10.9.1.x86_64.rpm
aaa_base-84.87+git20180409.04c9dae-150300.10.9.1.s390x.rpm
aaa_base-84.87+git20180409.04c9dae-150300.10.9.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-510
Security update for salt
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for salt fixes the following issues:
Security issues fixed:
- CVE-2024-22231: Prevent directory traversal when creating syndic cache directory
on the master (bsc#1219430)
- CVE-2024-22232: Prevent directory traversal attacks in the master's serve_file
method (bsc#1219431)
Bugs fixed:
- Ensure that pillar refresh loads beacons from pillar without restart
- Fix the aptpkg.py unit test failure
- Prefer unittest.mock to python-mock in test suite
- Enable "KeepAlive" probes for Salt SSH executions (bsc#1211649)
- Revert changes to set Salt configured user early in the stack (bsc#1216284)
- Align behavior of some modules when using salt-call via symlink (bsc#1215963)
- Fix gitfs "__env__" and improve cache cleaning (bsc#1193948)
- Remove python-boto dependency for the python3-salt-testsuite package for Tumbleweed
python3-salt-3006.0-150500.4.29.1.x86_64.rpm
True
salt-3006.0-150500.4.29.1.src.rpm
True
salt-3006.0-150500.4.29.1.x86_64.rpm
True
salt-minion-3006.0-150500.4.29.1.x86_64.rpm
True
salt-transactional-update-3006.0-150500.4.29.1.x86_64.rpm
True
python3-salt-3006.0-150500.4.29.1.s390x.rpm
True
salt-3006.0-150500.4.29.1.s390x.rpm
True
salt-minion-3006.0-150500.4.29.1.s390x.rpm
True
salt-transactional-update-3006.0-150500.4.29.1.s390x.rpm
True
python3-salt-3006.0-150500.4.29.1.aarch64.rpm
True
salt-3006.0-150500.4.29.1.aarch64.rpm
True
salt-minion-3006.0-150500.4.29.1.aarch64.rpm
True
salt-transactional-update-3006.0-150500.4.29.1.aarch64.rpm
True
openSUSE-Leap-Micro-5.5-2024-583
Recommended update for python3-azuremetadata
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for python3-azuremetadata fixes the following issues:
- Fix empty list attributes (bsc#1218760)
python3-azuremetadata-5.1.6-150000.1.26.1.noarch.rpm
python3-azuremetadata-5.1.6-150000.1.26.1.src.rpm
openSUSE-Leap-Micro-5.5-2024-588
Recommended update for kdump
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for kdump fixes the following issues:
- dracut: always create fstab, even if empty (bsc#1218494)
- fix NOSPLIT option
- Honor the KDUMP_VERBOSE setting in kdump-save
kdump-1.0.2+git45.g7e4faf4-150500.3.3.1.src.rpm
kdump-1.0.2+git45.g7e4faf4-150500.3.3.1.x86_64.rpm
kdump-1.0.2+git45.g7e4faf4-150500.3.3.1.s390x.rpm
kdump-1.0.2+git45.g7e4faf4-150500.3.3.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-630
Recommended update for cloud-netconfig
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for cloud-netconfig fixes the following issues:
- Drop cloud-netconfig-nm sub package and include NM dispatcher script in main packages (bsc#1219007)
- Drop package dependency on sysconfig-netconfig
- Improve log level handling
- Support IPv6 IMDS endpoint in EC2 (bsc#1218069)
cloud-netconfig-azure-1.10-150000.25.14.1.noarch.rpm
cloud-netconfig-azure-1.10-150000.25.14.1.src.rpm
cloud-netconfig-ec2-1.10-150000.25.14.1.noarch.rpm
cloud-netconfig-ec2-1.10-150000.25.14.1.src.rpm
cloud-netconfig-gce-1.10-150000.25.14.1.noarch.rpm
cloud-netconfig-gce-1.10-150000.25.14.1.src.rpm
openSUSE-Leap-Micro-5.5-2024-424
Recommended update for python3-M2Crypto
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for python3-M2Crypto fixes the following issues:
- Packaging changes (bsc#1217782, bsc#1212757)
- Set OpenSSL 3.0 as the default openssl in Tumbleweed (bsc#1205042)
python3-M2Crypto-0.38.0-150400.10.1.src.rpm
python3-M2Crypto-0.38.0-150400.10.1.x86_64.rpm
python3-M2Crypto-0.38.0-150400.10.1.s390x.rpm
python3-M2Crypto-0.38.0-150400.10.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-258
Recommended update for cloud-regionsrv-client
critical
SUSE Updates openSUSE-Leap-Micro 5.5
This update for cloud-regionsrv-client contains the following fixes:
- Update EC2 plugin to 1.0.4. (bsc#1219156, bsc#1219159)
+ Fix the algorithm to determine the region from the availability zone
information retrieved from IMDS.
- Update to version 10.1.6
+ Support specifying an IPv6 address for a manually configured target
update server.
cloud-regionsrv-client-10.1.6-150000.6.105.1.noarch.rpm
cloud-regionsrv-client-10.1.6-150000.6.105.1.src.rpm
cloud-regionsrv-client-addon-azure-1.0.5-150000.6.105.1.noarch.rpm
cloud-regionsrv-client-generic-config-1.0.0-150000.6.105.1.noarch.rpm
cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.105.1.noarch.rpm
cloud-regionsrv-client-plugin-ec2-1.0.4-150000.6.105.1.noarch.rpm
cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.105.1.noarch.rpm
openSUSE-Leap-Micro-5.5-2024-594
Security update for tiff
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for tiff fixes the following issues:
- CVE-2023-52356: Fixed segfault in TIFFReadRGBATileExt() (bsc#1219213).
libtiff5-4.0.9-150000.45.38.1.x86_64.rpm
tiff-4.0.9-150000.45.38.1.src.rpm
libtiff5-4.0.9-150000.45.38.1.s390x.rpm
libtiff5-4.0.9-150000.45.38.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-480
Recommended update for libsolv
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for libsolv, libzypp fixes the following issues:
- build for multiple python versions [jsc#PED-6218]
- applydeltaprm: Create target directory if it does not exist (bsc#1219442)
- Fix problems with EINTR in ExternalDataSource::getline (bsc#1215698)
- CheckAccessDeleted: fix running_in_container detection (bsc#1218782)
- Detect CURLOPT_REDIR_PROTOCOLS_STR availability at runtime (bsc#1218831)
libsolv-0.7.28-150400.3.16.2.src.rpm
True
libsolv-tools-0.7.28-150400.3.16.2.x86_64.rpm
True
libzypp-17.31.31-150400.3.52.2.src.rpm
True
libzypp-17.31.31-150400.3.52.2.x86_64.rpm
True
libsolv-tools-0.7.28-150400.3.16.2.s390x.rpm
True
libzypp-17.31.31-150400.3.52.2.s390x.rpm
True
libsolv-tools-0.7.28-150400.3.16.2.aarch64.rpm
True
libzypp-17.31.31-150400.3.52.2.aarch64.rpm
True
openSUSE-Leap-Micro-5.5-2024-792
Recommended update for timezone
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for timezone fixes the following issues:
- Update to version 2024a
- Kazakhstan unifies on UTC+5
- Palestine springs forward a week later than previously predicted in 2024 and 2025
- Asia/Ho_Chi_Minh's 1955-07-01 transition occurred at 01:00 not 00:00
- From 1947 through 1949, Toronto's transitions occurred at 02:00 not 00:00
- In 1911 Miquelon adopted standard time on June 15, not May 15
- The FROM and TO columns of Rule lines can no longer be "minimum"
- localtime no longer mishandle some timestamps
- strftime %s now uses tm_gmtoff if available
- Ittoqqortoormiit, Greenland changes time zones on 2024-03-31
- Vostok, Antarctica changed time zones on 2023-12-18
- Casey, Antarctica changed time zones five times since 2020
- Code and data fixes for Palestine timestamps starting in 2072
- A new data file zonenow.tab for timestamps starting now
- Much of Greenland changed its standard time from -03 to -02 on 2023-03-25
- localtime.c no longer mishandles TZif files that contain a single transition into a DST regime
- tzselect no longer creates temporary files
- tzselect no longer mishandles the following:
* Spaces and most other special characters in BUGEMAIL, PACKAGE, TZDIR, and VERSION.
* TZ strings when using mawk 1.4.3, which mishandles regular expressions of the form /X{2,}/
* ISO 6709 coordinates when using an awk that lacks the GNU extension of newlines in -v option-arguments
* Non UTF-8 locales when using an iconv command that lacks the GNU //TRANSLIT extension
* zic no longer mishandles data for Palestine after the year 2075
timezone-2024a-150000.75.28.1.src.rpm
timezone-2024a-150000.75.28.1.x86_64.rpm
timezone-2024a-150000.75.28.1.s390x.rpm
timezone-2024a-150000.75.28.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-444
Security update for suse-build-key
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for suse-build-key fixes the following issues:
This update runs a import-suse-build-key script.
The previous libzypp-post-script based installation is replaced
with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777).
- suse-build-key-import.service
- suse-build-key-import.timer
It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys.
After successful import the timer is disabled.
To manually import them you can also run:
# rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc
# rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc
Bugfix added since last update:
- run rpm commands in import script only when libzypp is not
active. bsc#1219189 bsc#1219123
suse-build-key-12.0-150000.8.40.1.noarch.rpm
suse-build-key-12.0-150000.8.40.1.src.rpm
openSUSE-Leap-Micro-5.5-2024-305
Security update for cpio
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for cpio fixes the following issues:
- Fixed cpio not extracting correctly when using --no-absolute-filenames option the security fix for CVE-2023-7207 (bsc#1218571, bsc#1219238)
cpio-2.13-150400.3.6.1.src.rpm
cpio-2.13-150400.3.6.1.x86_64.rpm
cpio-2.13-150400.3.6.1.s390x.rpm
cpio-2.13-150400.3.6.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-651
Recommended update for nftables
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for nftables fixes the following issues:
- Enable python311 module (bsc#1219253).
libnftables1-0.9.8-150400.6.3.1.x86_64.rpm
nftables-0.9.8-150400.6.3.1.src.rpm
nftables-0.9.8-150400.6.3.1.x86_64.rpm
python3-nftables-0.9.8-150400.6.3.1.noarch.rpm
libnftables1-0.9.8-150400.6.3.1.s390x.rpm
nftables-0.9.8-150400.6.3.1.s390x.rpm
libnftables1-0.9.8-150400.6.3.1.aarch64.rpm
nftables-0.9.8-150400.6.3.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-459
Security update for runc
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for runc fixes the following issues:
- Update to runc v1.1.12 (bsc#1218894)
The following CVE was already fixed with the previous release.
- CVE-2024-21626: Fixed container breakout.
runc-1.1.12-150000.61.2.src.rpm
runc-1.1.12-150000.61.2.x86_64.rpm
runc-1.1.12-150000.61.2.s390x.rpm
runc-1.1.12-150000.61.2.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-466
Recommended update for syslinux
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for syslinux fixes the following issues:
- syslinux RPM package was rebuilt to address issues with aarch64 built binaries
syslinux-4.04-150300.17.2.1.src.rpm
syslinux-4.04-150300.17.2.1.x86_64.rpm
openSUSE-Leap-Micro-5.5-2024-581
Security update for python3
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for python3 fixes the following issues:
- CVE-2023-27043: Fixed incorrectly parses e-mail addresses which contain a special character (bsc#1210638).
libpython3_6m1_0-3.6.15-150300.10.54.1.x86_64.rpm
python3-3.6.15-150300.10.54.1.src.rpm
python3-3.6.15-150300.10.54.1.x86_64.rpm
python3-base-3.6.15-150300.10.54.1.x86_64.rpm
python3-core-3.6.15-150300.10.54.1.src.rpm
libpython3_6m1_0-3.6.15-150300.10.54.1.s390x.rpm
python3-3.6.15-150300.10.54.1.s390x.rpm
python3-base-3.6.15-150300.10.54.1.s390x.rpm
libpython3_6m1_0-3.6.15-150300.10.54.1.aarch64.rpm
python3-3.6.15-150300.10.54.1.aarch64.rpm
python3-base-3.6.15-150300.10.54.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-741
Recommended update for bluez
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update of bluez fixes the following issue:
- The bluez-deprecated package is shipped again, as it contains some tools still in common use. (bsc#1217251)
bluez-5.65-150500.3.8.1.src.rpm
libbluetooth3-5.65-150500.3.8.1.x86_64.rpm
libbluetooth3-5.65-150500.3.8.1.s390x.rpm
libbluetooth3-5.65-150500.3.8.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-637
Recommended update for duktape
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for duktape fixes the following issues:
- Ship libduktape206-32bit: needed by libproxy since version 0.5.
duktape-2.6.0-150500.4.5.1.src.rpm
libduktape206-2.6.0-150500.4.5.1.x86_64.rpm
libduktape206-2.6.0-150500.4.5.1.s390x.rpm
libduktape206-2.6.0-150500.4.5.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-895
Recommended update for wicked
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for wicked fixes the following issues:
- ifreload: VLAN changes require device deletion (bsc#1218927)
- ifcheck: fix config changed check (bsc#1218926)
- client: fix exit code for no-carrier status (bsc#1219265)
- dhcp6: omit the SO_REUSEPORT option (bsc#1215692)
- duid: fix comment for v6time
- rtnl: fix peer address parsing for non ptp-interfaces
- system-updater: Parse updater format from XML configuration to ensure install calls can run
- team: add new options like link_watch_policy (jsc#PED-7183)
- Fix memory leaks in dbus variant destroy and fsm free
- xpath: allow underscore in node identifier
- vxlan: don't format unknown rtnl attrs (bsc#1219751)
wicked-0.6.74-150500.3.15.1.src.rpm
wicked-0.6.74-150500.3.15.1.x86_64.rpm
wicked-service-0.6.74-150500.3.15.1.x86_64.rpm
wicked-0.6.74-150500.3.15.1.s390x.rpm
wicked-service-0.6.74-150500.3.15.1.s390x.rpm
wicked-0.6.74-150500.3.15.1.aarch64.rpm
wicked-service-0.6.74-150500.3.15.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-549
Security update for openssl-1_1
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for openssl-1_1 fixes the following issues:
- CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file (bsc#1219243).
libopenssl-1_1-devel-1.1.1l-150500.17.25.1.x86_64.rpm
libopenssl1_1-1.1.1l-150500.17.25.1.x86_64.rpm
libopenssl1_1-hmac-1.1.1l-150500.17.25.1.x86_64.rpm
openssl-1_1-1.1.1l-150500.17.25.1.src.rpm
openssl-1_1-1.1.1l-150500.17.25.1.x86_64.rpm
libopenssl-1_1-devel-1.1.1l-150500.17.25.1.s390x.rpm
libopenssl1_1-1.1.1l-150500.17.25.1.s390x.rpm
libopenssl1_1-hmac-1.1.1l-150500.17.25.1.s390x.rpm
openssl-1_1-1.1.1l-150500.17.25.1.s390x.rpm
libopenssl-1_1-devel-1.1.1l-150500.17.25.1.aarch64.rpm
libopenssl1_1-1.1.1l-150500.17.25.1.aarch64.rpm
libopenssl1_1-hmac-1.1.1l-150500.17.25.1.aarch64.rpm
openssl-1_1-1.1.1l-150500.17.25.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-441
Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container fixes the following issues:
Update to version 1.1.1:
Release notes are on https://github.com/kubevirt/kubevirt/releases/tag/v1.1.1
- Fix seccomp profile for post-copy migration
- Fix firmware path for aarch64 (/usr/share/AAVMF)
- Fix test with initially invalid DataVolume (bsc#1218174)
The containers were also rebuilt against updated go version.
kubevirt-1.1.1-150500.8.9.1.src.rpm
kubevirt-manifests-1.1.1-150500.8.9.1.x86_64.rpm
kubevirt-virtctl-1.1.1-150500.8.9.1.x86_64.rpm
openSUSE-Leap-Micro-5.5-2024-903
Recommended update for systemd-presets-common-SUSE
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for systemd-presets-common-SUSE fixes the following issues:
- Split hcn-init.service to hcn-init-NetworkManager and hcn-init-wicked (bsc#1200731)
- Support both the old and new service to avoid complex version interdependency
systemd-presets-common-SUSE-15-150500.20.6.1.noarch.rpm
systemd-presets-common-SUSE-15-150500.20.6.1.src.rpm
openSUSE-Leap-Micro-5.5-2024-861
Recommended update for aaa_base
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for aaa_base fixes the following issues:
- Silence the output in the case of broken symlinks (bsc#1218232)
aaa_base-84.87+git20180409.04c9dae-150300.10.12.1.src.rpm
aaa_base-84.87+git20180409.04c9dae-150300.10.12.1.x86_64.rpm
aaa_base-84.87+git20180409.04c9dae-150300.10.12.1.s390x.rpm
aaa_base-84.87+git20180409.04c9dae-150300.10.12.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-868
Recommended update for lttng-tools
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for lttng-tools fixes the following issues:
- Fix UST communication when -EAGAIN is returned which leads to lttng-sessiond abort (bsc#1218508)
liblttng-ctl0-2.12.2-150300.3.3.1.x86_64.rpm
lttng-tools-2.12.2-150300.3.3.1.src.rpm
lttng-tools-2.12.2-150300.3.3.1.x86_64.rpm
liblttng-ctl0-2.12.2-150300.3.3.1.aarch64.rpm
lttng-tools-2.12.2-150300.3.3.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-442
Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer fixes the following issues:
- Set ExclusiveArch conditionally depending on the distro
- rebuild with current go release.
containerized-data-importer-1.58.0-150500.6.9.1.src.rpm
containerized-data-importer-manifests-1.58.0-150500.6.9.1.x86_64.rpm
openSUSE-Leap-Micro-5.5-2024-907
Recommended update for audit
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for audit fixes the following issue:
- Fix plugin termination when using systemd service units (bsc#1215377)
audit-3.0.6-150400.4.16.1.src.rpm
audit-3.0.6-150400.4.16.1.x86_64.rpm
audit-audispd-plugins-3.0.6-150400.4.16.1.x86_64.rpm
audit-secondary-3.0.6-150400.4.16.1.src.rpm
libaudit1-3.0.6-150400.4.16.1.x86_64.rpm
libauparse0-3.0.6-150400.4.16.1.x86_64.rpm
python3-audit-3.0.6-150400.4.16.1.x86_64.rpm
system-group-audit-3.0.6-150400.4.16.1.x86_64.rpm
audit-3.0.6-150400.4.16.1.s390x.rpm
audit-audispd-plugins-3.0.6-150400.4.16.1.s390x.rpm
libaudit1-3.0.6-150400.4.16.1.s390x.rpm
libauparse0-3.0.6-150400.4.16.1.s390x.rpm
python3-audit-3.0.6-150400.4.16.1.s390x.rpm
system-group-audit-3.0.6-150400.4.16.1.s390x.rpm
audit-3.0.6-150400.4.16.1.aarch64.rpm
audit-audispd-plugins-3.0.6-150400.4.16.1.aarch64.rpm
libaudit1-3.0.6-150400.4.16.1.aarch64.rpm
libauparse0-3.0.6-150400.4.16.1.aarch64.rpm
python3-audit-3.0.6-150400.4.16.1.aarch64.rpm
system-group-audit-3.0.6-150400.4.16.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-456
Recommended update for grub2
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for grub2 fixes the following issues:
- Fix missing grub2 exporters on Leap
grub2-2.06-150500.29.13.1.src.rpm
grub2-2.06-150500.29.13.1.x86_64.rpm
grub2-i386-pc-2.06-150500.29.13.1.noarch.rpm
grub2-snapper-plugin-2.06-150500.29.13.1.noarch.rpm
grub2-x86_64-efi-2.06-150500.29.13.1.noarch.rpm
grub2-x86_64-xen-2.06-150500.29.13.1.noarch.rpm
grub2-2.06-150500.29.13.1.s390x.rpm
grub2-s390x-emu-2.06-150500.29.13.1.s390x.rpm
grub2-2.06-150500.29.13.1.aarch64.rpm
grub2-arm64-efi-2.06-150500.29.13.1.noarch.rpm
openSUSE-Leap-Micro-5.5-2024-516
Security update for the Linux Kernel
important
SUSE Updates openSUSE-Leap-Micro 5.5
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-1085: Fixed nf_tables use-after-free vulnerability in the nft_setelem_catchall_deactivate() function (bsc#1219429).
- CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables component that could have been exploited to achieve local privilege escalation (bsc#1219434).
- CVE-2023-51042: Fixed use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (bsc#1219128).
- CVE-2023-51780: Fixed a use-after-free in do_vcc_ioctl in net/atm/ioctl.c, because of a vcc_recvmsg race condition (bsc#1218730).
- CVE-2023-46838: Fixed an issue with Xen netback processing of zero-length transmit fragment (bsc#1218836).
- CVE-2021-33631: Fixed an integer overflow in ext4_write_inline_data_end() (bsc#1219412).
- CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988).
- CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989).
- CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987).
- CVE-2023-47233: Fixed a use-after-free in the device unplugging (disconnect the USB by hotplug) code inside the brcm80211 component (bsc#1216702).
- CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalation (bsc#1215275).
- CVE-2023-51043: Fixed use-after-free during a race condition between a nonblocking atomic commit and a driver unload in drivers/gpu/drm/drm_atomic.c (bsc#1219120).
- CVE-2024-0775: Fixed use-after-free in __ext4_remount in fs/ext4/super.c that could allow a local user to cause an information leak problem while freeing the old quota file names before a potential failure (bsc#1219053).
- CVE-2023-6040: Fixed an out-of-bounds access vulnerability while creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function (bsc#1218752).
- CVE-2024-0641: Fixed a denial of service vulnerability in tipc_crypto_key_revoke in net/tipc/crypto.c (bsc#1218916).
- CVE-2024-0565: Fixed an out-of-bounds memory read flaw in receive_encrypted_standard in fs/smb/client/smb2ops.c (bsc#1218832).
- CVE-2023-6915: Fixed a NULL pointer dereference problem in ida_free in lib/idr.c (bsc#1218804).
- CVE-2023-51782: Fixed use-after-free in rose_ioctl in net/rose/af_rose.c because of a rose_accept race condition (bsc#1218757).
- CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218447).
- CVE-2024-0340: Fixed information disclosure in vhost/vhost.c:vhost_new_msg() (bsc#1218689).
- CVE-2024-24860: Fixed a denial of service caused by a race condition in {min,max}_key_size_set() (bsc#1219608).
The following non-security bugs were fixed:
- Documentation: RAS: Add index and address translation section (jsc#PED-7618).
- ACPI: LPIT: Avoid u32 multiplication overflow (git-fixes).
- ACPI: LPSS: Fix the fractional clock divider flags (git-fixes).
- ACPI: arm64: export acpi_arch_thermal_cpufreq_pctg() (bsc#1214377)
- ACPI: extlog: Clear Extended Error Log status when RAS_CEC handled the error (git-fixes).
- ACPI: processor: reduce CPUFREQ thermal reduction pctg for Tegra241 (bsc#1214377)
- ACPI: property: Allow _DSD buffer data only for byte accessors (git-fixes).
- ACPI: resource: Add another DMI match for the TongFang GMxXGxx (git-fixes).
- ACPI: thermal: Add Thermal fast Sampling Period (_TFP) support (bsc#1214377)
- ACPI: video: check for error while searching for backlight device parent (git-fixes).
- ALSA: hda/conexant: Fix headset auto detect fail in cx8070 and SN6140 (git-fixes).
- ALSA: hda/cs8409: Suppress vmaster control for Dolphin models (git-fixes).
- ALSA: hda/realtek: Add quirks for ASUS Zenbook 2022 Models (git-fixes).
- ALSA: hda/realtek: Enable headset mic on Lenovo M70 Gen5 (git-fixes).
- ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic boost on HP ZBook (git-fixes).
- ALSA: hda/realtek: Fix mute and mic-mute LEDs for HP Envy X360 13-ay0xxx (git-fixes).
- ALSA: hda/relatek: Enable Mute LED on HP Laptop 15s-fq2xxx (git-fixes).
- ALSA: hda: Refer to correct stream index at loops (git-fixes).
- ALSA: hda: intel-nhlt: Ignore vbps when looking for DMIC 32 bps format (git-fixes).
- ALSA: oxygen: Fix right channel of capture volume mixer (git-fixes).
- ASoC: Intel: Skylake: Fix mem leak in few functions (git-fixes).
- ASoC: Intel: Skylake: mem leak in skl register function (git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Medion Lifetab S10346 (git-fixes).
- ASoC: Intel: glk_rt5682_max98357a: fix board id mismatch (git-fixes).
- ASoC: amd: Add Dell G15 5525 to quirks list (bsc#1219136).
- ASoC: amd: Add check for acp config flags (bsc#1219136).
- ASoC: amd: Add new dmi entries to config entry (bsc#1219136).
- ASoC: amd: Drop da7219_aad_jack_det() usage (bsc#1219136).
- ASoC: amd: Drop empty platform remove function (bsc#1219136).
- ASoC: amd: Update Pink Sardine platform ACP register header (bsc#1219136).
- ASoC: amd: acp-config: Add missing MODULE_DESCRIPTION (git-fixes).
- ASoC: amd: acp-da7219-max98357a: Map missing jack kcontrols (bsc#1219136).
- ASoC: amd: acp-rt5645: Map missing jack kcontrols (bsc#1219136).
- ASoC: amd: acp3x-rt5682-max9836: Configure jack as not detecting Line Out (bsc#1219136).
- ASoC: amd: acp3x-rt5682-max9836: Map missing jack kcontrols (bsc#1219136).
- ASoC: amd: acp: Add TDM slots setting support for ACP I2S controller (bsc#1219136).
- ASoC: amd: acp: Add TDM support for acp i2s stream (bsc#1219136).
- ASoC: amd: acp: Add i2s tdm support in machine driver (bsc#1219136).
- ASoC: amd: acp: Add kcontrols and widgets per-codec in common code (bsc#1219136).
- ASoC: amd: acp: Add missing MODULE_DESCRIPTION in mach-common (git-fixes).
- ASoC: amd: acp: Add new cpu dai's in machine driver (bsc#1219136).
- ASoC: amd: acp: Add setbias level for rt5682s codec in machine driver (bsc#1219136).
- ASoC: amd: acp: Enable i2s tdm support for skyrim platforms (bsc#1219136).
- ASoC: amd: acp: Fix possible UAF in acp_dma_open (bsc#1219136).
- ASoC: amd: acp: Initialize list to store acp_stream during pcm_open (bsc#1219136).
- ASoC: amd: acp: Map missing jack kcontrols (bsc#1219136).
- ASoC: amd: acp: Modify dai_id macros to be more generic (bsc#1219136).
- ASoC: amd: acp: Refactor bit width calculation (bsc#1219136).
- ASoC: amd: acp: Refactor dai format implementation (bsc#1219136).
- ASoC: amd: acp: Refactor i2s clocks programming sequence (bsc#1219136).
- ASoC: amd: acp: add a label to make error path more clean (bsc#1219136).
- ASoC: amd: acp: add acp i2s master clock generation for rembrandt platform (bsc#1219136).
- ASoC: amd: acp: add pm ops support for acp pci driver (bsc#1219136).
- ASoC: amd: acp: add pm ops support for rembrandt platform (bsc#1219136).
- ASoC: amd: acp: clean up some inconsistent indentings (bsc#1219136).
- ASoC: amd: acp: clear pdm dma interrupt mask (bsc#1219136).
- ASoC: amd: acp: delete unnecessary NULL check (bsc#1219136).
- ASoC: amd: acp: export config_acp_dma() and config_pte_for_stream() symbols (bsc#1219136).
- ASoC: amd: acp: fix SND_SOC_AMD_ACP_PCI depdenencies (bsc#1219136).
- ASoC: amd: acp: move pdm macros to common header file (bsc#1219136).
- ASoC: amd: acp: refactor the acp init and de-init sequence (bsc#1219136).
- ASoC: amd: acp: rembrandt: Drop if blocks with always false condition (bsc#1219136).
- ASoC: amd: acp: remove acp poweroff function (bsc#1219136).
- ASoC: amd: acp: remove the redundant acp enable/disable interrupts functions (bsc#1219136).
- ASoC: amd: acp: remove unnecessary NULL checks (bsc#1219136).
- ASoC: amd: acp: store platform device reference created in pci probe call (bsc#1219136).
- ASoC: amd: acp: store the pdm stream channel mask (bsc#1219136).
- ASoC: amd: acp: store xfer_resolution of the stream (bsc#1219136).
- ASoC: amd: acp: switch to use dev_err_probe() (bsc#1219136).
- ASoC: amd: acp: use devm_kcalloc() instead of devm_kzalloc() (bsc#1219136).
- ASoC: amd: acp: use function devm_kcalloc() instead of devm_kzalloc() (bsc#1219136).
- ASoC: amd: add Pink Sardine ACP PCI driver (bsc#1219136).
- ASoC: amd: add Pink Sardine machine driver using dmic (bsc#1219136).
- ASoC: amd: add Pink Sardine platform ACP IP register header (bsc#1219136).
- ASoC: amd: add acp6.2 init/de-init functions (bsc#1219136).
- ASoC: amd: add acp6.2 irq handler (bsc#1219136).
- ASoC: amd: add acp6.2 pci driver pm ops (bsc#1219136).
- ASoC: amd: add acp6.2 pdm driver dma ops (bsc#1219136).
- ASoC: amd: add acp6.2 pdm driver pm ops (bsc#1219136).
- ASoC: amd: add acp6.2 pdm platform driver (bsc#1219136).
- ASoC: amd: add platform devices for acp6.2 pdm driver and dmic driver (bsc#1219136).
- ASoC: amd: create platform device for acp6.2 machine driver (bsc#1219136).
- ASoC: amd: enable Pink Sardine acp6.2 drivers build (bsc#1219136).
- ASoC: amd: enable Pink sardine platform machine driver build (bsc#1219136).
- ASoC: amd: fix ACP version typo mistake (bsc#1219136).
- ASoC: amd: fix spelling mistake: "i.e" -> "i.e." (bsc#1219136).
- ASoC: amd: ps: Add a module parameter to influence pdm_gain (bsc#1219136).
- ASoC: amd: ps: Adjust the gain for PDM DMIC (bsc#1219136).
- ASoC: amd: ps: Fix uninitialized ret in create_acp64_platform_devs() (bsc#1219136).
- ASoC: amd: ps: Move acp63_dev_data strcture from PCI driver (bsc#1219136).
- ASoC: amd: ps: Update copyright notice (bsc#1219136).
- ASoC: amd: ps: add mutex lock for accessing common registers (bsc#1219136).
- ASoC: amd: ps: fix for acp_lock access in pdm driver (bsc#1219136).
- ASoC: amd: ps: implement api to retrieve acp device config (bsc#1219136).
- ASoC: amd: ps: move irq handler registration (bsc#1219136).
- ASoC: amd: ps: refactor acp power on and reset functions (bsc#1219136).
- ASoC: amd: ps: refactor platform device creation logic (bsc#1219136).
- ASoC: amd: ps: remove the register read and write wrappers (bsc#1219136).
- ASoC: amd: ps: remove unused variable (bsc#1219136).
- ASoC: amd: ps: update dev index value in irq handler (bsc#1219136).
- ASoC: amd: ps: update macros with ps platform naming convention (bsc#1219136).
- ASoC: amd: ps: update the acp clock source (bsc#1219136).
- ASoC: amd: ps: use acp_lock to protect common registers in pdm driver (bsc#1219136).
- ASoC: amd: ps: use static function (bsc#1219136).
- ASoC: amd: renoir: Add a module parameter to influence pdm_gain (bsc#1219136).
- ASoC: amd: renoir: Adjust the gain for PDM DMIC (bsc#1219136).
- ASoC: amd: update pm_runtime enable sequence (bsc#1219136).
- ASoC: amd: vangogh: Add check for acp config flags in vangogh platform (bsc#1219136).
- ASoC: amd: vangogh: Make use of DRV_NAME (bsc#1219136).
- ASoC: amd: vangogh: Remove unnecessary init function (bsc#1219136).
- ASoC: amd: vangogh: select CONFIG_SND_AMD_ACP_CONFIG (bsc#1219136).
- ASoC: amd: yc: Add ASUS M3402RA into DMI table (bsc#1219136).
- ASoC: amd: yc: Add ASUS M5402RA into DMI table (bsc#1219136).
- ASoC: amd: yc: Add Alienware m17 R5 AMD into DMI table (bsc#1219136).
- ASoC: amd: yc: Add Asus VivoBook Pro 14 OLED M6400RC to the quirks list for acp6x (bsc#1219136).
- ASoC: amd: yc: Add DMI entries to support HP OMEN 16-n0xxx (8A42) (bsc#1219136).
- ASoC: amd: yc: Add DMI entries to support HP OMEN 16-n0xxx (8A43) (bsc#1219136).
- ASoC: amd: yc: Add DMI entries to support Victus by HP Gaming Laptop 15-fb0xxx (8A3E) (bsc#1219136).
- ASoC: amd: yc: Add DMI entries to support Victus by HP Laptop 16-e1xxx (8A22) (bsc#1219136).
- ASoC: amd: yc: Add DMI entry to support System76 Pangolin 12 (bsc#1219136).
- ASoC: amd: yc: Add DMI entry to support System76 Pangolin 13 (bsc#1219136).
- ASoC: amd: yc: Add DMI support for new acer/emdoor platforms (bsc#1219136).
- ASoC: amd: yc: Add HP 255 G10 into quirk table (bsc#1219136).
- ASoC: amd: yc: Add Lenovo Thinkbook 14+ 2022 21D0 to quirks table (bsc#1219136).
- ASoC: amd: yc: Add MECHREVO Jiaolong Series MRID6 into DMI table (bsc#1219136).
- ASoC: amd: yc: Add Razer Blade 14 2022 into DMI table (bsc#1219136).
- ASoC: amd: yc: Add ThinkBook 14 G5+ ARP to quirks list for acp6x (bsc#1219136).
- ASoC: amd: yc: Add Thinkpad Neo14 to quirks list for acp6x (bsc#1219136).
- ASoC: amd: yc: Add VivoBook Pro 15 to quirks list for acp6x (bsc#1219136).
- ASoC: amd: yc: Add Xiaomi Redmi Book Pro 14 2022 into DMI table (bsc#1219136).
- ASoC: amd: yc: Add Xiaomi Redmi Book Pro 15 2022 into DMI table (bsc#1219136).
- ASoC: amd: yc: Add a module parameter to influence pdm_gain (bsc#1219136).
- ASoC: amd: yc: Adding Lenovo ThinkBook 14 Gen 4+ ARA and Lenovo ThinkBook 16 Gen 4+ ARA to the Quirks List (bsc#1219136).
- ASoC: amd: yc: Adjust the gain for PDM DMIC (bsc#1219136).
- ASoC: amd: yc: Fix a non-functional mic on Lenovo 82TL (bsc#1219136).
- ASoC: amd: yc: Fix non-functional mic on ASUS E1504FA (bsc#1219136).
- ASoC: amd: yp: Add OMEN by HP Gaming Laptop 16z-n000 to quirks (bsc#1219136).
- ASoC: codecs: lpass-wsa-macro: fix compander volume hack (git-fixes).
- ASoC: codecs: wcd938x: fix headphones volume controls (git-fixes).
- ASoC: codecs: wcd938x: handle deferred probe (git-fixes).
- ASoC: cs35l33: Fix GPIO name and drop legacy include (git-fixes).
- ASoC: cs43130: Fix incorrect frame delay configuration (git-fixes).
- ASoC: cs43130: Fix the position of const qualifier (git-fixes).
- ASoC: da7219: Support low DC impedance headset (git-fixes).
- ASoC: nau8822: Fix incorrect type in assignment and cast to restricted __be16 (git-fixes).
- ASoC: ops: add correct range check for limiting volume (git-fixes).
- ASoC: rt5645: Drop double EF20 entry from dmi_platform_data[] (git-fixes).
- ASoC: rt5650: add mutex to avoid the jack detection failure (git-fixes).
- ASoC: sun4i-spdif: Fix requirements for H6 (git-fixes).
- ASoC: wm8974: Correct boost mixer inputs (git-fixes).
- Add DMI ID for MSI Bravo 15 B7ED (bsc#1219136).
- Bluetooth: Fix atomicity violation in {min,max}_key_size_set (git-fixes).
- Bluetooth: btmtkuart: fix recv_buf() return value (git-fixes).
- Documentation: Begin a RAS section (jsc#PED-7622).
- EDAC/amd64: Add MI300 row retirement support (jsc#PED-7618).
- EDAC/amd64: Add context struct (jsc#PED-7615).
- EDAC/amd64: Add get_err_info() to pvt->ops (jsc#PED-7615).
- EDAC/amd64: Add support for AMD heterogeneous Family 19h Model 30h-3Fh (jsc#PED-7616).
- EDAC/amd64: Add support for ECC on family 19h model 60h-7Fh (jsc#PED-7615).
- EDAC/amd64: Add support for family 0x19, models 0x90-9f devices (jsc#PED-7622).
- EDAC/amd64: Allow for DF Indirect Broadcast reads (jsc#PED-7615).
- EDAC/amd64: Cache and use GPU node map (jsc#PED-7616).
- EDAC/amd64: Do not discover ECC symbol size for Family 17h and later (jsc#PED-7615).
- EDAC/amd64: Do not set up EDAC PCI control on Family 17h+ (jsc#PED-7615).
- EDAC/amd64: Document heterogeneous system enumeration (jsc#PED-7616).
- EDAC/amd64: Drop dbam_to_cs() for Family 17h and later (jsc#PED-7615).
- EDAC/amd64: Fix indentation in umc_determine_edac_cap() (jsc#PED-7615).
- EDAC/amd64: Merge struct amd64_family_type into struct amd64_pvt (jsc#PED-7615).
- EDAC/amd64: Remove PCI Function 0 (jsc#PED-7615).
- EDAC/amd64: Remove PCI Function 6 (jsc#PED-7615).
- EDAC/amd64: Remove early_channel_count() (jsc#PED-7615).
- EDAC/amd64: Remove module version string (jsc#PED-7615).
- EDAC/amd64: Remove scrub rate control for Family 17h and later (jsc#PED-7615).
- EDAC/amd64: Rename debug_display_dimm_sizes() (jsc#PED-7615).
- EDAC/amd64: Rename f17h_determine_edac_ctl_cap() (jsc#PED-7615).
- EDAC/amd64: Rework hw_info_{get,put} (jsc#PED-7615).
- EDAC/amd64: Shut up an -Werror,-Wsometimes-uninitialized clang false positive (jsc#PED-7615).
- EDAC/amd64: Split determine_edac_cap() into dct/umc functions (jsc#PED-7615).
- EDAC/amd64: Split determine_memory_type() into dct/umc functions (jsc#PED-7615).
- EDAC/amd64: Split dump_misc_regs() into dct/umc functions (jsc#PED-7615).
- EDAC/amd64: Split ecc_enabled() into dct/umc functions (jsc#PED-7615).
- EDAC/amd64: Split get_csrow_nr_pages() into dct/umc functions (jsc#PED-7615).
- EDAC/amd64: Split init_csrows() into dct/umc functions (jsc#PED-7615).
- EDAC/amd64: Split prep_chip_selects() into dct/umc functions (jsc#PED-7615).
- EDAC/amd64: Split read_base_mask() into dct/umc functions (jsc#PED-7615).
- EDAC/amd64: Split read_mc_regs() into dct/umc functions (jsc#PED-7615).
- EDAC/amd64: Split setup_mci_misc_attrs() into dct/umc functions (jsc#PED-7615).
- EDAC/amd64: Use new AMD Address Translation Library (jsc#PED-7618).
- EDAC/mc: Add new HBM2 memory type (jsc#PED-7616).
- EDAC/mc: Add support for HBM3 memory type (jsc#PED-7622).
- EDAC/mce_amd: Remove SMCA Extended Error code descriptions (jsc#PED-7622).
- EDAC/thunderx: Fix possible out-of-bounds string access (git-fixes).
- HID: i2c-hid-of: fix NULL-deref on failed power up (git-fixes).
- HID: wacom: Correct behavior when processing some confidence == false touches (git-fixes).
- IB/iser: Prevent invalidating wrong MR (git-fixes)
- Input: atkbd - do not skip atkbd_deactivate() when skipping ATKBD_CMD_GETID (git-fixes).
- Input: atkbd - skip ATKBD_CMD_GETID in translated mode (git-fixes).
- Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID (git-fixes).
- Input: atkbd - use ab83 as id when skipping the getid command (git-fixes).
- Input: bcm5974 - check endpoint type before starting traffic (git-fixes).
- Input: i8042 - add nomux quirk for Acer P459-G2-M (git-fixes).
- Input: xpad - add Razer Wolverine V2 support (git-fixes).
- KVM: SVM: Update EFER software model on CR0 trap for SEV-ES (git-fixes).
- KVM: s390: vsie: Fix STFLE interpretive execution identification (git-fixes bsc#1218997).
- KVM: x86: Mask LVTPC when handling a PMI (jsc#PED-7322).
- Limit kernel-source build to architectures for which the kernel binary is built (bsc#1108281).
- PCI/AER: Configure ECRC only if AER is native (bsc#1218778)
- PCI/P2PDMA: Remove reference to pci_p2pdma_map_sg() (git-fixes).
- PCI: Add ACS quirk for more Zhaoxin Root Ports (git-fixes).
- PCI: keystone: Fix race condition when initializing PHYs (git-fixes).
- PM: hibernate: Enforce ordering during image compression/decompression (git-fixes).
- RAS/AMD/ATL: Add MI300 DRAM to normalized address translation support (jsc#PED-7618).
- RAS/AMD/ATL: Add MI300 support (jsc#PED-7618).
- RAS/AMD/ATL: Fix array overflow in get_logical_coh_st_fabric_id_mi300() (jsc#PED-7618).
- RAS: Introduce AMD Address Translation Library (jsc#PED-7618).
- RDMA/hns: Fix inappropriate err code for unsupported operations (git-fixes)
- RDMA/hns: Fix unnecessary err return when using invalid congest control algorithm (git-fixes)
- RDMA/hns: Remove unnecessary checks for NULL in mtr_alloc_bufs() (git-fixes)
- RDMA/irdma: Add wait for suspend on SQD (git-fixes)
- RDMA/irdma: Avoid free the non-cqp_request scratch (git-fixes)
- RDMA/irdma: Do not modify to SQD on error (git-fixes)
- RDMA/irdma: Fix UAF in irdma_sc_ccq_get_cqe_info() (git-fixes)
- RDMA/irdma: Refactor error handling in create CQP (git-fixes)
- RDMA/rtrs-clt: Fix the max_send_wr setting (git-fixes)
- RDMA/rtrs-clt: Remove the warnings for req in_use check (git-fixes)
- RDMA/rtrs-clt: Start hb after path_up (git-fixes)
- RDMA/rtrs-srv: Check return values while processing info request (git-fixes)
- RDMA/rtrs-srv: Destroy path files after making sure no IOs in-flight (git-fixes)
- RDMA/rtrs-srv: Do not unconditionally enable irq (git-fixes)
- RDMA/rtrs-srv: Free srv_mr iu only when always_invalidate is true (git-fixes)
- RDMA/usnic: Silence uninitialized symbol smatch warnings (git-fixes)
- USB: xhci: workaround for grace period (git-fixes).
- Update config files: enable ASoC AMD PS drivers (bsc#1219136)
- Update patch reference for ax88179 fix (bsc#1218948)
- acpi: property: Let args be NULL in __acpi_node_get_property_reference (git-fixes).
- aio: fix mremap after fork null-deref (git-fixes).
- apparmor: avoid crash when parsed profile name is empty (git-fixes).
- arm64: Add CNT{P,V}CTSS_EL0 alternatives to cnt{p,v}ct_el0 (jsc#PED-4729)
- arm64: Add a capability for FEAT_ECV (jsc#PED-4729) Use cpu_hwcaps PLACEHOLDER_4 for HAS_ECV.
- arm64: alternative: patch alternatives in the vDSO (jsc#PED-4729)
- arm64: dts: armada-3720-turris-mox: set irq type for RTC (git-fixes)
- arm64: dts: imx8mp: imx8mq: Add parkmode-disable-ss-quirk on DWC3 (git-fixes)
- arm64: dts: imx8mq: drop usb3-resume-missing-cas from usb (git-fixes)
- arm64: dts: ls208xa: use a pseudo-bus to constrain usb dma size (git-fixes)
- arm64: dts: rockchip: Expand reg size of vdec node for RK3399 (git-fixes)
- arm64: mm: Always make sw-dirty PTEs hw-dirty in pte_modify (git-fixes)
- arm64: module: move find_section to header (jsc#PED-4729)
- arm64: vdso: Fix "no previous prototype" warning (jsc#PED-4729)
- arm64: vdso: remove two .altinstructions related symbols (jsc#PED-4729)
- arm64: vdso: use SYS_CNTVCTSS_EL0 for gettimeofday (jsc#PED-4729)
- asix: Add check for usbnet_get_endpoints (git-fixes).
- attr: block mode changes of symlinks (git-fixes).
- badblocks: add helper routines for badblock ranges handling (bsc#1174649).
- badblocks: add more helper structure and routines in badblocks.h (bsc#1174649).
- badblocks: avoid checking invalid range in badblocks_check() (bsc#1174649).
- badblocks: improve badblocks_check() for multiple ranges handling (bsc#1174649).
- badblocks: improve badblocks_clear() for multiple ranges handling (bsc#1174649).
- badblocks: improve badblocks_set() for multiple ranges handling (bsc#1174649).
- badblocks: switch to the improved badblock handling code (bsc#1174649).
- bpf: Limit the number of kprobes when attaching program to multiple kprobes (git-fixes).
- bus: mhi: host: Add alignment check for event ring read pointer (git-fixes).
- bus: mhi: host: Add spinlock to protect WP access when queueing TREs (git-fixes).
- bus: mhi: host: Drop chan lock before queuing buffers (git-fixes).
- ceph: select FS_ENCRYPTION_ALGS if FS_ENCRYPTION (bsc#1219568).
- clk: qcom: gpucc-sm8150: Update the gpu_cc_pll1 config (git-fixes).
- clk: qcom: videocc-sm8150: Add missing PLL config property (git-fixes).
- clk: rockchip: rk3128: Fix HCLK_OTG gate register (git-fixes).
- clk: samsung: Fix kernel-doc comments (git-fixes).
- clk: si5341: fix an error code problem in si5341_output_clk_set_rate (git-fixes).
- clk: zynqmp: Add a check for NULL pointer (git-fixes).
- clk: zynqmp: make bestdiv unsigned (git-fixes).
- clocksource: Skip watchdog check for large watchdog intervals (git-fixes).
- clocksource: disable watchdog checks on TSC when TSC is watchdog (bsc#1215885).
- coresight: etm4x: Add ACPI support in platform driver (bsc#1218779)
- coresight: etm4x: Allocate and device assign 'struct etmv4_drvdata' (bsc#1218779)
- coresight: etm4x: Change etm4_platform_driver driver for MMIO devices (bsc#1218779)
- coresight: etm4x: Drop iomem 'base' argument from etm4_probe() (bsc#1218779)
- coresight: etm4x: Drop pid argument from etm4_probe() (bsc#1218779)
- coresight: etm4x: Ensure valid drvdata and clock before clk_put() (bsc#1218779)
- coresight: platform: acpi: Ignore the absence of graph (bsc#1218779)
- crypto: ccp - fix memleak in ccp_init_dm_workarea (git-fixes).
- crypto: s390/aes - Fix buffer overread in CTR mode (git-fixes).
- crypto: sa2ul - Return crypto_aead_setkey to transfer the error (git-fixes).
- crypto: sahara - do not resize req->src when doing hash operations (git-fixes).
- crypto: sahara - fix ahash reqsize (git-fixes).
- crypto: sahara - fix ahash selftest failure (git-fixes).
- crypto: sahara - fix cbc selftest failure (git-fixes).
- crypto: sahara - fix processing hash requests with req->nbytes < sg->length (git-fixes).
- crypto: sahara - fix processing requests with cryptlen < sg->length (git-fixes).
- crypto: sahara - fix wait_for_completion_timeout() error handling (git-fixes).
- crypto: sahara - handle zero-length aes requests (git-fixes).
- crypto: sahara - improve error handling in sahara_sha_process() (git-fixes).
- crypto: sahara - remove FLAGS_NEW_KEY logic (git-fixes).
- crypto: scomp - fix req->dst buffer overflow (git-fixes).
- dma-debug: fix kernel-doc warnings (git-fixes).
- dmaengine: fix NULL pointer in channel unregistration function (git-fixes).
- dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV (git-fixes).
- dmaengine: fsl-dpaa2-qdma: Fix the size of dma pools (git-fixes).
- dmaengine: idxd: Protect int_handle field in hw descriptor (git-fixes).
- dmaengine: ti: k3-udma: Report short packet errors (git-fixes).
- doc/README.KSYMS: Add to repo.
- docs: Store the old kernel changelog entries in kernel-docs package (bsc#1218713).
- drivers/amd/pm: fix a use-after-free in kv_parse_power_table (git-fixes).
- drivers: clk: zynqmp: calculate closest mux rate (git-fixes).
- drivers: clk: zynqmp: update divider round rate logic (git-fixes).
- drm/amd/display: Fix tiled display misalignment (git-fixes).
- drm/amd/display: Port DENTIST hang and TDR fixes to OTG disable W/A (git-fixes).
- drm/amd/display: add nv12 bounding box (git-fixes).
- drm/amd/display: get dprefclk ss info from integration info table (git-fixes).
- drm/amd/display: make flip_timestamp_in_us a 64-bit variable (git-fixes).
- drm/amd/display: pbn_div need be updated for hotplug event (git-fixes).
- drm/amd/display: update dcn315 lpddr pstate latency (git-fixes).
- drm/amd/pm/smu7: fix a memleak in smu7_hwmgr_backend_init (git-fixes).
- drm/amd/pm: fix a double-free in amdgpu_parse_extended_power_table (git-fixes).
- drm/amd/pm: fix a double-free in si_dpm_init (git-fixes).
- drm/amd/powerplay: Fix kzalloc parameter 'ATOM_Tonga_PPM_Table' in 'get_platform_power_management_table()' (git-fixes).
- drm/amdgpu/debugfs: fix error code when smc register accessors are NULL (git-fixes).
- drm/amdgpu/pm: Fix the power source flag error (git-fixes).
- drm/amdgpu: Add NULL checks for function pointers (git-fixes).
- drm/amdgpu: Drop 'fence' check in 'to_amdgpu_amdkfd_fence()' (git-fixes).
- drm/amdgpu: Fix '*fw' from request_firmware() not released in 'amdgpu_ucode_request()' (git-fixes).
- drm/amdgpu: Fix cat debugfs amdgpu_regs_didt causes kernel null pointer (git-fixes).
- drm/amdgpu: Fix ecc irq enable/disable unpaired (git-fixes).
- drm/amdgpu: Fix missing error code in 'gmc_v6/7/8/9_0_hw_init()' (git-fixes).
- drm/amdgpu: Fix with right return code '-EIO' in 'amdgpu_gmc_vram_checking()' (git-fixes).
- drm/amdgpu: Let KFD sync with VM fences (git-fixes).
- drm/amdgpu: Release 'adev->pm.fw' before return in 'amdgpu_device_need_post()' (git-fixes).
- drm/amdgpu: fix ftrace event amdgpu_bo_move always move on same heap (git-fixes).
- drm/amdgpu: skip gpu_info fw loading on navi12 (git-fixes).
- drm/amdkfd: Confirm list is non-empty before utilizing list_first_entry in kfd_topology.c (git-fixes).
- drm/amdkfd: Fix 'node' NULL check in 'svm_range_get_range_boundaries()' (git-fixes).
- drm/amdkfd: Fix iterator used outside loop in 'kfd_add_peer_prop()' (git-fixes).
- drm/amdkfd: Fix lock dependency warning (git-fixes).
- drm/amdkfd: Fix lock dependency warning with srcu (git-fixes).
- drm/amdkfd: Use resource_size() helper function (git-fixes).
- drm/amdkfd: fixes for HMM mem allocation (git-fixes).
- drm/bridge: Fix typo in post_disable() description (git-fixes).
- drm/bridge: anx7625: Ensure bridge is suspended in disable() (git-fixes).
- drm/bridge: cdns-mhdp8546: Fix use of uninitialized variable (git-fixes).
- drm/bridge: nxp-ptn3460: fix i2c_master_send() error checking (git-fixes).
- drm/bridge: nxp-ptn3460: simplify some error checking (git-fixes).
- drm/bridge: parade-ps8640: Ensure bridge is suspended in .post_disable() (git-fixes).
- drm/bridge: parade-ps8640: Make sure we drop the AUX mutex in the error case (git-fixes).
- drm/bridge: parade-ps8640: Wait for HPD when doing an AUX transfer (git-fixes).
- drm/bridge: tc358767: Fix return value on error case (git-fixes).
- drm/bridge: tpd12s015: Drop buggy __exit annotation for remove function (git-fixes).
- drm/crtc: Fix uninit-value bug in drm_mode_setcrtc (git-fixes).
- drm/crtc: fix uninitialized variable use (git-fixes).
- drm/drv: propagate errors from drm_modeset_register_all() (git-fixes).
- drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind time (git-fixes).
- drm/exynos: fix a potential error pointer dereference (git-fixes).
- drm/exynos: fix a wrong error checking (git-fixes).
- drm/exynos: fix accidental on-stack copy of exynos_drm_plane (git-fixes).
- drm/exynos: gsc: minor fix for loop iteration in gsc_runtime_resume (git-fixes).
- drm/framebuffer: Fix use of uninitialized variable (git-fixes).
- drm/mediatek: Return error if MDP RDMA failed to enable the clock (git-fixes).
- drm/msm/dpu: Drop enable and frame_count parameters from dpu_hw_setup_misr() (git-fixes).
- drm/msm/dpu: Ratelimit framedone timeout msgs (git-fixes).
- drm/msm/dpu: Set input_sel bit for INTF (git-fixes).
- drm/msm/dpu: fix writeback programming for YUV cases (git-fixes).
- drm/msm/dpu: rename dpu_encoder_phys_wb_setup_cdp to match its functionality (git-fixes).
- drm/msm/dsi: Enable runtime PM (git-fixes).
- drm/msm/dsi: Use pm_runtime_resume_and_get to prevent refcnt leaks (git-fixes).
- drm/msm/mdp4: flush vblank event on disable (git-fixes).
- drm/nouveau/fence:: fix warning directly dereferencing a rcu pointer (git-fixes).
- drm/panel-edp: Add override_edid_mode quirk for generic edp (git-fixes).
- drm/panel-elida-kd35t133: hold panel in reset for unprepare (git-fixes).
- drm/panel: nt35510: fix typo (git-fixes).
- drm/panfrost: Ignore core_mask for poweroff and disable PWRTRANS irq (git-fixes).
- drm/panfrost: Really power off GPU cores in panfrost_gpu_power_off() (git-fixes).
- drm/radeon/dpm: fix a memleak in sumo_parse_power_table (git-fixes).
- drm/radeon/r100: Fix integer overflow issues in r100_cs_track_check() (git-fixes).
- drm/radeon/r600_cs: Fix possible int overflows in r600_cs_check_reg() (git-fixes).
- drm/radeon/trinity_dpm: fix a memleak in trinity_parse_power_table (git-fixes).
- drm/radeon: check return value of radeon_ring_lock() (git-fixes).
- drm/radeon: check the alloc_workqueue return value in radeon_crtc_init() (git-fixes).
- drm/tidss: Check for K2G in in dispc_softreset() (git-fixes).
- drm/tidss: Fix atomic_flush check (git-fixes).
- drm/tidss: Fix dss reset (git-fixes).
- drm/tidss: Move reset to the end of dispc_init() (git-fixes).
- drm/tidss: Return error value from from softreset (git-fixes).
- drm/tilcdc: Fix irq free on unload (git-fixes).
- drm: Do not unref the same fb many times by mistake due to deadlock handling (git-fixes).
- drm: panel-simple: add missing bus flags for Tianma tm070jvhg[30/33] (git-fixes).
- drm: using mul_u32_u32() requires linux/math64.h (git-fixes).
- dt-bindings: gpio: Remove FSI domain ports on Tegra234 (jsc#PED-6694)
- efi/libstub: Disable PCI DMA before grabbing the EFI memory map (git-fixes).
- eventfd: prevent underflow for eventfd semaphores (git-fixes).
- exfat: fix reporting fs error when reading dir beyond EOF (git-fixes).
- exfat: support handle zero-size directory (git-fixes).
- exfat: use kvmalloc_array/kvfree instead of kmalloc_array/kfree (git-fixes).
- fbdev: Only disable sysfb on the primary device (bsc#1216441)
- fbdev: Only disable sysfb on the primary device (bsc#1216441) Update an existing patch to fix bsc#1216441.
- fbdev: flush deferred IO before closing (git-fixes).
- fbdev: flush deferred work in fb_deferred_io_fsync() (git-fixes).
- fbdev: imxfb: fix left margin setting (git-fixes).
- fbdev: mmp: Fix typo and wording in code comment (git-fixes).
- firewire: core: correct documentation of fw_csr_string() kernel API (git-fixes).
- firewire: ohci: suppress unexpected system reboot in AMD Ryzen machines and ASM108x/VT630x PCIe cards (git-fixes).
- firmware: ti_sci: Fix an off-by-one in ti_sci_debugfs_create() (git-fixes).
- fjes: fix memleaks in fjes_hw_setup (git-fixes).
- fs/mount_setattr: always cleanup mount_kattr (git-fixes).
- fs: Fix error checking for d_hash_and_lookup() (git-fixes).
- fs: Move notify_change permission checks into may_setattr (git-fixes).
- fs: do not audit the capability check in simple_xattr_list() (git-fixes).
- fs: drop peer group ids under namespace lock (git-fixes).
- fs: indicate request originates from old mount API (git-fixes).
- fs: sendfile handles O_NONBLOCK of out_fd (git-fixes).
- fuse: dax: set fc->dax to NULL in fuse_dax_conn_free() (bsc#1218659).
- gfs2: Always check inode size of inline inodes (git-fixes).
- gfs2: Cosmetic gfs2_dinode_{in,out} cleanup (git-fixes).
- gfs2: Disable page faults during lockless buffered reads (git-fixes).
- gfs2: Eliminate ip->i_gh (git-fixes).
- gfs2: Eliminate vestigial HIF_FIRST (git-fixes).
- gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump (git-fixes).
- gfs2: Introduce flag for glock holder auto-demotion (git-fixes).
- gfs2: Move the inode glock locking to gfs2_file_buffered_write (git-fixes).
- gfs2: Remove redundant check from gfs2_glock_dq (git-fixes).
- gfs2: Switch to wait_event in gfs2_logd (git-fixes).
- gfs2: assign rgrp glock before compute_bitstructs (git-fixes).
- gfs2: low-memory forced flush fixes (git-fixes).
- gfs2: release iopen glock early in evict (git-fixes).
- gpio: eic-sprd: Clear interrupt after set the interrupt type (git-fixes).
- gpu/drm/radeon: fix two memleaks in radeon_vm_init (git-fixes).
- hv_netvsc: rndis_filter needs to select NLS (git-fixes).
- hwmon: (corsair-psu) Fix probe when built-in (git-fixes).
- hwrng: core - Fix page fault dead lock on mmap-ed hwrng (git-fixes).
- i2c: rk3x: fix potential spinlock recursion on poll (git-fixes).
- i2c: s3c24xx: fix read transfers in polling mode (git-fixes).
- i2c: s3c24xx: fix transferring more than one message in polling mode (git-fixes).
- iio: adc: ad7091r: Pass iio_dev to event handler (git-fixes).
- iio: adc: ad9467: add mutex to struct ad9467_state (git-fixes).
- iio: adc: ad9467: do not ignore error codes (git-fixes).
- iio: adc: ad9467: fix reset gpio handling (git-fixes).
- ipmi: Use regspacings passed as a module parameter (git-fixes).
- kabi, vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895).
- kabi/severities: ignore ASoC AMD acp driver symbols (bsc#1219136)
- kdb: Fix a potential buffer overflow in kdb_local() (git-fixes).
- kernel-doc: handle a void function without producing a warning (git-fixes).
- kernfs: fix missing kernfs_idr_lock to remove an ID from the IDR (git-fixes).
- leds: aw2013: Select missing dependency REGMAP_I2C (git-fixes).
- leds: ledtrig-tty: Free allocated ttyname buffer on deactivate (git-fixes).
- libapi: Add missing linux/types.h header to get the __u64 type on io.h (git-fixes).
- md: fix bi_status reporting in md_end_clone_io (bsc#1210443).
- media: cx231xx: fix a memleak in cx231xx_init_isoc (git-fixes).
- media: dt-bindings: ov8856: decouple lanes and link frequency from driver (git-fixes).
- media: dvb-frontends: m88ds3103: Fix a memory leak in an error handling path of m88ds3103_probe() (git-fixes).
- media: imx355: Enable runtime PM before registering async sub-device (git-fixes).
- media: ov9734: Enable runtime PM before registering async sub-device (git-fixes).
- media: pvrusb2: fix use after free on context disconnection (git-fixes).
- media: rkisp1: Disable runtime PM in probe error path (git-fixes).
- media: rkisp1: Fix media device memory leak (git-fixes).
- media: rkisp1: Read the ID register at probe time instead of streamon (git-fixes).
- media: videobuf2-dma-sg: fix vmap callback (git-fixes).
- mfd: intel-lpss: Fix the fractional clock divider flags (git-fixes).
- misc: fastrpc: Mark all sessions as invalid in cb_remove (git-fixes).
- mm: fs: initialize fsdata passed to write_begin/write_end interface (git-fixes).
- mmc: core: Cancel delayed work before releasing host (git-fixes).
- modpost: move __attribute__((format(printf, 2, 3))) to modpost.h (git-fixes).
- mtd: Fix gluebi NULL pointer dereference caused by ftl notifier (git-fixes).
- mtd: rawnand: Increment IFC_TIMEOUT_MSECS for nand controller response (git-fixes).
- mtd: rawnand: pl353: Fix kernel doc (git-fixes).
- mtd: rawnand: rockchip: Add missing title to a kernel doc comment (git-fixes).
- mtd: rawnand: rockchip: Rename a structure (git-fixes).
- net: phy: micrel: populate .soft_reset for KSZ9131 (git-fixes).
- net: usb: ax88179_178a: Bind only to vendor-specific interface (bsc#1218948).
- net: usb: ax88179_178a: avoid two consecutive device resets (bsc#1218948).
- net: usb: ax88179_178a: move priv to driver_priv (git-fixes).
- net: usb: ax88179_178a: remove redundant init code (git-fixes).
- net: usb: ax88179_178a: restore state on resume (bsc#1218948).
- nfc: nci: free rx_data_reassembly skb on NCI device cleanup (git-fixes).
- nfsd4: add refcount for nfsd4_blocked_lock (bsc#1218968 bsc#1219349).
- nfsd: fix RELEASE_LOCKOWNER (bsc#1218968).
- nouveau/tu102: flush all pdbs on vmm flush (git-fixes).
- nouveau/vmm: do not set addr on the fail path to avoid warning (git-fixes).
- nsfs: add compat ioctl handler (git-fixes).
- nvme-loop: always quiesce and cancel commands before destroying admin q (bsc#1211515).
- nvme-pci: add BOGUS_NID for Intel 0a54 device (git-fixes).
- nvme-pci: fix sleeping function called from interrupt context (git-fixes).
- nvme-rdma: Fix transfer length when write_generate/read_verify are 0 (git-fixes).
- nvme-tcp: avoid open-coding nvme_tcp_teardown_admin_queue() (bsc#1211515).
- nvme: fix max_discard_sectors calculation (git-fixes).
- nvme: introduce helper function to get ctrl state (git-fixes).
- nvme: move nvme_stop_keep_alive() back to original position (bsc#1211515).
- nvme: start keep-alive after admin queue setup (bsc#1211515).
- nvme: trace: avoid memcpy overflow warning (git-fixes).
- nvmet: re-fix tracing strncpy() warning (git-fixes).
- of: Fix double free in of_parse_phandle_with_args_map (git-fixes).
- of: unittest: Fix of_count_phandle_with_args() expected value message (git-fixes).
- parport: parport_serial: Add Brainboxes BAR details (git-fixes).
- parport: parport_serial: Add Brainboxes device IDs and geometry (git-fixes).
- pci: Drop PCI vmd patches that caused a regression (bsc#1218005)
- perf/x86/intel/uncore: Factor out topology_gidnid_map() (bsc#1218958).
- perf/x86/intel/uncore: Fix NULL pointer dereference issue in upi_fill_topology() (bsc#1218958).
- perf/x86/uncore: Use u64 to replace unsigned for the uncore offsets array (bsc#1219512).
- phy: renesas: rcar-gen3-usb2: Fix returning wrong error code (git-fixes).
- phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP (git-fixes).
- pinctrl: intel: Revert "Unexport intel_pinctrl_probe()" (git-fixes).
- platform/x86/amd/hsmp: Fix iomem handling (jsc#PED-7620).
- platform/x86/amd/hsmp: add support for metrics tbl (jsc#PED-7620).
- platform/x86/amd/hsmp: create plat specific struct (jsc#PED-7620).
- platform/x86/amd/hsmp: improve the error log (jsc#PED-7620).
- platform/x86: ISST: Reduce noise for missing numa information in logs (bsc#1219285).
- platform/x86: use PLATFORM_DEVID_NONE instead of -1 (jsc#PED-7620).
- power: supply: bq256xx: fix some problem in bq256xx_hw_init (git-fixes).
- power: supply: cw2015: correct time_to_empty units in sysfs (git-fixes).
- powerpc/fadump: reset dump area size if fadump memory reserve fails (bsc#1194869).
- powerpc/powernv: Add a null pointer check in opal_event_init() (bsc#1065729).
- powerpc/powernv: Add a null pointer check in opal_powercap_init() (bsc#1181674 ltc#189159 git-fixes).
- powerpc/powernv: Add a null pointer check to scom_debug_init_one() (bsc#1194869).
- powerpc/pseries/iommu: enable_ddw incorrectly returns direct mapping for SR-IOV device (bsc#1212091 ltc#199106 git-fixes).
- powerpc/pseries/memhp: Fix access beyond end of drmem array (bsc#1065729).
- powerpc/pseries: fix possible memory leak in ibmebus_bus_init() (bsc#1194869).
- powerpc/pseries: fix potential memory leak in init_cpu_associativity() (bsc#1194869).
- powerpc/xive: Fix endian conversion size (bsc#1194869).
- pstore: ram_core: fix possible overflow in persistent_ram_init_ecc() (git-fixes).
- pwm: Fix out-of-bounds access in of_pwm_single_xlate() (git-fixes).
- pwm: jz4740: Do not use dev_err_probe() in .request() (git-fixes).
- pwm: stm32: Fix enable count for clk in .probe() (git-fixes).
- pwm: stm32: Use hweight32 in stm32_pwm_detect_channels (git-fixes).
- pwm: stm32: Use regmap_clear_bits and regmap_set_bits where applicable (git-fixes).
- r8152: add vendor/device ID pair for ASUS USB-C2500 (git-fixes).
- r8152: add vendor/device ID pair for D-Link DUB-E250 (git-fixes).
- reset: hisilicon: hi6220: fix Wvoid-pointer-to-enum-cast warning (git-fixes).
- ring-buffer/Documentation: Add documentation on buffer_percent file (git-fixes).
- ring-buffer: Do not record in NMI if the arch does not support cmpxchg in NMI (git-fixes).
- s390/dasd: fix double module refcount decrement (bsc#1141539).
- s390/pci: fix max size calculation in zpci_memcpy_toio() (git-fixes bsc#1219006).
- s390/vfio-ap: always filter entire AP matrix (git-fixes bsc#1219012).
- s390/vfio-ap: let on_scan_complete() callback filter matrix and update guest's APCB (git-fixes bsc#1219014).
- s390/vfio-ap: loop over the shadow APCB when filtering guest's AP configuration (git-fixes bsc#1219013).
- s390/vfio-ap: unpin pages on gisc registration failure (git-fixes bsc#1218723).
- sched/isolation: add cpu_is_isolated() API (bsc#1217895).
- scripts/kernel-doc: restore warning for Excess struct/union (git-fixes).
- scsi: be2iscsi: Fix a memleak in beiscsi_init_wrb_handle() (git-fixes).
- scsi: bnx2fc: Fix skb double free in bnx2fc_rcv() (git-fixes).
- scsi: core: Always send batch on reset or error handling command (git-fixes).
- scsi: fnic: Return error if vmalloc() failed (git-fixes).
- scsi: hisi_sas: Correct the number of global debugfs registers (git-fixes).
- scsi: hisi_sas: Fix normally completed I/O analysed as failed (git-fixes).
- scsi: hisi_sas: Fix warnings detected by sparse (git-fixes).
- scsi: hisi_sas: Modify v3 HW SATA completion error processing (git-fixes).
- scsi: hisi_sas: Modify v3 HW SSP underflow error processing (git-fixes).
- scsi: hisi_sas: Rename HISI_SAS_{RESET -> RESETTING}_BIT (git-fixes).
- scsi: hisi_sas: Replace with standard error code return value (git-fixes).
- scsi: hisi_sas: Rollback some operations if FLR failed (git-fixes).
- scsi: hisi_sas: Set debugfs_dir pointer to NULL after removing debugfs (git-fixes).
- scsi: ibmvfc: Fix erroneous use of rtas_busy_delay with hcall return code (git-fixes).
- scsi: ibmvfc: Implement channel queue depth and event buffer accounting (bsc#1209834 ltc#202097).
- scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool (bsc#1209834 ltc#202097).
- scsi: iscsi: Rename iscsi_set_param() to iscsi_if_set_param() (git-fixes).
- scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() (git-fixes).
- scsi: lpfc: Change VMID driver load time parameters to read only (bsc#1219582).
- scsi: lpfc: Move determination of vmid_flag after VMID reinitialization completes (bsc#1219582).
- scsi: lpfc: Reinitialize an NPIV's VMID data structures after FDISC (bsc#1219582).
- scsi: lpfc: Update lpfc version to 14.2.0.17 (bsc#1219582).
- scsi: megaraid_sas: Fix deadlock on firmware crashdump (git-fixes).
- scsi: megaraid_sas: Increase register read retry rount from 3 to 30 for selected registers (git-fixes).
- scsi: mpt3sas: Fix an outdated comment (git-fixes).
- scsi: mpt3sas: Fix in error path (git-fixes).
- scsi: mpt3sas: Fix loop logic (bsc#1219067).
- scsi: mpt3sas: Fix loop logic (git-fixes).
- scsi: pm80xx: Avoid leaking tags when processing OPC_INB_SET_CONTROLLER_CONFIG command (git-fixes).
- scsi: pm80xx: Use phy-specific SAS address when sending PHY_START command (git-fixes).
- scsi: qla2xxx: Fix system crash due to bad pointer access (git-fixes).
- selftests/net: fix grep checking for fib_nexthop_multiprefix (git-fixes).
- serial: 8250: omap: Do not skip resource freeing if pm_runtime_resume_and_get() failed (git-fixes).
- serial: core: Fix atomicity violation in uart_tiocmget (git-fixes).
- serial: imx: Correct clock error message in function probe() (git-fixes).
- serial: imx: fix tx statemachine deadlock (git-fixes).
- serial: max310x: fail probe if clock crystal is unstable (git-fixes).
- serial: max310x: improve crystal stable clock detection (git-fixes).
- serial: max310x: set default value when reading clock ready bit (git-fixes).
- serial: sc16is7xx: add check for unsupported SPI modes during probe (git-fixes).
- serial: sc16is7xx: set safe default SPI clock frequency (git-fixes).
- serial: sccnxp: Improve error message if regulator_disable() fails (git-fixes).
- series.conf: the patch is not in git and breaks series_insert.py
- shmem: use ramfs_kill_sb() for kill_sb method of ramfs-based tmpfs (git-fixes).
- software node: Let args be NULL in software_node_get_reference_args (git-fixes).
- spi: spi-zynqmp-gqspi: fix driver kconfig dependencies (git-fixes).
- swiotlb-xen: provide the "max_mapping_size" method (git-fixes).
- swiotlb: fix a braino in the alignment check fix (bsc#1216559).
- swiotlb: fix slot alignment checks (bsc#1216559).
- trace,smp: Add tracepoints around remotelly called functions (bsc#1217895).
- tracefs: Add missing lockdown check to tracefs_create_dir() (git-fixes).
- tracing/trigger: Fix to return error if failed to alloc snapshot (git-fixes).
- tracing: Add size check when printing trace_marker output (git-fixes).
- tracing: Ensure visibility when inserting an element into tracing_map (git-fixes).
- tracing: Fix uaf issue when open the hist or hist_debug file (git-fixes).
- tracing: Have large events show up as '[LINE TOO BIG]' instead of nothing (git-fixes).
- tracing: Increase trace array ref count on enable and filter files (bsc#1219490).
- ubifs: Check @c->dirty_[n|p]n_cnt and @c->nroot state under @c->lp_mutex (git-fixes).
- ubifs: ubifs_link: Fix wrong name len calculating when UBIFS is encrypted (git-fixes).
- ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path (git-fixes).
- uio: Fix use-after-free in uio_open (git-fixes).
- usb: cdns3: Fix uvc fail when DMA cross 4k boundery since sg enabled (git-fixes).
- usb: cdns3: fix uvc failure work since sg support enabled (git-fixes).
- usb: chipidea: wait controller resume finished for wakeup irq (git-fixes).
- usb: dwc: ep0: Update request status in dwc3_ep0_stall_restart (git-fixes).
- usb: fsl-mph-dr-of: mark fsl_usb2_mpc5121_init() static (git-fixes).
- usb: host: xhci-plat: Add support for XHCI_SG_TRB_CACHE_SIZE_QUIRK (git-fixes).
- usb: mon: Fix atomicity violation in mon_bin_vma_fault (git-fixes).
- usb: otg numberpad exception (bsc#1218527).
- usb: phy: mxs: remove CONFIG_USB_OTG condition for mxs_phy_is_otg_host() (git-fixes).
- usb: typec: class: fix typec_altmode_put_partner to put plugs (git-fixes).
- usb: ucsi: Add missing ppm_lock (git-fixes).
- usb: ucsi_acpi: Fix command completion handling (git-fixes).
- usb: xhci-mtk: fix a short packet issue of gen1 isoc-in transfer (git-fixes).
- usr/Kconfig: fix typos of "its" (git-fixes).
- vfs: make freeze_super abort when sync_filesystem returns error (git-fixes).
- vhost: Allow null msg.size on VHOST_IOTLB_INVALIDATE (git-fixes).
- virtio-mmio: fix memory leak of vm_dev (git-fixes).
- virtio_balloon: Fix endless deflation and inflation on arm64 (git-fixes).
- vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895).
- vsock/virtio: Fix unsigned integer wrap around in virtio_transport_has_space() (git-fixes).
- watchdog/hpwdt: Only claim UNKNOWN NMI if from iLO (git-fixes).
- watchdog: bcm2835_wdt: Fix WDIOC_SETTIMEOUT handling (git-fixes).
- watchdog: rti_wdt: Drop runtime pm reference count when watchdog is unused (git-fixes).
- watchdog: set cdev owner before adding (git-fixes).
- wifi: ath11k: Defer on rproc_get failure (git-fixes).
- wifi: cfg80211: lock wiphy mutex for rfkill poll (git-fixes).
- wifi: iwlwifi: mvm: send TX path flush in rfkill (git-fixes).
- wifi: iwlwifi: mvm: set siso/mimo chains to 1 in FW SMPS request (git-fixes).
- wifi: iwlwifi: pcie: avoid a NULL pointer dereference (git-fixes).
- wifi: libertas: stop selecting wext (git-fixes).
- wifi: mt76: fix broken precal loading from MTD for mt7915 (git-fixes).
- wifi: mt76: mt7921s: fix workqueue problem causes STA association fail (git-fixes).
- wifi: mwifiex: configure BSSID consistently when starting AP (git-fixes).
- wifi: rtlwifi: Convert LNKCTL change to PCIe cap RMW accessors (git-fixes).
- wifi: rtlwifi: Remove bogus and dangerous ASPM disable/enable code (git-fixes).
- wifi: rtlwifi: add calculate_bit_shift() (git-fixes).
- wifi: rtlwifi: rtl8188ee: phy: using calculate_bit_shift() (git-fixes).
- wifi: rtlwifi: rtl8192c: using calculate_bit_shift() (git-fixes).
- wifi: rtlwifi: rtl8192ce: using calculate_bit_shift() (git-fixes).
- wifi: rtlwifi: rtl8192cu: using calculate_bit_shift() (git-fixes).
- wifi: rtlwifi: rtl8192de: using calculate_bit_shift() (git-fixes).
- wifi: rtlwifi: rtl8192ee: using calculate_bit_shift() (git-fixes).
- wifi: rtlwifi: rtl8192se: using calculate_bit_shift() (git-fixes).
- wifi: rtlwifi: rtl8821ae: phy: fix an undefined bitwise shift behavior (git-fixes).
- wifi: rtw88: fix RX filter in FIF_ALLMULTI flag (git-fixes).
- x86/MCE/AMD, EDAC/mce_amd: Decode UMC_V2 ECC errors (jsc#PED-7616).
- x86/MCE/AMD: Add new MA_LLC, USR_DP, and USR_CP bank types (jsc#PED-7622).
- x86/MCE/AMD: Split amd_mce_is_memory_error() (jsc#PED-7623).
- x86/amd_nb: Add AMD Family MI300 PCI IDs (jsc#PED-7622).
- x86/amd_nb: Add MI200 PCI IDs (jsc#PED-7616).
- x86/cpu: Merge Intel and AMD ppin_init() functions (jsc#PED-7615).
- x86/cpu: Read/save PPIN MSR during initialization (jsc#PED-7615).
- x86/entry/ia32: Ensure s32 is sign extended to s64 (bsc#1193285).
- x86/hyperv: Fix the detection of E820_TYPE_PRAM in a Gen2 VM (git-fixes).
- x86/hyperv: Use atomic_try_cmpxchg() to micro-optimize hv_nmi_unknown() (git-fixes).
- x86/mce: Cleanup mce_usable_address() (jsc#PED-7623).
- x86/mce: Define amd_mce_usable_address() (jsc#PED-7623).
- xen-pciback: Consider INTx disabled when MSI/MSI-X is enabled (git-fixes).
- xen/events: fix delayed eoi list handling (git-fixes).
- xhci: Add grace period after xHC start to prevent premature runtime suspend (git-fixes).
- xhci: cleanup xhci_hub_control port references (git-fixes).
- xhci: pass port pointer as parameter to xhci_set_port_power() (git-fixes).
- xhci: track port suspend state correctly in unsuccessful resume cases (git-fixes).
kernel-default-5.14.21-150500.55.49.1.nosrc.rpm
True
kernel-default-5.14.21-150500.55.49.1.x86_64.rpm
True
kernel-default-base-5.14.21-150500.55.49.1.150500.6.21.2.src.rpm
True
kernel-default-base-5.14.21-150500.55.49.1.150500.6.21.2.x86_64.rpm
True
kernel-default-5.14.21-150500.55.49.1.s390x.rpm
True
kernel-default-5.14.21-150500.55.49.1.aarch64.rpm
True
kernel-default-base-5.14.21-150500.55.49.1.150500.6.21.2.aarch64.rpm
True
openSUSE-Leap-Micro-5.5-2024-469
Security update for the Linux Kernel
important
SUSE Updates openSUSE-Leap-Micro 5.5
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-1085: Fixed nf_tables use-after-free vulnerability in the nft_setelem_catchall_deactivate() function (bsc#1219429).
- CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables component that could have been exploited to achieve local privilege escalation (bsc#1219434).
- CVE-2023-51042: Fixed use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (bsc#1219128).
- CVE-2023-51780: Fixed a use-after-free in do_vcc_ioctl in net/atm/ioctl.c, because of a vcc_recvmsg race condition (bsc#1218730).
- CVE-2023-46838: Fixed an issue with Xen netback processing of zero-length transmit fragment (bsc#1218836).
- CVE-2021-33631: Fixed an integer overflow in ext4_write_inline_data_end() (bsc#1219412).
- CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988).
- CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989).
- CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987).
- CVE-2023-47233: Fixed a use-after-free in the device unplugging (disconnect the USB by hotplug) code inside the brcm80211 component (bsc#1216702).
- CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalation (bsc#1215275).
- CVE-2023-51043: Fixed use-after-free during a race condition between a nonblocking atomic commit and a driver unload in drivers/gpu/drm/drm_atomic.c (bsc#1219120).
- CVE-2024-0775: Fixed use-after-free in __ext4_remount in fs/ext4/super.c that could allow a local user to cause an information leak problem while freeing the old quota file names before a potential failure (bsc#1219053).
- CVE-2023-6040: Fixed an out-of-bounds access vulnerability while creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function (bsc#1218752).
- CVE-2024-0641: Fixed a denial of service vulnerability in tipc_crypto_key_revoke in net/tipc/crypto.c (bsc#1218916).
- CVE-2024-0565: Fixed an out-of-bounds memory read flaw in receive_encrypted_standard in fs/smb/client/smb2ops.c (bsc#1218832).
- CVE-2023-6915: Fixed a NULL pointer dereference problem in ida_free in lib/idr.c (bsc#1218804).
- CVE-2023-51782: Fixed use-after-free in rose_ioctl in net/rose/af_rose.c because of a rose_accept race condition (bsc#1218757).
- CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218447).
The following non-security bugs were fixed:
- Store the old kernel changelog entries in kernel-docs package (bsc#1218713).
- ACPI: LPIT: Avoid u32 multiplication overflow (git-fixes).
- ACPI: LPSS: Fix the fractional clock divider flags (git-fixes).
- ACPI: arm64: export acpi_arch_thermal_cpufreq_pctg() (bsc#1214377)
- ACPI: extlog: Clear Extended Error Log status when RAS_CEC handled the error (git-fixes).
- ACPI: processor: reduce CPUFREQ thermal reduction pctg for Tegra241 (bsc#1214377)
- ACPI: property: Allow _DSD buffer data only for byte accessors (git-fixes).
- ACPI: resource: Add another DMI match for the TongFang GMxXGxx (git-fixes).
- ACPI: thermal: Add Thermal fast Sampling Period (_TFP) support (bsc#1214377)
- ACPI: video: check for error while searching for backlight device parent (git-fixes).
- ALSA: hda/conexant: Fix headset auto detect fail in cx8070 and SN6140 (git-fixes).
- ALSA: hda/cs8409: Suppress vmaster control for Dolphin models (git-fixes).
- ALSA: hda/realtek: Add quirks for ASUS Zenbook 2022 Models (git-fixes).
- ALSA: hda/realtek: Enable headset mic on Lenovo M70 Gen5 (git-fixes).
- ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic boost on HP ZBook (git-fixes).
- ALSA: hda/realtek: Fix mute and mic-mute LEDs for HP Envy X360 13-ay0xxx (git-fixes).
- ALSA: hda/relatek: Enable Mute LED on HP Laptop 15s-fq2xxx (git-fixes).
- ALSA: hda: Refer to correct stream index at loops (git-fixes).
- ALSA: hda: intel-nhlt: Ignore vbps when looking for DMIC 32 bps format (git-fixes).
- ALSA: oxygen: Fix right channel of capture volume mixer (git-fixes).
- ASoC: Intel: Skylake: Fix mem leak in few functions (git-fixes).
- ASoC: Intel: Skylake: mem leak in skl register function (git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Medion Lifetab S10346 (git-fixes).
- ASoC: Intel: glk_rt5682_max98357a: fix board id mismatch (git-fixes).
- ASoC: amd: Add Dell G15 5525 to quirks list (bsc#1219136).
- ASoC: amd: Add check for acp config flags (bsc#1219136).
- ASoC: amd: Add new dmi entries to config entry (bsc#1219136).
- ASoC: amd: Drop da7219_aad_jack_det() usage (bsc#1219136).
- ASoC: amd: Drop empty platform remove function (bsc#1219136).
- ASoC: amd: Update Pink Sardine platform ACP register header (bsc#1219136).
- ASoC: amd: acp-config: Add missing MODULE_DESCRIPTION (git-fixes).
- ASoC: amd: acp-da7219-max98357a: Map missing jack kcontrols (bsc#1219136).
- ASoC: amd: acp-rt5645: Map missing jack kcontrols (bsc#1219136).
- ASoC: amd: acp3x-rt5682-max9836: Configure jack as not detecting Line Out (bsc#1219136).
- ASoC: amd: acp3x-rt5682-max9836: Map missing jack kcontrols (bsc#1219136).
- ASoC: amd: acp: Add TDM slots setting support for ACP I2S controller (bsc#1219136).
- ASoC: amd: acp: Add TDM support for acp i2s stream (bsc#1219136).
- ASoC: amd: acp: Add i2s tdm support in machine driver (bsc#1219136).
- ASoC: amd: acp: Add kcontrols and widgets per-codec in common code (bsc#1219136).
- ASoC: amd: acp: Add missing MODULE_DESCRIPTION in mach-common (git-fixes).
- ASoC: amd: acp: Add new cpu dai's in machine driver (bsc#1219136).
- ASoC: amd: acp: Add setbias level for rt5682s codec in machine driver (bsc#1219136).
- ASoC: amd: acp: Enable i2s tdm support for skyrim platforms (bsc#1219136).
- ASoC: amd: acp: Fix possible UAF in acp_dma_open (bsc#1219136).
- ASoC: amd: acp: Initialize list to store acp_stream during pcm_open (bsc#1219136).
- ASoC: amd: acp: Map missing jack kcontrols (bsc#1219136).
- ASoC: amd: acp: Modify dai_id macros to be more generic (bsc#1219136).
- ASoC: amd: acp: Refactor bit width calculation (bsc#1219136).
- ASoC: amd: acp: Refactor dai format implementation (bsc#1219136).
- ASoC: amd: acp: Refactor i2s clocks programming sequence (bsc#1219136).
- ASoC: amd: acp: add a label to make error path more clean (bsc#1219136).
- ASoC: amd: acp: add acp i2s master clock generation for rembrandt platform (bsc#1219136).
- ASoC: amd: acp: add pm ops support for acp pci driver (bsc#1219136).
- ASoC: amd: acp: add pm ops support for rembrandt platform (bsc#1219136).
- ASoC: amd: acp: clean up some inconsistent indentings (bsc#1219136).
- ASoC: amd: acp: clear pdm dma interrupt mask (bsc#1219136).
- ASoC: amd: acp: delete unnecessary NULL check (bsc#1219136).
- ASoC: amd: acp: export config_acp_dma() and config_pte_for_stream() symbols (bsc#1219136).
- ASoC: amd: acp: fix SND_SOC_AMD_ACP_PCI depdenencies (bsc#1219136).
- ASoC: amd: acp: move pdm macros to common header file (bsc#1219136).
- ASoC: amd: acp: refactor the acp init and de-init sequence (bsc#1219136).
- ASoC: amd: acp: rembrandt: Drop if blocks with always false condition (bsc#1219136).
- ASoC: amd: acp: remove acp poweroff function (bsc#1219136).
- ASoC: amd: acp: remove the redundant acp enable/disable interrupts functions (bsc#1219136).
- ASoC: amd: acp: remove unnecessary NULL checks (bsc#1219136).
- ASoC: amd: acp: store platform device reference created in pci probe call (bsc#1219136).
- ASoC: amd: acp: store the pdm stream channel mask (bsc#1219136).
- ASoC: amd: acp: store xfer_resolution of the stream (bsc#1219136).
- ASoC: amd: acp: switch to use dev_err_probe() (bsc#1219136).
- ASoC: amd: acp: use devm_kcalloc() instead of devm_kzalloc() (bsc#1219136).
- ASoC: amd: acp: use function devm_kcalloc() instead of devm_kzalloc() (bsc#1219136).
- ASoC: amd: add Pink Sardine ACP PCI driver (bsc#1219136).
- ASoC: amd: add Pink Sardine machine driver using dmic (bsc#1219136).
- ASoC: amd: add Pink Sardine platform ACP IP register header (bsc#1219136).
- ASoC: amd: add acp6.2 init/de-init functions (bsc#1219136).
- ASoC: amd: add acp6.2 irq handler (bsc#1219136).
- ASoC: amd: add acp6.2 pci driver pm ops (bsc#1219136).
- ASoC: amd: add acp6.2 pdm driver dma ops (bsc#1219136).
- ASoC: amd: add acp6.2 pdm driver pm ops (bsc#1219136).
- ASoC: amd: add acp6.2 pdm platform driver (bsc#1219136).
- ASoC: amd: add platform devices for acp6.2 pdm driver and dmic driver (bsc#1219136).
- ASoC: amd: create platform device for acp6.2 machine driver (bsc#1219136).
- ASoC: amd: enable Pink Sardine acp6.2 drivers build (bsc#1219136).
- ASoC: amd: enable Pink sardine platform machine driver build (bsc#1219136).
- ASoC: amd: fix ACP version typo mistake (bsc#1219136).
- ASoC: amd: fix spelling mistake: "i.e" -> "i.e." (bsc#1219136).
- ASoC: amd: ps: Add a module parameter to influence pdm_gain (bsc#1219136).
- ASoC: amd: ps: Adjust the gain for PDM DMIC (bsc#1219136).
- ASoC: amd: ps: Fix uninitialized ret in create_acp64_platform_devs() (bsc#1219136).
- ASoC: amd: ps: Move acp63_dev_data strcture from PCI driver (bsc#1219136).
- ASoC: amd: ps: Update copyright notice (bsc#1219136).
- ASoC: amd: ps: add mutex lock for accessing common registers (bsc#1219136).
- ASoC: amd: ps: fix for acp_lock access in pdm driver (bsc#1219136).
- ASoC: amd: ps: implement api to retrieve acp device config (bsc#1219136).
- ASoC: amd: ps: move irq handler registration (bsc#1219136).
- ASoC: amd: ps: refactor acp power on and reset functions (bsc#1219136).
- ASoC: amd: ps: refactor platform device creation logic (bsc#1219136).
- ASoC: amd: ps: remove the register read and write wrappers (bsc#1219136).
- ASoC: amd: ps: remove unused variable (bsc#1219136).
- ASoC: amd: ps: update dev index value in irq handler (bsc#1219136).
- ASoC: amd: ps: update macros with ps platform naming convention (bsc#1219136).
- ASoC: amd: ps: update the acp clock source (bsc#1219136).
- ASoC: amd: ps: use acp_lock to protect common registers in pdm driver (bsc#1219136).
- ASoC: amd: ps: use static function (bsc#1219136).
- ASoC: amd: renoir: Add a module parameter to influence pdm_gain (bsc#1219136).
- ASoC: amd: renoir: Adjust the gain for PDM DMIC (bsc#1219136).
- ASoC: amd: update pm_runtime enable sequence (bsc#1219136).
- ASoC: amd: vangogh: Add check for acp config flags in vangogh platform (bsc#1219136).
- ASoC: amd: vangogh: Make use of DRV_NAME (bsc#1219136).
- ASoC: amd: vangogh: Remove unnecessary init function (bsc#1219136).
- ASoC: amd: vangogh: select CONFIG_SND_AMD_ACP_CONFIG (bsc#1219136).
- ASoC: amd: yc: Add ASUS M3402RA into DMI table (bsc#1219136).
- ASoC: amd: yc: Add ASUS M5402RA into DMI table (bsc#1219136).
- ASoC: amd: yc: Add Alienware m17 R5 AMD into DMI table (bsc#1219136).
- ASoC: amd: yc: Add Asus VivoBook Pro 14 OLED M6400RC to the quirks list for acp6x (bsc#1219136).
- ASoC: amd: yc: Add DMI entries to support HP OMEN 16-n0xxx (8A42) (bsc#1219136).
- ASoC: amd: yc: Add DMI entries to support HP OMEN 16-n0xxx (8A43) (bsc#1219136).
- ASoC: amd: yc: Add DMI entries to support Victus by HP Gaming Laptop 15-fb0xxx (8A3E) (bsc#1219136).
- ASoC: amd: yc: Add DMI entries to support Victus by HP Laptop 16-e1xxx (8A22) (bsc#1219136).
- ASoC: amd: yc: Add DMI entry to support System76 Pangolin 12 (bsc#1219136).
- ASoC: amd: yc: Add DMI entry to support System76 Pangolin 13 (bsc#1219136).
- ASoC: amd: yc: Add DMI support for new acer/emdoor platforms (bsc#1219136).
- ASoC: amd: yc: Add HP 255 G10 into quirk table (bsc#1219136).
- ASoC: amd: yc: Add Lenovo Thinkbook 14+ 2022 21D0 to quirks table (bsc#1219136).
- ASoC: amd: yc: Add MECHREVO Jiaolong Series MRID6 into DMI table (bsc#1219136).
- ASoC: amd: yc: Add Razer Blade 14 2022 into DMI table (bsc#1219136).
- ASoC: amd: yc: Add ThinkBook 14 G5+ ARP to quirks list for acp6x (bsc#1219136).
- ASoC: amd: yc: Add Thinkpad Neo14 to quirks list for acp6x (bsc#1219136).
- ASoC: amd: yc: Add VivoBook Pro 15 to quirks list for acp6x (bsc#1219136).
- ASoC: amd: yc: Add Xiaomi Redmi Book Pro 14 2022 into DMI table (bsc#1219136).
- ASoC: amd: yc: Add Xiaomi Redmi Book Pro 15 2022 into DMI table (bsc#1219136).
- ASoC: amd: yc: Add a module parameter to influence pdm_gain (bsc#1219136).
- ASoC: amd: yc: Adding Lenovo ThinkBook 14 Gen 4+ ARA and Lenovo ThinkBook 16 Gen 4+ ARA to the Quirks List (bsc#1219136).
- ASoC: amd: yc: Adjust the gain for PDM DMIC (bsc#1219136).
- ASoC: amd: yc: Fix a non-functional mic on Lenovo 82TL (bsc#1219136).
- ASoC: amd: yc: Fix non-functional mic on ASUS E1504FA (bsc#1219136).
- ASoC: amd: yp: Add OMEN by HP Gaming Laptop 16z-n000 to quirks (bsc#1219136).
- ASoC: codecs: lpass-wsa-macro: fix compander volume hack (git-fixes).
- ASoC: codecs: wcd938x: fix headphones volume controls (git-fixes).
- ASoC: codecs: wcd938x: handle deferred probe (git-fixes).
- ASoC: cs35l33: Fix GPIO name and drop legacy include (git-fixes).
- ASoC: cs43130: Fix incorrect frame delay configuration (git-fixes).
- ASoC: cs43130: Fix the position of const qualifier (git-fixes).
- ASoC: da7219: Support low DC impedance headset (git-fixes).
- ASoC: nau8822: Fix incorrect type in assignment and cast to restricted __be16 (git-fixes).
- ASoC: ops: add correct range check for limiting volume (git-fixes).
- ASoC: rt5645: Drop double EF20 entry from dmi_platform_data[] (git-fixes).
- ASoC: rt5650: add mutex to avoid the jack detection failure (git-fixes).
- ASoC: sun4i-spdif: Fix requirements for H6 (git-fixes).
- ASoC: wm8974: Correct boost mixer inputs (git-fixes).
- Add DMI ID for MSI Bravo 15 B7ED (bsc#1219136).
- Bluetooth: Fix atomicity violation in {min,max}_key_size_set (git-fixes).
- Bluetooth: btmtkuart: fix recv_buf() return value (git-fixes).
- Documentation: Begin a RAS section (jsc#PED-7622).
- EDAC/amd64: Add context struct (jsc#PED-7615).
- EDAC/amd64: Add get_err_info() to pvt->ops (jsc#PED-7615).
- EDAC/amd64: Add support for AMD heterogeneous Family 19h Model 30h-3Fh (jsc#PED-7616).
- EDAC/amd64: Add support for ECC on family 19h model 60h-7Fh (jsc#PED-7615).
- EDAC/amd64: Add support for family 0x19, models 0x90-9f devices (jsc#PED-7622).
- EDAC/amd64: Allow for DF Indirect Broadcast reads (jsc#PED-7615).
- EDAC/amd64: Cache and use GPU node map (jsc#PED-7616).
- EDAC/amd64: Do not discover ECC symbol size for Family 17h and later (jsc#PED-7615).
- EDAC/amd64: Do not set up EDAC PCI control on Family 17h+ (jsc#PED-7615).
- EDAC/amd64: Document heterogeneous system enumeration (jsc#PED-7616).
- EDAC/amd64: Drop dbam_to_cs() for Family 17h and later (jsc#PED-7615).
- EDAC/amd64: Fix indentation in umc_determine_edac_cap() (jsc#PED-7615).
- EDAC/amd64: Merge struct amd64_family_type into struct amd64_pvt (jsc#PED-7615).
- EDAC/amd64: Remove PCI Function 0 (jsc#PED-7615).
- EDAC/amd64: Remove PCI Function 6 (jsc#PED-7615).
- EDAC/amd64: Remove early_channel_count() (jsc#PED-7615).
- EDAC/amd64: Remove module version string (jsc#PED-7615).
- EDAC/amd64: Remove scrub rate control for Family 17h and later (jsc#PED-7615).
- EDAC/amd64: Rename debug_display_dimm_sizes() (jsc#PED-7615).
- EDAC/amd64: Rename f17h_determine_edac_ctl_cap() (jsc#PED-7615).
- EDAC/amd64: Rework hw_info_{get,put} (jsc#PED-7615).
- EDAC/amd64: Shut up an -Werror,-Wsometimes-uninitialized clang false positive (jsc#PED-7615).
- EDAC/amd64: Split determine_edac_cap() into dct/umc functions (jsc#PED-7615).
- EDAC/amd64: Split determine_memory_type() into dct/umc functions (jsc#PED-7615).
- EDAC/amd64: Split dump_misc_regs() into dct/umc functions (jsc#PED-7615).
- EDAC/amd64: Split ecc_enabled() into dct/umc functions (jsc#PED-7615).
- EDAC/amd64: Split get_csrow_nr_pages() into dct/umc functions (jsc#PED-7615).
- EDAC/amd64: Split init_csrows() into dct/umc functions (jsc#PED-7615).
- EDAC/amd64: Split prep_chip_selects() into dct/umc functions (jsc#PED-7615).
- EDAC/amd64: Split read_base_mask() into dct/umc functions (jsc#PED-7615).
- EDAC/amd64: Split read_mc_regs() into dct/umc functions (jsc#PED-7615).
- EDAC/amd64: Split setup_mci_misc_attrs() into dct/umc functions (jsc#PED-7615).
- EDAC/mc: Add new HBM2 memory type (jsc#PED-7616).
- EDAC/mc: Add support for HBM3 memory type (jsc#PED-7622).
- EDAC/mce_amd: Remove SMCA Extended Error code descriptions (jsc#PED-7622).
- EDAC/thunderx: Fix possible out-of-bounds string access (git-fixes).
- Fix crash in vmw_context_cotables_unref when 3d support is enabled (bsc#1218738)
- HID: i2c-hid-of: fix NULL-deref on failed power up (git-fixes).
- HID: wacom: Correct behavior when processing some confidence == false touches (git-fixes).
- IB/iser: Prevent invalidating wrong MR (git-fixes)
- Input: atkbd - do not skip atkbd_deactivate() when skipping ATKBD_CMD_GETID (git-fixes).
- Input: atkbd - skip ATKBD_CMD_GETID in translated mode (git-fixes).
- Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID (git-fixes).
- Input: atkbd - use ab83 as id when skipping the getid command (git-fixes).
- Input: bcm5974 - check endpoint type before starting traffic (git-fixes).
- Input: i8042 - add nomux quirk for Acer P459-G2-M (git-fixes).
- Input: xpad - add Razer Wolverine V2 support (git-fixes).
- KVM: SVM: Update EFER software model on CR0 trap for SEV-ES (git-fixes).
- KVM: s390: vsie: Fix STFLE interpretive execution identification (git-fixes bsc#1218997).
- KVM: x86: Mask LVTPC when handling a PMI (jsc#PED-7322).
- Limit kernel-source build to architectures for which the kernel binary is built (bsc#1108281).
- PCI/AER: Configure ECRC only if AER is native (bsc#1218778)
- PCI/P2PDMA: Remove reference to pci_p2pdma_map_sg() (git-fixes).
- PCI: Add ACS quirk for more Zhaoxin Root Ports (git-fixes).
- PCI: keystone: Fix race condition when initializing PHYs (git-fixes).
- PM: hibernate: Enforce ordering during image compression/decompression (git-fixes).
- RDMA/hns: Fix inappropriate err code for unsupported operations (git-fixes)
- RDMA/hns: Fix unnecessary err return when using invalid congest control algorithm (git-fixes)
- RDMA/hns: Remove unnecessary checks for NULL in mtr_alloc_bufs() (git-fixes)
- RDMA/irdma: Add wait for suspend on SQD (git-fixes)
- RDMA/irdma: Avoid free the non-cqp_request scratch (git-fixes)
- RDMA/irdma: Do not modify to SQD on error (git-fixes)
- RDMA/irdma: Fix UAF in irdma_sc_ccq_get_cqe_info() (git-fixes)
- RDMA/irdma: Refactor error handling in create CQP (git-fixes)
- RDMA/rtrs-clt: Fix the max_send_wr setting (git-fixes)
- RDMA/rtrs-clt: Remove the warnings for req in_use check (git-fixes)
- RDMA/rtrs-clt: Start hb after path_up (git-fixes)
- RDMA/rtrs-srv: Check return values while processing info request (git-fixes)
- RDMA/rtrs-srv: Destroy path files after making sure no IOs in-flight (git-fixes)
- RDMA/rtrs-srv: Do not unconditionally enable irq (git-fixes)
- RDMA/rtrs-srv: Free srv_mr iu only when always_invalidate is true (git-fixes)
- RDMA/usnic: Silence uninitialized symbol smatch warnings (git-fixes)
- USB: xhci: workaround for grace period (git-fixes).
- Update config files: enable ASoC AMD PS drivers (bsc#1219136)
- Update patch reference for ax88179 fix (bsc#1218948)
- acpi: property: Let args be NULL in __acpi_node_get_property_reference (git-fixes).
- aio: fix mremap after fork null-deref (git-fixes).
- apparmor: avoid crash when parsed profile name is empty (git-fixes).
- arm64: Add CNT{P,V}CTSS_EL0 alternatives to cnt{p,v}ct_el0 (jsc#PED-4729)
- arm64: Add a capability for FEAT_ECV (jsc#PED-4729) Use cpu_hwcaps PLACEHOLDER_4 for HAS_ECV.
- arm64: alternative: patch alternatives in the vDSO (jsc#PED-4729)
- arm64: dts: armada-3720-turris-mox: set irq type for RTC (git-fixes)
- arm64: dts: imx8mp: imx8mq: Add parkmode-disable-ss-quirk on DWC3 (git-fixes)
- arm64: dts: imx8mq: drop usb3-resume-missing-cas from usb (git-fixes)
- arm64: dts: ls208xa: use a pseudo-bus to constrain usb dma size (git-fixes)
- arm64: dts: rockchip: Expand reg size of vdec node for RK3399 (git-fixes)
- arm64: mm: Always make sw-dirty PTEs hw-dirty in pte_modify (git-fixes)
- arm64: module: move find_section to header (jsc#PED-4729)
- arm64: vdso: Fix "no previous prototype" warning (jsc#PED-4729)
- arm64: vdso: remove two .altinstructions related symbols (jsc#PED-4729)
- arm64: vdso: use SYS_CNTVCTSS_EL0 for gettimeofday (jsc#PED-4729)
- asix: Add check for usbnet_get_endpoints (git-fixes).
- attr: block mode changes of symlinks (git-fixes).
- badblocks: add helper routines for badblock ranges handling (bsc#1174649).
- badblocks: add more helper structure and routines in badblocks.h (bsc#1174649).
- badblocks: avoid checking invalid range in badblocks_check() (bsc#1174649).
- badblocks: improve badblocks_check() for multiple ranges handling (bsc#1174649).
- badblocks: improve badblocks_clear() for multiple ranges handling (bsc#1174649).
- badblocks: improve badblocks_set() for multiple ranges handling (bsc#1174649).
- badblocks: switch to the improved badblock handling code (bsc#1174649).
- bpf: Limit the number of kprobes when attaching program to multiple kprobes (git-fixes).
- bus: mhi: host: Add alignment check for event ring read pointer (git-fixes).
- bus: mhi: host: Add spinlock to protect WP access when queueing TREs (git-fixes).
- bus: mhi: host: Drop chan lock before queuing buffers (git-fixes).
- ceph: select FS_ENCRYPTION_ALGS if FS_ENCRYPTION (bsc#1219568).
- clk: qcom: gpucc-sm8150: Update the gpu_cc_pll1 config (git-fixes).
- clk: qcom: videocc-sm8150: Add missing PLL config property (git-fixes).
- clk: rockchip: rk3128: Fix HCLK_OTG gate register (git-fixes).
- clk: samsung: Fix kernel-doc comments (git-fixes).
- clk: si5341: fix an error code problem in si5341_output_clk_set_rate (git-fixes).
- clk: zynqmp: Add a check for NULL pointer (git-fixes).
- clk: zynqmp: make bestdiv unsigned (git-fixes).
- clocksource: Skip watchdog check for large watchdog intervals (git-fixes).
- clocksource: disable watchdog checks on TSC when TSC is watchdog (bsc#1215885).
- coresight: etm4x: Add ACPI support in platform driver (bsc#1218779)
- coresight: etm4x: Allocate and device assign 'struct etmv4_drvdata' (bsc#1218779)
- coresight: etm4x: Change etm4_platform_driver driver for MMIO devices (bsc#1218779)
- coresight: etm4x: Drop iomem 'base' argument from etm4_probe() (bsc#1218779)
- coresight: etm4x: Drop pid argument from etm4_probe() (bsc#1218779)
- coresight: etm4x: Ensure valid drvdata and clock before clk_put() (bsc#1218779)
- coresight: platform: acpi: Ignore the absence of graph (bsc#1218779)
- crypto: ccp - fix memleak in ccp_init_dm_workarea (git-fixes).
- crypto: s390/aes - Fix buffer overread in CTR mode (git-fixes).
- crypto: sa2ul - Return crypto_aead_setkey to transfer the error (git-fixes).
- crypto: sahara - do not resize req->src when doing hash operations (git-fixes).
- crypto: sahara - fix ahash reqsize (git-fixes).
- crypto: sahara - fix ahash selftest failure (git-fixes).
- crypto: sahara - fix cbc selftest failure (git-fixes).
- crypto: sahara - fix processing hash requests with req->nbytes < sg->length (git-fixes).
- crypto: sahara - fix processing requests with cryptlen < sg->length (git-fixes).
- crypto: sahara - fix wait_for_completion_timeout() error handling (git-fixes).
- crypto: sahara - handle zero-length aes requests (git-fixes).
- crypto: sahara - improve error handling in sahara_sha_process() (git-fixes).
- crypto: sahara - remove FLAGS_NEW_KEY logic (git-fixes).
- crypto: scomp - fix req->dst buffer overflow (git-fixes).
- dma-debug: fix kernel-doc warnings (git-fixes).
- dmaengine: fix NULL pointer in channel unregistration function (git-fixes).
- dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV (git-fixes).
- dmaengine: fsl-dpaa2-qdma: Fix the size of dma pools (git-fixes).
- dmaengine: idxd: Protect int_handle field in hw descriptor (git-fixes).
- dmaengine: ti: k3-udma: Report short packet errors (git-fixes).
- doc/README.KSYMS: Add to repo.
- drivers/amd/pm: fix a use-after-free in kv_parse_power_table (git-fixes).
- drivers: clk: zynqmp: calculate closest mux rate (git-fixes).
- drivers: clk: zynqmp: update divider round rate logic (git-fixes).
- drm/amd/display: Fix tiled display misalignment (git-fixes).
- drm/amd/display: Port DENTIST hang and TDR fixes to OTG disable W/A (git-fixes).
- drm/amd/display: add nv12 bounding box (git-fixes).
- drm/amd/display: get dprefclk ss info from integration info table (git-fixes).
- drm/amd/display: make flip_timestamp_in_us a 64-bit variable (git-fixes).
- drm/amd/display: pbn_div need be updated for hotplug event (git-fixes).
- drm/amd/display: update dcn315 lpddr pstate latency (git-fixes).
- drm/amd/pm/smu7: fix a memleak in smu7_hwmgr_backend_init (git-fixes).
- drm/amd/pm: fix a double-free in amdgpu_parse_extended_power_table (git-fixes).
- drm/amd/pm: fix a double-free in si_dpm_init (git-fixes).
- drm/amd/powerplay: Fix kzalloc parameter 'ATOM_Tonga_PPM_Table' in 'get_platform_power_management_table()' (git-fixes).
- drm/amdgpu/debugfs: fix error code when smc register accessors are NULL (git-fixes).
- drm/amdgpu/pm: Fix the power source flag error (git-fixes).
- drm/amdgpu: Add NULL checks for function pointers (git-fixes).
- drm/amdgpu: Drop 'fence' check in 'to_amdgpu_amdkfd_fence()' (git-fixes).
- drm/amdgpu: Fix '*fw' from request_firmware() not released in 'amdgpu_ucode_request()' (git-fixes).
- drm/amdgpu: Fix cat debugfs amdgpu_regs_didt causes kernel null pointer (git-fixes).
- drm/amdgpu: Fix ecc irq enable/disable unpaired (git-fixes).
- drm/amdgpu: Fix missing error code in 'gmc_v6/7/8/9_0_hw_init()' (git-fixes).
- drm/amdgpu: Fix with right return code '-EIO' in 'amdgpu_gmc_vram_checking()' (git-fixes).
- drm/amdgpu: Let KFD sync with VM fences (git-fixes).
- drm/amdgpu: Release 'adev->pm.fw' before return in 'amdgpu_device_need_post()' (git-fixes).
- drm/amdgpu: fix ftrace event amdgpu_bo_move always move on same heap (git-fixes).
- drm/amdgpu: skip gpu_info fw loading on navi12 (git-fixes).
- drm/amdkfd: Confirm list is non-empty before utilizing list_first_entry in kfd_topology.c (git-fixes).
- drm/amdkfd: Fix 'node' NULL check in 'svm_range_get_range_boundaries()' (git-fixes).
- drm/amdkfd: Fix iterator used outside loop in 'kfd_add_peer_prop()' (git-fixes).
- drm/amdkfd: Fix lock dependency warning (git-fixes).
- drm/amdkfd: Fix lock dependency warning with srcu (git-fixes).
- drm/amdkfd: Use resource_size() helper function (git-fixes).
- drm/amdkfd: fixes for HMM mem allocation (git-fixes).
- drm/bridge: Fix typo in post_disable() description (git-fixes).
- drm/bridge: anx7625: Ensure bridge is suspended in disable() (git-fixes).
- drm/bridge: cdns-mhdp8546: Fix use of uninitialized variable (git-fixes).
- drm/bridge: nxp-ptn3460: fix i2c_master_send() error checking (git-fixes).
- drm/bridge: nxp-ptn3460: simplify some error checking (git-fixes).
- drm/bridge: parade-ps8640: Ensure bridge is suspended in .post_disable() (git-fixes).
- drm/bridge: parade-ps8640: Make sure we drop the AUX mutex in the error case (git-fixes).
- drm/bridge: parade-ps8640: Wait for HPD when doing an AUX transfer (git-fixes).
- drm/bridge: tc358767: Fix return value on error case (git-fixes).
- drm/bridge: tpd12s015: Drop buggy __exit annotation for remove function (git-fixes).
- drm/crtc: Fix uninit-value bug in drm_mode_setcrtc (git-fixes).
- drm/crtc: fix uninitialized variable use (git-fixes).
- drm/drv: propagate errors from drm_modeset_register_all() (git-fixes).
- drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind time (git-fixes).
- drm/exynos: fix a potential error pointer dereference (git-fixes).
- drm/exynos: fix a wrong error checking (git-fixes).
- drm/exynos: fix accidental on-stack copy of exynos_drm_plane (git-fixes).
- drm/exynos: gsc: minor fix for loop iteration in gsc_runtime_resume (git-fixes).
- drm/framebuffer: Fix use of uninitialized variable (git-fixes).
- drm/mediatek: Return error if MDP RDMA failed to enable the clock (git-fixes).
- drm/msm/dpu: Drop enable and frame_count parameters from dpu_hw_setup_misr() (git-fixes).
- drm/msm/dpu: Ratelimit framedone timeout msgs (git-fixes).
- drm/msm/dpu: Set input_sel bit for INTF (git-fixes).
- drm/msm/dpu: fix writeback programming for YUV cases (git-fixes).
- drm/msm/dpu: rename dpu_encoder_phys_wb_setup_cdp to match its functionality (git-fixes).
- drm/msm/dsi: Enable runtime PM (git-fixes).
- drm/msm/dsi: Use pm_runtime_resume_and_get to prevent refcnt leaks (git-fixes).
- drm/msm/mdp4: flush vblank event on disable (git-fixes).
- drm/nouveau/fence:: fix warning directly dereferencing a rcu pointer (git-fixes).
- drm/panel-edp: Add override_edid_mode quirk for generic edp (git-fixes).
- drm/panel-elida-kd35t133: hold panel in reset for unprepare (git-fixes).
- drm/panel: nt35510: fix typo (git-fixes).
- drm/panfrost: Ignore core_mask for poweroff and disable PWRTRANS irq (git-fixes).
- drm/panfrost: Really power off GPU cores in panfrost_gpu_power_off() (git-fixes).
- drm/radeon/dpm: fix a memleak in sumo_parse_power_table (git-fixes).
- drm/radeon/r100: Fix integer overflow issues in r100_cs_track_check() (git-fixes).
- drm/radeon/r600_cs: Fix possible int overflows in r600_cs_check_reg() (git-fixes).
- drm/radeon/trinity_dpm: fix a memleak in trinity_parse_power_table (git-fixes).
- drm/radeon: check return value of radeon_ring_lock() (git-fixes).
- drm/radeon: check the alloc_workqueue return value in radeon_crtc_init() (git-fixes).
- drm/tidss: Check for K2G in in dispc_softreset() (git-fixes).
- drm/tidss: Fix atomic_flush check (git-fixes).
- drm/tidss: Fix dss reset (git-fixes).
- drm/tidss: Move reset to the end of dispc_init() (git-fixes).
- drm/tidss: Return error value from from softreset (git-fixes).
- drm/tilcdc: Fix irq free on unload (git-fixes).
- drm: Do not unref the same fb many times by mistake due to deadlock handling (git-fixes).
- drm: panel-simple: add missing bus flags for Tianma tm070jvhg[30/33] (git-fixes).
- drm: using mul_u32_u32() requires linux/math64.h (git-fixes).
- dt-bindings: gpio: Remove FSI domain ports on Tegra234 (jsc#PED-6694)
- efi/libstub: Disable PCI DMA before grabbing the EFI memory map (git-fixes).
- eventfd: prevent underflow for eventfd semaphores (git-fixes).
- exfat: fix reporting fs error when reading dir beyond EOF (git-fixes).
- exfat: support handle zero-size directory (git-fixes).
- exfat: use kvmalloc_array/kvfree instead of kmalloc_array/kfree (git-fixes).
- fbdev: Only disable sysfb on the primary device (bsc#1216441)
- fbdev: Only disable sysfb on the primary device (bsc#1216441) Update an existing patch to fix bsc#1216441.
- fbdev: flush deferred IO before closing (git-fixes).
- fbdev: flush deferred work in fb_deferred_io_fsync() (git-fixes).
- fbdev: imxfb: fix left margin setting (git-fixes).
- fbdev: mmp: Fix typo and wording in code comment (git-fixes).
- firewire: core: correct documentation of fw_csr_string() kernel API (git-fixes).
- firewire: ohci: suppress unexpected system reboot in AMD Ryzen machines and ASM108x/VT630x PCIe cards (git-fixes).
- firmware: ti_sci: Fix an off-by-one in ti_sci_debugfs_create() (git-fixes).
- fjes: fix memleaks in fjes_hw_setup (git-fixes).
- fs/mount_setattr: always cleanup mount_kattr (git-fixes).
- fs: Fix error checking for d_hash_and_lookup() (git-fixes).
- fs: Move notify_change permission checks into may_setattr (git-fixes).
- fs: do not audit the capability check in simple_xattr_list() (git-fixes).
- fs: drop peer group ids under namespace lock (git-fixes).
- fs: indicate request originates from old mount API (git-fixes).
- fs: sendfile handles O_NONBLOCK of out_fd (git-fixes).
- fuse: dax: set fc->dax to NULL in fuse_dax_conn_free() (bsc#1218659).
- gfs2: Always check inode size of inline inodes (git-fixes).
- gfs2: Cosmetic gfs2_dinode_{in,out} cleanup (git-fixes).
- gfs2: Disable page faults during lockless buffered reads (git-fixes).
- gfs2: Eliminate ip->i_gh (git-fixes).
- gfs2: Eliminate vestigial HIF_FIRST (git-fixes).
- gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump (git-fixes).
- gfs2: Introduce flag for glock holder auto-demotion (git-fixes).
- gfs2: Move the inode glock locking to gfs2_file_buffered_write (git-fixes).
- gfs2: Remove redundant check from gfs2_glock_dq (git-fixes).
- gfs2: Switch to wait_event in gfs2_logd (git-fixes).
- gfs2: assign rgrp glock before compute_bitstructs (git-fixes).
- gfs2: low-memory forced flush fixes (git-fixes).
- gfs2: release iopen glock early in evict (git-fixes).
- gpio: eic-sprd: Clear interrupt after set the interrupt type (git-fixes).
- gpu/drm/radeon: fix two memleaks in radeon_vm_init (git-fixes).
- hv_netvsc: rndis_filter needs to select NLS (git-fixes).
- hwmon: (corsair-psu) Fix probe when built-in (git-fixes).
- hwrng: core - Fix page fault dead lock on mmap-ed hwrng (git-fixes).
- i2c: rk3x: fix potential spinlock recursion on poll (git-fixes).
- i2c: s3c24xx: fix read transfers in polling mode (git-fixes).
- i2c: s3c24xx: fix transferring more than one message in polling mode (git-fixes).
- iio: adc: ad7091r: Pass iio_dev to event handler (git-fixes).
- iio: adc: ad9467: add mutex to struct ad9467_state (git-fixes).
- iio: adc: ad9467: do not ignore error codes (git-fixes).
- iio: adc: ad9467: fix reset gpio handling (git-fixes).
- ipmi: Use regspacings passed as a module parameter (git-fixes).
- kabi, vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895).
- kabi/severities: ignore ASoC AMD acp driver symbols (bsc#1219136)
- kabi/severities: ignore _rtl92c_phy_calculate_bit_shift symbol It's an internal function that shouldn't have been exported
- kdb: Fix a potential buffer overflow in kdb_local() (git-fixes).
- kernel-doc: handle a void function without producing a warning (git-fixes).
- kernel-source: Fix description typo
- kernfs: fix missing kernfs_idr_lock to remove an ID from the IDR (git-fixes).
- leds: aw2013: Select missing dependency REGMAP_I2C (git-fixes).
- leds: ledtrig-tty: Free allocated ttyname buffer on deactivate (git-fixes).
- libapi: Add missing linux/types.h header to get the __u64 type on io.h (git-fixes).
- md: fix bi_status reporting in md_end_clone_io (bsc#1210443).
- media: cx231xx: fix a memleak in cx231xx_init_isoc (git-fixes).
- media: dt-bindings: ov8856: decouple lanes and link frequency from driver (git-fixes).
- media: dvb-frontends: m88ds3103: Fix a memory leak in an error handling path of m88ds3103_probe() (git-fixes).
- media: imx355: Enable runtime PM before registering async sub-device (git-fixes).
- media: ov9734: Enable runtime PM before registering async sub-device (git-fixes).
- media: pvrusb2: fix use after free on context disconnection (git-fixes).
- media: rkisp1: Disable runtime PM in probe error path (git-fixes).
- media: rkisp1: Fix media device memory leak (git-fixes).
- media: rkisp1: Read the ID register at probe time instead of streamon (git-fixes).
- media: videobuf2-dma-sg: fix vmap callback (git-fixes).
- mfd: intel-lpss: Fix the fractional clock divider flags (git-fixes).
- misc: fastrpc: Mark all sessions as invalid in cb_remove (git-fixes).
- mkspec: Include constraints for both multibuild and plain package always There is no need to check for multibuild flag, the constraints can be always generated for both cases.
- mkspec: Use variant in constraints template Constraints are not applied consistently with kernel package variants. Add variant to the constraints template as appropriate, and expand it in mkspec.
- mm: fs: initialize fsdata passed to write_begin/write_end interface (git-fixes).
- mmc: core: Cancel delayed work before releasing host (git-fixes).
- modpost: move __attribute__((format(printf, 2, 3))) to modpost.h (git-fixes).
- mtd: Fix gluebi NULL pointer dereference caused by ftl notifier (git-fixes).
- mtd: rawnand: Increment IFC_TIMEOUT_MSECS for nand controller response (git-fixes).
- mtd: rawnand: pl353: Fix kernel doc (git-fixes).
- mtd: rawnand: rockchip: Add missing title to a kernel doc comment (git-fixes).
- mtd: rawnand: rockchip: Rename a structure (git-fixes).
- net: phy: micrel: populate .soft_reset for KSZ9131 (git-fixes).
- net: usb: ax88179_178a: Bind only to vendor-specific interface (bsc#1218948).
- net: usb: ax88179_178a: avoid two consecutive device resets (bsc#1218948).
- net: usb: ax88179_178a: move priv to driver_priv (git-fixes).
- net: usb: ax88179_178a: remove redundant init code (git-fixes).
- net: usb: ax88179_178a: restore state on resume (bsc#1218948).
- nfc: nci: free rx_data_reassembly skb on NCI device cleanup (git-fixes).
- nfsd4: add refcount for nfsd4_blocked_lock (bsc#1218968 bsc#1219349).
- nfsd: fix RELEASE_LOCKOWNER (bsc#1218968).
- nouveau/tu102: flush all pdbs on vmm flush (git-fixes).
- nouveau/vmm: do not set addr on the fail path to avoid warning (git-fixes).
- nsfs: add compat ioctl handler (git-fixes).
- nvme-loop: always quiesce and cancel commands before destroying admin q (bsc#1211515).
- nvme-pci: add BOGUS_NID for Intel 0a54 device (git-fixes).
- nvme-pci: fix sleeping function called from interrupt context (git-fixes).
- nvme-rdma: Fix transfer length when write_generate/read_verify are 0 (git-fixes).
- nvme-tcp: avoid open-coding nvme_tcp_teardown_admin_queue() (bsc#1211515).
- nvme: fix max_discard_sectors calculation (git-fixes).
- nvme: introduce helper function to get ctrl state (git-fixes).
- nvme: move nvme_stop_keep_alive() back to original position (bsc#1211515).
- nvme: start keep-alive after admin queue setup (bsc#1211515).
- nvme: trace: avoid memcpy overflow warning (git-fixes).
- nvmet: re-fix tracing strncpy() warning (git-fixes).
- of: Fix double free in of_parse_phandle_with_args_map (git-fixes).
- of: unittest: Fix of_count_phandle_with_args() expected value message (git-fixes).
- parport: parport_serial: Add Brainboxes BAR details (git-fixes).
- parport: parport_serial: Add Brainboxes device IDs and geometry (git-fixes).
- perf/x86/intel/uncore: Factor out topology_gidnid_map() (bsc#1218958).
- perf/x86/intel/uncore: Fix NULL pointer dereference issue in upi_fill_topology() (bsc#1218958).
- perf/x86/uncore: Use u64 to replace unsigned for the uncore offsets array (bsc#1219512).
- phy: renesas: rcar-gen3-usb2: Fix returning wrong error code (git-fixes).
- phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP (git-fixes).
- pinctrl: intel: Revert "Unexport intel_pinctrl_probe()" (git-fixes).
- platform/x86/amd/hsmp: Fix iomem handling (jsc#PED-7620).
- platform/x86/amd/hsmp: add support for metrics tbl (jsc#PED-7620).
- platform/x86/amd/hsmp: create plat specific struct (jsc#PED-7620).
- platform/x86/amd/hsmp: improve the error log (jsc#PED-7620).
- platform/x86: ISST: Reduce noise for missing numa information in logs (bsc#1219285).
- platform/x86: use PLATFORM_DEVID_NONE instead of -1 (jsc#PED-7620).
- power: supply: bq256xx: fix some problem in bq256xx_hw_init (git-fixes).
- power: supply: cw2015: correct time_to_empty units in sysfs (git-fixes).
- powerpc/fadump: reset dump area size if fadump memory reserve fails (bsc#1194869).
- powerpc/powernv: Add a null pointer check in opal_event_init() (bsc#1065729).
- powerpc/powernv: Add a null pointer check in opal_powercap_init() (bsc#1181674 ltc#189159 git-fixes).
- powerpc/powernv: Add a null pointer check to scom_debug_init_one() (bsc#1194869).
- powerpc/pseries/iommu: enable_ddw incorrectly returns direct mapping for SR-IOV device (bsc#1212091 ltc#199106 git-fixes).
- powerpc/pseries/memhp: Fix access beyond end of drmem array (bsc#1065729).
- powerpc/pseries: fix possible memory leak in ibmebus_bus_init() (bsc#1194869).
- powerpc/pseries: fix potential memory leak in init_cpu_associativity() (bsc#1194869).
- powerpc/xive: Fix endian conversion size (bsc#1194869).
- pstore: ram_core: fix possible overflow in persistent_ram_init_ecc() (git-fixes).
- pwm: Fix out-of-bounds access in of_pwm_single_xlate() (git-fixes).
- pwm: jz4740: Do not use dev_err_probe() in .request() (git-fixes).
- pwm: stm32: Fix enable count for clk in .probe() (git-fixes).
- pwm: stm32: Use hweight32 in stm32_pwm_detect_channels (git-fixes).
- pwm: stm32: Use regmap_clear_bits and regmap_set_bits where applicable (git-fixes).
- r8152: add vendor/device ID pair for ASUS USB-C2500 (git-fixes).
- r8152: add vendor/device ID pair for D-Link DUB-E250 (git-fixes).
- reset: hisilicon: hi6220: fix Wvoid-pointer-to-enum-cast warning (git-fixes).
- ring-buffer/Documentation: Add documentation on buffer_percent file (git-fixes).
- ring-buffer: Do not record in NMI if the arch does not support cmpxchg in NMI (git-fixes).
- s390/dasd: fix double module refcount decrement (bsc#1141539).
- s390/pci: fix max size calculation in zpci_memcpy_toio() (git-fixes bsc#1219006).
- s390/vfio-ap: always filter entire AP matrix (git-fixes bsc#1219012).
- s390/vfio-ap: let on_scan_complete() callback filter matrix and update guest's APCB (git-fixes bsc#1219014).
- s390/vfio-ap: loop over the shadow APCB when filtering guest's AP configuration (git-fixes bsc#1219013).
- s390/vfio-ap: unpin pages on gisc registration failure (git-fixes bsc#1218723).
- s390: vfio-ap: tighten the NIB validity check (git-fixes).
- sched/isolation: add cpu_is_isolated() API (bsc#1217895).
- scsi: be2iscsi: Fix a memleak in beiscsi_init_wrb_handle() (git-fixes).
- scsi: bnx2fc: Fix skb double free in bnx2fc_rcv() (git-fixes).
- scsi: core: Always send batch on reset or error handling command (git-fixes).
- scsi: fnic: Return error if vmalloc() failed (git-fixes).
- scsi: hisi_sas: Correct the number of global debugfs registers (git-fixes).
- scsi: hisi_sas: Fix normally completed I/O analysed as failed (git-fixes).
- scsi: hisi_sas: Fix warnings detected by sparse (git-fixes).
- scsi: hisi_sas: Modify v3 HW SATA completion error processing (git-fixes).
- scsi: hisi_sas: Modify v3 HW SSP underflow error processing (git-fixes).
- scsi: hisi_sas: Rename HISI_SAS_{RESET -> RESETTING}_BIT (git-fixes).
- scsi: hisi_sas: Replace with standard error code return value (git-fixes).
- scsi: hisi_sas: Rollback some operations if FLR failed (git-fixes).
- scsi: hisi_sas: Set debugfs_dir pointer to NULL after removing debugfs (git-fixes).
- scsi: ibmvfc: Fix erroneous use of rtas_busy_delay with hcall return code (git-fixes).
- scsi: ibmvfc: Implement channel queue depth and event buffer accounting (bsc#1209834 ltc#202097).
- scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool (bsc#1209834 ltc#202097).
- scsi: iscsi: Rename iscsi_set_param() to iscsi_if_set_param() (git-fixes).
- scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() (git-fixes).
- scsi: lpfc: Change VMID driver load time parameters to read only (bsc#1219582).
- scsi: lpfc: Move determination of vmid_flag after VMID reinitialization completes (bsc#1219582).
- scsi: lpfc: Reinitialize an NPIV's VMID data structures after FDISC (bsc#1219582).
- scsi: lpfc: Update lpfc version to 14.2.0.17 (bsc#1219582).
- scsi: megaraid_sas: Fix deadlock on firmware crashdump (git-fixes).
- scsi: megaraid_sas: Increase register read retry rount from 3 to 30 for selected registers (git-fixes).
- scsi: mpt3sas: Fix an outdated comment (git-fixes).
- scsi: mpt3sas: Fix in error path (git-fixes).
- scsi: mpt3sas: Fix loop logic (bsc#1219067).
- scsi: mpt3sas: Fix loop logic (git-fixes).
- scsi: pm80xx: Avoid leaking tags when processing OPC_INB_SET_CONTROLLER_CONFIG command (git-fixes).
- scsi: pm80xx: Use phy-specific SAS address when sending PHY_START command (git-fixes).
- scsi: qla2xxx: Fix system crash due to bad pointer access (git-fixes).
- selftests/net: fix grep checking for fib_nexthop_multiprefix (git-fixes).
- serial: 8250: omap: Do not skip resource freeing if pm_runtime_resume_and_get() failed (git-fixes).
- serial: core: Fix atomicity violation in uart_tiocmget (git-fixes).
- serial: imx: Correct clock error message in function probe() (git-fixes).
- serial: imx: fix tx statemachine deadlock (git-fixes).
- serial: max310x: fail probe if clock crystal is unstable (git-fixes).
- serial: max310x: improve crystal stable clock detection (git-fixes).
- serial: max310x: set default value when reading clock ready bit (git-fixes).
- serial: sc16is7xx: add check for unsupported SPI modes during probe (git-fixes).
- serial: sc16is7xx: set safe default SPI clock frequency (git-fixes).
- serial: sccnxp: Improve error message if regulator_disable() fails (git-fixes).
- shmem: use ramfs_kill_sb() for kill_sb method of ramfs-based tmpfs (git-fixes).
- software node: Let args be NULL in software_node_get_reference_args (git-fixes).
- spi: spi-zynqmp-gqspi: fix driver kconfig dependencies (git-fixes).
- swiotlb-xen: provide the "max_mapping_size" method (git-fixes).
- swiotlb: fix a braino in the alignment check fix (bsc#1216559).
- swiotlb: fix slot alignment checks (bsc#1216559).
- trace,smp: Add tracepoints around remotelly called functions (bsc#1217895).
- tracefs: Add missing lockdown check to tracefs_create_dir() (git-fixes).
- tracing/trigger: Fix to return error if failed to alloc snapshot (git-fixes).
- tracing: Add size check when printing trace_marker output (git-fixes).
- tracing: Ensure visibility when inserting an element into tracing_map (git-fixes).
- tracing: Fix uaf issue when open the hist or hist_debug file (git-fixes).
- tracing: Have large events show up as '[LINE TOO BIG]' instead of nothing (git-fixes).
- ubifs: Check @c->dirty_[n|p]n_cnt and @c->nroot state under @c->lp_mutex (git-fixes).
- ubifs: ubifs_link: Fix wrong name len calculating when UBIFS is encrypted (git-fixes).
- ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path (git-fixes).
- uio: Fix use-after-free in uio_open (git-fixes).
- usb: cdns3: Fix uvc fail when DMA cross 4k boundery since sg enabled (git-fixes).
- usb: cdns3: fix uvc failure work since sg support enabled (git-fixes).
- usb: chipidea: wait controller resume finished for wakeup irq (git-fixes).
- usb: dwc: ep0: Update request status in dwc3_ep0_stall_restart (git-fixes).
- usb: fsl-mph-dr-of: mark fsl_usb2_mpc5121_init() static (git-fixes).
