SUSE-SLE-Module-Basesystem-15-SP4-2023-336 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for jasper fixes the following issues: - CVE-2021-27845: Fixed divide-by-zery issue in cp_create() (bsc#1188437). jasper-2.0.14-3.22.1.src.rpm libjasper4-2.0.14-3.22.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2706 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for postgresql fixes the following issues: - Fix the pg_server_requires macro on older rpm versions (SLE-12) - Avoid a dependency on awk in postgresql-script. - Move the dependency of llvmjit-devel on clang and llvm to the implementation packages where we can depend on the correct versions. - Fix postgresql_has_llvm usage - First round of changes to make it easier to build extensions for - add postgresql-llvmjit-devel subpackage: This package will pull in clang and llvm if the distro has a recent enough version, otherwise it will just pull postgresql-server-devel. - add postgresql macros to the postgresql-server-devel package those cover all the variables from pg_config and some macros to remove repitition from the spec files - Bump version to 14. (bsc#1195680) postgresql-14-150400.4.3.88.noarch.rpm postgresql-14-150400.4.3.88.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2294 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). expat-2.4.4-150400.3.6.9.src.rpm expat-2.4.4-150400.3.6.9.x86_64.rpm libexpat-devel-2.4.4-150400.3.6.9.x86_64.rpm libexpat1-2.4.4-150400.3.6.9.x86_64.rpm libexpat1-32bit-2.4.4-150400.3.6.9.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2763 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for sssd fixes the following issues: - CVE-2021-3621: Fixed shell command injection in sssctl via the logs-fetch and cache-expire subcommand (bsc#1189492). - Add 'ldap_ignore_unreadable_references' parameter to skip unreadable objects referenced by 'member' attributte (bsc#1190775) - Fix 32-bit libraries package. Libraries were moved from sssd to sssd-common but baselibs.conf was not updated accordingly (bsc#1182058, bsc#1196166) - Remove caches only when performing a package downgrade. The sssd daemon takes care of upgrading the database format when necessary (bsc#1195552) libipa_hbac-devel-2.5.2-150400.4.5.14.x86_64.rpm libipa_hbac0-2.5.2-150400.4.5.14.x86_64.rpm libsss_certmap-devel-2.5.2-150400.4.5.14.x86_64.rpm libsss_certmap0-2.5.2-150400.4.5.14.x86_64.rpm libsss_idmap-devel-2.5.2-150400.4.5.14.x86_64.rpm libsss_idmap0-2.5.2-150400.4.5.14.x86_64.rpm libsss_nss_idmap-devel-2.5.2-150400.4.5.14.x86_64.rpm libsss_nss_idmap0-2.5.2-150400.4.5.14.x86_64.rpm libsss_simpleifp-devel-2.5.2-150400.4.5.14.x86_64.rpm libsss_simpleifp0-2.5.2-150400.4.5.14.x86_64.rpm python3-sssd-config-2.5.2-150400.4.5.14.x86_64.rpm sssd-2.5.2-150400.4.5.14.src.rpm sssd-2.5.2-150400.4.5.14.x86_64.rpm sssd-ad-2.5.2-150400.4.5.14.x86_64.rpm sssd-common-2.5.2-150400.4.5.14.x86_64.rpm sssd-dbus-2.5.2-150400.4.5.14.x86_64.rpm sssd-ipa-2.5.2-150400.4.5.14.x86_64.rpm sssd-kcm-2.5.2-150400.4.5.14.x86_64.rpm sssd-krb5-2.5.2-150400.4.5.14.x86_64.rpm sssd-krb5-common-2.5.2-150400.4.5.14.x86_64.rpm sssd-ldap-2.5.2-150400.4.5.14.x86_64.rpm sssd-proxy-2.5.2-150400.4.5.14.x86_64.rpm sssd-tools-2.5.2-150400.4.5.14.x86_64.rpm sssd-winbind-idmap-2.5.2-150400.4.5.14.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3296 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for nss_synth fixes the following issues: - Support running 389-ds with bare uid/gid (non-root) in containers. (jsc#SLE-22585) nss_synth-0.1.0~git0.7c23049-150400.9.5.1.src.rpm nss_synth-0.1.0~git0.7c23049-150400.9.5.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-1923 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for kernel-firmware fixes the following issues: Update to version 20220411 (git commit f219d616f42b, bsc#1199459): - CVE-2021-26373, CVE-2021-26347, CVE-2021-26376, CVE-2021-26350, CVE-2021-26375, CVE-2021-26378, CVE-2021-26372, CVE-2021-26339, CVE-2021-26348, CVE-2021-26342, CVE-2021-26388, CVE-2021-26349, CVE-2021-26364, CVE-2021-26312: Update AMD cpu microcode Update to version 20220309 (git commit cd01f857da28, bsc#1199470): - CVE-2021-46744: Ciphertext Side Channels on AMD SEV Update Intel Bluetooth firmware (INTEL-SA-00604, bsc#1195786): - CVE-2021-33139, CVE-2021-33155: Improper conditions check in the firmware for some Intel Wireless Bluetooth and Killer Bluetooth products may allow an authenticated user to potentially cause denial of service via adjacent access. kernel-firmware-20220509-150400.4.5.1.src.rpm True kernel-firmware-all-20220509-150400.4.5.1.noarch.rpm True kernel-firmware-amdgpu-20220509-150400.4.5.1.noarch.rpm True kernel-firmware-ath10k-20220509-150400.4.5.1.noarch.rpm True kernel-firmware-ath11k-20220509-150400.4.5.1.noarch.rpm True kernel-firmware-atheros-20220509-150400.4.5.1.noarch.rpm True kernel-firmware-bluetooth-20220509-150400.4.5.1.noarch.rpm True kernel-firmware-bnx2-20220509-150400.4.5.1.noarch.rpm True kernel-firmware-brcm-20220509-150400.4.5.1.noarch.rpm True kernel-firmware-chelsio-20220509-150400.4.5.1.noarch.rpm True kernel-firmware-dpaa2-20220509-150400.4.5.1.noarch.rpm True kernel-firmware-i915-20220509-150400.4.5.1.noarch.rpm True kernel-firmware-intel-20220509-150400.4.5.1.noarch.rpm True kernel-firmware-iwlwifi-20220509-150400.4.5.1.noarch.rpm True kernel-firmware-liquidio-20220509-150400.4.5.1.noarch.rpm True kernel-firmware-marvell-20220509-150400.4.5.1.noarch.rpm True kernel-firmware-media-20220509-150400.4.5.1.noarch.rpm True kernel-firmware-mediatek-20220509-150400.4.5.1.noarch.rpm True kernel-firmware-mellanox-20220509-150400.4.5.1.noarch.rpm True kernel-firmware-mwifiex-20220509-150400.4.5.1.noarch.rpm True kernel-firmware-network-20220509-150400.4.5.1.noarch.rpm True kernel-firmware-nfp-20220509-150400.4.5.1.noarch.rpm True kernel-firmware-nvidia-20220509-150400.4.5.1.noarch.rpm True kernel-firmware-platform-20220509-150400.4.5.1.noarch.rpm True kernel-firmware-prestera-20220509-150400.4.5.1.noarch.rpm True kernel-firmware-qcom-20220509-150400.4.5.1.noarch.rpm True kernel-firmware-qlogic-20220509-150400.4.5.1.noarch.rpm True kernel-firmware-radeon-20220509-150400.4.5.1.noarch.rpm True kernel-firmware-realtek-20220509-150400.4.5.1.noarch.rpm True kernel-firmware-serial-20220509-150400.4.5.1.noarch.rpm True kernel-firmware-sound-20220509-150400.4.5.1.noarch.rpm True kernel-firmware-ti-20220509-150400.4.5.1.noarch.rpm True kernel-firmware-ueagle-20220509-150400.4.5.1.noarch.rpm True kernel-firmware-usb-network-20220509-150400.4.5.1.noarch.rpm True ucode-amd-20220509-150400.4.5.1.noarch.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2022-2088 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for firewalld fixes the following issues: - Fixes setting the default zone to external during installation problem (bsc#1191837) firewalld-0.9.3-150400.8.3.19.noarch.rpm firewalld-0.9.3-150400.8.3.19.src.rpm firewalld-lang-0.9.3-150400.8.3.19.noarch.rpm python3-firewall-0.9.3-150400.8.3.19.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-1827 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for xf86-video-vesa fixes the following issues: - Disallow vesa driver on the system with simpledrmfb (bsc#1193539): xf86-video-vesa-2.4.0-150100.5.3.1.src.rpm xf86-video-vesa-2.4.0-150100.5.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2926 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This feature update for LibreOffice provides the following fixes: abseil-cpp: - Provide abseil-cpp version 20211102.0 as LibreOffice 7.3 dependency. (jsc#SLE-23447) - Mention already fixed issues. (fate#326485, bsc#1041090) libcuckoo: - Provide libcuckoo version 0.3 as LibreOffice dependency. (jsc#SLE-23447) libixion: - Update libixion from version 0.16.1 to version 0.17.0. (jsc#SLE-23447) - Build with mdds-2_0 instead of mdds-1.5. (jsc#SLE-23447) - Build with gcc11 and gcc11-c++. (jsc#SLE-23447) - Remove unneeded vulkan dependency - Provide binaries for non x86_64 architectures directly to SUSE Package Hub. (ijsc#MSC-303) libreoffice: - Update LibreOffice from version 7.2.5.1 to version 7.3.3.1. (jsc#SLE-23447, jsc#SLE-24021) * Update bundled dependencies: * gpgme from version 1.13.1 to version 1.16.0 * libgpg-error from version 1.37 to version 1.43 * libassuan from version 2.5.3 to version 2.5.5 * pdfium from version 4500 to version 4699 * skia from version m90-45c57e116ee0ce214bdf78405a4762722e4507d9 to version m97-a7230803d64ae9d44f4e1282444801119a3ae967 * boost from version 1_75 to version 1_77 * icu4c from version 69_1 to version 70_1 * On SUSE Linux Enterprise 15 SP3 and newer require curl-devel 7.68.0 or newer * New build dependencies: * abseil-cpp-devel * libassuan0 * libcuckoo-devel * libopenjp2 * requrire liborcus-0.17 instead of liborcus-0.16 * requrire mdds-2.0 instead of mdds-1.5 * Do not use serf-1 anymore but use curl instead. * Other fixes: * Extraneous/missing lines in table in Impress versus PowerPoint (bsc#1192616) * Text with tabs appears quite different in Impress than in PowerPoint (bsc#1196212) * Bullets appear larger and green instead of black. (bsc#1195881) * Enable gtk3_kde5 and make it possible to use gtk3 in kde with the kde filepicker (bsc#1197017) * Mention already fixed issues. (bsc#1183308, bsc#1196017, bsc#1196499) liborcus: - Update liborcus from version 0.16.1 to version 0.17.2. (jsc#SLE-23447) - Require mdds-2_0 instead of mdds-1.5. (jsc#SLE-23447) - Require libixion-0.17 instead of libixion-0.16. (jsc#SLE-23447) - Build with libtool and use autotools. (jsc#SLE-23447) - Provide binaries for non x86_64 architectures directly to SUSE Package Hub. (ijsc#MSC-303) mdds-2_0: - Provide mdds-2_0 version 2.0.2 as LibreOffice dependency. (jsc#SLE-23447) myspell-dictionaries: - Provide binaries for non x86_64 architectures directly to SUSE Package Hub. (ijsc#MSC-303) - There are no visible changes for the final user. ucpp: - Provide binaries for non x86_64 architectures directly to SUSE Package Hub. (ijsc#MSC-303) - There are no visible changes for the final user. xmlsec1: - Provide binaries for non x86_64 architectures directly to SUSE Package Hub. (ijsc#MSC-303) - There are no visible changes for the final user. libxmlsec1-1-1.2.28-150100.7.11.1.x86_64.rpm libxmlsec1-openssl1-1.2.28-150100.7.11.1.x86_64.rpm myspell-de-20191219-150000.3.23.1.noarch.rpm myspell-de_DE-20191219-150000.3.23.1.noarch.rpm myspell-dictionaries-20191219-150000.3.23.1.src.rpm myspell-dictionaries-20191219-150000.3.23.1.x86_64.rpm myspell-en-20191219-150000.3.23.1.noarch.rpm myspell-en_US-20191219-150000.3.23.1.noarch.rpm myspell-es-20191219-150000.3.23.1.noarch.rpm myspell-es_ES-20191219-150000.3.23.1.noarch.rpm myspell-hu_HU-20191219-150000.3.23.1.noarch.rpm myspell-lightproof-en-20191219-150000.3.23.1.x86_64.rpm myspell-lightproof-hu_HU-20191219-150000.3.23.1.x86_64.rpm myspell-lightproof-pt_BR-20191219-150000.3.23.1.x86_64.rpm myspell-lightproof-ru_RU-20191219-150000.3.23.1.x86_64.rpm myspell-nb_NO-20191219-150000.3.23.1.noarch.rpm myspell-no-20191219-150000.3.23.1.noarch.rpm myspell-pt_BR-20191219-150000.3.23.1.noarch.rpm myspell-ro-20191219-150000.3.23.1.noarch.rpm myspell-ro_RO-20191219-150000.3.23.1.noarch.rpm myspell-ru_RU-20191219-150000.3.23.1.noarch.rpm xmlsec1-1.2.28-150100.7.11.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-1863 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This optional update for ckermit fixes the following issues: There are no visible changes for the final user. - Solve a source build issue (FTBFS) after the removal of `libio` with `glibc-2.28`. (bsc#1197708) ckermit-9.0.302-150000.3.3.1.src.rpm ckermit-9.0.302-150000.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-1887 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for grep fixes the following issues: - Make profiling deterministic. (bsc#1040589, SLE-24115) grep-3.1-150000.4.6.1.src.rpm grep-3.1-150000.4.6.1.x86_64.rpm grep-lang-3.1-150000.4.6.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-1851 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for gcc8 fixes the following issues: - Fix build against SP4. (bsc#1197716) - Remove bogus fixed include bits/statx.h from glibc 2.30 (bsc#1197716) gcc8-8.2.1+r264010-150000.1.6.4.src.rpm libmpx2-8.2.1+r264010-150000.1.6.4.x86_64.rpm libmpxwrappers2-8.2.1+r264010-150000.1.6.4.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-1678 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for jackson-databind, jackson-dataformats-binary, jackson-annotations, jackson-bom, jackson-core fixes the following issues: Security issues fixed: - CVE-2020-36518: Fixed a Java stack overflow exception and denial of service via a large depth of nested objects in jackson-databind. (bsc#1197132) - CVE-2020-25649: Fixed an insecure entity expansion in jackson-databind which was vulnerable to XML external entity (XXE). (bsc#1177616) - CVE-2020-28491: Fixed a bug which could cause `java.lang.OutOfMemoryError` exception in jackson-dataformats-binary. (bsc#1182481) Non security fixes: jackson-annotations - update from version 2.10.2 to version 2.13.0: + Build with source/target levels 8 + Add 'mvnw' wrapper + 'JsonSubType.Type' should accept array of names + Jackson version alignment with Gradle 6 + Add '@JsonIncludeProperties' + Add '@JsonTypeInfo(use=DEDUCTION)' + Ability to use '@JsonAnyGetter' on fields + Add '@JsonKey' annotation + Allow repeated calls to 'SimpleObjectIdResolver.bindItem()' for same mapping + Add 'namespace' property for '@JsonProperty' (for XML module) + Add target 'ElementType.ANNOTATION_TYPE' for '@JsonEnumDefaultValue' + 'JsonPattern.Value.pattern' retained as "", never (accidentally) exposed as 'null' + Rewrite to use `ant` for building in order to be able to use it in packages that have to be built before maven jackson-bom - update from version 2.10.2 to version 2.13.0: + Configure moditect plugin with '<jvmVersion>11</jvmVersion>' + jackson-bom manages the version of 'junit:junit' + Drop 'jackson-datatype-hibernate3' (support for Hibernate 3.x datatypes) + Removed "jakarta" classifier variants of JAXB/JSON-P/JAX-RS modules due to the addition of new Jakarta artifacts (Jakarta-JSONP, Jakarta-xmlbind-annotations, Jakarta-rs-providers) + Add version for 'jackson-datatype-jakarta-jsonp' module (introduced after 2.12.2) + Add (beta) version for 'jackson-dataformat-toml' + Jakarta 9 artifact versions are missing from jackson-bom + Add default settings for 'gradle-module-metadata-maven-plugin' (gradle metadata) + Add default settings for 'build-helper-maven-plugin' + Drop 'jackson-module-scala_2.10' entry (not released for Jackson 2.12 or later) + Add override for 'version.plugin.bundle' (for 5.1.1) to help build on JDK 15+ + Add missing version for jackson-datatype-eclipse-collections jackson-core - update from version 2.10.2 to version 2.13.0: + Build with source and target levels 8 + Misleading exception for input source when processing byte buffer with start offset + Escape contents of source document snippet for 'JsonLocation._appendSourceDesc()' + Add 'StreamWriteException' type to eventually replace 'JsonGenerationException' + Replace 'getCurrentLocation()'/'getTokenLocation()' with 'currentLocation()'/'currentTokenLocation()' in 'JsonParser' + Replace 'JsonGenerator.writeObject()' (and related) with 'writePOJO()' + Replace 'getCurrentValue()'/'setCurrentValue()' with 'currentValue()'/'assignCurrentValue()' in 'JsonParser'/'JsonGenerator + Introduce O(n^1.5) BigDecimal parser implementation + ByteQuadsCanonicalizer.addName(String, int, int) has incorrect handling for case of q2 == null + UTF32Reader ArrayIndexOutOfBoundsException + Improve exception/JsonLocation handling for binary content: don't show content, include byte offset + Fix an issue with the TokenFilter unable to ignore properties when deserializing. + Optimize array allocation by 'JsonStringEncoder' + Add 'mvnw' wrapper + (partial) Optimize array allocation by 'JsonStringEncoder' + Add back accidentally removed 'JsonStringEncoder' related methods in 'BufferRecyclers' (like 'getJsonStringEncoder()') + 'ArrayOutOfBoundException' at 'WriterBasedJsonGenerator.writeString(Reader, int)' + Allow "optional-padding" for 'Base64Variant' + More customizable TokenFilter inclusion (using 'Tokenfilter.Inclusion') + Publish Gradle Module Metadata + Add 'StreamReadCapability' for further format-based/format-agnostic handling improvements + Add 'JsonParser.isExpectedNumberIntToken()' convenience method + Add 'StreamWriteCapability' for further format-based/format-agnostic handling improvements + Add 'JsonParser.getNumberValueExact()' to allow precision-retaining buffering + Limit initial allocated block size by 'ByteArrayBuilder' to max block size + Add 'JacksonException' as parent class of 'JsonProcessingException' + Make 'JsonWriteContext.reset()' and 'JsonReadContext.reset()' methods public + Deprecate 'JsonParser.getCurrentTokenId()' (use '#currentTokenId()' instead) + Full "LICENSE" included in jar for easier access by compliancy tools + Fix NPE in 'writeNumber(String)' method of 'UTF8JsonGenerator', 'WriterBasedJsonGenerator' + Add a String Array write method in the Streaming API + Synchronize variants of 'JsonGenerator#writeNumberField' with 'JsonGenerator#writeNumber' + Add JsonGenerator#writeNumber(char[], int, int) method + Do not clear aggregated contents of 'TextBuffer' when 'releaseBuffers()' called + 'FilteringGeneratorDelegate' does not handle 'writeString(Reader, int)' + Optionally allow leading decimal in float tokens + Rewrite to use ant for building in order to be able to use it in packages that have to be built before maven + Parsing JSON with 'ALLOW_MISSING_VALUE' enabled results in endless stream of 'VALUE_NULL' tokens + Handle case when system property access is restricted + 'FilteringGeneratorDelegate' does not handle 'writeString(Reader, int)' + DataFormatMatcher#getMatchedFormatName throws NPE when no match exists + 'JsonParser.getCurrentLocation()' byte/char offset update incorrectly for big payloads jackson-databind - update from version 2.10.5.1 to version 2.13.0: + '@JsonValue' with integer for enum does not deserialize correctly + 'AnnotatedMethod.getValue()/setValue()' doesn't have useful exception message + Add 'DatabindException' as intermediate subtype of 'JsonMappingException' + Jackson does not support deserializing new Java 9 unmodifiable collections + Allocate TokenBuffer instance via context objects (to allow format-specific buffer types) + Add mechanism for setting default 'ContextAttributes' for 'ObjectMapper' + Add 'DeserializationContext.readTreeAsValue()' methods for more convenient conversions for deserializers to use + Clean up support of typed "unmodifiable", "singleton" Maps/Sets/Collections + Extend internal bitfield of 'MapperFeature' to be 'long' + Add 'removeMixIn()' method in 'MapperBuilder' + Backport 'MapperBuilder' lambda-taking methods: 'withConfigOverride()', 'withCoercionConfig()', 'withCoercionConfigDefaults()' + configOverrides(boolean.class) silently ignored, whereas .configOverride(Boolean.class) works for both primitives and boxed boolean values + Dont track unknown props in buffer if 'ignoreAllUnknown' is true + Should allow deserialization of java.time types via opaque 'JsonToken.VALUE_EMBEDDED_OBJECT' + Optimize "AnnotatedConstructor.call()" case by passing explicit null + Add AnnotationIntrospector.XmlExtensions interface for decoupling javax dependencies + Custom SimpleModule not included in list returned by ObjectMapper.getRegisteredModuleIds() after registration + Use more limiting default visibility settings for JDK types (java.*, javax.*) + Deep merge for 'JsonNode' using 'ObjectReader.readTree()' + IllegalArgumentException: Conflicting setter definitions for property with more than 2 setters + Serializing java.lang.Thread fails on JDK 11 and above + String-based 'Map' key deserializer is not deterministic when there is no single arg constructor + Add ArrayNode#set(int index, primitive_type value) + JsonStreamContext "currentValue" wrongly references to '@JsonTypeInfo' annotated object + DOM 'Node' serialization omits the default namespace declaration + Support 'suppressed' property when deserializing 'Throwable' + 'AnnotatedMember.equals()' does not work reliably + Add 'MapperFeature.APPLY_DEFAULT_VALUES', initially for Scala module + For an absent property Jackson injects 'NullNode' instead of 'null' to a JsonNode-typed constructor argument of a '@ConstructorProperties'-annotated constructor + 'XMLGregorianCalendar' doesn't work with default typing + Content 'null' handling not working for root values + StdDeserializer rejects blank (all-whitespace) strings for ints + 'USE_BASE_TYPE_AS_DEFAULT_IMPL' not working with 'DefaultTypeResolverBuilder' + Add PropertyNamingStrategies.UpperSnakeCaseStrategy (and UPPER_SNAKE_CASE constant) + StackOverflowError when serializing JsonProcessingException + Support for BCP 47 'java.util.Locale' serialization/deserialization + String property deserializes null as "null" for JsonTypeInfo.As.EXISTING_PROPERTY + Can not deserialize json to enum value with Object-/Array-valued input, '@JsonCreator' + Fix to avoid problem with 'BigDecimalNode', scale of 'Integer.MIN_VALUE' + Extend handling of 'FAIL_ON_NULL_FOR_PRIMITIVES' to cover coercion from (Empty) String via 'AsNull' + Add 'mvnw' wrapper + (regression) Factory method generic type resolution does not use Class-bound type parameter + Deserialization of "empty" subtype with DEDUCTION failed + Merge findInjectableValues() results in AnnotationIntrospectorPair + READ_UNKNOWN_ENUM_VALUES_USING_DEFAULT_VALUE doesn't work with empty strings + 'TypeFactory' cannot convert 'Collection' sub-type without type parameters to canonical form and back + Fix for [modules-java8#207]: prevent fail on secondary Java 8 date/time types + EXTERNAL_PROPERTY does not work well with '@JsonCreator' and 'FAIL_ON_UNKNOWN_PROPERTIES' + String property deserializes null as "null" for 'JsonTypeInfo.As.EXTERNAL_PROPERTY' + Property ignorals cause 'BeanDeserializer 'to forget how to read from arrays (not copying '_arrayDelegateDeserializer') + UntypedObjectDeserializer' mixes multiple unwrapped collections (related to #2733) + Two cases of incorrect error reporting about DeserializationFeature + Bug in polymorphic deserialization with '@JsonCreator', '@JsonAnySetter', 'JsonTypeInfo.As.EXTERNAL_PROPERTY' + Polymorphic subtype deduction ignores 'defaultImpl' attribute + MismatchedInputException: Cannot deserialize instance of 'com.fasterxml.jackson.databind.node.ObjectNode' out of VALUE_NULL token + Missing override for 'hasAsKey()' in 'AnnotationIntrospectorPair' + Creator lookup fails with 'InvalidDefinitionException' for conflict between single-double/single-Double arg constructor + 'MapDeserializer' forcing 'JsonMappingException' wrapping even if WRAP_EXCEPTIONS set to false + Auto-detection of constructor-based creator method skipped if there is an annotated factory-based creator method (regression from 2.11) + 'ObjectMapper.treeToValue()' no longer invokes 'JsonDeserializer.getNullValue()' + DeserializationProblemHandler is not invoked when trying to deserialize String + Fix failing 'double' JsonCreators in jackson 2.12.0 + Conflicting in POJOPropertiesCollector when having namingStrategy + Breaking API change in 'BasicClassIntrospector' (2.12.0) + 'JsonNode.requiredAt()' does NOT fail on some path expressions + Exception thrown when 'Collections.synchronizedList()' is serialized with type info, deserialized + Add option to resolve type from multiple existing properties, '@JsonTypeInfo(use=DEDUCTION)' + '@JsonIgnoreProperties' does not prevent Exception Conflicting getter/setter definitions for property + Deserialization Not Working Right with Generic Types and Builders + Add '@JsonIncludeProperties(propertyNames)' (reverse of '@JsonIgnoreProperties') + '@JsonAnyGetter' should be allowed on a field + Allow handling of single-arg constructor as property based by default + Allow case insensitive deserialization of String value into 'boolean'/'Boolean' (esp for Excel) + Allow use of '@JsonFormat(with=JsonFormat.Feature .ACCEPT_CASE_INSENSITIVE_PROPERTIES)' on Class + Abstract class included as part of known type ids for error message when using JsonSubTypes + Distinguish null from empty string for UUID deserialization + 'ReferenceType' does not expose valid containedType + Add 'CoercionConfig[s]' mechanism for configuring allowed coercions + 'JsonProperty.Access.READ_ONLY' does not work with "getter-as-setter" 'Collection's + Support 'BigInteger' and 'BigDecimal' creators in 'StdValueInstantiator' + 'JsonProperty.Access.READ_ONLY' fails with collections when a property name is specified + 'BigDecimal' precision not retained for polymorphic deserialization + Support use of 'Void' valued properties ('MapperFeature.ALLOW_VOID_VALUED_PROPERTIES') + Explicitly fail (de)serialization of 'java.time.*' types in absence of registered custom (de)serializers + Improve description included in by 'DeserializationContext.handleUnexpectedToken()' + Support for JDK 14 record types ('java.lang.Record') + 'PropertyNamingStrategy' class initialization depends on its subclass, this can lead to class loading deadlock + 'FAIL_ON_IGNORED_PROPERTIES' does not throw on 'READONLY' properties with an explicit name + Add Gradle Module Metadata for version alignment with Gradle 6 + Allow 'JsonNode' auto-convert into 'ArrayNode' if duplicates found (for XML) + Allow values of "untyped" auto-convert into 'List' if duplicates found (for XML) + Add 'ValueInstantiator.createContextual(...) + Support multiple names in 'JsonSubType.Type' + Disabling 'FAIL_ON_INVALID_SUBTYPE' breaks polymorphic deserialization of Enums + Explicitly fail (de)serialization of 'org.joda.time.*' types in absence of registered custom (de)serializers + Trailing zeros are stripped when deserializing BigDecimal values inside a @JsonUnwrapped property + Extract getter/setter/field name mangling from 'BeanUtil' into pluggable 'AccessorNamingStrategy' + Throw 'InvalidFormatException' instead of 'MismatchedInputException' for ACCEPT_FLOAT_AS_INT coercion failures + Add '@JsonKey' annotation (similar to '@JsonValue') for customizable serialization of Map keys + 'MapperFeature.ACCEPT_CASE_INSENSITIVE_ENUMS' should work for enum as keys + Add support for disabling special handling of "Creator properties" wrt alphabetic property ordering + Add 'JsonNode.canConvertToExactIntegral()' to indicate whether floating-point/BigDecimal values could be converted to integers losslessly + Improve static factory method generic type resolution logic + Allow preventing "Enum from integer" coercion using new 'CoercionConfig' system + '@JsonValue' not considered when evaluating inclusion + Make some java platform modules optional + Add support for serializing 'java.sql.Blob' + 'AnnotatedCreatorCollector' should avoid processing synthetic static (factory) methods + Add errorprone static analysis profile to detect bugs at build time + Problem with implicit creator name detection for constructor detection + Add 'BeanDeserializerBase.isCaseInsensitive()' + Refactoring of 'CollectionDeserializer' to solve CSV array handling issues + Full "LICENSE" included in jar for easier access by compliancy tools + Fix type resolution for static methods (regression in 2.11.3) + '@JsonCreator' on constructor not compatible with '@JsonIdentityInfo', 'PropertyGenerator' + Add debug improvements about 'ClassUtil.getClassMethods()' + Cannot detect creator arguments of mixins for JDK types + Add 'JsonFormat.Shape' awareness for UUID serialization ('UUIDSerializer') + Json serialization fails or a specific case that contains generics and static methods with generic parameters (2.11.1 -> 2.11.2 regression) + 'ObjectMapper.activateDefaultTypingAsProperty()' is not using parameter 'PolymorphicTypeValidator' + Problem deserialization "raw generic" fields (like 'Map') in 2.11.2 + Fix issues with 'MapLikeType.isTrueMapType()', 'CollectionLikeType.isTrueCollectionType()' + Parser/Generator features not set when using 'ObjectMapper.createParser()', 'createGenerator()' + Polymorphic subtypes not registering on copied ObjectMapper (2.11.1) + Failure to read AnnotatedField value in Jackson 2.11 + 'TypeFactory.constructType()' does not take 'TypeBindings' correctly + Builder Deserialization with JsonCreator Value vs Array + JsonCreator on static method in Enum and Enum used as key in map fails randomly + 'StdSubtypeResolver' is not thread safe (possibly due to copy not being made with 'ObjectMapper.copy()') + "Conflicting setter definitions for property" exception for 'Map' subtype during deserialization + Fail to deserialize local Records + Rearranging of props when property-based generator is in use leads to incorrect output + Jackson doesn't respect 'CAN_OVERRIDE_ACCESS_MODIFIERS=false' for deserializer properties + 'DeserializationFeature.UNWRAP_SINGLE_VALUE_ARRAYS' don't support 'Map' type field + JsonParser from MismatchedInputException cannot getText() for floating-point value + i-I case conversion problem in Turkish locale with case-insensitive deserialization + '@JsonInject' fails on trying to find deserializer even if inject-only + Polymorphic deserialization should handle case-insensitive Type Id property name if 'MapperFeature.ACCEPT_CASE_INSENSITIVE_PROPERTIES' is enabled + TreeTraversingParser and UTF8StreamJsonParser create contexts differently + Support use of '@JsonAlias' for enum values + 'declaringClass' of "enum-as-POJO" not removed for 'ObjectMapper' with a naming strategy + Fix 'JavaType.isEnumType()' to support sub-classes + BeanDeserializerBuilder Protected Factory Method for Extension + Support '@JsonSerialize(keyUsing)' and '@JsonDeserialize(keyUsing)' on Key class + Add 'SerializationFeature.WRITE_SELF_REFERENCES_AS_NULL' + 'ObjectMapper.registerSubtypes(NamedType...)' doesn't allow registering same POJO for two different type ids + 'DeserializationContext.handleMissingInstantiator()' throws 'MismatchedInputException' for non-static inner classes + Incorrect 'JsonStreamContext' for 'TokenBuffer' and 'TreeTraversingParser' + Add 'AnnotationIntrospector.findRenameByField()' to support Kotlin's "is-getter" naming convention + Use '@JsonProperty(index)' for sorting properties on serialization + Java 8 'Optional' not working with '@JsonUnwrapped' on unwrappable type + Add 'MapperFeature.BLOCK_UNSAFE_POLYMORPHIC_BASE_TYPES' to allow blocking use of unsafe base type for polymorphic deserialization + 'ObjectMapper.setSerializationInclusion()' is ignored for 'JsonAnyGetter' + 'ValueInstantiationException' when deserializing using a builder and 'UNWRAP_SINGLE_VALUE_ARRAYS' + JsonIgnoreProperties(ignoreUnknown = true) does not work on field and method level + Failure to resolve generic type parameters on serialization + JsonParser cannot getText() for input stream on MismatchedInputException + ObjectReader readValue lacks Class<T> argument + Change default textual serialization of 'java.util.Date'/'Calendar' to include colon in timezone offset + Add 'ObjectMapper.createParser()' and 'createGenerator()' methods + Allow serialization of 'Properties' with non-String values + Add new factory method for creating custom 'EnumValues' to pass to 'EnumDeserializer + 'IllegalArgumentException' thrown for mismatched subclass deserialization + Add convenience methods for creating 'List', 'Map' valued 'ObjectReader's (ObjectMapper.readerForListOf()) + 'SerializerProvider.findContentValueSerializer()' methods jackson-dataformats-binary - update from version 2.10.1 to version 2.13.0: + (cbor) Should validate UTF-8 multi-byte validity for short decode path too + (ion) Deprecate 'CloseSafeUTF8Writer', remove use + (smile) Make 'SmileFactory' support 'JsonFactory.Feature.CANONICALIZE_FIELD_NAMES' + (cbor) Make 'CBORFactory' support 'JsonFactory.Feature.CANONICALIZE_FIELD_NAMES' + (cbor) Handle case of BigDecimal with Integer.MIN_VALUE for scale gracefully + (cbor) Uncaught exception in CBORParser._nextChunkedByte2 (by ossfuzzer) + (cbor) Another uncaught exception in CBORParser._nextChunkedByte2 (by ossfuzzer) + (smile) Add 'SmileGenerator.Feature.LENIENT_UTF_ENCODING' for lenient handling of broken Unicode surrogate pairs on writing + (avro) Add 'logicalType' support for some 'java.time' types; add 'AvroJavaTimeModule' for native ser/deser + Support base64 strings in 'getBinaryValue()' for CBOR and Smile + (cbor) 'ArrayIndexOutOfBounds' for truncated UTF-8 name + (avro) Generate logicalType switch + (smile) 'ArrayIndexOutOfBounds' for truncated UTF-8 name + (ion) 'jackson-dataformat-ion' does not handle null.struct deserialization correctly + 'Ion-java' dep 1.4.0 -> 1.8.0 + Minor change to Ion module registration names (fully-qualified) + (cbor) Uncaught exception in CBORParser._nextChunkedByte2 (by ossfuzzer) + (cbor) Uncaught exception in CBORParser._findDecodedFromSymbols() (by ossfuzzer) + (smile) Uncaught validation problem wrt Smile "BigDecimal" type + (smile) ArrayIndexOutOfBoundsException for malformed Smile header + (cbor) Failed to handle case of alleged String with length of Integer.MAX_VALUE + (smile) Allocate byte[] lazily for longer Smile binary data payloads + (cbor) CBORParser need to validate zero-length byte[] for BigInteger + (smile) Handle invalid chunked-binary-format length gracefully + (smile) Allocate byte[] lazily for longer Smile binary data payloads (7-bit encoded) + (smile) ArrayIndexOutOfBoundsException in SmileParser._decodeShortUnicodeValue() + (smile) Handle sequence of Smile header markers without recursion + (cbor) CBOR loses 'Map' entries with specific 'long' Map key values (32-bit boundary) + (ion) Ion Polymorphic deserialization in 2.12 breaks wrt use of Native Type Ids when upgrading from 2.8 + (cbor) 'ArrayIndexOutOfBoundsException' in 'CBORParser' for invalid UTF-8 String + (cbor) Handle invalid CBOR content like '[0x84]' (incomplete array) + (ion) Respect 'WRITE_ENUMS_USING_TO_STRING' in 'EnumAsIonSymbolSerializer' + (ion) Add support for generating IonSexps + (ion) Add support for deserializing IonTimestamps and IonBlobs + (ion) Add 'IonObjectMapper.builderForBinaryWriters()' / '.builderforTextualWriters()' convenience methods + (ion) Enabling pretty-printing fails Ion serialization + (ion) Allow disabling native type ids in IonMapper + (smile) Small bug in byte-alignment for long field names in Smile, symbol table reuse + (ion) Add 'IonFactory.getIonSystem()' accessor + (ion) Optimize 'IonParser.getNumberType()' using 'IonReader.getIntegerSize()' + (cbor) Add 'CBORGenerator.Feature.LENIENT_UTF_ENCODING' for lenient handling of Unicode surrogate pairs on writing + (cbor) Add support for decoding unassigned "simple values" (type 7) + Add Gradle Module Metadata (https://blog.gradle.org/alignment-with-gradle-module-metadata) + (avro) Cache record names to avoid hitting class loader + (avro) Avro null deserialization + (ion) Add 'IonFactory.getIonSystem()' accessor + (avro) Add 'AvroGenerator.canWriteBinaryNatively()' to support binary writes, fix 'java.util.UUID' representation + (ion) Allow 'IonObjectMapper' with class name annotation introspector to deserialize generic subtypes + Remove dependencies upon Jackson 1.X and Avro's JacksonUtils + 'jackson-databind' should not be full dependency for (cbor, protobuf, smile) modules + 'CBORGenerator.Feature.WRITE_MINIMAL_INTS' does not write most compact form for all integers + 'AvroGenerator' overrides 'getOutputContext()' properly + (ion) Add 'IonFactory.getIonSystem()' accessor + (avro) Fix schema evolution involving maps of non-scalar + (protobuf) Parsing a protobuf message doesn't properly skip unknown fields + (ion) IonObjectMapper close()s the provided IonWriter unnecessarily + ion-java dependency 1.4.0 -> 1.5.1 jackson-annotations-2.13.0-150200.3.6.1.noarch.rpm jackson-annotations-2.13.0-150200.3.6.1.src.rpm jackson-core-2.13.0-150200.3.6.1.noarch.rpm jackson-core-2.13.0-150200.3.6.1.src.rpm jackson-databind-2.13.0-150200.3.9.1.noarch.rpm jackson-databind-2.13.0-150200.3.9.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-1655 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for pam fixes the following issue: - Do not include obsolete header files (bsc#1197794) pam-1.3.0-150000.6.58.3.src.rpm pam-1.3.0-150000.6.58.3.x86_64.rpm pam-devel-1.3.0-150000.6.58.3.x86_64.rpm pam-doc-1.3.0-150000.6.58.3.noarch.rpm pam-extra-1.3.0-150000.6.58.3.x86_64.rpm pam-32bit-1.3.0-150000.6.58.3.x86_64.rpm pam-extra-32bit-1.3.0-150000.6.58.3.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-1656 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for llvm7 fixes the following issues: - Backport fixes and changes from Factory. (bsc#1197775) - Drop RUNPATH from packaged binaries, instead set LD_LIBRARY_PATH for building and testing to simulate behavior of actual package. - Fix build with linux-glibc-devel 5.13. clang7-7.0.1-150100.3.22.2.x86_64.rpm clang7-devel-7.0.1-150100.3.22.2.x86_64.rpm libLLVM7-32bit-7.0.1-150100.3.22.2.x86_64.rpm libLLVM7-7.0.1-150100.3.22.2.x86_64.rpm libLTO7-7.0.1-150100.3.22.2.x86_64.rpm libclang7-7.0.1-150100.3.22.2.x86_64.rpm libomp7-devel-7.0.1-150100.3.22.2.x86_64.rpm llvm7-7.0.1-150100.3.22.2.src.rpm llvm7-7.0.1-150100.3.22.2.x86_64.rpm llvm7-LTO-devel-7.0.1-150100.3.22.2.x86_64.rpm llvm7-devel-7.0.1-150100.3.22.2.x86_64.rpm llvm7-gold-7.0.1-150100.3.22.2.x86_64.rpm llvm7-polly-7.0.1-150100.3.22.2.x86_64.rpm llvm7-polly-devel-7.0.1-150100.3.22.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-1864 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for leveldb fixes the following issue: - fix tests (bsc#1197742) leveldb-1.18-150000.3.3.1.src.rpm libleveldb1-1.18-150000.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-1820 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for rzsz fixes the following issue: - Fix build with the latest gettext (bsc#1197852) rzsz-0.12.21~rc-150000.3.3.2.src.rpm rzsz-0.12.21~rc-150000.3.3.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-1865 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for xiterm fixes the following issues: - Remove use of obsolete XSI STREAMS interface. (bsc#1197864) fbiterm-0.5.20040304-150000.5.6.1.x86_64.rpm libiterm1-0.5.20040304-150000.5.6.1.x86_64.rpm xiterm-0.5.20040304-150000.5.6.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-1660 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for publicsuffix fixes the following issue: - Update to version 20220405 (bsc#1198068) publicsuffix-20220405-150000.3.9.1.noarch.rpm publicsuffix-20220405-150000.3.9.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-1867 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for v4l-utils fixes the following issues: - fix build (bsc#1197861) libv4l-1.14.1-150000.3.3.1.x86_64.rpm libv4l1-0-1.14.1-150000.3.3.1.x86_64.rpm libv4l2-0-1.14.1-150000.3.3.1.x86_64.rpm libv4lconvert0-1.14.1-150000.3.3.1.x86_64.rpm v4l-utils-1.14.1-150000.3.3.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-1659 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for cups fixes the following issues: - CUPS printservice takes much longer than before with a big number of printers (bsc#1189517) - CUPS PreserveJobHistory doesn't work with seconds (bsc#1195115) cups-2.2.7-150000.3.29.1.src.rpm cups-2.2.7-150000.3.29.1.x86_64.rpm cups-client-2.2.7-150000.3.29.1.x86_64.rpm cups-config-2.2.7-150000.3.29.1.x86_64.rpm cups-devel-2.2.7-150000.3.29.1.x86_64.rpm libcups2-2.2.7-150000.3.29.1.x86_64.rpm libcups2-32bit-2.2.7-150000.3.29.1.x86_64.rpm libcupscgi1-2.2.7-150000.3.29.1.x86_64.rpm libcupsimage2-2.2.7-150000.3.29.1.x86_64.rpm libcupsmime1-2.2.7-150000.3.29.1.x86_64.rpm libcupsppdc1-2.2.7-150000.3.29.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2552 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libxml2 fixes the following issues: Update to 2.9.14: - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). Update to version 2.9.13: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes. (bsc#1196490) libxml2-2-2.9.14-150400.5.7.1.x86_64.rpm libxml2-2.9.14-150400.5.7.1.src.rpm libxml2-devel-2.9.14-150400.5.7.1.x86_64.rpm libxml2-python-2.9.14-150400.5.7.1.src.rpm libxml2-tools-2.9.14-150400.5.7.1.x86_64.rpm python3-libxml2-2.9.14-150400.5.7.1.x86_64.rpm libxml2-2-32bit-2.9.14-150400.5.7.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2378 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for cifs-utils fixes the following issues: - CVE-2022-27239: Fixed a buffer overflow in the command line ip option (bsc#1197216). cifs-utils-6.15-150400.3.6.1.src.rpm cifs-utils-6.15-150400.3.6.1.x86_64.rpm cifs-utils-devel-6.15-150400.3.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2307 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for ldb, samba fixes the following issues: ldb was updated to version 2.4.2 to fix: + Fix for CVE-2021-3670, ensure that the LDB request has not timed out during filter processing as the LDAP server MaxQueryDuration is otherwise not honoured. samba was updated to fix: - Revert NIS support removal; (bsc#1199247); - Use requires_eq macro to require the libldb2 version available at samba-dsdb-modules build time; (bsc#1199362); - Add missing samba-client requirement to samba-winbind package; (bsc#1198255); Update to 4.15.7 * Share and server swapped in smbget password prompt; (bso#14831); * Durable handles won't reconnect if the leased file is written to; (bso#15022); * rmdir silently fails if directory contains unreadable files and hide unreadable is yes; (bso#15023); * SMB2_CLOSE_FLAGS_FULL_INFORMATION fails to return information on renamed file handle; (bso#15038); * vfs_shadow_copy2 breaks "smbd async dosmode" sync fallback; (bso#14957); * shadow_copy2 fails listing snapshotted dirs with shadow:fixinodes; (bso#15035); * PAM Kerberos authentication incorrectly fails with a clock skew error; (bso#15046); * username map - samba erroneously applies unix group memberships to user account entries; (bso#15041); * NT_STATUS_ACCESS_DENIED translates into EPERM instead of EACCES in SMBC_server_internal; (bso#14983); * Simple bind doesn't work against an RODC (with non-preloaded users); (bso#13879); * Crash of winbind on RODC; (bso#14641); * uncached logon on RODC always fails once; (bso#14865); * KVNO off by 100000; (bso#14951); * LDAP simple binds should honour "old password allowed period"; (bso#15001); * wbinfo -a doesn't work reliable with upn names; (bso#15003); * Simple bind doesn't work against an RODC (with non-preloaded users); (bso#13879); * Uninitialized litemask in variable in vfs_gpfs module; (bso#15027); * Regression: create krb5 conf = yes doesn't work with a single KDC; (bso#15016); - Add provides to samba-client-libs package to fix upgrades from previous versions; (bsc#1197995); - Add missing samba-libs requirement to samba-winbind package; (bsc#1198255); Update to 4.15.6 * Renaming file on DFS root fails with NT_STATUS_OBJECT_PATH_NOT_FOUND; (bso#14169); * Samba does not response STATUS_INVALID_PARAMETER when opening 2 objects with same lease key; (bso#14737); * NT error code is not set when overwriting a file during rename in libsmbclient; (bso#14938); * Fix ldap simple bind with TLS auditing; (bso#14996); * net ads info shows LDAP Server: 0.0.0.0 depending on contacted server; (bso#14674); * Problem when winbind renews Kerberos; (bso#14979); (bsc#1196224); * pam_winbind will not allow gdm login if password about to expire; (bso#8691); * virusfilter_vfs_openat: Not scanned: Directory or special file; (bso#14971); * DFS fix for AIX broken; (bso#13631); * Solaris and AIX acl modules: wrong function arguments; (bso#14974); * Function aixacl_sys_acl_get_file not declared / coredump; (bso#7239); * Regression: Samba 4.15.2 on macOS segfaults intermittently during strcpy in tdbsam_getsampwnam; (bso#14900); * Fix a use-after-free in SMB1 server; (bso#14989); * smb2_signing_decrypt_pdu() may not decrypt with gnutls_aead_cipher_decrypt() from gnutls before 3.5.2; (bso#14968); * Changing the machine password against an RODC likely destroys the domain join; (bso#14984); * authsam_make_user_info_dc() steals memory from its struct ldb_message *msg argument; (bso#14993); * Use Heimdal 8.0 (pre) rather than an earlier snapshot; (bso#14995); * Samba autorid fails to map AD users if id rangesize fits in the id range only once; (bso#14967); Other SUSE fixes: - Fix mismatched version of libldb2; (bsc#1196788). - Drop obsolete SuSEfirewall2 service files. - Drop obsolete Samba fsrvp v0->v1 state upgrade functionality; (bsc#1080338). - Fix ntlm authentications with "winbind use default domain = yes"; (bso#13126); (bsc#1173429); (bsc#1196308). - Fix samba-ad-dc status warning notification message by disabling systemd notifications in bgqd; (bsc#1195896); (bso#14947). - libldb version mismatch in Samba dsdb component; (bsc#1118508); ldb-2.4.2-150400.4.3.11.src.rpm ldb-tools-2.4.2-150400.4.3.11.x86_64.rpm libldb-devel-2.4.2-150400.4.3.11.x86_64.rpm libldb2-2.4.2-150400.4.3.11.x86_64.rpm libsamba-policy-devel-4.15.7+git.376.dd43aca9ab2-150400.3.5.3.x86_64.rpm libsamba-policy-python3-devel-4.15.7+git.376.dd43aca9ab2-150400.3.5.3.x86_64.rpm libsamba-policy0-python3-4.15.7+git.376.dd43aca9ab2-150400.3.5.3.x86_64.rpm python3-ldb-2.4.2-150400.4.3.11.x86_64.rpm python3-ldb-devel-2.4.2-150400.4.3.11.x86_64.rpm samba-4.15.7+git.376.dd43aca9ab2-150400.3.5.3.src.rpm samba-4.15.7+git.376.dd43aca9ab2-150400.3.5.3.x86_64.rpm samba-ad-dc-libs-4.15.7+git.376.dd43aca9ab2-150400.3.5.3.x86_64.rpm samba-ceph-4.15.7+git.376.dd43aca9ab2-150400.3.5.3.x86_64.rpm samba-client-4.15.7+git.376.dd43aca9ab2-150400.3.5.3.x86_64.rpm samba-client-libs-4.15.7+git.376.dd43aca9ab2-150400.3.5.3.x86_64.rpm samba-devel-4.15.7+git.376.dd43aca9ab2-150400.3.5.3.x86_64.rpm samba-dsdb-modules-4.15.7+git.376.dd43aca9ab2-150400.3.5.3.x86_64.rpm samba-gpupdate-4.15.7+git.376.dd43aca9ab2-150400.3.5.3.x86_64.rpm samba-ldb-ldap-4.15.7+git.376.dd43aca9ab2-150400.3.5.3.x86_64.rpm samba-libs-4.15.7+git.376.dd43aca9ab2-150400.3.5.3.x86_64.rpm samba-libs-python3-4.15.7+git.376.dd43aca9ab2-150400.3.5.3.x86_64.rpm samba-python3-4.15.7+git.376.dd43aca9ab2-150400.3.5.3.x86_64.rpm samba-winbind-4.15.7+git.376.dd43aca9ab2-150400.3.5.3.x86_64.rpm samba-winbind-libs-4.15.7+git.376.dd43aca9ab2-150400.3.5.3.x86_64.rpm libldb2-32bit-2.4.2-150400.4.3.11.x86_64.rpm samba-client-libs-32bit-4.15.7+git.376.dd43aca9ab2-150400.3.5.3.x86_64.rpm samba-libs-32bit-4.15.7+git.376.dd43aca9ab2-150400.3.5.3.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2358 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for augeas fixes the following issues: - Fix handling of keywords in new sysctl.conf (bsc#1197443) augeas-1.12.0-150400.3.3.6.src.rpm augeas-1.12.0-150400.3.3.6.x86_64.rpm augeas-devel-1.12.0-150400.3.3.6.x86_64.rpm augeas-lenses-1.12.0-150400.3.3.6.x86_64.rpm libaugeas0-1.12.0-150400.3.3.6.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2016 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for vulkan fixes the following issue: - Disable RPATH to make the inherited package run on SLE-15-SP4. (bsc#1197862) vulkan-1.0.65.0-150000.5.3.1.src.rpm vulkan-1.0.65.0-150000.5.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-1843 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for suse-build-key fixes the following issues: - still ship the old ptf key in the documentation directory (bsc#1198504) suse-build-key-12.0-150000.8.25.1.noarch.rpm suse-build-key-12.0-150000.8.25.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2017 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for icewm fixes the following issues: - A later glib2 update will cause icewm fail to build. (bsc#1197729) icewm-1.4.2-150000.7.15.1.src.rpm icewm-1.4.2-150000.7.15.1.x86_64.rpm icewm-default-1.4.2-150000.7.15.1.x86_64.rpm icewm-lang-1.4.2-150000.7.15.1.noarch.rpm icewm-lite-1.4.2-150000.7.15.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-1658 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) libpsl-0.20.1-150000.3.3.1.src.rpm libpsl-devel-0.20.1-150000.3.3.1.x86_64.rpm libpsl5-0.20.1-150000.3.3.1.x86_64.rpm libpsl5-32bit-0.20.1-150000.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-1709 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libcbor fixes the following issues: - Fix build errors occuring on SUSE Linux Enterprise 15 Service Pack 4 libcbor-0.5.0-150100.4.6.1.src.rpm libcbor0-0.5.0-150100.4.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-1828 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for oath-toolkit fixes the following issues: - Fix build issues occurring on SUSE Linux Enterprise 15 Service Pack 4 (bsc#1197790) liboath-devel-2.6.2-150000.3.3.1.x86_64.rpm liboath0-2.6.2-150000.3.3.1.x86_64.rpm oath-toolkit-2.6.2-150000.3.3.1.src.rpm oath-toolkit-xml-2.6.2-150000.3.3.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-1595 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libnss_nis fixes the following issues: - Fix build issues occurring on SUSE Linux Enterprise 15 Service Pack 4 (bsc#1197768) libnss_nis-3.0-150000.3.3.1.src.rpm libnss_nis2-3.0-150000.3.3.1.x86_64.rpm libnss_nis2-32bit-3.0-150000.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2093 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for open-vm-tools fixes the following issues: - Update to 12.0.0 (build 19345655) (bsc#1196803) - Update open-vm-tools 12.0.0. (jsc#SLE-24097) - Support for managing Salt Minion through guest variables. A new open-vm-tools-salt-minion rpm is added to handle this support. - New ComponentMgr plugin to manage (add, remove, monitor) components on the guest VM. - Patch to fix potential Fail to Build from Source. (bsc#1196804) - Build vmhgfs with either libfuse2 or libfuse3. libvmtools-devel-12.0.0-150300.16.1.x86_64.rpm libvmtools0-12.0.0-150300.16.1.x86_64.rpm open-vm-tools-12.0.0-150300.16.1.src.rpm open-vm-tools-12.0.0-150300.16.1.x86_64.rpm open-vm-tools-sdmp-12.0.0-150300.16.