- usb: host: xhci-plat: Add support for XHCI_SG_TRB_CACHE_SIZE_QUIRK (git-fixes).
- usb: mon: Fix atomicity violation in mon_bin_vma_fault (git-fixes).
- usb: otg numberpad exception (bsc#1218527).
- usb: phy: mxs: remove CONFIG_USB_OTG condition for mxs_phy_is_otg_host() (git-fixes).
- usb: typec: class: fix typec_altmode_put_partner to put plugs (git-fixes).
- usb: ucsi: Add missing ppm_lock (git-fixes).
- usb: ucsi_acpi: Fix command completion handling (git-fixes).
- usb: xhci-mtk: fix a short packet issue of gen1 isoc-in transfer (git-fixes).
- usr/Kconfig: fix typos of "its" (git-fixes).
- vfs: make freeze_super abort when sync_filesystem returns error (git-fixes).
- vhost: Allow null msg.size on VHOST_IOTLB_INVALIDATE (git-fixes).
- virtio-mmio: fix memory leak of vm_dev (git-fixes).
- virtio_balloon: Fix endless deflation and inflation on arm64 (git-fixes).
- vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895).
- vsock/virtio: Fix unsigned integer wrap around in virtio_transport_has_space() (git-fixes).
- watchdog/hpwdt: Only claim UNKNOWN NMI if from iLO (git-fixes).
- watchdog: bcm2835_wdt: Fix WDIOC_SETTIMEOUT handling (git-fixes).
- watchdog: rti_wdt: Drop runtime pm reference count when watchdog is unused (git-fixes).
- watchdog: set cdev owner before adding (git-fixes).
- wifi: ath11k: Defer on rproc_get failure (git-fixes).
- wifi: cfg80211: lock wiphy mutex for rfkill poll (git-fixes).
- wifi: iwlwifi: mvm: send TX path flush in rfkill (git-fixes).
- wifi: iwlwifi: mvm: set siso/mimo chains to 1 in FW SMPS request (git-fixes).
- wifi: iwlwifi: pcie: avoid a NULL pointer dereference (git-fixes).
- wifi: libertas: stop selecting wext (git-fixes).
- wifi: mt76: fix broken precal loading from MTD for mt7915 (git-fixes).
- wifi: mt76: mt7921s: fix workqueue problem causes STA association fail (git-fixes).
- wifi: mwifiex: configure BSSID consistently when starting AP (git-fixes).
- wifi: rtlwifi: Convert LNKCTL change to PCIe cap RMW accessors (git-fixes).
- wifi: rtlwifi: Remove bogus and dangerous ASPM disable/enable code (git-fixes).
- wifi: rtlwifi: add calculate_bit_shift() (git-fixes).
- wifi: rtlwifi: rtl8188ee: phy: using calculate_bit_shift() (git-fixes).
- wifi: rtlwifi: rtl8192c: using calculate_bit_shift() (git-fixes).
- wifi: rtlwifi: rtl8192ce: using calculate_bit_shift() (git-fixes).
- wifi: rtlwifi: rtl8192cu: using calculate_bit_shift() (git-fixes).
- wifi: rtlwifi: rtl8192de: using calculate_bit_shift() (git-fixes).
- wifi: rtlwifi: rtl8192ee: using calculate_bit_shift() (git-fixes).
- wifi: rtlwifi: rtl8192se: using calculate_bit_shift() (git-fixes).
- wifi: rtlwifi: rtl8821ae: phy: fix an undefined bitwise shift behavior (git-fixes).
- wifi: rtw88: fix RX filter in FIF_ALLMULTI flag (git-fixes).
- x86/MCE/AMD, EDAC/mce_amd: Decode UMC_V2 ECC errors (jsc#PED-7616).
- x86/MCE/AMD: Add new MA_LLC, USR_DP, and USR_CP bank types (jsc#PED-7622).
- x86/MCE/AMD: Split amd_mce_is_memory_error() (jsc#PED-7623).
- x86/amd_nb: Add AMD Family MI300 PCI IDs (jsc#PED-7622).
- x86/amd_nb: Add MI200 PCI IDs (jsc#PED-7616).
- x86/cpu: Merge Intel and AMD ppin_init() functions (jsc#PED-7615).
- x86/cpu: Read/save PPIN MSR during initialization (jsc#PED-7615).
- x86/entry/ia32: Ensure s32 is sign extended to s64 (bsc#1193285).
- x86/hyperv: Fix the detection of E820_TYPE_PRAM in a Gen2 VM (git-fixes).
- x86/hyperv: Use atomic_try_cmpxchg() to micro-optimize hv_nmi_unknown() (git-fixes).
- x86/mce: Cleanup mce_usable_address() (jsc#PED-7623).
- x86/mce: Define amd_mce_usable_address() (jsc#PED-7623).
- xen-pciback: Consider INTx disabled when MSI/MSI-X is enabled (git-fixes).
- xen/events: fix delayed eoi list handling (git-fixes).
- xhci: Add grace period after xHC start to prevent premature runtime suspend (git-fixes).
- xhci: cleanup xhci_hub_control port references (git-fixes).
- xhci: pass port pointer as parameter to xhci_set_port_power() (git-fixes).
- xhci: track port suspend state correctly in unsuccessful resume cases (git-fixes).
kernel-rt-5.14.21-150500.13.35.1.nosrc.rpm
True
kernel-rt-5.14.21-150500.13.35.1.x86_64.rpm
True
openSUSE-Leap-Micro-5.5-2024-1623
Recommended update for libcontainers-common
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for libcontainers-common fixes the following issues:
New release 20240206:
- bump bundled c/common to 0.57.4
- bump bundled c/image to 0.29.2
- conditionally require libcontainers-sles-mounds for product(SLE-Micro) as well
(SLE Micro 6.0 now no longer provides product(SUSE_SLE) and instead only
provides product(SLE-Micro)), fixes bsc#1216443
New release 20231204:
- bump c/common to 0.57.0
* Fix specification of unix:///run
* libimage/layer_tree: if parent is empty and a manifest list then ignore check.
* Split up util package into pkg/password, pkg/copy, pkg/version
* Remove ActiveDestination method to move into podman
* Default machine CPUs to Cores/2
* pkg/config: do NOT set StaticDir and VolumeDir
* Implement negated label match function
* chore: import packages only once
- bump c/storage to 1.51.0
* overlay, composefs: mount loop device RO
* Run codespell on code
* store: serialize container deletion
* pkg/system: reduce retry timeout for EnsureRemoveAll
* overlay, composefs: use data-only lower layers
* store: call RecordWrite() before graphDriver Cleanup()
- bump c/image to 5.29.0
* Use constants and types from opencontainers/image-spec/specs-go/v1
* progress: set Current before Refill
* copy: fix nil pointer dereference when checking compression algorithm
* ociarchive: Add new ArchiveFileNotFoundError
New release 20230913:
- bump c/image to 5.28.0
* Adding IO decorator to copy progress bar
* Ensure we close HTTP connections on all paths
* manifest: ListUpdate add imgspecv1.Platform field
* pkg/docker: use the same default auth path as macOS on FreeBSD
* blob: TryReusingBlobWithOptions consider RequiredCompression if set
* Fix tests of the ostree transport
* helpers_test,cleanup: correct argument order
* Make temporary names container/image specific
* listupdate,oci: instance show read-only annotations and CompressionAlgorithmNames
* Fix TestOCI1IndexChooseInstanc
* Refactor data passing in c/image/copy
* Update module github.com/sigstore/fulcio to v1.4.0
* copy/multiple: instanceCopyCopy honor UpdateCompressionAlgorithms
* Update vendor of containers/storage
* copy/single: accept custom *Options and wrap arguments in copySingleImageOptions
* Improve transport documentation
* copy: implement instanceCopyClone for zstd compression
* copy/multiple: priority of instanceCopyCopy must be higher than instanceCopyClone
* Clarify where mirrors are used
* Update x/exp/slices, and some small slice-related cleanups
* Use consistent example domains in #2069
* copy: add support for ForceCompressionFormat
* storage.storageImageDestination.Commit(): leverage image options
* Rename SKOPEO_CI_TAG to SKOPEO_CI_BRANCH
* [CI:DOCS] Add cirrus-cron retry/monitor jobs
* [release-5.27] Fix the branch we use for determining a git-validation starting point
* OCI image-spec / distribution-spec v1.1 updates, first round
* Merge release branch into main
* BREAKING: Update for move of github.com/theupdateframework/go-tuf/encrypted
* Update module github.com/containers/ocicrypt to v1.1.8
* fix removal of temp file in GetBlob on Windows
* Fix build with golangci-lint 1.54.2
* Implement, and default to, a SQLite BlobInfoCache instead of BoltDB
* Update dependencies of docker/docker
* Correctly handle encryption/decryption changes in non-OCI formats
New release 20230814:
- bump c/storage to 1.48.0
* Fix error if continueWrite/continueRead pipe open fails
* pkg/regexp: make sure that &Regexp implements the interfaces
* Remove use of fillGo18FileTypeBits
- bump c/image to 5.27.0
* Don't completely silently ignore non-OCI manifests in OCI layouts
- bump c/common to 0.55.3
* Change default image volume mode to "nullfs" on FreeBSD
* [v0.55][CI-DOCS] remove zstd:chunked from docs
* libimage: harden lookup by digest
* libimage: HasDifferentDigest: add InsecureSkipTLSVerify option
- Disable CNI related configs on ALP (bsc#1213556)
(https://github.com/containers/podman/issues/19327)
- Resolve choice on openSUSE distributions for libcontainer-policy
by suggesting the libcontainers-openSUSE-policy explicitly.
- Enforce BCI verification via Podman on openSUSE distributions
using the already shipped container signing keys.
(bsc#1197030)
libcontainers-common-20240206-150500.4.9.2.noarch.rpm
libcontainers-common-20240206-150500.4.9.2.src.rpm
libcontainers-default-policy-20240206-150500.4.9.2.noarch.rpm
libcontainers-openSUSE-policy-20240206-150500.4.9.2.noarch.rpm
libcontainers-sles-mounts-20240206-150500.4.9.2.noarch.rpm
openSUSE-Leap-Micro-5.5-2024-527
Recommended update for conmon
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for conmon fixes the following issues:
- New upstream release 2.1.10
Bug fixes:
* Fix incorrect free in conn_sock
* logging: Respect log-size-max immediately after open
- New upstream release 2.1.9
Bug fixes:
* fix some issues flagged by SAST scan
* src: fix write after end of buffer
* src: open all files with O_CLOEXEC
* oom-score: restore oom score before running exit command
Features:
* Forward more messages on the sd-notify socket
* logging: -l passthrough accepts TTYs
* [bsc#1215806]
Update to version 2.1.8:
* stdio: ignore EIO for terminals (bsc#1217773)
* ensure console socket buffers are properly sized
* conmon: drop return after pexit()
* ctrl: make accept4 failures fatal
* logging: avoid opening /dev/null for each write
* oom: restore old OOM score
* Use default umask 0022
* cli: log parsing errors to stderr
* Changes to build conmon for riscv64
* Changes to build conmon for ppc64le
* Fix close_other_fds on FreeBSD
conmon-2.1.10-150500.9.9.1.src.rpm
conmon-2.1.10-150500.9.9.1.x86_64.rpm
conmon-2.1.10-150500.9.9.1.s390x.rpm
conmon-2.1.10-150500.9.9.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-725
Recommended update for suse-build-key
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for suse-build-key fixes the following issues:
- Switch container key to be default RSA 4096bit. (jsc#PED-2777)
- run import script also in %posttrans section, but only when
libzypp is not active. bsc#1219189 bsc#1219123
suse-build-key-12.0-150000.8.43.1.noarch.rpm
suse-build-key-12.0-150000.8.43.1.src.rpm
openSUSE-Leap-Micro-5.5-2024-558
Security update for libssh2_org
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for libssh2_org fixes the following issues:
- Always add the KEX pseudo-methods "ext-info-c" and "kex-strict-c-v00@openssh.com"
when configuring custom method list. [bsc#1218971, CVE-2023-48795]
* The strict-kex extension is announced in the list of available
KEX methods. However, when the default KEX method list is modified
or replaced, the extension is not added back automatically.
libssh2-1-1.11.0-150000.4.25.1.x86_64.rpm
libssh2_org-1.11.0-150000.4.25.1.src.rpm
libssh2-1-1.11.0-150000.4.25.1.s390x.rpm
libssh2-1-1.11.0-150000.4.25.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-555
Security update for libxml2
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for libxml2 fixes the following issues:
- CVE-2024-25062: Fixed use-after-free in XMLReader (bsc#1219576).
libxml2-2-2.10.3-150500.5.14.1.x86_64.rpm
libxml2-2.10.3-150500.5.14.1.src.rpm
libxml2-python-2.10.3-150500.5.14.1.src.rpm
libxml2-tools-2.10.3-150500.5.14.1.x86_64.rpm
python3-libxml2-2.10.3-150500.5.14.1.x86_64.rpm
libxml2-2-2.10.3-150500.5.14.1.s390x.rpm
libxml2-tools-2.10.3-150500.5.14.1.s390x.rpm
python3-libxml2-2.10.3-150500.5.14.1.s390x.rpm
libxml2-2-2.10.3-150500.5.14.1.aarch64.rpm
libxml2-tools-2.10.3-150500.5.14.1.aarch64.rpm
python3-libxml2-2.10.3-150500.5.14.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-929
Recommended update for coreutils
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for coreutils fixes the following issues:
- tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321)
coreutils-8.32-150400.9.3.1.src.rpm
coreutils-8.32-150400.9.3.1.x86_64.rpm
coreutils-8.32-150400.9.3.1.s390x.rpm
coreutils-8.32-150400.9.3.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-573
Security update for abseil-cpp, grpc, opencensus-proto, protobuf, python-abseil, python-grpcio, re2
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for abseil-cpp, grpc, opencensus-proto, protobuf, python-abseil, python-grpcio, re2 fixes the following issues:
abseil-cpp was updated to:
Update to 20230802.1:
* Add StdcppWaiter to the end of the list of waiter implementations
Update to 20230802.0
What's New:
* Added the nullability library for designating the expected
nullability of pointers. Currently these serve as annotations
only, but it is expected that compilers will one day be able
to use these annotations for diagnostic purposes.
* Added the prefetch library as a portable layer for moving data
into caches before it is read.
* Abseil's hash tables now detect many more programming errors
in debug and sanitizer builds.
* Abseil's synchronization objects now differentiate absolute
waits (when passed an absl::Time) from relative waits (when
passed an absl::Duration) when the underlying platform supports
differentiating these cases. This only makes a difference when
system clocks are adjusted.
* Abseil's flag parsing library includes additional methods that
make it easier to use when another library also expects to be
able to parse flags.
* absl::string_view is now available as a smaller target,
@com_google_absl//absl/strings:string_view, so that users may
use this library without depending on the much larger
@com_google_absl//absl/strings target.
Update to 20230125.3
Details can be found on:
https://github.com/abseil/abseil-cpp/releases/tag/20230125.3
Update to 20230125.2
What's New:
The Abseil logging library has been released. This library
provides facilities for writing short text messages about the
status of a program to stderr, disk files, or other sinks
(via an extension API). See the logging library documentation
for more information.
An extension point, AbslStringify(), allows user-defined types
to seamlessly work with Abseil's string formatting functions
like absl::StrCat() and absl::StrFormat().
A library for computing CRC32C checksums has been added.
Floating-point parsing now uses the Eisel-Lemire algorithm,
which provides a significant speed improvement.
The flags library now provides suggestions for the closest
flag(s) in the case of misspelled flags.
Using CMake to install Abseil now makes the installed artifacts
(in particular absl/base/options.h) reflect the compiled ABI.
Breaking Changes:
Abseil now requires at least C++14 and follows Google's Foundational
C++ Support Policy. See this table for a list of currently supported
versions compilers, platforms, and build tools.
The legacy spellings of the thread annotation macros/functions
(e.g. GUARDED_BY()) have been removed by default in favor of the
ABSL_ prefixed versions (e.g. ABSL_GUARDED_BY()) due to clashes with
other libraries. The compatibility macro ABSL_LEGACY_THREAD_ANNOTATIONS
can be defined on the compile command-line to temporarily restore these
spellings, but this compatibility macro will be removed in the future.
Known Issues
The Abseil logging library in this release is not a feature-complete
replacement for glog yet. VLOG and DFATAL are examples of features
that have not yet been released.
Update to version 20220623.0
What's New:
* Added absl::AnyInvocable, a move-only function type.
* Added absl::CordBuffer, a type for buffering data for eventual inclusion an
absl::Cord, which is useful for writing zero-copy code.
* Added support for command-line flags of type absl::optional<T>.
Breaking Changes:
* CMake builds now use the flag ABSL_BUILD_TESTING (default: OFF) to control
whether or not unit tests are built.
* The ABSL_DEPRECATED macro now works with the GCC compiler. GCC users that
are experiencing new warnings can use -Wno-deprecated-declatations silence
the warnings or use -Wno-error=deprecated-declarations to see warnings but
not fail the build.
* ABSL_CONST_INIT uses the C++20 keyword constinit when available. Some
compilers are more strict about where this keyword must appear compared to
the pre-C++20 implementation.
* Bazel builds now depend on the bazelbuild/bazel-skylib repository.
See Abseil's WORKSPACE file for an example of how to add this dependency.
Other:
* This will be the last release to support C++11. Future releases will require at least C++14.
grpc was updated to 1.60:
Update to release 1.60
* Implemented dualstack IPv4 and IPv6 backend support, as per
draft gRFC A61. xDS support currently guarded by
GRPC_EXPERIMENTAL_XDS_DUALSTACK_ENDPOINTS env var.
* Support for setting proxy for addresses.
* Add v1 reflection.
update to 1.59.3:
* Security - Revocation: Crl backport to 1.59. (#34926)
Update to release 1.59.2
* Fixes for CVE-2023-44487
Update to version 1.59.1:
* C++: Fix MakeCordFromSlice memory bug (gh#grpc/grpc#34552).
Update to version 1.59.0:
* xds ssa: Remove environment variable protection for stateful
affinity (gh#grpc/grpc#34435).
* c-ares: fix spin loop bug when c-ares gives up on a socket
that still has data left in its read buffer
(gh#grpc/grpc#34185).
* Deps: Adding upb as a submodule (gh#grpc/grpc#34199).
* EventEngine: Update Cancel contract on closure deletion
timeline (gh#grpc/grpc#34167).
* csharp codegen: Handle empty base_namespace option value to
fix gh#grpc/grpc#34113 (gh#grpc/grpc#34137).
* Ruby:
- replace strdup with gpr_strdup (gh#grpc/grpc#34177).
- drop ruby 2.6 support (gh#grpc/grpc#34198).
Update to release 1.58.1
* Reintroduced c-ares 1.14 or later support
Update to release 1.58
* ruby extension: remove unnecessary background thread startup
wait logic that interferes with forking
Update to release 1.57 (CVE-2023-4785, bsc#1215334, CVE-2023-33953, bsc#1214148)
* EventEngine: Change GetDNSResolver to return
absl::StatusOr<std::unique_ptr<DNSResolver>>.
* Improve server handling of file descriptor exhaustion.
* Add a channel argument to set DSCP on streams.
Update to release 1.56.2
* Improve server handling of file descriptor exhaustion
Update to release 1.56.0 (CVE-2023-32731, bsc#1212180)
* core: Add support for vsock transport.
* EventEngine: Change TXT lookup result type to
std::vector<std::string>.
* C++/Authz: support customizable audit functionality for
authorization policy.
Update to release 1.54.1
* Bring declarations and definitions to be in sync
Update to release 1.54 (CVE-2023-32732, bsc#1212182)
* XDS: enable XDS federation by default
* TlsCreds: Support revocation of intermediate in chain
Update to release 1.51.1
* Only a macOS/aarch64-related change
Update to release 1.51
* c-ares DNS resolver: fix logical race between resolution
timeout/cancellation and fd readability.
* Remove support for pthread TLS
Update to release 1.50.0
* Core
- Derive EventEngine from std::enable_shared_from_this. (#31060)
- Revert "Revert "[chttp2] fix stream leak with queued flow control
update and absence of writes (#30907)" (#30991)". (#30992)
- [chttp2] fix stream leak with queued flow control update and absence of writes. (#30907)
- Remove gpr_codegen. (#30899)
- client_channel: allow LB policy to communicate update errors to resolver. (#30809)
- FaultInjection: Fix random number generation. (#30623)
* C++
- OpenCensus Plugin: Add measure and views for started RPCs. (#31034)
* C#
- Grpc.Tools: Parse warnings from libprotobuf (fix #27502). (#30371)
- Grpc.Tools add support for env variable GRPC_PROTOC_PLUGIN (fix #27099). (#30411)
- Grpc.Tools document AdditionalImportDirs. (#30405)
- Fix OutputOptions and GrpcOutputOptions (issue #25950). (#30410)
Update to release 1.49.1
* All
- Update protobuf to v21.6 on 1.49.x. (#31028)
* Ruby
- Backport "Fix ruby windows ucrt build #31051" to 1.49.x. (#31053)
Update to release 1.49.0
* Core
- Backport: "stabilize the C2P resolver URI scheme" to v1.49.x. (#30654)
- Bump core version. (#30588)
- Update OpenCensus to HEAD. (#30567)
- Update protobuf submodule to 3.21.5. (#30548)
- Update third_party/protobuf to 3.21.4. (#30377)
- [core] Remove GRPC_INITIAL_METADATA_CORKED flag. (#30443)
- HTTP2: Fix keepalive time throttling. (#30164)
- Use AnyInvocable in EventEngine APIs. (#30220)
* Python
- Add type stub generation support to grpcio-tools. (#30498)
Update to release 1.48.1
* Backport EventEngine Forkables
Update to release 1.48.0
* C++14 is now required
* xDS: Workaround to get gRPC clients working with istio
Update to release 1.46.3
* backport: xds: use federation env var to guard new-style
resource name parsing (#29725) #29727
Update to release 1.46
* Added HTTP/1.1 support in httpcli
* HTTP2: Add graceful goaway
Update to release 1.45.2
* Various fixes related to XDS
* HTTP2: Should not run cancelling logic on servers when
receiving GOAWAY
Update to release 1.45.1
* Switched to epoll1 as a default polling engine for Linux
Update to version 1.45.0:
* Core:
- Backport "Include ADS stream error in XDS error updates
(#29014)" to 1.45.x [gh#grpc/grpc#29121].
- Bump core version to 23.0.0 for upcoming release
[gh#grpc/grpc#29026].
- Fix memory leak in HTTP request security handshake
cancellation [gh#grpc/grpc#28971].
- CompositeChannelCredentials: Comparator implementation
[gh#grpc/grpc#28902].
- Delete custom iomgr [gh#grpc/grpc#28816].
- Implement transparent retries [gh#grpc/grpc#28548].
- Uniquify channel args keys [gh#grpc/grpc#28799].
- Set trailing_metadata_available for recv_initial_metadata
ops when generating a fake status [gh#grpc/grpc#28827].
- Eliminate gRPC insecure build [gh#grpc/grpc#25586].
- Fix for a racy WorkSerializer shutdown [gh#grpc/grpc#28769].
- InsecureCredentials: singleton object [gh#grpc/grpc#28777].
- Add http cancel api [gh#grpc/grpc#28354].
- Memory leak fix on windows in grpc_tcp_create()
[gh#grpc/grpc#27457].
- xDS: Rbac filter updates [gh#grpc/grpc#28568].
* C++
- Bump the minimum gcc to 5 [gh#grpc/grpc#28786].
- Add experimental API for CRL checking support to gRPC C++
TlsCredentials [gh#grpc/grpc#28407].
Update to release 1.44.0
* Add a trace to list which filters are contained in a
channel stack.
* Remove grpc_httpcli_context.
* xDS: Add support for RBAC HTTP filter.
* API to cancel grpc_resolve_address.
Update to version 1.43.2:
* Fix google-c2p-experimental issue (gh#grpc/grpc#28692).
Changes from version 1.43.0:
* Core:
- Remove redundant work serializer usage in c-ares windows
code (gh#grpc/grpc#28016).
- Support RDS updates on the server (gh#grpc/grpc#27851).
- Use WorkSerializer in XdsClient to propagate updates in a
synchronized manner (gh#grpc/grpc#27975).
- Support Custom Post-handshake Verification in TlsCredentials
(gh#grpc/grpc#25631).
- Reintroduce the EventEngine default factory
(gh#grpc/grpc#27920).
- Assert Android API >= v21 (gh#grpc/grpc#27943).
- Add support for abstract unix domain sockets
(gh#grpc/grpc#27906).
* C++:
- OpenCensus: Move metadata storage to arena
(gh#grpc/grpc#27948).
* [C#] Add nullable type attributes to Grpc.Core.Api
(gh#grpc/grpc#27887).
- Update package name libgrpc++1 to libgrpc++1_43 in keeping with
updated so number.
Update to release 1.41.0
* xDS: Remove environmental variable guard for security.
* xDS Security: Use new way to fetch certificate provider
plugin instance config.
* xDS server serving status: Use a struct to allow more fields
to be added in the future.
Update to release 1.39.1
* Fix C# protoc plugin argument parsing on 1.39.x
Update to version 1.39.0:
* Core
- Initialize tcp_posix for CFStream when needed
(gh#grpc/grpc#26530).
- Update boringssl submodule (gh#grpc/grpc#26520).
- Fix backup poller races (gh#grpc/grpc#26446).
- Use default port 443 in HTTP CONNECT request
(gh#grpc/grpc#26331).
* C++
- New iomgr implementation backed by the EventEngine API
(gh#grpc/grpc#26026).
- async_unary_call: add a Destroy method, called by
std::default_delete (gh#grpc/grpc#26389).
- De-experimentalize C++ callback API (gh#grpc/grpc#25728).
* PHP: stop reading composer.json file just to read the version
string (gh#grpc/grpc#26156).
* Ruby: Set XDS user agent in ruby via macros
(gh#grpc/grpc#26268).
Update to release 1.38.0
* Invalidate ExecCtx now before computing timeouts in all
repeating timer events using a WorkSerializer or combiner.
* Fix use-after-unref bug in fault_injection_filter
* New gRPC EventEngine Interface
* Allow the AWS_DEFAULT_REGION environment variable
* s/OnServingStatusChange/OnServingStatusUpdate/
Update to release 1.37.1
* Use URI form of address for channelz listen node
* Implementation CSDS (xDS Config Dump)
* xDS status notifier
* Remove CAS loops in global subchannel pool and simplify
subchannel refcounting
Update to release 1.36.4
* A fix for DNS SRV lookups on Windows
Update to 1.36.1:
* Core:
* Remove unnecessary internal pollset set in c-ares DNS resolver
* Support Default Root Certs in Tls Credentials
* back-port: add env var protection for google-c2p resolver
* C++:
* Move third party identity C++ api out of experimental namespace
* refactor!: change error_details functions to templates
* Support ServerContext for callback API
* PHP:
* support for PSM security
* fixed segfault on reused call object
* fixed phpunit 8 warnings
* Python:
* Implement Python Client and Server xDS Creds
Update to version 1.34.1:
* Backport "Lazily import grpc_tools when using runtime
stub/message generation" to 1.34.x (gh#grpc/grpc#25011).
* Backport "do not use <PublicSign>true</PublicSign> on
non-windows" to 1.34.x (gh#grpc/grpc#24995).
Update to version 1.34.0:
* Core:
- Protect xds security code with the environment variable
"GRPC_XDS_EXPERIMENTAL_SECURITY_SUPPORT"
(gh#grpc/grpc#24782).
- Add support for "unix-abstract:" URIs to support abstract
unix domain sockets (gh#grpc/grpc#24500).
- Increment Index when parsing not plumbed SAN fields
(gh#grpc/grpc#24601).
- Revert "Revert "Deprecate
GRPC_ARG_HTTP2_MIN_SENT_PING_INTERVAL_WITHOUT_DATA_MS""
(gh#grpc/grpc#24518).
- xds: Set status code to INVALID_ARGUMENT when NACKing
(gh#grpc/grpc#24516).
- Include stddef.h in address_sorting.h (gh#grpc/grpc#24514).
- xds: Add support for case_sensitive option in RouteMatch
(gh#grpc/grpc#24381).
* C++:
- Fix --define=grpc_no_xds=true builds (gh#grpc/grpc#24503).
- Experimental support and tests for
CreateCustomInsecureChannelWithInterceptorsFromFd
(gh#grpc/grpc#24362).
Update to release 1.33.2
* Deprecate GRPC_ARG_HTTP2_MIN_SENT_PING_INTERVAL_WITHOUT_DATA_MS.
* Expose Cronet error message to the application layer.
* Remove grpc_channel_ping from surface API.
* Do not send BDP pings if there is no receive side activity.
Update to version 1.33.1
* Core
- Deprecate
GRPC_ARG_HTTP2_MIN_SENT_PING_INTERVAL_WITHOUT_DATA_MS
(gh#grpc/grpc#24063).
- Expose Cronet error message to the application layer
(gh#grpc/grpc#24083).
- Remove grpc_channel_ping from surface API
(gh#grpc/grpc#23894).
- Do not send BDP pings if there is no receive side activity
(gh#grpc/grpc#22997).
* C++
- Makefile: only support building deps from submodule
(gh#grpc/grpc#23957).
- Add new subpackages - libupb and upb-devel. Currently, grpc
sources include also upb sources. Before this change, libupb and
upb-devel used to be included in a separate package - upb.
Update to version 1.32.0:
* Core
- Remove stream from stalled lists on remove_stream
(gh#grpc/grpc#23984).
- Do not cancel RPC if send metadata size if larger than
peer's limit (gh#grpc/grpc#23806).
- Don't consider receiving non-OK status as an error for HTTP2
(gh#grpc/grpc#19545).
- Keepalive throttling (gh#grpc/grpc#23313).
- Include the target_uri in "target uri is not valid" error
messages (gh#grpc/grpc#23782).
- Fix "cannot send compressed message large than 1024B" in
cronet_transport (gh#grpc/grpc#23219).
- Receive SETTINGS frame on clients before declaring
subchannel READY (gh#grpc/grpc#23636).
- Enabled GPR_ABSEIL_SYNC (gh#grpc/grpc#23372).
- Experimental xDS v3 support (gh#grpc/grpc#23281).
* C++
- Upgrade bazel used for all tests to 2.2.0
(gh#grpc/grpc#23902).
- Remove test targets and test helper libraries from Makefile
(gh#grpc/grpc#23813).
- Fix repeated builds broken by re2's cmake
(gh#grpc/grpc#23587).
- Log the peer address of grpc_cli CallMethod RPCs to stderr
(gh#grpc/grpc#23557).
opencensus-proto was updated to 0.3.0+git.20200721:
- Update to version 0.3.0+git.20200721:
* Bump version to 0.3.0
* Generate Go types using protocolbuffers/protobuf-go (#218)
* Load proto_library() rule. (#216)
- Update to version 0.2.1+git.20190826:
* Remove grpc_java dependency and java_proto rules. (#214)
* Add C++ targets, especially for gRPC services. (#212)
* Upgrade bazel and dependencies to latest. (#211)
* Bring back bazel cache to make CI faster. (#210)
* Travis: don't require sudo for bazel installation. (#209)
- Update to version 0.2.1:
* Add grpc-gateway for metrics service. (#205)
* Pin bazel version in travis builds (#207)
* Update gen-go files (#199)
* Add Web JS as a LibraryInfo.Language option (#198)
* Set up Python packaging for PyPI release. (#197)
* Add tracestate to links. (#191)
* Python proto file generator and generated proto files (#196)
* Ruby proto file generator and generated proto files (#192)
* Add py_proto_library() rules for envoy/api. (#194)
* Gradle: Upgrade dependency versions. (#193)
* Update release versions for readme. (#189)
* Start 0.3.0 development cycle
* Update gen-go files. (#187)
* Revert "Start 0.3.0 development cycle (#167)" (#183)
* Revert optimization for metric descriptor and bucket options for now. (#184)
* Constant sampler: add option to always follow the parent's decision. (#182)
* Document that all maximum values must be specified. (#181)
* Fix typo in bucket bounds. (#178)
* Restrict people who can approve reviews. This is to ensure code quality. (#177)
* Use bazel cache to make CI faster. (#176)
* Add grpc generated files to the idea plugin. (#175)
* Add Resource to Span (#174)
* time is required (#170)
* Upgrade protobuf dependency to v3.6.1.3. (#173)
* assume Ok Status when not set (#171)
* Minor comments fixes (#160)
* Start 0.3.0 development cycle (#167)
* Update gen-go files. (#162)
* Update releasing instruction. (#163)
* Fix Travis build. (#165)
* Add OpenApi doc for trace agent grpc-gateway (#157)
* Add command to generate OpenApi/Swagger doc for grpc-gateway (#156)
* Update gen-go files (#155)
* Add trace export grpc-gateway config (#77)
* Fix bazel build after bazel upgrade (#154)
* README: Add gitter, javadoc and godoc badge. (#151)
* Update release versions for README. (#150)
* Start 0.2.0 development cycle
* Add resource and metrics_service proto to mkgogen. Re-generate gen-go files. (#147)
* Add resource to protocol (#137)
* Fix generating the javadoc. (#144)
* Metrics/TimeSeries: start time should not be included while end time should. (#142)
* README: Add instructions on using opencensus_proto with Bazel. (#140)
* agent/README: update package info. (#138)
* Agent: Add metrics service. (#136)
* Tracing: Add default limits to TraceConfig. (#133)
* Remove a stale TODO. (#134)
* README: Add a note about go_proto_library rules. (#135)
* add golang bazel build support (#132)
* Remove exporter protos from mkgogen. (#128)
* Update README and RELEASING. (#130)
* Change histogram buckets definition to be OpenMetrics compatible. (#121)
* Remove exporter/v1 protos. (#124)
* Clean up the README for Agent proto. (#126)
* Change Quantiles to ValuesAtPercentile. (#122)
* Extend the TraceService service to support export/config for multiple Applications. (#119)
* Add specifications on Agent implementation details. (#112)
* Update gitignore (#118)
* Remove maven support. Not used. (#116)
* Add gauge distribution. (#117)
* Add support for Summary type and value. (#110)
* Add Maven status and instructions on adding dependencies. (#115)
* Bump version to 0.0.3-SNAPSHOT
* Bump version to 0.0.2
* Update gen-go files. (#114)
* Gradle: Add missing source and javadoc rules. (#113)
* Add support for float attributes. (#98)
* Change from mean to sum in distribution. (#109)
* Bump version to v0.0.2-SNAPSHOT
* Bump version to v0.0.1
* Add releasing instructions in RELEASING.md. (#106)
* Add Gradle build rules for generating gRPC service and releasing to Maven. (#102)
* Re-organize proto directory structure. (#103)
* Update gen-go files. (#101)
* Add a note about interceptors of other libraries. (#94)
* agent/common/v1: use exporter_version, core_library_version in LibraryInfo (#100)
* opencensus/proto: add default Agent port to README (#97)
* Update the message names for Config RPC. (#93)
* Add details about agent protocol in the README. (#88)
* Update gen-go files. (#92)
* agent/trace/v1: fix signature for Config and comments too (#91)
* Update gen-go files. (#86)
* Make tracestate a list instead of a map to preserve ordering. (#84)
* Allow MetricDescriptor to be sent only the first time. (#78)
* Update mkgogen.sh. (#85)
* Add agent trace service proto definitions. (#79)
* Update proto and gen-go package names. (#83)
* Add agent/common proto and BUILD. (#81)
* Add trace_config.proto. (#80)
* Build exporters with maven. (#76)
* Make clear that cumulative int/float can go only up. (#75)
* Add tracestate field to the Span proto. (#74)
* gradle wrapper --gradle-version 4.9 (#72)
* Change from multiple types of timeseries to have one. (#71)
* Move exemplars in the Bucket. (#70)
* Update gen-go files. (#69)
* Move metrics in the top level directory. (#68)
* Remove Range from Distribution. No backend supports this. (#67)
* Remove unused MetricSet message. (#66)
* Metrics: Add Exemplar to DistributionValue. (#62)
* Gauge vs Cumulative. (#65)
* Clarifying comment about bucket boundaries. (#64)
* Make MetricDescriptor.Type capture the type of the value as well. (#63)
* Regenerate the Go artifacts (#61)
* Add export service proto (#60)
- Initial version 20180523
protobuf was updated to 25.1:
update to 25.1:
* Raise warnings for deprecated python syntax usages
* Add support for extensions in CRuby, JRuby, and FFI Ruby
* Add support for options in CRuby, JRuby and FFI (#14594)
update to 25.0:
* Implement proto2/proto3 with editions
* Defines Protobuf compiler version strings as macros and
separates out suffix string definition.
* Add utf8_validation feature back to the global feature set.
* Setting up version updater to prepare for poison pills and
embedding version info into C++, Python and Java gencode.
* Merge the protobuf and upb Bazel repos
* Editions: Introduce functionality to protoc for generating
edition feature set defaults.
* Editions: Migrate edition strings to enum in C++ code.
* Create a reflection helper for ExtensionIdentifier.
* Editions: Provide an API for C++ generators to specify their
features.
* Editions: Refactor feature resolution to use an intermediate
message.
* Publish extension declarations with declaration
verifications.
* Editions: Stop propagating partially resolved feature sets to
plugins.
* Editions: Migrate string_field_validation to a C++ feature
* Editions: Include defaults for any features in the generated
pool.
* Protoc: parser rejects explicit use of map_entry option
* Protoc: validate that reserved range start is before end
* Protoc: support identifiers as reserved names in addition to
string literals (only in editions)
* Drop support for Bazel 5.
* Allow code generators to specify whether or not they support
editions.
C++:
* Set `PROTOBUF_EXPORT` on
`InternalOutOfLineDeleteMessageLite()`
* Update stale checked-in files
* Apply PROTOBUF_NOINLINE to declarations of some functions
that want it.
* Implement proto2/proto3 with editions
* Make JSON UTF-8 boundary check inclusive of the largest
possible UTF-8 character.
* Reduce `Map::size_type` to 32-bits. Protobuf containers can't
have more than that
* Defines Protobuf compiler version strings as macros and
separates out suffix string definition.
* Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated
oneof accessors.
* Fix bug in reflection based Swap of map fields.
* Add utf8_validation feature back to the global feature set.
* Setting up version updater to prepare for poison pills and
embedding version info into C++, Python and Java gencode.
* Add prefetching to arena allocations.
* Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated
repeated and map field accessors.
* Editions: Migrate edition strings to enum in C++ code.
* Create a reflection helper for ExtensionIdentifier.
* Editions: Provide an API for C++ generators to specify their
features.
* Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated
string field accessors.
* Editions: Refactor feature resolution to use an intermediate
message.
* Fixes for 32-bit MSVC.
* Publish extension declarations with declaration
verifications.
* Export the constants in protobuf's any.h to support DLL
builds.
* Implement AbslStringify for the Descriptor family of types.
* Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated
message field accessors.
* Editions: Stop propagating partially resolved feature sets to
plugins.
* Editions: Migrate string_field_validation to a C++ feature
* Editions: Include defaults for any features in the generated
pool.
* Introduce C++ feature for UTF8 validation.
* Protoc: validate that reserved range start is before end
* Remove option to disable the table-driven parser in protoc.
* Lock down ctype=CORD in proto file.
* Support split repeated fields.
* In OSS mode omit some extern template specializations.
* Allow code generators to specify whether or not they support
editions.
Java:
* Implement proto2/proto3 with editions
* Remove synthetic oneofs from Java gencode field accessor
tables.
* Timestamps.parse: Add error handling for invalid
hours/minutes in the timezone offset.
* Defines Protobuf compiler version strings as macros and
separates out suffix string definition.
* Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated
oneof accessors.
* Add missing debugging version info to Protobuf Java gencode
when multiple files are generated.
* Fix a bad cast in putBuilderIfAbsent when already present due
to using the result of put() directly (which is null if it
currently has no value)
* Setting up version updater to prepare for poison pills and
embedding version info into C++, Python and Java gencode.
* Fix a NPE in putBuilderIfAbsent due to using the result of
put() directly (which is null if it currently has no value)
* Update Kotlin compiler to escape package names
* Add MapFieldBuilder and change codegen to generate it and the
put{field}BuilderIfAbsent method.
* Introduce recursion limit in Java text format parsing
* Consider the protobuf.Any invalid if typeUrl.split("/")
returns an empty array.
* Mark `FieldDescriptor.hasOptionalKeyword()` as deprecated.
* Fixed Python memory leak in map lookup.
* Loosen upb for json name conflict check in proto2 between
json name and field
* Defines Protobuf compiler version strings as macros and
separates out suffix string definition.
* Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated
oneof accessors.
* Ensure Timestamp.ToDatetime(tz) has correct offset
* Do not check required field for upb python MergeFrom
* Setting up version updater to prepare for poison pills and
embedding version info into C++, Python and Java gencode.
* Merge the protobuf and upb Bazel repos
* Comparing a proto message with an object of unknown returns
NotImplemented
* Emit __slots__ in pyi output as a tuple rather than a list
for --pyi_out.
* Fix a bug that strips options from descriptor.proto in
Python.
* Raise warings for message.UnknownFields() usages and navigate
to the new add
* Add protobuf python keyword support in path for stub
generator.
* Add tuple support to set Struct
* ### Python C-Extension (Default)
* Comparing a proto message with an object of unknown returns
NotImplemented
* Check that ffi-compiler loads before using it to define
tasks.
UPB (Python/PHP/Ruby C-Extension):
* Include .inc files directly instead of through a filegroup
* Loosen upb for json name conflict check in proto2 between
json name and field
* Add utf8_validation feature back to the global feature set.
* Do not check required field for upb python MergeFrom
* Merge the protobuf and upb Bazel repos
* Added malloc_trim() calls to Python allocator so RSS will
decrease when memory is freed
* Upb: fix a Python memory leak in ByteSize()
* Support ASAN detection on clang
* Upb: bugfix for importing a proto3 enum from within a proto2
file
* Expose methods needed by Ruby FFI using UPB_API
* Fix `PyUpb_Message_MergeInternal` segfault
- Build with source and target levels 8
* fixes build with JDK21
- Install the pom file with the new %%mvn_install_pom macro
- Do not install the pom-only artifacts, since the %%mvn_install_pom
macro resolves the variables at the install time
update to 23.4:
* Add dllexport_decl for generated default instance.
* Deps: Update Guava to 32.0.1
update to 23.3:
C++:
* Regenerate stale files
* Use the same ABI for static and shared libraries on non-
Windows platforms
* Add a workaround for GCC constexpr bug
Objective-C:
* Regenerate stale files
UPB (Python/PHP/Ruby C-Extension)
* Fixed a bug in `upb_Map_Delete()` that caused crashes in
map.delete(k) for Ruby when string-keyed maps were in use.
Compiler:
* Add missing header to Objective-c generator
* Add a workaround for GCC constexpr bug
Java:
* Rollback of: Simplify protobuf Java message builder by
removing methods that calls the super class only.
Csharp:
* [C#] Replace regex that validates descriptor names
update to 22.5:
C++:
* Add missing cstdint header
* Fix: missing -DPROTOBUF_USE_DLLS in pkg-config (#12700)
* Avoid using string(JOIN..., which requires cmake 3.12
* Explicitly include GTest package in examples
* Bump Abseil submodule to 20230125.3 (#12660)
update to 22.4:
C++:
* Fix libprotoc: export useful symbols from .so
Python:
* Fix bug in _internal_copy_files where the rule would fail in
downstream repositories.
Other:
* Bump utf8_range to version with working pkg-config (#12584)
* Fix declared dependencies for pkg-config
* Update abseil dependency and reorder dependencies to ensure
we use the version specified in protobuf_deps.
* Turn off clang::musttail on i386
update to v22.3
UPB (Python/PHP/Ruby C-Extension):
* Remove src prefix from proto import
* Fix .gitmodules to use the correct absl branch
* Remove erroneous dependency on googletest
update to 22.2:
Java:
* Add version to intra proto dependencies and add kotlin stdlib
dependency
* Add $ back for osgi header
* Remove $ in pom files
update to 22.1:
* Add visibility of plugin.proto to python directory
* Strip "src" from file name of plugin.proto
* Add OSGi headers to pom files.
* Remove errorprone dependency from kotlin protos.
* Version protoc according to the compiler version number.
- update to 22.0:
* This version includes breaking changes to: Cpp.
Please refer to the migration guide for information:
https://protobuf.dev/support/migration/#compiler-22
* [Cpp] Migrate to Abseil's logging library.
* [Cpp] `proto2::Map::value_type` changes to `std::pair`.
* [Cpp] Mark final ZeroCopyInputStream, ZeroCopyOutputStream,
and DefaultFieldComparator classes.
* [Cpp] Add a dependency on Abseil (#10416)
* [Cpp] Remove all autotools usage (#10132)
* [Cpp] Add C++20 reserved keywords
* [Cpp] Dropped C++11 Support
* [Cpp] Delete Arena::Init
* [Cpp] Replace JSON parser with new implementation
* [Cpp] Make RepeatedField::GetArena non-const in order to
support split RepeatedFields.
* long list of bindings specific fixes see
https://github.com/protocolbuffers/protobuf/releases/tag/v22.0
update to v21.12:
* Python:
* Fix broken enum ranges (#11171)
* Stop requiring extension fields to have a sythetic oneof (#11091)
* Python runtime 4.21.10 not works generated code can not load valid
proto.
update to 21.11:
* Python:
* Add license file to pypi wheels (#10936)
* Fix round-trip bug (#10158)
update to 21.10::
* Java:
* Use bit-field int values in buildPartial to skip work on unset groups of
fields. (#10960)
* Mark nested builder as clean after clear is called (#10984)
update to 21.9:
* Ruby:
* Replace libc strdup usage with internal impl to restore musl compat (#10818)
* Auto capitalize enums name in Ruby (#10454) (#10763)
* Other:
* Fix for grpc.tools #17995 & protobuf #7474 (handle UTF-8 paths in argumentfile) (#10721)
* C++:
* 21.x No longer define no_threadlocal on OpenBSD (#10743)
* Java:
* Mark default instance as immutable first to avoid race during static initialization of default instances (#10771)
* Refactoring java full runtime to reuse sub-message builders and prepare to
migrate parsing logic from parse constructor to builder.
* Move proto wireformat parsing functionality from the private "parsing
constructor" to the Builder class.
* Change the Lite runtime to prefer merging from the wireformat into mutable
messages rather than building up a new immutable object before merging. This
way results in fewer allocations and copy operations.
* Make message-type extensions merge from wire-format instead of building up
instances and merging afterwards. This has much better performance.
* Fix TextFormat parser to build up recurring (but supposedly not repeated)
sub-messages directly from text rather than building a new sub-message and
merging the fully formed message into the existing field.
update to 21.6:
C++:
* Reduce memory consumption of MessageSet parsing
update to 21.5:
PHP:
* Added getContainingOneof and getRealContainingOneof to descriptor.
* fix PHP readonly legacy files for nested messages
Python:
* Fixed comparison of maps in Python.
- update to 21.4:
* Reduce the required alignment of ArenaString from 8 to 4
- update to 21.3:
* C++:
* Add header search paths to Protobuf-C++.podspec (#10024)
* Fixed Visual Studio constinit errors (#10232)
* Fix #9947: make the ABI compatible between debug and non-debug builds (#10271)
* UPB:
* Allow empty package names (fixes behavior regression in 4.21.0)
* Fix a SEGV bug when comparing a non-materialized sub-message (#10208)
* Fix several bugs in descriptor mapping containers (eg. descriptor.services_by_name)
* for x in mapping now yields keys rather than values, to match Python
conventions and the behavior of the old library.
* Lookup operations now correctly reject unhashable types as map keys.
* We implement repr() to use the same format as dict.
* Fix maps to use the ScalarMapContainer class when appropriate
* Fix bug when parsing an unknown value in a proto2 enum extension (protocolbuffers/upb#717)
* PHP:
* Add "readonly" as a keyword for PHP and add previous classnames to descriptor pool (#10041)
* Python:
* Make //:protobuf_python and //:well_known_types_py_pb2 public (#10118)
* Bazel:
* Add back a filegroup for :well_known_protos (#10061)
Update to 21.2:
- C++:
- cmake: Call get_filename_component() with DIRECTORY mode instead of PATH mode (#9614)
- Escape GetObject macro inside protoc-generated code (#9739)
- Update CMake configuration to add a dependency on Abseil (#9793)
- Fix cmake install targets (#9822)
- Use __constinit only in GCC 12.2 and up (#9936)
- Java:
- Update protobuf_version.bzl to separate protoc and per-language java … (#9900)
- Python:
- Increment python major version to 4 in version.json for python upb (#9926)
- The C extension module for Python has been rewritten to use the upb library.
- This is expected to deliver significant performance benefits, especially when
parsing large payloads. There are some minor breaking changes, but these
should not impact most users. For more information see:
https://developers.google.com/protocol-buffers/docs/news/2022-05-06#python-updates
- PHP:
- [PHP] fix PHP build system (#9571)
- Fix building packaged PHP extension (#9727)
- fix: reserve "ReadOnly" keyword for PHP 8.1 and add compatibility (#9633)
- fix: phpdoc syntax for repeatedfield parameters (#9784)
- fix: phpdoc for repeatedfield (#9783)
- Change enum string name for reserved words (#9780)
- chore: [PHP] fix phpdoc for MapField keys (#9536)
- Fixed PHP SEGV by not writing to shared memory for zend_class_entry. (#9996)
- Ruby:
- Allow pre-compiled binaries for ruby 3.1.0 (#9566)
- Implement respond_to? in RubyMessage (#9677)
- [Ruby] Fix RepeatedField#last, #first inconsistencies (#9722)
- Do not use range based UTF-8 validation in truffleruby (#9769)
- Improve range handling logic of RepeatedField (#9799)
- Other:
- Fix invalid dependency manifest when using descriptor_set_out (#9647)
- Remove duplicate java generated code (#9909)
- Update to 3.20.1:
- PHP:
- Fix building packaged PHP extension (#9727)
- Fixed composer.json to only advertise compatibility with
PHP 7.0+. (#9819)
- Ruby:
- Disable the aarch64 build on macOS until it can be fixed. (#9816)
- Other:
- Fix versioning issues in 3.20.0
- Update to 3.20.1:
- Ruby:
- Dropped Ruby 2.3 and 2.4 support for CI and releases.
(#9311)
- Added Ruby 3.1 support for CI and releases (#9566).
- Message.decode/encode: Add recursion_limit option
(#9218/#9486)
- Allocate with xrealloc()/xfree() so message allocation is
visible to the
- Ruby GC. In certain tests this leads to much lower memory
usage due to more
- frequent GC runs (#9586).
- Fix conversion of singleton classes in Ruby (#9342)
- Suppress warning for intentional circular require (#9556)
- JSON will now output shorter strings for double and float
fields when possible
- without losing precision.
- Encoding and decoding of binary format will now work
properly on big-endian
- systems.
- UTF-8 verification was fixed to properly reject surrogate
code points.
- Unknown enums for proto2 protos now properly implement
proto2's behavior of
- putting such values in unknown fields.
- Java:
- Revert "Standardize on Array copyOf" (#9400)
- Resolve more java field accessor name conflicts (#8198)
- Fix parseFrom to only throw InvalidProtocolBufferException
- InvalidProtocolBufferException now allows arbitrary wrapped
Exception types.
- Fix bug in FieldSet.Builder.mergeFrom
- Flush CodedOutputStream also flushes underlying
OutputStream
- When oneof case is the same and the field type is Message,
merge the
- subfield. (previously it was replaced.)’
- Add @CheckReturnValue to some protobuf types
- Report original exceptions when parsing JSON
- Add more info to @deprecated javadoc for set/get/has
methods
- Fix initialization bug in doc comment line numbers
- Fix comments for message set wire format.
- Kotlin:
- Add test scope to kotlin-test for protobuf-kotlin-lite
(#9518)
- Add orNull extensions for optional message fields.
- Add orNull extensions to all proto3 message fields.
- Python:
- Dropped support for Python < 3.7 (#9480)
- Protoc is now able to generate python stubs (.pyi) with
--pyi_out
- Pin multibuild scripts to get manylinux1 wheels back
(#9216)
- Fix type annotations of some Duration and Timestamp
methods.
- Repeated field containers are now generic in field types
and could be used in type annotations.
- Protobuf python generated codes are simplified. Descriptors
and message classes' definitions are now dynamic created in
internal/builder.py.
- Insertion Points for messages classes are discarded.
- has_presence is added for FieldDescriptor in python
- Loosen indexing type requirements to allow valid index()
implementations rather than only PyLongObjects.
- Fix the deepcopy bug caused by not copying
message_listener.
- Added python JSON parse recursion limit (default 100)
- Path info is added for python JSON parse errors
- Pure python repeated scalar fields will not able to pickle.
Convert to list first.
- Timestamp.ToDatetime() now accepts an optional tzinfo
parameter. If specified, the function returns
a timezone-aware datetime in the given time zone. If
omitted or None, the function returns a timezone-naive UTC
datetime (as previously).
- Adds client_streaming and server_streaming fields to
MethodDescriptor.
- Add "ensure_ascii" parameter to json_format.MessageToJson.
This allows smaller JSON serializations with UTF-8 or other
non-ASCII encodings.
- Added experimental support for directly assigning numpy
scalars and array.
- Improve the calculation of public_dependencies in
DescriptorPool.
- [Breaking Change] Disallow setting fields to numpy
singleton arrays or repeated fields to numpy
multi-dimensional arrays. Numpy arrays should be indexed or
flattened explicitly before assignment.
- Compiler:
- Migrate IsDefault(const std::string*) and
UnsafeSetDefault(const std::string*)
- Implement strong qualified tags for TaggedPtr
- Rework allocations to power-of-two byte sizes.
- Migrate IsDefault(const std::string*) and
UnsafeSetDefault(const std::string*)
- Implement strong qualified tags for TaggedPtr
- Make TaggedPtr Set...() calls explicitly spell out the
content type.
- Check for parsing error before verifying UTF8.
- Enforce a maximum message nesting limit of 32 in the
descriptor builder to
- guard against stack overflows
- Fixed bugs in operators for RepeatedPtrIterator
- Assert a maximum map alignment for allocated values
- Fix proto1 group extension protodb parsing error
- Do not log/report the same descriptor symbol multiple
times if it contains
- more than one invalid character.
- Add UnknownFieldSet::SerializeToString and
SerializeToCodedStream.
- Remove explicit default pointers and deprecated API from
protocol compiler
- Arenas:
- Change Repeated*Field to reuse memory when using arenas.
- Implements pbarenaz for profiling proto arenas
- Introduce CreateString() and CreateArenaString() for
cleaner semantics
- Fix unreferenced parameter for MSVC builds
- Add UnsafeSetAllocated to be used for one-of string
fields.
- Make Arena::AllocateAligned() a public function.
- Determine if ArenaDtor related code generation is
necessary in one place.
- Implement on demand register ArenaDtor for
InlinedStringField
- C++:
- Enable testing via CTest (#8737)
- Add option to use external GTest in CMake (#8736)
- CMake: Set correct sonames for libprotobuf-lite.so and
libprotoc.so (#8635) (#9529)
- Add cmake option protobuf_INSTALL to not install files
(#7123)
- CMake: Allow custom plugin options e.g. to generate mocks
(#9105)
- CMake: Use linker version scripts (#9545)
- Manually *struct Cord fields to work better with arenas.
- Manually destruct map fields.
- Generate narrower code
- Fix #9378 by removing
- shadowed cached_size field
- Remove GetPointer() and explicit nullptr defaults.
- Add proto_h flag for speeding up large builds
- Add missing overload for reference wrapped fields.
- Add MergedDescriptorDatabase::FindAllFileNames()
- RepeatedField now defines an iterator type instead of
using a pointer.
- Remove obsolete macros GOOGLE_PROTOBUF_HAS_ONEOF and
GOOGLE_PROTOBUF_HAS_ARENAS.
- PHP:
- Fix: add missing reserved classnames (#9458)
- PHP 8.1 compatibility (#9370)
- C#:
- Fix trim warnings (#9182)
- Fixes NullReferenceException when accessing
FieldDescriptor.IsPacked (#9430)
- Add ToProto() method to all descriptor classes (#9426)
- Add an option to preserve proto names in JsonFormatter
(#6307)
- Objective-C:
- Add prefix_to_proto_package_mappings_path option. (#9498)
- Rename proto_package_to_prefix_mappings_path to
package_to_prefix_mappings_path. (#9552)
- Add a generation option to control use of forward
declarations in headers. (#9568)
- update to 3.19.4:
Python:
* Make libprotobuf symbols local on OSX to fix issue #9395 (#9435)
Ruby:
* Fixed a data loss bug that could occur when the number of optional fields
in a message is an exact multiple of 32
PHP:
* Fixed a data loss bug that could occur when the number of optional fields
in a message is an exact multiple of 32.
- Update to 3.19.3:
C++:
* Make proto2::Message::DiscardUnknownFields() non-virtual
* Separate RepeatedPtrField into its own header file
* For default floating point values of 0, consider all bits significant
* Fix shadowing warnings
* Fix for issue #8484, constant initialization doesn't compile in msvc clang-cl environment
Java:
* Improve performance characteristics of UnknownFieldSet parsing
* For default floating point values of 0, consider all bits significant
* Annotate //java/com/google/protobuf/util/... with nullness annotations
* Use ArrayList copy constructor
Bazel:
* Ensure that release archives contain everything needed for Bazel
* Align dependency handling with Bazel best practices
Javascript:
* Fix ReferenceError: window is not defined when getting the global object
Ruby:
* Fix memory leak in MessageClass.encode
* Override Map.clone to use Map's dup method
* Ruby: build extensions for arm64-darwin
* Add class method Timestamp.from_time to ruby well known types
* Adopt pure ruby DSL implementation for JRuby
* Add size to Map class
* Fix for descriptor_pb.rb: google/protobuf should be required first
Python:
* Proto2 DecodeError now includes message name in error message
* Make MessageToDict convert map keys to strings
* Add python-requires in setup.py
* Add python 3.10
- Update to 3.17.3:
C++
* Introduce FieldAccessListener.
* Stop emitting boilerplate {Copy/Merge}From in each ProtoBuf class
* Provide stable versions of SortAndUnique().
* Make sure to cache proto3 optional message fields when they are cleared.
* Expose UnsafeArena methods to Reflection.
* Use std::string::empty() rather than std::string::size() > 0.
* [Protoc] C++ Resolved an issue where NO_DESTROY and CONSTINIT are in incorrect order (#8296)
* Fix PROTOBUF_CONSTINIT macro redefinition (#8323)
* Delete StringPiecePod (#8353)
* Create a CMake option to control whether or not RTTI is enabled (#8347)
* Make util::Status more similar to absl::Status (#8405)
* The ::pb namespace is no longer exposed due to conflicts.
* Allow MessageDifferencer::TreatAsSet() (and friends) to override previous
calls instead of crashing.
* Reduce the size of generated proto headers for protos with string or
bytes fields.
* Move arena() operation on uncommon path to out-of-line routine
* For iterator-pair function parameter types, take both iterators by value.
* Code-space savings and perhaps some modest performance improvements in
* RepeatedPtrField.
* Eliminate nullptr check from every tag parse.
* Remove unused _$name$cached_byte_size fields.
* Serialize extension ranges together when not broken by a proto field in the
middle.
* Do out-of-line allocation and deallocation of string object in ArenaString.
* Streamline ParseContext::ParseMessage to avoid code bloat and improve
performance.
* New member functions RepeatedField::Assign, RepeatedPtrField::{Add, Assign}.
on an error path.
* util::DefaultFieldComparator will be final in a future version of protobuf.
* Subclasses should inherit from SimpleFieldComparator instead.
Kotlin
* Introduce support for Kotlin protos (#8272)
* Restrict extension setter and getter operators to non-nullable T.
Java
* Fixed parser to check that we are at a proper limit when a sub-message has
finished parsing.
* updating GSON and Guava to more recent versions (#8524)
* Reduce the time spent evaluating isExtensionNumber by storing the extension
ranges in a TreeMap for faster queries. This is particularly relevant for
protos which define a large number of extension ranges, for example when
each tag is defined as an extension.
* Fix java bytecode estimation logic for optional fields.
* Optimize Descriptor.isExtensionNumber.
* deps: update JUnit and Truth (#8319)
* Detect invalid overflow of byteLimit and return InvalidProtocolBufferException as documented.
* Exceptions thrown while reading from an InputStream in parseFrom are now
included as causes.
* Support potentially more efficient proto parsing from RopeByteStrings.
* Clarify runtime of ByteString.Output.toStringBuffer().
* Added UnsafeByteOperations to protobuf-lite (#8426)
Python:
* Add MethodDescriptor.CopyToProto() (#8327)
* Remove unused python_protobuf.{cc,h} (#8513)
* Start publishing python aarch64 manylinux wheels normally (#8530)
* Fix constness issue detected by MSVC standard conforming mode (#8568)
* Make JSON parsing match C++ and Java when multiple fields from the same
oneof are present and all but one is null.
* Fix some constness / char literal issues being found by MSVC standard conforming mode (#8344)
* Switch on "new" buffer API (#8339)
* Enable crosscompiling aarch64 python wheels under dockcross manylinux docker image (#8280)
* Fixed a bug in text format where a trailing colon was printed for repeated field.
* When TextFormat encounters a duplicate message map key, replace the current
one instead of merging.
Ruby:
* Add support for proto3 json_name in compiler and field definitions (#8356)
* Fixed memory leak of Ruby arena objects. (#8461)
* Fix source gem compilation (#8471)
* Fix various exceptions in Ruby on 64-bit Windows (#8563)
* Fix crash when calculating Message hash values on 64-bit Windows (#8565)
General:
* Support M1 (#8557)
Update to 3.15.8:
- Fixed memory leak of Ruby arena objects (#8461)
Update to 3.15.7:
C++:
* Remove the ::pb namespace (alias) (#8423)
Ruby:
* Fix unbounded memory growth for Ruby <2.7 (#8429)
* Fixed message equality in cases where the message type is different (#8434)
update to 3.15.6:
Ruby:
* Fixed bug in string comparison logic (#8386)
* Fixed quadratic memory use in array append (#8379)
* Fixed SEGV when users pass nil messages (#8363)
* Fixed quadratic memory usage when appending to arrays (#8364)
* Ruby <2.7 now uses WeakMap too, which prevents memory leaks. (#8341)
* Fix for FieldDescriptor.get(msg) (#8330)
* Bugfix for Message.[] for repeated or map fields (#8313)
PHP:
* read_property() handler is not supposed to return NULL (#8362)
Protocol Compiler
* Optional fields for proto3 are enabled by default, and no longer require
the --experimental_allow_proto3_optional flag.
C++:
* Do not disable RTTI by default in the CMake build (#8377)
* Create a CMake option to control whether or not RTTI is enabled (#8361)
* Fix PROTOBUF_CONSTINIT macro redefinition (#8323)
* MessageDifferencer: fixed bug when using custom ignore with multiple
unknown fields
* Use init_seg in MSVC to push initialization to an earlier phase.
* Runtime no longer triggers -Wsign-compare warnings.
* Fixed -Wtautological-constant-out-of-range-compare warning.
* DynamicCastToGenerated works for nullptr input for even if RTTI is disabled
* Arena is refactored and optimized.
* Clarified/specified that the exact value of Arena::SpaceAllocated() is an
implementation detail users must not rely on. It should not be used in
unit tests.
* Change the signature of Any::PackFrom() to return false on error.
* Add fast reflection getter API for strings.
* Constant initialize the global message instances
* Avoid potential for missed wakeup in UnknownFieldSet
* Now Proto3 Oneof fields have "has" methods for checking their presence in
C++.
* Bugfix for NVCC
* Return early in _InternalSerialize for empty maps.
* Adding functionality for outputting map key values in proto path logging
output (does not affect comparison logic) and stop printing 'value' in the
path. The modified print functionality is in the
MessageDifferencer::StreamReporter.
* Fixed https://github.com/protocolbuffers/protobuf/issues/8129
* Ensure that null char symbol, package and file names do not result in a
crash.
* Constant initialize the global message instances
* Pretty print 'max' instead of numeric values in reserved ranges.
* Removed remaining instances of std::is_pod, which is deprecated in C++20.
* Changes to reduce code size for unknown field handling by making uncommon
cases out of line.
* Fix std::is_pod deprecated in C++20 (#7180)
* Fix some -Wunused-parameter warnings (#8053)
* Fix detecting file as directory on zOS issue #8051 (#8052)
* Don't include sys/param.h for _BYTE_ORDER (#8106)
* remove CMAKE_THREAD_LIBS_INIT from pkgconfig CFLAGS (#8154)
* Fix TextFormatMapTest.DynamicMessage issue#5136 (#8159)
* Fix for compiler warning issue#8145 (#8160)
* fix: support deprecated enums for GCC < 6 (#8164)
* Fix some warning when compiling with Visual Studio 2019 on x64 target (#8125)
Python:
* Provided an override for the reverse() method that will reverse the internal
collection directly instead of using the other methods of the BaseContainer.
* MessageFactory.CreateProtoype can be overridden to customize class creation.
* Fix PyUnknownFields memory leak (#7928)
* Add macOS big sur compatibility (#8126)
JavaScript
* Generate `getDescriptor` methods with `*` as their `this` type.
* Enforce `let/const` for generated messages.
* js/binary/utils.js: Fix jspb.utils.joinUnsignedDecimalString to work with
negative bitsLow and low but non-zero bitsHigh parameter. (#8170)
PHP:
* Added support for PHP 8. (#8105)
* unregister INI entries and fix invalid read on shutdown (#8042)
* Fix PhpDoc comments for message accessors to include "|null". (#8136)
* fix: convert native PHP floats to single precision (#8187)
* Fixed PHP to support field numbers >=2**28. (#8235)
* feat: add support for deprecated fields to PHP compiler (#8223)
* Protect against stack overflow if the user derives from Message. (#8248)
* Fixed clone for Message, RepeatedField, and MapField. (#8245)
* Updated upb to allow nonzero offset minutes in JSON timestamps. (#8258)
Ruby:
* Added support for Ruby 3. (#8184)
* Rewrote the data storage layer to be based on upb_msg objects from the
upb library. This should lead to much better parsing performance,
particularly for large messages. (#8184).
* Fill out JRuby support (#7923)
* [Ruby] Fix: (SIGSEGV) gRPC-Ruby issue on Windows. memory alloc infinite
recursion/run out of memory (#8195)
* Fix jruby support to handle messages nested more than 1 level deep (#8194)
Java:
* Avoid possible UnsupportedOperationException when using CodedInputSteam
with a direct ByteBuffer.
* Make Durations.comparator() and Timestamps.comparator() Serializable.
* Add more detailed error information for dynamic message field type
validation failure
* Removed declarations of functions declared in java_names.h from
java_helpers.h.
* Now Proto3 Oneof fields have "has" methods for checking their presence in
Java.
* Annotates Java proto generated *_FIELD_NUMBER constants.
* Add -assumevalues to remove JvmMemoryAccessor on Android.
C#:
* Fix parsing negative Int32Value that crosses segment boundary (#8035)
* Change ByteString to use memory and support unsafe create without copy (#7645)
* Optimize MapField serialization by removing MessageAdapter (#8143)
* Allow FileDescriptors to be parsed with extension registries (#8220)
* Optimize writing small strings (#8149)
- Updated URL to https://github.com/protocolbuffers/protobuf
Update to v3.14.0
Protocol Compiler:
* The proto compiler no longer requires a .proto filename when it is not
generating code.
* Added flag `--deterministic_output` to `protoc --encode=...`.
* Fixed deadlock when using google.protobuf.Any embedded in aggregate options.
C++:
* Arenas are now unconditionally enabled. cc_enable_arenas no longer has
any effect.
* Removed inlined string support, which is incompatible with arenas.
* Fix a memory corruption bug in reflection when mixing optional and
non-optional fields.
* Make SpaceUsed() calculation more thorough for map fields.
* Add stack overflow protection for text format with unknown field values.
* FieldPath::FollowAll() now returns a bool to signal if an out-of-bounds
error was encountered.
* Performance improvements for Map.
* Minor formatting fix when dumping a descriptor to .proto format with
DebugString.
* UBSAN fix in RepeatedField
* When running under ASAN, skip a test that makes huge allocations.
* Fixed a crash that could happen when creating more than 256 extensions in
a single message.
* Fix a crash in BuildFile when passing in invalid descriptor proto.
* Parser security fix when operating with CodedInputStream.
* Warn against the use of AllowUnknownExtension.
* Migrated to C++11 for-range loops instead of index-based loops where
possible. This fixes a lot of warnings when compiling with -Wsign-compare.
* Fix segment fault for proto3 optional
* Adds a CMake option to build `libprotoc` separately
Java
* Bugfix in mergeFrom() when a oneof has multiple message fields.
* Fix RopeByteString.RopeInputStream.read() returning -1 when told to read
0 bytes when not at EOF.
* Redefine remove(Object) on primitive repeated field Lists to avoid
autoboxing.
* Support "\u" escapes in textformat string literals.
* Trailing empty spaces are no longer ignored for FieldMask.
* Fix FieldMaskUtil.subtract to recursively remove mask.
* Mark enums with `@java.lang.Deprecated` if the proto enum has option
`deprecated = true;`.
* Adding forgotten duration.proto to the lite library
Python:
* Print google.protobuf.NullValue as null instead of "NULL_VALUE" when it is
used outside WKT Value/Struct.
* Fix bug occurring when attempting to deep copy an enum type in python 3.
* Add a setuptools extension for generating Python protobufs
* Remove uses of pkg_resources in non-namespace packages
* [bazel/py] Omit google/__init__.py from the Protobuf runtime
* Removed the unnecessary setuptools package dependency for Python package
* Fix PyUnknownFields memory leak
PHP:
* Added support for "==" to the PHP C extension
* Added `==` operators for Map and Array
* Native C well-known types
* Optimized away hex2bin() call in generated code
* New version of upb, and a new hash function wyhash in third_party
* add missing hasOneof method to check presence of oneof fields
Go:
* Update go_package options to reference google.golang.org/protobuf module.
C#:
* annotate ByteString.CopyFrom(ReadOnlySpan<byte>) as SecuritySafeCritical
* Fix C# optional field reflection when there are regular fields too
* Fix parsing negative Int32Value that crosses segment boundary
Javascript:
* JS: parse (un)packed fields conditionally
Update to version 3.13.0
PHP:
* The C extension is completely rewritten. The new C extension has significantly
better parsing performance and fixes a handful of conformance issues. It will
also make it easier to add support for more features like proto2 and proto3 presence.
* The new C extension does not support PHP 5.x. PHP 5.x users can still use pure-PHP.
C++:
* Removed deprecated unsafe arena string accessors
* Enabled heterogeneous lookup for std::string keys in maps.
* Removed implicit conversion from StringPiece to std::string
* Fix use-after-destroy bug when the Map is allocated in the arena.
* Improved the randomness of map ordering
* Added stack overflow protection for text format with unknown fields
* Use std::hash for proto maps to help with portability.
* Added more Windows macros to proto whitelist.
* Arena constructors for map entry messages are now marked "explicit"
(for regular messages they were already explicit).
* Fix subtle aliasing bug in RepeatedField::Add
* Fix mismatch between MapEntry ByteSize and Serialize with respect to unset
fields.
Python:
* JSON format conformance fixes:
* Reject lowercase t for Timestamp json format.
* Print full_name directly for extensions (no camelCase).
* Reject boolean values for integer fields.
* Reject NaN, Infinity, -Infinity that is not quoted.
* Base64 fixes for bytes fields: accept URL-safe base64 and missing padding.
* Bugfix for fields/files named "async" or "await".
* Improved the error message when AttributeError is returned from __getattr__
in EnumTypeWrapper.
Java:
* Fixed a bug where setting optional proto3 enums with setFooValue() would
not mark the value as present.
* Add Subtract function to FieldMaskUtil.
C#:
* Dropped support for netstandard1.0 (replaced by support for netstandard1.1).
This was required to modernize the parsing stack to use the `Span<byte>`
type internally
* Add `ParseFrom(ReadOnlySequence<byte>)` method to enable GC friendly
parsing with reduced allocations and buffer copies
* Add support for serialization directly to a `IBufferWriter<byte>` or
to a `Span<byte>` to enable GC friendly serialization.
The new API is available as extension methods on the `IMessage` type
* Add `GOOGLE_PROTOBUF_REFSTRUCT_COMPATIBILITY_MODE` define to make
generated code compatible with old C# compilers (pre-roslyn compilers
from .NET framework and old versions of mono) that do not support
ref structs. Users that are still on a legacy stack that does
not support C# 7.2 compiler might need to use the new define
in their projects to be able to build the newly generated code
* Due to the major overhaul of parsing and serialization internals,
it is recommended to regenerate your generated code to achieve the best
performance (the legacy generated code will still work, but might incur
a slight performance penalty).
Update to version 3.12.3; notable changes since 3.11.4:
Protocol Compiler:
* [experimental] Singular, non-message typed fields in proto3 now support
presence tracking. This is enabled by adding the "optional" field label and
passing the --experimental_allow_proto3_optional flag to protoc.
* For usage info, see docs/field_presence.md.
* During this experimental phase, code generators should update to support
proto3 presence, see docs/implementing_proto3_presence.md for instructions.
* Allow duplicate symbol names when multiple descriptor sets are passed on
the command-line, to match the behavior when multiple .proto files are passed.
* Deterministic `protoc --descriptor_set_out` (#7175)
Objective-C:
* Tweak the union used for Extensions to support old generated code. #7573
* Fix for the :protobuf_objc target in the Bazel BUILD file. (#7538)
* [experimental] ObjC Proto3 optional support (#7421)
* Block subclassing of generated classes (#7124)
* Use references to Obj C classes instead of names in descriptors. (#7026)
* Revisit how the WKTs are bundled with ObjC. (#7173)
C++:
* Simplified the template export macros to fix the build for mingw32. (#7539)
* [experimental] Added proto3 presence support.
* New descriptor APIs to support proto3 presence.
* Enable Arenas by default on all .proto files.
* Documented that users are not allowed to subclass Message or MessageLite.
* Mark generated classes as final; inheriting from protos is strongly discouraged.
* Add stack overflow protection for text format with unknown fields.
* Add accessors for map key and value FieldDescriptors.
* Add FieldMaskUtil::FromFieldNumbers().
* MessageDifferencer: use ParsePartial() on Any fields so the diff does not
fail when there are missing required fields.
* ReflectionOps::Merge(): lookup messages in the right factory, if it can.
* Added Descriptor::WellKnownTypes enum and Descriptor::well_known_type()
accessor as an easier way of determining if a message is a Well-Known Type.
* Optimized RepeatedField::Add() when it is used in a loop.
* Made proto move/swap more efficient.
* De-virtualize the GetArena() method in MessageLite.
* Improves performance of json_stream_parser.cc by factor 1000 (#7230)
* bug: #7076 undefine Windows OUT and OPTIONAL macros (#7087)
* Fixed a bug in FieldDescriptor::DebugString() that would erroneously print
an "optional" label for a field in a oneof.
* Fix bug in parsing bool extensions that assumed they are always 1 byte.
* Fix off-by-one error in FieldOptions::ByteSize() when extensions are present.
* Clarified the comments to show an example of the difference between
Descriptor::extension and DescriptorPool::FindAllExtensions.
* Add a compiler option 'code_size' to force optimize_for=code_size on all
protos where this is possible.
Ruby:
* Re-add binary gems for Ruby 2.3 and 2.4. These are EOL upstream, however
many people still use them and dropping support will require more
coordination.
* [experimental] Implemented proto3 presence for Ruby. (#7406)
* Stop building binary gems for ruby <2.5 (#7453)
* Fix for wrappers with a zero value (#7195)
* Fix for JSON serialization of 0/empty-valued wrapper types (#7198)
* Call "Class#new" over rb_class_new_instance in decoding (#7352)
* Build extensions for Ruby 2.7 (#7027)
* assigning 'nil' to submessage should clear the field. (#7397)
Java:
* [experimental] Added proto3 presence support.
* Mark java enum _VALUE constants as @Deprecated if the enum field is deprecated
* reduce <clinit> size for enums with allow_alias set to true.
* Sort map fields alphabetically by the field's key when printing textproto.
* Fixed a bug in map sorting that appeared in -rc1 and -rc2 (#7508).
* TextFormat.merge() handles Any as top level type.
* Throw a descriptive IllegalArgumentException when calling
getValueDescriptor() on enum special value UNRECOGNIZED instead of
ArrayIndexOutOfBoundsException.
* Fixed an issue with JsonFormat.printer() where setting printingEnumsAsInts()
would override the configuration passed into includingDefaultValueFields().
* Implement overrides of indexOf() and contains() on primitive lists returned
for repeated fields to avoid autoboxing the list contents.
* Add overload to FieldMaskUtil.fromStringList that accepts a descriptor.
* [bazel] Move Java runtime/toolchains into //java (#7190)
Python:
* [experimental] Added proto3 presence support.
* [experimental] fast import protobuf module, only works with cpp generated code linked in.
* Truncate 'float' fields to 4 bytes of precision in setters for pure-Python
implementation (C++ extension was already doing this).
* Fixed a memory leak in C++ bindings.
* Added a deprecation warning when code tries to create Descriptor objects
directly.
* Fix unintended comparison between bytes and string in descriptor.py.
* Avoid printing excess digits for float fields in TextFormat.
* Remove Python 2.5 syntax compatibility from the proto compiler generated _pb2.py module code.
* Drop 3.3, 3.4 and use single version docker images for all python tests (#7396)
JavaScript:
* Fix js message pivot selection (#6813)
PHP:
* Persistent Descriptor Pool (#6899)
* Implement lazy loading of php class for proto messages (#6911)
* Correct @return in Any.unpack docblock (#7089)
* Ignore unknown enum value when ignore_unknown specified (#7455)
C#:
* [experimental] Add support for proto3 presence fields in C# (#7382)
* Mark GetOption API as obsolete and expose the "GetOptions()" method on descriptors instead (#7491)
* Remove Has/Clear members for C# message fields in proto2 (#7429)
* Enforce recursion depth checking for unknown fields (#7132)
* Fix conformance test failures for Google.Protobuf (#6910)
* Cleanup various bits of Google.Protobuf (#6674)
* Fix latest ArgumentException for C# extensions (#6938)
* Remove unnecessary branch from ReadTag (#7289)
Other:
* Add a proto_lang_toolchain for javalite (#6882)
* [bazel] Update gtest and deprecate //external:{gtest,gtest_main} (#7237)
* Add application note for explicit presence tracking. (#7390)
* Howto doc for implementing proto3 presence in a code generator. (#7407)
Update to version 3.11.4; notable changes since 3.9.2:
* C++: Make serialization method naming consistent
* C++: Moved ShutdownProtobufLibrary() to message_lite.h. For
backward compatibility a declaration is still available
in stubs/common.h, but users should prefer message_lite.h
* C++: Removed non-namespace macro EXPECT_OK()
* C++: Removed mathlimits.h from stubs in favor of using
std::numeric_limits from C++11
* C++: Support direct pickling of nested messages
* C++: Disable extension code gen for C#
* C++: Switch the proto parser to the faster MOMI parser
* C++: Unused imports of files defining descriptor extensions
will now be reported
* C++: Add proto2::util::RemoveSubranges to remove multiple
subranges in linear time
* C++: Support 32 bit values for ProtoStreamObjectWriter to Struct
* C++: Removed the internal-only header coded_stream_inl.h and
the internal-only methods defined there
* C++: Enforced no SWIG wrapping of descriptor_database.h
(other headers already had this restriction)
* C++: Implementation of the equivalent of the MOMI parser for
serialization. This removes one of the two serialization
routines, by making the fast array serialization routine
completely general. SerializeToCodedStream can now be
implemented in terms of the much much faster array
serialization. The array serialization regresses slightly,
but when array serialization is not possible this wins big
* C++: Add move constructor for Reflection's SetString
* Java: Remove the usage of MethodHandle, so that Android users
prior to API version 26 can use protobuf-java
* Java: Publish ProGuard config for javalite
* Java: Include unknown fields when merging proto3 messages in
Java lite builders
* Java: Have oneof enums implement a separate interface (other
than EnumLite) for clarity
* Java: Opensource Android Memory Accessors
* Java: Change ProtobufArrayList to use Object[] instead of
ArrayList for 5-10% faster parsing
* Java: Make a copy of JsonFormat.TypeRegistry at the protobuf
top level package. This will eventually replace
JsonFormat.TypeRegistry
* Java: Add Automatic-Module-Name entries to the Manifest
* Python: Add float_precision option in json format printer
* Python: Optionally print bytes fields as messages in unknown
fields, if possible
* Python: Experimental code gen (fast import protobuf module)
which only work with cpp generated code linked in
* Python: Add descriptor methods in descriptor_pool are deprecated
* Python: Added delitem for Python extension dict
* JavaScript: Remove guard for Symbol iterator for jspb.Map
* JavaScript: Remove deprecated boolean option to getResultBase64String()
* JavaScript: Change the parameter types of binaryReaderFn in
ExtensionFieldBinaryInfo to (number, ?, ?)
* JavaScript: Create dates.ts and time_of_days.ts to mirror Java
versions. This is a near-identical conversion of
c.g.type.util.{Dates,TimeOfDays} respectively
* JavaScript: Migrate moneys to TypeScript
* PHP: Increase php7.4 compatibility
* PHP: Implement lazy loading of php class for proto messages
* Ruby: Support hashes for struct initializers
* C#: Experimental proto2 support is now officially available
* C#: Change _Extensions property to normal body rather than expression
* Objective C: Remove OSReadLittle* due to alignment requirements
* Other: Override CocoaPods module to lowercase
* further bugfixes and optimisations
- Install LICENSE
- Drop protobuf-libs as it is just workaround for rpmlint issue
* python bindings now require recent python-google-apputils
* Released memory allocated by InitializeDefaultRepeatedFields()
and GetEmptyString(). Some memory sanitizers reported them
* Updated DynamicMessage.setField() to handle repeated enum
* Fixed a bug that caused NullPointerException to be thrown when
converting manually constructed FileDescriptorProto to
* Added oneofs(unions) feature. Fields in the same oneof will
* Files, services, enums, messages, methods and enum values
* Added Support for list values, including lists of mesaages,
* Added SwapFields() in reflection API to swap a subset of
* Repeated primitive extensions are now packable. The
it is possible to switch a repeated extension field to
* writeTo() method in ByteString can now write a substring to
* java_generate_equals_and_hash can now be used with the
* A new C++-backed extension module (aka "cpp api v2") that
replaces the old ("cpp api v1") one. Much faster than the
pure Python code. This one resolves many bugs and is
mosh reqires it
python-abseil was udpated:
version update to 1.4.0
New:
(testing) Added @flagsaver.as_parsed: this allows saving/restoring flags
using string values as if parsed from the command line and will also reflect
other flag states after command line parsing, e.g. .present is set.
Changed:
(logging) If no log dir is specified logging.find_log_dir() now falls back
to tempfile.gettempdir() instead of /tmp/.
Fixed:
(flags) Additional kwargs (e.g. short_name=) to DEFINE_multi_enum_class
are now correctly passed to the underlying Flag object.
version update to 1.2.0
* Fixed a crash in Python 3.11 when `TempFileCleanup.SUCCESS` is used.
* `Flag` instances now raise an error if used in a bool context. This prevents
the occasional mistake of testing an instance for truthiness rather than
testing `flag.value`.
* `absl-py` no longer depends on `six`.
Update to version 1.0.0
* absl-py no longer supports Python 2.7, 3.4, 3.5. All versions
have reached end-of-life for more than a year now.
* New releases will be tagged as vX.Y.Z instead of pypi-vX.Y.Z in
the git repo going forward.
- Release notes for 0.15.0
* (testing) #128: When running bazel with its --test_filter=
flag, it now treats the filters as unittest's -k flag in Python
3.7+.
- Release notes for 0.14.1
* Top-level LICENSE file is now exported in bazel.
- Release notes for 0.14.0
* #171: Creating argparse_flags.ArgumentParser with
argument_default= no longer raises an exception when other
absl.flags flags are defined.
* #173: absltest now correctly sets up test filtering and fail
fast flags when an explicit argv= parameter is passed to
absltest.main.
- Release notes for 0.13.0
* (app) Type annotations for public app interfaces.
* (testing) Added new decorator @absltest.skipThisClass to
indicate a class contains shared functionality to be used as a
base class for other TestCases, and therefore should be
skipped.
* (app) Annotated the flag_parser paramteter of run as
keyword-only. This keyword-only constraint will be enforced at
runtime in a future release.
* (app, flags) Flag validations now include all errors from
disjoint flag sets, instead of fail fast upon first error from
all validators. Multiple validators on the same flag still
fails fast.
- Release notes for 0.12.0
* (flags) Made EnumClassSerializer and EnumClassListSerializer
public.
* (flags) Added a required: Optional[bool] = False parameter to
DEFINE_* functions.
* (testing) flagsaver overrides can now be specified in terms of
FlagHolder.
* (testing) parameterized.product: Allows testing a method over
cartesian product of parameters values, specified as a
sequences of values for each parameter or as kwargs-like dicts
of parameter values.
* (testing) Added public flag holders for --test_srcdir and
--test_tmpdir. Users should use absltest.TEST_SRCDIR.value and
absltest.TEST_TMPDIR.value instead of FLAGS.test_srcdir and
FLAGS.test_tmpdir.
* (flags) Made CsvListSerializer respect its delimiter argument.
- Add Provides python-absl-py
python-grpcuio was updated:
- Update to version 1.60.0:
* No python specfic changes.
- Update to version 1.59.2:
* No python specific changes.
- Update to version 1.59.0:
* [Python 3.12] Support Python 3.12 (gh#grpc/grpc#34398).
* [Python 3.12] Deprecate distutil (gh#grpc/grpc#34186).
- Update to version 1.58.0:
* [Bazel] Enable grpcio-reflection to be used via Bazel
(gh#grpc/grpc#31013).
* [packaging] Publish xds-protos as part of the standard package
pipeline (gh#grpc/grpc#33797).
- Update to version 1.57.0: (CVE-2023-4785, bsc#1215334, CVE-2023-33953, bsc#1214148)
* [posix] Enable systemd sockets for libsystemd>=233
(gh#grpc/grpc#32671).
* [python O11Y] Initial Implementation (gh#grpc/grpc#32974).
- Build with LTO (don't set _lto_cflags to %nil).
- No need to pass '-std=c++17' to build CFLAGS.
- Update to version 1.56.2:
* [WRR] backport (gh#grpc/grpc#33694) to 1.56
(gh#grpc/grpc#33698)
* [backport][iomgr][EventEngine] Improve server handling of
file descriptor exhaustion (gh#grpc/grpc#33667)
- Switch build to pip/wheel.
- Use system abseil with '-std=c++17' to prevent undefined symbol
eg. with python-grpcio-tools (_ZN3re23RE213GlobalReplaceEPNSt7__
cxx1112basic_stringIcSt11char_traitsIcESaIcEEERKS0_N4absl12lts_
2023012511string_viewE)
- Upstream only supports python >= 3.7, so adjust BuildRequires
accordingly.
- Add %{?sle15_python_module_pythons}
- Update to version 1.56.0: (CVE-2023-32731, bsc#1212180)
* [aio types] Fix some grpc.aio python types
(gh#grpc/grpc#32475).
- Update to version 1.55.0:
* [EventEngine] Disable EventEngine polling in gRPC Python
(gh#grpc/grpc#33279) (gh#grpc/grpc#33320).
* [Bazel Python3.11] Update Bazel dependencies for Python 3.11
(gh#grpc/grpc#33318) (gh#grpc/grpc#33319).
- Drop Requires: python-six; not required any more.
- Switch Suggests to Recommends.
- Update to version 1.54.0: (CVE-2023-32732, bsc#1212182)
* Fix DeprecationWarning when calling asyncio.get_event_loop()
(gh#grpc/grpc#32533).
* Remove references to deprecated syntax field
(gh#grpc/grpc#32497).
- Update to version 1.51.1:
* No Linux specific changes.
- Changes from version 1.51.0:
* Fix lack of cooldown between poll attempts
(gh#grpc/grpc#31550).
* Remove enum and future (gh#grpc/grpc#31381).
* [Remove Six] Remove dependency on six (gh#grpc/grpc#31340).
* Update xds-protos package to pull in protobuf 4.X
(gh#grpc/grpc#31113).
- Update to version 1.50.0:
* Support Python 3.11. [gh#grpc/grpc#30818].
- Update to version 1.49.1
* Support Python 3.11. (#30818)
* Add type stub generation support to grpcio-tools. (#30498)
- Update to version 1.48.0:
* [Aio] Ensure Core channel closes when deallocated
[gh#grpc/grpc#29797].
* [Aio] Fix the wait_for_termination return value
[gh#grpc/grpc#29795].
- update to 1.46.3:
* backport: xds: use federation env var to guard new-style resource name parsing
* This release contains refinements, improvements, and bug fixes.
- Update to version 1.46.0:
* Add Python GCF Distribtest [gh#grpc/grpc#29303].
* Add Python Reflection Client [gh#grpc/grpc#29085].
* Revert "Fix prefork handler register's default behavior"
[gh#grpc/grpc#29229].
* Fix prefork handler register's default behavior
[gh#grpc/grpc#29103].
* Fix fetching CXX variable in setup.py [gh#grpc/grpc#28873].
- Update to version 1.45.0:
* Reimplement Gevent Integration [gh#grpc/grpc#28276].
* Support musllinux binary wheels on x64 and x86
[gh#grpc/grpc#28092].
* Increase the Python protobuf requirement to >=3.12.0
[gh#grpc/grpc#28604].
- Build with system re2; add BuildRequires: pkgconfig(re2).
- Update to version 1.44.0:
* Add python async example for hellostreamingworld using
generator (gh#grpc/grpc#27343).
* Disable __wrap_memcpy hack for Python builds
(gh#grpc/grpc#28410).
* Bump Bazel Python Cython dependency to 0.29.26
(gh#grpc/grpc#28398).
* Fix libatomic linking on Raspberry Pi OS Bullseye
(gh#grpc/grpc#28041).
* Allow generated proto sources in remote repositories for
py_proto_library (gh#grpc/grpc#28103).
- Update to version 1.43.0:
* [Aio] Validate the input type for set_trailing_metadata and
abort (gh#grpc/grpc#27958).
- update to 1.41.1:
* This is release 1.41.0 (goat) of gRPC Core.
- Update to version 1.41.0:
* Add Python 3.10 support and drop 3.5 (gh#grpc/grpc#26074).
* [Aio] Remove custom IO manager support (gh#grpc/grpc#27090).
- Update to version 1.39.0:
* Python AIO: Match continuation typing on Interceptors
(gh#grpc/grpc#26500).
* Workaround #26279 by publishing manylinux_2_24 wheels instead
of manylinux2014 on aarch64 (gh#grpc/grpc#26430).
* Fix zlib unistd.h import problem (gh#grpc/grpc#26374).
* Handle gevent exception in gevent poller (gh#grpc/grpc#26058).
- Update to version 1.38.1:
* Backport gh#grpc/grpc#26430 and gh#grpc/grpc#26435 to v1.38.x
(gh#grpc/grpc#26436).
- Update to version 1.38.0:
* Add grpcio-admin Python package (gh#grpc/grpc#26166).
* Add CSDS API to Python (gh#grpc/grpc#26114).
* Expose code and details from context on the server side
(gh#grpc/grpc#25457).
* Explicitly import importlib.abc; required on Python 3.10.
Fixes #26062 (gh#grpc/grpc#26083).
* Fix potential deadlock on the GIL in AuthMetdataPlugin
(gh#grpc/grpc#26009).
* Introduce new Python package "xds_protos"
(gh#grpc/grpc#25975).
* Remove async mark for set_trailing_metadata interface
(gh#grpc/grpc#25814).
- Update to version 1.37.1:
* No user visible changes.
- Changes from version 1.37.0:
* Clarify Guarantees about grpc.Future Interface
(gh#grpc/grpc#25383).
* [Aio] Add time_remaining method to ServicerContext
(gh#grpc/grpc#25719).
* Standardize all environment variable boolean configuration in
python's setup.py (gh#grpc/grpc#25444).
* Fix Signal Safety Issue (gh#grpc/grpc#25394).
- Update to version 1.36.1:
* Core: back-port: add env var protection for google-c2p
resolver (gh#grpc/grpc#25569).
- Update to version 1.35.0:
* Implement Python Client and Server xDS Creds.
(gh#grpc/grpc#25365)
* Add %define _lto_cflags %{nil} (bsc#1182659) (rh#1893533)
* Link roots.pem to ca-bundle.pem from ca-certificates package
- Update to version 1.34.1:
* Backport "Lazily import grpc_tools when using runtime
stub/message generation" to 1.34.x (gh#grpc/grpc#25011).
- Update to version 1.34.0:
* Incur setuptools as an dependency for grpcio_tools
(gh#grpc/grpc#24752).
* Stop the spamming log generated by ctrl-c for AsyncIO server
(gh#grpc/grpc#24718).
* [gRPC Easy] Make Well-Known Types Available to Runtime Protos
(gh#grpc/grpc#24478).
* Bump MACOSX_DEPLOYMENT_TARGET to 10.10 for Python
(gh#grpc/grpc#24480).
* Make Python 2 an optional dependency for Bazel build
(gh#grpc/grpc#24407).
* [Linux] [macOS] Support pre-compiled Python 3.9 wheels
(gh#grpc/grpc#24356).
- Update to version 1.33.2:
* [Backport] Implement grpc.Future interface in
SingleThreadedRendezvous (gh#grpc/grpc#24574).
- Update to version 1.33.1:
* [Backport] Make Python 2 an optional dependency for Bazel
build (gh#grpc/grpc#24452).
* Allow asyncio API to be imported as grpc.aio.
(gh#grpc/grpc#24289).
* [gRPC Easy] Fix import errors on Windows (gh#grpc/grpc#24124).
* Make version check for importlib.abc in grpcio-tools more
stringent (gh#grpc/grpc#24098).
Added re2 package in version 2024-02-01.
abseil-cpp-20230802.1-150400.10.4.1.src.rpm
libabsl2308_0_0-20230802.1-150400.10.4.1.x86_64.rpm
libprotobuf-lite25_1_0-25.1-150400.9.3.1.x86_64.rpm
protobuf-25.1-150400.9.3.1.src.rpm
libabsl2308_0_0-20230802.1-150400.10.4.1.s390x.rpm
libprotobuf-lite25_1_0-25.1-150400.9.3.1.s390x.rpm
libabsl2308_0_0-20230802.1-150400.10.4.1.ppc64le.rpm
libprotobuf-lite25_1_0-25.1-150400.9.3.1.ppc64le.rpm
libabsl2308_0_0-20230802.1-150400.10.4.1.aarch64.rpm
libprotobuf-lite25_1_0-25.1-150400.9.3.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-844
Recommended update for raspberrypi-firmware-dt
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for raspberrypi-firmware-dt fixes the following issue:
- Extend "ARM: dts: bcm27xx: Use better name for spidev" patch coverage.
Change compatible "spidev" to "rohm,dh2228fv" in overlay files too. (bsc#1219094)
raspberrypi-firmware-dt-2021.11.19-150400.5.6.1.noarch.rpm
raspberrypi-firmware-dt-2021.11.19-150400.5.6.1.src.rpm
openSUSE-Leap-Micro-5.5-2024-904
Recommended update for supportutils
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for supportutils fixes the following issues:
- Update toversion 3.1.29
- Extended scaling for performance (bsc#1214713)
- Fixed kdumptool output error (bsc#1218632)
- Corrected podman ID errors (bsc#1218812)
- Duplicate non root podman entries removed (bsc#1218814)
- Corrected get_sles_ver for SLE Micro (bsc#1219241)
- Check nvidida-persistenced state (bsc#1219639)
supportutils-3.1.29-150300.7.35.27.1.noarch.rpm
supportutils-3.1.29-150300.7.35.27.1.src.rpm
openSUSE-Leap-Micro-5.5-2024-564
Recommended update for suseconnect-ng
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for suseconnect-ng fixes the following issues:
- Allow SUSEConnect on read write transactional systems (bsc#1219425)
suseconnect-ng-1.7.0~git0.5338270-150500.3.15.1.src.rpm
suseconnect-ng-1.7.0~git0.5338270-150500.3.15.1.x86_64.rpm
suseconnect-ng-1.7.0~git0.5338270-150500.3.15.1.s390x.rpm
suseconnect-ng-1.7.0~git0.5338270-150500.3.15.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-614
Recommended update for rpm
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for rpm fixes the following issues:
- backport lua support for rpm.execute to ease migrating from SLE Micro 5.5 to 6.0 (bsc#1216752)
python-rpm-4.14.3-150400.59.7.1.src.rpm
python3-rpm-4.14.3-150400.59.7.1.x86_64.rpm
rpm-4.14.3-150400.59.7.1.src.rpm
rpm-4.14.3-150400.59.7.1.x86_64.rpm
rpm-ndb-4.14.3-150400.59.7.1.src.rpm
rpm-ndb-4.14.3-150400.59.7.1.x86_64.rpm
python3-rpm-4.14.3-150400.59.7.1.s390x.rpm
rpm-4.14.3-150400.59.7.1.s390x.rpm
rpm-ndb-4.14.3-150400.59.7.1.s390x.rpm
python3-rpm-4.14.3-150400.59.7.1.aarch64.rpm
rpm-4.14.3-150400.59.7.1.aarch64.rpm
rpm-ndb-4.14.3-150400.59.7.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-865
Recommended update for yast2
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for yast2 fixes the following issue:
- Allow host/domain names starting with an underscore (bsc#1219920)
yast2-4.5.26-150500.3.3.2.src.rpm
yast2-logs-4.5.26-150500.3.3.2.x86_64.rpm
yast2-logs-4.5.26-150500.3.3.2.s390x.rpm
yast2-logs-4.5.26-150500.3.3.2.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-596
Security update for openssh
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for openssh fixes the following issues:
- CVE-2023-51385: Limit the use of shell metacharacters in host- and
user names to avoid command injection. (bsc#1218215)
openssh-8.4p1-150300.3.30.1.src.rpm
openssh-8.4p1-150300.3.30.1.x86_64.rpm
openssh-clients-8.4p1-150300.3.30.1.x86_64.rpm
openssh-common-8.4p1-150300.3.30.1.x86_64.rpm
openssh-fips-8.4p1-150300.3.30.1.x86_64.rpm
openssh-server-8.4p1-150300.3.30.1.x86_64.rpm
openssh-8.4p1-150300.3.30.1.s390x.rpm
openssh-clients-8.4p1-150300.3.30.1.s390x.rpm
openssh-common-8.4p1-150300.3.30.1.s390x.rpm
openssh-fips-8.4p1-150300.3.30.1.s390x.rpm
openssh-server-8.4p1-150300.3.30.1.s390x.rpm
openssh-8.4p1-150300.3.30.1.aarch64.rpm
openssh-clients-8.4p1-150300.3.30.1.aarch64.rpm
openssh-common-8.4p1-150300.3.30.1.aarch64.rpm
openssh-fips-8.4p1-150300.3.30.1.aarch64.rpm
openssh-server-8.4p1-150300.3.30.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1368
Security update for shim
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for shim fixes the following issues:
- Update shim-install to set the TPM2 SRK algorithm (bsc#1213945)
- Limit the requirement of fde-tpm-helper-macros to the distro with
suse_version 1600 and above (bsc#1219460)
Update to version 15.8:
Security issues fixed:
- mok: fix LogError() invocation (bsc#1215099,CVE-2023-40546)
- avoid incorrectly trusting HTTP headers (bsc#1215098,CVE-2023-40547)
- Fix integer overflow on SBAT section size on 32-bit system (bsc#1215100,CVE-2023-40548)
- Authenticode: verify that the signature header is in bounds (bsc#1215101,CVE-2023-40549)
- pe: Fix an out-of-bound read in verify_buffer_sbat() (bsc#1215102,CVE-2023-40550)
- pe-relocate: Fix bounds check for MZ binaries (bsc#1215103,CVE-2023-40551)
The NX flag is disable which is same as the default value of shim-15.8, hence, not need to enable it by this patch now.
- Generate dbx during build so we don't include binary files in sources
- Don't require grub so shim can still be used with systemd-boot
- Update shim-install to fix boot failure of ext4 root file system
on RAID10 (bsc#1205855)
- Adopt the macros from fde-tpm-helper-macros to update the
signature in the sealed key after a bootloader upgrade
- Update shim-install to amend full disk encryption support
- Adopt TPM 2.0 Key File for grub2 TPM 2.0 protector
- Use the long name to specify the grub2 key protector
- cryptodisk: support TPM authorized policies
- Do not use tpm_record_pcrs unless the command is in command.lst
- Removed POST_PROCESS_PE_FLAGS=-N from the build command in shim.spec to
enable the NX compatibility flag when using post-process-pe after
discussed with grub2 experts in mail. It's useful for further development
and testing. (bsc#1205588)
shim-15.8-150300.4.20.2.src.rpm
shim-15.8-150300.4.20.2.x86_64.rpm
shim-15.8-150300.4.20.2.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-586
Security update for docker
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for docker fixes the following issues:
Vendor latest buildkit v0.11 including bugfixes for the following:
* CVE-2024-23653: BuildKit API doesn't validate entitlement on container creation (bsc#1219438).
* CVE-2024-23652: Fixed arbitrary deletion of files (bsc#1219268).
* CVE-2024-23651: Fixed race condition in mount (bsc#1219267).
Updating docker will restart the docker service, which may stop some of your docker containers. Do you want to proceed with the update?
docker-24.0.7_ce-150000.193.1.src.rpm
docker-24.0.7_ce-150000.193.1.x86_64.rpm
docker-24.0.7_ce-150000.193.1.s390x.rpm
docker-24.0.7_ce-150000.193.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-597
Security update for mozilla-nss
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for mozilla-nss fixes the following issues:
Update to NSS 3.90.2:
- CVE-2023-5388: Fixed timing attack against RSA decryption in TLS (bsc#1216198)
libfreebl3-3.90.2-150400.3.39.1.x86_64.rpm
libsoftokn3-3.90.2-150400.3.39.1.x86_64.rpm
mozilla-nss-3.90.2-150400.3.39.1.src.rpm
mozilla-nss-3.90.2-150400.3.39.1.x86_64.rpm
mozilla-nss-certs-3.90.2-150400.3.39.1.x86_64.rpm
mozilla-nss-tools-3.90.2-150400.3.39.1.x86_64.rpm
libfreebl3-3.90.2-150400.3.39.1.s390x.rpm
libsoftokn3-3.90.2-150400.3.39.1.s390x.rpm
mozilla-nss-3.90.2-150400.3.39.1.s390x.rpm
mozilla-nss-certs-3.90.2-150400.3.39.1.s390x.rpm
mozilla-nss-tools-3.90.2-150400.3.39.1.s390x.rpm
libfreebl3-3.90.2-150400.3.39.1.aarch64.rpm
libsoftokn3-3.90.2-150400.3.39.1.aarch64.rpm
mozilla-nss-3.90.2-150400.3.39.1.aarch64.rpm
mozilla-nss-certs-3.90.2-150400.3.39.1.aarch64.rpm
mozilla-nss-tools-3.90.2-150400.3.39.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1133
Security update for ncurses
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for ncurses fixes the following issues:
- CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061).
libncurses6-6.1-150000.5.24.1.x86_64.rpm
ncurses-6.1-150000.5.24.1.src.rpm
ncurses-utils-6.1-150000.5.24.1.x86_64.rpm
terminfo-6.1-150000.5.24.1.x86_64.rpm
terminfo-base-6.1-150000.5.24.1.x86_64.rpm
libncurses6-6.1-150000.5.24.1.s390x.rpm
ncurses-utils-6.1-150000.5.24.1.s390x.rpm
terminfo-6.1-150000.5.24.1.s390x.rpm
terminfo-base-6.1-150000.5.24.1.s390x.rpm
libncurses6-6.1-150000.5.24.1.aarch64.rpm
ncurses-utils-6.1-150000.5.24.1.aarch64.rpm
terminfo-6.1-150000.5.24.1.aarch64.rpm
terminfo-base-6.1-150000.5.24.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-609
Recommended update for grub2
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for grub2 fixes the following issues:
- Fix PowerPC grub slow loading time (bsc#1217102)
grub2-2.06-150500.29.16.1.src.rpm
grub2-2.06-150500.29.16.1.x86_64.rpm
grub2-i386-pc-2.06-150500.29.16.1.noarch.rpm
grub2-snapper-plugin-2.06-150500.29.16.1.noarch.rpm
grub2-x86_64-efi-2.06-150500.29.16.1.noarch.rpm
grub2-x86_64-xen-2.06-150500.29.16.1.noarch.rpm
grub2-2.06-150500.29.16.1.s390x.rpm
grub2-s390x-emu-2.06-150500.29.16.1.s390x.rpm
grub2-2.06-150500.29.16.1.aarch64.rpm
grub2-arm64-efi-2.06-150500.29.16.1.noarch.rpm
openSUSE-Leap-Micro-5.5-2024-960
Recommended update for git
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for git fixes the following issues:
- Do not replace apparmor configuration (bsc#1216545)
git-2.35.3-150300.10.36.1.src.rpm
git-2.35.3-150300.10.36.1.x86_64.rpm
git-core-2.35.3-150300.10.36.1.x86_64.rpm
perl-Git-2.35.3-150300.10.36.1.x86_64.rpm
git-2.35.3-150300.10.36.1.s390x.rpm
git-core-2.35.3-150300.10.36.1.s390x.rpm
perl-Git-2.35.3-150300.10.36.1.s390x.rpm
git-2.35.3-150300.10.36.1.aarch64.rpm
git-core-2.35.3-150300.10.36.1.aarch64.rpm
perl-Git-2.35.3-150300.10.36.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-718
Recommended update for aardvark-dns, netavark
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for aardvark-dns and netavark fixes the following issues:
aardvark-dns was updated to version 1.10.0 (jsc#PED-7577):
- Changes in version 1.10.0:
* chore(deps): update rust crate chrono to 0.4.32
* chore(deps): update dependency containers/automation_images to v20240102
* fix(deps): update rust crate futures-util to 0.3.30
* fix(deps): update rust crate anyhow to 1.0.79
* fix(deps): update rust crate tokio to 1.35.1
* chore(deps): update dependency containers/automation_images to v20231208
* fix(deps): update rust crate tokio to 1.35.0
* fix duplicated IP CI flake
* server: remove unused kill switch
* fix(deps): update rust crate clap to ~4.4.10
- Changes in version 1.9.0:
* run cargo update
* chore(deps): update dependency containers/automation_images to v20231116
* fix(deps): update rust crate tokio to 1.34.0
* fix(deps): update rust crate async-broadcast to 0.6.0
* update trust-dns to hickory
* fix(deps): update rust crate futures-util to 0.3.29
* fix(deps): update rust crate trust-dns-server to 0.23.2
* fix(deps): update rust crate trust-dns-proto to 0.23.2
* tmt: initial enablement
* aardvark main: change error reporting
* chore(deps): update dependency containers/automation_images to v20231004
* fix(deps): update rust crate trust-dns-proto to 0.23.1
* fix(deps): update rust crate trust-dns-client to 0.23.1
* clippy: some format fixes
* fix(deps): update rust crate tokio to 1.33.0
- Changes in version 1.8.0:
* run cargo update
* Packit: switch to @containers/packit-build team for copr failure notification comments
* [CI:BUILD] Packit: tag @lsm5 on copr build failures
* chore(deps): update rust crate chrono to 0.4.31
* cargo: bump chrono to 0.4.30
* test: IPv6 format is changed in v1.72.0
* bump nix to 0.27.1
* vendor: bump trust_dns_proto and trust_dns_client to 0.23.0
* fix(deps): update rust crate trust-dns-server to 0.23.0
* [CI:BUILD] rpm: spdx compatible license field
* fix(deps): update rust crate anyhow to 1.0.75
* fix(deps): update rust crate tokio to 1.32.0
* chore(deps): update dependency containers/automation_images to v20230816
* fix(deps): update rust crate tokio to 1.31.0
* fix(deps): update rust crate anyhow to 1.0.74
* fix(deps): update rust crate anyhow to 1.0.73
* fix(deps): update rust crate log to 0.4.20
* chore(deps): update dependency containers/automation_images to v20230809
* fix(deps): update rust crate tokio to 1.30.0
* fix(deps): update rust crate clap to 4.3.21
* packit: Build PRs into default packit COPRs
* chore(deps): update dependency containers/automation_images to v20230807
* fix(deps): update rust crate anyhow to 1.0.72
* fix(deps): update rust crate signal-hook to 0.3.17
* fix(deps): update rust crate clap to 4.3.19
* fix(deps): update rust crate clap to 4.3.15
* fix(deps): update rust crate signal-hook to 0.3.16
* [CI:BUILD] Packit: remove pre-sync action
* fix(deps): update rust crate clap to 4.3.11
* fix(deps): update rust crate tokio to 1.29.1
* fix(deps): update rust crate clap to 4.3.10
* [CI:BUILD] RPM: cleanup spec and fix eln builds
- Disable restricting builds only for tier1 platforms
i.e. only for x86_64 and aarch64 and enable for all.
- Changes in version 1.7.0:
* fix(deps): update rust crate tokio to 1.29.0
* fix(deps): update rust crate clap to 4.3.8
* fix(deps): update rust crate clap to 4.3.5
* run cargo update
* [CI:BUILD] Packit: add Fedora downstream tasks
* fix(deps): update rust crate clap to 4.3.4
* chore(deps): update dependency containers/automation_images to v20230614
* fix(deps): update rust crate clap to 4.3.3
* fix(deps): update rust crate log to 0.4.19
* fix(deps): update rust crate clap to 4.3.2
* fix(deps): update rust crate clap to 4.3.1
* cirrus: remove verify_vendor task
* chore(deps): update dependency containers/automation_images to v20230601
* fix(deps): update rust crate trust-dns-server to 0.22.1
* chore(deps): update rust crate chrono to 0.4.26
* fix(deps): update rust crate tokio to 1.28.2
* fix(deps): update rust crate log to 0.4.18
* chore(deps): update rust crate chrono to 0.4.25
* fix(deps): update rust crate clap to 4.3.0
* chore(deps): update dependency containers/automation_images to v20230517
* fix(deps): update rust crate tokio to 1.28.1
* chore(deps): update dependency containers/automation_images to v20230426
* fix(deps): update rust crate clap to 4.2.7
* fix(deps): update rust crate anyhow to 1.0.71
* fix typo in makefile
* fix(deps): update rust crate tokio to 1.28.0
* fix(deps): update rust crate clap to 4.2.5
* fix(deps): update rust crate syslog to ^6.1.0
* fix(deps): update rust crate clap to 4.2.4
* fix(deps): update rust crate clap to 4.2.3
* fix(deps): update rust crate clap to v4
* chore(deps): update dependency containers/automation_images to v20230405
- Changes in version 1.6.0:
* fix(deps): update rust crate tokio to 1.27.0
* use lower TTL for contianer entries
* fix(deps): update rust crate syslog to ^6.0.1
* fix(deps): update rust crate futures-util to 0.3.28
* chore(deps): update dependency containers/automation_images to v20230330
* Disable Dependabot in favor of Renovate
* chore(deps): update dependency containers/automation_images to v20230320
* build(deps): bump futures-util from 0.3.26 to 0.3.27
* [CI:BUILD] Packit: trigger builds on commit to main branch
* build(deps): bump anyhow from 1.0.68 to 1.0.70
* fix lint issue with new rust version 1.68
* Cirrus: Update to newer CI VM images
* build(deps): bump chrono from 0.4.23 to 0.4.24
* build(deps): bump libc from 0.2.139 to 0.2.140
* build(deps): bump async-broadcast from 0.5.0 to 0.5.1
* build(deps): bump signal-hook from 0.3.14 to 0.3.15
* build(deps): bump futures-util from 0.3.25 to 0.3.26
* build(deps): bump tokio from 1.25.0 to 1.26.0
* [CI:DOCS] Clarify packit related comments
* [CI:BUILD] Packit: initial enablement
* Allow custom cargo binary path
* Switch to explicit platform list for `cargo vendor-filterer`
* Add renovate.json5
* Cirrus: Groom rust cache before updating
netavark was update to version 1.10.2 (jsc#PED-7577):
- Changes in version 1.10.2:
* Fixed aardvark-dns handling
* Do not perform network namespace detection on AV update
- Changes in version 1.10.1:
* Updated to nftables release 0.3 from crates.io
* DISTRO_PACKAGE: fix incorrect vendored tar archive URL
* Bump to 1.11.0-dev
- Changes in version 1.10.0:
* RPM: update .cargo/config before building
* Added support for isolation to the nftables driver
* build(deps): bump h2 from 0.3.22 to 0.3.24
* chore(deps): update rust crate chrono to 0.4.32
* fix(deps): update rust crate env_logger to 0.11.0
* chore(deps): update dependency containers/automation_images to v20240102
* Bump nftables-rs to latest commit
* Netavark: nftables support
* fix(deps): update rust crate serde_json to 1.0.111
* feat: added the --firewall-driver option
* Document how to generate a code coverage report for netavark
* fix(deps): update rust crate clap to ~4.4.12
* fix(deps): update rust crate serde_json to 1.0.110
* fix(deps): update rust-futures monorepo to 0.3.30
* fix(deps): update rust crate nispor to 1.2.16
* chore(deps): update rust crate tempfile to 3.9.0
* Use tonic::transport::Uri instead of HTTP
* chore(deps): update dependency containers/automation_images to v20231208
* fix(deps): update rust crate tokio to 1.35
* dhcp-proxy: return actual error instead of generic one
* dhcp-proxy: skip set gateway if missing
* bump netlink-packet-route to 0.18.1
* chore(deps): update rust crate once_cell to 1.19.0
* fix(deps): update rust crate nispor to 1.2.15
* fix(deps): update rust crate serde to 1.0.193
* fix(deps): update rust crate clap to ~4.4.10
* aardvark: show error if process is in wrong netns
* aardvark: remove unessesary unlock lockfile calls
* fix(deps): update rust crate url to 2.5.0
* Bump working version to v1.10.0-dev
- Changes in version 1.9.0:
* test: fix syntax problem in helpers.bash
* run cargo update
* use OsString/Path over String for file paths
* chore(deps): update dependency containers/automation_images to v20231116
* firewalld-reload: fix CI tests
* firewalld-reload: prevent race which could leak fw rules
* fix(deps): update rust crate clap to ~4.4.8
* CI: skip broken firewalld test
* fix(deps): update rust crate http to 0.2.11
* rpm: add netavark-firewalld-reload.service to spec
* firewalld-reload: add integration tests
* firewall/state: make sure to ignore enoent on read
* firewall-reload: integrate actual logic to reload rules
* firewall/state: improve error messages
* firewall: add state functions to serialize configs
* firewalld: fix lint errors with rust v1.73
* firewall: do not use full Network in NetworkStruct
* firewall: add dns_port to SetupNetwork
* add firewalld-reload subcommand
* fix(deps): update rust crate http to 0.2.10
* fix(deps): update rust crate env_logger to 0.10.1
* fix(deps): update rust crate tokio to 1.34
* Update rust container build files
* bridge: force static mac on bridge interface
* fix(deps): update rust crate futures-core to 0.3.29
* fix(deps): update rust crate serde to 1.0.190
* fix(deps): update rust crate serde_json to 1.0.108
* fix(deps): update rust crate sysctl to 0.5.5
* fix(deps): update rust-futures monorepo to 0.3.29
* CI: Drop CI VM distro name
* chore(deps): update dependency containers/automation_images to v20231004
* fix(deps): update rust crate tokio to 1.33
* build-sys: Filter to tier 2 Linux declaratively
* fix(deps): update rust crate sha2 to 0.10.8
* fix podman.io community link
* Bump to v1.9.0-dev
- Changes in version 1.8.0:
* run cargo update
* Add vrf support for bridges
* Packit: switch to @containers/packit-build team for copr failure notification comments
* fix(deps): update rust crate nispor to 1.2.14
* [CI:BUILD] Packit: tag @lsm5 on copr build failures
* chore(deps): update rust crate chrono to 0.4.31
* fix(deps): update rust crate serde_json to 1.0.107
* rust io safety: convert RawFd to BorrowedFd<>
* bump nix to 0.27.1
* chore(deps): update rust crate chrono to 0.4.30
* fix(deps): update rust crate serde_json to 1.0.106
* chore(deps): update rust crate chrono to 0.4.29
* fix(deps): update rust crate netlink-packet-route to 0.17.1
* Bump tonic and prost
* Update container image to F38
* Add ACCEPT rules in firewall for bridge network with internal dns.
* chore(deps): update rust crate tonic-build to 0.10
* fix(deps): update rust crate nispor to 1.2.13
* fix(deps): update rust crate serde to 1.0.188
* Fix clippy warnings about formatting
* update chrono crate
* fix(deps): update rust crate url to 2.4.1
* Add protoc dependency to README
* [CI:BUILD] rpm: spdx compatible license field
* fix(deps): update rust crate tokio to 1.32
* chore(deps): update dependency containers/automation_images to v20230816
* fix(deps): update rust crate serde_json to 1.0.105
* fix(deps): update rust crate tokio to 1.31
* fix(deps): update rust crate log to 0.4.20
* run cargo update
* update tonic-build to 0.9.2
* bump rust edition to 2021
* iptables: drop invalid packages
* fix(deps): update rust crate tokio to 1.30
* docs: Convert markdown with go-md2man instead of mandown
* fix(deps): update rust crate clap to 4.3.21
* packit: Build PRs into default packit COPRs
* chore(deps): update dependency containers/automation_images to v20230807
* fix(deps): update rust crate serde to 1.0.183
* fix(deps): update rust crate serde to 1.0.181
* fix(deps): update rust crate serde to 1.0.180
* fix(deps): update rust crate serde_json to 1.0.104
* fix(deps): update rust crate serde to 1.0.179
* fix(deps): update rust crate serde to 1.0.176
* fix(deps): update rust crate clap to 4.3.19
* fix(deps): update rust crate serde to 1.0.175
* fix(deps): update rust crate clap to 4.3.17
* fix(deps): update rust crate clap to 4.3.15
* fix(deps): update rust crate clap to 4.3.12
* fix(deps): update rust crate serde_json to 1.0.103
* [CI:BUILD] Packit: remove pre-sync action
* fix(deps): update rust crate serde_json to 1.0.102
* fix(deps): update rust crate nispor to 1.2.12
* macvlan: use netlink type for bclim
* bump netlink deps
* fix(deps): update rust crate serde to 1.0.171
* fix(deps): update rust crate serde to 1.0.167
* fix(deps): update rust crate clap to 4.3.11
* fix(deps): update rust crate serde to 1.0.166
* fix(deps): update rust crate serde_json to 1.0.100
* iptables: improve error when ip6?tables commands are missing
* fix(deps): update rust crate clap to 4.3.10
* fix(deps): update rust crate zbus to 3.14.1
* [CI:BUILD] RPM: Fix ELN build and cleanup spec
* bump to v1.8.0-dev
- Changes in version 1.7.0:
* fix(deps): update rust crate tokio to 1.29
* netavark: make --config required for dns
* fix(deps): update rust crate serde_json to 1.0.99
* fix(deps): update rust crate clap to 4.3.8
* [CI:BUILD] Packit: add Fedora downstream tasks
* run cargo update
* fix(deps): update rust crate serde_json to 1.0.97
* fix(deps): update rust crate sha2 to 0.10.7
* fix(deps): update rust crate clap to 4.3.4
* chore(deps): update dependency containers/automation_images to v20230614
* fix(deps): update rust crate clap to 4.3.3
* fix(deps): update rust crate log to 0.4.19
* aardvark: fix missleading dns disabled log
* firewall: add NETAVARK_ISOLATION_3 chain for strict isolation
* docs: fix link to getting started
* fix(deps): update rust crate serde to 1.0.164
* netlink: fix incorrect info log for del_route
* dhcp-proxy: apply new ip address/gateway
* test-dhcp: fix broekn has_ip() check
* dhcp-proxy: actually implement renewing leases
* dhcp-proxy: simplify code
* dhcp-proxy: drop macaddr dependency
* dhcp-proxy: remove some unused traits
* fix(deps): update rust crate zbus to 3.13.1
* fix(deps): update rust crate clap to 4.3.2
* chore(deps): update rust crate once_cell to 1.18.0
* fix(deps): update rust crate url to 2.4.0
* fix(deps): update rust crate clap to 4.3.1
* chore(deps): update dependency containers/automation_images to v20230601
* chore(deps): update rust crate chrono to 0.4.26
* chore(deps): update rust crate chrono to 0.4.25
* fix(deps): update rust crate log to 0.4.18
* chore(deps): update rust crate once_cell to 1.17.2
* macvlan: add bclim option
* parse_option(): return option instead of default
* add no_default_gateway option
* fix(deps): update rust crate clap to 4.3.0
* chore(deps): update dependency containers/automation_images to v20230517
* fix(deps): update rust crate serde to 1.0.163
* Add ability to add static route
* fix(deps): update rust crate serde to 1.0.162
* Cirrus: Update fedora name to match image
* fix(deps): update rust crate clap to 4.2.7
* chore(deps): update dependency containers/automation_images to v20230426
* correct typo in Makefile
* simplify path printing
* fix(deps): update rust crate tokio to 1.28
* aardvark-dns pid: return better errors
* fix comment in Subnet definition
* aardvark: no error when aardvark config is not there
* fix(deps): update rust crate zbus to 3.12.0
* fix(deps): update rust crate clap to 4.2.4
* fix(deps): update rust crate clap to 4.2.2
* fix(deps): update rust crate serde_json to 1.0.96
* update clap to v4
* fix(deps): update rust crate serde to 1.0.160
* bump to v1.7.0-dev
- Changes in version 1.6.0:
* dhcp-proxy: fix typo for --activity-timeout
* chore(deps): update dependency containers/automation_images to v20230405
* dhcp-proxy: use better error when connection fails
* add documentation for netavark plugins
* add stderr example plugin to test stderr passthrough
* add netavark plugin driver
* add example error plugin
* add host-device example plugin
* plugin: add simple plugin interface
* netlink: add dump_addresses
* netlink: add set_link_ns
* dhcp-proxy: correctly exit > 0 on errors
* fix(deps): update rust crate tonic to 0.9
* fix(deps): update rust crate mozim to 0.2.2
* fix(deps): update rust crate serde to 1.0.159
* fix(deps): update rust crate netlink-sys to 0.8.5
* dhcp-proxy: create socket directory only when used
* dhcp-proxy: do not remove socket when running under systemd
* Makefile: netavark-dhcp-proxy.service use correct path
* fix(deps): update rust crate http to 0.2.9
* chore(deps): update rust crate once_cell to 1.17.1
* fix(deps): update rust-futures monorepo to 0.3.28
* fix(deps): update rust crate serde_json to 1.0.95
* chore(deps): update dependency containers/automation_images to v20230330
* Disable Dependabot in favor of Renovate
* chore(deps): update rust crate chrono to 0.4.24
* build(deps): bump ipnet from 2.7.1 to 2.7.2
* build(deps): bump serde from 1.0.158 to 1.0.159
* build(deps): bump serde_json from 1.0.94 to 1.0.95
* update,main: dont write empty space when no network_dns_servers is given
* fix(deps): update rust crate tokio to 1.27
* Quit Leasing when Client disconnects
* build(deps): bump mozim from 0.2.1 to 0.2.2
* iptables: fix incorrect debug statement
* build(deps): bump serde from 1.0.156 to 1.0.158
* iptables: port fw handle wildcard address correctly
* chore(deps): update dependency containers/automation_images to v20230320
* build(deps): bump zbus from 3.11.0 to 3.11.1
* build(deps): bump anyhow from 1.0.69 to 1.0.70
* [CI:BUILD] Packit: trigger builds on commit to main branch
* Cirrus: Invalidate v2 bin cache
* Include Systemd Files in RPM Package
* Cirrus: Fix success failing on artifact extraction
* fix lint issue with new rust version 1.68
* Cirrus: Update to newer CI VM images
* build(deps): bump serde from 1.0.152 to 1.0.156
* combine dhcp-proxy and netavark into one binary
* update: should allow empty network_dns_servers
* build(deps): bump libc from 0.2.139 to 0.2.140
* fix aarch64 ncat flake
* update to mozim 0.2.1
* build(deps): bump zbus from 3.10.0 to 3.11.0
* packit: Update build release tag correctly
* test: move proto option into run_nc_test()
* test: add netns pid param to port checks
* test: import podman code to check for ports
* cirrus.yaml: add new binaries in art_prep_script
* fix netavark-dhcp-proxy binary in system unit
* import netavark-proxy-dhcp tests
* add build_proxy_client target
* add netavark-dhcp-proxy to rpm
* Fix dhcp-proxy build
* Merge nv-dhcp-proxy into nv
* fix default route metric test name
* build(deps): bump tokio from 1.25.0 to 1.26.0
* Support none parameter on NETAVARK_FW
* build(deps): bump anyhow from 1.0.68 to 1.0.69
* Fix typos
* update netlink-packet-{route,core} to 0.15 and 0.5
* build(deps): bump serde_json from 1.0.92 to 1.0.93
* build(deps): bump zbus from 3.8.0 to 3.10.0
* [CI:BUILD] Packit: initial enablement
* Allow custom cargo binary path
* build(deps): bump serde_json from 1.0.91 to 1.0.92
* Cirrus: Reduce requested CPUs for compile-tasks
* bump to version 1.0.6-dev
* build(deps): bump netlink-sys from 0.8.3 to 0.8.4
* Add renovate.json5
- Added aardvark-dns as dependency requirement for netavark
aardvark-dns-1.10.0-150500.3.3.1.src.rpm
aardvark-dns-1.10.0-150500.3.3.1.x86_64.rpm
netavark-1.10.2-150500.3.3.3.src.rpm
netavark-1.10.2-150500.3.3.3.x86_64.rpm
aardvark-dns-1.10.0-150500.3.3.1.s390x.rpm
netavark-1.10.2-150500.3.3.3.s390x.rpm
aardvark-dns-1.10.0-150500.3.3.1.aarch64.rpm
netavark-1.10.2-150500.3.3.3.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1077
Recommended update for kio
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for kio fixes the following issues:
- Added missing kio-devel to Package Hub for SLE-15-SP5 (no source changes) (bsc#1215704)
libLLVM15-15.0.7-150500.4.6.2.x86_64.rpm
llvm15-15.0.7-150500.4.6.2.src.rpm
libLLVM15-15.0.7-150500.4.6.2.s390x.rpm
libLLVM15-15.0.7-150500.4.6.2.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-629
Recommended update for virt-manager
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for virt-manager fixes the following issues:
- Fix KVM/QEMU video driver fails (bsc#1219791, bsc#1220012)
- Fix collapsed application tab in virt-manager (bsc#1213790)
- libvirtd crashes when virt-manager connects virt-manager qemu:///system (bsc#1212195)
- Changes to osinfo-db cause some virt-manager tests to fail
virt-install-4.1.0-150500.3.6.1.noarch.rpm
virt-manager-4.1.0-150500.3.6.1.src.rpm
virt-manager-common-4.1.0-150500.3.6.1.noarch.rpm
openSUSE-Leap-Micro-5.5-2024-980
Recommended update for pam-config
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for pam-config fixes the following issues:
- Fix pam_gnome_keyring module for AUTH (bsc#1219767)
pam-config-1.1-150200.3.6.1.src.rpm
pam-config-1.1-150200.3.6.1.x86_64.rpm
pam-config-1.1-150200.3.6.1.s390x.rpm
pam-config-1.1-150200.3.6.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1476
Recommended update for python-docutils
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for python-docutils fixes the following issue:
- Use update-alternatives for all binary scripts and provide
/usr/bin/docutils to avoid conflict with python311-docutils (bsc#1219501)
python-docutils-0.14-150000.3.4.1.src.rpm
python3-docutils-0.14-150000.3.4.1.noarch.rpm
openSUSE-Leap-Micro-5.5-2024-735
Recommended update for libindicator7, libdbusmenu-gtk4
low
SUSE Updates openSUSE-Leap-Micro 5.5
This update for libindicator7, libdbusmenu-gtk4 fixes the following issues:
- Add missing packages to Package Hub 15 SP5 (bsc#1219244, jsc#MSC-751)
libdbusmenu-glib4-16.04.0-150200.3.2.1.x86_64.rpm
libdbusmenu-gtk2-16.04.0-150200.3.2.1.src.rpm
libdbusmenu-gtk3-16.04.0-150200.3.2.1.src.rpm
libdbusmenu-gtk3-4-16.04.0-150200.3.2.1.x86_64.rpm
libindicator-16.10.0+bzr20171205-150200.3.2.1.src.rpm
libindicator3-7-16.10.0+bzr20171205-150200.3.2.1.x86_64.rpm
libdbusmenu-glib4-16.04.0-150200.3.2.1.s390x.rpm
libdbusmenu-gtk3-4-16.04.0-150200.3.2.1.s390x.rpm
libindicator3-7-16.10.0+bzr20171205-150200.3.2.1.s390x.rpm
libdbusmenu-glib4-16.04.0-150200.3.2.1.aarch64.rpm
libdbusmenu-gtk3-4-16.04.0-150200.3.2.1.aarch64.rpm
libindicator3-7-16.10.0+bzr20171205-150200.3.2.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-982
Recommended update for systemd-rpm-macros
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for systemd-rpm-macros fixes the following issue:
- Order packages that requires systemd after systemd-sysvcompat if needed. (bsc#1217964)
systemd-rpm-macros-15-150000.7.39.1.noarch.rpm
systemd-rpm-macros-15-150000.7.39.1.src.rpm
openSUSE-Leap-Micro-5.5-2024-1136
Security update for c-ares
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for c-ares fixes the following issues:
- CVE-2024-25629: Fixed out of bounds read in ares__read_line() (bsc#1220279).
c-ares-1.19.1-150000.3.26.1.src.rpm
libcares2-1.19.1-150000.3.26.1.x86_64.rpm
libcares2-1.19.1-150000.3.26.1.s390x.rpm
libcares2-1.19.1-150000.3.26.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-794
Security update for sudo
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for sudo fixes the following issues:
NOTE: This update has been retracted, as some logic was not changed correctly.
- CVE-2023-42465: Try to make sudo less vulnerable to ROWHAMMER attacks (bsc#1219026).
sudo-1.9.12p1-150500.7.7.1.src.rpm
sudo-1.9.12p1-150500.7.7.1.x86_64.rpm
sudo-1.9.12p1-150500.7.7.1.s390x.rpm
sudo-1.9.12p1-150500.7.7.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-764
Security update for wpa_supplicant
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for wpa_supplicant fixes the following issues:
- CVE-2023-52160: Bypassing WiFi Authentication (bsc#1219975).
wpa_supplicant-2.10-150500.3.3.1.src.rpm
wpa_supplicant-2.10-150500.3.3.1.x86_64.rpm
wpa_supplicant-2.10-150500.3.3.1.s390x.rpm
wpa_supplicant-2.10-150500.3.3.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-760
Recommended update for cloud-regionsrv-client
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for cloud-regionsrv-client contains the following fixes:
- Update to version 10.1.7 (bsc#1220164, bsc#1220165)
+ Fix the failover path to a new target update server. At present a new
server is not found since credential validation fails. We targeted
the server detected in down condition to verify the credentials instead
of the replacement server.
cloud-regionsrv-client-10.1.7-150000.6.108.1.noarch.rpm
cloud-regionsrv-client-10.1.7-150000.6.108.1.src.rpm
cloud-regionsrv-client-addon-azure-1.0.5-150000.6.108.1.noarch.rpm
cloud-regionsrv-client-generic-config-1.0.0-150000.6.108.1.noarch.rpm
cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.108.1.noarch.rpm
cloud-regionsrv-client-plugin-ec2-1.0.4-150000.6.108.1.noarch.rpm
cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.108.1.noarch.rpm
openSUSE-Leap-Micro-5.5-2024-878
Recommended update for grub2
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for grub2 fixes the following issues:
- Fix grub.xen memdisk script looking for /boot/grub/grub.cfg (bsc#1219248, bsc#1181762)
grub2-2.06-150500.29.19.1.src.rpm
grub2-2.06-150500.29.19.1.x86_64.rpm
grub2-i386-pc-2.06-150500.29.19.1.noarch.rpm
grub2-snapper-plugin-2.06-150500.29.19.1.noarch.rpm
grub2-x86_64-efi-2.06-150500.29.19.1.noarch.rpm
grub2-x86_64-xen-2.06-150500.29.19.1.noarch.rpm
grub2-2.06-150500.29.19.1.s390x.rpm
grub2-s390x-emu-2.06-150500.29.19.1.s390x.rpm
grub2-2.06-150500.29.19.1.aarch64.rpm
grub2-arm64-efi-2.06-150500.29.19.1.noarch.rpm
openSUSE-Leap-Micro-5.5-2024-901
Security update for python3
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for python3 fixes the following issues:
- CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory (bsc#1219666).
- CVE-2022-48566: Make compare_digest more constant-time (bsc#1214691).
libpython3_6m1_0-3.6.15-150300.10.57.1.x86_64.rpm
python3-3.6.15-150300.10.57.1.src.rpm
python3-3.6.15-150300.10.57.1.x86_64.rpm
python3-base-3.6.15-150300.10.57.1.x86_64.rpm
python3-core-3.6.15-150300.10.57.1.src.rpm
libpython3_6m1_0-3.6.15-150300.10.57.1.s390x.rpm
python3-3.6.15-150300.10.57.1.s390x.rpm
python3-base-3.6.15-150300.10.57.1.s390x.rpm
libpython3_6m1_0-3.6.15-150300.10.57.1.aarch64.rpm
python3-3.6.15-150300.10.57.1.aarch64.rpm
python3-base-3.6.15-150300.10.57.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1287
Security update for vim
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for vim fixes the following issues:
Updated to version 9.1.0111, fixes the following security problems
- CVE-2023-48231: Use-After-Free in win_close() (bsc#1217316).
- CVE-2023-48232: Floating point Exception in adjust_plines_for_skipcol() (bsc#1217320).
- CVE-2023-48233: overflow with count for :s command (bsc#1217321).
- CVE-2023-48234: overflow in nv_z_get_count (bsc#1217324).
- CVE-2023-48235: overflow in ex address parsing (CVE-2023-48235).
- CVE-2023-48236: overflow in get_number (bsc#1217329).
- CVE-2023-48237: overflow in shift_line (bsc#1217330).
- CVE-2023-48706: heap-use-after-free in ex_substitute (bsc#1217432).
- CVE-2024-22667: stack-based buffer overflow in did_set_langmap function in map.c (bsc#1219581).
- CVE-2023-4750: Heap use-after-free in function bt_quickfix (bsc#1215005).
vim-9.1.0111-150500.20.9.1.src.rpm
vim-data-common-9.1.0111-150500.20.9.1.noarch.rpm
vim-small-9.1.0111-150500.20.9.1.x86_64.rpm
vim-small-9.1.0111-150500.20.9.1.s390x.rpm
vim-small-9.1.0111-150500.20.9.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1175
Recommended update for multipath-tools
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for multipath-tools fixes the following issues:
- Fixed activation of LVM volume groups during coldplug (bsc#1219142)
- Avoid changing SCSI timeouts in "multipath -d" (bsc#1213809)
- Fixed dev_loss_tmo even if not set in configuration (bsc#1212440)
- Backport of upstream bug fixes (bsc#1220374):
* Avoid setting queue_if_no_path on multipath maps for which the no_path_retry timeout has expired
* Fixed memory and error handling for code using aio (marginal path code, directio path checker)
* libmultipath: fixed max_sectors_kb on adding path
* Fixed warnings reported by udevadm verify
* libmultipath: use directio checker for LIO targets
* multipathd.service: remove "Also=multipathd.socket"
* libmultipathd: avoid parsing errors due to unsupported designators
* libmultipath: return 'pending' state when port is in transition
* multipath.rules: fixed "smart" bug with failed valid path check
* libmpathpersist: fixed resource leak in update_map_pr()
* libmultipath: keep renames from stopping other multipath actions
kpartx-0.9.4+117+suse.87f2634-150500.3.9.1.x86_64.rpm
libmpath0-0.9.4+117+suse.87f2634-150500.3.9.1.x86_64.rpm
multipath-tools-0.9.4+117+suse.87f2634-150500.3.9.1.src.rpm
multipath-tools-0.9.4+117+suse.87f2634-150500.3.9.1.x86_64.rpm
kpartx-0.9.4+117+suse.87f2634-150500.3.9.1.s390x.rpm
libmpath0-0.9.4+117+suse.87f2634-150500.3.9.1.s390x.rpm
multipath-tools-0.9.4+117+suse.87f2634-150500.3.9.1.s390x.rpm
kpartx-0.9.4+117+suse.87f2634-150500.3.9.1.aarch64.rpm
libmpath0-0.9.4+117+suse.87f2634-150500.3.9.1.aarch64.rpm
multipath-tools-0.9.4+117+suse.87f2634-150500.3.9.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-766
Recommended update for libssh
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for libssh fixes the following issues:
- Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385)
libssh-0.9.8-150400.3.6.1.src.rpm
libssh-config-0.9.8-150400.3.6.1.x86_64.rpm
libssh4-0.9.8-150400.3.6.1.x86_64.rpm
libssh-config-0.9.8-150400.3.6.1.s390x.rpm
libssh4-0.9.8-150400.3.6.1.s390x.rpm
libssh-config-0.9.8-150400.3.6.1.aarch64.rpm
libssh4-0.9.8-150400.3.6.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-830
Security update for xen
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for xen fixes the following issues:
- CVE-2023-46839: Fixed memory access through PCI device with phantom functions (XSA-449) (bsc#1218851).
- CVE-2023-46840: Fixed Failure to quarantine devices in !HVM builds (XSA-450) (bsc#1219080).
- CVE-2023-46841: Fixed shadow stack vs exceptions from emulation stubs (XSA-451) (bsc#1219885).
xen-4.17.3_06-150500.3.24.1.src.rpm
xen-libs-4.17.3_06-150500.3.24.1.x86_64.rpm
openSUSE-Leap-Micro-5.5-2024-781
Recommended update for cloud-netconfig
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for cloud-netconfig fixes the following issues:
- Add Provides/Obsoletes for dropped cloud-netconfig-nm
- Install dispatcher script into /etc/NetworkManager/dispatcher.d on older distributions
- Add BuildReqires: NetworkManager to avoid owning dispatcher.d parent directory
- Update to version 1.11:
+ Revert address metadata lookup in GCE to local lookup (bsc#1219454)
+ Fix hang on warning log messages
+ Check whether getting IPv4 addresses from metadata failed and abort if true
+ Only delete policy rules if they exist
+ Skip adding/removing IPv4 ranges if metdata lookup failed
+ Improve error handling and logging in Azure
+ Set SCRIPTDIR when installing netconfig wrapper
cloud-netconfig-azure-1.11-150000.25.17.1.noarch.rpm
cloud-netconfig-azure-1.11-150000.25.17.1.src.rpm
cloud-netconfig-ec2-1.11-150000.25.17.1.noarch.rpm
cloud-netconfig-ec2-1.11-150000.25.17.1.src.rpm
cloud-netconfig-gce-1.11-150000.25.17.1.noarch.rpm
cloud-netconfig-gce-1.11-150000.25.17.1.src.rpm
openSUSE-Leap-Micro-5.5-2024-1082
Recommended update for bluez
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for bluez fixes the following issues:
- Add necessary Supplements (gnome-bluetooth, blueman, bluedevil5) to bluez-obexd, so that file transfer features of the
applications can be used by default (bsc#1209153, bsc#1220329).
- Update the description of bluez-obexd
bluez-5.65-150500.3.11.1.src.rpm
libbluetooth3-5.65-150500.3.11.1.x86_64.rpm
libbluetooth3-5.65-150500.3.11.1.s390x.rpm
libbluetooth3-5.65-150500.3.11.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1129
Security update for expat
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for expat fixes the following issues:
- CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559)
- CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289)
expat-2.4.4-150400.3.17.1.src.rpm
libexpat1-2.4.4-150400.3.17.1.x86_64.rpm
libexpat1-2.4.4-150400.3.17.1.s390x.rpm
libexpat1-2.4.4-150400.3.17.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1099
Security update for libvirt
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for libvirt fixes the following issues:
- CVE-2024-2494: Add a check for negative array lengths before allocation to prevent potential DoS. (bsc#1221815)
- CVE-2024-2496: Fixed NULL pointer dereference in udevConnectListAllInterfaces() (bsc#1221468).
- CVE-2024-1441: Fix off-by-one error in udevListInterfacesByStatus (bsc#1221237)
- qemu: domain: Fix logic when tainting domain (bsc#1220512)
- conf: Remove some firmware validation checks (bsc#1216980)
- libxl: Fix connection to modular network daemon (bsc#1214223)
libvirt-9.0.0-150500.6.20.1.src.rpm
libvirt-client-9.0.0-150500.6.20.1.x86_64.rpm
libvirt-daemon-9.0.0-150500.6.20.1.x86_64.rpm
libvirt-daemon-driver-interface-9.0.0-150500.6.20.1.x86_64.rpm
libvirt-daemon-driver-network-9.0.0-150500.6.20.1.x86_64.rpm
libvirt-daemon-driver-nodedev-9.0.0-150500.6.20.1.x86_64.rpm
libvirt-daemon-driver-nwfilter-9.0.0-150500.6.20.1.x86_64.rpm
libvirt-daemon-driver-qemu-9.0.0-150500.6.20.1.x86_64.rpm
libvirt-daemon-driver-secret-9.0.0-150500.6.20.1.x86_64.rpm
libvirt-daemon-driver-storage-9.0.0-150500.6.20.1.x86_64.rpm
libvirt-daemon-driver-storage-core-9.0.0-150500.6.20.1.x86_64.rpm
libvirt-daemon-driver-storage-disk-9.0.0-150500.6.20.1.x86_64.rpm
libvirt-daemon-driver-storage-iscsi-9.0.0-150500.6.20.1.x86_64.rpm
libvirt-daemon-driver-storage-iscsi-direct-9.0.0-150500.6.20.1.x86_64.rpm
libvirt-daemon-driver-storage-logical-9.0.0-150500.6.20.1.x86_64.rpm
libvirt-daemon-driver-storage-mpath-9.0.0-150500.6.20.1.x86_64.rpm
libvirt-daemon-driver-storage-rbd-9.0.0-150500.6.20.1.x86_64.rpm
libvirt-daemon-driver-storage-scsi-9.0.0-150500.6.20.1.x86_64.rpm
libvirt-daemon-qemu-9.0.0-150500.6.20.1.x86_64.rpm
libvirt-libs-9.0.0-150500.6.20.1.x86_64.rpm
libvirt-client-9.0.0-150500.6.20.1.s390x.rpm
libvirt-daemon-9.0.0-150500.6.20.1.s390x.rpm
libvirt-daemon-driver-interface-9.0.0-150500.6.20.1.s390x.rpm
libvirt-daemon-driver-network-9.0.0-150500.6.20.1.s390x.rpm
libvirt-daemon-driver-nodedev-9.0.0-150500.6.20.1.s390x.rpm
libvirt-daemon-driver-nwfilter-9.0.0-150500.6.20.1.s390x.rpm
libvirt-daemon-driver-qemu-9.0.0-150500.6.20.1.s390x.rpm
libvirt-daemon-driver-secret-9.0.0-150500.6.20.1.s390x.rpm
libvirt-daemon-driver-storage-9.0.0-150500.6.20.1.s390x.rpm
libvirt-daemon-driver-storage-core-9.0.0-150500.6.20.1.s390x.rpm
libvirt-daemon-driver-storage-disk-9.0.0-150500.6.20.1.s390x.rpm
libvirt-daemon-driver-storage-iscsi-9.0.0-150500.6.20.1.s390x.rpm
libvirt-daemon-driver-storage-iscsi-direct-9.0.0-150500.6.20.1.s390x.rpm
libvirt-daemon-driver-storage-logical-9.0.0-150500.6.20.1.s390x.rpm
libvirt-daemon-driver-storage-mpath-9.0.0-150500.6.20.1.s390x.rpm
libvirt-daemon-driver-storage-scsi-9.0.0-150500.6.20.1.s390x.rpm
libvirt-daemon-qemu-9.0.0-150500.6.20.1.s390x.rpm
libvirt-libs-9.0.0-150500.6.20.1.s390x.rpm
libvirt-client-9.0.0-150500.6.20.1.aarch64.rpm
libvirt-daemon-9.0.0-150500.6.20.1.aarch64.rpm
libvirt-daemon-driver-interface-9.0.0-150500.6.20.1.aarch64.rpm
libvirt-daemon-driver-network-9.0.0-150500.6.20.1.aarch64.rpm
libvirt-daemon-driver-nodedev-9.0.0-150500.6.20.1.aarch64.rpm
libvirt-daemon-driver-nwfilter-9.0.0-150500.6.20.1.aarch64.rpm
libvirt-daemon-driver-qemu-9.0.0-150500.6.20.1.aarch64.rpm
libvirt-daemon-driver-secret-9.0.0-150500.6.20.1.aarch64.rpm
libvirt-daemon-driver-storage-9.0.0-150500.6.20.1.aarch64.rpm
libvirt-daemon-driver-storage-core-9.0.0-150500.6.20.1.aarch64.rpm
libvirt-daemon-driver-storage-disk-9.0.0-150500.6.20.1.aarch64.rpm
libvirt-daemon-driver-storage-iscsi-9.0.0-150500.6.20.1.aarch64.rpm
libvirt-daemon-driver-storage-iscsi-direct-9.0.0-150500.6.20.1.aarch64.rpm
libvirt-daemon-driver-storage-logical-9.0.0-150500.6.20.1.aarch64.rpm
libvirt-daemon-driver-storage-mpath-9.0.0-150500.6.20.1.aarch64.rpm
libvirt-daemon-driver-storage-rbd-9.0.0-150500.6.20.1.aarch64.rpm
libvirt-daemon-driver-storage-scsi-9.0.0-150500.6.20.1.aarch64.rpm
libvirt-daemon-qemu-9.0.0-150500.6.20.1.aarch64.rpm
libvirt-libs-9.0.0-150500.6.20.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1176
Recommended update for hwdata
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for hwdata fixes the following issues:
- Update to 0.380
- Update pci, usb and vendor ids
hwdata-0.380-150000.3.68.1.noarch.rpm
hwdata-0.380-150000.3.68.1.src.rpm
openSUSE-Leap-Micro-5.5-2024-858
Security update for the Linux Kernel
important
SUSE Updates openSUSE-Leap-Micro 5.5
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2019-25162: Fixed a potential use after free (bsc#1220409).
- CVE-2021-46923: Fixed reference leakage in fs/mount_setattr (bsc#1220457).
- CVE-2021-46924: Fixed fix memory leak in device probe and remove (bsc#1220459)
- CVE-2021-46932: Fixed missing work initialization before device registration (bsc#1220444)
- CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456).
- CVE-2023-5197: Fixed se-after-free due to addition and removal of rules from chain bindings within the same transaction (bsc#1218216).
- CVE-2023-52340: Fixed ICMPv6 “Packet Too Big” packets force a DoS of the Linux kernel by forcing 100% CPU (bsc#1219295).
- CVE-2023-52429: Fixed potential DoS in dm_table_create in drivers/md/dm-table.c (bsc#1219827).
- CVE-2023-52439: Fixed use-after-free in uio_open (bsc#1220140).
- CVE-2023-52443: Fixed crash when parsed profile name is empty (bsc#1220240).
- CVE-2023-52445: Fixed use after free on context disconnection (bsc#1220241).
- CVE-2023-52447: Fixed map_fd_put_ptr() signature kABI workaround (bsc#1220251).
- CVE-2023-52448: Fixed kernel NULL pointer dereference in gfs2_rgrp_dump (bsc#1220253).
- CVE-2023-52449: Fixed gluebi NULL pointer dereference caused by ftl notifier (bsc#1220238).
- CVE-2023-52451: Fixed access beyond end of drmem array (bsc#1220250).
- CVE-2023-52452: Fixed Fix accesses to uninit stack slots (bsc#1220257).
- CVE-2023-52456: Fixed tx statemachine deadlock (bsc#1220364).
- CVE-2023-52457: Fixed skipped resource freeing if pm_runtime_resume_and_get() failed (bsc#1220350).
- CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328).
- CVE-2023-52464: Fixed possible out-of-bounds string access (bsc#1220330)
- CVE-2023-52475: Fixed use-after-free in powermate_config_complete (bsc#1220649)
- CVE-2023-52478: Fixed kernel crash on receiver USB disconnect (bsc#1220796)
- CVE-2023-6817: Fixed use-after-free in nft_pipapo_walk (bsc#1218195).
- CVE-2024-0607: Fixed 64-bit load issue in nft_byteorder_eval() (bsc#1218915).
- CVE-2024-1151: Fixed unlimited number of recursions from action sets (bsc#1219835).
- CVE-2024-23849: Fixed array-index-out-of-bounds in rds_cmsg_recv (bsc#1219127).
- CVE-2024-23850: Fixed double free of anonymous device after snapshot creation failure (bsc#1219126).
- CVE-2024-23851: Fixed crash in copy_params in drivers/md/dm-ioctl.c (bsc#1219146).
- CVE-2024-25744: Fixed Security issue with int 80 interrupt vector (bsc#1217927).
- CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187).
- CVE-2024-26586: Fixed stack corruption (bsc#1220243).
- CVE-2024-26589: Fixed out of bounds read due to variable offset alu on PTR_TO_FLOW_KEYS (bsc#1220255).
- CVE-2024-26591: Fixed re-attachment branch in bpf_tracing_prog_attach (bsc#1220254).
- CVE-2024-26593: Fixed block process call transactions (bsc#1220009).
- CVE-2024-26595: Fixed NULL pointer dereference in error path (bsc#1220344).
- CVE-2024-26598: Fixed potential UAF in LPI translation cache (bsc#1220326).
- CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398).
- CVE-2024-26603: Fixed infinite loop via #PF handling (bsc#1220335).
- CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220825).
The following non-security bugs were fixed:
- acpi: apei: set memory failure flags as mf_action_required on synchronous events (git-fixes).
- acpi: button: add lid disable dmi quirk for nextbook ares 8a (git-fixes).
- acpi: extlog: fix null pointer dereference check (git-fixes).
- acpi: resource: add asus model s5402za to quirks (git-fixes).
- acpi: resource: skip irq override on asus expertbook b1502cba (git-fixes).
- acpi: resource: skip irq override on asus expertbook b2402cba (git-fixes).
- acpi: video: add backlight=native dmi quirk for apple imac11,3 (git-fixes).
- acpi: video: add backlight=native dmi quirk for apple imac12,1 and imac12,2 (git-fixes).
- acpi: video: add backlight=native dmi quirk for lenovo thinkpad x131e (3371 amd version) (git-fixes).
- acpi: video: add quirk for the colorful x15 at 23 laptop (git-fixes).
- add reference to recently released cve
- afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*() (git-fixes).
- afs: fix the usage of read_seqbegin_or_lock() in afs_lookup_volume_rcu() (git-fixes).
- afs: hide silly-rename files from userspace (git-fixes).
- afs: increase buffer size in afs_update_volume_status() (git-fixes).
- ahci: asm1166: correct count of reported ports (git-fixes).
- alsa: drop leftover snd-rtctimer stuff from makefile (git-fixes).
- alsa: firewire-lib: fix to check cycle continuity (git-fixes).
- alsa: hda/conexant: add quirk for sws js201d (git-fixes).
- alsa: hda/realtek: apply headset jack quirk for non-bass alc287 thinkpads (git-fixes).
- alsa: hda/realtek: cs35l41: fix device id / model name (git-fixes).
- alsa: hda/realtek: cs35l41: fix order and duplicates in quirks table (git-fixes).
- alsa: hda/realtek: enable headset mic on vaio vjfe-adl (git-fixes).
- alsa: hda/realtek: enable mute led on hp laptop 14-fq0xxx (git-fixes).
- alsa: hda/realtek: fix mute/micmute led for hp mt645 (git-fixes).
- alsa: hda/realtek: fix mute/micmute leds for hp zbook power (git-fixes).
- alsa: hda/realtek: fix the external mic not being recognised for acer swift 1 sf114-32 (git-fixes).
- alsa: usb-audio: add a quirk for yamaha yit-w12tx transmitter (git-fixes).
- alsa: usb-audio: add delay quirk for motu m series 2nd revision (git-fixes).
- alsa: usb-audio: add quirk for rode nt-usb+ (git-fixes).
- alsa: usb-audio: check presence of valid altsetting control (git-fixes).
- alsa: usb-audio: ignore clock selector errors for single connection (git-fixes).
- alsa: usb-audio: more relaxed check of midi jack names (git-fixes).
- alsa: usb-audio: sort quirk table entries (git-fixes).
- arm64: entry: fix arm64_workaround_speculative_unpriv_load (bsc#1219443)
- arm64: entry: preserve/restore x29 even for compat tasks (bsc#1219443)
- arm64: entry: simplify tramp_alias macro and tramp_exit routine (bsc#1219443)
- arm64: errata: add cortex-a510 speculative unprivileged load (bsc#1219443) enable workaround.
- arm64: errata: add cortex-a520 speculative unprivileged load (bsc#1219443) enable workaround without kabi break.
- arm64: errata: mitigate ampere1 erratum ac03_cpu_38 at stage-2 (git-fixes) enable ampere_erratum_ac03_cpu_38 workaround without kabi break
- arm64: irq: set the correct node for shadow call stack (git-fixes)
- arm64: irq: set the correct node for vmap stack (git-fixes)
- arm64: rename arm64_workaround_2966298 (bsc#1219443)
- arm64: subscribe microsoft azure cobalt 100 to arm neoverse n2 errata (git-fixes)
- asoc: doc: fix undefined snd_soc_dapm_nopm argument (git-fixes).
- asoc: rt5645: fix deadlock in rt5645_jack_detect_work() (git-fixes).
- asoc: sof: ipc3: fix message bounds on ipc ops (git-fixes).
- asoc: sunxi: sun4i-spdif: add support for allwinner h616 (git-fixes).
- atm: idt77252: fix a memleak in open_card_ubr0 (git-fixes).
- bluetooth: avoid potential use-after-free in hci_error_reset (git-fixes).
- bluetooth: enforce validation on max value of connection interval (git-fixes).
- bluetooth: hci_event: fix handling of hci_ev_io_capa_request (git-fixes).
- bluetooth: hci_event: fix wrongly recorded wakeup bd_addr (git-fixes).
- bluetooth: hci_sync: check the correct flag before starting a scan (git-fixes).
- bluetooth: hci_sync: fix accept_list when attempting to suspend (git-fixes).
- bluetooth: l2cap: fix possible multiple reject send (git-fixes).
- bluetooth: qca: fix wrong event type for patch config command (git-fixes).
- bpf: fix verification of indirect var-off stack access (git-fixes).
- bpf: guard stack limits against 32bit overflow (git-fixes).
- bpf: minor logging improvement (bsc#1220257).
- bus: moxtet: add spi device table (git-fixes).
- cachefiles: fix memory leak in cachefiles_add_cache() (bsc#1220267).
- can: j1939: fix uaf in j1939_sk_match_filter during setsockopt(so_j1939_filter) (git-fixes).
- crypto: api - disallow identical driver names (git-fixes).
- crypto: ccp - fix null pointer dereference in __sev_platform_shutdown_locked (git-fixes).
- crypto: octeontx2 - fix cptvf driver cleanup (git-fixes).
- crypto: stm32/crc32 - fix parsing list of devices (git-fixes).
- dmaengine: fsl-qdma: fix a memory leak related to the queue command dma (git-fixes).
- dmaengine: fsl-qdma: fix soc may hang on 16 byte unaligned read (git-fixes).
- dmaengine: fsl-qdma: increase size of 'irq_name' (git-fixes).
- dmaengine: fsl-qdma: init irq after reg initialization (git-fixes).
- dmaengine: ptdma: use consistent dma masks (git-fixes).
- dmaengine: shdma: increase size of 'dev_id' (git-fixes).
- dmaengine: ti: edma: add some null pointer checks to the edma_probe (git-fixes).
- driver core: fix device_link_flag_is_sync_state_only() (git-fixes).
- drm/amd/display: fix memory leak in dm_sw_fini() (git-fixes).
- drm/amd/display: fix possible buffer overflow in 'find_dcfclk_for_voltage()' (git-fixes).
- drm/amd/display: fix possible null dereference on device remove/driver unload (git-fixes).
- drm/amd/display: increase frame-larger-than for all display_mode_vba files (git-fixes).
- drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz (git-fixes).
- drm/amd/display: preserve original aspect ratio in create stream (git-fixes).
- drm/amdgpu/display: initialize gamma correction mode variable in dcn30_get_gamcor_current() (git-fixes).
- drm/amdgpu: reset gpu for s3 suspend abort case (git-fixes).
- drm/amdgpu: skip to program gfxdec registers for suspend abort (git-fixes).
- drm/buddy: fix range bias (git-fixes).
- drm/crtc: fix uninitialized variable use even harder (git-fixes).
- drm/i915/gvt: fix uninitialized variable in handle_mmio() (git-fixes).
- drm/msm/dp: return correct colorimetry for dp_test_dynamic_range_cea case (git-fixes).
- drm/msm/dpu: check for valid hw_pp in dpu_encoder_helper_phys_cleanup (git-fixes).
- drm/msms/dp: fixed link clock divider bits be over written in bpc unknown case (git-fixes).
- drm/prime: support page array >= 4gb (git-fixes).
- drm/syncobj: call drm_syncobj_fence_add_wait when wait_available flag is set (git-fixes).
- drm/ttm: fix an invalid freeing on already freed page in error path (git-fixes).
- drop bcm5974 input patch causing a regression (bsc#1220030)
- efi/capsule-loader: fix incorrect allocation size (git-fixes).
- efi: do not add memblocks for soft-reserved memory (git-fixes).
- efi: runtime: fix potential overflow of soft-reserved region size (git-fixes).
- fbcon: always restore the old font data in fbcon_do_set_font() (git-fixes).
- fbdev: savage: error out if pixclock equals zero (git-fixes).
- fbdev: sis: error out if pixclock equals zero (git-fixes).
- firewire: core: send bus reset promptly on gap count error (git-fixes).
- fs: dlm: fix build with config_ipv6 disabled (git-fixes).
- fs:jfs:ubsan:array-index-out-of-bounds in dbadjtree (git-fixes).
- gpio: 74x164: enable output pins after registers are reset (git-fixes).
- gpio: fix resource unwinding order in error path (git-fixes).
- gpiolib: acpi: ignore touchpad wakeup on gpd g1619-04 (git-fixes).
- gpiolib: fix the error path order in gpiochip_add_data_with_key() (git-fixes).
- hid: apple: add 2021 magic keyboard fn key mapping (git-fixes).
- hid: apple: add support for the 2021 magic keyboard (git-fixes).
- hid: wacom: do not register input devices until after hid_hw_start (git-fixes).
- hid: wacom: generic: avoid reporting a serial of '0' to userspace (git-fixes).
- hwmon: (aspeed-pwm-tacho) mutex for tach reading (git-fixes).
- hwmon: (coretemp) enlarge per package core count limit (git-fixes).
- hwmon: (coretemp) fix bogus core_id to attr name mapping (git-fixes).
- hwmon: (coretemp) fix out-of-bounds memory access (git-fixes).
- i2c: i801: fix block process call transactions (git-fixes).
- i2c: i801: remove i801_set_block_buffer_mode (git-fixes).
- i2c: imx: add timer for handling the stop condition (git-fixes).
- i2c: imx: when being a target, mark the last read as processed (git-fixes).
- i3c: master: cdns: update maximum prescaler value for i2c clock (git-fixes).
- ib/hfi1: fix a memleak in init_credit_return (git-fixes)
- ib/hfi1: fix sdma.h tx->num_descs off-by-one error (git-fixes)
- iio: accel: bma400: fix a compilation problem (git-fixes).
- iio: adc: ad7091r: set alert bit in config register (git-fixes).
- iio: core: fix memleak in iio_device_register_sysfs (git-fixes).
- iio: hid-sensor-als: return 0 for hid_usage_sensor_time_timestamp (git-fixes).
- iio: magnetometer: rm3100: add boundary check for the value read from rm3100_reg_tmrc (git-fixes).
- input: iqs269a - switch to define_simple_dev_pm_ops() and pm_sleep_ptr() (git-fixes).
- input: xpad - add lenovo legion go controllers (git-fixes).
- irqchip/gic-v3-its: fix gicv4.1 vpe affinity update (git-fixes).
- irqchip/irq-brcmstb-l2: add write memory barrier before exit (git-fixes).
- jfs: fix array-index-out-of-bounds in dbadjtree (git-fixes).
- jfs: fix array-index-out-of-bounds in dinewext (git-fixes).
- jfs: fix slab-out-of-bounds read in dtsearch (git-fixes).
- jfs: fix uaf in jfs_evict_inode (git-fixes).
- kbuild: fix changing elf file type for output of gen_btf for big endian (git-fixes).
- kvm: s390: fix cc for successful pqap (git-fixes bsc#1219839).
- kvm: s390: fix setting of fpc register (git-fixes bsc#1220392).
- kvm: s390: vsie: fix race during shadow creation (git-fixes bsc#1220393).
- kvm: vmx: move verw closer to vmentry for mds mitigation (git-fixes).
- kvm: vmx: use bt+jnc, i.e. eflags.cf to select vmresume vs. vmlaunch (git-fixes).
- lan78xx: enable auto speed configuration for lan7850 if no eeprom is detected (git-fixes).
- leds: trigger: panic: do not register panic notifier if creating the trigger failed (git-fixes).
- lib/stackdepot: add depot_fetch_stack helper (jsc-ped#7423).
- lib/stackdepot: add refcount for records (jsc-ped#7423).
- lib/stackdepot: fix first entry having a 0-handle (jsc-ped#7423).
- lib/stackdepot: move stack_record struct definition into the header (jsc-ped#7423).
- libsubcmd: fix memory leak in uniq() (git-fixes).
- media: ddbridge: fix an error code problem in ddb_probe (git-fixes).
- media: ir_toy: fix a memleak in irtoy_tx (git-fixes).
- media: rc: bpf attach/detach requires write permission (git-fixes).
- media: rockchip: rga: fix swizzling for rgb formats (git-fixes).
- media: stk1160: fixed high volume of stk1160_dbg messages (git-fixes).
- mfd: syscon: fix null pointer dereference in of_syscon_register() (git-fixes).
- mm,page_owner: display all stacks and their count (jsc-ped#7423).
- mm,page_owner: filter out stacks by a threshold (jsc-ped#7423).
- mm,page_owner: implement the tracking of the stacks count (jsc-ped#7423).
- mm,page_owner: maintain own list of stack_records structs (jsc-ped#7423).
- mm,page_owner: update documentation regarding page_owner_stacks (jsc-ped#7423).
- mm/hwpoison: fix unpoison_memory() (bsc#1218663).
- mm/hwpoison: mf_mutex for soft offline and unpoison (bsc#1218663).
- mm/hwpoison: remove mf_msg_buddy_2nd and mf_msg_poisoned_huge (bsc#1218663).
- mm: memory-failure: fix potential unexpected return value from unpoison_memory() (git-fixes).
- mmc: core: fix emmc initialization with 1-bit bus connection (git-fixes).
- mmc: core: use mrq.sbc in close-ended ffu (git-fixes).
- mmc: mmc_spi: remove custom dma mapped buffers (git-fixes).
- mmc: sdhci-xenon: add timeout for phy init complete (git-fixes).
- mmc: sdhci-xenon: fix phy init clock stability (git-fixes).
- mmc: slot-gpio: allow non-sleeping gpio ro (git-fixes).
- modpost: trim leading spaces when processing source files list (git-fixes).
- mtd: spinand: gigadevice: fix the get ecc status issue (git-fixes).
- net: usb: dm9601: fix wrong return value in dm9601_mdio_read (git-fixes).
- netfs, fscache: prevent oops in fscache_put_cache() (bsc#1220003).
- nilfs2: fix data corruption in dsync block recovery for small block sizes (git-fixes).
- nilfs2: replace warn_ons for invalid dat metadata block requests (git-fixes).
- nouveau/svm: fix kvcalloc() argument order (git-fixes).
- nouveau: fix function cast warnings (git-fixes).
- ntfs: check overflow when iterating attr_records (git-fixes).
- ntfs: fix use-after-free in ntfs_attr_find() (git-fixes).
- nvme-fabrics: fix i/o connect error handling (git-fixes).
- nvme-host: fix the updating of the firmware version (git-fixes).
- pci/aer: decode requester id when no error info found (git-fixes).
- pci: add no pm reset quirk for nvidia spectrum devices (git-fixes).
- pci: add pci_header_type_mfd definition (bsc#1220021).
- pci: fix 64gt/s effective data rate calculation (git-fixes).
- pci: only override amd usb controller if required (git-fixes).
- pci: switchtec: fix stdev_release() crash after surprise hot remove (git-fixes).
- platform/x86: thinkpad_acpi: only update profile if successfully converted (git-fixes).
- platform/x86: touchscreen_dmi: add info for the teclast x16 plus tablet (git-fixes).
- platform/x86: touchscreen_dmi: allow partial (prefix) matches for acpi names (git-fixes).
- pm: core: remove unnecessary (void *) conversions (git-fixes).
- pm: runtime: have devm_pm_runtime_enable() handle pm_runtime_dont_use_autosuspend() (git-fixes).
- pnp: acpi: fix fortify warning (git-fixes).
- power: supply: bq27xxx-i2c: do not free non existing irq (git-fixes).
- powerpc/64: set task pt_regs->link to the lr value on scv entry (bsc#1194869).
- powerpc/powernv: fix fortify source warnings in opal-prd.c (bsc#1194869).
- powerpc/pseries: add a clear modifier to ibm,pa/pi-features parser (bsc#1220348).
- powerpc/pseries: rework lppaca_shared_proc() to avoid debug_preempt (bsc#1194869).
- powerpc/pseries: set cpu_ftr_dbell according to ibm,pi-features (bsc#1220348).
- powerpc/watchpoint: disable pagefaults when getting user instruction (bsc#1194869).
- powerpc/watchpoints: annotate atomic context in more places (bsc#1194869).
- powerpc/watchpoints: disable preemption in thread_change_pc() (bsc#1194869).
- powerpc: add crtsavres.o to always-y instead of extra-y (bsc#1194869).
- powerpc: do not include lppaca.h in paca.h (bsc#1194869).
- pstore/ram: fix crash when setting number of cpus to an odd number (git-fixes).
- ras/amd/atl: add mi300 row retirement support (jsc#ped-7618).
- ras/amd/atl: fix bit overflow in denorm_addr_df4_np2() (git-fixes).
- ras: introduce a fru memory poison manager (jsc#ped-7618).
- rdma/bnxt_re: add a missing check in bnxt_qplib_query_srq (git-fixes)
- rdma/bnxt_re: return error for srq resize (git-fixes)
- rdma/core: fix uninit-value access in ib_get_eth_speed() (bsc#1219934).
- rdma/core: get ib width and speed from netdev (bsc#1219934).
- rdma/irdma: add ae for too many rnrs (git-fixes)
- rdma/irdma: fix kasan issue with tasklet (git-fixes)
- rdma/irdma: set the cq read threshold for gen 1 (git-fixes)
- rdma/irdma: validate max_send_wr and max_recv_wr (git-fixes)
- rdma/qedr: fix qedr_create_user_qp error flow (git-fixes)
- rdma/srpt: fix function pointer cast warnings (git-fixes)
- rdma/srpt: support specifying the srpt_service_guid parameter (git-fixes)
- refresh patches.suse/dm_blk_ioctl-implement-path-failover-for-sg_io (bsc#1216776, bsc#1220277)
- regulator: core: only increment use_count when enable_count changes (git-fixes).
- regulator: pwm-regulator: add validity checks in continuous .get_voltage (git-fixes).
- revert "drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz" (git-fixes).
- revert "drm/amd/pm: resolve reboot exception for si oland" (git-fixes).
- revert "drm/amd: flush any delayed gfxoff on suspend entry" (git-fixes).
- rpm/kernel-binary.spec.in: install scripts/gdb when enabled in config (bsc#1219653) they are put into -devel subpackage. and a proper link to /usr/share/gdb/auto-load/ is created.
- s390/qeth: fix potential loss of l3-ip@ in case of network issues (git-fixes bsc#1219840).
- s390: use the correct count for __iowrite64_copy() (git-fixes bsc#1220317).
- sched/membarrier: reduce the ability to hammer on sys_membarrier (git-fixes).
- scsi: core: move scsi_host_busy() out of host lock for waking up eh handler (git-fixes).
- scsi: core: move scsi_host_busy() out of host lock if it is for per-command (git-fixes).
- scsi: fnic: move fnic_fnic_flush_tx() to a work queue (git-fixes bsc#1219141).
- scsi: hisi_sas: prevent parallel flr and controller reset (git-fixes).
- scsi: ibmvfc: limit max hw queues by num_online_cpus() (bsc#1220106).
- scsi: ibmvfc: open-code reset loop for target reset (bsc#1220106).
- scsi: isci: fix an error code problem in isci_io_request_build() (git-fixes).
- scsi: lpfc: add condition to delete ndlp object after sending bls_rjt to an abts (bsc#1220021).
- scsi: lpfc: allow lpfc_plogi_confirm_nport() logic to execute for fabric nodes (bsc#1220021).
- scsi: lpfc: change lpfc_vport fc_flag member into a bitmask (bsc#1220021).
- scsi: lpfc: change lpfc_vport load_flag member into a bitmask (bsc#1220021).
- scsi: lpfc: change nlp state statistic counters into atomic_t (bsc#1220021).
- scsi: lpfc: copyright updates for 14.4.0.0 patches (bsc#1220021).
- scsi: lpfc: fix failure to delete vports when discovery is in progress (bsc#1220021).
- scsi: lpfc: fix possible memory leak in lpfc_rcv_padisc() (bsc#1220021).
- scsi: lpfc: initialize status local variable in lpfc_sli4_repost_sgl_list() (bsc#1220021).
- scsi: lpfc: move handling of reset congestion statistics events (bsc#1220021).
- scsi: lpfc: protect vport fc_nodes list with an explicit spin lock (bsc#1220021).
- scsi: lpfc: remove d_id swap log message from trace event logger (bsc#1220021).
- scsi: lpfc: remove nlp_rcv_plogi early return during rscn processing for ndlps (bsc#1220021).
- scsi: lpfc: remove shost_lock protection for fc_host_port shost apis (bsc#1220021).
- scsi: lpfc: replace deprecated strncpy() with strscpy() (bsc#1220021).
- scsi: lpfc: save fpin frequency statistics upon receipt of peer cgn notifications (bsc#1220021).
- scsi: lpfc: update lpfc version to 14.4.0.0 (bsc#1220021).
- scsi: lpfc: use pci_header_type_mfd instead of literal (bsc#1220021).
- scsi: lpfc: use sg_dma_len() api to get struct scatterlist's length (bsc#1220021).
- scsi: mpi3mr: refresh sdev queue depth after controller reset (git-fixes).
- scsi: revert "scsi: fcoe: fix potential deadlock on &fip->ctlr_lock" (git-fixes bsc#1219141).
- serial: 8250: remove serial_rs485 sanitization from em485 (git-fixes).
- spi-mxs: fix chipselect glitch (git-fixes).
- spi: hisi-sfc-v3xx: return irq_none if no interrupts were detected (git-fixes).
- spi: ppc4xx: drop write-only variable (git-fixes).
- spi: sh-msiof: avoid integer overflow in constants (git-fixes).
- staging: iio: ad5933: fix type mismatch regression (git-fixes).
- supported.conf: remove external flag from ibm supported modules. (bsc#1209412)
- tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd (bsc#1218450).
- tomoyo: fix uaf write bug in tomoyo_write_control() (git-fixes).
- topology/sysfs: add format parameter to macro defining "show" functions for proc (jsc#ped-7618).
- topology/sysfs: add ppin in sysfs under cpu topology (jsc#ped-7618).
- tty: allow tiocslcktrmios with cap_checkpoint_restore (git-fixes).
- ubsan: array-index-out-of-bounds in dtsplitroot (git-fixes).
- usb: cdns3: fix memory double free when handle zero packet (git-fixes).
- usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() (git-fixes).
- usb: cdns3: modify the return value of cdns_set_active () to void when config_pm_sleep is disabled (git-fixes).
- usb: cdns3: put the cdns set active part outside the spin lock (git-fixes).
- usb: cdns: readd old api (git-fixes).
- usb: cdnsp: blocked some cdns3 specific code (git-fixes).
- usb: cdnsp: fixed issue with incorrect detecting cdnsp family controllers (git-fixes).
- usb: dwc3: gadget: do not disconnect if not started (git-fixes).
- usb: dwc3: gadget: handle ep0 request dequeuing properly (git-fixes).
- usb: dwc3: gadget: ignore end transfer delay on teardown (git-fixes).
- usb: dwc3: gadget: queue pm runtime idle on disconnect event (git-fixes).
- usb: dwc3: gadget: refactor ep0 forced stall/restart into a separate api (git-fixes).
- usb: dwc3: gadget: submit endxfer command if delayed during disconnect (git-fixes).
- usb: dwc3: host: set xhci_sg_trb_cache_size_quirk (git-fixes).
- usb: f_mass_storage: forbid async queue when shutdown happen (git-fixes).
- usb: gadget: core: add missing kerneldoc for vbus_work (git-fixes).
- usb: gadget: core: adjust uevent timing on gadget unbind (git-fixes).
- usb: gadget: core: help prevent panic during uvc unconfigure (git-fixes).
- usb: gadget: core: remove unbalanced mutex_unlock in usb_gadget_activate (git-fixes).
- usb: gadget: f_hid: fix report descriptor allocation (git-fixes).
- usb: gadget: fix obscure lockdep violation for udc_mutex (git-fixes).
- usb: gadget: fix use-after-free read in usb_udc_uevent() (git-fixes).
- usb: gadget: fsl_qe_udc: validate endpoint index for ch9 udc (git-fixes).
- usb: gadget: ncm: avoid dropping datagrams of properly parsed ntbs (git-fixes).
- usb: gadget: udc: core: offload usb_udc_vbus_handler processing (git-fixes).
- usb: gadget: udc: core: prevent soft_connect_store() race (git-fixes).
- usb: gadget: udc: handle gadget_connect failure during bind operation (git-fixes).
- usb: hub: check for alternate port before enabling a_alt_hnp_support (bsc#1218527).
- usb: hub: replace hardcoded quirk value with bit() macro (git-fixes).
- usb: roles: do not get/set_role() when usb_role_switch is unregistered (git-fixes).
- usb: roles: fix null pointer issue when put module's reference (git-fixes).
- usb: serial: cp210x: add id for imst im871a-usb (git-fixes).
- usb: serial: option: add fibocom fm101-gl variant (git-fixes).
- usb: serial: qcserial: add new usb-id for dell wireless dw5826e (git-fixes).
- watchdog: it87_wdt: keep wdtctrl bit 3 unmodified for it8784/it8786 (git-fixes).
- wifi: ath11k: fix registration of 6ghz-only phy without the full channel range (git-fixes).
- wifi: ath9k: fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() (git-fixes).
- wifi: cfg80211: fix missing interfaces when dumping (git-fixes).
- wifi: cfg80211: free beacon_ies when overridden from hidden bss (git-fixes).
- wifi: iwlwifi: fix some error codes (git-fixes).
- wifi: iwlwifi: mvm: avoid baid size integer overflow (git-fixes).
- wifi: iwlwifi: uninitialized variable in iwl_acpi_get_ppag_table() (git-fixes).
- wifi: mac80211: adding missing drv_mgd_complete_tx() call (git-fixes).
- wifi: mac80211: fix race condition on enabling fast-xmit (git-fixes).
- wifi: nl80211: reject iftype change with mesh id change (git-fixes).
- wifi: rt2x00: restart beacon queue when hardware reset (git-fixes).
- wifi: rtl8xxxu: add additional usb ids for rtl8192eu devices (git-fixes).
- wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift() (git-fixes).
- wifi: wext-core: fix -wstringop-overflow warning in ioctl_standard_iw_point() (git-fixes).
- x86/asm: add _asm_rip() macro for x86-64 (%rip) suffix (git-fixes).
- x86/bugs: add asm helpers for executing verw (git-fixes).
- x86/bugs: use alternative() instead of mds_user_clear static key (git-fixes). also add mds_user_clear to kabi severities since it's strictly mitigation related so should be low risk.
- x86/cpu: x86_feature_intel_ppin finally had a cpuid bit (jsc#ped-7618).
- x86/entry_32: add verw just before userspace transition (git-fixes).
- x86/entry_64: add verw just before userspace transition (git-fixes).
- x86/mm: fix memory encryption features advertisement (bsc#1206453).
- xfs: remove unused fields from struct xbtree_ifakeroot (git-fixes).
- xfs: short circuit xfs_growfs_data_private() if delta is zero (git-fixes).
kernel-default-5.14.21-150500.55.52.1.nosrc.rpm
True
kernel-default-5.14.21-150500.55.52.1.x86_64.rpm
True
kernel-default-base-5.14.21-150500.55.52.1.150500.6.23.1.src.rpm
True
kernel-default-base-5.14.21-150500.55.52.1.150500.6.23.1.x86_64.rpm
True
kernel-default-5.14.21-150500.55.52.1.s390x.rpm
True
kernel-default-5.14.21-150500.55.52.1.aarch64.rpm
True
kernel-default-base-5.14.21-150500.55.52.1.150500.6.23.1.aarch64.rpm
True
openSUSE-Leap-Micro-5.5-2024-1007
Security update for shadow
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for shadow fixes the following issues:
- CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507).
- CVE-2023-4641: Fixed possible password leak during passwd(1) change (bsc#1214806).
The following non-security bugs were fixed:
- bsc#1176006: Fix chage date miscalculation
- bsc#1188307: Fix passwd segfault
- bsc#1203823: Remove pam_keyinit from PAM config files
- bsc#1213189: Change lock mechanism to file locking to prevent
lock files after power interruptions
- bsc#1206627: Add --prefix support to passwd, chpasswd and chage
- bsc#1205502: useradd audit event user id field cannot be interpretedd
login_defs-4.8.1-150500.3.3.1.noarch.rpm
shadow-4.8.1-150500.3.3.1.src.rpm
shadow-4.8.1-150500.3.3.1.x86_64.rpm
shadow-4.8.1-150500.3.3.1.s390x.rpm
shadow-4.8.1-150500.3.3.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1104
Recommended update for docker, containerd, rootlesskit, catatonit, slirp4netns, fuse-overlayfs
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for docker fixes the following issues:
- Overlay files are world-writable (bsc#1220339)
- Allow disabling apparmor support (some products only support SELinux)
The other packages in the update (containerd, rootlesskit, catatonit, slirp4netns, fuse-overlayfs)
are no-change rebuilds required because the corresponding binary packages were missing in a number
of repositories, thus making docker not installable on some products.
Updating docker will restart the docker service, which may stop some of your docker containers. Do you want to proceed with the update?
containerd-1.7.10-150000.108.1.src.rpm
containerd-1.7.10-150000.108.1.x86_64.rpm
docker-24.0.7_ce-150000.198.2.src.rpm
docker-24.0.7_ce-150000.198.2.x86_64.rpm
fuse-overlayfs-1.1.2-150100.3.11.1.src.rpm
fuse-overlayfs-1.1.2-150100.3.11.1.x86_64.rpm
containerd-1.7.10-150000.108.1.s390x.rpm
docker-24.0.7_ce-150000.198.2.s390x.rpm
fuse-overlayfs-1.1.2-150100.3.11.1.s390x.rpm
containerd-1.7.10-150000.108.1.aarch64.rpm
docker-24.0.7_ce-150000.198.2.aarch64.rpm
fuse-overlayfs-1.1.2-150100.3.11.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1397
Recommended update for gcc12
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for gcc12 fixes the following issues:
- gcc12 D language packages are shipped to PackageHub 15 SP5.
gcc12-12.3.0+git1204-150000.1.18.1.src.rpm
openSUSE-Leap-Micro-5.5-2024-1091
Recommended update for rpm
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for rpm fixes the following issues:
- Turn on IMA/EVM file signature support, move the imaevm code that needs the
libiamevm library into a plugin, and install this plugin as part of a new
"rpm-imaevmsign" subpackage (jsc#PED-7246).
- Backport signature reserved space handling from upstream.
python-rpm-4.14.3-150400.59.10.1.src.rpm
python3-rpm-4.14.3-150400.59.10.1.x86_64.rpm
rpm-4.14.3-150400.59.10.1.src.rpm
rpm-4.14.3-150400.59.10.1.x86_64.rpm
rpm-ndb-4.14.3-150400.59.10.1.src.rpm
rpm-ndb-4.14.3-150400.59.10.1.x86_64.rpm
python3-rpm-4.14.3-150400.59.10.1.s390x.rpm
rpm-4.14.3-150400.59.10.1.s390x.rpm
rpm-ndb-4.14.3-150400.59.10.1.s390x.rpm
python3-rpm-4.14.3-150400.59.10.1.aarch64.rpm
rpm-4.14.3-150400.59.10.1.aarch64.rpm
rpm-ndb-4.14.3-150400.59.10.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-846
Recommended update for selinux-policy
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for selinux-policy fixes the following issues:
* Don't audit getty and plymouth the checkpoint_restore capability (bsc#1220361)
selinux-policy-20230511+git15.bdc96df2-150500.3.15.1.noarch.rpm
selinux-policy-20230511+git15.bdc96df2-150500.3.15.1.src.rpm
selinux-policy-devel-20230511+git15.bdc96df2-150500.3.15.1.noarch.rpm
selinux-policy-targeted-20230511+git15.bdc96df2-150500.3.15.1.noarch.rpm
openSUSE-Leap-Micro-5.5-2024-1376
Security update for polkit
low
SUSE Updates openSUSE-Leap-Micro 5.5
This update for polkit fixes the following issues:
- Change permissions for rules folders (bsc#1209282)
libpolkit-agent-1-0-121-150500.3.3.1.x86_64.rpm
libpolkit-gobject-1-0-121-150500.3.3.1.x86_64.rpm
polkit-121-150500.3.3.1.src.rpm
polkit-121-150500.3.3.1.x86_64.rpm
libpolkit-agent-1-0-121-150500.3.3.1.s390x.rpm
libpolkit-gobject-1-0-121-150500.3.3.1.s390x.rpm
polkit-121-150500.3.3.1.s390x.rpm
libpolkit-agent-1-0-121-150500.3.3.1.aarch64.rpm
libpolkit-gobject-1-0-121-150500.3.3.1.aarch64.rpm
polkit-121-150500.3.3.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-876
Security update for sudo
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for sudo fixes the following issues:
- CVE-2023-42465: Fixed issues introduced by first patches (bsc#1221151, bsc#1221134).
sudo-1.9.12p1-150500.7.10.1.src.rpm
sudo-1.9.12p1-150500.7.10.1.x86_64.rpm
sudo-1.9.12p1-150500.7.10.1.s390x.rpm
sudo-1.9.12p1-150500.7.10.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-869
Recommended update for cloud-netconfig
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for cloud-netconfig fixes the following issues:
- Update to version 1.12 (bsc#1221202)
* If token access succeeds using IPv4 do not use the IPv6 endpoint
only use the IPv6 IMDS endpoint if IPv4 access fails.
cloud-netconfig-azure-1.12-150000.25.20.1.noarch.rpm
cloud-netconfig-azure-1.12-150000.25.20.1.src.rpm
cloud-netconfig-ec2-1.12-150000.25.20.1.noarch.rpm
cloud-netconfig-ec2-1.12-150000.25.20.1.src.rpm
cloud-netconfig-gce-1.12-150000.25.20.1.noarch.rpm
cloud-netconfig-gce-1.12-150000.25.20.1.src.rpm
openSUSE-Leap-Micro-5.5-2024-1076
Recommended update for Libreoffice
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for Libreoffice fixes the following issue:
libreoffice was updated from version 7.6.2.1 to 24.2.1.2 (jsc#PED-7496, jsc#PED-8096):
- Highlights of changes up to version 24.2.1.2 are listed in the following release notes:
* https://wiki.documentfoundation.org/ReleaseNotes/24.2
* https://wiki.documentfoundation.org/Releases/24.2.1/RC2
* https://wiki.documentfoundation.org/Releases/24.2.1/RC1
* https://wiki.documentfoundation.org/Releases/7.6.4/RC1
* https://wiki.documentfoundation.org/Releases/7.6.3/RC2
* https://wiki.documentfoundation.org/Releases/7.6.3/RC1
* https://wiki.documentfoundation.org/Releases/7.6.2/RC2
- Update bundled dependencies:
* curl version update from 8.2.1 to 8.6.0
* gpgme version update from 1.18.0 to 1.20.0
* harfbuzz version update from 8.0.0 to 8.2.2
* libcmis version update from 0.5.2 to 0.6.1
* libgpg-error version update from 1.43 to 1.47
* pdfium version update from 5778 to 6179
* poppler version update from 23.06.0 to 23.09.0
* skia version from m111-a31e897fb3dcbc96b2b40999751611d029bf5404 to m116-2ddcf183eb260f63698aa74d1bb380f247ad7ccd
- New bundled dependencies:
* Java-WebSocket-1.5.4.tar.gz
* fontconfig-2.14.2.tar.xz
* freetype-2.13.0.tar.xz
* phc-winner-argon2-20190702.tar.gz
* tiff-4.6.0.tar.xz
- New required dependencies:
* zxcvbn
- Build Libreoffice using OpenSSL instead of NSS, since the bundled curl does
not support the NSS backend any more
abseil-cpp was updated from version 20230802.1 to 20240116.1:
* Added absl::NoDestructor<T> to simplify defining static types
that do not need to be destructed upon program exit.
* Added configurable verbose logging (also known as VLOG).
* Added absl::Overload(), which returns a functor that provides
overloads based on the functors passed to it. Note that this
functionality requires C++17 or newer.
* Breaking Changes:
+ AbslHashValue() no longer accepts C-style arrays as a parameter, caller need to wrap C-string literals in
absl::string_view.
+ absl::weak_equality and absl::strong_equality have been removed. The corresponding std types were removed
before C++20 was finalized
libixion was updated from version 0.18.1 to 0.19.0:
- C++ API:
* Added support for renaming sheets after they have been created.
- Formula interpreter:
* Added support for inline arrays.
liborcus was updated from version 0.18.1 to 0.19.2:
- Changes in version 0.19.2:
* Fixed a build issue with gcc 14 due to a missing include for std::find_if
and std::for_each.
* Fixed a segmentation fault with the orcus-test-xml-mapped test which
manifested on hppa hardware, as originally reported on
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054376.
* Fixed a crash when loading a document that includes a style record
referencing an unnamed style record as its parent. In Excel-generated
documents, styles only reference named styles as their parents. But in
3rd-party generated documents, styles referencing unnamed styles as their
parents can occur.
* Fixed a crash when the document model returned a null pointer when a
reference resolver interface was requested.
- Changes in version 0.19.1:
* Implemented orcus::create_filter() which instantiates a filter object of
specified type. The returned object is of type
orcus::iface::import_filter.
* Moved test cases for format detection to the respective filter test files.
* Fixed a bug where the import filter did not set the formula grammer prior
to importing.
- Changes in version 0.19.0:
* Added support for allowing use of std::filesystem,
std::experimental::filesystem or boost::filesystem per build
configuration.
* Refactored styles import to use style indices returned by the document
model implementer rather than using the indices stored in the file. This
allows the implementer to aggregate some style records and re-use the same
index for records that are stored as different records in the original
file.
* Fixed a bug where column styles were not applied to the correct columns
when the starting column index was not 0.
* Overhauled the Gnumeric import filter to fix many bugs and support many
missing features relative to the other filters included in orcus. Most
notable mentions are:
+ cell styles
+ rich-text strings
+ named ranges
+ row heights and column widths
+ merged cells
* Added partial support for Apache Parquet import filter. This is still
heavily experimental.
zxcvbn:
- New RPM package zxcvbn implementation needed as dependency for Libreoffice
abseil-cpp-20240116.1-150500.13.3.5.src.rpm
openSUSE-Leap-Micro-5.5-2024-910
Security update for the Linux Kernel
important
SUSE Updates openSUSE-Leap-Micro 5.5
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2019-25162: Fixed a potential use after free (bsc#1220409).
- CVE-2021-46923: Fixed reference leakage in fs/mount_setattr (bsc#1220457).
- CVE-2021-46924: Fixed fix memory leak in device probe and remove (bsc#1220459)
- CVE-2021-46932: Fixed missing work initialization before device registration (bsc#1220444)
- CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456).
- CVE-2023-5197: Fixed se-after-free due to addition and removal of rules from chain bindings within the same transaction (bsc#1218216).
- CVE-2023-52340: Fixed ICMPv6 “Packet Too Big” packets force a DoS of the Linux kernel by forcing 100% CPU (bsc#1219295).
- CVE-2023-52429: Fixed potential DoS in dm_table_create in drivers/md/dm-table.c (bsc#1219827).
- CVE-2023-52439: Fixed use-after-free in uio_open (bsc#1220140).
- CVE-2023-52443: Fixed crash when parsed profile name is empty (bsc#1220240).
- CVE-2023-52445: Fixed use after free on context disconnection (bsc#1220241).
- CVE-2023-52447: Fixed map_fd_put_ptr() signature kABI workaround (bsc#1220251).
- CVE-2023-52448: Fixed kernel NULL pointer dereference in gfs2_rgrp_dump (bsc#1220253).
- CVE-2023-52449: Fixed gluebi NULL pointer dereference caused by ftl notifier (bsc#1220238).
- CVE-2023-52451: Fixed access beyond end of drmem array (bsc#1220250).
- CVE-2023-52452: Fixed Fix accesses to uninit stack slots (bsc#1220257).
- CVE-2023-52456: Fixed tx statemachine deadlock (bsc#1220364).
- CVE-2023-52457: Fixed skipped resource freeing if pm_runtime_resume_and_get() failed (bsc#1220350).
- CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328).
- CVE-2023-52464: Fixed possible out-of-bounds string access (bsc#1220330)
- CVE-2023-52475: Fixed use-after-free in powermate_config_complete (bsc#1220649)
- CVE-2023-52478: Fixed kernel crash on receiver USB disconnect (bsc#1220796)
- CVE-2023-6817: Fixed use-after-free in nft_pipapo_walk (bsc#1218195).
- CVE-2024-0607: Fixed 64-bit load issue in nft_byteorder_eval() (bsc#1218915).
- CVE-2024-1151: Fixed unlimited number of recursions from action sets (bsc#1219835).
- CVE-2024-23849: Fixed array-index-out-of-bounds in rds_cmsg_recv (bsc#1219127).
- CVE-2024-23850: Fixed double free of anonymous device after snapshot creation failure (bsc#1219126).
- CVE-2024-23851: Fixed crash in copy_params in drivers/md/dm-ioctl.c (bsc#1219146).
- CVE-2024-25744: Fixed Security issue with int 80 interrupt vector (bsc#1217927).
- CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187).
- CVE-2024-26586: Fixed stack corruption (bsc#1220243).
- CVE-2024-26589: Fixed out of bounds read due to variable offset alu on PTR_TO_FLOW_KEYS (bsc#1220255).
- CVE-2024-26591: Fixed re-attachment branch in bpf_tracing_prog_attach (bsc#1220254).
- CVE-2024-26593: Fixed block process call transactions (bsc#1220009).
- CVE-2024-26595: Fixed NULL pointer dereference in error path (bsc#1220344).
- CVE-2024-26598: Fixed potential UAF in LPI translation cache (bsc#1220326).
- CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398).
- CVE-2024-26603: Fixed infinite loop via #PF handling (bsc#1220335).
- CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220825).
The following non-security bugs were fixed:
- acpi: apei: set memory failure flags as mf_action_required on synchronous events (git-fixes).
- acpi: button: add lid disable dmi quirk for nextbook ares 8a (git-fixes).
- acpi: extlog: fix null pointer dereference check (git-fixes).
- acpi: resource: add asus model s5402za to quirks (git-fixes).
- acpi: resource: skip irq override on asus expertbook b1502cba (git-fixes).
- acpi: resource: skip irq override on asus expertbook b2402cba (git-fixes).
- acpi: video: add backlight=native dmi quirk for apple imac11,3 (git-fixes).
- acpi: video: add backlight=native dmi quirk for apple imac12,1 and imac12,2 (git-fixes).
- acpi: video: add backlight=native dmi quirk for lenovo thinkpad x131e (3371 amd version) (git-fixes).
- acpi: video: add quirk for the colorful x15 at 23 laptop (git-fixes).
- add reference to recently released cve
- afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*() (git-fixes).
- afs: fix the usage of read_seqbegin_or_lock() in afs_lookup_volume_rcu() (git-fixes).
- afs: hide silly-rename files from userspace (git-fixes).
- afs: increase buffer size in afs_update_volume_status() (git-fixes).
- ahci: asm1166: correct count of reported ports (git-fixes).
- alsa: drop leftover snd-rtctimer stuff from makefile (git-fixes).
- alsa: firewire-lib: fix to check cycle continuity (git-fixes).
- alsa: hda/conexant: add quirk for sws js201d (git-fixes).
- alsa: hda/realtek: apply headset jack quirk for non-bass alc287 thinkpads (git-fixes).
- alsa: hda/realtek: cs35l41: fix device id / model name (git-fixes).
- alsa: hda/realtek: cs35l41: fix order and duplicates in quirks table (git-fixes).
- alsa: hda/realtek: enable headset mic on vaio vjfe-adl (git-fixes).
- alsa: hda/realtek: enable mute led on hp laptop 14-fq0xxx (git-fixes).
- alsa: hda/realtek: fix mute/micmute led for hp mt645 (git-fixes).
- alsa: hda/realtek: fix mute/micmute leds for hp zbook power (git-fixes).
- alsa: hda/realtek: fix the external mic not being recognised for acer swift 1 sf114-32 (git-fixes).
- alsa: usb-audio: add a quirk for yamaha yit-w12tx transmitter (git-fixes).
- alsa: usb-audio: add delay quirk for motu m series 2nd revision (git-fixes).
- alsa: usb-audio: add quirk for rode nt-usb+ (git-fixes).
- alsa: usb-audio: check presence of valid altsetting control (git-fixes).
- alsa: usb-audio: ignore clock selector errors for single connection (git-fixes).
- alsa: usb-audio: more relaxed check of midi jack names (git-fixes).
- alsa: usb-audio: sort quirk table entries (git-fixes).
- arm64: entry: fix arm64_workaround_speculative_unpriv_load (bsc#1219443)
- arm64: entry: preserve/restore x29 even for compat tasks (bsc#1219443)
- arm64: entry: simplify tramp_alias macro and tramp_exit routine (bsc#1219443)
- arm64: errata: add cortex-a510 speculative unprivileged load (bsc#1219443) enable workaround.
- arm64: errata: add cortex-a520 speculative unprivileged load (bsc#1219443) enable workaround without kabi break.
- arm64: errata: mitigate ampere1 erratum ac03_cpu_38 at stage-2 (git-fixes) enable ampere_erratum_ac03_cpu_38 workaround without kabi break
- arm64: irq: set the correct node for shadow call stack (git-fixes)
- arm64: irq: set the correct node for vmap stack (git-fixes)
- arm64: rename arm64_workaround_2966298 (bsc#1219443)
- arm64: subscribe microsoft azure cobalt 100 to arm neoverse n2 errata (git-fixes)
- asoc: doc: fix undefined snd_soc_dapm_nopm argument (git-fixes).
- asoc: rt5645: fix deadlock in rt5645_jack_detect_work() (git-fixes).
- asoc: sof: ipc3: fix message bounds on ipc ops (git-fixes).
- asoc: sunxi: sun4i-spdif: add support for allwinner h616 (git-fixes).
- atm: idt77252: fix a memleak in open_card_ubr0 (git-fixes).
- bluetooth: avoid potential use-after-free in hci_error_reset (git-fixes).
- bluetooth: enforce validation on max value of connection interval (git-fixes).
- bluetooth: hci_event: fix handling of hci_ev_io_capa_request (git-fixes).
- bluetooth: hci_event: fix wrongly recorded wakeup bd_addr (git-fixes).
- bluetooth: hci_sync: check the correct flag before starting a scan (git-fixes).
- bluetooth: hci_sync: fix accept_list when attempting to suspend (git-fixes).
- bluetooth: l2cap: fix possible multiple reject send (git-fixes).
- bluetooth: qca: fix wrong event type for patch config command (git-fixes).
- bpf: fix verification of indirect var-off stack access (git-fixes).
- bpf: guard stack limits against 32bit overflow (git-fixes).
- bpf: minor logging improvement (bsc#1220257).
- bus: moxtet: add spi device table (git-fixes).
- cachefiles: fix memory leak in cachefiles_add_cache() (bsc#1220267).
- can: j1939: fix uaf in j1939_sk_match_filter during setsockopt(so_j1939_filter) (git-fixes).
- crypto: api - disallow identical driver names (git-fixes).
- crypto: ccp - fix null pointer dereference in __sev_platform_shutdown_locked (git-fixes).
- crypto: octeontx2 - fix cptvf driver cleanup (git-fixes).
- crypto: stm32/crc32 - fix parsing list of devices (git-fixes).
- dmaengine: fsl-qdma: fix a memory leak related to the queue command dma (git-fixes).
- dmaengine: fsl-qdma: fix soc may hang on 16 byte unaligned read (git-fixes).
- dmaengine: fsl-qdma: increase size of 'irq_name' (git-fixes).
- dmaengine: fsl-qdma: init irq after reg initialization (git-fixes).
- dmaengine: ptdma: use consistent dma masks (git-fixes).
- dmaengine: shdma: increase size of 'dev_id' (git-fixes).
- dmaengine: ti: edma: add some null pointer checks to the edma_probe (git-fixes).
- driver core: fix device_link_flag_is_sync_state_only() (git-fixes).
- drm/amd/display: fix memory leak in dm_sw_fini() (git-fixes).
- drm/amd/display: fix possible buffer overflow in 'find_dcfclk_for_voltage()' (git-fixes).
- drm/amd/display: fix possible null dereference on device remove/driver unload (git-fixes).
- drm/amd/display: increase frame-larger-than for all display_mode_vba files (git-fixes).
- drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz (git-fixes).
- drm/amd/display: preserve original aspect ratio in create stream (git-fixes).
- drm/amdgpu/display: initialize gamma correction mode variable in dcn30_get_gamcor_current() (git-fixes).
- drm/amdgpu: reset gpu for s3 suspend abort case (git-fixes).
- drm/amdgpu: skip to program gfxdec registers for suspend abort (git-fixes).
- drm/buddy: fix range bias (git-fixes).
- drm/crtc: fix uninitialized variable use even harder (git-fixes).
- drm/i915/gvt: fix uninitialized variable in handle_mmio() (git-fixes).
- drm/msm/dp: return correct colorimetry for dp_test_dynamic_range_cea case (git-fixes).
- drm/msm/dpu: check for valid hw_pp in dpu_encoder_helper_phys_cleanup (git-fixes).
- drm/msms/dp: fixed link clock divider bits be over written in bpc unknown case (git-fixes).
- drm/prime: support page array >= 4gb (git-fixes).
- drm/syncobj: call drm_syncobj_fence_add_wait when wait_available flag is set (git-fixes).
- drm/ttm: fix an invalid freeing on already freed page in error path (git-fixes).
- drop bcm5974 input patch causing a regression (bsc#1220030)
- efi/capsule-loader: fix incorrect allocation size (git-fixes).
- efi: do not add memblocks for soft-reserved memory (git-fixes).
- efi: runtime: fix potential overflow of soft-reserved region size (git-fixes).
- fbcon: always restore the old font data in fbcon_do_set_font() (git-fixes).
- fbdev: savage: error out if pixclock equals zero (git-fixes).
- fbdev: sis: error out if pixclock equals zero (git-fixes).
- firewire: core: send bus reset promptly on gap count error (git-fixes).
- fs: dlm: fix build with config_ipv6 disabled (git-fixes).
- fs:jfs:ubsan:array-index-out-of-bounds in dbadjtree (git-fixes).
- gpio: 74x164: enable output pins after registers are reset (git-fixes).
- gpio: fix resource unwinding order in error path (git-fixes).
- gpiolib: acpi: ignore touchpad wakeup on gpd g1619-04 (git-fixes).
- gpiolib: fix the error path order in gpiochip_add_data_with_key() (git-fixes).
- hid: apple: add 2021 magic keyboard fn key mapping (git-fixes).
- hid: apple: add support for the 2021 magic keyboard (git-fixes).
- hid: wacom: do not register input devices until after hid_hw_start (git-fixes).
- hid: wacom: generic: avoid reporting a serial of '0' to userspace (git-fixes).
- hwmon: (aspeed-pwm-tacho) mutex for tach reading (git-fixes).
- hwmon: (coretemp) enlarge per package core count limit (git-fixes).
- hwmon: (coretemp) fix bogus core_id to attr name mapping (git-fixes).
- hwmon: (coretemp) fix out-of-bounds memory access (git-fixes).
- i2c: i801: fix block process call transactions (git-fixes).
- i2c: i801: remove i801_set_block_buffer_mode (git-fixes).
- i2c: imx: add timer for handling the stop condition (git-fixes).
- i2c: imx: when being a target, mark the last read as processed (git-fixes).
- i3c: master: cdns: update maximum prescaler value for i2c clock (git-fixes).
- ib/hfi1: fix a memleak in init_credit_return (git-fixes)
- ib/hfi1: fix sdma.h tx->num_descs off-by-one error (git-fixes)
- iio: accel: bma400: fix a compilation problem (git-fixes).
- iio: adc: ad7091r: set alert bit in config register (git-fixes).
- iio: core: fix memleak in iio_device_register_sysfs (git-fixes).
- iio: hid-sensor-als: return 0 for hid_usage_sensor_time_timestamp (git-fixes).
- iio: magnetometer: rm3100: add boundary check for the value read from rm3100_reg_tmrc (git-fixes).
- input: iqs269a - switch to define_simple_dev_pm_ops() and pm_sleep_ptr() (git-fixes).
- input: xpad - add lenovo legion go controllers (git-fixes).
- irqchip/irq-brcmstb-l2: add write memory barrier before exit (git-fixes).
- jfs: fix array-index-out-of-bounds in dbadjtree (git-fixes).
- jfs: fix array-index-out-of-bounds in dinewext (git-fixes).
- jfs: fix slab-out-of-bounds read in dtsearch (git-fixes).
- jfs: fix uaf in jfs_evict_inode (git-fixes).
- kbuild: fix changing elf file type for output of gen_btf for big endian (git-fixes).
- kvm: s390: fix cc for successful pqap (git-fixes bsc#1219839).
- kvm: s390: fix setting of fpc register (git-fixes bsc#1220392).
- kvm: s390: vsie: fix race during shadow creation (git-fixes bsc#1220393).
- kvm: vmx: move verw closer to vmentry for mds mitigation (git-fixes).
- kvm: vmx: use bt+jnc, i.e. eflags.cf to select vmresume vs. vmlaunch (git-fixes).
- lan78xx: enable auto speed configuration for lan7850 if no eeprom is detected (git-fixes).
- leds: trigger: panic: do not register panic notifier if creating the trigger failed (git-fixes).
- lib/stackdepot: add depot_fetch_stack helper (jsc-ped#7423).
- lib/stackdepot: add refcount for records (jsc-ped#7423).
- lib/stackdepot: fix first entry having a 0-handle (jsc-ped#7423).
- lib/stackdepot: move stack_record struct definition into the header (jsc-ped#7423).
- libsubcmd: fix memory leak in uniq() (git-fixes).
- media: ddbridge: fix an error code problem in ddb_probe (git-fixes).
- media: ir_toy: fix a memleak in irtoy_tx (git-fixes).
- media: rc: bpf attach/detach requires write permission (git-fixes).
- media: rockchip: rga: fix swizzling for rgb formats (git-fixes).
- media: stk1160: fixed high volume of stk1160_dbg messages (git-fixes).
- mfd: syscon: fix null pointer dereference in of_syscon_register() (git-fixes).
- mm,page_owner: display all stacks and their count (jsc-ped#7423).
- mm,page_owner: filter out stacks by a threshold (jsc-ped#7423).
- mm,page_owner: implement the tracking of the stacks count (jsc-ped#7423).
- mm,page_owner: maintain own list of stack_records structs (jsc-ped#7423).
- mm,page_owner: update documentation regarding page_owner_stacks (jsc-ped#7423).
- mm/hwpoison: fix unpoison_memory() (bsc#1218663).
- mm/hwpoison: mf_mutex for soft offline and unpoison (bsc#1218663).
- mm/hwpoison: remove mf_msg_buddy_2nd and mf_msg_poisoned_huge (bsc#1218663).
- mm: memory-failure: fix potential unexpected return value from unpoison_memory() (git-fixes).
- mmc: core: fix emmc initialization with 1-bit bus connection (git-fixes).
- mmc: core: use mrq.sbc in close-ended ffu (git-fixes).
- mmc: mmc_spi: remove custom dma mapped buffers (git-fixes).
- mmc: sdhci-xenon: add timeout for phy init complete (git-fixes).
- mmc: sdhci-xenon: fix phy init clock stability (git-fixes).
- mmc: slot-gpio: allow non-sleeping gpio ro (git-fixes).
- modpost: trim leading spaces when processing source files list (git-fixes).
- mtd: spinand: gigadevice: fix the get ecc status issue (git-fixes).
- net: usb: dm9601: fix wrong return value in dm9601_mdio_read (git-fixes).
- netfs, fscache: prevent oops in fscache_put_cache() (bsc#1220003).
- nilfs2: fix data corruption in dsync block recovery for small block sizes (git-fixes).
- nilfs2: replace warn_ons for invalid dat metadata block requests (git-fixes).
- nouveau/svm: fix kvcalloc() argument order (git-fixes).
- nouveau: fix function cast warnings (git-fixes).
- ntfs: check overflow when iterating attr_records (git-fixes).
- ntfs: fix use-after-free in ntfs_attr_find() (git-fixes).
- nvme-fabrics: fix i/o connect error handling (git-fixes).
- nvme-host: fix the updating of the firmware version (git-fixes).
- pci/aer: decode requester id when no error info found (git-fixes).
- pci: add no pm reset quirk for nvidia spectrum devices (git-fixes).
- pci: add pci_header_type_mfd definition (bsc#1220021).
- pci: fix 64gt/s effective data rate calculation (git-fixes).
- pci: only override amd usb controller if required (git-fixes).
- pci: switchtec: fix stdev_release() crash after surprise hot remove (git-fixes).
- platform/x86: thinkpad_acpi: only update profile if successfully converted (git-fixes).
- platform/x86: touchscreen_dmi: add info for the teclast x16 plus tablet (git-fixes).
- platform/x86: touchscreen_dmi: allow partial (prefix) matches for acpi names (git-fixes).
- pm: core: remove unnecessary (void *) conversions (git-fixes).
- pm: runtime: have devm_pm_runtime_enable() handle pm_runtime_dont_use_autosuspend() (git-fixes).
- pnp: acpi: fix fortify warning (git-fixes).
- power: supply: bq27xxx-i2c: do not free non existing irq (git-fixes).
- powerpc/64: set task pt_regs->link to the lr value on scv entry (bsc#1194869).
- powerpc/powernv: fix fortify source warnings in opal-prd.c (bsc#1194869).
- powerpc/pseries: add a clear modifier to ibm,pa/pi-features parser (bsc#1220348).
- powerpc/pseries: rework lppaca_shared_proc() to avoid debug_preempt (bsc#1194869).
- powerpc/pseries: set cpu_ftr_dbell according to ibm,pi-features (bsc#1220348).
- powerpc/watchpoint: disable pagefaults when getting user instruction (bsc#1194869).
- powerpc/watchpoints: annotate atomic context in more places (bsc#1194869).
- powerpc/watchpoints: disable preemption in thread_change_pc() (bsc#1194869).
- powerpc: add crtsavres.o to always-y instead of extra-y (bsc#1194869).
- powerpc: do not include lppaca.h in paca.h (bsc#1194869).
- pstore/ram: fix crash when setting number of cpus to an odd number (git-fixes).
- ras/amd/atl: add mi300 row retirement support (jsc#ped-7618).
- ras/amd/atl: fix bit overflow in denorm_addr_df4_np2() (git-fixes).
- ras: introduce a fru memory poison manager (jsc#ped-7618).
- rdma/bnxt_re: add a missing check in bnxt_qplib_query_srq (git-fixes)
- rdma/bnxt_re: return error for srq resize (git-fixes)
- rdma/core: fix uninit-value access in ib_get_eth_speed() (bsc#1219934).
- rdma/core: get ib width and speed from netdev (bsc#1219934).
- rdma/irdma: add ae for too many rnrs (git-fixes)
- rdma/irdma: fix kasan issue with tasklet (git-fixes)
- rdma/irdma: set the cq read threshold for gen 1 (git-fixes)
- rdma/irdma: validate max_send_wr and max_recv_wr (git-fixes)
- rdma/qedr: fix qedr_create_user_qp error flow (git-fixes)
- rdma/srpt: fix function pointer cast warnings (git-fixes)
- rdma/srpt: support specifying the srpt_service_guid parameter (git-fixes)
- refresh patches.suse/dm_blk_ioctl-implement-path-failover-for-sg_io. (bsc#1216776, bsc#1220277)
- regulator: core: only increment use_count when enable_count changes (git-fixes).
- regulator: pwm-regulator: add validity checks in continuous .get_voltage (git-fixes).
- revert "drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz" (git-fixes).
- revert "drm/amd/pm: resolve reboot exception for si oland" (git-fixes).
- revert "drm/amd: flush any delayed gfxoff on suspend entry" (git-fixes).
- rpm/kernel-binary.spec.in: install scripts/gdb when enabled in config (bsc#1219653) they are put into -devel subpackage. and a proper link to /usr/share/gdb/auto-load/ is created.
- s390/qeth: fix potential loss of l3-ip@ in case of network issues (git-fixes bsc#1219840).
- s390: use the correct count for __iowrite64_copy() (git-fixes bsc#1220317).
- sched/membarrier: reduce the ability to hammer on sys_membarrier (git-fixes).
- scsi: core: move scsi_host_busy() out of host lock for waking up eh handler (git-fixes).
- scsi: core: move scsi_host_busy() out of host lock if it is for per-command (git-fixes).
- scsi: fnic: move fnic_fnic_flush_tx() to a work queue (git-fixes bsc#1219141).
- scsi: hisi_sas: prevent parallel flr and controller reset (git-fixes).
- scsi: ibmvfc: limit max hw queues by num_online_cpus() (bsc#1220106).
- scsi: ibmvfc: open-code reset loop for target reset (bsc#1220106).
- scsi: isci: fix an error code problem in isci_io_request_build() (git-fixes).
- scsi: lpfc: add condition to delete ndlp object after sending bls_rjt to an abts (bsc#1220021).
- scsi: lpfc: allow lpfc_plogi_confirm_nport() logic to execute for fabric nodes (bsc#1220021).
- scsi: lpfc: change lpfc_vport fc_flag member into a bitmask (bsc#1220021).
- scsi: lpfc: change lpfc_vport load_flag member into a bitmask (bsc#1220021).
- scsi: lpfc: change nlp state statistic counters into atomic_t (bsc#1220021).
- scsi: lpfc: copyright updates for 14.4.0.0 patches (bsc#1220021).
- scsi: lpfc: fix failure to delete vports when discovery is in progress (bsc#1220021).
- scsi: lpfc: fix possible memory leak in lpfc_rcv_padisc() (bsc#1220021).
- scsi: lpfc: initialize status local variable in lpfc_sli4_repost_sgl_list() (bsc#1220021).
- scsi: lpfc: move handling of reset congestion statistics events (bsc#1220021).
- scsi: lpfc: protect vport fc_nodes list with an explicit spin lock (bsc#1220021).
- scsi: lpfc: remove d_id swap log message from trace event logger (bsc#1220021).
- scsi: lpfc: remove nlp_rcv_plogi early return during rscn processing for ndlps (bsc#1220021).
- scsi: lpfc: remove shost_lock protection for fc_host_port shost apis (bsc#1220021).
- scsi: lpfc: replace deprecated strncpy() with strscpy() (bsc#1220021).
- scsi: lpfc: save fpin frequency statistics upon receipt of peer cgn notifications (bsc#1220021).
- scsi: lpfc: update lpfc version to 14.4.0.0 (bsc#1220021).
- scsi: lpfc: use pci_header_type_mfd instead of literal (bsc#1220021).
- scsi: lpfc: use sg_dma_len() api to get struct scatterlist's length (bsc#1220021).
- scsi: mpi3mr: refresh sdev queue depth after controller reset (git-fixes).
- scsi: revert "scsi: fcoe: fix potential deadlock on &fip->ctlr_lock" (git-fixes bsc#1219141).
- serial: 8250: remove serial_rs485 sanitization from em485 (git-fixes).
- spi-mxs: fix chipselect glitch (git-fixes).
- spi: hisi-sfc-v3xx: return irq_none if no interrupts were detected (git-fixes).
- spi: ppc4xx: drop write-only variable (git-fixes).
- spi: sh-msiof: avoid integer overflow in constants (git-fixes).
- staging: iio: ad5933: fix type mismatch regression (git-fixes).
- supported.conf: remove external flag from ibm supported modules. (bsc#1209412)
- tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd (bsc#1218450).
- tomoyo: fix uaf write bug in tomoyo_write_control() (git-fixes).
- topology/sysfs: add format parameter to macro defining "show" functions for proc (jsc#ped-7618).
- topology/sysfs: add ppin in sysfs under cpu topology (jsc#ped-7618).
- tty: allow tiocslcktrmios with cap_checkpoint_restore (git-fixes).
- ubsan: array-index-out-of-bounds in dtsplitroot (git-fixes).
- usb: cdns3: fix memory double free when handle zero packet (git-fixes).
- usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() (git-fixes).
- usb: cdns3: modify the return value of cdns_set_active () to void when config_pm_sleep is disabled (git-fixes).
- usb: cdns3: put the cdns set active part outside the spin lock (git-fixes).
- usb: cdns: readd old api (git-fixes).
- usb: cdnsp: blocked some cdns3 specific code (git-fixes).
- usb: cdnsp: fixed issue with incorrect detecting cdnsp family controllers (git-fixes).
- usb: dwc3: gadget: do not disconnect if not started (git-fixes).
- usb: dwc3: gadget: handle ep0 request dequeuing properly (git-fixes).
- usb: dwc3: gadget: ignore end transfer delay on teardown (git-fixes).
- usb: dwc3: gadget: queue pm runtime idle on disconnect event (git-fixes).
- usb: dwc3: gadget: refactor ep0 forced stall/restart into a separate api (git-fixes).
- usb: dwc3: gadget: submit endxfer command if delayed during disconnect (git-fixes).
- usb: dwc3: host: set xhci_sg_trb_cache_size_quirk (git-fixes).
- usb: f_mass_storage: forbid async queue when shutdown happen (git-fixes).
- usb: gadget: core: add missing kerneldoc for vbus_work (git-fixes).
- usb: gadget: core: adjust uevent timing on gadget unbind (git-fixes).
- usb: gadget: core: help prevent panic during uvc unconfigure (git-fixes).
- usb: gadget: core: remove unbalanced mutex_unlock in usb_gadget_activate (git-fixes).
- usb: gadget: f_hid: fix report descriptor allocation (git-fixes).
- usb: gadget: fix obscure lockdep violation for udc_mutex (git-fixes).
- usb: gadget: fix use-after-free read in usb_udc_uevent() (git-fixes).
- usb: gadget: fsl_qe_udc: validate endpoint index for ch9 udc (git-fixes).
- usb: gadget: ncm: avoid dropping datagrams of properly parsed ntbs (git-fixes).
- usb: gadget: udc: core: offload usb_udc_vbus_handler processing (git-fixes).
- usb: gadget: udc: core: prevent soft_connect_store() race (git-fixes).
- usb: gadget: udc: handle gadget_connect failure during bind operation (git-fixes).
- usb: hub: check for alternate port before enabling a_alt_hnp_support (bsc#1218527).
- usb: hub: replace hardcoded quirk value with bit() macro (git-fixes).
- usb: roles: do not get/set_role() when usb_role_switch is unregistered (git-fixes).
- usb: roles: fix null pointer issue when put module's reference (git-fixes).
- usb: serial: cp210x: add id for imst im871a-usb (git-fixes).
- usb: serial: option: add fibocom fm101-gl variant (git-fixes).
- usb: serial: qcserial: add new usb-id for dell wireless dw5826e (git-fixes).
- watchdog: it87_wdt: keep wdtctrl bit 3 unmodified for it8784/it8786 (git-fixes).
- wifi: ath11k: fix registration of 6ghz-only phy without the full channel range (git-fixes).
- wifi: ath9k: fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() (git-fixes).
- wifi: cfg80211: fix missing interfaces when dumping (git-fixes).
- wifi: cfg80211: fix rcu dereference in __cfg80211_bss_update (git-fixes).
- wifi: cfg80211: free beacon_ies when overridden from hidden bss (git-fixes).
- wifi: iwlwifi: fix some error codes (git-fixes).
- wifi: iwlwifi: mvm: avoid baid size integer overflow (git-fixes).
- wifi: iwlwifi: uninitialized variable in iwl_acpi_get_ppag_table() (git-fixes).
- wifi: mac80211: adding missing drv_mgd_complete_tx() call (git-fixes).
- wifi: mac80211: fix race condition on enabling fast-xmit (git-fixes).
- wifi: nl80211: reject iftype change with mesh id change (git-fixes).
- wifi: rt2x00: restart beacon queue when hardware reset (git-fixes).
- wifi: rtl8xxxu: add additional usb ids for rtl8192eu devices (git-fixes).
- wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift() (git-fixes).
- wifi: wext-core: fix -wstringop-overflow warning in ioctl_standard_iw_point() (git-fixes).
- x86/asm: add _asm_rip() macro for x86-64 (%rip) suffix (git-fixes).
- x86/bugs: add asm helpers for executing verw (git-fixes).
- x86/bugs: use alternative() instead of mds_user_clear static key (git-fixes). also add mds_user_clear to kabi severities since it's strictly mitigation related so should be low risk.
- x86/cpu: x86_feature_intel_ppin finally had a cpuid bit (jsc#ped-7618).
- x86/entry_32: add verw just before userspace transition (git-fixes).
- x86/entry_64: add verw just before userspace transition (git-fixes).
- x86/mm: fix memory encryption features advertisement (bsc#1206453).
- xfs: remove unused fields from struct xbtree_ifakeroot (git-fixes).
- xfs: short circuit xfs_growfs_data_private() if delta is zero (git-fixes).
kernel-rt-5.14.21-150500.13.38.1.nosrc.rpm
True
kernel-rt-5.14.21-150500.13.38.1.x86_64.rpm
True
openSUSE-Leap-Micro-5.5-2024-1139
Security update for ucode-intel
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for ucode-intel fixes the following issues:
- Updated to Intel CPU Microcode 20240312 release. (bsc#1221323)
- CVE-2023-39368: Protection mechanism failure of bus lock regulator
for some Intel Processors may allow an unauthenticated user to
potentially enable denial of service via network access
- CVE-2023-38575: Non-transparent sharing of return predictor targets
between contexts in some Intel Processors may allow an authorized
user to potentially enable information disclosure via local access.
- CVE-2023-28746: Information exposure through microarchitectural
state after transient execution from some register files for some
Intel Atom Processors may allow an authenticated user to potentially
enable information disclosure via local access.
- CVE-2023-22655 Protection mechanism failure in some 3rd and 4th
Generation Intel Xeon Processors when using Intel SGX or Intel TDX
may allow a privileged user to potentially enable escalation of
privilege via local access.
- CVE-2023-43490: Incorrect calculation in microcode keying mechanism
for some Intel Xeon D Processors with Intel® SGX may allow a
privileged user to potentially enable information disclosure via
local access.
ucode-intel-20240312-150200.38.1.src.rpm
ucode-intel-20240312-150200.38.1.x86_64.rpm
openSUSE-Leap-Micro-5.5-2024-943
Recommended update for suseconnect-ng
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for suseconnect-ng fixes the following issues:
- Allow "--rollback" flag to run on readonly filesystem (bsc#1220679)
- Update to version 1.7.0
suseconnect-ng-1.8.0-150500.3.18.1.src.rpm
suseconnect-ng-1.8.0-150500.3.18.1.x86_64.rpm
suseconnect-ng-1.8.0-150500.3.18.1.s390x.rpm
suseconnect-ng-1.8.0-150500.3.18.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-973
Security update for tiff
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for tiff fixes the following issues:
- CVE-2023-41175: Fixed potential integer overflow in raw2tiff.c (bsc#1214686).
- CVE-2023-38288: Fixed potential integer overflow in raw2tiff.c (bsc#1213590).
- CVE-2023-40745: Fixed integer overflow in tiffcp.c (bsc#1214687).
libtiff5-4.0.9-150000.45.41.1.x86_64.rpm
tiff-4.0.9-150000.45.41.1.src.rpm
libtiff5-4.0.9-150000.45.41.1.s390x.rpm
libtiff5-4.0.9-150000.45.41.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1447
Security update for openCryptoki
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for openCryptoki fixes the following issues:
Upgrade openCryptoki to version 3.23 (jsc#PED-3360, jsc#PED-3361)
* EP11: Add support for FIPS-session mode
* CVE-2024-0914: Updates to harden against RSA timing attacks (bsc#1219217)
* Bug fixes
- provide user(pkcs11) and group(pkcs11)
Upgrade to version 3.22 (jsc#PED-3361)
- CCA: Add support for the AES-XTS key type using CPACF protected keys
- p11sak: Add support for managing certificate objects
- p11sak: Add support for public sessions (no-login option)
- p11sak: Add support for logging in as SO (security Officer)
- p11sak: Add support for importing/exporting Edwards and Montgomery keys
- p11sak: Add support for importing of RSA-PSS keys and certificates
- CCA/EP11/Soft/ICA: Ensure that the 2 key parts of an AES-XTS key are different
Update to version 3.21 (jsc#PED-3360, jsc#PED-3361)
- EP11 and CCA: Support concurrent HSM master key changes
- CCA: protected-key option
- pkcsslotd: no longer run as root user and further hardening
- p11sak: Add support for additional key types (DH, DSA, generic secret)
- p11sak: Allow wildcards in label filter
- p11sak: Allow to specify hex value for CKA_ID attribute
- p11sak: Support sorting when listing keys
- p11sak: New commands: set-key-attr, copy-key to modify and copy keys
- p11sak: New commands: import-key, export-key to import and export keys
- Remove support for --disable-locks (transactional memory)
- Updates to harden against RSA timing attacks
- Bug fixes
openCryptoki-3.23.0-150500.3.3.13.s390x.rpm
openCryptoki-3.23.0-150500.3.3.13.src.rpm
openSUSE-Leap-Micro-5.5-2024-962
Recommended update for transactional-update
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for transactional-update fixes the following issue:
- Always use zypper of installed system [bsc#1221346]
dracut-transactional-update-4.1.7-150500.3.6.2.noarch.rpm
libtukit4-4.1.7-150500.3.6.2.x86_64.rpm
transactional-update-4.1.7-150500.3.6.2.src.rpm
transactional-update-4.1.7-150500.3.6.2.x86_64.rpm
transactional-update-zypp-config-4.1.7-150500.3.6.2.noarch.rpm
tukit-4.1.7-150500.3.6.2.x86_64.rpm
tukitd-4.1.7-150500.3.6.2.x86_64.rpm
libtukit4-4.1.7-150500.3.6.2.s390x.rpm
transactional-update-4.1.7-150500.3.6.2.s390x.rpm
tukit-4.1.7-150500.3.6.2.s390x.rpm
tukitd-4.1.7-150500.3.6.2.s390x.rpm
libtukit4-4.1.7-150500.3.6.2.aarch64.rpm
transactional-update-4.1.7-150500.3.6.2.aarch64.rpm
tukit-4.1.7-150500.3.6.2.aarch64.rpm
tukitd-4.1.7-150500.3.6.2.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-2022
Recommended update for chrony
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for chrony fixes the following issues:
- Use shorter NTS-KE retry interval when network is down (bsc#1213551)
- Use make quickcheck instead of make check to avoid more than 1h build
times and failures due to timeouts. This was the default before
3.2 but it changed to make tests more reliable
chrony-4.1-150400.21.5.7.src.rpm
chrony-4.1-150400.21.5.7.x86_64.rpm
chrony-pool-suse-4.1-150400.21.5.7.noarch.rpm
chrony-4.1-150400.21.5.7.s390x.rpm
chrony-4.1-150400.21.5.7.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1015
Recommended update for sed
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for sed fixes the following issues:
- "sed -i" now creates temporary files with correct umask (bsc#1221218)
sed-4.4-150300.13.3.1.src.rpm
sed-4.4-150300.13.3.1.x86_64.rpm
sed-4.4-150300.13.3.1.s390x.rpm
sed-4.4-150300.13.3.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1487
Recommended update for aaa_base
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for aaa_base fixes the following issues:
- home and end button not working from ssh client (bsc#1221407)
- use autosetup in prep stage of specfile
- drop the stderr redirection for csh (bsc#1221361)
- drop sysctl.d/50-default-s390.conf (bsc#1211721)
- make sure the script does not exit with 1 if a file with content is found (bsc#1222547)
aaa_base-84.87+git20180409.04c9dae-150300.10.17.3.src.rpm
aaa_base-84.87+git20180409.04c9dae-150300.10.17.3.x86_64.rpm
aaa_base-84.87+git20180409.04c9dae-150300.10.17.3.s390x.rpm
aaa_base-84.87+git20180409.04c9dae-150300.10.17.3.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1010
Recommended update for perl-Bootloader
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for perl-Bootloader fixes the following issues:
- Log grub2-install errors correctly (bsc#1221470)
- Update to version 0.947
- Support old grub versions that used /usr/lib (bsc#1218842)
- Create EFI boot fallback directory if necessary
perl-Bootloader-0.947-150400.3.12.1.src.rpm
perl-Bootloader-0.947-150400.3.12.1.x86_64.rpm
perl-Bootloader-0.947-150400.3.12.1.s390x.rpm
perl-Bootloader-0.947-150400.3.12.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1103
Security update for qemu
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for qemu fixes the following issues:
- CVE-2024-26327: Fixed buffer overflow via invalid SR/IOV NumVFs value (bsc#1220062).
- CVE-2024-24474: Fixed integer overflow results in buffer overflow via SCSI command (bsc#1220134).
- CVE-2023-6693: Fixed stack buffer overflow in virtio_net_flush_tx() (bsc#1218484).
- CVE-2023-1544: Fixed out-of-bounds read in pvrdma_ring_next_elem_read() (bsc#1209554).
- CVE-2024-26328: Fixed invalid NumVFs value handled in NVME SR/IOV implementation (bsc#1220065).
The following non-security bug was fixed:
- Removing in-use mediated device should fail with error message instead of hang (bsc#1205316).
qemu-7.1.0-150500.49.12.1.src.rpm
qemu-7.1.0-150500.49.12.1.x86_64.rpm
qemu-accel-tcg-x86-7.1.0-150500.49.12.1.x86_64.rpm
qemu-audio-spice-7.1.0-150500.49.12.1.x86_64.rpm
qemu-block-curl-7.1.0-150500.49.12.1.x86_64.rpm
qemu-chardev-spice-7.1.0-150500.49.12.1.x86_64.rpm
qemu-guest-agent-7.1.0-150500.49.12.1.x86_64.rpm
qemu-hw-display-qxl-7.1.0-150500.49.12.1.x86_64.rpm
qemu-hw-display-virtio-gpu-7.1.0-150500.49.12.1.x86_64.rpm
qemu-hw-display-virtio-vga-7.1.0-150500.49.12.1.x86_64.rpm
qemu-hw-usb-redirect-7.1.0-150500.49.12.1.x86_64.rpm
qemu-ipxe-1.0.0+-150500.49.12.1.noarch.rpm
qemu-seabios-1.16.0_0_gd239552-150500.49.12.1.noarch.rpm
qemu-sgabios-8-150500.49.12.1.noarch.rpm
qemu-tools-7.1.0-150500.49.12.1.x86_64.rpm
qemu-ui-opengl-7.1.0-150500.49.12.1.x86_64.rpm
qemu-ui-spice-core-7.1.0-150500.49.12.1.x86_64.rpm
qemu-vgabios-1.16.0_0_gd239552-150500.49.12.1.noarch.rpm
qemu-x86-7.1.0-150500.49.12.1.x86_64.rpm
qemu-7.1.0-150500.49.12.1.s390x.rpm
qemu-audio-spice-7.1.0-150500.49.12.1.s390x.rpm
qemu-block-curl-7.1.0-150500.49.12.1.s390x.rpm
qemu-chardev-spice-7.1.0-150500.49.12.1.s390x.rpm
qemu-guest-agent-7.1.0-150500.49.12.1.s390x.rpm
qemu-hw-display-qxl-7.1.0-150500.49.12.1.s390x.rpm
qemu-hw-display-virtio-gpu-7.1.0-150500.49.12.1.s390x.rpm
qemu-hw-display-virtio-vga-7.1.0-150500.49.12.1.s390x.rpm
qemu-hw-usb-redirect-7.1.0-150500.49.12.1.s390x.rpm
qemu-s390x-7.1.0-150500.49.12.1.s390x.rpm
qemu-tools-7.1.0-150500.49.12.1.s390x.rpm
qemu-ui-opengl-7.1.0-150500.49.12.1.s390x.rpm
qemu-ui-spice-core-7.1.0-150500.49.12.1.s390x.rpm
qemu-7.1.0-150500.49.12.1.aarch64.rpm
qemu-arm-7.1.0-150500.49.12.1.aarch64.rpm
qemu-audio-spice-7.1.0-150500.49.12.1.aarch64.rpm
qemu-block-curl-7.1.0-150500.49.12.1.aarch64.rpm
qemu-chardev-spice-7.1.0-150500.49.12.1.aarch64.rpm
qemu-guest-agent-7.1.0-150500.49.12.1.aarch64.rpm
qemu-hw-display-qxl-7.1.0-150500.49.12.1.aarch64.rpm
qemu-hw-display-virtio-gpu-7.1.0-150500.49.12.1.aarch64.rpm
qemu-hw-display-virtio-vga-7.1.0-150500.49.12.1.aarch64.rpm
qemu-hw-usb-redirect-7.1.0-150500.49.12.1.aarch64.rpm
qemu-tools-7.1.0-150500.49.12.1.aarch64.rpm
qemu-ui-opengl-7.1.0-150500.49.12.1.aarch64.rpm
qemu-ui-spice-core-7.1.0-150500.49.12.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1146
Security update for podman
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for podman fixes the following issues:
- CVE-2024-1753: Fixed an issue to prevent a full container escape at build time. (bsc#1221677)
podman-4.8.3-150500.3.9.1.src.rpm
podman-4.8.3-150500.3.9.1.x86_64.rpm
podman-docker-4.8.3-150500.3.9.1.noarch.rpm
podman-remote-4.8.3-150500.3.9.1.x86_64.rpm
podmansh-4.8.3-150500.3.9.1.x86_64.rpm
podman-4.8.3-150500.3.9.1.s390x.rpm
podman-remote-4.8.3-150500.3.9.1.s390x.rpm
podmansh-4.8.3-150500.3.9.1.s390x.rpm
podman-4.8.3-150500.3.9.1.ppc64le.rpm
podman-remote-4.8.3-150500.3.9.1.ppc64le.rpm
podmansh-4.8.3-150500.3.9.1.ppc64le.rpm
podman-4.8.3-150500.3.9.1.aarch64.rpm
podman-remote-4.8.3-150500.3.9.1.aarch64.rpm
podmansh-4.8.3-150500.3.9.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1081
Recommended update for dracut
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for dracut fixes the following issues:
- Update to version 055+suse.382.g80b55af2:
* Fix regression with multiple `rd.break=` options (bsc#1221675)
* Do not call `strcmp` if the `value` argument is NULL (bsc#1219841)
* Correct shellcheck regression when parsing ccw args (bsc#1220485)
* Skip README for AMD microcode generation (bsc#1217083)
dracut-055+suse.382.g80b55af2-150500.3.18.1.src.rpm
dracut-055+suse.382.g80b55af2-150500.3.18.1.x86_64.rpm
dracut-fips-055+suse.382.g80b55af2-150500.3.18.1.x86_64.rpm
dracut-055+suse.382.g80b55af2-150500.3.18.1.s390x.rpm
dracut-fips-055+suse.382.g80b55af2-150500.3.18.1.s390x.rpm
dracut-055+suse.382.g80b55af2-150500.3.18.1.aarch64.rpm
dracut-fips-055+suse.382.g80b55af2-150500.3.18.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1326
Recommended update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed fixes the following issues:
Changes in nvidia-open-driver-G06-signed:
- Update to 550.67
Changes in kernel-firmware-nvidia-gspx-G06:
- update firmware to version 550.67
kernel-firmware-nvidia-gspx-G06-550.67-150500.11.21.1.nosrc.rpm
kernel-firmware-nvidia-gspx-G06-550.67-150500.11.21.1.x86_64.rpm
nvidia-open-driver-G06-signed-550.67-150500.3.39.1.src.rpm
nvidia-open-driver-G06-signed-kmp-default-550.67_k5.14.21_150500.55.52-150500.3.39.1.x86_64.rpm
kernel-firmware-nvidia-gspx-G06-550.67-150500.11.21.1.aarch64.rpm
nvidia-open-driver-G06-signed-kmp-default-550.67_k5.14.21_150500.55.52-150500.3.39.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-984
Recommended update for runc
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for runc fixes the following issues:
- Add upstream patch <https://github.com/opencontainers/runc/pull/4219> to
properly fix -ENOSYS stub on ppc64le. bsc#1192051 bsc#1221050
This allows running 15 SP6 containers on older distributions.
runc-1.1.12-150000.64.1.src.rpm
runc-1.1.12-150000.64.1.x86_64.rpm
runc-1.1.12-150000.64.1.s390x.rpm
runc-1.1.12-150000.64.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-985
Recommended update for python-kiwi
critical
SUSE Updates openSUSE-Leap-Micro 5.5
This update for python-kiwi fixes the following issues:
- Make sure temporary modifications to the zipl template and configuration file
are not effective in the later system (bsc#1221469)
- Differentiate between output and input console settings for grub terminal setup,
and run sanity checks on the provided values (bsc#1218095)
dracut-kiwi-lib-9.24.43-150100.3.71.1.x86_64.rpm
dracut-kiwi-oem-dump-9.24.43-150100.3.71.1.x86_64.rpm
dracut-kiwi-oem-repart-9.24.43-150100.3.71.1.x86_64.rpm
python-kiwi-9.24.43-150100.3.71.1.src.rpm
dracut-kiwi-lib-9.24.43-150100.3.71.1.s390x.rpm
dracut-kiwi-oem-dump-9.24.43-150100.3.71.1.s390x.rpm
dracut-kiwi-oem-repart-9.24.43-150100.3.71.1.s390x.rpm
dracut-kiwi-lib-9.24.43-150100.3.71.1.aarch64.rpm
dracut-kiwi-oem-dump-9.24.43-150100.3.71.1.aarch64.rpm
dracut-kiwi-oem-repart-9.24.43-150100.3.71.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-997
Security update for krb5
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for krb5 fixes the following issues:
- CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770).
- CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771).
- CVE-2024-26462: Fixed memory leak at /krb5/src/kdc/ndr.c (bsc#1220772).
krb5-1.20.1-150500.3.6.1.src.rpm
krb5-1.20.1-150500.3.6.1.x86_64.rpm
krb5-1.20.1-150500.3.6.1.s390x.rpm
krb5-1.20.1-150500.3.6.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1127
Recommended update for wicked
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for wicked fixes the following issues:
- Fix fallback-lease drop in addrconf (bsc#1220996)
- Use upstream `nvme nbft show` (bsc#1221358)
- Hide secrets in debug log (bsc#1221194)
wicked-0.6.74-150500.3.18.1.src.rpm
wicked-0.6.74-150500.3.18.1.x86_64.rpm
wicked-service-0.6.74-150500.3.18.1.x86_64.rpm
wicked-0.6.74-150500.3.18.1.s390x.rpm
wicked-service-0.6.74-150500.3.18.1.s390x.rpm
wicked-0.6.74-150500.3.18.1.aarch64.rpm
wicked-service-0.6.74-150500.3.18.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1085
Recommended update for cloud-netconfig
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for cloud-netconfig fixes the following issues:
- Update to version 1.14
+ Use '-s' instead of '--no-progress-meter' for curl (bsc#1221757)
cloud-netconfig-azure-1.14-150000.25.23.1.noarch.rpm
cloud-netconfig-azure-1.14-150000.25.23.1.src.rpm
cloud-netconfig-ec2-1.14-150000.25.23.1.noarch.rpm
cloud-netconfig-ec2-1.14-150000.25.23.1.src.rpm
cloud-netconfig-gce-1.14-150000.25.23.1.noarch.rpm
cloud-netconfig-gce-1.14-150000.25.23.1.src.rpm
openSUSE-Leap-Micro-5.5-2024-1013
Recommended update for grub2
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for grub2 fixes the following issues:
- Fix memdisk becomes the default boot entry, fixes no graphic display device error in guest vnc console (bsc#1221779)
grub2-2.06-150500.29.22.2.src.rpm
grub2-2.06-150500.29.22.2.x86_64.rpm
grub2-i386-pc-2.06-150500.29.22.2.noarch.rpm
grub2-snapper-plugin-2.06-150500.29.22.2.noarch.rpm
grub2-x86_64-efi-2.06-150500.29.22.2.noarch.rpm
grub2-x86_64-xen-2.06-150500.29.22.2.noarch.rpm
grub2-2.06-150500.29.22.2.s390x.rpm
grub2-s390x-emu-2.06-150500.29.22.2.s390x.rpm
grub2-2.06-150500.29.22.2.aarch64.rpm
grub2-arm64-efi-2.06-150500.29.22.2.noarch.rpm
openSUSE-Leap-Micro-5.5-2024-1341
Recommended update for tftp
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for tftp fixes the following issue:
- Allow enabling the service via `systemctl enable tftp` to create the tftp.socket symlink (bsc#1215520)
tftp-5.2-150000.5.6.2.src.rpm
tftp-5.2-150000.5.6.2.x86_64.rpm
tftp-5.2-150000.5.6.2.s390x.rpm
tftp-5.2-150000.5.6.2.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1333
Recommended update for samba
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for samba fixes the following issues:
- fd_handle_destructor() panics within an smbd_smb2_close() if vfs_stat_fsp() fails in fd_close() (bsc#1219937).
- Remove -x from bash shebang update-apparmor-samba-profile; (bsc#1218431).
samba-4.17.12+git.462.df636292e62-150500.3.23.7.src.rpm
samba-client-libs-4.17.12+git.462.df636292e62-150500.3.23.7.x86_64.rpm
samba-client-libs-4.17.12+git.462.df636292e62-150500.3.23.7.s390x.rpm
samba-client-libs-4.17.12+git.462.df636292e62-150500.3.23.7.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1344
Recommended update for libzypp, zypper
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for libzypp, zypper fixes the following issues:
- Fix creation of sibling cache dirs with too restrictive mode (bsc#1222398)
- Update RepoStatus fromCookieFile according to the files mtime (bsc#1222086)
- TmpFile: Don't call chmod if makeSibling failed
- Fixup New VendorSupportOption flag VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014)
- Add resolver option 'removeOrphaned' for distupgrade (bsc#1221525)
- New VendorSupportOption flag VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014)
- Add default stripe minimum
- Don't expose std::optional where YAST/PK explicitly use c++11.
- Digest: Avoid using the deprecated OPENSSL_config
- version 17.32.0
- ProblemSolution::skipsPatchesOnly overload to handout the patches
- Show active dry-run/download-only at the commit propmpt
- Add --skip-not-applicable-patches option
- Fix printing detailed solver problem description
- Fix bash-completion to work with right adjusted numbers in the 1st column too
- Set libzypp shutdown request signal on Ctrl+C
- In the detailed view show all baseurls not just the first one (bsc#1218171)
libzypp-17.32.4-150400.3.61.1.src.rpm
True
libzypp-17.32.4-150400.3.61.1.x86_64.rpm
True
zypper-1.14.71-150400.3.45.2.src.rpm
True
zypper-1.14.71-150400.3.45.2.x86_64.rpm
True
zypper-needs-restarting-1.14.71-150400.3.45.2.noarch.rpm
True
libzypp-17.32.4-150400.3.61.1.s390x.rpm
True
zypper-1.14.71-150400.3.45.2.s390x.rpm
True
libzypp-17.32.4-150400.3.61.1.aarch64.rpm
True
zypper-1.14.71-150400.3.45.2.aarch64.rpm
True
openSUSE-Leap-Micro-5.5-2024-1151
Security update for curl
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for curl fixes the following issues:
- CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665)
- CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667)
curl-8.0.1-150400.5.44.1.src.rpm
curl-8.0.1-150400.5.44.1.x86_64.rpm
libcurl4-8.0.1-150400.5.44.1.x86_64.rpm
curl-8.0.1-150400.5.44.1.s390x.rpm
libcurl4-8.0.1-150400.5.44.1.s390x.rpm
curl-8.0.1-150400.5.44.1.aarch64.rpm
libcurl4-8.0.1-150400.5.44.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1253
Recommended update for gcc13
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for gcc13 fixes the following issues:
- Fix unwinding for JIT code. [bsc#1221239]
- Revert libgccjit dependency change. [bsc#1220724]
- Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3
breaks them. [bsc#1219520]
- Add support for -fmin-function-alignment. [bsc#1214934]
- Use %{_target_cpu} to determine host and build.
- Fix for building TVM. [bsc#1218492]
- Add cross-X-newlib-devel requires to newlib cross compilers.
[bsc#1219031]
- Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959]
- Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6.
- Fixed building mariadb on i686. [bsc#1217667]
- Avoid update-alternatives dependency for accelerator crosses.
- Package tool links to llvm in cross-amdgcn-gcc13 rather than in
cross-amdgcn-newlib13-devel since that also has the dependence.
- Depend on llvmVER instead of llvm with VER equal to
%product_libs_llvm_ver where available and adjust tool discovery
accordingly. This should also properly trigger re-builds when
the patchlevel version of llvmVER changes, possibly changing
the binary names we link to. [bsc#1217450]
gcc13-13.2.1+git8285-150000.1.9.1.src.rpm
libgcc_s1-13.2.1+git8285-150000.1.9.1.x86_64.rpm
libstdc++6-13.2.1+git8285-150000.1.9.1.x86_64.rpm
libgcc_s1-13.2.1+git8285-150000.1.9.1.s390x.rpm
libstdc++6-13.2.1+git8285-150000.1.9.1.s390x.rpm
libgcc_s1-13.2.1+git8285-150000.1.9.1.aarch64.rpm
libstdc++6-13.2.1+git8285-150000.1.9.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1014
Security update for avahi
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for avahi fixes the following issues:
- CVE-2023-38471: Fixed reachable assertion in dbus_set_host_name (bsc#1216594).
- CVE-2023-38469: Fixed reachable assertions in avahi (bsc#1216598).
avahi-0.8-150400.7.16.1.src.rpm
avahi-0.8-150400.7.16.1.x86_64.rpm
libavahi-client3-0.8-150400.7.16.1.x86_64.rpm
libavahi-common3-0.8-150400.7.16.1.x86_64.rpm
libavahi-core7-0.8-150400.7.16.1.x86_64.rpm
avahi-0.8-150400.7.16.1.s390x.rpm
libavahi-client3-0.8-150400.7.16.1.s390x.rpm
libavahi-common3-0.8-150400.7.16.1.s390x.rpm
libavahi-core7-0.8-150400.7.16.1.s390x.rpm
avahi-0.8-150400.7.16.1.aarch64.rpm
libavahi-client3-0.8-150400.7.16.1.aarch64.rpm
libavahi-common3-0.8-150400.7.16.1.aarch64.rpm
libavahi-core7-0.8-150400.7.16.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1231
Recommended update for glibc
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for glibc fixes the following issues:
- duplocale: protect use of global locale (bsc#1220441, BZ #23970)
glibc-2.31-150300.71.1.src.rpm
glibc-2.31-150300.71.1.x86_64.rpm
glibc-devel-2.31-150300.71.1.x86_64.rpm
glibc-locale-2.31-150300.71.1.x86_64.rpm
glibc-locale-base-2.31-150300.71.1.x86_64.rpm
glibc-2.31-150300.71.1.s390x.rpm
glibc-devel-2.31-150300.71.1.s390x.rpm
glibc-locale-2.31-150300.71.1.s390x.rpm
glibc-locale-base-2.31-150300.71.1.s390x.rpm
glibc-2.31-150300.71.1.aarch64.rpm
glibc-devel-2.31-150300.71.1.aarch64.rpm
glibc-locale-2.31-150300.71.1.aarch64.rpm
glibc-locale-base-2.31-150300.71.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1102
Security update for xen
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for xen fixes the following issues:
- CVE-2023-28746: Register File Data Sampling (bsc#1221332)
- CVE-2024-2193: Fixed GhostRace, a speculative race conditions. (bsc#1221334)
- CVE-2023-46841: Hhadow stack vs exceptions from emulation stubs (bsc#1219885)
xen-4.17.3_08-150500.3.27.1.src.rpm
xen-libs-4.17.3_08-150500.3.27.1.x86_64.rpm
openSUSE-Leap-Micro-5.5-2024-1080
Recommended update for xfsprogs-scrub
low
SUSE Updates openSUSE-Leap-Micro 5.5
This update for xfsprogs-scrub fixes the following issues:
- Added missing xfsprogs-scrub to Package Hub for SLE-15-SP5 and SLE-15-SP4 (bsc#1190495)
xfsprogs-5.13.0-150400.3.5.1.src.rpm
xfsprogs-5.13.0-150400.3.5.1.x86_64.rpm
xfsprogs-5.13.0-150400.3.5.1.s390x.rpm
xfsprogs-5.13.0-150400.3.5.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1172
Security update for util-linux
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for util-linux fixes the following issues:
- CVE-2024-28085: Properly neutralize escape sequences in wall. (bsc#1221831)
libblkid1-2.37.4-150500.9.6.1.x86_64.rpm
libfdisk1-2.37.4-150500.9.6.1.x86_64.rpm
libmount1-2.37.4-150500.9.6.1.x86_64.rpm
libsmartcols1-2.37.4-150500.9.6.1.x86_64.rpm
libuuid1-2.37.4-150500.9.6.1.x86_64.rpm
util-linux-2.37.4-150500.9.6.1.src.rpm
util-linux-2.37.4-150500.9.6.1.x86_64.rpm
util-linux-systemd-2.37.4-150500.9.6.1.src.rpm
util-linux-systemd-2.37.4-150500.9.6.1.x86_64.rpm
libblkid1-2.37.4-150500.9.6.1.s390x.rpm
libfdisk1-2.37.4-150500.9.6.1.s390x.rpm
libmount1-2.37.4-150500.9.6.1.s390x.rpm
libsmartcols1-2.37.4-150500.9.6.1.s390x.rpm
libuuid1-2.37.4-150500.9.6.1.s390x.rpm
util-linux-2.37.4-150500.9.6.1.s390x.rpm
util-linux-systemd-2.37.4-150500.9.6.1.s390x.rpm
libblkid1-2.37.4-150500.9.6.1.aarch64.rpm
libfdisk1-2.37.4-150500.9.6.1.aarch64.rpm
libmount1-2.37.4-150500.9.6.1.aarch64.rpm
libsmartcols1-2.37.4-150500.9.6.1.aarch64.rpm
libuuid1-2.37.4-150500.9.6.1.aarch64.rpm
util-linux-2.37.4-150500.9.6.1.aarch64.rpm
util-linux-systemd-2.37.4-150500.9.6.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1671
Recommended update for open-vm-tools
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for open-vm-tools fixes the following issues:
- Remove protobuf less than v22 dependency from spec file (bsc#1217478)
- Use for updating open-vm-tools to new version (bsc#1222089)
- There are no new features in the current open-vm-tools release
This is primarily a maintenance release that addresses a few
critical problems
- Use %patch -P N instead of deprecated %patchN
- Own %{_modulesloaddir}: used to be present via udev-mini - kmod - suse-module-tools dependency before
- Fix outdated libxmlsec1 dependency version
Updates to open-vm-tools for SLES 12 SP4 and SP5 are now being built
againt against libxmlsec1-1-1.2.37. Update the spec file to now require
libxmlsec1-openssl1 v1.2.37 or above. (bsc#1217796)
- limit to protobuf less than v22 for now until build failures have been fixed
pam-vmtoolsd patch as instructed by vmware (bsc#1171003).
This should fix both (bsc#1171003) and (bsc#1172693)
- Update vmtoolsd.service to support cloud-init customization by default (bsc#994598)
- Enable vgauth for openSUSE Leap 42.1 (bsc#952645)
- Extensive rewrite of the spec file
- rename vmware-KMP to vmware-guest-KMP for easier identification
libvmtools0-12.4.0-150300.49.11.x86_64.rpm
open-vm-tools-12.4.0-150300.49.11.src.rpm
open-vm-tools-12.4.0-150300.49.11.x86_64.rpm
openSUSE-Leap-Micro-5.5-2024-1192
Security update for less
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for less fixes the following issues:
- CVE-2022-48624: Fixed LESSCLOSE handling in less that does not quote shell metacharacters (bsc#1219901).
less-590-150400.3.6.2.src.rpm
less-590-150400.3.6.2.x86_64.rpm
less-590-150400.3.6.2.s390x.rpm
less-590-150400.3.6.2.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1342
Recommended update for unixODBC, libtool and libssh2_org
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for unixODBC, libtool and libssh2_org fixes the following issue:
- Ship 2 additional 32bit packages: unixODBC-32bit and libssh2-1-32bit for SLES (bsc#1221941).
- Fix an issue with Encrypt-then-MAC family. (bsc#1221622)
libltdl7-2.4.6-150000.3.6.2.x86_64.rpm
libssh2-1-1.11.0-150000.4.29.1.x86_64.rpm
libssh2_org-1.11.0-150000.4.29.1.src.rpm
libtool-2.4.6-150000.3.6.2.src.rpm
libssh2-1-1.11.0-150000.4.29.1.s390x.rpm
libssh2-1-1.11.0-150000.4.29.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-2666
Recommended update for trousers
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for trousers fixes the following issue:
- fix runtime requirements for stat and udevadm (bsc#1221770)
On minimal systems this can cause some scriptlets to fail because of missing tools.
trousers-0.3.15-150400.3.3.19.src.rpm
trousers-0.3.15-150400.3.3.19.x86_64.rpm
trousers-0.3.15-150400.3.3.19.s390x.rpm
trousers-0.3.15-150400.3.3.19.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1331
Recommended update for grub2
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for grub2 fixes the following issues:
- Fix LPAR falls into grub shell after installation with lvm (bsc#1221866)
grub2-2.06-150500.29.25.12.src.rpm
grub2-2.06-150500.29.25.12.x86_64.rpm
grub2-i386-pc-2.06-150500.29.25.12.noarch.rpm
grub2-snapper-plugin-2.06-150500.29.25.12.noarch.rpm
grub2-x86_64-efi-2.06-150500.29.25.12.noarch.rpm
grub2-x86_64-xen-2.06-150500.29.25.12.noarch.rpm
grub2-2.06-150500.29.25.12.s390x.rpm
grub2-s390x-emu-2.06-150500.29.25.12.s390x.rpm
grub2-2.06-150500.29.25.12.aarch64.rpm
grub2-arm64-efi-2.06-150500.29.25.12.noarch.rpm
openSUSE-Leap-Micro-5.5-2024-1201
Recommended update for xfsprogs-scrub and jctools
low
SUSE Updates openSUSE-Leap-Micro 5.5
This update for xfsprogs-scrub fixes the following issues:
- Added missing xfsprogs-scrub to Package Hub for SLE-15-SP5 (bsc#1190495)
- Added missing jctools to Package Hub for SLE-15-SP5 (bsc#1213418)
xfsprogs-5.13.0-150400.3.7.1.src.rpm
xfsprogs-5.13.0-150400.3.7.1.x86_64.rpm
xfsprogs-5.13.0-150400.3.7.1.s390x.rpm
xfsprogs-5.13.0-150400.3.7.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1167
Security update for nghttp2
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for nghttp2 fixes the following issues:
- CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399)
libnghttp2-14-1.40.0-150200.17.1.x86_64.rpm
nghttp2-1.40.0-150200.17.1.src.rpm
libnghttp2-14-1.40.0-150200.17.1.s390x.rpm
libnghttp2-14-1.40.0-150200.17.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1206
Recommended update for rpm
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for rpm fixes the following issues:
- remove imaevmsign plugin from rpm-ndb [bsc#1222259]
python-rpm-4.14.3-150400.59.13.1.src.rpm
python3-rpm-4.14.3-150400.59.13.1.x86_64.rpm
rpm-4.14.3-150400.59.13.1.src.rpm
rpm-4.14.3-150400.59.13.1.x86_64.rpm
rpm-ndb-4.14.3-150400.59.13.1.src.rpm
rpm-ndb-4.14.3-150400.59.13.1.x86_64.rpm
python3-rpm-4.14.3-150400.59.13.1.s390x.rpm
rpm-4.14.3-150400.59.13.1.s390x.rpm
rpm-ndb-4.14.3-150400.59.13.1.s390x.rpm
python3-rpm-4.14.3-150400.59.13.1.aarch64.rpm
rpm-4.14.3-150400.59.13.1.aarch64.rpm
rpm-ndb-4.14.3-150400.59.13.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-2176
Recommended update for grpc, libzypp, protobuf, python-grpcio. re2, zypper
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for grpc, libzypp, protobuf, python-grpcio, re2, zypper fixes the following issues:
- rebuild packages using protobuf against newer protobuf and abseil-cpp libraries. (bsc#1222261)
abseil-cpp-20240116.1-150500.13.7.8.src.rpm
True
libabsl2401_0_0-20240116.1-150500.13.7.8.x86_64.rpm
True
libprotobuf-lite25_1_0-25.1-150500.12.2.2.x86_64.rpm
True
libzypp-17.34.1-150500.6.2.1.src.rpm
True
libzypp-17.34.1-150500.6.2.1.x86_64.rpm
True
protobuf-25.1-150500.12.2.2.src.rpm
True
zypper-1.14.73-150500.6.2.1.src.rpm
True
zypper-1.14.73-150500.6.2.1.x86_64.rpm
True
zypper-needs-restarting-1.14.73-150500.6.2.1.noarch.rpm
True
libabsl2401_0_0-20240116.1-150500.13.7.8.s390x.rpm
True
libprotobuf-lite25_1_0-25.1-150500.12.2.2.s390x.rpm
True
libzypp-17.34.1-150500.6.2.1.s390x.rpm
True
zypper-1.14.73-150500.6.2.1.s390x.rpm
True
libabsl2401_0_0-20240116.1-150500.13.7.8.ppc64le.rpm
True
libprotobuf-lite25_1_0-25.1-150500.12.2.2.ppc64le.rpm
True
libabsl2401_0_0-20240116.1-150500.13.7.8.aarch64.rpm
True
libprotobuf-lite25_1_0-25.1-150500.12.2.2.aarch64.rpm
True
libzypp-17.34.1-150500.6.2.1.aarch64.rpm
True
zypper-1.14.73-150500.6.2.1.aarch64.rpm
True
openSUSE-Leap-Micro-5.5-2024-1158
Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container fixes the following issues:
- rebuild against current security updates
- Install qemu-hw-usb-host to enable USB passthrough (bsc#1221538)
- Group together arch specific parts of the code
- Cleanup after writing config files with augtool
kubevirt-1.1.1-150500.8.12.1.src.rpm
kubevirt-manifests-1.1.1-150500.8.12.1.x86_64.rpm
kubevirt-virtctl-1.1.1-150500.8.12.1.x86_64.rpm
openSUSE-Leap-Micro-5.5-2024-1157
Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer fixes the following issues:
- rebuild against current security and bugfixes.
containerized-data-importer-1.58.0-150500.6.12.1.src.rpm
containerized-data-importer-manifests-1.58.0-150500.6.12.1.x86_64.rpm
openSUSE-Leap-Micro-5.5-2024-1197
Recommended update for nvme-cli
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for nvme-cli fixes the following issues:
- Version update and nvme-netapp fix. Adding nspath tlv handling (bsc#1220971)
- Connection reuse issue when multiple Host NQNs are used for the same host (bsc#1213768)
- Include nvme-cli updates for NetApp udev rule (bsc#1215994)
nvme-cli-2.4+32.g2e2531a-150500.4.15.3.src.rpm
nvme-cli-2.4+32.g2e2531a-150500.4.15.3.x86_64.rpm
nvme-cli-2.4+32.g2e2531a-150500.4.15.3.s390x.rpm
nvme-cli-2.4+32.g2e2531a-150500.4.15.3.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-2416
Recommended update for llvm15
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for llvm15 fixes the following issue:
- Manage clang-cpp with update-alternatives like other binaries.
Solves upgrade issues from Leap 15.5 to 15.6 (bsc#1221183)
libLLVM15-15.0.7-150500.4.9.6.x86_64.rpm
llvm15-15.0.7-150500.4.9.6.src.rpm
libLLVM15-15.0.7-150500.4.9.6.s390x.rpm
libLLVM15-15.0.7-150500.4.9.6.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1371
Recommended update for python-kiwi
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for python-kiwi fixes the following issues:
- Fixed Live ISO image (bsc#1213595):
Make sure to wait for the event queue to become empty after
the creation of the write partition. When kiwi calls the
code to create the write partition this emits new udev events.
It's important to wait for the event queue to become empty
to avoid a potential regression on the use of the device nodes.
In the processing of the events it can happen that a device
gets removed and re-added. If we don't want for udev
to process the entire queue it can happen that the
wrong block device is used. This wrong selection is only
possible because the way how hybrid ISOs are designed exposes
both, the disk and the partition for the root device with
the same label.
- Set the default output console to gfxterm for grub (bsc#1219074):
If no console setting is done in the image description for grub
the default output console is set to: gfxterm and the default
input console is set to: console.
- Use rsync defaults to sync the initrd root-tree (bsc#1207128, bsc#1221915)
This fix makes use of rsync default options to sync the root-tree of the boot image for custom initrds.
dracut-kiwi-lib-9.24.43-150100.3.76.1.x86_64.rpm
dracut-kiwi-oem-dump-9.24.43-150100.3.76.1.x86_64.rpm
dracut-kiwi-oem-repart-9.24.43-150100.3.76.1.x86_64.rpm
python-kiwi-9.24.43-150100.3.76.1.src.rpm
dracut-kiwi-lib-9.24.43-150100.3.76.1.s390x.rpm
dracut-kiwi-oem-dump-9.24.43-150100.3.76.1.s390x.rpm
dracut-kiwi-oem-repart-9.24.43-150100.3.76.1.s390x.rpm
dracut-kiwi-lib-9.24.43-150100.3.76.1.aarch64.rpm
dracut-kiwi-oem-dump-9.24.43-150100.3.76.1.aarch64.rpm
dracut-kiwi-oem-repart-9.24.43-150100.3.76.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1398
Recommended update for systemd-default-settings
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for systemd-default-settings fixes the following issues:
- Disable pids controller limit under user instances (jsc#SLE-10123)
- Disable controllers by default (jsc#PED-2276)
- The usage of drop-ins is now the official way for configuring systemd and its various daemons on Factory/ALP,
hence the early drop-ins SUSE specific "feature" has been abandoned.
- User priority '26' for SLE-Micro
- Convert more drop-ins into early ones
systemd-default-settings-0.10-150300.3.7.1.noarch.rpm
systemd-default-settings-0.10-150300.3.7.1.src.rpm
systemd-default-settings-branding-SLE-Micro-0.10-150300.3.7.1.noarch.rpm
openSUSE-Leap-Micro-5.5-2024-1279
Recommended update for python3
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for python3 fixes the following issue:
- Fix syslog making default "ident" from sys.argv (bsc#1222109)
libpython3_6m1_0-3.6.15-150300.10.60.1.x86_64.rpm
python3-3.6.15-150300.10.60.1.src.rpm
python3-3.6.15-150300.10.60.1.x86_64.rpm
python3-base-3.6.15-150300.10.60.1.x86_64.rpm
python3-core-3.6.15-150300.10.60.1.src.rpm
libpython3_6m1_0-3.6.15-150300.10.60.1.s390x.rpm
python3-3.6.15-150300.10.60.1.s390x.rpm
python3-base-3.6.15-150300.10.60.1.s390x.rpm
libpython3_6m1_0-3.6.15-150300.10.60.1.aarch64.rpm
python3-3.6.15-150300.10.60.1.aarch64.rpm
python3-base-3.6.15-150300.10.60.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1480
Security update for the Linux Kernel
important
SUSE Updates openSUSE-Leap-Micro 5.5
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-46925: Fixed kernel panic caused by race of smc_sock (bsc#1220466).
- CVE-2021-46926: Fixed bug when detecting controllers in ALSA/hda/intel-sdw-acpi (bsc#1220478).
- CVE-2021-46927: Fixed assertion bug in nitro_enclaves: Use get_user_pages_unlocked() (bsc#1220443).
- CVE-2021-46929: Fixed use-after-free issue in sctp_sock_dump() (bsc#1220482).
- CVE-2021-46930: Fixed usb/mtu3 list_head check warning (bsc#1220484).
- CVE-2021-46931: Fixed wrong type casting in mlx5e_tx_reporter_dump_sq() (bsc#1220486).
- CVE-2021-46933: Fixed possible underflow in ffs_data_clear() (bsc#1220487).
- CVE-2021-46934: Fixed a bug by validating user data in compat ioctl (bsc#1220469).
- CVE-2021-46936: Fixed use-after-free in tw_timer_handler() (bsc#1220439).
- CVE-2021-47082: Fixed ouble free in tun_free_netdev() (bsc#1220969).
- CVE-2021-47083: Fixed a global-out-of-bounds issue in mediatek: (bsc#1220917).
- CVE-2021-47087: Fixed incorrect page free bug in tee/optee (bsc#1220954).
- CVE-2021-47091: Fixed locking in ieee80211_start_ap()) error path (bsc#1220959).
- CVE-2021-47093: Fixed memleak on registration failure in intel_pmc_core (bsc#1220978).
- CVE-2021-47094: Fixed possible memory leak in KVM x86/mmu (bsc#1221551).
- CVE-2021-47095: Fixed missing initialization in ipmi/ssif (bsc#1220979).
- CVE-2021-47096: Fixed uninitalized user_pversion in ALSA rawmidi (bsc#1220981).
- CVE-2021-47097: Fixed stack out of bound access in elantech_change_report_id() (bsc#1220982).
- CVE-2021-47098: Fixed integer overflow/underflow in hysteresis calculations hwmon: (lm90) (bsc#1220983).
- CVE-2021-47099: Fixed BUG_ON assertion in veth when skb entering GRO are cloned (bsc#1220955).
- CVE-2021-47100: Fixed UAF when uninstall in ipmi (bsc#1220985).
- CVE-2021-47101: Fixed uninit-value in asix_mdio_read() (bsc#1220987).
- CVE-2021-47102: Fixed incorrect structure access In line: upper = info->upper_dev in net/marvell/prestera (bsc#1221009).
- CVE-2021-47104: Fixed memory leak in qib_user_sdma_queue_pkts() (bsc#1220960).
- CVE-2021-47105: Fixed potential memory leak in ice/xsk (bsc#1220961).
- CVE-2021-47107: Fixed READDIR buffer overflow in NFSD (bsc#1220965).
- CVE-2021-47108: Fixed possible NULL pointer dereference for mtk_hdmi_conf in drm/mediatek (bsc#1220986).
- CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635).
- CVE-2022-48626: Fixed a potential use-after-free on remove path moxart (bsc#1220366).
- CVE-2022-48627: Fixed a memory overlapping when deleting chars in the buffer (bsc#1220845).
- CVE-2022-48628: Fixed possible lock in ceph (bsc#1220848).
- CVE-2022-48629: Fixed possible memory leak in qcom-rng (bsc#1220989).
- CVE-2022-48630: Fixed infinite loop on requests not multiple of WORD_SZ in crypto: qcom-rng (bsc#1220990).
- CVE-2023-0160: Fixed deadlock flaw in BPF that could allow a local user to potentially crash the system (bsc#1209657).
- CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456).
- CVE-2023-35827: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1212514).
- CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221).
- CVE-2023-52447: Fixed map_fd_put_ptr() signature kABI workaround (bsc#1220251).
- CVE-2023-52450: Fixed NULL pointer dereference issue in upi_fill_topology() (bsc#1220237).
- CVE-2023-52453: Fixed data corruption in hisi_acc_vfio_pci (bsc#1220337).
- CVE-2023-52454: Fixed a kernel panic when host sends an invalid H2C PDU length (bsc#1220320).
- CVE-2023-52462: Fixed check for attempt to corrupt spilled pointer (bsc#1220325).
- CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328).
- CVE-2023-52467: Fixed a null pointer dereference in of_syscon_register (bsc#1220433).