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-1850 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for perl-XML-LibXML fixes the following issues: - Allow compile against latest version available of libxml in SP4 so perl-XML-LibXSLT compiles cleanly. (bsc#1197798) This update has no customer visible change. perl-XML-LibXML-2.0132-150000.3.3.1.src.rpm perl-XML-LibXML-2.0132-150000.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2014 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for scap-security-guide fixes the following issues: scap-security-guide was updated to 0.1.61 (jsc#ECO-3319): - Stop building PCI-DSS-centric XCCDF benchmark for RHEL 7 - Introduce OL9 product - Implement handling of logical expressions in platform definitions Please note that SUSE supports only the DISA STIG, HIPAA and PCI-DSS profiles for SUSE Linux Enterprise Server 12 and 15. scap-security-guide-0.1.61-150000.1.32.1.noarch.rpm scap-security-guide-0.1.61-150000.1.32.1.src.rpm scap-security-guide-debian-0.1.61-150000.1.32.1.noarch.rpm scap-security-guide-redhat-0.1.61-150000.1.32.1.noarch.rpm scap-security-guide-ubuntu-0.1.61-150000.1.32.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-1718 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for e2fsprogs fixes the following issues: - CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault and possibly arbitrary code execution. (bsc#1198446) e2fsprogs-1.46.4-150400.3.3.1.src.rpm e2fsprogs-1.46.4-150400.3.3.1.x86_64.rpm e2fsprogs-devel-1.46.4-150400.3.3.1.x86_64.rpm libcom_err-devel-1.46.4-150400.3.3.1.x86_64.rpm libcom_err-devel-static-1.46.4-150400.3.3.1.x86_64.rpm libcom_err2-1.46.4-150400.3.3.1.x86_64.rpm libcom_err2-32bit-1.46.4-150400.3.3.1.x86_64.rpm libext2fs-devel-1.46.4-150400.3.3.1.x86_64.rpm libext2fs-devel-static-1.46.4-150400.3.3.1.x86_64.rpm libext2fs2-1.46.4-150400.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-1703 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for hwdata fixes the following issues: - Updated pci, usb and vendor ids (bsc#1196332) hwdata-0.358-150000.3.45.1.noarch.rpm hwdata-0.358-150000.3.45.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2019 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * use --with-cpu rather than specifying --with-arch/--with-tune * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h gcc11-11.3.0+git1637-150000.1.9.1.src.rpm libada11-11.3.0+git1637-150000.1.9.1.x86_64.rpm libada11-32bit-11.3.0+git1637-150000.1.9.1.x86_64.rpm libasan6-11.3.0+git1637-150000.1.9.1.x86_64.rpm libasan6-32bit-11.3.0+git1637-150000.1.9.1.x86_64.rpm libatomic1-11.3.0+git1637-150000.1.9.1.x86_64.rpm libatomic1-32bit-11.3.0+git1637-150000.1.9.1.x86_64.rpm libgcc_s1-11.3.0+git1637-150000.1.9.1.x86_64.rpm libgcc_s1-32bit-11.3.0+git1637-150000.1.9.1.x86_64.rpm libgfortran5-11.3.0+git1637-150000.1.9.1.x86_64.rpm libgfortran5-32bit-11.3.0+git1637-150000.1.9.1.x86_64.rpm libgo19-11.3.0+git1637-150000.1.9.1.x86_64.rpm libgo19-32bit-11.3.0+git1637-150000.1.9.1.x86_64.rpm libgomp1-11.3.0+git1637-150000.1.9.1.x86_64.rpm libgomp1-32bit-11.3.0+git1637-150000.1.9.1.x86_64.rpm libitm1-11.3.0+git1637-150000.1.9.1.x86_64.rpm libitm1-32bit-11.3.0+git1637-150000.1.9.1.x86_64.rpm liblsan0-11.3.0+git1637-150000.1.9.1.x86_64.rpm libobjc4-11.3.0+git1637-150000.1.9.1.x86_64.rpm libobjc4-32bit-11.3.0+git1637-150000.1.9.1.x86_64.rpm libquadmath0-11.3.0+git1637-150000.1.9.1.x86_64.rpm libquadmath0-32bit-11.3.0+git1637-150000.1.9.1.x86_64.rpm libstdc++6-11.3.0+git1637-150000.1.9.1.x86_64.rpm libstdc++6-32bit-11.3.0+git1637-150000.1.9.1.x86_64.rpm libstdc++6-devel-gcc11-11.3.0+git1637-150000.1.9.1.x86_64.rpm libstdc++6-locale-11.3.0+git1637-150000.1.9.1.x86_64.rpm libstdc++6-pp-gcc11-11.3.0+git1637-150000.1.9.1.x86_64.rpm libstdc++6-pp-gcc11-32bit-11.3.0+git1637-150000.1.9.1.x86_64.rpm libtsan0-11.3.0+git1637-150000.1.9.1.x86_64.rpm libubsan1-11.3.0+git1637-150000.1.9.1.x86_64.rpm libubsan1-32bit-11.3.0+git1637-150000.1.9.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-1899 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libtirpc fixes the following issues: - Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176) libtirpc-1.2.6-150300.3.6.1.src.rpm libtirpc-devel-1.2.6-150300.3.6.1.x86_64.rpm libtirpc-netconfig-1.2.6-150300.3.6.1.x86_64.rpm libtirpc3-1.2.6-150300.3.6.1.x86_64.rpm libtirpc3-32bit-1.2.6-150300.3.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-1617 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for gzip fixes the following issues: - CVE-2022-1271: Fix escaping of malicious filenames. (bsc#1198062) gzip-1.10-150200.10.1.src.rpm gzip-1.10-150200.10.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2119 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for salt fixes the following issue: - Make sure SaltCacheLoader use correct fileclient (bsc#1199149) - Fixes for Python 3.10 * Use the same logic in `_compat.py` and `entrypoints.py` to load the same `importlib.metadata.` python3-salt-3004-150400.8.5.2.x86_64.rpm True salt-3004-150400.8.5.2.src.rpm True salt-3004-150400.8.5.2.x86_64.rpm True salt-bash-completion-3004-150400.8.5.2.noarch.rpm True salt-doc-3004-150400.8.5.2.x86_64.rpm True salt-minion-3004-150400.8.5.2.x86_64.rpm True salt-zsh-completion-3004-150400.8.5.2.noarch.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2022-1670 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for openldap2 fixes the following issues: - CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240). libldap-2_4-2-2.4.46-150200.14.8.1.x86_64.rpm libldap-data-2.4.46-150200.14.8.1.noarch.rpm openldap2-2.4.46-150200.14.8.1.src.rpm openldap2-client-2.4.46-150200.14.8.1.x86_64.rpm openldap2-devel-2.4.46-150200.14.8.1.x86_64.rpm openldap2-devel-static-2.4.46-150200.14.8.1.x86_64.rpm libldap-2_4-2-32bit-2.4.46-150200.14.8.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-1909 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for glibc fixes the following issues: - Add the correct name for the IBM Z16 (bsc#1198751). glibc-2.31-150300.26.5.src.rpm glibc-2.31-150300.26.5.x86_64.rpm glibc-devel-2.31-150300.26.5.x86_64.rpm glibc-extra-2.31-150300.26.5.x86_64.rpm glibc-i18ndata-2.31-150300.26.5.noarch.rpm glibc-info-2.31-150300.26.5.noarch.rpm glibc-lang-2.31-150300.26.5.noarch.rpm glibc-locale-2.31-150300.26.5.x86_64.rpm glibc-locale-base-2.31-150300.26.5.x86_64.rpm glibc-locale-base-32bit-2.31-150300.26.5.x86_64.rpm glibc-profile-2.31-150300.26.5.x86_64.rpm nscd-2.31-150300.26.5.x86_64.rpm glibc-32bit-2.31-150300.26.5.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-1882 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for tiff fixes the following issues: - CVE-2022-0561: Fixed null source pointer passed as an argument to memcpy() within TIFFFetchStripThing() in tif_dirread.c (bsc#1195964). - CVE-2022-0562: Fixed null source pointer passed as an argument to memcpy() within TIFFReadDirectory() in tif_dirread.c (bsc#1195965). - CVE-2022-0865: Fixed assertion failure in TIFFReadAndRealloc (bsc#1197066). - CVE-2022-0909: Fixed divide by zero error in tiffcrop that could have led to a denial-of-service via a crafted tiff file (bsc#1197072). - CVE-2022-0924: Fixed out-of-bounds read error in tiffcp that could have led to a denial-of-service via a crafted tiff file (bsc#1197073). - CVE-2022-0908: Fixed null source pointer passed as an argument to memcpy in TIFFFetchNormalTag() (bsc#1197074). - CVE-2022-1056: Fixed out-of-bounds read error in tiffcrop that could have led to a denial-of-service via a crafted tiff file (bsc#1197631). - CVE-2022-0891: Fixed heap buffer overflow in extractImageSection (bsc#1197068). libtiff-devel-4.0.9-150000.45.8.1.x86_64.rpm libtiff5-32bit-4.0.9-150000.45.8.1.x86_64.rpm libtiff5-4.0.9-150000.45.8.1.x86_64.rpm tiff-4.0.9-150000.45.8.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2049 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for binutils fixes the following issues: - Revert back to old behaviour of not ignoring the in-section content of to be relocated fields on x86-64, even though that's a RELA architecture. Compatibility with buggy object files generated by old tools. [bsc#1198422] - Fix a problem in crash not accepting some of our .ko.debug files. (bsc#1191908) binutils-2.37-150100.7.34.1.src.rpm binutils-2.37-150100.7.34.1.x86_64.rpm binutils-devel-2.37-150100.7.34.1.x86_64.rpm libctf-nobfd0-2.37-150100.7.34.1.x86_64.rpm libctf0-2.37-150100.7.34.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-1644 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for clamav fixes the following issues: - CVE-2022-20770: Fixed a possible infinite loop vulnerability in the CHM file parser (bsc#1199242). - CVE-2022-20796: Fixed a possible NULL-pointer dereference crash in the scan verdict cache check (bsc#1199246). - CVE-2022-20771: Fixed a possible infinite loop vulnerability in the TIFF file parser (bsc#1199244). - CVE-2022-20785: Fixed a possible memory leak in the HTML file parser / Javascript normalizer (bsc#1199245). - CVE-2022-20792: Fixed a possible multi-byte heap buffer overflow write vulnerability in the signature database load module (bsc#1199274). clamav-0.103.6-150000.3.38.1.src.rpm clamav-0.103.6-150000.3.38.1.x86_64.rpm clamav-devel-0.103.6-150000.3.38.1.x86_64.rpm libclamav9-0.103.6-150000.3.38.1.x86_64.rpm libfreshclam2-0.103.6-150000.3.38.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-1919 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for udisks2 fixes the following issues: - CVE-2021-3802: Fixed denial of service vulnerability caused by insecure defaults in user-accessible mount helpers (bsc#1190606). libudisks2-0-2.9.2-150400.3.3.1.x86_64.rpm libudisks2-0-devel-2.9.2-150400.3.3.1.x86_64.rpm typelib-1_0-UDisks-2_0-2.9.2-150400.3.3.1.x86_64.rpm udisks2-2.9.2-150400.3.3.1.src.rpm udisks2-2.9.2-150400.3.3.1.x86_64.rpm udisks2-lang-2.9.2-150400.3.3.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2118 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update fixes the following issues: golang-github-QubitProducts-exporter_exporter: - Adapted to build on Enterprise Linux. - Fix build for RedHat 7 - Require Go >= 1.14 also for CentOS - Add support for CentOS - Replace %{?systemd_requires} with %{?systemd_ordering} mgr-cfg: - Version 4.3.6-1 * Corrected source URL in spec file * Fix installation problem for SLE15SP4 due missing python-selinux * Fix python selinux package name depending on build target (bsc#1193600) * Do not build python 2 package for SLE15SP4 and higher * Remove unused legacy code mgr-custom-info: - Version 4.3.3-1 * Remove unused legacy code mgr-daemon: - Version 4.3.4-1 * Corrected source URLs in spec file. * Update translation strings mgr-osad: - Version 4.3.6-1 * Corrected source URL in spec file. * Do not build python 2 package for SLE15SP4 and higher * Removed spacewalk-selinux dependencies. * Updated source url. mgr-push: - Version 4.3.4-1 * Corrected source URLs in spec file. mgr-virtualization: - Version 4.3.5-1 * Corrected source URLs in spec file. * Do not build python 2 package for SLE15SP4 and higher prometheus-blackbox_exporter: - Enhanced to build on Enterprise Linux 8 prometheus-postgres_exporter: - Updated for RHEL8. python-hwdata: - Require python macros for building rhnlib: - Version 4.3.4-1 * Reorganize python files spacecmd: - Version 4.3.11-1 * on full system update call schedulePackageUpdate API (bsc#1197507) * parse boolean paramaters correctly (bsc#1197689) * Add parameter to set containerized proxy SSH port * Add proxy config generation subcommand * Option 'org_createfirst' added to perform initial organization and user creation * Added gettext build requirement for RHEL. * Removed RHEL 5 references. * Include group formulas configuration in spacecmd group_backup and spacecmd group_restore. This changes backup format to json, previously used plain text is still supported for reading (bsc#1190462) * Update translation strings * Improved event history listing and added new system_eventdetails command to retrieve the details of an event * Make schedule_deletearchived to get all actions without display limit * Allow passing a date limit for schedule_deletearchived on spacecmd (bsc#1181223) spacewalk-client-tools: - Version 4.3.9-1 * Corrected source URLs in spec file. * do not build python 2 package for SLE15 * Remove unused legacy code * Update translation strings spacewalk-koan: - Version 4.3.5-1 * Corrected source URLs in spec file. spacewalk-oscap: - Version 4.3.5-1 * Corrected source URLs in spec file. * Do not build python 2 package for SLE15SP4 and higher spacewalk-remote-utils: - Version 4.3.3-1 * Adapt the package for changes in rhnlib supportutils-plugin-susemanager-client: - Version 4.3.2-1 * Add proxy containers config and logs suseRegisterInfo: - Version 4.3.3-1 * Bump version to 4.3.0 supportutils-plugin-salt: - Add support for Salt Bundle uyuni-common-libs: - Version 4.3.4-1 * implement more decompression algorithms for reposync (bsc#1196704) * Reorganize python files * Add decompression of zck files to fileutils supportutils-plugin-salt-1.2.0-150000.3.6.1.noarch.rpm supportutils-plugin-salt-1.2.0-150000.3.6.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-1824 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for dhcp fixes the following issues: - Properly handle DHCRELAY(6)_OPTIONS (bsc#1198657) dhcp-4.3.6.P1-150000.6.14.1.src.rpm dhcp-4.3.6.P1-150000.6.14.1.x86_64.rpm dhcp-client-4.3.6.P1-150000.6.14.1.x86_64.rpm dhcp-devel-4.3.6.P1-150000.6.14.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-1871 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for nftables fixes the following issues: - Fix rare crashes that could occur e.g. in firewalld (bsc#1197606) libnftables1-0.9.8-150300.3.3.1.x86_64.rpm nftables-0.9.8-150300.3.3.1.src.rpm nftables-0.9.8-150300.3.3.1.x86_64.rpm python3-nftables-0.9.8-150300.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-1915 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for autoyast2 fixes the following issues: - Fix detection disk serial and size in the "disks" ERB helper (bsc#1199000) - Fix rules validation when using a dialog (bsc#1199165) autoyast2-4.4.37-150400.3.3.1.noarch.rpm autoyast2-4.4.37-150400.3.3.1.src.rpm autoyast2-installation-4.4.37-150400.3.3.1.noarch.rpm yast2-schema-default-4.4.12-150400.3.3.1.src.rpm yast2-schema-default-4.4.12-150400.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2140 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This security update for golang-github-prometheus-node_exporter provides: Update golang-github-prometheus-node_exporter from version 1.1.2 to version 1.3.0 (bsc#1196338, jsc#SLE-24238, jsc#SLE-24239) - CVE-2022-21698: Denial of service using InstrumentHandlerCounter - Update vendor tarball with prometheus/client_golang 1.11.1 - Update to 1.3.0 * [CHANGE] Add path label to rapl collector #2146 * [CHANGE] Exclude filesystems under /run/credentials #2157 * [CHANGE] Add TCPTimeouts to netstat default filter #2189 * [FEATURE] Add lnstat collector for metrics from /proc/net/stat/ #1771 * [FEATURE] Add darwin powersupply collector #1777 * [FEATURE] Add support for monitoring GPUs on Linux #1998 * [FEATURE] Add Darwin thermal collector #2032 * [FEATURE] Add os release collector #2094 * [FEATURE] Add netdev.address-info collector #2105 * [FEATURE] Add clocksource metrics to time collector #2197 * [ENHANCEMENT] Support glob textfile collector directories #1985 * [ENHANCEMENT] ethtool: Expose node_ethtool_info metric #2080 * [ENHANCEMENT] Use include/exclude flags for ethtool filtering #2165 * [ENHANCEMENT] Add flag to disable guest CPU metrics #2123 * [ENHANCEMENT] Add DMI collector #2131 * [ENHANCEMENT] Add threads metrics to processes collector #2164 * [ENHANCMMENT] Reduce timer GC delays in the Linux filesystem collector #2169 * [ENHANCMMENT] Add TCPTimeouts to netstat default filter #2189 * [ENHANCMMENT] Use SysctlTimeval for boottime collector on BSD #2208 * [BUGFIX] ethtool: Sanitize metric names #2093 * [BUGFIX] Fix ethtool collector for multiple interfaces #2126 * [BUGFIX] Fix possible panic on macOS #2133 * [BUGFIX] Collect flag_info and bug_info only for one core #2156 * [BUGFIX] Prevent duplicate ethtool metric names #2187 - Update to 1.2.2 * Bug fixes Fix processes collector long int parsing #2112 - Update to 1.2.1 * Removed Remove obsolete capture permission denied error fix already included upstream * Bug fixes Fix zoneinfo parsing prometheus/procfs#386 Fix nvme collector log noise #2091 Fix rapl collector log noise #2092 - Update to 1.2.0 * Changes Rename filesystem collector flags to match other collectors #2012 Make node_exporter print usage to STDOUT #203 * Features Add conntrack statistics metrics #1155 Add ethtool stats collector #1832 Add flag to ignore network speed if it is unknown #1989 Add tapestats collector for Linux #2044 Add nvme collector #2062 * Enhancements Add ErrorLog plumbing to promhttp #1887 Add more Infiniband counters #2019 netclass: retrieve interface names and filter before parsing #2033 Add time zone offset metric #2060 * Bug fixes Handle errors from disabled PSI subsystem #1983 Fix panic when using backwards compatible flags #2000 Fix wrong value for OpenBSD memory buffer cache #2015 Only initiate collectors once #2048 Handle small backwards jumps in CPU idle #2067 - Capture permission denied error for "energy_uj" file (bsc#1190535) golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1.src.rpm golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-1930 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libarchive fixes the following issues: - CVE-2022-26280: Fixed out-of-bounds read via the component zipx_lzma_alone_init (bsc#1197634). - CVE-2021-36976: Fixed use-after-free in copy_string (called from do_uncompress_block and process_block) (bsc#1188572). - CVE-2017-5601: Fixed out-of-bounds memory access preventing denial-of-service (bsc#1197634, bsc#1189528). libarchive-3.5.1-150400.3.3.1.src.rpm libarchive-devel-3.5.1-150400.3.3.1.x86_64.rpm libarchive13-3.5.1-150400.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2112 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for gnutls fixes the following issues: - FIPS: Make sure zeroization is performed in all API functions [bsc#1191021] - FIPS: Add missing requirements for the SLI [bsc#1190698] * Remove 3DES from FIPS approved algorithms: * DRBG service (gnutls_rnd) should be considered approved: - FIPS: Mark AES-GCM as approved in the TLS context [bsc#1194907] gnutls-3.7.3-150400.4.3.6.src.rpm gnutls-3.7.3-150400.4.3.6.x86_64.rpm libgnutls-devel-3.7.3-150400.4.3.6.x86_64.rpm libgnutls30-3.7.3-150400.4.3.6.x86_64.rpm libgnutls30-32bit-3.7.3-150400.4.3.6.x86_64.rpm libgnutls30-hmac-3.7.3-150400.4.3.6.x86_64.rpm libgnutls30-hmac-32bit-3.7.3-150400.4.3.6.x86_64.rpm libgnutlsxx-devel-3.7.3-150400.4.3.6.x86_64.rpm libgnutlsxx28-3.7.3-150400.4.3.6.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4139 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libpfm fixes the following issues: - Remove python2 support. (bsc#1196709, bsc#1197770) libpfm-4.11.0-150400.5.3.1.src.rpm libpfm-devel-4.11.0-150400.5.3.1.x86_64.rpm libpfm4-4.11.0-150400.5.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2737 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for gedit fixes the following issues: - Add necessary dependency to resolve schema "is not installed" error after install in WSL (bsc#1198312) gedit-40.1-150400.4.3.1.src.rpm python3-gedit-40.1-150400.4.3.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2975 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for osinfo-db fixes the following issues: - Add support for SUSE Linux Enterprise 15 Service Pack 4 (bsc#1197958) - Add support for SUSE Linux Enterprise Micro 5.2 - Fix openSUSE Tumbleweed unattended installation with libvirt failing (bsc#1196965) - Update to database version 20220214 osinfo-db-20220214-150400.3.3.1.noarch.rpm osinfo-db-20220214-150400.3.3.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2625 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for dracut fixes the following issues: - fix(bluetooth): accept compressed firmwares in inst_multiple (bsc#1200236) - fix(bluetooth): make hostonly configuration files optional (bsc#1195047) - fix(convertfs): ignore commented lines in fstab (bsc#1200251) - fix(crypt): remove quotes from cryptsetupopts (bsc#1197635) - fix(dracut-install): copy files preserving ownership attributes (bsc#1197967) - fix(dracut-systemd): do not require vconsole-setup.service (bsc#1195508) - fix(integrity): do not display any error if there is no IMA certificate (bsc#1187654) - fix(iscsi): remove unneeded iscsi NOP-disable code (bsc#1196267) - fix(lvm): restore setting LVM_MD_PV_ACTIVATED (bsc#1195604) - fix(network-legacy): support rd.net.timeout.dhcp (bsc#1200360) - fix(nfs): /var is not mounted during the transactional-update run (bsc#1184970) - fix(nfs): give /run/rpcbind ownership to rpc user (bsc#1177461) dracut-055+suse.279.g3b3c36b2-150400.3.5.1.src.rpm dracut-055+suse.279.g3b3c36b2-150400.3.5.1.x86_64.rpm dracut-fips-055+suse.279.g3b3c36b2-150400.3.5.1.x86_64.rpm dracut-ima-055+suse.279.g3b3c36b2-150400.3.5.1.x86_64.rpm dracut-mkinitrd-deprecated-055+suse.279.g3b3c36b2-150400.3.5.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-1934 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for openvpn fixes the following issues: - CVE-2022-0547: Fixed possible authentication bypass in external authentication plug-in (bsc#1197341). - By default the --suppress-timestamps flag is not needed (bsc#1123557). openvpn-2.5.6-150400.3.3.1.src.rpm openvpn-2.5.6-150400.3.3.1.x86_64.rpm openvpn-auth-pam-plugin-2.5.6-150400.3.3.1.x86_64.rpm openvpn-devel-2.5.6-150400.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-1727 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20220510 release. (bsc#1199423) Updated to Intel CPU Microcode 20220419 release. (bsc#1198717) - CVE-2022-21151: Processor optimization removal or modification of security-critical code for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access (bsc#1199423). ucode-intel-20220510-150200.14.1.src.rpm ucode-intel-20220510-150200.14.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-1925 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for patch fixes the following issues: Security issues fixed: - CVE-2019-13636: Fixed follow symlinks unless --follow-symlinks is given. This increases the security against malicious patches (bsc#1142041). - CVE-2018-6952: Fixed swapping fakelines in pch_swap. This bug was causing a double free leading to a crash (bsc#1080985). Bugfixes: - Abort when cleaning up fails. This bug could cause an infinite loop when a patch wouldn't apply, leading to a segmentation fault (bsc#1111572). - Pass the correct stat to backup files. This bug would occasionally cause backup files to be missing when all hunks failed to apply (bsc#1198106). patch-2.7.6-150000.5.3.1.src.rpm patch-2.7.6-150000.5.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-1908 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for postgresql14 fixes the following issues: - CVE-2022-1552: Confine additional operations within "security restricted operation" sandboxes (bsc#1199475). libpq5-14.3-150200.5.12.2.x86_64.rpm postgresql14-14.3-150200.5.12.1.src.rpm postgresql14-14.3-150200.5.12.2.src.rpm postgresql14-14.3-150200.5.12.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-1720 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for python-rtslib-fb fixes the following issues: - Update parameters description. - Enable the 'disable_emulate_legacy_capacity' parameter. (bsc#1199090) python-rtslib-fb-2.1.74-150300.3.3.1.src.rpm python-rtslib-fb-common-2.1.74-150300.3.3.1.noarch.rpm python3-rtslib-fb-2.1.74-150300.3.3.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-1898 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for fribidi fixes the following issues: - CVE-2022-25308: Fixed stack out of bounds read (bsc#1196147). - CVE-2022-25309: Fixed heap-buffer-overflow in fribidi_cap_rtl_to_unicode (bsc#1196148). - CVE-2022-25310: Fixed NULL pointer dereference in fribidi_remove_bidi_marks (bsc#1196150). fribidi-1.0.10-150400.3.3.1.src.rpm fribidi-1.0.10-150400.3.3.1.x86_64.rpm fribidi-devel-1.0.10-150400.3.3.1.x86_64.rpm libfribidi0-1.0.10-150400.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-1826 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for nut fixes the following issues: - Fix package build requirements (bsc#1197789) libupsclient1-2.7.4-150000.6.3.1.x86_64.rpm nut-2.7.4-150000.6.3.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2831 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures fixes the following issues: - Update in SLE-15 (bsc#1196696, bsc#1195916, jsc#SLE-23972) - Remove redundant python3 dependency from Requires - Update regular expression to fix python shebang - Style is enforced upstream and triggers unnecessary build version requirements - Allow specifying fs_id in cloudwatch log group name - Includes fix for stunnel path - Added hardening to systemd service(s). - Raise minimal pytest version - Fix typo in the ansi2html Requires - Cleanup with spec-cleaner - Make sure the tests are really executed - Remove useless devel dependency - Multiprocessing support in Python 3.8 was broken, but is now fixed - Bumpy the URL to point to github rather than to docs python-apipkg-1.4-150000.3.2.1.src.rpm python-iniconfig-1.1.1-150000.1.3.1.src.rpm python-py-1.10.0-150000.5.9.2.src.rpm python3-apipkg-1.4-150000.3.2.1.noarch.rpm python3-iniconfig-1.1.1-150000.1.3.1.noarch.rpm python3-py-1.10.0-150000.5.9.2.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2396 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for logrotate fixes the following issues: Security issues fixed: - CVE-2022-1348: Fixed insecure permissions for state file creation (bsc#1199652). - Improved coredump handing for SUID binaries (bsc#1192449). Non-security issues fixed: - Fixed "logrotate emits unintended warning: keyword size not properly separated, found 0x3d" (bsc#1200278, bsc#1200802). logrotate-3.18.1-150400.3.7.1.src.rpm logrotate-3.18.1-150400.3.7.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-1861 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for cups fixes the following issues: - CVE-2022-26691: Fixed an authentication bypass and code execution vulnerability (bsc#1199474) cups-2.2.7-150000.3.32.1.src.rpm cups-2.2.7-150000.3.32.1.x86_64.rpm cups-client-2.2.7-150000.3.32.1.x86_64.rpm cups-config-2.2.7-150000.3.32.1.x86_64.rpm cups-devel-2.2.7-150000.3.32.1.x86_64.rpm libcups2-2.2.7-150000.3.32.1.x86_64.rpm libcups2-32bit-2.2.7-150000.3.32.1.x86_64.rpm libcupscgi1-2.2.7-150000.3.32.1.x86_64.rpm libcupsimage2-2.2.7-150000.3.32.1.x86_64.rpm libcupsmime1-2.2.7-150000.3.32.1.x86_64.rpm libcupsppdc1-2.2.7-150000.3.32.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2994 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame adds some missing 32bit libraries to some products. (bsc#1198925) No codechanges were done in this update. flac-1.3.2-150000.3.11.1.src.rpm flac-devel-1.3.2-150000.3.11.1.x86_64.rpm lame-3.100-150000.3.2.1.src.rpm libFLAC++6-1.3.2-150000.3.11.1.x86_64.rpm libFLAC8-1.3.2-150000.3.11.1.x86_64.rpm libmp3lame0-3.100-150000.3.2.1.x86_64.rpm libogg-1.3.2-150000.3.2.1.src.rpm libogg-devel-1.3.2-150000.3.2.1.x86_64.rpm libogg0-1.3.2-150000.3.2.1.x86_64.rpm libopus-devel-1.3.1-150000.3.8.1.x86_64.rpm libopus0-1.3.1-150000.3.8.1.x86_64.rpm libsndfile-1.0.28-150000.5.17.1.src.rpm libsndfile-devel-1.0.28-150000.5.17.1.x86_64.rpm libsndfile1-1.0.28-150000.5.17.1.x86_64.rpm libspeex1-1.2-150000.3.5.2.x86_64.rpm libtwolame0-0.3.13-150000.3.2.2.x86_64.rpm libvorbis-1.3.6-150000.4.5.2.src.rpm libvorbis-devel-1.3.6-150000.4.5.2.x86_64.rpm libvorbis0-1.3.6-150000.4.5.2.x86_64.rpm libvorbisenc2-1.3.6-150000.4.5.2.x86_64.rpm libvorbisfile3-1.3.6-150000.4.5.2.x86_64.rpm libxcb-1.13-150000.3.9.1.src.rpm libxcb-composite0-1.13-150000.3.9.1.x86_64.rpm libxcb-damage0-1.13-150000.3.9.1.x86_64.rpm libxcb-devel-1.13-150000.3.9.1.x86_64.rpm libxcb-devel-doc-1.13-150000.3.9.1.noarch.rpm libxcb-dpms0-1.13-150000.3.9.1.x86_64.rpm libxcb-dri2-0-1.13-150000.3.9.1.x86_64.rpm libxcb-dri2-0-32bit-1.13-150000.3.9.1.x86_64.rpm libxcb-dri3-0-1.13-150000.3.9.1.x86_64.rpm libxcb-glx0-1.13-150000.3.9.1.x86_64.rpm libxcb-glx0-32bit-1.13-150000.3.9.1.x86_64.rpm libxcb-present0-1.13-150000.3.9.1.x86_64.rpm libxcb-present0-32bit-1.13-150000.3.9.1.x86_64.rpm libxcb-randr0-1.13-150000.3.9.1.x86_64.rpm libxcb-record0-1.13-150000.3.9.1.x86_64.rpm libxcb-render0-1.13-150000.3.9.1.x86_64.rpm libxcb-res0-1.13-150000.3.9.1.x86_64.rpm libxcb-screensaver0-1.13-150000.3.9.1.x86_64.rpm libxcb-shape0-1.13-150000.3.9.1.x86_64.rpm libxcb-shm0-1.13-150000.3.9.1.x86_64.rpm libxcb-shm0-32bit-1.13-150000.3.9.1.x86_64.rpm libxcb-sync1-1.13-150000.3.9.1.x86_64.rpm libxcb-sync1-32bit-1.13-150000.3.9.1.x86_64.rpm libxcb-xf86dri0-1.13-150000.3.9.1.x86_64.rpm libxcb-xfixes0-1.13-150000.3.9.1.x86_64.rpm libxcb-xinerama0-1.13-150000.3.9.1.x86_64.rpm libxcb-xinput0-1.13-150000.3.9.1.x86_64.rpm libxcb-xkb1-1.13-150000.3.9.1.x86_64.rpm libxcb-xtest0-1.13-150000.3.9.1.x86_64.rpm libxcb-xv0-1.13-150000.3.9.1.x86_64.rpm libxcb-xvmc0-1.13-150000.3.9.1.x86_64.rpm libxcb1-1.13-150000.3.9.1.x86_64.rpm libxcb1-32bit-1.13-150000.3.9.1.x86_64.rpm opus-1.3.1-150000.3.8.1.src.rpm speex-1.2-150000.3.5.2.src.rpm speex-devel-1.2-150000.3.5.2.x86_64.rpm twolame-0.3.13-150000.3.2.2.src.rpm libxcb-dri3-0-32bit-1.13-150000.3.9.1.x86_64.rpm libxcb-xfixes0-32bit-1.13-150000.3.9.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-1936 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for sssd fixes the following issues: - Update sss_cache command's manpage to clarify its effects on the memory cache. (bsc#1199393) sssd-1.16.1-150300.23.31.1.src.rpm sssd-common-32bit-1.16.1-150300.23.31.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-1907 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for hunspell fixes the following issues: - Add requirement for english dictionary (bsc#1199209) hunspell-1.6.2-150000.3.11.1.src.rpm hunspell-1.6.2-150000.3.11.1.x86_64.rpm hunspell-devel-1.6.2-150000.3.11.1.x86_64.rpm hunspell-tools-1.6.2-150000.3.11.1.x86_64.rpm libhunspell-1_6-0-1.6.2-150000.3.11.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4081 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944). update-alternatives-1.19.0.4-150000.4.4.1.src.rpm update-alternatives-1.19.0.4-150000.4.4.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2054 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for u-boot fixes the following issues: - CVE-2022-30552: A large buffer overflow could have lead to a denial of service in the IP Packet deframentation code. (bsc#1200363) - CVE-2022-30790: A Hole Descriptor Overwrite could have lead to an arbitrary out of bounds write primitive. (bsc#1200364) - CVE-2022-30767: Fixed an unbounded memcpy with a failed length check leading to a buffer overflow (bsc#1199623). u-boot-2021.10-150400.4.5.1.src.rpm u-boot-tools-2021.10-150400.4.5.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2035 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for grub2 fixes the following issues: This update provides security fixes and hardenings for Boothole 3 / Boothole 2022 (bsc#1198581) - CVE-2021-3695: Fixed that a crafted PNG grayscale image could lead to out-of-bounds write in heap (bsc#1191184) - CVE-2021-3696: Fixed that a crafted PNG image could lead to out-of-bound write during huffman table handling (bsc#1191185) - CVE-2021-3697: Fixed that a crafted JPEG image could lead to buffer underflow write in the heap (bsc#1191186) - CVE-2022-28733: Fixed fragmentation math in net/ip (bsc#1198460) - CVE-2022-28734: Fixed an out-of-bound write for split http headers (bsc#1198493) - CVE-2022-28735: Fixed some verifier framework changes (bsc#1198495) - CVE-2022-28736: Fixed a use-after-free in chainloader command (bsc#1198496) - Update SBAT security contact (bsc#1193282) - Bump grub's SBAT generation to 2 - Use boot disks in OpenFirmware, fixing regression caused when the root LV is completely in the boot LUN (bsc#1197948) grub2-2.06-150400.11.5.2.src.rpm grub2-2.06-150400.11.5.2.x86_64.rpm grub2-i386-pc-2.06-150400.11.5.2.noarch.rpm grub2-snapper-plugin-2.06-150400.11.5.2.noarch.rpm grub2-systemd-sleep-plugin-2.06-150400.11.5.2.noarch.rpm grub2-x86_64-efi-2.06-150400.11.5.2.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3280 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for yast2-storage-ng fixes the following issues: - Partitioner: Allow min chunk size of 4 KiB (page size) for RAID0/RAID10. (bsc#1200018) - Mark properly help text in tmpfs widget for localization. (bsc#1198192) - Fix empty help in some Partitioner dialogs. (bsc#1194274) - Fix fstab entry filesystem matching allowing the use of quotes surrounding the device 'UUID' or label. (bsc#1197692) yast2-storage-ng-4.4.40-150400.3.3.1.src.rpm yast2-storage-ng-4.4.40-150400.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3449 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for perl-Bootloader fixes the following issues: - Fix sysconfig parsing (bsc#1198828) - grub2/install: Reset error code when passing through recover code. (bsc#1198197) perl-Bootloader-0.939-150400.3.3.1.src.rpm perl-Bootloader-0.939-150400.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2713 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for bind fixes the following issues: - CVE-2021-25219: Fixed flaw that allowed abusing lame cache to severely degrade resolver performance (bsc#1192146). - CVE-2021-25220: Fixed potentially incorrect answers by cached forwarders (bsc#1197135). - CVE-2022-0396: Fixed a incorrect handling of TCP connection slots time frame leading to deny of service (bsc#1197136). The following non-security bugs were fixed: - Update to release 9.16.31 (jsc#SLE-24600). - Logrotation broken since dropping chroot (bsc#1200685). - A non-existent initialization script (eg a leftorver "createNamedConfInclude" in /etc/sysconfig/named) may cause named not to start. A warning message is printed in named.prep and the fact is ignored. Also, the return value of a failed script was not handled properly causing a failed script to not prevent named to start. This is now fixed properly. [bsc#1199044, vendor-files.tar.bz2] bind-9.16.31-150400.5.6.1.src.rpm bind-utils-9.16.31-150400.5.6.1.x86_64.rpm python3-bind-9.16.31-150400.5.6.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4041 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libuv fixes the following issues: - Remove epoll syscall wrappers. (bsc#1199062) libuv-1.18.0-150400.11.3.1.src.rpm libuv-devel-1.18.0-150400.11.3.1.x86_64.rpm libuv1-1.18.0-150400.11.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2595 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for mozilla-nss fixes the following issues: Various FIPS 140-3 related fixes were backported from SUSE Linux Enterprise 15 SP4: - Makes the PBKDF known answer test compliant with NIST SP800-132. (bsc#1192079). - FIPS: Add on-demand integrity tests through sftk_FIPSRepeatIntegrityCheck() (bsc#1198980). - FIPS: mark algorithms as approved/non-approved according to security policy (bsc#1191546, bsc#1201298). - FIPS: remove hard disabling of unapproved algorithms. This requirement is now fulfilled by the service level indicator (bsc#1200325). - Run test suite at build time, and make it pass (bsc#1198486). - FIPS: skip algorithms that are hard disabled in FIPS mode. - Prevent expired PayPalEE cert from failing the tests. - Allow checksumming to be disabled, but only if we entered FIPS mode due to NSS_FIPS being set, not if it came from /proc. - FIPS: Make the PBKDF known answer test compliant with NIST SP800-132. - Update FIPS validation string to version-release format. - FIPS: remove XCBC MAC from list of FIPS approved algorithms. - Enable NSS_ENABLE_FIPS_INDICATORS and set NSS_FIPS_MODULE_ID for build. - FIPS: claim 3DES unapproved in FIPS mode (bsc#1192080). - FIPS: allow testing of unapproved algorithms (bsc#1192228). - FIPS: add version indicators. (bmo#1729550, bsc#1192086). - FIPS: fix some secret clearing (bmo#1697303, bsc#1192087). Version update to NSS 3.79: - Use PK11_GetSlotInfo instead of raw C_GetSlotInfo calls. - Update mercurial in clang-format docker image. - Use of uninitialized pointer in lg_init after alloc fail. - selfserv and tstclnt should use PR_GetPrefLoopbackAddrInfo. - Add SECMOD_LockedModuleHasRemovableSlots. - Fix secasn1d parsing of indefinite SEQUENCE inside indefinite GROUP. - Added RFC8422 compliant TLS <= 1.2 undefined/compressed ECPointFormat extension alerts. - TLS 1.3 Server: Send protocol_version alert on unsupported ClientHello.legacy_version. - Correct invalid record inner and outer content type alerts. - NSS does not properly import or export pkcs12 files with large passwords and pkcs5v2 encoding. - improve error handling after nssCKFWInstance_CreateObjectHandle. - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. - NSS 3.79 should depend on NSPR 4.34 Version update to NSS 3.78.1: - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple Version update to NSS 3.78: - Added TLS 1.3 zero-length inner plaintext checks and tests, zero-length record/fragment handling tests. - Reworked overlong record size checks and added TLS1.3 specific boundaries. - Add ECH Grease Support to tstclnt - Add a strict variant of moz::pkix::CheckCertHostname. - Change SSL_REUSE_SERVER_ECDHE_KEY default to false. - Make SEC_PKCS12EnableCipher succeed - Update zlib in NSS to 1.2.12. Version update to NSS 3.77: - Fix link to TLS page on wireshark wiki - Add two D-TRUST 2020 root certificates. - Add Telia Root CA v2 root certificate. - Remove expired explicitly distrusted certificates from certdata.txt. - support specific RSA-PSS parameters in mozilla::pkix - Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate. - Remove token member from NSSSlot struct. - Provide secure variants of mpp_pprime and mpp_make_prime. - Support UTF-8 library path in the module spec string. - Update nssUTF8_Length to RFC 3629 and fix buffer overrun. - Update googletest to 1.11.0 - Add SetTls13GreaseEchSize to experimental API. - TLS 1.3 Illegal legacy_version handling/alerts. - Fix calculation of ECH HRR Transcript. - Allow ld path to be set as environment variable. - Ensure we don't read uninitialized memory in ssl gtests. - Fix DataBuffer Move Assignment. - internal_error alert on Certificate Request with sha1+ecdsa in TLS 1.3 - rework signature verification in mozilla::pkix Version update to NSS 3.76.1 - Remove token member from NSSSlot struct. - Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots. - Check return value of PK11Slot_GetNSSToken. - Use Wycheproof JSON for RSASSA-PSS - Add SHA256 fingerprint comments to old certdata.txt entries. - Avoid truncating files in nss-release-helper.py. - Throw illegal_parameter alert for illegal extensions in handshake message. Version update to NSS 3.75 - Make DottedOIDToCode.py compatible with python3. - Avoid undefined shift in SSL_CERT_IS while fuzzing. - Remove redundant key type check. - Update ABI expectations to match ECH changes. - Enable CKM_CHACHA20. - check return on NSS_NoDB_Init and NSS_Shutdown. - Run ECDSA test vectors from bltest as part of the CI tests. - Add ECDSA test vectors to the bltest command line tool. - Allow to build using clang's integrated assembler. - Allow to override python for the build. - test HKDF output rather than input. - Use ASSERT macros to end failed tests early. - move assignment operator for DataBuffer. - Add test cases for ECH compression and unexpected extensions in SH. - Update tests for ECH-13. - Tidy up error handling. - Add tests for ECH HRR Changes. - Server only sends GREASE HRR extension if enabled by preference. - Update generation of the Associated Data for ECH-13. - When ECH is accepted, reject extensions which were only advertised in the Outer Client Hello. - Allow for compressed, non-contiguous, extensions. - Scramble the PSK extension in CHOuter. - Split custom extension handling for ECH. - Add ECH-13 HRR Handling. - Client side ECH padding. - Stricter ClientHelloInner Decompression. - Remove ECH_inner extension, use new enum format. - Update the version number for ECH-13 and adjust the ECHConfig size. Version update to NSS 3.74 - mozilla::pkix: support SHA-2 hashes in CertIDs in OCSP responses - Ensure clients offer consistent ciphersuites after HRR - NSS does not properly restrict server keys based on policy - Set nssckbi version number to 2.54 - Replace Google Trust Services LLC (GTS) R4 root certificate - Replace Google Trust Services LLC (GTS) R3 root certificate - Replace Google Trust Services LLC (GTS) R2 root certificate - Replace Google Trust Services LLC (GTS) R1 root certificate - Replace GlobalSign ECC Root CA R4 - Remove Expired Root Certificates - DST Root CA X3 - Remove Expiring Cybertrust Global Root and GlobalSign root certificates - Add renewed Autoridad de Certificacion Firmaprofesional CIF A62634068 root certificate - Add iTrusChina ECC root certificate - Add iTrusChina RSA root certificate - Add ISRG Root X2 root certificate - Add Chunghwa Telecom's HiPKI Root CA - G1 root certificate - Avoid a clang 13 unused variable warning in opt build - Check for missing signedData field - Ensure DER encoded signatures are within size limits - enable key logging option (boo#1195040) Version update to NSS 3.73.1: - Add SHA-2 support to mozilla::pkix's OSCP implementation Version update to NSS 3.73 - check for missing signedData field. - Ensure DER encoded signatures are within size limits. - NSS needs FiPS 140-3 version indicators. - pkix_CacheCert_Lookup doesn't return cached certs - sunset Coverity from NSS Fixed MFSA 2021-51 (bsc#1193170) CVE-2021-43527: Memory corruption via DER-encoded DSA and RSA-PSS signatures Version update to NSS 3.72 - Fix nsinstall parallel failure. - Increase KDF cache size to mitigate perf regression in about:logins Version update to NSS 3.71 - Set nssckbi version number to 2.52. - Respect server requirements of tlsfuzzer/test-tls13-signature-algorithms.py - Import of PKCS#12 files with Camellia encryption is not supported - Add HARICA Client ECC Root CA 2021. - Add HARICA Client RSA Root CA 2021. - Add HARICA TLS ECC Root CA 2021. - Add HARICA TLS RSA Root CA 2021. - Add TunTrust Root CA certificate to NSS. Version update to NSS 3.70 - Update test case to verify fix. - Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max - Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback - Avoid using a lookup table in nssb64d. - Use HW accelerated SHA2 on AArch64 Big Endian. - Change default value of enableHelloDowngradeCheck to true. - Cache additional PBE entries. - Read HPKE vectors from official JSON. Version update to NSS 3.69.1: - Disable DTLS 1.0 and 1.1 by default - integrity checks in key4.db not happening on private components with AES_CBC NSS 3.69: - Disable DTLS 1.0 and 1.1 by default (backed out again) - integrity checks in key4.db not happening on private components with AES_CBC (backed out again) - SSL handling of signature algorithms ignores environmental invalid algorithms. - sqlite 3.34 changed it's open semantics, causing nss failures. - Gtest update changed the gtest reports, losing gtest details in all.sh reports. - NSS incorrectly accepting 1536 bit DH primes in FIPS mode - SQLite calls could timeout in starvation situations. - Coverity/cpp scanner errors found in nss 3.67 - Import the NSS documentation from MDN in nss/doc. - NSS using a tempdir to measure sql performance not active Version Update to 3.68.4 (bsc#1200027) - CVE-2022-31741: Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. (bmo#1767590) libfreebl3-3.79-150400.3.7.1.x86_64.rpm libfreebl3-32bit-3.79-150400.3.7.1.x86_64.rpm libfreebl3-hmac-3.79-150400.3.7.1.x86_64.rpm libsoftokn3-3.79-150400.3.7.1.x86_64.rpm libsoftokn3-32bit-3.79-150400.3.7.1.x86_64.rpm libsoftokn3-hmac-3.79-150400.3.7.1.x86_64.rpm libsoftokn3-hmac-32bit-3.79-150400.3.7.1.x86_64.rpm mozilla-nss-3.79-150400.3.7.1.src.rpm mozilla-nss-3.79-150400.3.7.1.x86_64.rpm mozilla-nss-32bit-3.79-150400.3.7.1.x86_64.rpm mozilla-nss-certs-3.79-150400.3.7.1.x86_64.rpm mozilla-nss-devel-3.79-150400.3.7.1.x86_64.rpm mozilla-nss-sysinit-3.79-150400.3.7.1.x86_64.rpm mozilla-nss-tools-3.79-150400.3.7.1.x86_64.rpm libfreebl3-hmac-32bit-3.79-150400.3.7.1.x86_64.rpm mozilla-nss-certs-32bit-3.79-150400.3.7.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2533 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for mozilla-nss fixes the following issues: Various FIPS 140-3 related fixes were backported from SUSE Linux Enterprise 15 SP4: - Makes the PBKDF known answer test compliant with NIST SP800-132. (bsc#1192079). - FIPS: Add on-demand integrity tests through sftk_FIPSRepeatIntegrityCheck() (bsc#1198980). - FIPS: mark algorithms as approved/non-approved according to security policy (bsc#1191546, bsc#1201298). - FIPS: remove hard disabling of unapproved algorithms. This requirement is now fulfilled by the service level indicator (bsc#1200325). - Run test suite at build time, and make it pass (bsc#1198486). - FIPS: skip algorithms that are hard disabled in FIPS mode. - Prevent expired PayPalEE cert from failing the tests. - Allow checksumming to be disabled, but only if we entered FIPS mode due to NSS_FIPS being set, not if it came from /proc. - FIPS: Make the PBKDF known answer test compliant with NIST SP800-132. - Update FIPS validation string to version-release format. - FIPS: remove XCBC MAC from list of FIPS approved algorithms. - Enable NSS_ENABLE_FIPS_INDICATORS and set NSS_FIPS_MODULE_ID for build. - FIPS: claim 3DES unapproved in FIPS mode (bsc#1192080). - FIPS: allow testing of unapproved algorithms (bsc#1192228). - FIPS: add version indicators. (bmo#1729550, bsc#1192086). - FIPS: fix some secret clearing (bmo#1697303, bsc#1192087). Version update to NSS 3.79: - Use PK11_GetSlotInfo instead of raw C_GetSlotInfo calls. - Update mercurial in clang-format docker image. - Use of uninitialized pointer in lg_init after alloc fail. - selfserv and tstclnt should use PR_GetPrefLoopbackAddrInfo. - Add SECMOD_LockedModuleHasRemovableSlots. - Fix secasn1d parsing of indefinite SEQUENCE inside indefinite GROUP. - Added RFC8422 compliant TLS <= 1.2 undefined/compressed ECPointFormat extension alerts. - TLS 1.3 Server: Send protocol_version alert on unsupported ClientHello.legacy_version. - Correct invalid record inner and outer content type alerts. - NSS does not properly import or export pkcs12 files with large passwords and pkcs5v2 encoding. - improve error handling after nssCKFWInstance_CreateObjectHandle. - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. - NSS 3.79 should depend on NSPR 4.34 Version update to NSS 3.78.1: - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple Version update to NSS 3.78: - Added TLS 1.3 zero-length inner plaintext checks and tests, zero-length record/fragment handling tests. - Reworked overlong record size checks and added TLS1.3 specific boundaries. - Add ECH Grease Support to tstclnt - Add a strict variant of moz::pkix::CheckCertHostname. - Change SSL_REUSE_SERVER_ECDHE_KEY default to false. - Make SEC_PKCS12EnableCipher succeed - Update zlib in NSS to 1.2.12. Version update to NSS 3.77: - Fix link to TLS page on wireshark wiki - Add two D-TRUST 2020 root certificates. - Add Telia Root CA v2 root certificate. - Remove expired explicitly distrusted certificates from certdata.txt. - support specific RSA-PSS parameters in mozilla::pkix - Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate. - Remove token member from NSSSlot struct. - Provide secure variants of mpp_pprime and mpp_make_prime. - Support UTF-8 library path in the module spec string. - Update nssUTF8_Length to RFC 3629 and fix buffer overrun. - Update googletest to 1.11.0 - Add SetTls13GreaseEchSize to experimental API. - TLS 1.3 Illegal legacy_version handling/alerts. - Fix calculation of ECH HRR Transcript. - Allow ld path to be set as environment variable. - Ensure we don't read uninitialized memory in ssl gtests. - Fix DataBuffer Move Assignment. - internal_error alert on Certificate Request with sha1+ecdsa in TLS 1.3 - rework signature verification in mozilla::pkix Version update to NSS 3.76.1 - Remove token member from NSSSlot struct. - Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots. - Check return value of PK11Slot_GetNSSToken. - Use Wycheproof JSON for RSASSA-PSS - Add SHA256 fingerprint comments to old certdata.txt entries. - Avoid truncating files in nss-release-helper.py. - Throw illegal_parameter alert for illegal extensions in handshake message. Version update to NSS 3.75 - Make DottedOIDToCode.py compatible with python3. - Avoid undefined shift in SSL_CERT_IS while fuzzing. - Remove redundant key type check. - Update ABI expectations to match ECH changes. - Enable CKM_CHACHA20. - check return on NSS_NoDB_Init and NSS_Shutdown. - Run ECDSA test vectors from bltest as part of the CI tests. - Add ECDSA test vectors to the bltest command line tool. - Allow to build using clang's integrated assembler. - Allow to override python for the build. - test HKDF output rather than input. - Use ASSERT macros to end failed tests early. - move assignment operator for DataBuffer. - Add test cases for ECH compression and unexpected extensions in SH. - Update tests for ECH-13. - Tidy up error handling. - Add tests for ECH HRR Changes. - Server only sends GREASE HRR extension if enabled by preference. - Update generation of the Associated Data for ECH-13. - When ECH is accepted, reject extensions which were only advertised in the Outer Client Hello. - Allow for compressed, non-contiguous, extensions. - Scramble the PSK extension in CHOuter. - Split custom extension handling for ECH. - Add ECH-13 HRR Handling. - Client side ECH padding. - Stricter ClientHelloInner Decompression. - Remove ECH_inner extension, use new enum format. - Update the version number for ECH-13 and adjust the ECHConfig size. Version update to NSS 3.74 - mozilla::pkix: support SHA-2 hashes in CertIDs in OCSP responses - Ensure clients offer consistent ciphersuites after HRR - NSS does not properly restrict server keys based on policy - Set nssckbi version number to 2.54 - Replace Google Trust Services LLC (GTS) R4 root certificate - Replace Google Trust Services LLC (GTS) R3 root certificate - Replace Google Trust Services LLC (GTS) R2 root certificate - Replace Google Trust Services LLC (GTS) R1 root certificate - Replace GlobalSign ECC Root CA R4 - Remove Expired Root Certificates - DST Root CA X3 - Remove Expiring Cybertrust Global Root and GlobalSign root certificates - Add renewed Autoridad de Certificacion Firmaprofesional CIF A62634068 root certificate - Add iTrusChina ECC root certificate - Add iTrusChina RSA root certificate - Add ISRG Root X2 root certificate - Add Chunghwa Telecom's HiPKI Root CA - G1 root certificate - Avoid a clang 13 unused variable warning in opt build - Check for missing signedData field - Ensure DER encoded signatures are within size limits - enable key logging option (boo#1195040) Version update to NSS 3.73.1: - Add SHA-2 support to mozilla::pkix's OSCP implementation Version update to NSS 3.73 - check for missing signedData field. - Ensure DER encoded signatures are within size limits. - NSS needs FiPS 140-3 version indicators. - pkix_CacheCert_Lookup doesn't return cached certs - sunset Coverity from NSS Fixed MFSA 2021-51 (bsc#1193170) CVE-2021-43527: Memory corruption via DER-encoded DSA and RSA-PSS signatures Version update to NSS 3.72 - Fix nsinstall parallel failure. - Increase KDF cache size to mitigate perf regression in about:logins Version update to NSS 3.71 - Set nssckbi version number to 2.52. - Respect server requirements of tlsfuzzer/test-tls13-signature-algorithms.py - Import of PKCS#12 files with Camellia encryption is not supported - Add HARICA Client ECC Root CA 2021. - Add HARICA Client RSA Root CA 2021. - Add HARICA TLS ECC Root CA 2021. - Add HARICA TLS RSA Root CA 2021. - Add TunTrust Root CA certificate to NSS. Version update to NSS 3.70 - Update test case to verify fix. - Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max - Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback - Avoid using a lookup table in nssb64d. - Use HW accelerated SHA2 on AArch64 Big Endian. - Change default value of enableHelloDowngradeCheck to true. - Cache additional PBE entries. - Read HPKE vectors from official JSON. Version update to NSS 3.69.1: - Disable DTLS 1.0 and 1.1 by default - integrity checks in key4.db not happening on private components with AES_CBC NSS 3.69: - Disable DTLS 1.0 and 1.1 by default (backed out again) - integrity checks in key4.db not happening on private components with AES_CBC (backed out again) - SSL handling of signature algorithms ignores environmental invalid algorithms. - sqlite 3.34 changed it's open semantics, causing nss failures. - Gtest update changed the gtest reports, losing gtest details in all.sh reports. - NSS incorrectly accepting 1536 bit DH primes in FIPS mode - SQLite calls could timeout in starvation situations. - Coverity/cpp scanner errors found in nss 3.67 - Import the NSS documentation from MDN in nss/doc. - NSS using a tempdir to measure sql performance not active Version Update to 3.68.4 (bsc#1200027) - CVE-2022-31741: Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. (bmo#1767590) Mozilla NSPR was updated to version 4.34: * add an API that returns a preferred loopback IP on hosts that have two IP stacks available. mozilla-nspr-4.34-150000.3.23.1.src.rpm mozilla-nspr-4.34-150000.3.23.1.x86_64.rpm mozilla-nspr-devel-4.34-150000.3.23.1.x86_64.rpm mozilla-nspr-32bit-4.34-150000.3.23.