- CVE-2023-52469: Fixed a use-after-free in kv_parse_power_table (bsc#1220411).
- CVE-2023-52470: Fixed null-ptr-deref in radeon_crtc_init() (bsc#1220413).
- CVE-2023-52474: Fixed a vulnerability with non-PAGE_SIZE-end multi-iovec user SDMA requests (bsc#1220445).
- CVE-2023-52476: Fixed possible unhandled page fault via perf sampling NMI during vsyscall (bsc#1220703).
- CVE-2023-52477: Fixed USB Hub accesses to uninitialized BOS descriptors (bsc#1220790).
- CVE-2023-52481: Fixed speculative unprivileged load in Cortex-A520 (bsc#1220887).
- CVE-2023-52482: Fixed a bug by adding SRSO mitigation for Hygon processors (bsc#1220735).
- CVE-2023-52484: Fixed a soft lockup triggered by arm_smmu_mm_invalidate_range (bsc#1220797).
- CVE-2023-52486: Fixed possible use-after-free in drm (bsc#1221277).
- CVE-2023-52492: Fixed a null-pointer-dereference in channel unregistration function __dma_async_device_channel_register() (bsc#1221276).
- CVE-2023-52493: Fixed possible soft lockup in bus/mhi/host (bsc#1221274).
- CVE-2023-52494: Fixed missing alignment check for event ring read pointer in bus/mhi/host (bsc#1221273).
- CVE-2023-52497: Fixed data corruption in erofs (bsc#1220879).
- CVE-2023-52500: Fixed information leaking when processing OPC_INB_SET_CONTROLLER_CONFIG command (bsc#1220883).
- CVE-2023-52501: Fixed possible memory corruption in ring-buffer (bsc#1220885).
- CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (bsc#1220831).
- CVE-2023-52504: Fixed possible out-of bounds in apply_alternatives() on a 5-level paging machine (bsc#1221553).
- CVE-2023-52507: Fixed possible shift-out-of-bounds in nfc/nci (bsc#1220833).
- CVE-2023-52508: Fixed null pointer dereference in nvme_fc_io_getuuid() (bsc#1221015).
- CVE-2023-52509: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1220836).
- CVE-2023-52510: Fixed a potential UAF in ca8210_probe() (bsc#1220898).
- CVE-2023-52511: Fixed possible memory corruption in spi/sun6i (bsc#1221012).
- CVE-2023-52513: Fixed connection failure handling in RDMA/siw (bsc#1221022).
- CVE-2023-52515: Fixed possible use-after-free in RDMA/srp (bsc#1221048).
- CVE-2023-52517: Fixed race between DMA RX transfer completion and RX FIFO drain in spi/sun6i (bsc#1221055).
- CVE-2023-52518: Fixed information leak in bluetooth/hci_codec (bsc#1221056).
- CVE-2023-52519: Fixed possible overflow in HID/intel-ish-hid/ipc (bsc#1220920).
- CVE-2023-52520: Fixed reference leak in platform/x86/think-lmi (bsc#1220921).
- CVE-2023-52523: Fixed wrong redirects to non-TCP sockets in bpf (bsc#1220926).
- CVE-2023-52524: Fixed possible corruption in nfc/llcp (bsc#1220927).
- CVE-2023-52525: Fixed out of bounds check mwifiex_process_rx_packet() (bsc#1220840).
- CVE-2023-52528: Fixed uninit-value access in __smsc75xx_read_reg() (bsc#1220843).
- CVE-2023-52529: Fixed a potential memory leak in sony_probe() (bsc#1220929).
- CVE-2023-52530: Fixed a potential key use-after-free in wifi mac80211 (bsc#1220930).
- CVE-2023-52531: Fixed a memory corruption issue in iwlwifi (bsc#1220931).
- CVE-2023-52532: Fixed a bug in TX CQE error handling (bsc#1220932).
- CVE-2023-52559: Fixed a bug by avoiding memory allocation in iommu_suspend (bsc#1220933).
- CVE-2023-52563: Fixed memory leak on ->hpd_notify callback() in drm/meson (bsc#1220937).
- CVE-2023-52564: Reverted invalid fix for UAF in gsm_cleanup_mux() (bsc#1220938).
- CVE-2023-52566: Fixed potential use after free in nilfs_gccache_submit_read_data() (bsc#1220940).
- CVE-2023-52567: Fixed possible Oops in serial/8250_port: when using IRQ polling (irq = 0) (bsc#1220839).
- CVE-2023-52569: Fixed a bug in btrfs by remoning BUG() after failure to insert delayed dir index item (bsc#1220918).
- CVE-2023-52574: Fixed a bug by hiding new member header_ops (bsc#1220870).
- CVE-2023-52575: Fixed SBPB enablement for spec_rstack_overflow=off (bsc#1220871).
- CVE-2023-52576: Fixed potential use after free in memblock_isolate_range() (bsc#1220872).
- CVE-2023-52582: Fixed possible oops in netfs (bsc#1220878).
- CVE-2023-52583: Fixed deadlock or deadcode of misusing dget() inside ceph (bsc#1221058).
- CVE-2023-52587: Fixed mcast list locking in IB/ipoib (bsc#1221082).
- CVE-2023-52591: Fixed a possible reiserfs filesystem corruption via directory renaming (bsc#1221044).
- CVE-2023-52594: Fixed potential array-index-out-of-bounds read in ath9k_htc_txstatus() (bsc#1221045).
- CVE-2023-52595: Fixed possible deadlock in wifi/rt2x00 (bsc#1221046).
- CVE-2023-52597: Fixed a setting of fpc register in KVM (bsc#1221040).
- CVE-2023-52598: Fixed wrong setting of fpc register in s390/ptrace (bsc#1221060).
- CVE-2023-52599: Fixed array-index-out-of-bounds in diNewExt() in jfs (bsc#1221062).
- CVE-2023-52600: Fixed uaf in jfs_evict_inode() (bsc#1221071).
- CVE-2023-52601: Fixed array-index-out-of-bounds in dbAdjTree() in jfs (bsc#1221068).
- CVE-2023-52602: Fixed slab-out-of-bounds Read in dtSearch() in jfs (bsc#1221070).
- CVE-2023-52603: Fixed array-index-out-of-bounds in dtSplitRoot() (bsc#1221066).
- CVE-2023-52604: Fixed array-index-out-of-bounds in dbAdjTree() (bsc#1221067).
- CVE-2023-52605: Fixed a NULL pointer dereference check (bsc#1221039)
- CVE-2023-52606: Fixed possible kernel stack corruption in powerpc/lib (bsc#1221069).
- CVE-2023-52607: Fixed a null-pointer-dereference in pgtable_cache_add kasprintf() (bsc#1221061).
- CVE-2023-52608: Fixed possible race condition in firmware/arm_scmi (bsc#1221375).
- CVE-2023-52612: Fixed req->dst buffer overflow in crypto/scomp (bsc#1221616).
- CVE-2023-52615: Fixed page fault dead lock on mmap-ed hwrng (bsc#1221614).
- CVE-2023-52617: Fixed stdev_release() crash after surprise hot remove (bsc#1221613).
- CVE-2023-52619: Fixed possible crash when setting number of cpus to an odd number in pstore/ram (bsc#1221618).
- CVE-2023-52621: Fixed missing asserion in bpf (bsc#1222073).
- CVE-2023-52623: Fixed suspicious RCU usage in SUNRPC (bsc#1222060).
- CVE-2023-52628: Fixed 4-byte stack OOB write in nftables (bsc#1222117).
- CVE-2023-52632: Fixed lock dependency warning with srcu in drm/amdkfd (bsc#1222274).
- CVE-2023-52637: Fixed UAF in j1939_sk_match_filter() in can/k1939 (bsc#1222291).
- CVE-2023-52639: Fixed race during shadow creation in KVM/s390/vsie Fixed (bsc#1222300).
- CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562).
- CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987).
- CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988).
- CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989).
- CVE-2023-7042: Fixed a null-pointer-dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (bsc#1218336).
- CVE-2023-7192: Fixed a memory leak problem in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c (bsc#1218479).
- CVE-2024-0841: Fixed a null pointer dereference in the hugetlbfs_fill_super function in hugetlbfs (HugeTLB pages) functionality (bsc#1219264).
- CVE-2024-2201: Fixed information leak in x86/BHI (bsc#1217339).
- CVE-2024-22099: Fixed a null-pointer-dereference in rfcomm_check_security (bsc#1219170).
- CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1219169).
- CVE-2024-25739: Fixed possible crash in create_empty_lvol() in drivers/mtd/ubi/vtbl.c (bsc#1219834).
- CVE-2024-25742: Fixed insufficient validation during #VC instruction emulation in x86/sev (bsc#1221725).
- CVE-2024-25743: Fixed insufficient validation during #VC instruction emulation in x86/sev (bsc#1221725).
- CVE-2024-26599: Fixed out-of-bounds access in of_pwm_single_xlate() (bsc#1220365).
- CVE-2024-26600: Fixed NULL pointer dereference for SRP in phy-omap-usb2 (bsc#1220340).
- CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398).
- CVE-2024-26607: Fixed a probing race issue in sii902x: (bsc#1220736).
- CVE-2024-26612: Fixed Oops in fscache_put_cache() This function dereferences (bsc#1221291).
- CVE-2024-26614: Fixed the initialization of accept_queue's spinlocks (bsc#1221293).
- CVE-2024-26620: Fixed possible device model violation in s390/vfio-ap (bsc#1221298).
- CVE-2024-26627: Fixed possible hard lockup in scsi (bsc#1221090).
- CVE-2024-26629: Fixed possible protocol violation via RELEASE_LOCKOWNER in nfsd (bsc#1221379).
- CVE-2024-26642: Fixed the set of anonymous timeout flag in netfilter nf_tables (bsc#1221830).
- CVE-2024-26645: Fixed missing visibility when inserting an element into tracing_map (bsc#1222056).
- CVE-2024-26646: Fixed potential memory corruption when resuming from suspend or hibernation in thermal/intel/hfi (bsc#1222070).
- CVE-2024-26651: Fixed possible oops via malicious devices in sr9800 (bsc#1221337).
- CVE-2024-26654: Fixed use after free in ALSA/sh/aica (bsc#1222304).
- CVE-2024-26659: Fixed wrong handling of isoc Babble and Buffer Overrun events in xhci (bsc#1222317).
- CVE-2024-26664: Fixed out-of-bounds memory access in create_core_data() in hwmon coretemp (bsc#1222355).
- CVE-2024-26667: Fixed null pointer reference in dpu_encoder_helper_phys_cleanup in drm/msm/dpu (bsc#1222331).
- CVE-2024-26670: Fixed ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD workaround in kernel arm64 (bsc#1222356).
- CVE-2024-26695: Fixed null pointer dereference in __sev_platform_shutdown_locked in crypto ccp (bsc#1222373).
- CVE-2024-26717: Fixed null pointer dereference on failed power up in HID i2c-hid-of (bsc#1222360).
The following non-security bugs were fixed:
- acpi: CPPC: enable AMD CPPC V2 support for family 17h processors (git-fixes).
- acpi: processor_idle: Fix memory leak in acpi_processor_power_exit() (git-fixes).
- acpi: resource: Add Infinity laptops to irq1_edge_low_force_override (stable-fixes).
- acpi: resource: Add MAIBENBEN X577 to irq1_edge_low_force_override (git-fixes).
- acpi: resource: Do IRQ override on Lunnen Ground laptops (stable-fixes).
- acpi: scan: Fix device check notification handling (git-fixes).
- acpica: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields() (git-fixes).
- alsa: aaci: Delete unused variable in aaci_do_suspend (git-fixes).
- alsa: aoa: avoid false-positive format truncation warning (git-fixes).
- alsa: aw2: avoid casting function pointers (git-fixes).
- alsa: ctxfi: avoid casting function pointers (git-fixes).
- alsa: hda/realtek - ALC285 reduce pop noise from Headphone port (stable-fixes).
- alsa: hda/realtek - Add Headset Mic supported Acer NB platform (stable-fixes).
- alsa: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform (git-fixes).
- alsa: hda/realtek: Enable Mute LED on HP 840 G8 (MB 8AB8) (git-fixes).
- alsa: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone (git-fixes).
- alsa: hda/realtek: fix ALC285 issues on HP Envy x360 laptops (stable-fixes).
- alsa: hda/realtek: fix mute/micmute LED For HP mt440 (git-fixes).
- alsa: hda/realtek: fix mute/micmute LEDs for HP EliteBook (stable-fixes).
- alsa: seq: fix function cast warnings (git-fixes).
- alsa: sh: aica: reorder cleanup operations to avoid UAF bugs (git-fixes).
- alsa: usb-audio: Stop parsing channels bits when all channels are found (git-fixes).
- arm64: dts: allwinner: h6: add rx dma channel for spdif (git-fixes)
- arm64: dts: broadcom: bcmbca: bcm4908: drop invalid switch cells (git-fixes)
- arm64: dts: imx8mm-kontron: add support for ultra high speed modes on (git-fixes)
- arm64: dts: imx8mm-venice-gw71xx: fix usb otg vbus (git-fixes)
- arm64: dts: marvell: reorder crypto interrupts on armada socs (git-fixes)
- arm64: dts: rockchip: add es8316 codec for rock pi 4 (git-fixes)
- arm64: dts: rockchip: add spdif node for rock pi 4 (git-fixes)
- arm64: dts: rockchip: fix regulator name on rk3399-rock-4 (git-fixes)
- arm64: dts: rockchip: set num-cs property for spi on px30 (git-fixes)
- arm64: mm: fix va-range sanity check (git-fixes)
- arm64: set __exception_irq_entry with __irq_entry as a default (git-fixes)
- asoc: Intel: bytcr_rt5640: Add an extra entry for the Chuwi Vi8 tablet (stable-fixes).
- asoc: amd: acp: Add missing error handling in sof-mach (git-fixes).
- asoc: amd: acp: fix for acp_init function error handling (git-fixes).
- asoc: madera: Fix typo in madera_set_fll_clks shift value (git-fixes).
- asoc: meson: Use dev_err_probe() helper (stable-fixes).
- asoc: meson: aiu: fix function pointer type mismatch (git-fixes).
- asoc: meson: axg-tdm-interface: add frame rate constraint (git-fixes).
- asoc: meson: axg-tdm-interface: fix mclk setup without mclk-fs (git-fixes).
- asoc: meson: t9015: fix function pointer type mismatch (git-fixes).
- asoc: ops: Fix wraparound for mask in snd_soc_get_volsw (git-fixes).
- asoc: rcar: adg: correct TIMSEL setting for SSI9 (git-fixes).
- asoc: rt5645: Make LattePanda board DMI match more precise (stable-fixes).
- asoc: rt5682-sdw: fix locking sequence (git-fixes).
- asoc: rt711-sdca: fix locking sequence (git-fixes).
- asoc: rt711-sdw: fix locking sequence (git-fixes).
- asoc: wm8962: Enable both SPKOUTR_ENA and SPKOUTL_ENA in mono mode (stable-fixes).
- asoc: wm8962: Enable oscillator if selecting WM8962_FLL_OSC (stable-fixes).
- asoc: wm8962: Fix up incorrect error message in wm8962_set_fll (stable-fixes).
- ata: sata_mv: fix pci device id table declaration compilation warning (git-fixes).
- ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit (git-fixes).
- backlight: da9052: fully initialize backlight_properties during probe (git-fixes).
- backlight: lm3630a: do not set bl->props.brightness in get_brightness (git-fixes).
- backlight: lm3630a: initialize backlight_properties on init (git-fixes).
- backlight: lm3639: fully initialize backlight_properties during probe (git-fixes).
- backlight: lp8788: fully initialize backlight_properties during probe (git-fixes).
- blocklayoutdriver: fix reference leak of pnfs_device_node (git-fixes).
- bluetooth: Remove HCI_POWER_OFF_TIMEOUT (git-fixes).
- bluetooth: Remove superfluous call to hci_conn_check_pending() (git-fixes).
- bluetooth: hci_core: Fix possible buffer overflow (git-fixes).
- bluetooth: mgmt: Remove leftover queuing of power_off work (git-fixes).
- bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security (stable-fixes).
- bpf, scripts: correct gpl license name (git-fixes).
- bpf, sockmap: fix preempt_rt splat when using raw_spin_lock_t (git-fixes).
- can: softing: remove redundant null check (git-fixes).
- clk: zynq: prevent null pointer dereference caused by kmalloc failure (git-fixes).
- comedi: comedi_test: prevent timers rescheduling during deletion (git-fixes).
- coresight: etm4x: do not access trcidr1 for identification (bsc#1220775)
- coresight: etm4x: fix accesses to trcseqrstevr and trcseqstr (bsc#1220775)
- coresight: etm: override trcidr3.ccitmin on errata affected cpus (bsc#1220775)
- cpufreq: amd-pstate: fix min_perf assignment in amd_pstate_adjust_perf() (git-fixes).
- cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value (git-fixes).
- crypto: arm/sha - fix function cast warnings (git-fixes).
- crypto: qat - avoid division by zero (git-fixes).
- crypto: qat - fix deadlock in backlog processing (git-fixes).
- crypto: qat - fix double free during reset (git-fixes).
- crypto: qat - fix state machines cleanup paths (bsc#1218321).
- crypto: qat - fix unregistration of compression algorithms (git-fixes).
- crypto: qat - fix unregistration of crypto algorithms (git-fixes).
- crypto: qat - ignore subsequent state up commands (git-fixes).
- crypto: qat - increase size of buffers (git-fixes).
- crypto: qat - resolve race condition during aer recovery (git-fixes).
- crypto: xilinx - call finalize with bh disabled (git-fixes).
- doc-guide: kernel-doc: tell about object-like macros (git-fixes).
- doc/readme.suse: update information about module support status (jsc#ped-5759)
- drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory (git-fixes).
- drm/amd/display: add fams validation before trying to use it (git-fixes).
- drm/amd/display: add fb_damage_clips support (git-fixes).
- drm/amd/display: add function for validate and update new stream (git-fixes).
- drm/amd/display: add odm case when looking for first split pipe (git-fixes).
- drm/amd/display: always switch off odm before committing more streams (git-fixes).
- drm/amd/display: avoid abm when odm combine is enabled for edp (git-fixes).
- drm/amd/display: blocking invalid 420 modes on hdmi tmds for dcn31 (git-fixes).
- drm/amd/display: check if link state is valid (git-fixes).
- drm/amd/display: clean code-style issues in dcn30_set_mpc_shaper_3dlut (git-fixes).
- drm/amd/display: copy dc context in the commit streams (git-fixes).
- drm/amd/display: dc.h: eliminate kernel-doc warnings (git-fixes).
- drm/amd/display: disable psr-su on parade 0803 tcon again (git-fixes).
- drm/amd/display: enable fast plane updates on dcn3.2 and above (git-fixes).
- drm/amd/display: enable new commit sequence only for dcn32x (git-fixes).
- drm/amd/display: ensure async flips are only accepted for fast updates (git-fixes).
- drm/amd/display: exit idle optimizations before attempt to access phy (git-fixes).
- drm/amd/display: expand kernel doc for dc (git-fixes).
- drm/amd/display: fix a bug when searching for insert_above_mpcc (git-fixes).
- drm/amd/display: fix a null pointer dereference in amdgpu_dm_i2c_xfer() (git-fixes).
- drm/amd/display: fix a potential buffer overflow in 'dp_dsc_clock_en_read()' (git-fixes).
- drm/amd/display: fix abm disablement (git-fixes).
- drm/amd/display: fix dc/core/dc.c kernel-doc (git-fixes).
- drm/amd/display: fix hw rotated modes when psr-su is enabled (git-fixes).
- drm/amd/display: fix kernel-doc issues in dc.h (git-fixes).
- drm/amd/display: fix possible underflow for displays with large vblank (git-fixes).
- drm/amd/display: fix the delta clamping for shaper lut (git-fixes).
- drm/amd/display: fix unbounded requesting for high pixel rate modes on dcn315 (git-fixes).
- drm/amd/display: fix underflow issue on 175hz timing (git-fixes).
- drm/amd/display: for prefetch mode > 0, extend prefetch if possible (git-fixes).
- drm/amd/display: guard against invalid rptr/wptr being set (git-fixes).
- drm/amd/display: guard dcn31 phyd32clk logic against chip family (git-fixes).
- drm/amd/display: handle range offsets in vrr ranges (stable-fixes).
- drm/amd/display: handle seamless boot stream (git-fixes).
- drm/amd/display: handle virtual hardware detect (git-fixes).
- drm/amd/display: include surface of unaffected streams (git-fixes).
- drm/amd/display: include udelay when waiting for inbox0 ack (git-fixes).
- drm/amd/display: increase frame warning limit with kasan or kcsan in dml (git-fixes).
- drm/amd/display: keep phy active for dp config (git-fixes).
- drm/amd/display: perform a bounds check before filling dirty rectangles (git-fixes).
- drm/amd/display: prevent vtotal from being set to 0 (git-fixes).
- drm/amd/display: remove min_dst_y_next_start check for z8 (git-fixes).
- drm/amd/display: restore rptr/wptr for dmcub as workaround (git-fixes).
- drm/amd/display: return the correct hdcp error code (stable-fixes).
- drm/amd/display: revert vblank change that causes null pointer crash (git-fixes).
- drm/amd/display: rework comments on dc file (git-fixes).
- drm/amd/display: rework context change check (git-fixes).
- drm/amd/display: set minimum requirement for using psr-su on phoenix (git-fixes).
- drm/amd/display: set minimum requirement for using psr-su on rembrandt (git-fixes).
- drm/amd/display: set per pipe dppclk to 0 when dpp is off (git-fixes).
- drm/amd/display: update correct dcn314 register header (git-fixes).
- drm/amd/display: update extended blank for dcn314 onwards (git-fixes).
- drm/amd/display: update min z8 residency time to 2100 for dcn314 (git-fixes).
- drm/amd/display: update otg instance in the commit stream (git-fixes).
- drm/amd/display: use dram speed from validation for dummy p-state (git-fixes).
- drm/amd/display: use dtbclk as refclk instead of dprefclk (git-fixes).
- drm/amd/display: use low clocks for no plane configs (git-fixes).
- drm/amd/display: use min transition for all subvp plane add/remove (git-fixes).
- drm/amd/display: write to correct dirty_rect (git-fixes).
- drm/amd/display: wrong colorimetry workaround (git-fixes).
- drm/amd/pm: fix a memleak in aldebaran_tables_init (git-fixes).
- drm/amd/pm: fix error of maco flag setting code (git-fixes).
- drm/amd/smu: use averagegfxclkfrequency* to replace previous gfx curr clock (git-fixes).
- drm/amd: enable pcie pme from d3 (git-fixes).
- drm/amdgpu/pm: fix the error of pwm1_enable setting (stable-fixes).
- drm/amdgpu/pm: make gfxclock consistent for sienna cichlid (git-fixes).
- drm/amdgpu/pm: make mclk consistent for smu 13.0.7 (git-fixes).
- drm/amdgpu/smu13: drop compute workload workaround (git-fixes).
- drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag (stable-fixes).
- drm/amdgpu: enable gpu reset for s3 abort cases on raven series (stable-fixes).
- drm/amdgpu: fix missing break in atom_arg_imm case of atom_get_src_int() (git-fixes).
- drm/amdgpu: force order between a read and write to the same address (git-fixes).
- drm/amdgpu: lower cs errors to debug severity (git-fixes).
- drm/amdgpu: match against exact bootloader status (git-fixes).
- drm/amdgpu: unset context priority is now invalid (git-fixes).
- drm/amdgpu: update min() to min_t() in 'amdgpu_info_ioctl' (git-fixes).
- drm/amdkfd: fix tlb flush after unmap for gfx9.4.2 (stable-fixes).
- drm/bridge: tc358762: instruct dsi host to generate hse packets (git-fixes).
- drm/display: fix typo (git-fixes).
- drm/edid: add quirk for osvr hdk 2.0 (git-fixes).
- drm/etnaviv: restore some id values (git-fixes).
- drm/exynos: do not return negative values from .get_modes() (stable-fixes).
- drm/exynos: fix a possible null-pointer dereference due to data race in exynos_drm_crtc_atomic_disable() (git-fixes).
- drm/i915/bios: tolerate devdata==null in intel_bios_encoder_supports_dp_dual_mode() (stable-fixes).
- drm/i915/gt: do not generate the command streamer for all the ccs (git-fixes).
- drm/i915/gt: reset queue_priority_hint on parking (git-fixes).
- drm/i915/gt: use i915_vm_put on ppgtt_create error paths (git-fixes).
- drm/i915/selftests: fix dependency of some timeouts on hz (git-fixes).
- drm/i915: add missing ccs documentation (git-fixes).
- drm/i915: call intel_pre_plane_updates() also for pipes getting enabled (git-fixes).
- drm/i915: check before removing mm notifier (git-fixes).
- drm/lima: fix a memleak in lima_heap_alloc (git-fixes).
- drm/mediatek: dsi: fix dsi rgb666 formats and definitions (git-fixes).
- drm/mediatek: fix a null pointer crash in mtk_drm_crtc_finish_page_flip (git-fixes).
- drm/msm/dpu: add division of drm_display_mode's hskew parameter (git-fixes).
- drm/msm/dpu: fix the programming of intf_cfg2_data_hctl_en (git-fixes).
- drm/msm/dpu: improve dsc allocation (git-fixes).
- drm/msm/dpu: only enable dsc_mode_multiplex if dsc_merge is enabled (git-fixes).
- drm/panel-edp: use put_sync in unprepare (git-fixes).
- drm/panel: auo,b101uan08.3: fine tune the panel power sequence (git-fixes).
- drm/panel: boe-tv101wum-nl6: fine tune the panel power sequence (git-fixes).
- drm/panel: do not return negative error codes from drm_panel_get_modes() (stable-fixes).
- drm/panel: move aux b116xw03 out of panel-edp back to panel-simple (git-fixes).
- drm/panfrost: fix power transition timeout warnings (git-fixes).
- drm/probe-helper: warn about negative .get_modes() (stable-fixes).
- drm/qxl: remove unused `count` variable from `qxl_surface_id_alloc()` (git-fixes).
- drm/qxl: remove unused variable from `qxl_process_single_command()` (git-fixes).
- drm/radeon/ni: fix wrong firmware size logging in ni_init_microcode() (git-fixes).
- drm/radeon/ni_dpm: remove redundant null check (git-fixes).
- drm/radeon: remove dead code in ni_mc_load_microcode() (git-fixes).
- drm/rockchip: dsi: clean up 'usage_mode' when failing to attach (git-fixes).
- drm/rockchip: inno_hdmi: fix video timing (git-fixes).
- drm/rockchip: lvds: do not overwrite error code (git-fixes).
- drm/rockchip: lvds: do not print scary message when probing defer (git-fixes).
- drm/tegra: dpaux: fix pm disable depth imbalance in tegra_dpaux_probe (git-fixes).
- drm/tegra: dsi: add missing check for of_find_device_by_node (git-fixes).
- drm/tegra: dsi: fix missing pm_runtime_disable() in the error handling path of tegra_dsi_probe() (git-fixes).
- drm/tegra: dsi: fix some error handling paths in tegra_dsi_probe() (git-fixes).
- drm/tegra: dsi: make use of the helper function dev_err_probe() (stable-fixes).
- drm/tegra: hdmi: convert to devm_platform_ioremap_resource() (stable-fixes).
- drm/tegra: hdmi: fix some error handling paths in tegra_hdmi_probe() (git-fixes).
- drm/tegra: output: fix missing i2c_put_adapter() in the error handling paths of tegra_output_probe() (git-fixes).
- drm/tegra: put drm_gem_object ref on error in tegra_fb_create (git-fixes).
- drm/tegra: rgb: fix missing clk_put() in the error handling paths of tegra_dc_rgb_probe() (git-fixes).
- drm/tegra: rgb: fix some error handling paths in tegra_dc_rgb_probe() (git-fixes).
- drm/tidss: fix initial plane zpos values (git-fixes).
- drm/tidss: fix sync-lost issue with two displays (git-fixes).
- drm/ttm: do not leak a resource on eviction error (git-fixes).
- drm/ttm: do not print error message if eviction was interrupted (git-fixes).
- drm/vc4: add module dependency on hdmi-codec (git-fixes).
- drm/vmwgfx: create debugfs ttm_resource_manager entry only if needed (git-fixes).
- drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node (git-fixes).
- drm/vmwgfx: fix possible null pointer derefence with invalid contexts (git-fixes).
- drm: do not treat 0 as -1 in drm_fixp2int_ceil (git-fixes).
- drm: fix drm_fixp2int_round() making it add 0.5 (git-fixes).
- drm: panel-orientation-quirks: add quirk for acer switch v 10 (sw5-017) (git-fixes).
- firewire: core: use long bus reset on gap count error (stable-fixes).
- fix "coresight: etm4x: Change etm4_platform_driver driver for MMIO devices" (bsc#1220775)
- hid: amd_sfh: Update HPD sensor structure elements (git-fixes).
- hid: lenovo: Add middleclick_workaround sysfs knob for cptkbd (git-fixes).
- hid: multitouch: Add required quirk for Synaptics 0xcddc device (stable-fixes).
- hv_netvsc: calculate correct ring size when page_size is not 4 kbytes (git-fixes).
- hv_netvsc: fix race condition between netvsc_probe and netvsc_remove (git-fixes).
- hv_netvsc: register vf in netvsc_probe if net_device_register missed (git-fixes).
- i2c: aspeed: fix the dummy irq expected print (git-fixes).
- i2c: i801: avoid potential double call to gpiod_remove_lookup_table (git-fixes).
- i2c: wmt: fix an error handling path in wmt_i2c_probe() (git-fixes).
- ib/ipoib: Fix mcast list locking (git-fixes)
- iio: dummy_evgen: remove excess kernel-doc comments (git-fixes).
- iio: pressure: dlhl60d: initialize empty dlh bytes (git-fixes).
- input: gpio_keys_polled - suppress deferred probe error for gpio (stable-fixes).
- input: i8042 - add Fujitsu Lifebook E5411 to i8042 quirk table (git-fixes).
- input: i8042 - add Fujitsu Lifebook U728 to i8042 quirk table (git-fixes).
- input: i8042 - add quirk for Fujitsu Lifebook A574/H (git-fixes).
- input: i8042 - fix strange behavior of touchpad on Clevo NS70PU (git-fixes).
- input: pm8941-powerkey - fix debounce on gen2+ PMICs (git-fixes).
- input: pm8941-pwrkey - add software key press debouncing support (git-fixes).
- input: pm8941-pwrkey - add support for PON GEN3 base addresses (git-fixes).
- input: synaptics-rmi4 - fix UAF of IRQ domain on driver removal (git-fixes).
- input: xpad - add Lenovo Legion Go controllers (git-fixes).
- iommu/amd: mark interrupt as managed (git-fixes).
- iommu/dma: trace bounce buffer usage when mapping buffers (git-fixes).
- iommu/mediatek-v1: fix an error handling path in mtk_iommu_v1_probe() (git-fixes).
- iommu/mediatek: fix forever loop in error handling (git-fixes).
- iommu/vt-d: allow to use flush-queue when first level is default (git-fixes).
- iommu/vt-d: do not issue ats invalidation request when device is disconnected (git-fixes).
- iommu/vt-d: fix pasid directory pointer coherency (git-fixes).
- iommu/vt-d: set no execute enable bit in pasid table entry (git-fixes).
- kabi: pci: add locking to rmw pci express capability register accessors (kabi).
- kconfig: fix infinite loop when expanding a macro at the end of file (git-fixes).
- kvm: s390: only deliver the set service event bits (git-fixes bsc#1221631).
- lan78xx: enable auto speed configuration for lan7850 if no eeprom is detected (git-commit).
- leds: aw2013: unlock mutex before destroying it (git-fixes).
- lib/cmdline: fix an invalid format specifier in an assertion msg (git-fixes).
- make nvidiA Grace-Hopper TPM related drivers build-ins (bsc#1221156)
- md/raid10: check slab-out-of-bounds in md_bitmap_get_counter (git-fixes).
- md/raid5: release batch_last before waiting for another stripe_head (git-fixes).
- md/raid6: use valid sector values to determine if an i/o should wait on the reshape (git-fixes).
- md: do not ignore suspended array in md_check_recovery() (git-fixes).
- md: do not leave 'md_recovery_frozen' in error path of md_set_readonly() (git-fixes).
- md: fix data corruption for raid456 when reshape restart while grow up (git-fixes).
- md: introduce md_ro_state (git-fixes).
- md: make sure md_do_sync() will set md_recovery_done (git-fixes).
- md: whenassemble the array, consult the superblock of the freshest device (git-fixes).
- media: dvb-frontends: avoid stack overflow warnings with clang (git-fixes).
- media: edia: dvbdev: fix a use-after-free (git-fixes).
- media: em28xx: annotate unchecked call to media_device_register() (git-fixes).
- media: go7007: add check of return value of go7007_read_addr() (git-fixes).
- media: go7007: fix a memleak in go7007_load_encoder (git-fixes).
- media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak (git-fixes).
- media: pvrusb2: fix pvr2_stream_callback casts (git-fixes).
- media: pvrusb2: fix uaf in pvr2_context_set_notify (git-fixes).
- media: pvrusb2: remove redundant null check (git-fixes).
- media: staging: ipu3-imgu: set fields before media_entity_pads_init() (git-fixes).
- media: sun8i-di: fix chroma difference threshold (git-fixes).
- media: sun8i-di: fix coefficient writes (git-fixes).
- media: sun8i-di: fix power on/off sequences (git-fixes).
- media: tc358743: register v4l2 async device only after successful setup (git-fixes).
- media: ttpci: fix two memleaks in budget_av_attach (git-fixes).
- media: usbtv: remove useless locks in usbtv_video_free() (git-fixes).
- media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity (git-fixes).
- media: v4l2-tpg: fix some memleaks in tpg_alloc (git-fixes).
- media: xc4000: fix atomicity violation in xc4000_get_frequency (git-fixes).
- mfd: altera-sysmgr: call of_node_put() only when of_parse_phandle() takes a ref (git-fixes).
- mfd: syscon: call of_node_put() only when of_parse_phandle() takes a ref (git-fixes).
- mm,page_owner: Defer enablement of static branch (bsc#1222366).
- mm,page_owner: check for null stack_record before bumping its refcount (bsc#1222366).
- mm,page_owner: drop unnecessary check (bsc#1222366).
- mm,page_owner: fix accounting of pages when migrating (bsc#1222366).
- mm,page_owner: fix printing of stack records (bsc#1222366).
- mm,page_owner: fix recursion (bsc#1222366).
- mm,page_owner: fix refcount imbalance (bsc#1222366).
- mm,page_owner: update metadata for tail pages (bsc#1222366).
- mm/vmalloc: huge vmalloc backing pages should be split rather than compound (bsc#1217829).
- mmc: core: avoid negative index with array access (git-fixes).
- mmc: core: fix switch on gp3 partition (git-fixes).
- mmc: core: initialize mmc_blk_ioc_data (git-fixes).
- mmc: mmci: stm32: fix dma api overlapping mappings warning (git-fixes).
- mmc: mmci: stm32: use a buffer for unaligned dma requests (git-fixes).
- mmc: tmio: avoid concurrent runs of mmc_request_done() (git-fixes).
- mmc: wmt-sdmmc: remove an incorrect release_mem_region() call in the .remove function (git-fixes).
- mtd: maps: physmap-core: fix flash size larger than 32-bit (git-fixes).
- mtd: rawnand: lpc32xx_mlc: fix irq handler prototype (git-fixes).
- mtd: rawnand: meson: fix scrambling mode value in command macro (git-fixes).
- net/bnx2x: prevent access to a freed page in page_pool (bsc#1215322).
- net/x25: fix incorrect parameter validation in the x25_getsockopt() function (git-fixes).
- net: fix features skip in for_each_netdev_feature() (git-fixes).
- net: lan78xx: fix runtime pm count underflow on link stop (git-fixes).
- net: ll_temac: platform_get_resource replaced by wrong function (git-fixes).
- net: mana: fix rx dma datasize and skb_over_panic (git-fixes).
- net: phy: fix phy_get_internal_delay accessing an empty array (git-fixes).
- net: sunrpc: fix an off by one in rpc_sockaddr2uaddr() (git-fixes).
- net: usb: dm9601: fix wrong return value in dm9601_mdio_read (git-fixes).
- nfc: nci: fix uninit-value in nci_dev_up and nci_ntf_packet (git-fixes).
- nfs: fix an off by one in root_nfs_cat() (git-fixes).
- nfs: rename nfs_client_kset to nfs_kset (git-fixes).
- nfsd: change LISTXATTRS cookie encoding to big-endian (git-fixes).
- nfsd: convert the callback workqueue to use delayed_work (git-fixes).
- nfsd: do not take fi_lock in nfsd_break_deleg_cb() (git-fixes).
- nfsd: fix LISTXATTRS returning a short list with eof=TRUE (git-fixes).
- nfsd: fix LISTXATTRS returning more bytes than maxcount (git-fixes).
- nfsd: fix file memleak on client_opens_release (git-fixes).
- nfsd: fix nfsd4_listxattr_validate_cookie (git-fixes).
- nfsd: lock_rename() needs both directories to live on the same fs (git-fixes).
- nfsd: reschedule CB operations when backchannel rpc_clnt is shut down (git-fixes).
- nfsd: reset cb_seq_status after NFS4ERR_DELAY (git-fixes).
- nfsd: retransmit callbacks after client reconnects (git-fixes).
- nfsd: use vfs setgid helper (git-fixes).
- nfsv4.1/pnfs: Ensure we handle the error NFS4ERR_RETURNCONFLICT (git-fixes).
- nfsv4.1: fix SP4_MACH_CRED protection for pnfs IO (git-fixes).
- nfsv4.1: fixup use EXCHGID4_FLAG_USE_PNFS_DS for DS server (git-fixes).
- nfsv4.1: use EXCHGID4_FLAG_USE_PNFS_DS for DS server (git-fixes).
- nfsv4.2: fix listxattr maximum XDR buffer size (git-fixes).
- nfsv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102 (git-fixes).
- nfsv4.2: fix wrong shrinker_id (git-fixes).
- nfsv4: fix a nfs4_state_manager() race (git-fixes).
- nfsv4: fix a state manager thread deadlock regression (git-fixes).
- nilfs2: fix failure to detect dat corruption in btree and direct mappings (git-fixes).
- nilfs2: prevent kernel bug at submit_bh_wbc() (git-fixes).
- nouveau/dmem: handle kcalloc() allocation failure (git-fixes).
- nouveau: reset the bo resource bus info after an eviction (git-fixes).
- ntfs: fix use-after-free in ntfs_ucsncmp() (bsc#1221713).
- nvme-fc: do not wait in vain when unloading module (git-fixes).
- nvme: fix reconnection fail due to reserved tag allocation (git-fixes).
- nvmet-fc: abort command when there is no binding (git-fixes).
- nvmet-fc: avoid deadlock on delete association path (git-fixes).
- nvmet-fc: defer cleanup using rcu properly (git-fixes).
- nvmet-fc: hold reference on hostport match (git-fixes).
- nvmet-fc: release reference on target port (git-fixes).
- nvmet-fc: take ref count on tgtport before delete assoc (git-fixes).
- nvmet-fcloop: swap the list_add_tail arguments (git-fixes).
- nvmet-tcp: fix nvme tcp ida memory leak (git-fixes).
- pci/aer: fix rootport attribute paths in ABI docs (git-fixes).
- pci/aspm: Use RMW accessors for changing LNKCTL (git-fixes).
- pci/dpc: print all TLP Prefixes, not just the first (git-fixes).
- pci/msi: prevent MSI hardware interrupt number truncation (bsc#1218777)
- pci/p2pdma: Fix a sleeping issue in a RCU read section (git-fixes).
- pci: add locking to RMW PCI Express Capability Register accessors (git-fixes).
- pci: dwc: Fix a 64bit bug in dw_pcie_ep_raise_msix_irq() (git-fixes).
- pci: dwc: endpoint: Fix advertised resizable BAR size (git-fixes).
- pci: dwc: endpoint: Fix dw_pcie_ep_raise_msix_irq() alignment support (git-fixes).
- pci: fu740: Set the number of MSI vectors (git-fixes).
- pci: lengthen reset delay for VideoPropulsion Torrent QN16e card (git-fixes).
- pci: make link retraining use RMW accessors for changing LNKCTL (git-fixes).
- pci: mark 3ware-9650SE Root Port Extended Tags as broken (git-fixes).
- pci: mediatek-gen3: Fix translation window size calculation (git-fixes).
- pci: mediatek: Clear interrupt status before dispatching handler (git-fixes).
- pci: qcom: Enable BDF to SID translation properly (git-fixes).
- pci: qcom: Use DWC helpers for modifying the read-only DBI registers (git-fixes).
- pci: rockchip: Do not advertise MSI-X in PCIe capabilities (git-fixes).
- pci: rockchip: Fix window mapping and address translation for endpoint (git-fixes).
- pci: rockchip: Use 64-bit mask on MSI 64-bit PCI address (git-fixes).
- pci: switchtec: Fix an error handling path in switchtec_pci_probe() (git-fixes).
- pinctrl: mediatek: drop bogus slew rate register range for mt8192 (git-fixes).
- platform/mellanox: mlxreg-hotplug: Remove redundant NULL-check (git-fixes).
- pm: suspend: Set mem_sleep_current during kernel command line setup (git-fixes).
- pnfs/flexfiles: check the layout validity in ff_layout_mirror_prepare_stats (git-fixes).
- pnfs: fix a hang in nfs4_evict_inode() (git-fixes).
- pnfs: fix the pnfs block driver's calculation of layoutget size (git-fixes).
- powerpc/64s: POWER10 CPU Kconfig build option (bsc#1194869).
- powerpc/boot: Disable power10 features after BOOTAFLAGS assignment (bsc#1194869).
- powerpc/boot: Fix boot wrapper code generation with CONFIG_POWER10_CPU (bsc#1194869).
- powerpc/lib/sstep: Do not use __{get/put}_user() on kernel addresses (bsc#1194869).
- powerpc/lib/sstep: Remove unneeded #ifdef __powerpc64__ (bsc#1194869).
- powerpc/lib/sstep: Use l1_dcache_bytes() instead of opencoding (bsc#1194869).
- powerpc/lib/sstep: use truncate_if_32bit() (bsc#1194869).
- powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV (bsc#1220492 ltc#205270).
- powerpc/pseries: Fix potential memleak in papr_get_attr() (bsc#1200465 ltc#197256 jsc#SLE-18130 git-fixes).
- powerpc/sstep: Use bitwise instead of arithmetic operator for flags (bsc#1194869).
- powerpc: add compile-time support for lbarx, lharx (bsc#1194869).
- pwm: mediatek: Update kernel doc for struct pwm_mediatek_of_data (git-fixes).
- qedf: Do not process stag work during unload (bsc#1214852).
- qedf: Wait for stag work during unload (bsc#1214852).
- raid1: fix use-after-free for original bio in raid1_write_request() (bsc#1221097).
- ras/amd/fmpm: Add debugfs interface to print record entries (jsc#PED-7619).
- ras/amd/fmpm: Avoid NULL ptr deref in get_saved_records() (jsc#PED-7619).
- ras/amd/fmpm: Fix build when debugfs is not enabled (jsc#PED-7619).
- ras/amd/fmpm: Fix off by one when unwinding on error (jsc#PED-7619).
- ras/amd/fmpm: Safely handle saved records of various sizes (jsc#PED-7619).
- ras/amd/fmpm: Save SPA values (jsc#PED-7619).
- ras: Avoid build errors when CONFIG_DEBUG_FS=n (git-fixes).
- ras: export helper to get ras_debugfs_dir (jsc#PED-7619).
- rdma/device: fix a race between mad_client and cm_client init (git-fixes)
- rdma/hns: fix mis-modifying default congestion control algorithm (git-fixes)
- rdma/ipoib: fix error code return in ipoib_mcast_join (git-fixes)
- rdma/irdma: remove duplicate assignment (git-fixes)
- rdma/mana_ib: fix bug in creation of dma regions (git-fixes).
- rdma/mlx5: fix fortify source warning while accessing eth segment (git-fixes)
- rdma/mlx5: relax devx access upon modify commands (git-fixes)
- rdma/rtrs-clt: check strnlen return len in sysfs mpath_policy_store() (git-fixes)
- rdma/srpt: do not register event handler until srpt device is fully setup (git-fixes)
- revert "drm/amd: disable psr-su on parade 0803 tcon" (git-fixes).
- revert "drm/amd: disable s/g for apus when 64gb or more host memory" (git-fixes).
- revert "drm/amdgpu/display: change pipe policy for dcn 2.0" (git-fixes).
- revert "drm/amdgpu/display: change pipe policy for dcn 2.1" (git-fixes).
- revert "drm/vc4: hdmi: enforce the minimum rate at runtime_resume" (git-fixes).
- revert "fbdev: flush deferred io before closing (git-fixes)." (bsc#1221814)
- revert "pci: tegra194: enable support for 256 byte payload" (git-fixes).
- revert "revert "drm/amdgpu/display: change pipe policy for dcn 2.0"" (git-fixes).
- revert "sunrpc dont update timeout value on connection reset" (git-fixes).
- ring-buffer: Clean ring_buffer_poll_wait() error return (git-fixes).
- rtc: mt6397: select IRQ_DOMAIN instead of depending on it (git-fixes).
- s390/pai: fix attr_event_free upper limit for pai device drivers (git-fixes bsc#1221633).
- s390/vfio-ap: realize the VFIO_DEVICE_GET_IRQ_INFO ioctl (bsc#1205316).
- s390/vfio-ap: realize the VFIO_DEVICE_SET_IRQS ioctl (bsc#1205316).
- s390/vfio-ap: wire in the vfio_device_ops request callback (bsc#1205316).
- s390/vtime: fix average steal time calculation (git-fixes bsc#1221951).
- sched/rt: Disallow writing invalid values to sched_rt_period_us (bsc#1220176).
- sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset (bsc#1220176).
- scsi: lpfc: Correct size for cmdwqe/rspwqe for memset() (bsc#1221777).
- scsi: lpfc: Correct size for wqe for memset() (bsc#1221777).
- scsi: lpfc: Define lpfc_dmabuf type for ctx_buf ptr (bsc#1221777).
- scsi: lpfc: Define lpfc_nodelist type for ctx_ndlp ptr (bsc#1221777).
- scsi: lpfc: Define types in a union for generic void *context3 ptr (bsc#1221777).
- scsi: lpfc: Move NPIV's transport unregistration to after resource clean up (bsc#1221777).
- scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1221777).
- scsi: lpfc: Remove IRQF_ONESHOT flag from threaded IRQ handling (bsc#1221777 bsc#1217959).
- scsi: lpfc: Remove unnecessary log message in queuecommand path (bsc#1221777).
- scsi: lpfc: Replace hbalock with ndlp lock in lpfc_nvme_unregister_port() (bsc#1221777).
- scsi: lpfc: Update lpfc version to 14.4.0.1 (bsc#1221777).
- scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic (bsc#1221777).
- scsi: lpfc: Use a dedicated lock for ras_fwlog state (bsc#1221777).
- scsi: qedf: Remove set but unused variable 'page' (bsc#1214852).
- scsi: qedf: Remove unused 'num_handled' variable (bsc#1214852).
- scsi: qedf: Remove unused declaration (bsc#1214852).
- scsi: qla2xxx: Change debug message during driver unload (bsc1221816).
- scsi: qla2xxx: Delay I/O Abort on PCI error (bsc1221816).
- scsi: qla2xxx: Fix N2N stuck connection (bsc1221816).
- scsi: qla2xxx: Fix command flush on cable pull (bsc1221816).
- scsi: qla2xxx: Fix double free of fcport (bsc1221816).
- scsi: qla2xxx: Fix double free of the ha->vp_map pointer (bsc1221816).
- scsi: qla2xxx: NVME|FCP prefer flag not being honored (bsc1221816).
- scsi: qla2xxx: Prevent command send on chip reset (bsc1221816).
- scsi: qla2xxx: Split FCE|EFT trace control (bsc1221816).
- scsi: qla2xxx: Update manufacturer detail (bsc1221816).
- scsi: qla2xxx: Update version to 10.02.09.200-k (bsc1221816).
- scsi: storvsc: Fix ring buffer size calculation (git-fixes).
- scsi: target: core: Silence the message about unknown VPD pages (bsc#1221252).
- selftests/bpf: add generic BPF program tester-loader (bsc#1222033).
- serial: 8250_exar: Do not remove GPIO device on suspend (git-fixes).
- serial: max310x: fix syntax error in IRQ error message (git-fixes).
- slimbus: core: Remove usage of the deprecated ida_simple_xx() API (git-fixes).
- soc: fsl: qbman: Always disable interrupts when taking cgr_lock (git-fixes).
- spi: lm70llp: fix links in doc and comments (git-fixes).
- spi: spi-mt65xx: Fix NULL pointer access in interrupt handler (git-fixes).
- sr9800: Add check for usbnet_get_endpoints (git-fixes).
- stackdepot: rename pool_index to pool_index_plus_1 (git-fixes).
- staging: vc04_services: fix information leak in create_component() (git-fixes).
- sunrpc: add an is_err() check back to where it was (git-fixes).
- sunrpc: econnreset might require a rebind (git-fixes).
- sunrpc: fix a memleak in gss_import_v2_context (git-fixes).
- sunrpc: fix a suspicious rcu usage warning (git-fixes).
- sunrpc: fix rpc client cleaned up the freed pipefs dentries (git-fixes).
- sunrpc: fix some memleaks in gssx_dec_option_array (git-fixes).
- svcrdma: Drop connection after an RDMA Read error (git-fixes).
- topology/sysfs: Hide PPIN on systems that do not support it (jsc#PED-7618).
- topology: Fix up build warning in topology_is_visible() (jsc#PED-7618).
- tracing/probes: Fix to show a parse error for bad type for $comm (git-fixes).
- tracing: Fix wasted memory in saved_cmdlines logic (git-fixes).
- tracing: Inform kmemleak of saved_cmdlines allocation (git-fixes).
- tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc (bsc#1222619).
- tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled (git-fixes).
- tty: serial: samsung: fix tx_empty() to return TIOCSER_TEMT (git-fixes).
- tty: vt: fix 20 vs 0x20 typo in EScsiignore (git-fixes).
- ubifs: Queue up space reservation tasks if retrying many times (git-fixes).
- ubifs: Remove unreachable code in dbg_check_ltab_lnum (git-fixes).
- ubifs: Set page uptodate in the correct place (git-fixes).
- ubifs: dbg_check_idx_size: Fix kmemleak if loading znode failed (git-fixes).
- ubifs: fix sort function prototype (git-fixes).
- usb: audio-v2: Correct comments for struct uac_clock_selector_descriptor (git-fixes).
- usb: cdc-wdm: close race between read and workqueue (git-fixes).
- usb: core: fix deadlock in usb_deauthorize_interface() (git-fixes).
- usb: dwc2: gadget: Fix exiting from clock gating (git-fixes).
- usb: dwc2: gadget: LPM flow fix (git-fixes).
- usb: dwc2: host: Fix ISOC flow in DDMA mode (git-fixes).
- usb: dwc2: host: Fix hibernation flow (git-fixes).
- usb: dwc2: host: Fix remote wakeup from hibernation (git-fixes).
- usb: dwc3: Properly set system wakeup (git-fixes).
- usb: f_mass_storage: forbid async queue when shutdown happen (git-fixes).
- usb: gadget: ncm: Fix handling of zero block length packets (git-fixes).
- usb: gadget: net2272: Use irqflags in the call to net2272_probe_fin (git-fixes).
- usb: hub: Replace hardcoded quirk value with BIT() macro (git-fixes).
- usb: port: Do not try to peer unused USB ports based on location (git-fixes).
- usb: typec: Return size of buffer if pd_set operation succeeds (git-fixes).
- usb: typec: ucsi: Check for notifications after init (git-fixes).
- usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros (git-fixes).
- usb: typec: ucsi: Clear EVENT_PENDING under PPM lock (git-fixes).
- usb: usb-storage: prevent divide-by-0 error in isd200_ata_command (git-fixes).
- usb: xhci: Add error handling in xhci_map_urb_for_dma (git-fixes).
- vboxsf: Avoid an spurious warning if load_nls_xxx() fails (git-fixes).
- vt: fix unicode buffer corruption when deleting characters (git-fixes).
- watchdog: stm32_iwdg: initialize default timeout (git-fixes).
- wifi: ath10k: fix NULL pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (git-fixes).
- wifi: ath11k: decrease MHI channel buffer length to 8KB (bsc#1207948).
- wifi: ath11k: initialize rx_mcs_80 and rx_mcs_160 before use (git-fixes).
- wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete (git-fixes).
- wifi: b43: Disable QoS for bcm4331 (git-fixes).
- wifi: b43: Stop correct queue in DMA worker when QoS is disabled (git-fixes).
- wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled (git-fixes).
- wifi: b43: Stop/wake correct queue in PIO Tx path when QoS is disabled (git-fixes).
- wifi: brcmfmac: fix copyright year mentioned in platform_data header (git-fixes).
- wifi: brcmsmac: avoid function pointer casts (git-fixes).
- wifi: iwlwifi: dbg-tlv: ensure NUL termination (git-fixes).
- wifi: iwlwifi: fix EWRD table validity check (git-fixes).
- wifi: iwlwifi: fw: do not always use FW dump trig (git-fixes).
- wifi: iwlwifi: mvm: do not set replay counters to 0xff (git-fixes).
- wifi: iwlwifi: mvm: report beacon protection failures (git-fixes).
- wifi: iwlwifi: mvm: rfi: fix potential response leaks (git-fixes).
- wifi: iwlwifi: mvm: use FW rate for non-data only on new devices (git-fixes).
- wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() (git-fixes).
- wifi: mwifiex: debugfs: Drop unnecessary error check for debugfs_create_dir() (git-fixes).
- wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work (git-fixes).
- wifi: rtw88: 8821c: Fix false alarm count (git-fixes).
- wifi: wilc1000: fix RCU usage in connect path (git-fixes).
- wifi: wilc1000: fix declarations ordering (stable-fixes).
- wifi: wilc1000: fix multi-vif management when deleting a vif (git-fixes).
- wifi: wilc1000: prevent use-after-free on vif when cleaning up all interfaces (git-fixes).
- x86/CPU/AMD: Update the Zenbleed microcode revisions (git-fixes).
- x86/bugs: Fix the SRSO mitigation on Zen3/4 (git-fixes).
- x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD (git-fixes).
- xhci: handle isoc Babble and Buffer Overrun events properly (git-fixes).
- xhci: process isoc TD properly when there was a transaction error mid TD (git-fixes).
kernel-default-5.14.21-150500.55.59.1.nosrc.rpm
True
kernel-default-5.14.21-150500.55.59.1.x86_64.rpm
True
kernel-default-base-5.14.21-150500.55.59.1.150500.6.25.7.src.rpm
True
kernel-default-base-5.14.21-150500.55.59.1.150500.6.25.7.x86_64.rpm
True
kernel-default-5.14.21-150500.55.59.1.s390x.rpm
True
kernel-default-5.14.21-150500.55.59.1.aarch64.rpm
True
kernel-default-base-5.14.21-150500.55.59.1.150500.6.25.7.aarch64.rpm
True
openSUSE-Leap-Micro-5.5-2024-1271
Security update for gnutls
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for gnutls fixes the following issues:
- CVE-2024-28834: Fixed side-channel in the deterministic ECDSA (bsc#1221746)
- CVE-2024-28835: Fixed denial of service during certificate chain verification (bsc#1221747)
Other fixes:
- jitterentropy: Release the memory of the entropy collector when
using jitterentropy with phtreads as there is also a
pre-intitization done in the main thread (bsc#1221242)
gnutls-3.7.3-150400.4.44.1.src.rpm
gnutls-3.7.3-150400.4.44.1.x86_64.rpm
libgnutls30-3.7.3-150400.4.44.1.x86_64.rpm
libgnutls30-hmac-3.7.3-150400.4.44.1.x86_64.rpm
gnutls-3.7.3-150400.4.44.1.s390x.rpm
libgnutls30-3.7.3-150400.4.44.1.s390x.rpm
libgnutls30-hmac-3.7.3-150400.4.44.1.s390x.rpm
gnutls-3.7.3-150400.4.44.1.aarch64.rpm
libgnutls30-3.7.3-150400.4.44.1.aarch64.rpm
libgnutls30-hmac-3.7.3-150400.4.44.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1255
Recommended update for s390-tools
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for s390-tools fixes the following issue:
- Applied patches to implement new IBM host-key subject locality (bsc#1222414)
s390-tools-2.30.0-150500.9.13.1.src.rpm
s390-tools-2.30.0-150500.9.13.1.x86_64.rpm
libekmfweb1-2.30.0-150500.9.13.1.s390x.rpm
libkmipclient1-2.30.0-150500.9.13.1.s390x.rpm
s390-tools-2.30.0-150500.9.13.1.s390x.rpm
openSUSE-Leap-Micro-5.5-2024-1336
Recommended update for wicked
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for wicked fixes the following issues:
- Do not convert sec to msec twice (bsc#1222105)
wicked-0.6.74-150500.3.21.1.src.rpm
wicked-0.6.74-150500.3.21.1.x86_64.rpm
wicked-service-0.6.74-150500.3.21.1.x86_64.rpm
wicked-0.6.74-150500.3.21.1.s390x.rpm
wicked-service-0.6.74-150500.3.21.1.s390x.rpm
wicked-0.6.74-150500.3.21.1.aarch64.rpm
wicked-service-0.6.74-150500.3.21.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1366
Recommended update for openssh
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for openssh fixes the following issues:
- Fix hostbased ssh login failing occasionally with "signature
unverified: incorrect signature" by fixing a typo in patch (bsc#1221123)
- Avoid closing IBM Z crypto devices nodes. (bsc#1218871)
- Allow usage of IBM Z crypto adapter cards in seccomp filters (bsc#1216474)
- Change the default value of UpdateHostKeys to Yes (unless
VerifyHostKeyDNS is enabled).
This makes ssh update the known_hosts stored keys with all published
versions by the server (after it's authenticated with an existing
key), which will allow to identify the server with a different key if
the existing key is considered insecure at some point in the future
(bsc#1222831).
openssh-8.4p1-150300.3.37.1.src.rpm
openssh-8.4p1-150300.3.37.1.x86_64.rpm
openssh-clients-8.4p1-150300.3.37.1.x86_64.rpm
openssh-common-8.4p1-150300.3.37.1.x86_64.rpm
openssh-fips-8.4p1-150300.3.37.1.x86_64.rpm
openssh-server-8.4p1-150300.3.37.1.x86_64.rpm
openssh-8.4p1-150300.3.37.1.s390x.rpm
openssh-clients-8.4p1-150300.3.37.1.s390x.rpm
openssh-common-8.4p1-150300.3.37.1.s390x.rpm
openssh-fips-8.4p1-150300.3.37.1.s390x.rpm
openssh-server-8.4p1-150300.3.37.1.s390x.rpm
openssh-8.4p1-150300.3.37.1.aarch64.rpm
openssh-clients-8.4p1-150300.3.37.1.aarch64.rpm
openssh-common-8.4p1-150300.3.37.1.aarch64.rpm
openssh-fips-8.4p1-150300.3.37.1.aarch64.rpm
openssh-server-8.4p1-150300.3.37.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1295
Security update for xen
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for xen fixes the following issues:
- CVE-2023-46842: Fixed denial of service due to Xen bug check triggered by HVM hypercalls (XSA-454) in xen x86 (bsc#1221984)
- CVE-2024-31142: Fixed incorrect logic for BTC/SRSO mitigations (XSA-455) in xen x86 (bsc#1222302)
- CVE-2024-2201: Fixed memory disclosure via Native Branch History Injection (XSA-456) in xen x86 (bsc#1222453)
Other fixes:
- Update to Xen 4.17.4 (bsc#1027519)
xen-4.17.4_02-150500.3.30.1.src.rpm
True
xen-libs-4.17.4_02-150500.3.30.1.x86_64.rpm
True
openSUSE-Leap-Micro-5.5-2024-1566
Recommended update for catatonit
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for catatonit fixes the following issues:
- Update to catatonit v0.2.0
- Change license to GPL-2.0-or-later
catatonit-0.2.0-150500.3.3.1.src.rpm
catatonit-0.2.0-150500.3.3.1.x86_64.rpm
catatonit-0.2.0-150500.3.3.1.s390x.rpm
catatonit-0.2.0-150500.3.3.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1322
Security update for the Linux Kernel
important
SUSE Updates openSUSE-Leap-Micro 5.5
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes.
NOTE: This update has been retracted due to a bug in the BHI CPU sidechannel mitigation, which led to incorrect selection of other CPU mitigations.
The following security bugs were fixed:
- CVE-2021-46925: Fixed kernel panic caused by race of smc_sock (bsc#1220466).
- CVE-2021-46926: Fixed bug when detecting controllers in ALSA/hda/intel-sdw-acpi (bsc#1220478).
- CVE-2021-46927: Fixed assertion bug in nitro_enclaves: Use get_user_pages_unlocked() (bsc#1220443).
- CVE-2021-46929: Fixed use-after-free issue in sctp_sock_dump() (bsc#1220482).
- CVE-2021-46930: Fixed usb/mtu3 list_head check warning (bsc#1220484).
- CVE-2021-46931: Fixed wrong type casting in mlx5e_tx_reporter_dump_sq() (bsc#1220486).
- CVE-2021-46933: Fixed possible underflow in ffs_data_clear() (bsc#1220487).
- CVE-2021-46934: Fixed a bug by validating user data in compat ioctl (bsc#1220469).
- CVE-2021-46936: Fixed use-after-free in tw_timer_handler() (bsc#1220439).
- CVE-2021-47082: Fixed ouble free in tun_free_netdev() (bsc#1220969).
- CVE-2021-47083: Fixed a global-out-of-bounds issue in mediatek: (bsc#1220917).
- CVE-2021-47087: Fixed incorrect page free bug in tee/optee (bsc#1220954).
- CVE-2021-47091: Fixed locking in ieee80211_start_ap()) error path (bsc#1220959).
- CVE-2021-47093: Fixed memleak on registration failure in intel_pmc_core (bsc#1220978).
- CVE-2021-47094: Fixed possible memory leak in KVM x86/mmu (bsc#1221551).
- CVE-2021-47095: Fixed missing initialization in ipmi/ssif (bsc#1220979).
- CVE-2021-47096: Fixed uninitalized user_pversion in ALSA rawmidi (bsc#1220981).
- CVE-2021-47097: Fixed stack out of bound access in elantech_change_report_id() (bsc#1220982).
- CVE-2021-47098: Fixed integer overflow/underflow in hysteresis calculations hwmon: (lm90) (bsc#1220983).
- CVE-2021-47099: Fixed BUG_ON assertion in veth when skb entering GRO are cloned (bsc#1220955).
- CVE-2021-47100: Fixed UAF when uninstall in ipmi (bsc#1220985).
- CVE-2021-47101: Fixed uninit-value in asix_mdio_read() (bsc#1220987).
- CVE-2021-47102: Fixed incorrect structure access In line: upper = info->upper_dev in net/marvell/prestera (bsc#1221009).
- CVE-2021-47104: Fixed memory leak in qib_user_sdma_queue_pkts() (bsc#1220960).
- CVE-2021-47105: Fixed potential memory leak in ice/xsk (bsc#1220961).
- CVE-2021-47107: Fixed READDIR buffer overflow in NFSD (bsc#1220965).
- CVE-2021-47108: Fixed possible NULL pointer dereference for mtk_hdmi_conf in drm/mediatek (bsc#1220986).
- CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635).
- CVE-2022-48626: Fixed a potential use-after-free on remove path moxart (bsc#1220366).
- CVE-2022-48627: Fixed a memory overlapping when deleting chars in the buffer (bsc#1220845).
- CVE-2022-48628: Fixed possible lock in ceph (bsc#1220848).
- CVE-2022-48629: Fixed possible memory leak in qcom-rng (bsc#1220989).
- CVE-2022-48630: Fixed infinite loop on requests not multiple of WORD_SZ in crypto: qcom-rng (bsc#1220990).
- CVE-2023-0160: Fixed deadlock flaw in BPF that could allow a local user to potentially crash the system (bsc#1209657).
- CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456).
- CVE-2023-35827: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1212514).
- CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221).
- CVE-2023-52447: Fixed map_fd_put_ptr() signature kABI workaround (bsc#1220251).
- CVE-2023-52450: Fixed NULL pointer dereference issue in upi_fill_topology() (bsc#1220237).
- CVE-2023-52453: Fixed data corruption in hisi_acc_vfio_pci (bsc#1220337).
- CVE-2023-52454: Fixed a kernel panic when host sends an invalid H2C PDU length (bsc#1220320).
- CVE-2023-52462: Fixed check for attempt to corrupt spilled pointer (bsc#1220325).
- CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328).
- CVE-2023-52467: Fixed a null pointer dereference in of_syscon_register (bsc#1220433).
- CVE-2023-52469: Fixed a use-after-free in kv_parse_power_table (bsc#1220411).
- CVE-2023-52470: Fixed null-ptr-deref in radeon_crtc_init() (bsc#1220413).
- CVE-2023-52474: Fixed a vulnerability with non-PAGE_SIZE-end multi-iovec user SDMA requests (bsc#1220445).
- CVE-2023-52476: Fixed possible unhandled page fault via perf sampling NMI during vsyscall (bsc#1220703).
- CVE-2023-52477: Fixed USB Hub accesses to uninitialized BOS descriptors (bsc#1220790).
- CVE-2023-52481: Fixed speculative unprivileged load in Cortex-A520 (bsc#1220887).
- CVE-2023-52482: Fixed a bug by adding SRSO mitigation for Hygon processors (bsc#1220735).
- CVE-2023-52484: Fixed a soft lockup triggered by arm_smmu_mm_invalidate_range (bsc#1220797).
- CVE-2023-52486: Fixed possible use-after-free in drm (bsc#1221277).
- CVE-2023-52492: Fixed a null-pointer-dereference in channel unregistration function __dma_async_device_channel_register() (bsc#1221276).
- CVE-2023-52493: Fixed possible soft lockup in bus/mhi/host (bsc#1221274).
- CVE-2023-52494: Fixed missing alignment check for event ring read pointer in bus/mhi/host (bsc#1221273).
- CVE-2023-52497: Fixed data corruption in erofs (bsc#1220879).
- CVE-2023-52500: Fixed information leaking when processing OPC_INB_SET_CONTROLLER_CONFIG command (bsc#1220883).
- CVE-2023-52501: Fixed possible memory corruption in ring-buffer (bsc#1220885).
- CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (bsc#1220831).
- CVE-2023-52504: Fixed possible out-of bounds in apply_alternatives() on a 5-level paging machine (bsc#1221553).
- CVE-2023-52507: Fixed possible shift-out-of-bounds in nfc/nci (bsc#1220833).
- CVE-2023-52508: Fixed null pointer dereference in nvme_fc_io_getuuid() (bsc#1221015).
- CVE-2023-52509: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1220836).
- CVE-2023-52510: Fixed a potential UAF in ca8210_probe() (bsc#1220898).
- CVE-2023-52511: Fixed possible memory corruption in spi/sun6i (bsc#1221012).
- CVE-2023-52513: Fixed connection failure handling in RDMA/siw (bsc#1221022).
- CVE-2023-52515: Fixed possible use-after-free in RDMA/srp (bsc#1221048).
- CVE-2023-52517: Fixed race between DMA RX transfer completion and RX FIFO drain in spi/sun6i (bsc#1221055).
- CVE-2023-52518: Fixed information leak in bluetooth/hci_codec (bsc#1221056).
- CVE-2023-52519: Fixed possible overflow in HID/intel-ish-hid/ipc (bsc#1220920).
- CVE-2023-52520: Fixed reference leak in platform/x86/think-lmi (bsc#1220921).
- CVE-2023-52523: Fixed wrong redirects to non-TCP sockets in bpf (bsc#1220926).
- CVE-2023-52524: Fixed possible corruption in nfc/llcp (bsc#1220927).
- CVE-2023-52525: Fixed out of bounds check mwifiex_process_rx_packet() (bsc#1220840).
- CVE-2023-52528: Fixed uninit-value access in __smsc75xx_read_reg() (bsc#1220843).
- CVE-2023-52529: Fixed a potential memory leak in sony_probe() (bsc#1220929).
- CVE-2023-52530: Fixed a potential key use-after-free in wifi mac80211 (bsc#1220930).
- CVE-2023-52531: Fixed a memory corruption issue in iwlwifi (bsc#1220931).
- CVE-2023-52532: Fixed a bug in TX CQE error handling (bsc#1220932).
- CVE-2023-52559: Fixed a bug by avoiding memory allocation in iommu_suspend (bsc#1220933).
- CVE-2023-52563: Fixed memory leak on ->hpd_notify callback() in drm/meson (bsc#1220937).
- CVE-2023-52564: Reverted invalid fix for UAF in gsm_cleanup_mux() (bsc#1220938).
- CVE-2023-52566: Fixed potential use after free in nilfs_gccache_submit_read_data() (bsc#1220940).
- CVE-2023-52567: Fixed possible Oops in serial/8250_port: when using IRQ polling (irq = 0) (bsc#1220839).
- CVE-2023-52569: Fixed a bug in btrfs by remoning BUG() after failure to insert delayed dir index item (bsc#1220918).
- CVE-2023-52574: Fixed a bug by hiding new member header_ops (bsc#1220870).
- CVE-2023-52575: Fixed SBPB enablement for spec_rstack_overflow=off (bsc#1220871).
- CVE-2023-52576: Fixed potential use after free in memblock_isolate_range() (bsc#1220872).
- CVE-2023-52582: Fixed possible oops in netfs (bsc#1220878).
- CVE-2023-52583: Fixed deadlock or deadcode of misusing dget() inside ceph (bsc#1221058).
- CVE-2023-52587: Fixed mcast list locking in IB/ipoib (bsc#1221082).
- CVE-2023-52591: Fixed a possible reiserfs filesystem corruption via directory renaming (bsc#1221044).
- CVE-2023-52594: Fixed potential array-index-out-of-bounds read in ath9k_htc_txstatus() (bsc#1221045).
- CVE-2023-52595: Fixed possible deadlock in wifi/rt2x00 (bsc#1221046).
- CVE-2023-52597: Fixed a setting of fpc register in KVM (bsc#1221040).
- CVE-2023-52598: Fixed wrong setting of fpc register in s390/ptrace (bsc#1221060).
- CVE-2023-52599: Fixed array-index-out-of-bounds in diNewExt() in jfs (bsc#1221062).
- CVE-2023-52600: Fixed uaf in jfs_evict_inode() (bsc#1221071).
- CVE-2023-52601: Fixed array-index-out-of-bounds in dbAdjTree() in jfs (bsc#1221068).
- CVE-2023-52602: Fixed slab-out-of-bounds Read in dtSearch() in jfs (bsc#1221070).
- CVE-2023-52603: Fixed array-index-out-of-bounds in dtSplitRoot() (bsc#1221066).
- CVE-2023-52604: Fixed array-index-out-of-bounds in dbAdjTree() (bsc#1221067).
- CVE-2023-52605: Fixed a NULL pointer dereference check (bsc#1221039)
- CVE-2023-52606: Fixed possible kernel stack corruption in powerpc/lib (bsc#1221069).
- CVE-2023-52607: Fixed a null-pointer-dereference in pgtable_cache_add kasprintf() (bsc#1221061).
- CVE-2023-52608: Fixed possible race condition in firmware/arm_scmi (bsc#1221375).
- CVE-2023-52612: Fixed req->dst buffer overflow in crypto/scomp (bsc#1221616).
- CVE-2023-52615: Fixed page fault dead lock on mmap-ed hwrng (bsc#1221614).
- CVE-2023-52617: Fixed stdev_release() crash after surprise hot remove (bsc#1221613).
- CVE-2023-52619: Fixed possible crash when setting number of cpus to an odd number in pstore/ram (bsc#1221618).
- CVE-2023-52621: Fixed missing asserion in bpf (bsc#1222073).
- CVE-2023-52623: Fixed suspicious RCU usage in SUNRPC (bsc#1222060).
- CVE-2023-52628: Fixed 4-byte stack OOB write in nftables (bsc#1222117).
- CVE-2023-52632: Fixed lock dependency warning with srcu in drm/amdkfd (bsc#1222274).
- CVE-2023-52637: Fixed UAF in j1939_sk_match_filter() in can/k1939 (bsc#1222291).
- CVE-2023-52639: Fixed race during shadow creation in KVM/s390/vsie Fixed (bsc#1222300).
- CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562).
- CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987).
- CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988).
- CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989).
- CVE-2023-7042: Fixed a null-pointer-dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (bsc#1218336).
- CVE-2023-7192: Fixed a memory leak problem in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c (bsc#1218479).
- CVE-2024-0841: Fixed a null pointer dereference in the hugetlbfs_fill_super function in hugetlbfs (HugeTLB pages) functionality (bsc#1219264).
- CVE-2024-2201: Fixed information leak in x86/BHI (bsc#1217339).
- CVE-2024-22099: Fixed a null-pointer-dereference in rfcomm_check_security (bsc#1219170).
- CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1219169).
- CVE-2024-25739: Fixed possible crash in create_empty_lvol() in drivers/mtd/ubi/vtbl.c (bsc#1219834).
- CVE-2024-25742: Fixed insufficient validation during #VC instruction emulation in x86/sev (bsc#1221725).
- CVE-2024-26599: Fixed out-of-bounds access in of_pwm_single_xlate() (bsc#1220365).
- CVE-2024-26600: Fixed NULL pointer dereference for SRP in phy-omap-usb2 (bsc#1220340).
- CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398).
- CVE-2024-26607: Fixed a probing race issue in sii902x: (bsc#1220736).
- CVE-2024-26612: Fixed Oops in fscache_put_cache() This function dereferences (bsc#1221291).
- CVE-2024-26614: Fixed the initialization of accept_queue's spinlocks (bsc#1221293).
- CVE-2024-26620: Fixed possible device model violation in s390/vfio-ap (bsc#1221298).
- CVE-2024-26627: Fixed possible hard lockup in scsi (bsc#1221090).
- CVE-2024-26629: Fixed possible protocol violation via RELEASE_LOCKOWNER in nfsd (bsc#1221379).
- CVE-2024-26642: Fixed the set of anonymous timeout flag in netfilter nf_tables (bsc#1221830).
- CVE-2024-26645: Fixed missing visibility when inserting an element into tracing_map (bsc#1222056).
- CVE-2024-26646: Fixed potential memory corruption when resuming from suspend or hibernation in thermal/intel/hfi (bsc#1222070).
- CVE-2024-26651: Fixed possible oops via malicious devices in sr9800 (bsc#1221337).
- CVE-2024-26654: Fixed use after free in ALSA/sh/aica (bsc#1222304).
- CVE-2024-26659: Fixed wrong handling of isoc Babble and Buffer Overrun events in xhci (bsc#1222317).
- CVE-2024-26664: Fixed out-of-bounds memory access in create_core_data() in hwmon coretemp (bsc#1222355).
- CVE-2024-26667: Fixed null pointer reference in dpu_encoder_helper_phys_cleanup in drm/msm/dpu (bsc#1222331).
- CVE-2024-26670: Fixed ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD workaround in kernel arm64 (bsc#1222356).
- CVE-2024-26695: Fixed null pointer dereference in __sev_platform_shutdown_locked in crypto ccp (bsc#1222373).
- CVE-2024-26717: Fixed null pointer dereference on failed power up in HID i2c-hid-of (bsc#1222360).
The following non-security bugs were fixed:
- acpi: CPPC: enable AMD CPPC V2 support for family 17h processors (git-fixes).
- acpi: processor_idle: Fix memory leak in acpi_processor_power_exit() (git-fixes).
- acpi: resource: Add Infinity laptops to irq1_edge_low_force_override (stable-fixes).
- acpi: resource: Add MAIBENBEN X577 to irq1_edge_low_force_override (git-fixes).
- acpi: resource: Do IRQ override on Lunnen Ground laptops (stable-fixes).
- acpi: scan: Fix device check notification handling (git-fixes).
- acpica: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields() (git-fixes).
- alsa: aaci: Delete unused variable in aaci_do_suspend (git-fixes).
- alsa: aoa: avoid false-positive format truncation warning (git-fixes).
- alsa: aw2: avoid casting function pointers (git-fixes).
- alsa: ctxfi: avoid casting function pointers (git-fixes).
- alsa: hda/realtek - ALC285 reduce pop noise from Headphone port (stable-fixes).
- alsa: hda/realtek - Add Headset Mic supported Acer NB platform (stable-fixes).
- alsa: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform (git-fixes).
- alsa: hda/realtek: Enable Mute LED on HP 840 G8 (MB 8AB8) (git-fixes).
- alsa: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone (git-fixes).
- alsa: hda/realtek: fix ALC285 issues on HP Envy x360 laptops (stable-fixes).
- alsa: hda/realtek: fix mute/micmute LED For HP mt440 (git-fixes).
- alsa: hda/realtek: fix mute/micmute LEDs for HP EliteBook (stable-fixes).
- alsa: seq: fix function cast warnings (git-fixes).
- alsa: sh: aica: reorder cleanup operations to avoid UAF bugs (git-fixes).
- alsa: usb-audio: Stop parsing channels bits when all channels are found (git-fixes).
- arm64: dts: allwinner: h6: Add RX DMA channel for SPDIF (git-fixes)
- arm64: dts: broadcom: bcmbca: bcm4908: drop invalid switch cells (git-fixes)
- arm64: dts: imx8mm-kontron: Add support for ultra high speed modes on (git-fixes)
- arm64: dts: imx8mm-venice-gw71xx: fix USB OTG VBUS (git-fixes)
- arm64: dts: marvell: reorder crypto interrupts on Armada SoCs (git-fixes)
- arm64: dts: rockchip: add ES8316 codec for ROCK Pi 4 (git-fixes)
- arm64: dts: rockchip: add SPDIF node for ROCK Pi 4 (git-fixes)
- arm64: dts: rockchip: fix regulator name on rk3399-rock-4 (git-fixes)
- arm64: dts: rockchip: set num-cs property for spi on px30 (git-fixes)
- arm64: mm: fix VA-range sanity check (git-fixes)
- arm64: set __exception_irq_entry with __irq_entry as a default (git-fixes)
- asoc: Intel: bytcr_rt5640: Add an extra entry for the Chuwi Vi8 tablet (stable-fixes).
- asoc: amd: acp: Add missing error handling in sof-mach (git-fixes).
- asoc: amd: acp: fix for acp_init function error handling (git-fixes).
- asoc: madera: Fix typo in madera_set_fll_clks shift value (git-fixes).
- asoc: meson: Use dev_err_probe() helper (stable-fixes).
- asoc: meson: aiu: fix function pointer type mismatch (git-fixes).
- asoc: meson: axg-tdm-interface: add frame rate constraint (git-fixes).
- asoc: meson: axg-tdm-interface: fix mclk setup without mclk-fs (git-fixes).
- asoc: meson: t9015: fix function pointer type mismatch (git-fixes).
- asoc: ops: Fix wraparound for mask in snd_soc_get_volsw (git-fixes).
- asoc: rcar: adg: correct TIMSEL setting for SSI9 (git-fixes).
- asoc: rt5645: Make LattePanda board DMI match more precise (stable-fixes).
- asoc: rt5682-sdw: fix locking sequence (git-fixes).
- asoc: rt711-sdca: fix locking sequence (git-fixes).
- asoc: rt711-sdw: fix locking sequence (git-fixes).
- asoc: wm8962: Enable both SPKOUTR_ENA and SPKOUTL_ENA in mono mode (stable-fixes).
- asoc: wm8962: Enable oscillator if selecting WM8962_FLL_OSC (stable-fixes).
- asoc: wm8962: Fix up incorrect error message in wm8962_set_fll (stable-fixes).
- ata: sata_mv: Fix PCI device ID table declaration compilation warning (git-fixes).
- ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit (git-fixes).
- backlight: da9052: Fully initialize backlight_properties during probe (git-fixes).
- backlight: lm3630a: Do not set bl->props.brightness in get_brightness (git-fixes).
- backlight: lm3630a: Initialize backlight_properties on init (git-fixes).
- backlight: lm3639: Fully initialize backlight_properties during probe (git-fixes).
- backlight: lp8788: Fully initialize backlight_properties during probe (git-fixes).
- blocklayoutdriver: Fix reference leak of pnfs_device_node (git-fixes).
- bluetooth: Remove HCI_POWER_OFF_TIMEOUT (git-fixes).
- bluetooth: Remove superfluous call to hci_conn_check_pending() (git-fixes).
- bluetooth: hci_core: Fix possible buffer overflow (git-fixes).
- bluetooth: mgmt: Remove leftover queuing of power_off work (git-fixes).
- bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security (stable-fixes).
- bpf, scripts: Correct GPL license name (git-fixes).
- bpf, sockmap: Fix preempt_rt splat when using raw_spin_lock_t (git-fixes).
- can: softing: remove redundant NULL check (git-fixes).
- clk: zynq: Prevent null pointer dereference caused by kmalloc failure (git-fixes).
- comedi: comedi_test: Prevent timers rescheduling during deletion (git-fixes).
- coresight: etm4x: Do not access TRCIDR1 for identification (bsc#1220775)
- coresight: etm4x: Fix accesses to TRCSEQRSTEVR and TRCSEQSTR (bsc#1220775)
- coresight: etm: Override TRCIDR3.CCITMIN on errata affected cpus (bsc#1220775)
- cpufreq: amd-pstate: Fix min_perf assignment in amd_pstate_adjust_perf() (git-fixes).
- cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value (git-fixes).
- crypto: arm/sha - fix function cast warnings (git-fixes).
- crypto: qat - avoid division by zero (git-fixes).
- crypto: qat - fix deadlock in backlog processing (git-fixes).
- crypto: qat - fix double free during reset (git-fixes).
- crypto: qat - fix state machines cleanup paths (bsc#1218321).
- crypto: qat - fix unregistration of compression algorithms (git-fixes).
- crypto: qat - fix unregistration of crypto algorithms (git-fixes).
- crypto: qat - ignore subsequent state up commands (git-fixes).
- crypto: qat - increase size of buffers (git-fixes).
- crypto: qat - resolve race condition during AER recovery (git-fixes).
- crypto: xilinx - call finalize with bh disabled (git-fixes).
- doc-guide: kernel-doc: tell about object-like macros (git-fixes).
- doc/README.SUSE: Update information about module support status (jsc#PED-5759)
- drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory (git-fixes).
- drm/amd/display: Add FAMS validation before trying to use it (git-fixes).
- drm/amd/display: Add function for validate and update new stream (git-fixes).
- drm/amd/display: Avoid ABM when ODM combine is enabled for eDP (git-fixes).
- drm/amd/display: Blocking invalid 420 modes on HDMI TMDS for DCN31 (git-fixes).
- drm/amd/display: Check if link state is valid (git-fixes).
- drm/amd/display: Copy DC context in the commit streams (git-fixes).
- drm/amd/display: Disable PSR-SU on Parade 0803 TCON again (git-fixes).
- drm/amd/display: Enable fast plane updates on DCN3.2 and above (git-fixes).
- drm/amd/display: Enable new commit sequence only for DCN32x (git-fixes).
- drm/amd/display: Exit idle optimizations before attempt to access PHY (git-fixes).
- drm/amd/display: Expand kernel doc for DC (git-fixes).
- drm/amd/display: Fix a bug when searching for insert_above_mpcc (git-fixes).
- drm/amd/display: Fix a potential buffer overflow in 'dp_dsc_clock_en_read()' (git-fixes).
- drm/amd/display: Fix possible underflow for displays with large vblank (git-fixes).
- drm/amd/display: Fix the delta clamping for shaper LUT (git-fixes).
- drm/amd/display: Fix underflow issue on 175hz timing (git-fixes).
- drm/amd/display: For prefetch mode > 0, extend prefetch if possible (git-fixes).
- drm/amd/display: Guard DCN31 PHYD32CLK logic against chip family (git-fixes).
- drm/amd/display: Guard against invalid RPTR/WPTR being set (git-fixes).
- drm/amd/display: Handle seamless boot stream (git-fixes).
- drm/amd/display: Handle virtual hardware detect (git-fixes).
- drm/amd/display: Include surface of unaffected streams (git-fixes).
- drm/amd/display: Include udelay when waiting for INBOX0 ACK (git-fixes).
- drm/amd/display: Increase frame warning limit with KASAN or KCSAN in dml (git-fixes).
- drm/amd/display: Keep PHY active for dp config (git-fixes).
- drm/amd/display: Prevent vtotal from being set to 0 (git-fixes).
- drm/amd/display: Remove min_dst_y_next_start check for Z8 (git-fixes).
- drm/amd/display: Restore rptr/wptr for DMCUB as workaround (git-fixes).
- drm/amd/display: Return the correct HDCP error code (stable-fixes).
- drm/amd/display: Revert vblank change that causes null pointer crash (git-fixes).
- drm/amd/display: Rework comments on dc file (git-fixes).
- drm/amd/display: Rework context change check (git-fixes).
- drm/amd/display: Set minimum requirement for using PSR-SU on Phoenix (git-fixes).
- drm/amd/display: Set minimum requirement for using PSR-SU on Rembrandt (git-fixes).
- drm/amd/display: Update OTG instance in the commit stream (git-fixes).
- drm/amd/display: Update correct DCN314 register header (git-fixes).
- drm/amd/display: Update min Z8 residency time to 2100 for DCN314 (git-fixes).
- drm/amd/display: Use DRAM speed from validation for dummy p-state (git-fixes).
- drm/amd/display: Use DTBCLK as refclk instead of DPREFCLK (git-fixes).
- drm/amd/display: Use min transition for all SubVP plane add/remove (git-fixes).
- drm/amd/display: Write to correct dirty_rect (git-fixes).
- drm/amd/display: Wrong colorimetry workaround (git-fixes).
- drm/amd/display: add FB_DAMAGE_CLIPS support (git-fixes).
- drm/amd/display: add ODM case when looking for first split pipe (git-fixes).
- drm/amd/display: always switch off ODM before committing more streams (git-fixes).
- drm/amd/display: clean code-style issues in dcn30_set_mpc_shaper_3dlut (git-fixes).
- drm/amd/display: dc.h: eliminate kernel-doc warnings (git-fixes).
- drm/amd/display: ensure async flips are only accepted for fast updates (git-fixes).
- drm/amd/display: fix ABM disablement (git-fixes).
- drm/amd/display: fix a NULL pointer dereference in amdgpu_dm_i2c_xfer() (git-fixes).
- drm/amd/display: fix dc/core/dc.c kernel-doc (git-fixes).
- drm/amd/display: fix hw rotated modes when PSR-SU is enabled (git-fixes).
- drm/amd/display: fix kernel-doc issues in dc.h (git-fixes).
- drm/amd/display: fix unbounded requesting for high pixel rate modes on dcn315 (git-fixes).
- drm/amd/display: handle range offsets in VRR ranges (stable-fixes).
- drm/amd/display: perform a bounds check before filling dirty rectangles (git-fixes).
- drm/amd/display: set per pipe dppclk to 0 when dpp is off (git-fixes).
- drm/amd/display: update extended blank for dcn314 onwards (git-fixes).
- drm/amd/display: use low clocks for no plane configs (git-fixes).
- drm/amd/pm: Fix error of MACO flag setting code (git-fixes).
- drm/amd/pm: fix a memleak in aldebaran_tables_init (git-fixes).
- drm/amd/smu: use AverageGfxclkFrequency* to replace previous GFX Curr Clock (git-fixes).
- drm/amd: Enable PCIe PME from D3 (git-fixes).
- drm/amdgpu/pm: Fix the error of pwm1_enable setting (stable-fixes).
- drm/amdgpu/pm: make gfxclock consistent for sienna cichlid (git-fixes).
- drm/amdgpu/pm: make mclk consistent for smu 13.0.7 (git-fixes).
- drm/amdgpu/smu13: drop compute workload workaround (git-fixes).
- drm/amdgpu: Enable gpu reset for S3 abort cases on Raven series (stable-fixes).
- drm/amdgpu: Fix missing break in ATOM_ARG_IMM Case of atom_get_src_int() (git-fixes).
- drm/amdgpu: Force order between a read and write to the same address (git-fixes).
- drm/amdgpu: Match against exact bootloader status (git-fixes).
- drm/amdgpu: Unset context priority is now invalid (git-fixes).
- drm/amdgpu: Update min() to min_t() in 'amdgpu_info_ioctl' (git-fixes).
- drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag (stable-fixes).
- drm/amdgpu: lower CS errors to debug severity (git-fixes).
- drm/amdkfd: fix TLB flush after unmap for GFX9.4.2 (stable-fixes).
- drm/bridge: tc358762: Instruct DSI host to generate HSE packets (git-fixes).
- drm/display: fix typo (git-fixes).
- drm/edid: Add quirk for OSVR HDK 2.0 (git-fixes).
- drm/etnaviv: Restore some id values (git-fixes).
- drm/exynos: do not return negative values from .get_modes() (stable-fixes).
- drm/exynos: fix a possible null-pointer dereference due to data race in exynos_drm_crtc_atomic_disable() (git-fixes).
- drm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode() (stable-fixes).
- drm/i915/gt: Do not generate the command streamer for all the CCS (git-fixes).
- drm/i915/gt: Reset queue_priority_hint on parking (git-fixes).
- drm/i915/gt: Use i915_vm_put on ppgtt_create error paths (git-fixes).
- drm/i915/selftests: Fix dependency of some timeouts on HZ (git-fixes).
- drm/i915: Add missing CCS documentation (git-fixes).
- drm/i915: Call intel_pre_plane_updates() also for pipes getting enabled (git-fixes).
- drm/i915: Check before removing mm notifier (git-fixes).
- drm/lima: fix a memleak in lima_heap_alloc (git-fixes).
- drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip (git-fixes).
- drm/mediatek: dsi: Fix DSI RGB666 formats and definitions (git-fixes).
- drm/msm/dpu: Only enable DSC_MODE_MULTIPLEX if dsc_merge is enabled (git-fixes).
- drm/msm/dpu: add division of drm_display_mode's hskew parameter (git-fixes).
- drm/msm/dpu: fix the programming of INTF_CFG2_DATA_HCTL_EN (git-fixes).
- drm/msm/dpu: improve DSC allocation (git-fixes).
- drm/panel-edp: use put_sync in unprepare (git-fixes).
- drm/panel: Move AUX B116XW03 out of panel-edp back to panel-simple (git-fixes).
- drm/panel: auo,b101uan08.3: Fine tune the panel power sequence (git-fixes).
- drm/panel: boe-tv101wum-nl6: Fine tune the panel power sequence (git-fixes).
- drm/panel: do not return negative error codes from drm_panel_get_modes() (stable-fixes).
- drm/panfrost: fix power transition timeout warnings (git-fixes).
- drm/probe-helper: warn about negative .get_modes() (stable-fixes).
- drm/qxl: remove unused `count` variable from `qxl_surface_id_alloc()` (git-fixes).
- drm/qxl: remove unused variable from `qxl_process_single_command()` (git-fixes).
- drm/radeon/ni: Fix wrong firmware size logging in ni_init_microcode() (git-fixes).
- drm/radeon/ni_dpm: remove redundant NULL check (git-fixes).
- drm/radeon: remove dead code in ni_mc_load_microcode() (git-fixes).
- drm/rockchip: dsi: Clean up 'usage_mode' when failing to attach (git-fixes).
- drm/rockchip: inno_hdmi: Fix video timing (git-fixes).
- drm/rockchip: lvds: do not overwrite error code (git-fixes).
- drm/rockchip: lvds: do not print scary message when probing defer (git-fixes).
- drm/tegra: dpaux: Fix PM disable depth imbalance in tegra_dpaux_probe (git-fixes).
- drm/tegra: dsi: Add missing check for of_find_device_by_node (git-fixes).
- drm/tegra: dsi: Fix missing pm_runtime_disable() in the error handling path of tegra_dsi_probe() (git-fixes).
- drm/tegra: dsi: Fix some error handling paths in tegra_dsi_probe() (git-fixes).
- drm/tegra: dsi: Make use of the helper function dev_err_probe() (stable-fixes).
- drm/tegra: hdmi: Convert to devm_platform_ioremap_resource() (stable-fixes).
- drm/tegra: hdmi: Fix some error handling paths in tegra_hdmi_probe() (git-fixes).
- drm/tegra: output: Fix missing i2c_put_adapter() in the error handling paths of tegra_output_probe() (git-fixes).
- drm/tegra: put drm_gem_object ref on error in tegra_fb_create (git-fixes).
- drm/tegra: rgb: Fix missing clk_put() in the error handling paths of tegra_dc_rgb_probe() (git-fixes).
- drm/tegra: rgb: Fix some error handling paths in tegra_dc_rgb_probe() (git-fixes).
- drm/tidss: Fix initial plane zpos values (git-fixes).
- drm/tidss: Fix sync-lost issue with two displays (git-fixes).
- drm/ttm: Do not leak a resource on eviction error (git-fixes).
- drm/ttm: Do not print error message if eviction was interrupted (git-fixes).
- drm/vc4: Add module dependency on hdmi-codec (git-fixes).
- drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed (git-fixes).
- drm/vmwgfx: Fix possible null pointer derefence with invalid contexts (git-fixes).
- drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node (git-fixes).
- drm: Do not treat 0 as -1 in drm_fixp2int_ceil (git-fixes).
- drm: Fix drm_fixp2int_round() making it add 0.5 (git-fixes).
- drm: panel-orientation-quirks: Add quirk for Acer Switch V 10 (SW5-017) (git-fixes).
- firewire: core: use long bus reset on gap count error (stable-fixes).
- fix "coresight: etm4x: Change etm4_platform_driver driver for MMIO devices" (bsc#1220775) Hunk with clk_put(drvdata->pclk) was incorrectly moved to another function.
- hid: amd_sfh: Update HPD sensor structure elements (git-fixes).
- hid: lenovo: Add middleclick_workaround sysfs knob for cptkbd (git-fixes).
- hid: multitouch: Add required quirk for Synaptics 0xcddc device (stable-fixes).
- hv_netvsc: Calculate correct ring size when PAGE_SIZE is not 4 Kbytes (git-fixes).
- hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove (git-fixes).
- hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed (git-fixes).
- i2c: aspeed: Fix the dummy irq expected print (git-fixes).
- i2c: i801: Avoid potential double call to gpiod_remove_lookup_table (git-fixes).
- i2c: wmt: Fix an error handling path in wmt_i2c_probe() (git-fixes).
- ib/ipoib: Fix mcast list locking (git-fixes)
- iio: dummy_evgen: remove Excess kernel-doc comments (git-fixes).
- iio: pressure: dlhl60d: Initialize empty DLH bytes (git-fixes).
- input: gpio_keys_polled - suppress deferred probe error for gpio (stable-fixes).
- input: i8042 - add Fujitsu Lifebook E5411 to i8042 quirk table (git-fixes).
- input: i8042 - add Fujitsu Lifebook U728 to i8042 quirk table (git-fixes).
- input: i8042 - add quirk for Fujitsu Lifebook A574/H (git-fixes).
- input: i8042 - fix strange behavior of touchpad on Clevo NS70PU (git-fixes).
- input: pm8941-powerkey - fix debounce on gen2+ PMICs (git-fixes).
- input: pm8941-pwrkey - add software key press debouncing support (git-fixes).
- input: pm8941-pwrkey - add support for PON GEN3 base addresses (git-fixes).
- input: synaptics-rmi4 - fix UAF of IRQ domain on driver removal (git-fixes).
- input: xpad - add Lenovo Legion Go controllers (git-fixes).
- iommu/amd: Mark interrupt as managed (git-fixes).
- iommu/dma: Trace bounce buffer usage when mapping buffers (git-fixes).
- iommu/mediatek-v1: Fix an error handling path in mtk_iommu_v1_probe() (git-fixes).
- iommu/mediatek: Fix forever loop in error handling (git-fixes).
- iommu/vt-d: Allow to use flush-queue when first level is default (git-fixes).
- iommu/vt-d: Do not issue ATS Invalidation request when device is disconnected (git-fixes).
- iommu/vt-d: Fix PASID directory pointer coherency (git-fixes).
- iommu/vt-d: Set No Execute Enable bit in PASID table entry (git-fixes).
- kabi: PCI: Add locking to RMW PCI Express Capability Register accessors (kabi).
- kconfig: fix infinite loop when expanding a macro at the end of file (git-fixes).
- kvm: s390: only deliver the set service event bits (git-fixes bsc#1221631).
- lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is detected (git-commit).
- leds: aw2013: Unlock mutex before destroying it (git-fixes).
- lib/cmdline: Fix an invalid format specifier in an assertion msg (git-fixes).
- make NVIDIA Grace-Hopper TPM related drivers build-ins (bsc#1221156)
- md/raid10: check slab-out-of-bounds in md_bitmap_get_counter (git-fixes).
- md/raid5: release batch_last before waiting for another stripe_head (git-fixes).
- md/raid6: use valid sector values to determine if an I/O should wait on the reshape (git-fixes).
- md: Do not ignore suspended array in md_check_recovery() (git-fixes).
- md: Make sure md_do_sync() will set MD_RECOVERY_DONE (git-fixes).
- md: Whenassemble the array, consult the superblock of the freshest device (git-fixes).
- md: do not leave 'MD_RECOVERY_FROZEN' in error path of md_set_readonly() (git-fixes).
- md: fix data corruption for raid456 when reshape restart while grow up (git-fixes).
- md: introduce md_ro_state (git-fixes).
- media: dvb-frontends: avoid stack overflow warnings with clang (git-fixes).
- media: edia: dvbdev: fix a use-after-free (git-fixes).
- media: em28xx: annotate unchecked call to media_device_register() (git-fixes).
- media: go7007: add check of return value of go7007_read_addr() (git-fixes).
- media: go7007: fix a memleak in go7007_load_encoder (git-fixes).
- media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak (git-fixes).
- media: pvrusb2: fix pvr2_stream_callback casts (git-fixes).
- media: pvrusb2: fix uaf in pvr2_context_set_notify (git-fixes).
- media: pvrusb2: remove redundant NULL check (git-fixes).
- media: staging: ipu3-imgu: Set fields before media_entity_pads_init() (git-fixes).
- media: sun8i-di: Fix chroma difference threshold (git-fixes).
- media: sun8i-di: Fix coefficient writes (git-fixes).
- media: sun8i-di: Fix power on/off sequences (git-fixes).
- media: tc358743: register v4l2 async device only after successful setup (git-fixes).
- media: ttpci: fix two memleaks in budget_av_attach (git-fixes).
- media: usbtv: Remove useless locks in usbtv_video_free() (git-fixes).
- media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity (git-fixes).
- media: v4l2-tpg: fix some memleaks in tpg_alloc (git-fixes).
- media: xc4000: Fix atomicity violation in xc4000_get_frequency (git-fixes).
- mfd: altera-sysmgr: Call of_node_put() only when of_parse_phandle() takes a ref (git-fixes).
- mfd: syscon: Call of_node_put() only when of_parse_phandle() takes a ref (git-fixes).
- mm,page_owner: Defer enablement of static branch (bsc#1222366).
- mm,page_owner: Fix accounting of pages when migrating (bsc#1222366).
- mm,page_owner: Fix printing of stack records (bsc#1222366).
- mm,page_owner: Fix refcount imbalance (bsc#1222366).
- mm,page_owner: Update metadata for tail pages (bsc#1222366).
- mm,page_owner: check for null stack_record before bumping its refcount (bsc#1222366).
- mm,page_owner: drop unnecessary check (bsc#1222366).
- mm,page_owner: fix recursion (bsc#1222366).
- mmc: core: Avoid negative index with array access (git-fixes).
- mmc: core: Fix switch on gp3 partition (git-fixes).
- mmc: core: Initialize mmc_blk_ioc_data (git-fixes).
- mmc: mmci: stm32: fix DMA API overlapping mappings warning (git-fixes).
- mmc: mmci: stm32: use a buffer for unaligned DMA requests (git-fixes).
- mmc: tmio: avoid concurrent runs of mmc_request_done() (git-fixes).
- mmc: wmt-sdmmc: remove an incorrect release_mem_region() call in the .remove function (git-fixes).
- mtd: maps: physmap-core: fix flash size larger than 32-bit (git-fixes).
- mtd: rawnand: lpc32xx_mlc: fix irq handler prototype (git-fixes).
- mtd: rawnand: meson: fix scrambling mode value in command macro (git-fixes).
- net/bnx2x: Prevent access to a freed page in page_pool (bsc#1215322).
- net/x25: fix incorrect parameter validation in the x25_getsockopt() function (git-fixes).
- net: Fix features skip in for_each_netdev_feature() (git-fixes).
- net: lan78xx: fix runtime PM count underflow on link stop (git-fixes).
- net: ll_temac: platform_get_resource replaced by wrong function (git-fixes).
- net: mana: Fix Rx DMA datasize and skb_over_panic (git-fixes).
- net: phy: fix phy_get_internal_delay accessing an empty array (git-fixes).
- net: sunrpc: Fix an off by one in rpc_sockaddr2uaddr() (git-fixes).
- net: usb: dm9601: fix wrong return value in dm9601_mdio_read (git-fixes).
- nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet (git-fixes).
- nfs: fix an off by one in root_nfs_cat() (git-fixes).
- nfs: rename nfs_client_kset to nfs_kset (git-fixes).
- nfsd: change LISTXATTRS cookie encoding to big-endian (git-fixes).
- nfsd: convert the callback workqueue to use delayed_work (git-fixes).
- nfsd: do not take fi_lock in nfsd_break_deleg_cb() (git-fixes).
- nfsd: fix LISTXATTRS returning a short list with eof=TRUE (git-fixes).
- nfsd: fix LISTXATTRS returning more bytes than maxcount (git-fixes).
- nfsd: fix file memleak on client_opens_release (git-fixes).
- nfsd: fix nfsd4_listxattr_validate_cookie (git-fixes).
- nfsd: lock_rename() needs both directories to live on the same fs (git-fixes).
- nfsd: reschedule CB operations when backchannel rpc_clnt is shut down (git-fixes).
- nfsd: reset cb_seq_status after NFS4ERR_DELAY (git-fixes).
- nfsd: retransmit callbacks after client reconnects (git-fixes).
- nfsd: use vfs setgid helper (git-fixes).
- nfsv4.1/pnfs: Ensure we handle the error NFS4ERR_RETURNCONFLICT (git-fixes).
- nfsv4.1: fix SP4_MACH_CRED protection for pnfs IO (git-fixes).
- nfsv4.1: fixup use EXCHGID4_FLAG_USE_PNFS_DS for DS server (git-fixes).
- nfsv4.1: use EXCHGID4_FLAG_USE_PNFS_DS for DS server (git-fixes).
- nfsv4.2: fix listxattr maximum XDR buffer size (git-fixes).
- nfsv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102 (git-fixes).
- nfsv4.2: fix wrong shrinker_id (git-fixes).
- nfsv4: fix a nfs4_state_manager() race (git-fixes).
- nfsv4: fix a state manager thread deadlock regression (git-fixes).
- nilfs2: fix failure to detect DAT corruption in btree and direct mappings (git-fixes).
- nilfs2: prevent kernel bug at submit_bh_wbc() (git-fixes).
- nouveau/dmem: handle kcalloc() allocation failure (git-fixes).
- nouveau: reset the bo resource bus info after an eviction (git-fixes).
- ntfs: fix use-after-free in ntfs_ucsncmp() (bsc#1221713).
- nvme-fc: do not wait in vain when unloading module (git-fixes).
- nvme: fix reconnection fail due to reserved tag allocation (git-fixes).
- nvmet-fc: abort command when there is no binding (git-fixes).
- nvmet-fc: avoid deadlock on delete association path (git-fixes).
- nvmet-fc: defer cleanup using RCU properly (git-fixes).
- nvmet-fc: hold reference on hostport match (git-fixes).
- nvmet-fc: release reference on target port (git-fixes).
- nvmet-fc: take ref count on tgtport before delete assoc (git-fixes).
- nvmet-fcloop: swap the list_add_tail arguments (git-fixes).
- nvmet-tcp: fix nvme tcp ida memory leak (git-fixes).
- pci/aer: fix rootport attribute paths in ABI docs (git-fixes).
- pci/aspm: Use RMW accessors for changing LNKCTL (git-fixes).
- pci/dpc: print all TLP Prefixes, not just the first (git-fixes).
- pci/msi: prevent MSI hardware interrupt number truncation (bsc#1218777)
- pci/p2pdma: Fix a sleeping issue in a RCU read section (git-fixes).
- pci: add locking to RMW PCI Express Capability Register accessors (git-fixes).
- pci: dwc: Fix a 64bit bug in dw_pcie_ep_raise_msix_irq() (git-fixes).
- pci: dwc: endpoint: Fix advertised resizable BAR size (git-fixes).
- pci: dwc: endpoint: Fix dw_pcie_ep_raise_msix_irq() alignment support (git-fixes).
- pci: fu740: Set the number of MSI vectors (git-fixes).
- pci: lengthen reset delay for VideoPropulsion Torrent QN16e card (git-fixes).
- pci: make link retraining use RMW accessors for changing LNKCTL (git-fixes).
- pci: mark 3ware-9650SE Root Port Extended Tags as broken (git-fixes).
- pci: mediatek-gen3: Fix translation window size calculation (git-fixes).
- pci: mediatek: Clear interrupt status before dispatching handler (git-fixes).
- pci: qcom: Enable BDF to SID translation properly (git-fixes).
- pci: qcom: Use DWC helpers for modifying the read-only DBI registers (git-fixes).
- pci: rockchip: Do not advertise MSI-X in PCIe capabilities (git-fixes).
- pci: rockchip: Fix window mapping and address translation for endpoint (git-fixes).
- pci: rockchip: Use 64-bit mask on MSI 64-bit PCI address (git-fixes).
- pci: switchtec: Fix an error handling path in switchtec_pci_probe() (git-fixes).
- pinctrl: mediatek: Drop bogus slew rate register range for MT8192 (git-fixes).
- platform/mellanox: mlxreg-hotplug: Remove redundant NULL-check (git-fixes).
- pm: suspend: Set mem_sleep_current during kernel command line setup (git-fixes).
- pnfs/flexfiles: Check the layout validity in ff_layout_mirror_prepare_stats (git-fixes).
- pnfs: Fix a hang in nfs4_evict_inode() (git-fixes).
- pnfs: Fix the pnfs block driver's calculation of layoutget size (git-fixes).
- powerpc/64s: POWER10 CPU Kconfig build option (bsc#1194869).
- powerpc/boot: Disable power10 features after BOOTAFLAGS assignment (bsc#1194869).
- powerpc/boot: Fix boot wrapper code generation with CONFIG_POWER10_CPU (bsc#1194869).
- powerpc/lib/sstep: Do not use __{get/put}_user() on kernel addresses (bsc#1194869).
- powerpc/lib/sstep: Remove unneeded #ifdef __powerpc64__ (bsc#1194869).
- powerpc/lib/sstep: Use l1_dcache_bytes() instead of opencoding (bsc#1194869).
- powerpc/lib/sstep: use truncate_if_32bit() (bsc#1194869).
- powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV (bsc#1220492 ltc#205270).
- powerpc/pseries: Fix potential memleak in papr_get_attr() (bsc#1200465 ltc#197256 jsc#SLE-18130 git-fixes).
- powerpc/sstep: Use bitwise instead of arithmetic operator for flags (bsc#1194869).
- powerpc: add compile-time support for lbarx, lharx (bsc#1194869).
- pwm: mediatek: Update kernel doc for struct pwm_mediatek_of_data (git-fixes).
- qedf: Do not process stag work during unload (bsc#1214852).
- qedf: Wait for stag work during unload (bsc#1214852).
- raid1: fix use-after-free for original bio in raid1_write_request() (bsc#1221097).
- ras/amd/fmpm: Add debugfs interface to print record entries (jsc#PED-7619).
- ras/amd/fmpm: Avoid NULL ptr deref in get_saved_records() (jsc#PED-7619).
- ras/amd/fmpm: Fix build when debugfs is not enabled (jsc#PED-7619).
- ras/amd/fmpm: Fix off by one when unwinding on error (jsc#PED-7619).
- ras/amd/fmpm: Safely handle saved records of various sizes (jsc#PED-7619).
- ras/amd/fmpm: Save SPA values (jsc#PED-7619).
- ras: Avoid build errors when CONFIG_DEBUG_FS=n (git-fixes).
- ras: export helper to get ras_debugfs_dir (jsc#PED-7619).
- rdma/device: Fix a race between mad_client and cm_client init (git-fixes)
- rdma/hns: fix mis-modifying default congestion control algorithm (git-fixes)
- rdma/ipoib: Fix error code return in ipoib_mcast_join (git-fixes)
- rdma/irdma: Remove duplicate assignment (git-fixes)
- rdma/mana_ib: Fix bug in creation of dma regions (git-fixes).
- rdma/mlx5: fix fortify source warning while accessing Eth segment (git-fixes)
- rdma/mlx5: relax DEVX access upon modify commands (git-fixes)
- rdma/rtrs-clt: Check strnlen return len in sysfs mpath_policy_store() (git-fixes)
- rdma/srpt: do not register event handler until srpt device is fully setup (git-fixes)
- revert "PCI: tegra194: Enable support for 256 Byte payload" (git-fixes).
- revert "Revert "drm/amdgpu/display: change pipe policy for DCN 2.0"" (git-fixes).
- revert "SUNRPC dont update timeout value on connection reset" (git-fixes).
- revert "drm/amd: Disable PSR-SU on Parade 0803 TCON" (git-fixes).
- revert "drm/amd: Disable S/G for APUs when 64GB or more host memory" (git-fixes).
- revert "drm/amdgpu/display: change pipe policy for DCN 2.0" (git-fixes).
- revert "drm/amdgpu/display: change pipe policy for DCN 2.1" (git-fixes).
- revert "drm/vc4: hdmi: Enforce the minimum rate at runtime_resume" (git-fixes).
- revert "fbdev: flush deferred IO before closing (git-fixes)." (bsc#1221814)
- ring-buffer: Clean ring_buffer_poll_wait() error return (git-fixes).
- rtc: mt6397: select IRQ_DOMAIN instead of depending on it (git-fixes).
- s390/pai: fix attr_event_free upper limit for pai device drivers (git-fixes bsc#1221633).
- s390/vfio-ap: realize the VFIO_DEVICE_GET_IRQ_INFO ioctl (bsc#1205316).
- s390/vfio-ap: realize the VFIO_DEVICE_SET_IRQS ioctl (bsc#1205316).
- s390/vfio-ap: wire in the vfio_device_ops request callback (bsc#1205316).
- s390/vtime: fix average steal time calculation (git-fixes bsc#1221951).
- sched/rt: Disallow writing invalid values to sched_rt_period_us (bsc#1220176).
- sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset (bsc#1220176).
- scsi: lpfc: Copyright updates for 14.4.0.1 patches (bsc#1221777).
- scsi: lpfc: Correct size for cmdwqe/rspwqe for memset() (bsc#1221777).
- scsi: lpfc: Correct size for wqe for memset() (bsc#1221777).
- scsi: lpfc: Define lpfc_dmabuf type for ctx_buf ptr (bsc#1221777).
- scsi: lpfc: Define lpfc_nodelist type for ctx_ndlp ptr (bsc#1221777).
- scsi: lpfc: Define types in a union for generic void *context3 ptr (bsc#1221777).
- scsi: lpfc: Move NPIV's transport unregistration to after resource clean up (bsc#1221777).
- scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1221777).
- scsi: lpfc: Remove IRQF_ONESHOT flag from threaded IRQ handling (bsc#1221777 bsc#1217959).
- scsi: lpfc: Remove unnecessary log message in queuecommand path (bsc#1221777).
- scsi: lpfc: Replace hbalock with ndlp lock in lpfc_nvme_unregister_port() (bsc#1221777).
- scsi: lpfc: Update lpfc version to 14.4.0.1 (bsc#1221777).
- scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic (bsc#1221777).
- scsi: lpfc: Use a dedicated lock for ras_fwlog state (bsc#1221777).
- scsi: qedf: Remove set but unused variable 'page' (bsc#1214852).
- scsi: qedf: Remove unused 'num_handled' variable (bsc#1214852).
- scsi: qedf: Remove unused declaration (bsc#1214852).
- scsi: qla2xxx: Change debug message during driver unload (bsc1221816).
- scsi: qla2xxx: Delay I/O Abort on PCI error (bsc1221816).
- scsi: qla2xxx: Fix N2N stuck connection (bsc1221816).
- scsi: qla2xxx: Fix command flush on cable pull (bsc1221816).
- scsi: qla2xxx: Fix double free of fcport (bsc1221816).
- scsi: qla2xxx: Fix double free of the ha->vp_map pointer (bsc1221816).
- scsi: qla2xxx: NVME|FCP prefer flag not being honored (bsc1221816).
- scsi: qla2xxx: Prevent command send on chip reset (bsc1221816).
- scsi: qla2xxx: Split FCE|EFT trace control (bsc1221816).
- scsi: qla2xxx: Update manufacturer detail (bsc1221816).
- scsi: qla2xxx: Update version to 10.02.09.200-k (bsc1221816).
- scsi: storvsc: Fix ring buffer size calculation (git-fixes).
- scsi: target: core: Silence the message about unknown VPD pages (bsc#1221252).
- selftests/bpf: add generic BPF program tester-loader (bsc#1222033).
- serial: 8250_exar: Do not remove GPIO device on suspend (git-fixes).
- serial: max310x: fix syntax error in IRQ error message (git-fixes).
- slimbus: core: Remove usage of the deprecated ida_simple_xx() API (git-fixes).
- soc: fsl: qbman: Always disable interrupts when taking cgr_lock (git-fixes).
- spi: lm70llp: fix links in doc and comments (git-fixes).
- spi: spi-mt65xx: Fix NULL pointer access in interrupt handler (git-fixes).
- sr9800: Add check for usbnet_get_endpoints (git-fixes).
- stackdepot: rename pool_index to pool_index_plus_1 (git-fixes).
- staging: vc04_services: fix information leak in create_component() (git-fixes).
- sunrpc: Add an IS_ERR() check back to where it was (git-fixes).
- sunrpc: ECONNRESET might require a rebind (git-fixes).
- sunrpc: Fix RPC client cleaned up the freed pipefs dentries (git-fixes).
- sunrpc: Fix a suspicious RCU usage warning (git-fixes).
- sunrpc: fix a memleak in gss_import_v2_context (git-fixes).
- sunrpc: fix some memleaks in gssx_dec_option_array (git-fixes).
- svcrdma: Drop connection after an RDMA Read error (git-fixes).
- topology/sysfs: Hide PPIN on systems that do not support it (jsc#PED-7618).
- topology: Fix up build warning in topology_is_visible() (jsc#PED-7618).
- tracing/probes: Fix to show a parse error for bad type for $comm (git-fixes).
- tracing: Fix wasted memory in saved_cmdlines logic (git-fixes).
- tracing: Inform kmemleak of saved_cmdlines allocation (git-fixes).
- tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc (bsc#1222619).
- tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled (git-fixes).
- tty: serial: samsung: fix tx_empty() to return TIOCSER_TEMT (git-fixes).
- tty: vt: fix 20 vs 0x20 typo in EScsiignore (git-fixes).
- ubifs: Queue up space reservation tasks if retrying many times (git-fixes).
- ubifs: Remove unreachable code in dbg_check_ltab_lnum (git-fixes).
- ubifs: Set page uptodate in the correct place (git-fixes).
- ubifs: dbg_check_idx_size: Fix kmemleak if loading znode failed (git-fixes).
- ubifs: fix sort function prototype (git-fixes).
- usb: audio-v2: Correct comments for struct uac_clock_selector_descriptor (git-fixes).
- usb: cdc-wdm: close race between read and workqueue (git-fixes).
- usb: core: Fix deadlock in usb_deauthorize_interface() (git-fixes).
- usb: dwc2: gadget: Fix exiting from clock gating (git-fixes).
- usb: dwc2: gadget: LPM flow fix (git-fixes).
- usb: dwc2: host: Fix ISOC flow in DDMA mode (git-fixes).
- usb: dwc2: host: Fix hibernation flow (git-fixes).
- usb: dwc2: host: Fix remote wakeup from hibernation (git-fixes).
- usb: dwc3: Properly set system wakeup (git-fixes).
- usb: f_mass_storage: forbid async queue when shutdown happen (git-fixes).
- usb: gadget: ncm: Fix handling of zero block length packets (git-fixes).
- usb: gadget: net2272: Use irqflags in the call to net2272_probe_fin (git-fixes).
- usb: hub: Replace hardcoded quirk value with BIT() macro (git-fixes).
- usb: port: Do not try to peer unused USB ports based on location (git-fixes).
- usb: typec: Return size of buffer if pd_set operation succeeds (git-fixes).
- usb: typec: ucsi: Check for notifications after init (git-fixes).
- usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros (git-fixes).
- usb: typec: ucsi: Clear EVENT_PENDING under PPM lock (git-fixes).
- usb: usb-storage: Prevent divide-by-0 error in isd200_ata_command (git-fixes).
- usb: xhci: Add error handling in xhci_map_urb_for_dma (git-fixes).
- vboxsf: Avoid an spurious warning if load_nls_xxx() fails (git-fixes).
- vt: fix unicode buffer corruption when deleting characters (git-fixes).
- watchdog: stm32_iwdg: initialize default timeout (git-fixes).
- wifi: ath10k: fix NULL pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (git-fixes).
- wifi: ath11k: decrease MHI channel buffer length to 8KB (bsc#1207948).
- wifi: ath11k: initialize rx_mcs_80 and rx_mcs_160 before use (git-fixes).
- wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete (git-fixes).
- wifi: b43: Disable QoS for bcm4331 (git-fixes).
- wifi: b43: Stop correct queue in DMA worker when QoS is disabled (git-fixes).
- wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled (git-fixes).
- wifi: b43: Stop/wake correct queue in PIO Tx path when QoS is disabled (git-fixes).
- wifi: brcmfmac: fix copyright year mentioned in platform_data header (git-fixes).
- wifi: brcmsmac: avoid function pointer casts (git-fixes).
- wifi: iwlwifi: dbg-tlv: ensure NUL termination (git-fixes).
- wifi: iwlwifi: fix EWRD table validity check (git-fixes).
- wifi: iwlwifi: fw: do not always use FW dump trig (git-fixes).
- wifi: iwlwifi: mvm: do not set replay counters to 0xff (git-fixes).
- wifi: iwlwifi: mvm: report beacon protection failures (git-fixes).
- wifi: iwlwifi: mvm: rfi: fix potential response leaks (git-fixes).
- wifi: iwlwifi: mvm: use FW rate for non-data only on new devices (git-fixes).
- wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() (git-fixes).
- wifi: mwifiex: debugfs: Drop unnecessary error check for debugfs_create_dir() (git-fixes).
- wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work (git-fixes).
- wifi: rtw88: 8821c: Fix false alarm count (git-fixes).
- wifi: wilc1000: fix RCU usage in connect path (git-fixes).
- wifi: wilc1000: fix declarations ordering (stable-fixes).
- wifi: wilc1000: fix multi-vif management when deleting a vif (git-fixes).
- wifi: wilc1000: prevent use-after-free on vif when cleaning up all interfaces (git-fixes).
- x86/CPU/AMD: Update the Zenbleed microcode revisions (git-fixes).
- x86/bugs: Fix the SRSO mitigation on Zen3/4 (git-fixes).
- x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD (git-fixes).
- xhci: handle isoc Babble and Buffer Overrun events properly (git-fixes).
- xhci: process isoc TD properly when there was a transaction error mid TD (git-fixes).
kernel-rt-5.14.21-150500.13.43.1.nosrc.rpm
True
kernel-rt-5.14.21-150500.13.43.1.x86_64.rpm
True
openSUSE-Leap-Micro-5.5-2024-1311
Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container fixes the following issues:
- Improve the OrdinalPodInterfaceName mechanism (bsc#1222699)
Also containers were rebuilt against the current released updates.
kubevirt-1.1.1-150500.8.15.1.src.rpm
kubevirt-manifests-1.1.1-150500.8.15.1.x86_64.rpm
kubevirt-virtctl-1.1.1-150500.8.15.1.x86_64.rpm
openSUSE-Leap-Micro-5.5-2024-1429
Recommended update for ca-certificates
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for ca-certificates fixes the following issue:
- Update version (bsc#1221184)
* Use flock to serialize calls (bsc#1188500)
* Make certbundle.run container friendly
* Create /var/lib/ca-certificates if needed
ca-certificates-2+git20240416.98ae794-150300.4.3.3.noarch.rpm
ca-certificates-2+git20240416.98ae794-150300.4.3.3.src.rpm
openSUSE-Leap-Micro-5.5-2024-1402
Security update for opensc
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for opensc fixes the following issues:
- CVE-2023-5992: Fixed side-channel leaks while stripping encryption PKCS#1 padding (bsc#1219386)
opensc-0.22.0-150400.3.9.1.src.rpm
opensc-0.22.0-150400.3.9.1.x86_64.rpm
opensc-0.22.0-150400.3.9.1.s390x.rpm
opensc-0.22.0-150400.3.9.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1848
Recommended update for supportutils
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for supportutils fixes the following issues:
- Suppress file descriptor leak warnings from lvm commands (bsc#1220082)
- Add -V key:value pair option (bsc#1222021, PED-8211)
- Avoid getting duplicate kernel verifications in boot.text
- Include container log timestamps
supportutils-3.1.30-150300.7.35.30.1.noarch.rpm
supportutils-3.1.30-150300.7.35.30.1.src.rpm
openSUSE-Leap-Micro-5.5-2024-1529
Recommended update for salt
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for salt fixes the following issues:
- Convert oscap output to UTF-8
- Make Salt compatible with Python 3.11
- Ignore non-ascii chars in oscap output (bsc#1219001)
- Fix detected issues in Salt tests when running on VMs
- Make importing seco.range thread safe (bsc#1211649)
- Fix problematic tests and allow smooth tests executions on containers
- Discover Ansible playbook files as "*.yml" or "*.yaml" files (bsc#1211888)
- Provide user(salt)/group(salt) capabilities for RPM 4.19
- Extend dependencies for python3-salt-testsuiteand python3-salt packages
- Improve Salt and testsuite packages multibuild
- Enable multibuilld and create test flavor
- Prevent exceptions with fileserver.update when called via state (bsc#1218482)
- Improve pip target override condition with VENV_PIP_TARGET environment variable (bsc#1216850)
- Fixed KeyError in logs when running a state that fails
python3-salt-3006.0-150500.4.32.2.x86_64.rpm
True
salt-3006.0-150500.4.32.2.src.rpm
True
salt-3006.0-150500.4.32.2.x86_64.rpm
True
salt-minion-3006.0-150500.4.32.2.x86_64.rpm
True
salt-transactional-update-3006.0-150500.4.32.2.x86_64.rpm
True
python3-salt-3006.0-150500.4.32.2.s390x.rpm
True
salt-3006.0-150500.4.32.2.s390x.rpm
True
salt-minion-3006.0-150500.4.32.2.s390x.rpm
True
salt-transactional-update-3006.0-150500.4.32.2.s390x.rpm
True
python3-salt-3006.0-150500.4.32.2.aarch64.rpm
True
salt-3006.0-150500.4.32.2.aarch64.rpm
True
salt-minion-3006.0-150500.4.32.2.aarch64.rpm
True
salt-transactional-update-3006.0-150500.4.32.2.aarch64.rpm
True
openSUSE-Leap-Micro-5.5-2024-1612
Recommended update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed fixes the following issues:
Changes in kernel-firmware-nvidia-gspx-G06:
- Update to 550.78 (bsc#1223454)
- Update to 550.76 (bsc#1222972)
- update firmware to version 550.76 (bsc#1222972)
Changes in nvidia-open-driver-G06-signed:
- Update to 550.78 (bsc#1223454)
- Update to 550.76 (bsc#1222972)
kernel-firmware-nvidia-gspx-G06-550.78-150500.11.26.1.nosrc.rpm
kernel-firmware-nvidia-gspx-G06-550.78-150500.11.26.1.x86_64.rpm
nvidia-open-driver-G06-signed-550.78-150500.3.44.1.src.rpm
nvidia-open-driver-G06-signed-kmp-default-550.78_k5.14.21_150500.55.52-150500.3.44.1.x86_64.rpm
kernel-firmware-nvidia-gspx-G06-550.78-150500.11.26.1.aarch64.rpm
nvidia-open-driver-G06-signed-kmp-default-550.78_k5.14.21_150500.55.52-150500.3.44.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1375
Security update for glibc
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for glibc fixes the following issues:
- iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992)
glibc-2.31-150300.74.1.src.rpm
glibc-2.31-150300.74.1.x86_64.rpm
glibc-devel-2.31-150300.74.1.x86_64.rpm
glibc-locale-2.31-150300.74.1.x86_64.rpm
glibc-locale-base-2.31-150300.74.1.x86_64.rpm
glibc-2.31-150300.74.1.s390x.rpm
glibc-devel-2.31-150300.74.1.s390x.rpm
glibc-locale-2.31-150300.74.1.s390x.rpm
glibc-locale-base-2.31-150300.74.1.s390x.rpm
glibc-2.31-150300.74.1.aarch64.rpm
glibc-devel-2.31-150300.74.1.aarch64.rpm
glibc-locale-2.31-150300.74.1.aarch64.rpm
glibc-locale-base-2.31-150300.74.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1438
Security update for qemu
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for qemu fixes the following issues:
- CVE-2024-3447: Fixed heap buffer overflow in sdhci_write_dataport() (bsc#1222845)
- CVE-2023-6683: Fixed NULL pointer dereference in qemu_clipboard_request() (bsc#1218889)
- CVE-2024-3446: Fixed DMA reentrancy issue leads to double free vulnerability (bsc#1222843)
- CVE-2023-3019: Fixed heap use-after-free in e1000e_write_packet_to_guest() (bsc#1213269)
qemu-7.1.0-150500.49.15.1.src.rpm
qemu-7.1.0-150500.49.15.1.x86_64.rpm
qemu-accel-tcg-x86-7.1.0-150500.49.15.1.x86_64.rpm
qemu-audio-spice-7.1.0-150500.49.15.1.x86_64.rpm
qemu-block-curl-7.1.0-150500.49.15.1.x86_64.rpm
qemu-chardev-spice-7.1.0-150500.49.15.1.x86_64.rpm
qemu-guest-agent-7.1.0-150500.49.15.1.x86_64.rpm
qemu-hw-display-qxl-7.1.0-150500.49.15.1.x86_64.rpm
qemu-hw-display-virtio-gpu-7.1.0-150500.49.15.1.x86_64.rpm
qemu-hw-display-virtio-vga-7.1.0-150500.49.15.1.x86_64.rpm
qemu-hw-usb-redirect-7.1.0-150500.49.15.1.x86_64.rpm
qemu-ipxe-1.0.0+-150500.49.15.1.noarch.rpm
qemu-seabios-1.16.0_0_gd239552-150500.49.15.1.noarch.rpm
qemu-sgabios-8-150500.49.15.1.noarch.rpm
qemu-tools-7.1.0-150500.49.15.1.x86_64.rpm
qemu-ui-opengl-7.1.0-150500.49.15.1.x86_64.rpm
qemu-ui-spice-core-7.1.0-150500.49.15.1.x86_64.rpm
qemu-vgabios-1.16.0_0_gd239552-150500.49.15.1.noarch.rpm
qemu-x86-7.1.0-150500.49.15.1.x86_64.rpm
qemu-7.1.0-150500.49.15.1.s390x.rpm
qemu-audio-spice-7.1.0-150500.49.15.1.s390x.rpm
qemu-block-curl-7.1.0-150500.49.15.1.s390x.rpm
qemu-chardev-spice-7.1.0-150500.49.15.1.s390x.rpm
qemu-guest-agent-7.1.0-150500.49.15.1.s390x.rpm
qemu-hw-display-qxl-7.1.0-150500.49.15.1.s390x.rpm
qemu-hw-display-virtio-gpu-7.1.0-150500.49.15.1.s390x.rpm
qemu-hw-display-virtio-vga-7.1.0-150500.49.15.1.s390x.rpm
qemu-hw-usb-redirect-7.1.0-150500.49.15.1.s390x.rpm
qemu-s390x-7.1.0-150500.49.15.1.s390x.rpm
qemu-tools-7.1.0-150500.49.15.1.s390x.rpm
qemu-ui-opengl-7.1.0-150500.49.15.1.s390x.rpm
qemu-ui-spice-core-7.1.0-150500.49.15.1.s390x.rpm
qemu-7.1.0-150500.49.15.1.aarch64.rpm
qemu-arm-7.1.0-150500.49.15.1.aarch64.rpm
qemu-audio-spice-7.1.0-150500.49.15.1.aarch64.rpm
qemu-block-curl-7.1.0-150500.49.15.1.aarch64.rpm
qemu-chardev-spice-7.1.0-150500.49.15.1.aarch64.rpm
qemu-guest-agent-7.1.0-150500.49.15.1.aarch64.rpm
qemu-hw-display-qxl-7.1.0-150500.49.15.1.aarch64.rpm
qemu-hw-display-virtio-gpu-7.1.0-150500.49.15.1.aarch64.rpm
qemu-hw-display-virtio-vga-7.1.0-150500.49.15.1.aarch64.rpm
qemu-hw-usb-redirect-7.1.0-150500.49.15.1.aarch64.rpm
qemu-tools-7.1.0-150500.49.15.1.aarch64.rpm
qemu-ui-opengl-7.1.0-150500.49.15.1.aarch64.rpm
qemu-ui-spice-core-7.1.0-150500.49.15.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1466
Security update for the Linux Kernel
important
SUSE Updates openSUSE-Leap-Micro 5.5
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes.
NOTE: This update has been retracted due to a bug in the BHI CPU sidechannel mitigation, which led to incorrect selection of other CPU mitigations.
The following security bugs were fixed:
- CVE-2021-46925: Fixed kernel panic caused by race of smc_sock (bsc#1220466).
- CVE-2021-46926: Fixed bug when detecting controllers in ALSA/hda/intel-sdw-acpi (bsc#1220478).
- CVE-2021-46927: Fixed assertion bug in nitro_enclaves: Use get_user_pages_unlocked() (bsc#1220443).
- CVE-2021-46929: Fixed use-after-free issue in sctp_sock_dump() (bsc#1220482).
- CVE-2021-46930: Fixed usb/mtu3 list_head check warning (bsc#1220484).
- CVE-2021-46931: Fixed wrong type casting in mlx5e_tx_reporter_dump_sq() (bsc#1220486).
- CVE-2021-46933: Fixed possible underflow in ffs_data_clear() (bsc#1220487).
- CVE-2021-46934: Fixed a bug by validating user data in compat ioctl (bsc#1220469).
- CVE-2021-46936: Fixed use-after-free in tw_timer_handler() (bsc#1220439).
- CVE-2021-47082: Fixed ouble free in tun_free_netdev() (bsc#1220969).
- CVE-2021-47083: Fixed a global-out-of-bounds issue in mediatek: (bsc#1220917).
- CVE-2021-47087: Fixed incorrect page free bug in tee/optee (bsc#1220954).
- CVE-2021-47091: Fixed locking in ieee80211_start_ap()) error path (bsc#1220959).
- CVE-2021-47093: Fixed memleak on registration failure in intel_pmc_core (bsc#1220978).
- CVE-2021-47094: Fixed possible memory leak in KVM x86/mmu (bsc#1221551).
- CVE-2021-47095: Fixed missing initialization in ipmi/ssif (bsc#1220979).
- CVE-2021-47096: Fixed uninitalized user_pversion in ALSA rawmidi (bsc#1220981).
- CVE-2021-47097: Fixed stack out of bound access in elantech_change_report_id() (bsc#1220982).
- CVE-2021-47098: Fixed integer overflow/underflow in hysteresis calculations hwmon: (lm90) (bsc#1220983).
- CVE-2021-47099: Fixed BUG_ON assertion in veth when skb entering GRO are cloned (bsc#1220955).
- CVE-2021-47100: Fixed UAF when uninstall in ipmi (bsc#1220985).
- CVE-2021-47101: Fixed uninit-value in asix_mdio_read() (bsc#1220987).
- CVE-2021-47102: Fixed incorrect structure access In line: upper = info->upper_dev in net/marvell/prestera (bsc#1221009).
- CVE-2021-47104: Fixed memory leak in qib_user_sdma_queue_pkts() (bsc#1220960).
- CVE-2021-47105: Fixed potential memory leak in ice/xsk (bsc#1220961).
- CVE-2021-47107: Fixed READDIR buffer overflow in NFSD (bsc#1220965).
- CVE-2021-47108: Fixed possible NULL pointer dereference for mtk_hdmi_conf in drm/mediatek (bsc#1220986).
- CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635).
- CVE-2022-48626: Fixed a potential use-after-free on remove path moxart (bsc#1220366).
- CVE-2022-48627: Fixed a memory overlapping when deleting chars in the buffer (bsc#1220845).
- CVE-2022-48628: Fixed possible lock in ceph (bsc#1220848).
- CVE-2022-48629: Fixed possible memory leak in qcom-rng (bsc#1220989).
- CVE-2022-48630: Fixed infinite loop on requests not multiple of WORD_SZ in crypto: qcom-rng (bsc#1220990).
- CVE-2023-0160: Fixed deadlock flaw in BPF that could allow a local user to potentially crash the system (bsc#1209657).
- CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456).
- CVE-2023-35827: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1212514).
- CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221).
- CVE-2023-52447: Fixed map_fd_put_ptr() signature kABI workaround (bsc#1220251).
- CVE-2023-52450: Fixed NULL pointer dereference issue in upi_fill_topology() (bsc#1220237).
- CVE-2023-52453: Fixed data corruption in hisi_acc_vfio_pci (bsc#1220337).
- CVE-2023-52454: Fixed a kernel panic when host sends an invalid H2C PDU length (bsc#1220320).
- CVE-2023-52462: Fixed check for attempt to corrupt spilled pointer (bsc#1220325).
- CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328).
- CVE-2023-52467: Fixed a null pointer dereference in of_syscon_register (bsc#1220433).
- CVE-2023-52469: Fixed a use-after-free in kv_parse_power_table (bsc#1220411).
- CVE-2023-52470: Fixed null-ptr-deref in radeon_crtc_init() (bsc#1220413).
- CVE-2023-52474: Fixed a vulnerability with non-PAGE_SIZE-end multi-iovec user SDMA requests (bsc#1220445).
- CVE-2023-52476: Fixed possible unhandled page fault via perf sampling NMI during vsyscall (bsc#1220703).
- CVE-2023-52477: Fixed USB Hub accesses to uninitialized BOS descriptors (bsc#1220790).
- CVE-2023-52481: Fixed speculative unprivileged load in Cortex-A520 (bsc#1220887).
- CVE-2023-52482: Fixed a bug by adding SRSO mitigation for Hygon processors (bsc#1220735).
- CVE-2023-52484: Fixed a soft lockup triggered by arm_smmu_mm_invalidate_range (bsc#1220797).
- CVE-2023-52486: Fixed possible use-after-free in drm (bsc#1221277).
- CVE-2023-52492: Fixed a null-pointer-dereference in channel unregistration function __dma_async_device_channel_register() (bsc#1221276).
- CVE-2023-52493: Fixed possible soft lockup in bus/mhi/host (bsc#1221274).
- CVE-2023-52494: Fixed missing alignment check for event ring read pointer in bus/mhi/host (bsc#1221273).
- CVE-2023-52497: Fixed data corruption in erofs (bsc#1220879).
- CVE-2023-52500: Fixed information leaking when processing OPC_INB_SET_CONTROLLER_CONFIG command (bsc#1220883).
- CVE-2023-52501: Fixed possible memory corruption in ring-buffer (bsc#1220885).
- CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (bsc#1220831).
- CVE-2023-52504: Fixed possible out-of bounds in apply_alternatives() on a 5-level paging machine (bsc#1221553).
- CVE-2023-52507: Fixed possible shift-out-of-bounds in nfc/nci (bsc#1220833).
- CVE-2023-52508: Fixed null pointer dereference in nvme_fc_io_getuuid() (bsc#1221015).
- CVE-2023-52509: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1220836).
- CVE-2023-52510: Fixed a potential UAF in ca8210_probe() (bsc#1220898).
- CVE-2023-52511: Fixed possible memory corruption in spi/sun6i (bsc#1221012).
- CVE-2023-52513: Fixed connection failure handling in RDMA/siw (bsc#1221022).
- CVE-2023-52515: Fixed possible use-after-free in RDMA/srp (bsc#1221048).
- CVE-2023-52517: Fixed race between DMA RX transfer completion and RX FIFO drain in spi/sun6i (bsc#1221055).
- CVE-2023-52518: Fixed information leak in bluetooth/hci_codec (bsc#1221056).
- CVE-2023-52519: Fixed possible overflow in HID/intel-ish-hid/ipc (bsc#1220920).
- CVE-2023-52520: Fixed reference leak in platform/x86/think-lmi (bsc#1220921).
- CVE-2023-52523: Fixed wrong redirects to non-TCP sockets in bpf (bsc#1220926).
- CVE-2023-52524: Fixed possible corruption in nfc/llcp (bsc#1220927).
- CVE-2023-52525: Fixed out of bounds check mwifiex_process_rx_packet() (bsc#1220840).
- CVE-2023-52528: Fixed uninit-value access in __smsc75xx_read_reg() (bsc#1220843).
- CVE-2023-52529: Fixed a potential memory leak in sony_probe() (bsc#1220929).
- CVE-2023-52530: Fixed a potential key use-after-free in wifi mac80211 (bsc#1220930).
- CVE-2023-52531: Fixed a memory corruption issue in iwlwifi (bsc#1220931).
- CVE-2023-52532: Fixed a bug in TX CQE error handling (bsc#1220932).
- CVE-2023-52559: Fixed a bug by avoiding memory allocation in iommu_suspend (bsc#1220933).
- CVE-2023-52563: Fixed memory leak on ->hpd_notify callback() in drm/meson (bsc#1220937).
- CVE-2023-52564: Reverted invalid fix for UAF in gsm_cleanup_mux() (bsc#1220938).
- CVE-2023-52566: Fixed potential use after free in nilfs_gccache_submit_read_data() (bsc#1220940).
- CVE-2023-52567: Fixed possible Oops in serial/8250_port: when using IRQ polling (irq = 0) (bsc#1220839).
- CVE-2023-52569: Fixed a bug in btrfs by remoning BUG() after failure to insert delayed dir index item (bsc#1220918).
- CVE-2023-52574: Fixed a bug by hiding new member header_ops (bsc#1220870).
- CVE-2023-52575: Fixed SBPB enablement for spec_rstack_overflow=off (bsc#1220871).
- CVE-2023-52576: Fixed potential use after free in memblock_isolate_range() (bsc#1220872).
- CVE-2023-52582: Fixed possible oops in netfs (bsc#1220878).
- CVE-2023-52583: Fixed deadlock or deadcode of misusing dget() inside ceph (bsc#1221058).
- CVE-2023-52587: Fixed mcast list locking in IB/ipoib (bsc#1221082).
- CVE-2023-52591: Fixed a possible reiserfs filesystem corruption via directory renaming (bsc#1221044).
- CVE-2023-52594: Fixed potential array-index-out-of-bounds read in ath9k_htc_txstatus() (bsc#1221045).
- CVE-2023-52595: Fixed possible deadlock in wifi/rt2x00 (bsc#1221046).
- CVE-2023-52597: Fixed a setting of fpc register in KVM (bsc#1221040).
- CVE-2023-52598: Fixed wrong setting of fpc register in s390/ptrace (bsc#1221060).
- CVE-2023-52599: Fixed array-index-out-of-bounds in diNewExt() in jfs (bsc#1221062).
- CVE-2023-52600: Fixed uaf in jfs_evict_inode() (bsc#1221071).
- CVE-2023-52601: Fixed array-index-out-of-bounds in dbAdjTree() in jfs (bsc#1221068).
- CVE-2023-52602: Fixed slab-out-of-bounds Read in dtSearch() in jfs (bsc#1221070).
- CVE-2023-52603: Fixed array-index-out-of-bounds in dtSplitRoot() (bsc#1221066).
- CVE-2023-52604: Fixed array-index-out-of-bounds in dbAdjTree() (bsc#1221067).
- CVE-2023-52605: Fixed a NULL pointer dereference check (bsc#1221039)
- CVE-2023-52606: Fixed possible kernel stack corruption in powerpc/lib (bsc#1221069).
- CVE-2023-52607: Fixed a null-pointer-dereference in pgtable_cache_add kasprintf() (bsc#1221061).
- CVE-2023-52608: Fixed possible race condition in firmware/arm_scmi (bsc#1221375).
- CVE-2023-52612: Fixed req->dst buffer overflow in crypto/scomp (bsc#1221616).
- CVE-2023-52615: Fixed page fault dead lock on mmap-ed hwrng (bsc#1221614).
- CVE-2023-52617: Fixed stdev_release() crash after surprise hot remove (bsc#1221613).
- CVE-2023-52619: Fixed possible crash when setting number of cpus to an odd number in pstore/ram (bsc#1221618).
- CVE-2023-52621: Fixed missing asserion in bpf (bsc#1222073).
- CVE-2023-52623: Fixed suspicious RCU usage in SUNRPC (bsc#1222060).
- CVE-2023-52628: Fixed 4-byte stack OOB write in nftables (bsc#1222117).
- CVE-2023-52632: Fixed lock dependency warning with srcu in drm/amdkfd (bsc#1222274).
- CVE-2023-52637: Fixed UAF in j1939_sk_match_filter() in can/k1939 (bsc#1222291).
- CVE-2023-52639: Fixed race during shadow creation in KVM/s390/vsie Fixed (bsc#1222300).
- CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562).
- CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987).
- CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988).
- CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989).
- CVE-2023-7042: Fixed a null-pointer-dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (bsc#1218336).
- CVE-2023-7192: Fixed a memory leak problem in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c (bsc#1218479).
- CVE-2024-0841: Fixed a null pointer dereference in the hugetlbfs_fill_super function in hugetlbfs (HugeTLB pages) functionality (bsc#1219264).
- CVE-2024-2201: Fixed information leak in x86/BHI (bsc#1217339).
- CVE-2024-22099: Fixed a null-pointer-dereference in rfcomm_check_security (bsc#1219170).
- CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1219169).
- CVE-2024-25739: Fixed possible crash in create_empty_lvol() in drivers/mtd/ubi/vtbl.c (bsc#1219834).
- CVE-2024-25742: Fixed insufficient validation during #VC instruction emulation in x86/sev (bsc#1221725).
- CVE-2024-26599: Fixed out-of-bounds access in of_pwm_single_xlate() (bsc#1220365).
- CVE-2024-26600: Fixed NULL pointer dereference for SRP in phy-omap-usb2 (bsc#1220340).
- CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398).
- CVE-2024-26607: Fixed a probing race issue in sii902x: (bsc#1220736).
- CVE-2024-26612: Fixed Oops in fscache_put_cache() This function dereferences (bsc#1221291).
- CVE-2024-26614: Fixed the initialization of accept_queue's spinlocks (bsc#1221293).
- CVE-2024-26620: Fixed possible device model violation in s390/vfio-ap (bsc#1221298).
- CVE-2024-26627: Fixed possible hard lockup in scsi (bsc#1221090).
- CVE-2024-26629: Fixed possible protocol violation via RELEASE_LOCKOWNER in nfsd (bsc#1221379).
- CVE-2024-26642: Fixed the set of anonymous timeout flag in netfilter nf_tables (bsc#1221830).
- CVE-2024-26645: Fixed missing visibility when inserting an element into tracing_map (bsc#1222056).
- CVE-2024-26646: Fixed potential memory corruption when resuming from suspend or hibernation in thermal/intel/hfi (bsc#1222070).
- CVE-2024-26651: Fixed possible oops via malicious devices in sr9800 (bsc#1221337).
- CVE-2024-26654: Fixed use after free in ALSA/sh/aica (bsc#1222304).
- CVE-2024-26659: Fixed wrong handling of isoc Babble and Buffer Overrun events in xhci (bsc#1222317).
- CVE-2024-26664: Fixed out-of-bounds memory access in create_core_data() in hwmon coretemp (bsc#1222355).
- CVE-2024-26667: Fixed null pointer reference in dpu_encoder_helper_phys_cleanup in drm/msm/dpu (bsc#1222331).
- CVE-2024-26670: Fixed ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD workaround in kernel arm64 (bsc#1222356).
- CVE-2024-26695: Fixed null pointer dereference in __sev_platform_shutdown_locked in crypto ccp (bsc#1222373).
- CVE-2024-26717: Fixed null pointer dereference on failed power up in HID i2c-hid-of (bsc#1222360).
The following non-security bugs were fixed:
- acpi: CPPC: enable AMD CPPC V2 support for family 17h processors (git-fixes).
- acpi: processor_idle: Fix memory leak in acpi_processor_power_exit() (git-fixes).
- acpi: resource: Add Infinity laptops to irq1_edge_low_force_override (stable-fixes).
- acpi: resource: Add MAIBENBEN X577 to irq1_edge_low_force_override (git-fixes).
- acpi: resource: Do IRQ override on Lunnen Ground laptops (stable-fixes).
- acpi: scan: Fix device check notification handling (git-fixes).
- acpica: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields() (git-fixes).
- alsa: aaci: Delete unused variable in aaci_do_suspend (git-fixes).
- alsa: aoa: avoid false-positive format truncation warning (git-fixes).
- alsa: aw2: avoid casting function pointers (git-fixes).
- alsa: ctxfi: avoid casting function pointers (git-fixes).
- alsa: hda/realtek - ALC285 reduce pop noise from Headphone port (stable-fixes).
- alsa: hda/realtek - Add Headset Mic supported Acer NB platform (stable-fixes).
- alsa: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform (git-fixes).
- alsa: hda/realtek: Enable Mute LED on HP 840 G8 (MB 8AB8) (git-fixes).
- alsa: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone (git-fixes).
- alsa: hda/realtek: fix ALC285 issues on HP Envy x360 laptops (stable-fixes).
- alsa: hda/realtek: fix mute/micmute LED For HP mt440 (git-fixes).
- alsa: hda/realtek: fix mute/micmute LEDs for HP EliteBook (stable-fixes).
- alsa: seq: fix function cast warnings (git-fixes).
- alsa: sh: aica: reorder cleanup operations to avoid UAF bugs (git-fixes).
- alsa: usb-audio: Stop parsing channels bits when all channels are found (git-fixes).
- arm64: dts: allwinner: h6: Add RX DMA channel for SPDIF (git-fixes)
- arm64: dts: broadcom: bcmbca: bcm4908: drop invalid switch cells (git-fixes)
- arm64: dts: imx8mm-kontron: Add support for ultra high speed modes on (git-fixes)
- arm64: dts: imx8mm-venice-gw71xx: fix USB OTG VBUS (git-fixes)
- arm64: dts: marvell: reorder crypto interrupts on Armada SoCs (git-fixes)
- arm64: dts: rockchip: add ES8316 codec for ROCK Pi 4 (git-fixes)
- arm64: dts: rockchip: add SPDIF node for ROCK Pi 4 (git-fixes)
- arm64: dts: rockchip: fix regulator name on rk3399-rock-4 (git-fixes)
- arm64: dts: rockchip: set num-cs property for spi on px30 (git-fixes)
- arm64: mm: fix VA-range sanity check (git-fixes)
- arm64: set __exception_irq_entry with __irq_entry as a default (git-fixes)
- asoc: Intel: bytcr_rt5640: Add an extra entry for the Chuwi Vi8 tablet (stable-fixes).
- asoc: amd: acp: Add missing error handling in sof-mach (git-fixes).
- asoc: amd: acp: fix for acp_init function error handling (git-fixes).
- asoc: madera: Fix typo in madera_set_fll_clks shift value (git-fixes).
- asoc: meson: Use dev_err_probe() helper (stable-fixes).
- asoc: meson: aiu: fix function pointer type mismatch (git-fixes).
- asoc: meson: axg-tdm-interface: add frame rate constraint (git-fixes).
- asoc: meson: axg-tdm-interface: fix mclk setup without mclk-fs (git-fixes).
- asoc: meson: t9015: fix function pointer type mismatch (git-fixes).
- asoc: ops: Fix wraparound for mask in snd_soc_get_volsw (git-fixes).
- asoc: rcar: adg: correct TIMSEL setting for SSI9 (git-fixes).
- asoc: rt5645: Make LattePanda board DMI match more precise (stable-fixes).
- asoc: rt5682-sdw: fix locking sequence (git-fixes).
- asoc: rt711-sdca: fix locking sequence (git-fixes).
- asoc: rt711-sdw: fix locking sequence (git-fixes).
- asoc: wm8962: Enable both SPKOUTR_ENA and SPKOUTL_ENA in mono mode (stable-fixes).
- asoc: wm8962: Enable oscillator if selecting WM8962_FLL_OSC (stable-fixes).
- asoc: wm8962: Fix up incorrect error message in wm8962_set_fll (stable-fixes).
- ata: sata_mv: Fix PCI device ID table declaration compilation warning (git-fixes).
- ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit (git-fixes).
- backlight: da9052: Fully initialize backlight_properties during probe (git-fixes).
- backlight: lm3630a: Do not set bl->props.brightness in get_brightness (git-fixes).
- backlight: lm3630a: Initialize backlight_properties on init (git-fixes).
- backlight: lm3639: Fully initialize backlight_properties during probe (git-fixes).
- backlight: lp8788: Fully initialize backlight_properties during probe (git-fixes).
- blocklayoutdriver: Fix reference leak of pnfs_device_node (git-fixes).
- bluetooth: Remove HCI_POWER_OFF_TIMEOUT (git-fixes).
- bluetooth: Remove superfluous call to hci_conn_check_pending() (git-fixes).
- bluetooth: hci_core: Fix possible buffer overflow (git-fixes).
- bluetooth: mgmt: Remove leftover queuing of power_off work (git-fixes).
- bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security (stable-fixes).
- bpf, scripts: Correct GPL license name (git-fixes).
- bpf, sockmap: Fix preempt_rt splat when using raw_spin_lock_t (git-fixes).
- can: softing: remove redundant NULL check (git-fixes).
- clk: zynq: Prevent null pointer dereference caused by kmalloc failure (git-fixes).
- comedi: comedi_test: Prevent timers rescheduling during deletion (git-fixes).
- coresight: etm4x: Do not access TRCIDR1 for identification (bsc#1220775)
- coresight: etm4x: Fix accesses to TRCSEQRSTEVR and TRCSEQSTR (bsc#1220775)
- coresight: etm: Override TRCIDR3.CCITMIN on errata affected cpus (bsc#1220775)
- cpufreq: amd-pstate: Fix min_perf assignment in amd_pstate_adjust_perf() (git-fixes).
- cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value (git-fixes).
- crypto: arm/sha - fix function cast warnings (git-fixes).
- crypto: qat - avoid division by zero (git-fixes).
- crypto: qat - fix deadlock in backlog processing (git-fixes).
- crypto: qat - fix double free during reset (git-fixes).
- crypto: qat - fix state machines cleanup paths (bsc#1218321).
- crypto: qat - fix unregistration of compression algorithms (git-fixes).
- crypto: qat - fix unregistration of crypto algorithms (git-fixes).
- crypto: qat - ignore subsequent state up commands (git-fixes).
- crypto: qat - increase size of buffers (git-fixes).
- crypto: qat - resolve race condition during AER recovery (git-fixes).
- crypto: xilinx - call finalize with bh disabled (git-fixes).
- doc-guide: kernel-doc: tell about object-like macros (git-fixes).
- doc/README.SUSE: Update information about module support status (jsc#PED-5759)
- drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory (git-fixes).
- drm/amd/display: Add FAMS validation before trying to use it (git-fixes).
- drm/amd/display: Add function for validate and update new stream (git-fixes).
- drm/amd/display: Avoid ABM when ODM combine is enabled for eDP (git-fixes).
- drm/amd/display: Blocking invalid 420 modes on HDMI TMDS for DCN31 (git-fixes).
- drm/amd/display: Check if link state is valid (git-fixes).
- drm/amd/display: Copy DC context in the commit streams (git-fixes).
- drm/amd/display: Disable PSR-SU on Parade 0803 TCON again (git-fixes).
- drm/amd/display: Enable fast plane updates on DCN3.2 and above (git-fixes).
- drm/amd/display: Enable new commit sequence only for DCN32x (git-fixes).
- drm/amd/display: Exit idle optimizations before attempt to access PHY (git-fixes).
- drm/amd/display: Expand kernel doc for DC (git-fixes).
- drm/amd/display: Fix a bug when searching for insert_above_mpcc (git-fixes).
- drm/amd/display: Fix a potential buffer overflow in 'dp_dsc_clock_en_read()' (git-fixes).
- drm/amd/display: Fix possible underflow for displays with large vblank (git-fixes).
- drm/amd/display: Fix the delta clamping for shaper LUT (git-fixes).
- drm/amd/display: Fix underflow issue on 175hz timing (git-fixes).
- drm/amd/display: For prefetch mode > 0, extend prefetch if possible (git-fixes).
- drm/amd/display: Guard DCN31 PHYD32CLK logic against chip family (git-fixes).
- drm/amd/display: Guard against invalid RPTR/WPTR being set (git-fixes).
- drm/amd/display: Handle seamless boot stream (git-fixes).
- drm/amd/display: Handle virtual hardware detect (git-fixes).
- drm/amd/display: Include surface of unaffected streams (git-fixes).
- drm/amd/display: Include udelay when waiting for INBOX0 ACK (git-fixes).
- drm/amd/display: Increase frame warning limit with KASAN or KCSAN in dml (git-fixes).
- drm/amd/display: Keep PHY active for dp config (git-fixes).
- drm/amd/display: Prevent vtotal from being set to 0 (git-fixes).
- drm/amd/display: Remove min_dst_y_next_start check for Z8 (git-fixes).
- drm/amd/display: Restore rptr/wptr for DMCUB as workaround (git-fixes).
- drm/amd/display: Return the correct HDCP error code (stable-fixes).
- drm/amd/display: Revert vblank change that causes null pointer crash (git-fixes).
- drm/amd/display: Rework comments on dc file (git-fixes).
- drm/amd/display: Rework context change check (git-fixes).
- drm/amd/display: Set minimum requirement for using PSR-SU on Phoenix (git-fixes).
- drm/amd/display: Set minimum requirement for using PSR-SU on Rembrandt (git-fixes).
- drm/amd/display: Update OTG instance in the commit stream (git-fixes).
- drm/amd/display: Update correct DCN314 register header (git-fixes).
- drm/amd/display: Update min Z8 residency time to 2100 for DCN314 (git-fixes).
- drm/amd/display: Use DRAM speed from validation for dummy p-state (git-fixes).
- drm/amd/display: Use DTBCLK as refclk instead of DPREFCLK (git-fixes).
- drm/amd/display: Use min transition for all SubVP plane add/remove (git-fixes).
- drm/amd/display: Write to correct dirty_rect (git-fixes).
- drm/amd/display: Wrong colorimetry workaround (git-fixes).
- drm/amd/display: add FB_DAMAGE_CLIPS support (git-fixes).
- drm/amd/display: add ODM case when looking for first split pipe (git-fixes).
- drm/amd/display: always switch off ODM before committing more streams (git-fixes).
- drm/amd/display: clean code-style issues in dcn30_set_mpc_shaper_3dlut (git-fixes).
- drm/amd/display: dc.h: eliminate kernel-doc warnings (git-fixes).
- drm/amd/display: ensure async flips are only accepted for fast updates (git-fixes).
- drm/amd/display: fix ABM disablement (git-fixes).
- drm/amd/display: fix a NULL pointer dereference in amdgpu_dm_i2c_xfer() (git-fixes).
- drm/amd/display: fix dc/core/dc.c kernel-doc (git-fixes).
- drm/amd/display: fix hw rotated modes when PSR-SU is enabled (git-fixes).
- drm/amd/display: fix kernel-doc issues in dc.h (git-fixes).
- drm/amd/display: fix unbounded requesting for high pixel rate modes on dcn315 (git-fixes).
- drm/amd/display: handle range offsets in VRR ranges (stable-fixes).
- drm/amd/display: perform a bounds check before filling dirty rectangles (git-fixes).
- drm/amd/display: set per pipe dppclk to 0 when dpp is off (git-fixes).
- drm/amd/display: update extended blank for dcn314 onwards (git-fixes).
- drm/amd/display: use low clocks for no plane configs (git-fixes).
- drm/amd/pm: Fix error of MACO flag setting code (git-fixes).
- drm/amd/pm: fix a memleak in aldebaran_tables_init (git-fixes).
- drm/amd/smu: use AverageGfxclkFrequency* to replace previous GFX Curr Clock (git-fixes).
- drm/amd: Enable PCIe PME from D3 (git-fixes).
- drm/amdgpu/pm: Fix the error of pwm1_enable setting (stable-fixes).
- drm/amdgpu/pm: make gfxclock consistent for sienna cichlid (git-fixes).
- drm/amdgpu/pm: make mclk consistent for smu 13.0.7 (git-fixes).
- drm/amdgpu/smu13: drop compute workload workaround (git-fixes).
- drm/amdgpu: Enable gpu reset for S3 abort cases on Raven series (stable-fixes).
- drm/amdgpu: Fix missing break in ATOM_ARG_IMM Case of atom_get_src_int() (git-fixes).
- drm/amdgpu: Force order between a read and write to the same address (git-fixes).
- drm/amdgpu: Match against exact bootloader status (git-fixes).
- drm/amdgpu: Unset context priority is now invalid (git-fixes).
- drm/amdgpu: Update min() to min_t() in 'amdgpu_info_ioctl' (git-fixes).
- drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag (stable-fixes).
- drm/amdgpu: lower CS errors to debug severity (git-fixes).
- drm/amdkfd: fix TLB flush after unmap for GFX9.4.2 (stable-fixes).
- drm/bridge: tc358762: Instruct DSI host to generate HSE packets (git-fixes).
- drm/display: fix typo (git-fixes).
- drm/edid: Add quirk for OSVR HDK 2.0 (git-fixes).
- drm/etnaviv: Restore some id values (git-fixes).
- drm/exynos: do not return negative values from .get_modes() (stable-fixes).
- drm/exynos: fix a possible null-pointer dereference due to data race in exynos_drm_crtc_atomic_disable() (git-fixes).
- drm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode() (stable-fixes).
- drm/i915/gt: Do not generate the command streamer for all the CCS (git-fixes).
- drm/i915/gt: Reset queue_priority_hint on parking (git-fixes).
- drm/i915/gt: Use i915_vm_put on ppgtt_create error paths (git-fixes).
- drm/i915/selftests: Fix dependency of some timeouts on HZ (git-fixes).
- drm/i915: Add missing CCS documentation (git-fixes).
- drm/i915: Call intel_pre_plane_updates() also for pipes getting enabled (git-fixes).
- drm/i915: Check before removing mm notifier (git-fixes).
- drm/lima: fix a memleak in lima_heap_alloc (git-fixes).
- drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip (git-fixes).
- drm/mediatek: dsi: Fix DSI RGB666 formats and definitions (git-fixes).
- drm/msm/dpu: Only enable DSC_MODE_MULTIPLEX if dsc_merge is enabled (git-fixes).
- drm/msm/dpu: add division of drm_display_mode's hskew parameter (git-fixes).
- drm/msm/dpu: fix the programming of INTF_CFG2_DATA_HCTL_EN (git-fixes).
- drm/msm/dpu: improve DSC allocation (git-fixes).
- drm/panel-edp: use put_sync in unprepare (git-fixes).
- drm/panel: Move AUX B116XW03 out of panel-edp back to panel-simple (git-fixes).
- drm/panel: auo,b101uan08.3: Fine tune the panel power sequence (git-fixes).
- drm/panel: boe-tv101wum-nl6: Fine tune the panel power sequence (git-fixes).
- drm/panel: do not return negative error codes from drm_panel_get_modes() (stable-fixes).
- drm/panfrost: fix power transition timeout warnings (git-fixes).
- drm/probe-helper: warn about negative .get_modes() (stable-fixes).
- drm/qxl: remove unused `count` variable from `qxl_surface_id_alloc()` (git-fixes).
- drm/qxl: remove unused variable from `qxl_process_single_command()` (git-fixes).
- drm/radeon/ni: Fix wrong firmware size logging in ni_init_microcode() (git-fixes).
- drm/radeon/ni_dpm: remove redundant NULL check (git-fixes).
- drm/radeon: remove dead code in ni_mc_load_microcode() (git-fixes).
- drm/rockchip: dsi: Clean up 'usage_mode' when failing to attach (git-fixes).
- drm/rockchip: inno_hdmi: Fix video timing (git-fixes).
- drm/rockchip: lvds: do not overwrite error code (git-fixes).
- drm/rockchip: lvds: do not print scary message when probing defer (git-fixes).
- drm/tegra: dpaux: Fix PM disable depth imbalance in tegra_dpaux_probe (git-fixes).
- drm/tegra: dsi: Add missing check for of_find_device_by_node (git-fixes).
- drm/tegra: dsi: Fix missing pm_runtime_disable() in the error handling path of tegra_dsi_probe() (git-fixes).
- drm/tegra: dsi: Fix some error handling paths in tegra_dsi_probe() (git-fixes).
- drm/tegra: dsi: Make use of the helper function dev_err_probe() (stable-fixes).
- drm/tegra: hdmi: Convert to devm_platform_ioremap_resource() (stable-fixes).
- drm/tegra: hdmi: Fix some error handling paths in tegra_hdmi_probe() (git-fixes).
- drm/tegra: output: Fix missing i2c_put_adapter() in the error handling paths of tegra_output_probe() (git-fixes).
- drm/tegra: put drm_gem_object ref on error in tegra_fb_create (git-fixes).
- drm/tegra: rgb: Fix missing clk_put() in the error handling paths of tegra_dc_rgb_probe() (git-fixes).
- drm/tegra: rgb: Fix some error handling paths in tegra_dc_rgb_probe() (git-fixes).
- drm/tidss: Fix initial plane zpos values (git-fixes).
- drm/tidss: Fix sync-lost issue with two displays (git-fixes).
- drm/ttm: Do not leak a resource on eviction error (git-fixes).
- drm/ttm: Do not print error message if eviction was interrupted (git-fixes).
- drm/vc4: Add module dependency on hdmi-codec (git-fixes).
- drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed (git-fixes).
- drm/vmwgfx: Fix possible null pointer derefence with invalid contexts (git-fixes).
- drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node (git-fixes).
- drm: Do not treat 0 as -1 in drm_fixp2int_ceil (git-fixes).
- drm: Fix drm_fixp2int_round() making it add 0.5 (git-fixes).
- drm: panel-orientation-quirks: Add quirk for Acer Switch V 10 (SW5-017) (git-fixes).
- firewire: core: use long bus reset on gap count error (stable-fixes).
- fix "coresight: etm4x: Change etm4_platform_driver driver for MMIO devices" (bsc#1220775) Hunk with clk_put(drvdata->pclk) was incorrectly moved to another function.
- hid: amd_sfh: Update HPD sensor structure elements (git-fixes).
- hid: lenovo: Add middleclick_workaround sysfs knob for cptkbd (git-fixes).
- hid: multitouch: Add required quirk for Synaptics 0xcddc device (stable-fixes).
- hv_netvsc: Calculate correct ring size when PAGE_SIZE is not 4 Kbytes (git-fixes).
- hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove (git-fixes).
- hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed (git-fixes).
- i2c: aspeed: Fix the dummy irq expected print (git-fixes).
- i2c: i801: Avoid potential double call to gpiod_remove_lookup_table (git-fixes).
- i2c: wmt: Fix an error handling path in wmt_i2c_probe() (git-fixes).
- ib/ipoib: Fix mcast list locking (git-fixes)
- iio: dummy_evgen: remove Excess kernel-doc comments (git-fixes).
- iio: pressure: dlhl60d: Initialize empty DLH bytes (git-fixes).
- input: gpio_keys_polled - suppress deferred probe error for gpio (stable-fixes).
- input: i8042 - add Fujitsu Lifebook E5411 to i8042 quirk table (git-fixes).
- input: i8042 - add Fujitsu Lifebook U728 to i8042 quirk table (git-fixes).
- input: i8042 - add quirk for Fujitsu Lifebook A574/H (git-fixes).
- input: i8042 - fix strange behavior of touchpad on Clevo NS70PU (git-fixes).
- input: pm8941-powerkey - fix debounce on gen2+ PMICs (git-fixes).
- input: pm8941-pwrkey - add software key press debouncing support (git-fixes).
- input: pm8941-pwrkey - add support for PON GEN3 base addresses (git-fixes).
- input: synaptics-rmi4 - fix UAF of IRQ domain on driver removal (git-fixes).
- input: xpad - add Lenovo Legion Go controllers (git-fixes).
- iommu/amd: Mark interrupt as managed (git-fixes).
- iommu/dma: Trace bounce buffer usage when mapping buffers (git-fixes).
- iommu/mediatek-v1: Fix an error handling path in mtk_iommu_v1_probe() (git-fixes).
- iommu/mediatek: Fix forever loop in error handling (git-fixes).
- iommu/vt-d: Allow to use flush-queue when first level is default (git-fixes).
- iommu/vt-d: Do not issue ATS Invalidation request when device is disconnected (git-fixes).
- iommu/vt-d: Fix PASID directory pointer coherency (git-fixes).
- iommu/vt-d: Set No Execute Enable bit in PASID table entry (git-fixes).
- kabi: PCI: Add locking to RMW PCI Express Capability Register accessors (kabi).
- kconfig: fix infinite loop when expanding a macro at the end of file (git-fixes).
- kvm: s390: only deliver the set service event bits (git-fixes bsc#1221631).
- lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is detected (git-commit).
- leds: aw2013: Unlock mutex before destroying it (git-fixes).
- lib/cmdline: Fix an invalid format specifier in an assertion msg (git-fixes).
- make NVIDIA Grace-Hopper TPM related drivers build-ins (bsc#1221156)
- md/raid10: check slab-out-of-bounds in md_bitmap_get_counter (git-fixes).
- md/raid5: release batch_last before waiting for another stripe_head (git-fixes).
- md/raid6: use valid sector values to determine if an I/O should wait on the reshape (git-fixes).
- md: Do not ignore suspended array in md_check_recovery() (git-fixes).
- md: Make sure md_do_sync() will set MD_RECOVERY_DONE (git-fixes).
- md: Whenassemble the array, consult the superblock of the freshest device (git-fixes).
- md: do not leave 'MD_RECOVERY_FROZEN' in error path of md_set_readonly() (git-fixes).
- md: fix data corruption for raid456 when reshape restart while grow up (git-fixes).
- md: introduce md_ro_state (git-fixes).
- media: dvb-frontends: avoid stack overflow warnings with clang (git-fixes).
- media: edia: dvbdev: fix a use-after-free (git-fixes).
- media: em28xx: annotate unchecked call to media_device_register() (git-fixes).
- media: go7007: add check of return value of go7007_read_addr() (git-fixes).
- media: go7007: fix a memleak in go7007_load_encoder (git-fixes).
- media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak (git-fixes).
- media: pvrusb2: fix pvr2_stream_callback casts (git-fixes).
- media: pvrusb2: fix uaf in pvr2_context_set_notify (git-fixes).
- media: pvrusb2: remove redundant NULL check (git-fixes).
- media: staging: ipu3-imgu: Set fields before media_entity_pads_init() (git-fixes).
- media: sun8i-di: Fix chroma difference threshold (git-fixes).
- media: sun8i-di: Fix coefficient writes (git-fixes).
- media: sun8i-di: Fix power on/off sequences (git-fixes).
- media: tc358743: register v4l2 async device only after successful setup (git-fixes).
- media: ttpci: fix two memleaks in budget_av_attach (git-fixes).
- media: usbtv: Remove useless locks in usbtv_video_free() (git-fixes).
- media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity (git-fixes).
- media: v4l2-tpg: fix some memleaks in tpg_alloc (git-fixes).
- media: xc4000: Fix atomicity violation in xc4000_get_frequency (git-fixes).
- mfd: altera-sysmgr: Call of_node_put() only when of_parse_phandle() takes a ref (git-fixes).
- mfd: syscon: Call of_node_put() only when of_parse_phandle() takes a ref (git-fixes).
- mm,page_owner: Defer enablement of static branch (bsc#1222366).
- mm,page_owner: Fix accounting of pages when migrating (bsc#1222366).
- mm,page_owner: Fix printing of stack records (bsc#1222366).
- mm,page_owner: Fix refcount imbalance (bsc#1222366).
- mm,page_owner: Update metadata for tail pages (bsc#1222366).
- mm,page_owner: check for null stack_record before bumping its refcount (bsc#1222366).
- mm,page_owner: drop unnecessary check (bsc#1222366).
- mm,page_owner: fix recursion (bsc#1222366).
- mm/vmalloc: huge vmalloc backing pages should be split rather than compound (bsc#1217829).
- mmc: core: Avoid negative index with array access (git-fixes).
- mmc: core: Fix switch on gp3 partition (git-fixes).
- mmc: core: Initialize mmc_blk_ioc_data (git-fixes).
- mmc: mmci: stm32: fix DMA API overlapping mappings warning (git-fixes).
- mmc: mmci: stm32: use a buffer for unaligned DMA requests (git-fixes).
- mmc: tmio: avoid concurrent runs of mmc_request_done() (git-fixes).
- mmc: wmt-sdmmc: remove an incorrect release_mem_region() call in the .remove function (git-fixes).
- mtd: maps: physmap-core: fix flash size larger than 32-bit (git-fixes).
- mtd: rawnand: lpc32xx_mlc: fix irq handler prototype (git-fixes).
- mtd: rawnand: meson: fix scrambling mode value in command macro (git-fixes).
- net/bnx2x: Prevent access to a freed page in page_pool (bsc#1215322).
- net/x25: fix incorrect parameter validation in the x25_getsockopt() function (git-fixes).
- net: Fix features skip in for_each_netdev_feature() (git-fixes).
- net: lan78xx: fix runtime PM count underflow on link stop (git-fixes).
- net: ll_temac: platform_get_resource replaced by wrong function (git-fixes).
- net: mana: Fix Rx DMA datasize and skb_over_panic (git-fixes).
- net: phy: fix phy_get_internal_delay accessing an empty array (git-fixes).
- net: sunrpc: Fix an off by one in rpc_sockaddr2uaddr() (git-fixes).
- net: usb: dm9601: fix wrong return value in dm9601_mdio_read (git-fixes).
- nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet (git-fixes).
- nfs: fix an off by one in root_nfs_cat() (git-fixes).
- nfs: rename nfs_client_kset to nfs_kset (git-fixes).
- nfsd: change LISTXATTRS cookie encoding to big-endian (git-fixes).
- nfsd: convert the callback workqueue to use delayed_work (git-fixes).
- nfsd: do not take fi_lock in nfsd_break_deleg_cb() (git-fixes).
- nfsd: fix LISTXATTRS returning a short list with eof=TRUE (git-fixes).
- nfsd: fix LISTXATTRS returning more bytes than maxcount (git-fixes).
- nfsd: fix file memleak on client_opens_release (git-fixes).
- nfsd: fix nfsd4_listxattr_validate_cookie (git-fixes).
- nfsd: lock_rename() needs both directories to live on the same fs (git-fixes).
- nfsd: reschedule CB operations when backchannel rpc_clnt is shut down (git-fixes).
- nfsd: reset cb_seq_status after NFS4ERR_DELAY (git-fixes).
- nfsd: retransmit callbacks after client reconnects (git-fixes).
- nfsd: use vfs setgid helper (git-fixes).
- nfsv4.1/pnfs: Ensure we handle the error NFS4ERR_RETURNCONFLICT (git-fixes).
- nfsv4.1: fix SP4_MACH_CRED protection for pnfs IO (git-fixes).
- nfsv4.1: fixup use EXCHGID4_FLAG_USE_PNFS_DS for DS server (git-fixes).
- nfsv4.1: use EXCHGID4_FLAG_USE_PNFS_DS for DS server (git-fixes).
- nfsv4.2: fix listxattr maximum XDR buffer size (git-fixes).
- nfsv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102 (git-fixes).
- nfsv4.2: fix wrong shrinker_id (git-fixes).
- nfsv4: fix a nfs4_state_manager() race (git-fixes).
- nfsv4: fix a state manager thread deadlock regression (git-fixes).
- nilfs2: fix failure to detect DAT corruption in btree and direct mappings (git-fixes).
- nilfs2: prevent kernel bug at submit_bh_wbc() (git-fixes).
- nouveau/dmem: handle kcalloc() allocation failure (git-fixes).
- nouveau: reset the bo resource bus info after an eviction (git-fixes).
- ntfs: fix use-after-free in ntfs_ucsncmp() (bsc#1221713).
- nvme-fc: do not wait in vain when unloading module (git-fixes).
- nvme: fix reconnection fail due to reserved tag allocation (git-fixes).
- nvmet-fc: abort command when there is no binding (git-fixes).
- nvmet-fc: avoid deadlock on delete association path (git-fixes).
- nvmet-fc: defer cleanup using RCU properly (git-fixes).
- nvmet-fc: hold reference on hostport match (git-fixes).
- nvmet-fc: release reference on target port (git-fixes).
- nvmet-fc: take ref count on tgtport before delete assoc (git-fixes).
- nvmet-fcloop: swap the list_add_tail arguments (git-fixes).
- nvmet-tcp: fix nvme tcp ida memory leak (git-fixes).
- pci/aer: fix rootport attribute paths in ABI docs (git-fixes).
- pci/aspm: Use RMW accessors for changing LNKCTL (git-fixes).
- pci/dpc: print all TLP Prefixes, not just the first (git-fixes).
- pci/msi: prevent MSI hardware interrupt number truncation (bsc#1218777)
- pci/p2pdma: Fix a sleeping issue in a RCU read section (git-fixes).
- pci: add locking to RMW PCI Express Capability Register accessors (git-fixes).
- pci: dwc: Fix a 64bit bug in dw_pcie_ep_raise_msix_irq() (git-fixes).
- pci: dwc: endpoint: Fix advertised resizable BAR size (git-fixes).
- pci: dwc: endpoint: Fix dw_pcie_ep_raise_msix_irq() alignment support (git-fixes).
- pci: fu740: Set the number of MSI vectors (git-fixes).
- pci: lengthen reset delay for VideoPropulsion Torrent QN16e card (git-fixes).
- pci: make link retraining use RMW accessors for changing LNKCTL (git-fixes).
- pci: mark 3ware-9650SE Root Port Extended Tags as broken (git-fixes).
- pci: mediatek-gen3: Fix translation window size calculation (git-fixes).
- pci: mediatek: Clear interrupt status before dispatching handler (git-fixes).
- pci: qcom: Enable BDF to SID translation properly (git-fixes).
- pci: qcom: Use DWC helpers for modifying the read-only DBI registers (git-fixes).
- pci: rockchip: Do not advertise MSI-X in PCIe capabilities (git-fixes).
- pci: rockchip: Fix window mapping and address translation for endpoint (git-fixes).
- pci: rockchip: Use 64-bit mask on MSI 64-bit PCI address (git-fixes).
- pci: switchtec: Fix an error handling path in switchtec_pci_probe() (git-fixes).
- pinctrl: mediatek: Drop bogus slew rate register range for MT8192 (git-fixes).
- platform/mellanox: mlxreg-hotplug: Remove redundant NULL-check (git-fixes).
- pm: suspend: Set mem_sleep_current during kernel command line setup (git-fixes).
- pnfs/flexfiles: Check the layout validity in ff_layout_mirror_prepare_stats (git-fixes).
- pnfs: Fix a hang in nfs4_evict_inode() (git-fixes).
- pnfs: Fix the pnfs block driver's calculation of layoutget size (git-fixes).
- powerpc/64s: POWER10 CPU Kconfig build option (bsc#1194869).
- powerpc/boot: Disable power10 features after BOOTAFLAGS assignment (bsc#1194869).
- powerpc/boot: Fix boot wrapper code generation with CONFIG_POWER10_CPU (bsc#1194869).
- powerpc/lib/sstep: Do not use __{get/put}_user() on kernel addresses (bsc#1194869).
- powerpc/lib/sstep: Remove unneeded #ifdef __powerpc64__ (bsc#1194869).
- powerpc/lib/sstep: Use l1_dcache_bytes() instead of opencoding (bsc#1194869).
- powerpc/lib/sstep: use truncate_if_32bit() (bsc#1194869).
- powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV (bsc#1220492 ltc#205270).
- powerpc/pseries: Fix potential memleak in papr_get_attr() (bsc#1200465 ltc#197256 jsc#SLE-18130 git-fixes).
- powerpc/sstep: Use bitwise instead of arithmetic operator for flags (bsc#1194869).
- powerpc: add compile-time support for lbarx, lharx (bsc#1194869).
- pwm: mediatek: Update kernel doc for struct pwm_mediatek_of_data (git-fixes).
- qedf: Do not process stag work during unload (bsc#1214852).
- qedf: Wait for stag work during unload (bsc#1214852).
- raid1: fix use-after-free for original bio in raid1_write_request() (bsc#1221097).
- ras/amd/fmpm: Add debugfs interface to print record entries (jsc#PED-7619).
- ras/amd/fmpm: Avoid NULL ptr deref in get_saved_records() (jsc#PED-7619).
- ras/amd/fmpm: Fix build when debugfs is not enabled (jsc#PED-7619).
- ras/amd/fmpm: Fix off by one when unwinding on error (jsc#PED-7619).
- ras/amd/fmpm: Safely handle saved records of various sizes (jsc#PED-7619).
- ras/amd/fmpm: Save SPA values (jsc#PED-7619).
- ras: Avoid build errors when CONFIG_DEBUG_FS=n (git-fixes).
- ras: export helper to get ras_debugfs_dir (jsc#PED-7619).
- rdma/device: Fix a race between mad_client and cm_client init (git-fixes)
- rdma/hns: fix mis-modifying default congestion control algorithm (git-fixes)
- rdma/ipoib: Fix error code return in ipoib_mcast_join (git-fixes)
- rdma/irdma: Remove duplicate assignment (git-fixes)
- rdma/mana_ib: Fix bug in creation of dma regions (git-fixes).
- rdma/mlx5: fix fortify source warning while accessing Eth segment (git-fixes)
- rdma/mlx5: relax DEVX access upon modify commands (git-fixes)
- rdma/rtrs-clt: Check strnlen return len in sysfs mpath_policy_store() (git-fixes)
- rdma/srpt: do not register event handler until srpt device is fully setup (git-fixes)
- revert "PCI: tegra194: Enable support for 256 Byte payload" (git-fixes).
- revert "Revert "drm/amdgpu/display: change pipe policy for DCN 2.0"" (git-fixes).
- revert "SUNRPC dont update timeout value on connection reset" (git-fixes).
- revert "drm/amd: Disable PSR-SU on Parade 0803 TCON" (git-fixes).
- revert "drm/amd: Disable S/G for APUs when 64GB or more host memory" (git-fixes).
- revert "drm/amdgpu/display: change pipe policy for DCN 2.0" (git-fixes).
- revert "drm/amdgpu/display: change pipe policy for DCN 2.1" (git-fixes).
- revert "drm/vc4: hdmi: Enforce the minimum rate at runtime_resume" (git-fixes).
- revert "fbdev: flush deferred IO before closing (git-fixes)." (bsc#1221814)
- ring-buffer: Clean ring_buffer_poll_wait() error return (git-fixes).
- rtc: mt6397: select IRQ_DOMAIN instead of depending on it (git-fixes).
- s390/pai: fix attr_event_free upper limit for pai device drivers (git-fixes bsc#1221633).
- s390/vfio-ap: realize the VFIO_DEVICE_GET_IRQ_INFO ioctl (bsc#1205316).
- s390/vfio-ap: realize the VFIO_DEVICE_SET_IRQS ioctl (bsc#1205316).
- s390/vfio-ap: wire in the vfio_device_ops request callback (bsc#1205316).
- s390/vtime: fix average steal time calculation (git-fixes bsc#1221951).
- sched/rt: Disallow writing invalid values to sched_rt_period_us (bsc#1220176).
- sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset (bsc#1220176).
- scsi: lpfc: Copyright updates for 14.4.0.1 patches (bsc#1221777).
- scsi: lpfc: Correct size for cmdwqe/rspwqe for memset() (bsc#1221777).
- scsi: lpfc: Correct size for wqe for memset() (bsc#1221777).
- scsi: lpfc: Define lpfc_dmabuf type for ctx_buf ptr (bsc#1221777).
- scsi: lpfc: Define lpfc_nodelist type for ctx_ndlp ptr (bsc#1221777).
- scsi: lpfc: Define types in a union for generic void *context3 ptr (bsc#1221777).
- scsi: lpfc: Move NPIV's transport unregistration to after resource clean up (bsc#1221777).
- scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1221777).
- scsi: lpfc: Remove IRQF_ONESHOT flag from threaded IRQ handling (bsc#1221777 bsc#1217959).
- scsi: lpfc: Remove unnecessary log message in queuecommand path (bsc#1221777).
- scsi: lpfc: Replace hbalock with ndlp lock in lpfc_nvme_unregister_port() (bsc#1221777).
- scsi: lpfc: Update lpfc version to 14.4.0.1 (bsc#1221777).
- scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic (bsc#1221777).
- scsi: lpfc: Use a dedicated lock for ras_fwlog state (bsc#1221777).
- scsi: qedf: Remove set but unused variable 'page' (bsc#1214852).
- scsi: qedf: Remove unused 'num_handled' variable (bsc#1214852).
- scsi: qedf: Remove unused declaration (bsc#1214852).
- scsi: qla2xxx: Change debug message during driver unload (bsc1221816).
- scsi: qla2xxx: Delay I/O Abort on PCI error (bsc1221816).
- scsi: qla2xxx: Fix N2N stuck connection (bsc1221816).
- scsi: qla2xxx: Fix command flush on cable pull (bsc1221816).
- scsi: qla2xxx: Fix double free of fcport (bsc1221816).
- scsi: qla2xxx: Fix double free of the ha->vp_map pointer (bsc1221816).
- scsi: qla2xxx: NVME|FCP prefer flag not being honored (bsc1221816).
- scsi: qla2xxx: Prevent command send on chip reset (bsc1221816).
- scsi: qla2xxx: Split FCE|EFT trace control (bsc1221816).
- scsi: qla2xxx: Update manufacturer detail (bsc1221816).
- scsi: qla2xxx: Update version to 10.02.09.200-k (bsc1221816).
- scsi: storvsc: Fix ring buffer size calculation (git-fixes).
- scsi: target: core: Silence the message about unknown VPD pages (bsc#1221252).
- selftests/bpf: add generic BPF program tester-loader (bsc#1222033).
- serial: 8250_exar: Do not remove GPIO device on suspend (git-fixes).
- serial: max310x: fix syntax error in IRQ error message (git-fixes).
- slimbus: core: Remove usage of the deprecated ida_simple_xx() API (git-fixes).
- soc: fsl: qbman: Always disable interrupts when taking cgr_lock (git-fixes).
- spi: lm70llp: fix links in doc and comments (git-fixes).
- spi: spi-mt65xx: Fix NULL pointer access in interrupt handler (git-fixes).
- sr9800: Add check for usbnet_get_endpoints (git-fixes).
- stackdepot: rename pool_index to pool_index_plus_1 (git-fixes).
- staging: vc04_services: fix information leak in create_component() (git-fixes).
- sunrpc: Add an IS_ERR() check back to where it was (git-fixes).
- sunrpc: ECONNRESET might require a rebind (git-fixes).
- sunrpc: Fix RPC client cleaned up the freed pipefs dentries (git-fixes).
- sunrpc: Fix a suspicious RCU usage warning (git-fixes).
- sunrpc: fix a memleak in gss_import_v2_context (git-fixes).
- sunrpc: fix some memleaks in gssx_dec_option_array (git-fixes).
- svcrdma: Drop connection after an RDMA Read error (git-fixes).
- topology/sysfs: Hide PPIN on systems that do not support it (jsc#PED-7618).
- topology: Fix up build warning in topology_is_visible() (jsc#PED-7618).
- tracing/probes: Fix to show a parse error for bad type for $comm (git-fixes).
- tracing: Fix wasted memory in saved_cmdlines logic (git-fixes).
- tracing: Inform kmemleak of saved_cmdlines allocation (git-fixes).
- tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc (bsc#1222619).
- tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled (git-fixes).
- tty: serial: samsung: fix tx_empty() to return TIOCSER_TEMT (git-fixes).
- tty: vt: fix 20 vs 0x20 typo in EScsiignore (git-fixes).
- ubifs: Queue up space reservation tasks if retrying many times (git-fixes).
- ubifs: Remove unreachable code in dbg_check_ltab_lnum (git-fixes).
- ubifs: Set page uptodate in the correct place (git-fixes).
- ubifs: dbg_check_idx_size: Fix kmemleak if loading znode failed (git-fixes).
- ubifs: fix sort function prototype (git-fixes).
- usb: audio-v2: Correct comments for struct uac_clock_selector_descriptor (git-fixes).
- usb: cdc-wdm: close race between read and workqueue (git-fixes).
- usb: core: Fix deadlock in usb_deauthorize_interface() (git-fixes).
- usb: dwc2: gadget: Fix exiting from clock gating (git-fixes).
- usb: dwc2: gadget: LPM flow fix (git-fixes).
- usb: dwc2: host: Fix ISOC flow in DDMA mode (git-fixes).
- usb: dwc2: host: Fix hibernation flow (git-fixes).
- usb: dwc2: host: Fix remote wakeup from hibernation (git-fixes).
- usb: dwc3: Properly set system wakeup (git-fixes).
- usb: f_mass_storage: forbid async queue when shutdown happen (git-fixes).
- usb: gadget: ncm: Fix handling of zero block length packets (git-fixes).
- usb: gadget: net2272: Use irqflags in the call to net2272_probe_fin (git-fixes).
- usb: hub: Replace hardcoded quirk value with BIT() macro (git-fixes).
- usb: port: Do not try to peer unused USB ports based on location (git-fixes).
- usb: typec: Return size of buffer if pd_set operation succeeds (git-fixes).
- usb: typec: ucsi: Check for notifications after init (git-fixes).
- usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros (git-fixes).
- usb: typec: ucsi: Clear EVENT_PENDING under PPM lock (git-fixes).
- usb: usb-storage: Prevent divide-by-0 error in isd200_ata_command (git-fixes).
- usb: xhci: Add error handling in xhci_map_urb_for_dma (git-fixes).
- vboxsf: Avoid an spurious warning if load_nls_xxx() fails (git-fixes).
- vt: fix unicode buffer corruption when deleting characters (git-fixes).
- watchdog: stm32_iwdg: initialize default timeout (git-fixes).
- wifi: ath10k: fix NULL pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (git-fixes).
- wifi: ath11k: decrease MHI channel buffer length to 8KB (bsc#1207948).
- wifi: ath11k: initialize rx_mcs_80 and rx_mcs_160 before use (git-fixes).
- wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete (git-fixes).
- wifi: b43: Disable QoS for bcm4331 (git-fixes).
- wifi: b43: Stop correct queue in DMA worker when QoS is disabled (git-fixes).
- wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled (git-fixes).
- wifi: b43: Stop/wake correct queue in PIO Tx path when QoS is disabled (git-fixes).
- wifi: brcmfmac: fix copyright year mentioned in platform_data header (git-fixes).
- wifi: brcmsmac: avoid function pointer casts (git-fixes).
- wifi: iwlwifi: dbg-tlv: ensure NUL termination (git-fixes).
- wifi: iwlwifi: fix EWRD table validity check (git-fixes).
- wifi: iwlwifi: fw: do not always use FW dump trig (git-fixes).
- wifi: iwlwifi: mvm: do not set replay counters to 0xff (git-fixes).
- wifi: iwlwifi: mvm: report beacon protection failures (git-fixes).
- wifi: iwlwifi: mvm: rfi: fix potential response leaks (git-fixes).
- wifi: iwlwifi: mvm: use FW rate for non-data only on new devices (git-fixes).
- wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() (git-fixes).
- wifi: mwifiex: debugfs: Drop unnecessary error check for debugfs_create_dir() (git-fixes).
- wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work (git-fixes).
- wifi: rtw88: 8821c: Fix false alarm count (git-fixes).
- wifi: wilc1000: fix RCU usage in connect path (git-fixes).
- wifi: wilc1000: fix declarations ordering (stable-fixes).
- wifi: wilc1000: fix multi-vif management when deleting a vif (git-fixes).
- wifi: wilc1000: prevent use-after-free on vif when cleaning up all interfaces (git-fixes).
- x86/CPU/AMD: Update the Zenbleed microcode revisions (git-fixes).
- x86/bugs: Fix the SRSO mitigation on Zen3/4 (git-fixes).
- x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD (git-fixes).
- xhci: handle isoc Babble and Buffer Overrun events properly (git-fixes).
- xhci: process isoc TD properly when there was a transaction error mid TD (git-fixes).
kernel-rt-5.14.21-150500.13.47.1.nosrc.rpm
True
kernel-rt-5.14.21-150500.13.47.1.x86_64.rpm
True
openSUSE-Leap-Micro-5.5-2024-1471
Recommended update for libzypp
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for libzypp fixes the following issues:
- Don't try to refresh volatile media as long as raw metadata are present (bsc#1223094)
libzypp-17.32.5-150400.3.64.1.src.rpm
True
libzypp-17.32.5-150400.3.64.1.x86_64.rpm
True
libzypp-17.32.5-150400.3.64.1.s390x.rpm
True
libzypp-17.32.5-150400.3.64.1.aarch64.rpm
True
openSUSE-Leap-Micro-5.5-2024-1458
Recommended update for vim
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for vim fixes the following issues:
- Fix segmentation fault after updating to version 9.1.0111-150500.20.9.1 (bsc#1220763)
vim-9.1.0330-150500.20.12.1.src.rpm
vim-data-common-9.1.0330-150500.20.12.1.noarch.rpm
vim-small-9.1.0330-150500.20.12.1.x86_64.rpm
vim-small-9.1.0330-150500.20.12.1.s390x.rpm
vim-small-9.1.0330-150500.20.12.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1439
Security update for python-idna
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for python-idna fixes the following issues:
- CVE-2024-3651: Fixed potential DoS via resource consumption via specially crafted inputs to idna.encode() (bsc#1222842).
python-idna-2.6-150000.3.3.1.src.rpm
python3-idna-2.6-150000.3.3.1.noarch.rpm
openSUSE-Leap-Micro-5.5-2024-1474
Recommended update for cups
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for cups fixes the following issues:
- Fix occasional stuck on poll() loop (bsc#1217119)
cups-2.2.7-150000.3.54.1.src.rpm
cups-config-2.2.7-150000.3.54.1.x86_64.rpm
libcups2-2.2.7-150000.3.54.1.x86_64.rpm
cups-config-2.2.7-150000.3.54.1.s390x.rpm
libcups2-2.2.7-150000.3.54.1.s390x.rpm
cups-config-2.2.7-150000.3.54.1.aarch64.rpm
libcups2-2.2.7-150000.3.54.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1415
Security update for cockpit-wicked
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for cockpit-wicked fixes the following issues:
- CVE-2023-26364: Fixed denial of service due to improper input validation during CSS parsing (bsc#1217325)
Other fixes:
- Update to version 5~git8.c06c55b.
cockpit-wicked-5~git8.c06c55b-150500.3.3.1.noarch.rpm
cockpit-wicked-5~git8.c06c55b-150500.3.3.1.src.rpm
openSUSE-Leap-Micro-5.5-2024-2801
Security update for docker
critical
SUSE Updates openSUSE-Leap-Micro 5.5
RETRACTED: This update for docker fixes the following issues:
- CVE-2024-23651: Fixed arbitrary files write due to race condition on mounts (bsc#1219267)
- CVE-2024-23652: Fixed insufficient validation of parent directory on mount (bsc#1219268)
- CVE-2024-23653: Fixed insufficient validation on entitlement on container creation via buildkit (bsc#1219438)
- CVE-2024-41110: A Authz zero length regression that could lead to authentication bypass was fixed (bsc#1228324)
Other fixes:
- Update to Docker 25.0.6-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/25.0/#2506>
- Update to Docker 25.0.5-ce (bsc#1223409)
- Fix BuildKit's symlink resolution logic to correctly handle non-lexical
symlinks. (bsc#1221916)
- Write volume options atomically so sudden system crashes won't result in
future Docker starts failing due to empty files. (bsc#1214855)
Updating docker will restart the docker service, which may stop some of your docker containers. Do you want to proceed with the update?
docker-25.0.6_ce-150000.203.1.src.rpm
docker-25.0.6_ce-150000.203.1.x86_64.rpm
docker-25.0.6_ce-150000.203.1.s390x.rpm
docker-25.0.6_ce-150000.203.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1557
Security update for rpm
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for rpm fixes the following issues:
Security fixes:
- CVE-2021-3521: Fixed missing subkey binding signature checking (bsc#1191175)
Other fixes:
- accept more signature subpackets marked as critical (bsc#1218686)
- backport limit support for the autopatch macro (bsc#1189495)
python-rpm-4.14.3-150400.59.16.1.src.rpm
python3-rpm-4.14.3-150400.59.16.1.x86_64.rpm
rpm-4.14.3-150400.59.16.1.src.rpm
rpm-4.14.3-150400.59.16.1.x86_64.rpm
rpm-ndb-4.14.3-150400.59.16.1.src.rpm
rpm-ndb-4.14.3-150400.59.16.1.x86_64.rpm
python3-rpm-4.14.3-150400.59.16.1.s390x.rpm
rpm-4.14.3-150400.59.16.1.s390x.rpm
rpm-ndb-4.14.3-150400.59.16.1.s390x.rpm
python3-rpm-4.14.3-150400.59.16.1.aarch64.rpm
rpm-4.14.3-150400.59.16.1.aarch64.rpm
rpm-ndb-4.14.3-150400.59.16.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1637
Recommended update for google-cloud SDK
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for google-cloud SDK fixes the following issues:
- Add python311 cloud services packages and dependencies (jsc#PED-7987, jsc#PED-6697)
- Bellow 5 binaries Obsolete the python3.6 counterpart:
python311-google-resumable-media
python311-google-api-core
python311-google-cloud-storage
python311-google-cloud-core
python311-googleapis-common-protos
- Regular python311 updates (without Obsoletes):
python-google-auth
python-grpcio
python-sqlparse
- New python311 packages:
libcrc32c
python-google-cloud-appengine-logging
python-google-cloud-artifact-registry
python-google-cloud-audit-log
python-google-cloud-build
python-google-cloud-compute
python-google-cloud-dns
python-google-cloud-domains
python-google-cloud-iam
python-google-cloud-kms-inventory
python-google-cloud-kms
python-google-cloud-logging
python-google-cloud-run
python-google-cloud-secret-manager
python-google-cloud-service-directory
python-google-cloud-spanner
python-google-cloud-vpc-access
python-google-crc32c
python-grpc-google-iam-v1
python-grpcio-status
python-proto-plus
In python-sqlparse this security issue was fixed:
CVE-2023-30608: Fixed parser that contained a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service) (bsc#1210617)
libprotobuf-lite25_1_0-25.1-150400.9.6.1.x86_64.rpm
protobuf-25.1-150400.9.6.1.src.rpm
libprotobuf-lite25_1_0-25.1-150400.9.6.1.s390x.rpm
libprotobuf-lite25_1_0-25.1-150400.9.6.1.ppc64le.rpm
libprotobuf-lite25_1_0-25.1-150400.9.6.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1497
Security update for skopeo
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for skopeo fixes the following issues:
- Update to version 1.14.2:
* [release-1.14] Bump Skopeo to v1.14.2
* [release-1.14] Bump c/image to v5.29.2, c/common to v0.57.3 (fixes bsc#1219563)
- Update to version 1.14.1:
* Bump to v1.14.1
* fix(deps): update module github.com/containers/common to v0.57.2
* fix(deps): update module github.com/containers/image/v5 to v5.29.1
* chore(deps): update dependency containers/automation_images to v20240102
* Fix libsubid detection
* fix(deps): update module golang.org/x/term to v0.16.0
* fix(deps): update golang.org/x/exp digest to 02704c9
* chore(deps): update dependency containers/automation_images to v20231208
* [skip-ci] Update actions/stale action to v9
* fix(deps): update module github.com/containers/common to v0.57.1
* fix(deps): update golang.org/x/exp digest to 6522937
* DOCS: add Gentoo in install.md
* DOCS: Update to add Arch Linux in install.md
* fix(deps): update module golang.org/x/term to v0.15.0
* Bump to v1.14.1-dev
- Update to version 1.14.0:
* Bump to v1.14.0
* fix(deps): update module github.com/containers/common to v0.57.0
* chore(deps): update dependency containers/automation_images to v20231116
* fix(deps): update module github.com/containers/image/v5 to v5.29.0
* Add documentation and smoke tests for the new --compat-auth-file options
* Update c/image and c/common to latest
* fix(deps): update module github.com/containers/storage to v1.51.0
* fix(deps): update module golang.org/x/term to v0.14.0
* fix(deps): update module github.com/spf13/cobra to v1.8.0
* [CI:DOCS] Update dependency golangci/golangci-lint to v1.55.2
* [CI:DOCS] Update dependency golangci/golangci-lint to v1.55.1
* fix(deps): update github.com/containers/common digest to 3e5caa0
* chore(deps): update module google.golang.org/grpc to v1.57.1 [security]
* fix(deps): update module github.com/containers/ocicrypt to v1.1.9
* Update github.com/klauspost/compress to v1.17.2
* chore(deps): update module github.com/docker/docker to v24.0.7+incompatible [security]
* Fix ENTRYPOINT documentation, drop others.
* Remove unused environment variables in Cirrus
* [CI:DOCS] Update dependency golangci/golangci-lint to v1.55.0
* chore(deps): update dependency containers/automation_images to v20231004
* chore(deps): update module golang.org/x/net to v0.17.0 [security]
* copy: Note support for `zstd:chunked`
* fix(deps): update module golang.org/x/term to v0.13.0
* fix(deps): update module github.com/docker/distribution to v2.8.3+incompatible
* fix(deps): update github.com/containers/common digest to 745eaa4
* Packit: switch to @containers/packit-build team for copr failure notification comments
* Packit: tag @lsm5 on copr build failures
* vendor of containers/common
* fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc5
* fix(deps): update module github.com/containers/common to v0.56.0
* Cirrus: Remove multi-arch skopeo image builds
* fix(deps): update module github.com/containers/image/v5 to v5.28.0
* Increase the golangci-lint timeout
* fix(deps): update module github.com/containers/storage to v1.50.2
* fix(deps): update module github.com/containers/storage to v1.50.1
* fix(deps): update golang.org/x/exp digest to 9212866
* Fix a man page link
* fix(deps): update github.com/containers/image/v5 digest to 58d5eb6
* GHA: Closed issue/PR comment-lock test
* fix(deps): update module github.com/containers/common to v0.55.4
* fix(deps): update module github.com/containers/storage to v1.49.0
* rpm: spdx compatible license field
* chore(deps): update dependency golangci/golangci-lint to v1.54.2
* chore(deps): update dependency containers/automation_images to v20230816
* Packit: set eln target correctly
* packit: Build PRs into default packit COPRs
* DOCS: Update Go version requirement info
* DOCS: Add information about the cross-build
* fix(deps): update module github.com/containers/ocicrypt to v1.1.8
* fix(deps): update module github.com/containers/common to v0.55.3
* Update c/image after https://github.com/containers/image/pull/2070
* chore(deps): update dependency golangci/golangci-lint to v1.54.1
* chore(deps): update dependency containers/automation_images to v20230809
* fix(deps): update golang.org/x/exp digest to 352e893
* chore(deps): update dependency containers/automation_images to v20230807
* Update to Go 1.19
* fix(deps): update module golang.org/x/term to v0.11.0
* Update c/image for golang.org/x/exp
* RPM: define gobuild macro for rhel/centos stream
* Fix handling the unexpected return value combination from IsRunningImageAllowed
* Close the PolicyContext, as required by the API
* Use globalOptions.getPolicyContext instead of an image-targeted SystemContext
* Packit: remove pre-sync action
* fix(deps): update module github.com/containers/common to v0.55.2
* proxy: Change the imgid to uint64
* [CI:BUILD] Packit: install golist before updating downstream spec
* Update module golang.org/x/term to v0.10.0
* Bump to v1.14.0-dev
* Bump to v1.13.0
- Bump go version to 1.21 (bsc#1215611)
- Update to version 1.13.2:
* [release-1.13] Bump to v1.13.2
* [release-1.31] Bump c/common v0.55.3
* Packit: remove pre-sync action
* [release-1.13] Bump to v1.13.2-dev
- Update to version 1.13.1:
* [release-1.13] Bump to v1.13.1
* [release-1.13] Bump c/common to v0.55.2
* [release-1.13 backport] [CI:BUILD] Packit: install golist before updating downstream spec
* [release-1.13] Bump to v1.13.1-dev
- Update to version 1.13.0:
* Bump to v1.13.0
* proxy: Policy verification of OCI Image before pulling
* Update module github.com/opencontainers/image-spec to v1.1.0-rc4
* Update module github.com/containers/common to v0.55.1
* Update module github.com/containers/common to v0.54.0
* Update module github.com/containers/image/v5 to v5.26.0
* [CI:BUILD] RPM: fix ELN builds
* Update module github.com/containers/storage to v1.47.0
* Packit: easier to read distro conditionals
* Update dependency golangci/golangci-lint to v1.53.3
* Help Renovate manage the golangci-lint version
* Minor: Cleanup renovate configuration
* Update dependency containers/automation_images to v20230614
* Update module golang.org/x/term to v0.9.0
* [CI:BUILD] Packit: add jobs for downstream Fedora package builds
* Update module github.com/sirupsen/logrus to v1.9.3
* Update dependency containers/automation_images to v20230601
* Update golang.org/x/exp digest to 2e198f4
* Update github.com/containers/image/v5 digest to e14c1c5
* Update module github.com/stretchr/testify to v1.8.4
* Update module github.com/stretchr/testify to v1.8.3
* Update dependency containers/automation_images to v20230517
* Update module github.com/sirupsen/logrus to v1.9.2
* Update module github.com/docker/distribution to v2.8.2+incompatible
* Trigger an update of the ostree_ext container image
* Update c/image with https://github.com/containers/image/pull/1944
* Update module github.com/containers/common to v0.53.0
* Update module golang.org/x/term to v0.8.0
* Update dependency containers/automation_images to v20230426
* Update golang.org/x/exp digest to 47ecfdc
* Emphasize the semantics of --preserve-digests a tiny bit
* Improve the static build documentation a tiny bit
* Bump to v1.12.1-dev
skopeo-1.14.2-150300.11.8.1.src.rpm
skopeo-1.14.2-150300.11.8.1.x86_64.rpm
skopeo-1.14.2-150300.11.8.1.s390x.rpm
skopeo-1.14.2-150300.11.8.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1579
Security update for sssd
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for sssd fixes the following issues:
- CVE-2023-3758: Fixed race condition during authorization that lead to GPO policies functioning inconsistently (bsc#1223100)
libsss_certmap0-2.5.2-150500.10.17.1.x86_64.rpm
libsss_idmap0-2.5.2-150500.10.17.1.x86_64.rpm
libsss_nss_idmap0-2.5.2-150500.10.17.1.x86_64.rpm
sssd-2.5.2-150500.10.17.1.src.rpm
sssd-2.5.2-150500.10.17.1.x86_64.rpm
sssd-common-2.5.2-150500.10.17.1.x86_64.rpm
sssd-krb5-common-2.5.2-150500.10.17.1.x86_64.rpm
sssd-ldap-2.5.2-150500.10.17.1.x86_64.rpm
libsss_certmap0-2.5.2-150500.10.17.1.s390x.rpm
libsss_idmap0-2.5.2-150500.10.17.1.s390x.rpm
libsss_nss_idmap0-2.5.2-150500.10.17.1.s390x.rpm
sssd-2.5.2-150500.10.17.1.s390x.rpm
sssd-common-2.5.2-150500.10.17.1.s390x.rpm
sssd-krb5-common-2.5.2-150500.10.17.1.s390x.rpm
sssd-ldap-2.5.2-150500.10.17.1.s390x.rpm
libsss_certmap0-2.5.2-150500.10.17.1.aarch64.rpm
libsss_idmap0-2.5.2-150500.10.17.1.aarch64.rpm
libsss_nss_idmap0-2.5.2-150500.10.17.1.aarch64.rpm
sssd-2.5.2-150500.10.17.1.aarch64.rpm
sssd-common-2.5.2-150500.10.17.1.aarch64.rpm
sssd-krb5-common-2.5.2-150500.10.17.1.aarch64.rpm
sssd-ldap-2.5.2-150500.10.17.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1598
Security update for less
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for less fixes the following issues:
- CVE-2024-32487: Fixed mishandling of \n character in paths when LESSOPEN is set leads to OS command execution. (bsc#1222849)
less-590-150400.3.9.1.src.rpm
less-590-150400.3.9.1.x86_64.rpm
less-590-150400.3.9.1.s390x.rpm
less-590-150400.3.9.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1895
Security update for glibc
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for glibc fixes the following issues:
- CVE-2024-33599: Fixed a stack-based buffer overflow in netgroup cache in nscd (bsc#1223423)
- CVE-2024-33600: Avoid null pointer crashes after notfound response in nscd (bsc#1223424)
- CVE-2024-33600: Do not send missing not-found response in addgetnetgrentX in nscd (bsc#1223424)
- CVE-2024-33601, CVE-2024-33602: Fixed use of two buffers in addgetnetgrentX ( bsc#1223425)
- CVE-2024-33602: Use time_t for return type of addgetnetgrentX (bsc#1223425)
- Avoid creating userspace live patching prologue for _start routine (bsc#1221940)
glibc-2.31-150300.83.1.src.rpm
glibc-2.31-150300.83.1.x86_64.rpm
glibc-devel-2.31-150300.83.1.x86_64.rpm
glibc-locale-2.31-150300.83.1.x86_64.rpm
glibc-locale-base-2.31-150300.83.1.x86_64.rpm
glibc-2.31-150300.83.1.s390x.rpm
glibc-devel-2.31-150300.83.1.s390x.rpm
glibc-locale-2.31-150300.83.1.s390x.rpm
glibc-locale-base-2.31-150300.83.1.s390x.rpm
glibc-2.31-150300.83.1.aarch64.rpm
glibc-devel-2.31-150300.83.1.aarch64.rpm
glibc-locale-2.31-150300.83.1.aarch64.rpm
glibc-locale-base-2.31-150300.83.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1876
Recommended update for aaa_base
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for aaa_base fixes the following issues:
- Fix the typo to set JAVA_BINDIR in the csh variant of the alljava profile script (bsc#1221361)
aaa_base-84.87+git20180409.04c9dae-150300.10.20.1.src.rpm
aaa_base-84.87+git20180409.04c9dae-150300.10.20.1.x86_64.rpm
aaa_base-84.87+git20180409.04c9dae-150300.10.20.1.s390x.rpm
aaa_base-84.87+git20180409.04c9dae-150300.10.20.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-33664
Recommended update for libsolv, libzypp, zypper, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for libsolv, libzypp, zypper, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings fixes the following issues:
- Fix the dependency for Packagekit-backend-zypp in SUMa 4.3 (bsc#1224242)
- Improve updating of installed multiversion packages
- Fix decision introspection going into an endless loop in some cases
- Split libsolv-tools into libsolv-tools-base [jsc#PED-8153]
- Improve checks against corrupt rpm
- Fixed check for outdated repo metadata as non-root user (bsc#1222086)
- Add ZYPP_API for exported functions and switch to visibility=hidden (jsc#PED-8153)
- Dynamically resolve libproxy (jsc#PED-8153)
- Fix download from gpgkey URL (bsc#1223430)
- Delay zypp lock until command options are parsed (bsc#1223766)
- Unify message format
libsolv-0.7.29-150400.3.22.4.src.rpm
True
libsolv-tools-0.7.29-150400.3.22.4.x86_64.rpm
True
libsolv-tools-base-0.7.29-150400.3.22.4.x86_64.rpm
True
libzypp-17.34.1-150400.3.71.7.src.rpm
True
libzypp-17.34.1-150400.3.71.7.x86_64.rpm
True
zypper-1.14.73-150400.3.50.10.src.rpm
True
zypper-1.14.73-150400.3.50.10.x86_64.rpm
True
zypper-needs-restarting-1.14.73-150400.3.50.10.noarch.rpm
True
libsolv-tools-0.7.29-150400.3.22.4.s390x.rpm
True
libsolv-tools-base-0.7.29-150400.3.22.4.s390x.rpm
True
libzypp-17.34.1-150400.3.71.7.s390x.rpm
True
zypper-1.14.73-150400.3.50.10.s390x.rpm
True
libsolv-tools-base-0.7.29-150400.3.22.4.ppc64le.rpm
True
libsolv-tools-0.7.29-150400.3.22.4.aarch64.rpm
True
libsolv-tools-base-0.7.29-150400.3.22.4.aarch64.rpm
True
libzypp-17.34.1-150400.3.71.7.aarch64.rpm
True
zypper-1.14.73-150400.3.50.10.aarch64.rpm
True
openSUSE-Leap-Micro-5.5-2024-1636
Security update for tpm2.0-tools
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for tpm2.0-tools fixes the following issues:
- CVE-2024-29038: Fixed arbitrary quote data validation by tpm2_checkquote (bsc#1223687).
- CVE-2024-29039: Fixed pcr selection value to be compared with the attest (bsc#1223689).
tpm2.0-tools-5.2-150400.6.3.1.src.rpm
tpm2.0-tools-5.2-150400.6.3.1.x86_64.rpm
tpm2.0-tools-5.2-150400.6.3.1.s390x.rpm
tpm2.0-tools-5.2-150400.6.3.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1635
Security update for tpm2-0-tss
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for tpm2-0-tss fixes the following issues:
- CVE-2024-29040: Fixed quote data validation by Fapi_VerifyQuote (bsc#1223690).
libtss2-esys0-3.1.0-150400.3.6.1.x86_64.rpm
libtss2-fapi1-3.1.0-150400.3.6.1.x86_64.rpm
libtss2-mu0-3.1.0-150400.3.6.1.x86_64.rpm
libtss2-rc0-3.1.0-150400.3.6.1.x86_64.rpm
libtss2-sys1-3.1.0-150400.3.6.1.x86_64.rpm
libtss2-tcti-device0-3.1.0-150400.3.6.1.x86_64.rpm
libtss2-tctildr0-3.1.0-150400.3.6.1.x86_64.rpm
tpm2-0-tss-3.1.0-150400.3.6.1.src.rpm
tpm2-0-tss-3.1.0-150400.3.6.1.x86_64.rpm
libtss2-esys0-3.1.0-150400.3.6.1.s390x.rpm
libtss2-fapi1-3.1.0-150400.3.6.1.s390x.rpm
libtss2-mu0-3.1.0-150400.3.6.1.s390x.rpm
libtss2-rc0-3.1.0-150400.3.6.1.s390x.rpm
libtss2-sys1-3.1.0-150400.3.6.1.s390x.rpm
libtss2-tcti-device0-3.1.0-150400.3.6.1.s390x.rpm
libtss2-tctildr0-3.1.0-150400.3.6.1.s390x.rpm
tpm2-0-tss-3.1.0-150400.3.6.1.s390x.rpm
libtss2-esys0-3.1.0-150400.3.6.1.aarch64.rpm
libtss2-fapi1-3.1.0-150400.3.6.1.aarch64.rpm
libtss2-mu0-3.1.0-150400.3.6.1.aarch64.rpm
libtss2-rc0-3.1.0-150400.3.6.1.aarch64.rpm
libtss2-sys1-3.1.0-150400.3.6.1.aarch64.rpm
libtss2-tcti-device0-3.1.0-150400.3.6.1.aarch64.rpm
libtss2-tctildr0-3.1.0-150400.3.6.1.aarch64.rpm
tpm2-0-tss-3.1.0-150400.3.6.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1665
Recommended update for coreutils
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for coreutils fixes the following issues:
- ls: avoid triggering automounts (bsc#1221632)
coreutils-8.32-150400.9.6.1.src.rpm
coreutils-8.32-150400.9.6.1.x86_64.rpm
coreutils-8.32-150400.9.6.1.s390x.rpm
coreutils-8.32-150400.9.6.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1576
Recommended update for yast2
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for yast2 fixes the following issue:
- Properly close nested progress callbacks (bsc#1223281)
yast2-4.5.27-150500.3.6.2.src.rpm
yast2-logs-4.5.27-150500.3.6.2.x86_64.rpm
yast2-logs-4.5.27-150500.3.6.2.s390x.rpm
yast2-logs-4.5.27-150500.3.6.2.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1808
Security update for openssl-1_1
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for openssl-1_1 fixes the following issues:
- CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548).
libopenssl-1_1-devel-1.1.1l-150500.17.28.2.x86_64.rpm
libopenssl1_1-1.1.1l-150500.17.28.2.x86_64.rpm
libopenssl1_1-hmac-1.1.1l-150500.17.28.2.x86_64.rpm
openssl-1_1-1.1.1l-150500.17.28.2.src.rpm
openssl-1_1-1.1.1l-150500.17.28.2.x86_64.rpm
libopenssl-1_1-devel-1.1.1l-150500.17.28.2.s390x.rpm
libopenssl1_1-1.1.1l-150500.17.28.2.s390x.rpm
libopenssl1_1-hmac-1.1.1l-150500.17.28.2.s390x.rpm
openssl-1_1-1.1.1l-150500.17.28.2.s390x.rpm
libopenssl-1_1-devel-1.1.1l-150500.17.28.2.aarch64.rpm
libopenssl1_1-1.1.1l-150500.17.28.2.aarch64.rpm
libopenssl1_1-hmac-1.1.1l-150500.17.28.2.aarch64.rpm
openssl-1_1-1.1.1l-150500.17.28.2.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1602
Recommended update for salt
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for salt fixes the following issues:
- Make "man" a recommended package instead of required to fix installation issues with SLE Micro
python3-salt-3006.0-150500.4.35.1.x86_64.rpm
True
salt-3006.0-150500.4.35.1.src.rpm
True
salt-3006.0-150500.4.35.1.x86_64.rpm
True
salt-minion-3006.0-150500.4.35.1.x86_64.rpm
True
salt-transactional-update-3006.0-150500.4.35.1.x86_64.rpm
True
python3-salt-3006.0-150500.4.35.1.s390x.rpm
True
salt-3006.0-150500.4.35.1.s390x.rpm
True
salt-minion-3006.0-150500.4.35.1.s390x.rpm
True
salt-transactional-update-3006.0-150500.4.35.1.s390x.rpm
True
python3-salt-3006.0-150500.4.35.1.aarch64.rpm
True
salt-3006.0-150500.4.35.1.aarch64.rpm
True
salt-minion-3006.0-150500.4.35.1.aarch64.rpm
True
salt-transactional-update-3006.0-150500.4.35.1.aarch64.rpm
True
openSUSE-Leap-Micro-5.5-2024-1659
Security update for the Linux Kernel
important
SUSE Updates openSUSE-Leap-Micro 5.5
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-26760: Fixed scsi/target/pscsi bio_put() for error case (bsc#1222596).
- CVE-2024-27389: Fixed pstore inode handling with d_invalidate() (bsc#1223705).
- CVE-2024-27062: Fixed nouveau lock inside client object tree (bsc#1223834).
- CVE-2024-27056: Fixed wifi/iwlwifi/mvm to ensure offloading TID queue exists (bsc#1223822).
- CVE-2024-27046: Fixed nfp/flower handling acti_netdevs allocation failure (bsc#1223827).
- CVE-2024-27043: Fixed a use-after-free in edia/dvbdev in different places (bsc#1223824).
- CVE-2024-27041: Fixed drm/amd/display NULL checks for adev->dm.dc in amdgpu_dm_fini() (bsc#1223714).
- CVE-2024-27039: Fixed clk/hisilicon/hi3559a an erroneous devm_kfree() (bsc#1223821).
- CVE-2024-27038: Fixed clk_core_get NULL pointer dereference (bsc#1223816).
- CVE-2024-27030: Fixed octeontx2-af to use separate handlers for interrupts (bsc#1223790).
- CVE-2024-27014: Fixed net/mlx5e to prevent deadlock while disabling aRFS (bsc#1223735).
- CVE-2024-27013: Fixed tun limit printing rate when illegal packet received by tun device (bsc#1223745).
- CVE-2024-26993: Fixed fs/sysfs reference leak in sysfs_break_active_protection() (bsc#1223693).
- CVE-2024-26982: Fixed Squashfs inode number check not to be an invalid value of zero (bsc#1223634).
- CVE-2024-26970: Fixed clk/qcom/gcc-ipq6018 termination of frequency table arrays (bsc#1223644).
- CVE-2024-26969: Fixed clk/qcom/gcc-ipq8074 termination of frequency table arrays (bsc#1223645).
- CVE-2024-26966: Fixed clk/qcom/mmcc-apq8084 termination of frequency table arrays (bsc#1223646).
- CVE-2024-26965: Fixed clk/qcom/mmcc-msm8974 termination of frequency table arrays (bsc#1223648).
- CVE-2024-26960: Fixed mm/swap race between free_swap_and_cache() and swapoff() (bsc#1223655).
- CVE-2024-26951: Fixed wireguard/netlink check for dangling peer via is_dead instead of empty list (bsc#1223660).
- CVE-2024-26950: Fixed wireguard/netlink to access device through ctx instead of peer (bsc#1223661).
- CVE-2024-26948: Fixed drm/amd/display by adding dc_state NULL check in dc_state_release (bsc#1223664).
- CVE-2024-26927: Fixed ASoC/SOF bounds checking to firmware data Smatch (bsc#1223525).
- CVE-2024-26901: Fixed do_sys_name_to_handle() to use kzalloc() to prevent kernel-infoleak (bsc#1223198).
- CVE-2024-26896: Fixed wifi/wfx memory leak when starting AP (bsc#1223042).
- CVE-2024-26893: Fixed firmware/arm_scmi for possible double free in SMC transport cleanup path (bsc#1223196).
- CVE-2024-26885: Fixed bpf DEVMAP_HASH overflow check on 32-bit arches (bsc#1223190).
- CVE-2024-26884: Fixed bpf hashtab overflow check on 32-bit arches (bsc#1223189).
- CVE-2024-26883: Fixed bpf stackmap overflow check on 32-bit arches (bsc#1223035).
- CVE-2024-26882: Fixed net/ip_tunnel to make sure to pull inner header in ip_tunnel_rcv() (bsc#1223034).
- CVE-2024-26881: Fixed net/hns3 kernel crash when 1588 is received on HIP08 devices (bsc#1223041).
- CVE-2024-26879: Fixed clk/meson by adding missing clocks to axg_clk_regmaps (bsc#1223066).
- CVE-2024-26878: Fixed quota for potential NULL pointer dereference (bsc#1223060).
- CVE-2024-26866: Fixed spi/spi-fsl-lpspi by removing redundant spi_controller_put call (bsc#1223024).
- CVE-2024-26862: Fixed packet annotate data-races around ignore_outgoing (bsc#1223111).
- CVE-2024-26861: Fixed wireguard/receive annotate data-race around receiving_counter.counter (bsc#1223076).
- CVE-2024-26857: Fixed geneve to make sure to pull inner header in geneve_rx() (bsc#1223058).
- CVE-2024-26856: Fixed use-after-free inside sparx5_del_mact_entry (bsc#1223052).
- CVE-2024-26855: Fixed net/ice potential NULL pointer dereference in ice_bridge_setlink() (bsc#1223051).
- CVE-2024-26853: Fixed igc returning frame twice in XDP_REDIRECT (bsc#1223061).
- CVE-2024-26852: Fixed net/ipv6 to avoid possible UAF in ip6_route_mpath_notify() (bsc#1223057).
- CVE-2024-26848: Fixed afs endless loop in directory parsing (bsc#1223030).
- CVE-2024-26836: Fixed platform/x86/think-lmi password opcode ordering for workstations (bsc#1222968).
- CVE-2024-26830: Fixed i40e to not allow untrusted VF to remove administratively set MAC (bsc#1223012).
- CVE-2024-26817: Fixed amdkfd to use calloc instead of kzalloc to avoid integer overflow (bsc#1222812).
- CVE-2024-26816: Fixed relocations in .notes section when building with CONFIG_XEN_PV=y by ignoring them (bsc#1222624).
- CVE-2024-26807: Fixed spi/cadence-qspi NULL pointer reference in runtime PM hooks (bsc#1222801).
- CVE-2024-26805: Fixed a kernel-infoleak-after-free in __skb_datagram_iter in netlink (bsc#1222630).
- CVE-2024-26793: Fixed an use-after-free and null-ptr-deref in gtp_newlink() in gtp (bsc#1222428).
- CVE-2024-26783: Fixed mm/vmscan bug when calling wakeup_kswapd() with a wrong zone index (bsc#1222615).
- CVE-2024-26773: Fixed ext4 block allocation from corrupted group in ext4_mb_try_best_found() (bsc#1222618).
- CVE-2024-26772: Fixed ext4 to avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() (bsc#1222613).
- CVE-2024-26771: Fixed a null pointer dereference on edma_probe in dmaengine ti edma (bsc#1222610)
- CVE-2024-26766: Fixed SDMA off-by-one error in _pad_sdma_tx_descs() (bsc#1222726).
- CVE-2024-26764: Fixed IOCB_AIO_RW check in fs/aio before the struct aio_kiocb conversion (bsc#1222721).
- CVE-2024-26763: Fixed user corruption via by writing data with O_DIRECT on device in dm-crypt (bsc#1222720).
- CVE-2024-26754: Fixed an use-after-free and null-ptr-deref in gtp_genl_dump_pdp() in gtp (bsc#1222632).
- CVE-2024-26751: Fixed ARM/ep93xx terminator to gpiod_lookup_table (bsc#1222724).
- CVE-2024-26744: Fixed null pointer dereference in srpt_service_guid parameter in rdma/srpt (bsc#1222449).
- CVE-2024-26743: Fixed memory leak in qedr_create_user_qp error flow in rdma/qedr (bsc#1222677).
- CVE-2024-26737: Fixed selftests/bpf racing between bpf_timer_cancel_and_free and bpf_timer_cancel (bsc#1222557).
- CVE-2024-26733: Fixed an overflow in arp_req_get() in arp (bsc#1222585).
- CVE-2024-26727: Fixed assertion if a newly created btrfs subvolume already gets read (bsc#1222536).
- CVE-2024-26718: Fixed dm-crypt/dm-verity disable tasklets (bsc#1222416).
- CVE-2024-26704: Fixed a double-free of blocks due to wrong extents moved_len in ext4 (bsc#1222422).
- CVE-2024-26696: Fixed nilfs2 hang in nilfs_lookup_dirty_data_buffers() (bsc#1222549).
- CVE-2024-26689: Fixed a use-after-free in encode_cap_msg() (bsc#1222503).
- CVE-2024-26687: Fixed xen/events close evtchn after mapping cleanup (bsc#1222435).
- CVE-2024-26685: Fixed nilfs2 potential bug in end_buffer_async_write (bsc#1222437).
- CVE-2024-26684: Fixed net/stmmac/xgmac handling of DPP safety error for DMA channels (bsc#1222445).
- CVE-2024-26681: Fixed netdevsim to avoid potential loop in nsim_dev_trap_report_work() (bsc#1222431).
- CVE-2024-26680: Fixed net/atlantic DMA mapping for PTP hwts ring (bsc#1222427).
- CVE-2024-26675: Fixed ppp_async to limit MRU to 64K (bsc#1222379).
- CVE-2024-26673: Fixed netfilter/nft_ct layer 3 and 4 protocol sanitization (bsc#1222368).
- CVE-2024-26671: Fixed blk-mq IO hang from sbitmap wakeup race (bsc#1222357).
- CVE-2024-26660: Fixed drm/amd/display bounds check for stream encoder creation (bsc#1222266).
- CVE-2024-26656: Fixed drm/amdgpu use-after-free bug (bsc#1222307).
- CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221299).
- CVE-2024-26601: Fixed ext4 buddy bitmap corruption via fast commit replay (bsc#1220342).
- CVE-2024-23850: Fixed double free of anonymous device after snapshot creation failure (bsc#1219126).
- CVE-2024-23848: Fixed media/cec for possible use-after-free in cec_queue_msg_fh (bsc#1219104).
- CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1219169).
- CVE-2024-22099: Fixed a null-pointer-dereference in rfcomm_check_security (bsc#1219170).
- CVE-2024-0841: Fixed a null pointer dereference in the hugetlbfs_fill_super function in hugetlbfs (HugeTLB pages) functionality (bsc#1219264).
- CVE-2024-0639: Fixed a denial-of-service vulnerability due to a deadlock found in sctp_auto_asconf_init in net/sctp/socket.c (bsc#1218917).
- CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562).
- CVE-2023-52652: Fixed NTB for possible name leak in ntb_register_device() (bsc#1223686).
- CVE-2023-52645: Fixed pmdomain/mediatek race conditions with genpd (bsc#1223033).
- CVE-2023-52636: Fixed libceph cursor init when preparing sparse read in msgr2 (bsc#1222247).
- CVE-2023-52635: Fixed PM/devfreq to synchronize devfreq_monitor_[start/stop] (bsc#1222294).
- CVE-2023-52627: Fixed iio:adc:ad7091r exports into IIO_AD7091R namespace (bsc#1222051).
- CVE-2023-52620: Fixed netfilter/nf_tables to disallow timeout for anonymous sets never used from userspace (bsc#1221825).
- CVE-2023-52616: Fixed unexpected pointer access in crypto/lib/mpi in mpi_ec_init (bsc#1221612).
- CVE-2023-52614: Fixed PM/devfreq buffer overflow in trans_stat_show (bsc#1221617).
- CVE-2023-52593: Fixed wifi/wfx possible NULL pointer dereference in wfx_set_mfp_ap() (bsc#1221042).
- CVE-2023-52591: Fixed a possible reiserfs filesystem corruption via directory renaming (bsc#1221044).
- CVE-2023-52590: Fixed a possible ocfs2 filesystem corruption via directory renaming (bsc#1221088).
- CVE-2023-52589: Fixed media/rkisp1 IRQ disable race issue (bsc#1221084).
- CVE-2023-52585: Fixed drm/amdgpu for possible NULL pointer dereference in amdgpu_ras_query_error_status_helper() (bsc#1221080).
- CVE-2023-52561: Fixed arm64/dts/qcom/sdm845-db845c to mark cont splash memory region (bsc#1220935).
- CVE-2023-52503: Fixed tee/amdtee use-after-free vulnerability in amdtee_close_session (bsc#1220915).
- CVE-2023-52488: Fixed serial/sc16is7xx convert from _raw_ to _noinc_ regmap functions for FIFO (bsc#1221162).
- CVE-2022-48662: Fixed a general protection fault (GPF) in i915_perf_open_ioctl (bsc#1223505).
- CVE-2022-48659: Fixed mm/slub to return errno if kmalloc() fails (bsc#1223498).
- CVE-2022-48658: Fixed mm/slub to avoid a problem in flush_cpu_slab()/__free_slab() task context (bsc#1223496).
- CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223513).
- CVE-2022-48642: Fixed netfilter/nf_tables percpu memory leak at nf_tables_addchain() (bsc#1223478).
- CVE-2022-48640: Fixed bonding for possible NULL pointer dereference in bond_rr_gen_slave_id (bsc#1223499).
- CVE-2022-48631: Fixed a bug in ext4, when parsing extents where eh_entries == 0 and eh_depth > 0 (bsc#1223475).
- CVE-2021-47214: Fixed hugetlb/userfaultfd during restore reservation in hugetlb_mcopy_atomic_pte() (bsc#1222710).
- CVE-2021-47202: Fixed NULL pointer dereferences in of_thermal_ functions (bsc#1222878)
- CVE-2021-47200: Fixed drm/prime for possible use-after-free in mmap within drm_gem_ttm_mmap() and drm_gem_ttm_mmap() (bsc#1222838).
- CVE-2021-47195: Fixed use-after-free inside SPI via add_lock mutex (bsc#1222832).
- CVE-2021-47189: Fixed denial of service due to memory ordering issues between normal and ordered work functions in btrfs (bsc#1222706).
- CVE-2021-47185: Fixed a softlockup issue in flush_to_ldisc in tty tty_buffer (bsc#1222669).
- CVE-2021-47183: Fixed a null pointer dereference during link down processing in scsi lpfc (bsc#1192145, bsc#1222664).
- CVE-2021-47182: Fixed scsi_mode_sense() buffer length handling (bsc#1222662).
- CVE-2021-47181: Fixed a null pointer dereference caused by calling platform_get_resource() (bsc#1222660).
The following non-security bugs were fixed:
- ALSA: firewire-lib: handle quirk to calculate payload quadlets as data block counter (stable-fixes).
- ALSA: hda/realtek - Enable audio jacks of Haier Boyue G42 with ALC269VC (stable-fixes).
- ALSA: hda/realtek - Fix inactive headset mic jack (stable-fixes).
- ALSA: hda/realtek: Add quirk for HP SnowWhite laptops (stable-fixes).
- ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU (stable-fixes).
- ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node() (git-fixes).
- ALSA: scarlett2: Add Focusrite Clarett 2Pre and 4Pre USB support (stable-fixes).
- ALSA: scarlett2: Add Focusrite Clarett+ 2Pre and 4Pre support (stable-fixes).
- ALSA: scarlett2: Add correct product series name to messages (stable-fixes).
- ALSA: scarlett2: Add support for Clarett 8Pre USB (stable-fixes).
- ALSA: scarlett2: Default mixer driver to enabled (stable-fixes).
- ALSA: scarlett2: Move USB IDs out from device_info struct (stable-fixes).
- ASoC: meson: axg-card: make links nonatomic (git-fixes).
- ASoC: meson: axg-tdm-interface: manage formatters in trigger (git-fixes).
- ASoC: meson: cards: select SND_DYNAMIC_MINORS (git-fixes).
- ASoC: soc-core.c: Skip dummy codec when adding platforms (stable-fixes).
- ASoC: tegra: Fix DSPK 16-bit playback (git-fixes).
- ASoC: ti: davinci-mcasp: Fix race condition during probe (git-fixes).
- Bluetooth: Add new quirk for broken read key length on ATS2851 (git-fixes).
- Bluetooth: Fix TOCTOU in HCI debugfs implementation (git-fixes).
- Bluetooth: Fix memory leak in hci_req_sync_complete() (git-fixes).
- Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old() (stable-fixes).
- Bluetooth: L2CAP: Fix not validating setsockopt user input (git-fixes).
- Bluetooth: RFCOMM: Fix not validating setsockopt user input (git-fixes).
- Bluetooth: SCO: Fix not validating setsockopt user input (git-fixes).
- Bluetooth: add quirk for broken address properties (git-fixes).
- Bluetooth: btintel: Fix null ptr deref in btintel_read_version (stable-fixes).
- Bluetooth: btintel: Fixe build regression (git-fixes).
- Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853 (stable-fixes).
- Bluetooth: hci_event: Fix sending HCI_OP_READ_ENC_KEY_SIZE (git-fixes).
- Bluetooth: hci_event: set the conn encrypted before conn establishes (stable-fixes).
- Bluetooth: hci_sock: Fix not validating setsockopt user input (git-fixes).
- Bluetooth: qca: fix NULL-deref on non-serdev suspend (git-fixes).
- Documentation: Add missing documentation for EXPORT_OP flags (stable-fixes).
- HID: intel-ish-hid: ipc: Fix dev_err usage with uninitialized dev->devc (git-fixes).
- HID: logitech-dj: allow mice to use all types of reports (git-fixes).
- HID: uhid: Use READ_ONCE()/WRITE_ONCE() for ->running (stable-fixes).
- Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails (stable-fixes).
- NFC: trf7970a: disable all regulators on removal (git-fixes).
- NFS: avoid spurious warning of lost lock that is being unlocked (bsc#1221791).
- PCI/AER: Block runtime suspend when handling errors (git-fixes).
- PCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports (git-fixes).
- PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports (git-fixes).
- PCI/DPC: Quirk PIO log size for certain Intel Root Ports (git-fixes).
- PCI/PM: Drain runtime-idle callbacks before driver removal (git-fixes).
- PCI: Drop pci_device_remove() test of pci_dev->driver (git-fixes).
- PCI: rpaphp: Error out on busy status from get-sensor-state (bsc#1223369 ltc#205888).
- RAS: Avoid build errors when CONFIG_DEBUG_FS=n (jsc#PED-7619).
- RDMA/cm: Print the old state when cm_destroy_id gets timeout (git-fixes).
- RDMA/cm: add timeout to cm_destroy_id wait (git-fixes)
- Reapply "drm/qxl: simplify qxl_fence_wait" (stable-fixes).
- Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default" (stable-fixes).
- Revert "drm/qxl: simplify qxl_fence_wait" (git-fixes).
- Revert "ice: Fix ice VF reset during iavf initialization (jsc#PED-376)." (bsc#1223275)
- Revert "usb: cdc-wdm: close race between read and workqueue" (git-fixes).
- Revert "usb: phy: generic: Get the vbus supply" (git-fixes).
- USB: UAS: return ENODEV when submit urbs fail with device not attached (stable-fixes).
- USB: serial: add device ID for VeriFone adapter (stable-fixes).
- USB: serial: cp210x: add ID for MGP Instruments PDS100 (stable-fixes).
- USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M (stable-fixes).
- USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB (stable-fixes).
- USB: serial: option: add Fibocom FM135-GL variants (stable-fixes).
- USB: serial: option: add Lonsung U8300/U9300 product (stable-fixes).
- USB: serial: option: add MeiG Smart SLM320 product (stable-fixes).
- USB: serial: option: add Rolling RW101-GL and RW135-GL support (stable-fixes).
- USB: serial: option: add Telit FN920C04 rmnet compositions (stable-fixes).
- USB: serial: option: add support for Fibocom FM650/FG650 (stable-fixes).
- USB: serial: option: support Quectel EM060K sub-models (stable-fixes).
- ahci: asm1064: asm1166: do not limit reported ports (git-fixes).
- ahci: asm1064: correct count of reported ports (stable-fixes).
- arm64: dts: imx8-ss-conn: fix usdhc wrong lpcg clock order (git-fixes)
- arm64: dts: rockchip: Remove unsupported node from the Pinebook Pro (git-fixes)
- arm64: dts: rockchip: enable internal pull-up for Q7_THRM# on RK3399 (git-fixes)
- arm64: dts: rockchip: enable internal pull-up on PCIE_WAKE# for (git-fixes)
- arm64: dts: rockchip: enable internal pull-up on Q7_USB_ID for RK3399 (git-fixes)
- arm64: dts: rockchip: fix rk3328 hdmi ports node (git-fixes)
- arm64: dts: rockchip: fix rk3399 hdmi ports node (git-fixes)
- arm64: hibernate: Fix level3 translation fault in swsusp_save() (git-fixes).
- ax25: fix use-after-free bugs caused by ax25_ds_del_timer (git-fixes).
- batman-adv: Avoid infinite loop trying to resize local TT (git-fixes).
- bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent (git-fixes).
- bcache: Remove dead references to cache_readaheads (git-fixes).
- bcache: Remove unnecessary NULL point check in node allocations (git-fixes).
- bcache: add code comments for bch_btree_node_get() and __bch_btree_node_alloc() (git-fixes).
- bcache: avoid NULL checking to c->root in run_cache_set() (git-fixes).
- bcache: avoid oversize memory allocation by small stripe_size (git-fixes).
- bcache: bset: Fix comment typos (git-fixes).
- bcache: check return value from btree_node_alloc_replacement() (git-fixes).
- bcache: fix NULL pointer reference in cached_dev_detach_finish (git-fixes).
- bcache: fix error info in register_bcache() (git-fixes).
- bcache: fixup bcache_dev_sectors_dirty_add() multithreaded CPU false sharing (git-fixes).
- bcache: fixup btree_cache_wait list damage (git-fixes).
- bcache: fixup init dirty data errors (git-fixes).
- bcache: fixup lock c->root error (git-fixes).
- bcache: fixup multi-threaded bch_sectors_dirty_init() wake-up race (git-fixes).
- bcache: move calc_cached_dev_sectors to proper place on backing device detach (git-fixes).
- bcache: move uapi header bcache.h to bcache code directory (git-fixes).
- bcache: prevent potential division by zero error (git-fixes).
- bcache: remove EXPERIMENTAL for Kconfig option 'Asynchronous device registration' (git-fixes).
- bcache: remove redundant assignment to variable cur_idx (git-fixes).
- bcache: remove the backing_dev_name field from struct cached_dev (git-fixes).
- bcache: remove the cache_dev_name field from struct cache (git-fixes).
- bcache: remove unnecessary flush_workqueue (git-fixes).
- bcache: remove unused bch_mark_cache_readahead function def in stats.h (git-fixes).
- bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in btree_gc_coalesce() (git-fixes).
- bcache: replace snprintf in show functions with sysfs_emit (git-fixes).
- bcache: revert replacing IS_ERR_OR_NULL with IS_ERR (git-fixes).
- bcache: use bvec_kmap_local in bch_data_verify (git-fixes).
- bcache: use bvec_kmap_local in bio_csum (git-fixes).
- bcache: use default_groups in kobj_type (git-fixes).
- bcache:: fix repeated words in comments (git-fixes).
- ceph: stop copying to iter at EOF on sync reads (bsc#1223068).
- ceph: switch to corrected encoding of max_xattr_size in mdsmap (bsc#1223067).
- clk: Get runtime PM before walking tree during disable_unused (git-fixes).
- clk: Initialize struct clk_core kref earlier (stable-fixes).
- clk: Mark 'all_lists' as const (stable-fixes).
- clk: Print an info line before disabling unused clocks (stable-fixes).
- clk: Remove prepare_lock hold assertion in __clk_release() (git-fixes).
- clk: remove extra empty line (stable-fixes).
- comedi: vmk80xx: fix incomplete endpoint checking (git-fixes).
- dm cache policy smq: ensure IO does not prevent cleaner policy progress (git-fixes).
- dm cache: add cond_resched() to various workqueue loops (git-fixes).
- dm clone: call kmem_cache_destroy() in dm_clone_init() error path (git-fixes).
- dm crypt: add cond_resched() to dmcrypt_write() (git-fixes).
- dm crypt: avoid accessing uninitialized tasklet (git-fixes).
- dm flakey: do not corrupt the zero page (git-fixes).
- dm flakey: fix a bug with 32-bit highmem systems (git-fixes).
- dm flakey: fix a crash with invalid table line (git-fixes).
- dm flakey: fix logic when corrupting a bio (git-fixes).
- dm init: add dm-mod.waitfor to wait for asynchronously probed block devices (git-fixes).
- dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path (git-fixes).
- dm integrity: fix out-of-range warning (git-fixes).
- dm integrity: reduce vmalloc space footprint on 32-bit architectures (git-fixes).
- dm raid: clean up four equivalent goto tags in raid_ctr() (git-fixes).
- dm raid: fix false positive for requeue needed during reshape (git-fixes).
- dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths (git-fixes).
- dm stats: check for and propagate alloc_percpu failure (git-fixes).
- dm thin metadata: Fix ABBA deadlock by resetting dm_bufio_client (git-fixes).
- dm thin metadata: check fail_io before using data_sm (git-fixes).
- dm thin: add cond_resched() to various workqueue loops (git-fixes).
- dm thin: fix deadlock when swapping to thin device (bsc#1177529).
- dm verity: do not perform FEC for failed readahead IO (git-fixes).
- dm verity: fix error handling for check_at_most_once on FEC (git-fixes).
- dm zoned: free dmz->ddev array in dmz_put_zoned_devices (git-fixes).
- dm-delay: fix a race between delay_presuspend and delay_bio (git-fixes).
- dm-integrity: do not modify bio's immutable bio_vec in integrity_metadata() (git-fixes).
- dm-raid: fix lockdep waring in "pers->hot_add_disk" (git-fixes).
- dm-verity, dm-crypt: align "struct bvec_iter" correctly (git-fixes).
- dm-verity: align struct dm_verity_fec_io properly (git-fixes).
- dm: add cond_resched() to dm_wq_work() (git-fixes).
- dm: call the resume method on internal suspend (git-fixes).
- dm: do not lock fs when the map is NULL during suspend or resume (git-fixes).
- dm: do not lock fs when the map is NULL in process of resume (git-fixes).
- dm: remove flush_scheduled_work() during local_exit() (git-fixes).
- dm: send just one event on resize, not two (git-fixes).
- dma: xilinx_dpdma: Fix locking (git-fixes).
- dmaengine: idxd: Fix oops during rmmod on single-CPU platforms (git-fixes).
- dmaengine: owl: fix register access functions (git-fixes).
- dmaengine: tegra186: Fix residual calculation (git-fixes).
- docs: Document the FAN_FS_ERROR event (stable-fixes).
- drm-print: add drm_dbg_driver to improve namespace symmetry (stable-fixes).
- drm/amd/display: Do not recursively call manual trigger programming (stable-fixes).
- drm/amd/display: Fix nanosec stat overflow (stable-fixes).
- drm/amd/display: fix disable otg wa logic in DCN316 (stable-fixes).
- drm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11 (stable-fixes).
- drm/amdgpu/sdma5.2: use legacy HDP flush for SDMA2/3 (stable-fixes).
- drm/amdgpu: Fix leak when GPU memory allocation fails (stable-fixes).
- drm/amdgpu: Reset dGPU if suspend got aborted (stable-fixes).
- drm/amdgpu: always force full reset for SOC21 (stable-fixes).
- drm/amdgpu: fix incorrect active rb bitmap for gfx11 (stable-fixes).
- drm/amdgpu: fix incorrect number of active RBs for gfx11 (stable-fixes).
- drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2 (git-fixes).
- drm/amdgpu: validate the parameters of bo mapping operations more clearly (git-fixes).
- drm/amdkfd: Reset GPU on queue preemption failure (stable-fixes).
- drm/ast: Fix soft lockup (git-fixes).
- drm/client: Fully protect modes[] with dev->mode_config.mutex (stable-fixes).
- drm/i915/cdclk: Fix CDCLK programming order when pipes are active (git-fixes).
- drm/i915/vrr: Disable VRR when using bigjoiner (stable-fixes).
- drm/i915: Disable port sync when bigjoiner is used (stable-fixes).
- drm/msm/dp: fix typo in dp_display_handle_port_status_changed() (git-fixes).
- drm/nouveau/nvkm: add a replacement for nvkm_notify (bsc#1223834)
- drm/panel: ili9341: Respect deferred probe (git-fixes).
- drm/panel: ili9341: Use predefined error codes (git-fixes).
- drm/panel: visionox-rm69299: do not unregister DSI device (git-fixes).
- drm/vc4: do not check if plane->state->fb == state->fb (stable-fixes).
- drm/vmwgfx: Enable DMA mappings with SEV (git-fixes).
- drm/vmwgfx: Fix crtc's atomic check conditional (git-fixes).
- drm/vmwgfx: Fix invalid reads in fence signaled events (git-fixes).
- drm/vmwgfx: Sort primary plane formats by order of preference (git-fixes).
- drm: nv04: Fix out of bounds access (git-fixes).
- drm: panel-orientation-quirks: Add quirk for GPD Win Mini (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for Lenovo Legion Go (stable-fixes).
- dump_stack: Do not get cpu_sync for panic CPU (bsc#1223574).
- fbdev: fix incorrect address computation in deferred IO (git-fixes).
- fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 (stable-fixes).
- fbmon: prevent division by zero in fb_videomode_from_videomode() (stable-fixes).
- fix build warning
- fuse: do not unhash root (bsc#1223951).
- fuse: fix root lookup with nonzero generation (bsc#1223950).
- hwmon: (amc6821) add of_match table (stable-fixes).
- i2c: pxa: hide unused icr_bits[] variable (git-fixes).
- i2c: smbus: fix NULL function pointer dereference (git-fixes).
- i40e: Fix VF MAC filter removal (git-fixes).
- idma64: Do not try to serve interrupts when device is powered off (git-fixes).
- iio: accel: mxc4005: Interrupt handling fixes (git-fixes).
- iio:imu: adis16475: Fix sync mode setting (git-fixes).
- init/main.c: Fix potential static_command_line memory overflow (git-fixes).
- iommu/amd: Add a length limitation for the ivrs_acpihid command-line parameter (git-fixes).
- iommu/amd: Fix "Guest Virtual APIC Table Root Pointer" configuration in IRTE (git-fixes).
- iommu/amd: Fix domain flush size when syncing iotlb (git-fixes).
- iommu/amd: Fix error handling for pdev_pri_ats_enable() (git-fixes).
- iommu/arm-smmu-qcom: Limit the SMR groups to 128 (git-fixes).
- iommu/arm-smmu-v3: Acknowledge pri/event queue overflow if any (git-fixes).
- iommu/fsl: fix all kernel-doc warnings in fsl_pamu.c (git-fixes).
- iommu/iova: Fix alloc iova overflows issue (git-fixes).
- iommu/mediatek: Flush IOTLB completely only if domain has been attached (git-fixes).
- iommu/rockchip: Fix unwind goto issue (git-fixes).
- iommu/sprd: Release dma buffer to avoid memory leak (git-fixes).
- iommu/vt-d: Allocate local memory for page request queue (git-fixes).
- iommu/vt-d: Allow zero SAGAW if second-stage not supported (git-fixes).
- iommu/vt-d: Fix error handling in sva enable/disable paths (git-fixes).
- iommu: Fix error unwind in iommu_group_alloc() (git-fixes).
- ipv6/addrconf: fix a potential refcount underflow for idev (git-fixes).
- kABI: Adjust trace_iterator.wait_index (git-fixes).
- kprobes: Fix double free of kretprobe_holder (bsc#1220901).
- kprobes: Fix possible use-after-free issue on kprobe registration (git-fixes).
- libnvdimm/of_pmem: Use devm_kstrdup instead of kstrdup and check its return value (git-fixes).
- libnvdimm/region: Allow setting align attribute on regions without mappings (git-fixes).
- livepatch: Fix missing newline character in klp_resolve_symbols() (bsc#1223539).
- md/raid1: fix choose next idle in read_balance() (git-fixes).
- md: Do not clear MD_CLOSING when the raid is about to stop (git-fixes).
- md: do not clear MD_RECOVERY_FROZEN for new dm-raid until resume (git-fixes).
- media: cec: core: remove length check of Timer Status (stable-fixes).
- media: sta2x11: fix irq handler cast (stable-fixes).
- mei: me: add arrow lake point H DID (stable-fixes).
- mei: me: add arrow lake point S DID (stable-fixes).
- mei: me: disable RPL-S on SPS and IGN firmwares (git-fixes).
- mm/vmscan: make sure wakeup_kswapd with managed zone (bsc#1223473).
- mmc: sdhci-msm: pervent access to suspended controller (git-fixes).
- mtd: diskonchip: work around ubsan link failure (stable-fixes).
- nd_btt: Make BTT lanes preemptible (git-fixes).
- net: bridge: vlan: fix memory leak in __allowed_ingress (git-fixes).
- net: fix a memleak when uncloning an skb dst and its metadata (git-fixes).
- net: fix skb leak in __skb_tstamp_tx() (git-fixes).
- net: ipv6: ensure we call ipv6_mc_down() at most once (git-fixes).
- net: mld: fix reference count leak in mld_{query | report}_work() (git-fixes).
- net: stream: purge sk_error_queue in sk_stream_kill_queues() (git-fixes).
- net: usb: ax88179_178a: avoid the interface always configured as random address (git-fixes).
- net: usb: ax88179_178a: avoid writing the mac address before first reading (git-fixes).
- net: usb: ax88179_178a: stop lying about skb->truesize (git-fixes).
- net: vlan: fix underflow for the real_dev refcnt (git-fixes).
- netfilter: br_netfilter: Drop dst references before setting (git-fixes).
- netfilter: ipt_CLUSTERIP: fix refcount leak in clusterip_tg_check() (git-fixes).
- netfilter: nft_ct: fix l3num expectations with inet pseudo family (git-fixes).
- nfsd: use __fput_sync() to avoid delayed closing of files (bsc#1223380 bsc#1217408).
- nilfs2: fix OOB in nilfs_set_de_type (git-fixes).
- nilfs2: fix OOB in nilfs_set_de_type (git-fixes).
- nouveau: fix function cast warning (git-fixes).
- nouveau: fix instmem race condition around ptr stores (git-fixes).
- nvdimm/namespace: drop nested variable in create_namespace_pmem() (git-fixes).
- nvdimm: Allow overwrite in the presence of disabled dimms (git-fixes).
- nvdimm: Fix badblocks clear off-by-one error (git-fixes).
- nvdimm: Fix dereference after free in register_nvdimm_pmu() (git-fixes).
- nvdimm: Fix firmware activation deadlock scenarios (git-fixes).
- nvdimm: Fix memleak of pmu attr_groups in unregister_nvdimm_pmu() (git-fixes).
- pci_iounmap(): Fix MMIO mapping leak (git-fixes).
- phy: tegra: xusb: Add API to retrieve the port number of phy (stable-fixes).
- pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs (stable-fixes).
- platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet (stable-fixes).
- powerpc/kasan: Do not instrument non-maskable or raw interrupts (bsc#1223191).
- powerpc/pseries/iommu: LPAR panics when rebooted with a frozen PE (bsc#1222011 ltc#205900).
- powerpc/rtas: define pr_fmt and convert printk call sites (bsc#1223369 ltc#205888).
- powerpc/rtas: export rtas_error_rc() for reuse (bsc#1223369 ltc#205888).
- powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt (bsc#1221645 ltc#205739 bsc#1223191).
- powerpc: Refactor verification of MSR_RI (bsc#1223191).
- printk: Add this_cpu_in_panic() (bsc#1223574).
- printk: Adjust mapping for 32bit seq macros (bsc#1223574).
- printk: Avoid non-panic CPUs writing to ringbuffer (bsc#1223574).
- printk: Disable passing console lock owner completely during panic() (bsc#1223574).
- printk: Drop console_sem during panic (bsc#1223574).
- printk: Rename abandon_console_lock_in_panic() to other_cpu_in_panic() (bsc#1223574).
- printk: Use prb_first_seq() as base for 32bit seq macros (bsc#1223574).
- printk: Wait for all reserved records with pr_flush() (bsc#1223574).
- printk: nbcon: Relocate 32bit seq macros (bsc#1223574).
- printk: ringbuffer: Clarify special lpos values (bsc#1223574).
- printk: ringbuffer: Cleanup reader terminology (bsc#1223574).
- printk: ringbuffer: Do not skip non-finalized records with prb_next_seq() (bsc#1223574).
- printk: ringbuffer: Improve prb_next_seq() performance (bsc#1223574).
- printk: ringbuffer: Skip non-finalized records in panic (bsc#1223574).
- pstore/zone: Add a null pointer check to the psz_kmsg_read (stable-fixes).
- ring-buffer: Do not set shortest_full when full target is hit (git-fixes).
- ring-buffer: Fix full_waiters_pending in poll (git-fixes).
- ring-buffer: Fix resetting of shortest_full (git-fixes).
- ring-buffer: Fix waking up ring buffer readers (git-fixes).
- ring-buffer: Make wake once of ring_buffer_wait() more robust (git-fixes).
- ring-buffer: Use wait_event_interruptible() in ring_buffer_wait() (git-fixes).
- ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment (git-fixes).
- s390/cio: Ensure the copied buf is NUL terminated (git-fixes bsc#1223875).
- s390/decompressor: fix misaligned symbol build error (git-fixes bsc#1223785).
- s390/mm: Fix clearing storage keys for huge pages (git-fixes bsc#1223877).
- s390/mm: Fix storage key clearing for guest huge pages (git-fixes bsc#1223878).
- s390/qeth: Fix kernel panic after setting hsuid (git-fixes bsc#1223879).
- s390/scm: fix virtual vs physical address confusion (git-fixes bsc#1223784).
- s390/vdso: Add CFI for RA register to asm macro vdso_func (git-fixes bsc#1223876).
- s390/vdso: drop '-fPIC' from LDFLAGS (git-fixes bsc#1223598).
- s390/zcrypt: fix reference counting on zcrypt card objects (git-fixes bsc#1223595).
- serial/pmac_zilog: Remove flawed mitigation for rx irq flood (git-fixes).
- serial: core: Provide port lock wrappers (stable-fixes).
- serial: core: fix kernel-doc for uart_port_unlock_irqrestore() (git-fixes).
- serial: mxs-auart: add spinlock around changing cts state (git-fixes).
- slimbus: qcom-ngd-ctrl: Add timeout for wait operation (git-fixes).
- speakup: Avoid crash on very long word (git-fixes).
- speakup: Fix 8bit characters from direct synth (git-fixes).
- tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp (git-fixes).
- thunderbolt: Avoid notify PM core about runtime PM resume (stable-fixes).
- thunderbolt: Fix wake configurations after device unplug (stable-fixes).
- tracing/net_sched: Fix tracepoints that save qdisc_dev() as a string (git-fixes).
- tracing/ring-buffer: Fix wait_on_pipe() race (git-fixes).
- tracing: Have saved_cmdlines arrays all in one allocation (git-fixes).
- tracing: Remove precision vsnprintf() check from print event (git-fixes).
- tracing: Show size of requested perf buffer (git-fixes).
- tracing: Use .flush() call to wake up readers (git-fixes).
- usb: Disable USB3 LPM at shutdown (stable-fixes).
- usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed device (git-fixes).
- usb: dwc2: host: Fix dereference issue in DDMA completion flow (git-fixes).
- usb: gadget: composite: fix OS descriptors w_value logic (git-fixes).
- usb: gadget: f_fs: Fix a race condition when processing setup packets (git-fixes).
- usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport error (stable-fixes).
- usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic (git-fixes).
- usb: ohci: Prevent missed ohci interrupts (git-fixes).
- usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined (stable-fixes).
- usb: typec: tcpci: add generic tcpci fallback compatible (stable-fixes).
- usb: typec: tcpm: Check for port partner validity before consuming it (git-fixes).
- usb: typec: tcpm: unregister existing source caps before re-registration (bsc#1220569).
- usb: typec: ucsi: Ack unsupported commands (stable-fixes).
- usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset (stable-fixes).
- usb: typec: ucsi: Fix connector check on init (git-fixes).
- usb: udc: remove warning when queue disabled ep (stable-fixes).
- vdpa/mlx5: Allow CVQ size changes (git-fixes).
- virtio: treat alloc_dax() -EOPNOTSUPP failure as non-fatal (bsc#1223949).
- wifi: ath9k: fix LNA selection in ath_ant_try_scan() (stable-fixes).
- wifi: iwlwifi: mvm: remove old PASN station when adding a new one (git-fixes).
- wifi: iwlwifi: mvm: return uid from iwl_mvm_build_scan_cmd (git-fixes).
- wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes (stable-fixes).
- wifi: nl80211: do not free NULL coalescing rule (git-fixes).
- x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ (git-fixes).
- x86/mm: Ensure input to pfn_to_kaddr() is treated as a 64-bit type (jsc#PED-7167 git-fixes).
- x86/sev: Skip ROM range scans and validation for SEV-SNP guests (jsc#PED-7167 git-fixes).
- x86/xen: Add some null pointer checking to smp.c (git-fixes).
- x86/xen: add CPU dependencies for 32-bit build (git-fixes).
- x86/xen: fix percpu vcpu_info allocation (git-fixes).
- xen-netback: properly sync TX responses (git-fixes).
- xen-netfront: Add missing skb_mark_for_recycle (git-fixes).
- xen/gntdev: Fix the abuse of underlying struct page in DMA-buf import (git-fixes).
- xen/xenbus: document will_handle argument for xenbus_watch_path() (git-fixes).
- xfrm6: fix inet6_dev refcount underflow problem (git-fixes).
kernel-default-5.14.21-150500.55.62.2.nosrc.rpm
True
kernel-default-5.14.21-150500.55.62.2.x86_64.rpm
True
kernel-default-base-5.14.21-150500.55.62.2.150500.6.27.2.src.rpm
True
kernel-default-base-5.14.21-150500.55.62.2.150500.6.27.2.x86_64.rpm
True
kernel-default-5.14.21-150500.55.62.2.s390x.rpm
True
kernel-default-5.14.21-150500.55.62.2.aarch64.rpm
True
kernel-default-base-5.14.21-150500.55.62.2.150500.6.27.2.aarch64.rpm
True
openSUSE-Leap-Micro-5.5-2024-1828
Recommended update for wicked
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for wicked fixes the following issues:
- client: fix ifreload to pull UP ports/links again when the config of their master/lower changed (bsc#1224100)
- Update to version 0.6.75:
- cleanup: fix ni_fsm_state_t enum-int-mismatch warnings
- cleanup: fix overflow warnings in a socket testcase on i586
- ifcheck: report new and deleted configs as changed (bsc#1218926)
- man: improve ARP configuration options in the wicked-config.5
- bond: add ports when master is UP to avoid port MTU revert (bsc#1219108)
- cleanup: fix interface dependencies and shutdown order (bsc#1205604)
- Remove port arrays from bond,team,bridge,ovs-bridge (redundant)
and consistently use config and state info attached to the port
interface as in rtnetlink(7).
- Cleanup ifcfg parsing, schema configuration and service properties
- Migrate ports in xml config and policies already applied in nanny
- Remove "missed config" generation from finite state machine, which
is completed while parsing the config or while xml config migration.
- Issue a warning when "lower" interface (e.g. eth0) config is missed
while parsing config depending on it (e.g. eth0.42 vlan).
- Resolve ovs master to the effective bridge in config and wickedd
- Implement netif-check-state require checks using system relations
from wickedd/kernel instead of config relations for ifdown and add
linkDown and deleteDevice checks to all master and lower references.
- Add a `wicked <ifup|ifdown|ifreload> --dry-run …` option to show the
system/config interface hierarchies as notice with +/- marked
interfaces to setup and/or shutdown.
wicked-0.6.75-150500.3.26.1.src.rpm
wicked-0.6.75-150500.3.26.1.x86_64.rpm
wicked-service-0.6.75-150500.3.26.1.x86_64.rpm
wicked-0.6.75-150500.3.26.1.s390x.rpm
wicked-service-0.6.75-150500.3.26.1.s390x.rpm
wicked-0.6.75-150500.3.26.1.aarch64.rpm
wicked-service-0.6.75-150500.3.26.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1660
Recommended update for pam_pkcs11
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for pam_pkcs11 fixes the following issue:
- Fix 0001-Set-slot_num-configuration-parameter-to-0-by-default (bsc#1221255)
pam_pkcs11-0.6.10-150100.3.3.2.src.rpm
pam_pkcs11-0.6.10-150100.3.3.2.x86_64.rpm
pam_pkcs11-0.6.10-150100.3.3.2.s390x.rpm
pam_pkcs11-0.6.10-150100.3.3.2.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1704
Security update for cairo
low
SUSE Updates openSUSE-Leap-Micro 5.5
This update for cairo fixes the following issues:
- CVE-2019-6462: Fixed a potentially infinite loop (bsc#1122321).
cairo-1.16.0-150400.11.3.1.src.rpm
libcairo-gobject2-1.16.0-150400.11.3.1.x86_64.rpm
libcairo2-1.16.0-150400.11.3.1.x86_64.rpm
libcairo-gobject2-1.16.0-150400.11.3.1.s390x.rpm
libcairo2-1.16.0-150400.11.3.1.s390x.rpm
libcairo-gobject2-1.16.0-150400.11.3.1.aarch64.rpm
libcairo2-1.16.0-150400.11.3.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1762
Security update for perl
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for perl fixes the following issues:
Security issues fixed:
- CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216)
- CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233)
Non-security issue fixed:
- make Net::FTP work with TLS 1.3 (bsc#1213638)
perl-5.26.1-150300.17.17.1.src.rpm
perl-5.26.1-150300.17.17.1.x86_64.rpm
perl-base-5.26.1-150300.17.17.1.x86_64.rpm
perl-5.26.1-150300.17.17.1.s390x.rpm
perl-base-5.26.1-150300.17.17.1.s390x.rpm
perl-5.26.1-150300.17.17.1.aarch64.rpm
perl-base-5.26.1-150300.17.17.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1663
Security update for the Linux Kernel
important
SUSE Updates openSUSE-Leap-Micro 5.5
The SUSE Linux Enterprise 15 SP5 Real Time kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-27389: Fixed pstore inode handling with d_invalidate() (bsc#1223705).
- CVE-2024-27062: Fixed nouveau lock inside client object tree (bsc#1223834).
- CVE-2024-27056: Fixed wifi/iwlwifi/mvm to ensure offloading TID queue exists (bsc#1223822).
- CVE-2024-27046: Fixed nfp/flower handling acti_netdevs allocation failure (bsc#1223827).
- CVE-2024-27043: Fixed a use-after-free in edia/dvbdev in different places (bsc#1223824).
- CVE-2024-27041: Fixed drm/amd/display NULL checks for adev->dm.dc in amdgpu_dm_fini() (bsc#1223714).
- CVE-2024-27039: Fixed clk/hisilicon/hi3559a an erroneous devm_kfree() (bsc#1223821).
- CVE-2024-27038: Fixed clk_core_get NULL pointer dereference (bsc#1223816).
- CVE-2024-27030: Fixed octeontx2-af to use separate handlers for interrupts (bsc#1223790).
- CVE-2024-27014: Fixed net/mlx5e to prevent deadlock while disabling aRFS (bsc#1223735).
- CVE-2024-27013: Fixed tun limit printing rate when illegal packet received by tun device (bsc#1223745).
- CVE-2024-26993: Fixed fs/sysfs reference leak in sysfs_break_active_protection() (bsc#1223693).
- CVE-2024-26982: Fixed Squashfs inode number check not to be an invalid value of zero (bsc#1223634).
- CVE-2024-26970: Fixed clk/qcom/gcc-ipq6018 termination of frequency table arrays (bsc#1223644).
- CVE-2024-26969: Fixed clk/qcom/gcc-ipq8074 termination of frequency table arrays (bsc#1223645).
- CVE-2024-26966: Fixed clk/qcom/mmcc-apq8084 termination of frequency table arrays (bsc#1223646).
- CVE-2024-26965: Fixed clk/qcom/mmcc-msm8974 termination of frequency table arrays (bsc#1223648).
- CVE-2024-26960: Fixed mm/swap race between free_swap_and_cache() and swapoff() (bsc#1223655).
- CVE-2024-26951: Fixed wireguard/netlink check for dangling peer via is_dead instead of empty list (bsc#1223660).
- CVE-2024-26950: Fixed wireguard/netlink to access device through ctx instead of peer (bsc#1223661).
- CVE-2024-26948: Fixed drm/amd/display by adding dc_state NULL check in dc_state_release (bsc#1223664).
- CVE-2024-26927: Fixed ASoC/SOF bounds checking to firmware data Smatch (bsc#1223525).
- CVE-2024-26901: Fixed do_sys_name_to_handle() to use kzalloc() to prevent kernel-infoleak (bsc#1223198).
- CVE-2024-26896: Fixed wifi/wfx memory leak when starting AP (bsc#1223042).
- CVE-2024-26893: Fixed firmware/arm_scmi for possible double free in SMC transport cleanup path (bsc#1223196).
- CVE-2024-26885: Fixed bpf DEVMAP_HASH overflow check on 32-bit arches (bsc#1223190).
- CVE-2024-26884: Fixed bpf hashtab overflow check on 32-bit arches (bsc#1223189).
- CVE-2024-26883: Fixed bpf stackmap overflow check on 32-bit arches (bsc#1223035).
- CVE-2024-26882: Fixed net/ip_tunnel to make sure to pull inner header in ip_tunnel_rcv() (bsc#1223034).
- CVE-2024-26881: Fixed net/hns3 kernel crash when 1588 is received on HIP08 devices (bsc#1223041).
- CVE-2024-26879: Fixed clk/meson by adding missing clocks to axg_clk_regmaps (bsc#1223066).
- CVE-2024-26878: Fixed quota for potential NULL pointer dereference (bsc#1223060).
- CVE-2024-26866: Fixed spi/spi-fsl-lpspi by removing redundant spi_controller_put call (bsc#1223024).
- CVE-2024-26862: Fixed packet annotate data-races around ignore_outgoing (bsc#1223111).
- CVE-2024-26861: Fixed wireguard/receive annotate data-race around receiving_counter.counter (bsc#1223076).
- CVE-2024-26857: Fixed geneve to make sure to pull inner header in geneve_rx() (bsc#1223058).
- CVE-2024-26856: Fixed use-after-free inside sparx5_del_mact_entry (bsc#1223052).
- CVE-2024-26855: Fixed net/ice potential NULL pointer dereference in ice_bridge_setlink() (bsc#1223051).
- CVE-2024-26853: Fixed igc returning frame twice in XDP_REDIRECT (bsc#1223061).
- CVE-2024-26852: Fixed net/ipv6 to avoid possible UAF in ip6_route_mpath_notify() (bsc#1223057).