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3501 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for aws-cli, python-boto3, python-botocore fixes the following issues: Update AWS SDK and CLI in SUSE Linux Enterprise 15 (bsc#1199716, jsc#PED-1851) aws-cli: - Update from version 1.20.7 to version 1.24.4 (bsc#1199716, jsc#PED-1851) - For detailed changes see packaged CHANGELOG.rst or https://raw.githubusercontent.com/aws/aws-cli/1.24.4/CHANGELOG.rst - Updated required dependencies python-boto3: - Update from version 1.18.7 to version 1.23.4 (bsc#1199716, jsc#PED-1851) - For detailed changes see https://github.com/boto/boto3/blob/develop/CHANGELOG.rst#1234 - Updated required dependencies python-botocore: - Update from version 1.21.7 to version 1.26.4 (bsc#1199716, jsc#PED-1851) - For detailed changes see https://github.com/boto/botocore/blob/develop/CHANGELOG.rst#1264 - Updated required dependencies python-boto3-1.23.4-150200.23.9.1.src.rpm python-botocore-1.26.4-150200.37.9.1.src.rpm python3-boto3-1.23.4-150200.23.9.1.noarch.rpm python3-botocore-1.26.4-150200.37.9.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2071 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for webkit2gtk3 fixes the following issues: Update to version 2.36.3 (bsc#1200106) - CVE-2022-30293: Fixed heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer (bsc#1199287). - CVE-2022-26700: Fixed memory corruption issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106). - CVE-2022-26709: Fixed use after free issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106). - CVE-2022-26716: Fixed use after free issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106). - CVE-2022-26717: Fixed memory corruption issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106). - CVE-2022-26719: Fixed memory corruption issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106). libjavascriptcoregtk-4_0-18-2.36.3-150400.4.3.1.x86_64.rpm libwebkit2gtk-4_0-37-2.36.3-150400.4.3.1.x86_64.rpm typelib-1_0-JavaScriptCore-4_0-2.36.3-150400.4.3.1.x86_64.rpm typelib-1_0-WebKit2-4_0-2.36.3-150400.4.3.1.x86_64.rpm typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150400.4.3.1.x86_64.rpm webkit2gtk-4_0-injected-bundles-2.36.3-150400.4.3.1.x86_64.rpm webkit2gtk3-soup2-2.36.3-150400.4.3.1.src.rpm webkit2gtk3-soup2-devel-2.36.3-150400.4.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2296 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for xen fixes the following issues: - CVE-2022-26362: Fixed race condition in typeref acquisition (bsc#1199965) - CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (bsc#1199966) xen-4.16.1_04-150400.4.5.2.src.rpm True xen-libs-4.16.1_04-150400.4.5.2.x86_64.rpm True xen-tools-domU-4.16.1_04-150400.4.5.2.x86_64.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2022-2260 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for qemu fixes the following issues: - CVE-2022-26354: Fixed missing virtqueue detach on error can lead to memory leak (bsc#1198712) - CVE-2022-26353: Fixed map leaking on error during receive (bsc#1198711) - CVE-2021-4207: Fixed double fetch in qxl_cursor() can lead to heap buffer overflow (bsc#1198037) - CVE-2021-4206: Fixed integer overflow in cursor_alloc() can lead to heap buffer overflow (bsc#1198035) qemu-6.2.0-150400.37.5.3.src.rpm qemu-tools-6.2.0-150400.37.5.3.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2308 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). libopenssl-1_1-devel-1.1.1l-150400.7.7.1.x86_64.rpm libopenssl1_1-1.1.1l-150400.7.7.1.x86_64.rpm libopenssl1_1-32bit-1.1.1l-150400.7.7.1.x86_64.rpm libopenssl1_1-hmac-1.1.1l-150400.7.7.1.x86_64.rpm libopenssl1_1-hmac-32bit-1.1.1l-150400.7.7.1.x86_64.rpm openssl-1_1-1.1.1l-150400.7.7.1.src.rpm openssl-1_1-1.1.1l-150400.7.7.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2711 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libnvme, nvme-cli fixes the following issues: - Reduce log noise and export error codes (bsc#1199994 bsc#1199503) - Apply configuration from JSON file (bsc#1199503) - fabrics: Already connected uses a different error code (bsc#1199994) - fabrics: skip connect if the transport types don't match (bsc#1199994) - nvme-print: Show ANA state only for one namespace (bsc#1200044 bsc#1199956 bsc#1199990) - fabrics: Honor config file for connect-all (bsc#1199504) libnvme-1.0-150400.3.3.4.src.rpm libnvme-devel-1.0-150400.3.3.4.x86_64.rpm libnvme1-1.0-150400.3.3.4.x86_64.rpm nvme-cli-2.0-150400.3.3.3.src.rpm nvme-cli-2.0-150400.3.3.3.x86_64.rpm nvme-cli-bash-completion-2.0-150400.3.3.3.x86_64.rpm nvme-cli-zsh-completion-2.0-150400.3.3.3.x86_64.rpm python3-libnvme-1.0-150400.3.3.4.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2633 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for mokutil fixes the following issues: - Adds SBAT revocation support to mokutil. (bsc#1198458) New options added (see manpage): - mokutil --set-sbat-policy (latest | previous | delete) to set the SBAT acceptance policy. - mokutil --list-sbat-revocations To list the current SBAT revocations. mokutil-0.5.0-150400.3.3.1.src.rpm mokutil-0.5.0-150400.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2520 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 The SUSE Linux Enterprise 15 SP4 kernel was updated. The following security bugs were fixed: - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657). - CVE-2022-34918: Fixed a buffer overflow with nft_set_elem_init() that could be used by a local attacker to escalate privileges (bnc#1201171). - CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050). - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). - CVE-2022-2318: Fixed a use-after-free vulnerabilities in the timer handler in net/rose/rose_timer.c that allow attackers to crash the system without any privileges (bsc#1201251). - CVE-2022-1462: Fixed an out-of-bounds read flaw in the TeleTYpe subsystem (bnc#1198829). - CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762). - CVE-2022-33743: Fixed a Denial of Service related to XDP (bsc#1200763). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bnc#1199487). - CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bnc#1200619). - CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692) - CVE-2022-1012: Fixed information leak caused by small table perturb size in the TCP source port generation algorithm (bsc#1199482). - CVE-2022-1998: Fixed a use after free in the file system notify functionality (bnc#1200284). - CVE-2022-1966: Fixed a use-after-free vulnerability in the Netfilter subsystem. This flaw allowed a local attacker with user access to cause a privilege escalation issue. (bnc#1200015) - CVE-2022-1852: Fixed a null-ptr-deref in the kvm module which can lead to DoS. (bsc#1199875) - CVE-2022-1789: Fixed a NULL pointer dereference when shadow paging is enabled. (bnc#1199674) - CVE-2022-1508: Fixed an out-of-bounds read flaw that could cause the system to crash. (bsc#1198968) - CVE-2022-1671: Fixed a null-ptr-deref bugs in net/rxrpc/server_key.c, unprivileged users could easily trigger it via ioctl. (bsc#1199439) - CVE-2022-1651: Fixed a bug in ACRN Device Model emulates virtual NICs in VM. This flaw may allow a local privileged attacker to leak kernel unauthorized information and also cause a denial of service problem. (bsc#1199433) - CVE-2022-29582: Fixed a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race condition perhaps can only be exploited infrequently. (bnc#1198811) - CVE-2022-0494: Fixed a kernel information leak flaw in the scsi_ioctl function. This flaw allowed a local attacker with a special user privilege to create issues with confidentiality. (bnc#1197386) - CVE-2021-4204: Fixed a vulnerability that allows local attackers to escalate privileges on affected installations via ebpf. (bnc#1194111) - CVE-2022-23222: Fixed a bug that allowed local users to gain privileges. (bnc#1194765) - CVE-2022-0264: Fixed a vulnerability in the Linux kernel's eBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel. (bnc#1194826) - CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197227) - CVE-2022-1205: Fixed null pointer dereference and use-after-free vulnerabilities that allow an attacker to crash the linux kernel by simulating Amateur Radio. (bsc#1198027) - CVE-2022-1198: Fixed an use-after-free vulnerability that allow an attacker to crash the linux kernel by simulating Amateur Radio (bsc#1198030). - CVE-2022-1972: Fixed a buffer overflow in nftable that could lead to privilege escalation. (bsc#1200019) - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507). - CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063). - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505). - CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426). - CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space. (bsc#1200144) - CVE-2022-21499: Reinforce the kernel lockdown feature, until now it's been trivial to break out of it with kgdb or kdb. (bsc#1199426) - CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when mounting and operating on a corrupted image. (bsc#1198577) - CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605) - CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were not considered, which lead to a move_data_page NULL pointer dereference (bsc#1195987). - CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079) - CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could crash the system or corrupt the system memory. (bsc#1196830) - CVE-2021-45402: The check_alu_op function in kernel/bpf/verifier.c did not properly update bounds while handling the mov32 instruction, which allowed local users to obtain potentially sensitive address information (bsc#1196130). The following non-security bugs were fixed: - ACPI: APEI: fix return value of __setup handlers (git-fixes). - ACPI/APEI: Limit printable size of BERT table data (git-fixes). - ACPI: battery: Add device HID and quirk for Microsoft Surface Go 3 (git-fixes). - ACPI: bus: Avoid using CPPC if not supported by firmware (bsc#1199793). - ACPICA: Avoid cache flush inside virtual machines (git-fixes). - ACPICA: Avoid walking the ACPI Namespace if it is not there (git-fixes). - ACPI: CPPC: Assume no transition latency if no PCCT (git-fixes). - ACPI: CPPC: Avoid out of bounds access when parsing _CPC data (git-fixes). - ACPI: docs: enumeration: Amend PWM enumeration ASL example (git-fixes). - ACPI: docs: enumeration: Discourage to use custom _DSM methods (git-fixes). - ACPI: docs: enumeration: Remove redundant .owner assignment (git-fixes). - ACPI: docs: enumeration: Update UART serial bus resource documentation (git-fixes). - ACPI/IORT: Check node revision for PMCG resources (git-fixes). - ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default (git-fixes). - ACPI: PM: Revert "Only mark EC GPE for wakeup on Intel systems" (git-fixes). - ACPI: PM: s2idle: Cancel wakeup before dispatching EC GPE (git-fixes). - ACPI: processor idle: Allow playing dead in C3 state (git-fixes). - ACPI: processor: idle: Avoid falling back to C3 type C-states (git-fixes). - ACPI: processor idle: Check for architectural support for LPI (git-fixes). - ACPI: processor: idle: fix lockup regression on 32-bit ThinkPad T40 (git-fixes). - ACPI: properties: Consistently return -ENOENT if there are no more references (git-fixes). - ACPI: property: Release subnode properties with data nodes (git-fixes). - ACPI: sysfs: Fix BERT error region memory mapping (git-fixes). - ACPI: video: Change how we determine if brightness key-presses are handled (git-fixes). - ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU (git-fixes). - ACPI / x86: Work around broken XSDT on Advantech DAC-BJ01 board (git-fixes). - af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register (git-fixes). - aio: Fix incorrect usage of eventfd_signal_allowed() (git-fixes). - ALSA: cmipci: Restore aux vol on suspend/resume (git-fixes). - ALSA: core: Add snd_card_free_on_error() helper (git-fixes). - ALSA: cs4236: fix an incorrect NULL check on list iterator (git-fixes). - ALSA: ctxfi: Add SB046x PCI ID (git-fixes). - ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction (git-fixes). - ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes (git-fixes). - ALSA: hda: Add AlderLake-PS variant PCI ID (git-fixes). - ALSA: hda: Add PCI and HDMI IDs for Intel Raptor Lake (git-fixes). - ALSA: hda: Avoid unsol event during RPM suspending (git-fixes). - ALSA: hda/conexant - Fix loopback issue with CX20632 (git-fixes). - ALSA: hda/conexant: Fix missing beep setup (git-fixes). - ALSA: hda: Fix discovery of i915 graphics PCI device (bsc#1200611). - ALSA: hda: Fix driver index handling at re-binding (git-fixes). - ALSA: hda: Fix missing codec probe on Shenker Dock 15 (git-fixes). - ALSA: hda: Fix regression on forced probe mask option (git-fixes). - ALSA: hda: Fix signedness of sscanf() arguments (git-fixes). - ALSA: hda - fix unused Realtek function when PM is not enabled (git-fixes). - ALSA: hda/hdmi: fix warning about PCM count when used with SOF (git-fixes). - ALSA: hda/i915: Fix one too many pci_dev_put() (git-fixes). - ALSA: hda/i915 - skip acomp init if no matching display (git-fixes). - ALSA: hda: intel-dspcfg: use SOF for UpExtreme and UpExtreme11 boards (git-fixes). - ALSA: hda: intel-dsp-config: update AlderLake PCI IDs (git-fixes). - ALSA: hda: intel-nhlt: remove use of __func__ in dev_dbg (git-fixes). - ALSA: hda/realtek: Add alc256-samsung-headphone fixup (git-fixes). - ALSA: hda/realtek - Add HW8326 support (git-fixes). - ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570 ALC1220 quirks (git-fixes). - ALSA: hda/realtek: Add mute LED quirk for HP Omen laptop (git-fixes). - ALSA: hda/realtek - Add new type for ALC245 (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GA402 (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GU603 (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NP50PNJ (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NP70PNJ (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NP70PNP (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NS50PU (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PD50PNT (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PD70PNT (git-fixes). - ALSA: hda/realtek: Add quirk for Dell Latitude 7520 (git-fixes). - ALSA: hda/realtek: Add quirk for HP Dev One (git-fixes). - ALSA: hda/realtek: Add quirk for Legion Y9000X 2019 (git-fixes). - ALSA: hda/realtek: add quirk for Lenovo Thinkpad X12 speakers (git-fixes). - ALSA: hda/realtek: Add quirk for the Framework Laptop (git-fixes). - ALSA: hda/realtek: Add quirk for TongFang devices with pop noise (git-fixes). - ALSA: hda/realtek: Add quirk for Yoga Duet 7 13ITL6 speakers (git-fixes). - ALSA: hda/realtek - ALC897 headset MIC no sound (git-fixes). - ALSA: hda/realtek: Apply fixup for Lenovo Yoga Duet 7 properly (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9520 laptop (git-fixes). - ALSA: hda/realtek: Enable headset mic on Lenovo P360 (git-fixes). - ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020 (git-fixes). - ALSA: hda/realtek: Fix deadlock by COEF mutex (bsc#1195913). - ALSA: hda/realtek: Fix for quirk to enable speaker output on the Lenovo Yoga DuetITL 2021 (git-fixes). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (git-fixes). - ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS (git-fixes). - ALSA: hda: realtek: Fix race at concurrent COEF updates (git-fixes). - ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine (git-fixes). - ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machines (git-fixes). - ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after reboot from Windows (git-fixes). - ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master (newer chipset) (git-fixes). - ALSA: hda: Set max DMA segment size (git-fixes). - ALSA: hda: Skip codec shutdown in case the codec is not registered (git-fixes). - ALSA: hda/via: Fix missing beep setup (git-fixes). - ALSA: intel_hdmi: Fix reference to PCM buffer address (git-fixes). - ALSA: memalloc: Fix dma_need_sync() checks (bsc#1195913). - ALSA: memalloc: invalidate SG pages before sync (bsc#1195913). - ALSA: oss: Fix PCM OSS buffer allocation overflow (git-fixes). - ALSA: pci: fix reading of swapped values from pcmreg in AC97 codec (git-fixes). - ALSA: pcm: Add stream lock during PCM reset ioctl operations (git-fixes). - ALSA: pcm: Check for null pointer of pointer substream before dereferencing it (git-fixes). - ALSA: pcm: Fix races among concurrent hw_params and hw_free calls (git-fixes). - ALSA: pcm: Fix races among concurrent prealloc proc writes (git-fixes). - ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls (git-fixes). - ALSA: pcm: Fix races among concurrent read/write and buffer changes (git-fixes). - ALSA: pcm: Test for "silence" field in struct "pcm_format_data" (git-fixes). - ALSA: spi: Add check for clk_enable() (git-fixes). - ALSA: usb-audio: add mapping for MSI MAG X570S Torpedo MAX (git-fixes). - ALSA: usb-audio: add mapping for new Corsair Virtuoso SE (git-fixes). - ALSA: usb-audio: Add missing ep_idx in fixed EP quirks (git-fixes). - ALSA: usb-audio: Add mute TLV for playback volumes on RODE NT-USB (git-fixes). - ALSA: usb-audio: Add quirk bits for enabling/disabling generic implicit fb (git-fixes). - ALSA: usb-audio: Cancel pending work at closing a MIDI substream (git-fixes). - ALSA: usb-audio: Cap upper limits of buffer/period bytes for implicit fb (git-fixes). - ALSA: usb-audio: Clear MIDI port active flag after draining (git-fixes). - ALSA: usb-audio: Configure sync endpoints before data (git-fixes). - ALSA: usb-audio: Correct quirk for VF0770 (git-fixes). - ALSA: usb-audio: Do not abort resume upon errors (bsc#1195913). - ALSA: usb-audio: Do not get sample rate for MCT Trigger 5 USB-to-HDMI (git-fixes). - ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant (git-fixes). - ALSA: usb-audio: Increase max buffer size (git-fixes). - ALSA: usb-audio: initialize variables that could ignore errors (git-fixes). - ALSA: usb-audio: Limit max buffer and period sizes per time (git-fixes). - ALSA: usb-audio: Move generic implicit fb quirk entries into quirks.c (git-fixes). - ALSA: usb-audio: Optimize TEAC clock quirk (git-fixes). - ALSA: usb-audio: Restore Rane SL-1 quirk (git-fixes). - ALSA: usb-audio: revert to IMPLICIT_FB_FIXED_DEV for M-Audio FastTrack Ultra (git-fixes). - ALSA: usb-audio: Set up (implicit) sync for Saffire 6 (git-fixes). - ALSA: usb-audio: Skip generic sync EP parse for secondary EP (git-fixes). - ALSA: usb-audio: US16x08: Move overflow check before array access (git-fixes). - ALSA: usb-audio: Workaround for clock setup on TEAC devices (git-fixes). - ALSA: wavefront: Proper check of get_user() error (git-fixes). - ALSA: x86: intel_hdmi_audio: enable pm_runtime and set autosuspend delay (git-fixes). - ALSA: x86: intel_hdmi_audio: use pm_runtime_resume_and_get() (git-fixes). - alx: acquire mutex for alx_reinit in alx_change_mtu (git-fixes). - amd/display: set backlight only if required (git-fixes). - arch/arm64: Fix topology initialization for core scheduling (git-fixes). - arm64: Add Cortex-A510 CPU part definition (git-fixes). - arm64: Add part number for Arm Cortex-A78AE (git-fixes). - arm64: Add support for user sub-page fault probing (git-fixes) - arm64: alternatives: mark patch_alternative() as `noinstr` (git-fixes). - arm64: avoid fixmap race condition when create pud mapping (git-fixes). - arm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall (git-fixes). - arm64: Correct wrong label in macro __init_el2_gicv3 (git-fixes). - arm64: defconfig: build imx-sdma as a module (git-fixes). - arm64: do not abuse pfn_valid() to ensure presence of linear map (git-fixes). - arm64: Do not defer reserve_crashkernel() for platforms with no DMA memory zones (git-fixes). - arm64: Do not include __READ_ONCE() block in assembly files (git-fixes). - arm64: dts: agilex: use the compatible "intel,socfpga-agilex-hsotg" (git-fixes). - arm64: dts: armada-3720-turris-mox: Add missing ethernet0 alias (git-fixes). - arm64: dts: broadcom: bcm4908: use proper TWD binding (git-fixes). - arm64: dts: broadcom: Fix sata nodename (git-fixes). - arm64: dts: imx8mm-beacon: Enable RTS-CTS on UART3 (git-fixes). - arm64: dts: imx8mm-venice: fix spi2 pin configuration (git-fixes) - arm64: dts: imx8mn-beacon: Enable RTS-CTS on UART3 (git-fixes). - arm64: dts: imx8mn-ddr4-evk: Describe the 32.768 kHz PMIC clock (git-fixes) - arm64: dts: imx8mn: Fix SAI nodes (git-fixes) - arm64: dts: imx8mp-evk: correct eqos pad settings (git-fixes). - arm64: dts: imx8mp-evk: correct gpio-led pad settings (git-fixes). - arm64: dts: imx8mp-evk: correct I2C1 pad settings (git-fixes). - arm64: dts: imx8mp-evk: correct I2C3 pad settings (git-fixes). - arm64: dts: imx8mp-evk: correct mmc pad settings (git-fixes). - arm64: dts: imx8mp-evk: correct the uart2 pinctl value (git-fixes). - arm64: dts: imx8mp-evk: correct vbus pad settings (git-fixes). - arm64: dts: imx8mp-phyboard-pollux-rdk: correct eqos pad settings (git-fixes). - arm64: dts: imx8mp-phyboard-pollux-rdk: correct i2c2 & mmc settings (git-fixes). - arm64: dts: imx8mp-phyboard-pollux-rdk: correct uart pad settings (git-fixes). - arm64: dts: imx8mq: fix lcdif port node (git-fixes). - arm64: dts: imx8qm: Correct SCU clock controller's compatible (git-fixes) - arm64: dts: imx: Fix imx8*-var-som touchscreen property sizes (git-fixes). - arm64: dts: juno: Remove GICv2m dma-range (git-fixes). - arm64: dts: ls1028a-qds: move rtc node to the correct i2c bus (git-fixes). - arm64: dts: ls1043a: Update i2c dma properties (git-fixes). - arm64: dts: ls1046a: Update i2c node dma properties (git-fixes). - arm64: dts: marvell: armada-37xx: Remap IO space to bus address 0x0 (git-fixes). - arm64: dts: marvell: espressobin-ultra: enable front USB3 port (git-fixes). - arm64: dts: marvell: espressobin-ultra: fix SPI-NOR config (git-fixes). - arm64: dts: meson-g12: add ATF BL32 reserved-memory region (git-fixes). - arm64: dts: meson-g12b-odroid-n2: fix typo 'dio2133' (git-fixes). - arm64: dts: meson-g12: drop BL32 region from SEI510/SEI610 (git-fixes). - arm64: dts: meson-gx: add ATF BL32 reserved-memory region (git-fixes). - arm64: dts: meson: remove CPU opps below 1GHz for G12B boards (git-fixes). - arm64: dts: meson: remove CPU opps below 1GHz for SM1 boards (git-fixes). - arm64: dts: meson-sm1-bananapi-m5: fix wrong GPIO domain for GPIOE_2 (git-fixes). - arm64: dts: meson-sm1-bananapi-m5: fix wrong GPIO pin labeling for CON1 (git-fixes). - arm64: dts: meson-sm1-odroid: fix boot loop after reboot (git-fixes). - arm64: dts: meson-sm1-odroid: use correct enable-gpio pin for tf-io regulator (git-fixes). - arm64: dts: mt8192: Fix nor_flash status disable typo (git-fixes). - arm64: dts: ns2: Fix spi-cpol and spi-cpha property (git-fixes). - arm64: dts: qcom: ipq8074: fix the sleep clock frequency (git-fixes). - arm64: dts: qcom: msm8916-huawei-g7: Clarify installation instructions (git-fixes). - arm64: dts: qcom: msm8994: Fix BLSP[12]_DMA channels count (git-fixes). - arm64: dts: qcom: msm8994: Fix CPU6/7 reg values (git-fixes). - arm64: dts: qcom: msm8994: Fix the cont_splash_mem address (git-fixes). - arm64: dts: qcom: msm8996: Drop flags for mdss irqs (git-fixes). - arm64: dts: qcom: msm8996: remove snps,dw-pcie compatibles (git-fixes). - arm64: dts: qcom: pm8350c: stop depending on thermal_zones label (git-fixes). - arm64: dts: qcom: pmr735a: stop depending on thermal_zones label (git-fixes). - arm64: dts: qcom: qrb5165-rb5: Fix can-clock node name (git-fixes). - arm64: dts: qcom: sdm845-db845c: add wifi variant property (git-fixes). - arm64: dts: qcom: sdm845: Drop flags for mdss irqs (git-fixes). - arm64: dts: qcom: sdm845: fix microphone bias properties and values (git-fixes). - arm64: dts: qcom: sdm845: remove snps,dw-pcie compatibles (git-fixes). - arm64: dts: qcom: sdm845-xiaomi-beryllium: fix typo in panel's vddio-supply property (git-fixes). - arm64: dts: qcom: sm8150: Correct TCS configuration for apps rsc (git-fixes). - arm64: dts: qcom: sm8250: Drop flags for mdss irqs (git-fixes). - arm64: dts: qcom: sm8250: Fix MSI IRQ for PCIe1 and PCIe2 (git-fixes). - arm64: dts: qcom: sm8250: fix PCIe bindings to follow schema (git-fixes). - arm64: dts: qcom: sm8350: Correct TCS configuration for apps rsc (git-fixes). - arm64: dts: qcom: sm8350: Correct UFS symbol clocks (git-fixes). - arm64: dts: qcom: sm8350: Describe GCC dependency clocks (git-fixes). - arm64: dts: qcom: sm8350: Shorten camera-thermal-bottom name (git-fixes). - arm64: dts: renesas: Fix thermal bindings (git-fixes). - arm64: dts: renesas: ulcb-kf: fix wrong comment (git-fixes). - arm64: dts: rockchip: align pl330 node name with dtschema (git-fixes). - arm64: dts: rockchip: fix rk3399-puma eMMC HS400 signal integrity (git-fixes). - arm64: dts: rockchip: fix rk3399-puma-haikou USB OTG mode (git-fixes). - arm64: dts: rockchip: Fix SDIO regulator supply properties on rk3399-firefly (git-fixes). - arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399 (git-fixes). - arm64: dts: rockchip: reorder rk3399 hdmi clocks (git-fixes). - arm64: dts: rockchip: Switch RK3399-Gru DP to SPDIF output (git-fixes). - arm64: dts: ti: j7200-main: Fix 'dtbs_check' serdes_ln_ctrl node (git-fixes). - arm64: dts: ti: j721e-main: Fix 'dtbs_check' in serdes_ln_ctrl node (git-fixes). - arm64: dts: ti: k3-am64: Fix gic-v3 compatible regs (git-fixes). - arm64: dts: ti: k3-am64-main: Remove support for HS400 speed mode (git-fixes). - arm64: dts: ti: k3-am64-mcu: remove incorrect UART base clock rates (git-fixes). - arm64: dts: ti: k3-am65: Fix gic-v3 compatible regs (git-fixes). - arm64: dts: ti: k3-j7200: Fix gic-v3 compatible regs (git-fixes). - arm64: dts: ti: k3-j721e: Fix gic-v3 compatible regs (git-fixes). - arm64: Enable repeat tlbi workaround on KRYO4XX gold CPUs (git-fixes). - arm64: Ensure execute-only permissions are not allowed without EPAN (git-fixes) - arm64: fix clang warning about TRAMP_VALIAS (git-fixes). - arm64: fix types in copy_highpage() (git-fixes). - arm64: ftrace: consistently handle PLTs (git-fixes). - arm64: ftrace: fix branch range checks (git-fixes). - arm64: kasan: fix include error in MTE functions (git-fixes). - arm64: kvm: keep the field workaround_flags in structure kvm_vcpu_arch (git-fixes). - arm64: Mark start_backtrace() notrace and NOKPROBE_SYMBOL (git-fixes) - arm64: mm: Drop 'const' from conditional arm64_dma_phys_limit definition (git-fixes). - arm64: mm: fix p?d_leaf() (git-fixes). - arm64: module: remove (NOLOAD) from linker script (git-fixes). - arm64: mte: Ensure the cleared tags are visible before setting the PTE (git-fixes). - arm64: paravirt: Use RCU read locks to guard stolen_time (git-fixes). - arm64: patch_text: Fixup last cpu should be master (git-fixes). - arm64: prevent instrumentation of bp hardening callbacks (git-fixes). - arm64: signal: nofpsimd: Do not allocate fp/simd context when not available (git-fixes). - arm64: stackleak: fix current_top_of_stack() (git-fixes). - arm64: supported.conf: mark PHY_FSL_IMX8MQ_USB as supported (bsc#1199909) - arm64: tegra: Add missing DFLL reset on Tegra210 (git-fixes). - arm64: tegra: Adjust length of CCPLEX cluster MMIO region (git-fixes). - arm64: Update config files. (bsc#1199909) Add pfuze100 regulator as module - arm64: vdso: fix makefile dependency on vdso.so (git-fixes). - ARM: 9178/1: fix unmet dependency on BITREVERSE for HAVE_ARCH_BITREVERSE (git-fixes). - ARM: 9182/1: mmu: fix returns from early_param() and __setup() functions (git-fixes). - ARM: 9187/1: JIVE: fix return value of __setup handler (git-fixes). - ARM: 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame() (git-fixes). - ARM: 9196/1: spectre-bhb: enable for Cortex-A15 (git-fixes). - ARM: 9197/1: spectre-bhb: fix loop8 sequence for Thumb2 (git-fixes). - ARM: at91: fix soc detection for SAM9X60 SiPs (git-fixes). - ARM: at91: pm: use proper compatible for sama5d2's rtc (git-fixes). - ARM: at91: pm: use proper compatibles for sam9x60's rtc and rtt (git-fixes). - ARM: boot: dts: bcm2711: Fix HVS register range (git-fixes). - ARM: cns3xxx: Fix refcount leak in cns3xxx_init (git-fixes). - ARM: configs: multi_v5_defconfig: re-enable CONFIG_V4L_PLATFORM_DRIVERS (git-fixes). - ARM: configs: multi_v5_defconfig: re-enable DRM_PANEL and FB_xxx (git-fixes). - ARM: config: u8500: Re-enable AB8500 battery charging (git-fixes). - ARM: davinci: da850-evm: Avoid NULL pointer dereference (git-fixes). - ARM: Do not use NOCROSSREFS directive with ld.lld (git-fixes). - ARM: dts: am3517-evm: Fix misc pinmuxing (git-fixes). - ARM: dts: aspeed: Add ADC for AST2600 and enable for Rainier and Everest (git-fixes). - ARM: dts: aspeed: Add secure boot controller node (git-fixes). - ARM: dts: aspeed: Add video engine to g6 (git-fixes). - ARM: dts: aspeed: ast2600-evb: Enable RX delay for MAC0/MAC1 (git-fixes). - ARM: dts: aspeed: Fix AST2600 quad spi group (git-fixes). - ARM: dts: aspeed-g6: fix SPI1/SPI2 quad pin group (git-fixes). - ARM: dts: aspeed-g6: remove FWQSPID group in pinctrl dtsi (git-fixes). - ARM: dts: at91: fix pinctrl phandles (git-fixes). - ARM: dts: at91: Map MCLK for wm8731 on at91sam9g20ek (git-fixes). - ARM: dts: at91: sam9x60ek: fix eeprom compatible and size (git-fixes). - ARM: dts: at91: sama5d2: Fix PMERRLOC resource size (git-fixes). - ARM: dts: at91: sama5d2_icp: fix eeprom compatibles (git-fixes). - ARM: dts: at91: sama5d4_xplained: fix pinctrl phandle name (git-fixes). - ARM: dts: bcm2711: Add the missing L1/L2 cache information (git-fixes). - ARM: dts: bcm2711-rpi-400: Fix GPIO line names (git-fixes). - ARM: dts: bcm2835-rpi-b: Fix GPIO line names (git-fixes). - ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT (git-fixes). - ARM: dts: bcm2837: Add the missing L1/L2 cache information (git-fixes). - ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED (git-fixes). - ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C (git-fixes). - ARM: dts: BCM5301X: update CRU block description (git-fixes). - ARM: dts: BCM5301X: Update pin controller node name (git-fixes). - ARM: dts: ci4x10: Adapt to changes in imx6qdl.dtsi regarding fec clocks (git-fixes). - ARM: dts: dra7: Fix suspend warning for vpe powerdomain (git-fixes). - ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM (git-fixes). - ARM: dts: exynos: add missing HDMI supplies on SMDK5250 (git-fixes). - ARM: dts: exynos: add missing HDMI supplies on SMDK5420 (git-fixes). - ARM: dts: exynos: fix UART3 pins configuration in Exynos5250 (git-fixes). - ARM: dts: Fix boot regression on Skomer (git-fixes). - ARM: dts: Fix mmc order for omap3-gta04 (git-fixes). - ARM: dts: Fix OpenBMC flash layout label addresses (git-fixes). - ARM: dts: Fix timer regression for beagleboard revision c (git-fixes). - ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group (git-fixes). - ARM: dts: imx6dl-colibri: Fix I2C pinmuxing (git-fixes). - ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue (git-fixes). - ARM: dts: imx6qdl: correct PU regulator ramp delay (git-fixes). - ARM: dts: imx6qdl-udoo: Properly describe the SD card detect (git-fixes). - ARM: dts: imx6ull-colibri: fix vqmmc regulator (git-fixes). - ARM: dts: imx7: Move hsic_phy power domain to HSIC PHY node (git-fixes). - ARM: dts: imx7ulp: Fix 'assigned-clocks-parents' typo (git-fixes). - ARM: dts: imx7: Use audio_mclk_post_div instead audio_mclk_root_clk (git-fixes). - ARM: dts: imx8mm-venice-gw{71xx,72xx,73xx}: fix OTG controller OC (git-fixes) - ARM: dts: imx: Add missing LVDS decoder on M53Menlo (git-fixes). - ARM: dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35 (git-fixes). - ARM: dts: meson8b: Fix the UART device-tree schema validation (git-fixes). - ARM: dts: meson8: Fix the UART device-tree schema validation (git-fixes). - ARM: dts: meson: Fix the UART compatible strings (git-fixes). - ARM: dts: ox820: align interrupt controller node name with dtschema (git-fixes). - ARM: dts: qcom: fix gic_irq_domain_translate warnings for msm8960 (git-fixes). - ARM: dts: qcom: ipq4019: fix sleep clock (git-fixes). - ARM: dts: qcom: msm8974: Drop flags for mdss irqs (git-fixes). - ARM: dts: qcom: sdx55: fix IPA interconnect definitions (git-fixes). - ARM: dts: rockchip: fix a typo on rk3288 crypto-controller (git-fixes). - ARM: dts: rockchip: reorder rk322x hmdi clocks (git-fixes). - ARM: dts: s5pv210: align DMA channels with dtschema (git-fixes). - ARM: dts: s5pv210: Correct interrupt name for bluetooth in Aries (git-fixes). - ARM: dts: s5pv210: Remove spi-cs-high on panel in Aries (git-fixes). - ARM: dts: socfpga: align interrupt controller node name with dtschema (git-fixes). - ARM: dts: socfpga: change qspi to "intel,socfpga-qspi" (git-fixes). - ARM: dts: spear1340: Update serial node properties (git-fixes). - ARM: dts: spear13xx: Update SPI dma properties (git-fixes). - ARM: dts: stm32: fix AV96 board SAI2 pin muxing on stm32mp15 (git-fixes). - ARM: dts: stm32: Fix PHY post-reset delay on Avenger96 (git-fixes). - ARM: dts: sun8i: v3s: Move the csi1 block to follow address order (git-fixes). - ARM: dts: suniv: F1C100: fix watchdog compatible (git-fixes). - ARM: dts: switch timer config to common devkit8000 devicetree (git-fixes). - ARM: dts: Use 32KiHz oscillator on devkit8000 (git-fixes). - ARM: exynos: Fix refcount leak in exynos_map_pmu (git-fixes). - ARM: fix build warning in proc-v7-bugs.c (git-fixes). - ARM: fix co-processor register typo (git-fixes). - ARM: Fix kgdb breakpoint for Thumb2 (git-fixes). - ARM: Fix refcount leak in axxia_boot_secondary (git-fixes). - ARM: fix Thumb2 regression with Spectre BHB (git-fixes). - ARM: ftrace: avoid redundant loads or clobbering IP (git-fixes). - ARM: ftrace: ensure that ADR takes the Thumb bit into account (git-fixes). - ARM: hisi: Add missing of_node_put after of_find_compatible_node (git-fixes). - ARM: iop32x: offset IRQ numbers by 1 (git-fixes). - ARM: kprobes: Make space for instruction pointer on stack (bsc#1193277). - ARM: mediatek: select arch timer for mt7629 (git-fixes). - ARM: meson: Fix refcount leak in meson_smp_prepare_cpus (git-fixes). - ARM: mmp: Fix failure to remove sram device (git-fixes). - ARM: mstar: Select HAVE_ARM_ARCH_TIMER (git-fixes). - ARM: mxs_defconfig: Enable the framebuffer (git-fixes). - ARM: omap1: ams-delta: remove camera leftovers (git-fixes). - ARM: OMAP1: clock: Fix UART rate reporting algorithm (git-fixes). - ARM: OMAP2+: adjust the location of put_device() call in omapdss_init_of (git-fixes). - ARM: OMAP2+: Fix refcount leak in omap_gic_of_init (git-fixes). - ARM: OMAP2+: hwmod: Add of_node_put() before break (git-fixes). - ARM: pxa: maybe fix gpio lookup tables (git-fixes). - ARM: socfpga: fix missing RESET_CONTROLLER (git-fixes). - ARM: Spectre-BHB: provide empty stub for non-config (git-fixes). - ARM: tegra: tamonten: Fix I2C3 pad setting (git-fixes). - ARM: vexpress/spc: Avoid negative array index when !SMP (git-fixes). - ASoC: amd: Fix reference to PCM buffer address (git-fixes). - ASoC: amd: vg: fix for pm resume callback sequence (git-fixes). - ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe (git-fixes). - ASoC: atmel-classd: Remove endianness flag on class d component (git-fixes). - ASoC: atmel: Fix error handling in sam9x5_wm8731_driver_probe (git-fixes). - ASoC: atmel: Fix error handling in snd_proto_probe (git-fixes). - ASoC: atmel-pdmic: Remove endianness flag on pdmic component (git-fixes). - ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek (git-fixes). - ASoC: atmel_ssc_dai: Handle errors for clk_enable (git-fixes). - ASoC: codecs: Check for error pointer after calling devm_regmap_init_mmio (git-fixes). - ASoC: codecs: lpass-rx-macro: fix sidetone register offsets (git-fixes). - ASoC: codecs: rx-macro: fix accessing array out of bounds for enum type (git-fixes). - ASoC: codecs: rx-macro: fix accessing compander for aux (git-fixes). - ASoC: codecs: va-macro: fix accessing array out of bounds for enum type (git-fixes). - ASoC: codecs: wc938x: fix accessing array out of bounds for enum type (git-fixes). - ASoC: codecs: wcd934x: Add missing of_node_put() in wcd934x_codec_parse_data (git-fixes). - ASoC: codecs: wcd934x: do not switch off SIDO Buck when codec is in use (git-fixes). - ASoC: codecs: wcd934x: fix kcontrol max values (git-fixes). - ASoC: codecs: wcd934x: fix return value of wcd934x_rx_hph_mode_put (git-fixes). - ASoC: codecs: wcd938x: fix return value of mixer put function (git-fixes). - ASoC: cpcap: Check for NULL pointer after calling of_get_child_by_name (git-fixes). - ASoC: cs35l36: Update digital volume TLV (git-fixes). - ASoC: cs4265: Fix the duplicated control name (git-fixes). - ASoC: cs42l51: Correct minimum value for SX volume control (git-fixes). - ASoC: cs42l52: Correct TLV for Bypass Volume (git-fixes). - ASoC: cs42l52: Fix TLV scales for mixer controls (git-fixes). - ASoC: cs42l56: Correct typo in minimum level for SX volume controls (git-fixes). - ASoC: cs53l30: Correct number of volume levels on SX controls (git-fixes). - ASoC: da7219: Fix change notifications for tone generator frequency (git-fixes). - ASoC: dapm: Do not fold register value changes into notifications (git-fixes). - ASoC: dmaengine: do not use a NULL prepare_slave_config() callback (git-fixes). - ASoC: dmaengine: Restore NULL prepare_slave_config() callback (git-fixes). - ASoC: dwc-i2s: Handle errors for clk_enable (git-fixes). - ASoC: es8328: Fix event generation for deemphasis control (git-fixes). - ASoC: fsi: Add check for clk_enable (git-fixes). - ASoC: fsl: Add missing error handling in pcm030_fabric_probe (git-fixes). - ASoC: fsl: Fix refcount leak in imx_sgtl5000_probe (git-fixes). - ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition (git-fixes). - ASoC: fsl_spdif: Disable TX clock when stop (git-fixes). - ASoC: fsl: Use dev_err_probe() helper (git-fixes). - ASoC: hdmi-codec: Fix OOB memory accesses (git-fixes). - ASoC: imx-es8328: Fix error return code in imx_es8328_probe() (git-fixes). - ASoC: imx-hdmi: Fix refcount leak in imx_hdmi_probe (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the HP Pro Tablet 408 (git-fixes). - ASoC: intel: skylake: Set max DMA segment size (git-fixes). - ASoC: Intel: soc-acpi: correct device endpoints for max98373 (git-fixes). - ASoC: Intel: sof_sdw: fix quirks for 2022 HP Spectre x360 13" (git-fixes). - ASoC: madera: Add dependencies on MFD (git-fixes). - ASoC: max9759: fix underflow in speaker_gain_control_put() (git-fixes). - ASoC: max98090: Generate notifications on changes for custom control (git-fixes). - ASoC: max98090: Move check for invalid values before casting in max98090_put_enab_tlv() (git-fixes). - ASoC: max98090: Reject invalid values in custom control put() (git-fixes). - ASoC: max98357a: remove dependency on GPIOLIB (git-fixes). - ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe (git-fixes). - ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe (git-fixes). - ASoC: mediatek: mt6358: add missing EXPORT_SYMBOLs (git-fixes). - ASoC: mediatek: mt8192-mt6359: Fix error handling in mt8192_mt6359_dev_probe (git-fixes). - ASoC: mediatek: use of_device_get_match_data() (git-fixes). - ASoC: meson: Fix event generation for AUI ACODEC mux (git-fixes). - ASoC: meson: Fix event generation for AUI CODEC mux (git-fixes). - ASoC: meson: Fix event generation for G12A tohdmi mux (git-fixes). - ASoC: msm8916-wcd-analog: Fix error handling in pm8916_wcd_analog_spmi_probe (git-fixes). - ASoC: msm8916-wcd-digital: Check failure for devm_snd_soc_register_component (git-fixes). - ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare() in msm8916_wcd_digital_probe (git-fixes). - ASoC: mxs: Fix error handling in mxs_sgtl5000_probe (git-fixes). - ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe (git-fixes). - ASoC: mxs-saif: Handle errors for clk_enable (git-fixes). - ASoC: nau8822: Add operation for internal PLL off and on (git-fixes). - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw() (git-fixes). - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range() (git-fixes). - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_sx() (git-fixes). - ASoC: ops: Fix stereo change notifications in snd_soc_put_xr_sx() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() (git-fixes). - ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min (git-fixes). - ASoC: ops: Validate input values in snd_soc_put_volsw_range() (git-fixes). - ASoC: qcom: Actually clear DMA interrupt register for HDMI (git-fixes). - ASoC: rk3328: fix disabling mclk on pclk probe failure (git-fixes). - ASoC: rk817: Fix missing clk_disable_unprepare() in rk817_platform_probe (git-fixes). - ASoC: rk817: Use devm_clk_get() in rk817_platform_probe (git-fixes). - ASoC: rockchip: i2s: Fix missing clk_disable_unprepare() in rockchip_i2s_probe (git-fixes). - ASoC: rsnd: care default case on rsnd_ssiu_busif_err_status_clear() (git-fixes). - ASoC: rsnd: care return value from rsnd_node_fixed_index() (git-fixes). - ASoC: rt1015p: remove dependency on GPIOLIB (git-fixes). - ASoC: rt5514: Fix event generation for "DSP Voice Wake Up" control (git-fixes). - ASoC: rt5645: Fix errorenous cleanup order (git-fixes). - ASoC: rt5663: check the return value of devm_kzalloc() in rt5663_parse_dp() (git-fixes). - ASoC: rt5668: do not block workqueue if card is unbound (git-fixes). - ASoC: rt5682: do not block workqueue if card is unbound (git-fixes). - ASoC: samsung: Fix refcount leak in aries_audio_probe (git-fixes). - ASoC: samsung: Use dev_err_probe() helper (git-fixes). - ASoC: simple-card: fix probe failure on platform component (git-fixes). - ASoC: simple-card-utils: Set sysclk on all components (git-fixes). - ASoC: soc-compress: Change the check for codec_dai (git-fixes). - ASoC: soc-compress: prevent the potentially use of null pointer (git-fixes). - ASoC: soc-core: skip zero num_dai component in searching dai name (git-fixes). - ASoC: soc-dapm: fix two incorrect uses of list iterator (git-fixes). - ASoC: soc-ops: fix error handling (git-fixes). - ASoC: SOF: Add missing of_node_put() in imx8m_probe (git-fixes). - ASoC: SOF: Fix NULL pointer exception in sof_pci_probe callback (git-fixes). - ASoC: SOF: hda: Set max DMA segment size (git-fixes). - ASoC: SOF: Intel: enable DMI L1 for playback streams (git-fixes). - ASoC: SOF: Intel: Fix build error without SND_SOC_SOF_PCI_DEV (git-fixes). - ASoC: SOF: Intel: Fix NULL ptr dereference when ENOMEM (git-fixes). - ASoC: SOF: Intel: match sdw version on link_slaves_found (git-fixes). - ASoC: SOF: topology: remove redundant code (git-fixes). - ASoC: sti: Fix deadlock via snd_pcm_stop_xrun() call (git-fixes). - ASoC: tas2770: Insert post reset delay (git-fixes). - ASoC: ti: davinci-i2s: Add check for clk_enable() (git-fixes). - ASoC: ti: j721e-evm: Fix refcount leak in j721e_soc_probe_* (git-fixes). - ASoC: topology: Allow TLV control to be either read or write (git-fixes). - ASoC: topology: Correct error handling in soc_tplg_dapm_widget_create() (git-fixes). - ASoC: topology: Optimize soc_tplg_dapm_graph_elems_load behavior (git-fixes). - ASoC: tscs454: Add endianness flag in snd_soc_component_driver (git-fixes). - ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition() (git-fixes). - ASoC: wm8350: Handle error for wm8350_register_irq (git-fixes). - ASoC: wm8958: Fix change notifications for DSP controls (git-fixes). - ASoC: wm8962: Fix suspend while playing music (git-fixes). - ASoC: wm_adsp: Fix event generation for wm_adsp_fw_put() (git-fixes). - ASoC: xilinx: xlnx_formatter_pcm: Handle sysclk setting (git-fixes). - ASoC: xilinx: xlnx_formatter_pcm: Make buffer bytes multiple of period bytes (git-fixes). - assoc_array: Fix BUG_ON during garbage collect (git-fixes). - asus-wmi: Add dgpu disable method (bsc#1198058). - asus-wmi: Add egpu enable method (bsc#1198058). - asus-wmi: Add panel overdrive functionality (bsc#1198058). - asus-wmi: Add support for platform_profile (bsc#1198058). - ata: libata: add qc->flags in ata_qc_complete_template tracepoint (git-fixes). - ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs (git-fixes). - ata: libata-core: Disable TRIM on M88V29 (git-fixes). - ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() (git-fixes). - ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files (git-fixes). - ata: pata_hpt37x: disable primary channel on HPT371 (git-fixes). - ata: pata_hpt37x: fix PCI clock detection (git-fixes). - ata: pata_marvell: Check the 'bmdma_addr' beforing reading (git-fixes). - ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe (git-fixes). - ata: sata_dwc_460ex: Fix crash due to OOB write (git-fixes). - ath10k: Fix error handling in ath10k_setup_msa_resources (git-fixes). - ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern (git-fixes). - ath10k: skip ath10k_halt during suspend for driver state RESTARTING (git-fixes). - ath11k: acquire ab->base_lock in unassign when finding the peer by addr (git-fixes). - ath11k: disable spectral scan during spectral deinit (git-fixes). - ath11k: Do not check arvif->is_started before sending management frames (git-fixes). - ath11k: fix kernel panic during unload/load ath11k modules (git-fixes). - ath11k: mhi: use mhi_sync_power_up() (git-fixes). - ath11k: pci: fix crash on suspend if board file is not found (git-fixes). - ath11k: set correct NL80211_FEATURE_DYNAMIC_SMPS for WCN6855 (git-fixes). - ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (git-fixes). - ath9k: fix ar9003_get_eepmisc (git-fixes). - ath9k: fix QCA9561 PA bias level (git-fixes). - ath9k: Fix usage of driver-private space in tx_info (git-fixes). - ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix (git-fixes). - ath9k_htc: fix uninit value bugs (git-fixes). - ath9k: Properly clear TX status