- CVE-2024-26848: Fixed afs endless loop in directory parsing (bsc#1223030).
- CVE-2024-26836: Fixed platform/x86/think-lmi password opcode ordering for workstations (bsc#1222968).
- CVE-2024-26830: Fixed i40e to not allow untrusted VF to remove administratively set MAC (bsc#1223012).
- CVE-2024-26817: Fixed amdkfd to use calloc instead of kzalloc to avoid integer overflow (bsc#1222812).
- CVE-2024-26816: Fixed relocations in .notes section when building with CONFIG_XEN_PV=y by ignoring them (bsc#1222624).
- CVE-2024-26807: Fixed spi/cadence-qspi NULL pointer reference in runtime PM hooks (bsc#1222801).
- CVE-2024-26805: Fixed a kernel-infoleak-after-free in __skb_datagram_iter in netlink (bsc#1222630).
- CVE-2024-26793: Fixed an use-after-free and null-ptr-deref in gtp_newlink() in gtp (bsc#1222428).
- CVE-2024-26783: Fixed mm/vmscan bug when calling wakeup_kswapd() with a wrong zone index (bsc#1222615).
- CVE-2024-26779: Fixed a race condition on enabling fast-xmit in mac80211 (bsc#1222772).
- CVE-2024-26773: Fixed ext4 block allocation from corrupted group in ext4_mb_try_best_found() (bsc#1222618).
- CVE-2024-26772: Fixed ext4 to avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() (bsc#1222613).
- CVE-2024-26771: Fixed a null pointer dereference on edma_probe in dmaengine ti edma (bsc#1222610)
- CVE-2024-26766: Fixed SDMA off-by-one error in _pad_sdma_tx_descs() (bsc#1222726).
- CVE-2024-26764: Fixed IOCB_AIO_RW check in fs/aio before the struct aio_kiocb conversion (bsc#1222721).
- CVE-2024-26763: Fixed user corruption via by writing data with O_DIRECT on device in dm-crypt (bsc#1222720).
- CVE-2024-26760: Fixed scsi/target/pscsi bio_put() for error case (bsc#1222596).
- CVE-2024-267600: Fixed scsi/target/pscsi error case in bio_put() (bsc#1222596).
- CVE-2024-26754: Fixed an use-after-free and null-ptr-deref in gtp_genl_dump_pdp() in gtp (bsc#1222632).
- CVE-2024-26751: Fixed ARM/ep93xx terminator to gpiod_lookup_table (bsc#1222724).
- CVE-2024-26747: Fixed a NULL pointer issue with USB parent module's reference (bsc#1222609).
- CVE-2024-26744: Fixed null pointer dereference in srpt_service_guid parameter in rdma/srpt (bsc#1222449).
- CVE-2024-26743: Fixed memory leak in qedr_create_user_qp error flow in rdma/qedr (bsc#1222677).
- CVE-2024-26737: Fixed selftests/bpf racing between bpf_timer_cancel_and_free and bpf_timer_cancel (bsc#1222557).
- CVE-2024-26733: Fixed an overflow in arp_req_get() in arp (bsc#1222585).
- CVE-2024-26727: Fixed assertion if a newly created btrfs subvolume already gets read (bsc#1222536).
- CVE-2024-26718: Fixed dm-crypt/dm-verity disable tasklets (bsc#1222416).
- CVE-2024-26704: Fixed a double-free of blocks due to wrong extents moved_len in ext4 (bsc#1222422).
- CVE-2024-26696: Fixed nilfs2 hang in nilfs_lookup_dirty_data_buffers() (bsc#1222549).
- CVE-2024-26689: Fixed a use-after-free in encode_cap_msg() (bsc#1222503).
- CVE-2024-26687: Fixed xen/events close evtchn after mapping cleanup (bsc#1222435).
- CVE-2024-26685: Fixed nilfs2 potential bug in end_buffer_async_write (bsc#1222437).
- CVE-2024-26684: Fixed net/stmmac/xgmac handling of DPP safety error for DMA channels (bsc#1222445).
- CVE-2024-26681: Fixed netdevsim to avoid potential loop in nsim_dev_trap_report_work() (bsc#1222431).
- CVE-2024-26680: Fixed net/atlantic DMA mapping for PTP hwts ring (bsc#1222427).
- CVE-2024-26675: Fixed ppp_async to limit MRU to 64K (bsc#1222379).
- CVE-2024-26673: Fixed netfilter/nft_ct layer 3 and 4 protocol sanitization (bsc#1222368).
- CVE-2024-26671: Fixed blk-mq IO hang from sbitmap wakeup race (bsc#1222357).
- CVE-2024-26660: Fixed drm/amd/display bounds check for stream encoder creation (bsc#1222266).
- CVE-2024-26656: Fixed drm/amdgpu use-after-free bug (bsc#1222307).
- CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221299).
- CVE-2024-26601: Fixed ext4 buddy bitmap corruption via fast commit replay (bsc#1220342).
- CVE-2024-23850: Fixed double free of anonymous device after snapshot creation failure (bsc#1219126).
- CVE-2024-23848: Fixed media/cec for possible use-after-free in cec_queue_msg_fh (bsc#1219104).
- CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1219169).
- CVE-2024-22099: Fixed a null-pointer-dereference in rfcomm_check_security (bsc#1219170).
- CVE-2024-0841: Fixed a null pointer dereference in the hugetlbfs_fill_super function in hugetlbfs (HugeTLB pages) functionality (bsc#1219264).
- CVE-2024-0639: Fixed a denial-of-service vulnerability due to a deadlock found in sctp_auto_asconf_init in net/sctp/socket.c (bsc#1218917).
- CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562).
- CVE-2023-52652: Fixed NTB for possible name leak in ntb_register_device() (bsc#1223686).
- CVE-2023-52645: Fixed pmdomain/mediatek race conditions with genpd (bsc#1223033).
- CVE-2023-52636: Fixed libceph cursor init when preparing sparse read in msgr2 (bsc#1222247).
- CVE-2023-52635: Fixed PM/devfreq to synchronize devfreq_monitor_[start/stop] (bsc#1222294).
- CVE-2023-52627: Fixed iio:adc:ad7091r exports into IIO_AD7091R namespace (bsc#1222051).
- CVE-2023-52620: Fixed netfilter/nf_tables to disallow timeout for anonymous sets never used from userspace (bsc#1221825).
- CVE-2023-52616: Fixed unexpected pointer access in crypto/lib/mpi in mpi_ec_init (bsc#1221612).
- CVE-2023-52614: Fixed PM/devfreq buffer overflow in trans_stat_show (bsc#1221617).
- CVE-2023-52593: Fixed wifi/wfx possible NULL pointer dereference in wfx_set_mfp_ap() (bsc#1221042).
- CVE-2023-52591: Fixed a possible reiserfs filesystem corruption via directory renaming (bsc#1221044).
- CVE-2023-52590: Fixed a possible ocfs2 filesystem corruption via directory renaming (bsc#1221088).
- CVE-2023-52589: Fixed media/rkisp1 IRQ disable race issue (bsc#1221084).
- CVE-2023-52585: Fixed drm/amdgpu for possible NULL pointer dereference in amdgpu_ras_query_error_status_helper() (bsc#1221080).
- CVE-2023-52561: Fixed arm64/dts/qcom/sdm845-db845c to mark cont splash memory region (bsc#1220935).
- CVE-2023-52503: Fixed tee/amdtee use-after-free vulnerability in amdtee_close_session (bsc#1220915).
- CVE-2023-52488: Fixed serial/sc16is7xx convert from _raw_ to _noinc_ regmap functions for FIFO (bsc#1221162).
- CVE-2022-48701: Fixed an out-of-bounds bug in __snd_usb_parse_audio_interface() (bsc#1223921).
- CVE-2022-48662: Fixed a general protection fault (GPF) in i915_perf_open_ioctl (bsc#1223505).
- CVE-2022-48659: Fixed mm/slub to return errno if kmalloc() fails (bsc#1223498).
- CVE-2022-48658: Fixed mm/slub to avoid a problem in flush_cpu_slab()/__free_slab() task context (bsc#1223496).
- CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223513).
- CVE-2022-48642: Fixed netfilter/nf_tables percpu memory leak at nf_tables_addchain() (bsc#1223478).
- CVE-2022-48640: Fixed bonding for possible NULL pointer dereference in bond_rr_gen_slave_id (bsc#1223499).
- CVE-2022-48631: Fixed a bug in ext4, when parsing extents where eh_entries == 0 and eh_depth > 0 (bsc#1223475).
- CVE-2021-47214: Fixed hugetlb/userfaultfd during restore reservation in hugetlb_mcopy_atomic_pte() (bsc#1222710).
- CVE-2021-47211: Fixed a null pointer dereference on pointer cs_desc in usb-audio (bsc#1222869).
- CVE-2021-47207: Fixed a null pointer dereference on pointer block in gus (bsc#1222790).
- CVE-2021-47205: Unregistered clocks/resets when unbinding in sunxi-ng (bsc#1222888).
- CVE-2021-47202: Fixed NULL pointer dereferences in of_thermal_ functions (bsc#1222878)
- CVE-2021-47200: Fixed drm/prime for possible use-after-free in mmap within drm_gem_ttm_mmap() and drm_gem_ttm_mmap() (bsc#1222838).
- CVE-2021-47195: Fixed use-after-free inside SPI via add_lock mutex (bsc#1222832).
- CVE-2021-47189: Fixed denial of service due to memory ordering issues between normal and ordered work functions in btrfs (bsc#1222706).
- CVE-2021-47185: Fixed a softlockup issue in flush_to_ldisc in tty tty_buffer (bsc#1222669).
- CVE-2021-47184: Fixed NULL pointer dereference on VSI filter sync (bsc#1222666).
- CVE-2021-47183: Fixed a null pointer dereference during link down processing in scsi lpfc (bsc#1192145, bsc#1222664).
- CVE-2021-47182: Fixed scsi_mode_sense() buffer length handling (bsc#1222662).
- CVE-2021-47181: Fixed a null pointer dereference caused by calling platform_get_resource() (bsc#1222660).
The following non-security bugs were fixed:
- ALSA: firewire-lib: handle quirk to calculate payload quadlets as data block counter (stable-fixes).
- ALSA: hda/realtek - Enable audio jacks of Haier Boyue G42 with ALC269VC (stable-fixes).
- ALSA: hda/realtek - Fix inactive headset mic jack (stable-fixes).
- ALSA: hda/realtek: Add quirk for HP SnowWhite laptops (stable-fixes).
- ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU (stable-fixes).
- ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node() (git-fixes).
- ALSA: scarlett2: Add Focusrite Clarett 2Pre and 4Pre USB support (stable-fixes).
- ALSA: scarlett2: Add Focusrite Clarett+ 2Pre and 4Pre support (stable-fixes).
- ALSA: scarlett2: Add correct product series name to messages (stable-fixes).
- ALSA: scarlett2: Add support for Clarett 8Pre USB (stable-fixes).
- ALSA: scarlett2: Default mixer driver to enabled (stable-fixes).
- ALSA: scarlett2: Move USB IDs out from device_info struct (stable-fixes).
- ASoC: meson: axg-card: make links nonatomic (git-fixes).
- ASoC: meson: axg-tdm-interface: manage formatters in trigger (git-fixes).
- ASoC: meson: cards: select SND_DYNAMIC_MINORS (git-fixes).
- ASoC: soc-core.c: Skip dummy codec when adding platforms (stable-fixes).
- ASoC: tegra: Fix DSPK 16-bit playback (git-fixes).
- ASoC: ti: davinci-mcasp: Fix race condition during probe (git-fixes).
- Bluetooth: Add new quirk for broken read key length on ATS2851 (git-fixes).
- Bluetooth: Fix TOCTOU in HCI debugfs implementation (git-fixes).
- Bluetooth: Fix memory leak in hci_req_sync_complete() (git-fixes).
- Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old() (stable-fixes).
- Bluetooth: L2CAP: Fix not validating setsockopt user input (git-fixes).
- Bluetooth: RFCOMM: Fix not validating setsockopt user input (git-fixes).
- Bluetooth: SCO: Fix not validating setsockopt user input (git-fixes).
- Bluetooth: add quirk for broken address properties (git-fixes).
- Bluetooth: btintel: Fix null ptr deref in btintel_read_version (stable-fixes).
- Bluetooth: btintel: Fixe build regression (git-fixes).
- Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853 (stable-fixes).
- Bluetooth: hci_event: Fix sending HCI_OP_READ_ENC_KEY_SIZE (git-fixes).
- Bluetooth: hci_event: set the conn encrypted before conn establishes (stable-fixes).
- Bluetooth: hci_sock: Fix not validating setsockopt user input (git-fixes).
- Bluetooth: qca: fix NULL-deref on non-serdev suspend (git-fixes).
- Documentation: Add missing documentation for EXPORT_OP flags (stable-fixes).
- HID: intel-ish-hid: ipc: Fix dev_err usage with uninitialized dev->devc (git-fixes).
- HID: logitech-dj: allow mice to use all types of reports (git-fixes).
- HID: uhid: Use READ_ONCE()/WRITE_ONCE() for ->running (stable-fixes).
- Input: allocate keycode for Display refresh rate toggle (stable-fixes).
- Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails (stable-fixes).
- NFC: trf7970a: disable all regulators on removal (git-fixes).
- NFS: avoid spurious warning of lost lock that is being unlocked (bsc#1221791).
- PCI/AER: Block runtime suspend when handling errors (git-fixes).
- PCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports (git-fixes).
- PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports (git-fixes).
- PCI/DPC: Quirk PIO log size for certain Intel Root Ports (git-fixes).
- PCI/PM: Drain runtime-idle callbacks before driver removal (git-fixes).
- PCI: Drop pci_device_remove() test of pci_dev->driver (git-fixes).
- PCI: rpaphp: Error out on busy status from get-sensor-state (bsc#1223369 ltc#205888).
- RAS: Avoid build errors when CONFIG_DEBUG_FS=n (jsc#PED-7619).
- RDMA/cm: Print the old state when cm_destroy_id gets timeout (git-fixes).
- RDMA/cm: add timeout to cm_destroy_id wait (git-fixes)
- README.BRANCH: Correct email address for Petr Tesarik
- README.BRANCH: Remove copy of branch name
- Reapply "drm/qxl: simplify qxl_fence_wait" (stable-fixes).
- Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default" (stable-fixes).
- Revert "drm/qxl: simplify qxl_fence_wait" (git-fixes).
- Revert "ice: Fix ice VF reset during iavf initialization (jsc#PED-376)." (bsc#1223275)
- Revert "usb: cdc-wdm: close race between read and workqueue" (git-fixes).
- Revert "usb: phy: generic: Get the vbus supply" (git-fixes).
- USB: UAS: return ENODEV when submit urbs fail with device not attached (stable-fixes).
- USB: serial: add device ID for VeriFone adapter (stable-fixes).
- USB: serial: cp210x: add ID for MGP Instruments PDS100 (stable-fixes).
- USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M (stable-fixes).
- USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB (stable-fixes).
- USB: serial: option: add Fibocom FM135-GL variants (stable-fixes).
- USB: serial: option: add Lonsung U8300/U9300 product (stable-fixes).
- USB: serial: option: add MeiG Smart SLM320 product (stable-fixes).
- USB: serial: option: add Rolling RW101-GL and RW135-GL support (stable-fixes).
- USB: serial: option: add Telit FN920C04 rmnet compositions (stable-fixes).
- USB: serial: option: add support for Fibocom FM650/FG650 (stable-fixes).
- USB: serial: option: support Quectel EM060K sub-models (stable-fixes).
- ahci: asm1064: asm1166: do not limit reported ports (git-fixes).
- ahci: asm1064: correct count of reported ports (stable-fixes).
- arm64: dts: imx8-ss-conn: fix usdhc wrong lpcg clock order (git-fixes)
- arm64: dts: rockchip: Remove unsupported node from the Pinebook Pro (git-fixes)
- arm64: dts: rockchip: enable internal pull-up for Q7_THRM# on RK3399 (git-fixes)
- arm64: dts: rockchip: enable internal pull-up on PCIE_WAKE# for (git-fixes)
- arm64: dts: rockchip: enable internal pull-up on Q7_USB_ID for RK3399 (git-fixes)
- arm64: dts: rockchip: fix rk3328 hdmi ports node (git-fixes)
- arm64: dts: rockchip: fix rk3399 hdmi ports node (git-fixes)
- arm64: hibernate: Fix level3 translation fault in swsusp_save() (git-fixes).
- ax25: fix use-after-free bugs caused by ax25_ds_del_timer (git-fixes).
- batman-adv: Avoid infinite loop trying to resize local TT (git-fixes).
- bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent (git-fixes).
- bcache: Remove dead references to cache_readaheads (git-fixes).
- bcache: Remove unnecessary NULL point check in node allocations (git-fixes).
- bcache: add code comments for bch_btree_node_get() and __bch_btree_node_alloc() (git-fixes).
- bcache: avoid NULL checking to c->root in run_cache_set() (git-fixes).
- bcache: avoid oversize memory allocation by small stripe_size (git-fixes).
- bcache: bset: Fix comment typos (git-fixes).
- bcache: check return value from btree_node_alloc_replacement() (git-fixes).
- bcache: fix NULL pointer reference in cached_dev_detach_finish (git-fixes).
- bcache: fix error info in register_bcache() (git-fixes).
- bcache: fixup bcache_dev_sectors_dirty_add() multithreaded CPU false sharing (git-fixes).
- bcache: fixup btree_cache_wait list damage (git-fixes).
- bcache: fixup init dirty data errors (git-fixes).
- bcache: fixup lock c->root error (git-fixes).
- bcache: fixup multi-threaded bch_sectors_dirty_init() wake-up race (git-fixes).
- bcache: move calc_cached_dev_sectors to proper place on backing device detach (git-fixes).
- bcache: move uapi header bcache.h to bcache code directory (git-fixes).
- bcache: prevent potential division by zero error (git-fixes).
- bcache: remove EXPERIMENTAL for Kconfig option 'Asynchronous device registration' (git-fixes).
- bcache: remove redundant assignment to variable cur_idx (git-fixes).
- bcache: remove the backing_dev_name field from struct cached_dev (git-fixes).
- bcache: remove the cache_dev_name field from struct cache (git-fixes).
- bcache: remove unnecessary flush_workqueue (git-fixes).
- bcache: remove unused bch_mark_cache_readahead function def in stats.h (git-fixes).
- bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in btree_gc_coalesce() (git-fixes).
- bcache: replace snprintf in show functions with sysfs_emit (git-fixes).
- bcache: revert replacing IS_ERR_OR_NULL with IS_ERR (git-fixes).
- bcache: use bvec_kmap_local in bch_data_verify (git-fixes).
- bcache: use bvec_kmap_local in bio_csum (git-fixes).
- bcache: use default_groups in kobj_type (git-fixes).
- bcache:: fix repeated words in comments (git-fixes).
- ceph: stop copying to iter at EOF on sync reads (bsc#1223068).
- ceph: switch to corrected encoding of max_xattr_size in mdsmap (bsc#1223067).
- clk: Get runtime PM before walking tree during disable_unused (git-fixes).
- clk: Initialize struct clk_core kref earlier (stable-fixes).
- clk: Mark 'all_lists' as const (stable-fixes).
- clk: Print an info line before disabling unused clocks (stable-fixes).
- clk: Remove prepare_lock hold assertion in __clk_release() (git-fixes).
- clk: remove extra empty line (stable-fixes).
- comedi: vmk80xx: fix incomplete endpoint checking (git-fixes).
- dm cache policy smq: ensure IO does not prevent cleaner policy progress (git-fixes).
- dm cache: add cond_resched() to various workqueue loops (git-fixes).
- dm clone: call kmem_cache_destroy() in dm_clone_init() error path (git-fixes).
- dm crypt: add cond_resched() to dmcrypt_write() (git-fixes).
- dm crypt: avoid accessing uninitialized tasklet (git-fixes).
- dm flakey: do not corrupt the zero page (git-fixes).
- dm flakey: fix a bug with 32-bit highmem systems (git-fixes).
- dm flakey: fix a crash with invalid table line (git-fixes).
- dm flakey: fix logic when corrupting a bio (git-fixes).
- dm init: add dm-mod.waitfor to wait for asynchronously probed block devices (git-fixes).
- dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path (git-fixes).
- dm integrity: fix out-of-range warning (git-fixes).
- dm integrity: reduce vmalloc space footprint on 32-bit architectures (git-fixes).
- dm raid: clean up four equivalent goto tags in raid_ctr() (git-fixes).
- dm raid: fix false positive for requeue needed during reshape (git-fixes).
- dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths (git-fixes).
- dm stats: check for and propagate alloc_percpu failure (git-fixes).
- dm thin metadata: Fix ABBA deadlock by resetting dm_bufio_client (git-fixes).
- dm thin metadata: check fail_io before using data_sm (git-fixes).
- dm thin: add cond_resched() to various workqueue loops (git-fixes).
- dm thin: fix deadlock when swapping to thin device (bsc#1177529).
- dm verity: do not perform FEC for failed readahead IO (git-fixes).
- dm verity: fix error handling for check_at_most_once on FEC (git-fixes).
- dm zoned: free dmz->ddev array in dmz_put_zoned_devices (git-fixes).
- dm-delay: fix a race between delay_presuspend and delay_bio (git-fixes).
- dm-integrity: do not modify bio's immutable bio_vec in integrity_metadata() (git-fixes).
- dm-raid: fix lockdep waring in "pers->hot_add_disk" (git-fixes).
- dm-verity, dm-crypt: align "struct bvec_iter" correctly (git-fixes).
- dm-verity: align struct dm_verity_fec_io properly (git-fixes).
- dm: add cond_resched() to dm_wq_work() (git-fixes).
- dm: call the resume method on internal suspend (git-fixes).
- dm: do not lock fs when the map is NULL during suspend or resume (git-fixes).
- dm: do not lock fs when the map is NULL in process of resume (git-fixes).
- dm: remove flush_scheduled_work() during local_exit() (git-fixes).
- dm: send just one event on resize, not two (git-fixes).
- dma: xilinx_dpdma: Fix locking (git-fixes).
- dmaengine: idxd: Fix oops during rmmod on single-CPU platforms (git-fixes).
- dmaengine: owl: fix register access functions (git-fixes).
- dmaengine: tegra186: Fix residual calculation (git-fixes).
- docs: Document the FAN_FS_ERROR event (stable-fixes).
- drm-print: add drm_dbg_driver to improve namespace symmetry (stable-fixes).
- drm/amd/display: Do not recursively call manual trigger programming (stable-fixes).
- drm/amd/display: Fix nanosec stat overflow (stable-fixes).
- drm/amd/display: fix disable otg wa logic in DCN316 (stable-fixes).
- drm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11 (stable-fixes).
- drm/amdgpu/sdma5.2: use legacy HDP flush for SDMA2/3 (stable-fixes).
- drm/amdgpu: Fix leak when GPU memory allocation fails (stable-fixes).
- drm/amdgpu: Reset dGPU if suspend got aborted (stable-fixes).
- drm/amdgpu: always force full reset for SOC21 (stable-fixes).
- drm/amdgpu: fix incorrect active rb bitmap for gfx11 (stable-fixes).
- drm/amdgpu: fix incorrect number of active RBs for gfx11 (stable-fixes).
- drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2 (git-fixes).
- drm/amdgpu: validate the parameters of bo mapping operations more clearly (git-fixes).
- drm/amdkfd: Reset GPU on queue preemption failure (stable-fixes).
- drm/ast: Fix soft lockup (git-fixes).
- drm/client: Fully protect modes[] with dev->mode_config.mutex (stable-fixes).
- drm/i915/cdclk: Fix CDCLK programming order when pipes are active (git-fixes).
- drm/i915/vrr: Disable VRR when using bigjoiner (stable-fixes).
- drm/i915: Disable port sync when bigjoiner is used (stable-fixes).
- drm/msm/dp: fix typo in dp_display_handle_port_status_changed() (git-fixes).
- drm/nouveau/nvkm: add a replacement for nvkm_notify (bsc#1223834)
- drm/panel: ili9341: Respect deferred probe (git-fixes).
- drm/panel: ili9341: Use predefined error codes (git-fixes).
- drm/panel: visionox-rm69299: do not unregister DSI device (git-fixes).
- drm/vc4: do not check if plane->state->fb == state->fb (stable-fixes).
- drm/vmwgfx: Enable DMA mappings with SEV (git-fixes).
- drm/vmwgfx: Fix crtc's atomic check conditional (git-fixes).
- drm/vmwgfx: Fix invalid reads in fence signaled events (git-fixes).
- drm/vmwgfx: Sort primary plane formats by order of preference (git-fixes).
- drm: nv04: Fix out of bounds access (git-fixes).
- drm: panel-orientation-quirks: Add quirk for GPD Win Mini (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for Lenovo Legion Go (stable-fixes).
- dump_stack: Do not get cpu_sync for panic CPU (bsc#1223574).
- fbdev: fix incorrect address computation in deferred IO (git-fixes).
- fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 (stable-fixes).
- fbmon: prevent division by zero in fb_videomode_from_videomode() (stable-fixes).
- fix build warning
- fuse: do not unhash root (bsc#1223951).
- fuse: fix root lookup with nonzero generation (bsc#1223950).
- hwmon: (amc6821) add of_match table (stable-fixes).
- i2c: pxa: hide unused icr_bits[] variable (git-fixes).
- i2c: smbus: fix NULL function pointer dereference (git-fixes).
- i40e: Fix VF MAC filter removal (git-fixes).
- idma64: Do not try to serve interrupts when device is powered off (git-fixes).
- iio: accel: mxc4005: Interrupt handling fixes (git-fixes).
- iio:imu: adis16475: Fix sync mode setting (git-fixes).
- init/main.c: Fix potential static_command_line memory overflow (git-fixes).
- iommu/amd: Add a length limitation for the ivrs_acpihid command-line parameter (git-fixes).
- iommu/amd: Do not block updates to GATag if guest mode is on (git-fixes).
- iommu/amd: Fix "Guest Virtual APIC Table Root Pointer" configuration in IRTE (git-fixes).
- iommu/amd: Fix domain flush size when syncing iotlb (git-fixes).
- iommu/amd: Fix error handling for pdev_pri_ats_enable() (git-fixes).
- iommu/arm-smmu-qcom: Limit the SMR groups to 128 (git-fixes).
- iommu/arm-smmu-v3: Acknowledge pri/event queue overflow if any (git-fixes).
- iommu/arm-smmu-v3: Work around MMU-600 erratum 1076982 (git-fixes).
- iommu/fsl: fix all kernel-doc warnings in fsl_pamu.c (git-fixes).
- iommu/iova: Fix alloc iova overflows issue (git-fixes).
- iommu/mediatek: Flush IOTLB completely only if domain has been attached (git-fixes).
- iommu/rockchip: Fix unwind goto issue (git-fixes).
- iommu/sprd: Release dma buffer to avoid memory leak (git-fixes).
- iommu/vt-d: Allocate local memory for page request queue (git-fixes).
- iommu/vt-d: Allow zero SAGAW if second-stage not supported (git-fixes).
- iommu/vt-d: Fix error handling in sva enable/disable paths (git-fixes).
- iommu: Fix error unwind in iommu_group_alloc() (git-fixes).
- ipv6/addrconf: fix a potential refcount underflow for idev (git-fixes).
- kABI: Adjust trace_iterator.wait_index (git-fixes).
- kprobes: Fix double free of kretprobe_holder (bsc#1220901).
- kprobes: Fix possible use-after-free issue on kprobe registration (git-fixes).
- libnvdimm/of_pmem: Use devm_kstrdup instead of kstrdup and check its return value (git-fixes).
- libnvdimm/region: Allow setting align attribute on regions without mappings (git-fixes).
- livepatch: Fix missing newline character in klp_resolve_symbols() (bsc#1223539).
- md/raid1: fix choose next idle in read_balance() (git-fixes).
- md: Do not clear MD_CLOSING when the raid is about to stop (git-fixes).
- md: do not clear MD_RECOVERY_FROZEN for new dm-raid until resume (git-fixes).
- media: cec: core: remove length check of Timer Status (stable-fixes).
- media: sta2x11: fix irq handler cast (stable-fixes).
- mei: me: add arrow lake point H DID (stable-fixes).
- mei: me: add arrow lake point S DID (stable-fixes).
- mei: me: disable RPL-S on SPS and IGN firmwares (git-fixes).
- mm/vmscan: make sure wakeup_kswapd with managed zone (bsc#1223473).
- mmc: sdhci-msm: pervent access to suspended controller (git-fixes).
- mtd: diskonchip: work around ubsan link failure (stable-fixes).
- nd_btt: Make BTT lanes preemptible (git-fixes).
- net: bridge: vlan: fix memory leak in __allowed_ingress (git-fixes).
- net: fix a memleak when uncloning an skb dst and its metadata (git-fixes).
- net: fix skb leak in __skb_tstamp_tx() (git-fixes).
- net: ipv6: ensure we call ipv6_mc_down() at most once (git-fixes).
- net: mld: fix reference count leak in mld_{query | report}_work() (git-fixes).
- net: stream: purge sk_error_queue in sk_stream_kill_queues() (git-fixes).
- net: usb: ax88179_178a: avoid the interface always configured as random address (git-fixes).
- net: usb: ax88179_178a: avoid writing the mac address before first reading (git-fixes).
- net: usb: ax88179_178a: stop lying about skb->truesize (git-fixes).
- net: vlan: fix underflow for the real_dev refcnt (git-fixes).
- netfilter: br_netfilter: Drop dst references before setting (git-fixes).
- netfilter: ipt_CLUSTERIP: fix refcount leak in clusterip_tg_check() (git-fixes).
- netfilter: nft_ct: fix l3num expectations with inet pseudo family (git-fixes).
- nfsd: Fixed mount issue with KOTD (bsc#1223380 bsc#1217408 bsc#1223640).
- nfsd: use __fput_sync() to avoid delayed closing of files (bsc#1223380 bsc#1217408).
- nilfs2: fix OOB in nilfs_set_de_type (git-fixes).
- nilfs2: fix OOB in nilfs_set_de_type (git-fixes).
- nouveau: fix function cast warning (git-fixes).
- nouveau: fix instmem race condition around ptr stores (git-fixes).
- nvdimm/namespace: drop nested variable in create_namespace_pmem() (git-fixes).
- nvdimm: Allow overwrite in the presence of disabled dimms (git-fixes).
- nvdimm: Fix badblocks clear off-by-one error (git-fixes).
- nvdimm: Fix dereference after free in register_nvdimm_pmu() (git-fixes).
- nvdimm: Fix firmware activation deadlock scenarios (git-fixes).
- nvdimm: Fix memleak of pmu attr_groups in unregister_nvdimm_pmu() (git-fixes).
- pci_iounmap(): Fix MMIO mapping leak (git-fixes).
- phy: tegra: xusb: Add API to retrieve the port number of phy (stable-fixes).
- pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs (stable-fixes).
- platform/x86: intel-vbtn: Update tablet mode switch at end of probe (git-fixes).
- platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet (stable-fixes).
- powerpc/kasan: Do not instrument non-maskable or raw interrupts (bsc#1223191).
- powerpc/pseries/iommu: LPAR panics when rebooted with a frozen PE (bsc#1222011 ltc#205900).
- powerpc/rtas: define pr_fmt and convert printk call sites (bsc#1223369 ltc#205888).
- powerpc/rtas: export rtas_error_rc() for reuse (bsc#1223369 ltc#205888).
- powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt (bsc#1221645 ltc#205739 bsc#1223191).
- powerpc: Refactor verification of MSR_RI (bsc#1223191).
- printk: Add this_cpu_in_panic() (bsc#1223574).
- printk: Adjust mapping for 32bit seq macros (bsc#1223574).
- printk: Avoid non-panic CPUs writing to ringbuffer (bsc#1223574).
- printk: Disable passing console lock owner completely during panic() (bsc#1223574).
- printk: Drop console_sem during panic (bsc#1223574).
- printk: Rename abandon_console_lock_in_panic() to other_cpu_in_panic() (bsc#1223574).
- printk: Use prb_first_seq() as base for 32bit seq macros (bsc#1223574).
- printk: Wait for all reserved records with pr_flush() (bsc#1223574).
- printk: nbcon: Relocate 32bit seq macros (bsc#1223574).
- printk: ringbuffer: Clarify special lpos values (bsc#1223574).
- printk: ringbuffer: Cleanup reader terminology (bsc#1223574).
- printk: ringbuffer: Do not skip non-finalized records with prb_next_seq() (bsc#1223574).
- printk: ringbuffer: Improve prb_next_seq() performance (bsc#1223574).
- printk: ringbuffer: Skip non-finalized records in panic (bsc#1223574).
- pstore/zone: Add a null pointer check to the psz_kmsg_read (stable-fixes).
- ring-buffer: Do not set shortest_full when full target is hit (git-fixes).
- ring-buffer: Fix full_waiters_pending in poll (git-fixes).
- ring-buffer: Fix resetting of shortest_full (git-fixes).
- ring-buffer: Fix waking up ring buffer readers (git-fixes).
- ring-buffer: Make wake once of ring_buffer_wait() more robust (git-fixes).
- ring-buffer: Use wait_event_interruptible() in ring_buffer_wait() (git-fixes).
- ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment (git-fixes).
- s390/cio: Ensure the copied buf is NUL terminated (git-fixes bsc#1223875).
- s390/decompressor: fix misaligned symbol build error (git-fixes bsc#1223785).
- s390/mm: Fix clearing storage keys for huge pages (git-fixes bsc#1223877).
- s390/mm: Fix storage key clearing for guest huge pages (git-fixes bsc#1223878).
- s390/qeth: Fix kernel panic after setting hsuid (git-fixes bsc#1223879).
- s390/scm: fix virtual vs physical address confusion (git-fixes bsc#1223784).
- s390/vdso: Add CFI for RA register to asm macro vdso_func (git-fixes bsc#1223876).
- s390/vdso: drop '-fPIC' from LDFLAGS (git-fixes bsc#1223598).
- s390/zcrypt: fix reference counting on zcrypt card objects (git-fixes bsc#1223595).
- s390: Fixed LPM of lpar failure with error HSCLA2CF in 19th loops (jsc#PED-542 git-fixes bsc#1213573 ltc#203238).
- s390: Fixed kernel backtrack (bsc#1141539 git-fixes).
- serial/pmac_zilog: Remove flawed mitigation for rx irq flood (git-fixes).
- serial: core: Provide port lock wrappers (stable-fixes).
- serial: core: fix kernel-doc for uart_port_unlock_irqrestore() (git-fixes).
- serial: mxs-auart: add spinlock around changing cts state (git-fixes).
- slimbus: qcom-ngd-ctrl: Add timeout for wait operation (git-fixes).
- speakup: Avoid crash on very long word (git-fixes).
- speakup: Fix 8bit characters from direct synth (git-fixes).
- tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp (git-fixes).
- thunderbolt: Avoid notify PM core about runtime PM resume (stable-fixes).
- thunderbolt: Fix wake configurations after device unplug (stable-fixes).
- tracing/net_sched: Fix tracepoints that save qdisc_dev() as a string (git-fixes).
- tracing/ring-buffer: Fix wait_on_pipe() race (git-fixes).
- tracing: Have saved_cmdlines arrays all in one allocation (git-fixes).
- tracing: Remove precision vsnprintf() check from print event (git-fixes).
- tracing: Show size of requested perf buffer (git-fixes).
- tracing: Use .flush() call to wake up readers (git-fixes).
- usb: Disable USB3 LPM at shutdown (stable-fixes).
- usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed device (git-fixes).
- usb: dwc2: host: Fix dereference issue in DDMA completion flow (git-fixes).
- usb: gadget: composite: fix OS descriptors w_value logic (git-fixes).
- usb: gadget: f_fs: Fix a race condition when processing setup packets (git-fixes).
- usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport error (stable-fixes).
- usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic (git-fixes).
- usb: ohci: Prevent missed ohci interrupts (git-fixes).
- usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined (stable-fixes).
- usb: typec: tcpci: add generic tcpci fallback compatible (stable-fixes).
- usb: typec: tcpm: Check for port partner validity before consuming it (git-fixes).
- usb: typec: tcpm: unregister existing source caps before re-registration (bsc#1220569).
- usb: typec: ucsi: Ack unsupported commands (stable-fixes).
- usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset (stable-fixes).
- usb: typec: ucsi: Fix connector check on init (git-fixes).
- usb: udc: remove warning when queue disabled ep (stable-fixes).
- vdpa/mlx5: Allow CVQ size changes (git-fixes).
- virtio: treat alloc_dax() -EOPNOTSUPP failure as non-fatal (bsc#1223949).
- wifi: ath9k: fix LNA selection in ath_ant_try_scan() (stable-fixes).
- wifi: iwlwifi: mvm: remove old PASN station when adding a new one (git-fixes).
- wifi: iwlwifi: mvm: return uid from iwl_mvm_build_scan_cmd (git-fixes).
- wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes (stable-fixes).
- wifi: nl80211: do not free NULL coalescing rule (git-fixes).
- x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ (git-fixes).
- x86/mm: Ensure input to pfn_to_kaddr() is treated as a 64-bit type (jsc#PED-7167 git-fixes).
- x86/sev: Skip ROM range scans and validation for SEV-SNP guests (jsc#PED-7167 git-fixes).
- x86/xen: Add some null pointer checking to smp.c (git-fixes).
- x86/xen: add CPU dependencies for 32-bit build (git-fixes).
- x86/xen: fix percpu vcpu_info allocation (git-fixes).
- xen-netback: properly sync TX responses (git-fixes).
- xen-netfront: Add missing skb_mark_for_recycle (git-fixes).
- xen/gntdev: Fix the abuse of underlying struct page in DMA-buf import (git-fixes).
- xen/xenbus: document will_handle argument for xenbus_watch_path() (git-fixes).
- xfrm6: fix inet6_dev refcount underflow problem (git-fixes).
kernel-rt-5.14.21-150500.13.52.1.nosrc.rpm
True
kernel-rt-5.14.21-150500.13.52.1.x86_64.rpm
True
openSUSE-Leap-Micro-5.5-2024-1797
Recommended update for ipset
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for ipset fixes the following issue:
- Fix build with latest kernel (bsc#1223370)
ipset-7.15-150400.12.6.4.src.rpm
ipset-7.15-150400.12.6.4.x86_64.rpm
libipset13-7.15-150400.12.6.4.x86_64.rpm
ipset-7.15-150400.12.6.4.s390x.rpm
libipset13-7.15-150400.12.6.4.s390x.rpm
ipset-7.15-150400.12.6.4.aarch64.rpm
libipset13-7.15-150400.12.6.4.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1799
Recommended update for suseconnect-ng
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for suseconnect-ng fixes the following issue:
- Version update
* Fix certificate import for Yast when using a registration proxy with
self-signed SSL certificate (bsc#1223107)
* Allow "--rollback" flag to run on readonly filesystem (bsc#1220679)
suseconnect-ng-1.9.0-150500.3.21.2.src.rpm
suseconnect-ng-1.9.0-150500.3.21.2.x86_64.rpm
suseconnect-ng-1.9.0-150500.3.21.2.s390x.rpm
suseconnect-ng-1.9.0-150500.3.21.2.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1771
Security update for ucode-intel
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for ucode-intel fixes the following issues:
Intel CPU Microcode was updated to the 20240514 release (bsc#1224277)
- CVE-2023-45733: Fixed a potential security vulnerability in some
Intel® Processors that may have allowed information disclosure.
- CVE-2023-46103: Fixed a potential security vulnerability in Intel®
Core™ Ultra Processors that may have allowed denial of service.
- CVE-2023-45745,CVE-2023-47855: Fixed a potential security
vulnerabilities in some Intel® Trust Domain Extensions (TDX) module
software that may have allowed escalation of privilege.
ucode-intel-20240514-150200.41.1.src.rpm
ucode-intel-20240514-150200.41.1.x86_64.rpm
openSUSE-Leap-Micro-5.5-2024-1807
Security update for git
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for git fixes the following issues:
- CVE-2024-32002: Fixed recursive clones on case-insensitive filesystems that support symbolic links are susceptible to case confusion (bsc#1224168).
- CVE-2024-32004: Fixed arbitrary code execution during local clones (bsc#1224170).
- CVE-2024-32020: Fixed file overwriting vulnerability during local clones (bsc#1224171).
- CVE-2024-32021: Fixed git may create hardlinks to arbitrary user-readable files (bsc#1224172).
- CVE-2024-32465: Fixed arbitrary code execution during clone operations (bsc#1224173).
git-2.35.3-150300.10.39.1.src.rpm
git-2.35.3-150300.10.39.1.x86_64.rpm
git-core-2.35.3-150300.10.39.1.x86_64.rpm
perl-Git-2.35.3-150300.10.39.1.x86_64.rpm
git-2.35.3-150300.10.39.1.s390x.rpm
git-core-2.35.3-150300.10.39.1.s390x.rpm
perl-Git-2.35.3-150300.10.39.1.s390x.rpm
git-2.35.3-150300.10.39.1.aarch64.rpm
git-core-2.35.3-150300.10.39.1.aarch64.rpm
perl-Git-2.35.3-150300.10.39.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1796
Recommended update for kdump
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for kdump fixes the following issues:
- Return success from pre, post, preun and postun scriplets
(bsc#1222228, bsc#1191410)
- Differentiate between uninstall and upgrade in postun/prerun
(bsc#1191410)
kdump-1.0.2+git47.g28549ab-150500.3.6.1.src.rpm
kdump-1.0.2+git47.g28549ab-150500.3.6.1.x86_64.rpm
kdump-1.0.2+git47.g28549ab-150500.3.6.1.s390x.rpm
kdump-1.0.2+git47.g28549ab-150500.3.6.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1810
Recommended update for util-linux
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for util-linux fixes the following issues:
- Processes not cleaned up after failed SSH session are using up 100% CPU (bsc#1220117)
- lscpu: Add more ARM cores (bsc#1223605)
- Document that chcpu -g is not supported on IBM z/VM (bsc#1218609)
libblkid1-2.37.4-150500.9.11.1.x86_64.rpm
libfdisk1-2.37.4-150500.9.11.1.x86_64.rpm
libmount1-2.37.4-150500.9.11.1.x86_64.rpm
libsmartcols1-2.37.4-150500.9.11.1.x86_64.rpm
libuuid1-2.37.4-150500.9.11.1.x86_64.rpm
util-linux-2.37.4-150500.9.11.1.src.rpm
util-linux-2.37.4-150500.9.11.1.x86_64.rpm
util-linux-systemd-2.37.4-150500.9.11.1.src.rpm
util-linux-systemd-2.37.4-150500.9.11.1.x86_64.rpm
libblkid1-2.37.4-150500.9.11.1.s390x.rpm
libfdisk1-2.37.4-150500.9.11.1.s390x.rpm
libmount1-2.37.4-150500.9.11.1.s390x.rpm
libsmartcols1-2.37.4-150500.9.11.1.s390x.rpm
libuuid1-2.37.4-150500.9.11.1.s390x.rpm
util-linux-2.37.4-150500.9.11.1.s390x.rpm
util-linux-systemd-2.37.4-150500.9.11.1.s390x.rpm
libblkid1-2.37.4-150500.9.11.1.aarch64.rpm
libfdisk1-2.37.4-150500.9.11.1.aarch64.rpm
libmount1-2.37.4-150500.9.11.1.aarch64.rpm
libsmartcols1-2.37.4-150500.9.11.1.aarch64.rpm
libuuid1-2.37.4-150500.9.11.1.aarch64.rpm
util-linux-2.37.4-150500.9.11.1.aarch64.rpm
util-linux-systemd-2.37.4-150500.9.11.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1863
Security update for python-Jinja2
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for python-Jinja2 fixes the following issues:
- Fixed HTML attribute injection when passing user input as keys to xmlattr filter (CVE-2024-34064, bsc#1223980, CVE-2024-22195, bsc#1218722)
python-Jinja2-2.10.1-150000.3.13.1.src.rpm
python3-Jinja2-2.10.1-150000.3.13.1.noarch.rpm
openSUSE-Leap-Micro-5.5-2024-2992
Recommended update for regionServiceClientConfigEC2
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for regionServiceClientConfigEC2 contains the following fixes:
- Update to version 4.3.0 (bsc#1228363)
+ The IPv6 cert was switched up for the region server running in us-west-2
and as such the SSL handshake was failing. Drop the incorrect cert
and add the correct cert.
- Switch the patch syntax away form the deprecated shorthand macro
- Version 4.2.0
Replace certs (length 4096):
rgnsrv-ec2-cn-north1 -> 54.223.148.145 expires in 8 years
rgnsrv-ec2-us-west2-2 -> 54.245.101.47 expires in 9 years
Sidenote: We have one server with a short cert (2048) left;
34.197.223.242 expires in 2027
- Version 4.1.1
Add patch no-ipv6.patch to not serve IPv6 addresses on SLES12
Related to bsc#1218656
regionServiceClientConfigEC2-4.3.0-150000.3.30.1.noarch.rpm
regionServiceClientConfigEC2-4.3.0-150000.3.30.1.src.rpm
openSUSE-Leap-Micro-5.5-2024-2479
Security update for python3
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for python3 fixes the following issues:
- CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number (bsc#1219559).
- CVE-2024-0450: Fixed detecting the vulnerability of "quoted-overlap" zipbomb (bsc#1221854).
- CVE-2024-4032: Rearranging definition of private v global IP. (bsc#1226448)
- CVE-2024-0397: Remove a memory race condition in ssl.SSLContext certificate store methods. (bsc#1226447)
libpython3_6m1_0-3.6.15-150300.10.65.1.x86_64.rpm
python3-3.6.15-150300.10.65.2.src.rpm
python3-3.6.15-150300.10.65.2.x86_64.rpm
python3-base-3.6.15-150300.10.65.1.x86_64.rpm
python3-core-3.6.15-150300.10.65.1.src.rpm
libpython3_6m1_0-3.6.15-150300.10.65.1.s390x.rpm
python3-3.6.15-150300.10.65.2.s390x.rpm
python3-base-3.6.15-150300.10.65.1.s390x.rpm
libpython3_6m1_0-3.6.15-150300.10.65.1.aarch64.rpm
python3-3.6.15-150300.10.65.2.aarch64.rpm
python3-base-3.6.15-150300.10.65.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1809
Recommended update for libbpf
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for libbpf fixes the following issues:
- Fixed potential null pointer dereference in bpf_object__collect_prog_relos() (bsc#1221101)
libbpf-1.1.0-150500.3.3.1.src.rpm
libbpf1-1.1.0-150500.3.3.1.x86_64.rpm
libbpf1-1.1.0-150500.3.3.1.s390x.rpm
libbpf1-1.1.0-150500.3.3.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1880
Security update for python-requests
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for python-requests fixes the following issues:
- CVE-2024-35195: Fixed cert verification regardless of changes to the value of `verify` (bsc#1224788).
python-requests-2.25.1-150300.3.9.1.src.rpm
python3-requests-2.25.1-150300.3.9.1.noarch.rpm
openSUSE-Leap-Micro-5.5-2024-2108
Security update for containerd
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for containerd fixes the following issues:
Update to containerd v1.7.17.
- CVE-2023-45288: Fixed the limit of CONTINUATION frames read for an HTTP/2 request (bsc#1221400).
- Fixed /sys/devices/virtual/powercap accessibility by default containers to mitigate power-based side channel attacks (bsc#1224323).
containerd-1.7.17-150000.111.3.src.rpm
containerd-1.7.17-150000.111.3.x86_64.rpm
containerd-1.7.17-150000.111.3.s390x.rpm
containerd-1.7.17-150000.111.3.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1787
Security update for the Linux Kernel
important
SUSE Updates openSUSE-Leap-Micro 5.5
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.
This update fixes a regression with kerberized nfs4 shares in the previous update (bsc#1223858).
kernel-default-5.14.21-150500.55.65.1.nosrc.rpm
True
kernel-default-5.14.21-150500.55.65.1.x86_64.rpm
True
kernel-default-base-5.14.21-150500.55.65.1.150500.6.29.1.src.rpm
True
kernel-default-base-5.14.21-150500.55.65.1.150500.6.29.1.x86_64.rpm
True
kernel-default-5.14.21-150500.55.65.1.s390x.rpm
True
kernel-default-5.14.21-150500.55.65.1.aarch64.rpm
True
kernel-default-base-5.14.21-150500.55.65.1.150500.6.29.1.aarch64.rpm
True
openSUSE-Leap-Micro-5.5-2024-1888
Recommended update for suse-module-tools
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for suse-module-tools fixes the following issues:
- Include unblacklist in initramfs (bsc#1224320)
- regenerate-initrd-posttrans: run update-bootloader --refresh for XEN (bsc#1223278)
- 60-io-scheduler.rules: test for "scheduler" sysfs attribute (bsc#1216717)
suse-module-tools-15.5.5-150500.3.12.2.src.rpm
suse-module-tools-15.5.5-150500.3.12.2.x86_64.rpm
suse-module-tools-15.5.5-150500.3.12.2.s390x.rpm
suse-module-tools-15.5.5-150500.3.12.2.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1830
Security update for glib2
low
SUSE Updates openSUSE-Leap-Micro 5.5
This update for glib2 fixes the following issues:
- CVE-2024-34397: Fixed signal subscription unicast spoofing vulnerability (bsc#1224044).
glib2-2.70.5-150400.3.11.1.src.rpm
glib2-tools-2.70.5-150400.3.11.1.x86_64.rpm
libgio-2_0-0-2.70.5-150400.3.11.1.x86_64.rpm
libglib-2_0-0-2.70.5-150400.3.11.1.x86_64.rpm
libgmodule-2_0-0-2.70.5-150400.3.11.1.x86_64.rpm
libgobject-2_0-0-2.70.5-150400.3.11.1.x86_64.rpm
glib2-tools-2.70.5-150400.3.11.1.s390x.rpm
libgio-2_0-0-2.70.5-150400.3.11.1.s390x.rpm
libglib-2_0-0-2.70.5-150400.3.11.1.s390x.rpm
libgmodule-2_0-0-2.70.5-150400.3.11.1.s390x.rpm
libgobject-2_0-0-2.70.5-150400.3.11.1.s390x.rpm
glib2-tools-2.70.5-150400.3.11.1.aarch64.rpm
libgio-2_0-0-2.70.5-150400.3.11.1.aarch64.rpm
libglib-2_0-0-2.70.5-150400.3.11.1.aarch64.rpm
libgmodule-2_0-0-2.70.5-150400.3.11.1.aarch64.rpm
libgobject-2_0-0-2.70.5-150400.3.11.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1883
Recommended update for iputils
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for iputils fixes the following issue:
- "arping: Fix 1s delay on exit for unsolicited arpings",
backport upstream fix (bsc#1224877)
- Backport proposed fix for regression in upstream commit 4db1de6 (bsc#1224877)
iputils-20221126-150500.3.5.3.src.rpm
iputils-20221126-150500.3.5.3.x86_64.rpm
iputils-20221126-150500.3.5.3.s390x.rpm
iputils-20221126-150500.3.5.3.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1802
Recommended update for e2fsprogs
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for e2fsprogs fixes the following issues:
EA Inode handling fixes:
- ext2fs: avoid re-reading inode multiple times (bsc#1223596)
- e2fsck: fix potential out-of-bounds read in inc_ea_inode_refs() (bsc#1223596)
- e2fsck: add more checks for ea inode consistency (bsc#1223596)
- e2fsck: fix golden output of several tests (bsc#1223596)
e2fsprogs-1.46.4-150400.3.6.2.src.rpm
e2fsprogs-1.46.4-150400.3.6.2.x86_64.rpm
libcom_err2-1.46.4-150400.3.6.2.x86_64.rpm
libext2fs2-1.46.4-150400.3.6.2.x86_64.rpm
e2fsprogs-1.46.4-150400.3.6.2.s390x.rpm
libcom_err2-1.46.4-150400.3.6.2.s390x.rpm
libext2fs2-1.46.4-150400.3.6.2.s390x.rpm
e2fsprogs-1.46.4-150400.3.6.2.aarch64.rpm
libcom_err2-1.46.4-150400.3.6.2.aarch64.rpm
libext2fs2-1.46.4-150400.3.6.2.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-2684
Recommended update for mozilla-nss
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for mozilla-nss fixes the following issues:
- Fixed startup crash of Firefox when using FIPS-mode (bsc#1223724).
- Added "Provides: nss" so other RPMs that require 'nss' can
be installed (jira PED-6358).
- FIPS: added safe memsets (bsc#1222811)
- FIPS: restrict AES-GCM (bsc#1222830)
- FIPS: Updated FIPS approved cipher lists (bsc#1222813, bsc#1222814, bsc#1222821, bsc#1222822, bsc#1224118)
- FIPS: Updated FIPS self tests (bsc#1222807, bsc#1222828, bsc#1222834)
- FIPS: Updated FIPS approved cipher lists (bsc#1222804, bsc#1222826, bsc#1222833, bsc#1224113, bsc#1224115, bsc#1224116)
- Require `sed` for mozilla-nss-sysinit, as setup-nsssysinit.sh
depends on it and will create a broken, empty config, if sed is
missing (bsc#1227918)
Update to NSS 3.101.2:
* bmo#1905691 - ChaChaXor to return after the function
update to NSS 3.101.1:
* GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME.
update to NSS 3.101:
* add diagnostic assertions for SFTKObject refcount.
* freeing the slot in DeleteCertAndKey if authentication failed
* fix formatting issues.
* Add Firmaprofesional CA Root-A Web to NSS.
* remove invalid acvp fuzz test vectors.
* pad short P-384 and P-521 signatures gtests.
* remove unused FreeBL ECC code.
* pad short P-384 and P-521 signatures.
* be less strict about ECDSA private key length.
* Integrate HACL* P-521.
* Integrate HACL* P-384.
* memory leak in create_objects_from_handles.
* ensure all input is consumed in a few places in mozilla::pkix
* SMIME/CMS and PKCS #12 do not integrate with modern NSS policy
* clean up escape handling
* Use lib::pkix as default validator instead of the old-one
* Need to add high level support for PQ signing.
* Certificate Compression: changing the allocation/freeing of buffer + Improving the documentation
* SMIME/CMS and PKCS #12 do not integrate with modern NSS policy
* Allow for non-full length ecdsa signature when using softoken
* Modification of .taskcluster.yml due to mozlint indent defects
* Implement support for PBMAC1 in PKCS#12
* disable VLA warnings for fuzz builds.
* remove redundant AllocItem implementation.
* add PK11_ReadDistrustAfterAttribute.
* - Clang-formatting of SEC_GetMgfTypeByOidTag update
* Set SEC_ERROR_LIBRARY_FAILURE on self-test failure
* sftk_getParameters(): Fix fallback to default variable after error with configfile.
* Switch to the mozillareleases/image_builder image
- switch from ec_field_GFp to ec_field_plain
Update to NSS 3.100:
* merge pk11_kyberSlotList into pk11_ecSlotList for faster Xyber operations.
* remove ckcapi.
* avoid a potential PK11GenericObject memory leak.
* Remove incomplete ESDH code.
* Decrypt RSA OAEP encrypted messages.
* Fix certutil CRLDP URI code.
* Don't set CKA_DERIVE for CKK_EC_EDWARDS private keys.
* Add ability to encrypt and decrypt CMS messages using ECDH.
* Correct Templates for key agreement in smime/cmsasn.c.
* Moving the decodedCert allocation to NSS.
* Allow developers to speed up repeated local execution of NSS tests that depend on certificates.
Update to NSS 3.99:
* Removing check for message len in ed25519 (bmo#1325335)
* add ed25519 to SECU_ecName2params. (bmo#1884276)
* add EdDSA wycheproof tests. (bmo#1325335)
* nss/lib layer code for EDDSA. (bmo#1325335)
* Adding EdDSA implementation. (bmo#1325335)
* Exporting Certificate Compression types (bmo#1881027)
* Updating ACVP docker to rust 1.74 (bmo#1880857)
* Updating HACL* to 0f136f28935822579c244f287e1d2a1908a7e552 (bmo#1325335)
* Add NSS_CMSRecipient_IsSupported. (bmo#1877730)
Update to NSS 3.98:
* (CVE-2023-5388) Timing attack against RSA decryption in TLS
* Certificate Compression: enabling the check that the compression was advertised
* Move Windows workers to nss-1/b-win2022-alpha
* Remove Email trust bit from OISTE WISeKey Global Root GC CA
* Replace `distutils.spawn.find_executable` with `shutil.which` within `mach` in `nss`
* Certificate Compression: Updating nss_bogo_shim to support Certificate compression
* TLS Certificate Compression (RFC 8879) Implementation
* Add valgrind annotations to freebl kyber operations for constant-time execution tests
* Set nssckbi version number to 2.66
* Add Telekom Security roots
* Add D-Trust 2022 S/MIME roots
* Remove expired Security Communication RootCA1 root
* move keys to a slot that supports concatenation in PK11_ConcatSymKeys
* remove unmaintained tls-interop tests
* bogo: add support for the -ipv6 and -shim-id shim flags
* bogo: add support for the -curves shim flag and update Kyber expectations
* bogo: adjust expectation for a key usage bit test
* mozpkix: add option to ignore invalid subject alternative names
* Fix selfserv not stripping `publicname:` from -X value
* take ownership of ecckilla shims
* add valgrind annotations to freebl/ec.c
* PR_INADDR_ANY needs PR_htonl before assignment to inet.ip
* Update zlib to 1.3.1
Update to NSS 3.97:
* make Xyber768d00 opt-in by policy
* add libssl support for xyber768d00
* add PK11_ConcatSymKeys
* add Kyber and a PKCS#11 KEM interface to softoken
* add a FreeBL API for Kyber
* part 2: vendor github.com/pq-crystals/kyber/commit/e0d1c6ff
* part 1: add a script for vendoring kyber from pq-crystals repo
* Removing the calls to RSA Blind from loader.*
* fix worker type for level3 mac tasks
* RSA Blind implementation
* Remove DSA selftests
* read KWP testvectors from JSON
* Backed out changeset dcb174139e4f
* Fix CKM_PBE_SHA1_DES2_EDE_CBC derivation
* Wrap CC shell commands in gyp expansions
Update to NSS 3.96.1:
* Use pypi dependencies for MacOS worker in ./build_gyp.sh
* p7sign: add -a hash and -u certusage (also p7verify cleanups)
* add a defensive check for large ssl_DefSend return values
* Add dependency to the taskcluster script for Darwin
* Upgrade version of the MacOS worker for the CI
Update to NSS 3.95:
* Bump builtins version number.
* Remove Email trust bit from Autoridad de Certificacion Firmaprofesional CIF A62634068 root cert.
* Remove 4 DigiCert (Symantec/Verisign) Root Certificates
* Remove 3 TrustCor Root Certificates from NSS.
* Remove Camerfirma root certificates from NSS.
* Remove old Autoridad de Certificacion Firmaprofesional Certificate.
* Add four Commscope root certificates to NSS.
* Add TrustAsia Global Root CA G3 and G4 root certificates.
* Include P-384 and P-521 Scalar Validation from HACL*
* Include P-256 Scalar Validation from HACL*.
* After the HACL 256 ECC patch, NSS incorrectly encodes 256 ECC without DER wrapping at the softoken level
* Add means to provide library parameters to C_Initialize
* add OSXSAVE and XCR0 tests to AVX2 detection.
* Typo in ssl3_AppendHandshakeNumber
* Introducing input check of ssl3_AppendHandshakeNumber
* Fix Invalid casts in instance.c
Update to NSS 3.94:
* Updated code and commit ID for HACL*
* update ACVP fuzzed test vector: refuzzed with current NSS
* Softoken C_ calls should use system FIPS setting to select NSC_ or FC_ variants
* NSS needs a database tool that can dump the low level representation of the database
* declare string literals using char in pkixnames_tests.cpp
* avoid implicit conversion for ByteString
* update rust version for acvp docker
* Moving the init function of the mpi_ints before clean-up in ec.c
* P-256 ECDH and ECDSA from HACL*
* Add ACVP test vectors to the repository
* Stop relying on std::basic_string<uint8_t>
* Transpose the PPC_ABI check from Makefile to gyp
Update to NSS 3.93:
* Update zlib in NSS to 1.3.
* softoken: iterate hashUpdate calls for long inputs.
* regenerate NameConstraints test certificates (bsc#1214980).
Update to NSS 3.92:
* Set nssckbi version number to 2.62
* Add 4 Atos TrustedRoot Root CA certificates to NSS
* Add 4 SSL.com Root CA certificates
* Add Sectigo E46 and R46 Root CA certificates
* Add LAWtrust Root CA2 (4096)
* Remove E-Tugra Certification Authority root
* Remove Camerfirma Chambers of Commerce Root.
* Remove Hongkong Post Root CA 1
* Remove E-Tugra Global Root CA ECC v3 and RSA v3
* Avoid redefining BYTE_ORDER on hppa Linux
Update to NSS 3.91:
* Implementation of the HW support check for ADX instruction
* Removing the support of Curve25519
* Fix comment about the addition of ticketSupportsEarlyData
* Adding args to enable-legacy-db build
* dbtests.sh failure in "certutil dump keys with explicit default trust flags"
* Initialize flags in slot structures
* Improve the length check of RSA input to avoid heap overflow
* Followup Fixes
* avoid processing unexpected inputs by checking for m_exptmod base sign
* add a limit check on order_k to avoid infinite loop
* Update HACL* to commit 5f6051d2
* add SHA3 to cryptohi and softoken
* HACL SHA3
* Disabling ASM C25519 for A but X86_64
Update to NSS 3.90.3:
* GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME.
* clean up escape handling.
* remove redundant AllocItem implementation.
* Disable ASM support for Curve25519.
* Disable ASM support for Curve25519 for all but X86_64.
libfreebl3-3.101.2-150400.3.48.1.x86_64.rpm
libsoftokn3-3.101.2-150400.3.48.1.x86_64.rpm
mozilla-nss-3.101.2-150400.3.48.1.src.rpm
mozilla-nss-3.101.2-150400.3.48.1.x86_64.rpm
mozilla-nss-certs-3.101.2-150400.3.48.1.x86_64.rpm
mozilla-nss-tools-3.101.2-150400.3.48.1.x86_64.rpm
libfreebl3-3.101.2-150400.3.48.1.s390x.rpm
libsoftokn3-3.101.2-150400.3.48.1.s390x.rpm
mozilla-nss-3.101.2-150400.3.48.1.s390x.rpm
mozilla-nss-certs-3.101.2-150400.3.48.1.s390x.rpm
mozilla-nss-tools-3.101.2-150400.3.48.1.s390x.rpm
libfreebl3-3.101.2-150400.3.48.1.aarch64.rpm
libsoftokn3-3.101.2-150400.3.48.1.aarch64.rpm
mozilla-nss-3.101.2-150400.3.48.1.aarch64.rpm
mozilla-nss-certs-3.101.2-150400.3.48.1.aarch64.rpm
mozilla-nss-tools-3.101.2-150400.3.48.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1813
Security update for the Linux Kernel
important
SUSE Updates openSUSE-Leap-Micro 5.5
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes.
This update fixes a regression with kerberized nfs4 shares in the previous update (bsc#1223858).
kernel-rt-5.14.21-150500.13.55.1.nosrc.rpm
True
kernel-rt-5.14.21-150500.13.55.1.x86_64.rpm
True
openSUSE-Leap-Micro-5.5-2024-2003
Security update for cups
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for cups fixes the following issues:
- CVE-2024-35235: Fixed a bug in cupsd that could allow an attacker to change the permissions of other files in the system. (bsc#1225365)
- Handle local 'Negotiate' authentication response for cli clients (bsc#1223179)
cups-2.2.7-150000.3.59.1.src.rpm
cups-config-2.2.7-150000.3.59.1.x86_64.rpm
libcups2-2.2.7-150000.3.59.1.x86_64.rpm
cups-config-2.2.7-150000.3.59.1.s390x.rpm
libcups2-2.2.7-150000.3.59.1.s390x.rpm
cups-config-2.2.7-150000.3.59.1.aarch64.rpm
libcups2-2.2.7-150000.3.59.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1933
Recommended update for libvirt
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for libvirt fixes the following issues:
- rpc: Don't warn about "max_client_requests" in single-threaded daemons (bsc#1224327)
- security: Ensure file exists before attempting to restore label (bsc#1220714)
libvirt-9.0.0-150500.6.23.1.src.rpm
libvirt-client-9.0.0-150500.6.23.1.x86_64.rpm
libvirt-daemon-9.0.0-150500.6.23.1.x86_64.rpm
libvirt-daemon-driver-interface-9.0.0-150500.6.23.1.x86_64.rpm
libvirt-daemon-driver-network-9.0.0-150500.6.23.1.x86_64.rpm
libvirt-daemon-driver-nodedev-9.0.0-150500.6.23.1.x86_64.rpm
libvirt-daemon-driver-nwfilter-9.0.0-150500.6.23.1.x86_64.rpm
libvirt-daemon-driver-qemu-9.0.0-150500.6.23.1.x86_64.rpm
libvirt-daemon-driver-secret-9.0.0-150500.6.23.1.x86_64.rpm
libvirt-daemon-driver-storage-9.0.0-150500.6.23.1.x86_64.rpm
libvirt-daemon-driver-storage-core-9.0.0-150500.6.23.1.x86_64.rpm
libvirt-daemon-driver-storage-disk-9.0.0-150500.6.23.1.x86_64.rpm
libvirt-daemon-driver-storage-iscsi-9.0.0-150500.6.23.1.x86_64.rpm
libvirt-daemon-driver-storage-iscsi-direct-9.0.0-150500.6.23.1.x86_64.rpm
libvirt-daemon-driver-storage-logical-9.0.0-150500.6.23.1.x86_64.rpm
libvirt-daemon-driver-storage-mpath-9.0.0-150500.6.23.1.x86_64.rpm
libvirt-daemon-driver-storage-rbd-9.0.0-150500.6.23.1.x86_64.rpm
libvirt-daemon-driver-storage-scsi-9.0.0-150500.6.23.1.x86_64.rpm
libvirt-daemon-qemu-9.0.0-150500.6.23.1.x86_64.rpm
libvirt-libs-9.0.0-150500.6.23.1.x86_64.rpm
libvirt-client-9.0.0-150500.6.23.1.s390x.rpm
libvirt-daemon-9.0.0-150500.6.23.1.s390x.rpm
libvirt-daemon-driver-interface-9.0.0-150500.6.23.1.s390x.rpm
libvirt-daemon-driver-network-9.0.0-150500.6.23.1.s390x.rpm
libvirt-daemon-driver-nodedev-9.0.0-150500.6.23.1.s390x.rpm
libvirt-daemon-driver-nwfilter-9.0.0-150500.6.23.1.s390x.rpm
libvirt-daemon-driver-qemu-9.0.0-150500.6.23.1.s390x.rpm
libvirt-daemon-driver-secret-9.0.0-150500.6.23.1.s390x.rpm
libvirt-daemon-driver-storage-9.0.0-150500.6.23.1.s390x.rpm
libvirt-daemon-driver-storage-core-9.0.0-150500.6.23.1.s390x.rpm
libvirt-daemon-driver-storage-disk-9.0.0-150500.6.23.1.s390x.rpm
libvirt-daemon-driver-storage-iscsi-9.0.0-150500.6.23.1.s390x.rpm
libvirt-daemon-driver-storage-iscsi-direct-9.0.0-150500.6.23.1.s390x.rpm
libvirt-daemon-driver-storage-logical-9.0.0-150500.6.23.1.s390x.rpm
libvirt-daemon-driver-storage-mpath-9.0.0-150500.6.23.1.s390x.rpm
libvirt-daemon-driver-storage-scsi-9.0.0-150500.6.23.1.s390x.rpm
libvirt-daemon-qemu-9.0.0-150500.6.23.1.s390x.rpm
libvirt-libs-9.0.0-150500.6.23.1.s390x.rpm
libvirt-client-9.0.0-150500.6.23.1.aarch64.rpm
libvirt-daemon-9.0.0-150500.6.23.1.aarch64.rpm
libvirt-daemon-driver-interface-9.0.0-150500.6.23.1.aarch64.rpm
libvirt-daemon-driver-network-9.0.0-150500.6.23.1.aarch64.rpm
libvirt-daemon-driver-nodedev-9.0.0-150500.6.23.1.aarch64.rpm
libvirt-daemon-driver-nwfilter-9.0.0-150500.6.23.1.aarch64.rpm
libvirt-daemon-driver-qemu-9.0.0-150500.6.23.1.aarch64.rpm
libvirt-daemon-driver-secret-9.0.0-150500.6.23.1.aarch64.rpm
libvirt-daemon-driver-storage-9.0.0-150500.6.23.1.aarch64.rpm
libvirt-daemon-driver-storage-core-9.0.0-150500.6.23.1.aarch64.rpm
libvirt-daemon-driver-storage-disk-9.0.0-150500.6.23.1.aarch64.rpm
libvirt-daemon-driver-storage-iscsi-9.0.0-150500.6.23.1.aarch64.rpm
libvirt-daemon-driver-storage-iscsi-direct-9.0.0-150500.6.23.1.aarch64.rpm
libvirt-daemon-driver-storage-logical-9.0.0-150500.6.23.1.aarch64.rpm
libvirt-daemon-driver-storage-mpath-9.0.0-150500.6.23.1.aarch64.rpm
libvirt-daemon-driver-storage-rbd-9.0.0-150500.6.23.1.aarch64.rpm
libvirt-daemon-driver-storage-scsi-9.0.0-150500.6.23.1.aarch64.rpm
libvirt-daemon-qemu-9.0.0-150500.6.23.1.aarch64.rpm
libvirt-libs-9.0.0-150500.6.23.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-2028
Security update for tiff
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for tiff fixes the following issues:
- CVE-2023-3164: Fixed a heap buffer overflow in tiffcrop. (bsc#1212233)
libtiff5-4.0.9-150000.45.44.1.x86_64.rpm
tiff-4.0.9-150000.45.44.1.src.rpm
libtiff5-4.0.9-150000.45.44.1.s390x.rpm
libtiff5-4.0.9-150000.45.44.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-2024
Recommended update for jitterentropy
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for jitterentropy fixes the following issues:
- Fixed a stack corruption on s390x: [bsc#1209627]
* Output size of the STCKE command on s390x is 16 bytes, compared
to 8 bytes of the STCK command. Fix a stack corruption in the
s390x version of jent_get_nstime(). Add some more detailed
information on the STCKE command.
Updated to 3.4.1
* add FIPS 140 hints to man page
* simplify the test tool to search for optimal configurations
* fix: jent_loop_shuffle: re-add setting the time that was lost with 3.4.0
* enhancement: add ARM64 assembler code to read high-res timer
jitterentropy-3.4.1-150000.1.12.1.src.rpm
jitterentropy-devel-3.4.1-150000.1.12.1.x86_64.rpm
libjitterentropy3-3.4.1-150000.1.12.1.x86_64.rpm
jitterentropy-devel-3.4.1-150000.1.12.1.s390x.rpm
libjitterentropy3-3.4.1-150000.1.12.1.s390x.rpm
jitterentropy-devel-3.4.1-150000.1.12.1.aarch64.rpm
libjitterentropy3-3.4.1-150000.1.12.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1987
Security update for skopeo
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for skopeo fixes the following issues:
- Update to version 1.14.4:
- CVE-2024-3727: Fixed a vulnerability that allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, resource exhaustion, local path traversal and other attacks. (bsc#1224123)
skopeo-1.14.4-150300.11.11.1.src.rpm
skopeo-1.14.4-150300.11.11.1.x86_64.rpm
skopeo-1.14.4-150300.11.11.1.s390x.rpm
skopeo-1.14.4-150300.11.11.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-2085
recommended update for python-requests
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for python-requests fixes the following issue:
- Allow the usage of "verify" parameter as a directory. (bsc#1225912)
python-requests-2.25.1-150300.3.12.2.src.rpm
python3-requests-2.25.1-150300.3.12.2.noarch.rpm
openSUSE-Leap-Micro-5.5-2024-1994
Recommended update for iputils
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for iputils fixes the following issue:
- After upstream merged the fix, update git commit hashes.
iputils-20221126-150500.3.8.2.src.rpm
iputils-20221126-150500.3.8.2.x86_64.rpm
iputils-20221126-150500.3.8.2.s390x.rpm
iputils-20221126-150500.3.8.2.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-2023
Recommended update for socat
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for socat fixes the following issues:
socat is updated to 1.8.0.0:
Primary feature is enabling TLS 1.3 support. (jsc#PED-8413)
* Support for network namespaces (option netns)
* TCP client now automatically tries all addresses (IPv4 and IPv6) provided by nameserver until success
* Implementation of POSIX message queue (mq) control and access on Linux (addresses POSIXMQ-READ and following)
* New wrapper script socat-chain.sh allows to stack two addresses, e.g.HTTP proxy connect over SSL
* New script socat-mux.sh allows n-to-1 / 1-to-n communications
* New script socat-broker.sh allows group communications
* Experimental socks5 client feature
* Address ACCEPT-FD for systemd "inetd" mode
* UDP-Lite and DCCP address types
* Addresses SOCKETPAIR and SHELL
* New option bind-tmpname allows forked off children to bind UNIX domain client sockets to random unique pathes
* New option retrieve-vlan (with INTERFACE addresses) now makes kernel keep VLAN tags in incoming packets
* Simple statistics output with Socat option --statistics and with SIGUSR1
* A couple of new options, many fixes and corrections, see file CHANGES
Update to 1.7.4.4:
* FIX: In error.c msg2() there was a stack overflow on long messages: The
terminating \0 Byte was written behind the last position.
* FIX: UDP-RECVFROM with fork sometimes terminated when multiple packets
arrived.
* FIX: a couple of weaknesses and errors when accessing invalid or
incompatible file system entries with UNIX domain, file, and generic
addresses.
* FIX: bad parser error message on "socat /tmp/x\"x/x -"
Update to 1.7.4.3:
* fixes the TCP_INFO issue that broke building on non-Linux platforms.
* building on AIX works again.
* A few more corrections and improvements have been added
Update to version 1.7.4.2:
* Fixes a lot of bugs, e.g., for options -r and -R.
* Further bugfixes, see the CHANGES file
Update to 1.7.4.1:
Security:
* Buffer size option (-b) is internally doubled for CR-CRLF conversion,
but not checked for integer overflow. This could lead to heap based buffer
overflow, assuming the attacker could provide this parameter.
* Many further bugfixes and new features, see the CHANGES file
socat-1.8.0.0-150400.14.3.1.src.rpm
socat-1.8.0.0-150400.14.3.1.x86_64.rpm
socat-1.8.0.0-150400.14.3.1.s390x.rpm
socat-1.8.0.0-150400.14.3.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1993
Recommended update for sssd
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for sssd fixes the following issues:
- Use the name from the cached entries when updating them to avoid
capitalization problems (bsc#1223050)
libsss_certmap0-2.5.2-150500.10.20.2.x86_64.rpm
libsss_idmap0-2.5.2-150500.10.20.2.x86_64.rpm
libsss_nss_idmap0-2.5.2-150500.10.20.2.x86_64.rpm
sssd-2.5.2-150500.10.20.2.src.rpm
sssd-2.5.2-150500.10.20.2.x86_64.rpm
sssd-common-2.5.2-150500.10.20.2.x86_64.rpm
sssd-krb5-common-2.5.2-150500.10.20.2.x86_64.rpm
sssd-ldap-2.5.2-150500.10.20.2.x86_64.rpm
libsss_certmap0-2.5.2-150500.10.20.2.s390x.rpm
libsss_idmap0-2.5.2-150500.10.20.2.s390x.rpm
libsss_nss_idmap0-2.5.2-150500.10.20.2.s390x.rpm
sssd-2.5.2-150500.10.20.2.s390x.rpm
sssd-common-2.5.2-150500.10.20.2.s390x.rpm
sssd-krb5-common-2.5.2-150500.10.20.2.s390x.rpm
sssd-ldap-2.5.2-150500.10.20.2.s390x.rpm
libsss_certmap0-2.5.2-150500.10.20.2.aarch64.rpm
libsss_idmap0-2.5.2-150500.10.20.2.aarch64.rpm
libsss_nss_idmap0-2.5.2-150500.10.20.2.aarch64.rpm
sssd-2.5.2-150500.10.20.2.aarch64.rpm
sssd-common-2.5.2-150500.10.20.2.aarch64.rpm
sssd-krb5-common-2.5.2-150500.10.20.2.aarch64.rpm
sssd-ldap-2.5.2-150500.10.20.2.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1990
Security update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed fixes the following issues:
Security Update 550.90.07:
- CVE-2024-0090: Fixed out of bounds write (bsc#1223356).
- CVE-2024-0092: Fixed incorrect exception handling (bsc#1223356).
- CVE-2024-0091: Fixed untrusted pointer dereference (bsc#1223356).
kernel-firmware-nvidia-gspx-G06-550.90.07-150500.11.29.1.nosrc.rpm
kernel-firmware-nvidia-gspx-G06-550.90.07-150500.11.29.1.x86_64.rpm
nvidia-open-driver-G06-signed-550.90.07-150500.3.47.1.src.rpm
nvidia-open-driver-G06-signed-kmp-default-550.90.07_k5.14.21_150500.55.65-150500.3.47.1.x86_64.rpm
kernel-firmware-nvidia-gspx-G06-550.90.07-150500.11.29.1.aarch64.rpm
nvidia-open-driver-G06-signed-kmp-default-550.90.07_k5.14.21_150500.55.65-150500.3.47.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-2077
Security update for gdk-pixbuf
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for gdk-pixbuf fixes the following issues:
gdk-pixbuf was updated to version 2.42.12:
- Security issues fixed:
* CVE-2022-48622: Fixed heap memory corruption on gdk-pixbuf (bsc#1219276)
- Changes in version 2.42.12:
+ ani: Reject files with multiple INA or IART chunks,
+ ani: validate chunk size,
+ Updated translations.
- Enable other image loaders such as xpm and xbm (bsc#1223903)
- Changes in version 2.42.11:
+ Disable fringe loaders by default.
+ Introspection fixes.
+ Updated translations.
- Changes in version 2.42.10:
+ Search for rst2man.py.
+ Update the memory size limit for JPEG images.
+ Updated translations.
- Fixed loading of larger images
- Avoid Bash specific syntax in baselibs postscript (bsc#1195391)
gdk-pixbuf-2.42.12-150400.5.9.1.src.rpm
gdk-pixbuf-query-loaders-2.42.12-150400.5.9.1.x86_64.rpm
libgdk_pixbuf-2_0-0-2.42.12-150400.5.9.1.x86_64.rpm
typelib-1_0-GdkPixbuf-2_0-2.42.12-150400.5.9.1.x86_64.rpm
gdk-pixbuf-query-loaders-2.42.12-150400.5.9.1.s390x.rpm
libgdk_pixbuf-2_0-0-2.42.12-150400.5.9.1.s390x.rpm
typelib-1_0-GdkPixbuf-2_0-2.42.12-150400.5.9.1.s390x.rpm
gdk-pixbuf-query-loaders-2.42.12-150400.5.9.1.aarch64.rpm
libgdk_pixbuf-2_0-0-2.42.12-150400.5.9.1.aarch64.rpm
typelib-1_0-GdkPixbuf-2_0-2.42.12-150400.5.9.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-1988
Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer fixes the following issues:
Rebuild against current updated packages and go compiler.
- Bump github.com/containers/image/v5 (bsc#1224119, CVE-2024-3727)
- Add LABEL with source URL
containerized-data-importer-1.58.0-150500.6.15.1.src.rpm
containerized-data-importer-manifests-1.58.0-150500.6.15.1.x86_64.rpm
openSUSE-Leap-Micro-5.5-2024-2190
Security update for the Linux Kernel
important
SUSE Updates openSUSE-Leap-Micro 5.5
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-47548: Fixed a possible array out-of=bounds (bsc#1225506)
- CVE-2022-48689: Fixed data-race in lru_add_fn (bsc#1223959)
- CVE-2022-48691: Fixed memory leak in netfilter (bsc#1223961)
- CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335).
- CVE-2023-42755: Check user supplied offsets (bsc#1215702).
- CVE-2023-52586: Fixed mutex lock in control vblank irq (bsc#1221081).
- CVE-2023-52618: Fixed string overflow in block/rnbd-srv (bsc#1221615).
- CVE-2023-52655: Check packet for fixup for true limit (bsc#1217169).
- CVE-2023-52656: Dropped any code related to SCM_RIGHTS (bsc#1224187).
- CVE-2023-52660: Fiedx IRQ handling due to shared interrupts (bsc#1224443).
- CVE-2023-52664: Eliminate double free in error handling logic (bsc#1224747).
- CVE-2023-52671: Fixed hang/underflow when transitioning to ODM4:1 (bsc#1224729).
- CVE-2023-52674: Add clamp() in scarlett2_mixer_ctl_put() (bsc#1224727).
- CVE-2023-52680: Fixed missing error checks to *_ctl_get() (bsc#1224608).
- CVE-2023-52692: Fixed missing error check to scarlett2_usb_set_config() (bsc#1224628).
- CVE-2023-52698: Fixed memory leak in netlbl_calipso_add_pass() (bsc#1224621)
- CVE-2023-52746: Prevent potential spectre v1 gadget in xfrm_xlate32_attr() (bsc#1225114)
- CVE-2023-52757: Fixed potential deadlock when releasing mids (bsc#1225548).
- CVE-2023-52795: Fixed use after free in vhost_vdpa_probe() (bsc#1225085).
- CVE-2023-52796: Add ipvlan_route_v6_outbound() helper (bsc#1224930).
- CVE-2023-52807: Fixed out-of-bounds access may occur when coalesce info is read via debugfs (bsc#1225097).
- CVE-2023-52860: Fixed null pointer dereference in hisi_hns3 (bsc#1224936).
- CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218447).
- CVE-2024-2201: Fixed information leak in x86/BHI (bsc#1217339).
- CVE-2024-26643: Fixed mark set as dead when unbinding anonymous set with timeout (bsc#1221829).
- CVE-2024-26679: Fixed read sk->sk_family once in inet_recv_error() (bsc#1222385).
- CVE-2024-26692: Fixed regression in writes when non-standard maximum write size negotiated (bsc#1222464).
- CVE-2024-26700: Fixed drm/amd/display: Fix MST Null Ptr for RV (bsc#1222870)
- CVE-2024-26715: Fixed NULL pointer dereference in dwc3_gadget_suspend (bsc#1222561).
- CVE-2024-26742: Fixed disable_managed_interrupts (git-fixes bsc#1222608).
- CVE-2024-26775: Fixed potential deadlock at set_capacity (bsc#1222627).
- CVE-2024-26777: Error out if pixclock equals zero in fbdev/sis (bsc#1222765)
- CVE-2024-26778: Error out if pixclock equals zero in fbdev/savage (bsc#1222770)
- CVE-2024-26791: Fixed properly validate device names in btrfs (bsc#1222793)
- CVE-2024-26822: Set correct id, uid and cruid for multiuser automounts (bsc#1223011).
- CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223084).
- CVE-2024-26839: Fixed a memleak in init_credit_return() (bsc#1222975)
- CVE-2024-26876: Fixed crash on irq during probe (bsc#1223119).
- CVE-2024-26900: Fixed kmemleak of rdev->serial (bsc#1223046).
- CVE-2024-26907: Fixed a fortify source warning while accessing Eth segment in mlx5 (bsc#1223203).
- CVE-2024-26915: Reset IH OVERFLOW_CLEAR bit (bsc#1223207)
- CVE-2024-26919: Fixed debugfs directory leak (bsc#1223847).
- CVE-2024-26921: Preserve kabi for sk_buff (bsc#1223138).
- CVE-2024-26925: Release mutex after nft_gc_seq_end from abort path (bsc#1223390).
- CVE-2024-26928: Fixed potential UAF in cifs_debug_files_proc_show() (bsc#1223532).
- CVE-2024-26939: Fixed UAF on destroy against retire race (bsc#1223679).
- CVE-2024-26958: Fixed UAF in direct writes (bsc#1223653).
- CVE-2024-27042: Fixed potential out-of-bounds access in 'amdgpu_discovery_reg_base_init()' (bsc#1223823).
- CVE-2024-27395: Fixed Use-After-Free in ovs_ct_exit (bsc#1224098).
- CVE-2024-27396: Fixed Use-After-Free in gtp_dellink (bsc#1224096).
- CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1224174).
- CVE-2024-27401: Fixed user_length taken into account when fetching packet contents (bsc#1224181).
- CVE-2024-27413: Fixed incorrect allocation size (bsc#1224438).
- CVE-2024-27417: Fixed potential "struct net" leak in inet6_rtm_getaddr() (bsc#1224721)
- CVE-2024-27419: Fixed data-races around sysctl_net_busy_read (bsc#1224759)
- CVE-2024-27431: Zero-initialise xdp_rxq_info struct before running XDP program (bsc#1224718).
- CVE-2024-35791: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() (bsc#1224725).
- CVE-2024-35799: Prevent crash when disable stream (bsc#1224740).
- CVE-2024-35804: Mark target gfn of emulated atomic instruction as dirty (bsc#1224638).
- CVE-2024-35817: Set gtt bound flag in amdgpu_ttm_gart_bind (bsc#1224736).
- CVE-2024-35852: Fixed memory leak when canceling rehash work (bsc#1224502).
- CVE-2024-35854: Fixed possible use-after-free during rehash (bsc#1224636).
- CVE-2024-35860: Struct bpf_link and bpf_link_ops kABI workaround (bsc#1224531).
- CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1224766).
- CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764).
- CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break() (bsc#1224763).
- CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765,).
- CVE-2024-35865: Fixed potential UAF in smb2_is_valid_oplock_break() (bsc#1224668).
- CVE-2024-35866: Fixed potential UAF in cifs_dump_full_key() (bsc#1224667).
- CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1224664).
- CVE-2024-35868: Fixed potential UAF in cifs_stats_proc_write() (bsc#1224678).
- CVE-2024-35869: Guarantee refcounted children from parent session (bsc#1224679).
- CVE-2024-35870: Fixed UAF in smb2_reconnect_server() (bsc#1224020, bsc#1224672).
- CVE-2024-35872: Fixed GUP-fast succeeding on secretmem folios (bsc#1224530).
- CVE-2024-35875: Require seeding RNG with RDRAND on CoCo systems (bsc#1224665).
- CVE-2024-35877: Fixed VM_PAT handling in COW mappings (bsc#1224525).
- CVE-2024-35878: Prevent NULL pointer dereference in vsnprintf() (bsc#1224671).
- CVE-2024-35879: kABI workaround for drivers/of/dynamic.c (bsc#1224524).
- CVE-2024-35885: Stop interface during shutdown (bsc#1224519).
- CVE-2024-35904: Fixed dereference of garbage after mount failure (bsc#1224494).
- CVE-2024-35905: Fixed int overflow for stack access size (bsc#1224488).
- CVE-2024-35907: Call request_irq() after NAPI initialized (bsc#1224492).
- CVE-2024-35924: Limit read size on v1.2 (bsc#1224657).
- CVE-2024-35939: Fixed leak pages on dma_set_decrypted() failure (bsc#1224535).
- CVE-2024-35943: Fixed a null pointer dereference in omap_prm_domain_init (bsc#1224649).
- CVE-2024-35944: Fixed memcpy() run-time warning in dg_dispatch_as_host() (bsc#1224648).
- CVE-2024-35951: Fixed the error path in panfrost_mmu_map_fault_addr() (bsc#1224701).
- CVE-2024-35959: Fixed mlx5e_priv_init() cleanup flow (bsc#1224666).
- CVE-2024-35964: Fixed not validating setsockopt user input (bsc#1224581).
- CVE-2024-35969: Fixed race condition between ipv6_get_ifaddr and ipv6_del_addr (bsc#1224580).
- CVE-2024-35973: Fixed header validation in geneve[6]_xmit_skb (bsc#1224586).
- CVE-2024-35976: Validate user input for XDP_{UMEM|COMPLETION}_FILL_RING (bsc#1224575).
- CVE-2024-35998: Fixed lock ordering potential deadlock in cifs_sync_mid_result (bsc#1224549).
- CVE-2024-35999: Fixed missing lock when picking channel (bsc#1224550).
- CVE-2024-36006: Fixed incorrect list API usage (bsc#1224541).
- CVE-2024-36007: Fixed warning during rehash (bsc#1224543).
- CVE-2024-36938: Fixed NULL pointer dereference in sk_psock_skb_ingress_enqueue (bsc#1225761).
The following non-security bugs were fixed:
- 9p: explicitly deny setlease attempts (git-fixes).
- ACPI: bus: Indicate support for _TFP thru _OSC (git-fixes).
- ACPI: disable -Wstringop-truncation (git-fixes).
- ACPI: Fix Generic Initiator Affinity _OSC bit (git-fixes).
- ACPI: LPSS: Advertise number of chip selects via property (git-fixes).
- admin-guide/hw-vuln/core-scheduling: fix return type of PR_SCHED_CORE_GET (git-fixes).
- af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress (bsc#1223384).
- af_unix: Do not use atomic ops for unix_sk(sk)->inflight (bsc#1223384).
- af_unix: Replace BUG_ON() with WARN_ON_ONCE() (bsc#1223384).
- ALSA: core: Fix NULL module pointer assignment at card init (git-fixes).
- ALSA: hda/cs_dsp_ctl: Use private_free for control cleanup (git-fixes).
- ALSA: line6: Zero-initialize message buffers (stable-fixes).
- ARM: 9381/1: kasan: clear stale stack poison (git-fixes).
- ASoC: Intel: avs: Fix ASRC module initialization (git-fixes).
- ASoC: Intel: avs: Fix potential integer overflow (git-fixes).
- ASoC: Intel: avs: ssm4567: Do not ignore route checks (git-fixes).
- ASoC: Intel: Disable route checks for Skylake boards (git-fixes).
- ASoC: kirkwood: Fix potential NULL dereference (git-fixes).
- ASoC: mediatek: mt8192: fix register configuration for tdm (git-fixes).
- ASoC: meson: axg-fifo: use FIELD helpers (stable-fixes).
- ASoC: meson: axg-fifo: use threaded irq to check periods (git-fixes).
- ASoC: tas2552: Add TX path for capturing AUDIO-OUT data (git-fixes).
- ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value (git-fixes).
- ata: pata_legacy: make legacy_exit() work again (git-fixes).
- ata: sata_gemini: Check clk_enable() result (stable-fixes).
- autofs: use wake_up() instead of wake_up_interruptible(() (bsc#1224166).
- Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout (git-fixes).
- Bluetooth: hci_sync: Avoid use-after-free in dbg for hci_add_adv_monitor() (git-fixes).
- Bluetooth: hci_sync: Do not double print name in add/remove adv_monitor (bsc#1216358).
- Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout (git-fixes).
- Bluetooth: msft: fix slab-use-after-free in msft_do_close() (git-fixes).
- Bluetooth: qca: add missing firmware sanity checks (git-fixes).
- Bluetooth: qca: Fix error code in qca_read_fw_build_info() (git-fixes).
- Bluetooth: qca: fix firmware check error path (git-fixes).
- Bluetooth: qca: fix info leak when fetching fw build id (git-fixes).
- Bluetooth: qca: fix NVM configuration parsing (git-fixes).
- bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (git-fixes)
- bpf: decouple prune and jump points (bsc#1225756).
- bpf: fix precision backtracking instruction iteration (bsc#1225756).
- bpf: Fix precision tracking for BPF_ALU | BPF_TO_BE | BPF_END (git-fixes).
- bpf: handle ldimm64 properly in check_cfg() (bsc#1225756).
- bpf: mostly decouple jump history management from is_state_visited() (bsc#1225756).
- bpf: remove unnecessary prune and jump points (bsc#1225756).
- btrfs: add error messages to all unrecognized mount options (git-fixes)
- btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() (git-fixes)
- btrfs: export: handle invalid inode or root reference in btrfs_get_parent() (git-fixes)
- btrfs: extend locking to all space_info members accesses (git-fixes)
- btrfs: fix btrfs_submit_compressed_write cgroup attribution (git-fixes)
- btrfs: fix information leak in btrfs_ioctl_logical_to_ino() (git-fixes)
- btrfs: fix missing blkdev_put() call in btrfs_scan_one_device() (git-fixes)
- btrfs: fix off-by-one chunk length calculation at contains_pending_extent() (git-fixes)
- btrfs: fix qgroup reserve overflow the qgroup limit (git-fixes)
- btrfs: fix silent failure when deleting root reference (git-fixes)
- btrfs: fix use-after-free after failure to create a snapshot (git-fixes)
- btrfs: free exchange changeset on failures (git-fixes)
- btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() (git-fixes)
- btrfs: make search_csum_tree return 0 if we get -EFBIG (git-fixes)
- btrfs: prevent copying too big compressed lzo segment (git-fixes)
- btrfs: remove BUG_ON(!eie) in find_parent_nodes (git-fixes)
- btrfs: remove BUG_ON() in find_parent_nodes() (git-fixes)
- btrfs: repair super block num_devices automatically (git-fixes)
- btrfs: replace the BUG_ON in btrfs_del_root_ref with proper error handling (git-fixes)
- btrfs: send: ensure send_fd is writable (git-fixes)
- btrfs: send: handle path ref underflow in header iterate_inode_ref() (git-fixes)
- btrfs: send: in case of IO error log it (git-fixes)
- btrfs: send: return EOPNOTSUPP on unknown flags (git-fixes)
- btrfs: tree-checker: check item_size for dev_item (git-fixes)
- btrfs: tree-checker: check item_size for inode_item (git-fixes)
- cifs: account for primary channel in the interface list (bsc#1224020).
- cifs: cifs_chan_is_iface_active should be called with chan_lock held (bsc#1224020).
- cifs: distribute channels across interfaces based on speed (bsc#1224020).
- cifs: do not pass cifs_sb when trying to add channels (bsc#1224020).
- cifs: failure to add channel on iface should bump up weight (git-fixes, bsc#1224020).
- cifs: fix charset issue in reconnection (bsc#1224020).
- cifs: fix leak of iface for primary channel (git-fixes, bsc#1224020).
- cifs: handle cases where a channel is closed (bsc#1224020).
- cifs: handle cases where multiple sessions share connection (bsc#1224020).
- cifs: reconnect work should have reference on server struct (bsc#1224020).
- clk: Do not hold prepare_lock when calling kref_put() (stable-fixes).
- clk: qcom: mmcc-msm8998: fix venus clock issue (git-fixes).
- counter: stm32-lptimer-cnt: Provide defines for clock polarities (git-fixes).
- counter: stm32-timer-cnt: Provide defines for slave mode selection (git-fixes).
- cppc_cpufreq: Fix possible null pointer dereference (git-fixes).
- cpu/hotplug: Remove the 'cpu' member of cpuhp_cpu_state (git-fixes).
- cpumask: Add for_each_cpu_from() (bsc#1225053).
- crypto: bcm - Fix pointer arithmetic (git-fixes).
- crypto: ccp - drop platform ifdef checks (git-fixes).
- crypto: ecdsa - Fix module auto-load on add-key (git-fixes).
- crypto: x86/nh-avx2 - add missing vzeroupper (git-fixes).
- crypto: x86/sha256-avx2 - add missing vzeroupper (git-fixes).
- crypto: x86/sha512-avx2 - add missing vzeroupper (git-fixes).
- dmaengine: axi-dmac: fix possible race in remove() (git-fixes).
- dmaengine: idma64: Add check for dma_set_max_seg_size (git-fixes).
- dm/amd/pm: Fix problems with reboot/shutdown for some SMU 13.0.4/13.0.11 users (git-fixes).
- dm-multipath: dont't attempt SG_IO on non-SCSI-disks (bsc#1223575).
- docs: kernel_include.py: Cope with docutils 0.21 (stable-fixes).
- drivers/nvme: Add quirks for device 126f:2262 (git-fixes).
- drm/amd/display: Atom Integrated System Info v2_2 for DCN35 (stable-fixes).
- drm/amd/display: Fix division by zero in setup_dsc_config (stable-fixes).
- drm/amd/display: Fix potential index out of bounds in color transformation function (git-fixes).
- drm/amd/display: Handle Y carry-over in VCP X.Y calculation (stable-fixes).
- drm/amd: Flush GFXOFF requests in prepare stage (git-fixes).
- drm/amdgpu: Refine IB schedule error logging (stable-fixes).
- drm/amdkfd: do not allow mapping the MMIO HDP page with large pages (git-fixes).
- drm/arm/malidp: fix a possible null pointer dereference (git-fixes).
- drm/bridge: anx7625: Do not log an error when DSI host can't be found (git-fixes).
- drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference (git-fixes).
- drm/bridge: dpc3433: Do not log an error when DSI host can't be found (git-fixes).
- drm/bridge: icn6211: Do not log an error when DSI host can't be found (git-fixes).
- drm/bridge: lt8912b: Do not log an error when DSI host can't be found (git-fixes).
- drm/bridge: lt9611: Do not log an error when DSI host can't be found (git-fixes).
- drm/bridge: tc358775: Do not log an error when DSI host can't be found (git-fixes).
- drm/bridge: tc358775: fix support for jeida-18 and jeida-24 (git-fixes).
- drm/connector: Add \n to message about demoting connector force-probes (git-fixes).
- drm/i915/bios: Fix parsing backlight BDB data (git-fixes).
- drm/lcdif: Do not disable clocks on already suspended hardware (git-fixes).
- drm/mediatek: Add 0 size check to mtk_drm_gem_obj (git-fixes).
- drm/meson: dw-hdmi: add bandgap setting for g12 (git-fixes).
- drm/meson: dw-hdmi: power up phy on device init (git-fixes).
- drm/meson: vclk: fix calculation of 59.94 fractional rates (git-fixes).
- drm/msm/dp: allow voltage swing / pre emphasis of 3 (git-fixes).
- drm/msm/dpu: Always flush the slave INTF on the CTL (git-fixes).
- drm/msm/dsi: Print dual-DSI-adjusted pclk instead of original mode pclk (git-fixes).
- drm/nouveau/dp: Do not probe eDP ports twice harder (stable-fixes).
- drm/panel: atna33xc20: Fix unbalanced regulator in the case HPD does not assert (git-fixes).
- drm/panel: novatek-nt35950: Do not log an error when DSI host can't be found (git-fixes).
- drm/panel: simple: Add missing Innolux G121X1-L03 format, flags, connector (git-fixes).
- drm: vc4: Fix possible null pointer dereference (git-fixes).
- dt-bindings: clock: qcom: Add missing UFS QREF clocks (git-fixes)
- dyndbg: fix old BUG_ON in >control parser (stable-fixes).
- efi: libstub: only free priv.runtime_map when allocated (git-fixes).
- extcon: max8997: select IRQ_DOMAIN instead of depending on it (git-fixes).
- fail_function: fix wrong use of fei_attr_remove().
- fbdev: savage: Handle err return when savagefb_check_var failed (git-fixes).
- fbdev: shmobile: fix snprintf truncation (git-fixes).
- fbdev: sisfb: hide unused variables (git-fixes).
- firewire: ohci: mask bus reset interrupts between ISR and bottom half (stable-fixes).
- firmware: dmi-id: add a release callback function (git-fixes).
- firmware: raspberrypi: Use correct device for DMA mappings (git-fixes).
- fs/9p: drop inodes immediately on non-.L too (git-fixes).
- fs/9p: only translate RWX permissions for plain 9P2000 (git-fixes).
- fs/9p: translate O_TRUNC into OTRUNC (git-fixes).
- gpio: crystalcove: Use -ENOTSUPP consistently (stable-fixes).
- gpio: wcove: Use -ENOTSUPP consistently (stable-fixes).
- gpu: host1x: Do not setup DMA for virtual devices (stable-fixes).
- HID: intel-ish-hid: ipc: Add check for pci_alloc_irq_vectors (git-fixes).
- hwmon: (corsair-cpro) Protect ccp->wait_input_report with a spinlock (git-fixes).
- hwmon: (corsair-cpro) Use a separate buffer for sending commands (git-fixes).
- hwmon: (corsair-cpro) Use complete_all() instead of complete() in ccp_raw_event() (git-fixes).
- hwmon: (lm70) fix links in doc and comments (git-fixes).
- hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us (git-fixes).
- i3c: master: svc: change ENXIO to EAGAIN when IBI occurs during start frame (git-fixes).
- i3c: master: svc: fix invalidate IBI type and miss call client IBI handler (git-fixes).
- IB/mlx5: Use __iowrite64_copy() for write combining stores (git-fixes)
- idpf: extend tx watchdog timeout (bsc#1224137).
- iio: core: Leave private pointer NULL when no private data supplied (git-fixes).
- iio: pressure: dps310: support negative temperature values (git-fixes).
- Input: cyapa - add missing input core locking to suspend/resume functions (git-fixes).
- Input: ims-pcu - fix printf string overflow (git-fixes).
- Input: pm8xxx-vibrator - correct VIB_MAX_LEVELS calculation (git-fixes).
- iomap: Fix inline extent handling in iomap_readpage (git-fixes)
- iomap: iomap: fix memory corruption when recording errors during writeback (git-fixes)
- iomap: Support partial direct I/O on user copy failures (git-fixes)
- iommu/dma: Force swiotlb_max_mapping_size on an untrusted device (bsc#1224331)
- io_uring/unix: drop usage of io_uring socket (git-fixes).
- irqchip/gic-v3-its: Prevent double free on error (git-fixes).
- jffs2: prevent xattr node from overflowing the eraseblock (git-fixes).
- kABI: bpf: struct bpf_insn_aux_data kABI workaround (bsc#1225756).
- kcm: do not sense pfmemalloc status in kcm_sendpage() (git-fixes bsc#1223959)
- KEYS: trusted: Do not use WARN when encode fails (git-fixes).
- KEYS: trusted: Fix memory leak in tpm2_key_encode() (git-fixes).
- KVM: s390: Check kvm pointer when testing KVM_CAP_S390_HPAGE_1M (git-fixes bsc#1224794).
- leds: pwm: Disable PWM when going to suspend (git-fixes).
- libsubcmd: Fix parse-options memory leak (git-fixes).
- locking/atomic: Make test_and_*_bit() ordered on failure (git-fixes).
- media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries (git-fixes).
- media: dt-bindings: ovti,ov2680: Fix the power supply names (git-fixes).
- media: mc: mark the media devnode as registered from the, start (git-fixes).
- media: ngene: Add dvb_ca_en50221_init return value check (git-fixes).
- media: stk1160: fix bounds checking in stk1160_copy_video() (git-fixes).
- mei: me: add lunar lake point M DID (stable-fixes).
- mfd: intel-lpss: Revert "Add missing check for platform_get_resource" (git-fixes).
- mfd: ti_am335x_tscadc: Support the correctly spelled DT property (git-fixes).
- mfd: tqmx86: Specify IO port register range more precisely (git-fixes).
- mlxbf_gige: Enable the GigE port in mlxbf_gige_open (git-fixes).
- mlxbf_gige: Fix intermittent no ip issue (git-fixes).
- mlxbf_gige: stop PHY during open() error paths (git-fixes).
- mmc: sdhci_am654: Add tuning algorithm for delay chain (git-fixes).
- mmc: sdhci_am654: Write ITAPDLY for DDR52 timing (git-fixes).
- Move upstreamed patches into sorted section
- mtd: core: Report error if first mtd_otp_size() call fails in mtd_otp_nvmem_add() (git-fixes).
- mtd: rawnand: hynix: fixed typo (git-fixes).
- net: do not sense pfmemalloc status in skb_append_pagefrags() (git-fixes bsc#1223959)
- netfilter: nf_tables: bail out early if hardware offload is not supported (git-fixes bsc#1223961)
- net: introduce __skb_fill_page_desc_noacc (git-fixes bsc#1223959)
- net: nfc: remove inappropriate attrs check (stable-fixes).
- net: qualcomm: rmnet: fix global oob in rmnet_policy (git-fixes).
- net: usb: ax88179_178a: fix link status when link is set to down/up (git-fixes).
- net:usb:qmi_wwan: support Rolling modules (stable-fixes).
- net: usb: smsc95xx: stop lying about skb->truesize (git-fixes).
- net: usb: sr9700: stop lying about skb->truesize (git-fixes).
- net: vmxnet3: Fix NULL pointer dereference in vmxnet3_rq_rx_complete() (bsc#1223360).
- nfc: nci: Fix handling of zero-length payload packets in nci_rx_work() (git-fixes).
- nfc: nci: Fix uninit-value in nci_rx_work (git-fixes).
- nilfs2: fix out-of-range warning (git-fixes).
- nilfs2: fix unexpected freezing of nilfs_segctor_sync() (git-fixes).
- nilfs2: fix use-after-free of timer for log writer thread (git-fixes).
- nilfs2: make superblock data array index computation sparse friendly (git-fixes).
- nvme: ensure disabling pairs with unquiesce (bsc#1224534).
- nvme: fix miss command type check (git-fixes).
- nvme: fix multipath batched completion accounting (git-fixes).
- nvme-multipath: fix io accounting on failover (git-fixes).
- nvmet: fix ns enable/disable possible hang (git-fixes).
- PCI: dwc: Detect iATU settings after getting "addr_space" resource (git-fixes).
- PCI: dwc: ep: Fix DBI access failure for drivers requiring refclk from host (git-fixes).
- PCI: dwc: Use the bitmap API to allocate bitmaps (git-fixes).
- PCI/EDR: Align EDR_PORT_DPC_ENABLE_DSM with PCI Firmware r3.3 (git-fixes).
- PCI/EDR: Align EDR_PORT_LOCATE_DSM with PCI Firmware r3.3 (git-fixes).
- PCI: rockchip-ep: Remove wrong mask on subsys_vendor_id (git-fixes).
- PCI: tegra194: Fix probe path for Endpoint mode (git-fixes).
- pinctrl: armada-37xx: remove an unused variable (git-fixes).
- pinctrl: core: delete incorrect free in pinctrl_enable() (git-fixes).
- pinctrl: core: handle radix_tree_insert() errors in pinctrl_register_one_pin() (stable-fixes).
- pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() (git-fixes).
- pinctrl/meson: fix typo in PDM's pin name (git-fixes).
- pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of GPIOR-T (git-fixes).
- platform/x86/intel-uncore-freq: Do not present root domain on error (git-fixes).
- platform/x86: xiaomi-wmi: Fix race condition when reporting key events (git-fixes).
- powerpc/eeh: Permanently disable the removed device (bsc#1223991 ltc#205740).
- powerpc/eeh: Small refactor of eeh_handle_normal_event() (bsc#1223991 ltc#205740).
- powerpc/eeh: Use a goto for recovery failures (bsc#1223991 ltc#205740).
- powerpc/powernv: Add a null pointer check in opal_event_init() (bsc#1065729).
- powerpc/pseries/lparcfg: drop error message from guest name lookup (bsc#1187716 ltc#193451 git-fixes).
- powerpc/pseries/vio: Do not return ENODEV if node or compatible missing (bsc#1220783).
- powerpc/uaccess: Fix build errors seen with GCC 13/14 (bsc#1194869).
- powerpc/uaccess: Use YZ asm constraint for ld (bsc#1194869).
- power: rt9455: hide unused rt9455_boost_voltage_values (git-fixes).
- ppdev: Add an error check in register_device (git-fixes).
- printk: Update @console_may_schedule in console_trylock_spinning() (bsc#1225616).
- qibfs: fix dentry leak (git-fixes)
- RDMA/hns: Add max_ah and cq moderation capacities in query_device() (git-fixes)
- RDMA/hns: Fix deadlock on SRQ async events. (git-fixes)
- RDMA/hns: Fix GMV table pagesize (git-fixes)
- RDMA/hns: Fix return value in hns_roce_map_mr_sg (git-fixes)
- RDMA/hns: Fix UAF for cq async event (git-fixes)
- RDMA/hns: Modify the print level of CQE error (git-fixes)
- RDMA/hns: Use complete parentheses in macros (git-fixes)
- RDMA/IPoIB: Fix format truncation compilation errors (git-fixes)
- RDMA/mlx5: Adding remote atomic access flag to updatable flags (git-fixes)
- RDMA/mlx5: Fix port number for counter query in multi-port configuration (git-fixes)
- RDMA/rxe: Add ibdev_dbg macros for rxe (git-fixes)
- RDMA/rxe: Fix incorrect rxe_put in error path (git-fixes)
- RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt (git-fixes)
- RDMA/rxe: Fix the problem "mutex_destroy missing" (git-fixes)
- RDMA/rxe: Replace pr_xxx by rxe_dbg_xxx in rxe_net.c (git-fixes)
- RDMA/rxe: Split rxe_run_task() into two subroutines (git-fixes)
- regulator: bd71828: Do not overwrite runtime voltages (git-fixes).
- regulator: core: fix debugfs creation regression (git-fixes).
- regulator: mt6360: De-capitalize devicetree regulator subnodes (git-fixes).
- remoteproc: mediatek: Make sure IPI buffer fits in L2TCM (git-fixes).
- Revert "cifs: reconnect work should have reference on server struct" (git-fixes, bsc#1224020).
- Revert "drm/bridge: ti-sn65dsi83: Fix enable error path" (git-fixes).
- ring-buffer: Fix a race between readers and resize checks (git-fixes).
- s390/bpf: Emit a barrier for BPF_FETCH instructions (git-fixes bsc#1224795).
- s390/cio: fix tracepoint subchannel type field (git-fixes bsc#1224796).
- s390/cpum_cf: make crypto counters upward compatible across machine types (bsc#1224346).
- s390/ipl: Fix incorrect initialization of len fields in nvme reipl block (git-fixes bsc#1225139).
- s390/ipl: Fix incorrect initialization of nvme dump block (git-fixes bsc#1225138).
- sched/topology: Optimize topology_span_sane() (bsc#1225053).
- scsi: arcmsr: Support new PCI device IDs 1883 and 1886 (git-fixes).
- scsi: bfa: Fix function pointer type mismatch for hcb_qe->cbfn (git-fixes).
- scsi: core: Consult supported VPD page list prior to fetching page (git-fixes).
- scsi: core: Fix unremoved procfs host directory regression (git-fixes).
- scsi: csiostor: Avoid function pointer casts (git-fixes).
- scsi: libfc: Do not schedule abort twice (git-fixes).
- scsi: libfc: Fix up timeout error in fc_fcp_rec_error() (git-fixes).
- scsi: lpfc: Add support for 32 byte CDBs (bsc#1225842).
- scsi: lpfc: Change default logging level for unsolicited CT MIB commands (bsc#1225842).
- scsi: lpfc: Change lpfc_hba hba_flag member into a bitmask (bsc#1225842).
- scsi: lpfc: Clear deferred RSCN processing flag when driver is unloading (bsc#1225842).
- scsi: lpfc: Copyright updates for 14.4.0.2 patches (bsc#1225842).
- scsi: lpfc: Introduce rrq_list_lock to protect active_rrq_list (bsc#1225842).
- scsi: lpfc: Update logging of protection type for T10 DIF I/O (bsc#1225842).
- scsi: lpfc: Update lpfc version to 14.4.0.2 (bsc#1225842).
- scsi: mpt3sas: Prevent sending diag_reset when the controller is ready (git-fixes).
- scsi: mylex: Fix sysfs buffer lengths (git-fixes).
- scsi: qla2xxx: Fix off by one in qla_edif_app_getstats() (git-fixes).
- scsi: sd: Unregister device if device_add_disk() failed in sd_probe() (git-fixes).
- selftests/pidfd: Fix config for pidfd_setns_test (git-fixes).
- serial: 8250_bcm7271: use default_mux_rate if possible (git-fixes).
- serial: kgdboc: Fix NMI-safety problems from keyboard reset code (stable-fixes).
- serial: max3100: Fix bitwise types (git-fixes).
- serial: max3100: Lock port->lock when calling uart_handle_cts_change() (git-fixes).
- serial: sc16is7xx: add proper sched.h include for sched_set_fifo() (git-fixes).
- serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler (git-fixes).
- serial: sh-sci: protect invalidating RXDMA on shutdown (git-fixes).
- smb3: show beginning time for per share stats (bsc#1224020).
- smb: client: ensure to try all targets when finding nested links (bsc#1224020).
- smb: client: fix mount when dns_resolver key is not available (git-fixes, bsc#1224020).
- smb: client: get rid of dfs code dep in namespace.c (bsc#1224020).
- smb: client: get rid of dfs naming in automount code (bsc#1224020).
- smb: client: introduce DFS_CACHE_TGT_LIST() (bsc#1224020).
- smb: client: reduce stack usage in cifs_try_adding_channels() (bsc#1224020).
- smb: client: remove extra @chan_count check in __cifs_put_smb_ses() (bsc#1224020).
- smb: client: rename cifs_dfs_ref.c to namespace.c (bsc#1224020).
- soc: mediatek: cmdq: Fix typo of CMDQ_JUMP_RELATIVE (git-fixes).
- soc: qcom: rpmh-rsc: Enhance check for VRM in-flight request (git-fixes).
- Sort recent BHI patches
- speakup: Fix sizeof() vs ARRAY_SIZE() bug (git-fixes).
- spmi: Add a check for remove callback when removing a SPMI driver (git-fixes).
- spmi: hisi-spmi-controller: Do not override device identifier (git-fixes).
- swiotlb: extend buffer pre-padding to alloc_align_mask if necessary (bsc#1224331).
- swiotlb: Fix alignment checks when both allocation and DMA masks are (bsc#1224331)
- swiotlb: Fix double-allocation of slots due to broken alignment (bsc#1224331)
- swiotlb: Honour dma_alloc_coherent() alignment in swiotlb_alloc() (bsc#1224331)
- sysv: do not call sb_bread() with pointers_lock held (git-fixes).
- thermal/drivers/tsens: Fix null pointer dereference (git-fixes).
- tools/latency-collector: Fix -Wformat-security compile warns (git-fixes).
- tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer (bsc#1225535)
- tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer (git-fixes).
- tracing: Add MODULE_DESCRIPTION() to preemptirq_delay_test (git-fixes).
- tracing: hide unused ftrace_event_id_fops (git-fixes).
- tty: n_gsm: fix missing receive state reset after mode switch (git-fixes).
- tty: n_gsm: fix possible out-of-bounds in gsm0_receive() (git-fixes).
- usb: aqc111: stop lying about skb->truesize (git-fixes).
- USB: core: Add hub_get() and hub_put() routines (git-fixes).
- USB: core: Fix access violation during port device removal (git-fixes).
- USB: core: Fix deadlock in port "disable" sysfs attribute (git-fixes).
- usb: dwc3: core: Prevent phy suspend during init (Git-fixes).
- usb: gadget: u_audio: Clear uac pointer when freed (git-fixes).
- usb: typec: tipd: fix event checking for tps6598x (git-fixes).
- usb: typec: ucsi: displayport: Fix potential deadlock (git-fixes).
- VMCI: Fix an error handling path in vmci_guest_probe_device() (git-fixes).
- VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() (stable-fixes).
- vmci: prevent speculation leaks by sanitizing event in event_deliver() (git-fixes).
- watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger (git-fixes).
- watchdog: ixp4xx: Make sure restart always works (git-fixes).
- watchdog: rti_wdt: Set min_hw_heartbeat_ms to accommodate a safety margin (git-fixes).
- wifi: ar5523: enable proper endpoint verification (git-fixes).
- wifi: ath10k: Fix an error code problem in ath10k_dbg_sta_write_peer_debug_trigger() (git-fixes).
- wifi: ath10k: poll service ready message before failing (git-fixes).
- wifi: ath10k: populate board data for WCN3990 (git-fixes).
- wifi: ath11k: do not force enable power save on non-running vdevs (git-fixes).
- wifi: carl9170: add a proper sanity check for endpoints (git-fixes).
- wifi: carl9170: re-fix fortified-memset warning (git-fixes).
- wifi: cfg80211: fix rdev_dump_mpp() arguments order (stable-fixes).
- wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc (stable-fixes).
- wifi: mwl8k: initialize cmd->addr[] properly (git-fixes).
- x86/boot: Ignore NMIs during very early boot (git-fixes).
- x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES (git-fixes).
- x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file (git-fixes).
- x86/bugs: Fix BHI documentation (git-fixes).
- x86/bugs: Fix BHI handling of RRSBA (git-fixes).
- x86/bugs: Fix BHI retpoline check (git-fixes).
- x86/bugs: Fix return type of spectre_bhi_state() (git-fixes).
- x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto (git-fixes).
- x86/bugs: Rename various 'ia32_cap' variables to 'x86_arch_cap_msr' (git-fixes).
- x86/bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with CONFIG_MITIGATION_SPECTRE_BHI (git-fixes).
- x86: Fix CPUIDLE_FLAG_IRQ_ENABLE leaking timer reprogram (git-fixes).
- x86/kvm: Do not try to disable kvmclock if it was not enabled (git-fixes).
- x86/lib: Fix overflow when counting digits (git-fixes).
- x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() (git-fixes).
- x86/nmi: Drop unused declaration of proc_nmi_enabled() (git-fixes).
- x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO (git-fixes).
- x86/sev: Check for MWAITX and MONITORX opcodes in the #VC handler (git-fixes).
- x86/sme: Fix memory encryption setting if enabled by default and not overridden (git-fixes).
- x86/tdx: Preserve shared bit on mprotect() (git-fixes).
- xfs: fix exception caused by unexpected illegal bestcount in leaf dir (git-fixes).
- xfs: Fix false ENOSPC when performing direct write on a delalloc extent in cow fork (git-fixes).
- xfs: fix imprecise logic in xchk_btree_check_block_owner (git-fixes).
- xfs: fix inode reservation space for removing transaction (git-fixes).
- xfs: shrink failure needs to hold AGI buffer (git-fixes).
kernel-default-5.14.21-150500.55.68.1.nosrc.rpm
True
kernel-default-5.14.21-150500.55.68.1.x86_64.rpm
True
kernel-default-base-5.14.21-150500.55.68.1.150500.6.31.1.src.rpm
True
kernel-default-base-5.14.21-150500.55.68.1.150500.6.31.1.x86_64.rpm
True
kernel-default-5.14.21-150500.55.68.1.s390x.rpm
True
kernel-default-5.14.21-150500.55.68.1.aarch64.rpm
True
kernel-default-base-5.14.21-150500.55.68.1.150500.6.31.1.aarch64.rpm
True
openSUSE-Leap-Micro-5.5-2024-2519
Recommended update for salt
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for salt fixes the following issues:
- Speed up salt.matcher.confirm_top by using __context__
- Do not call the async wrapper calls with the separate thread
- Prevent OOM with high amount of batch async calls (bsc#1216063)
- Add missing contextvars dependency in salt.version
- Skip tests for unsupported algorithm on old OpenSSL version
- Remove redundant `_file_find` call to the master
- Prevent possible exception in tornado.concurrent.Future._set_done
- Make reactor engine less blocking the EventPublisher
- Make salt-master self recoverable on killing EventPublisher
- Improve broken events catching and reporting
- Make logging calls lighter
- Remove unused import causing delays on starting salt-master
- Mark python3-CherryPy as recommended package for the testsuite
python3-salt-3006.0-150500.4.38.2.x86_64.rpm
True
salt-3006.0-150500.4.38.2.src.rpm
True
salt-3006.0-150500.4.38.2.x86_64.rpm
True
salt-minion-3006.0-150500.4.38.2.x86_64.rpm
True
salt-transactional-update-3006.0-150500.4.38.2.x86_64.rpm
True
python3-salt-3006.0-150500.4.38.2.s390x.rpm
True
salt-3006.0-150500.4.38.2.s390x.rpm
True
salt-minion-3006.0-150500.4.38.2.s390x.rpm
True
salt-transactional-update-3006.0-150500.4.38.2.s390x.rpm
True
python3-salt-3006.0-150500.4.38.2.aarch64.rpm
True
salt-3006.0-150500.4.38.2.aarch64.rpm
True
salt-minion-3006.0-150500.4.38.2.aarch64.rpm
True
salt-transactional-update-3006.0-150500.4.38.2.aarch64.rpm
True
openSUSE-Leap-Micro-5.5-2024-2008
Security update for the Linux Kernel
important
SUSE Updates openSUSE-Leap-Micro 5.5
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-47548: Fixed a possible array out-of=bounds (bsc#1225506)
- CVE-2022-48689: Fixed data-race in lru_add_fn (bsc#1223959)
- CVE-2022-48691: Fixed memory leak in netfilter (bsc#1223961)
- CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335).
- CVE-2023-42755: Check user supplied offsets (bsc#1215702).
- CVE-2023-52586: Fixed mutex lock in control vblank irq (bsc#1221081).
- CVE-2023-52618: Fixed string overflow in block/rnbd-srv (bsc#1221615).
- CVE-2023-52656: Dropped any code related to SCM_RIGHTS (bsc#1224187).
- CVE-2023-52660: Fiedx IRQ handling due to shared interrupts (bsc#1224443).
- CVE-2023-52664: Eliminate double free in error handling logic (bsc#1224747).
- CVE-2023-52671: Fixed hang/underflow when transitioning to ODM4:1 (bsc#1224729).
- CVE-2023-52674: Add clamp() in scarlett2_mixer_ctl_put() (bsc#1224727).
- CVE-2023-52680: Fixed missing error checks to *_ctl_get() (bsc#1224608).
- CVE-2023-52692: Fixed missing error check to scarlett2_usb_set_config() (bsc#1224628).
- CVE-2023-52698: Fixed memory leak in netlbl_calipso_add_pass() (CVE-2023-52698 bsc#1224621)
- CVE-2023-52746: Prevent potential spectre v1 gadget in xfrm_xlate32_attr() (bsc#1225114)
- CVE-2023-52757: Fixed potential deadlock when releasing mids (bsc#1225548).
- CVE-2023-52795: Fixed use after free in vhost_vdpa_probe() (bsc#1225085).
- CVE-2023-52796: Add ipvlan_route_v6_outbound() helper (bsc#1224930).
- CVE-2023-52807: Fixed out-of-bounds access may occur when coalesce info is read via debugfs (bsc#1225097).
- CVE-2023-52860: Fixed null pointer dereference in hisi_hns3 (bsc#1224936).
- CVE-2024-2201: Fixed information leak in x86/BHI (bsc#1217339).
- CVE-2024-26643: Fixed mark set as dead when unbinding anonymous set with timeout (bsc#1221829).
- CVE-2024-26679: Fixed read sk->sk_family once in inet_recv_error() (bsc#1222385).
- CVE-2024-26692: Fixed regression in writes when non-standard maximum write size negotiated (bsc#1222464).
- CVE-2024-26715: Fixed NULL pointer dereference in dwc3_gadget_suspend (bsc#1222561).
- CVE-2024-26742: Fixed disable_managed_interrupts (git-fixes bsc#1222608).
- CVE-2024-26775: Fixed potential deadlock at set_capacity (bsc#1222627).
- CVE-2024-26791: Fixed properly validate device names in btrfs (bsc#1222793)
- CVE-2024-26822: Set correct id, uid and cruid for multiuser automounts (bsc#1223011).
- CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223084).
- CVE-2024-26876: Fixed crash on irq during probe (bsc#1223119).
- CVE-2024-26900: Fixed kmemleak of rdev->serial (bsc#1223046).
- CVE-2024-26915: Reset IH OVERFLOW_CLEAR bit (bsc#1223207)
- CVE-2024-26919: Fixed debugfs directory leak (bsc#1223847).
- CVE-2024-26921: Preserve kabi for sk_buff (bsc#1223138).
- CVE-2024-26925: Release mutex after nft_gc_seq_end from abort path (bsc#1223390).
- CVE-2024-26928: Fixed potential UAF in cifs_debug_files_proc_show() (bsc#1223532).
- CVE-2024-26939: Fixed UAF on destroy against retire race (bsc#1223679).
- CVE-2024-26958: Fixed UAF in direct writes (bsc#1223653).
- CVE-2024-27042: Fixed potential out-of-bounds access in 'amdgpu_discovery_reg_base_init()' (bsc#1223823).
- CVE-2024-27395: Fixed Use-After-Free in ovs_ct_exit (bsc#1224098).
- CVE-2024-27396: Fixed Use-After-Free in gtp_dellink (bsc#1224096).
- CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1224174).
- CVE-2024-27401: Fixed user_length taken into account when fetching packet contents (bsc#1224181).
- CVE-2024-27417: Fixed potential "struct net" leak in inet6_rtm_getaddr() (bsc#1224721)
- CVE-2024-27419: Fixed data-races around sysctl_net_busy_read (bsc#1224759)
- CVE-2024-27431: Fixed Zero-initialise xdp_rxq_info struct before running XDP program (bsc#1224718).
- CVE-2024-35791: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() (bsc#1224725).
- CVE-2024-35799: Prevent crash when disable stream (bsc#1224740).
- CVE-2024-35804: Mark target gfn of emulated atomic instruction as dirty (bsc#1224638).
- CVE-2024-35852: Fixed memory leak when canceling rehash work (bsc#1224502).
- CVE-2024-35854: Fixed possible use-after-free during rehash (bsc#1224636).
- CVE-2024-35860: struct bpf_link and bpf_link_ops kABI workaround (bsc#1224531).
- CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1224766).
- CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764).
- CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break() (bsc#1224763).
- CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765).
- CVE-2024-35865: Fixed potential UAF in smb2_is_valid_oplock_break() (bsc#1224668).
- CVE-2024-35866: Fixed potential UAF in cifs_dump_full_key() (bsc#1224667).
- CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1224664).
- CVE-2024-35868: Fixed potential UAF in cifs_stats_proc_write() (bsc#1224678).
- CVE-2024-35869: Guarantee refcounted children from parent session (bsc#1224679).
- CVE-2024-35870: Fixed UAF in smb2_reconnect_server() (bsc#1224672).
- CVE-2024-35872: Fixed GUP-fast succeeding on secretmem folios (bsc#1224530).
- CVE-2024-35875: Require seeding RNG with RDRAND on CoCo systems (bsc#1224665).
- CVE-2024-35877: Fixed VM_PAT handling in COW mappings (bsc#1224525).
- CVE-2024-35878: Prevent NULL pointer dereference in vsnprintf() (bsc#1224671).
- CVE-2024-35879: kABI workaround for drivers/of/dynamic.c (bsc#1224524).
- CVE-2024-35885: Stop interface during shutdown (bsc#1224519).
- CVE-2024-35904: Fixed dereference of garbage after mount failure (bsc#1224494).
- CVE-2024-35905: Fixed int overflow for stack access size (bsc#1224488).
- CVE-2024-35907: Call request_irq() after NAPI initialized (bsc#1224492).
- CVE-2024-35924: Limit read size on v1.2 (bsc#1224657).
- CVE-2024-35939: Fixed leak pages on dma_set_decrypted() failure (bsc#1224535).
- CVE-2024-35943: Fixed a null pointer dereference in omap_prm_domain_init (bsc#1224649).
- CVE-2024-35944: Fixed memcpy() run-time warning in dg_dispatch_as_host() (bsc#1224648).
- CVE-2024-35951: Fixed the error path in panfrost_mmu_map_fault_addr() (bsc#1224701).
- CVE-2024-35959: Fixed mlx5e_priv_init() cleanup flow (bsc#1224666).
- CVE-2024-35964: Fixed not validating setsockopt user input (bsc#1224581).
- CVE-2024-35969: Fixed race condition between ipv6_get_ifaddr and ipv6_del_addr (bsc#1224580).
- CVE-2024-35973: Fixed header validation in geneve[6]_xmit_skb (bsc#1224586).
- CVE-2024-35976: Validate user input for XDP_{UMEM|COMPLETION}_FILL_RING (bsc#1224575).
- CVE-2024-35998: Fixed lock ordering potential deadlock in cifs_sync_mid_result (bsc#1224549).
- CVE-2024-35999: Fixed missing lock when picking channel (bsc#1224550).
- CVE-2024-36006: Fixed incorrect list API usage (bsc#1224541).
- CVE-2024-36007: Fixed warning during rehash (bsc#1224543).
- CVE-2024-36938: Fixed NULL pointer dereference in sk_psock_skb_ingress_enqueue (bsc#1225761).
The following non-security bugs were fixed:
- 9p: explicitly deny setlease attempts (git-fixes).
- ACPI: bus: Indicate support for _TFP thru _OSC (git-fixes).
- ACPI: disable -Wstringop-truncation (git-fixes).
- ACPI: Fix Generic Initiator Affinity _OSC bit (git-fixes).
- ACPI: LPSS: Advertise number of chip selects via property (git-fixes).
- admin-guide/hw-vuln/core-scheduling: fix return type of PR_SCHED_CORE_GET (git-fixes).
- af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress (bsc#1223384).
- af_unix: Do not use atomic ops for unix_sk(sk)->inflight (bsc#1223384).
- af_unix: Replace BUG_ON() with WARN_ON_ONCE() (bsc#1223384).
- ALSA: core: Fix NULL module pointer assignment at card init (git-fixes).
- ALSA: hda/cs_dsp_ctl: Use private_free for control cleanup (git-fixes).
- ALSA: line6: Zero-initialize message buffers (stable-fixes).
- ARM: 9381/1: kasan: clear stale stack poison (git-fixes).
- ASoC: Intel: avs: Fix ASRC module initialization (git-fixes).
- ASoC: Intel: avs: Fix potential integer overflow (git-fixes).
- ASoC: Intel: avs: ssm4567: Do not ignore route checks (git-fixes).
- ASoC: Intel: Disable route checks for Skylake boards (git-fixes).
- ASoC: kirkwood: Fix potential NULL dereference (git-fixes).
- ASoC: mediatek: mt8192: fix register configuration for tdm (git-fixes).
- ASoC: meson: axg-fifo: use FIELD helpers (stable-fixes).
- ASoC: meson: axg-fifo: use threaded irq to check periods (git-fixes).
- ASoC: tas2552: Add TX path for capturing AUDIO-OUT data (git-fixes).
- ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value (git-fixes).
- ata: pata_legacy: make legacy_exit() work again (git-fixes).
- ata: sata_gemini: Check clk_enable() result (stable-fixes).
- autofs: use wake_up() instead of wake_up_interruptible(() (bsc#1224166).
- Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout (git-fixes).
- Bluetooth: hci_sync: Avoid use-after-free in dbg for hci_add_adv_monitor() (git-fixes).
- Bluetooth: hci_sync: Do not double print name in add/remove adv_monitor (bsc#1216358).
- Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout (git-fixes).
- Bluetooth: msft: fix slab-use-after-free in msft_do_close() (git-fixes).
- Bluetooth: qca: add missing firmware sanity checks (git-fixes).
- Bluetooth: qca: Fix error code in qca_read_fw_build_info() (git-fixes).
- Bluetooth: qca: fix firmware check error path (git-fixes).
- Bluetooth: qca: fix info leak when fetching fw build id (git-fixes).
- Bluetooth: qca: fix NVM configuration parsing (git-fixes).
- bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (git-fixes)
- bpf: decouple prune and jump points (bsc#1225756).
- bpf: fix precision backtracking instruction iteration (bsc#1225756).
- bpf: Fix precision tracking for BPF_ALU | BPF_TO_BE | BPF_END (git-fixes).
- bpf: handle ldimm64 properly in check_cfg() (bsc#1225756).
- bpf: mostly decouple jump history management from is_state_visited() (bsc#1225756).
- bpf: remove unnecessary prune and jump points (bsc#1225756).
- btrfs: add error messages to all unrecognized mount options (git-fixes)
- btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() (git-fixes)
- btrfs: export: handle invalid inode or root reference in btrfs_get_parent() (git-fixes)
- btrfs: extend locking to all space_info members accesses (git-fixes)
- btrfs: fix btrfs_submit_compressed_write cgroup attribution (git-fixes)
- btrfs: fix fallocate to use file_modified to update permissions consistently (git-fixes)
- btrfs: fix information leak in btrfs_ioctl_logical_to_ino() (git-fixes)
- btrfs: fix missing blkdev_put() call in btrfs_scan_one_device() (git-fixes)
- btrfs: fix off-by-one chunk length calculation at contains_pending_extent() (git-fixes)
- btrfs: fix qgroup reserve overflow the qgroup limit (git-fixes)
- btrfs: fix silent failure when deleting root reference (git-fixes)
- btrfs: fix use-after-free after failure to create a snapshot (git-fixes)
- btrfs: free exchange changeset on failures (git-fixes)
- btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() (git-fixes)
- btrfs: make search_csum_tree return 0 if we get -EFBIG (git-fixes)
- btrfs: prevent copying too big compressed lzo segment (git-fixes)
- btrfs: remove BUG_ON(!eie) in find_parent_nodes (git-fixes)
- btrfs: remove BUG_ON() in find_parent_nodes() (git-fixes)
- btrfs: repair super block num_devices automatically (git-fixes)
- btrfs: replace the BUG_ON in btrfs_del_root_ref with proper error handling (git-fixes)
- btrfs: send: ensure send_fd is writable (git-fixes)
- btrfs: send: handle path ref underflow in header iterate_inode_ref() (git-fixes)
- btrfs: send: in case of IO error log it (git-fixes)
- btrfs: send: return EOPNOTSUPP on unknown flags (git-fixes)
- btrfs: tree-checker: check item_size for dev_item (git-fixes)
- btrfs: tree-checker: check item_size for inode_item (git-fixes)
- cifs: account for primary channel in the interface list (bsc#1224020).
- cifs: cifs_chan_is_iface_active should be called with chan_lock held (bsc#1224020).
- cifs: distribute channels across interfaces based on speed (bsc#1224020).
- cifs: do not pass cifs_sb when trying to add channels (bsc#1224020).
- cifs: failure to add channel on iface should bump up weight (git-fixes, bsc#1224020).
- cifs: fix charset issue in reconnection (bsc#1224020).
- cifs: fix leak of iface for primary channel (git-fixes, bsc#1224020).
- cifs: handle cases where a channel is closed (bsc#1224020).
- cifs: handle cases where multiple sessions share connection (bsc#1224020).
- cifs: reconnect work should have reference on server struct (bsc#1224020).
- clk: Do not hold prepare_lock when calling kref_put() (stable-fixes).
- clk: qcom: mmcc-msm8998: fix venus clock issue (git-fixes).
- counter: stm32-lptimer-cnt: Provide defines for clock polarities (git-fixes).
- counter: stm32-timer-cnt: Provide defines for slave mode selection (git-fixes).
- cppc_cpufreq: Fix possible null pointer dereference (git-fixes).
- cpu/hotplug: Remove the 'cpu' member of cpuhp_cpu_state (git-fixes).
- cpumask: Add for_each_cpu_from() (bsc#1225053).
- crypto: bcm - Fix pointer arithmetic (git-fixes).
- crypto: ccp - drop platform ifdef checks (git-fixes).
- crypto: ecdsa - Fix module auto-load on add-key (git-fixes).
- crypto: x86/nh-avx2 - add missing vzeroupper (git-fixes).
- crypto: x86/sha256-avx2 - add missing vzeroupper (git-fixes).
- crypto: x86/sha512-avx2 - add missing vzeroupper (git-fixes).
- dmaengine: axi-dmac: fix possible race in remove() (git-fixes).
- dmaengine: idma64: Add check for dma_set_max_seg_size (git-fixes).
- dm/amd/pm: Fix problems with reboot/shutdown for some SMU 13.0.4/13.0.11 users (git-fixes).
- dm-multipath: dont't attempt SG_IO on non-SCSI-disks (bsc#1223575).
- docs: kernel_include.py: Cope with docutils 0.21 (stable-fixes).
- drivers/nvme: Add quirks for device 126f:2262 (git-fixes).
- drm/amd/display: Atom Integrated System Info v2_2 for DCN35 (stable-fixes).
- drm/amd/display: Fix division by zero in setup_dsc_config (stable-fixes).
- drm/amd/display: Fix potential index out of bounds in color transformation function (git-fixes).
- drm/amd/display: Handle Y carry-over in VCP X.Y calculation (stable-fixes).
- drm/amd: Flush GFXOFF requests in prepare stage (git-fixes).
- drm/amdgpu: Refine IB schedule error logging (stable-fixes).
- drm/amdkfd: do not allow mapping the MMIO HDP page with large pages (git-fixes).
- drm/arm/malidp: fix a possible null pointer dereference (git-fixes).
- drm/bridge: anx7625: Do not log an error when DSI host can't be found (git-fixes).
- drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference (git-fixes).
- drm/bridge: dpc3433: Do not log an error when DSI host can't be found (git-fixes).
- drm/bridge: icn6211: Do not log an error when DSI host can't be found (git-fixes).
- drm/bridge: lt8912b: Do not log an error when DSI host can't be found (git-fixes).
- drm/bridge: lt9611: Do not log an error when DSI host can't be found (git-fixes).
- drm/bridge: tc358775: Do not log an error when DSI host can't be found (git-fixes).
- drm/bridge: tc358775: fix support for jeida-18 and jeida-24 (git-fixes).
- drm/connector: Add \n to message about demoting connector force-probes (git-fixes).
- drm/i915/bios: Fix parsing backlight BDB data (git-fixes).
- drm/lcdif: Do not disable clocks on already suspended hardware (git-fixes).
- drm/mediatek: Add 0 size check to mtk_drm_gem_obj (git-fixes).
- drm/meson: dw-hdmi: add bandgap setting for g12 (git-fixes).
- drm/meson: dw-hdmi: power up phy on device init (git-fixes).
- drm/meson: vclk: fix calculation of 59.94 fractional rates (git-fixes).
- drm/msm/dp: allow voltage swing / pre emphasis of 3 (git-fixes).
- drm/msm/dpu: Always flush the slave INTF on the CTL (git-fixes).
- drm/msm/dsi: Print dual-DSI-adjusted pclk instead of original mode pclk (git-fixes).
- drm/nouveau/dp: Do not probe eDP ports twice harder (stable-fixes).
- drm/panel: atna33xc20: Fix unbalanced regulator in the case HPD does not assert (git-fixes).
- drm/panel: novatek-nt35950: Do not log an error when DSI host can't be found (git-fixes).
- drm/panel: simple: Add missing Innolux G121X1-L03 format, flags, connector (git-fixes).
- drm: vc4: Fix possible null pointer dereference (git-fixes).
- dt-bindings: clock: qcom: Add missing UFS QREF clocks (git-fixes)
- dyndbg: fix old BUG_ON in >control parser (stable-fixes).
- efi: libstub: only free priv.runtime_map when allocated (git-fixes).
- extcon: max8997: select IRQ_DOMAIN instead of depending on it (git-fixes).
- fail_function: fix wrong use of fei_attr_remove().
- fbdev: savage: Handle err return when savagefb_check_var failed (git-fixes).
- fbdev: shmobile: fix snprintf truncation (git-fixes).
- fbdev: sisfb: hide unused variables (git-fixes).
- firewire: ohci: mask bus reset interrupts between ISR and bottom half (stable-fixes).
- firmware: dmi-id: add a release callback function (git-fixes).
- firmware: raspberrypi: Use correct device for DMA mappings (git-fixes).
- fs/9p: drop inodes immediately on non-.L too (git-fixes).
- fs/9p: only translate RWX permissions for plain 9P2000 (git-fixes).
- fs/9p: translate O_TRUNC into OTRUNC (git-fixes).
- gpio: crystalcove: Use -ENOTSUPP consistently (stable-fixes).
- gpio: wcove: Use -ENOTSUPP consistently (stable-fixes).
- gpu: host1x: Do not setup DMA for virtual devices (stable-fixes).
- HID: intel-ish-hid: ipc: Add check for pci_alloc_irq_vectors (git-fixes).
- hwmon: (corsair-cpro) Protect ccp->wait_input_report with a spinlock (git-fixes).
- hwmon: (corsair-cpro) Use a separate buffer for sending commands (git-fixes).
- hwmon: (corsair-cpro) Use complete_all() instead of complete() in ccp_raw_event() (git-fixes).
- hwmon: (lm70) fix links in doc and comments (git-fixes).
- hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us (git-fixes).
- i3c: master: svc: change ENXIO to EAGAIN when IBI occurs during start frame (git-fixes).
- i3c: master: svc: fix invalidate IBI type and miss call client IBI handler (git-fixes).
- IB/mlx5: Use __iowrite64_copy() for write combining stores (git-fixes)
- idpf: extend tx watchdog timeout (bsc#1224137).
- iio: core: Leave private pointer NULL when no private data supplied (git-fixes).
- iio: pressure: dps310: support negative temperature values (git-fixes).
- Input: cyapa - add missing input core locking to suspend/resume functions (git-fixes).
- Input: ims-pcu - fix printf string overflow (git-fixes).
- Input: pm8xxx-vibrator - correct VIB_MAX_LEVELS calculation (git-fixes).
- iomap: Fix inline extent handling in iomap_readpage (git-fixes)
- iomap: iomap: fix memory corruption when recording errors during writeback (git-fixes)
- iomap: Support partial direct I/O on user copy failures (git-fixes)
- iommu/dma: Force swiotlb_max_mapping_size on an untrusted device (bsc#1224331)
- io_uring/unix: drop usage of io_uring socket (git-fixes).
- irqchip/gic-v3-its: Prevent double free on error (git-fixes).
- jffs2: prevent xattr node from overflowing the eraseblock (git-fixes).
- kABI: bpf: struct bpf_insn_aux_data kABI workaround (bsc#1225756).
- kcm: do not sense pfmemalloc status in kcm_sendpage() (git-fixes bsc#1223959)
- KEYS: trusted: Do not use WARN when encode fails (git-fixes).
- KEYS: trusted: Fix memory leak in tpm2_key_encode() (git-fixes).
- KVM: s390: Check kvm pointer when testing KVM_CAP_S390_HPAGE_1M (git-fixes bsc#1224794).
- KVM: x86: Delete duplicate documentation for KVM_X86_SET_MSR_FILTER (git-fixes).
- leds: pwm: Disable PWM when going to suspend (git-fixes).
- libsubcmd: Fix parse-options memory leak (git-fixes).
- locking/atomic: Make test_and_*_bit() ordered on failure (git-fixes).
- media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries (git-fixes).
- media: dt-bindings: ovti,ov2680: Fix the power supply names (git-fixes).
- media: mc: mark the media devnode as registered from the, start (git-fixes).
- media: ngene: Add dvb_ca_en50221_init return value check (git-fixes).
- media: stk1160: fix bounds checking in stk1160_copy_video() (git-fixes).
- mei: me: add lunar lake point M DID (stable-fixes).
- mfd: intel-lpss: Revert "Add missing check for platform_get_resource" (git-fixes).
- mfd: ti_am335x_tscadc: Support the correctly spelled DT property (git-fixes).
- mfd: tqmx86: Specify IO port register range more precisely (git-fixes).
- mlxbf_gige: Enable the GigE port in mlxbf_gige_open (git-fixes).
- mlxbf_gige: Fix intermittent no ip issue (git-fixes).
- mlxbf_gige: stop PHY during open() error paths (git-fixes).
- mmc: sdhci_am654: Add tuning algorithm for delay chain (git-fixes).
- mmc: sdhci_am654: Write ITAPDLY for DDR52 timing (git-fixes).
- mtd: core: Report error if first mtd_otp_size() call fails in mtd_otp_nvmem_add() (git-fixes).
- mtd: rawnand: hynix: fixed typo (git-fixes).
- net: do not sense pfmemalloc status in skb_append_pagefrags() (git-fixes bsc#1223959)
- netfilter: nf_tables: bail out early if hardware offload is not supported (git-fixes bsc#1223961)
- net: introduce __skb_fill_page_desc_noacc (git-fixes bsc#1223959)
- net: nfc: remove inappropriate attrs check (stable-fixes).
- net: qualcomm: rmnet: fix global oob in rmnet_policy (git-fixes).
- net: usb: ax88179_178a: fix link status when link is set to down/up (git-fixes).
- net:usb:qmi_wwan: support Rolling modules (stable-fixes).
- net: usb: smsc95xx: stop lying about skb->truesize (git-fixes).
- net: usb: sr9700: stop lying about skb->truesize (git-fixes).
- net: vmxnet3: Fix NULL pointer dereference in vmxnet3_rq_rx_complete() (bsc#1223360).
- nfc: nci: Fix handling of zero-length payload packets in nci_rx_work() (git-fixes).
- nfc: nci: Fix uninit-value in nci_rx_work (git-fixes).
- nilfs2: fix out-of-range warning (git-fixes).
- nilfs2: fix unexpected freezing of nilfs_segctor_sync() (git-fixes).
- nilfs2: fix use-after-free of timer for log writer thread (git-fixes).
- nilfs2: make superblock data array index computation sparse friendly (git-fixes).
- nvme: ensure disabling pairs with unquiesce (bsc#1224534).
- nvme: fix miss command type check (git-fixes).
- nvme: fix multipath batched completion accounting (git-fixes).
- nvme-multipath: fix io accounting on failover (git-fixes).
- nvmet: fix ns enable/disable possible hang (git-fixes).
- PCI: dwc: Detect iATU settings after getting "addr_space" resource (git-fixes).
- PCI: dwc: ep: Fix DBI access failure for drivers requiring refclk from host (git-fixes).
- PCI: dwc: Use the bitmap API to allocate bitmaps (git-fixes).
- PCI/EDR: Align EDR_PORT_DPC_ENABLE_DSM with PCI Firmware r3.3 (git-fixes).
- PCI/EDR: Align EDR_PORT_LOCATE_DSM with PCI Firmware r3.3 (git-fixes).
- PCI: rockchip-ep: Remove wrong mask on subsys_vendor_id (git-fixes).
- PCI: tegra194: Fix probe path for Endpoint mode (git-fixes).
- pinctrl: armada-37xx: remove an unused variable (git-fixes).
- pinctrl: core: delete incorrect free in pinctrl_enable() (git-fixes).
- pinctrl: core: handle radix_tree_insert() errors in pinctrl_register_one_pin() (stable-fixes).
- pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() (git-fixes).
- pinctrl/meson: fix typo in PDM's pin name (git-fixes).
- pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of GPIOR-T (git-fixes).
- platform/x86/intel-uncore-freq: Do not present root domain on error (git-fixes).
- platform/x86: xiaomi-wmi: Fix race condition when reporting key events (git-fixes).
- powerpc/eeh: Permanently disable the removed device (bsc#1223991 ltc#205740).
- powerpc/eeh: Small refactor of eeh_handle_normal_event() (bsc#1223991 ltc#205740).
- powerpc/eeh: Use a goto for recovery failures (bsc#1223991 ltc#205740).
- powerpc/powernv: Add a null pointer check in opal_event_init() (bsc#1065729).
- powerpc/pseries/lparcfg: drop error message from guest name lookup (bsc#1187716 ltc#193451 git-fixes).
- powerpc/pseries/vio: Do not return ENODEV if node or compatible missing (bsc#1220783).
- powerpc/uaccess: Fix build errors seen with GCC 13/14 (bsc#1194869).
- powerpc/uaccess: Use YZ asm constraint for ld (bsc#1194869).
- power: rt9455: hide unused rt9455_boost_voltage_values (git-fixes).
- ppdev: Add an error check in register_device (git-fixes).
- printk: Update @console_may_schedule in console_trylock_spinning() (bsc#1225616).
- qibfs: fix dentry leak (git-fixes)
- RDMA/hns: Add max_ah and cq moderation capacities in query_device() (git-fixes)
- RDMA/hns: Fix deadlock on SRQ async events. (git-fixes)
- RDMA/hns: Fix GMV table pagesize (git-fixes)
- RDMA/hns: Fix return value in hns_roce_map_mr_sg (git-fixes)
- RDMA/hns: Fix UAF for cq async event (git-fixes)
- RDMA/hns: Modify the print level of CQE error (git-fixes)
- RDMA/hns: Use complete parentheses in macros (git-fixes)
- RDMA/IPoIB: Fix format truncation compilation errors (git-fixes)
- RDMA/mlx5: Adding remote atomic access flag to updatable flags (git-fixes)
- RDMA/mlx5: Fix port number for counter query in multi-port configuration (git-fixes)
- RDMA/rxe: Add ibdev_dbg macros for rxe (git-fixes)
- RDMA/rxe: Fix incorrect rxe_put in error path (git-fixes)
- RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt (git-fixes)
- RDMA/rxe: Fix the problem "mutex_destroy missing" (git-fixes)
- RDMA/rxe: Replace pr_xxx by rxe_dbg_xxx in rxe_net.c (git-fixes)
- RDMA/rxe: Split rxe_run_task() into two subroutines (git-fixes)
- regulator: bd71828: Do not overwrite runtime voltages (git-fixes).
- regulator: core: fix debugfs creation regression (git-fixes).
- regulator: mt6360: De-capitalize devicetree regulator subnodes (git-fixes).
- remoteproc: mediatek: Make sure IPI buffer fits in L2TCM (git-fixes).
- Rename colliding patches before origin/cve/linux-5.14-LTSS -> SLE15-SP5 merge
- Revert "cifs: reconnect work should have reference on server struct" (git-fixes, bsc#1224020).
- Revert "drm/bridge: ti-sn65dsi83: Fix enable error path" (git-fixes).
- ring-buffer: Fix a race between readers and resize checks (git-fixes).
- s390/bpf: Emit a barrier for BPF_FETCH instructions (git-fixes bsc#1224795).
- s390/cio: fix tracepoint subchannel type field (git-fixes bsc#1224796).
- s390/cpum_cf: make crypto counters upward compatible across machine types (bsc#1224346).
- s390/ipl: Fix incorrect initialization of len fields in nvme reipl block (git-fixes bsc#1225139).
- s390/ipl: Fix incorrect initialization of nvme dump block (git-fixes bsc#1225138).
- sched/topology: Optimize topology_span_sane() (bsc#1225053).
- scsi: arcmsr: Support new PCI device IDs 1883 and 1886 (git-fixes).
- scsi: bfa: Fix function pointer type mismatch for hcb_qe->cbfn (git-fixes).
- scsi: core: Consult supported VPD page list prior to fetching page (git-fixes).
- scsi: core: Fix unremoved procfs host directory regression (git-fixes).
- scsi: csiostor: Avoid function pointer casts (git-fixes).
- scsi: libfc: Do not schedule abort twice (git-fixes).
- scsi: libfc: Fix up timeout error in fc_fcp_rec_error() (git-fixes).
- scsi: lpfc: Add support for 32 byte CDBs (bsc#1225842).
- scsi: lpfc: Change default logging level for unsolicited CT MIB commands (bsc#1225842).
- scsi: lpfc: Change lpfc_hba hba_flag member into a bitmask (bsc#1225842).
- scsi: lpfc: Clear deferred RSCN processing flag when driver is unloading (bsc#1225842).
- scsi: lpfc: Copyright updates for 14.4.0.2 patches (bsc#1225842).
- scsi: lpfc: Introduce rrq_list_lock to protect active_rrq_list (bsc#1225842).
- scsi: lpfc: Update logging of protection type for T10 DIF I/O (bsc#1225842).
- scsi: lpfc: Update lpfc version to 14.4.0.2 (bsc#1225842).
- scsi: mpt3sas: Prevent sending diag_reset when the controller is ready (git-fixes).
- scsi: mylex: Fix sysfs buffer lengths (git-fixes).
- scsi: qla2xxx: Fix off by one in qla_edif_app_getstats() (git-fixes).
- scsi: sd: Unregister device if device_add_disk() failed in sd_probe() (git-fixes).
- selftests/pidfd: Fix config for pidfd_setns_test (git-fixes).
- serial: 8250_bcm7271: use default_mux_rate if possible (git-fixes).
- serial: kgdboc: Fix NMI-safety problems from keyboard reset code (stable-fixes).
- serial: max3100: Fix bitwise types (git-fixes).
- serial: max3100: Lock port->lock when calling uart_handle_cts_change() (git-fixes).
- serial: max3100: Update uart_driver_registered on driver removal (git-fixes).
- serial: sc16is7xx: add proper sched.h include for sched_set_fifo() (git-fixes).
- serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler (git-fixes).
- serial: sh-sci: protect invalidating RXDMA on shutdown (git-fixes).
- smb3: show beginning time for per share stats (bsc#1224020).
- smb: client: ensure to try all targets when finding nested links (bsc#1224020).
- smb: client: fix mount when dns_resolver key is not available (git-fixes, bsc#1224020).
- smb: client: get rid of dfs code dep in namespace.c (bsc#1224020).
- smb: client: get rid of dfs naming in automount code (bsc#1224020).
- smb: client: introduce DFS_CACHE_TGT_LIST() (bsc#1224020).
- smb: client: reduce stack usage in cifs_try_adding_channels() (bsc#1224020).
- smb: client: remove extra @chan_count check in __cifs_put_smb_ses() (bsc#1224020).
- smb: client: rename cifs_dfs_ref.c to namespace.c (bsc#1224020).
- soc: mediatek: cmdq: Fix typo of CMDQ_JUMP_RELATIVE (git-fixes).
- soc: qcom: rpmh-rsc: Enhance check for VRM in-flight request (git-fixes).
- Sort recent BHI patches
- speakup: Fix sizeof() vs ARRAY_SIZE() bug (git-fixes).
- spmi: Add a check for remove callback when removing a SPMI driver (git-fixes).
- spmi: hisi-spmi-controller: Do not override device identifier (git-fixes).
- swiotlb: extend buffer pre-padding to alloc_align_mask if necessary (bsc#1224331).
- swiotlb: Fix alignment checks when both allocation and DMA masks are (bsc#1224331)
- swiotlb: Fix double-allocation of slots due to broken alignment (bsc#1224331)
- swiotlb: Honour dma_alloc_coherent() alignment in swiotlb_alloc() (bsc#1224331)
- sysv: do not call sb_bread() with pointers_lock held (git-fixes).
- thermal/drivers/tsens: Fix null pointer dereference (git-fixes).
- tools/latency-collector: Fix -Wformat-security compile warns (git-fixes).
- tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer (bsc#1225535)
- tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer (git-fixes).
- tracing: Add MODULE_DESCRIPTION() to preemptirq_delay_test (git-fixes).
- tracing: hide unused ftrace_event_id_fops (git-fixes).
- tty: n_gsm: fix missing receive state reset after mode switch (git-fixes).
- tty: n_gsm: fix possible out-of-bounds in gsm0_receive() (git-fixes).
- Update patches.suse/ring-buffer-Fix-a-race-between-readers-and-resize-checks.patch (bsc#1222893).
- Update patches.suse/scsi-qedf-Don-t-process-stag-work-during-unload.patch (bsc#1214852)
- Update patches.suse/scsi-qedf-Wait-for-stag-work-during-unload.patch (bsc#1214852)
- usb: aqc111: stop lying about skb->truesize (git-fixes).
- USB: core: Add hub_get() and hub_put() routines (git-fixes).
- USB: core: Fix access violation during port device removal (git-fixes).
- USB: core: Fix deadlock in port "disable" sysfs attribute (git-fixes).
- usb: dwc3: core: Prevent phy suspend during init (Git-fixes).
- usb: gadget: u_audio: Clear uac pointer when freed (git-fixes).
- usb: typec: tipd: fix event checking for tps6598x (git-fixes).
- usb: typec: ucsi: displayport: Fix potential deadlock (git-fixes).
- VMCI: Fix an error handling path in vmci_guest_probe_device() (git-fixes).
- VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() (stable-fixes).
- vmci: prevent speculation leaks by sanitizing event in event_deliver() (git-fixes).
- watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger (git-fixes).
- watchdog: ixp4xx: Make sure restart always works (git-fixes).
- watchdog: rti_wdt: Set min_hw_heartbeat_ms to accommodate a safety margin (git-fixes).
- wifi: ar5523: enable proper endpoint verification (git-fixes).
- wifi: ath10k: Fix an error code problem in ath10k_dbg_sta_write_peer_debug_trigger() (git-fixes).
- wifi: ath10k: poll service ready message before failing (git-fixes).
- wifi: ath10k: populate board data for WCN3990 (git-fixes).
- wifi: ath11k: do not force enable power save on non-running vdevs (git-fixes).
- wifi: carl9170: add a proper sanity check for endpoints (git-fixes).
- wifi: carl9170: re-fix fortified-memset warning (git-fixes).
- wifi: cfg80211: fix rdev_dump_mpp() arguments order (stable-fixes).
- wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc (stable-fixes).
- wifi: mwl8k: initialize cmd->addr[] properly (git-fixes).
- x86/boot: Ignore NMIs during very early boot (git-fixes).
- x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES (git-fixes).
- x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file (git-fixes).
- x86/bugs: Fix BHI documentation (git-fixes).
- x86/bugs: Fix BHI handling of RRSBA (git-fixes).
- x86/bugs: Fix BHI retpoline check (git-fixes).
- x86/bugs: Fix return type of spectre_bhi_state() (git-fixes).
- x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto (git-fixes).
- x86/bugs: Rename various 'ia32_cap' variables to 'x86_arch_cap_msr' (git-fixes).
- x86/bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with CONFIG_MITIGATION_SPECTRE_BHI (git-fixes).
- x86: Fix CPUIDLE_FLAG_IRQ_ENABLE leaking timer reprogram (git-fixes).
- x86/kvm: Do not try to disable kvmclock if it was not enabled (git-fixes).
- x86/lib: Fix overflow when counting digits (git-fixes).
- x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() (git-fixes).
- x86/nmi: Drop unused declaration of proc_nmi_enabled() (git-fixes).
- x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO (git-fixes).
- x86/sev: Check for MWAITX and MONITORX opcodes in the #VC handler (git-fixes).
- x86/sme: Fix memory encryption setting if enabled by default and not overridden (git-fixes).
- x86/tdx: Preserve shared bit on mprotect() (git-fixes).
- xfs: add missing cmap->br_state = XFS_EXT_NORM update (git-fixes).
- xfs: fix exception caused by unexpected illegal bestcount in leaf dir (git-fixes).
- xfs: Fix false ENOSPC when performing direct write on a delalloc extent in cow fork (git-fixes).
- xfs: fix imprecise logic in xchk_btree_check_block_owner (git-fixes).
- xfs: fix inode reservation space for removing transaction (git-fixes).
- xfs: shrink failure needs to hold AGI buffer (git-fixes).
kernel-rt-5.14.21-150500.13.58.1.nosrc.rpm
True
kernel-rt-5.14.21-150500.13.58.1.x86_64.rpm
True
openSUSE-Leap-Micro-5.5-2024-2044
Recommended update for netavark
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for netavark and aardvark-dns fixes the following issues:
- Update to version 1.11.0
- Remove redundant source: cargo_config
aardvark-dns-1.11.0-150500.3.6.1.src.rpm
aardvark-dns-1.11.0-150500.3.6.1.x86_64.rpm
netavark-1.11.0-150500.3.6.1.src.rpm
netavark-1.11.0-150500.3.6.1.x86_64.rpm
aardvark-dns-1.11.0-150500.3.6.1.s390x.rpm
netavark-1.11.0-150500.3.6.1.s390x.rpm
aardvark-dns-1.11.0-150500.3.6.1.aarch64.rpm
netavark-1.11.0-150500.3.6.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-2018
Recommended update for transactional-update
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for transactional-update fixes the following issue:
- tukit: Properly handle overlay syncing failures: If the system
would not be rebooted and several snapshots accumulated in the
meantime, it was possible that the previous base snapshot
"required for /etc syncing" was deleted already. In that case
changes in /etc might have been reset
(gh#openSUSE/transactional-update#116)
(gh#kube-hetzner/terraform-hcloud-kube-hetzner#1287)
dracut-transactional-update-4.1.8-150500.3.9.2.noarch.rpm
libtukit4-4.1.8-150500.3.9.2.x86_64.rpm
transactional-update-4.1.8-150500.3.9.2.src.rpm
transactional-update-4.1.8-150500.3.9.2.x86_64.rpm
transactional-update-zypp-config-4.1.8-150500.3.9.2.noarch.rpm
tukit-4.1.8-150500.3.9.2.x86_64.rpm
tukitd-4.1.8-150500.3.9.2.x86_64.rpm
libtukit4-4.1.8-150500.3.9.2.s390x.rpm
transactional-update-4.1.8-150500.3.9.2.s390x.rpm
tukit-4.1.8-150500.3.9.2.s390x.rpm
tukitd-4.1.8-150500.3.9.2.s390x.rpm
libtukit4-4.1.8-150500.3.9.2.aarch64.rpm
transactional-update-4.1.8-150500.3.9.2.aarch64.rpm
tukit-4.1.8-150500.3.9.2.aarch64.rpm
tukitd-4.1.8-150500.3.9.2.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-2031
Security update for podman
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for podman fixes the following issues:
- Update to version 4.9.5
- CVE-2024-3727: Fixed a flaw that allowed attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks. (bsc#1224122)
- CVE-2024-24786: Fixed an infinite loop in protojson. (bsc#1226136)
podman-4.9.5-150500.3.12.1.src.rpm
podman-4.9.5-150500.3.12.1.x86_64.rpm
podman-docker-4.9.5-150500.3.12.1.noarch.rpm
podman-remote-4.9.5-150500.3.12.1.x86_64.rpm
podmansh-4.9.5-150500.3.12.1.x86_64.rpm
podman-4.9.5-150500.3.12.1.s390x.rpm
podman-remote-4.9.5-150500.3.12.1.s390x.rpm
podmansh-4.9.5-150500.3.12.1.s390x.rpm
podman-4.9.5-150500.3.12.1.ppc64le.rpm
podman-remote-4.9.5-150500.3.12.1.ppc64le.rpm
podmansh-4.9.5-150500.3.12.1.ppc64le.rpm
podman-4.9.5-150500.3.12.1.aarch64.rpm
podman-remote-4.9.5-150500.3.12.1.aarch64.rpm
podmansh-4.9.5-150500.3.12.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-2086
Recommended update for gcc13
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for gcc13 fixes the following issues:
Update to GCC 13.3 release
- Removed Fiji support from the GCN offload compiler as that is requiring
Code Object version 3 which is no longer supported by llvm18.
- Avoid combine spending too much compile-time and memory doing nothing
on s390x. [bsc#1188441]
- Make requirement to lld version specific to avoid requiring the
meta-package.
gcc13-13.3.0+git8781-150000.1.12.1.src.rpm
libgcc_s1-13.3.0+git8781-150000.1.12.1.x86_64.rpm
libstdc++6-13.3.0+git8781-150000.1.12.1.x86_64.rpm
libgcc_s1-13.3.0+git8781-150000.1.12.1.s390x.rpm
libstdc++6-13.3.0+git8781-150000.1.12.1.s390x.rpm
libgcc_s1-13.3.0+git8781-150000.1.12.1.aarch64.rpm
libstdc++6-13.3.0+git8781-150000.1.12.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-2051
Security update for openssl-1_1
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for openssl-1_1 fixes the following issues:
- CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551)
libopenssl-1_1-devel-1.1.1l-150500.17.31.1.x86_64.rpm
libopenssl1_1-1.1.1l-150500.17.31.1.x86_64.rpm
libopenssl1_1-hmac-1.1.1l-150500.17.31.1.x86_64.rpm
openssl-1_1-1.1.1l-150500.17.31.1.src.rpm
openssl-1_1-1.1.1l-150500.17.31.1.x86_64.rpm
libopenssl-1_1-devel-1.1.1l-150500.17.31.1.s390x.rpm
libopenssl1_1-1.1.1l-150500.17.31.1.s390x.rpm
libopenssl1_1-hmac-1.1.1l-150500.17.31.1.s390x.rpm
openssl-1_1-1.1.1l-150500.17.31.1.s390x.rpm
libopenssl-1_1-devel-1.1.1l-150500.17.31.1.aarch64.rpm
libopenssl1_1-1.1.1l-150500.17.31.1.aarch64.rpm
libopenssl1_1-hmac-1.1.1l-150500.17.31.1.aarch64.rpm
openssl-1_1-1.1.1l-150500.17.31.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-2742
Recommended update for suseconnect-ng
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for suseconnect-ng fixes the following issues:
- Version update
* Added uname as collector
* Added SAP workload detection
* Added detection of container runtimes
* Multiple fixes on ARM64 detection
* Use `read_values` for the CPU collector on Z
* Fixed data collection for ppc64le
* Grab the home directory from /etc/passwd if needed (bsc#1226128)
* Build zypper-migration and zypper-packages-search as standalone
binaries rather then one single binary
* Add --gpg-auto-import-keys flag before action in zypper command (bsc#1219004)
* Include /etc/products.d in directories whose content are backed
up and restored if a zypper-migration rollback happens (bsc#1219004)
* Add the ability to upload the system uptime logs, produced by the
suse-uptime-tracker daemon, to SCC/RMT as part of keepalive report
(jsc#PED-7982) (jsc#PED-8018)
* Add support for third party packages in SUSEConnect
* Refactor existing system information collection implementation
self-signed SSL certificate (bsc#1223107)
suseconnect-ng-1.11.0-150500.3.26.4.src.rpm
suseconnect-ng-1.11.0-150500.3.26.4.x86_64.rpm
suseconnect-ng-1.11.0-150500.3.26.4.s390x.rpm
suseconnect-ng-1.11.0-150500.3.26.4.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-2171
Security update for libarchive
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for libarchive fixes the following issues:
- CVE-2024-20696: Fixed heap based out-of-bounds write (bsc#1225971).
libarchive-3.5.1-150400.3.15.1.src.rpm
libarchive13-3.5.1-150400.3.15.1.x86_64.rpm
libarchive13-3.5.1-150400.3.15.1.s390x.rpm
libarchive13-3.5.1-150400.3.15.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-2236
Recommended update for sysconfig
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for sysconfig fixes the following issues:
- Update to version 0.85.9
- Revert to recommend wicked-service on <= 15.4
- netconfig: remove sed dependency
- netconfig/dns-resolver: remove search limit of 6 domains (bsc#1199093)
- netconfig: cleanup /var/run leftovers (bsc#1194557)
- netconfig: update ntp man page documentation, fix typos
- spec: drop legacy migration (from sle11) and rpm-utils
- netconfig: revert NM default policy change change (bsc#1185882)
With the change to the default policy, netconfig with NetworkManager
as network.service accepted settings from all services/programs
directly instead only from NetworkManager, where plugins/services
have to deliver their settings to apply them
sysconfig-0.85.9-150500.3.4.1.src.rpm
sysconfig-0.85.9-150500.3.4.1.x86_64.rpm
sysconfig-netconfig-0.85.9-150500.3.4.1.x86_64.rpm
sysconfig-0.85.9-150500.3.4.1.s390x.rpm
sysconfig-netconfig-0.85.9-150500.3.4.1.s390x.rpm
sysconfig-0.85.9-150500.3.4.1.aarch64.rpm
sysconfig-netconfig-0.85.9-150500.3.4.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-2177
Recommended update for s390-tools
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for s390-tools fixes the following issue:
- Amended read_values.c (bsc#1226609)
s390-tools-2.30.0-150500.9.16.2.src.rpm
s390-tools-2.30.0-150500.9.16.2.x86_64.rpm
libekmfweb1-2.30.0-150500.9.16.2.s390x.rpm
libkmipclient1-2.30.0-150500.9.16.2.s390x.rpm
s390-tools-2.30.0-150500.9.16.2.s390x.rpm
openSUSE-Leap-Micro-5.5-2024-2242
Recommended update for wicked
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for wicked fixes the following issues:
- Fix VLANs/bonds randomly not coming up after reboot or wicked restart. [bsc#1218668]
wicked-0.6.75-150500.3.29.1.src.rpm
wicked-0.6.75-150500.3.29.1.x86_64.rpm
wicked-service-0.6.75-150500.3.29.1.x86_64.rpm
wicked-0.6.75-150500.3.29.1.s390x.rpm
wicked-service-0.6.75-150500.3.29.1.s390x.rpm
wicked-0.6.75-150500.3.29.1.aarch64.rpm
wicked-service-0.6.75-150500.3.29.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-2253
Recommended update for containerd
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for containerd fixes the following issues:
- Revert the noarch change for devel subpackage
Switching to noarch causes issues on SLES maintenance updates, reverting it
fixes our image builds
containerd-1.7.17-150000.114.1.src.rpm
containerd-1.7.17-150000.114.1.x86_64.rpm
containerd-1.7.17-150000.114.1.s390x.rpm
containerd-1.7.17-150000.114.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-2246
Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container fixes the following issues:
- Collect component Role rules under operator Role instead of
ClusterRole (bsc#1223965, CVE-2024-33394)
- Ensure procps is installed (provides ps for tests)
This update also rebuilds it against current go releases.
kubevirt-1.1.1-150500.8.18.1.src.rpm
kubevirt-manifests-1.1.1-150500.8.18.1.x86_64.rpm
kubevirt-virtctl-1.1.1-150500.8.18.1.x86_64.rpm
openSUSE-Leap-Micro-5.5-2024-2282
Optional update for openscap, scap-security-guide
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for scap-security-guide and openscap provides the SCAP tooling
for SLE Micro 5.3, 5.4, 5.5.
This includes shipping openscap dependencies libxmlsec1-1 and libxmlsec1-openssl for SLE Micro.
libltdl7-2.4.6-150000.3.8.1.x86_64.rpm
libprocps8-3.3.17-150000.7.39.1.x86_64.rpm
libtool-2.4.6-150000.3.8.1.src.rpm
libxmlsec1-1-1.2.37-150400.14.5.1.x86_64.rpm
libxmlsec1-openssl1-1.2.37-150400.14.5.1.x86_64.rpm
procps-3.3.17-150000.7.39.1.src.rpm
procps-3.3.17-150000.7.39.1.x86_64.rpm
xmlsec1-1.2.37-150400.14.5.1.src.rpm
libprocps8-3.3.17-150000.7.39.1.s390x.rpm
procps-3.3.17-150000.7.39.1.s390x.rpm
libprocps8-3.3.17-150000.7.39.1.ppc64le.rpm
libprocps8-3.3.17-150000.7.39.1.aarch64.rpm
procps-3.3.17-150000.7.39.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-2283
Security update for libndp
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for libndp fixes the following issues:
- CVE-2024-5564: Add a check on the route information option length field. (bsc#1225771)
libndp-1.6-150000.3.3.1.src.rpm
libndp0-1.6-150000.3.3.1.x86_64.rpm
libndp0-1.6-150000.3.3.1.s390x.rpm
libndp0-1.6-150000.3.3.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-2286
Security update for podman
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for podman fixes the following issues:
- CVE-2024-6104: Fixed a potential leak of sensitive information on
HTTP log file (bsc#1227052).
podman-4.9.5-150500.3.15.1.src.rpm
podman-4.9.5-150500.3.15.1.x86_64.rpm
podman-docker-4.9.5-150500.3.15.1.noarch.rpm
podman-remote-4.9.5-150500.3.15.1.x86_64.rpm
podmansh-4.9.5-150500.3.15.1.x86_64.rpm
podman-4.9.5-150500.3.15.1.s390x.rpm
podman-remote-4.9.5-150500.3.15.1.s390x.rpm
podmansh-4.9.5-150500.3.15.1.s390x.rpm
podman-4.9.5-150500.3.15.1.ppc64le.rpm
podman-remote-4.9.5-150500.3.15.1.ppc64le.rpm
podmansh-4.9.5-150500.3.15.1.ppc64le.rpm
podman-4.9.5-150500.3.15.1.aarch64.rpm
podman-remote-4.9.5-150500.3.15.1.aarch64.rpm
podmansh-4.9.5-150500.3.15.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-2290
Security update for libxml2
low
SUSE Updates openSUSE-Leap-Micro 5.5
This update for libxml2 fixes the following issues:
- CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282).
libxml2-2-2.10.3-150500.5.17.1.x86_64.rpm
libxml2-2.10.3-150500.5.17.1.src.rpm
libxml2-python-2.10.3-150500.5.17.1.src.rpm
libxml2-tools-2.10.3-150500.5.17.1.x86_64.rpm
python3-libxml2-2.10.3-150500.5.17.1.x86_64.rpm
libxml2-2-2.10.3-150500.5.17.1.s390x.rpm
libxml2-tools-2.10.3-150500.5.17.1.s390x.rpm
python3-libxml2-2.10.3-150500.5.17.1.s390x.rpm
libxml2-2-2.10.3-150500.5.17.1.aarch64.rpm
libxml2-tools-2.10.3-150500.5.17.1.aarch64.rpm
python3-libxml2-2.10.3-150500.5.17.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-2302
Security update for krb5
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for krb5 fixes the following issues:
- CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186).
- CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187).
krb5-1.20.1-150500.3.9.1.src.rpm
krb5-1.20.1-150500.3.9.1.x86_64.rpm
krb5-1.20.1-150500.3.9.1.s390x.rpm
krb5-1.20.1-150500.3.9.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-2664
Recommended update for open-vm-tools
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for open-vm-tools fixes the following issues:
- There are no new features in the open-vm-tools release (bsc#1227181).
This is primarily a maintenance release that addresses a few critical
problems, including:
- A Github pull request and associated issue has been handled. Please
see the Resolved Issues section of the Release Notes
- A number of issues flagged by Coverity and ShellCheck have been
addressed
- A vmtoolsd process hang related to nested logging from an RPC Channel
error has been fixed
libvmtools0-12.4.5-150300.52.6.x86_64.rpm
open-vm-tools-12.4.5-150300.52.6.src.rpm
open-vm-tools-12.4.5-150300.52.6.x86_64.rpm
openSUSE-Leap-Micro-5.5-2024-2317
Recommended update for qclib
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for qclib fixes the following issues:
s390-tools was upgraded to version 2.31 (jsc#PED-7139):
- Add new tools / libraries:
* pvapconfig: Tool to automatically configure APQNs in SE KVM guests
* s390-tools: Provide pre-commit configuration
- Changes of existing tools:
* cpuplugd: Adjust to CPU 0 being no longer hotpluggable
* dbginfo.sh: Check for Dynamic Partition Mode
* dbginfo.sh: Update man page and copyright
* rust/pv: Add user-data signing and verifying
* rust/pvsecret: Add user defined signatures and verifications
* zdev/dracut: Consolidate device configuration
- Bug Fixes:
* dbginfo.sh: Fix relative path on script copy
* libkmipclient: Fix build with libxml2-2.12.0
* pvsecret: Fix panic if empty file is used as host key document
* rust/pv: Fix 'elided_lifetimes_in_associated_constant' warning
- Updated the .spec file to enable Secure Execution in the Cloud (bsc#1222675)
Changes in qclib:
* Applied a patch to change the _PATH_MOUNTED (bsc#1222143)
Upgrade to version 2.4.1 (jsc#PED-3285)
* Handle systems with `/sys/kernel/security/lockdown` enabled
* Consistency check: Fix accounting of reserved cores and CPUs
* Trace: Fix display of version information
* Doxygen config: Remove unused options
* Fixed problems when kernel lockdown is enabled (bsc#1216212,bsc#1214466)
Upgrade to version 2.4.0 (jsc#PED-3284, jsc#PED-3285)
* Recognize single frame models and rackable models
* zname: Add support for option --json
* qc_dump: Add trace and JSON dump to .tgz
s390-tools-2.31.0-150500.9.19.1.src.rpm
s390-tools-2.31.0-150500.9.19.1.x86_64.rpm
libekmfweb1-2.31.0-150500.9.19.1.s390x.rpm
libkmipclient1-2.31.0-150500.9.19.1.s390x.rpm
s390-tools-2.31.0-150500.9.19.1.s390x.rpm
s390-tools-genprotimg-data-2.31.0-150500.9.19.1.noarch.rpm
openSUSE-Leap-Micro-5.5-2024-2939
Security update for the Linux Kernel
important
SUSE Updates openSUSE-Leap-Micro 5.5
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-47086: phonet/pep: refuse to enable an unbound pipe (bsc#1220952).
- CVE-2021-47089: kfence: fix memory leak when cat kfence objects (bsc#1220958).
- CVE-2021-47103: net: sock: preserve kabi for sock (bsc#1221010).
- CVE-2021-47186: tipc: check for null after calling kmemdup (bsc#1222702).
- CVE-2021-47432: lib/generic-radix-tree.c: Do not overflow in peek() (bsc#1225391).
- CVE-2021-47515: seg6: fix the iif in the IPv6 socket control block (bsc#1225426).
- CVE-2021-47538: rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer() (bsc#1225448).
- CVE-2021-47539: rxrpc: Fix rxrpc_peer leak in rxrpc_look_up_bundle() (bsc#1225452).
- CVE-2021-47546: ipv6: fix memory leak in fib6_rule_suppress (bsc#1225504).
- CVE-2021-47547: net: tulip: de4x5: fix the problem that the array 'lp->phy' may be out of bound (bsc#1225505).
- CVE-2021-47555: net: vlan: fix underflow for the real_dev refcnt (bsc#1225467).
- CVE-2021-47566: Fix clearing user buffer by properly using clear_user() (bsc#1225514).
- CVE-2021-47571: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (bsc#1225518).
- CVE-2021-47572: net: nexthop: fix null pointer dereference when IPv6 is not enabled (bsc#1225389).
- CVE-2021-47588: sit: do not call ipip6_dev_free() from sit_init_net() (bsc#1226568).
- CVE-2021-47590: mptcp: fix deadlock in __mptcp_push_pending() (bsc#1226565).
- CVE-2021-47591: mptcp: remove tcp ulp setsockopt support (bsc#1226570).
- CVE-2021-47593: mptcp: clear 'kern' flag from fallback sockets (bsc#1226551).
- CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1226574).
- CVE-2021-47599: btrfs: use latest_dev in btrfs_show_devname (bsc#1226571).
- CVE-2021-47606: net: netlink: af_netlink: Prevent empty skb by adding a check on len. (bsc#1226555).
- CVE-2021-47623: powerpc/fixmap: Fix VM debug warning on unmap (bsc#1227919).
- CVE-2022-48716: ASoC: codecs: wcd938x: fix incorrect used of portid (bsc#1226678).
- CVE-2022-48785: ipv6: mcast: use rcu-safe version of ipv6_get_lladdr() (bsc#1227927)
- CVE-2022-48810: ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path (bsc#1227936).
- CVE-2022-48850: net-sysfs: add check for netdevice being present to speed_show (bsc#1228071).
- CVE-2022-48855: sctp: fix kernel-infoleak for SCTP sockets (bsc#1228003).
- CVE-2023-24023: Bluetooth: Add more enc key size check (bsc#1218148).
- CVE-2023-52435: net: prevent mss overflow in skb_segment() (bsc#1220138).
- CVE-2023-52573: net: rds: Fix possible NULL-pointer dereference (bsc#1220869).
- CVE-2023-52580: net/core: Fix ETH_P_1588 flow dissector (bsc#1220876).
- CVE-2023-52622: ext4: avoid online resizing failures due to oversized flex bg (bsc#1222080).
- CVE-2023-52658: Revert "net/mlx5: Block entering switchdev mode with ns inconsistency" (bsc#1224719).
- CVE-2023-52667: net/mlx5e: fix a potential double-free in fs_any_create_groups (bsc#1224603).
- CVE-2023-52670: rpmsg: virtio: Free driver_override when rpmsg_remove() (bsc#1224696).
- CVE-2023-52672: pipe: wakeup wr_wait after setting max_usage (bsc#1224614).
- CVE-2023-52675: powerpc/imc-pmu: Add a null pointer check in update_events_in_group() (bsc#1224504).
- CVE-2023-52735: bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself (bsc#1225475).
- CVE-2023-52737: btrfs: lock the inode in shared mode before starting fiemap (bsc#1225484).
- CVE-2023-52751: smb: client: fix use-after-free in smb2_query_info_compound() (bsc#1225489).
- CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487).
- CVE-2023-52762: virtio-blk: fix implicit overflow on virtio_max_dma_size (bsc#1225573).
- CVE-2023-52775: net/smc: avoid data corruption caused by decline (bsc#1225088).
- CVE-2023-52784: bonding: stop the device in bond_setup_by_slave() (bsc#1224946).
- CVE-2023-52787: blk-mq: make sure active queue usage is held for bio_integrity_prep() (bsc#1225105).
- CVE-2023-52812: drm/amd: check num of link levels when update pcie param (bsc#1225564).
- CVE-2023-52835: perf/core: Bail out early if the request AUX area is out of bound (bsc#1225602).
- CVE-2023-52837: nbd: fix uaf in nbd_open (bsc#1224935).
- CVE-2023-52843: llc: verify mac len before reading mac header (bsc#1224951).
- CVE-2023-52845: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING (bsc#1225585).
- CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225098).
- CVE-2023-52857: drm/mediatek: Fix coverity issue with unintentional integer overflow (bsc#1225581).
- CVE-2023-52863: hwmon: (axi-fan-control) Fix possible NULL pointer dereference (bsc#1225586).
- CVE-2023-52869: pstore/platform: Add check for kstrdup (bsc#1225050).
- CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611).
- CVE-2023-52882: clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change (bsc#1225692).
- CVE-2024-26615: net/smc: fix illegal rmb_desc access in SMC-D connection dump (bsc#1220942).
- CVE-2024-26625: Call sock_orphan() at release time (bsc#1221086)
- CVE-2024-26633: ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() (bsc#1221647).
- CVE-2024-26635: llc: Drop support for ETH_P_TR_802_2 (bsc#1221656).
- CVE-2024-26636: llc: make llc_ui_sendmsg() more robust against bonding changes (bsc#1221659).
- CVE-2024-26641: ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() (bsc#1221654).
- CVE-2024-26644: btrfs: do not abort filesystem when attempting to snapshot deleted subvolume (bsc#1221282, bsc#1222072).
- CVE-2024-26661: drm/amd/display: Add NULL test for 'timing generator' in 'dcn21_set_pipe()' (bsc#1222323).
- CVE-2024-26663: tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() (bsc#1222326).
- CVE-2024-26665: tunnels: fix out of bounds access when building IPv6 PMTU error (bsc#1222328).
- CVE-2024-26720: mm: Avoid overflows in dirty throttling logic (bsc#1222364).
- CVE-2024-26802: stmmac: Clear variable when destroying workqueue (bsc#1222799).
- CVE-2024-26813: vfio/platform: Create persistent IRQ handlers (bsc#1222809).
- CVE-2024-26814: vfio/fsl-mc: Block calling interrupt handler without trigger (bsc#1222810).
- CVE-2024-26842: scsi: target: core: Add TMF to tmr_list handling (bsc#1223013).
- CVE-2024-26845: scsi: target: core: Add TMF to tmr_list handling (bsc#1223018).
- CVE-2024-26863: hsr: Fix uninit-value access in hsr_get_node() (bsc#1223021).
- CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223384).
- CVE-2024-26961: mac802154: fix llsec key resources release in mac802154_llsec_key_del (bsc#1223652).
- CVE-2024-26973: fat: fix uninitialized field in nostale filehandles (bsc#1223641).
- CVE-2024-27015: netfilter: flowtable: incorrect pppoe tuple (bsc#1223806).
- CVE-2024-27019: netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() (bsc#1223813)
- CVE-2024-27020: netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() (bsc#1223815)
- CVE-2024-27025: nbd: null check for nla_nest_start (bsc#1223778)
- CVE-2024-27065: netfilter: nf_tables: do not compare internal table flags on updates (bsc#1223836).
- CVE-2024-27402: phonet/pep: fix racy skb_queue_empty() use (bsc#1224414).
- CVE-2024-27432: net: ethernet: mtk_eth_soc: fix PPE hanging issue (bsc#1224716).
- CVE-2024-27437: vfio/pci: Disable auto-enable of exclusive INTx IRQ (bsc#1222625).
- CVE-2024-35247: fpga: region: add owner module and take its refcount (bsc#1226948).
- CVE-2024-35789: Check fast rx for non-4addr sta VLAN changes (bsc#1224749).
- CVE-2024-35790: usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group (bsc#1224712).
- CVE-2024-35805: dm snapshot: fix lockup in dm_exception_table_exit (bsc#1224743).
- CVE-2024-35807: ext4: fix corruption during on-line resize (bsc#1224735).
- CVE-2024-35819: soc: fsl: qbman: Use raw spinlock for cgr_lock (bsc#1224683).
- CVE-2024-35835: net/mlx5e: fix a double-free in arfs_create_groups (bsc#1224605).
- CVE-2024-35837: net: mvpp2: clear BM pool before initialization (bsc#1224500).
- CVE-2024-35848: eeprom: at24: fix memory corruption race condition (bsc#1224612).
- CVE-2024-35853: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash (bsc#1224604).
- CVE-2024-35857: icmp: prevent possible NULL dereferences from icmp_build_probe() (bsc#1224619).
- CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1224766).
- CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764).
- CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765).
- CVE-2024-35869: smb: client: guarantee refcounted children from parent session (bsc#1224679).
- CVE-2024-35884: udp: do not accept non-tunnel GSO skbs landing in a tunnel (bsc#1224520).
- CVE-2024-35886: ipv6: Fix infinite recursion in fib6_dump_done() (bsc#1224670).
- CVE-2024-35889: idpf: fix kernel panic on unknown packet types (bsc#1224517).
- CVE-2024-35890: gro: fix ownership transfer (bsc#1224516).
- CVE-2024-35893: net/sched: act_skbmod: prevent kernel-infoleak (bsc#1224512)
- CVE-2024-35898: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (bsc#1224498).
- CVE-2024-35899: netfilter: nf_tables: flush pending destroy work before exit_net release (bsc#1224499)
- CVE-2024-35900: netfilter: nf_tables: reject new basechain after table flag update (bsc#1224497).
- CVE-2024-35925: block: prevent division by zero in blk_rq_stat_sum() (bsc#1224661).
- CVE-2024-35934: net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() (bsc#1224641)
- CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks (bsc#1224700).
- CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1224703).
- CVE-2024-35956: Fixed qgroup prealloc rsv leak in subvolume operations (bsc#1224674)
- CVE-2024-35958: net: ena: Fix incorrect descriptor free behavior (bsc#1224677).
- CVE-2024-35960: net/mlx5: Properly link new fs rules into the tree (bsc#1224588).
- CVE-2024-35961: net/mlx5: Register devlink first under devlink lock (bsc#1224585).
- CVE-2024-35979: raid1: fix use-after-free for original bio in raid1_write_request() (bsc#1224572).
- CVE-2024-35995: ACPI: CPPC: Use access_width over bit_width for system memory accesses (bsc#1224557).
- CVE-2024-35997: Remove I2C_HID_READ_PENDING flag to prevent lock-up (bsc#1224552).
- CVE-2024-36000: mm/hugetlb: fix missing hugetlb_lock for resv uncharge (bsc#1224548).
- CVE-2024-36004: i40e: Do not use WQ_MEM_RECLAIM flag for workqueue (bsc#1224545)
- CVE-2024-36005: netfilter: nf_tables: honor table dormant flag from netdev release event path (bsc#1224539).
- CVE-2024-36008: ipv4: check for NULL idev in ip_route_use_hint() (bsc#1224540).
- CVE-2024-36017: rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation (bsc#1225681).
- CVE-2024-36020: i40e: fix vf may be used uninitialized in this function warning (bsc#1225698).
- CVE-2024-36021: net: hns3: fix kernel crash when devlink reload during pf initialization (bsc#1225699).
- CVE-2024-36478: null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues' (bsc#1226841).
- CVE-2024-36479: fpga: bridge: add owner module and take its refcount (bsc#1226949).
- CVE-2024-36890: mm/slab: make __free(kfree) accept error pointers (bsc#1225714).
- CVE-2024-36894: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (bsc#1225749).
- CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225737).
- CVE-2024-36900: net: hns3: fix kernel crash when devlink reload during initialization (bsc#1225726).
- CVE-2024-36901: ipv6: prevent NULL dereference in ip6_output() (bsc#1225711)
- CVE-2024-36902: ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() (bsc#1225719).
- CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225732).
- CVE-2024-36909: Drivers: hv: vmbus: Do not free ring buffers that couldn't be re-encrypted (bsc#1225744).
- CVE-2024-36910: uio_hv_generic: Do not free decrypted memory (bsc#1225717).
- CVE-2024-36911: hv_netvsc: Do not free decrypted memory (bsc#1225745).
- CVE-2024-36912: Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl (bsc#1225752).
- CVE-2024-36913: Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails (bsc#1225753).
- CVE-2024-36914: drm/amd/display: Skip on writeback when it's not applicable (bsc#1225757).
- CVE-2024-36915: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies (bsc#1225758).
- CVE-2024-36916: blk-iocost: avoid out of bounds shift (bsc#1225759).
- CVE-2024-36917: block: fix overflow in blk_ioctl_discard() (bsc#1225770).
- CVE-2024-36919: scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload (bsc#1225767).
- CVE-2024-36923: fs/9p: fix uninitialized values during inode evict (bsc#1225815).
- CVE-2024-36934: bna: ensure the copied buf is NUL terminated (bsc#1225760).
- CVE-2024-36937: xdp: use flags field to disambiguate broadcast redirect (bsc#1225834).
- CVE-2024-36939: nfs: Handle error of rpc_proc_register() in nfs_net_init() (bsc#1225838).
- CVE-2024-36940: pinctrl: core: delete incorrect free in pinctrl_enable() (bsc#1225840).
- CVE-2024-36945: net/smc: fix neighbour and rtable leak in smc_ib_find_route() (bsc#1225823).
- CVE-2024-36946: phonet: fix rtm_phonet_notify() skb allocation (bsc#1225851).
- CVE-2024-36949: amd/amdkfd: sync all devices to wait all processes being evicted (bsc#1225872)
- CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1225866).
- CVE-2024-36971: net: fix __dst_negative_advice() race (bsc#1226145).
- CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (bsc#1226519).
- CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (bsc#1226514).
- CVE-2024-37021: fpga: manager: add owner module and take its refcount (bsc#1226950).
- CVE-2024-37078: nilfs2: fix potential kernel bug due to lack of writeback flag waiting (bsc#1227066).
- CVE-2024-37354: btrfs: fix crash on racing fsync and size-extending write into prealloc (bsc#1227101).
- CVE-2024-38545: RDMA/hns: Fix UAF for cq async event (bsc#1226595).
- CVE-2024-38553: net: fec: remove .ndo_poll_controller to avoid deadlock (bsc#1226744).
- CVE-2024-38555: net/mlx5: Discard command completions in internal error (bsc#1226607).
- CVE-2024-38556: net/mlx5: Add a timeout to acquire the command queue semaphore (bsc#1226774).
- CVE-2024-38557: net/mlx5: Reload only IB representors upon lag disable/enable (bsc#1226781).
- CVE-2024-38558: net: openvswitch: fix overwriting ct original tuple for ICMPv6 (bsc#1226783).
- CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226785).
- CVE-2024-38560: scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786).
- CVE-2024-38564: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE (bsc#1226789).
- CVE-2024-38568: drivers/perf: hisi: hns3: Fix out-of-bound access when valid event group (bsc#1226771).
- CVE-2024-38570: gfs2: Fix potential glock use-after-free on unmount (bsc#1226775).
- CVE-2024-38578: ecryptfs: Fix buffer size for tag 66 packet (bsc#1226634).
- CVE-2024-38580: epoll: be better about file lifetimes (bsc#1226610).
- CVE-2024-38586: r8169: Fix possible ring buffer corruption on fragmented Tx packets (bsc#1226750).
- CVE-2024-38594: net: stmmac: move the EST lock to struct stmmac_priv (bsc#1226734).
- CVE-2024-38597: eth: sungem: remove .ndo_poll_controller to avoid deadlocks (bsc#1226749).
- CVE-2024-38598: md: fix resync softlockup when bitmap size is less than array size (bsc#1226757).
- CVE-2024-38603: drivers/perf: hisi: hns3: Actually use devm_add_action_or_reset() (bsc#1226842).
- CVE-2024-38608: net/mlx5e: Fix netif state handling (bsc#1226746).
- CVE-2024-38627: stm class: Fix a double free in stm_register_device() (bsc#1226857).
- CVE-2024-38628: usb: gadget: u_audio: Fix race condition use of controls after free during gadget unbind (bsc#1226911).
- CVE-2024-38659: enic: Validate length of nl attributes in enic_set_vf_port (bsc#1226883).
- CVE-2024-38661: s390/ap: Fix crash in AP internal function modify_bitmap() (bsc#1226996).
- CVE-2024-38780: dma-buf/sw-sync: do not enable IRQ from sync_print_obj() (bsc#1226886).
- CVE-2024-39276: ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() (bsc#1226993).
- CVE-2024-39301: net/9p: fix uninit-value in p9_client_rpc() (bsc#1226994).
- CVE-2024-39371: io_uring: check for non-NULL file pointer in io_file_can_poll() (bsc#1226990).
- CVE-2024-39463: 9p: add missing locking around taking dentry fid list (bsc#1227090).
- CVE-2024-39468: smb: client: fix deadlock in smb2_find_smb_tcon() (bsc#1227103).
- CVE-2024-39469: nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors (bsc#1226992).
- CVE-2024-39472: xfs: fix log recovery buffer allocation for the legacy h_size fixup (bsc#1227432).
- CVE-2024-39475: fbdev: savage: Handle err return when savagefb_check_var failed (bsc#1227435)
- CVE-2024-39482: bcache: fix variable length array abuse in btree_iter (bsc#1227447).
- CVE-2024-39487: bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() (bsc#1227573)
- CVE-2024-39490: ipv6: sr: fix missing sk_buff release in seg6_input_core (bsc#1227626).
- CVE-2024-39493: crypto: qat - fix ADF_DEV_RESET_SYNC memory leak (bsc#1227620).
- CVE-2024-39494: ima: Fix use-after-free on a dentry's dname.name (bsc#1227716).
- CVE-2024-39497: drm/shmem-helper: fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE) (bsc#1227722).
- CVE-2024-39502: ionic: fix use after netif_napi_del() (bsc#1227755).
- CVE-2024-39506: liquidio: adjust a NULL pointer handling path in lio_vf_rep_copy_packet (bsc#1227729).
- CVE-2024-39507: net: hns3: fix kernel crash problem in concurrent scenario (bsc#1227730).
- CVE-2024-39508: io_uring/io-wq: use set_bit() and test_bit() at worker->flags (bsc#1227732).
- CVE-2024-40901: scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory (bsc#1227762).
- CVE-2024-40906: net/mlx5: Always stop health timer during driver removal (bsc#1227763).
- CVE-2024-40908: bpf: Set run context for rawtp test_run callback (bsc#1227783).
- CVE-2024-40909: bpf: Fix a potential use-after-free in bpf_link_free() (bsc#1227798).
- CVE-2024-40919: bnxt_en: Adjust logging of firmware messages in case of released token in __hwrm_send() (bsc#1227779).
- CVE-2024-40923: vmxnet3: disable rx data ring on dma allocation failure (bsc#1227786).
- CVE-2024-40931: mptcp: ensure snd_una is properly initialized on connect (bsc#1227780).
- CVE-2024-40935: cachefiles: flush all requests after setting CACHEFILES_DEAD (bsc#1227797).
- CVE-2024-40937: gve: Clear napi->skb before dev_kfree_skb_any() (bsc#1227836).
- CVE-2024-40940: net/mlx5: Fix tainted pointer delete is case of flow rules creation fail (bsc#1227800).
- CVE-2024-40943: ocfs2: fix races between hole punching and AIO+DIO (bsc#1227849).
- CVE-2024-40953: KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin() (bsc#1227806).
- CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808)
- CVE-2024-40956: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (bsc#1227810).
- CVE-2024-40958: netns: Make get_net_ns() handle zero refcount net (bsc#1227812).
- CVE-2024-40959: xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() (bsc#1227884).
- CVE-2024-40960: ipv6: prevent possible NULL dereference in rt6_probe() (bsc#1227813).
- CVE-2024-40961: ipv6: prevent possible NULL deref in fib6_nh_init() (bsc#1227814).
- CVE-2024-40966: kABI: tty: add the option to have a tty reject a new ldisc (bsc#1227886).
- CVE-2024-40967: serial: imx: Introduce timeout when waiting on transmitter empty (bsc#1227891).
- CVE-2024-40970: Avoid hw_desc array overrun in dw-axi-dmac (bsc#1227899).
- CVE-2024-40972: ext4: fold quota accounting into ext4_xattr_inode_lookup_create() (bsc#1227910).
- CVE-2024-40977: wifi: mt76: mt7921s: fix potential hung tasks during chip recovery (bsc#1227950).
- CVE-2024-40982: ssb: fix potential NULL pointer dereference in ssb_device_uevent() (bsc#1227865).
- CVE-2024-40989: KVM: arm64: Disassociate vcpus from redistributor region on teardown (bsc#1227823).
- CVE-2024-40994: ptp: fix integer overflow in max_vclocks_store (bsc#1227829).
- CVE-2024-40998: ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super() (bsc#1227866).
- CVE-2024-40999: net: ena: Add validation for completion descriptors consistency (bsc#1227913).
- CVE-2024-41006: netrom: Fix a memory leak in nr_heartbeat_expiry() (bsc#1227862).
- CVE-2024-41009: bpf: Fix overrunning reservations in ringbuf (bsc#1228020).
- CVE-2024-41011: drm/amdkfd: do not allow mapping the MMIO HDP page with large pages (bsc#1228114).
- CVE-2024-41012: filelock: Remove locks reliably when fcntl/close race is detected (bsc#1228247).
- CVE-2024-41013: xfs: do not walk off the end of a directory data block (bsc#1228405).
- CVE-2024-41014: xfs: add bounds checking to xlog_recover_process_data (bsc#1228408).
- CVE-2024-41015: ocfs2: add bounds checking to ocfs2_check_dir_entry() (bsc#1228409).
- CVE-2024-41016: ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() (bsc#1228410).
- CVE-2024-41017: jfs: do not walk off the end of ealist (bsc#1228403).
- CVE-2024-41040: net/sched: Fix UAF when resolving a clash (bsc#1228518).
- CVE-2024-41041: udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port() (bsc#1228520).
- CVE-2024-41044: ppp: reject claimed-as-LCP but actually malformed packets (bsc#1228530).
- CVE-2024-41048: skmsg: Skip zero length skb in sk_msg_recvmsg (bsc#1228565).
- CVE-2024-41057: cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie() (bsc#1228462).
- CVE-2024-41058: cachefiles: fix slab-use-after-free in fscache_withdraw_volume() (bsc#1228459).
- CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228561).
- CVE-2024-41063: bluetooth: hci_core: cancel all works upon hci_unregister_dev() (bsc#1228580).
- CVE-2024-41064: powerpc/eeh: avoid possible crash when edev->pdev changes (bsc#1228599).
- CVE-2024-41066: ibmvnic: add tx check to prevent skb leak (bsc#1228640).
- CVE-2024-41069: ASoC: topology: Fix route memory corruption (bsc#1228644).
- CVE-2024-41070: KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() (bsc#1228581).
- CVE-2024-41071: wifi: mac80211: Avoid address calculations via out of bounds array indexing (bsc#1228625).
- CVE-2024-41072: wifi: cfg80211: wext: add extra SIOCSIWSCAN data check (bsc#1228626).
- CVE-2024-41076: NFSv4: Fix memory leak in nfs4_set_security_label (bsc#1228649).
- CVE-2024-41078: btrfs: qgroup: fix quota root leak after quota disable failure (bsc#1228655).
- CVE-2024-41081: ila: block BH in ila_output() (bsc#1228617).
- CVE-2024-41090: tap: add missing verification for short frame (bsc#1228328).
- CVE-2024-41091: tun: add missing verification for short frame (bsc#1228327).
- CVE-2024-42070: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (bsc#1228470).
- CVE-2024-42079: gfs2: Fix NULL pointer dereference in gfs2_log_flush (bsc#1228672).
- CVE-2024-42093: net/dpaa2: Avoid explicit cpumask var allocation on stack (bsc#1228680).
- CVE-2024-42096: x86: stop playing stack games in profile_pc() (bsc#1228633).
- CVE-2024-42122: drm/amd/display: Add NULL pointer check for kzalloc (bsc#1228591).
- CVE-2024-42124: scsi: qedf: Make qedf_execute_tmf() non-preemptible (bsc#1228705).
- CVE-2024-42145: IB/core: Implement a limit on UMAD receive List (bsc#1228743)
- CVE-2024-42161: bpf: avoid uninitialized value in BPF_CORE_READ_BITFIELD (bsc#1228756).
- CVE-2024-42224: net: dsa: mv88e6xxx: Correct check for empty list (bsc#1228723).
- CVE-2024-42230: powerpc/pseries: Fix scv instruction crash with kexec (bsc#1194869).
The following non-security bugs were fixed:
- acpi: EC: Abort address space access upon error (stable-fixes).
- acpi: EC: Avoid returning AE_OK on errors in address space handler (stable-fixes).
- acpi: processor_idle: Fix invalid comparison with insertion sort for latency (git-fixes).
- acpi: resource: Do IRQ override on TongFang GXxHRXx and GMxHGxx (stable-fixes).
- acpi: video: Add backlight=native quirk for Lenovo Slim 7 16ARH7 (stable-fixes).
- acpi: x86: Force StorageD3Enable on more products (stable-fixes).
- acpi: x86: utils: Add Picasso to the list for forcing StorageD3Enable (stable-fixes).
- acpica: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine." (git-fixes).
- alsa: dmaengine_pcm: terminate dmaengine before synchronize (stable-fixes).
- alsa: dmaengine: Synchronize dma channel after drop() (stable-fixes).
- alsa: emux: improve patch ioctl data validation (stable-fixes).
- alsa: Fix deadlocks with kctl removals at disconnection (stable-fixes).
- alsa: hda: conexant: Fix headset auto detect fail in the polling mode (git-fixes).
- alsa: hda: intel-dsp-config: harden I2C/I2S codec detection (stable-fixes).
- alsa: hda/realtek: Add more codec ID to no shutup pins list (stable-fixes).
- alsa: hda/realtek: add quirk for Clevo V5[46]0TU (stable-fixes).
- alsa: hda/realtek: Add quirks for Lenovo 13X (stable-fixes).
- alsa: hda/realtek: Adjust G814JZR to use SPI init for amp (git-fixes).
- alsa: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897 (stable-fixes).
- alsa: hda/realtek: Enable headset mic on IdeaPad 330-17IKB 81DM (git-fixes).
- alsa: hda/realtek: Enable headset mic on Positivo SU C1400 (stable-fixes).
- alsa: hda/realtek: Enable Mute LED on HP 250 G7 (stable-fixes).
- alsa: hda/realtek: Fix conflicting quirk for PCI SSID 17aa:3820 (git-fixes).
- alsa: hda/realtek: fix mute/micmute LEDs do not work for EliteBook 645/665 G11 (stable-fixes).
- alsa: hda/realtek: fix mute/micmute LEDs do not work for ProBook 440/460 G11 (stable-fixes).
- alsa: hda/realtek: fix mute/micmute LEDs do not work for ProBook 445/465 G11 (stable-fixes).
- alsa: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 (stable-fixes).
- alsa: hda/realtek: Limit mic boost on N14AP7 (stable-fixes).
- alsa: hda/realtek: Limit mic boost on VAIO PRO PX (stable-fixes).
- alsa: hda/realtek: Remove Framework Laptop 16 from quirks (git-fixes).
- alsa: hda/relatek: Enable Mute LED on HP Laptop 15-gw0xxx (stable-fixes).
- alsa: pcm_dmaengine: Do not synchronize DMA channel when DMA is paused (git-fixes).
- alsa: timer: Set lower bound of start tick time (stable-fixes).
- alsa: usb-audio: Add a quirk for Sonix HD USB Camera (stable-fixes).
- alsa: usb-audio: Correct surround channels in UAC1 channel map (git-fixes).
- alsa: usb-audio: Fix microphone sound on HD webcam (stable-fixes).
- alsa: usb-audio: Move HD Webcam quirk to the right place (git-fixes).
- alsa/hda: intel-dsp-config: Document AVS as dsp_driver option (git-fixes).
- arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY (git-fixes).
- arm64: dts: allwinner: Pine H64: correctly remove reg_gmac_3v3 (git-fixes)
- arm64: dts: hi3798cv200: fix the size of GICR (git-fixes)
- arm64: dts: imx8qm-mek: fix gpio number for reg_usdhc2_vmmc (git-fixes)
- arm64: dts: microchip: sparx5: fix mdio reg (git-fixes)
- arm64: dts: rockchip: Add enable-strobe-pulldown to emmc phy on ROCK (git-fixes)
- arm64: dts: rockchip: Add sound-dai-cells for RK3368 (git-fixes)
- arm64: dts: rockchip: fix PMIC interrupt pin on ROCK Pi E (git-fixes)
- arm64: mm: Batch dsb and isb when populating pgtables (jsc#PED-8690).
- arm64: mm: do not acquire mutex when rewriting swapper (jsc#PED-8690).
- arm64: mm: Do not remap pgtables for allocate vs populate (jsc#PED-8690).
- arm64: mm: Do not remap pgtables per-cont(pte|pmd) block (jsc#PED-8690).
- arm64: tegra: Correct Tegra132 I2C alias (git-fixes)
- arm64/io: add constant-argument check (bsc#1226502 git-fixes)
- arm64/io: Provide a WC friendly __iowriteXX_copy() (bsc#1226502)
- asoc: amd: acp: add a null check for chip_pdev structure (git-fixes).
- asoc: amd: acp: remove i2s configuration check in acp_i2s_probe() (git-fixes).
- asoc: amd: Adjust error handling in case of absent codec device (git-fixes).
- asoc: da7219-aad: fix usage of device_get_named_child_node() (stable-fixes).
- asoc: fsl-asoc-card: set priv->pdev before using it (git-fixes).
- asoc: max98088: Check for clk_prepare_enable() error (git-fixes).
- asoc: rt5645: Fix the electric noise due to the CBJ contacts floating (stable-fixes).
- asoc: rt715-sdca: volume step modification (stable-fixes).
- asoc: rt715: add vendor clear control register (stable-fixes).
- asoc: ti: davinci-mcasp: Set min period size using FIFO config (stable-fixes).
- asoc: ti: omap-hdmi: Fix too long driver name (stable-fixes).
- ata: ahci: Clean up sysfs file on error (git-fixes).
- ata: libata-core: Fix double free on error (git-fixes).
- ata: libata-core: Fix null pointer dereference on error (git-fixes).
- batman-adv: bypass empty buckets in batadv_purge_orig_ref() (stable-fixes).
- batman-adv: Do not accept TT entries for out-of-spec VIDs (git-fixes).
- blk-cgroup: dropping parent refcount after pd_free_fn() is done (bsc#1224573).
- block, loop: support partitions without scanning (bsc#1227162).
- block: do not add partitions if GD_SUPPRESS_PART_SCAN is set (bsc#1227162).
- bluetooth: ath3k: Fix multiple issues reported by checkpatch.pl (stable-fixes).
- bluetooth: btqca: use le32_to_cpu for ver.soc_id (stable-fixes).
- bluetooth: hci_core: cancel all works upon hci_unregister_dev() (stable-fixes).
- bluetooth: hci_qca: mark OF related data as maybe unused (stable-fixes).
- bluetooth: hci_sync: Fix suspending with wrong filter policy (git-fixes).
- Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_PARAM_UPDATE_REQ (git-fixes).
- bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot (git-fixes).
- bnxt_re: Fix imm_data endianness (git-fixes)
- bpf, sockmap: Check for any of tcp_bpf_prots when cloning a listener (git-fixes).
- bpf: aggressively forget precise markings during state checkpointing (bsc#1225903).
- bpf: allow precision tracking for programs with subprogs (bsc#1225903).
- bpf: check bpf_func_state->callback_depth when pruning states (bsc#1225903).
- bpf: clean up visit_insn()'s instruction processing (bsc#1225903).
- bpf: correct loop detection for iterators convergence (bsc#1225903).
- bpf: encapsulate precision backtracking bookkeeping (bsc#1225903).
- bpf: ensure state checkpointing at iter_next() call sites (bsc#1225903).
- bpf: exact states comparison for iterator convergence checks (bsc#1225903).
- bpf: extract __check_reg_arg() utility function (bsc#1225903).
- bpf: extract same_callsites() as utility function (bsc#1225903).
- bpf: extract setup_func_entry() utility function (bsc#1225903).
- bpf: fix calculation of subseq_idx during precision backtracking (bsc#1225903).
- bpf: fix mark_all_scalars_precise use in mark_chain_precision (bsc#1225903).
- bpf: Fix memory leaks in __check_func_call (bsc#1225903).
- bpf: fix propagate_precision() logic for inner frames (bsc#1225903).
- bpf: fix regs_exact() logic in regsafe() to remap IDs correctly (bsc#1225903).
- bpf: Fix to preserve reg parent/live fields when copying range info (bsc#1225903).
- bpf: generalize MAYBE_NULL vs non-MAYBE_NULL rule (bsc#1225903).
- bpf: improve precision backtrack logging (bsc#1225903).
- bpf: Improve verifier u32 scalar equality checking (bsc#1225903).
- bpf: keep track of max number of bpf_loop callback iterations (bsc#1225903).
- bpf: maintain bitmasks across all active frames in __mark_chain_precision (bsc#1225903).
- bpf: mark relevant stack slots scratched for register read instructions (bsc#1225903).
- bpf: move explored_state() closer to the beginning of verifier.c (bsc#1225903).
- bpf: perform byte-by-byte comparison only when necessary in regsafe() (bsc#1225903).
- bpf: print full verifier states on infinite loop detection (bsc#1225903).
- bpf: regsafe() must not skip check_ids() (bsc#1225903).
- bpf: reject non-exact register type matches in regsafe() (bsc#1225903).
- bpf: Remove unused insn_cnt argument from visit_[func_call_]insn() (bsc#1225903).
- bpf: reorganize struct bpf_reg_state fields (bsc#1225903).
- bpf: Skip invalid kfunc call in backtrack_insn (bsc#1225903).
- bpf: states_equal() must build idmap for all function frames (bsc#1225903).
- bpf: stop setting precise in current state (bsc#1225903).
- bpf: support precision propagation in the presence of subprogs (bsc#1225903).
- bpf: take into account liveness when propagating precision (bsc#1225903).
- bpf: teach refsafe() to take into account ID remapping (bsc#1225903).
- bpf: unconditionally reset backtrack_state masks on global func exit (bsc#1225903).
- bpf: use check_ids() for active_lock comparison (bsc#1225903).
- bpf: Use scalar ids in mark_chain_precision() (bsc#1225903).
- bpf: verify callbacks as if they are called unknown number of times (bsc#1225903).
- bpf: Verify scalar ids mapping in regsafe() using check_ids() (bsc#1225903).
- bpf: widening for callback iterators (bsc#1225903).
- btrfs: add device major-minor info in the struct btrfs_device (bsc#1227162).
- btrfs: avoid copying BTRFS_ROOT_SUBVOL_DEAD flag to snapshot of subvolume being deleted (bsc#1221282).
- btrfs: harden identification of a stale device (bsc#1227162).
- btrfs: match stale devices by dev_t (bsc#1227162).
- btrfs: remove the cross file system checks from remap (bsc#1227157).
- btrfs: use dev_t to match device in device_matched (bsc#1227162).
- btrfs: validate device maj:min during open (bsc#1227162).
- bytcr_rt5640 : inverse jack detect for Archos 101 cesium (stable-fixes).
- cachefiles: add output string to cachefiles_obj_[get|put]_ondemand_fd (git-fixes).
- cachefiles: remove requests from xarray during flushing requests (bsc#1226588).
- can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct (git-fixes).
- can: kvaser_usb: fix return value for hif_usb_send_regout (stable-fixes).
- ceph: add ceph_cap_unlink_work to fire check_caps() immediately (bsc#1226022).
- ceph: always check dir caps asynchronously (bsc#1226022).
- ceph: always queue a writeback when revoking the Fb caps (bsc#1226022).
- ceph: break the check delayed cap loop every 5s (bsc#1226022).
- ceph: fix incorrect kmalloc size of pagevec mempool (bsc#1228418).
- ceph: switch to use cap_delay_lock for the unlink delay list (bsc#1226022).
- cgroup: Add annotation for holding namespace_sem in current_cgns_cgroup_from_root() (bsc#1222254).
- cgroup: Eliminate the need for cgroup_mutex in proc_cgroup_show() (bsc#1222254).
- cgroup: Make operations on the cgroup root_list RCU safe (bsc#1222254).
- cgroup: preserve KABI of cgroup_root (bsc#1222254).
- cgroup: Remove unnecessary list_empty() (bsc#1222254).
- cgroup/cpuset: Prevent UAF in proc_cpuset_show() (bsc#1228801).
- check-for-config-changes: ignore also GCC_ASM_GOTO_OUTPUT_BROKEN .
- checkpatch: really skip LONG_LINE_* when LONG_LINE is ignored (git-fixes).
- cifs: fix hang in wait_for_response() (bsc#1220812, bsc#1220368).
- cpufreq: amd-pstate: Fix the inconsistency in max frequency units (git-fixes).
- crypto: aead,cipher - zeroize key buffer after use (stable-fixes).
- crypto: ecdh - explicitly zeroize private_key (stable-fixes).
- crypto: ecdsa - Fix the public key format description (git-fixes).
- crypto: ecrdsa - Fix module auto-load on add_key (stable-fixes).
- crypto: hisilicon/sec - Fix memory leak for sec resource release (stable-fixes).
- csky: ftrace: Drop duplicate implementation of arch_check_ftrace_location() (git-fixes).
- decompress_bunzip2: fix rare decompression failure (git-fixes).
- devres: Fix devm_krealloc() wasting memory (git-fixes).
- devres: Fix memory leakage caused by driver API devm_free_percpu() (git-fixes).
- dma: fix call order in dmam_free_coherent (git-fixes).
- dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (git-fixes).
- dmaengine: ioatdma: Fix missing kmem_cache_destroy() (git-fixes).
- docs: crypto: async-tx-api: fix broken code example (git-fixes).
- docs: Fix formatting of literal sections in fanotify docs (stable-fixes).
- drivers: core: synchronize really_probe() and dev_uevent() (git-fixes).
- drm: panel-orientation-quirks: Add quirk for Valve Galileo (stable-fixes).
- drm/amd: Fix shutdown (again) on some SMU v13.0.4/11 platforms (git-fixes).
- drm/amd/amdgpu: Fix style errors in amdgpu_drv.c & amdgpu_device.c (stable-fixes).
- drm/amd/display: Account for cursor prefetch BW in DML1 mode support (stable-fixes).
- drm/amd/display: Add dtbclk access to dcn315 (stable-fixes).
- drm/amd/display: Add VCO speed parameter for DCN31 FPU (stable-fixes).
- drm/amd/display: Check for NULL pointer (stable-fixes).
- drm/amd/display: Check index msg_id before read or write (stable-fixes).
- drm/amd/display: Check pipe offset before setting vblank (stable-fixes).
- drm/amd/display: drop unnecessary NULL checks in debugfs (stable-fixes).
- drm/amd/display: Exit idle optimizations before HDCP execution (stable-fixes).
- drm/amd/display: revert Exit idle optimizations before HDCP execution (stable-fixes).
- drm/amd/display: Set color_mgmt_changed to true on unsuspend (stable-fixes).
- drm/amd/display: Skip finding free audio for unknown engine_id (stable-fixes).
- drm/amd/pm: Fix aldebaran pcie speed reporting (git-fixes).
- drm/amd/pm: remove logically dead code for renoir (git-fixes).
- drm/amdgpu: add error handle to avoid out-of-bounds (stable-fixes).
- drm/amdgpu: avoid using null object of framebuffer (stable-fixes).
- drm/amdgpu: Check if NBIO funcs are NULL in amdgpu_device_baco_exit (git-fixes).
- drm/amdgpu: Fix pci state save during mode-1 reset (git-fixes).
- drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() (git-fixes).
- drm/amdgpu: Fix the ring buffer size for queue VM flush (stable-fixes).
- drm/amdgpu: fix UBSAN warning in kv_dpm.c (stable-fixes).
- drm/amdgpu: fix uninitialized scalar variable warning (stable-fixes).
- drm/amdgpu: Fix uninitialized variable warnings (stable-fixes).
- drm/amdgpu: Initialize timestamp for some legacy SOCs (stable-fixes).
- drm/amdgpu: Remove GC HW IP 9.3.0 from noretry=1 (git-fixes).
- drm/amdgpu: Update BO eviction priorities (stable-fixes).
- drm/amdgpu/atomfirmware: add intergrated info v2.3 table (stable-fixes).
- drm/amdgpu/atomfirmware: fix parsing of vram_info (stable-fixes).
- drm/amdgpu/atomfirmware: silence UBSAN warning (stable-fixes).
- drm/amdgpu/mes: fix use-after-free issue (stable-fixes).
- drm/amdgpu/sdma5.2: Update wptr registers as well as doorbell (stable-fixes).
- drm/amdkfd: Flush the process wq before creating a kfd_process (stable-fixes).
- drm/amdkfd: Rework kfd_locked handling (bsc#1225872)
- drm/bridge/panel: Fix runtime warning on panel bridge release (git-fixes).
- drm/dp_mst: Fix all mstb marked as not probed after suspend/resume (git-fixes).
- drm/etnaviv: do not block scheduler when GPU is still active (stable-fixes).
- drm/etnaviv: fix DMA direction handling for cached RW buffers (git-fixes).
- drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found (git-fixes).
- drm/exynos/vidi: fix memory leak in .get_modes() (stable-fixes).
- drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes (git-fixes).
- drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes (git-fixes).
- drm/i915/dpt: Make DPT object unshrinkable (git-fixes).
- drm/i915/gt: Disarm breadcrumbs if engines are already idle (git-fixes).
- drm/i915/gt: Do not consider preemption during execlists_dequeue for gen8 (git-fixes).
- drm/i915/gt: Fix potential UAF by revoke of fence registers (git-fixes).
- drm/i915/guc: avoid FIELD_PREP warning (git-fixes).
- drm/i915/mso: using joiner is not possible with eDP MSO (git-fixes).
- drm/komeda: check for error-valued pointer (git-fixes).
- drm/lima: add mask irq callback to gp and pp (stable-fixes).
- drm/lima: fix shared irq handling on driver remove (stable-fixes).
- drm/lima: Mark simple_ondemand governor as softdep (git-fixes).
- drm/lima: mask irqs in timeout path before hard reset (stable-fixes).
- drm/mediatek: Add OVL compatible name for MT8195 (git-fixes).
- drm/meson: fix canvas release in bind function (git-fixes).
- drm/mgag200: Bind I2C lifetime to DRM device (git-fixes).
- drm/mgag200: Set DDC timeout in milliseconds (git-fixes).
- drm/mipi-dsi: Fix mipi_dsi_dcs_write_seq() macro definition format (stable-fixes).
- drm/mipi-dsi: Fix theoretical int overflow in mipi_dsi_dcs_write_seq() (git-fixes).
- drm/msm: Enable clamp_to_idle for 7c3 (stable-fixes).
- drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails (git-fixes).
- drm/msm/dp: Avoid a long timeout for AUX transfer if nothing connected (git-fixes).
- drm/msm/dp: Return IRQ_NONE for unhandled interrupts (stable-fixes).
- drm/msm/dpu: drop validity checks for clear_pending_flush() ctl op (git-fixes).
- drm/msm/mdp5: Remove MDP_CAP_SRC_SPLIT from msm8x53_config (git-fixes).
- drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes (git-fixes).
- drm/nouveau: prime: fix refcount underflow (git-fixes).
- drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes (stable-fixes).
- drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes (stable-fixes).
- drm/panel-samsung-atna33xc20: Use ktime_get_boottime for delays (stable-fixes).
- drm/panel: boe-tv101wum-nl6: Check for errors on the NOP in prepare() (git-fixes).
- drm/panel: boe-tv101wum-nl6: If prepare fails, disable GPIO before regulators (git-fixes).
- drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep (stable-fixes).
- drm/panel: simple: Add missing display timing flags for KOE TX26D202VM0BWA (git-fixes).
- drm/panfrost: Mark simple_ondemand governor as softdep (git-fixes).
- drm/qxl: Add check for drm_cvt_mode (git-fixes).
- drm/radeon: check bo_va->bo is non-NULL before using it (stable-fixes).
- drm/radeon: fix UBSAN warning in kv_dpm.c (stable-fixes).
- drm/radeon/radeon_display: Decrease the size of allocated memory (stable-fixes).
- drm/vmwgfx: 3D disabled should not effect STDU memory limits (git-fixes).
- drm/vmwgfx: Filter modes which exceed graphics memory (git-fixes).
- drm/vmwgfx: Fix a deadlock in dma buf fence polling (git-fixes).
- drm/vmwgfx: Fix missing HYPERVISOR_GUEST dependency (stable-fixes).
- drm/vmwgfx: Fix overlay when using Screen Targets (git-fixes).
- eeprom: digsy_mtc: Fix 93xx46 driver probe failure (git-fixes).
- exfat: check if cluster num is valid (git-fixes).
- exfat: simplify is_valid_cluster() (git-fixes).
- filelock: add a new locks_inode_context accessor function (git-fixes).
- firmware: cs_dsp: Fix overflow checking of wmfw header (git-fixes).
- firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers (git-fixes).
- firmware: cs_dsp: Return error if block header overflows file (git-fixes).
- firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files (git-fixes).
- firmware: cs_dsp: Validate payload length before processing block (git-fixes).
- firmware: dmi: Stop decoding on broken entry (stable-fixes).
- firmware: turris-mox-rwtm: Do not complete if there are no waiters (git-fixes).
- firmware: turris-mox-rwtm: Fix checking return value of wait_for_completion_timeout() (git-fixes).
- firmware: turris-mox-rwtm: Initialize completion before mailbox (git-fixes).
- fs: allow cross-vfsmount reflink/dedupe (bsc#1227157).
- ftrace: Fix possible use-after-free issue in ftrace_location() (git-fixes).
- fuse: verify {g,u}id mount options correctly (bsc#1228191).
- gpio: davinci: Validate the obtained number of IRQs (git-fixes).
- gpio: mc33880: Convert comma to semicolon (git-fixes).
- gpio: tqmx86: fix typo in Kconfig label (git-fixes).
- gpio: tqmx86: introduce shadow register for GPIO output value (git-fixes).
- gpiolib: cdev: Disallow reconfiguration without direction (uAPI v1) (git-fixes).
- hfsplus: fix to avoid false alarm of circular locking (git-fixes).
- hfsplus: fix uninit-value in copy_name (git-fixes).
- hid: Add quirk for Logitech Casa touchpad (stable-fixes).
- hid: core: remove unnecessary WARN_ON() in implement() (git-fixes).
- hid: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode() (git-fixes).
- hid: wacom: Modify pen IDs (git-fixes).
- hpet: Support 32-bit userspace (git-fixes).
- hwmon: (adt7475) Fix default duty on fan is disabled (git-fixes).
- hwmon: (max6697) Fix swapped temp{1,8} critical alarms (git-fixes).
- hwmon: (max6697) Fix underflow when writing limit attributes (git-fixes).
- hwmon: (shtc1) Fix property misspelling (git-fixes).
- i2c: at91: Fix the functionality flags of the slave-only interface (git-fixes).
- i2c: designware: Fix the functionality flags of the slave-only interface (git-fixes).
- i2c: mark HostNotify target address as used (git-fixes).
- i2c: ocores: set IACK bit after core is enabled (git-fixes).
- i2c: rcar: bring hardware to known state when probing (git-fixes).
- i2c: tegra: Fix failure during probe deferral cleanup (git-fixes)
- i2c: tegra: Share same DMA channel for RX and TX (bsc#1227661)
- i2c: testunit: avoid re-issued work after read message (git-fixes).
- i2c: testunit: correct Kconfig description (git-fixes).
- i2c: testunit: discard write requests while old command is running (git-fixes).
- i2c: testunit: do not erase registers after STOP (git-fixes).
- iio: accel: fxls8962af: select IIO_BUFFER & IIO_KFIFO_BUF (git-fixes).
- iio: adc: ad7266: Fix variable checking bug (git-fixes).
- iio: adc: ad9467: fix scan type sign (git-fixes).
- iio: chemical: bme680: Fix calibration data variable (git-fixes).
- iio: chemical: bme680: Fix overflows in compensate() functions (git-fixes).
- iio: chemical: bme680: Fix pressure value output (git-fixes).
- iio: chemical: bme680: Fix sensor data read operation (git-fixes).
- iio: dac: ad5592r: fix temperature channel scaling value (git-fixes).
- iio: imu: inv_icm42600: delete unneeded update watermark call (git-fixes).
- input: elan_i2c - do not leave interrupt disabled on suspend failure (git-fixes).
- input: elantech - fix touchpad state on resume for Lenovo N24 (stable-fixes).
- input: ff-core - prefer struct_size over open coded arithmetic (stable-fixes).
- Input: ili210x - fix ili251x_read_touch_data() return value (git-fixes).
- input: qt1050 - handle CHIP_ID reading error (git-fixes).
- input: silead - Always support 10 fingers (stable-fixes).
- intel_th: pci: Add Granite Rapids SOC support (stable-fixes).
- intel_th: pci: Add Granite Rapids support (stable-fixes).
- intel_th: pci: Add Lunar Lake support (stable-fixes).
- intel_th: pci: Add Meteor Lake-S CPU support (stable-fixes).
- intel_th: pci: Add Meteor Lake-S support (stable-fixes).
- intel_th: pci: Add Sapphire Rapids SOC support (stable-fixes).
- iommu: mtk: fix module autoloading (git-fixes).
- iommu: Return right value in iommu_sva_bind_device() (git-fixes).
- iommu/amd: Fix sysfs leak in iommu init (git-fixes).
- iommu/arm-smmu-v3: Free MSIs in case of ENOMEM (git-fixes).
- ionic: clean interrupt before enabling queue to avoid credit race (git-fixes).
- ipvs: Fix checksumming on GSO of SCTP packets (bsc#1221958)
- jffs2: Fix potential illegal address access in jffs2_free_inode (git-fixes).
- jfs: Fix array-index-out-of-bounds in diFree (git-fixes).
- jfs: xattr: fix buffer overflow for invalid xattr (bsc#1227383).
- kabi: bpf: bpf_reg_state reorganization kABI workaround (bsc#1225903).
- kabi: bpf: callback fixes kABI workaround (bsc#1225903).
- kabi: bpf: struct bpf_{idmap,idset} kABI workaround (bsc#1225903).
- kabi: bpf: tmp_str_buf kABI workaround (bsc#1225903).
- kabi: rtas: Workaround false positive due to lost definition (bsc#1227487).
- kabi: Use __iowriteXX_copy_inlined for in-kernel modules (bsc#1226502)
- kabi/severities: ignore kABI for FireWire sound local symbols (bsc#1208783)
- kabi/severities: Ignore tpm_tis_core_init (bsc#1082555).
- kabi/severity: add nvme common code The nvme common code is also allowed to change the data structures, there are only internal users.
- kbuild: do not include include/config/auto.conf from shell scripts (bsc#1227274).
- kbuild: Install dtb files as 0644 in Makefile.dtbinst (git-fixes).
- kconfig: doc: fix a typo in the note about 'imply' (git-fixes).
- kconfig: fix comparison to constant symbols, 'm', 'n' (git-fixes).
- kernel-binary: vdso: Own module_dir
- kernel-doc: fix struct_group_tagged() parsing (git-fixes).
- kernel/sched: Remove dl_boosted flag comment (git fixes (sched)).
- knfsd: LOOKUP can return an illegal error value (git-fixes).
- kobject_uevent: Fix OOB access within zap_modalias_env() (git-fixes).
- kprobes: Make arch_check_ftrace_location static (git-fixes).
- kvm: nVMX: Clear EXIT_QUALIFICATION when injecting an EPT Misconfig (git-fixes).
- kvm: PPC: Book3S HV Nested: L2 LPCR should inherit L1 LPES setting (bsc#1194869).
- kvm: PPC: Book3S HV: Fix "rm_exit" entry in debugfs timings (bsc#1194869).
- kvm: PPC: Book3S HV: Fix the set_one_reg for MMCR3 (bsc#1194869).
- kvm: PPC: Book3S HV: remove extraneous asterisk from rm_host_ipi_action() comment (bsc#1194869).
- kvm: PPC: Book3S: Suppress failed alloc warning in H_COPY_TOFROM_GUEST (bsc#1194869).
- kvm: PPC: Book3S: Suppress warnings when allocating too big memory slots (bsc#1194869).
- kvm: s390: fix LPSWEY handling (bsc#1227635 git-fixes).
- kvm: SVM: Process ICR on AVIC IPI delivery failure due to invalid target (git-fixes).
- kvm: VMX: Report up-to-date exit qualification to userspace (git-fixes).
- kvm: x86: Add IBPB_BRTYPE support (bsc#1228079).
- kvm: x86: Always sync PIR to IRR prior to scanning I/O APIC routes (git-fixes).
- kvm: x86: Bail from kvm_recalculate_phys_map() if x2APIC ID is out-of-bounds (git-fixes).
- kvm: x86: Disable APIC logical map if logical ID covers multiple MDAs (git-fixes).
- kvm: x86: Disable APIC logical map if vCPUs are aliased in logical mode (git-fixes).
- kvm: x86: Do not advertise guest.MAXPHYADDR as host.MAXPHYADDR in CPUID (git-fixes).
- kvm: x86: Explicitly skip optimized logical map setup if vCPU's LDR==0 (git-fixes).
- kvm: x86: Explicitly track all possibilities for APIC map's logical modes (git-fixes).
- kvm: x86: Fix broken debugregs ABI for 32 bit kernels (git-fixes).
- kvm: x86: Fix KVM_GET_MSRS stack info leak (git-fixes).
- kvm: x86: Honor architectural behavior for aliased 8-bit APIC IDs (git-fixes).
- kvm: x86: Purge "highest ISR" cache when updating APICv state (git-fixes).
- kvm: x86: Save/restore all NMIs when multiple NMIs are pending (git-fixes).
- kvm: x86: Skip redundant x2APIC logical mode optimized cluster setup (git-fixes).
- leds: ss4200: Convert PCIBIOS_* return codes to errnos (git-fixes).
- leds: trigger: Unregister sysfs attributes before calling deactivate() (git-fixes).
- leds: triggers: Flush pending brightness before activating trigger (git-fixes).
- lib: memcpy_kunit: Fix an invalid format specifier in an assertion msg (git-fixes).
- lib: objagg: Fix general protection fault (git-fixes).
- lib: objagg: Fix spelling (git-fixes).
- lib: test_objagg: Fix spelling (git-fixes).
- libceph: fix race between delayed_work() and ceph_monc_stop() (bsc#1228190).
- lockd: set missing fl_flags field when retrieving args (git-fixes).
- lockd: use locks_inode_context helper (git-fixes).
- Make AMD_HSMP=m and mark it unsupported in supported.conf (jsc#PED-8582)
- media: dvb-frontends: tda10048: Fix integer overflow (stable-fixes).
- media: dvb-frontends: tda18271c2dd: Remove casting during div (stable-fixes).
- media: dvb-usb: dib0700_devices: Add missing release_firmware() (stable-fixes).
- media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control() (git-fixes).
- media: dvb: as102-fe: Fix as10x_register_addr packing (stable-fixes).
- media: dvbdev: Initialize sbuf (stable-fixes).
- media: dw2102: Do not translate i2c read into write (stable-fixes).
- media: dw2102: fix a potential buffer overflow (git-fixes).
- media: flexcop-usb: clean up endpoint sanity checks (stable-fixes).
- media: flexcop-usb: fix sanity check of bNumEndpoints (git-fixes).
- media: imon: Fix race getting ictx->lock (git-fixes).
- media: ipu3-cio2: Use temporary storage for struct device pointer (stable-fixes).
- media: lgdt3306a: Add a check against null-pointer-def (stable-fixes).
- media: mxl5xx: Move xpt structures off stack (stable-fixes).
- media: radio-shark2: Avoid led_names truncations (git-fixes).
- media: s2255: Use refcount_t instead of atomic_t for num_channels (stable-fixes).
- media: uvcvideo: Fix integer overflow calculating timestamp (git-fixes).
- media: uvcvideo: Override default flags (git-fixes).
- media: v4l2-core: hold videodev_lock until dev reg, finishes (stable-fixes).
- media: venus: fix use after free in vdec_close (git-fixes).
- media: venus: flush all buffers in output plane streamoff (git-fixes).
- mei: demote client disconnect warning on suspend to debug (stable-fixes).
- mei: me: release irq in mei_me_pci_resume error path (git-fixes).
- mfd: omap-usb-tll: Use struct_size to allocate tll (git-fixes).
- mkspec-dtb: add toplevel symlinks also on arm
- mmc: core: Add mmc_gpiod_set_cd_config() function (stable-fixes).
- mmc: core: Do not force a retune before RPMB switch (stable-fixes).
- mmc: sdhci_am654: Add ITAPDLYSEL in sdhci_j721e_4bit_set_clock (git-fixes).
- mmc: sdhci_am654: Add OTAP/ITAP delay enable (git-fixes).
- mmc: sdhci_am654: Drop lookup for deprecated ti,otap-del-sel (stable-fixes).
- mmc: sdhci_am654: Fix ITAPDLY for HS400 timing (git-fixes).
- mmc: sdhci-acpi: Disable write protect detection on Toshiba WT10-A (stable-fixes).
- mmc: sdhci-acpi: Fix Lenovo Yoga Tablet 2 Pro 1380 sdcard slot not working (stable-fixes).
- mmc: sdhci-acpi: Sort DMI quirks alphabetically (stable-fixes).
- mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos (git-fixes).
- mmc: sdhci: Do not invert write-protect twice (git-fixes).
- mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro() (git-fixes).
- mtd: partitions: redboot: Added conversion of operands to a larger type (stable-fixes).
- mtd: rawnand: Bypass a couple of sanity checks during NAND identification (git-fixes).
- mtd: rawnand: Ensure ECC configuration is propagated to upper layers (git-fixes).
- mtd: rawnand: rockchip: ensure NVDDR timings are rejected (git-fixes).
- net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new (git-fixes).
- net: can: j1939: Initialize unused data in j1939_send_one() (git-fixes).
- net: can: j1939: recover socket queue on CAN bus error during BAM transmission (git-fixes).
- net: ena: Fix redundant device NUMA node override (jsc#PED-8690).
- net: mana: Enable MANA driver on ARM64 with 4K page size (jsc#PED-8491).
- net: mana: Fix possible double free in error handling path (git-fixes).
- net: mana: Fix the extra HZ in mana_hwc_send_request (git-fixes).
- net: phy: Micrel KSZ8061: fix errata solution not taking effect problem (git-fixes).
- net: phy: micrel: add Microchip KSZ 9477 to the device table (git-fixes).
- net: usb: ax88179_178a: improve link status logs (git-fixes).
- net: usb: ax88179_178a: improve reset check (git-fixes).
- net: usb: qmi_wwan: add Telit FN912 compositions (git-fixes).
- net: usb: qmi_wwan: add Telit FN920C04 compositions (stable-fixes).
- net: usb: rtl8150 fix unintiatilzed variables in rtl8150_get_link_ksettings (git-fixes).
- net: usb: smsc95xx: fix changing LED_SEL bit value updated from EEPROM (git-fixes).
- net: usb: sr9700: fix uninitialized variable use in sr_mdio_read (git-fixes).
- net/dcb: check for detached device before executing callbacks (bsc#1215587).
- net/mlx5e: Fix a race in command alloc flow (git-fixes).
- netfilter: conntrack: ignore overly delayed tcp packets (bsc#1223180).
- netfilter: conntrack: prepare tcp_in_window for ternary return value (bsc#1223180).
- netfilter: conntrack: remove pr_debug callsites from tcp tracker (bsc#1223180).
- netfilter: conntrack: work around exceeded receive window (bsc#1223180).
- netfs, fscache: export fscache_put_volume() and add fscache_try_get_volume() (bsc#1228459 bsc#1228462).
- nfc/nci: Add the inconsistency check between the input data length and count (stable-fixes).
- nfs: abort nfs_atomic_open_v23 if name is too long (bsc#1219847).
- nfs: add atomic_open for NFSv3 to handle O_TRUNC correctly (bsc#1219847).
- nfs: avoid infinite loop in pnfs_update_layout (bsc#1219633 bsc#1226226).
- nfs: Fix READ_PLUS when server does not support OP_READ_PLUS (git-fixes).
- nfs: fix undefined behavior in nfs_block_bits() (git-fixes).
- nfs: keep server info for remounts (git-fixes).
- nfs: Leave pages in the pagecache if readpage failed (git-fixes).
- nfsd enforce filehandle check for source file in COPY (git-fixes).
- nfsd: Add an nfsd_file_fsync tracepoint (git-fixes).
- nfsd: Add an NFSD_FILE_GC flag to enable nfsd_file garbage collection (git-fixes).
- nfsd: Add errno mapping for EREMOTEIO (git-fixes).
- nfsd: Add nfsd_file_lru_dispose_list() helper (git-fixes).
- nfsd: add some comments to nfsd_file_do_acquire (git-fixes).
- nfsd: allow nfsd_file_get to sanely handle a NULL pointer (git-fixes).
- nfsd: allow reaping files still under writeback (git-fixes).
- nfsd: Avoid calling fh_drop_write() twice in do_nfsd_create() (git-fixes).
- nfsd: Clean up nfsd_file_put() (git-fixes).
- nfsd: Clean up nfsd_open_verified() (git-fixes).
- nfsd: Clean up nfsd3_proc_create() (git-fixes).
- nfsd: Clean up unused code after rhashtable conversion (git-fixes).
- nfsd: Convert filecache to rhltable (git-fixes).
- nfsd: Convert the filecache to use rhashtable (git-fixes).
- nfsd: De-duplicate hash bucket indexing (git-fixes).
- nfsd: do not free files unconditionally in __nfsd_file_cache_purge (git-fixes).
- nfsd: do not fsync nfsd_files on last close (git-fixes).
- nfsd: do not hand out delegation on setuid files being opened for write (git-fixes).
- nfsd: do not kill nfsd_files because of lease break error (git-fixes).
- nfsd: Do not leave work of closing files to a work queue (bsc#1228140).
- nfsd: do not take/put an extra reference when putting a file (git-fixes).
- nfsd: Ensure nf_inode is never dereferenced (git-fixes).
- nfsd: fix handling of cached open files in nfsd4_open codepath (git-fixes).
- nfsd: Fix licensing header in filecache.c (git-fixes).
- nfsd: fix net-namespace logic in __nfsd_file_cache_purge (git-fixes).
- nfsd: fix nfsd_file_unhash_and_dispose (git-fixes).
- nfsd: Fix potential use-after-free in nfsd_file_put() (git-fixes).
- nfsd: Fix problem of COMMIT and NFS4ERR_DELAY in infinite loop (git-fixes).
- nfsd: Fix the filecache LRU shrinker (git-fixes).
- nfsd: fix up the filecache laundrette scheduling (git-fixes).
- nfsd: fix use-after-free in nfsd_file_do_acquire tracepoint (git-fixes).
- nfsd: Flesh out a documenting comment for filecache.c (git-fixes).
- nfsd: handle errors better in write_ports_addfd() (git-fixes).
- nfsd: Instantiate a struct file when creating a regular NFSv4 file (git-fixes).
- nfsd: Leave open files out of the filecache LRU (git-fixes).
- nfsd: map EBADF (git-fixes).
- nfsd: Move nfsd_file_trace_alloc() tracepoint (git-fixes).
- nfsd: nfsd_file_hash_remove can compute hashval (git-fixes).
- nfsd: NFSD_FILE_KEY_INODE only needs to find GC'ed entries (git-fixes).
- nfsd: nfsd_file_put() can sleep (git-fixes).
- nfsd: nfsd_file_unhash can compute hashval from nf->nf_inode (git-fixes).
- nfsd: No longer record nf_hashval in the trace log (git-fixes).
- nfsd: optimise recalculate_deny_mode() for a common case (bsc#1217912).
- nfsd: Pass the target nfsd_file to nfsd_commit() (git-fixes).
- nfsd: put the export reference in nfsd4_verify_deleg_dentry (git-fixes).
- nfsd: Record number of flush calls (git-fixes).
- nfsd: Refactor __nfsd_file_close_inode() (git-fixes).
- nfsd: Refactor nfsd_create_setattr() (git-fixes).
- nfsd: Refactor nfsd_file_gc() (git-fixes).
- nfsd: Refactor nfsd_file_lru_scan() (git-fixes).
- nfsd: Refactor NFSv3 CREATE (git-fixes).
- nfsd: Refactor NFSv4 OPEN(CREATE) (git-fixes).
- nfsd: Remove do_nfsd_create() (git-fixes).
- nfsd: Remove lockdep assertion from unhash_and_release_locked() (git-fixes).
- nfsd: Remove nfsd_file::nf_hashval (git-fixes).
- nfsd: remove the pages_flushed statistic from filecache (git-fixes).
- nfsd: reorganize filecache.c (git-fixes).
- nfsd: Replace the "init once" mechanism (git-fixes).
- nfsd: Report average age of filecache items (git-fixes).
- nfsd: Report count of calls to nfsd_file_acquire() (git-fixes).
- nfsd: Report count of freed filecache items (git-fixes).
- nfsd: Report filecache LRU size (git-fixes).
- nfsd: Report the number of items evicted by the LRU walk (git-fixes).
- nfsd: Retry once in nfsd_open on an -EOPENSTALE return (git-fixes).
- nfsd: rework hashtable handling in nfsd_do_file_acquire (git-fixes).
- nfsd: rework refcounting in filecache (git-fixes).
- nfsd: Separate tracepoints for acquire and create (git-fixes).
- nfsd: Set up an rhashtable for the filecache (git-fixes).
- nfsd: silence extraneous printk on nfsd.ko insertion (git-fixes).
- nfsd: simplify per-net file cache management (git-fixes).
- nfsd: simplify test_bit return in NFSD_FILE_KEY_FULL comparator (git-fixes).
- nfsd: simplify the delayed disposal list code (git-fixes).
- nfsd: Trace filecache LRU activity (git-fixes).
- nfsd: Trace filecache opens (git-fixes).
- nfsd: update comment over __nfsd_file_cache_purge (git-fixes).
- nfsd: verify the opened dentry after setting a delegation (git-fixes).
- nfsd: WARN when freeing an item still linked via nf_lru (git-fixes).
- nfsd: Write verifier might go backwards (git-fixes).
- nfsd: Zero counters when the filecache is re-initialized (git-fixes).
- nfsv4: by default serialize open/close operations (bsc#1223863 bsc#1227362)
- nfsv4: Fixup smatch warning for ambiguous return (git-fixes).
- nilfs2: add missing check for inode numbers on directory entries (git-fixes).
- nilfs2: add missing check for inode numbers on directory entries (stable-fixes).
- nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro (git-fixes).
- nilfs2: convert persistent object allocator to use kmap_local (git-fixes).
- nilfs2: fix incorrect inode allocation from reserved inodes (git-fixes).
- nilfs2: fix inode number range checks (git-fixes).
- nilfs2: fix inode number range checks (stable-fixes).
- nilfs2: fix potential hang in nilfs_detach_log_writer() (stable-fixes).
- nvme-auth: alloc nvme_dhchap_key as single buffer (git-fixes).
- nvme-auth: allow mixing of secret and hash lengths (git-fixes).
- nvme-auth: use transformed key size to create resp (git-fixes).
- nvme-multipath: find NUMA path only for online numa-node (git-fixes).
- nvme-pci: add missing condition check for existence of mapped data (git-fixes).
- nvme-pci: Fix the instructions for disabling power management (git-fixes).
- nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset (git-fixes).
- nvme: avoid double free special payload (git-fixes).
- nvme: ensure reset state check ordering (bsc#1215492).
- nvme: find numa distance only if controller has valid numa id (git-fixes).
- nvme: fixup comment for nvme RDMA Provider Type (git-fixes).
- nvme: use ctrl state accessor (bsc#1215492).
- nvmet-auth: fix nvmet_auth hash error handling (git-fixes).
- nvmet-passthru: propagate status from id override functions (git-fixes).
- nvmet: always initialize cqe.result (git-fixes).
- nvmet: fix a possible leak when destroy a ctrl during qp establishment (git-fixes).
- ocfs2: adjust enabling place for la window (bsc#1219224).
- ocfs2: fix DIO failure due to insufficient transaction credits (bsc#1216834).
- ocfs2: fix sparse warnings (bsc#1219224).
- ocfs2: improve write IO performance when fragmentation is high (bsc#1219224).
- ocfs2: remove redundant assignment to variable free_space (bsc#1228409).
- ocfs2: speed up chain-list searching (bsc#1219224).
- ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() (bsc#1228410).
- orangefs: fix out-of-bounds fsid access (git-fixes).
- pci: Add PCI_ERROR_RESPONSE and related definitions (stable-fixes).
- pci: Clear Secondary Status errors after enumeration (bsc#1226928)
- pci: Extend ACS configurability (bsc#1228090).
- pci: Fix resource double counting on remove & rescan (git-fixes).
- pci: hv: Return zero, not garbage, when reading PCI_INTERRUPT_PIN (git-fixes).
- pci: Introduce cleanup helpers for device reference counts and locks (git-fixes).
- pci: Introduce cleanup helpers for device reference counts and locks (stable-fixes).
- pci: keystone: Do not enable BAR 0 for AM654x (git-fixes).
- pci: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs() (git-fixes).
- pci: keystone: Relocate ks_pcie_set/clear_dbi_mode() (git-fixes).
- pci: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio (git-fixes).
- pci: tegra194: Set EP alignment restriction for inbound ATU (git-fixes).
- pci/aspm: Update save_state when configuration changes (bsc#1226915)
- pci/dpc: Fix use-after-free on concurrent DPC and hot-removal (git-fixes).
- pci/pm: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports (git-fixes).
- pci/pm: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports (stable-fixes).
- pinctrl: core: fix possible memory leak when pinctrl_enable() fails (git-fixes).
- pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER (git-fixes).
- pinctrl: freescale: mxs: Fix refcount of child (git-fixes).
- pinctrl: qcom: spmi-gpio: drop broken pm8008 support (git-fixes).
- pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins (git-fixes).
- pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins (git-fixes).
- pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set (git-fixes).
- pinctrl: rockchip: update rk3308 iomux routes (git-fixes).
- pinctrl: rockchip: use dedicated pinctrl type for RK3328 (git-fixes).
- pinctrl: single: fix possible memory leak when pinctrl_enable() fails (git-fixes).
- pinctrl: ti: ti-iodelay: fix possible memory leak when pinctrl_enable() fails (git-fixes).
- platform/chrome: cros_ec_debugfs: fix wrong EC message version (git-fixes).
- platform/chrome: cros_ec_proto: Lock device when updating MKBP version (git-fixes).
- platform/x86: dell-smbios-base: Use sysfs_emit() (stable-fixes).
- platform/x86: dell-smbios: Fix wrong token data in sysfs (git-fixes).
- platform/x86: lg-laptop: Change ACPI device id (stable-fixes).
- platform/x86: lg-laptop: Remove LGEX0815 hotkey handling (stable-fixes).
- platform/x86: touchscreen_dmi: Add info for GlobalSpace SolT IVW 11.6" tablet (stable-fixes).
- platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro (stable-fixes).
- platform/x86: wireless-hotkey: Add support for LG Airplane Button (stable-fixes).
- power: supply: cros_usbpd: provide ID table for avoiding fallback match (stable-fixes).
- powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap() (bsc#1194869).
- powerpc/cpuidle: Set CPUIDLE_FLAG_POLLING for snooze state (bsc#1227121 ltc#207129).
- powerpc/kasan: Disable address sanitization in kexec paths (bsc#1194869).
- powerpc/pseries: Fix scv instruction crash with kexec (bsc#1194869).
- powerpc/rtas: clean up includes (bsc#1227487).
- powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() (bsc#1227487).
- pwm: stm32: Always do lazy disabling (git-fixes).
- random: treat bootloader trust toggle the same way as cpu trust toggle (bsc#1226953).
- ras/amd/atl: Fix MI300 bank hash (bsc#1225300).
- ras/amd/atl: Use system settings for MI300 DRAM to normalized address translation (bsc#1225300).
- rdma/cache: Release GID table even if leak is detected (git-fixes)
- rdma/device: Return error earlier if port in not valid (git-fixes)
- rdma/hns: Check atomic wr length (git-fixes)
- rdma/hns: Fix incorrect sge nums calculation (git-fixes)
- rdma/hns: Fix insufficient extend DB for VFs. (git-fixes)
- rdma/hns: Fix mbx timing out before CMD execution is completed (git-fixes)
- rdma/hns: Fix missing pagesize and alignment check in FRMR (git-fixes)
- rdma/hns: Fix shift-out-bounds when max_inline_data is 0 (git-fixes)
- rdma/hns: Fix soft lockup under heavy CEQE load (git-fixes)
- rdma/hns: Fix undifined behavior caused by invalid max_sge (git-fixes)
- rdma/hns: Fix unmatch exception handling when init eq table fails (git-fixes)
- rdma/irdma: Drop unused kernel push code (git-fixes)
- rdma/iwcm: Fix a use-after-free related to destroying CM IDs (git-fixes)
- rdma/mana_ib: Ignore optional access flags for MRs (git-fixes).
- rdma/mlx4: Fix truncated output warning in alias_GUID.c (git-fixes)
- rdma/mlx4: Fix truncated output warning in mad.c (git-fixes)
- rdma/mlx5: Add check for srq max_sge attribute (git-fixes)
- rdma/mlx5: Set mkeys for dmabuf at PAGE_SIZE (git-fixes)
- rdma/restrack: Fix potential invalid address access (git-fixes)
- rdma/rxe: Do not set BTH_ACK_MASK for UC or UD QPs (git-fixes)
- regmap-i2c: Subtract reg size from max_write (stable-fixes).
- regulator: bd71815: fix ramp values (git-fixes).
- regulator: core: Fix modpost error "regulator_get_regmap" undefined (git-fixes).
- regulator: irq_helpers: duplicate IRQ name (stable-fixes).
- regulator: vqmmc-ipq4019: fix module autoloading (stable-fixes).
- Revert "Add remote for nfs maintainer"
- Revert "ALSA: firewire-lib: obsolete workqueue for period update" (bsc#1208783).
- Revert "ALSA: firewire-lib: operate for period elapse event in process context" (bsc#1208783).
- Revert "build initrd without systemd" (bsc#1195775)".
- Revert "leds: led-core: Fix refcount leak in of_led_get()" (git-fixes).
- Revert "usb: musb: da8xx: Set phy in OTG mode by default" (stable-fixes).
- rpcrdma: fix handling for RDMA_CM_EVENT_DEVICE_REMOVAL (git-fixes).
- rpm/guards: fix precedence issue with control flow operator
- rpm/kernel-obs-build.spec.in: Add iso9660 (bsc#1226212)
- rpm/kernel-obs-build.spec.in: Add networking modules for docker (bsc#1226211)
- rpm/kernel-obs-build.spec.in: Include algif_hash, aegis128 and xts modules afgif_hash is needed by some packages (e.g. iwd) for tests, xts is used for LUKS2 volumes by default and aegis128 is useful as AEAD cipher for LUKS2.
- rpm/mkspec-dtb: dtbs have moved to vendor sub-directories in 6.5
- rtc: cmos: Fix return value of nvmem callbacks (git-fixes).
- rtc: interface: Add RTC offset to alarm after fix-up (git-fixes).
- rtc: isl1208: Fix return value of nvmem callbacks (git-fixes).
- rtlwifi: rtl8192de: Style clean-ups (stable-fixes).
- s390: Implement __iowrite32_copy() (bsc#1226502)
- s390: Stop using weak symbols for __iowrite64_copy() (bsc#1226502)
- saa7134: Unchecked i2c_transfer function result fixed (git-fixes).
- sched: Fix stop_one_cpu_nowait() vs hotplug (git fixes (sched)).
- sched/core: Fix incorrect initialization of the 'burst' parameter in cpu_max_write() (bsc#1226791).
- sched/fair: Do not balance task to its current running CPU (git fixes (sched)).
- scsi: lpfc: Allow DEVICE_RECOVERY mode after RSCN receipt if in PRLI_ISSUE state (bsc#1228857).
- scsi: lpfc: Cancel ELS WQE instead of issuing abort when SLI port is inactive (bsc#1228857).
- scsi: lpfc: Fix handling of fully recovered fabric node in dev_loss callbk (bsc#1228857).
- scsi: lpfc: Fix incorrect request len mbox field when setting trunking via sysfs (bsc#1228857).
- scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info (bsc#1228857).
- scsi: lpfc: Relax PRLI issue conditions after GID_FT response (bsc#1228857).
- scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages (bsc#1228857).
- scsi: lpfc: Update lpfc version to 14.4.0.3 (bsc#1228857).
- scsi: qla2xxx: Avoid possible run-time warning with long model_num (bsc#1228850).
- scsi: qla2xxx: Complete command early within lock (bsc#1228850).
- scsi: qla2xxx: Convert comma to semicolon (bsc#1228850).
- scsi: qla2xxx: Drop driver owner assignment (bsc#1228850).
- scsi: qla2xxx: During vport delete send async logout explicitly (bsc#1228850).
- scsi: qla2xxx: Fix debugfs output for fw_resource_count (bsc#1228850).
- scsi: qla2xxx: Fix flash read failure (bsc#1228850).
- scsi: qla2xxx: Fix for possible memory corruption (bsc#1228850).
- scsi: qla2xxx: Fix optrom version displayed in FDMI (bsc#1228850).
- scsi: qla2xxx: Indent help text (bsc#1228850).
- scsi: qla2xxx: Reduce fabric scan duplicate code (bsc#1228850).
- scsi: qla2xxx: Remove unused struct 'scsi_dif_tuple' (bsc#1228850).
- scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for ELS cmds (bsc#1228850).
- scsi: qla2xxx: Unable to act on RSCN for port online (bsc#1228850).
- scsi: qla2xxx: Update version to 10.02.09.300-k (bsc#1228850).
- scsi: qla2xxx: Use QP lock to search for bsg (bsc#1228850).
- scsi: qla2xxx: validate nvme_local_port correctly (bsc#1228850).
- scsi: sd: Update DIX config every time sd_revalidate_disk() is called (bsc#1218570).
- selftests/bpf: __imm_insn & __imm_const macro for bpf_misc.h (bsc#1225903).
- selftests/bpf: Add a selftest for checking subreg equality (bsc#1225903).
- selftests/bpf: add pre bpf_prog_test_run_opts() callback for test_loader (bsc#1225903).
- selftests/bpf: add precision propagation tests in the presence of subprogs (bsc#1225903).
- selftests/bpf: Add pruning test case for bpf_spin_lock (bsc#1225903).
- selftests/bpf: Check if mark_chain_precision() follows scalar ids (bsc#1225903).
- selftests/bpf: check if max number of bpf_loop iterations is tracked (bsc#1225903).
- selftests/bpf: fix __retval() being always ignored (bsc#1225903).
- selftests/bpf: fix unpriv_disabled check in test_verifier (bsc#1225903).
- selftests/bpf: make test_align selftest more robust (bsc#1225903).
- selftests/bpf: populate map_array_ro map for verifier_array_access test (bsc#1225903).
- selftests/bpf: prog_tests entry point for migrated test_verifier tests (bsc#1225903).
- selftests/bpf: Report program name on parse_test_spec error (bsc#1225903).
- selftests/bpf: Support custom per-test flags and multiple expected messages (bsc#1225903).
- selftests/bpf: test case for callback_depth states pruning logic (bsc#1225903).
- selftests/bpf: test case for relaxed prunning of active_lock.id (bsc#1225903).
- selftests/bpf: test cases for regsafe() bug skipping check_id() (bsc#1225903).
- selftests/bpf: test widening for iterating callbacks (bsc#1225903).
- selftests/bpf: Tests execution support for test_loader.c (bsc#1225903).
- selftests/bpf: tests for iterating callbacks (bsc#1225903).
- selftests/bpf: track string payload offset as scalar in strobemeta (bsc#1225903).
- selftests/bpf: Unprivileged tests for test_loader.c (bsc#1225903).
- selftests/bpf: Verify copy_register_state() preserves parent/live fields (bsc#1225903).
- selftests/bpf: verify states_equal() maintains idmap across all frames (bsc#1225903).
- selftests/bpf: Verify that check_ids() is used for scalars in regsafe() (bsc#1225903).
- selftests/sigaltstack: Fix ppc64 GCC build (git-fixes).
- smb: client: ensure to try all targets when finding nested links (bsc#1224020).
- smb: client: guarantee refcounted children from parent session (bsc#1224679.
- soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message (stable-fixes).
- soundwire: cadence: fix invalid PDI offset (stable-fixes).
- spi: imx: Do not expect DMA for i.MX{25,35,50,51,53} cspi devices (stable-fixes).
- spi: mux: set ctlr->bits_per_word_mask (stable-fixes).
- spi: stm32: Do not warn about spurious interrupts (git-fixes).
- string.h: Introduce memtostr() and memtostr_pad() (bsc#1228850).
- sunrpc: avoid soft lockup when transmitting UDP to reachable server (bsc#1225272).
- sunrpc: Fix gss_free_in_token_pages() (git-fixes).
- sunrpc: Fix loop termination condition in gss_free_in_token_pages() (git-fixes).
- sunrpc: fix NFSACL RPC retry on soft mount (git-fixes).
- sunrpc: return proper error from gss_wrap_req_priv (git-fixes).
- supported.conf: Add APM X-Gene SoC hardware monitoring driver (bsc#1223265 jsc#PED-8570)
- supported.conf: mark orangefs as optional We do not support orangefs at all (and it is already marked as such), but since there are no SLE consumers of it, mark it as optional.
- supported.conf: mark ufs as unsupported UFS is an unsupported filesystem, mark it as such. We still keep it around (not marking as optional), to accommodate any potential migrations from BSD systems.
- tpm_tis: Resend command to recover from data transfer errors (bsc#1082555).
- tpm_tis: Use tpm_chip_{start,stop} decoration inside tpm_tis_resume (bsc#1082555).
- tpm, tpm_tis: Avoid cache incoherency in test for interrupts (bsc#1082555).
- tpm, tpm_tis: Claim locality before writing interrupt registers (bsc#1082555).
- tpm, tpm_tis: Claim locality in interrupt handler (bsc#1082555).
- tpm, tpm_tis: Claim locality when interrupts are reenabled on resume (bsc#1082555).
- tpm, tpm_tis: correct tpm_tis_flags enumeration values (bsc#1082555).
- tpm, tpm_tis: Do not skip reset of original interrupt vector (bsc#1082555).
- tpm, tpm_tis: Only handle supported interrupts (bsc#1082555).
- tpm, tpm: Implement usage counter for locality (bsc#1082555).
- tpm: Allow system suspend to continue when TPM suspend fails (bsc#1082555).
- tpm: Prevent hwrng from activating during resume (bsc#1082555).
- tracing: Build event generation tests only as modules (git-fixes).
- tracing/net_sched: NULL pointer dereference in perf_trace_qdisc_reset() (git-fixes).
- tracing/osnoise: Add OSNOISE_WORKLOAD option (bsc#1228330)
- tracing/osnoise: Add osnoise/options file (bsc#1228330)
- tracing/osnoise: Do not follow tracing_cpumask (bsc#1228330)
- tracing/osnoise: Fix notify new tracing_max_latency (bsc#1228330)
- tracing/osnoise: Make osnoise_instances static (bsc#1228330)
- tracing/osnoise: Split workload start from the tracer start (bsc#1228330)
- tracing/osnoise: Support a list of trace_array *tr (bsc#1228330)
- tracing/osnoise: Use built-in RCU list checking (bsc#1228330)
- tracing/timerlat: Notify new max thread latency (bsc#1228330)
- tty: mcf: MCF54418 has 10 UARTS (git-fixes).
- usb-storage: alauda: Check whether the media is initialized (git-fixes).
- usb: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k (stable-fixes).
- usb: atm: cxacru: fix endpoint checking in cxacru_bind() (git-fixes).
- usb: cdns3: allocate TX FIFO size according to composite EP number (git-fixes).
- usb: cdns3: fix incorrect calculation of ep_buf_size when more than one config (git-fixes).
- usb: cdns3: fix iso transfer error when mult is not zero (git-fixes).
- usb: cdns3: improve handling of unaligned address case (git-fixes).
- usb: cdns3: optimize OUT transfer by copying only actual received data (git-fixes).
- usb: cdns3: skip set TRB_IOC when usb_request: no_interrupt is true (git-fixes).
- usb: class: cdc-wdm: Fix CPU lockup caused by excessive log messages (git-fixes).
- usb: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor (git-fixes).
- usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlock (git-fixes).
- usb: dwc3: gadget: Do not delay End Transfer on delayed_status (git-fixes).
- usb: dwc3: gadget: Force sending delayed status during soft disconnect (git-fixes).
- usb: dwc3: gadget: Synchronize IRQ between soft connect/disconnect (git-fixes).
- usb: fotg210-hcd: delete an incorrect bounds test (git-fixes).
- usb: gadget: call usb_gadget_check_config() to verify UDC capability (git-fixes).
- usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() (stable-fixes).
- usb: gadget: printer: fix races against disable (git-fixes).
- usb: gadget: printer: SS+ support (stable-fixes).
- usb: misc: uss720: check for incompatible versions of the Belkin F5U002 (stable-fixes).
- usb: musb: da8xx: fix a resource leak in probe() (git-fixes).
- usb: serial: mos7840: fix crash on resume (git-fixes).
- usb: serial: option: add Fibocom FM350-GL (stable-fixes).
- usb: serial: option: add Netprisma LCUK54 series modules (stable-fixes).
- usb: serial: option: add Rolling RW350-GL variants (stable-fixes).
- usb: serial: option: add support for Foxconn T99W651 (stable-fixes).
- usb: serial: option: add Telit FN912 rmnet compositions (stable-fixes).
- usb: serial: option: add Telit generic core-dump composition (stable-fixes).
- usb: typec: tcpm: clear pd_event queue in PORT_RESET (git-fixes).
- usb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps (git-fixes).
- usb: typec: tcpm: Ignore received Hard Reset in TOGGLING state (git-fixes).
- usb: typec: ucsi: Ack also failed Get Error commands (git-fixes).
- usb: typec: ucsi: Never send a lone connector change ack (git-fixes).
- usb: xen-hcd: Traverse host/ when CONFIG_USB_XEN_HCD is selected (git-fixes).
- usb: xhci-plat: Do not include xhci.h (git-fixes).
- usb: xhci-plat: fix legacy PHY double init (git-fixes).
- usb: xhci: address off-by-one in xhci_num_trbs_free() (git-fixes).
- usb: xhci: Implement xhci_handshake_check_state() helper (git-fixes).
- usb: xhci: improve debug message in xhci_ring_expansion_needed() (git-fixes).
- watchdog: bd9576_wdt: switch to using devm_fwnode_gpiod_get() (stable-fixes).
- watchdog: bd9576: Drop "always-running" property (git-fixes).
- wifi: ath11k: fix wrong handling of CCMP256 and GCMP ciphers (git-fixes).
- wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device (git-fixes).
- wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt class (stable-fixes).
- wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he() (git-fixes).
- wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() (git-fixes).
- wifi: cfg80211: Lock wiphy in cfg80211_get_station (git-fixes).
- wifi: cfg80211: pmsr: use correct nla_get_uX functions (git-fixes).
- wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values (git-fixes).
- wifi: cfg80211: wext: add extra SIOCSIWSCAN data check (stable-fixes).
- wifi: iwlwifi: dbg_ini: move iwl_dbg_tlv_free outside of debugfs ifdef (git-fixes).
- wifi: iwlwifi: mvm: check n_ssids before accessing the ssids (git-fixes).
- wifi: iwlwifi: mvm: d3: fix WoWLAN command version lookup (stable-fixes).
- wifi: iwlwifi: mvm: do not read past the mfuart notifcation (git-fixes).
- wifi: iwlwifi: mvm: Handle BIGTK cipher in kek_kck cmd (stable-fixes).
- wifi: iwlwifi: mvm: properly set 6 GHz channel direct probe option (stable-fixes).
- wifi: iwlwifi: mvm: revert gen2 TX A-MPDU size to 64 (git-fixes).
- wifi: mac80211: correctly parse Spatial Reuse Parameter Set element (git-fixes).
- wifi: mac80211: disable softirqs for queued frame handling (git-fixes).
- wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() (git-fixes).
- wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan() (stable-fixes).
- wifi: mac80211: handle tasklet frames before stopping (stable-fixes).
- wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects (git-fixes).
- wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata (stable-fixes).
- wifi: mt76: replace skb_put with skb_put_zero (stable-fixes).
- wifi: mwifiex: Fix interface type change (git-fixes).
- wifi: rtl8xxxu: Fix the TX power of RTL8192CU, RTL8723AU (stable-fixes).
- wifi: rtlwifi: rtl8192de: Fix endianness issue in RX path (stable-fixes).
- wifi: rtlwifi: rtl8192de: Fix low speed with WPA3-SAE (stable-fixes).
- wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter() (git-fixes).
- wifi: wilc1000: fix ies_len type in connect path (git-fixes).
- workqueue: Improve scalability of workqueue watchdog touch (bsc#1193454).
- workqueue: wq_watchdog_touch is always called with valid CPU (bsc#1193454).
- x.509: Fix the parser of extended key usage for length (bsc#1218820).
- x86: Stop using weak symbols for __iowrite32_copy() (bsc#1226502)
- x86/amd_nb: Use Family 19h Models 60h-7Fh Function 4 IDs (git-fixes).
- x86/apic: Force native_apic_mem_read() to use the MOV instruction (git-fixes).