area before reporting to mac80211 (git-fixes). - atl1c: fix tx timeout after link flap on Mikrotik 10/25G NIC (git-fixes). - atm: eni: Add check for dma_map_single (git-fixes). - atm: firestream: check the return value of ioremap() in fs_init() (git-fixes). - atomics: Fix atomic64_{read_acquire,set_release} fallbacks (git-fixes). - audit: ensure userspace is penalized the same as the kernel when under pressure (git-fixes). - audit: improve audit queue handling when "audit=1" on cmdline (git-fixes). - audit: improve robustness of the audit queue handling (git-fixes). - auxdisplay: lcd2s: Fix lcd2s_redefine_char() feature (git-fixes). - auxdisplay: lcd2s: Fix memory leak in ->remove() (git-fixes). - auxdisplay: lcd2s: Use proper API to free the instance of charlcd object (git-fixes). - ax25: Fix NULL pointer dereference in ax25_kill_by_device (git-fixes). - ax25: improve the incomplete fix to avoid UAF and NPD bugs (git-fixes). - b43: Fix assigning negative value to unsigned variable (git-fixes). - b43legacy: Fix assigning negative value to unsigned variable (git-fixes). - bareudp: use ipv6_mod_enabled to check if IPv6 enabled (git-fixes). - batman-adv: Do not expect inter-netns unique iflink indices (git-fixes). - batman-adv: Do not skb_split skbuffs with frag_list (git-fixes). - batman-adv: Request iflink once in batadv_get_real_netdevice (git-fixes). - batman-adv: Request iflink once in batadv-on-batadv check (git-fixes). - bcache: avoid journal no-space deadlock by reserving 1 journal bucket (git-fixes). - bcache: avoid unnecessary soft lockup in kworker update_writeback_rate() (bsc#1197362). - bcache: fixup multiple threads crash (git-fixes). - bcache: fix use-after-free problem in bcache_device_free() (git-fixes). - bcache: improve multithreaded bch_btree_check() (git-fixes). - bcache: improve multithreaded bch_sectors_dirty_init() (git-fixes). - bcache: memset on stack variables in bch_btree_check() and bch_sectors_dirty_init() (git-fixes). - bcache: remove incremental dirty sector counting for bch_sectors_dirty_init() (git-fixes). - bfq: Allow current waker to defend against a tentative one (bsc#1195915). - bfq: Avoid false marking of bic as stably merged (bsc#1197926). - bfq: Avoid merging queues with different parents (bsc#1197926). - bfq: Do not let waker requests skip proper accounting (bsc#1184318). - bfq: Drop pointless unlock-lock pair (bsc#1197926). - bfq: Fix warning in bfqq_request_over_limit() (bsc#1200812). - bfq: Get rid of __bio_blkcg() usage (bsc#1197926). - bfq: Limit number of requests consumed by each cgroup (bsc#1184318). - bfq: Limit waker detection in time (bsc#1184318). - bfq: Make sure bfqg for which we are queueing requests is online (bsc#1197926). - bfq: Relax waker detection for shared queues (bsc#1184318). - bfq: Remove pointless bfq_init_rq() calls (bsc#1197926). - bfq: Split shared queues on move between cgroups (bsc#1197926). - bfq: Store full bitmap depth in bfq_data (bsc#1184318). - bfq: Track number of allocated requests in bfq_entity (bsc#1184318). - bfq: Track whether bfq_group is still online (bsc#1197926). - bfq: Update cgroup information before merging bio (bsc#1197926). - binfmt_flat: do not stop relocating GOT entries prematurely on riscv (git-fixes). - bitfield: add explicit inclusions to the example (git-fixes). - blkcg: Remove extra blkcg_bio_issue_init (bsc#1194585). - blk-cgroup: move blkcg_{get,set}_fc_appid out of line (bsc#1200045). - blk-cgroup: set blkg iostat after percpu stat aggregation (bsc#1198018). - blk-iolatency: Fix inflight count imbalances and IO hangs on offline (bsc#1200825). - blk-mq: cancel blk-mq dispatch work in both blk_cleanup_queue and disk_release() (bsc#1198034). - blk-mq: do not touch ->tagset in blk_mq_get_sq_hctx (bsc#1200824). - blk-mq: do not update io_ticks with passthrough requests (bsc#1200816). - blk-mq: fix tag_get wait task can't be awakened (bsc#1200263). - blk-mq: Fix wrong wakeup batch configuration which will cause hang (bsc#1200263). - blktrace: fix use after free for struct blk_trace (bsc#1198017). - block: assign bi_bdev for cloned bios in blk_rq_prep_clone (bsc#1198016). - block: avoid to quiesce queue in elevator_init_mq (bsc#1198013). - block, bfq: fix UAF problem in bfqg_stats_init() (bsc#1194583). - block: bio-integrity: Advance seed correctly for larger interval sizes (git-fixes). - block: Check ADMIN before NICE for IOPRIO_CLASS_RT (bsc#1198012). - block: do not delete queue kobject before its children (bsc#1198019). - block: do not merge across cgroup boundaries if blkcg is enabled (bsc#1198020). - block: fix async_depth sysfs interface for mq-deadline (bsc#1198015). - block: fix bio_clone_blkg_association() to associate with proper blkcg_gq (bsc#1200259). - block: Fix handling of offline queues in blk_mq_alloc_request_hctx() (git-fixes). - block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2) (bsc#1194586). - block: Fix the maximum minor value is blk_alloc_ext_minor() (bsc#1198021). - block: Fix up kabi after blkcg merge fix (bsc#1198020). - block: Hold invalidate_lock in BLKRESETZONE ioctl (bsc#1198010). - block: limit request dispatch loop duration (bsc#1198022). - block/mq-deadline: Improve request accounting further (bsc#1198009). - block: Provide blk_mq_sched_get_icq() (bsc#1184318). - block: update io_ticks when io hang (bsc#1197817). - block/wbt: fix negative inflight counter when remove scsi device (bsc#1197819). - Bluetooth: btintel: Fix WBS setting for Intel legacy ROM products (git-fixes). - Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt (git-fixes). - Bluetooth: btusb: Add another Realtek 8761BU (git-fixes). - Bluetooth: btusb: Add missing Chicony device for Realtek RTL8723BE (bsc#1196779). - Bluetooth: btusb: Add one more Bluetooth part for the Realtek RTL8852AE (git-fixes). - Bluetooth: btusb: Whitespace fixes for btusb_setup_csr() (git-fixes). - Bluetooth: call hci_le_conn_failed with hdev lock in hci_le_conn_failed (git-fixes). - Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout (git-fixes). - Bluetooth: Fix not checking for valid hdev on bt_dev_{info,warn,err,dbg} (git-fixes). - Bluetooth: Fix the creation of hdev->name (git-fixes). - Bluetooth: Fix use after free in hci_send_acl (git-fixes). - Bluetooth: hci_qca: Use del_timer_sync() before freeing (git-fixes). - Bluetooth: hci_serdev: call init_rwsem() before p->open() (git-fixes). - Bluetooth: use hdev lock for accept_list and reject_list in conn req (git-fixes). - Bluetooth: use hdev lock in activate_scan for hci_is_adv_monitoring (git-fixes). - Bluetooth: use memset avoid memory leaks (git-fixes). - bnx2x: fix napi API usage sequence (bsc#1198217). - bnxt_en: Do not destroy health reporters during reset (bsc#1199736). - bnxt_en: Eliminate unintended link toggle during FW reset (bsc#1199736). - bnxt_en: Fix active FEC reporting to ethtool (git-fixes). - bnxt_en: Fix devlink fw_activate (jsc#SLE-18978). - bnxt_en: Fix incorrect multicast rx mask setting when not requested (git-fixes). - bnxt_en: Fix occasional ethtool -t loopback test failures (git-fixes). - bnxt_en: Fix offline ethtool selftest with RDMA enabled (git-fixes). - bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag (git-fixes). - bnxt_en: Fix unnecessary dropping of RX packets (git-fixes). - bnxt_en: Increase firmware message response DMA wait time (git-fixes). - bnxt_en: Prevent XDP redirect from running when stopping TX queue (git-fixes). - bnxt_en: reserve space inside receive page for skb_shared_info (git-fixes). - bnxt_en: Restore the resets_reliable flag in bnxt_open() (jsc#SLE-18978). - bnxt_en: Synchronize tx when xdp redirects happen on same ring (git-fixes). - bonding: fix data-races around agg_select_timer (git-fixes). - bonding: force carrier update when releasing slave (git-fixes). - bonding: pair enable_port with slave_arr_updates (git-fixes). - bpf: Add check_func_arg_reg_off function (git-fixes). - bpf: add config to allow loading modules with BTF mismatches (bsc#1194501). - bpf: Avoid races in __bpf_prog_run() for 32bit arches (git-fixes). - bpf: Disallow negative offset in check_ptr_off_reg (git-fixes). - bpf: Fix comment for helper bpf_current_task_under_cgroup() (git-fixes). - bpf: Fix kernel address leakage in atomic cmpxchg's r0 aux reg (git-fixes). - bpf: Fix PTR_TO_BTF_ID var_off check (git-fixes). - bpf: Fix UAF due to race between btf_try_get_module and load_module (git-fixes). - bpf: Mark PTR_TO_FUNC register initially with zero offset (git-fixes). - bpf: Resolve to prog->aux->dst_prog->type only for BPF_PROG_TYPE_EXT (git-fixes). - bpf: selftests: adapt bpf_iter_task_vma to get_inode_dev() (bsc#1198585). - bpf, selftests: Fix racing issue in btf_skc_cls_ingress test (git-fixes). - bpf, selftests: Update test case for atomic cmpxchg on r0 with pointer (git-fixes). - bpftool: Fix memory leak in prog_dump() (git-fixes). - bpftool: Remove inclusion of utilities.mak from Makefiles (git-fixes). - bpftool: Remove unused includes to bpf/bpf_gen_internal.h (git-fixes). - bpftool: Remove useless #include to perf-sys.h from map_perf_ring.c (git-fixes). - brcmfmac: firmware: Allocate space for default boardrev in nvram (git-fixes). - brcmfmac: firmware: Fix crash in brcm_alt_fw_path (git-fixes). - brcmfmac: pcie: Declare missing firmware files in pcie.c (git-fixes). - brcmfmac: pcie: Fix crashes due to early IRQs (git-fixes). - brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path (git-fixes). - brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio (git-fixes). - brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant (git-fixes). - btrfs: add a BTRFS_FS_ERROR helper (bsc#1197915). - btrfs: add btrfs_set_item_*_nr() helpers (bsc#1197915). - btrfs: add helper to truncate inode items when logging inode (bsc#1197915). - btrfs: add missing run of delayed items after unlink during log replay (bsc#1197915). - btrfs: add ro compat flags to inodes (bsc#1197915). - btrfs: always update the logged transaction when logging new names (bsc#1197915). - btrfs: assert that extent buffers are write locked instead of only locked (bsc#1197915). - btrfs: avoid attempt to drop extents when logging inode for the first time (bsc#1197915). - btrfs: avoid expensive search when dropping inode items from log (bsc#1197915). - btrfs: avoid expensive search when truncating inode items from the log (bsc#1197915). - btrfs: Avoid live-lock in search_ioctl() on hardware with sub-page (git-fixes) - btrfs: avoid search for logged i_size when logging inode if possible (bsc#1197915). - btrfs: avoid unnecessarily logging directories that had no changes (bsc#1197915). - btrfs: avoid unnecessary lock and leaf splits when updating inode in the log (bsc#1197915). - btrfs: avoid unnecessary log mutex contention when syncing log (bsc#1197915). - btrfs: change error handling for btrfs_delete_*_in_log (bsc#1197915). - btrfs: change handle_fs_error in recover_log_trees to aborts (bsc#1197915). - btrfs: check if a log tree exists at inode_logged() (bsc#1197915). - btrfs: constify and cleanup variables in comparators (bsc#1197915). - btrfs: do not commit delayed inode when logging a file in full sync mode (bsc#1197915). - btrfs: do not log new dentries when logging that a new name exists (bsc#1197915). - btrfs: do not pin logs too early during renames (bsc#1197915). - btrfs: drop the _nr from the item helpers (bsc#1197915). - btrfs: eliminate some false positives when checking if inode was logged (bsc#1197915). - btrfs: factor out the copying loop of dir items from log_dir_items() (bsc#1197915). - btrfs: fix lost prealloc extents beyond eof after full fsync (bsc#1197915). - btrfs: fix lzo_decompress_bio() kmap leakage (bsc#1193852). - btrfs: fix memory leak in __add_inode_ref() (bsc#1197915). - btrfs: fix missing last dir item offset update when logging directory (bsc#1197915). - btrfs: fix re-dirty process of tree-log nodes (bsc#1197915). - btrfs: improve the batch insertion of delayed items (bsc#1197915). - btrfs: insert items in batches when logging a directory when possible (bsc#1197915). - btrfs: introduce btrfs_lookup_match_dir (bsc#1197915). - btrfs: introduce item_nr token variant helpers (bsc#1197915). - btrfs: keep track of the last logged keys when logging a directory (bsc#1197915). - btrfs: loop only once over data sizes array when inserting an item batch (bsc#1197915). - btrfs: make btrfs_file_extent_inline_item_len take a slot (bsc#1197915). - btrfs: only copy dir index keys when logging a directory (bsc#1197915). - btrfs: remove no longer needed checks for NULL log context (bsc#1197915). - btrfs: remove no longer needed full sync flag check at inode_logged() (bsc#1197915). - btrfs: remove no longer needed logic for replaying directory deletes (bsc#1197915). - btrfs: remove redundant log root assignment from log_dir_items() (bsc#1197915). - btrfs: remove root argument from add_link() (bsc#1197915). - btrfs: remove root argument from btrfs_log_inode() and its callees (bsc#1197915). - btrfs: remove root argument from btrfs_unlink_inode() (bsc#1197915). - btrfs: remove root argument from check_item_in_log() (bsc#1197915). - btrfs: remove root argument from drop_one_dir_item() (bsc#1197915). - btrfs: remove the btrfs_item_end() helper (bsc#1197915). - btrfs: remove unnecessary list head initialization when syncing log (bsc#1197915). - btrfs: remove unneeded return variable in btrfs_lookup_file_extent (bsc#1197915). - btrfs: rename btrfs_item_end_nr to btrfs_item_data_end (bsc#1197915). - btrfs: stop doing GFP_KERNEL memory allocations in the ref verify tool (bsc#1197915). - btrfs: unexport setup_items_for_insert() (bsc#1197915). - btrfs: unify lookup return value when dir entry is missing (bsc#1197915). - btrfs: update comment at log_conflicting_inodes() (bsc#1197915). - btrfs: use btrfs_item_size_nr/btrfs_item_offset_nr everywhere (bsc#1197915). - btrfs: use btrfs_next_leaf instead of btrfs_next_item when slots > nritems (bsc#1197915). - btrfs: use single bulk copy operations when logging directories (bsc#1197915). - bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove() (git-fixes). - bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create() (git-fixes). - bus: ti-sysc: Fix warnings for unbind for serial (git-fixes). - bus: ti-sysc: Make omap3 gpt12 quirk handling SoC specific (git-fixes). - caif_virtio: fix race between virtio_device_ready() and ndo_open() (git-fixes). - can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path (git-fixes). - can: etas_es58x: change opened_channel_cnt's type from atomic_t to u8 (git-fixes). - can: etas_es58x: es58x_fd_rx_event_msg(): initialize rx_event_msg before calling es58x_check_msg_len() (git-fixes). - can: grcan: grcan_close(): fix deadlock (git-fixes). - can: grcan: grcan_probe(): fix broken system id check for errata workaround needs (git-fixes). - can: grcan: only use the NAPI poll budget for RX (git-fixes). - can: grcan: use ofdev->dev when allocating DMA memory (git-fixes). - can: gs_usb: change active_channels's type from atomic_t to u8 (git-fixes). - can: isotp: fix error path in isotp_sendmsg() to unlock wait queue (git-fixes). - can: isotp: fix potential CAN frame reception race in isotp_rcv() (git-fixes). - can: isotp: restore accidentally removed MSG_PEEK feature (git-fixes). - can: isotp: return -EADDRNOTAVAIL when reading from unbound socket (git-fixes). - can: isotp: set default value for N_As to 50 micro seconds (git-fixes). - can: isotp: stop timeout monitoring when no first frame was sent (git-fixes). - can: isotp: support MSG_TRUNC flag when reading from socket (git-fixes). - can: m_can: m_can_tx_handler(): fix use after free of skb (git-fixes). - can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path (git-fixes). - can: mcba_usb: properly check endpoint type (git-fixes). - can: mcp251xfd: mcp251xfd_register_get_dev_id(): fix return of error value (git-fixes). - can: mcp251xfd: silence clang's -Wunaligned-access warning (git-fixes). - can: rcar_canfd: add __maybe_unused annotation to silence warning (git-fixes). - can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN device when fully ready (git-fixes). - can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path (git-fixes). - can: xilinx_can: mark bit timing constants as const (git-fixes). - carl9170: fix missing bit-wise or operator for tx_params (git-fixes). - carl9170: tx: fix an incorrect use of list iterator (git-fixes). - CDC-NCM: avoid overflow in sanity checking (git-fixes). - ceph: fix setting of xattrs on async created inodes (bsc#1199611). - certs/blacklist_hashes.c: fix const confusion in certs blacklist (git-fixes). - cfg80211: declare MODULE_FIRMWARE for regulatory.db (git-fixes). - cfg80211: do not add non transmitted BSS to 6GHz scanned channels (git-fixes). - cfg80211: fix race in netlink owner interface destruction (git-fixes). - cfg80211: hold bss_lock while updating nontrans_list (git-fixes). - cgroup/cpuset: Fix a race between cpuset_attach() and cpu hotplug (bsc#1196869). - cgroup/cpuset: Fix "suspicious RCU usage" lockdep warning (bsc#1196868). - cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (bsc#1199839). - cgroup-v1: Correct privileges check in release_agent writes (bsc#1196723). - char: tpm: cr50_i2c: Suppress duplicated error message in .remove() (git-fixes). - char: xillybus: fix a refcount leak in cleanup_dev() (git-fixes). - cifs: add WARN_ON for when chan_count goes below minimum (bsc#1193629). - cifs: adjust DebugData to use chans_need_reconnect for conn status (bsc#1193629). - cifs: alloc_path_with_tree_prefix: do not append sep. if the path is empty (bsc#1193629). - cifs: avoid parallel session setups on same channel (bsc#1193629). - cifs: avoid race during socket reconnect between send and recv (bsc#1193629). - cifs: call cifs_reconnect when a connection is marked (bsc#1193629). - cifs: call helper functions for marking channels for reconnect (bsc#1193629). - cifs: change smb2_query_info_compound to use a cached fid, if available (bsc#1193629). - cifs: check for smb1 in open_cached_dir() (bsc#1193629). - cifs: check reconnects for channels of active tcons too (bsc#1193629). - cifs: Check the IOCB_DIRECT flag, not O_DIRECT (bsc#1193629). - cifs: cifs_ses_mark_for_reconnect should also update reconnect bits (bsc#1193629). - cifs: clean up an inconsistent indenting (bsc#1193629). - cifs: convert the path to utf16 in smb2_query_info_compound (bsc#1193629). - cifs: destage any unwritten data to the server before calling copychunk_write (bsc#1193629). - cifs: do not build smb1ops if legacy support is disabled (bsc#1193629). - cifs: do not call cifs_dfs_query_info_nonascii_quirk() if nodfs was set (bsc#1193629). - cifs: do not skip link targets when an I/O fails (bsc#1194625). - cifs: do not use tcpStatus after negotiate completes (bsc#1193629). - cifs: do not use uninitialized data in the owner/group sid (bsc#1193629). - cifs: fix bad fids sent over wire (bsc#1197157). - cifs: fix confusing unneeded warning message on smb2.1 and earlier (bsc#1193629). - cifs: fix double free race when mount fails in cifs_get_root() (bsc#1193629). - cifs: fix FILE_BOTH_DIRECTORY_INFO definition (bsc#1193629). - cifs: fix handlecache and multiuser (bsc#1193629). - cifs: fix hang on cifs_get_next_mid() (bsc#1193629). - cifs: fix incorrect use of list iterator after the loop (bsc#1193629). - cifs: fix minor compile warning (bsc#1193629). - cifs: fix NULL ptr dereference in refresh_mounts() (bsc#1193629). - cifs: fix potential deadlock in direct reclaim (bsc#1193629). - cifs: fix potential double free during failed mount (bsc#1193629). - cifs: fix potential race with cifsd thread (bsc#1193629). - cifs: fix set of group SID via NTSD xattrs (bsc#1193629). - cifs: fix signed integer overflow when fl_end is OFFSET_MAX (bsc#1193629). - cifs: Fix smb311_update_preauth_hash() kernel-doc comment (bsc#1193629). - cifs: fix the cifs_reconnect path for DFS (bsc#1193629). - cifs: fix the connection state transitions with multichannel (bsc#1193629). - cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (bsc#1193629). - cifs: fix workstation_name for multiuser mounts (bsc#1193629). - cifs: force new session setup and tcon for dfs (bsc#1193629). - cifs: free ntlmsspblob allocated in negotiate (bsc#1193629). - cifs: maintain a state machine for tcp/smb/tcon sessions (bsc#1193629). - cifs: make status checks in version independent callers (bsc#1193629). - cifs: mark sessions for reconnection in helper function (bsc#1193629). - cifs: modefromsids must add an ACE for authenticated users (bsc#1193629). - cifs: move definition of cifs_fattr earlier in cifsglob.h (bsc#1193629). - cifs: move superblock magic defitions to magic.h (bsc#1193629). - cifs: potential buffer overflow in handling symlinks (bsc#1193629). - cifs: print TIDs as hex (bsc#1193629). - cifs: protect all accesses to chan_* with chan_lock (bsc#1193629). - cifs: quirk for STATUS_OBJECT_NAME_INVALID returned for non-ASCII dfs refs (bsc#1193629). - cifs: reconnect only the connection and not smb session where possible (bsc#1193629). - cifs: release cached dentries only if mount is complete (bsc#1193629). - cifs: remove check of list iterator against head past the loop body (bsc#1193629). - cifs: remove redundant assignment to pointer p (bsc#1193629). - cifs: remove repeated debug message on cifs_put_smb_ses() (bsc#1193629). - cifs: remove repeated state change in dfs tree connect (bsc#1193629). - cifs: remove unused variable ses_selected (bsc#1193629). - cifs: return ENOENT for DFS lookup_cache_entry() (bsc#1193629). - cifs: return the more nuanced writeback error on close() (bsc#1193629). - cifs: serialize all mount attempts (bsc#1193629). - cifs: set the CREATE_NOT_FILE when opening the directory in use_cached_dir() (bsc#1193629). - cifs: skip trailing separators of prefix paths (bsc#1193629). - cifs: smbd: fix typo in comment (bsc#1193629). - cifs: Split the smb3_add_credits tracepoint (bsc#1193629). - cifs: take cifs_tcp_ses_lock for status checks (bsc#1193629). - cifs: track individual channel status using chans_need_reconnect (bsc#1193629). - cifs: unlock chan_lock before calling cifs_put_tcp_session (bsc#1193629). - cifs: update internal module number (bsc#1193629). - cifs: update tcpStatus during negotiate and sess setup (bsc#1193629). - cifs: use a different reconnect helper for non-cifsd threads (bsc#1193629). - cifs: use correct lock type in cifs_reconnect() (bsc#1193629). - cifs: Use kzalloc instead of kmalloc/memset (bsc#1193629). - cifs: use new enum for ses_status (bsc#1193629). - cifs: use the chans_need_reconnect bitmap for reconnect status (bsc#1193629). - cifs: verify that tcon is valid before dereference in cifs_kill_sb (bsc#1193629). - cifs: version operations for smb20 unneeded when legacy support disabled (bsc#1193629). - cifs: we do not need a spinlock around the tree access during umount (bsc#1193629). - cifs: when extending a file with falloc we should make files not-sparse (bsc#1193629). - cifs: writeback fix (bsc#1193629). - clk: actions: Terminate clk_div_table with sentinel element (git-fixes). - clk: at91: generated: consider range when calculating best rate (git-fixes). - clk: at91: sama7g5: fix parents of PDMCs' GCLK (git-fixes). - clk: bcm2835: fix bcm2835_clock_choose_div (git-fixes). - clk: bcm2835: Remove unused variable (git-fixes). - clk: clps711x: Terminate clk_div_table with sentinel element (git-fixes). - clk: Enforce that disjoints limits are invalid (git-fixes). - clk: Fix clk_hw_get_clk() when dev is NULL (git-fixes). - clk: hisilicon: Terminate clk_div_table with sentinel element (git-fixes). - clk: imx7d: Remove audio_mclk_root_clk (git-fixes). - clk: imx8mp: fix usb_root_clk parent (git-fixes). - clk: imx: Add check for kcalloc (git-fixes). - clk: imx: off by one in imx_lpcg_parse_clks_from_dt() (git-fixes). - clk: imx: scu: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage (git-fixes). - clk: Initialize orphan req_rate (git-fixes). - clk: jz4725b: fix mmc0 clock gating (git-fixes). - clk: loongson1: Terminate clk_div_table with sentinel element (git-fixes). - clk: nxp: Remove unused variable (git-fixes). - clk: qcom: clk-rcg2: Update logic to calculate D value for RCG (git-fixes). - clk: qcom: clk-rcg2: Update the frac table for pixel clock (git-fixes). - clk: qcom: gcc-msm8994: Fix gpll4 width (git-fixes). - clk: qcom: ipq8074: fix PCI-E clock oops (git-fixes). - clk: qcom: ipq8074: Use floor ops for SDCC1 clock (git-fixes). - clk: renesas: r9a06g032: Fix the RTC hclock description (git-fixes). - clk: rockchip: drop CLK_SET_RATE_PARENT from dclk_vop* on rk3568 (git-fixes). - clk: si5341: fix reported clk_rate when output divider is 2 (git-fixes). - clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource() (git-fixes). - clk: tegra: Add missing reset deassertion (git-fixes). - clk: tegra: tegra124-emc: Fix missing put_device() call in emc_ensure_emc_driver (git-fixes). - clk: ti: Preserve node in ti_dt_clocks_register() (git-fixes). - clk: uniphier: Fix fixed-rate initialization (git-fixes). - clocksource: acpi_pm: fix return value of __setup handler (git-fixes). - clocksource/drivers/exynos_mct: Handle DTS with higher number of interrupts (git-fixes). - clocksource/drivers/exynos_mct: Refactor resources allocation (git-fixes). - clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value (git-fixes). - clocksource/drivers/sp804: Avoid error on multiple instances (git-fixes). - clocksource/drivers/timer-microchip-pit64b: Use notrace (git-fixes). - clocksource/drivers/timer-of: Check return value of of_iomap in timer_of_base_init() (git-fixes). - clocksource/drivers/timer-ti-dm: Fix regression from errata i940 fix (git-fixes). - clocksource: hyper-v: unexport __init-annotated hv_init_clocksource() (bsc#1201218). - comedi: drivers: ni_routes: Use strcmp() instead of memcmp() (git-fixes). - comedi: vmk80xx: fix expression for tx buffer size (git-fixes). - copy_process(): Move fd_install() out of sighand->siglock critical section (bsc#1199626). - cpufreq: intel_pstate: Add Ice Lake server to out-of-band IDs (bsc#1201228). - cpufreq: qcom-cpufreq-nvmem: fix reading of PVS Valid fuse (git-fixes). - cpuidle,intel_idle: Fix CPUIDLE_FLAG_IRQ_ENABLE (git-fixes). - cpuidle: intel_idle: Update intel_idle() kerneldoc comment (git-fixes). - cpuset: Fix the bug that subpart_cpus updated wrongly in update_cpumask() (bsc#1196866). - cputime, cpuacct: Include guest time in user time in (git-fixes) - crypto: amlogic - call finalize with bh disabled (git-fixes). - crypto: api - Move cryptomgr soft dependency into algapi (git-fixes). - crypto: arm/aes-neonbs-cbc - Select generic cbc and aes (git-fixes). - crypto: authenc - Fix sleep in atomic context in decrypt_tail (git-fixes). - crypto: caam - fix i.MX6SX entropy delay value (git-fixes). - crypto: cavium/nitrox - do not cast parameter in bit operations (git-fixes). - crypto: ccp - ccp_dmaengine_unregister release dma channels (git-fixes). - crypto: ccree - do not attempt 0 len DMA mappings (git-fixes). - crypto: ccree - Fix use after free in cc_cipher_exit() (git-fixes). - crypto: ccree - use fine grained DMA mapping dir (git-fixes). - crypto: cryptd - Protect per-CPU resource by disabling BH (git-fixes). - crypto: ecrdsa - Fix incorrect use of vli_cmp (git-fixes). - crypto: engine - check if BH is disabled during completion (git-fixes). - crypto: gemini - call finalize with bh disabled (git-fixes). - crypto: hisilicon/qm - cleanup warning in qm_vf_read_qos (git-fixes). - crypto: hisilicon/sec - fix the aead software fallback for engine (git-fixes). - crypto: hisilicon/sec - not need to enable sm4 extra mode at HW V3 (git-fixes). - crypto: marvell/cesa - ECB does not IV (git-fixes). - crypto: mxs-dcp - Fix scatterlist processing (git-fixes). - crypto: octeontx2 - remove CONFIG_DM_CRYPT check (git-fixes). - crypto: qat - disable registration of algorithms (git-fixes). - crypto: qat - do not cast parameter in bit operations (git-fixes). - crypto: qcom-rng - ensure buffer for generate is completely filled (git-fixes). - crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ (git-fixes). - crypto: rockchip - ECB does not need IV (git-fixes). - crypto: rsa-pkcs1pad - correctly get hash from source scatterlist (git-fixes). - crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete() (git-fixes). - crypto: rsa-pkcs1pad - only allow with rsa (git-fixes). - crypto: rsa-pkcs1pad - restore signature length check (git-fixes). - crypto: stm32 - fix reference leak in stm32_crc_remove (git-fixes). - crypto: sun8i-ce - call finalize with bh disabled (git-fixes). - crypto: sun8i-ss - call finalize with bh disabled (git-fixes). - crypto: sun8i-ss - handle zero sized sg (git-fixes). - crypto: sun8i-ss - really disable hash on A80 (git-fixes). - crypto: sun8i-ss - rework handling of IV (git-fixes). - crypto: vmx - add missing dependencies (git-fixes). - crypto: x86/chacha20 - Avoid spurious jumps to other functions (git-fixes). - crypto: x86 - eliminate anonymous module_init and module_exit (git-fixes). - crypto: xts - Add softdep on ecb (git-fixes). - dax: fix cache flush on PMD-mapped pages (bsc#1200830). - devlink: Add 'enable_iwarp' generic device param (bsc#1200502). - dim: initialize all struct fields (git-fixes). - display/amd: decrease message verbosity about watermarks table failure (git-fixes). - dma: at_xdmac: fix a missing check on list iterator (git-fixes). - dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace (git-fixes). - dma-buf: heaps: Fix potential spectre v1 gadget (git-fixes). - dma-debug: fix return value of __setup handlers (git-fixes). - dma-direct: avoid redundant memory sync for swiotlb (git-fixes). - dmaengine: dw-edma: Fix unaligned 64bit access (git-fixes). - dmaengine: hisi_dma: fix MSI allocate fail when reload hisi_dma (git-fixes). - dmaengine: idxd: add missing callback function to support DMA_INTERRUPT (git-fixes). - dmaengine: idxd: add RO check for wq max_batch_size write (git-fixes). - dmaengine: idxd: add RO check for wq max_transfer_size write (git-fixes). - dmaengine: idxd: check GENCAP config support for gencfg register (git-fixes). - dmaengine: idxd: fix device cleanup on disable (git-fixes). - dmaengine: idxd: Fix the error handling path in idxd_cdev_register() (git-fixes). - dmaengine: idxd: restore traffic class defaults after wq reset (git-fixes). - dmaengine: idxd: set DMA_INTERRUPT cap bit (git-fixes). - dmaengine: idxd: skip clearing device context when device is read-only (git-fixes). - dmaengine: imx-sdma: Fix error checking in sdma_event_remap (git-fixes). - dmaengine: mediatek:Fix PM usage reference leak of mtk_uart_apdma_alloc_chan_resources (git-fixes). - dmaengine: ptdma: fix concurrency issue with multiple dma transfer (jsc#SLE-21315). - dmaengine: ptdma: Fix the error handling path in pt_core_init() (git-fixes). - dmaengine: ptdma: handle the cases based on DMA is complete (jsc#SLE-21315). - dmaengine: Revert "dmaengine: shdma: Fix runtime PM imbalance on error" (git-fixes). - dmaengine: shdma: Fix runtime PM imbalance on error (git-fixes). - dmaengine: sh: rcar-dmac: Check for error num after dma_set_max_seg_size (git-fixes). - dmaengine: sh: rcar-dmac: Check for error num after setting mask (git-fixes). - dmaengine: stm32-dmamux: Fix PM disable depth imbalance in stm32_dmamux_probe (git-fixes). - dmaengine: stm32-mdma: fix chan initialization in stm32_mdma_irq_handler() (git-fixes). - dmaengine: stm32-mdma: remove GISR1 register (git-fixes). - dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type (git-fixes). - dma-mapping: remove bogus test for pfn_valid from dma_map_resource (git-fixes). - dma/pool: create dma atomic pool only if dma zone has managed pages (bsc#1197501). - dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS (git-fixes). - dm: fix use-after-free in dm_cleanup_zoned_dev() (git-fixes). - dm integrity: fix error code in dm_integrity_ctr() (git-fixes). - dm integrity: set journal entry unused when shrinking device (git-fixes). - dm mirror log: round up region bitmap size to BITS_PER_LONG (git-fixes). - dm mpath: only use ktime_get_ns() in historical selector (git-fixes). - dm verity: set DM_TARGET_IMMUTABLE feature flag (git-fixes). - doc/ip-sysctl: add bc_forwarding (git-fixes). - docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0 (git-fixes). - Documentation: add link to stable release candidate tree (git-fixes). - Documentation: dd: Use ReST lists for return values of driver_deferred_probe_check_state() (git-fixes). - Documentation: Fix duplicate statement about raw_spinlock_t type (git-fixes). - Documentation: update stable tree link (git-fixes). - do not call utsname() after ->nsproxy is NULL (bsc#1201196). - drbd: fix an invalid memory access caused by incorrect use of list iterator (git-fixes). - drbd: fix duplicate array initializer (git-fixes). - drbd: Fix five use after free bugs in get_initial_state (git-fixes). - drbd: remove assign_p_sizes_qlim (git-fixes). - drbd: use bdev_alignment_offset instead of queue_alignment_offset (git-fixes). - drbd: use bdev based limit helpers in drbd_send_sizes (git-fixes). - driver base: fix an unlikely reference counting issue in __add_memory_block() (git-fixes). - driver base: fix compaction sysfs file leak (git-fixes). - driver: base: fix UAF when driver_attach failed (git-fixes). - driver core: dd: fix return value of __setup handler (git-fixes). - driver core: fix deadlock in __device_attach (git-fixes). - driver core: Fix wait_for_device_probe() and deferred_probe_timeout interaction (git-fixes). - driver core: Free DMA range map when device is released (git-fixes). - driver: hv: Compare cpumasks and not their weights in init_vp_index() (git-fixes). - driver: hv: log when enabling crash_kexec_post_notifiers (git-fixes). - driver: hv: Rename 'alloced' to 'allocated' (git-fixes). - driver: hv: utils: Make use of the helper macro LIST_HEAD() (git-fixes). - driver: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj (git-fixes). - driver: hv: vmbus: Fix potential crash on module unload (git-fixes). - driver: hv: vmbus: Use struct_size() helper in kmalloc() (git-fixes). - driver: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers (git-fixes). - driver: net: xgene: Fix regression in CRC stripping (git-fixes). - drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c (git-fixes). - drivers: mmc: sdhci_am654: Add the quirk to set TESTCD bit (git-fixes). - drivers: staging: rtl8192bs: Fix deadlock in rtw_joinbss_event_prehandle() (git-fixes). - drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() (git-fixes). - drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop() (git-fixes). - drivers: staging: rtl8723bs: Fix deadlock in rtw_surveydone_event_callback() (git-fixes). - drivers: tty: serial: Fix deadlock in sa1100_set_termios() (git-fixes). - drivers: usb: host: Fix deadlock in oxu_bus_suspend() (git-fixes). - drm: add a locked version of drm_is_current_master (git-fixes). - drm: Add orientation quirk for GPD Win Max (git-fixes). - drm/amd: Add USBC connector ID (git-fixes). - drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj (git-fixes). - drm/amd: avoid suspend on dGPUs w/ s2idle support when runtime PM enabled (git-fixes). - drm/amd: Check if ASPM is enabled from PCIe subsystem (git-fixes). - drm/amd/display: Add affected crtcs to atomic state for dsc mst unplug (git-fixes). - drm/amd/display: Add pstate verification and recovery for DCN31 (git-fixes). - drm/amd/display: Add signal type check when verify stream backends same (git-fixes). - drm/amd/display: Avoid reading audio pattern past AUDIO_CHANNELS_COUNT (git-fixes). - drm/amd/display: Cap OLED brightness per max frame-average luminance (git-fixes). - drm/amd/display: Cap pflip irqs per max otg number (git-fixes). - drm/amd/display: Check if modulo is 0 before dividing (git-fixes). - drm/amd/display: DCN3.1: do not mark as kernel-doc (git-fixes). - drm/amd/display: Disabling Z10 on DCN31 (git-fixes). - drm/amd/display: do not ignore alpha property on pre-multiplied mode (git-fixes). - drm/amd/display: Do not reinitialize DMCUB on s0ix resume (git-fixes). - drm/amd/display: Enable power gating before init_pipes (git-fixes). - drm/amd/display: FEC check in timing validation (git-fixes). - drm/amd/display: Fix allocate_mst_payload assert on resume (git-fixes). - drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes() (git-fixes). - drm/amd/display: fix audio format not updated after edid updated (git-fixes). - drm/amd/display: Fix memory leak (git-fixes). - drm/amd/display: Fix memory leak in dcn21_clock_source_create (bsc#1190786) - drm/amd/display: Fix OLED brightness control on eDP (git-fixes). - drm/amd/display: Fix p-state allow debug index on dcn31 (git-fixes). - drm/amd/display: fix yellow carp wm clamping (git-fixes). - drm/amd/display: Force link_rate as LINK_RATE_RBR2 for 2018 15" Apple Retina panels (git-fixes). - drm/amd/display: For vblank_disable_immediate, check PSR is really used (git-fixes). - drm/amd/display: Protect update_bw_bounding_box FPU code (git-fixes). - drm/amd/display: Read Golden Settings Table from VBIOS (git-fixes). - drm/amd/display: Remove vupdate_int_entry definition (git-fixes). - drm/amd/display: Revert FEC check in validation (git-fixes). - drm/amd/display: Update VTEM Infopacket definition (git-fixes). - drm/amd/display: Update watermark values for DCN301 (git-fixes). - drm/amd/display: Use adjusted DCN301 watermarks (git-fixes). - drm/amd/display: Use PSR version selected during set_psr_caps (git-fixes). - drm/amd/display: watermark latencies is not enough on DCN31 (git-fixes). - drm/amdgpu: add beige goby PCI ID (git-fixes). - drm/amdgpu: bypass tiling flag check in virtual display case (v2) (git-fixes). - drm/amdgpu: check vm ready by amdgpu_vm->evicting flag (git-fixes). - drm/amdgpu: conduct a proper cleanup of PDB bo (git-fixes). - drm/amdgpu/cs: make commands with 0 chunks illegal behaviour (git-fixes). - drm/amdgpu: disable MMHUB PG for Picasso (git-fixes). - drm/amdgpu/display: add support for multiple backlights (git-fixes). - drm/amdgpu: do not do resets on APUs which do not support it (git-fixes). - drm/amdgpu: do not enable asic reset for raven2 (git-fixes). - drm/amdgpu: do not set s3 and s0ix at the same time (git-fixes). - drm/amdgpu: do not use BACO for reset in S3 (git-fixes). - drm/amdgpu: do not use passthrough mode in Xen dom0 (git-fixes). - drm/amdgpu: Drop inline from amdgpu_ras_eeprom_max_record_count (git-fixes). - drm/amdgpu: Enable gfxoff quirk on MacBook Pro (git-fixes). - drm/amdgpu: Ensure HDA function is suspended before ASIC reset (git-fixes). - drm/amdgpu: explicitly check for s0ix when evicting resources (git-fixes). - drm/amdgpu: fix amdgpu_ras_block_late_init error handler (bsc#1190497) - drm/amdgpu: fix logic inversion in check (git-fixes). - drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire() (git-fixes). - drm/amdgpu: Fix recursive locking warning (git-fixes). - drm/amdgpu: fix suspend/resume hang regression (git-fixes). - drm/amdgpu/sdma: Fix incorrect calculations of the wptr of the doorbells (git-fixes). - drm/amdgpu: skipping SDMA hw_init and hw_fini for S0ix (git-fixes). - drm/amdgpu/smu10: fix SoC/fclk units in auto mode (git-fixes). - drm/amdgpu: suppress the warning about enum value 'AMD_IP_BLOCK_TYPE_NUM' (git-fixes). - drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo (git-fixes). - drm/amdgpu: unify BO evicting method in amdgpu_ttm (git-fixes). - drm/amdgpu: update VCN codec support for Yellow Carp (git-fixes). - drm/amdgpu/vcn: Fix the register setting for vcn1 (git-fixes). - drm/amdgpu/vcn: improve vcn dpg stop procedure (git-fixes). - drm/amdgpu: vi: disable ASPM on Intel Alder Lake based systems (bsc#1190786) - drm/amdkfd: add pinned BOs to kfd_bo_list (git-fixes). - drm/amdkfd: Check for potential null return of kmalloc_array() (git-fixes). - drm/amdkfd: Create file descriptor after client is added to smi_clients list (git-fixes). - drm/amdkfd: Do not take process mutex for svm ioctls (git-fixes). - drm/amdkfd: Fix GWS queue count (bsc#1190786) - drm/amdkfd: Fix Incorrect VMIDs passed to HWS (git-fixes). - drm/amdkfd: make CRAT table missing message informational only (git-fixes). - drm/amdkfd: remove unused function (git-fixes). - drm/amdkfd: Separate pinned BOs destruction from general routine (bsc#1195287). - drm/amdkfd: Use mmget_not_zero in MMU notifier (git-fixes). - drm/amd/pm: correct the MGpuFanBoost support for Beige Goby (git-fixes). - drm/amd/pm: correct the sequence of sending gpu reset msg (git-fixes). - drm/amd/pm: correct UMD pstate clocks for Dimgrey Cavefish and Beige Goby (git-fixes). - drm/amd/pm: enable pm sysfs write for one VF mode (git-fixes). - drm/amd/pm: fix hwmon node of power1_label create issue (git-fixes). - drm/amd/pm: Fix missing thermal throttler status (git-fixes). - drm/amd/pm: fix some OEM SKU specific stability issues (git-fixes). - drm/amd/pm: return -ENOTSUPP if there is no get_dpm_ultimate_freq function (git-fixes). - drm/amd/pm: update smartshift powerboost calc for smu12 (git-fixes). - drm/amd/pm: update smartshift powerboost calc for smu13 (git-fixes). - drm/amd/pm: use bitmap_{from,to}_arr32 where appropriate (git-fixes). - drm/ast: Create threshold values for AST2600 (bsc#1190786) - drm/atomic: Do not pollute crtc_state->mode_blob with error pointers (git-fixes). - drm/atomic: Force bridge self-refresh-exit on CRTC switch (git-fixes). - drm: avoid circular locks in drm_mode_getconnector (git-fixes). - drm/blend: fix typo in the comment (git-fixes). - drm/bridge: Add missing pm_runtime_disable() in __dw_mipi_dsi_probe (git-fixes). - drm/bridge: Add missing pm_runtime_put_sync (git-fixes). - drm/bridge: adv7511: clean up CEC adapter when probe fails (git-fixes). - drm: bridge: adv7511: Fix ADV7535 HPD enablement (git-fixes). - drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX (git-fixes). - drm/bridge: analogix_dp: Support PSR-exit to disable transition (git-fixes). - drm/bridge: anx7625: Fix overflow issue on reading EDID (git-fixes). - drm/bridge: cdns-dsi: Make sure to to create proper aliases for dt (git-fixes). - drm/bridge: dw-hdmi: use safe format when first in bridge chain (git-fixes). - drm/bridge: Fix error handling in analogix_dp_probe (git-fixes). - drm/bridge: Fix free wrong object in sii8620_init_rcp_input_dev (git-fixes). - drm: bridge: fix unmet dependency on DRM_KMS_HELPER for DRM_PANEL_BRIDGE (git-fixes). - drm: bridge: icn6211: Fix HFP_HSW_HBP_HI and HFP_MIN handling (bsc#1190786) - drm: bridge: icn6211: Fix register layout (git-fixes). - drm: bridge: it66121: Fix the register page length (git-fixes). - drm/bridge: nwl-dsi: Fix PM disable depth imbalance in nwl_dsi_probe (git-fixes). - drm/bridge: sn65dsi83: Fix an error handling path in (bsc#1190786) - drm/bridge: ti-sn65dsi83: Handle dsi_lanes == 0 as invalid (git-fixes). - drm/bridge: ti-sn65dsi86: Properly undo autosuspend (git-fixes). - drm/cma-helper: Set VM_DONTEXPAND for mmap (git-fixes). - drm/connector: Fix typo in output format (bsc#1190786) - drm/doc: overview before functions for drm_writeback.c (git-fixes). - drm/dp: Fix OOB read when handling Post Cursor2 register (bsc#1190786) - drm/edid: Always set RGB444 (git-fixes). - drm/edid: check basic audio support on CEA extension block (git-fixes). - drm/edid: Do not clear formats if using deep color (git-fixes). - drm/edid: fix CEA extension byte #3 parsing (bsc#1190786) - drm/edid: fix invalid EDID extension block filtering (git-fixes). - drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem (git-fixes). - drm/fb-helper: Mark screen buffers in system memory with FBINFO_VIRTFB (git-fixes). - drm/fourcc: fix integer type usage in uapi header (git-fixes). - drm/i915/adlp: Fix TypeC PHY-ready status readout (git-fixes). - drm/i915: Allow !join_mbus cases for adlp+ dbuf configuration (bsc#1193640). - drm/i915: Check EDID for HDR static metadata when choosing blc (bsc#1190497) - drm/i915: Correctly populate use_sagv_wm for all pipes (git-fixes). - drm/i915/dg2: Print PHY name properly on calibration error (git-fixes). - drm/i915: Disable DRRS on IVB/HSW port != A (git-fixes). - drm/i915/display: Fix HPD short pulse handling for eDP (git-fixes). - drm/i915/display: Move DRRS code its own file (git-fixes). - drm/i915/display/psr: Unset enable_psr2_sel_fetch if other checks in intel_psr2_config_valid() fails (git-fixes). - drm/i915/display: split out dpt out of intel_display.c (git-fixes). - drm/i915/dmc: Add MMIO range restrictions (git-fixes). - drm/i915/dsi: fix VBT send packet port selection for ICL+ (git-fixes). - drm/i915: Fix bw atomic check when switching between SAGV vs. no SAGV (git-fixes). - drm/i915: Fix CFI violation with show_dynamic_id() (git-fixes). - drm/i915: Fix dbuf slice config lookup (git-fixes bsc#1193640). - drm/i915: Fix mbus join config lookup (git-fixes bsc#1193640). - drm/i915: Fix PSF GV point mask when SAGV is not possible (git-fixes). - drm/i915: Fix race in __i915_vma_remove_closed (bsc#1190497) - drm/i915: Fix SEL_FETCH_PLANE_*(PIPE_B+) register addresses (bsc#1190497) - drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency() (git-fixes). - drm/i915/gem: add missing boundary check in vm_access (git-fixes). - drm/i915/gem: add missing else (git-fixes). - drm/i915/guc/slpc: Correct the param count for unset param (git-fixes). - drm/i915/gvt: clean up kernel-doc in gtt.c (git-fixes). - drm/i915/gvt: Make DRM_I915_GVT depend on X86 (git-fixes). - drm/i915: Implement w/a 22010492432 for adl-s (git-fixes). - drm/i915: Keep gem ctx->vm alive until the final put (bsc#1190497) - drm/i915/opregion: check port number bounds for SWSCI display power state (git-fixes). - drm/i915/overlay: Prevent divide by zero bugs in scaling (git-fixes). - drm/i915: Populate pipe dbuf slices more accurately during readout (bsc#1193640). - drm/i915/reset: Fix error_state_read ptr + offset use (git-fixes). - drm/i915: s/JSP2/ICP2/ PCH (git-fixes). - drm/i915: Treat SAGV block time 0 as SAGV disabled (git-fixes). - drm/i915/ttm: ensure we unmap when purging (git-fixes). - drm/i915/ttm: tweak priority hint selection (git-fixes). - drm/i915: Widen the QGV point mask (git-fixes). - drm/i915: Workaround broken BIOS DBUF configuration on TGL/RKL (bsc#1193640). - drm/imx: dw_hdmi-imx: Fix bailout in error cases of probe (git-fixes). - drm: imx: fix compiler warning with gcc-12 (git-fixes). - drm/imx: Fix memory leak in imx_pd_connector_get_modes (git-fixes). - drm/imx: imx-ldb: Check for null pointer after calling kmemdup (git-fixes). - drm/imx: parallel-display: Remove bus flags check in imx_pd_bridge_atomic_check() (git-fixes). - drm/kmb: Fix for build errors with Warray-bounds (git-fixes). - drm/komeda: Fix an undefined behavior bug in komeda_plane_add() (git-fixes). - drm/komeda: return early if drm_universal_plane_init() fails (git-fixes). - drm: mali-dp: potential dereference of null pointer (git-fixes). - drm/mediatek: Add vblank register/unregister callback functions (bsc#1190768) - drm/mediatek: dpi: Use mt8183 output formats for mt8192 (git-fixes). - drm/mediatek: Fix mtk_cec_mask() (git-fixes). - drm/mediatek: mtk_dsi: Reset the dsi0 hardware (git-fixes). - drm/meson: Fix error handling when afbcd.ops->init fails (git-fixes). - drm/meson: Make use of the helper function devm_platform_ioremap_resourcexxx() (git-fixes). - drm/meson: osd_afbcd: Add an exit callback to struct meson_afbcd_ops (git-fixes). - drm/meson: split out encoder from meson_dw_hdmi (git-fixes). - drm/msm/a6xx: Fix missing ARRAY_SIZE() check (git-fixes). - drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init (git-fixes). - drm/msm: add missing include to msm_drv.c (git-fixes). - drm/msm: Add missing put_task_struct() in debugfs path (git-fixes). - drm/msm/disp: check the return value of kzalloc() (git-fixes). - drm/msm/disp/dpu1: set mdp clk to the maximum frequency in opp table (bsc#1190768) - drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume (git-fixes). - drm/msm/dp: add fail safe mode outside of event_mutex context (git-fixes). - drm/msm/dp: always add fail-safe mode into connector mode list (git-fixes). - drm/msm/dp: Always clear mask bits to disable interrupts at dp_ctrl_reset_irq_ctrl() (git-fixes). - drm/msm/dp: check core_initialized before disable interrupts at dp_display_unbind() (git-fixes). - drm/msm/dp: do not initialize phy until plugin interrupt received (bsc#1190497) - drm/msm/dp: do not stop transmitting phy test pattern during DP phy compliance test (git-fixes). - drm/msm/dp: dp_link_parse_sink_count() return immediately if aux read failed (git-fixes). - drm/msm/dp: fix error check return value of irq_of_parse_and_map() (git-fixes). - drm/msm/dp: fix event thread stuck in wait_event after kthread_stop() (git-fixes). - drm/msm/dp: force link training for display resolution change (git-fixes). - drm/msm/dp: Modify prototype of encoder based API (git-fixes). - drm/msm/dp: populate connector of struct dp_panel (git-fixes). - drm/msm/dp: remove fail safe mode related code (git-fixes). - drm/msm/dp: reset DP controller before transmit phy test pattern (git-fixes). - drm/msm/dp: stop event kernel thread when DP unbind (bsc#1190768) - drm/msm/dp: stop link training after link training 2 failed (git-fixes). - drm/msm/dp: tear down main link at unplug handle immediately (bsc#1190768) - drm/msm/dpu: add DSPP blocks teardown (git-fixes). - drm/msm/dpu: adjust display_v_end for eDP and DP (git-fixes). - drm/msm/dpu: fix dp audio condition (git-fixes). - drm/msm/dpu: fix error check return value of irq_of_parse_and_map() (bsc#1190768) - drm/msm/dpu: handle pm_runtime_get_sync() errors in bind path (git-fixes). - drm/msm/dsi: fix address for second DSI PHY on SDM660 (git-fixes). - drm/msm/dsi: fix error checks and return values for DSI xmit functions (git-fixes). - drm/msm/dsi: Remove spurious IRQF_ONESHOT flag (git-fixes). - drm/msm/dsi: Use connector directly in msm_dsi_manager_connector_init() (git-fixes). - drm/msm/dsi: Use "ref" fw clock instead of global name for VCO parent (git-fixes). - drm/msm: Fix double pm_runtime_disable() call (git-fixes). - drm: msm: fix error check return value of irq_of_parse_and_map() (git-fixes). - drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() (git-fixes). - drm/msm: Fix range size vs end confusion (git-fixes). - drm/msm/hdmi: check return value after calling platform_get_resource_byname() (git-fixes). - drm/msm/hdmi: fix error check return value of irq_of_parse_and_map() (git-fixes). - drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf (git-fixes). - drm/msm/mdp5: check the return of kzalloc() (git-fixes). - drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected (git-fixes). - drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected (git-fixes). - drm/msm: properly add and remove internal bridges (bsc#1190768) - drm/msm: remove unused plane_property field from msm_drm_private (bsc#1190768) - drm/msm: return an error pointer in msm_gem_prime_get_sg_table() (git-fixes). - drm/msm: Switch ordering of runpm put vs devfreq_idle (git-fixes). - drm/msm: use for_each_sgtable_sg to iterate over scatterlist (git-fixes). - drm/nouveau/acr: Fix undefined behavior in nvkm_acr_hsfw_load_bl() (git-fixes). - drm/nouveau/backlight: Just set all backlight types as RAW (git-fixes). - drm/nouveau/clk: Fix an incorrect NULL check on list iterator (git-fixes). - drm/nouveau: Fix a potential theorical leak in nouveau_get_backlight_name() (git-fixes). - drm/nouveau: fix off by one in BIOS boundary checking (git-fixes). - drm/nouveau/kms/nv50-: atom: fix an incorrect NULL check on list iterator (git-fixes). - drm/nouveau/pmu: Add missing callbacks for Tegra devices (git-fixes). - drm/nouveau/pmu/gm200-: use alternate falcon reset sequence (git-fixes). - drm/nouveau/subdev/bus: Ratelimit logging for fault errors (git-fixes). - drm/nouveau/tegra: Stop using iommu_present() (git-fixes). - drm: panel-orientation-quirks: Add quirk for the 1Netbook OneXPlayer (git-fixes). - drm/panel: panel-simple: Fix proper bpc for AM-1280800N3TZQW-T00H (git-fixes). - drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not initialised (git-fixes). - drm/panel/raspberrypi-touchscreen: Initialise the bridge in prepare (git-fixes). - drm/panel: simple: Add missing bus flags for Innolux G070Y2-L01 (git-fixes). - drm/panel: simple: Assign data from panel_dpi_probe() correctly (git-fixes). - drm/panel: simple: Fix Innolux G070Y2-L01 BPP settings (git-fixes). - drm/panfrost: Check for error num after setting mask (git-fixes). - drm/plane: Move range check for format_count earlier (git-fixes). - drm/radeon: fix a possible null pointer dereference (git-fixes). - drm/radeon: Fix backlight control on iMac 12,1 (git-fixes). - drm/rockchip: dw_hdmi: Do not leave clock enabled in error case (git-fixes). - drm/rockchip: vop: Correct RK3399 VOP register fields (git-fixes). - drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() (git-fixes). - drm/selftests/test-drm_dp_mst_helper: Fix memory leak in sideband_msg_req_encode_decode (git-fixes). - drm/simpledrm: Add "panel orientation" property on non-upright mounted LCD panels (git-fixes). - drm: sti: do not use kernel-doc markers (git-fixes). - drm/sun4i: Fix crash during suspend after component bind failure (git-fixes). - drm/sun4i: mixer: Fix P010 and P210 format numbers (git-fixes). - drm/sun4i: Remove obsolete references to PHYS_OFFSET (bsc#1190786) - drm/syncobj: flatten dma_fence_chains on transfer (git-fixes). - drm/tegra: Add back arm_iommu_detach_device() (git-fixes). - drm/tegra: Fix reference leak in tegra_dsi_ganged_probe (git-fixes). - drm: use the lookup lock in drm_is_current_master (git-fixes). - drm/v3d/v3d_drv: Check for error num after setting mask (git-fixes). - drm/vc4: crtc: Fix runtime_pm reference counting (git-fixes). - drm/vc4: Fix deadlock on DSI device attach error (git-fixes). - drm/vc4: hdmi: Add debugfs prefix (bsc#1199163). - drm/vc4: hdmi: Allow DBLCLK modes even if horz timing is odd (git-fixes). - drm/vc4: hdmi: Fix build error for implicit function declaration (git-fixes). - drm/vc4: hdmi: Fix HPD GPIO detection (git-fixes). - drm/vc4: hdmi: Make sure the device is powered with CEC (git-fixes). - drm/vc4: hdmi: Split the CEC disable / enable functions in two (git-fixes). - drm/vc4: hvs: Fix frame count register readout (git-fixes). - drm/vc4: hvs: Reset muxes at probe time (git-fixes). - drm/vc4: txp: Do not set TXP_VSTART_AT_EOF (git-fixes). - drm/vc4: txp: Force alpha to be 0xff if it's disabled (git-fixes). - drm/vc4: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage (git-fixes). - drm/virtio: Ensure that objs is not NULL in virtio_gpu_array_put_free() (git-fixes). - drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (git-fixes). - drm/vmwgfx: Disable command buffers on svga3 without gbobjects (git-fixes). - drm/vmwgfx: Fix fencing on SVGAv3 (git-fixes). - drm/vmwgfx: Initialize drm_mode_fb_cmd2 (git-fixes). - drm/vmwgfx: Remove unused compile options (bsc#1190786) - drm/vmwgfx: validate the screen formats (git-fixes). - drm/vrr: Set VRR capable prop only if it is attached to connector (git-fixes). - dt-bindings: arm: bcm: fix BCM53012 and BCM53016 SoC strings (git-fixes). - dt-bindings: can: tcan4x5x: fix mram-cfg RX FIFO config (git-fixes). - dt-bindings: display: sitronix, st7735r: Fix backlight in example (git-fixes). - dt-bindings: gpio: altera: correct interrupt-cells (git-fixes). - dt-bindings: memory: mtk-smi: No need mediatek,larb-id for mt8167 (git-fixes). - dt-bindings: mtd: nand-controller: Fix a comment in the examples (git-fixes). - dt-bindings: mtd: nand-controller: Fix the reg property description (git-fixes). - dt-bindings: net: xgmac_mdio: Remove unsupported "bus-frequency" (git-fixes). - dt-bindings: PCI: xilinx-cpm: Fix reg property order (git-fixes). - dt-bindings: phy: uniphier-usb3hs: Fix incorrect clock-names and reset-names (git-fixes). - dt-bindings: pinctrl: aspeed-g6: remove FWQSPID group (git-fixes). - dt-bindings: pinctrl: pinctrl-microchip-sgpio: Fix example (git-fixes). - dt-bindings: spi: mxic: The interrupt property is not mandatory (git-fixes). - dt-bindings: usb: ehci: Increase the number of PHYs (git-fixes). - dt-bindings: usb: hcd: correct usb-device path (git-fixes). - dt-bindings: usb: ohci: Increase the number of PHYs (git-fixes). - dt-bindings: watchdog: Require samsung,syscon-phandle for Exynos7 (git-fixes). - e1000e: Correct NVM checksum verification flow (bsc#1191663). - e1000e: Fix possible HW unit hang after an s0ix exit (jsc#SLE-18382). - e1000e: Fix possible overflow in LTR decoding (git-fixes). - e1000e: Handshake with CSME starts from ADL platforms (git-fixes). - e1000e: Separate ADP board type from TGP (git-fixes). - EDAC/altera: Fix deferred probing (bsc#1190497). - EDAC/amd64: Add new register offset support and related changes (jsc#SLE-19026). - EDAC/amd64: Set memory type per DIMM (jsc#SLE-19026). - EDAC: Fix calculation of returned address and next offset in edac_align_ptr() (bsc#1190497). - EDAC/synopsys: Read the error count from the correct register (bsc#1190497). - EDAC/xgene: Fix deferred probing (bsc#1190497). - eeprom: ee1004: limit i2c reads to I2C_SMBUS_BLOCK_MAX (git-fixes). - efi: Add missing prototype for efi_capsule_setup_info (git-fixes). - efi: Do not import certificates from UEFI Secure Boot for T2 Macs (git-fixes). - efi: fix return value of __setup handlers (git-fixes). - efivars: Respect "block" flag in efivar_entry_set_safe() (git-fixes). - epic100: fix use after free on rmmod (git-fixes). - ethernet/sfc: remove redundant rc variable (bsc#1196306). - exec: Force single empty string when argv is empty (bsc#1200571). - ext2: correct max file size computing (bsc#1197820). - ext4: avoid trim error on fs with small groups (bsc#1191271). - ext4: destroy ext4_fc_dentry_cachep kmemcache on module removal (bsc#1197917). - ext4: fix an use-after-free issue about data=journal writeback mode (bsc#1195482). - ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1200810). - ext4: fix bug_on in __es_tree_search (bsc#1200809). - ext4: fix ext4_fc_stats trace point (git-fixes). - ext4: fix race condition between ext4_write and ext4_convert_inline_data (bsc#1200807). - ext4: limit length to bitmap_maxbytes - blocksize in punch_hole (bsc#1200806). - ext4: make variable "count" signed (bsc#1200820). - ext4: reject the 'commit' option on ext2 filesystems (bsc#1200808). - extcon: Modify extcon device to be created after driver data is set (git-fixes). - extcon: ptn5150: Add queue work sync before driver release (git-fixes). - faddr2line: Fix overlapping text section failures, the sequel (git-fixes). - fbcon: Avoid 'cap' set but not used warning (bsc#1190786) - fbcon: Consistently protect deferred_takeover with console_lock() (git-fixes). - firewire: core: extend card->lock in fw_core_handle_bus_reset (git-fixes). - firewire: fix potential uaf in outbound_phy_packet_callback() (git-fixes). - firewire: remove check of list iterator against head past the loop body (git-fixes). - firmware: arm_ffa: Fix uuid parameter to ffa_partition_probe (git-fixes). - firmware: arm_ffa: Remove incorrect assignment of driver_data (git-fixes). - firmware: arm_scmi: Fix list protocols enumeration in the base protocol (git-fixes). - firmware: arm_scmi: Fix sorting of retrieved clock rates (git-fixes). - firmware: arm_scmi: Remove space in MODULE_ALIAS name (git-fixes). - firmware: arm_scmi: Validate BASE_DISCOVER_LIST_PROTOCOLS response (git-fixes). - firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle (git-fixes). - firmware: google: Properly state IOMEM dependency (git-fixes). - firmware: qcom: scm: Remove reassignment to desc following initializer (git-fixes). - firmware: stratix10-svc: add missing callback parameter on RSU (git-fixes). - firmware: stratix10-svc: fix a missing check on list iterator (git-fixes). - firmware: sysfb: fix platform-device leak in error path (git-fixes). - firmware: ti_sci: Fix compilation failure when CONFIG_TI_SCI_PROTOCOL is not defined (git-fixes). - firmware: use kernel credentials when reading firmware (git-fixes). - fs: fd tables have to be multiples of BITS_PER_LONG (bsc#1200827). - fs: fix fd table size alignment properly (bsc#1200882). - fs: handle circular mappings correctly (bsc#1197918). - fsl_lpuart: Do not enable interrupts too early (git-fixes). - fsnotify: Do not insert unmergeable events in hashtable (bsc#1197922). - fsnotify: fix fsnotify hooks in pseudo filesystems (bsc#1195944 bsc#1195478). - fsnotify: fix wrong lockdep annotations (bsc#1200815). - ftrace: Clean up hash direct_functions on register failures (git-fixes). - fuse: fix fileattr op failure (bsc#1197292). - gen_init_cpio: fix short read file handling (bsc#1193289). - genirq/affinity: Consider that CPUs on nodes can be (git-fixes) - genirq: Synchronize interrupt thread startup (git-fixes) - gianfar: ethtool: Fix refcount leak in gfar_get_ts_info (git-fixes). - gma500: fix an incorrect NULL check on list iterator (git-fixes). - gpio: adp5588: Remove support for platform setup and teardown callbacks (git-fixes). - gpio: aggregator: Fix calling into sleeping GPIO controllers (git-fixes). - gpio: dwapb: Do not print error on -EPROBE_DEFER (git-fixes). - gpio: gpio-vf610: do not touch other bits when set the target bit (git-fixes). - gpiolib: acpi: Convert ACPI value of debounce to microseconds (git-fixes). - gpiolib: acpi: use correct format characters (git-fixes). - gpiolib: Never return internal error codes to user space (git-fixes). - gpiolib: of: fix bounds check for 'gpio-reserved-ranges' (git-fixes). - gpio: mvebu: drop pwm base assignment (git-fixes). - gpio: mvebu/pwm: Refuse requests with inverted polarity (git-fixes). - gpio: pca953x: fix irq_stat not updated when irq is disabled (irq_mask not set) (git-fixes). - gpio: pca953x: use the correct register address to do regcache sync (git-fixes). - gpio: Return EPROBE_DEFER if gc->to_irq is NULL (git-fixes). - gpio: Revert regression in sysfs-gpio (gpiolib.c) (git-fixes). - gpio: sifive: use the correct register to read output values (git-fixes). - gpio: tegra186: Fix chip_data type confusion (git-fixes). - gpio: ts4900: Do not set DAT and OE together (git-fixes). - gpio: visconti: Fix fwnode of GPIO IRQ (git-fixes). - gpio: winbond: Fix error code in winbond_gpio_get() (git-fixes). - gpu: host1x: Fix a memory leak in 'host1x_remove()' (git-fixes). - gpu: ipu-v3: Fix dev_dbg frequency output (git-fixes). - gup: Turn fault_in_pages_{readable,writeable} into fault_in_{readable,writeable} (git-fixes). - gve: Fix GFP flags when allocing pages (git-fixes). - gve: fix the wrong AdminQ buffer queue index check (git-fixes). - habanalabs: Add check for pci_enable_device (git-fixes). - habanalabs: fix possible memory leak in MMU DR fini (git-fixes). - hamradio: fix macro redefine warning (git-fixes). - hex2bin: fix access beyond string end (git-fixes). - HID: add mapping for KEY_ALL_APPLICATIONS (git-fixes). - HID: add mapping for KEY_DICTATE (git-fixes). - HID: Add support for open wheel and no attachment to T300 (git-fixes). - HID:Add support for UGTABLET WP5540 (git-fixes). - HID: amd_sfh: Add illuminance mask to limit ALS max value (git-fixes). - HID: amd_sfh: Correct the structure field name (git-fixes). - HID: amd_sfh: Modify the bus name (git-fixes). - HID: amd_sfh: Modify the hid name (git-fixes). - HID: bigben: fix slab-out-of-bounds Write in bigben_probe (git-fixes). - hide appended member supports_dynamic_smps_6ghz (git-fixes). - HID: elan: Fix potential double free in elan_input_configured (git-fixes). - HID: hid-led: fix maximum brightness for Dream Cheeky (git-fixes). - HID: hid-thrustmaster: fix OOB read in thrustmaster_interrupts (git-fixes). - HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports (git-fixes). - HID: intel-ish-hid: Use dma_alloc_coherent for firmware update (git-fixes). - HID: logitech-dj: add new lightspeed receiver id (git-fixes). - HID: multitouch: add quirks to enable Lenovo X12 trackpoint (git-fixes). - HID: multitouch: Add support for Google Whiskers Touchpad (git-fixes). - HID: multitouch: fix Dell Precision 7550 and 7750 button type (bsc#1197243). - HID: vivaldi: fix sysfs attributes leak (git-fixes). - hinic: fix bug of wq out of bound access (git-fixes). - hv_balloon: rate-limit "Unhandled message" warning (git-fixes). - hv_netvsc: Add check for kvmalloc_array (git-fixes). - hv_utils: Add comment about max VMbus packet size in VSS driver (git-fixes). - hwmon: (dell-smm) Speed up setting of fan speed (git-fixes). - hwmon: (f71882fg) Fix negative temperature (git-fixes). - hwmon: Handle failure to register sensor with thermal zone correctly (git-fixes). - hwmon: (ibmaem) do not call platform_device_del() if platform_device_add() fails (git-fixes). - hwmon: (ltq-cputemp) restrict it to SOC_XWAY (git-fixes). - hwmon: (pmbus) Add mutex to regulator ops (git-fixes). - hwmon: (pmbus) Add Vin unit off handling (git-fixes). - hwmon: (pmbus) Check PEC support before reading other registers (git-fixes). - hwmon: (pmbus) Clear pmbus fault/warning bits after read (git-fixes). - hwmon: (pmbus) disable PEC if not enabled (git-fixes). - hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING (git-fixes). - hwmon: (tmp401) Add OF device ID table (git-fixes). - hwrng: atmel - disable trng on failure path (git-fixes). - hwrng: cavium - Check health status while reading random data (git-fixes). - hwrng: cavium - HW_RANDOM_CAVIUM should depend on ARCH_THUNDER (git-fixes). - hwrng: nomadik - Change clk_disable to clk_disable_unprepare (git-fixes). - hwrng: omap3-rom - fix using wrong clk_disable() in omap_rom_rng_runtime_resume() (git-fixes). - i2c: at91: Initialize dma_buf in at91_twi_xfer() (git-fixes). - i2c: at91: use dma safe buffers (git-fixes). - i2c: bcm2835: Avoid clock stretching timeouts (git-fixes). - i2c: bcm2835: Fix the error handling in 'bcm2835_i2c_probe()' (git-fixes). - i2c: bcm2835: Use platform_get_irq() to get the interrupt (git-fixes). - i2c: brcmstb: fix support for DSL and CM variants (git-fixes). - i2c: cadence: Increase timeout per message if necessary (git-fixes). - i2c: designware: Use standard optional ref clock implementation (git-fixes). - i2c: dev: Force case user pointers in compat_i2cdev_ioctl() (git-fixes). - i2c: ismt: prevent memory corruption in ismt_access() (git-fixes). - i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging (git-fixes). - i2c: meson: Fix wrong speed use from probe (git-fixes). - i2c: mt7621: fix missing clk_disable_unprepare() on error in mtk_i2c_probe() (git-fixes). - i2c: mux: demux-pinctrl: do not deactivate a master that is not active (git-fixes). - i2c: npcm7xx: Add check for platform_driver_register (git-fixes). - i2c: npcm: Correct register access width (git-fixes). - i2c: npcm: Fix timeout calculation (git-fixes). - i2c: npcm: Handle spurious interrupts (git-fixes). - i2c: piix4: Add EFCH MMIO support for SMBus port select (git-fixes). - i2c: piix4: Add EFCH MMIO support to region request and release (git-fixes). - i2c: piix4: Add EFCH MMIO support to SMBus base address detect (git-fixes). - i2c: piix4: Enable EFCH MMIO for Family 17h+ (git-fixes). - i2c: piix4: Move port I/O region request/release code into functions (git-fixes). - i2c: piix4: Move SMBus controller base address detect into function (git-fixes). - i2c: piix4: Move SMBus port selection into function (git-fixes). - i2c: piix4: Replace hardcoded memory map size with a #define (git-fixes). - i2c: qcom-cci: do not delete an unregistered adapter (git-fixes). - i2c: qcom-cci: do not put a device tree node before i2c_add_adapter() (git-fixes). - i2c: rcar: fix PM ref counts in probe error paths (git-fixes). - i2c: xiic: Make bus names unique (git-fixes). - i40e: do not reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb (git-fixes). - i40e: Fix for failed to init adminq while VF reset (git-fixes). - i40e: Fix issue when maximum queues is exceeded (git-fixes). - i40e: Fix queues reservation for XDP (git-fixes). - i40e: Fix reset bw limit when DCB enabled with 1 TC (git-fixes). - i40e: Fix reset path while removing the driver (git-fixes). - i40e: fix unsigned stat widths (git-fixes). - i40e: i40e_main: fix a missing check on list iterator (git-fixes). - i40e: Increase delay to 1 s after global EMP reset (git-fixes). - i40e: remove dead stores on XSK hotpath (jsc#SLE-18378). - i40e: respect metadata on XSK Rx to skb (git-fixes). - i40e: stop disabling VFs due to PF error responses (jsc#SLE-18378). - iavf: Add waiting so the port is initialized in remove (jsc#SLE-18385). - iavf: Fix deadlock in iavf_reset_task (jsc#SLE-18385). - iavf: Fix double free in iavf_reset_task (jsc#SLE-18385). - iavf: Fix handling of vlan strip virtual channel messages (jsc#SLE-18385). - iavf: Fix hang during reboot/shutdown (jsc#SLE-18385). - iavf: Fix __IAVF_RESETTING state usage (jsc#SLE-18385). - iavf: Fix init state closure on remove (jsc#SLE-18385). - iavf: Fix locking for VIRTCHNL_OP_GET_OFFLOAD_VLAN_V2_CAPS (jsc#SLE-18385). - iavf: Fix missing check for running netdev (git-fixes). - iavf: Fix race in init state (jsc#SLE-18385). - iavf: Rework mutexes for better synchronisation (jsc#SLE-18385 stable-5.14.6). - IB/cma: Allow XRC INI QPs to set their local ACK timeout (git-fixes). - IB/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD (git-fixes). - IB/cm: Release previously acquired reference counter in the cm_id_priv (git-fixes). - IB/hfi1: Allow larger MTU without AIP (git-fixes). - IB/hfi1: Fix AIP early init panic (git-fixes). - IB/hfi1: Fix alloc failure with larger txqueuelen (git-fixes). - IB/hfi1: Fix panic with larger ipoib send_queue_size (jsc#SLE-19242). - IB/hfi1: Fix tstats alloc and dealloc (git-fixes). - IB/mlx5: Expose NDR speed through MAD (bsc#1196930). - ibmvnic: do not release napi in __ibmvnic_open() (bsc#1195668 ltc#195811). - ibmvnic: fix race between xmit and reset (bsc#1197302 ltc#197259). - ibmvnic: Properly dispose of all skbs during a failover (bsc#1200925). - ibmvnic: schedule failover only if vioctl fails (bsc#1196400 ltc#195815). - IB/qib: Fix duplicate sysfs directory name (git-fixes). - IB/rdmavt: add lock to call to rvt_error_qp to prevent a race condition (git-fixes). - IB/rdmavt: Validate remote_addr during loopback atomic tests (git-fixes). - ice: allow creating VFs for !CONFIG_NET_SWITCHDEV (jsc#SLE-18375). - ice: check the return of ice_ptp_gettimex64 (git-fixes). - ice: clear cmd_type_offset_bsz for TX rings (jsc#SLE-18375). - ice: Clear default forwarding VSI during VSI release (git-fixes). - ice: clear stale Tx queue settings before configuring (git-fixes). - ice: do not allow to run ice_send_event_to_aux() in atomic ctx (git-fixes). - ice: do not reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb (git-fixes). - ice: Do not use GFP_KERNEL in atomic context (git-fixes). - ice: enable parsing IPSEC SPI headers for RSS (git-fixes). - ice: fix an error code in ice_cfg_phy_fec() (git-fixes). - ice: fix concurrent reset and removal of VFs (git-fixes). - ice: fix crash in switchdev mode (jsc#SLE-18375). - ice: Fix curr_link_speed advertised speed (git-fixes). - ice: Fix incorrect locking in ice_vc_process_vf_msg() (jsc#SLE-18375). - ice: fix IPIP and SIT TSO offload (git-fixes). - ice: fix NULL pointer dereference in ice_update_vsi_tx_ring_stats() (jsc#SLE-18375). - ice: fix PTP stale Tx timestamps cleanup (git-fixes). - ice: fix setting l4 port flag when adding filter (jsc#SLE-18375). - ice: fix use-after-free when deinitializing mailbox snapshot (git-fixes). - ice: initialize local variable 'tlv' (git-fixes). - ice: kabi protect ice_pf (bsc#1200502). - ice: Protect vf_state check by cfg_lock in ice_vc_process_vf_msg() (jsc#SLE-18375). - ice: respect metadata on XSK Rx to skb (git-fixes). - ice: synchronize_rcu() when terminating rings (git-fixes). - ice: xsk: Fix indexing in ice_tx_xsk_pool() (jsc#SLE-18375). - ice: xsk: fix VSI state check in ice_xsk_wakeup() (git-fixes). - igb: refactor XDP registration (git-fixes). - igc: avoid kernel warning when changing RX ring parameters (git-fixes). - igc: do not reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb (git-fixes). - igc: Fix BUG: scheduling while atomic (git-fixes). - igc: Fix infinite loop in release_swfw_sync (git-fixes). - igc: Fix suspending when PTM is active (jsc#SLE-18377). - igc: igc_read_phy_reg_gpy: drop premature return (git-fixes). - igc: igc_write_phy_reg_gpy: drop premature return (git-fixes). - iio:accel:bma180: rearrange iio trigger get and register (git-fixes). - iio: accel: fxls8962af: add padding to regmap for SPI (git-fixes). - iio:accel:kxcjk-1013: rearrange iio trigger get and register (git-fixes). - iio: accel: mma8452: ignore the return value of reset operation (git-fixes). - iio: accel: mma8452: use the correct logic to get mma8452_data (git-fixes). - iio:accel:mxc4005: rearrange iio trigger get and register (git-fixes). - iio: adc: ad7124: fix mask used for setting AIN_BUFP and AIN_BUFM bits (git-fixes). - iio: adc: ad7124: Remove shift from scan_type (git-fixes). - iio: adc: Add check for devm_request_threaded_irq (git-fixes). - iio: adc: adi-axi-adc: Fix refcount leak in adi_axi_adc_attach_client (git-fixes). - iio: adc: axp288: Override TS pin bias current for some models (git-fixes). - iio: adc: men_z188_adc: Fix a resource leak in an error handling path (git-fixes). - iio: adc: sc27xx: Fine tune the scale calibration values (git-fixes). - iio: adc: sc27xx: fix read big scale voltage not right (git-fixes). - iio: adc: stm32: Fix ADCs iteration in irq handler (git-fixes). - iio: adc: stm32: Fix IRQs on STM32F4 by removing custom spurious IRQs message (git-fixes). - iio: adc: stm32: fix maximum clock rate for stm32mp15x (git-fixes). - iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check (git-fixes). - iio: adc: ti-ads131e08: add missing fwnode_handle_put() in ads131e08_alloc_channels() (git-fixes). - iio: adc: tsc2046: fix memory corruption by preventing array overflow (git-fixes). - iio: adc: vf610: fix conversion mode sysfs node name (git-fixes). - iio: afe: rescale: Fix boolean logic bug (git-fixes). - iio: afe: rescale: use s64 for temporary scale calculations (git-fixes). - iio: buffer: Fix file related error handling in IIO_BUFFER_GET_FD_IOCTL (git-fixes). - iio:chemical:ccs811: rearrange iio trigger get and register (git-fixes). - iio: dac: ad5446: Fix read_raw not returning set value (git-fixes). - iio: dac: ad5592r: Fix the missing return value (git-fixes). - iio: dummy: iio_simple_dummy: check the return value of kstrdup() (git-fixes). - iio: Fix error handling for PM (git-fixes). - iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (git-fixes). - iio:humidity:hts221: rearrange iio trigger get and register (git-fixes). - iio:imu:adis16480: fix buffering for devices with no burst mode (git-fixes). - iio:imu:bmi160: disable regulator in error path (git-fixes). - iio: imu: inv_icm42600: Fix I2C init possible nack (git-fixes). - iio: imu: st_lsm6dsx: wait for settling time in st_lsm6dsx_read_oneshot (git-fixes). - iio: inkern: apply consumer scale on IIO_VAL_INT cases (git-fixes). - iio: inkern: apply consumer scale when no channel scale is available (git-fixes). - iio: inkern: make a best effort on offset calculation (git-fixes). - iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on() (git-fixes). - iio: magnetometer: yas530: Fix memchr_inv() misuse (git-fixes). - iio: mma8452: Fix probe failing when an i2c_device_id is used (git-fixes). - iio: mma8452: fix probe fail when device tree compatible is used (git-fixes). - iio: proximity: vl53l0x: Fix return value check of wait_for_completion_timeout (git-fixes). - iio: st_sensors: Add a local lock for protecting odr (git-fixes). - iio: trigger: sysfs: fix use-after-free on remove (git-fixes). - ima: Allow template selection with ima_template[_fmt]= after ima_hash= (git-fixes). - ima: Do not print policy rule with inactive LSM labels (git-fixes). - ima: fix reference leak in asymmetric_verify() (git-fixes). - ima: Remove ima_policy file before directory (git-fixes). - init: call time_init() before rand_initialize() (git-fixes). - init: Initialize noop_backing_dev_info early (bsc#1200822). - init/main.c: return 1 from handled __setup() functions (git-fixes). - initramfs: Check timestamp to prevent broken cpio archive (bsc#1193289). - inotify: show inotify mask flags in proc fdinfo (bsc#1200600). - Input: add bounds checking to input_set_capability() (git-fixes). - Input: aiptek - properly check endpoint type (git-fixes). - Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag (git-fixes). - Input: clear BTN_RIGHT/MIDDLE on buttonpads (git-fixes). - Input: elan_i2c: Add deny list for Lenovo Yoga Slim 7 (bsc#1193064). - Input: elan_i2c - fix regulator enable count imbalance after suspend/resume (git-fixes). - Input: elan_i2c - move regulator_[en|dis]able() out of elan_[en|dis]able_power() (git-fixes). - Input: gpio-keys - cancel delayed work only in case of GPIO (git-fixes). - Input: ili210x - fix reset timing (git-fixes). - Input: omap4-keypad - fix pm_runtime_get_sync() error checking (git-fixes). - Input: samsung-keypad - properly state IOMEM dependency (git-fixes). - Input: soc_button_array - also add Lenovo Yoga Tablet2 1051F to dmi_use_low_level_irq (git-fixes). - Input: sparcspkr - fix refcount leak in bbc_beep_probe (git-fixes). - Input: stmfts - do not leave device disabled in stmfts_input_open (git-fixes). - Input: stmfts - fix reference leak in stmfts_input_open (git-fixes). - Input: synaptics - enable InterTouch on ThinkPad T14/P14s Gen 1 AMD (git-fixes). - Input: synaptics: retry query upon error (bsc#1194086). - Input: wm97xx: Simplify resource management (git-fixes). - Input: zinitix - do not report shadow fingers (git-fixes). - integrity: check the return value of audit_log_start() (git-fixes). - iocost: do not reset the inuse weight of under-weighted debtors (git-fixes). - iocost: Fix divide-by-zero on donation from low hweight cgroup (bsc#1198014). - iomap: iomap_write_failed fix (bsc#1200829). - iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() (git-fixes). - iommu/amd: Increase timeout waiting for GA log enablement (bsc#1199052). - iommu/amd: Remove useless irq affinity notifier (git-fixes). - iommu/amd: Restore GA log/tail pointer on host resume (git-fixes). - iommu/amd: X2apic mode: mask/unmask interrupts on suspend/resume (git-fixes). - iommu/amd: X2apic mode: re-enable after resume (git-fixes). - iommu/amd: X2apic mode: setup the INTX registers on mask/unmask (git-fixes). - iommu: arm-smmu: disable large page mappings for Nvidia arm-smmu (bsc#1198826). - iommu/arm-smmu-qcom: Fix TTBR0 read (git-fixes). - iommu: Extend mutex lock scope in iommu_probe_device() (git-fixes). - iommu/ioasid: Introduce a helper to check for valid PASIDs (jsc#SLE-24350). - iommu/io-pgtable-arm: Fix table descriptor paddr formatting (git-fixes). - iommu/io-pgtable-arm-v7s: Add error handle for page table allocation failure (git-fixes). - iommu/iova: Fix race between FQ timeout and teardown (git-fixes). - iommu/sva: Assign a PASID to mm on PASID allocation and free it on mm exit (jsc#SLE-24350). - iommu/sva: Rename CONFIG_IOMMU_SVA_LIB to CONFIG_IOMMU_SVA (jsc#SLE-24350). - iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() (git-fixes). - ionic: add FW_STOPPING state (git-fixes). - ionic: Allow flexibility for error reporting on dev commands (git-fixes). - ionic: better handling of RESET event (git-fixes). - ionic: catch transition back to RUNNING with fw_generation 0 (git-fixes). - ionic: Cleanups in the Tx hotpath code (git-fixes). - ionic: Correctly print AQ errors if completions are not received (git-fixes). - ionic: disable napi when ionic_lif_init() fails (git-fixes). - ionic: Do not send reset commands if FW isn't running (git-fixes). - ionic: fix missing pci_release_regions() on error in ionic_probe() (git-fixes). - ionic: fix type complaint in ionic_dev_cmd_clean() (git-fixes). - ionic: fix up printing of timeout error (git-fixes). - ionic: Prevent filter add/del err msgs when the device is not available (git-fixes). - ionic: Query FW when getting VF info via ndo_get_vf_config (git-fixes). - ionic: remove the dbid_inuse bitmap (git-fixes). - ionic: replace set_vf data with union (git-fixes). - ionic: start watchdog after all is setup (git-fixes). - ionic: stretch heartbeat detection (git-fixes). - io_uring: add more locking annotations for submit (bsc#1199011). - io_uring: avoid touching inode in rw prep (bsc#1199011). - io_uring: be smarter about waking multiple CQ ring waiters (bsc#1199011). - io_uring: cache __io_free_req()'d requests (bsc#1199011). - io_uring: clean io-wq callbacks (bsc#1199011). - io_uring: clean up tctx_task_work() (bsc#1199011). - io_uring: deduplicate open iopoll check (bsc#1199011). - io_uring: do not halt iopoll too early (bsc#1199011). - io_uring: drop exec checks from io_req_task_submit (bsc#1199011). - io_uring: extract a helper for ctx quiesce (bsc#1199011). - io_uring: Fix undefined-behaviour in io_issue_sqe (bsc#1199011). - io_uring: improve ctx hang handling (bsc#1199011). - io_uring: inline fixed part of io_file_get() (bsc#1199011). - io_uring: inline io_free_req_deferred (bsc#1199011). - io_uring: inline io_poll_remove_waitqs (bsc#1199011). - io_uring: inline struct io_comp_state (bsc#1199011). - io_uring: kill unused IO_IOPOLL_BATCH (bsc#1199011). - io_uring: move io_fallback_req_func() (bsc#1199011). - io_uring: move io_put_task() definition (bsc#1199011). - io_uring: move io_rsrc_node_alloc() definition (bsc#1199011). - io_uring: optimise io_cqring_wait() hot path (bsc#1199011). - io_uring: optimise putting task struct (bsc#1199011). - io_uring: refactor io_alloc_req (bsc#1199011). - io_uring: remove extra argument for overflow flush (bsc#1199011). - io_uring: remove file batch-get optimisation (bsc#1199011). - io_uring: remove IRQ aspect of io_ring_ctx completion lock (bsc#1199011). - io_uring: remove redundant args from cache_free (bsc#1199011). - io_uring: remove unnecessary PF_EXITING check (bsc#1199011). - io_uring: rename io_file_supports_async() (bsc#1199011). - io_uring: run linked timeouts from task_work (bsc#1199011). - io_uring: run regular file completions from task_work (bsc#1199011). - io_uring: run timeouts from task_work (bsc#1199011). - io_uring: use inflight_entry instead of compl.list (bsc#1199011). - io_uring: use kvmalloc for fixed files (bsc#1199011). - io-wq: get rid of FIXED worker flag (bsc#1199011). - io-wq: make worker creation resilient against signals (bsc#1199011). - io-wq: move nr_running and worker_refs out of wqe->lock protection (bsc#1199011). - io-wq: only exit on fatal signals (bsc#1199011). - io-wq: provide a way to limit max number of workers (bsc#1199011). - io-wq: split bounded and unbounded work into separate lists (bsc#1199011). - io-wq: wqe and worker locks no longer need to be IRQ safe (bsc#1199011). - ipc/sem: do not sleep with a spin lock held (bsc#1198412). - ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback (git-fixes). - ipmi: bail out if init_srcu_struct fails (git-fixes). - ipmi: Fix pr_fmt to avoid compilation issues (git-fixes). - ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module (git-fixes). - ipmi:ssif: Check for NULL msg when handling events and messages (git-fixes). - ipvs: add sysctl_run_estimation to support disable estimation (bsc#1195504). - ipw2x00: Fix potential NULL dereference in libipw_xmit() (git-fixes). - irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (git-fixes). - irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value (git-fixes). - irqchip/aspeed-scu-ic: Fix irq_of_parse_and_map() return value (git-fixes). - irqchip/exiu: Fix acknowledgment of edge triggered interrupts (git-fixes). - irqchip/gic, gic-v3: Prevent GSI to SGI translations (git-fixes). - irqchip/gic/realview: Fix refcount leak in realview_gic_of_init (git-fixes). - irqchip/gic-v3: Ensure pseudo-NMIs have an ISB between ack and handling (git-fixes). - irqchip/gic-v3: Fix error handling in gic_populate_ppi_partitions (git-fixes). - irqchip/gic-v3: Fix GICR_CTLR.RWP polling (git-fixes). - irqchip/gic-v3: Fix refcount leak in gic_populate_ppi_partitions (git-fixes). - irqchip/gic-v4: Wait for GICR_VPENDBASER.Dirty to clear before descheduling (git-fixes). - irqchip: irq-xtensa-mx: fix initial IRQ affinity (git-fixes). - irqchip/nvic: Release nvic_base upon failure (git-fixes). - irqchip/qcom-pdc: Fix broken locking (git-fixes). - irqchip/realtek-rtl: Fix refcount leak in map_interrupts (git-fixes). - irqchip/realtek-rtl: Service all pending interrupts (git-fixes). - isdn: hfcpci: check the return value of dma_set_mask() in setup_hw() (git-fixes). - ivtv: fix incorrect device_caps for ivtvfb (git-fixes). - iwlwifi: do not advertise TWT support (git-fixes). - iwlwifi: Fix -EIO error code that is never returned (git-fixes). - iwlwifi: fix use-after-free (git-fixes). - iwlwifi: iwl-dbg: Use del_timer_sync() before freeing (git-fixes). - iwlwifi: mvm: align locking in D3 test debugfs (git-fixes). - iwlwifi: mvm: check debugfs_dir ptr before use (git-fixes). - iwlwifi: mvm: Correctly set fragmented EBS (git-fixes). - iwlwifi: mvm: Do not call iwl_mvm_sta_from_mac80211() with NULL sta (git-fixes). - iwlwifi: mvm: do not crash on invalid rate w/o STA (git-fixes). - iwlwifi: mvm: do not iterate unadded vifs when handling FW SMPS req (git-fixes). - iwlwifi: mvm: do not send SAR GEO command for 3160 devices (git-fixes). - iwlwifi: mvm: Fix an error code in iwl_mvm_up() (git-fixes). - iwlwifi: mvm: fix assert 1F04 upon reconfig (git-fixes). - iwlwifi: mvm: move only to an enabled channel (git-fixes). - iwlwifi: pcie: fix locking when "HW not ready" (git-fixes). - iwlwifi: pcie: gen2: fix locking when "HW not ready" (git-fixes). - iwlwifi: yoyo: remove DBGI_SRAM address reset writing (git-fixes). - ixgbe: do not reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb (git-fixes). - ixgbe: ensure IPsec VF - PF compatibility (git-fixes). - ixgbe: respect metadata on XSK Rx to skb (git-fixes). - ixgbe: xsk: change !netif_carrier_ok() handling in ixgbe_xmit_zc() (git-fixes). - jbd2: Fake symbols defined under CONFIG_JBD2_DEBUG (bsc#1198971). - jfs: fix divide error in dbNextAG (bsc#1200828). - kABI: fix change of iscsi_host_remove() arguments (bsc#1198410). - kABI: Fix kABI after "x86/mm/cpa: Generalize __set_memory_enc_pgtable()" (jsc#SLE-19924). - kABI fix of sysctl_run_estimation (git-fixes). - kABI: fix removal of iscsi_destroy_conn (bsc#1198410). - kABI: fix rndis_parameters locking (git-fixes). - kABI: ivtv: restore caps member (git-fixes). - kabi/severities: add exception for bcache symboles - kabi/severities: allow dropping a few invalid exported symbols (bsc#1201218) - kabi/severities: Ignore arch/x86/kvm except for kvm_x86_ops Handle this like in previous SLE kernels. - kABI workaround for fxls8962af iio accel drivers (git-fixes). - kABI workaround for pci quirks (git-fixes). - kconfig: fix failing to generate auto.conf (git-fixes). - kconfig: let 'shell' return enough output for deep path names (git-fixes). - kernel/fork: Initialize mm's PASID (jsc#SLE-24350). - kernel/resource: Introduce request_mem_region_muxed() (git-fixes). - kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add] (git-fixes). - KEYS: asymmetric: enforce that sig algo matches key algo (git-fixes). - KEYS: asymmetric: properly validate hash_algo and encoding (git-fixes). - KEYS: fix length validation in keyctl_pkey_params_get_2() (git-fixes). - KEYS: trusted: Avoid calling null function trusted_key_exit (git-fixes). - KEYS: trusted: Fix trusted key backends when building as module (git-fixes). - KEYS: trusted: tpm2: Fix migratable logic (git-fixes). - kprobes: Add kretprobe_find_ret_addr() for searching return address (bsc#1193277). - kprobes: Enable stacktrace from pt_regs in kretprobe handler (bsc#1193277). - kprobes: treewide: Cleanup the error messages for kprobes (bsc#1193277). - kprobes: treewide: Make it harder to refer kretprobe_trampoline directly (bsc#1193277). - kprobes: treewide: Remove trampoline_address from kretprobe_trampoline_handler() (bsc#1193277). - kprobes: treewide: Replace arch_deref_entry_point() with dereference_symbol_descriptor() (bsc#1193277). - kprobes: treewide: Use 'kprobe_opcode_t *' for the code address in get_optimized_kprobe() (bsc#1193277). - kselftest/arm64: bti: force static linking (git-fixes). - kunit: tool: Import missing importlib.abc (git-fixes). - KVM: arm64: Avoid consuming a stale esr value when SError occur (git-fixes). - KVM: arm64: Drop unused workaround_flags vcpu field (git-fixes). - KVM: arm64: pkvm: Use the mm_ops indirection for cache maintenance (git-fixes). - KVM: arm64: Use shadow SPSR_EL1 when injecting exceptions on !VHE (git-fixes). - KVM: Clean up benign vcpu->cpu data races when kicking vCPUs (git-fixes). - KVM: Ensure local memslot copies operate on up-to-date arch-specific data (git-fixes). - KVM: fix wrong exception emulation in check_rdtsc (git-fixes). - KVM: LAPIC: Drop pending LAPIC timer injection when canceling the timer (git-fixes). - KVM: nVMX: Abide to KVM_REQ_TLB_FLUSH_GUEST request on nested vmentry/vmexit (git-fixes). - KVM: nVMX: Clear IDT vectoring on nested VM-Exit for double/triple fault (git-fixes). - KVM: nVMX: Do not clear CR3 load/store exiting bits if L1 wants 'em (git-fixes). - KVM: nVMX: Emulate guest TLB flush on nested VM-Enter with new vpid12 (git-fixes). - KVM: nVMX: Ensure vCPU honors event request if posting nested IRQ fails (git-fixes). - KVM: nVMX: Flush current VPID (L1 vs. L2) for KVM_REQ_TLB_FLUSH_GUEST (git-fixes). - KVM: nVMX: Leave most VM-Exit info fields unmodified on failed VM-Entry (git-fixes). - KVM: PPC: Fix TCE handling for VFIO (bsc#1061840 git-fixes). - KVM: s390: Ensure kvm_arch_no_poll() is read once when blocking vCPU (git-fixes). - KVM: s390: pv: add macros for UVC CC values (git-fixes). - KVM: s390: pv: avoid stalls when making pages secure (git-fixes). - KVM: s390: vsie/gmap: reduce gmap_rmap overhead (git-fixes). - KVM: selftests: Do not skip L2's VMCALL in SMM test for SVM guest (bsc#1194523). - KVM: selftests: Re-enable access_tracking_perf_test (bsc#1194526). - KVM: SEV: accept signals in sev_lock_two_vms (bsc#1194526). - KVM: SEV: do not take kvm->lock when destroying (bsc#1194526). - KVM: SEV: Fall back to vmalloc for SEV-ES scratch area if necessary (bsc#1194526). - KVM: SEV: Mark nested locking of kvm->lock (bsc#1194526). - KVM: SEV: Return appropriate error codes if SEV-ES scratch setup fails (bsc#1194526). - KVM: SVM: Allow AVIC support on system w/ physical APIC ID > 255 (bsc#1193823). - KVM: SVM: Do not terminate SEV-ES guests on GHCB validation failure (bsc#1194526). - KVM: SVM: drop unnecessary code in svm_hv_vmcb_dirty_nested_enlightenments() (git-fixes). - KVM: SVM: Emulate #INIT in response to triple fault shutdown (git-fixes). - KVM: SVM: Fix kvm_cache_regs.h inclusions for is_guest_mode() (git-fixes). - KVM: SVM: hyper-v: Enable Enlightened MSR-Bitmap support for real (git-fixes). - KVM: SVM: Never reject emulation due to SMAP errata for !SEV guests (git-fixes). - KVM: SVM: Use kzalloc for sev ioctl interfaces to prevent kernel data leak (git-fixes). - KVM: VMX: Do not unblock vCPU w/ Posted IRQ if IRQs are disabled in guest (git-fixes). - KVM: VMX: Fold ept_update_paging_mode_cr0() back into vmx_set_cr0() (git-fixes). - KVM: VMX: Invert handling of CR0.WP for EPT without unrestricted guest (git-fixes). - KVM: VMX: Read Posted Interrupt "control" exactly once per loop iteration (git-fixes). - KVM: VMX: Refresh list of user return MSRs after setting guest CPUID (git-fixes). - KVM: VMX: Remove defunct "nr_active_uret_msrs" field (git-fixes). - KVM: VMX: Set failure code in prepare_vmcs02() (git-fixes). - KVM: VMX: Skip pointless MSR bitmap update when setting EFER (git-fixes). - KVM: VMX: Wake vCPU when delivering posted IRQ even if vCPU == this vCPU (git-fixes). - KVM: x86: Assume a 64-bit hypercall for guests with protected state (git-fixes). - kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU (git-fixes). - KVM: x86: Do not force set BSP bit when local APIC is managed by userspace (git-fixes). - KVM: x86: Do not mark all registers as avail/dirty during RESET/INIT (git-fixes). - KVM: x86: do not print when fail to read/write pv eoi memory (git-fixes). - KVM: x86: Drop guest CPUID check for host initiated writes to MSR_IA32_PERF_CAPABILITIES (git-fixes). - KVM: x86: Drop WARNs that assert a triple fault never "escapes" from L2 (git-fixes). - KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor() (git-fixes). - KVM: X86: Ensure that dirty PDPTRs are loaded (git-fixes). - KVM: x86: Exit to userspace if emulation prepared a completion callback (git-fixes). - KVM: x86: Fix emulation in writing cr8 (git-fixes). - KVM: X86: Fix missed remote tlb flush in rmap_write_protect() (git-fixes). - KVM: x86: Fix uninitialized eoi_exit_bitmap usage in vcpu_load_eoi_exitmap() (git-fixes). - KVM: x86: Handle 32-bit wrap of EIP for EMULTYPE_SKIP with flat code seg (git-fixes). - KVM: x86: hyper-v: Fix the maximum number of sparse banks for XMM fast TLB flush hypercalls (git-fixes). - KVM: x86: Ignore sparse banks size for an "all CPUs", non-sparse IPI req (git-fixes). - KVM: x86: Mark all registers as avail/dirty at vCPU creation (git-fixes). - KVM: x86: Migrate the PIT only if vcpu0 is migrated, not any BSP (git-fixes). - KVM: x86/mmu: Check for present SPTE when clearing dirty bit in TDP MMU (git-fixes). - KVM: x86/mmu: Complete prefetch for trailing SPTEs for direct, legacy MMU (git-fixes). - KVM: x86/mmu: Fix TLB flush range when handling disconnected pt (git-fixes). - KVM: x86/mmu: Fix write-protection of PTs mapped by the TDP MMU (git-fixes). - KVM: x86/mmu: Passing up the error state of mmu_alloc_shadow_roots() (git-fixes). - KVM: x86/mmu: Pass parameter flush as false in kvm_tdp_mmu_zap_collapsible_sptes() (git-fixes). - KVM: x86/mmu: Remove spurious TLB flushes in TDP MMU zap collapsible path (git-fixes). - KVM: x86/mmu: Skip tlb flush if it has been done in zap_gfn_range() (git-fixes). - KVM: x86/mmu: Update number of zapped pages even if page list is stable (git-fixes). - KVM: x86/mmu: Use yield-safe TDP MMU root iter in MMU notifier unmapping (git-fixes). - KVM: x86: nSVM: restore the L1 host state prior to resuming nested guest on SMM exit (git-fixes). - KVM: x86: nSVM: skip eax alignment check for non-SVM instructions (git-fixes). - KVM: x86: nSVM: test eax for 4K alignment for GP errata workaround (git-fixes). - KVM: x86: Pend KVM_REQ_APICV_UPDATE during vCPU creation to fix a race (git-fixes). - KVM: x86/pmu: Fix reserved bits for AMD PerfEvtSeln register (git-fixes). - KVM: x86/pmu: Use AMD64_RAW_EVENT_MASK for PERF_TYPE_RAW (git-fixes). - KVM: x86: Register Processor Trace interrupt hook iff PT enabled in guest (git-fixes). - KVM: x86/svm: Clear reserved bits written to PerfEvtSeln MSRs (git-fixes). - KVM: x86: SVM: do not set VMLOAD/VMSAVE intercepts on vCPU reset (git-fixes). - KVM: x86: SVM: fix avic spec based definitions again (bsc#1193823 jsc#SLE-24549). - KVM: x86: SVM: move avic definitions from AMD's spec to svm.h (bsc#1193823 jsc#SLE-24549). - KVM: X86: Synchronize the shadow pagetable before link it (git-fixes). - KVM: x86: Update vCPU's runtime CPUID on write to MSR_IA32_XSS (git-fixes). - KVM: x86: Wait for IPIs to be delivered when handling Hyper-V TLB flush hypercall (git-fixes). - lib: bitmap: fix many kernel-doc warnings (git-fixes). - libbpf: Free up resources used by inner map definition (git-fixes). - lib/iov_iter: initialize "flags" in new pipe_buffer (git-fixes). - libsubcmd: Fix use-after-free for realloc(..., 0) (git-fixes). - linux/dim: Fix divide by 0 in RDMA DIM (git-fixes). - list: fix a data-race around ep->rdllist (git-fixes). - list: introduce list_is_head() helper and re-use it in list.h (git-fixes). - list: test: Add a test for list_is_head() (git-fixes). - livepatch: Do not block removal of patches that are safe to unload (bsc#1071995). - locking: Make owner_on_cpu() into linux/sched.h (bsc#1190137 bsc#1189998). - locking: Remove rt_rwlock_is_contended() (bsc#1190137 bsc#1189998). - locking/rtmutex: Add rt_mutex_lock_nest_lock() and rt_mutex_lock_killable() (bsc#1190137 bsc#1189998). - locking/rtmutex: Squash self-deadlock check for ww_rt_mutex (bsc#1190137 bsc#1189998). - locking/rwlocks: introduce write_lock_nested (bsc#1189998). - LSM: general protection fault in legacy_parse_param (git-fixes). - lz4: fix LZ4_decompress_safe_partial read out of bound (git-fixes). - mac80211: fix EAPoL rekey fail in 802.3 rx path (git-fixes). - mac80211: fix forwarded mesh frames AC and queue selection (git-fixes). - mac80211: fix potential double free on mesh join (git-fixes). - mac80211: fix rx reordering with non explicit / psmp ack policy (git-fixes). - mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (git-fixes). - mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work (git-fixes). - mac80211_hwsim: report NOACK frames in tx_status (git-fixes). - mac80211: minstrel_ht: fix where rate stats are stored (fixes debugfs output) (git-fixes). - mac80211: mlme: check for null after calling kmemdup (git-fixes). - mac80211: refuse aggregations sessions before authorized (git-fixes). - mac80211: Remove a couple of obsolete TODO (git-fixes). - mac80211: Reset MBSSID parameters upon connection (git-fixes). - mac80211: treat some SAE auth steps as final (git-fixes). - mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (git-fixes). - macvlan: Fix leaking skb in source mode with nodst option (git-fixes). - mailbox: change mailbox-mpfs compatible string (git-fixes). - mailbox: imx: fix crash in resume on i.mx8ulp (git-fixes). - mailbox: imx: fix wakeup failure from freeze mode (git-fixes). - mailbox: tegra-hsp: Flush whole channel (git-fixes). - maple: fix wrong return value of maple_bus_init() (git-fixes). - md: Do not set mddev private to NULL in raid0 pers->free (git-fixes). - md: fix an incorrect NULL check in does_sb_need_changing (git-fixes). - md: fix an incorrect NULL check in md_reload_sb (git-fixes). - md: fix double free of io_acct_set bioset (git-fixes). - md: fix update super 1.0 on rdev size change (git-fixes). - md: Move alloc/free acct bioset in to personality (git-fixes). - md/raid5: play nice with PREEMPT_RT (bsc#1189998). - media: aspeed: Correct value for h-total-pixels (git-fixes). - media: atmel: atmel-isc-base: report frame sizes as full supported range (git-fixes). - media: atmel: atmel-isc: Fix PM disable depth imbalance in atmel_isc_probe (git-fixes). - media: atmel: atmel-sama5d2-isc: fix wrong mask in YUYV format check (git-fixes). - media: atmel: atmel-sama7g5-isc: fix ispck leftover (git-fixes). - media: atomisp: fix bad usage at error handling logic (git-fixes). - media: atomisp: fix dummy_ptr check to avoid duplicate active_bo (git-fixes). - media: atomisp_gmin_platform: Add DMI quirk to not turn AXP ELDO2 regulator off on some boards (git-fixes). - media: bttv: fix WARNING regression on tunerless devices (git-fixes). - media: camss: csid-170: do not enable unused irqs (git-fixes). - media: camss: csid-170: fix non-10bit formats (git-fixes). - media: camss: csid-170: remove stray comment (git-fixes). - media: camss: csid-170: set the right HALT_CMD when disabled (git-fixes). - media: camss: vfe-170: fix "VFE halt timeout" error (git-fixes). - media: ccs-core.c: fix failure to call clk_disable_unprepare (git-fixes). - media: cec-adap.c: fix is_configuring state (git-fixes). - media: cedrus: h264: Fix neighbour info buffer size (git-fixes). - media: cedrus: H265: Fix neighbour info buffer size (git-fixes). - media: coda: Fix missing