- x86/bhi: Avoid warning in #DB handler due to BHI mitigation (git-fixes).
- x86/bugs: Remove default case for fully switched enums (bsc#1227900).
- x86/fpu: Fix AMD X86_BUG_FXSAVE_LEAK fixup (git-fixes).
- x86/ibt,ftrace: Search for __fentry__ location (git-fixes).
- x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6 (git-fixes).
- x86/mce: Dynamically size space for machine check records (bsc#1222241).
- x86/mm: Allow guest.enc_status_change_prepare() to fail (git-fixes).
- x86/mm: Fix enc_status_change_finish_noop() (git-fixes).
- x86/purgatory: Switch to the position-independent small code model (git-fixes).
- x86/srso: Move retbleed IBPB check into existing 'has_microcode' code block (bsc#1227900).
- x86/srso: Remove 'pred_cmd' label (bsc#1227900).
- x86/tdx: Fix race between set_memory_encrypted() and load_unaligned_zeropad() (git-fixes).
- x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (bsc#1222015 bsc#1226962).
- xfs: Add cond_resched to block unmap range and reflink remap path (bsc#1228226).
- xfs: make sure sb_fdblocks is non-negative (bsc#1225419).
- xhci: Apply broken streams quirk to Etron EJ188 xHCI host (stable-fixes).
- xhci: Apply reset resume quirk to Etron EJ188 xHCI host (stable-fixes).
- xhci: Fix failure to detect ring expansion need (git-fixes).
- xhci: fix matching completion events with TDs (git-fixes).
- xhci: Fix transfer ring expansion size calculation (git-fixes).
- xhci: Handle TD clearing for multiple streams case (git-fixes).
- xhci: remove unused stream_id parameter from xhci_handle_halted_endpoint() (git-fixes).
- xhci: restre deleted trb fields for tracing (git-fixes).
- xhci: retry Stop Endpoint on buggy NEC controllers (git-fixes).
- xhci: Set correct transferred length for cancelled bulk transfers (stable-fixes).
- xhci: Simplify event ring dequeue pointer update for port change events (git-fixes).
- xhci: simplify event ring dequeue tracking for transfer events (git-fixes).
- xhci: Stop unnecessary tracking of free trbs in a ring (git-fixes).
- xhci: update event ring dequeue pointer position to controller correctly (git-fixes).
kernel-default-5.14.21-150500.55.73.1.nosrc.rpm
True
kernel-default-5.14.21-150500.55.73.1.x86_64.rpm
True
kernel-default-base-5.14.21-150500.55.73.1.150500.6.33.8.src.rpm
True
kernel-default-base-5.14.21-150500.55.73.1.150500.6.33.8.x86_64.rpm
True
kernel-default-5.14.21-150500.55.73.1.s390x.rpm
True
kernel-default-5.14.21-150500.55.73.1.aarch64.rpm
True
kernel-default-base-5.14.21-150500.55.73.1.150500.6.33.8.aarch64.rpm
True
openSUSE-Leap-Micro-5.5-2024-2325
Recommended update for xfsprogs
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for xfsprogs fixes the following issue:
- xfs_copy: don't use cached buffer reads until after libxfs_mount
(bsc#1227150)
xfsprogs-5.13.0-150400.3.10.2.src.rpm
xfsprogs-5.13.0-150400.3.10.2.x86_64.rpm
xfsprogs-5.13.0-150400.3.10.2.s390x.rpm
xfsprogs-5.13.0-150400.3.10.2.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-2486
Recommended update for libssh2_org
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update rebuilds libssh2_org against openssl 1.1.1, enabling ed25519 support. (bsc#1227490)
libssh2-1-1.11.0-150200.9.2.1.x86_64.rpm
libssh2_org-1.11.0-150200.9.2.1.src.rpm
libssh2-1-1.11.0-150200.9.2.1.s390x.rpm
libssh2-1-1.11.0-150200.9.2.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-2696
Recommended update for dracut
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for dracut fixes the following issues:
- Version update:
* feat(crypt): force the inclusion of crypttab entries with x-initrd.attach (bsc#1226529)
* fix(mdraid): try to assemble the missing raid device (bsc#1226412)
* fix(dracut-install): continue parsing if ldd prints "cannot be preloaded" (bsc#1208690)
dracut-055+suse.388.g70c21afa-150500.3.21.2.src.rpm
dracut-055+suse.388.g70c21afa-150500.3.21.2.x86_64.rpm
dracut-fips-055+suse.388.g70c21afa-150500.3.21.2.x86_64.rpm
dracut-055+suse.388.g70c21afa-150500.3.21.2.s390x.rpm
dracut-fips-055+suse.388.g70c21afa-150500.3.21.2.s390x.rpm
dracut-055+suse.388.g70c21afa-150500.3.21.2.aarch64.rpm
dracut-fips-055+suse.388.g70c21afa-150500.3.21.2.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-2394
Security update for the Linux Kernel
important
SUSE Updates openSUSE-Leap-Micro 5.5
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-47089: kfence: fix memory leak when cat kfence objects (bsc#1220958.
- CVE-2021-47432: lib/generic-radix-tree.c: Do not overflow in peek() (bsc#1225391).
- CVE-2021-47515: seg6: fix the iif in the IPv6 socket control block (bsc#1225426).
- CVE-2021-47538: rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer() (bsc#1225448).
- CVE-2021-47539: rxrpc: Fix rxrpc_peer leak in rxrpc_look_up_bundle() (bsc#1225452).
- CVE-2021-47555: net: vlan: fix underflow for the real_dev refcnt (bsc#1225467).
- CVE-2021-47566: Fix clearing user buffer by properly using clear_user() (bsc#1225514).
- CVE-2021-47571: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (bsc#1225518).
- CVE-2021-47572: net: nexthop: fix null pointer dereference when IPv6 is not enabled (bsc#1225389).
- CVE-2022-48716: ASoC: codecs: wcd938x: fix incorrect used of portid (bsc#1226678).
- CVE-2023-24023: Bluetooth: Add more enc key size check (bsc#1218148).
- CVE-2023-52622: ext4: avoid online resizing failures due to oversized flex bg (bsc#1222080).
- CVE-2023-52658: Revert "net/mlx5: Block entering switchdev mode with ns inconsistency" (bsc#1224719).
- CVE-2023-52667: net/mlx5e: fix a potential double-free in fs_any_create_groups (bsc#1224603).
- CVE-2023-52670: rpmsg: virtio: Free driver_override when rpmsg_remove() (bsc#1224696).
- CVE-2023-52672: pipe: wakeup wr_wait after setting max_usage (bsc#1224614).
- CVE-2023-52675: powerpc/imc-pmu: Add a null pointer check in update_events_in_group() (bsc#1224504).
- CVE-2023-52735: bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself (bsc#1225475).
- CVE-2023-52737: btrfs: lock the inode in shared mode before starting fiemap (bsc#1225484).
- CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487).
- CVE-2023-52784: bonding: stop the device in bond_setup_by_slave() (bsc#1224946).
- CVE-2023-52787: blk-mq: make sure active queue usage is held for bio_integrity_prep() (bsc#1225105).
- CVE-2023-52835: perf/core: Bail out early if the request AUX area is out of bound (bsc#1225602).
- CVE-2023-52837: nbd: fix uaf in nbd_open (bsc#1224935).
- CVE-2023-52843: llc: verify mac len before reading mac header (bsc#1224951).
- CVE-2023-52845: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING (bsc#1225585).
- CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225098).
- CVE-2023-52869: pstore/platform: Add check for kstrdup (bsc#1225050).
- CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611).
- CVE-2023-52882: clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change (bsc#1225692).
- CVE-2024-26625: Call sock_orphan() at release time (bsc#1221086)
- CVE-2024-26644: btrfs: do not abort filesystem when attempting to snapshot deleted subvolume (bsc#1221282, bsc#1222072).
- CVE-2024-26720: mm: Avoid overflows in dirty throttling logic (bsc#1222364).
- CVE-2024-26845: scsi: target: core: Add TMF to tmr_list handling (bsc#1223018).
- CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223384).
- CVE-2024-26973: fat: fix uninitialized field in nostale filehandles (bsc#1223641).
- CVE-2024-27432: net: ethernet: mtk_eth_soc: fix PPE hanging issue (bsc#1224716).
- CVE-2024-35247: fpga: region: add owner module and take its refcount (bsc#1226948).
- CVE-2024-35789: Check fast rx for non-4addr sta VLAN changes (bsc#1224749).
- CVE-2024-35790: usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group (bsc#1224712).
- CVE-2024-35807: ext4: fix corruption during on-line resize (bsc#1224735).
- CVE-2024-35835: net/mlx5e: fix a double-free in arfs_create_groups (bsc#1224605).
- CVE-2024-35848: eeprom: at24: fix memory corruption race condition (bsc#1224612).
- CVE-2024-35857: icmp: prevent possible NULL dereferences from icmp_build_probe() (bsc#1224619).
- CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1224766).
- CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764).
- CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765).
- CVE-2024-35869: smb: client: guarantee refcounted children from parent session (bsc#1224679).
- CVE-2024-35884: udp: do not accept non-tunnel GSO skbs landing in a tunnel (bsc#1224520).
- CVE-2024-35886: ipv6: Fix infinite recursion in fib6_dump_done() (bsc#1224670).
- CVE-2024-35898: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (bsc#1224498).
- CVE-2024-35900: netfilter: nf_tables: reject new basechain after table flag update (bsc#1224497).
- CVE-2024-35925: block: prevent division by zero in blk_rq_stat_sum() (bsc#1224661).
- CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1224703).
- CVE-2024-35956: Fixed qgroup prealloc rsv leak in subvolume operations (bsc#1224674)
- CVE-2024-35958: net: ena: Fix incorrect descriptor free behavior (bsc#1224677).
- CVE-2024-35960: net/mlx5: Properly link new fs rules into the tree (bsc#1224588).
- CVE-2024-35997: Remove I2C_HID_READ_PENDING flag to prevent lock-up (bsc#1224552).
- CVE-2024-36005: netfilter: nf_tables: honor table dormant flag from netdev release event path (bsc#1224539).
- CVE-2024-36008: ipv4: check for NULL idev in ip_route_use_hint() (bsc#1224540).
- CVE-2024-36017: rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation (bsc#1225681).
- CVE-2024-36020: i40e: fix vf may be used uninitialized in this function warning (bsc#1225698).
- CVE-2024-36021: net: hns3: fix kernel crash when devlink reload during pf initialization (bsc#1225699).
- CVE-2024-36478: null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues' (bsc#1226841).
- CVE-2024-36479: fpga: bridge: add owner module and take its refcount (bsc#1226949).
- CVE-2024-36890: mm/slab: make __free(kfree) accept error pointers (bsc#1225714).
- CVE-2024-36894: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (bsc#1225749).
- CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225737).
- CVE-2024-36900: net: hns3: fix kernel crash when devlink reload during initialization (bsc#1225726).
- CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225732).
- CVE-2024-36915: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies (bsc#1225758).
- CVE-2024-36916: blk-iocost: avoid out of bounds shift (bsc#1225759).
- CVE-2024-36917: block: fix overflow in blk_ioctl_discard() (bsc#1225770).
- CVE-2024-36919: scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload (bsc#1225767).
- CVE-2024-36934: bna: ensure the copied buf is NUL terminated (bsc#1225760).
- CVE-2024-36937: xdp: use flags field to disambiguate broadcast redirect (bsc#1225834).
- CVE-2024-36940: pinctrl: core: delete incorrect free in pinctrl_enable() (bsc#1225840).
- CVE-2024-36945: net/smc: fix neighbour and rtable leak in smc_ib_find_route() (bsc#1225823).
- CVE-2024-36949: amd/amdkfd: sync all devices to wait all processes being evicted (bsc#1225872)
- CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1225866).
- CVE-2024-36971: net: fix __dst_negative_advice() race (bsc#1226145).
- CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (bsc#1226514).
- CVE-2024-37021: fpga: manager: add owner module and take its refcount (bsc#1226950).
- CVE-2024-37078: nilfs2: fix potential kernel bug due to lack of writeback flag waiting (bsc#1227066).
- CVE-2024-37354: btrfs: fix crash on racing fsync and size-extending write into prealloc (bsc#1227101).
- CVE-2024-38541: of: module: add buffer overflow check in of_modalias() (bsc#1226587).
- CVE-2024-38545: RDMA/hns: Fix UAF for cq async event (bsc#1226595).
- CVE-2024-38553: net: fec: remove .ndo_poll_controller to avoid deadlock (bsc#1226744).
- CVE-2024-38555: net/mlx5: Discard command completions in internal error (bsc#1226607).
- CVE-2024-38556: net/mlx5: Add a timeout to acquire the command queue semaphore (bsc#1226774).
- CVE-2024-38557: net/mlx5: Reload only IB representors upon lag disable/enable (bsc#1226781).
- CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226785).
- CVE-2024-38560: scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786).
- CVE-2024-38564: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE (bsc#1226789).
- CVE-2024-38568: drivers/perf: hisi: hns3: Fix out-of-bound access when valid event group (bsc#1226771).
- CVE-2024-38578: ecryptfs: Fix buffer size for tag 66 packet (bsc#1226634).
- CVE-2024-38580: epoll: be better about file lifetimes (bsc#1226610).
- CVE-2024-38594: net: stmmac: move the EST lock to struct stmmac_priv (bsc#1226734).
- CVE-2024-38597: eth: sungem: remove .ndo_poll_controller to avoid deadlocks (bsc#1226749).
- CVE-2024-38603: drivers/perf: hisi: hns3: Actually use devm_add_action_or_reset() (bsc#1226842).
- CVE-2024-38608: net/mlx5e: Fix netif state handling (bsc#1226746).
- CVE-2024-38627: stm class: Fix a double free in stm_register_device() (bsc#1226857).
- CVE-2024-38659: enic: Validate length of nl attributes in enic_set_vf_port (bsc#1226883).
- CVE-2024-38661: s390/ap: Fix crash in AP internal function modify_bitmap() (bsc#1226996).
- CVE-2024-38780: dma-buf/sw-sync: do not enable IRQ from sync_print_obj() (bsc#1226886).
- CVE-2024-39301: net/9p: fix uninit-value in p9_client_rpc() (bsc#1226994).
- CVE-2024-39468: smb: client: fix deadlock in smb2_find_smb_tcon() (bsc#1227103.
- CVE-2024-39469: nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors (bsc#1226992).
The following non-security bugs were fixed:
- ACPI: resource: Do IRQ override on TongFang GXxHRXx and GMxHGxx (stable-fixes).
- ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine." (git-fixes).
- ALSA/hda: intel-dsp-config: Document AVS as dsp_driver option (git-fixes).
- ALSA: Fix deadlocks with kctl removals at disconnection (stable-fixes).
- ALSA: hda/realtek: Add quirks for Lenovo 13X (stable-fixes).
- ALSA: hda/realtek: Adjust G814JZR to use SPI init for amp (git-fixes).
- ALSA: hda/realtek: Enable headset mic on IdeaPad 330-17IKB 81DM (git-fixes).
- ALSA: hda/realtek: Fix conflicting quirk for PCI SSID 17aa:3820 (git-fixes).
- ALSA: hda/realtek: Limit mic boost on N14AP7 (stable-fixes).
- ALSA: hda/realtek: Remove Framework Laptop 16 from quirks (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs do not work for ProBook 440/460 G11 (stable-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs do not work for ProBook 445/465 G11 (stable-fixes).
- ALSA: hda: intel-dsp-config: harden I2C/I2S codec detection (stable-fixes).
- ALSA: timer: Set lower bound of start tick time (stable-fixes).
- ASoC: amd: acp: add a null check for chip_pdev structure (git-fixes).
- ASoC: amd: acp: remove i2s configuration check in acp_i2s_probe() (git-fixes).
- ASoC: da7219-aad: fix usage of device_get_named_child_node() (stable-fixes).
- ASoC: fsl-asoc-card: set priv->pdev before using it (git-fixes).
- ASoC: rt5645: Fix the electric noise due to the CBJ contacts floating (stable-fixes).
- ASoC: rt715-sdca: volume step modification (stable-fixes).
- ASoC: rt715: add vendor clear control register (stable-fixes).
- Add remote for nfs maintainer
- Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_PARAM_UPDATE_REQ (git-fixes).
- Fix new build warnings regarding unused variables: Changed build warnings: ***** 2 warnings ***** * unused-variable (cl) in ../fs/ceph/mds_client.c in ceph_queue_cap_unlink_work ../fs/ceph/mds_client.c: In function 'ceph_queue_cap_unlink_work': ../fs/ceph/mds_client.c:2421:22: warning: unused variable 'cl' [-Wunused-variable] * unused-variable (cl) in ../fs/ceph/mds_client.c in ceph_cap_unlink_work ../fs/ceph/mds_client.c: In function 'ceph_cap_unlink_work': ../fs/ceph/mds_client.c:2436:22: warning: unused variable 'cl' [-Wunused-variable]
- HID: core: remove unnecessary WARN_ON() in implement() (git-fixes).
- HID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode() (git-fixes).
- Input: ili210x - fix ili251x_read_touch_data() return value (git-fixes).
- NFS: abort nfs_atomic_open_v23 if name is too long (bsc#1219847).
- NFS: add atomic_open for NFSv3 to handle O_TRUNC correctly (bsc#1219847).
- NFS: avoid infinite loop in pnfs_update_layout (bsc#1219633 bsc#1226226).
- PCI/ASPM: Update save_state when configuration changes (bsc#1226915)
- PCI: Clear Secondary Status errors after enumeration (bsc#1226928)
- RAS/AMD/ATL: Fix MI300 bank hash (bsc#1225300).
- RAS/AMD/ATL: Use system settings for MI300 DRAM to normalized address translation (bsc#1225300).
- RDMA/hns: Fix incorrect sge nums calculation (git-fixes)
- RDMA/irdma: Drop unused kernel push code (git-fixes)
- RDMA/mlx5: Add check for srq max_sge attribute (git-fixes)
- Revert "Add remote for nfs maintainer"
- Revert "build initrd without systemd" (bsc#1195775)"
- USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages (git-fixes).
- USB: xen-hcd: Traverse host/ when CONFIG_USB_XEN_HCD is selected (git-fixes).
- X.509: Fix the parser of extended key usage for length (bsc#1218820).
- arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY (git-fixes).
- arm64: mm: Batch dsb and isb when populating pgtables (jsc#PED-8690).
- arm64: mm: Do not remap pgtables for allocate vs populate (jsc#PED-8690).
- arm64: mm: Do not remap pgtables per-cont(pte|pmd) block (jsc#PED-8690).
- arm64: mm: do not acquire mutex when rewriting swapper (jsc#PED-8690).
- ata: ahci: Clean up sysfs file on error (git-fixes).
- ata: libata-core: Fix double free on error (git-fixes).
- ata: libata-core: Fix null pointer dereference on error (git-fixes).
- batman-adv: Do not accept TT entries for out-of-spec VIDs (git-fixes).
- bpf, sockmap: Check for any of tcp_bpf_prots when cloning a listener (git-fixes).
- btrfs: avoid copying BTRFS_ROOT_SUBVOL_DEAD flag to snapshot of subvolume being deleted (bsc#1221282).
- cachefiles: remove requests from xarray during flushing requests (bsc#1226588).
- ceph: add ceph_cap_unlink_work to fire check_caps() immediately (bsc#1226022).
- ceph: always check dir caps asynchronously (bsc#1226022).
- ceph: always queue a writeback when revoking the Fb caps (bsc#1226022).
- ceph: break the check delayed cap loop every 5s (bsc#1226022).
- ceph: switch to use cap_delay_lock for the unlink delay list (bsc#1226022).
- cgroup: Add annotation for holding namespace_sem in current_cgns_cgroup_from_root() (bsc#1222254).
- cgroup: Eliminate the need for cgroup_mutex in proc_cgroup_show() (bsc#1222254).
- cgroup: Make operations on the cgroup root_list RCU safe (bsc#1222254).
- cgroup: Remove unnecessary list_empty() (bsc#1222254).
- cgroup: preserve KABI of cgroup_root (bsc#1222254).
- cifs: fix hang in wait_for_response() (bsc#1220812, bsc#1220368).
- cpufreq: amd-pstate: Fix the inconsistency in max frequency units (git-fixes).
- crypto: ecrdsa - Fix module auto-load on add_key (stable-fixes).
- dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (git-fixes).
- dmaengine: ioatdma: Fix missing kmem_cache_destroy() (git-fixes).
- drivers: core: synchronize really_probe() and dev_uevent() (git-fixes).
- drm/amd/display: Add VCO speed parameter for DCN31 FPU (stable-fixes).
- drm/amd/display: Add dtbclk access to dcn315 (stable-fixes).
- drm/amd/display: Exit idle optimizations before HDCP execution (stable-fixes).
- drm/amd/display: Set color_mgmt_changed to true on unsuspend (stable-fixes).
- drm/amd/display: drop unnecessary NULL checks in debugfs (stable-fixes).
- drm/amd/display: revert Exit idle optimizations before HDCP execution (stable-fixes).
- drm/amd: Fix shutdown (again) on some SMU v13.0.4/11 platforms (git-fixes).
- drm/amdgpu/atomfirmware: add intergrated info v2.3 table (stable-fixes).
- drm/amdgpu/mes: fix use-after-free issue (stable-fixes).
- drm/amdgpu: Fix the ring buffer size for queue VM flush (stable-fixes).
- drm/amdgpu: Update BO eviction priorities (stable-fixes).
- drm/amdgpu: add error handle to avoid out-of-bounds (stable-fixes).
- drm/amdgpu: fix UBSAN warning in kv_dpm.c (stable-fixes).
- drm/amdkfd: Flush the process wq before creating a kfd_process (stable-fixes).
- drm/amdkfd: Rework kfd_locked handling (bsc#1225872)
- drm/bridge/panel: Fix runtime warning on panel bridge release (git-fixes).
- drm/exynos/vidi: fix memory leak in .get_modes() (stable-fixes).
- drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found (git-fixes).
- drm/i915/dpt: Make DPT object unshrinkable (git-fixes).
- drm/i915/gt: Disarm breadcrumbs if engines are already idle (git-fixes).
- drm/i915/gt: Fix potential UAF by revoke of fence registers (git-fixes).
- drm/i915/guc: avoid FIELD_PREP warning (git-fixes).
- drm/i915/mso: using joiner is not possible with eDP MSO (git-fixes).
- drm/komeda: check for error-valued pointer (git-fixes).
- drm/lima: add mask irq callback to gp and pp (stable-fixes).
- drm/lima: mask irqs in timeout path before hard reset (stable-fixes).
- drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails (git-fixes).
- drm/msm/dp: Avoid a long timeout for AUX transfer if nothing connected (git-fixes).
- drm/msm/dp: Return IRQ_NONE for unhandled interrupts (stable-fixes).
- drm/msm: Enable clamp_to_idle for 7c3 (stable-fixes).
- drm/panel-samsung-atna33xc20: Use ktime_get_boottime for delays (stable-fixes).
- drm/panel: simple: Add missing display timing flags for KOE TX26D202VM0BWA (git-fixes).
- drm/radeon: fix UBSAN warning in kv_dpm.c (stable-fixes).
- drm/vmwgfx: 3D disabled should not effect STDU memory limits (git-fixes).
- drm/vmwgfx: Filter modes which exceed graphics memory (git-fixes).
- gpio: davinci: Validate the obtained number of IRQs (git-fixes).
- gpio: tqmx86: fix typo in Kconfig label (git-fixes).
- gpio: tqmx86: introduce shadow register for GPIO output value (git-fixes).
- gpiolib: cdev: Disallow reconfiguration without direction (uAPI v1) (git-fixes).
- hwmon: (shtc1) Fix property misspelling (git-fixes).
- i2c: at91: Fix the functionality flags of the slave-only interface (git-fixes).
- i2c: designware: Fix the functionality flags of the slave-only interface (git-fixes).
- i2c: ocores: set IACK bit after core is enabled (git-fixes).
- i2c: testunit: discard write requests while old command is running (git-fixes).
- i2c: testunit: do not erase registers after STOP (git-fixes).
- iio: accel: fxls8962af: select IIO_BUFFER & IIO_KFIFO_BUF (git-fixes).
- iio: adc: ad7266: Fix variable checking bug (git-fixes).
- iio: adc: ad9467: fix scan type sign (git-fixes).
- iio: chemical: bme680: Fix calibration data variable (git-fixes).
- iio: chemical: bme680: Fix overflows in compensate() functions (git-fixes).
- iio: chemical: bme680: Fix pressure value output (git-fixes).
- iio: chemical: bme680: Fix sensor data read operation (git-fixes).
- iio: dac: ad5592r: fix temperature channel scaling value (git-fixes).
- iio: imu: inv_icm42600: delete unneeded update watermark call (git-fixes).
- intel_th: pci: Add Meteor Lake-S CPU support (stable-fixes).
- iommu/amd: Fix sysfs leak in iommu init (git-fixes).
- iommu: Return right value in iommu_sva_bind_device() (git-fixes).
- iommu: mtk: fix module autoloading (git-fixes).
- ipvs: Fix checksumming on GSO of SCTP packets (bsc#1221958)
- kbuild: Install dtb files as 0644 in Makefile.dtbinst (git-fixes).
- kbuild: do not include include/config/auto.conf from shell scripts (bsc#1227274).
- kconfig: doc: fix a typo in the note about 'imply' (git-fixes).
- kconfig: fix comparison to constant symbols, 'm', 'n' (git-fixes).
- kernel-doc: fix struct_group_tagged() parsing (git-fixes).
- lib: memcpy_kunit: Fix an invalid format specifier in an assertion msg (git-fixes).
- media: flexcop-usb: clean up endpoint sanity checks (stable-fixes).
- media: flexcop-usb: fix sanity check of bNumEndpoints (git-fixes).
- media: ipu3-cio2: Use temporary storage for struct device pointer (stable-fixes).
- media: lgdt3306a: Add a check against null-pointer-def (stable-fixes).
- media: mxl5xx: Move xpt structures off stack (stable-fixes).
- media: radio-shark2: Avoid led_names truncations (git-fixes).
- media: v4l2-core: hold videodev_lock until dev reg, finishes (stable-fixes).
- mei: me: release irq in mei_me_pci_resume error path (git-fixes).
- mkspec-dtb: add toplevel symlinks also on arm
- mmc: core: Add mmc_gpiod_set_cd_config() function (stable-fixes).
- mmc: core: Do not force a retune before RPMB switch (stable-fixes).
- mmc: sdhci-acpi: Disable write protect detection on Toshiba WT10-A (stable-fixes).
- mmc: sdhci-acpi: Fix Lenovo Yoga Tablet 2 Pro 1380 sdcard slot not working (stable-fixes).
- mmc: sdhci-acpi: Sort DMI quirks alphabetically (stable-fixes).
- mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos (git-fixes).
- mmc: sdhci: Do not invert write-protect twice (git-fixes).
- mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro() (git-fixes).
- mmc: sdhci_am654: Add ITAPDLYSEL in sdhci_j721e_4bit_set_clock (git-fixes).
- mmc: sdhci_am654: Add OTAP/ITAP delay enable (git-fixes).
- mmc: sdhci_am654: Drop lookup for deprecated ti,otap-del-sel (stable-fixes).
- mmc: sdhci_am654: Fix ITAPDLY for HS400 timing (git-fixes).
- mtd: rawnand: Bypass a couple of sanity checks during NAND identification (git-fixes).
- mtd: rawnand: Ensure ECC configuration is propagated to upper layers (git-fixes).
- mtd: rawnand: rockchip: ensure NVDDR timings are rejected (git-fixes).
- net/mlx5e: Fix a race in command alloc flow (git-fixes).
- net: can: j1939: Initialize unused data in j1939_send_one() (git-fixes).
- net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new (git-fixes).
- net: can: j1939: recover socket queue on CAN bus error during BAM transmission (git-fixes).
- net: ena: Fix redundant device NUMA node override (jsc#PED-8690).
- net: mana: Enable MANA driver on ARM64 with 4K page size (jsc#PED-8491).
- net: phy: Micrel KSZ8061: fix errata solution not taking effect problem (git-fixes).
- net: phy: micrel: add Microchip KSZ 9477 to the device table (git-fixes).
- net: usb: ax88179_178a: improve link status logs (git-fixes).
- net: usb: ax88179_178a: improve reset check (git-fixes).
- net: usb: qmi_wwan: add Telit FN920C04 compositions (stable-fixes).
- net: usb: rtl8150 fix unintiatilzed variables in rtl8150_get_link_ksettings (git-fixes).
- net: usb: smsc95xx: fix changing LED_SEL bit value updated from EEPROM (git-fixes).
- nfsd: optimise recalculate_deny_mode() for a common case (bsc#1217912).
- nilfs2: fix potential hang in nilfs_detach_log_writer() (stable-fixes).
- nvme: find numa distance only if controller has valid numa id (git-fixes).
- nvmet-passthru: propagate status from id override functions (git-fixes).
- ocfs2: adjust enabling place for la window (bsc#1219224).
- ocfs2: fix sparse warnings (bsc#1219224).
- ocfs2: improve write IO performance when fragmentation is high (bsc#1219224).
- ocfs2: speed up chain-list searching (bsc#1219224).
- pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER (git-fixes).
- pinctrl: qcom: spmi-gpio: drop broken pm8008 support (git-fixes).
- pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins (git-fixes).
- pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins (git-fixes).
- pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set (git-fixes).
- pinctrl: rockchip: use dedicated pinctrl type for RK3328 (git-fixes).
- random: treat bootloader trust toggle the same way as cpu trust toggle (bsc#1226953).
- regulator: bd71815: fix ramp values (git-fixes).
- regulator: core: Fix modpost error "regulator_get_regmap" undefined (git-fixes).
- regulator: irq_helpers: duplicate IRQ name (stable-fixes).
- regulator: vqmmc-ipq4019: fix module autoloading (stable-fixes).
- rpm/kernel-obs-build.spec.in: Add iso9660 (bsc#1226212) Some builds do not just create an iso9660 image, but also mount it during build.
- rpm/kernel-obs-build.spec.in: Add networking modules for docker (bsc#1226211) docker needs more networking modules, even legacy iptable_nat and _filter.
- rpm/kernel-obs-build.spec.in: Include algif_hash, aegis128 and xts modules afgif_hash is needed by some packages (e.g. iwd) for tests, xts is used for LUKS2 volumes by default and aegis128 is useful as AEAD cipher for LUKS2. Wrap the long line to make it readable.
- rpm/mkspec-dtb: dtbs have moved to vendor sub-directories in 6.5 By commit 724ba6751532 ("ARM: dts: Move .dts files to vendor sub-directories"). So switch to them.
- sched/core: Fix incorrect initialization of the 'burst' parameter in cpu_max_write() (bsc#1226791).
- scsi: sd: Update DIX config every time sd_revalidate_disk() is called (bsc#1218570).
- smb: client: ensure to try all targets when finding nested links (bsc#1224020).
- smb: client: guarantee refcounted children from parent session (bsc#1224679).
- soundwire: cadence: fix invalid PDI offset (stable-fixes).
- spi: stm32: Do not warn about spurious interrupts (git-fixes).
- supported.conf: Add APM X-Gene SoC hardware monitoring driver (bsc#1223265 jsc#PED-8570)
- supported.conf: mark orangefs as optional We do not support orangefs at all (and it is already marked as such), but since there are no SLE consumers of it, mark it as optional.
- supported.conf: mark ufs as unsupported UFS is an unsupported filesystem, mark it as such. We still keep it around (not marking as optional), to accommodate any potential migrations from BSD systems.
- tty: mcf: MCF54418 has 10 UARTS (git-fixes).
- usb-storage: alauda: Check whether the media is initialized (git-fixes).
- usb: atm: cxacru: fix endpoint checking in cxacru_bind() (git-fixes).
- usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlock (git-fixes).
- usb: fotg210-hcd: delete an incorrect bounds test (git-fixes).
- usb: gadget: printer: fix races against disable (git-fixes).
- usb: musb: da8xx: fix a resource leak in probe() (git-fixes).
- usb: typec: tcpm: Ignore received Hard Reset in TOGGLING state (git-fixes).
- usb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps (git-fixes).
- usb: typec: ucsi: Ack also failed Get Error commands (git-fixes).
- usb: typec: ucsi: Never send a lone connector change ack (git-fixes).
- usb: xhci: Implement xhci_handshake_check_state() helper (git-fixes).
- usb: xhci: address off-by-one in xhci_num_trbs_free() (git-fixes).
- usb: xhci: improve debug message in xhci_ring_expansion_needed() (git-fixes).
- watchdog: bd9576: Drop "always-running" property (git-fixes).
- watchdog: bd9576_wdt: switch to using devm_fwnode_gpiod_get() (stable-fixes).
- wifi: cfg80211: Lock wiphy in cfg80211_get_station (git-fixes).
- wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt class (stable-fixes).
- wifi: cfg80211: pmsr: use correct nla_get_uX functions (git-fixes).
- wifi: iwlwifi: dbg_ini: move iwl_dbg_tlv_free outside of debugfs ifdef (git-fixes).
- wifi: iwlwifi: mvm: check n_ssids before accessing the ssids (git-fixes).
- wifi: iwlwifi: mvm: do not read past the mfuart notifcation (git-fixes).
- wifi: iwlwifi: mvm: revert gen2 TX A-MPDU size to 64 (git-fixes).
- wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() (git-fixes).
- wifi: mac80211: correctly parse Spatial Reuse Parameter Set element (git-fixes).
- wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects (git-fixes).
- wifi: rtl8xxxu: Fix the TX power of RTL8192CU, RTL8723AU (stable-fixes).
- wifi: rtlwifi: rtl8192de: Fix endianness issue in RX path (stable-fixes).
- wifi: rtlwifi: rtl8192de: Fix low speed with WPA3-SAE (stable-fixes).
- x86/mce: Dynamically size space for machine check records (bsc#1222241).
- x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (bsc#1222015 bsc#1226962).
- xfs: make sure sb_fdblocks is non-negative (bsc#1225419).
- xhci: Fix failure to detect ring expansion need (git-fixes).
- xhci: Fix transfer ring expansion size calculation (git-fixes).
- xhci: Handle TD clearing for multiple streams case (git-fixes).
- xhci: Simplify event ring dequeue pointer update for port change events (git-fixes).
- xhci: Stop unnecessary tracking of free trbs in a ring (git-fixes).
- xhci: fix matching completion events with TDs (git-fixes).
- xhci: remove unused stream_id parameter from xhci_handle_halted_endpoint() (git-fixes).
- xhci: restre deleted trb fields for tracing (git-fixes).
- xhci: retry Stop Endpoint on buggy NEC controllers (git-fixes).
- xhci: simplify event ring dequeue tracking for transfer events (git-fixes).
- xhci: update event ring dequeue pointer position to controller correctly (git-fixes).
kernel-rt-5.14.21-150500.13.61.1.nosrc.rpm
True
kernel-rt-5.14.21-150500.13.61.1.x86_64.rpm
True
openSUSE-Leap-Micro-5.5-2024-2406
Recommended update for suse-build-key
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for suse-build-key fixes the following issue:
- Added new keys of the SLE Micro 6.0 / SLES 16 series, and auto import
them (bsc#1227429)
- gpg-pubkey-09d9ea69-645b99ce.asc: Main SLE Micro 6/SLES 16 key
- gpg-pubkey-73f03759-626bd414.asc: Backup SLE Micro 6/SLES 16 key
suse-build-key-12.0-150000.8.46.2.noarch.rpm
suse-build-key-12.0-150000.8.46.2.src.rpm
openSUSE-Leap-Micro-5.5-2024-2688
Feature update for Public Cloud
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for Public Cloud fixes the following issues:
- Added Public Cloud packages and dependencies to SLE Micro 5.5 to enhance SUSE Manager 5.0 (jsc#SMO-345):
* google-guest-agent (no source changes)
* google-guest-configs (no source changes)
* google-guest-oslogin (no source changes)
* google-osconfig-agent (no source changes)
* growpart-rootgrow (no source changes)
* python-azure-agent (includes bug fixes see below)
* python-cssselect (no source changes)
* python-instance-billing-flavor-check (no source changes)
* python-toml (no source changes)
* python3-lxml (inlcudes a bug fix, see below)
- python-azure-agent received the following fixes:
* Use the proper option to force btrfs to overwrite a file system on the resource disk if one already exists
(bsc#1227711)
* Set Provisioning.Agent parameter to 'cloud-init' in SLE Micro 5.5 and newer (bsc#1227106)
* Do not package `waagent2.0` in Python 3 builds
* Do not require `wicked` in non-SUSE build environments
* Apply python3 interpreter patch in non SLE build environments (bcs#1227067)
- python3-lxml also received the following fix:
* Fixed compatibility with system libexpat in tests (bnc#1222075)
python-cssselect-1.0.3-150400.3.7.4.src.rpm
python3-cssselect-1.0.3-150400.3.7.4.noarch.rpm
python3-lxml-4.9.1-150500.3.4.3.src.rpm
python3-lxml-4.9.1-150500.3.4.3.x86_64.rpm
python3-lxml-4.9.1-150500.3.4.3.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-2401
Security update for oniguruma
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for oniguruma fixes the following issues:
- CVE-2019-13225: Fixed null-pointer dereference in match_at() in regexec.c (bsc#1141157).
libonig4-6.7.0-150000.3.6.1.x86_64.rpm
oniguruma-6.7.0-150000.3.6.1.src.rpm
libonig4-6.7.0-150000.3.6.1.s390x.rpm
libonig4-6.7.0-150000.3.6.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-2670
Recommended update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed fixes the following issues:
Changes in kernel-firmware-nvidia-gspx-G06:
- Update to 550.100 (bsc#1227575)
- Add a second flavor to be used by the kernel module versions
used by CUDA. The firmware targetting CUDA contains '-cuda' in
its name to track its versions separately from the graphics
firmware. (bsc#1227417)
Changes in nvidia-open-driver-G06-signed:
- Update to 550.100 (bsc#1227575)
* Fixed a bug that caused OpenGL triple buffering to behave like
double buffering.
- To avoid issues with missing dependencies when no CUDA repo
is present make the dependecy to nvidia-compute-G06 conditional.
- CUDA is not available for Tumbleweed, exclude the build of the
cuda flavor.
- preamble: let the -cuda flavor KMP require the -cuda flavor
firmware
- Add a second flavor for building the kernel module versions
used by CUDA. The kmp targetting CUDA contains '-cuda' in
its name to track its versions separately from the graphics
kmp. (bsc#1227417)
- Provide the meta package nv-prefer-signed-open-driver to
make sure the latest available SUSE-build open driver is
installed - independent of the latest available open driver
version in he CUDA repository.
Rationale:
The package cuda-runtime provides the link between CUDA and
the kernel driver version through a
Requires: cuda-drivers >= %version
This implies that a CUDA version will run withany kernel driver
version equal or higher than a base version.
nvidia-compute-G06 provides the glue layer between CUDA and
a specific version of he kernel driver both by providing
a set of base libraries and by requiring a specific kernel
version. 'cuda-drivers' (provided by nvidia-compute-utils-G06)
requires an unversioned nvidia-compute-G06. With this, the
resolver will install the latest available and applicable
nvidia-compute-G06.
nv-prefer-signed-open-driver then represents the latest available
open driver version and restricts the nvidia-compute-G06 version
to it. (bsc#1227419)
kernel-firmware-nvidia-gspx-G06-550.100-150500.11.36.1.nosrc.rpm
kernel-firmware-nvidia-gspx-G06-550.100-150500.11.36.1.x86_64.rpm
kernel-firmware-nvidia-gspx-G06-cuda-555.42.06-150500.11.36.1.nosrc.rpm
kernel-firmware-nvidia-gspx-G06-cuda-555.42.06-150500.11.36.1.x86_64.rpm
nv-prefer-signed-open-driver-555.42.06-150500.3.52.1.x86_64.rpm
nvidia-open-driver-G06-signed-550.100-150500.3.52.1.src.rpm
nvidia-open-driver-G06-signed-cuda-555.42.06-150500.3.52.1.src.rpm
nvidia-open-driver-G06-signed-cuda-default-devel-555.42.06-150500.3.52.1.x86_64.rpm
nvidia-open-driver-G06-signed-cuda-kmp-default-555.42.06_k5.14.21_150500.55.68-150500.3.52.1.x86_64.rpm
nvidia-open-driver-G06-signed-default-devel-550.100-150500.3.52.1.x86_64.rpm
nvidia-open-driver-G06-signed-kmp-default-550.100_k5.14.21_150500.55.68-150500.3.52.1.x86_64.rpm
kernel-firmware-nvidia-gspx-G06-550.100-150500.11.36.1.aarch64.rpm
kernel-firmware-nvidia-gspx-G06-cuda-555.42.06-150500.11.36.1.aarch64.rpm
nv-prefer-signed-open-driver-555.42.06-150500.3.52.1.aarch64.rpm
nvidia-open-driver-G06-signed-cuda-default-devel-555.42.06-150500.3.52.1.aarch64.rpm
nvidia-open-driver-G06-signed-cuda-kmp-default-555.42.06_k5.14.21_150500.55.68-150500.3.52.1.aarch64.rpm
nvidia-open-driver-G06-signed-default-devel-550.100-150500.3.52.1.aarch64.rpm
nvidia-open-driver-G06-signed-kmp-default-550.100_k5.14.21_150500.55.68-150500.3.52.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-2654
Security update for xen
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for xen fixes the following issues:
- CVE-2023-46842: Fixed x86 HVM hypercalls may trigger Xen bug check (XSA-454, bsc#1221984).
- CVE-2024-31143: Fixed double unlock in x86 guest IRQ handling (XSA-458, bsc#1227355).
xen-4.17.4_04-150500.3.33.1.src.rpm
True
xen-libs-4.17.4_04-150500.3.33.1.x86_64.rpm
True
openSUSE-Leap-Micro-5.5-2024-2655
Security update for python-dnspython
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for python-dnspython fixes the following issues:
- CVE-2023-29483: Fixed an issue that allowed remote attackers to
interfere with DNS name resolution (bsc#1222693).
python-dnspython-1.15.0-150000.3.5.1.src.rpm
python3-dnspython-1.15.0-150000.3.5.1.noarch.rpm
openSUSE-Leap-Micro-5.5-2024-2609
Recommended update for suse-build-key
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for suse-build-key fixes the following issue:
- fixed syntax error in auto import shell script (bsc#1227681)
suse-build-key-12.0-150000.8.49.2.noarch.rpm
suse-build-key-12.0-150000.8.49.2.src.rpm
openSUSE-Leap-Micro-5.5-2024-2671
Recommended update for cups
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for cups fixes the following issues:
- Require the exact matching version-release of all libcups* sub-packages (bsc#1226192)
cups-2.2.7-150000.3.62.1.src.rpm
cups-config-2.2.7-150000.3.62.1.x86_64.rpm
libcups2-2.2.7-150000.3.62.1.x86_64.rpm
cups-config-2.2.7-150000.3.62.1.s390x.rpm
libcups2-2.2.7-150000.3.62.1.s390x.rpm
cups-config-2.2.7-150000.3.62.1.aarch64.rpm
libcups2-2.2.7-150000.3.62.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-2623
Recommended update for openCryptoki
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for openCryptoki fixes the following issues:
* Amended for group %{pkcs_group} and user pkcsslotd (bsc#1225876)
* Copying example script files from /usr/share/doc/opencryptoki to
/usr/share/opencryptoki (policy-example.conf and strength-example.conf)
in case that there is 'rpm.install.excludedocs=yes' set in the
zypper.conf(zypp.conf) (bsc#1227280)
openCryptoki-3.23.0-150500.3.6.1.s390x.rpm
openCryptoki-3.23.0-150500.3.6.1.src.rpm
openSUSE-Leap-Micro-5.5-2024-2656
Security update for git
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for git fixes the following issues:
- CVE-2024-24577: Fixed arbitrary code execution due to heap corruption in git_index_add (bsc#1219660)
git-2.35.3-150300.10.42.1.src.rpm
git-2.35.3-150300.10.42.1.x86_64.rpm
git-core-2.35.3-150300.10.42.1.x86_64.rpm
perl-Git-2.35.3-150300.10.42.1.x86_64.rpm
git-2.35.3-150300.10.42.1.s390x.rpm
git-core-2.35.3-150300.10.42.1.s390x.rpm
perl-Git-2.35.3-150300.10.42.1.s390x.rpm
git-2.35.3-150300.10.42.1.aarch64.rpm
git-core-2.35.3-150300.10.42.1.aarch64.rpm
perl-Git-2.35.3-150300.10.42.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-2765
Recommended update for container-selinux
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for container-selinux fixes the following issue:
- Allow iptables_t list directory permissions of container_file_t (bsc#1227442)
container-selinux-2.188.0-150500.3.3.2.noarch.rpm
container-selinux-2.188.0-150500.3.3.2.src.rpm
openSUSE-Leap-Micro-5.5-2024-2678
Recommended update for wicked
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for wicked fixes the following issues:
- Update to version 0.6.76
- compat-suse: warn user and create missing parent config of infiniband children
- client: fix origin in loaded xml-config with obsolete port references but missing port interface config, causing a no-carrier of master (bsc#1226125)
- ipv6: fix setup on ipv6.disable=1 kernel cmdline (bsc#1225976)
- wireless: add frequency-list in station mode (jsc#PED-8715)
- client: fix crash while hierarchy traversing due to loop in e.g. systemd-nspawn containers (bsc#1226664)
- man: add supported bonding options to ifcfg-bonding(5) man page
- arputil: Document minimal interval for getopts
- man: (re)generate man pages from md sources
- client: warn on interface wait time reached
- compat-suse: fix dummy type detection from ifname to not cause conflicts with e.g. correct vlan config on dummy0.42 interfaces
- compat-suse: fix infiniband and infiniband child type detection from ifname
wicked-0.6.76-150500.3.33.1.src.rpm
wicked-0.6.76-150500.3.33.1.x86_64.rpm
wicked-service-0.6.76-150500.3.33.1.x86_64.rpm
wicked-0.6.76-150500.3.33.1.s390x.rpm
wicked-service-0.6.76-150500.3.33.1.s390x.rpm
wicked-0.6.76-150500.3.33.1.aarch64.rpm
wicked-service-0.6.76-150500.3.33.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-2659
Security update for shadow
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for shadow fixes the following issues:
- CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845).
login_defs-4.8.1-150500.3.6.1.noarch.rpm
shadow-4.8.1-150500.3.6.1.src.rpm
shadow-4.8.1-150500.3.6.1.x86_64.rpm
shadow-4.8.1-150500.3.6.1.s390x.rpm
shadow-4.8.1-150500.3.6.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-2886
Recommended update for dmidecode
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for dmidecode fixes the following issues:
- Version update (jsc#PED-8574):
* Support for SMBIOS 3.6.0. This includes new memory device types, new
processor upgrades, and Loongarch support
* Support for SMBIOS 3.7.0. This includes new port types, new processor
upgrades, new slot characteristics and new fields for memory modules
* Add bash completion
* Decode HPE OEM records 197, 216, 224, 230, 238, 239, 242 and 245
* Implement options --list-strings and --list-types
* Update HPE OEM records 203, 212, 216, 221, 233 and 236
* Update Redfish support
* Bug fixes:
- Fix enabled slot characteristics not being printed
* Minor improvements:
- Print slot width on its own line
- Use standard strings for slot width
* Add a --no-quirks option
* Drop the CPUID exception list
* Obsoletes patches removed :
dmidecode-do-not-let-dump-bin-overwrite-an-existing-file,
dmidecode-fortify-entry-point-length-checks,
dmidecode-split-table-fetching-from-decoding,
dmidecode-write-the-whole-dump-file-at-once,
dmioem-fix-segmentation-fault-in-dmi_hp_240_attr,
dmioem-hpe-oem-record-237-firmware-change,
dmioem-typo-fix-virutal-virtual,
ensure-dev-mem-is-a-character-device-file,
news-fix-typo,
use-read_file-to-read-from-dump
Update for HPE servers from upstream:
- dmioem-update-hpe-oem-type-238 patch: Decode PCI bus segment in
HPE type 238 records
dmidecode-3.6-150400.16.11.2.src.rpm
dmidecode-3.6-150400.16.11.2.x86_64.rpm
dmidecode-3.6-150400.16.11.2.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-2660
Security update for gtk2
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for gtk2 fixes the following issues:
- CVE-2024-6655: Fixed library injection from current working directory (bsc#1228120)
gtk2-2.24.33-150400.4.3.1.src.rpm
gtk2-tools-2.24.33-150400.4.3.1.x86_64.rpm
libgtk-2_0-0-2.24.33-150400.4.3.1.x86_64.rpm
gtk2-tools-2.24.33-150400.4.3.1.s390x.rpm
libgtk-2_0-0-2.24.33-150400.4.3.1.s390x.rpm
gtk2-tools-2.24.33-150400.4.3.1.aarch64.rpm
libgtk-2_0-0-2.24.33-150400.4.3.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-2661
Security update for gtk3
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for gtk3 fixes the following issues:
- CVE-2024-6655: Fixed library injection from current working directory (bsc#1228120)
gtk3-3.24.34-150400.3.9.1.src.rpm
gtk3-data-3.24.34-150400.3.9.1.noarch.rpm
gtk3-schema-3.24.34-150400.3.9.1.noarch.rpm
gtk3-tools-3.24.34-150400.3.9.1.x86_64.rpm
libgtk-3-0-3.24.34-150400.3.9.1.x86_64.rpm
typelib-1_0-Gtk-3_0-3.24.34-150400.3.9.1.x86_64.rpm
gtk3-tools-3.24.34-150400.3.9.1.s390x.rpm
libgtk-3-0-3.24.34-150400.3.9.1.s390x.rpm
typelib-1_0-Gtk-3_0-3.24.34-150400.3.9.1.s390x.rpm
gtk3-tools-3.24.34-150400.3.9.1.aarch64.rpm
libgtk-3-0-3.24.34-150400.3.9.1.aarch64.rpm
typelib-1_0-Gtk-3_0-3.24.34-150400.3.9.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-2669
Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container fixes the following issues:
- Update to version 1.2.2
Release notes https://github.com/kubevirt/kubevirt/releases/tag/v1.2.2
Release notes https://github.com/kubevirt/kubevirt/releases/tag/v1.2.1
Release notes https://github.com/kubevirt/kubevirt/releases/tag/v1.2.0
- Use predefined configuration files for libvirt
- Install psmisc (provides killall for tests)
kubevirt-1.2.2-150500.8.21.1.src.rpm
kubevirt-manifests-1.2.2-150500.8.21.1.x86_64.rpm
kubevirt-virtctl-1.2.2-150500.8.21.1.x86_64.rpm
openSUSE-Leap-Micro-5.5-2024-2668
Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer fixes the following issues:
Update to version 1.59.0
* Release notes https://github.com/kubevirt/containerized-data-importer/releases/tag/v1.59.0
* Release notes https://github.com/kubevirt/containerized-data-importer/releases/tag/v1.58.1
containerized-data-importer-1.59.0-150500.6.18.1.src.rpm
containerized-data-importer-manifests-1.59.0-150500.6.18.1.x86_64.rpm
openSUSE-Leap-Micro-5.5-2024-2662
Security update for python-urllib3
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for python-urllib3 fixes the following issues:
- CVE-2024-37891: Fixed proxy-authorization request header is not stripped during cross-origin redirects (bsc#1226469)
python-urllib3-1.25.10-150300.4.12.1.src.rpm
python3-urllib3-1.25.10-150300.4.12.1.noarch.rpm
openSUSE-Leap-Micro-5.5-2024-2667
Recommended update for libxkbcommon
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update of libxkbcommon fixes the following issue:
- ship libxkbregistry0-32bit and libxbkregistry-devel-32bit for use by Wine. (bsc#1218640 bsc#1228322)
libxcb-1.13-150000.3.11.1.src.rpm
libxcb-dri2-0-1.13-150000.3.11.1.x86_64.rpm
libxcb-dri3-0-1.13-150000.3.11.1.x86_64.rpm
libxcb-glx0-1.13-150000.3.11.1.x86_64.rpm
libxcb-present0-1.13-150000.3.11.1.x86_64.rpm
libxcb-randr0-1.13-150000.3.11.1.x86_64.rpm
libxcb-render0-1.13-150000.3.11.1.x86_64.rpm
libxcb-shm0-1.13-150000.3.11.1.x86_64.rpm
libxcb-sync1-1.13-150000.3.11.1.x86_64.rpm
libxcb-xfixes0-1.13-150000.3.11.1.x86_64.rpm
libxcb1-1.13-150000.3.11.1.x86_64.rpm
libxcb-dri2-0-1.13-150000.3.11.1.s390x.rpm
libxcb-dri3-0-1.13-150000.3.11.1.s390x.rpm
libxcb-glx0-1.13-150000.3.11.1.s390x.rpm
libxcb-present0-1.13-150000.3.11.1.s390x.rpm
libxcb-randr0-1.13-150000.3.11.1.s390x.rpm
libxcb-render0-1.13-150000.3.11.1.s390x.rpm
libxcb-shm0-1.13-150000.3.11.1.s390x.rpm
libxcb-sync1-1.13-150000.3.11.1.s390x.rpm
libxcb-xfixes0-1.13-150000.3.11.1.s390x.rpm
libxcb1-1.13-150000.3.11.1.s390x.rpm
libxcb-dri2-0-1.13-150000.3.11.1.aarch64.rpm
libxcb-dri3-0-1.13-150000.3.11.1.aarch64.rpm
libxcb-glx0-1.13-150000.3.11.1.aarch64.rpm
libxcb-present0-1.13-150000.3.11.1.aarch64.rpm
libxcb-randr0-1.13-150000.3.11.1.aarch64.rpm
libxcb-render0-1.13-150000.3.11.1.aarch64.rpm
libxcb-shm0-1.13-150000.3.11.1.aarch64.rpm
libxcb-sync1-1.13-150000.3.11.1.aarch64.rpm
libxcb-xfixes0-1.13-150000.3.11.1.aarch64.rpm
libxcb1-1.13-150000.3.11.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-2663
Security update for orc
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for orc fixes the following issues:
- CVE-2024-40897: Fixed stack-based buffer overflow in the orc compiler when formatting error messages for certain input files (bsc#1228184)
liborc-0_4-0-0.4.28-150000.3.6.1.x86_64.rpm
orc-0.4.28-150000.3.6.1.src.rpm
liborc-0_4-0-0.4.28-150000.3.6.1.s390x.rpm
liborc-0_4-0-0.4.28-150000.3.6.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-2878
Recommended update for python-kiwi
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for python-kiwi fixes the following issues:
- Do not exclude the .profile env file by default (bsc#1228118)
kiwi's initrd modules read a .profile file which gets included
into the initrd produced at build time. To allow rebuild of a
host-only initrd from the booted system this information should
be present such that it is possible to re-use kiwi initrd code.
- Add rd.kiwi.oem.force_resize boot option (bsc#1224389)
Forces the disk resize process on an OEM disk image.
If set, no sanity check for unpartitioned/free space
is performed and also an eventually configured
'oem-resize-once' configuration from the image description
will not be taken into account.
dracut-kiwi-lib-9.24.43-150100.3.81.1.x86_64.rpm
dracut-kiwi-oem-dump-9.24.43-150100.3.81.1.x86_64.rpm
dracut-kiwi-oem-repart-9.24.43-150100.3.81.1.x86_64.rpm
python-kiwi-9.24.43-150100.3.81.1.src.rpm
dracut-kiwi-lib-9.24.43-150100.3.81.1.s390x.rpm
dracut-kiwi-oem-dump-9.24.43-150100.3.81.1.s390x.rpm
dracut-kiwi-oem-repart-9.24.43-150100.3.81.1.s390x.rpm
dracut-kiwi-lib-9.24.43-150100.3.81.1.aarch64.rpm
dracut-kiwi-oem-dump-9.24.43-150100.3.81.1.aarch64.rpm
dracut-kiwi-oem-repart-9.24.43-150100.3.81.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-2912
Recommended update for cloud-regionsrv-client
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for cloud-regionsrv-client contains the following fixes:
- Update to version 10.3.0 (bsc#1227308, bsc#1222985)
+ Add support for sidecar registry
Podman and rootless Docker support to set up the necessary
configuration for the container engines to run as defined
+ Add running command as root through sudoers file
- Update to version 10.2.0 (bsc#1223571, bsc#1224014, bsc#1224016)
+ In addition to logging, write message to stderr when registration fails
+ Detect transactional-update system with read only setup and use
the transactional-update command to register
+ Handle operation in a different target root directory for credentials
checking
cloud-regionsrv-client-10.3.0-150300.13.3.1.src.rpm
cloud-regionsrv-client-10.3.0-150300.13.3.1.x86_64.rpm
cloud-regionsrv-client-addon-azure-1.0.5-150300.13.3.1.noarch.rpm
cloud-regionsrv-client-generic-config-1.0.0-150300.13.3.1.x86_64.rpm
cloud-regionsrv-client-plugin-azure-2.0.0-150300.13.3.1.x86_64.rpm
cloud-regionsrv-client-plugin-ec2-1.0.4-150300.13.3.1.x86_64.rpm
cloud-regionsrv-client-plugin-gce-1.0.0-150300.13.3.1.x86_64.rpm
python-PyYAML-5.4.1-150300.3.3.1.src.rpm
python-dnspython-1.15.0-150000.3.7.1.src.rpm
python3-PyYAML-5.4.1-150300.3.3.1.x86_64.rpm
python3-dnspython-1.15.0-150000.3.7.1.noarch.rpm
python3-PyYAML-5.4.1-150300.3.3.1.s390x.rpm
cloud-regionsrv-client-10.3.0-150300.13.3.1.aarch64.rpm
cloud-regionsrv-client-generic-config-1.0.0-150300.13.3.1.aarch64.rpm
cloud-regionsrv-client-plugin-azure-2.0.0-150300.13.3.1.aarch64.rpm
cloud-regionsrv-client-plugin-ec2-1.0.4-150300.13.3.1.aarch64.rpm
cloud-regionsrv-client-plugin-gce-1.0.0-150300.13.3.1.aarch64.rpm
python3-PyYAML-5.4.1-150300.3.3.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-2891
Security update for openssl-1_1
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for openssl-1_1 fixes the following issues:
- CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138)
Other fixes:
- Build with no-afalgeng (bsc#1226463)
libopenssl-1_1-devel-1.1.1l-150500.17.34.1.x86_64.rpm
libopenssl1_1-1.1.1l-150500.17.34.1.x86_64.rpm
libopenssl1_1-hmac-1.1.1l-150500.17.34.1.x86_64.rpm
openssl-1_1-1.1.1l-150500.17.34.1.src.rpm
openssl-1_1-1.1.1l-150500.17.34.1.x86_64.rpm
libopenssl-1_1-devel-1.1.1l-150500.17.34.1.s390x.rpm
libopenssl1_1-1.1.1l-150500.17.34.1.s390x.rpm
libopenssl1_1-hmac-1.1.1l-150500.17.34.1.s390x.rpm
openssl-1_1-1.1.1l-150500.17.34.1.s390x.rpm
libopenssl-1_1-devel-1.1.1l-150500.17.34.1.aarch64.rpm
libopenssl1_1-1.1.1l-150500.17.34.1.aarch64.rpm
libopenssl1_1-hmac-1.1.1l-150500.17.34.1.aarch64.rpm
openssl-1_1-1.1.1l-150500.17.34.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-2869
Security update for ca-certificates-mozilla
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for ca-certificates-mozilla fixes the following issues:
- Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525)
- Added: FIRMAPROFESIONAL CA ROOT-A WEB
- Distrust: GLOBALTRUST 2020
- Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356)
Added:
- CommScope Public Trust ECC Root-01
- CommScope Public Trust ECC Root-02
- CommScope Public Trust RSA Root-01
- CommScope Public Trust RSA Root-02
- D-Trust SBR Root CA 1 2022
- D-Trust SBR Root CA 2 2022
- Telekom Security SMIME ECC Root 2021
- Telekom Security SMIME RSA Root 2023
- Telekom Security TLS ECC Root 2020
- Telekom Security TLS RSA Root 2023
- TrustAsia Global Root CA G3
- TrustAsia Global Root CA G4
Removed:
- Autoridad de Certificacion Firmaprofesional CIF A62634068
- Chambers of Commerce Root - 2008
- Global Chambersign Root - 2008
- Security Communication Root CA
- Symantec Class 1 Public Primary Certification Authority - G6
- Symantec Class 2 Public Primary Certification Authority - G6
- TrustCor ECA-1
- TrustCor RootCert CA-1
- TrustCor RootCert CA-2
- VeriSign Class 1 Public Primary Certification Authority - G3
- VeriSign Class 2 Public Primary Certification Authority - G3
ca-certificates-mozilla-2.68-150200.33.1.noarch.rpm
ca-certificates-mozilla-2.68-150200.33.1.src.rpm
openSUSE-Leap-Micro-5.5-2024-2887
Recommended update for util-linux
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for util-linux fixes the following issues:
- agetty: Prevent login cursor escape (bsc#1194818).
- Document unexpected side effects of lazy destruction (bsc#1159034).
- Don't delete binaries not common for all architectures. Create an
util-linux-extra subpackage instead, so users of third party
tools can use them (bsc#1222285).
- agetty: Prevent login cursor escape (bsc#1194818).
- Document unexpected side effects of lazy destruction (bsc#1159034).
- Don't delete binaries not common for all architectures. Create an
util-linux-extra subpackage instead, so users of third party
tools can use them (bsc#1222285).
- agetty: Prevent login cursor escape (bsc#1194818).
- Document unexpected side effects of lazy destruction (bsc#1159034).
- Don't delete binaries not common for all architectures. Create an
util-linux-extra subpackage instead, so users of third party
tools can use them (bsc#1222285).
libblkid1-2.37.4-150500.9.14.2.x86_64.rpm
libfdisk1-2.37.4-150500.9.14.2.x86_64.rpm
libmount1-2.37.4-150500.9.14.2.x86_64.rpm
libsmartcols1-2.37.4-150500.9.14.2.x86_64.rpm
libuuid1-2.37.4-150500.9.14.2.x86_64.rpm
util-linux-2.37.4-150500.9.14.2.src.rpm
util-linux-2.37.4-150500.9.14.2.x86_64.rpm
util-linux-systemd-2.37.4-150500.9.14.2.src.rpm
util-linux-systemd-2.37.4-150500.9.14.2.x86_64.rpm
libblkid1-2.37.4-150500.9.14.2.s390x.rpm
libfdisk1-2.37.4-150500.9.14.2.s390x.rpm
libmount1-2.37.4-150500.9.14.2.s390x.rpm
libsmartcols1-2.37.4-150500.9.14.2.s390x.rpm
libuuid1-2.37.4-150500.9.14.2.s390x.rpm
util-linux-2.37.4-150500.9.14.2.s390x.rpm
util-linux-systemd-2.37.4-150500.9.14.2.s390x.rpm
libblkid1-2.37.4-150500.9.14.2.aarch64.rpm
libfdisk1-2.37.4-150500.9.14.2.aarch64.rpm
libmount1-2.37.4-150500.9.14.2.aarch64.rpm
libsmartcols1-2.37.4-150500.9.14.2.aarch64.rpm
libuuid1-2.37.4-150500.9.14.2.aarch64.rpm
util-linux-2.37.4-150500.9.14.2.aarch64.rpm
util-linux-systemd-2.37.4-150500.9.14.2.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-2791
Recommended update for various 32bit packages
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update of various packages delivers 32bit variants to allow running Wine
on SLE PackageHub 15 SP6.
Mesa-22.3.5-150500.77.2.1.src.rpm
Mesa-22.3.5-150500.77.2.1.x86_64.rpm
Mesa-dri-22.3.5-150500.77.2.1.x86_64.rpm
Mesa-drivers-22.3.5-150500.77.2.1.src.rpm
Mesa-gallium-22.3.5-150500.77.2.1.x86_64.rpm
Mesa-libEGL1-22.3.5-150500.77.2.1.x86_64.rpm
Mesa-libGL1-22.3.5-150500.77.2.1.x86_64.rpm
Mesa-libglapi0-22.3.5-150500.77.2.1.x86_64.rpm
libLLVM15-15.0.7-150500.4.11.1.x86_64.rpm
libassuan-2.5.5-150000.4.7.1.src.rpm
libassuan0-2.5.5-150000.4.7.1.x86_64.rpm
libgbm1-22.3.5-150500.77.2.1.x86_64.rpm
libpcsclite1-1.9.4-150400.3.2.1.x86_64.rpm
llvm15-15.0.7-150500.4.11.1.src.rpm
pcsc-lite-1.9.4-150400.3.2.1.src.rpm
pcsc-lite-1.9.4-150400.3.2.1.x86_64.rpm
Mesa-22.3.5-150500.77.2.1.s390x.rpm
Mesa-dri-22.3.5-150500.77.2.1.s390x.rpm
Mesa-libEGL1-22.3.5-150500.77.2.1.s390x.rpm
Mesa-libGL1-22.3.5-150500.77.2.1.s390x.rpm
Mesa-libglapi0-22.3.5-150500.77.2.1.s390x.rpm
libLLVM15-15.0.7-150500.4.11.1.s390x.rpm
libassuan0-2.5.5-150000.4.7.1.s390x.rpm
libgbm1-22.3.5-150500.77.2.1.s390x.rpm
libpcsclite1-1.9.4-150400.3.2.1.s390x.rpm
pcsc-lite-1.9.4-150400.3.2.1.s390x.rpm
Mesa-22.3.5-150500.77.2.1.aarch64.rpm
Mesa-dri-22.3.5-150500.77.2.1.aarch64.rpm
Mesa-gallium-22.3.5-150500.77.2.1.aarch64.rpm
Mesa-libEGL1-22.3.5-150500.77.2.1.aarch64.rpm
Mesa-libGL1-22.3.5-150500.77.2.1.aarch64.rpm
Mesa-libglapi0-22.3.5-150500.77.2.1.aarch64.rpm
libLLVM15-15.0.7-150500.4.11.1.aarch64.rpm
libassuan0-2.5.5-150000.4.7.1.aarch64.rpm
libgbm1-22.3.5-150500.77.2.1.aarch64.rpm
libpcsclite1-1.9.4-150400.3.2.1.aarch64.rpm
pcsc-lite-1.9.4-150400.3.2.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-2799
Recommended update for runc
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for runc fixes the following issues:
- Update to runc v1.1.13, changelog is available at https://github.com/opencontainers/runc/releases/tag/v1.1.13
- Fix a performance issue when running lots of containers caused by too many mount notifications (bsc#1214960)
runc-1.1.13-150000.67.1.src.rpm
runc-1.1.13-150000.67.1.x86_64.rpm
runc-1.1.13-150000.67.1.s390x.rpm
runc-1.1.13-150000.67.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-2809
Security update for shadow
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for shadow fixes the following issues:
- Fixed not copying of skel files (bsc#1228770)
login_defs-4.8.1-150500.3.9.1.noarch.rpm
shadow-4.8.1-150500.3.9.1.src.rpm
shadow-4.8.1-150500.3.9.1.x86_64.rpm
shadow-4.8.1-150500.3.9.1.s390x.rpm
shadow-4.8.1-150500.3.9.1.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-2967
Recommended update for pam
moderate
SUSE Updates openSUSE-Leap-Micro 5.5
This update for pam fixes the following issue:
- Prevent cursor escape from the login prompt (bsc#1194818).
pam-1.3.0-150000.6.71.2.src.rpm
pam-1.3.0-150000.6.71.2.x86_64.rpm
pam-1.3.0-150000.6.71.2.s390x.rpm
pam-1.3.0-150000.6.71.2.aarch64.rpm
openSUSE-Leap-Micro-5.5-2024-2921
Recommended update for grub2
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for grub2 fixes the following issues:
- Fix btrfs subvolume for platform modules not mounting at runtime when the
default subvolume is the topmost root tree (bsc#1228124)
- Fix error in grub-install when root is on tmpfs (bsc#1226100)
- Fix input handling in ppc64le grub2 has high latency (bsc#1223535)
- Fix error in /etc/grub.d/20_linux_xen: file_is_not_sym not found, renamed to file_is_not_xen_garbage (bsc#1224226)
grub2-2.06-150500.29.28.1.src.rpm
grub2-2.06-150500.29.28.1.x86_64.rpm
grub2-i386-pc-2.06-150500.29.28.1.noarch.rpm
grub2-snapper-plugin-2.06-150500.29.28.1.noarch.rpm
grub2-x86_64-efi-2.06-150500.29.28.1.noarch.rpm
grub2-x86_64-xen-2.06-150500.29.28.1.noarch.rpm
grub2-2.06-150500.29.28.1.s390x.rpm
grub2-s390x-emu-2.06-150500.29.28.1.s390x.rpm
grub2-2.06-150500.29.28.1.aarch64.rpm
grub2-arm64-efi-2.06-150500.29.28.1.noarch.rpm
openSUSE-Leap-Micro-5.5-2024-2894
Security update for the Linux Kernel
important
SUSE Updates openSUSE-Leap-Micro 5.5
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-47086: phonet/pep: refuse to enable an unbound pipe (bsc#1220952).
- CVE-2021-47103: net: sock: preserve kabi for sock (bsc#1221010).
- CVE-2021-47186: tipc: check for null after calling kmemdup (bsc#1222702).
- CVE-2021-47546: Kabi fix for ipv6: fix memory leak in fib6_rule_suppress (bsc#1225504).
- CVE-2021-47547: net: tulip: de4x5: fix the problem that the array 'lp->phy' may be out of bound (bsc#1225505).
- CVE-2021-47588: sit: do not call ipip6_dev_free() from sit_init_net() (bsc#1226568).
- CVE-2021-47590: mptcp: fix deadlock in __mptcp_push_pending() (bsc#1226565).
- CVE-2021-47591: mptcp: remove tcp ulp setsockopt support (bsc#1226570).
- CVE-2021-47593: mptcp: clear 'kern' flag from fallback sockets (bsc#1226551).
- CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1226574).
- CVE-2021-47599: btrfs: use latest_dev in btrfs_show_devname (bsc#1226571)
- CVE-2021-47606: net: netlink: af_netlink: Prevent empty skb by adding a check on len (bsc#1226555).
- CVE-2021-47623: powerpc/fixmap: Fix VM debug warning on unmap (bsc#1227919).
- CVE-2022-48785: ipv6: mcast: use rcu-safe version of ipv6_get_lladdr() (bsc#1227927)
- CVE-2022-48810: ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path (bsc#1227936).
- CVE-2022-48850: net-sysfs: add check for netdevice being present to speed_show (bsc#1228071)
- CVE-2022-48855: sctp: fix kernel-infoleak for SCTP sockets (bsc#1228003).
- CVE-2023-52435: net: prevent mss overflow in skb_segment() (bsc#1220138).
- CVE-2023-52573: net: rds: Fix possible NULL-pointer dereference (bsc#1220869)
- CVE-2023-52580: net/core: Fix ETH_P_1588 flow dissector (bsc#1220876).
- CVE-2023-52751: smb: client: fix use-after-free in smb2_query_info_compound() (bsc#1225489).
- CVE-2023-52775: net/smc: avoid data corruption caused by decline (bsc#1225088).
- CVE-2023-52812: drm/amd: check num of link levels when update pcie param (bsc#1225564).
- CVE-2023-52857: drm/mediatek: Fix coverity issue with unintentional integer overflow (bsc#1225581).
- CVE-2023-52863: hwmon: (axi-fan-control) Fix possible NULL pointer dereference (bsc#1225586).
- CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187).
- CVE-2024-26615: net/smc: fix illegal rmb_desc access in SMC-D connection dump (bsc#1220942).
- CVE-2024-26633: ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() (bsc#1221647).
- CVE-2024-26635: llc: Drop support for ETH_P_TR_802_2 (bsc#1221656).
- CVE-2024-26636: llc: make llc_ui_sendmsg() more robust against bonding changes (bsc#1221659).
- CVE-2024-26641: ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() (bsc#1221654).
- CVE-2024-26661: drm/amd/display: Add NULL test for 'timing generator' in (bsc#1222323)
- CVE-2024-26663: tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() (bsc#1222326).
- CVE-2024-26665: tunnels: fix out of bounds access when building IPv6 PMTU error (bsc#1222328).
- CVE-2024-26802: stmmac: Clear variable when destroying workqueue (bsc#1222799).
- CVE-2024-26863: hsr: Fix uninit-value access in hsr_get_node() (bsc#1223021).
- CVE-2024-26961: mac802154: fix llsec key resources release in mac802154_llsec_key_del (bsc#1223652).
- CVE-2024-27015: netfilter: flowtable: incorrect pppoe tuple (bsc#1223806).
- CVE-2024-27019: netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() (bsc#1223813)
- CVE-2024-27020: netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() (bsc#1223815)
- CVE-2024-27025: nbd: null check for nla_nest_start (bsc#1223778)
- CVE-2024-27065: netfilter: nf_tables: do not compare internal table flags on updates (bsc#1223836).
- CVE-2024-27402: phonet/pep: fix racy skb_queue_empty() use (bsc#1224414).
- CVE-2024-27437: vfio/pci: Disable auto-enable of exclusive INTx IRQ (bsc#1222625).
- CVE-2024-35805: dm snapshot: fix lockup in dm_exception_table_exit (bsc#1224743).
- CVE-2024-35819: soc: fsl: qbman: Use raw spinlock for cgr_lock (bsc#1224683).
- CVE-2024-35837: net: mvpp2: clear BM pool before initialization (bsc#1224500).
- CVE-2024-35853: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash (bsc#1224604).
- CVE-2024-35889: idpf: fix kernel panic on unknown packet types (bsc#1224517).
- CVE-2024-35890: gro: fix ownership transfer (bsc#1224516).
- CVE-2024-35893: net/sched: act_skbmod: prevent kernel-infoleak (bsc#1224512)
- CVE-2024-35899: netfilter: nf_tables: flush pending destroy work before exit_net release (bsc#1224499)
- CVE-2024-35934: net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() (bsc#1224641)
- CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks (bsc#1224700)
- CVE-2024-35961: net/mlx5: Restore mistakenly dropped parts in register devlink flow (bsc#1224585).
- CVE-2024-35979: raid1: fix use-after-free for original bio in raid1_write_request() (bsc#1224572).
- CVE-2024-35995: ACPI: CPPC: Fix access width used for PCC registers (bsc#1224557).
- CVE-2024-36000: mm/hugetlb: fix missing hugetlb_lock for resv uncharge (bsc#1224548).
- CVE-2024-36004: i40e: Do not use WQ_MEM_RECLAIM flag for workqueue (bsc#1224545)
- CVE-2024-36901: ipv6: prevent NULL dereference in ip6_output() (bsc#1225711)
- CVE-2024-36902: ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() (bsc#1225719).
- CVE-2024-36909: Drivers: hv: vmbus: Do not free ring buffers that couldn't be re-encrypted (bsc#1225744).
- CVE-2024-36910: uio_hv_generic: Do not free decrypted memory (bsc#1225717).
- CVE-2024-36911: hv_netvsc: Do not free decrypted memory (bsc#1225745).
- CVE-2024-36912: Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl (bsc#1225752).
- CVE-2024-36913: Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails (bsc#1225753).
- CVE-2024-36914: drm/amd/display: Skip on writeback when it's not applicable (bsc#1225757).
- CVE-2024-36919: scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload (bsc#1225767).
- CVE-2024-36923: fs/9p: fix uninitialized values during inode evict (bsc#1225815).
- CVE-2024-36939: nfs: Handle error of rpc_proc_register() in nfs_net_init() (bsc#1225838).
- CVE-2024-36946: phonet: fix rtm_phonet_notify() skb allocation (bsc#1225851).
- CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (bsc#1226519).
- CVE-2024-38555: net/mlx5: Discard command completions in internal error (bsc#1226607).
- CVE-2024-38558: net: openvswitch: fix overwriting ct original tuple for ICMPv6 (bsc#1226783).
- CVE-2024-38570: gfs2: Fix potential glock use-after-free on unmount (bsc#1226775).
- CVE-2024-38586: r8169: Fix possible ring buffer corruption on fragmented Tx packets (bsc#1226750).
- CVE-2024-38598: md: fix resync softlockup when bitmap size is less than array size (bsc#1226757).
- CVE-2024-38628: usb: gadget: u_audio: Fix race condition use of controls after free during gadget unbind (bsc#1226911).
- CVE-2024-39276: ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() (bsc#1226993).
- CVE-2024-39371: io_uring: check for non-NULL file pointer in io_file_can_poll() (bsc#1226990).
- CVE-2024-39463: 9p: add missing locking around taking dentry fid list (bsc#1227090).
- CVE-2024-39472: xfs: fix log recovery buffer allocation for the legacy h_size fixup (bsc#1227432).
- CVE-2024-39482: bcache: fix variable length array abuse in btree_iter (bsc#1227447).
- CVE-2024-39487: bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() (bsc#1227573)
- CVE-2024-39490: ipv6: sr: fix missing sk_buff release in seg6_input_core (bsc#1227626).
- CVE-2024-39493: crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak (bsc#1227620).
- CVE-2024-39494: ima: Fix use-after-free on a dentry's dname.name (bsc#1227716).
- CVE-2024-39497: drm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE) (bsc#1227722)
- CVE-2024-39502: ionic: fix use after netif_napi_del() (bsc#1227755).
- CVE-2024-39506: liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet (bsc#1227729).
- CVE-2024-39507: net: hns3: fix kernel crash problem in concurrent scenario (bsc#1227730).
- CVE-2024-39508: io_uring/io-wq: Use set_bit() and test_bit() at worker->flags (bsc#1227732).
- CVE-2024-40901: scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory (bsc#1227762).
- CVE-2024-40906: net/mlx5: Always stop health timer during driver removal (bsc#1227763).
- CVE-2024-40908: bpf: Set run context for rawtp test_run callback (bsc#1227783).
- CVE-2024-40909: bpf: Fix a potential use-after-free in bpf_link_free() (bsc#1227798).
- CVE-2024-40919: bnxt_en: Adjust logging of firmware messages in case of released token in __hwrm_send() (bsc#1227779).
- CVE-2024-40923: vmxnet3: disable rx data ring on dma allocation failure (bsc#1227786).
- CVE-2024-40931: mptcp: ensure snd_una is properly initialized on connect (bsc#1227780).
- CVE-2024-40935: cachefiles: flush all requests after setting CACHEFILES_DEAD (bsc#1227797).
- CVE-2024-40937: gve: Clear napi->skb before dev_kfree_skb_any() (bsc#1227836).
- CVE-2024-40940: net/mlx5: Fix tainted pointer delete is case of flow rules creation fail (bsc#1227800).
- CVE-2024-40943: ocfs2: fix races between hole punching and AIO+DIO (bsc#1227849).
- CVE-2024-40953: KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin() (bsc#1227806).
- CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808)
- CVE-2024-40958: netns: Make get_net_ns() handle zero refcount net (bsc#1227812).
- CVE-2024-40959: xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() (bsc#1227884).
- CVE-2024-40960: ipv6: prevent possible NULL dereference in rt6_probe() (bsc#1227813).
- CVE-2024-40961: ipv6: prevent possible NULL deref in fib6_nh_init() (bsc#1227814).
- CVE-2024-40966: kABI: tty: add the option to have a tty reject a new ldisc (bsc#1227886).
- CVE-2024-40967: serial: imx: Introduce timeout when waiting on transmitter empty (bsc#1227891).
- CVE-2024-40970: Avoid hw_desc array overrun in dw-axi-dmac (bsc#1227899).
- CVE-2024-40972: ext4: fold quota accounting into ext4_xattr_inode_lookup_create() (bsc#1227910).
- CVE-2024-40977: wifi: mt76: mt7921s: fix potential hung tasks during chip recovery (bsc#1227950).
- CVE-2024-40982: ssb: Fix potential NULL pointer dereference in ssb_device_uevent() (bsc#1227865).
- CVE-2024-40989: KVM: arm64: Disassociate vcpus from redistributor region on teardown (bsc#1227823).
- CVE-2024-40994: ptp: fix integer overflow in max_vclocks_store (bsc#1227829).
- CVE-2024-40998: ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super() (bsc#1227866).
- CVE-2024-40999: net: ena: Add validation for completion descriptors consistency (bsc#1227913).
- CVE-2024-41006: netrom: Fix a memory leak in nr_heartbeat_expiry() (bsc#1227862).
- CVE-2024-41009: selftests/bpf: Add more ring buffer test coverage (bsc#1228020).
- CVE-2024-41012: filelock: Remove locks reliably when fcntl/close race is detected (bsc#1228247).
- CVE-2024-41013: xfs: do not walk off the end of a directory data block (bsc#1228405).
- CVE-2024-41014: xfs: add bounds checking to xlog_recover_process_data (bsc#1228408).
- CVE-2024-41015: ocfs2: add bounds checking to ocfs2_check_dir_entry() (bsc#1228409).
- CVE-2024-41016: ocfs2: add bounds checking to ocfs2_xattr_find_entry() (bsc#1228410).
- CVE-2024-41017: jfs: do not walk off the end of ealist (bsc#1228403).
- CVE-2024-41040: net/sched: Fix UAF when resolving a clash (bsc#1228518)
- CVE-2024-41041: udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port() (bsc#1228520)
- CVE-2024-41044: ppp: reject claimed-as-LCP but actually malformed packets (bsc#1228530).
- CVE-2024-41048: skmsg: Skip zero length skb in sk_msg_recvmsg (bsc#1228565)
- CVE-2024-41057: cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie() (bsc#1228462).
- CVE-2024-41058: cachefiles: fix slab-use-after-free in fscache_withdraw_volume() (bsc#1228459).
- CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228561).
- CVE-2024-41063: Bluetooth: hci_core: cancel all works upon hci_unregister_dev() (bsc#1228580)
- CVE-2024-41064: powerpc/eeh: avoid possible crash when edev->pdev changes (bsc#1228599).
- CVE-2024-41066: ibmvnic: Add tx check to prevent skb leak (bsc#1228640).
- CVE-2024-41069: ASoC: topology: Fix route memory corruption (bsc#1228644).
- CVE-2024-41070: KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() (bsc#1228581).
- CVE-2024-41071: wifi: mac80211: Avoid address calculations via out of bounds array indexing (bsc#1228625).
- CVE-2024-41078: btrfs: qgroup: fix quota root leak after quota disable failure (bsc#1228655).
- CVE-2024-41081: ila: block BH in ila_output() (bsc#1228617)
- CVE-2024-41090: tap: add missing verification for short frame (bsc#1228328).
- CVE-2024-41091: tun: add missing verification for short frame (bsc#1228327).
- CVE-2024-42070: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (bsc#1228470)
- CVE-2024-42079: gfs2: Fix NULL pointer dereference in gfs2_log_flush (bsc#1228672).
- CVE-2024-42093: net/dpaa2: Avoid explicit cpumask var allocation on stack (bsc#1228680).
- CVE-2024-42096: x86: stop playing stack games in profile_pc() (bsc#1228633).
- CVE-2024-42122: drm/amd/display: Add NULL pointer check for kzalloc (bsc#1228591)
- CVE-2024-42124: scsi: qedf: Make qedf_execute_tmf() non-preemptible (bsc#1228705)
- CVE-2024-42145: IB/core: Implement a limit on UMAD receive List (bsc#1228743)
- CVE-2024-42161: Avoid uninitialized value in BPF_CORE_READ_BITFIELD (bsc#1228756).
- CVE-2024-42224: net: dsa: mv88e6xxx: Correct check for empty list (bsc#1228723)
- CVE-2024-42230: powerpc/pseries: Fix scv instruction crash with kexec (bsc#1194869).
The following non-security bugs were fixed:
- ACPI: EC: Abort address space access upon error (stable-fixes).
- ACPI: EC: Avoid returning AE_OK on errors in address space handler (stable-fixes).
- ACPI: processor_idle: Fix invalid comparison with insertion sort for latency (git-fixes).
- ACPI: video: Add backlight=native quirk for Lenovo Slim 7 16ARH7 (stable-fixes).
- ACPI: x86: Force StorageD3Enable on more products (stable-fixes).
- ACPI: x86: utils: Add Picasso to the list for forcing StorageD3Enable (stable-fixes).
- ALSA: dmaengine_pcm: terminate dmaengine before synchronize (stable-fixes).
- ALSA: dmaengine: Synchronize dma channel after drop() (stable-fixes).
- ALSA: emux: improve patch ioctl data validation (stable-fixes).
- ALSA: hda: conexant: Fix headset auto detect fail in the polling mode (git-fixes).
- ALSA: hda/realtek: Add more codec ID to no shutup pins list (stable-fixes).
- ALSA: hda/realtek: add quirk for Clevo V5[46]0TU (stable-fixes).
- ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897 (stable-fixes).
- ALSA: hda/realtek: Enable headset mic on Positivo SU C1400 (stable-fixes).
- ALSA: hda/realtek: Enable Mute LED on HP 250 G7 (stable-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs do not work for EliteBook 645/665 G11 (stable-fixes).
- ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 (stable-fixes).
- ALSA: hda/realtek: Limit mic boost on VAIO PRO PX (stable-fixes).
- ALSA: hda/relatek: Enable Mute LED on HP Laptop 15-gw0xxx (stable-fixes).
- ALSA: pcm_dmaengine: Do not synchronize DMA channel when DMA is paused (git-fixes).
- ALSA: usb-audio: Add a quirk for Sonix HD USB Camera (stable-fixes).
- ALSA: usb-audio: Correct surround channels in UAC1 channel map (git-fixes).
- ALSA: usb-audio: Fix microphone sound on HD webcam (stable-fixes).
- ALSA: usb-audio: Move HD Webcam quirk to the right place (git-fixes).
- arm64: dts: allwinner: Pine H64: correctly remove reg_gmac_3v3 (git-fixes)
- arm64: dts: hi3798cv200: fix the size of GICR (git-fixes)
- arm64: dts: imx8qm-mek: fix gpio number for reg_usdhc2_vmmc (git-fixes)
- arm64: dts: microchip: sparx5: fix mdio reg (git-fixes)
- arm64: dts: rockchip: Add enable-strobe-pulldown to emmc phy on ROCK (git-fixes)
- arm64: dts: rockchip: Add sound-dai-cells for RK3368 (git-fixes)
- arm64: dts: rockchip: fix PMIC interrupt pin on ROCK Pi E (git-fixes)
- arm64/io: add constant-argument check (bsc#1226502 git-fixes)
- arm64/io: Provide a WC friendly __iowriteXX_copy() (bsc#1226502)
- arm64: tegra: Correct Tegra132 I2C alias (git-fixes)
- ASoC: amd: Adjust error handling in case of absent codec device (git-fixes).
- ASoC: max98088: Check for clk_prepare_enable() error (git-fixes).
- ASoC: ti: davinci-mcasp: Set min period size using FIFO config (stable-fixes).
- ASoC: ti: omap-hdmi: Fix too long driver name (stable-fixes).
- batman-adv: bypass empty buckets in batadv_purge_orig_ref() (stable-fixes).
- blk-cgroup: dropping parent refcount after pd_free_fn() is done (bsc#1224573).
- block: do not add partitions if GD_SUPPRESS_PART_SCAN is set (bsc#1227162).
- block, loop: support partitions without scanning (bsc#1227162).
- Bluetooth: ath3k: Fix multiple issues reported by checkpatch.pl (stable-fixes).
- Bluetooth: btqca: use le32_to_cpu for ver.soc_id (stable-fixes).
- Bluetooth: hci_core: cancel all works upon hci_unregister_dev() (stable-fixes).
- Bluetooth: hci_qca: mark OF related data as maybe unused (stable-fixes).
- Bluetooth: hci_sync: Fix suspending with wrong filter policy (git-fixes).
- Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot (git-fixes).
- bnxt_re: Fix imm_data endianness (git-fixes)
- bpf: aggressively forget precise markings during state checkpointing (bsc#1225903).
- bpf: allow precision tracking for programs with subprogs (bsc#1225903).
- bpf: check bpf_func_state->callback_depth when pruning states (bsc#1225903).
- bpf: clean up visit_insn()'s instruction processing (bsc#1225903).
- bpf: correct loop detection for iterators convergence (bsc#1225903).
- bpf: encapsulate precision backtracking bookkeeping (bsc#1225903).
- bpf: ensure state checkpointing at iter_next() call sites (bsc#1225903).
- bpf: exact states comparison for iterator convergence checks (bsc#1225903).
- bpf: extract __check_reg_arg() utility function (bsc#1225903).
- bpf: extract same_callsites() as utility function (bsc#1225903).
- bpf: extract setup_func_entry() utility function (bsc#1225903).
- bpf: fix calculation of subseq_idx during precision backtracking (bsc#1225903).
- bpf: fix mark_all_scalars_precise use in mark_chain_precision (bsc#1225903).
- bpf: Fix memory leaks in __check_func_call (bsc#1225903).
- bpf: fix propagate_precision() logic for inner frames (bsc#1225903).
- bpf: fix regs_exact() logic in regsafe() to remap IDs correctly (bsc#1225903).
- bpf: Fix to preserve reg parent/live fields when copying range info (bsc#1225903).
- bpf: generalize MAYBE_NULL vs non-MAYBE_NULL rule (bsc#1225903).
- bpf: improve precision backtrack logging (bsc#1225903).
- bpf: Improve verifier u32 scalar equality checking (bsc#1225903).
- bpf: keep track of max number of bpf_loop callback iterations (bsc#1225903).
- bpf: maintain bitmasks across all active frames in __mark_chain_precision (bsc#1225903).
- bpf: mark relevant stack slots scratched for register read instructions (bsc#1225903).
- bpf: move explored_state() closer to the beginning of verifier.c (bsc#1225903).
- bpf: perform byte-by-byte comparison only when necessary in regsafe() (bsc#1225903).
- bpf: print full verifier states on infinite loop detection (bsc#1225903).
- bpf: regsafe() must not skip check_ids() (bsc#1225903).
- bpf: reject non-exact register type matches in regsafe() (bsc#1225903).
- bpf: Remove unused insn_cnt argument from visit_[func_call_]insn() (bsc#1225903).
- bpf: reorganize struct bpf_reg_state fields (bsc#1225903).
- bpf: Skip invalid kfunc call in backtrack_insn (bsc#1225903).
- bpf: states_equal() must build idmap for all function frames (bsc#1225903).
- bpf: stop setting precise in current state (bsc#1225903).
- bpf: support precision propagation in the presence of subprogs (bsc#1225903).
- bpf: take into account liveness when propagating precision (bsc#1225903).
- bpf: teach refsafe() to take into account ID remapping (bsc#1225903).
- bpf: unconditionally reset backtrack_state masks on global func exit (bsc#1225903).
- bpf: use check_ids() for active_lock comparison (bsc#1225903).
- bpf: Use scalar ids in mark_chain_precision() (bsc#1225903).
- bpf: verify callbacks as if they are called unknown number of times (bsc#1225903).
- bpf: Verify scalar ids mapping in regsafe() using check_ids() (bsc#1225903).
- bpf: widening for callback iterators (bsc#1225903).
- btrfs: add device major-minor info in the struct btrfs_device (bsc#1227162).
- btrfs: harden identification of a stale device (bsc#1227162).
- btrfs: match stale devices by dev_t (bsc#1227162).
- btrfs: remove the cross file system checks from remap (bsc#1227157).
- btrfs: use dev_t to match device in device_matched (bsc#1227162).
- btrfs: validate device maj:min during open (bsc#1227162).
- bytcr_rt5640 : inverse jack detect for Archos 101 cesium (stable-fixes).
- cachefiles: add output string to cachefiles_obj_[get|put]_ondemand_fd (git-fixes).
- can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct (git-fixes).
- can: kvaser_usb: fix return value for hif_usb_send_regout (stable-fixes).
- ceph: fix incorrect kmalloc size of pagevec mempool (bsc#1228418).
- cgroup/cpuset: Prevent UAF in proc_cpuset_show() (bsc#1228801).
- checkpatch: really skip LONG_LINE_* when LONG_LINE is ignored (git-fixes).
- crypto: aead,cipher - zeroize key buffer after use (stable-fixes).
- crypto: ecdh - explicitly zeroize private_key (stable-fixes).
- crypto: ecdsa - Fix the public key format description (git-fixes).
- crypto: hisilicon/sec - Fix memory leak for sec resource release (stable-fixes).
- csky: ftrace: Drop duplicate implementation of arch_check_ftrace_location() (git-fixes).
- decompress_bunzip2: fix rare decompression failure (git-fixes).
- devres: Fix devm_krealloc() wasting memory (git-fixes).
- devres: Fix memory leakage caused by driver API devm_free_percpu() (git-fixes).
- dma: fix call order in dmam_free_coherent (git-fixes).
- docs: crypto: async-tx-api: fix broken code example (git-fixes).
- docs: Fix formatting of literal sections in fanotify docs (stable-fixes).
- drm/amd/amdgpu: Fix style errors in amdgpu_drv.c & amdgpu_device.c (stable-fixes).
- drm/amd/display: Account for cursor prefetch BW in DML1 mode support (stable-fixes).
- drm/amd/display: Check for NULL pointer (stable-fixes).
- drm/amd/display: Check index msg_id before read or write (stable-fixes).
- drm/amd/display: Check pipe offset before setting vblank (stable-fixes).
- drm/amd/display: Skip finding free audio for unknown engine_id (stable-fixes).
- drm/amdgpu/atomfirmware: fix parsing of vram_info (stable-fixes).
- drm/amdgpu/atomfirmware: silence UBSAN warning (stable-fixes).
- drm/amdgpu: avoid using null object of framebuffer (stable-fixes).
- drm/amdgpu: Check if NBIO funcs are NULL in amdgpu_device_baco_exit (git-fixes).
- drm/amdgpu: Fix pci state save during mode-1 reset (git-fixes).
- drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() (git-fixes).
- drm/amdgpu: fix uninitialized scalar variable warning (stable-fixes).
- drm/amdgpu: Fix uninitialized variable warnings (stable-fixes).
- drm/amdgpu: Initialize timestamp for some legacy SOCs (stable-fixes).
- drm/amdgpu: Remove GC HW IP 9.3.0 from noretry=1 (git-fixes).
- drm/amd/pm: Fix aldebaran pcie speed reporting (git-fixes).
- drm/amd/pm: remove logically dead code for renoir (git-fixes).
- drm/dp_mst: Fix all mstb marked as not probed after suspend/resume (git-fixes).
- drm/etnaviv: do not block scheduler when GPU is still active (stable-fixes).
- drm/etnaviv: fix DMA direction handling for cached RW buffers (git-fixes).
- drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes (git-fixes).
- drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes (git-fixes).
- drm/i915/gt: Do not consider preemption during execlists_dequeue for gen8 (git-fixes).
- drm/lima: fix shared irq handling on driver remove (stable-fixes).
- drm/lima: Mark simple_ondemand governor as softdep (git-fixes).
- drm/mediatek: Add OVL compatible name for MT8195 (git-fixes).
- drm/meson: fix canvas release in bind function (git-fixes).
- drm/mgag200: Bind I2C lifetime to DRM device (git-fixes).
- drm/mgag200: Set DDC timeout in milliseconds (git-fixes).
- drm/mipi-dsi: Fix mipi_dsi_dcs_write_seq() macro definition format (stable-fixes).
- drm/mipi-dsi: Fix theoretical int overflow in mipi_dsi_dcs_write_seq() (git-fixes).
- drm/msm/dpu: drop validity checks for clear_pending_flush() ctl op (git-fixes).
- drm/msm/mdp5: Remove MDP_CAP_SRC_SPLIT from msm8x53_config (git-fixes).
- drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes (stable-fixes).
- drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes (stable-fixes).
- drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes (git-fixes).
- drm/nouveau: prime: fix refcount underflow (git-fixes).
- drm/panel: boe-tv101wum-nl6: Check for errors on the NOP in prepare() (git-fixes).
- drm/panel: boe-tv101wum-nl6: If prepare fails, disable GPIO before regulators (git-fixes).
- drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for Valve Galileo (stable-fixes).
- drm/panfrost: Mark simple_ondemand governor as softdep (git-fixes).
- drm/qxl: Add check for drm_cvt_mode (git-fixes).
- drm/radeon: check bo_va->bo is non-NULL before using it (stable-fixes).
- drm/radeon/radeon_display: Decrease the size of allocated memory (stable-fixes).
- drm/vmwgfx: Fix a deadlock in dma buf fence polling (git-fixes).
- drm/vmwgfx: Fix missing HYPERVISOR_GUEST dependency (stable-fixes).
- drm/vmwgfx: Fix overlay when using Screen Targets (git-fixes).
- eeprom: digsy_mtc: Fix 93xx46 driver probe failure (git-fixes).
- exfat: check if cluster num is valid (git-fixes).
- exfat: simplify is_valid_cluster() (git-fixes).
- filelock: add a new locks_inode_context accessor function (git-fixes).
- firmware: cs_dsp: Fix overflow checking of wmfw header (git-fixes).
- firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers (git-fixes).
- firmware: cs_dsp: Return error if block header overflows file (git-fixes).
- firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files (git-fixes).
- firmware: cs_dsp: Validate payload length before processing block (git-fixes).
- firmware: dmi: Stop decoding on broken entry (stable-fixes).
- firmware: turris-mox-rwtm: Do not complete if there are no waiters (git-fixes).
- firmware: turris-mox-rwtm: Fix checking return value of wait_for_completion_timeout() (git-fixes).
- firmware: turris-mox-rwtm: Initialize completion before mailbox (git-fixes).
- fix build warning
- fs: allow cross-vfsmount reflink/dedupe (bsc#1227157).
- ftrace: Fix possible use-after-free issue in ftrace_location() (git-fixes).
- fuse: verify {g,u}id mount options correctly (bsc#1228191).
- gpio: mc33880: Convert comma to semicolon (git-fixes).
- hfsplus: fix to avoid false alarm of circular locking (git-fixes).
- hfsplus: fix uninit-value in copy_name (git-fixes).
- HID: Add quirk for Logitech Casa touchpad (stable-fixes).
- HID: wacom: Modify pen IDs (git-fixes).
- hpet: Support 32-bit userspace (git-fixes).
- hwmon: (adt7475) Fix default duty on fan is disabled (git-fixes).
- hwmon: (max6697) Fix swapped temp{1,8} critical alarms (git-fixes).
- hwmon: (max6697) Fix underflow when writing limit attributes (git-fixes).
- i2c: mark HostNotify target address as used (git-fixes).
- i2c: rcar: bring hardware to known state when probing (git-fixes).
- i2c: tegra: Fix failure during probe deferral cleanup (git-fixes)
- i2c: tegra: Share same DMA channel for RX and TX (bsc#1227661)
- i2c: testunit: avoid re-issued work after read message (git-fixes).
- i2c: testunit: correct Kconfig description (git-fixes).
- Input: elan_i2c - do not leave interrupt disabled on suspend failure (git-fixes).
- Input: elantech - fix touchpad state on resume for Lenovo N24 (stable-fixes).
- Input: ff-core - prefer struct_size over open coded arithmetic (stable-fixes).
- Input: qt1050 - handle CHIP_ID reading error (git-fixes).
- Input: silead - Always support 10 fingers (stable-fixes).
- intel_th: pci: Add Granite Rapids SOC support (stable-fixes).
- intel_th: pci: Add Granite Rapids support (stable-fixes).
- intel_th: pci: Add Lunar Lake support (stable-fixes).
- intel_th: pci: Add Meteor Lake-S support (stable-fixes).
- intel_th: pci: Add Sapphire Rapids SOC support (stable-fixes).
- iommu/arm-smmu-v3: Free MSIs in case of ENOMEM (git-fixes).
- ionic: clean interrupt before enabling queue to avoid credit race (git-fixes).
- jffs2: Fix potential illegal address access in jffs2_free_inode (git-fixes).
- jfs: Fix array-index-out-of-bounds in diFree (git-fixes).
- jfs: xattr: fix buffer overflow for invalid xattr (bsc#1227383).
- kABI: bpf: bpf_reg_state reorganization kABI workaround (bsc#1225903).
- kABI: bpf: callback fixes kABI workaround (bsc#1225903).
- kABI: bpf: struct bpf_{idmap,idset} kABI workaround (bsc#1225903).
- kABI: bpf: tmp_str_buf kABI workaround (bsc#1225903).
- kABI: rtas: Workaround false positive due to lost definition (bsc#1227487).
- kabi/severities: ignore kABI for FireWire sound local symbols (bsc#1208783)
- kabi/severities: Ignore tpm_tis_core_init (bsc#1082555).
- kabi/severity: add nvme common code The nvme common code is also allowed to change the data structures, there are only internal users.
- kabi: Use __iowriteXX_copy_inlined for in-kernel modules (bsc#1226502)
- kernel-binary: vdso: Own module_dir
- kernel/sched: Remove dl_boosted flag comment (git fixes (sched)).
- knfsd: LOOKUP can return an illegal error value (git-fixes).
- kobject_uevent: Fix OOB access within zap_modalias_env() (git-fixes).
- kprobes: Make arch_check_ftrace_location static (git-fixes).
- KVM: nVMX: Clear EXIT_QUALIFICATION when injecting an EPT Misconfig (git-fixes).
- KVM: PPC: Book3S HV: Fix "rm_exit" entry in debugfs timings (bsc#1194869).
- KVM: PPC: Book3S HV: Fix the set_one_reg for MMCR3 (bsc#1194869).
- KVM: PPC: Book3S HV Nested: L2 LPCR should inherit L1 LPES setting (bsc#1194869).
- KVM: PPC: Book3S HV: remove extraneous asterisk from rm_host_ipi_action() comment (bsc#1194869).
- KVM: PPC: Book3S: Suppress failed alloc warning in H_COPY_TOFROM_GUEST (bsc#1194869).
- KVM: PPC: Book3S: Suppress warnings when allocating too big memory slots (bsc#1194869).
- KVM: s390: fix LPSWEY handling (bsc#1227635 git-fixes).
- KVM: SVM: Process ICR on AVIC IPI delivery failure due to invalid target (git-fixes).
- KVM: VMX: Report up-to-date exit qualification to userspace (git-fixes).
- KVM: x86: Add IBPB_BRTYPE support (bsc#1228079).
- KVM: x86: Always sync PIR to IRR prior to scanning I/O APIC routes (git-fixes).
- KVM: x86: Bail from kvm_recalculate_phys_map() if x2APIC ID is out-of-bounds (git-fixes).
- KVM: x86: Disable APIC logical map if logical ID covers multiple MDAs (git-fixes).
- KVM: x86: Disable APIC logical map if vCPUs are aliased in logical mode (git-fixes).
- KVM: x86: Do not advertise guest.MAXPHYADDR as host.MAXPHYADDR in CPUID (git-fixes).
- KVM: x86: Explicitly skip optimized logical map setup if vCPU's LDR==0 (git-fixes).
- KVM: x86: Explicitly track all possibilities for APIC map's logical modes (git-fixes).
- KVM: x86: Fix broken debugregs ABI for 32 bit kernels (git-fixes).
- KVM: x86: Fix KVM_GET_MSRS stack info leak (git-fixes).
- KVM: x86: Honor architectural behavior for aliased 8-bit APIC IDs (git-fixes).
- KVM: x86: Purge "highest ISR" cache when updating APICv state (git-fixes).
- KVM: x86: Save/restore all NMIs when multiple NMIs are pending (git-fixes).
- KVM: x86: Skip redundant x2APIC logical mode optimized cluster setup (git-fixes).
- leds: ss4200: Convert PCIBIOS_* return codes to errnos (git-fixes).
- leds: triggers: Flush pending brightness before activating trigger (git-fixes).
- leds: trigger: Unregister sysfs attributes before calling deactivate() (git-fixes).
- libceph: fix race between delayed_work() and ceph_monc_stop() (bsc#1228190).
- lib: objagg: Fix general protection fault (git-fixes).
- lib: objagg: Fix spelling (git-fixes).
- lib: test_objagg: Fix spelling (git-fixes).
- lockd: set missing fl_flags field when retrieving args (git-fixes).
- lockd: use locks_inode_context helper (git-fixes).
- Make AMD_HSMP=m and mark it unsupported in supported.conf (jsc#PED-8582)
- media: dvb: as102-fe: Fix as10x_register_addr packing (stable-fixes).
- media: dvbdev: Initialize sbuf (stable-fixes).
- media: dvb-frontends: tda10048: Fix integer overflow (stable-fixes).
- media: dvb-frontends: tda18271c2dd: Remove casting during div (stable-fixes).
- media: dvb-usb: dib0700_devices: Add missing release_firmware() (stable-fixes).
- media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control() (git-fixes).
- media: dw2102: Do not translate i2c read into write (stable-fixes).
- media: dw2102: fix a potential buffer overflow (git-fixes).
- media: imon: Fix race getting ictx->lock (git-fixes).
- media: s2255: Use refcount_t instead of atomic_t for num_channels (stable-fixes).
- media: uvcvideo: Fix integer overflow calculating timestamp (git-fixes).
- media: uvcvideo: Override default flags (git-fixes).
- media: venus: fix use after free in vdec_close (git-fixes).
- media: venus: flush all buffers in output plane streamoff (git-fixes).
- mei: demote client disconnect warning on suspend to debug (stable-fixes).
- mfd: omap-usb-tll: Use struct_size to allocate tll (git-fixes).
- mtd: partitions: redboot: Added conversion of operands to a larger type (stable-fixes).
- net/dcb: check for detached device before executing callbacks (bsc#1215587).
- netfilter: conntrack: ignore overly delayed tcp packets (bsc#1223180).
- netfilter: conntrack: prepare tcp_in_window for ternary return value (bsc#1223180).
- netfilter: conntrack: remove pr_debug callsites from tcp tracker (bsc#1223180).
- netfilter: conntrack: work around exceeded receive window (bsc#1223180).
- netfs, fscache: export fscache_put_volume() and add fscache_try_get_volume() (bsc#1228459 bsc#1228462).
- net: mana: Fix possible double free in error handling path (git-fixes).
- net: mana: Fix the extra HZ in mana_hwc_send_request (git-fixes).
- net: usb: qmi_wwan: add Telit FN912 compositions (git-fixes).
- net: usb: sr9700: fix uninitialized variable use in sr_mdio_read (git-fixes).
- nfc/nci: Add the inconsistency check between the input data length and count (stable-fixes).
- NFSD: Add an nfsd_file_fsync tracepoint (git-fixes).
- NFSD: Add an NFSD_FILE_GC flag to enable nfsd_file garbage collection (git-fixes).
- nfsd: Add errno mapping for EREMOTEIO (git-fixes).
- NFSD: Add nfsd_file_lru_dispose_list() helper (git-fixes).
- nfsd: add some comments to nfsd_file_do_acquire (git-fixes).
- nfsd: allow nfsd_file_get to sanely handle a NULL pointer (git-fixes).
- nfsd: allow reaping files still under writeback (git-fixes).
- NFSD: Avoid calling fh_drop_write() twice in do_nfsd_create() (git-fixes).
- NFSD: Clean up nfsd3_proc_create() (git-fixes).
- nfsd: Clean up nfsd_file_put() (git-fixes).
- NFSD: Clean up nfsd_open_verified() (git-fixes).
- NFSD: Clean up unused code after rhashtable conversion (git-fixes).
- NFSD: Convert filecache to rhltable (git-fixes).
- NFSD: Convert the filecache to use rhashtable (git-fixes).
- NFSD: De-duplicate hash bucket indexing (git-fixes).
- nfsd: do not free files unconditionally in __nfsd_file_cache_purge (git-fixes).
- nfsd: do not fsync nfsd_files on last close (git-fixes).
- nfsd: do not hand out delegation on setuid files being opened for write (git-fixes).
- nfsd: do not kill nfsd_files because of lease break error (git-fixes).
- nfsd: Do not leave work of closing files to a work queue (bsc#1228140).
- nfsd: do not take/put an extra reference when putting a file (git-fixes).
- NFSD enforce filehandle check for source file in COPY (git-fixes).
- NFSD: Ensure nf_inode is never dereferenced (git-fixes).
- nfsd: fix handling of cached open files in nfsd4_open codepath (git-fixes).
- NFSD: Fix licensing header in filecache.c (git-fixes).
- nfsd: fix net-namespace logic in __nfsd_file_cache_purge (git-fixes).
- nfsd: fix nfsd_file_unhash_and_dispose (git-fixes).
- NFSD: Fix potential use-after-free in nfsd_file_put() (git-fixes).
- NFSD: Fix problem of COMMIT and NFS4ERR_DELAY in infinite loop (git-fixes).
- NFSD: Fix the filecache LRU shrinker (git-fixes).
- nfsd: fix up the filecache laundrette scheduling (git-fixes).
- nfsd: fix use-after-free in nfsd_file_do_acquire tracepoint (git-fixes).
- NFSD: Flesh out a documenting comment for filecache.c (git-fixes).
- NFSD: handle errors better in write_ports_addfd() (git-fixes).
- NFSD: Instantiate a struct file when creating a regular NFSv4 file (git-fixes).
- NFSD: Leave open files out of the filecache LRU (git-fixes).
- nfsd: map EBADF (git-fixes).
- NFSD: Move nfsd_file_trace_alloc() tracepoint (git-fixes).
- NFSD: nfsd_file_hash_remove can compute hashval (git-fixes).
- nfsd: NFSD_FILE_KEY_INODE only needs to find GC'ed entries (git-fixes).
- NFSD: nfsd_file_put() can sleep (git-fixes).
- NFSD: nfsd_file_unhash can compute hashval from nf->nf_inode (git-fixes).
- NFSD: No longer record nf_hashval in the trace log (git-fixes).
- NFSD: Pass the target nfsd_file to nfsd_commit() (git-fixes).
- nfsd: put the export reference in nfsd4_verify_deleg_dentry (git-fixes).
- NFSD: Record number of flush calls (git-fixes).
- NFSD: Refactor nfsd_create_setattr() (git-fixes).
- NFSD: Refactor __nfsd_file_close_inode() (git-fixes).
- NFSD: Refactor nfsd_file_gc() (git-fixes).
- NFSD: Refactor nfsd_file_lru_scan() (git-fixes).
- NFSD: Refactor NFSv3 CREATE (git-fixes).
- NFSD: Refactor NFSv4 OPEN(CREATE) (git-fixes).
- NFSD: Remove do_nfsd_create() (git-fixes).
- NFSD: Remove lockdep assertion from unhash_and_release_locked() (git-fixes).
- NFSD: Remove nfsd_file::nf_hashval (git-fixes).
- nfsd: remove the pages_flushed statistic from filecache (git-fixes).
- nfsd: reorganize filecache.c (git-fixes).
- NFSD: Replace the "init once" mechanism (git-fixes).
- NFSD: Report average age of filecache items (git-fixes).
- NFSD: Report count of calls to nfsd_file_acquire() (git-fixes).
- NFSD: Report count of freed filecache items (git-fixes).
- NFSD: Report filecache LRU size (git-fixes).
- NFSD: Report the number of items evicted by the LRU walk (git-fixes).
- nfsd: Retry once in nfsd_open on an -EOPENSTALE return (git-fixes).
- nfsd: rework hashtable handling in nfsd_do_file_acquire (git-fixes).
- nfsd: rework refcounting in filecache (git-fixes).
- NFSD: Separate tracepoints for acquire and create (git-fixes).
- NFSD: Set up an rhashtable for the filecache (git-fixes).
- nfsd: silence extraneous printk on nfsd.ko insertion (git-fixes).
- NFSD: simplify per-net file cache management (git-fixes).
- nfsd: simplify test_bit return in NFSD_FILE_KEY_FULL comparator (git-fixes).
- nfsd: simplify the delayed disposal list code (git-fixes).
- NFSD: Trace filecache LRU activity (git-fixes).
- NFSD: Trace filecache opens (git-fixes).
- NFSD: verify the opened dentry after setting a delegation (git-fixes).
- NFSD: WARN when freeing an item still linked via nf_lru (git-fixes).
- NFSD: Write verifier might go backwards (git-fixes).
- NFSD: Zero counters when the filecache is re-initialized (git-fixes).
- NFS: Fix READ_PLUS when server does not support OP_READ_PLUS (git-fixes).
- nfs: fix undefined behavior in nfs_block_bits() (git-fixes).
- nfs: keep server info for remounts (git-fixes).
- nfs: Leave pages in the pagecache if readpage failed (git-fixes).
- NFSv4: Fixup smatch warning for ambiguous return (git-fixes).
- NFSv4.x: by default serialize open/close operations (bsc#1223863 bsc#1227362)
- nilfs2: add missing check for inode numbers on directory entries (git-fixes).
- nilfs2: add missing check for inode numbers on directory entries (stable-fixes).
- nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro (git-fixes).
- nilfs2: convert persistent object allocator to use kmap_local (git-fixes).
- nilfs2: fix incorrect inode allocation from reserved inodes (git-fixes).
- nilfs2: fix inode number range checks (git-fixes).
- nilfs2: fix inode number range checks (stable-fixes).
- nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset (git-fixes).
- nvme-auth: alloc nvme_dhchap_key as single buffer (git-fixes).
- nvme-auth: allow mixing of secret and hash lengths (git-fixes).
- nvme-auth: use transformed key size to create resp (git-fixes).
- nvme: avoid double free special payload (git-fixes).
- nvme: fixup comment for nvme RDMA Provider Type (git-fixes).
- nvme-multipath: find NUMA path only for online numa-node (git-fixes).
- nvme-pci: add missing condition check for existence of mapped data (git-fixes).
- nvme-pci: Fix the instructions for disabling power management (git-fixes).
- nvmet: always initialize cqe.result (git-fixes).
- nvmet-auth: fix nvmet_auth hash error handling (git-fixes).
- nvmet: fix a possible leak when destroy a ctrl during qp establishment (git-fixes).
- nvme: use ctrl state accessor (bsc#1215492).
- ocfs2: fix DIO failure due to insufficient transaction credits (bsc#1216834).
- ocfs2: remove redundant assignment to variable free_space (bsc#1228409).
- ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() (bsc#1228410).
- orangefs: fix out-of-bounds fsid access (git-fixes).
- PCI: Add PCI_ERROR_RESPONSE and related definitions (stable-fixes).
- PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal (git-fixes).
- PCI: Extend ACS configurability (bsc#1228090).
- PCI: Fix resource double counting on remove & rescan (git-fixes).
- PCI: hv: Return zero, not garbage, when reading PCI_INTERRUPT_PIN (git-fixes).
- PCI: Introduce cleanup helpers for device reference counts and locks (git-fixes).
- PCI: Introduce cleanup helpers for device reference counts and locks (stable-fixes).
- PCI: keystone: Do not enable BAR 0 for AM654x (git-fixes).
- PCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs() (git-fixes).
- PCI: keystone: Relocate ks_pcie_set/clear_dbi_mode() (git-fixes).
- PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports (git-fixes).
- PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports (stable-fixes).
- PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio (git-fixes).
- PCI: tegra194: Set EP alignment restriction for inbound ATU (git-fixes).
- pinctrl: core: fix possible memory leak when pinctrl_enable() fails (git-fixes).
- pinctrl: freescale: mxs: Fix refcount of child (git-fixes).
- pinctrl: single: fix possible memory leak when pinctrl_enable() fails (git-fixes).
- pinctrl: ti: ti-iodelay: fix possible memory leak when pinctrl_enable() fails (git-fixes).
- platform/chrome: cros_ec_debugfs: fix wrong EC message version (git-fixes).
- platform/chrome: cros_ec_proto: Lock device when updating MKBP version (git-fixes).
- platform/x86: dell-smbios-base: Use sysfs_emit() (stable-fixes).
- platform/x86: dell-smbios: Fix wrong token data in sysfs (git-fixes).
- platform/x86: lg-laptop: Change ACPI device id (stable-fixes).
- platform/x86: lg-laptop: Remove LGEX0815 hotkey handling (stable-fixes).
- platform/x86: touchscreen_dmi: Add info for GlobalSpace SolT IVW 11.6" tablet (stable-fixes).
- platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro (stable-fixes).
- platform/x86: wireless-hotkey: Add support for LG Airplane Button (stable-fixes).
- powerpc/cpuidle: Set CPUIDLE_FLAG_POLLING for snooze state (bsc#1227121 ltc#207129).
- powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap() (bsc#1194869).
- powerpc/kasan: Disable address sanitization in kexec paths (bsc#1194869).
- powerpc/pseries: Fix scv instruction crash with kexec (bsc#1194869).
- powerpc/rtas: clean up includes (bsc#1227487).
- powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() (bsc#1227487).
- power: supply: cros_usbpd: provide ID table for avoiding fallback match (stable-fixes).
- pwm: stm32: Always do lazy disabling (git-fixes).
- RDMA/cache: Release GID table even if leak is detected (git-fixes)
- RDMA/device: Return error earlier if port in not valid (git-fixes)
- RDMA/hns: Check atomic wr length (git-fixes)
- RDMA/hns: Fix insufficient extend DB for VFs. (git-fixes)
- RDMA/hns: Fix mbx timing out before CMD execution is completed (git-fixes)
- RDMA/hns: Fix missing pagesize and alignment check in FRMR (git-fixes)
- RDMA/hns: Fix shift-out-bounds when max_inline_data is 0 (git-fixes)
- RDMA/hns: Fix soft lockup under heavy CEQE load (git-fixes)
- RDMA/hns: Fix undifined behavior caused by invalid max_sge (git-fixes)
- RDMA/hns: Fix unmatch exception handling when init eq table fails (git-fixes)
- RDMA/iwcm: Fix a use-after-free related to destroying CM IDs (git-fixes)
- RDMA/mana_ib: Ignore optional access flags for MRs (git-fixes).
- RDMA/mlx4: Fix truncated output warning in alias_GUID.c (git-fixes)
- RDMA/mlx4: Fix truncated output warning in mad.c (git-fixes)
- RDMA/mlx5: Set mkeys for dmabuf at PAGE_SIZE (git-fixes)
- RDMA/restrack: Fix potential invalid address access (git-fixes)
- RDMA/rxe: Do not set BTH_ACK_MASK for UC or UD QPs (git-fixes)
- regmap-i2c: Subtract reg size from max_write (stable-fixes).
- Revert "ALSA: firewire-lib: obsolete workqueue for period update" (bsc#1208783).
- Revert "ALSA: firewire-lib: operate for period elapse event in process context" (bsc#1208783).
- Revert "leds: led-core: Fix refcount leak in of_led_get()" (git-fixes).
- Revert "usb: musb: da8xx: Set phy in OTG mode by default" (stable-fixes).
- rpcrdma: fix handling for RDMA_CM_EVENT_DEVICE_REMOVAL (git-fixes).
- rpm/guards: fix precedence issue with control flow operator With perl 5.40 it report the following error on rpm/guards script: Possible precedence issue with control flow operator (exit) at scripts/guards line 208. Fix the issue by adding parenthesis around ternary operator.
- rtc: cmos: Fix return value of nvmem callbacks (git-fixes).
- rtc: interface: Add RTC offset to alarm after fix-up (git-fixes).
- rtc: isl1208: Fix return value of nvmem callbacks (git-fixes).
- rtlwifi: rtl8192de: Style clean-ups (stable-fixes).
- s390: Implement __iowrite32_copy() (bsc#1226502)
- s390: Stop using weak symbols for __iowrite64_copy() (bsc#1226502)
- saa7134: Unchecked i2c_transfer function result fixed (git-fixes).
- sched/fair: Do not balance task to its current running CPU (git fixes (sched)).
- sched: Fix stop_one_cpu_nowait() vs hotplug (git fixes (sched)).
- scsi: lpfc: Allow DEVICE_RECOVERY mode after RSCN receipt if in PRLI_ISSUE state (bsc#1228857).
- scsi: lpfc: Cancel ELS WQE instead of issuing abort when SLI port is inactive (bsc#1228857).
- scsi: lpfc: Fix handling of fully recovered fabric node in dev_loss callbk (bsc#1228857).
- scsi: lpfc: Fix incorrect request len mbox field when setting trunking via sysfs (bsc#1228857).
- scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info (bsc#1228857).
- scsi: lpfc: Relax PRLI issue conditions after GID_FT response (bsc#1228857).
- scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages (bsc#1228857).
- scsi: lpfc: Update lpfc version to 14.4.0.3 (bsc#1228857).
- scsi: qla2xxx: Avoid possible run-time warning with long model_num (bsc#1228850).
- scsi: qla2xxx: Complete command early within lock (bsc#1228850).
- scsi: qla2xxx: Convert comma to semicolon (bsc#1228850).
- scsi: qla2xxx: Drop driver owner assignment (bsc#1228850).
- scsi: qla2xxx: During vport delete send async logout explicitly (bsc#1228850).
- scsi: qla2xxx: Fix debugfs output for fw_resource_count (bsc#1228850).
- scsi: qla2xxx: Fix flash read failure (bsc#1228850).
- scsi: qla2xxx: Fix for possible memory corruption (bsc#1228850).
- scsi: qla2xxx: Fix optrom version displayed in FDMI (bsc#1228850).
- scsi: qla2xxx: Indent help text (bsc#1228850).
- scsi: qla2xxx: Reduce fabric scan duplicate code (bsc#1228850).
- scsi: qla2xxx: Remove unused struct 'scsi_dif_tuple' (bsc#1228850).
- scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for ELS cmds (bsc#1228850).
- scsi: qla2xxx: Unable to act on RSCN for port online (bsc#1228850).
- scsi: qla2xxx: Update version to 10.02.09.300-k (bsc#1228850).
- scsi: qla2xxx: Use QP lock to search for bsg (bsc#1228850).
- scsi: qla2xxx: validate nvme_local_port correctly (bsc#1228850).
- selftests/bpf: Add a selftest for checking subreg equality (bsc#1225903).
- selftests/bpf: add pre bpf_prog_test_run_opts() callback for test_loader (bsc#1225903).
- selftests/bpf: add precision propagation tests in the presence of subprogs (bsc#1225903).
- selftests/bpf: Add pruning test case for bpf_spin_lock (bsc#1225903).
- selftests/bpf: Check if mark_chain_precision() follows scalar ids (bsc#1225903).
- selftests/bpf: check if max number of bpf_loop iterations is tracked (bsc#1225903).
- selftests/bpf: fix __retval() being always ignored (bsc#1225903).
- selftests/bpf: fix unpriv_disabled check in test_verifier (bsc#1225903).
- selftests/bpf: __imm_insn & __imm_const macro for bpf_misc.h (bsc#1225903).
- selftests/bpf: make test_align selftest more robust (bsc#1225903).
- selftests/bpf: populate map_array_ro map for verifier_array_access test (bsc#1225903).
- selftests/bpf: prog_tests entry point for migrated test_verifier tests (bsc#1225903).
- selftests/bpf: Report program name on parse_test_spec error (bsc#1225903).
- selftests/bpf: Support custom per-test flags and multiple expected messages (bsc#1225903).
- selftests/bpf: test case for callback_depth states pruning logic (bsc#1225903).
- selftests/bpf: test case for relaxed prunning of active_lock.id (bsc#1225903).
- selftests/bpf: test cases for regsafe() bug skipping check_id() (bsc#1225903).
- selftests/bpf: Tests execution support for test_loader.c (bsc#1225903).
- selftests/bpf: tests for iterating callbacks (bsc#1225903).
- selftests/bpf: test widening for iterating callbacks (bsc#1225903).
- selftests/bpf: track string payload offset as scalar in strobemeta (bsc#1225903).
- selftests/bpf: Unprivileged tests for test_loader.c (bsc#1225903).
- selftests/bpf: Verify copy_register_state() preserves parent/live fields (bsc#1225903).
- selftests/bpf: verify states_equal() maintains idmap across all frames (bsc#1225903).
- selftests/bpf: Verify that check_ids() is used for scalars in regsafe() (bsc#1225903).
- selftests/sigaltstack: Fix ppc64 GCC build (git-fixes).
- soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message (stable-fixes).
- spi: imx: Do not expect DMA for i.MX{25,35,50,51,53} cspi devices (stable-fixes).
- spi: mux: set ctlr->bits_per_word_mask (stable-fixes).
- string.h: Introduce memtostr() and memtostr_pad() (bsc#1228850).
- SUNRPC: avoid soft lockup when transmitting UDP to reachable server (bsc#1225272).
- SUNRPC: Fix gss_free_in_token_pages() (git-fixes).
- SUNRPC: Fix loop termination condition in gss_free_in_token_pages() (git-fixes).
- sunrpc: fix NFSACL RPC retry on soft mount (git-fixes).
- SUNRPC: return proper error from gss_wrap_req_priv (git-fixes).
- supported.conf:
- tpm: Allow system suspend to continue when TPM suspend fails (bsc#1082555).
- tpm: Prevent hwrng from activating during resume (bsc#1082555).
- tpm_tis: Resend command to recover from data transfer errors (bsc#1082555).
- tpm_tis: Use tpm_chip_{start,stop} decoration inside tpm_tis_resume (bsc#1082555).
- tpm, tpm: Implement usage counter for locality (bsc#1082555).
- tpm, tpm_tis: Avoid cache incoherency in test for interrupts (bsc#1082555).
- tpm, tpm_tis: Claim locality before writing interrupt registers (bsc#1082555).
- tpm, tpm_tis: Claim locality in interrupt handler (bsc#1082555).
- tpm, tpm_tis: Claim locality when interrupts are reenabled on resume (bsc#1082555).
- tpm, tpm_tis: correct tpm_tis_flags enumeration values (bsc#1082555).
- tpm, tpm_tis: Do not skip reset of original interrupt vector (bsc#1082555).
- tpm, tpm_tis: Only handle supported interrupts (bsc#1082555).
- tracing: Build event generation tests only as modules (git-fixes).
- tracing/net_sched: NULL pointer dereference in perf_trace_qdisc_reset() (git-fixes).
- tracing/osnoise: Add osnoise/options file (bsc#1228330)
- tracing/osnoise: Add OSNOISE_WORKLOAD option (bsc#1228330)
- tracing/osnoise: Do not follow tracing_cpumask (bsc#1228330)
- tracing/osnoise: Fix notify new tracing_max_latency (bsc#1228330)
- tracing/osnoise: Make osnoise_instances static (bsc#1228330)
- tracing/osnoise: Split workload start from the tracer start (bsc#1228330)
- tracing/osnoise: Support a list of trace_array *tr (bsc#1228330)
- tracing/osnoise: Use built-in RCU list checking (bsc#1228330)
- tracing/timerlat: Notify new max thread latency (bsc#1228330)
- USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k (stable-fixes).
- usb: cdns3: allocate TX FIFO size according to composite EP number (git-fixes).
- usb: cdns3: fix incorrect calculation of ep_buf_size when more than one config (git-fixes).
- usb: cdns3: fix iso transfer error when mult is not zero (git-fixes).
- usb: cdns3: improve handling of unaligned address case (git-fixes).
- usb: cdns3: optimize OUT transfer by copying only actual received data (git-fixes).
- usb: cdns3: skip set TRB_IOC when usb_request: no_interrupt is true (git-fixes).
- USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor (git-fixes).
- usb: dwc3: gadget: Do not delay End Transfer on delayed_status (git-fixes).
- usb: dwc3: gadget: Force sending delayed status during soft disconnect (git-fixes).
- usb: dwc3: gadget: Synchronize IRQ between soft connect/disconnect (git-fixes).
- usb: gadget: call usb_gadget_check_config() to verify UDC capability (git-fixes).
- usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() (stable-fixes).
- usb: gadget: printer: SS+ support (stable-fixes).
- usb: misc: uss720: check for incompatible versions of the Belkin F5U002 (stable-fixes).
- USB: serial: mos7840: fix crash on resume (git-fixes).
- USB: serial: option: add Fibocom FM350-GL (stable-fixes).
- USB: serial: option: add Netprisma LCUK54 series modules (stable-fixes).
- USB: serial: option: add Rolling RW350-GL variants (stable-fixes).
- USB: serial: option: add support for Foxconn T99W651 (stable-fixes).
- USB: serial: option: add Telit FN912 rmnet compositions (stable-fixes).
- USB: serial: option: add Telit generic core-dump composition (stable-fixes).
- usb: typec: tcpm: clear pd_event queue in PORT_RESET (git-fixes).
- usb: xhci-plat: Do not include xhci.h (git-fixes).
- USB: xhci-plat: fix legacy PHY double init (git-fixes).
- wifi: ath11k: fix wrong handling of CCMP256 and GCMP ciphers (git-fixes).
- wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device (git-fixes).
- wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he() (git-fixes).
- wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() (git-fixes).
- wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values (git-fixes).
- wifi: cfg80211: wext: add extra SIOCSIWSCAN data check (stable-fixes).
- wifi: iwlwifi: mvm: d3: fix WoWLAN command version lookup (stable-fixes).
- wifi: iwlwifi: mvm: Handle BIGTK cipher in kek_kck cmd (stable-fixes).
- wifi: iwlwifi: mvm: properly set 6 GHz channel direct probe option (stable-fixes).
- wifi: mac80211: disable softirqs for queued frame handling (git-fixes).
- wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan() (stable-fixes).
- wifi: mac80211: handle tasklet frames before stopping (stable-fixes).
- wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata (stable-fixes).
- wifi: mt76: replace skb_put with skb_put_zero (stable-fixes).
- wifi: mwifiex: Fix interface type change (git-fixes).
- wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter() (git-fixes).
- wifi: wilc1000: fix ies_len type in connect path (git-fixes).
- workqueue: Improve scalability of workqueue watchdog touch (bsc#1193454).
- workqueue: wq_watchdog_touch is always called with valid CPU (bsc#1193454).
- x86/amd_nb: Use Family 19h Models 60h-7Fh Function 4 IDs (git-fixes).
- x86/apic: Force native_apic_mem_read() to use the MOV instruction (git-fixes).
- x86/bhi: Avoid warning in #DB handler due to BHI mitigation (git-fixes).
- x86/bugs: Remove default case for fully switched enums (bsc#1227900).
- x86/fpu: Fix AMD X86_BUG_FXSAVE_LEAK fixup (git-fixes).
- x86/ibt,ftrace: Search for __fentry__ location (git-fixes).
- x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6 (git-fixes).
- x86/mm: Allow guest.enc_status_change_prepare() to fail (git-fixes).
- x86/mm: Fix enc_status_change_finish_noop() (git-fixes).
- x86/purgatory: Switch to the position-independent small code model (git-fixes).
- x86/srso: Move retbleed IBPB check into existing 'has_microcode' code block (bsc#1227900).
- x86/srso: Remove 'pred_cmd' label (bsc#1227900).
- x86: Stop using weak symbols for __iowrite32_copy() (bsc#1226502)
- x86/tdx: Fix race between set_memory_encrypted() and load_unaligned_zeropad() (git-fixes).
- xfs: Add cond_resched to block unmap range and reflink remap path (bsc#1228226).
- xhci: Apply broken streams quirk to Etron EJ188 xHCI host (stable-fixes).
- xhci: Apply reset resume quirk to Etron EJ188 xHCI host (stable-fixes).
- xhci: Set correct transferred length for cancelled bulk transfers (stable-fixes).
kernel-rt-5.14.21-150500.13.64.1.nosrc.rpm
True
kernel-rt-5.14.21-150500.13.64.1.x86_64.rpm
True
openSUSE-Leap-Micro-5.5-2024-2996
Recommended update for cloud-regionsrv-client
important
SUSE Updates openSUSE-Leap-Micro 5.5
This update for cloud-regionsrv-client fixes the following issues:
- Fix docker.service fail to start in Public Cloud providers. (bsc#1229137)
+ The entry for the update infrastructure registry mirror was written
incorrectly causing docker daemon startup to fail.
cloud-regionsrv-client-10.3.0-150300.13.6.1.src.rpm
cloud-regionsrv-client-10.3.0-150300.13.6.1.x86_64.rpm
cloud-regionsrv-client-addon-azure-1.0.5-150300.13.6.1.noarch.rpm
cloud-regionsrv-client-generic-config-1.0.0-150300.13.6.1.x86_64.rpm
cloud-regionsrv-client-plugin-azure-2.0.0-150300.13.6.1.x86_64.rpm
cloud-regionsrv-client-plugin-ec2-1.0.4-150300.13.6.1.x86_64.rpm
cloud-regionsrv-client-plugin-gce-1.0.0-150300.13.6.1.x86_64.rpm
cloud-regionsrv-client-10.3.0-150300.13.6.1.aarch64.rpm
cloud-regionsrv-client-generic-config-1.0.0-150300.13.6.1.aarch64.rpm
cloud-regionsrv-client-plugin-azure-2.0.0-150300.13.6.1.aarch64.rpm
cloud-regionsrv-client-plugin-ec2-1.0.4-150300.13.6.1.aarch64.rpm
cloud-regionsrv-client-plugin-gce-1.0.0-150300.13.6.1.aarch64.rpm