put_device() call in coda_get_vdoa_data (git-fixes). - media: cx25821: Fix the warning when removing the module (git-fixes). - media: cx88-mpeg: clear interrupt status register before streaming video (git-fixes). - media: davinci: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - media: davinci: vpif: fix unbalanced runtime PM enable (git-fixes). - media: davinci: vpif: fix unbalanced runtime PM get (git-fixes). - media: davinci: vpif: fix use-after-free on driver unbind (git-fixes). - media: doc: pixfmt-rgb: Fix V4L2_PIX_FMT_BGR24 format description (git-fixes). - media: doc: pixfmt-yuv: Fix V4L2-PIX-FMT-Y10P format (git-fixes). - media: em28xx: initialize refcount before kref_get (git-fixes). - media: gpio-ir-tx: fix transmit with long spaces on Orange Pi PC (git-fixes). - media: hantro: Empty encoder capture buffers by default (git-fixes). - media: hantro: Fix overfill bottom register field name (git-fixes). - media: hantro: HEVC: Fix tile info buffer value computation (git-fixes). - media: hantro: HEVC: unconditionnaly set pps_{cb/cr}_qp_offset values (git-fixes). - media: hdpvr: initialize dev->worker at hdpvr_register_videodev (git-fixes). - media: i2c: max9286: fix kernel oops when removing module (git-fixes). - media: i2c: max9286: Use dev_err_probe() helper (git-fixes). - media: i2c: max9286: Use "maxim,gpio-poc" property (git-fixes). - media: i2c: ov5648: Fix lockdep error (git-fixes). - media: i2c: ov5648: fix wrong pointer passed to IS_ERR() and PTR_ERR() (git-fixes). - media: i2c: rdacm2x: properly set subdev entity function (git-fixes). - media: imon: reorganize serialization (git-fixes). - media: imx-jpeg: fix a bug of accessing array out of bounds (git-fixes). - media: imx-jpeg: Prevent decoding NV12M jpegs into single-planar buffers (git-fixes). - media: iommu/mediatek: Add device_link between the consumer and the larb devices (git-fixes). - media: iommu/mediatek: Return ENODEV if the device is NULL (git-fixes). - media: iommu/mediatek-v1: Free the existed fwspec if the master dev already has (git-fixes). - media: ir_toy: free before error exiting (git-fixes). - media: media-entity.h: Fix documentation for media_create_intf_link (git-fixes). - media: mexon-ge2d: fixup frames size in registers (git-fixes). - media: mtk-vcodec: potential dereference of null pointer (git-fixes). - media: omap3isp: Use struct_group() for memcpy() region (git-fixes). - media: ov5640: Fix set format, v4l2_mbus_pixelcode not updated (git-fixes). - media: ov5648: Do not pack controls struct (git-fixes). - media: ov6650: Add try support to selection API operations (git-fixes). - media: ov6650: Fix crop rectangle affected by set format (git-fixes). - media: ov6650: Fix set format try processing path (git-fixes). - media: ov7670: remove ov7670_power_off from ov7670_remove (git-fixes). - media: pci: cx23885: Fix the error handling in cx23885_initdev() (git-fixes). - media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init (git-fixes). - media: Revert "media: em28xx: add missing em28xx_close_extension" (git-fixes). - media: rga: fix possible memory leak in rga_probe (git-fixes). - media: rkvdec: h264: Fix bit depth wrap in pps packet (git-fixes). - media: rkvdec: h264: Fix dpb_valid implementation (git-fixes). - media: rkvdec: Stop overclocking the decoder (git-fixes). - media: rockchip/rga: do proper error checking in probe (git-fixes). - media: saa7134: fix incorrect use to determine if list is empty (git-fixes). - media: staging: media: imx: imx7-mipi-csis: Make subdev name unique (git-fixes). - media: staging: media: rkvdec: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - media: staging: media: zoran: calculate the right buffer number for zoran_reap_stat_com (git-fixes). - media: staging: media: zoran: fix usage of vb2_dma_contig_set_max_seg_size (git-fixes). - media: staging: media: zoran: fix various V4L2 compliance errors (git-fixes). - media: staging: media: zoran: move videodev alloc (git-fixes). - media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED (git-fixes). - media: ti-vpe: cal: Fix a NULL pointer dereference in cal_ctx_v4l2_init_formats() (git-fixes). - media: usb: go7007: s2250-board: fix leak in probe() (git-fixes). - media: uvcvideo: Fix missing check to determine if element is found in list (git-fixes). - media: v4l2-core: Initialize h264 scaling matrix (git-fixes). - media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls (git-fixes). - media: v4l: Avoid unaligned access warnings when printing 4cc modifiers (git-fixes). - media: venus: hfi: avoid null dereference in deinit (git-fixes). - media: venus: hfi_cmds: List HDR10 property as unsupported for v1 and v3 (git-fixes). - media: videobuf2: Fix the size printk format (git-fixes). - media: video/hdmi: handle short reads of hdmi info frame (git-fixes). - media: vidtv: Check for null return of vzalloc (git-fixes). - mei: avoid iterator usage outside of list_for_each_entry (git-fixes). - mei: hbm: drop capability response on early shutdown (git-fixes). - mei: me: add Alder Lake N device id (git-fixes). - mei: me: add raptor lake point S DID (git-fixes). - mei: me: disable driver on the ign firmware (git-fixes). - memblock: fix memblock_phys_alloc() section mismatch error (git-fixes). - memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe (git-fixes). - memory: emif: Add check for setup_interrupts (git-fixes). - memory: emif: check the pointer temp in get_device_details() (git-fixes). - memory: fsl_ifc: populate child nodes of buses and mfd devices (git-fixes). - memory: mtk-smi: Add error handle for smi_probe (git-fixes). - memory: renesas-rpc-if: Fix HF/OSPI data transfer in Manual Mode (git-fixes). - memory: renesas-rpc-if: fix platform-device leak in error path (git-fixes). - memory: samsung: exynos5422-dmc: Avoid some over memory allocation (git-fixes). - memory: samsung: exynos5422-dmc: Fix refcount leak in of_get_dram_timings (git-fixes). - mfd: asic3: Add missing iounmap() on error asic3_mfd_probe (git-fixes). - mfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe() (git-fixes). - mfd: exynos-lpass: Drop unneeded syscon.h include (git-fixes). - mfd: ipaq-micro: Fix error check return value of platform_get_irq() (git-fixes). - mfd: mc13xxx: Add check for mc13xxx_irq_request (git-fixes). - mgag200 fix memmapsl configuration in GCTL6 register (git-fixes). - misc: alcor_pci: Fix an error handling path (git-fixes). - misc: atmel-ssc: Fix IRQ check in ssc_probe (git-fixes). - misc: fastrpc: avoid double fput() on failed usercopy (git-fixes). - misc: fastrpc: fix an incorrect NULL check on list iterator (git-fixes). - misc: ocxl: fix possible double free in ocxl_file_register_afu (git-fixes). - misc: rtsx: set NULL intfdata when probe fails (git-fixes). - misc: sgi-gru: Do not cast parameter in bit operations (git-fixes). - mISDN: Fix memory leak in dsp_pipeline_build() (git-fixes). - mlx5: kabi protect lag_mp (git-fixes). - mlxsw: spectrum: Protect driver from buggy firmware (git-fixes). - mm: Add fault_in_subpage_writeable() to probe at sub-page granularity (git-fixes) - mmc: block: Check for errors after write on SPI (git-fixes). - mmc: block: Fix CQE recovery reset success (git-fixes). - mmc: block: fix read single on recovery logic (git-fixes). - mmc: core: Allows to override the timeout value for ioctl() path (git-fixes). - mmc: core: Fixup support for writeback-cache for eMMC and SD (git-fixes). - mmc: core: Set HS clock speed before sending HS CMD13 (git-fixes). - mmc: core: Wait for command setting 'Power Off Notification' bit to complete (git-fixes). - mmc: davinci_mmc: Handle error for clk_enable (git-fixes). - mm: Change CONFIG option for mm->pasid field (jsc#SLE-24350). - mmc: host: Return an error when ->enable_sdio_irq() ops is missing (git-fixes). - mmc: jz4740: Apply DMA engine limits to maximum segment size (git-fixes). - mm/cma: provide option to opt out from exposing pages on activation failure (bsc#1195099 ltc#196102). - mmc: mediatek: wait dma stop bit reset to 0 (git-fixes). - mmc: meson: Fix usage of meson_mmc_post_req() (git-fixes). - mmc: mmci: stm32: correctly check all elements of sg list (git-fixes). - mmc: renesas_sdhi: do not overwrite TAP settings when HS400 tuning is complete (git-fixes). - mmc: rtsx: add 74 Clocks in power on flow (git-fixes). - mmc: rtsx: Fix build errors/warnings for unused variable (git-fixes). - mmc: rtsx: Let MMC core handle runtime PM (git-fixes). - mmc: rtsx: Use pm_runtime_{get,put}() to handle runtime PM (git-fixes). - mmc: sdhci_am654: Fix the driver data of AM64 SoC (git-fixes). - mmc: sdhci-msm: Reset GCC_SDCC_BCR register for SDHC (git-fixes). - mmc: sdhci-of-esdhc: Check for error num after setting mask (git-fixes). - mmc: sdhci-pci-o2micro: Fix card detect by dealing with debouncing (git-fixes). - mmc: sunxi-mmc: Fix DMA descriptors allocated above 32 bits (git-fixes). - mm: fs: fix lru_cache_disabled race in bh_lru (bsc#1197761). - mm: Fully initialize invalidate_lock, amend lock class later (bsc#1197921). - mm: memcg: synchronize objcg lists with a dedicated spinlock (bsc#1198402). - mm/page_alloc: always attempt to allocate at least one page during bulk allocation (git fixes (mm/pgalloc)). - mm/page_alloc.c: do not warn allocation failure on zone DMA if no managed pages (bsc#1197501). - mm, page_alloc: fix build_zonerefs_node() (git-fixes). - mm/scatterlist: replace the !preemptible warning in sg_miter_stop() (bsc#1189998). - mm/slub: add missing TID updates on slab deactivation (git-fixes). - mm, thp: fix incorrect unmap behavior for private pages (bsc#1198024). - mm, thp: lock filemap when truncating page cache (bsc#1198023). - mm/vmalloc: fix comments about vmap_area struct (git-fixes). - mm_zone: add function to check if managed dma zone exists (bsc#1197501). - modpost: fix removing numeric suffixes (git-fixes). - modpost: fix section mismatch check for exported init/exit sections (git-fixes). - modpost: fix undefined behavior of is_arm_mapping_symbol() (git-fixes). - modpost: restore the warning message for missing symbol versions (git-fixes). - mptcp: add missing documented NL params (git-fixes). - mt76: connac: fix sta_rec_wtbl tag len (git-fixes). - mt76: dma: initialize skip_unmap in mt76_dma_rx_fill (git-fixes). - mt76: do not attempt to reorder received 802.3 packets without agg session (git-fixes). - mt76: fix encap offload ethernet type check (git-fixes). - mt76: fix monitor mode crash with sdio driver (git-fixes). - mt76: Fix undefined behavior due to shift overflowing the constant (git-fixes). - mt76: mt7603: check sta_rates pointer in mt7603_sta_rate_tbl_update (git-fixes). - mt76: mt7615: check sta_rates pointer in mt7615_sta_rate_tbl_update (git-fixes). - mt76: mt7615: fix a leftover race in runtime-pm (git-fixes). - mt76: mt7615: Fix assigning negative values to unsigned variable (git-fixes). - mt76: mt7915: fix injected MPDU transmission to not use HW A-MSDU (git-fixes). - mt76: mt7915: use proper aid value in mt7915_mcu_sta_basic_tlv (git-fixes). - mt76: mt7915: use proper aid value in mt7915_mcu_wtbl_generic_tlv in sta mode (git-fixes). - mt76: mt7921: accept rx frames with non-standard VHT MCS10-11 (git-fixes). - mt76: mt7921e: fix possible probe failure after reboot (bsc#1198835). - mt76: mt7921: fix a leftover race in runtime-pm (git-fixes). - mt76: mt7921: fix crash when startup fails (git-fixes). - mt76: mt7921: fix mt7921_queues_acq implementation (git-fixes). - mt76: mt7921: Fix the error handling path of mt7921_pci_probe() (git-fixes). - mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write (git-fixes). - mtd: mchp23k256: Add SPI ID table (git-fixes). - mtd: mchp48l640: Add SPI ID table (git-fixes). - mtd: onenand: Check for error irq (git-fixes). - mtd: parsers: qcom: Fix kernel panic on skipped partition (git-fixes). - mtd: parsers: qcom: Fix missing free for pparts in cleanup (git-fixes). - mtd: phram: Prevent divide by zero bug in phram_setup() (git-fixes). - mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init (git-fixes). - mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status (git-fixes). - mtd: rawnand: cadence: fix possible null-ptr-deref in cadence_nand_dt_probe() (git-fixes). - mtd: rawnand: denali: Use managed device resources (git-fixes). - mtd: rawnand: fix ecc parameters for mt7622 (git-fixes). - mtd: rawnand: Fix return value check of wait_for_completion_timeout (git-fixes). - mtd: rawnand: gpmi: do not leak PM reference in error path (git-fixes). - mtd: rawnand: gpmi: fix controller timings setting (git-fixes). - mtd: rawnand: gpmi: Fix setting busy timeout setting (git-fixes). - mtd: rawnand: ingenic: Fix missing put_device in ingenic_ecc_get (git-fixes). - mtd: rawnand: intel: fix possible null-ptr-deref in ebu_nand_probe() (git-fixes). - mtd: rawnand: pl353: Set the nand chip node as the flash node (git-fixes). - mtd: rawnand: qcom: Fix clock sequencing in qcom_nandc_probe() (git-fixes). - mtd: rawnand: qcom: fix memory corruption that causes panic (git-fixes). - mtd: spinand: gigadevice: fix Quad IO for GD5F1GQ5UExxG (git-fixes). - mtd: spi-nor: core: Check written SR value in spi_nor_write_16bit_sr_and_check() (git-fixes). - mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue (git-fixes). - n64cart: convert bi_disk to bi_bdev->bd_disk fix build (git-fixes). - natsemi: sonic: stop calling netdev_boot_setup_check (git-fixes). - net: asix: add proper error handling of usb read errors (git-fixes). - net: atlantic: Avoid out-of-bounds indexing (git-fixes). - net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg (git-fixes). - net: axienet: setup mdio unconditionally (git-fixes). - net: bnxt_ptp: fix compilation error (bsc#1199736). - net: dev: Always serialize on Qdisc::busylock in __dev_xmit_skb() on PREEMPT_RT (bsc#1189998). - net: dev: Change the order of the arguments for the contended condition (bsc#1189998). - net: dpaa2-eth: fix use-after-free in dpaa2_eth_remove (git-fixes). - net: dpaa_eth: remove dead select in menuconfig FSL_DPAA_ETH (git-fixes). - net: dsa: be compatible with masters which unregister on shutdown (git-fixes). - net: dsa: hellcreek: be compatible with masters which unregister on shutdown (git-fixes). - net: dsa: microchip: ksz8863: be compatible with masters which unregister on shutdown (git-fixes). - net: dsa: xrs700x: be compatible with masters which unregister on shutdown (git-fixes). - net: ethernet: lantiq_etop: fix build errors/warnings (git-fixes). - net: ethernet: mediatek: add missing of_node_put() in mtk_sgmii_init() (git-fixes). - net: ethernet: mtk_eth_soc: fix misuse of mem alloc interface netdev[napi]_alloc_frag (git-fixes). - net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry() (git-fixes). - net: ethernet: ti: am65-cpsw-nuss: Fix some refcount leaks (git-fixes). - netfilter: conntrack: move synack init code to helper (bsc#1199035). - netfilter: conntrack: re-init state for retransmitted syn-ack (bsc#1199035). - netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options (bsc#1199035). - netfilter: nf_conntrack_tcp: re-init for syn packets only (bsc#1199035). - net: handle ARPHRD_PIMREG in dev_is_mac_header_xmit() (git-fixes). - net: hns3: add NULL pointer check for hns3_set/get_ringparam() (git-fixes). - net: hns3: add return value for mailbox handling in PF (bsc#1190336). - net: hns3: add validity check for message data length (git-fixes). - net: hns3: add vlan list lock to protect vlan list (git-fixes). - net: hns3: align the debugfs output to the left (git-fixes). - net: hns3: clear inited state and stop client after failed to register netdev (git-fixes). - net: hns3: fix bug when PF set the duplicate MAC address for VFs (git-fixes). - net: hns3: fix phy can not link up when autoneg off and reset (git-fixes). - net: hns3: fix port base vlan add fail when concurrent with reset (git-fixes). - net: hns3: fix software vlan talbe of vlan 0 inconsistent with hardware (git-fixes). - net: hns3: handle empty unknown interrupt for VF (git-fixes). - net: hns3: modify the return code of hclge_get_ring_chain_from_mbx (git-fixes). - net: hns3: refine the process when PF set VF VLAN (git-fixes). - net/ibmvnic: Cleanup workaround doing an EOI after partition migration (bsc#1089644 ltc#166495 ltc#165544 git-fixes). - net/ice: Add support for enable_iwarp and enable_roce devlink param (bsc#1200502). - net/ice: Fix boolean assignment (bsc#1200502). - net/ice: Remove unused enum (bsc#1200502). - net: ipa: disable HOLB drop when updating timer (git-fixes). - net: ipa: HOLB register sometimes must be written twice (git-fixes). - net/ipa: ipa_resource: Fix wrong for loop range (git-fixes). - net: ipv6: unexport __init-annotated seg6_hmac_init() (bsc#1201218). - net: ipv6: unexport __init-annotated seg6_hmac_net_init() (bsc#1201218). - net: macb: Align the dma and coherent dma masks (git-fixes). - net: mana: Add counter for packet dropped by XDP (bsc#1195651). - net: mana: Add counter for XDP_TX (bsc#1195651). - net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651). - net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651). - net: mana: Reuse XDP dropped page (bsc#1195651). - net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651). - net: marvell: mvpp2: increase MTU limit when XDP enabled (git-fixes). - net: marvell: prestera: fix double free issue on err path (git-fixes). - net: mdio: do not defer probe forever if PHY IRQ provider is missing (git-fixes). - net: mdio: unexport __init-annotated mdio_bus_init() (bsc#1201218). - net/mlx5: Avoid double clear or set of sync reset requested (git-fixes). - net/mlx5: Bridge, ensure dev_name is null-terminated (git-fixes). - net/mlx5: Bridge, Fix devlink deadlock on net namespace deletion (git-fixes). - net/mlx5: Bridge, take rtnl lock in init error handler (git-fixes). - net/mlx5: DR, Cache STE shadow memory (git-fixes). - net/mlx5: DR, Do not allow match on IP w/o matching on full ethertype/ip_version (git-fixes). - net/mlx5: DR, Fix slab-out-of-bounds in mlx5_cmd_dr_create_fte (jsc#SLE-19253). - net/mlx5: DR, Fix the threshold that defines when pool sync is initiated (git-fixes). - net/mlx5e: Add missing increment of count (jsc#SLE-19253). - net/mlx5e: Avoid field-overflowing memcpy() (git-fixes). - net/mlx5e: Avoid implicit modify hdr for decap drop rule (jsc#SLE-19253). - net/mlx5e: CT: Fix queued up restore put() executing after relevant ft release (git-fixes). - net/mlx5e: Do not treat small ceil values as unlimited in HTB offload (git-fixes). - net/mlx5e: Fix broken SKB allocation in HW-GRO (jsc#SLE-19253). - net/mlx5e: Fix handling of wrong devices during bond netevent (git-fixes). - net/mlx5e: Fix module EEPROM query (git-fixes). - net/mlx5e: Fix the calling of update_buffer_lossy() API (git-fixes). - net/mlx5e: Fix trust state reset in reload (git-fixes). - net/mlx5e: Fix wrong calculation of header index in HW_GRO (jsc#SLE-19253). - net/mlx5e: Fix wrong return value on ioctl EEPROM query failure (git-fixes). - net/mlx5e: Fix wrong source vport matching on tunnel rule (jsc#SLE-19253). - net/mlx5e: IPsec: Fix crypto offload for non TCP/UDP encapsulated traffic (git-fixes). - net/mlx5e: IPsec: Fix tunnel mode crypto offload for non TCP/UDP traffic (git-fixes). - net/mlx5e: kTLS, Use CHECKSUM_UNNECESSARY for device-offloaded packets (git-fixes). - net/mlx5e: Lag, Do not skip fib events on current dst (git-fixes). - net/mlx5e: Lag, Fix fib_info pointer assignment (git-fixes). - net/mlx5e: Lag, Fix use-after-free in fib event handler (git-fixes). - net/mlx5e: Lag, Only handle events from highest priority multipath entry (git-fixes). - net/mlx5e: MPLSoUDP decap, fix check for unsupported matches (git-fixes). - net/mlx5e: SHAMPO, reduce TIR indication (jsc#SLE-19253). - net/mlx5: E-Switch, Fix uninitialized variable modact (git-fixes). - net/mlx5e: TC, Reject rules with drop and modify hdr action (git-fixes). - net/mlx5e: TC, Reject rules with forward and drop actions (git-fixes). - net/mlx5e: Use struct_group() for memcpy() region (git-fixes). - net/mlx5: Fix a race on command flush flow (git-fixes). - net/mlx5: Fix deadlock in sync reset flow (git-fixes). - net/mlx5: Fix matching on inner TTC (jsc#SLE-19253). - net/mlx5: Fix offloading with ESWITCH_IPV4_TTL_MODIFY_ENABLE (jsc#SLE-19253). - net/mlx5: Fix possible deadlock on rule deletion (git-fixes). - net/mlx5: Fix size field in bufferx_reg struct (git-fixes). - net/mlx5: Fix slab-out-of-bounds while reading resource dump menu (git-fixes). - net/mlx5: Fix tc max supported prio for nic mode (git-fixes). - net/mlx5: Fix wrong limitation of metadata match on ecpf (git-fixes). - net/mlx5: Update the list of the PCI supported devices (git-fixes). - net/mlx5: Use del_timer_sync in fw reset flow of halting poll (git-fixes). - net: mvmdio: fix compilation warning (git-fixes). - net: netvsc: remove break after return (git-fixes). - net: phy: ax88772a: fix lost pause advertisement configuration (git-fixes). - net: phy: broadcom: Fix brcm_fet_config_init() (git-fixes). - net: phy: correct spelling error of media in documentation (git-fixes). - net: phy: DP83822: clear MISR2 register to disable interrupts (git-fixes). - net: phy: dp83867: retrigger SGMII AN when link change (git-fixes). - net: phy: Fix race condition on link status change (git-fixes). - net: phy: marvell10g: fix return value on error (git-fixes). - net: phy: marvell: Fix invalid comparison in the resume and suspend functions (git-fixes). - net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs (git-fixes). - net: phy: marvell: Fix RGMII Tx/Rx delays setting in 88e1121-compatible PHYs (git-fixes). - net: phy: mediatek: remove PHY mode check on MT7531 (git-fixes). - net: phy: meson-gxl: fix interrupt handling in forced mode (git-fixes). - net: phy: meson-gxl: improve link-up behavior (git-fixes). - net: phy: micrel: Allow probing without .driver_data (git-fixes). - net: phy: micrel: Do not use kszphy_suspend/resume for KSZ8061 (git-fixes). - net: phy: micrel: Pass .probe for KS8737 (git-fixes). - net: phy: mscc: Add MODULE_FIRMWARE macros (git-fixes). - net: phy: mscc-miim: reject clause 45 register accesses (git-fixes). - net: qlogic: check the return value of dma_alloc_coherent() in qed_vf_hw_prepare() (git-fixes). - net: rose: fix UAF bugs caused by timer handler (git-fixes). - net: sfc: add missing xdp queue reinitialization (git-fixes). - net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe() (git-fixes). - net: sfc: fix memory leak due to ptp channel (git-fixes). - net: sfc: fix using uninitialized xdp tx_queue (git-fixes). - net/smc: Avoid warning of possible recursive locking (git-fixes). - net/smc: fix connection leak (git-fixes). - net/smc: fixes for converting from "struct smc_cdc_tx_pend **" to "struct smc_wr_tx_pend_priv *" (git-fixes). - net/smc: Fix NULL pointer dereference in smc_pnet_find_ib() (git-fixes). - net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error cause by server (git-fixes). - net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error generated by client (git-fixes). - net/smc: non blocking recvmsg() return -EAGAIN when no data and signal_pending (git-fixes). - net/smc: postpone sk_refcnt increment in connect() (git-fixes). - net/smc: remove redundant re-assignment of pointer link (git-fixes). - net/smc: Remove unused function declaration (git-fixes). - net/smc: Reset conn->lgr when link group registration fails (git-fixes). - net/smc: set ini->smcrv2.ib_dev_v2 to NULL if SMC-Rv2 is unavailable (git-fixes). - net/smc: sync err code when tcp connection was refused (git-fixes). - net/smc: Transfer remaining wait queue entries during fallback (git-fixes). - net/smc: Transitional solution for clcsock race issue (git-fixes). - net/smc: Use a mutex for locking "struct smc_pnettable" (git-fixes). - net/smc: use memcpy instead of snprintf to avoid out of bounds read (git-fixes). - net: stmmac: fix gcc-10 -Wrestrict warning (git-fixes). - net: stmmac: Fix signed/unsigned wreckage (git-fixes). - net: stmmac: socfpga: add runtime suspend/resume callback for stratix10 platform (git-fixes). - net: usb: aqc111: Fix out-of-bounds accesses in RX fixup (git-fixes). - net: usb: asix: do not force pause frames support (git-fixes). - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (git-fixes). - net: usb: ax88179_178a: Fix packet receiving (git-fixes). - net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990 (git-fixes). - net: usb: qmi_wwan: Add support for Dell DW5829e (git-fixes). - Netvsc: Call hv_unmap_memory() in the netvsc_device_remove() (bsc#1183682). - net/x25: Fix null-ptr-deref caused by x25_disconnect (git-fixes). - net: xfrm: unexport __init-annotated xfrm4_protocol_init() (bsc#1201218). - nfc: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx (git-fixes). - nfc: nci: add flush_workqueue to prevent uaf (git-fixes). - nfc: nci: fix sleep in atomic context bugs caused by nci_skb_alloc (git-fixes). - nfc: netlink: fix sleep in atomic bug when firmware download timeout (git-fixes). - nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (git-fixes). - nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred (git-fixes). - nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs (git-fixes). - nfc: NULL out the dev->rfkill to prevent UAF (git-fixes). - NFC: nxp-nci: Do not issue a zero length i2c_master_read() (git-fixes). - nfc: pn533: Fix buggy cleanup order (git-fixes). - nfc: port100: fix use-after-free in port100_send_complete (git-fixes). - nfc: st21nfca: fix incorrect sizing calculations in EVT_TRANSACTION (git-fixes). - nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION (git-fixes). - nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling (git-fixes). - nfp: checking parameter process for rx-usecs/tx-usecs is invalid (git-fixes). - nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac() (git-fixes). - nfp: flower: fix ida_idx not being released (git-fixes). - NFS: Avoid duplicate uncached readdir calls on eof (git-fixes). - NFSD: allow delegation state ids to be revoked and then freed (bsc#1192483). - NFSD: allow lock state ids to be revoked and then freed (bsc#1192483). - NFSD: allow open state ids to be revoked and then freed (bsc#1192483). - nfsd: destroy percpu stats counters after reply cache shutdown (git-fixes). - NFSD: do not admin-revoke NSv4.0 state ids (bsc#1192483). - NFSD: Fix a write performance regression (bsc#1197016). - NFSD: fix crash on COPY_NOTIFY with special stateid (git-fixes). - NFSD: Fix nsfd startup race (again) (git-fixes). - nfsd: Fix null-ptr-deref in nfsd_fill_super() (git-fixes). - NFSD: Fix READDIR buffer overflow (git-fixes). - NFSD: Fix the behavior of READ near OFFSET_MAX (bsc#1195957). - NFSD: Fix verifier returned in stable WRITEs (git-fixes). - NFSD: Fix zero-length NFSv3 WRITEs (git-fixes). - NFSD: more robust allocation failure handling in nfsd_file_cache_init (git-fixes). - NFSD: nfsd4_setclientid_confirm mistakenly expires confirmed client (git-fixes). - NFS: Do not loop forever in nfs_do_recoalesce() (git-fixes). - NFS: Do not overfill uncached readdir pages (git-fixes). - NFS: Do not report EINTR/ERESTARTSYS as mapping errors (git-fixes). - NFS: Do not report ENOSPC write errors twice (git-fixes). - NFS: Do not report errors from nfs_pageio_complete() more than once (git-fixes). - NFS: Do not report flush errors in nfs_write_end() (git-fixes). - NFS: Do not report writeback errors in nfs_getattr() (git-fixes). - NFS: Do not skip directory entries when doing uncached readdir (git-fixes). - NFS: do not store 'struct cred *' in struct nfs_access_entry (git-fixes). - NFSD: prepare for supporting admin-revocation of state (bsc#1192483). - NFSD: Replace use of rwsem with errseq_t (bsc#1196960). - NFS: Ensure the server had an up to date ctime before hardlinking (git-fixes). - NFS: Ensure the server had an up to date ctime before renaming (git-fixes). - NFS: fix broken handling of the softreval mount option (git-fixes). - NFS: Fix initialisation of nfs_client cl_flags field (git-fixes). - NFS: fsync() should report filesystem errors over EINTR/ERESTARTSYS (git-fixes). - NFS: Further fixes to the writeback error handling (git-fixes). - NFS: limit use of ACCESS cache for negative responses (bsc#1196570). - NFS: Memory allocation failures are not server fatal errors (git-fixes). - NFS: NFSv2/v3 clients should never be setting NFS_CAP_XATTR (git-fixes). - NFS: pass cred explicitly for access tests (git-fixes). - NFS: Remove an incorrect revalidation in nfs4_update_changeattr_locked() (git-fixes). - NFS: Return valid errors from nfs2/3_decode_dirent() (git-fixes). - NFS: Use of mapping_set_error() results in spurious errors (git-fixes). - NFSv4.1: do not retry BIND_CONN_TO_SESSION on session error (git-fixes). - NFSv4.1 mark qualified async operations as MOVEABLE tasks (git-fixes). - NFSv42: Do not fail clone() unless the OP_CLONE operation failed (git-fixes). - NFSv42: Fix pagecache invalidation after COPY/CLONE (git-fixes). - NFSv4: Do not invalidate inode attributes on delegation return (git-fixes). - NFSv4: Fix another issue with a list iterator pointing to the head (git-fixes). - NFSv4: fix open failure with O_ACCMODE flag (git-fixes). - NFSv4: nfs_atomic_open() can race when looking up a non-regular file (git-fixes). - NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout (git-fixes). - nl80211: correctly check NL80211_ATTR_REG_ALPHA2 size (git-fixes). - nl80211: fix locking in nl80211_set_tx_bitrate_mask() (git-fixes). - nl80211: Handle nla_memdup failures in handle_nan_filter (git-fixes). - nl80211: show SSID for P2P_GO interfaces (git-fixes). - nl80211: Update bss channel on channel switch for P2P_CLIENT (git-fixes). - nl80211: validate S1G channel width (git-fixes). - ntb_hw_switchtec: Fix bug with more than 32 partitions (git-fixes). - ntb_hw_switchtec: Fix pff ioread to read into mmio_part_cfg_all (git-fixes). - ntb: intel: fix port config status offset for SPR (git-fixes). - n_tty: wake up poll(POLLRDNORM) on receiving data (git-fixes). - nvme: add verbose error logging (bsc#1200567). Update config files. - nvme: also mark passthrough-only namespaces ready in nvme_update_ns_info (git-fixes). - nvme: do not return an error from nvme_configure_metadata (git-fixes). - nvme: expose cntrltype and dctype through sysfs (jsc#SLE-23643). - nvme: fix a possible use-after-free in controller reset during load (git-fixes). - nvme-multipath: use vmalloc for ANA log buffer (bsc#1193787). - nvme: send uevent on connection up (jsc#SLE-23643). - objtool: Add frame-pointer-specific function ignore (bsc#1193277). - objtool: Fix code relocs vs weak symbols (git-fixes). - objtool: Fix type of reloc::addend (git-fixes). - objtool: Ignore unwind hints for ignored functions (bsc#1193277). - ocfs2: fix crash when initialize filecheck kobj fails (bsc#1197920). - octeontx2-af: Add a 'rvu_free_bitmap()' function (gix-fixes). - octeontx2-af: Fix some memory leaks in the error handling path of 'cgx_lmac_init()' (git-fixes). - of: base: Fix phandle argument length mismatch error message (git-fixes). - of: base: Improve argument length mismatch error (git-fixes). - of/fdt: Do not worry about non-memory region overlap for no-map (git-fixes). - of: overlay: do not break notify on NOTIFY_{OK|STOP} (git-fixes). - of: Support more than one crash kernel regions for kexec -s (git-fixes). - of: unittest: 64 bit dma address test requires arch support (git-fixes). - of: unittest: fix warning on PowerPC frame size warning (git-fixes). - of: unittest: update text of expected warnings (git-fixes). - pahole 1.22 required for full BTF features. also recommend pahole for kernel-source to make the kernel buildable with standard config - PCI: aardvark: Add support for DEVCAP2, DEVCTL2, LNKCAP2 and LNKCTL2 registers on emulated bridge (git-fixes). - PCI: aardvark: Add support for ERR interrupt on emulated bridge (git-fixes). - PCI: aardvark: Add support for masking MSI interrupts (git-fixes). - PCI: aardvark: Add support for PME interrupts (git-fixes). - PCI: aardvark: Assert PERST# when unbinding driver (git-fixes). - PCI: aardvark: Clear all MSIs at setup (git-fixes). - PCI: aardvark: Comment actions in driver remove method (git-fixes). - PCI: aardvark: Disable bus mastering when unbinding driver (git-fixes). - PCI: aardvark: Disable common PHY when unbinding driver (git-fixes). - PCI: aardvark: Disable link training when unbinding driver (git-fixes). - PCI: aardvark: Do not mask irq when mapping (git-fixes). - PCI: aardvark: Drop __maybe_unused from advk_pcie_disable_phy() (git-fixes). - PCI: aardvark: Enable MSI-X support (git-fixes). - PCI: aardvark: Fix memory leak in driver unbind (git-fixes). - PCI: aardvark: Fix reading MSI interrupt number (git-fixes). - PCI: aardvark: Fix reading PCI_EXP_RTSTA_PME bit on emulated bridge (git-fixes). - PCI: aardvark: Fix setting MSI address (git-fixes). - PCI: aardvark: Fix support for MSI interrupts (git-fixes). - PCI: aardvark: Fix support for PME requester on emulated bridge (git-fixes). - PCI: aardvark: Make msi_domain_info structure a static driver structure (git-fixes). - PCI: aardvark: Make MSI irq_chip structures static driver structures (git-fixes). - PCI: aardvark: Mask all interrupts when unbinding driver (git-fixes). - PCI: aardvark: Optimize writing PCI_EXP_RTCTL_PMEIE and PCI_EXP_RTSTA_PME on emulated bridge (git-fixes). - PCI: aardvark: Refactor unmasking summary MSI interrupt (git-fixes). - PCI: aardvark: Remove irq_mask_ack() callback for INTx interrupts (git-fixes). - PCI: aardvark: Replace custom PCIE_CORE_INT_* macros with PCI_INTERRUPT_* (git-fixes). - PCI: aardvark: Rewrite IRQ code to chained IRQ handler (git-fixes). - PCI: aardvark: Update comment about link going down after link-up (git-fixes). - PCI: aardvark: Use dev_fwnode() instead of of_node_to_fwnode(dev->of_node) (git-fixes). - PCI: aardvark: Use separate INTA interrupt for emulated root bridge (git-fixes). - PCI/ACPI: Allow D3 only if Root Port can signal and wake from D3 (git-fixes). - PCI: Add ACS quirk for Pericom PI7C9X2G switches (bsc#1199390). - PCI/AER: Clear MULTI_ERR_COR/UNCOR_RCV bits (git-fixes). - PCI: Avoid broken MSI on SB600 USB devices (git-fixes). - PCI: cadence: Fix find_first_zero_bit() limit (git-fixes). - PCI: dwc: Fix setting error return on MSI DMA mapping failure (git-fixes). - PCI: endpoint: Fix alignment fault error in copy tests (git-fixes). - PCI: endpoint: Fix misused goto label (git-fixes). - PCI: fu740: Force 2.5GT/s for initial device probe (git-fixes). - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314). - PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (bsc#1200845). - PCI: hv: Fix interrupt mapping for multi-MSI (bsc#1200845). - PCI: hv: Fix multi-MSI to allow more than one MSI vector (bsc#1200845). - PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA topology (git-fixes). - PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() (bsc#1200845). - PCI: imx6: Allow to probe when dw_pcie_wait_for_link() fails (git-fixes). - PCI: imx6: Fix PERST# start-up sequence (git-fixes). - PCI: Mark all AMD Navi10 and Navi14 GPU ATS as broken (git-fixes). - PCI: microchip: Fix potential race in interrupt handling (git-fixes). - PCI: mvebu: Fix configuring secondary bus of PCIe Root Port via emulated bridge (git-fixes). - PCI: mvebu: Fix device enumeration regression (git-fixes). - PCI: mvebu: Fix support for bus mastering and PCI_COMMAND on emulated bridge (git-fixes). - PCI: mvebu: Fix support for PCI_BRIDGE_CTL_BUS_RESET on emulated bridge (git-fixes). - PCI: mvebu: Setup PCIe controller to Root Complex mode (git-fixes). - PCI: pci-bridge-emul: Add definitions for missing capabilities registers (git-fixes). - PCI: pci-bridge-emul: Add description for class_revision field (git-fixes). - PCI: pciehp: Add Qualcomm quirk for Command Completed erratum (git-fixes). - PCI: pciehp: Clear cmd_busy bit in polling mode (git-fixes). - PCI/PM: Power up all devices during runtime resume (git-fixes). - PCI: qcom: Fix runtime PM imbalance on probe errors (git-fixes). - PCI: qcom: Fix unbalanced PHY init on probe errors (git-fixes). - PCI: rockchip: Fix find_first_zero_bit() limit (git-fixes). - PCI/switchtec: Add Gen4 automotive device IDs (git-fixes). - PCI: Work around Intel I210 ROM BAR overlap defect (git-fixes). - pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (git-fixes). - perf: Copy perf_event_attr::sig_data on modification (git fixes). - perf/core: Do not pass task around when ctx sched in (git-fixes). - perf/core: Fix address filter parser for multiple filters (git fixes). - perf/core: Fix cgroup event list management (git fixes). - perf/core: Fix perf_cgroup_switch() (git fixes). - perf/core: Fix perf_mmap fail when CONFIG_PERF_USE_VMALLOC enabled (git fixes). - perf: Fix list corruption in perf_cgroup_switch() (git fixes). - perf/x86/intel/pt: Fix address filter config for 32-bit kernel (git fixes). - perf/x86/intel/pt: Fix crash with stop filters in single-range mode (git fixes). - perf/x86/intel/uncore: Make uncore_discovery clean for 64 bit addresses (bsc#1197304). - perf/x86/intel: Update the FRONTEND MSR mask on Sapphire Rapids (git fixes). - phy: amlogic: fix error path in phy_g12a_usb3_pcie_probe() (git-fixes). - phy: amlogic: meson8b-usb2: fix shared reset control use (git-fixes). - phy: amlogic: meson8b-usb2: Use dev_err_probe() (git-fixes). - phy: amlogic: phy-meson-gxl-usb2: fix shared reset controller use (git-fixes). - phy: aquantia: Fix AN when higher speeds than 1G are not advertised (git-fixes). - phy: broadcom: Kconfig: Fix PHY_BRCM_USB config option (git-fixes). - phy: dphy: Correct clk_pre parameter (git-fixes). - phy: dphy: Correct lpx parameter and its derivatives(ta_{get,go,sure}) (git-fixes). - phy: mapphone-mdm6600: Fix PM error handling in phy_mdm6600_probe (git-fixes). - phy: phy-brcm-usb: fixup BCM4908 support (git-fixes). - phy: qcom-qmp: fix pipe-clock imbalance on power-on failure (git-fixes). - phy: qcom-qmp: fix reset-controller leak on probe errors (git-fixes). - phy: qcom-qmp: fix struct clk leak on probe errors (git-fixes). - phy: samsung: exynos5250-sata: fix missing device put in probe error paths (git-fixes). - phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe (git-fixes). - phy: stm32: fix a refcount leak in stm32_usbphyc_pll_enable() (git-fixes). - phy: ti: Add missing pm_runtime_disable() in serdes_am654_probe (git-fixes). - phy: ti: Fix missing sentinel for clk_div_table (git-fixes). - phy: ti: omap-usb2: Fix error handling in omap_usb2_enable_clocks (git-fixes). - phy: usb: Leave some clocks running during suspend (git-fixes). - phy: xilinx: zynqmp: Fix bus width setting for SGMII (git-fixes). - pinctrl: bcm2835: Fix a few error paths (git-fixes). - pinctrl: bcm63xx: fix unmet dependency on REGMAP for GPIO_REGMAP (git-fixes). - pinctrl: fix loop in k210_pinconf_get_drive() (git-fixes). - pinctrl: intel: Fix a glitch when updating IRQ flags on a preconfigured line (git-fixes). - pinctrl: intel: fix unexpected interrupt (git-fixes). - pinctrl: k210: Fix bias-pull-up (git-fixes). - pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init (git-fixes). - pinctrl: mediatek: moore: Fix build error (git-fixes). - pinctrl: mediatek: mt8195: enable driver on mtk platforms (git-fixes). - pinctrl: mediatek: mt8365: fix IES control pins (git-fixes). - pinctrl: mediatek: paris: Fix "argument" argument type for mtk_pinconf_get() (git-fixes). - pinctrl: mediatek: paris: Fix PIN_CONFIG_BIAS_* readback (git-fixes). - pinctrl: mediatek: paris: Fix pingroup pin config state readback (git-fixes). - pinctrl: mediatek: paris: Skip custom extra pin config dump for virtual GPIOs (git-fixes). - pinctrl: microchip-sgpio: lock RMW access (git-fixes). - pinctrl: microchip sgpio: use reset driver (git-fixes). - pinctrl: mvebu: Fix irq_of_parse_and_map() return value (git-fixes). - pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe (git-fixes). - pinctrl: npcm: Fix broken references to chip->parent_device (git-fixes). - pinctrl: nuvoton: npcm7xx: Rename DS() macro to DSTR() (git-fixes). - pinctrl: nuvoton: npcm7xx: Use %zu printk format for ARRAY_SIZE() (git-fixes). - pinctrl: pinconf-generic: Print arguments for bias-pull-* (git-fixes). - pinctrl: pinctrl-aspeed-g6: remove FWQSPID group in pinctrl (git-fixes). - pinctrl: pistachio: fix use of irq_of_parse_and_map() (git-fixes). - pinctrl: renesas: checker: Fix miscalculation of number of states (git-fixes). - pinctrl: renesas: core: Fix possible null-ptr-deref in sh_pfc_map_resources() (git-fixes). - pinctrl: renesas: r8a77470: Reduce size for narrow VIN1 channel (git-fixes). - pinctrl: renesas: r8a779a0: Fix GPIO function on I2C-capable pins (git-fixes). - pinctrl: renesas: rzn1: Fix possible null-ptr-deref in sh_pfc_map_resources() (git-fixes). - pinctrl/rockchip: Add missing of_node_put() in rockchip_pinctrl_probe (git-fixes). - pinctrl: rockchip: fix RK3308 pinmux bits (git-fixes). - pinctrl: samsung: drop pin banks references on error paths (git-fixes). - pinctrl: samsung: fix missing GPIOLIB on ARM64 Exynos config (git-fixes). - pinctrl: stm32: Do not call stm32_gpio_get() for edge triggered IRQs in EOI (git-fixes). - pinctrl: stm32: Keep pinctrl block clock enabled when LEVEL IRQ requested (git-fixes). - pinctrl: sunxi: fix f1c100s uart2 function (git-fixes). - pinctrl: sunxi: Fix H616 I2S3 pin data (git-fixes). - pinctrl: sunxi: Use unique lockdep classes for IRQs (git-fixes). - pinctrl: tegra: tegra194: drop unused pin groups (git-fixes). - pinctrl: tigerlake: Revert "Add Alder Lake-M ACPI ID" (git-fixes). - ping: fix the sk_bound_dev_if match in ping_lookup (bsc#1195826). - ping: remove pr_err from ping_lookup (bsc#1195826). - pipe: Fix missing lock in pipe_resize_ring() (git-fixes). - platform/chrome: cros_ec_debugfs: detach log reader wq from devm (git-fixes). - platform/chrome: cros_ec: fix error handling in cros_ec_register() (git-fixes). - platform/chrome: cros_ec_typec: Check for EC device (git-fixes). - platform/chrome: Re-introduce cros_ec_cmd_xfer and use it for ioctls (git-fixes). - platform: finally disallow IRQ0 in platform_get_irq() and its ilk (git-fixes). - platform/surface: aggregator: Fix initialization order when compiling as builtin module (git-fixes). - platform/surface: surface3-wmi: Simplify resource management (git-fixes). - platform/x86: Add Intel Software Defined Silicon driver (jsc#SLE-18938). - platform/x86: asus-wmi: Add support for custom fan curves (bsc#1198058). - platform/x86: asus-wmi: Delete impossible condition (bsc#1198058). - platform/x86: asus-wmi: Fix driver not binding when fan curve control probe fails (git-fixes). - platform/x86: asus-wmi: Fix regression when probing for fan curve control (bsc#1198058). - platform/x86: asus-wmi: Fix "unsigned 'retval' is never less than zero" smatch warning (bsc#1198058). - platform/x86: asus-wmi: Potential buffer overflow in asus_wmi_evaluate_method_buf() (git-fixes). - platform/x86: gigabyte-wmi: Add support for B450M DS3H-CF (git-fixes). - platform/x86: gigabyte-wmi: Add Z690M AORUS ELITE AX DDR4 support (git-fixes). - platform/x86: huawei-wmi: check the return value of device_create_file() (git-fixes). - platform/x86: intel-hid: fix _DSM function index handling (git-fixes). - platform/x86/intel/sdsi: Fix bug in multi packet reads (jsc#SLE-18901). - platform/x86/intel/sdsi: Handle leaky bucket (jsc#SLE-18901). - platform/x86/intel/sdsi: Poll on ready bit for writes (jsc#SLE-18901). - platform/x86: panasonic-laptop: de-obfuscate button codes (git-fixes). - platform/x86: panasonic-laptop: do not report duplicate brightness key-presses (git-fixes). - platform/x86: panasonic-laptop: filter out duplicate volume up/down/mute keypresses (git-fixes). - platform/x86: panasonic-laptop: revert "Resolve hotkey double trigger bug" (git-fixes). - platform/x86: panasonic-laptop: sort includes alphabetically (git-fixes). - platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative (git-fixes). - platform/x86: touchscreen_dmi: Add info for the RWC NANOTE P8 AY07J 2-in-1 (git-fixes). - PM: core: keep irq flags in device_pm_check_callbacks() (git-fixes). - PM / devfreq: exynos-ppmu: Fix refcount leak in of_get_devfreq_events (git-fixes). - PM / devfreq: rk3399_dmc: Disable edev on remove() (git-fixes). - PM: domains: Fix initialization of genpd's next_wakeup (git-fixes). - PM: domains: Fix sleep-in-atomic bug caused by genpd_debug_remove() (git-fixes). - PM: hibernate: fix __setup handler error handling (git-fixes). - PM: hibernate: Remove register_nosave_region_late() (git-fixes). - PM: s2idle: ACPI: Fix wakeup interrupts handling (git-fixes). - PM: suspend: fix return value of __setup handler (git-fixes). - PM: wakeup: simplify the output logic of pm_show_wakelocks() (git-fixes). - pNFS: Avoid a live lock condition in pnfs_update_layout() (git-fixes). - pNFS: Do not keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE (git-fixes). - powerpc/64: Move paca allocation later in boot (bsc#1190812). - powerpc/64s: Add CPU_FTRS_POWER10 to ALWAYS mask (jsc#SLE-13521 git-fixes). - powerpc/64s: Add CPU_FTRS_POWER9_DD2_2 to CPU_FTRS_ALWAYS mask (bsc#1061840 git-fixes). - powerpc/64s: Do not use DSISR for SLB faults (bsc#1194869). - powerpc/64s/radix: Fix huge vmap false positive (bsc#1156395). - powerpc: add link stack flush mitigation status in debugfs (bsc#1157038 bsc#1157923 ltc#182612 git-fixes). - powerpc/bpf: Update ldimm64 instructions during extra pass (bsc#1194869). - powerpc: Do not select HAVE_IRQ_EXIT_ON_IRQ_STACK (bsc#1194869). - powerpc: Enable the DAWR on POWER9 DD2.3 and above (bsc#1055117 ltc#159753). - powerpc/fadump: fix PT_LOAD segment for boot memory area (bsc#1103269 ltc#169948 git-fixes). - powerpc/fadump: opt out from freeing pages on cma activation failure (bsc#1195099 ltc#196102). - powerpc/fadump: register for fadump as early as possible (bsc#1179439 ltc#190038). - powerpc/idle: Fix return value of __setup() handler (bsc#1065729). - powerpc/lib/sstep: Fix 'sthcx' instruction (bsc#1156395). - powerpc/mce: Modify the real address error logging messages (jsc#SLE-18194). - powerpc/mm/numa: skip NUMA_NO_NODE onlining in parse_numa_properties() (bsc#1179639 ltc#189002 git-fixes). - powerpc/perf: Do not use perf_hw_context for trace IMC PMU (bsc#1156395). - powerpc/perf: Fix power10 event alternatives (jsc#SLE-13513 git-fixes). - powerpc/perf: Fix power9 event alternatives (bsc#1137728, LTC#178106, git-fixes). - powerpc/perf: Fix power_pmu_disable to call clear_pmi_irq_pending only if PMI is pending (bsc#1156395). - powerpc/perf: Fix the threshold compare group constraint for power10 (bsc#1194869). - powerpc/perf: Fix the threshold compare group constraint for power9 (bsc#1065729). - powerpc/powernv: Add __init attribute to eligible functions (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Get L1D flush requirements from device-tree (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Get STF barrier requirements from device-tree (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Remove POWER9 PVR version check for entry and uaccess flushes (bsc#1188885 ltc#193722 git-fixes). - powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729). - powerpc/pseries: Parse control memory access error (jsc#SLE-18194). - powerpc/pseries: read the lpar name from the firmware (bsc#1187716 ltc#193451). - powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (bsc#1200343 ltc#198477). - powerpc: Set crashkernel offset to mid of RMA region (bsc#1190812). - powerpc/sysdev: fix incorrect use to determine if list is empty (bsc#1065729). - powerpc/tm: Fix more userspace r13 corruption (bsc#1065729). - powerpc/vdso: Fix incorrect CFI in gettimeofday.S (bsc#1199173 ltc#197388). - powerpc/vdso: Remove cvdso_call_time macro (bsc#1199173 ltc#197388). - powerpc/xive: Add a debugfs file to dump EQs (bsc#1194409 ltc#195810). - powerpc/xive: Add some error handling code to 'xive_spapr_init()' (git-fixes). - powerpc/xive: Change the debugfs file 'xive' into a directory (bsc#1194409 ltc#195810). - powerpc/xive: Export XIVE IPI information for online-only processors (bsc#1194409 ltc#195810). - powerpc/xive: Fix refcount leak in xive_spapr_init (git-fixes). - powerpc/xive: fix return value of __setup handler (bsc#1065729). - powerpc/xive: Introduce an helper to print out interrupt characteristics (bsc#1194409 ltc#195810). - powerpc/xive: Introduce xive_core_debugfs_create() (bsc#1194409 ltc#195810). - powerpc/xive: Rename the 'cpus' debugfs file to 'ipis' (bsc#1194409 ltc#195810). - power: reset: gemini-poweroff: Fix IRQ check in gemini_poweroff_probe (git-fixes). - power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init (git-fixes). - power: supply: axp20x_battery: properly report current when discharging (git-fixes). - power: supply: axp288-charger: Set Vhold to 4.4V (git-fixes). - power: supply: axp288_fuel_gauge: Drop BIOS version check from "T3 MRD" DMI quirk (git-fixes). - power: supply: axp288_fuel_gauge: Fix battery reporting on the One Mix 1 (git-fixes). - power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong false return (git-fixes). - power: supply: sbs-charger: Do not cancel work that is not initialized (git-fixes). - power: supply: wm8350-power: Add missing free in free_charger_irq (git-fixes). - power: supply: wm8350-power: Handle error for wm8350_register_irq (git-fixes). - pps: clients: gpio: Propagate return value from pps_gpio_probe (git-fixes). - printk: Add panic_in_progress helper (bsc#1197894). - printk: disable optimistic spin during panic (bsc#1197894). - proc: bootconfig: Add null pointer check (git-fixes). - proc: fix documentation and description of pagemap (git-fixes). - procfs: prevent unprivileged processes accessing fdinfo dir (git-fixes). - psi: fix "defined but not used" warnings when (git-fixes) - ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE (bsc#1198413). - pvpanic: Fix typos in the comments (git-fixes). - pwm: lp3943: Fix duty calculation in case period was clamped (git-fixes). - pwm: lpc18xx-sct: Initialize driver data and hardware before pwmchip_add() (git-fixes). - pwm: raspberrypi-poe: Fix endianness in firmware struct (git-fixes). - qed: display VF trust config (git-fixes). - qede: confirm skb is allocated before using (git-fixes). - qed: fix ethtool register dump (jsc#SLE-19001). - qed: return status of qed_iov_get_link (git-fixes). - qla2xxx: add ->map_queues support for nvme (bsc#1195823). - qlcnic: dcb: default to returning -EOPNOTSUPP (git-fixes). - raid5: introduce MD_BROKEN (git-fixes). - random: check for signal_pending() outside of need_resched() check (git-fixes). - random: wake up /dev/random writers after zap (git-fixes). - random: wire up fops->splice_{read,write}_iter() (git-fixes). - ray_cs: Check ioremap return value (git-fixes). - RDMA/cma: Do not change route.addr.src_addr outside state checks (git-fixes). - RDMA/cma: Use correct address when leaving multicast group (git-fixes). - RDMA/core: Fix ib_qp_usecnt_dec() called when error (jsc#SLE-19249). - RDMA/core: Set MR type in ib_reg_user_mr (git-fixes). - RDMA/hfi1: Fix use-after-free bug for mm struct (git-fixes). - RDMA/ib_srp: Fix a deadlock (git-fixes). - RDMA/irdma: Fix netdev notifications for vlan's (git-fixes). - RDMA/irdma: Fix Passthrough mode in VM (git-fixes). - RDMA/irdma: Fix possible crash due to NULL netdev in notifier (git-fixes). - RDMA/irdma: Flush iWARP QP if modified to ERR from RTR state (git-fixes). - RDMA/irdma: Prevent some integer underflows (git-fixes). - RDMA/irdma: Reduce iWARP QP destroy time (git-fixes). - RDMA/irdma: Remove incorrect masking of PD (git-fixes). - RDMA/irdma: Set protocol based on PF rdma_mode flag (bsc#1200502). - RDMA/mlx4: Do not continue event handler after memory allocation failure (git-fixes). - RDMA/mlx5: Add a missing update of cache->last_add (git-fixes). - RDMA/mlx5: Do not remove cache MRs when a delay is needed (git-fixes). - RDMA/mlx5: Fix memory leak in error flow for subscribe event routine (git-fixes). - RDMA/mlx5: Fix the flow of a miss in the allocation of a cache ODP MR (git-fixes). - RDMA/nldev: Prevent underflow in nldev_stat_set_counter_dynamic_doit() (jsc#SLE-19249). - RDMA/rtrs-clt: Fix possible double free in error case (git-fixes). - RDMA/rtrs-clt: Move free_permit from free_clt to rtrs_clt_close (git-fixes). - RDMA/rxe: Change variable and function argument to proper type (jsc#SLE-19249). - RDMA/rxe: Check the last packet by RXE_END_MASK (git-fixes). - RDMA/rxe: Fix ref error in rxe_av.c (jsc#SLE-19249). - RDMA/siw: Fix a condition race issue in MPA request processing (git-fixes). - RDMA/siw: Fix broken RDMA Read Fence/Resume logic (git-fixes). - RDMA/siw: Fix refcounting leak in siw_create_qp() (jsc#SLE-19249). - RDMA/ucma: Protect mc during concurrent multicast leaves (git-fixes). - regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips (git-fixes). - regmap-irq: Fix offset/index mismatch in read_sub_irq_data() (git-fixes). - regmap-irq: Update interrupt clear register for proper reset (git-fixes). - regulator: atc260x: Fix missing active_discharge_on setting (git-fixes). - regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET (git-fixes). - regulator: core: fix false positive in regulator_late_cleanup() (git-fixes). - regulator: da9121: Fix uninit-value in da9121_assign_chip_model() (git-fixes). - regulator: mt6315: Enforce regulator-compatible, not name (git-fixes). - regulator: mt6315-regulator: fix invalid allowed mode (git-fixes). - regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt (git-fixes). - regulator: qcom_smd: fix for_each_child.cocci warnings (git-fixes). - regulator: qcom_smd: Fix up PM8950 regulator configuration (git-fixes). - regulator: rpi-panel: Handle I2C errors/timing to the Atmel (git-fixes). - regulator: scmi: Fix refcount leak in scmi_regulator_probe (git-fixes). - regulator: wm8994: Add an off-on delay for WM8994 variant (git-fixes). - remoteproc: Fix count check in rproc_coredump_write() (git-fixes). - remoteproc: imx_rproc: Ignore create mem entry for resource table (git-fixes). - remoteproc: qcom: Fix missing of_node_put in adsp_alloc_memory_region (git-fixes). - remoteproc: qcom_q6v5_mss: Fix some leaks in q6v5_alloc_memory_region (git-fixes). - remoteproc: qcom_wcnss: Add missing of_node_put() in wcnss_alloc_memory_region (git-fixes). - reset: tegra-bpmp: Restore Handle errors in BPMP response (git-fixes). - Revert "drm/amd/display: Fix DCN3 B0 DP Alt Mapping" (git-fixes). - Revert "drm/amdgpu/display: set vblank_disable_immediate for DC" (git-fixes). - Revert "svm: Add warning message for AVIC IPI invalid target" (git-fixes). - rfkill: make new event layout opt-in (git-fixes). - rfkill: uapi: fix RFKILL_IOCTL_MAX_SIZE ioctl request definition (git-fixes). - riscv: Fix fill_callchain return value (git fixes). - rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value (git-fixes). - rpmsg: qcom_smd: Fix redundant channel->registered assignment (git-fixes). - rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails (git-fixes). - rpmsg: virtio: Fix possible double free in rpmsg_probe() (git-fixes). - rpmsg: virtio: Fix possible double free in rpmsg_virtio_add_ctrl_dev() (git-fixes). - rpmsg: virtio: Fix the unregistration of the device rpmsg_ctrl (git-fixes). - rtc: check if __rtc_read_time was successful (git-fixes). - rtc: fix use-after-free on device removal (git-fixes). - rtc: ftrtc010: Fix error handling in ftrtc010_rtc_probe (git-fixes). - rtc: ftrtc010: Use platform_get_irq() to get the interrupt (git-fixes). - rtc: mc146818-lib: fix locking in mc146818_set_time (git-fixes). - rtc: mc146818-lib: Fix the AltCentury for AMD platforms (git-fixes). - rtc: mt6397: check return value after calling platform_get_resource() (git-fixes). - rtc: mxc: Silence a clang warning (git-fixes). - rtc: pcf2127: fix bug when reading alarm registers (git-fixes). - rtc: pl031: fix rtc features null pointer dereference (git-fixes). - rtc: sun6i: Fix time overflow handling (git-fixes). - rtc: wm8350: Handle error for wm8350_register_irq (git-fixes). - rtl818x: Prevent using not initialized queues (git-fixes). - rtlwifi: Use pr_warn instead of WARN_ONCE (git-fixes). - rtw88: 8821c: fix debugfs rssi value (git-fixes). - rtw88: 8821c: support RFE type4 wifi NIC (git-fixes). - rtw88: Disable PCIe ASPM while doing NAPI poll on 8821CE (git-fixes). - rtw88: rtw8821c: enable rfe 6 devices (git-fixes). - s390/crypto: fix scatterwalk_unmap() callers in AES-GCM (git-fixes). - s390/ctcm: fix potential memory leak (git-fixes). - s390/ctcm: fix variable dereferenced before check (git-fixes). - s390/dasd: fix data corruption for ESE devices (git-fixes). - s390/dasd: Fix read for ESE with blksize 4k (git-fixes). - s390/dasd: Fix read inconsistency for ESE DASD devices (git-fixes). - s390/dasd: prevent double format of tracks for ESE devices (git-fixes). - s390/entry: fix duplicate tracking of irq nesting level (git-fixes). - s390/extable: fix exception table sorting (git-fixes). - s390/kexec_file: fix error handling when applying relocations (git-fixes). - s390/kexec: fix memory leak of ipl report buffer (git-fixes). - s390/kexec: fix return code handling (git-fixes). - s390/lcs: fix variable dereferenced before check (git-fixes). - s390/mcck: isolate SIE instruction when setting CIF_MCCK_GUEST flag (git-fixes). - s390/module: fix loading modules with a lot of relocations (git-fixes). - s390/nmi: handle guarded storage validity failures for KVM guests (git-fixes). - s390/nmi: handle vector validity failures for KVM guests (git-fixes). - s390/perf: obtain sie_block from the right address (bsc#1200315 LTC#198473). - s390/setup: avoid reserving memory above identity mapping (git-fixes). - s390/smp: sort out physical vs virtual pointers usage (git-fixes). - sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl (git-fixes). - sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl (git-fixes). - sc16is7xx: Fix for incorrect data being transmitted (git-fixes). - sched/core: Export pelt_thermal_tp (git-fixes) - sched/core: Fix forceidle balancing (git-fixes) - sched/core: Mitigate race (git-fixes) - sched/cpuacct: Fix charge percpu cpuusage (git-fixes) - sched/cpuacct: Fix user/system in shown cpuacct.usage* (git-fixes) - sched/debug: Remove mpol_get/put and task_lock/unlock from (git-fixes) - sched: Define and initialize a flag to identify valid PASID in the task (jsc#SLE-24350). - sched/fair: Consider CPU affinity when allowing NUMA imbalance in find_idlest_group() (bnc#1193431). - sched/fair: Fix fault in reweight_entity (git fixes (sched/core)). - sched/fair: Revise comment about lb decision matrix (git-fixes) - sched: Fix balance_push() vs __sched_setscheduler() (git-fixes) - sched: Fix yet more sched_fork() races (git fixes (sched/core)). - sched/membarrier: Fix membarrier-rseq fence command missing (git-fixes) - sched/numa: Adjust imb_numa_nr to a better approximation of memory channels (bnc#1193431). - sched/numa: Apply imbalance limitations consistently (bnc#1193431). - sched/numa: Do not swap tasks between nodes when spare capacity is available (bnc#1193431). - sched/numa: Initialise numa_migrate_retry (bnc#1193431). - sched/pasid: Add a kABI workaround (jsc#SLE-24350). - sched/pelt: Fix attach_entity_load_avg() corner case (git-fixes) - sched/pelt: Relax the sync of util_sum with util_avg (git-fixes) - sched/psi: report zeroes for CPU full at the system level (git-fixes) - sched/rt: Plug rt_mutex_setprio() vs push_rt_task() race (git-fixes) - sched/rt: Try to restart rt period timer when rt runtime (git-fixes) - sched/scs: Reset task stack state in bringup_cpu() (git-fixes) - sched/sugov: Ignore 'busy' filter when rq is capped by (git-fixes) - sched: Teach the forced-newidle balancer about CPU affinity (git-fixes) - scripts/faddr2line: Fix overlapping text section failures (git-fixes). - scsi: block: pm: Always set request queue runtime active in blk_post_runtime_resume() (bsc#1198802). - scsi: block: PM fix blk_post_runtime_resume() args (bsc#1198802). - scsi: core: Query VPD size before getting full page (git-fixes). - scsi: dc395x: Fix a missing check on list iterator (git-fixes). - scsi: elx: efct: Do not use GFP_KERNEL under spin lock (git-fixes). - scsi: fnic: Fix a tracing statement (git-fixes). - scsi: fnic: Replace DMA mask of 64 bits with 47 bits (bsc#1199631). - scsi: hisi_sas: Add more logs for runtime suspend/resume (bsc#1198802). - scsi: hisi_sas: Change permission of parameter prot_mask (git-fixes). - scsi: hisi_sas: Fix rescan after deleting a disk (git-fixes). - scsi: hisi_sas: Fix some issues related to asd_sas_port->phy_list (bsc#1198802). - scsi: hisi_sas: Increase debugfs_dump_index after dump is completed (bsc#1198806). - scsi: hisi_sas: Initialise devices in .slave_alloc callback (bsc#1198802). - scsi: hisi_sas: Limit users changing debugfs BIST count value (bsc#1198803). - scsi: hisi_sas: Remove unused variable and check in hisi_sas_send_ata_reset_each_phy() (git-fixes). - scsi: hisi_sas: Wait for phyup in hisi_sas_control_phy() (bsc#1198802). - scsi: ibmvfc: Allocate/free queue resource only during probe/remove (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - scsi: ibmvfc: Store vhost pointer during subcrq allocation (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - scsi: iscsi: Add helper functions to manage iscsi_cls_conn (bsc#1198410). - scsi: iscsi: Add helper to remove a session from the kernel (bsc#1198410). - scsi: iscsi: Allow iscsi_if_stop_conn() to be called from kernel (bsc#1198410). - scsi: iscsi: Clean up bound endpoints during shutdown (bsc#1198410). - scsi: iscsi: Fix HW conn removal use after free (bsc#1198410). - scsi: iscsi: Fix session removal on shutdown (bsc#1198410). - scsi: libiscsi: Teardown iscsi_cls_conn gracefully (bsc#1198410). - scsi: libsas: Add flag SAS_HA_RESUMING (bsc#1198802). - scsi: libsas: Add spin_lock/unlock() to protect asd_sas_port->phy_list (bsc#1198802). - scsi: libsas: Defer works of new phys during suspend (bsc#1198802). - scsi: libsas: Do not always drain event workqueue for HA resume (bsc#1198802). - scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands (git-fixes). - scsi: libsas: Insert PORTE_BROADCAST_RCVD event for resuming host (bsc#1198802). - scsi: libsas: Keep host active while processing events (bsc#1198802). - scsi: libsas: Refactor sas_queue_deferred_work() (bsc#1198802). - scsi: libsas: Resume host while sending SMP I/Os (bsc#1198802). - scsi: lpfc: Add more logging of cmd and cqe information for aborted NVMe cmds (bsc#1201193). - scsi: lpfc: Address NULL pointer dereference after starget_to_rport() (bsc#1201193). - scsi: lpfc: Add support for ATTO Fibre Channel devices (bsc#1201193). - scsi: lpfc: Add support for VMID tagging of NVMe I/Os (bsc#1201193). - scsi: lpfc: Allow reduced polling rate for nvme_admin_async_event cmd completion (bsc#1201193). - scsi: lpfc: Alter FPIN stat accounting logic (bsc#1200045). - scsi: lpfc: Change FA-PWWN detection methodology (bsc#1200045). - scsi: lpfc: Change VMID registration to be based on fabric parameters (bsc#1200045). - scsi: lpfc: Clear fabric topology flag before initiating a new FLOGI (bsc#1200045). - scsi: lpfc: Commonize VMID code location (bsc#1201193). - scsi: lpfc: Copyright updates for 14.2.0.0 patches (bsc#1197675). - scsi: lpfc: Copyright updates for 14.2.0.2 patches (bsc#1200045). - scsi: lpfc: Correct BDE DMA address assignment for GEN_REQ_WQE (bsc#1200045). - scsi: lpfc: Correct BDE type for XMIT_SEQ64_WQE in lpfc_ct_reject_event() (bsc#1201193). - scsi: lpfc: Correct CRC32 calculation for congestion stats (bsc#1200045). - scsi: lpfc: Decrement outstanding gidft_inp counter if lpfc_err_lost_link() (bsc#1200045). - scsi: lpfc: Drop lpfc_no_handler() (bsc#1197675). - scsi: lpfc: Expand setting ELS_ID field in ELS_REQUEST64_WQE (bsc#1200045). - scsi: lpfc: Fill in missing ndlp kref puts in error paths (bsc#1200045). - scsi: lpfc: Fix additional reference counting in lpfc_bsg_rport_els() (bsc#1200045). - scsi: lpfc: Fix broken SLI4 abort path (bsc#1197675). - scsi: lpfc: Fix call trace observed during I/O with CMF enabled (bsc#1200045). - scsi: lpfc: Fix diagnostic fw logging after a function reset (bsc#1200045). - scsi: lpfc: Fix dmabuf ptr assignment in lpfc_ct_reject_event() (bsc#1200045). - scsi: lpfc: Fix element offset in __lpfc_sli_release_iocbq_s4() (bsc#1200045). - scsi: lpfc: Fix field overload in lpfc_iocbq data structure (bsc#1200045). - scsi: lpfc: Fix locking for lpfc_sli_iocbq_lookup() (bsc#1197675). - scsi: lpfc: Fix ndlp put following a LOGO completion (bsc#1200045). - scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI (bsc#1200045). - scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology (bsc#1201193). - scsi: lpfc: Fix queue failures when recovering from PCI parity error (bsc#1197675 bsc#1196478). - scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp() (bsc#1200045). - scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock (bsc#1200045). - scsi: lpfc: Fix split code for FLOGI on FCoE (bsc#1200045). - scsi: lpfc: Fix typos in comments (bsc#1197675). - scsi: lpfc: Fix unload hang after back to back PCI EEH faults (bsc#1197675 bsc#1196478). - scsi: lpfc: Improve PCI EEH Error and Recovery Handling (bsc#1197675 bsc#1196478). - scsi: lpfc: Inhibit aborts if external loopback plug is inserted (bsc#1200045). - scsi: lpfc: Introduce FC_RSCN_MEMENTO flag for tracking post RSCN completion (bsc#1200045). - scsi: lpfc: Kill lpfc_bus_reset_handler() (bsc#1197675). - scsi: lpfc: Move cfg_log_verbose check before calling lpfc_dmp_dbg() (bsc#1200045). - scsi: lpfc: Move MI module parameter check to handle dynamic disable (bsc#1200045). - scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT (bsc#1200045). - scsi: lpfc: Reduce log messages seen after firmware download (bsc#1197675). - scsi: lpfc: Refactor cleanup of mailbox commands (bsc#1200045). - scsi: lpfc: Register for Application Services FC-4 type in Fabric topology (bsc#1200045). - scsi: lpfc: Remove failing soft_wwn support (bsc#1197675). - scsi: lpfc: Remove false FDMI NVMe FC-4 support for NPIV ports (bsc#1200045). - scsi: lpfc: Remove NVMe support if kernel has NVME_FC disabled (bsc#1197675). - scsi: lpfc: Remove redundant flush_workqueue() call (bsc#1197675). - scsi: lpfc: Remove redundant lpfc_sli_prep_wqe() call (bsc#1200045). - scsi: lpfc: Remove unnecessary null ndlp check in lpfc_sli_prep_wqe() (bsc#1200045). - scsi: lpfc: Remove unnecessary NULL pointer assignment for ELS_RDF path (bsc#1200045). - scsi: lpfc: Remove unneeded variable (bsc#1200045). - scsi: lpfc: Requeue SCSI I/O to upper layer when fw reports link down (bsc#1200045). - scsi: lpfc: Resolve NULL ptr dereference after an ELS LOGO is aborted (bsc#1201193). - scsi: lpfc: Resolve some cleanup issues following abort path refactoring (bsc#1201193). - scsi: lpfc: Resolve some cleanup issues following SLI path refactoring (bsc#1201193). - scsi: lpfc: Revise FDMI reporting of supported port speed for trunk groups (bsc#1200045). - scsi: lpfc: Rework FDMI initialization after link up (bsc#1200045). - scsi: lpfc: Rework lpfc_vmid_get_appid() to be protocol independent (bsc#1201193). - scsi: lpfc: SLI path split: Introduce lpfc_prep_wqe (bsc#1197675). - scsi: lpfc: SLI path split: Refactor Abort paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor base ELS paths and the FLOGI path (bsc#1197675). - scsi: lpfc: SLI path split: Refactor BSG paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor CT paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor fast and slow paths to native SLI4 (bsc#1197675). - scsi: lpfc: SLI path split: Refactor FDISC paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor lpfc_iocbq (bsc#1197675). - scsi: lpfc: SLI path split: Refactor LS_ACC paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor LS_RJT paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor misc ELS paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor PLOGI/PRLI/ADISC/LOGO paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor SCSI paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor the RSCN/SCR/RDF/EDC/FARPR paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor VMID paths (bsc#1197675). - scsi: lpfc: Transition to NPR state upon LOGO cmpl if link down or aborted (bsc#1200045). - scsi: lpfc: Tweak message log categories for ELS/FDMI/NVMe rescan (bsc#1200045). - scsi: lpfc: Update fc_prli_sent outstanding only after guaranteed IOCB submit (bsc#1200045). - scsi: lpfc: Update lpfc version to 14.2.0.0 (bsc#1197675). - scsi: lpfc: Update lpfc version to 14.2.0.1 (bsc#1197675). - scsi: lpfc: Update lpfc version to 14.2.0.2 (bsc#1200045). - scsi: lpfc: Update lpfc version to 14.2.0.3 (bsc#1200045). - scsi: lpfc: Update lpfc version to 14.2.0.4 (bsc#1201193). - scsi: lpfc: Update stat accounting for READ_STATUS mbox command (bsc#1200045). - scsi: lpfc: Use fc_block_rport() (bsc#1197675). - scsi: lpfc: Use irq_set_affinity() (bsc#1197675). - scsi: lpfc: Use kcalloc() (bsc#1197675). - scsi: lpfc: Use list_for_each_entry_safe() in rscn_recovery_check() (bsc#1200045). - scsi: lpfc: Use rport as argument for lpfc_chk_tgt_mapped() (bsc#1197675). - scsi: lpfc: Use rport as argument for lpfc_send_taskmgmt() (bsc#1197675). - scsi: lpfc: Use sg_dma_address() and sg_dma_len() macros for NVMe I/O (bsc#1200045). - scsi: lpfc: Zero SLI4 fcp_cmnd buffer's fcpCntl0 field (bsc#1200045). - scsi: mpt3sas: Fix incorrect 4GB boundary check (git-fixes). - scsi: mpt3sas: Fix use after free in _scsih_expander_node_remove() (git-fixes). - scsi: mpt3sas: Page fault in reply q processing (git-fixes). - scsi: mpt3sas: Use cached ATA Information VPD page (git-fixes). - scsi: mvsas: Add spin_lock/unlock() to protect asd_sas_port->phy_list (bsc#1198802). - scsi: nvme-fc: Add new routine nvme_fc_io_getuuid() (bsc#1201193). - scsi: pm8001: Fix abort all task initialization (git-fixes). - scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req() (git-fixes). - scsi: pm8001: Fix command initialization in pm80XX_send_read_log() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_chip_sata_req() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_chip_ssp_io_req() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_set_sas_protocol_timer_config() (git-fixes). - scsi: pm8001: Fix NCQ NON DATA command completion handling (git-fixes). - scsi: pm8001: Fix NCQ NON DATA command task initialization (git-fixes). - scsi: pm8001: Fix payload initialization in pm80xx_encrypt_update() (git-fixes). - scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config() (git-fixes). - scsi: pm80xx: Enable upper inbound, outbound queues (git-fixes). - scsi: pm80xx: Mask and unmask upper interrupt vectors 32-63 (git-fixes). - scsi: qedi: Fix ABBA deadlock in qedi_process_tmf_resp() and qedi_process_cmd_cleanup_resp() (git-fixes). - scsi: qedi: Use QEDI_MODE_NORMAL for error handling (bsc#1198410). - scsi: qla2xxx: Add a new v2 dport diagnostic feature (bsc#1201160). - scsi: qla2xxx: Add debug prints in the device remove path (bsc#1201160). - scsi: qla2xxx: Add devids and conditionals for 28xx (bsc#1195823). - scsi: qla2xxx: Add ql2xnvme_queues module param to configure number of NVMe queues (bsc#1195823). - scsi: qla2xxx: Add qla2x00_async_done() for async routines (bsc#1195823). - scsi: qla2xxx: Add retry for exec firmware (bsc#1195823). - scsi: qla2xxx: Check for firmware dump already collected (bsc#1195823). - scsi: qla2xxx: edif: Add bsg interface to read doorbell events (bsc#1201160). - scsi: qla2xxx: edif: Add retry for ELS passthrough (bsc#1201160). - scsi: qla2xxx: edif: bsg refactor (bsc#1201160). - scsi: qla2xxx: edif: Fix clang warning (bsc#1195823). - scsi: qla2xxx: edif: Fix inconsistent check of db_flags (bsc#1195823). - scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription (bsc#1201160). - scsi: qla2xxx: edif: Fix n2n discovery issue with secure target (bsc#1201160). - scsi: qla2xxx: edif: Fix n2n login retry for secure device (bsc#1201160). - scsi: qla2xxx: edif: Fix no login after app start (bsc#1201160). - scsi: qla2xxx: edif: Fix no logout on delete for N2N (bsc#1201160). - scsi: qla2xxx: edif: Fix potential stuck session in sa update (bsc#1201160). - scsi: qla2xxx: edif: Fix session thrash (bsc#1201160). - scsi: qla2xxx: edif: Fix slow session teardown (bsc#1201160). - scsi: qla2xxx: edif: Reduce connection thrash (bsc#1195823). - scsi: qla2xxx: edif: Reduce disruption due to multiple app start (bsc#1201160). - scsi: qla2xxx: edif: Reduce Initiator-Initiator thrashing (bsc#1201160). - scsi: qla2xxx: edif: Reduce N2N thrashing at app_start time (bsc#1201160). - scsi: qla2xxx: edif: Remove old doorbell interface (bsc#1201160). - scsi: qla2xxx: edif: Remove unneeded variable (bsc#1200046). - scsi: qla2xxx: edif: Replace list_for_each_safe with list_for_each_entry_safe (bsc#1195823). - scsi: qla2xxx: edif: Send LOGO for unexpected IKE message (bsc#1201160). - scsi: qla2xxx: edif: Synchronize NPIV deletion with authentication application (bsc#1201160). - scsi: qla2xxx: edif: Tear down session if keys have been removed (bsc#1201160). - scsi: qla2xxx: edif: Tweak trace message (bsc#1195823). - scsi: qla2xxx: edif: Wait for app to ack on sess down (bsc#1201160). - scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts (bsc#1201160). - scsi: qla2xxx: Fix crash during module load unload test (bsc#1197661). - scsi: qla2xxx: Fix device reconnect in loop topology (bsc#1195823). - scsi: qla2xxx: Fix disk failure to rediscover (bsc#1197661). - scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection (bsc#1201160). - scsi: qla2xxx: Fix excessive I/O error messages by default (bsc#1201160). - scsi: qla2xxx: Fix hang due to session stuck (bsc#1197661). - scsi: qla2xxx: Fix incorrect reporting of task management failure (bsc#1197661). - scsi: qla2xxx: Fix laggy FC remote port session recovery (bsc#1197661). - scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation tests (bsc#1201160). - scsi: qla2xxx: Fix losing FCP-2 targets on long port disable with I/Os (bsc#1201160). - scsi: qla2xxx: Fix losing target when it reappears during delete (bsc#1201160). - scsi: qla2xxx: Fix loss of NVMe namespaces after driver reload test (bsc#1197661). - scsi: qla2xxx: Fix missed DMA unmap for aborted commands (bsc#1200046). - scsi: qla2xxx: Fix missed DMA unmap for NVMe ls requests (bsc#1197661). - scsi: qla2xxx: Fix N2N inconsistent PLOGI (bsc#1197661). - scsi: qla2xxx: Fix premature hw access after PCI error (bsc#1195823). - scsi: qla2xxx: Fix scheduling while atomic (bsc#1195823). - scsi: qla2xxx: Fix stuck session in gpdb (bsc#1195823). - scsi: qla2xxx: Fix stuck session of PRLI reject (bsc#1197661). - scsi: qla2xxx: Fix T10 PI tag escape and IP guard options for 28XX adapters (bsc#1195823). - scsi: qla2xxx: Fix typos in comments (bsc#1197661). - scsi: qla2xxx: Fix warning for missing error code (bsc#1195823). - scsi: qla2xxx: Fix warning message due to adisc being flushed (bsc#1195823). - scsi: qla2xxx: Fix wrong FDMI data for 64G adapter (bsc#1195823). - scsi: qla2xxx: Implement ref count for SRB (bsc#1195823). - scsi: qla2xxx: Increase max limit of ql2xnvme_queues (bsc#1197661). - scsi: qla2xxx: Reduce false trigger to login (bsc#1197661). - scsi: qla2xxx: Refactor asynchronous command initialization (bsc#1195823). - scsi: qla2xxx: Remove a declaration (bsc#1195823). - scsi: qla2xxx: Remove free_sg command flag (bsc#1200046). - scsi: qla2xxx: Remove setting of 'req' and 'rsp' parameters (bsc#1201160). - scsi: qla2xxx: Remove unneeded flush_workqueue() (bsc#1200046). - scsi: qla2xxx: Remove unused qla_sess_op_cmd_list from scsi_qla_host_t (bsc#1195823). - scsi: qla2xxx: Remove unused 'ql_dm_tgt_ex_pct' parameter (bsc#1201160). - scsi: qla2xxx: Stop using the SCSI pointer (bsc#1197661). - scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair() (bsc#1195823). - scsi: qla2xxx: Turn off multi-queue for 8G adapters (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.200-k (bsc#1195823). - scsi: qla2xxx: Update version to 10.02.07.300-k (bsc#1195823). - scsi: qla2xxx: Update version to 10.02.07.400-k (bsc#1197661). - scsi: qla2xxx: Update version to 10.02.07.500-k (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.600-k (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.700-k (bsc#1201160). - scsi: qla2xxx: Use correct feature type field during RFF_ID processing (bsc#1197661). - scsi: qla2xxx: Use named initializers for port_state_str (bsc#1197661). - scsi: qla2xxx: Use named initializers for q_dev_state (bsc#1197661). - scsi: qla2xxx: Wind down adapter after PCIe error (bsc#1201160). - scsi: scsi_transport_fc: Fix FPIN Link Integrity statistics counters (git-fixes). - scsi: sr: Do not leak information in ioctl (git-fixes). - scsi: ufs: core: Exclude UECxx from SFR dump list (git-fixes). - scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (git-fixes). - scsi: ufs: qcom: Fix ufs_qcom_resume() (git-fixes). - scsi: virtio-scsi: Eliminate anonymous module_init and module_exit (git-fixes). - scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() (git-fixes). - selftest: KVM: Add open sev dev helper (bsc#1194526). - selftests/bpf: Remove unused variable in tc_tunnel prog (git-fixes). - selftests: firmware: Fix the request_firmware_into_buf() test for XZ format (git-fixes). - selftests: firmware: Use smaller dictionary for XZ compression (git-fixes). - selftests: fix check for circular KVM_CAP_VM_MOVE_ENC_CONTEXT_FROM (bsc#1194526). - selftests: KVM: Add /x86_64/sev_migrate_tests to .gitignore (bsc#1194526). - selftests: KVM: Fix check for !POLLIN in demand_paging_test (bsc#1194526). - selftests: kvm: Remove absent target file (git-fixes). - selftests: KVM: sev_migrate_tests: Fix sev_ioctl() (bsc#1194526). - selftests: kvm/x86: Fix the warning in lib/x86_64/processor.c (bsc#1194526). - selftests/powerpc: Add test for real address error handling (jsc#SLE-18194). - serial: 8250: Also set sticky MCR bits in console restoration (git-fixes). - serial: 8250_aspeed_vuart: add PORT_ASPEED_VUART port type (git-fixes). - serial: 8250_aspeed_vuart: Fix potential NULL dereference in aspeed_vuart_probe (git-fixes). - serial: 8250: core: Remove unneeded linux/pm_runtime.h (git-fixes). - serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device (git-fixes). - serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485 (git-fixes). - serial: 8250: Fix race condition in RTS-after-send handling (git-fixes). - serial: 8250: fix XOFF/XON sending when DMA is used (git-fixes). - serial: 8250_lpss: Balance reference count for PCI DMA device (git-fixes). - serial: 8250_mid: Balance reference count for PCI DMA device (git-fixes). - serial: 8250_mtk: Fix register address for XON/XOFF character (git-fixes). - serial: 8250_mtk: Fix UART_EFR register address (git-fixes). - serial: 8250: pxa: Remove unneeded linux/pm_runtime.h (git-fixes). - serial: core: Fix the definition name in the comment of UPF_* flags (git-fixes). - serial: cpm_uart: Fix build error without CONFIG_SERIAL_CPM_CONSOLE (git-fixes). - serial: digicolor-usart: Do not allow CS5-6 (git-fixes). - serial: imx: fix overrun interrupts in DMA mode (git-fixes). - serial: meson: acquire port->lock in startup() (git-fixes). - serial: msm_serial: disable interrupts in __msm_console_write() (git-fixes). - serial: pch: do not overwrite xmit->buf[0] by x_char (git-fixes). - serial: rda-uart: Do not allow CS5-6 (git-fixes). - serial: samsung_tty: do not unlock port->lock for uart_write_wakeup() (git-fixes). - serial: sh-sci: Do not allow CS5-6 (git-fixes). - serial: sifive: Report actual baud base rather than fixed 115200 (git-fixes). - serial: sifive: Sanitize CSIZE and c_iflag (git-fixes). - serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 (git-fixes). - serial: stm32-usart: Correct CSIZE, bits, and parity (git-fixes). - serial: txx9: Do not allow CS5-6 (git-fixes). - sfc: Do not free an empty page_ring (git-fixes). - sfc: fallback for lack of xdp tx queues (bsc#1196306). - sfc: last resort fallback for lack of xdp tx queues (bsc#1196306). - sfc: Use swap() instead of open coding it (bsc#1196306). - sfc: use swap() to make code cleaner (bsc#1196306). - skbuff: fix coalescing for page_pool fragment recycling (bsc#1190336). - slimbus: qcom: Fix IRQ check in qcom_slim_probe (git-fixes). - slip: fix macro redefine warning (git-fixes). - smb3: add mount parm nosparse (bsc#1193629). - smb3: add trace point for lease not found issue (bsc#1193629). - smb3: add trace point for oplock not found (bsc#1193629). - smb3: check for null tcon (bsc#1193629). - smb3: cleanup and clarify status of tree connections (bsc#1193629). - smb3: do not set rc when used and unneeded in query_info_compound (bsc#1193629). - SMB3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op (bsc#1193629). - smb3: fix incorrect session setup check for multiuser mounts (bsc#1193629). - smb3: fix ksmbd bigendian bug in oplock break, and move its struct to smbfs_common (bsc#1193629). - smb3: fix snapshot mount option (bsc#1193629). - smb3 improve error message when mount options conflict with posix (bsc#1193629). - smb3: move defines for ioctl protocol header and SMB2 sizes to smbfs_common (bsc#1193629). - smb3: move defines for query info and query fsinfo to smbfs_common (bsc#1193629). - smb3 move more common protocol header definitions to smbfs_common (bsc#1193629). - smb3: send NTLMSSP version information (bsc#1193629). - smp: Fix offline cpu check in flush_smp_call_function_queue() (git-fixes). - smsc911x: allow using IRQ0 (git-fixes). - soc: aspeed: lpc-ctrl: Block error printing on probe defer cases (git-fixes). - soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe (git-fixes). - soc: bcm: Check for NULL return of devm_kzalloc() (git-fixes). - soc: fsl: Correct MAINTAINERS database (QUICC ENGINE LIBRARY) (git-fixes). - soc: fsl: Correct MAINTAINERS database (SOC) (git-fixes). - soc: fsl: guts: Add a missing memory allocation failure check (git-fixes). - soc: fsl: guts: Revert commit 3c0d64e867ed (git-fixes). - soc: fsl: qe: Check of ioremap return value (git-fixes). - soc: mediatek: pm-domains: Add wakeup capacity support in power domain (git-fixes). - soc: qcom: aoss: Expose send for generic usecase (git-fixes). - soc: qcom: aoss: Fix missing put_device call in qmp_get (git-fixes). - soc: qcom: aoss: remove spurious IRQF_ONESHOT flags (git-fixes). - soc: qcom: llcc: Add MODULE_DEVICE_TABLE() (git-fixes). - soc: qcom: ocmem: Fix missing put_device() call in of_get_ocmem (git-fixes). - soc: qcom: rpmpd: Check for null return of devm_kcalloc (git-fixes). - soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc (git-fixes). - soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc (git-fixes). - soc: rockchip: Fix refcount leak in rockchip_grf_init (git-fixes). - soc: ti: ti_sci_pm_domains: Check for null return of devm_kcalloc (git-fixes). - soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe (git-fixes). - sound/oss/dmasound: fix build when drivers are mixed =y/=m (git-fixes). - sound/oss/dmasound: fix 'dmasound_setup' defined but not used (git-fixes). - soundwire: intel: fix wrong register name in intel_shim_wake (git-fixes). - soundwire: intel: prevent pm_runtime resume prior to system suspend (git-fixes). - soundwire: qcom: adjust autoenumeration timeout (git-fixes). - speakup-dectlk: Restore pitch setting (git-fixes). - spi: atmel-quadspi: Fix the buswidth adjustment between spi-mem and controller (git-fixes). - spi: bcm-qspi: fix MSPI only access with bcm_qspi_exec_mem_op() (git-fixes). - spi: cadence-quadspi: fix incorrect supports_op() return value (git-fixes). - spi: cadence-quadspi: fix protocol setup for non-1-1-X operations (git-fixes). - spi: core: add dma_map_dev for __spi_unmap_msg() (git-fixes). - spi: Fix erroneous sgs value with min_t() (git-fixes). - spi: Fix invalid sgs value (git-fixes). - spi: Fix Tegra QSPI example (git-fixes). - spi: img-spfi: Fix pm_runtime_get_sync() error checking (git-fixes). - spi: mxic: Fix the transmit path (git-fixes). - spi: pxa2xx-pci: Balance reference count for PCI DMA device (git-fixes). - spi: qcom-qspi: Add minItems to interconnect-names (git-fixes). - spi: rockchip: Fix error in getting num-cs property (git-fixes). - spi: rockchip: fix missing error on unsupported SPI_CS_HIGH (git-fixes). - spi: rockchip: Preset cs-high and clk polarity in setup progress (git-fixes). - spi: rockchip: Stop spi slave dma receiver when cs inactive (git-fixes). - spi: rockchip: terminate dma transmission when slave abort (git-fixes). - spi: spi-cadence: Fix kernel-doc format for resume/suspend (git-fixes). - spi: spi-fsl-qspi: check return value after calling platform_get_resource_byname() (git-fixes). - spi: spi-mtk-nor: initialize spi controller after resume (git-fixes). - spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction (git-fixes). - spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout (git-fixes). - spi: spi-zynqmp-gqspi: Handle error for dma_set_mask (git-fixes). - spi: spi-zynq-qspi: Fix a NULL pointer dereference in zynq_qspi_exec_mem_op() (git-fixes). - spi: stm32-qspi: Fix wait_cmd timeout in APM mode (git-fixes). - spi: tegra114: Add missing IRQ check in tegra_spi_probe (git-fixes). - spi: tegra20: Use of_device_get_match_data() (git-fixes). - spi: tegra210-quad: Fix missin IRQ check in tegra_qspi_probe (git-fixes). - sr9700: sanity check for packet length (bsc#1196836). - staging: fbtft: fb_st7789v: reset display before initialization (git-fixes). - staging: fbtft: Fix error path in fbtft_driver_module_init() (git-fixes). - staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() (git-fixes). - staging: gdm724x: fix use after free in gdm_lte_rx() (git-fixes). - staging:iio:adc:ad7280a: Fix handing of device address bit reversing (git-fixes). - staging: most: dim2: force fcnt=3 on Renesas GEN3 (git-fixes). - staging: most: dim2: use device release method (git-fixes). - staging: most: dim2: use if statements instead of ?: expressions (git-fixes). - staging: mt7621-dts: fix formatting (git-fixes). - staging: mt7621-dts: fix LEDs and pinctrl on GB-PC1 devicetree (git-fixes). - staging: mt7621-dts: fix pinctrl-0 items to be size-1 items on ethernet (git-fixes). - staging: mt7621-dts: fix pinctrl properties for ethernet (git-fixes). - staging: rtl8712: fix a potential memory leak in r871xu_drv_init() (git-fixes). - staging: rtl8712: fix uninit-value in r871xu_drv_init() (git-fixes). - staging: rtl8712: fix uninit-value in usb_read8() and friends (git-fixes). - staging: rtl8723bs: Fix access-point mode deadlock (git-fixes). - staging: vc04_services: shut up out-of-range warning (git-fixes). - staging: vchiq_arm: Avoid NULL ptr deref in vchiq_dump_platform_instances (git-fixes). - staging: vchiq_core: handle NULL result of find_service_by_handle (git-fixes). - staging: vchiq: Move certain declarations to vchiq_arm.h (git-fixes). - staging: vchiq: Move vchiq char driver to its own file (git-fixes). - staging: vchiq: Refactor vchiq cdev code (git-fixes). - staging: wfx: fix an error handling in wfx_init_common() (git-fixes). - stddef: Introduce DECLARE_FLEX_ARRAY() helper (git-fixes). - stm: ltdc: fix two incorrect NULL checks on list iterator (bsc#1190786) - SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367). - SUNRPC: Do not dereference non-socket transports in sysfs (git-fixes). - SUNRPC: Do not dereference non-socket transports in sysfs - kabi fix (git-fixes). - SUNRPC do not resend a task on an offlined transport (git-fixes). - SUNRPC: Ensure gss-proxy connects on setup (git-fixes). - SUNRPC: Ensure that the gssproxy client can start in a connected state (git-fixes). - SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() (git-fixes). - SUNRPC: Fix the svc_deferred_event trace class (git-fixes). - SUNRPC: Handle ENOMEM in call_transmit_status() (git-fixes). - SUNRPC: Handle low memory situations in call_status() (git-fixes). - SUNRPC release the transport of a relocated task with an assigned transport (git-fixes). - SUNRPC: svc_tcp_sendmsg() should handle errors from xdr_alloc_bvec() (git-fixes). - SUNRPC: Trap RDMA segment overflows (git-fixes). - SUNRPC: use different lock keys for INET6 and LOCAL (git-fixes). - supported.conf: add intel_sdsi - supported.conf: mark pfuze100 regulator as supported (bsc#1199909) - supported.conf: Support TPM TIS SPI driver (jsc#SLE-24093) - surface: surface3_power: Fix battery readings on batteries without a serial number (git-fixes). - swiotlb: max mapping size takes min align mask into account (bsc#1197303). - sysrq: do not omit current cpu when showing backtrace of all active CPUs (git-fixes). - thermal/core: Fix memory leak in __thermal_cooling_device_register() (git-fixes). - thermal: core: Fix TZ_GET_TRIP NULL pointer dereference (git-fixes). - thermal: devfreq_cooling: use local ops instead of global ops (git-fixes). - thermal/drivers/bcm2711: Do not clamp temperature at zero (git-fixes). - thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe (git-fixes). - thermal/drivers/imx_sc_thermal: Fix refcount leak in imx_sc_thermal_probe (git-fixes). - thermal/drivers/int340x: Improve the tcc offset saving for suspend/resume (git-fixes). - thermal: int340x: Check for NULL after calling kmemdup() (git-fixes). - thermal: int340x: Fix attr.show callback prototype (git-fixes). - thermal: int340x: fix memory leak in int3400_notify() (git-fixes). - thermal: int340x: Increase bitmap size (git-fixes). - thunderbolt: Use different lane for second DisplayPort tunnel (git-fixes). - tick/nohz: unexport __init-annotated tick_nohz_full_setup() (bsc#1201218). - tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator (bsc#1190786) - timekeeping: Mark NMI safe time accessors as notrace (git-fixes) - timers: Fix warning condition in __run_timers() (git-fixes) - TOMOYO: fix __setup handlers return values (git-fixes). - tools arch x86: Add Intel SDSi provisiong tool (jsc#SLE-18938). - tools: bpftool: Complete metrics list in "bpftool prog profile" doc (git-fixes). - tools: bpftool: Document and add bash completion for -L, -B options (git-fixes). - tools: bpftool: Update and synchronise option list in doc and help msg (git-fixes). - tpm: Fix buffer access in tpm2_get_tpm_pt() (git-fixes). - tpm: Fix error handling in async work (git-fixes). - tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() (bsc#1065729). - tpm: use try_get_ops() in tpm-space.c (git-fixes). - tps6598x: clear int mask on probe failure (git-fixes). - tracing: Do not inc err_log entry count if entry allocation fails (git-fixes). - tracing: Dump stacktrace trigger to the corresponding instance (git-fixes). - tracing: Fix potential double free in create_var_ref() (git-fixes). - tracing: Fix return value of __setup handlers (git-fixes). - tracing: Fix return value of trace_pid_write() (git-fixes). - tracing: Fix smatch warning for null glob in event_hist_trigger_parse() (git-fixes). - tracing: Have trace event string test handle zero length strings (git-fixes). - tracing: Have traceon and traceoff trigger honor the instance (git-fixes). - tracing/histogram: Fix a potential memory leak for kstrdup() (git-fixes). - tracing/histogram: Fix sorting on old "cpu" value (git-fixes). - tracing/osnoise: Force quiescent states while tracing (git-fixes). - tracing: Propagate is_signed to expression (git-fixes). - tracing: Show kretprobe unknown indicator only for kretprobe_trampoline (bsc#1193277). - tty: Fix a possible resource leak in icom_probe (git-fixes). - tty: fix deadlock caused by calling printk() under tty_port->lock (git-fixes). - tty: goldfish: Fix free_irq() on remove (git-fixes). - tty: goldfish: Introduce gf_ioread32()/gf_iowrite32() (git-fixes). - tty: goldfish: Use tty_port_destroy() to destroy port (git-fixes). - tty: n_gsm: Debug output allocation must use GFP_ATOMIC (git-fixes). - tty: n_gsm: Do not ignore write return value in gsmld_output() (git-fixes). - tty: n_gsm: fix deadlock in gsmtty_open() (git-fixes). - tty: n_gsm: fix encoding of control signal octet bit DV (git-fixes). - tty: n_gsm: fix NULL pointer access due to DLCI release (git-fixes). - tty: n_gsm: Fix packet data hex dump output (git-fixes). - tty: n_gsm: fix proper link termination after failed open (git-fixes). - tty: n_gsm: fix wrong modem processing in convergence layer type 2 (git-fixes). - tty: n_gsm: fix wrong tty control line for flow control (git-fixes). - tty: n_tty: do not look ahead for EOL character past the end of the buffer (git-fixes). - tty: n_tty: Restore EOF push handling behavior (git-fixes). - tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe() (git-fixes). - tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get (git-fixes). - tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe (git-fixes). - tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() (git-fixes). - u64_stats: Disable preemption on 32bit UP+SMP PREEMPT_RT during updates (bsc#1189998). - uapi/linux/stddef.h: Add include guards (jsc#SLE-18978). - ucounts: Enforce RLIMIT_NPROC not RLIMIT_NPROC+1 (bsc#1194191). - udmabuf: validate ubuf->pagecount (git-fixes). - udp_tunnel: Fix end of loop test in udp_tunnel_nic_unregister() (git-fixes). - usb: cdc-wdm: fix reading stuck on device close (git-fixes). - usb: cdns3: Fix issue for clear halt endpoint (git-fixes). - usb: cdnsp: fix cdnsp_decode_trb function to properly handle ret value (git-fixes). - usb: cdnsp: Fixed setting last_trb incorrectly (git-fixes). - usb: chipidea: udc: check request status before setting device address (git-fixes). - usb: core: Do not hold the device lock while sleeping in do_proc_control() (git-fixes). - usb: core: hcd: Add support for deferring roothub registration (git-fixes). - usb: dwc2: drd: fix soft connect when gadget is unconfigured (git-fixes). - usb: dwc2: Fix memory leak in dwc2_hcd_init (git-fixes). - usb: dwc2: gadget: do not reset gadget's driver->bus (git-fixes). - usb: dwc2: gadget: do not try to disable ep0 in dwc2_hsotg_suspend (git-fixes). - usb: dwc3: core: Fix tx/rx threshold settings (git-fixes). - usb: dwc3: core: Only handle soft-reset in DCTL (git-fixes). - usb: dwc3: Decouple USB 2.0 L1 & L2 events (git-fixes). - usb: dwc3: gadget: Change to dev_dbg() when queuing to inactive gadget/ep (git-fixes). - usb: dwc3: gadget: ep_queue simplify isoc start condition (git-fixes). - usb: dwc3: gadget: Fix IN endpoint max packet size allocation (git-fixes). - usb: dwc3: gadget: Give some time to schedule isoc (git-fixes). - usb: dwc3: gadget: Ignore Update Transfer cmd params (git-fixes). - usb: dwc3: gadget: Let the interrupt handler disable bottom halves (git-fixes). - usb: dwc3: gadget: move cmd_endtransfer to extra function (git-fixes). - usb: dwc3: gadget: Move null pinter check to proper place (git-fixes). - usb: dwc3: gadget: Prevent core from processing stale TRBs (git-fixes). - usb: dwc3: gadget: Prevent repeat pullup() (git-fixes). - usb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback (git-fixes). - usb: dwc3: gadget: Return proper request status (git-fixes). - usb: dwc3: gadget: Skip checking Update Transfer status (git-fixes). - usb: dwc3: gadget: Skip reading GEVNTSIZn (git-fixes). - usb: dwc3: gadget: Wait for ep0 xfers to complete during dequeue (git-fixes). - usb: dwc3: Issue core soft reset before enabling run/stop (git-fixes). - usb: dwc3: omap: fix "unbalanced disables for smps10_out1" on omap5evm (git-fixes). - usb: dwc3: pci: Add "snps,dis_u2_susphy_quirk" for Intel Bay Trail (git-fixes). - usb: dwc3: pci: add support for the Intel Meteor Lake-P (git-fixes). - usb: dwc3: pci: add support for the Intel Raptor Lake-S (git-fixes). - usb: dwc3: pci: Fix Bay Trail phy GPIO mappings (git-fixes). - usb: dwc3: pci: Fix pm_runtime_get_sync() error checking (git-fixes). - usb: dwc3: pci: Set the swnode from inside dwc3_pci_quirks() (git-fixes). - usb: dwc3: Try usb-role-switch first in dwc3_drd_init (git-fixes). - usb: dwc3: xilinx: fix uninitialized return value (git-fixes). - usb: ehci: add pci device support for Aspeed platforms (git-fixes). - usb: ehci-omap: drop unused ehci_read() function (git-fixes). - usb: f_fs: Fix use-after-free for epfile (git-fixes). - usb: Fix xhci event ring dequeue pointer ERDP update issue (git-fixes). - usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind() (git-fixes). - usb: gadget: eliminate anonymous module_init and module_exit (git-fixes). - usb: gadget: f_fs: change ep->ep safe in ffs_epfile_io() (git-fixes). - usb: gadget: f_fs: change ep->status safe in ffs_epfile_io() (git-fixes). - USB: gadget: Fix double-free bug in raw_gadget driver (git-fixes). - usb: gadget: Fix non-unique driver names in raw-gadget driver (git-fixes). - usb: gadget: fix race when gadget driver register via ioctl (git-fixes). - usb: gadget: Fix use-after-free bug by not setting udc->dev.driver (git-fixes). - usb: gadget: f_uac2: Define specific wTerminalType (git-fixes). - usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe (git-fixes). - usb: gadget: rndis: add spinlock for rndis response list (git-fixes). - usb: gadget: rndis: check size of RNDIS_MSG_SET command (git-fixes). - usb: gadget: rndis: prevent integer overflow in rndis_set_response() (git-fixes). - usb: gadget: tegra-xudc: Do not program SPARAM (git-fixes). - usb: gadget: tegra-xudc: Fix control endpoint's definitions (git-fixes). - usb: gadget: udc: renesas_usb3: Fix host to USB_ROLE_NONE transition (git-fixes). - usb: gadget: u_ether: fix regression in setting fixed MAC address (git-fixes). - usb: gadget: uvc: allow for application to cleanly shutdown (git-fixes). - usb: gadget: uvc: Fix crash when encoding data for usb request (git-fixes). - usb: gadget: uvc: rename function to be more consistent (git-fixes). - usb: gadget: validate endpoint index for xilinx udc (git-fixes). - usb: gadget: validate interface OS descriptor requests (git-fixes). - USB: hcd-pci: Fully suspend across freeze/thaw cycle (git-fixes). - usb: hcd-pci: Use PCI_STD_NUM_BARS when checking standard BARs (git-fixes). - USB: host: isp116x: check return value after calling platform_get_resource() (git-fixes). - usb: isp1760: Fix out-of-bounds array access (git-fixes). - usb: misc: fix improper handling of refcount in uss720_probe() (git-fixes). - usb: mtu3: fix USB 3.0 dual-role-switch from device to host (git-fixes). - usb: musb: Fix missing of_node_put() in omap2430_probe (git-fixes). - usbnet: fix memory allocation in helpers (git-fixes). - USB: new quirk for Dell Gen 2 devices (git-fixes). - usb: phy: generic: Get the vbus supply (git-fixes). - usb: quirks: add a Realtek card reader (git-fixes). - usb: quirks: add STRING quirk for VCOM device (git-fixes). - usb: raw-gadget: fix handling of dual-direction-capable endpoints (git-fixes). - usb: serial: ch341: add support for GW Instek USB2.0-Serial devices (git-fixes). - usb: serial: cp210x: add CPI Bulk Coin Recycler id (git-fixes). - usb: serial: cp210x: add NCR Retail IO box id (git-fixes). - usb: serial: cp210x: add PIDs for Kamstrup USB Meter Reader (git-fixes). - usb: serial: ftdi_sio: add support for Brainboxes US-159/235/320 (git-fixes). - USB: serial: io_ti: add Agilent E5805A support (git-fixes). - usb: serial: option: add Fibocom L610 modem (git-fixes). - usb: serial: option: add Fibocom MA510 modem (git-fixes). - USB: serial: option: add Quectel BG95 modem (git-fixes). - USB: serial: option: add Quectel EM05-G modem (git-fixes). - USB: serial: option: add Quectel RM500K module support (git-fixes). - USB: serial: option: add support for Cinterion MV31 with new baseline (git-fixes). - usb: serial: option: add support for Cinterion MV32-WA/MV32-WB (git-fixes). - usb: serial: option: add support for DW5829e (git-fixes). - usb: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions (git-fixes). - USB: serial: option: add Telit LE910Cx 0x1250 composition (git-fixes). - usb: serial: option: add Telit LE910R1 compositions (git-fixes). - usb: serial: option: add ZTE MF286D modem (git-fixes). - usb: serial: pl2303: add device id for HP LM930 Display (git-fixes). - usb: serial: pl2303: add IBM device IDs (git-fixes). - USB: serial: pl2303: add support for more HXN (G) types (git-fixes). - usb: serial: pl2303: fix GS type detection (git-fixes). - usb: serial: pl2303: fix type detection for odd device (git-fixes). - usb: serial: qcserial: add support for Sierra Wireless EM7590 (git-fixes). - usb: serial: simple: add Nokia phone driver (git-fixes). - usb: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS (git-fixes). - usb: storage: karma: fix rio_karma_init return (git-fixes). - usb: storage: ums-realtek: fix error code in rts51x_read_mem() (git-fixes). - usb: typec: mux: Check dev_set_name() return value (git-fixes). - usb: typec: tcpci: Do not skip cleanup in .remove() on error (git-fixes). - usb: typec: tcpci_mt6360: Update for BMC PHY setting (git-fixes). - usb: typec: tipd: Forward plug orientation to typec subsystem (git-fixes). - usb: typec: ucsi: Fix reuse of completion structure (git-fixes). - usb: typec: ucsi: Fix role swapping (git-fixes). - usb: ulpi: Call of_node_put correctly (git-fixes). - usb: ulpi: Move of_node_put to ulpi_dev_release (git-fixes). - usb: usbip: add missing device lock on tweak configuration cmd (git-fixes). - usb: usbip: eliminate anonymous module_init and module_exit (git-fixes). - usb: usbip: fix a refcount leak in stub_probe() (git-fixes). - usb: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c (git-fixes). - usb: usbtmc: Fix bug in pipe direction for control transfers (git-fixes). - usb: xhci: tegra:Fix PM usage reference leak of tegra_xusb_unpowergate_partitions (git-fixes). - usb: zaurus: support another broken Zaurus (git-fixes). - use jobs not processors in the constraints jobs is the number of vcpus available to the build, while processors is the total processor count of the machine the VM is running on. - vdpasim: allow to enable a vq repeatedly (git-fixes). - veth: Ensure eth header is in skb's linear part (git-fixes). - veth: fix races around rq->rx_notify_masked (git-fixes). - vfio/ccw: Remove unneeded GFP_DMA (git-fixes). - vhost_vdpa: do not setup irq offloading when irq_num 0 (git-fixes). - vhost/vsock: do not check owner in vhost_vsock_stop() while releasing (git-fixes). - vhost/vsock: fix incorrect used length reported to the guest (git-fixes). - video: fbdev: atari: Atari 2 bpp (STe) palette bugfix (git-fixes). - video: fbdev: atmel_lcdfb: fix an error code in atmel_lcdfb_probe() (git-fixes). - video: fbdev: cirrusfb: check pixclock to avoid divide by zero (git-fixes). - video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (git-fixes). - video: fbdev: controlfb: Fix COMPILE_TEST build (git-fixes). - video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name() (git-fixes). - video: fbdev: matroxfb: set maxvram of vbG200eW to the same as vbG200 to avoid black screen (git-fixes). - video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow (git-fixes). - video: fbdev: omapfb: acx565akm: replace snprintf with sysfs_emit (git-fixes). - video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of (git-fixes). - video: fbdev: omapfb: panel-dsi-cm: Use sysfs_emit() instead of snprintf() (git-fixes). - video: fbdev: omapfb: panel-tpo-td043mtea1: Use sysfs_emit() instead of snprintf() (git-fixes). - video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() (git-fixes). - video: fbdev: sm712fb: Fix crash in smtcfb_read() (git-fixes). - video: fbdev: sm712fb: Fix crash in smtcfb_write() (git-fixes). - video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe() (git-fixes). - video: fbdev: udlfb: properly check endpoint type (bsc#1190497) - video: fbdev: udlfb: replace snprintf in show functions with sysfs_emit (git-fixes). - video: fbdev: w100fb: Reset global state (git-fixes). - virtio-blk: Do not use MAX_DISCARD_SEGMENTS if max_discard_seg is zero (git-fixes). - virtio_blk: eliminate anonymous module_init and module_exit (git-fixes). - virtio_blk: fix the discard_granularity and discard_alignment queue limits (git-fixes). - virtio_console: break out of buf poll on remove (git-fixes). - virtio_console: eliminate anonymous module_init and module_exit (git-fixes). - virtio: fix virtio transitional ids (git-fixes). - virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed (git-fixes). - virtio-net: fix for skb_over_panic inside big mode (git-fixes). - virtio-net: fix race between ndo_open() and virtio_device_ready() (git-fixes). - virtio_net: fix wrong buf address calculation when using xdp (git-fixes). - virtio_net: fix xdp_rxq_info bug after suspend/resume (git-fixes). - virtio-net: realign page_to_skb() after merges (git-fixes). - virtio: pci: Fix an error handling path in vp_modern_probe() (git-fixes). - virtio-pci: Remove wrong address verification in vp_del_vqs() (git-fixes). - VMCI: Fix the description of vmci_check_host_caps() (git-fixes). - vringh: Fix loop descriptors check in the indirect cases (git-fixes). - vsprintf: Fix %pK with kptr_restrict == 0 (bsc#1197889). - vsprintf: Fix potential unaligned access (bsc#1198379). - vt_ioctl: add array_index_nospec to VT_ACTIVATE (git-fixes). - vt_ioctl: fix array_index_nospec in vt_setactivate (git-fixes). - vxcan: enable local echo for sent CAN frames (git-fixes). - w1: w1_therm: fixes w1_seq for ds28ea00 sensors (git-fixes). - watchdog: rti-wdt: Add missing pm_runtime_disable() in probe function (git-fixes). - watchdog: rti-wdt: Fix pm_runtime_get_sync() error checking (git-fixes). - Watchdog: sp5100_tco: Add initialization using EFCH MMIO (bsc#1199260). - watchdog: sp5100_tco: Add support for get_timeleft (bsc#1199260). - Watchdog: sp5100_tco: Enable Family 17h+ CPUs (bsc#1199260). - Watchdog: sp5100_tco: Move timer initialization into function (bsc#1199260). - Watchdog: sp5100_tco: Refactor MMIO base address initialization (bsc#1199260). - watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe (git-fixes). - watchdog: wdat_wdt: Stop watchdog when rebooting the system (git-fixes). - watch_queue: Actually free the watch (git-fixes). - watch_queue: Fix NULL dereference in error cleanup (git-fixes). - watch_queue: Free the page array when watch_queue is dismantled (git-fixes). - wcn36xx: Differentiate wcn3660 from wcn3620 (git-fixes). - wifi: mac80211: fix use-after-free in chanctx code (git-fixes). - wilc1000: fix crash observed in AP mode with cfg80211_register_netdevice() (git-fixes). - wireguard: queueing: use CFI-safe ptr_ring cleanup function (git-fixes). - wireguard: selftests: rename DEBUG_PI_LIST to DEBUG_PLIST (git-fixes). - wireguard: socket: free skb in send6 when ipv6 is disabled (git-fixes). - wireguard: socket: ignore v6 endpoints when ipv6 is disabled (git-fixes). - writeback: Avoid skipping inode writeback (bsc#1200813). - writeback: Fix inode->i_io_list not be protected by inode->i_lock error (bsc#1200821). - x86/boot: Add setup_indirect support in early_memremap_is_setup_data() (bsc#1190497). - x86/boot: Fix memremap of setup_indirect structures (bsc#1190497). - x86/cc: Move arch/x86/{kernel/cc_platform.c coco/core.c} (jsc#SLE-19924). - x86/coco: Add API to handle encryption mask (jsc#SLE-19924). - x86/coco: Explicitly declare type of confidential computing platform (jsc#SLE-19924). - x86/cpu: Add Xeon Icelake-D to list of CPUs that support PPIN (bsc#1190497). - x86/cpufeatures: Re-enable ENQCMD (jsc#SLE-24350). - x86/cpu: Load microcode during restore_processor_state() (bsc#1190497). - x86/entry: Remove skip_r11rcx (bsc#1201524). - x86/fpu: Clear PASID when copying fpstate (jsc#SLE-24350). - x86/ibt,xen: Sprinkle the ENDBR (bsc#1201471). - x86/kprobes: Add UNWIND_HINT_FUNC on kretprobe_trampoline() (bsc#1193277). - x86/kprobes: Fixup return address in generic trampoline handler (bsc#1193277). - x86/kprobes: Push a fake return address at kretprobe_trampoline (bsc#1193277). - x86/kvmclock: Fix Hyper-V Isolated VM s boot issue when vCPUs 64 (bsc#1183682). - x86/kvm: Do not waste memory if kvmclock is disabled (bsc#1183682). - x86/MCE/AMD: Allow thresholding interface updates after init (bsc#1190497). - x86/mm/cpa: Generalize __set_memory_enc_pgtable() (jsc#SLE-19924). - x86/module: Fix the paravirt vs alternative order (bsc#1190497). - x86/pm: Save the MSR validity status at context setup (bsc#1190497). - x86/ptrace: Fix xfpregs_set() incorrect xmm clearing (bsc#1190497). - x86/speculation: Restore speculation related MSRs during S3 resume (bsc#1190497). - x86/traps: Demand-populate PASID MSR via #GP (jsc#SLE-24350). - x86/traps: Mark do_int3() NOKPROBE_SYMBOL (bsc#1190497). - x86/tsx: Use MSR_TSX_CTRL to clear CPUID bits (bsc#1190497). - x86/unwind: kABI workaround for unwind_state changes (bsc#1193277). - x86/unwind: Recover kretprobe trampoline entry (bsc#1193277). - xen/blkfront: fix comment for need_copy (git-fixes). - xen: fix is_xen_pmu() (git-fixes). - xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue (bsc#1201381). - xen: unexport __init-annotated xen_xlate_map_ballooned_pages() (bsc#1201218). - xen/x86: obtain full video frame buffer address for Dom0 also under EFI (bsc#1193556). - xen/x86: obtain upper 32 bits of video frame buffer address for Dom0 (bsc#1193556). - xfs: drop async cache flushes from CIL commits (bsc#1195669). - xhci: Allow host runtime PM as default for Intel Alder Lake N xHCI (git-fixes). - xhci: Enable runtime PM on second Alderlake controller (git-fixes). - xhci: fix garbage USBSTS being logged in some cases (git-fixes). - xhci: fix runtime PM imbalance in USB2 resume (git-fixes). - xhci: fix uninitialized string returned by xhci_decode_ctrl_ctx() (git-fixes). - xhci: increase usb U3 U0 link resume timeout from 100ms to 500ms (git-fixes). - xhci: make xhci_handshake timeout for xhci_reset() adjustable (git-fixes). - xhci-pci: Allow host runtime PM as default for Intel Meteor Lake xHCI (git-fixes). - xhci-pci: Allow host runtime PM as default for Intel Raptor Lake xHCI (git-fixes). - xhci: Prevent futile URB re-submissions due to incorrect return value (git-fixes). - xhci: re-initialize the HC during resume if HCE was set (git-fixes). - xhci: stop polling roothubs after shutdown (git-fixes). - xhci: turn off port power in shutdown (git-fixes). - xsk: Do not write NULL in SW ring at allocation failure (jsc#SLE-18375). - zsmalloc: decouple class actions from zspage works (bsc#1189998). - zsmalloc: introduce obj_allocated (bsc#1189998). - zsmalloc: introduce some helper functions (bsc#1189998). - zsmalloc: move huge compressed obj from page to zspage (bsc#1189998). - zsmalloc: remove zspage isolation for migration (bsc#1189998). - zsmalloc: rename zs_stat_type to class_stat_type (bsc#1189998). - zsmalloc: replace get_cpu_var with local_lock (bsc#1189998). - zsmalloc: replace per zpage lock with poolmigrate_lock (bsc#1189998). - zsmalloc: Stop using slab fields in struct page (bsc#1189998 bsc#1190208). kernel-default-5.14.21-150400.24.11.1.nosrc.rpm True kernel-default-5.14.21-150400.24.11.1.x86_64.rpm True kernel-default-base-5.14.21-150400.24.11.1.150400.24.3.6.src.rpm True kernel-default-base-5.14.21-150400.24.11.1.150400.24.3.6.x86_64.rpm True kernel-default-devel-5.14.21-150400.24.11.1.x86_64.rpm True kernel-devel-5.14.21-150400.24.11.1.noarch.rpm True kernel-macros-5.14.21-150400.24.11.1.noarch.rpm True kernel-source-5.14.21-150400.24.11.1.src.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2022-2546 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for gpg2 fixes the following issues: - CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225). - Use AES as default cipher instead of 3DES when we are in FIPS mode. (bsc#1196125) dirmngr-2.2.27-150300.3.5.1.x86_64.rpm gpg2-2.2.27-150300.3.5.1.src.rpm gpg2-2.2.27-150300.3.5.1.x86_64.rpm gpg2-lang-2.2.27-150300.3.5.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3555 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) aaa_base-84.87+git20180409.04c9dae-150300.10.3.1.src.rpm aaa_base-84.87+git20180409.04c9dae-150300.10.3.1.x86_64.rpm aaa_base-extras-84.87+git20180409.04c9dae-150300.10.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2323 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for systemd-presets-branding-SLE fixes the following issues: - Enable suseconnect-keepalive.timer for SUSEConnect (jsc#SLE-23312) systemd-presets-branding-SLE-15.1-150100.20.11.1.noarch.rpm systemd-presets-branding-SLE-15.1-150100.20.11.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3214 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for wpa_supplicant fixes the following issues: - Enable WPA3-Enterprise (SuiteB-192) support. (jsc#SLE-14992) wpa_supplicant-2.9-150000.4.36.1.src.rpm wpa_supplicant-2.9-150000.4.36.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2357 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for python3 fixes the following issues: - CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511). libpython3_6m1_0-3.6.15-150300.10.27.1.x86_64.rpm python3-3.6.15-150300.10.27.1.src.rpm python3-3.6.15-150300.10.27.1.x86_64.rpm python3-base-3.6.15-150300.10.27.1.x86_64.rpm python3-core-3.6.15-150300.10.27.1.src.rpm python3-curses-3.6.15-150300.10.27.1.x86_64.rpm python3-dbm-3.6.15-150300.10.27.1.x86_64.rpm python3-devel-3.6.15-150300.10.27.1.x86_64.rpm python3-idle-3.6.15-150300.10.27.1.x86_64.rpm python3-tk-3.6.15-150300.10.27.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3149 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for hplip fixes the following issues: - Fix C compiler flags which results in better device detection. (bsc#1198794) hplip-3.21.10-150400.3.3.1.src.rpm hplip-devel-3.21.10-150400.3.3.1.x86_64.rpm hplip-hpijs-3.21.10-150400.3.3.1.x86_64.rpm hplip-sane-3.21.10-150400.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2299 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for yast2-kdump fixes the following issues: - Do not limit to kdumptool MaxLow when using fadump. (jsc#SLE-21644) yast2-kdump-4.4.4-150400.3.3.1.src.rpm yast2-kdump-4.4.4-150400.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2102 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for vim fixes the following issues: - CVE-2017-17087: Fixed information leak via .swp files (bsc#1070955). - CVE-2021-3875: Fixed heap-based buffer overflow (bsc#1191770). - CVE-2021-3903: Fixed heap-based buffer overflow (bsc#1192167). - CVE-2021-3968: Fixed heap-based buffer overflow (bsc#1192902). - CVE-2021-3973: Fixed heap-based buffer overflow (bsc#1192903). - CVE-2021-3974: Fixed use-after-free (bsc#1192904). - CVE-2021-4069: Fixed use-after-free in ex_open()in src/ex_docmd.c (bsc#1193466). - CVE-2021-4136: Fixed heap-based buffer overflow (bsc#1193905). - CVE-2021-4166: Fixed out-of-bounds read (bsc#1194093). - CVE-2021-4192: Fixed use-after-free (bsc#1194217). - CVE-2021-4193: Fixed out-of-bounds read (bsc#1194216). - CVE-2022-0128: Fixed out-of-bounds read (bsc#1194388). - CVE-2022-0213: Fixed heap-based buffer overflow (bsc#1194885). - CVE-2022-0261: Fixed heap-based buffer overflow (bsc#1194872). - CVE-2022-0318: Fixed heap-based buffer overflow (bsc#1195004). - CVE-2022-0359: Fixed heap-based buffer overflow in init_ccline() in ex_getln.c (bsc#1195203). - CVE-2022-0392: Fixed heap-based buffer overflow (bsc#1195332). - CVE-2022-0407: Fixed heap-based buffer overflow (bsc#1195354). - CVE-2022-0696: Fixed NULL pointer dereference (bsc#1196361). - CVE-2022-1381: Fixed global heap buffer overflow in skip_range (bsc#1198596). - CVE-2022-1420: Fixed out-of-range pointer offset (bsc#1198748). - CVE-2022-1616: Fixed use-after-free in append_command (bsc#1199331). - CVE-2022-1619: Fixed heap-based Buffer Overflow in function cmdline_erase_chars (bsc#1199333). - CVE-2022-1620: Fixed NULL pointer dereference in function vim_regexec_string (bsc#1199334). - CVE-2022-1733: Fixed heap-based buffer overflow in cindent.c (bsc#1199655). - CVE-2022-1735: Fixed heap-based buffer overflow (bsc#1199651). - CVE-2022-1771: Fixed stack exhaustion (bsc#1199693). - CVE-2022-1785: Fixed out-of-bounds write (bsc#1199745). - CVE-2022-1796: Fixed use-after-free in find_pattern_in_path (bsc#1199747). - CVE-2022-1851: Fixed out-of-bounds read (bsc#1199936). - CVE-2022-1897: Fixed out-of-bounds write (bsc#1200010). - CVE-2022-1898: Fixed use-after-free (bsc#1200011). - CVE-2022-1927: Fixed buffer over-read (bsc#1200012). vim-8.2.5038-150000.5.21.1.src.rpm vim-8.2.5038-150000.5.21.1.x86_64.rpm vim-data-8.2.5038-150000.5.21.1.noarch.rpm vim-data-common-8.2.5038-150000.5.21.1.noarch.rpm vim-small-8.2.5038-150000.5.21.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2300 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for open-iscsi fixes the following issues: - Set initiatorname in %post (at end of install), for cases where root is read-only at startup time (bsc#1198457) - Update to latest upstream, including: Added 'distclean' to Makefile targets. Ensure Makefile '.PHONY' targets set up correctly. Fix an iscsid logout bug generating a false error and cleanup logout error messages. Updated/fixed test script. Updated build system. Syntax error in ibft-rule-generator. (bsc#1199264) iscsiuio-0.7.8.6-150400.39.3.1.x86_64.rpm libopeniscsiusr0_2_0-2.1.7-150400.39.3.1.x86_64.rpm open-iscsi-2.1.7-150400.39.3.1.src.rpm open-iscsi-2.1.7-150400.39.3.1.x86_64.rpm open-iscsi-devel-2.1.7-150400.39.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3028 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for python-pytz fixes the following issues: - update to 2022.1: matches tzdata 2022a - declare python 3.10 compatibility python-pytz-2022.1-150300.3.6.1.src.rpm python3-pytz-2022.1-150300.3.6.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2302 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for apache2 fixes the following issues: - CVE-2022-26377: Fixed possible request smuggling in mod_proxy_ajp (bsc#1200338) - CVE-2022-28614: Fixed read beyond bounds via ap_rwrite() (bsc#1200340) - CVE-2022-28615: Fixed read beyond bounds in ap_strcmp_match() (bsc#1200341) - CVE-2022-29404: Fixed denial of service in mod_lua r:parsebody (bsc#1200345) - CVE-2022-30556: Fixed information disclosure in mod_lua with websockets (bsc#1200350) - CVE-2022-30522: Fixed mod_sed denial of service (bsc#1200352) - CVE-2022-31813: Fixed mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism (bsc#1200348) apache2-2.4.51-150400.6.3.1.src.rpm apache2-2.4.51-150400.6.3.1.x86_64.rpm apache2-prefork-2.4.51-150400.6.3.1.x86_64.rpm apache2-utils-2.4.51-150400.6.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2399 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for scap-security-guide fixes the following issues: ComplianceAsCode was updated to 0.1.62 (jsc#ECO-3319): - Update rhel8 stig to v1r6 - OL7 STIG v2r7 update - Initial definition of ANSSI BP28 minmal profile for SUSE Linux Enterprise scap-security-guide-0.1.62-150000.1.39.1.noarch.rpm scap-security-guide-0.1.62-150000.1.39.1.src.rpm scap-security-guide-debian-0.1.62-150000.1.39.1.noarch.rpm scap-security-guide-redhat-0.1.62-150000.1.39.1.noarch.rpm scap-security-guide-ubuntu-0.1.62-150000.1.39.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2340 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update of fwupdate fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) fwupdate-12-150100.11.10.1.src.rpm fwupdate-12-150100.11.10.1.x86_64.rpm fwupdate-devel-12-150100.11.10.1.x86_64.rpm fwupdate-efi-12-150100.11.10.1.x86_64.rpm libfwup1-12-150100.11.10.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2156 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 - Add python3-dnspython and python3-zypp-plugin to unrestricted channels. python-dnspython-1.15.0-150000.3.2.1.src.rpm python3-dnspython-1.15.0-150000.3.2.1.noarch.rpm python3-zypp-plugin-0.6.3-150000.4.2.1.noarch.rpm zypp-plugin-0.6.3-150000.4.2.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2157 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for binutils fixes the following issues: - For building the shim 15.6~rc1 and later versions aarch64 image, objcopy needs to support efi-app-aarch64 target. (bsc#1198458) binutils-2.37-150100.7.37.1.src.rpm binutils-2.37-150100.7.37.1.x86_64.rpm binutils-devel-2.37-150100.7.37.1.x86_64.rpm libctf-nobfd0-2.37-150100.7.37.1.x86_64.rpm libctf0-2.37-150100.7.37.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3206 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for bash-completion fixes the following issues: - Enable upstream commit to list ko.zst modules as well. (bsc#1199724) bash-completion-2.7-150000.4.9.1.noarch.rpm bash-completion-2.7-150000.4.9.1.src.rpm bash-completion-devel-2.7-150000.4.9.1.noarch.rpm bash-completion-doc-2.7-150000.4.9.1.noarch.rpm bash-completion-doc-2.7-150000.4.9.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2364 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for mdadm fixes the following issue: - Resource RAID failed during cluster patch, Mdadm gets floating point error (bsc#1197158) mdadm-4.1-150300.24.15.1.src.rpm mdadm-4.1-150300.24.15.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3135 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for hwdata fixes the following issue: - Update pci, usb and vendor ids to version 0.360 (bsc#1200110) hwdata-0.360-150000.3.48.1.noarch.rpm hwdata-0.360-150000.3.48.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3127 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libtirpc fixes the following issues: - Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800) - Fix memory leak in params.r_addr assignement (bsc#1198752) libtirpc-1.2.6-150300.3.11.1.src.rpm libtirpc-devel-1.2.6-150300.3.11.1.x86_64.rpm libtirpc-netconfig-1.2.6-150300.3.11.1.x86_64.rpm libtirpc3-1.2.6-150300.3.11.1.x86_64.rpm libtirpc3-32bit-1.2.6-150300.3.11.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2306 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for openssl-3 fixes the following issues: - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) - CVE-2022-1292: Properly sanitise shell metacharacters in c_rehash script. (bsc#1199166) - CVE-2022-1343: Fixed incorrect signature verification in OCSP_basic_verify (bsc#1199167). - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). - CVE-2022-1434: Fixed incorrect MAC key used in the RC4-MD5 ciphersuite (bsc#1199168). - CVE-2022-1473: Fixed resource leakage when decoding certificates and keys (bsc#1199169). libopenssl-3-devel-3.0.1-150400.4.7.1.x86_64.rpm libopenssl3-3.0.1-150400.4.7.1.x86_64.rpm openssl-3-3.0.1-150400.4.7.1.src.rpm openssl-3-3.0.1-150400.4.7.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2304 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for salt fixes the following issues: - CVE-2022-22967: Fixed missing check for PAM_ACCT_MGM return value that could be used to bypass authentication when using PAM (bsc#1200566) python3-salt-3004-150400.8.8.1.x86_64.rpm True salt-3004-150400.8.8.1.src.rpm True salt-3004-150400.8.8.1.x86_64.rpm True salt-bash-completion-3004-150400.8.8.1.noarch.rpm True salt-doc-3004-150400.8.8.1.x86_64.rpm True salt-minion-3004-150400.8.8.1.x86_64.rpm True salt-zsh-completion-3004-150400.8.8.1.noarch.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2022-2402 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for python-PyJWT fixes the following issues: - CVE-2022-29217: Fixed key confusion through non-blocklisted public key format (bsc#1199756). python-PyJWT-1.7.1-150200.3.3.1.src.rpm python3-PyJWT-1.7.1-150200.3.3.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2866 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for systemd-presets-common-SUSE fixes the following issues: - CVE-2022-1706: Fixed accessible configs from unprivileged containers in VMs running on VMware products (bsc#1199524). The following non-security bugs were fixed: - Modify branding-preset-states to fix systemd-presets-common-SUSE not enabling new user systemd service preset configuration just as it handles system service presets. By passing an (optional) second parameter "user", the save/apply-changes commands now work with user services instead of system ones (bsc#1200485) - Add the wireplumber user service preset to enable it by default in SLE15-SP4 where it replaced pipewire-media-session, but keep pipewire-media-session preset so we don't have to branch the systemd-presets-common-SUSE package for SP4 (bsc#1200485) systemd-presets-common-SUSE-15-150100.8.17.1.noarch.rpm systemd-presets-common-SUSE-15-150100.8.17.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2355 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for python-cryptography fixes the following issues: python-cryptography was updated to 3.3.2. update to 3.3.0: * BACKWARDS INCOMPATIBLE: The GCM and AESGCM now require 64-bit to 1024-bit (8 byte to 128 byte) initialization vectors. This change is to conform with an upcoming OpenSSL release that will no longer support sizes outside this window. * BACKWARDS INCOMPATIBLE: When deserializing asymmetric keys we now raise ValueError rather than UnsupportedAlgorithm when an unsupported cipher is used. This change is to conform with an upcoming OpenSSL release that will no longer distinguish between error types. * BACKWARDS INCOMPATIBLE: We no longer allow loading of finite field Diffie-Hellman parameters of less than 512 bits in length. This change is to conform with an upcoming OpenSSL release that no longer supports smaller sizes. These keys were already wildly insecure and should not have been used in any application outside of testing. * Added the recover_data_from_signature() function to RSAPublicKey for recovering the signed data from an RSA signature. Update to 3.2.1: Disable blinding on RSA public keys to address an error with some versions of OpenSSL. update to 3.2 (bsc#1178168, CVE-2020-25659): * CVE-2020-25659: Attempted to make RSA PKCS#1v1.5 decryption more constant time, to protect against Bleichenbacher vulnerabilities. Due to limitations imposed by our API, we cannot completely mitigate this vulnerability. * Added basic support for PKCS7 signing (including SMIME) via PKCS7SignatureBuilder. update to 3.1: * **BACKWARDS INCOMPATIBLE:** Removed support for ``idna`` based :term:`U-label` parsing in various X.509 classes. This support was originally deprecated in version 2.1 and moved to an extra in 2.5. * ``backend`` arguments to functions are no longer required and the default backend will automatically be selected if no ``backend`` is provided. * Added initial support for parsing certificates from PKCS7 files with :func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_pem_pkcs7_certificates` and :func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_der_pkcs7_certificates` . * Calling ``update`` or ``update_into`` on :class:`~cryptography.hazmat.primitives.ciphers.CipherContext` with ``data`` longer than 2\ :sup:`31` bytes no longer raises an ``OverflowError``. This also resolves the same issue in :doc:`/fernet`. update to 3.0: * RSA generate_private_key() no longer accepts public_exponent values except 65537 and 3 (the latter for legacy purposes). * X.509 certificate parsing now enforces that the version field contains a valid value, rather than deferring this check until version is accessed. * Deprecated support for Python 2 * Added support for OpenSSH serialization format for ec, ed25519, rsa and dsa private keys: load_ssh_private_key() for loading and OpenSSH for writing. * Added support for OpenSSH certificates to load_ssh_public_key(). * Added encrypt_at_time() and decrypt_at_time() to Fernet. * Added support for the SubjectInformationAccess X.509 extension. * Added support for parsing SignedCertificateTimestamps in OCSP responses. * Added support for parsing attributes in certificate signing requests via get_attribute_for_oid(). * Added support for encoding attributes in certificate signing requests via add_attribute(). * On OpenSSL 1.1.1d and higher cryptography now uses OpenSSL’s built-in CSPRNG instead of its own OS random engine because these versions of OpenSSL properly reseed on fork. * Added initial support for creating PKCS12 files with serialize_key_and_certificates(). Update to 2.9: * BACKWARDS INCOMPATIBLE: Support for Python 3.4 has been removed due to low usage and maintenance burden. * BACKWARDS INCOMPATIBLE: Support for OpenSSL 1.0.1 has been removed. Users on older version of OpenSSL will need to upgrade. * BACKWARDS INCOMPATIBLE: Support for LibreSSL 2.6.x has been removed. * Removed support for calling public_bytes() with no arguments, as per our deprecation policy. You must now pass encoding and format. * BACKWARDS INCOMPATIBLE: Reversed the order in which rfc4514_string() returns the RDNs as required by RFC 4514. * Added support for parsing single_extensions in an OCSP response. * NameAttribute values can now be empty strings. python-cryptography-3.3.2-150400.16.3.1.src.rpm python3-cryptography-3.3.2-150400.16.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2658 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for keylime fixes the following issues: Update to version 6.3.2, including fixes for: - CVE-2022-1053: Fixed Tenant and Verifier might not use the same registrar data (bsc#1199253). - CVE-2022-31250: Fixed %post scriplet allows for privilege escalation from keylime user to root (bsc#1200885). keylime-6.3.2-150400.4.11.1.src.rpm keylime-agent-6.3.2-150400.4.11.1.noarch.rpm keylime-config-6.3.2-150400.4.11.1.noarch.rpm keylime-firewalld-6.3.2-150400.4.11.1.noarch.rpm keylime-logrotate-6.3.2-150400.4.11.1.noarch.rpm keylime-registrar-6.3.2-150400.4.11.1.noarch.rpm keylime-tpm_cert_store-6.3.2-150400.4.11.1.noarch.rpm keylime-verifier-6.3.2-150400.4.11.1.noarch.rpm python3-keylime-6.3.2-150400.4.11.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2361 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) libpcre1-8.45-150000.20.13.1.x86_64.rpm libpcre16-0-8.45-150000.20.13.1.x86_64.rpm libpcrecpp0-8.45-150000.20.13.1.x86_64.rpm libpcreposix0-8.45-150000.20.13.1.x86_64.rpm pcre-8.45-150000.20.13.1.src.rpm pcre-devel-8.45-150000.20.13.1.x86_64.rpm pcre-tools-8.45-150000.20.13.1.x86_64.rpm libpcre1-32bit-8.45-150000.20.13.1.x86_64.rpm libpcrecpp0-32bit-8.45-150000.20.13.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2360 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for pcre2 fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) libpcre2-16-0-10.39-150400.4.3.1.x86_64.rpm libpcre2-32-0-10.39-150400.4.3.1.x86_64.rpm libpcre2-8-0-10.39-150400.4.3.1.x86_64.rpm libpcre2-posix2-10.39-150400.4.3.1.x86_64.rpm pcre2-10.39-150400.4.3.1.src.rpm pcre2-devel-10.39-150400.4.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2406 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for glibc fixes the following issues: - powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334) - Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718) - i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718) - rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051) This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit). glibc-2.31-150300.31.2.src.rpm glibc-2.31-150300.31.2.x86_64.rpm glibc-devel-2.31-150300.31.2.x86_64.rpm glibc-extra-2.31-150300.31.2.x86_64.rpm glibc-i18ndata-2.31-150300.31.2.noarch.rpm glibc-info-2.31-150300.31.2.noarch.rpm glibc-lang-2.31-150300.31.2.noarch.rpm glibc-locale-2.31-150300.31.2.x86_64.rpm glibc-locale-base-2.31-150300.31.2.x86_64.rpm glibc-locale-base-32bit-2.31-150300.31.2.x86_64.rpm glibc-profile-2.31-150300.31.2.x86_64.rpm libcrypt1-4.4.15-150300.4.4.3.x86_64.rpm libxcrypt-4.4.15-150300.4.4.3.src.rpm libxcrypt-devel-4.4.15-150300.4.4.3.x86_64.rpm nscd-2.31-150300.31.2.x86_64.rpm glibc-32bit-2.31-150300.31.2.x86_64.rpm libcrypt1-32bit-4.4.15-150300.4.4.3.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2469 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for systemd fixes the following issues: - Make {/etc,/usr/lib}/systemd/network owned by both udev and systemd-network. The configuration files put in these directories are read by both udevd and systemd-networkd (bsc#1201276) - Allow control characters in environment variable values (bsc#1200170) - Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570) - Fix parsing error in s390 udev rules conversion script (bsc#1198732) - core/device: device_coldplug(): don't set DEVICE_DEAD - core/device: do not downgrade device state if it is already enumerated - core/device: drop unnecessary condition libsystemd0-249.11-150400.8.5.1.x86_64.rpm True libsystemd0-32bit-249.11-150400.8.5.1.x86_64.rpm True libudev1-249.11-150400.8.5.1.x86_64.rpm True libudev1-32bit-249.11-150400.8.5.1.x86_64.rpm True systemd-249.11-150400.8.5.1.src.rpm True systemd-249.11-150400.8.5.1.x86_64.rpm True systemd-container-249.11-150400.8.5.1.x86_64.rpm True systemd-coredump-249.11-150400.8.5.1.x86_64.rpm True systemd-devel-249.11-150400.8.5.1.x86_64.rpm True systemd-doc-249.11-150400.8.5.1.x86_64.rpm True systemd-lang-249.11-150400.8.5.1.noarch.rpm True systemd-sysvinit-249.11-150400.8.5.1.x86_64.rpm True udev-249.11-150400.8.5.1.x86_64.rpm True systemd-32bit-249.11-150400.8.5.1.x86_64.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2022-2668 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update of ldns fixes the following issue: - ldns is shipped to the unsupported packagehub module as dependency of unbound. (bsc#1200843) ldns-1.7.0-150000.4.8.1.src.rpm ldns-devel-1.7.0-150000.4.8.1.x86_64.rpm libldns2-1.7.0-150000.4.8.1.x86_64.rpm libunbound2-1.6.8-150100.10.8.1.x86_64.rpm unbound-1.6.8-150100.10.8.1.src.rpm unbound-anchor-1.6.8-150100.10.8.1.x86_64.rpm unbound-devel-1.6.8-150100.10.8.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2919 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for gnutls fixes the following issues: - CVE-2022-2509: Fixed a double free issue during PKCS7 verification (bsc#1202020). Non-security fixes: - FIPS: Check minimum keylength for symmetric key generation [bsc#1190698] - FIPS: Only allows ECDSA signature with valid set of hashes (SHA2 and SHA3) [bsc#1190698] - FIPS: Provides interface for running library self tests on-demand [bsc#1198979] gnutls-3.7.3-150400.4.10.1.src.rpm gnutls-3.7.3-150400.4.10.1.x86_64.rpm libgnutls-devel-3.7.3-150400.4.10.1.x86_64.rpm libgnutls30-3.7.3-150400.4.10.1.x86_64.rpm libgnutls30-32bit-3.7.3-150400.4.10.1.x86_64.rpm libgnutls30-hmac-3.7.3-150400.4.10.1.x86_64.rpm libgnutls30-hmac-32bit-3.7.3-150400.4.10.1.x86_64.rpm libgnutlsxx-devel-3.7.3-150400.4.10.1.x86_64.rpm libgnutlsxx28-3.7.3-150400.4.10.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2646 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for python-numpy fixes the following issues: - CVE-2021-41495: Fixed Null Pointer Dereference in numpy.sort (bsc#1193911). python-numpy-1.17.3-150400.23.3.1.src.rpm python3-numpy-1.17.3-150400.23.3.1.x86_64.rpm python3-numpy-devel-1.17.3-150400.23.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2426 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for rsyslog fixes the following issues: - Remove inotify watch descriptor in imfile on inode change detected (bsc#1198939) rsyslog-8.2106.0-150400.5.3.1.src.rpm rsyslog-8.2106.0-150400.5.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2473 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for firewalld fixes the following issues: - Fix regression introduced in previous patch (an api change to a function also needed backporting) (bsc#1198814) firewalld-0.9.3-150400.8.6.1.noarch.rpm firewalld-0.9.3-150400.8.6.1.src.rpm firewalld-lang-0.9.3-150400.8.6.1.noarch.rpm python3-firewall-0.9.3-150400.8.6.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2370 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for xorg-x11-server fixes the following issues: - CVE-2022-2319: Fixed out-of-bounds access in _CheckSetSections() (ZDI-CAN-16062) (bsc#1194179). - CVE-2022-2320: Fixed out-of-bounds access in CheckSetDeviceIndicators() (ZDI-CAN-16070) (bsc#1194181). - Fix Xserver crash on keyboard remapping (bsc#1200076) xorg-x11-server-1.20.3-150400.38.5.1.src.rpm xorg-x11-server-1.20.3-150400.38.5.1.x86_64.rpm xorg-x11-server-extra-1.20.3-150400.38.5.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2305 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for curl fixes the following issues: - CVE-2022-32205: Set-Cookie denial of service (bsc#1200734) - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32207: Unpreserved file permissions (bsc#1200736) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) curl-7.79.1-150400.5.3.1.src.rpm curl-7.79.1-150400.5.3.1.x86_64.rpm libcurl-devel-7.79.1-150400.5.3.1.x86_64.rpm libcurl4-32bit-7.79.1-150400.5.3.1.x86_64.rpm libcurl4-7.79.1-150400.5.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2928 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update of bluez ships the missing bluez-deprecated package. (bsc#1201060) bluez-5.62-150400.4.2.1.src.rpm bluez-5.62-150400.4.2.1.x86_64.rpm bluez-deprecated-5.62-150400.4.2.1.x86_64.rpm libbluetooth3-5.62-150400.4.2.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3148 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for branding-SLE fixes the following issues: - Fix bootloader menu to display correct operating system information (bsc#997317, bsc#1199818) branding-SLE-15-150400.38.3.1.noarch.rpm branding-SLE-15-150400.38.3.1.src.rpm grub2-branding-SLE-15-150400.38.3.1.noarch.rpm plymouth-branding-SLE-15-150400.38.3.1.noarch.rpm wallpaper-branding-SLE-15-150400.38.3.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2593 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for perl-IO-Socket-SSL fixes the following issues: - Follow system crypto-policies "PROFILE=SYSTEM" on OpenSSL ciphers (bsc#1200295) perl-IO-Socket-SSL-2.066-150400.7.3.1.noarch.rpm perl-IO-Socket-SSL-2.066-150400.7.3.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2647 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for tiff fixes the following issues: - CVE-2022-2056: Fixed a division by zero denial of service (bsc#1201176). - CVE-2022-2057: Fixed a division by zero denial of service (bsc#1201175). - CVE-2022-2058: Fixed a division by zero denial of service (bsc#1201174). libtiff-devel-4.0.9-150000.45.11.1.x86_64.rpm libtiff5-32bit-4.0.9-150000.45.11.1.x86_64.rpm libtiff5-4.0.9-150000.45.11.1.x86_64.rpm tiff-4.0.9-150000.45.11.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3026 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for setools fixes the following issues: - require python3 in python3-setools, not python (bsc#1200649) python3-setools-4.3.0-150400.3.3.1.x86_64.rpm setools-4.3.0-150400.3.3.1.src.rpm setools-console-4.3.0-150400.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2735 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for tar fixes the following issues: - Fix race condition while creating intermediate subdirectories (bsc#1200657) tar-1.34-150000.3.15.1.src.rpm tar-1.34-150000.3.15.1.x86_64.rpm tar-lang-1.34-150000.3.15.1.noarch.rpm tar-rmt-1.34-150000.3.15.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3133 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for sg3_utils fixes the following issues: - Add timeout parameter to rescan-scsi-bus.sh (bsc#1199248) libsgutils-devel-1.47+5.d13bc56-150400.3.3.1.x86_64.rpm libsgutils2-1_47-2-1.47+5.d13bc56-150400.3.3.1.x86_64.rpm sg3_utils-1.47+5.d13bc56-150400.3.3.1.src.rpm sg3_utils-1.47+5.d13bc56-150400.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2523 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for webkit2gtk3 fixes the following issues: Update to version 2.36.4 (bsc#1201221): - CVE-2022-22662: Processing maliciously crafted web content may disclose sensitive user information. - CVE-2022-22677: The video in a webRTC call may be interrupted if the audio capture gets interrupted. - CVE-2022-26710: Processing maliciously crafted web content may lead to arbitrary code execution. libjavascriptcoregtk-4_0-18-2.36.4-150400.4.6.2.x86_64.rpm libwebkit2gtk-4_0-37-2.36.4-150400.4.6.2.x86_64.rpm typelib-1_0-JavaScriptCore-4_0-2.36.4-150400.4.6.2.x86_64.rpm typelib-1_0-WebKit2-4_0-2.36.4-150400.4.6.2.x86_64.rpm typelib-1_0-WebKit2WebExtension-4_0-2.36.4-150400.4.6.2.x86_64.rpm webkit2gtk-4_0-injected-bundles-2.36.4-150400.4.6.2.x86_64.rpm webkit2gtk3-soup2-2.36.4-150400.4.6.2.src.rpm webkit2gtk3-soup2-devel-2.36.4-150400.4.6.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2632 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for permissions fixes the following issues: * apptainer: fix starter-suid location (bsc#1198720) * static permissions: remove deprecated bind / named chroot entries (bsc#1200747) * postfix: add postlog setgid for maildrop binary (bsc#1201385) permissions-20201225-150400.5.8.1.src.rpm permissions-20201225-150400.5.8.1.x86_64.rpm permissions-zypp-plugin-20201225-150400.5.8.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2573 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libzypp, zypper fixes the following issues: libzypp: - appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684) - zypp-rpm: flush rpm script output buffer before sending endOfScriptTag - PluginRepoverification: initial version hooked into repo::Downloader and repo refresh - Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived (bsc#1199042) - singletrans: no dry-run commit if doing just download-only - Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were removed at the beginning of the repo. - Fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER zypper: - Basic JobReport for "cmdout/monitor" - versioncmp: if verbose, also print the edition 'parts' which are compared - Make sure MediaAccess is closed on exception (bsc#1194550) - Display plus-content hint conditionally - Honor the NO_COLOR environment variable when auto-detecting whether to use color - Define table columns which should be sorted natural [case insensitive] - lr/ls: Use highlight color on name and alias as well libzypp-17.30.2-150400.3.3.1.src.rpm True libzypp-17.30.2-150400.3.3.1.x86_64.rpm True libzypp-devel-17.30.2-150400.3.3.1.x86_64.rpm True zypper-1.14.53-150400.3.3.1.src.rpm True zypper-1.14.53-150400.3.3.1.x86_64.rpm True zypper-log-1.14.53-150400.3.3.1.noarch.rpm True zypper-needs-restarting-1.14.53-150400.3.3.1.noarch.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2022-2904 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) libldap-2_4-2-2.4.46-150200.14.11.2.x86_64.rpm libldap-data-2.4.46-150200.14.11.2.noarch.rpm openldap2-2.4.46-150200.14.11.2.src.rpm openldap2-client-2.4.46-150200.14.11.2.x86_64.rpm openldap2-devel-2.4.46-150200.14.11.2.x86_64.rpm openldap2-devel-static-2.4.46-150200.14.11.2.x86_64.rpm libldap-2_4-2-32bit-2.4.46-150200.14.11.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3130 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libqt5-qtbase fixes the following issues: - Fix some HTTP/2 communication (bsc#1200715) - Mitigate issue with -D_FORTIFY_SOURCE=3 seen with GCC 12 libQt5Concurrent-devel-5.15.2+kde294-150400.6.3.1.x86_64.rpm libQt5Concurrent5-5.15.2+kde294-150400.6.3.1.x86_64.rpm libQt5Core-devel-5.15.2+kde294-150400.6.3.1.x86_64.rpm libQt5Core-private-headers-devel-5.15.2+kde294-150400.6.3.1.noarch.rpm libQt5Core5-5.15.2+kde294-150400.6.3.1.x86_64.rpm libQt5DBus-devel-5.15.2+kde294-150400.6.3.1.x86_64.rpm libQt5DBus-private-headers-devel-5.15.2+kde294-150400.6.3.1.noarch.rpm libQt5DBus5-5.15.2+kde294-150400.6.3.1.x86_64.rpm libQt5Gui-devel-5.15.2+kde294-150400.6.3.1.x86_64.rpm libQt5Gui-private-headers-devel-5.15.2+kde294-150400.6.3.1.noarch.rpm libQt5Gui5-5.15.2+kde294-150400.6.3.1.x86_64.rpm libQt5KmsSupport-devel-static-5.15.2+kde294-150400.6.3.1.x86_64.rpm libQt5KmsSupport-private-headers-devel-5.15.2+kde294-150400.6.3.1.noarch.rpm libQt5Network-devel-5.15.2+kde294-150400.6.3.1.x86_64.rpm libQt5Network-private-headers-devel-5.15.2+kde294-150400.6.3.1.noarch.rpm libQt5Network5-5.15.2+kde294-150400.6.3.1.x86_64.rpm libQt5OpenGL-devel-5.15.2+kde294-150400.6.3.1.x86_64.rpm libQt5OpenGL-private-headers-devel-5.15.2+kde294-150400.6.3.1.noarch.rpm libQt5OpenGL5-5.15.2+kde294-150400.6.3.1.x86_64.rpm libQt5PlatformHeaders-devel-5.15.2+kde294-150400.6.3.1.x86_64.rpm libQt5PlatformSupport-devel-static-5.15.2+kde294-150400.6.3.1.x86_64.rpm libQt5PlatformSupport-private-headers-devel-5.15.2+kde294-150400.6.3.1.noarch.rpm libQt5PrintSupport-devel-5.15.2+kde294-150400.6.3.1.x86_64.rpm libQt5PrintSupport-private-headers-devel-5.15.2+kde294-150400.6.3.1.noarch.rpm libQt5PrintSupport5-5.15.2+kde294-150400.6.3.1.x86_64.rpm libQt5Sql-devel-5.15.2+kde294-150400.6.3.1.x86_64.rpm libQt5Sql-private-headers-devel-5.15.2+kde294-150400.6.3.1.noarch.rpm libQt5Sql5-5.15.2+kde294-150400.6.3.1.x86_64.rpm libQt5Sql5-sqlite-5.15.2+kde294-150400.6.3.1.x86_64.rpm libQt5Test-devel-5.15.2+kde294-150400.6.3.1.x86_64.rpm libQt5Test-private-headers-devel-5.15.2+kde294-150400.6.3.1.noarch.rpm libQt5Test5-5.15.2+kde294-150400.6.3.1.x86_64.rpm libQt5Widgets-devel-5.15.2+kde294-150400.6.3.1.x86_64.rpm libQt5Widgets-private-headers-devel-5.15.2+kde294-150400.6.3.1.noarch.rpm libQt5Widgets5-5.15.2+kde294-150400.6.3.1.x86_64.rpm libQt5Xml-devel-5.15.2+kde294-150400.6.3.1.x86_64.rpm libQt5Xml5-5.15.2+kde294-150400.6.3.1.x86_64.rpm libqt5-qtbase-5.15.2+kde294-150400.6.3.1.src.rpm libqt5-qtbase-common-devel-5.15.2+kde294-150400.6.3.1.x86_64.rpm libqt5-qtbase-devel-5.15.2+kde294-150400.6.3.1.x86_64.rpm libqt5-qtbase-private-headers-devel-5.15.2+kde294-150400.6.3.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3011 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for tigervnc fixes the following issues: - Fix VNC client not refreshing screen correctly due to an issue on TLS stream buffers (bsc#1199477) libXvnc1-1.10.1-150400.7.5.2.x86_64.rpm tigervnc-1.10.1-150400.7.5.2.src.rpm tigervnc-1.10.1-150400.7.5.2.x86_64.rpm xorg-x11-Xvnc-1.10.1-150400.7.5.2.x86_64.rpm xorg-x11-Xvnc-module-1.10.1-150400.7.5.2.x86_64.rpm xorg-x11-Xvnc-novnc-1.10.1-150400.7.5.2.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2659 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for ldb, samba fixes the following issues: - CVE-2022-32746: Fixed a use-after-free occurring in database audit logging (bsc#1201490). - CVE-2022-32745: Fixed a remote server crash with an LDAP add or modify request (bsc#1201492). - CVE-2022-2031: Fixed AD restrictions bypass associated with changing passwords (bsc#1201495). - CVE-2022-32742: Fixed a memory leak in SMB1 (bsc#1201496). - CVE-2022-32744: Fixed an arbitrary password change request for any AD user (bsc#1201493). The following non-security bug were fixed: ldb was updated to version 2.4.3: + Fix build problems, waf produces incorrect names for python extensions; (bso#15071); samba was updated to 4.15.8: * Use pathref fd instead of io fd in vfs_default_durable_cookie; (bso#15042); * Setting fruit:resource = stream in vfs_fruit causes a panic; (bso#15099); * Add support for bind 9.18; (bso#14986); * logging dsdb audit to specific files does not work; (bso#15076); * vfs_gpfs with vfs_shadowcopy2 fail to restore file if original file had been deleted; (bso#15069); * netgroups support removed; (bso#15087); (bsc#1199247); * net ads info shows LDAP Server: 0.0.0.0 depending on contacted server; (bso#14674); (bsc#1199734); * waf produces incorrect names for python extensions with Python 3.11; (bso#15071); * smbclient commands del & deltree fail with NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100); (bsc#1200556); * vfs_gpfs recalls=no option prevents listing files; (bso#15055); * waf produces incorrect names for python extensions with Python 3.11; (bso#15071); * Compile error in source3/utils/regedit_hexedit.c; (bso#15091); * ldconfig: /lib64/libsmbconf.so.0 is not a symbolic link; (bso#15108); * smbd doesn't handle UPNs for looking up names; (bso#15054); * Out-by-4 error in smbd read reply max_send clamp; (bso#14443); - Move pdb backends from package samba-libs to package samba-client-libs and remove samba-libs requirement from samba-winbind; (bsc#1200964); (bsc#1198255); - Use the canonical realm name to refresh the Kerberos tickets; (bsc#1196224); (bso#14979); - Fix smbclient commands del & deltree failing with NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100); (bsc#1200556). ldb-2.4.3-150400.4.8.1.src.rpm ldb-tools-2.4.3-150400.4.8.1.x86_64.rpm libldb-devel-2.4.3-150400.4.8.1.x86_64.rpm libldb2-2.4.3-150400.4.8.1.x86_64.rpm libsamba-policy-devel-4.15.8+git.500.d5910280cc7-150400.3.11.1.x86_64.rpm libsamba-policy-python3-devel-4.15.8+git.500.d5910280cc7-150400.3.11.1.x86_64.rpm libsamba-policy0-python3-4.15.8+git.500.d5910280cc7-150400.3.11.1.x86_64.rpm python3-ldb-2.4.3-150400.4.8.1.x86_64.rpm python3-ldb-devel-2.4.3-150400.4.8.1.x86_64.rpm samba-4.15.8+git.500.d5910280cc7-150400.3.11.1.src.rpm samba-4.15.8+git.500.d5910280cc7-150400.3.11.1.x86_64.rpm samba-ad-dc-libs-4.15.8+git.500.d5910280cc7-150400.3.11.1.x86_64.rpm samba-ceph-4.15.8+git.500.d5910280cc7-150400.3.11.1.x86_64.rpm samba-client-4.15.8+git.500.d5910280cc7-150400.3.11.1.x86_64.rpm samba-client-libs-4.15.8+git.500.d5910280cc7-150400.3.11.1.x86_64.rpm samba-devel-4.15.8+git.500.d5910280cc7-150400.3.11.1.x86_64.rpm samba-dsdb-modules-4.15.8+git.500.d5910280cc7-150400.3.11.1.x86_64.rpm samba-gpupdate-4.15.8+git.500.d5910280cc7-150400.3.11.1.x86_64.rpm samba-ldb-ldap-4.15.8+git.500.d5910280cc7-150400.3.11.1.x86_64.rpm samba-libs-4.15.8+git.500.d5910280cc7-150400.3.11.1.x86_64.rpm samba-libs-python3-4.15.8+git.500.d5910280cc7-150400.3.11.1.x86_64.rpm samba-python3-4.15.8+git.500.d5910280cc7-150400.3.11.1.x86_64.rpm samba-winbind-4.15.8+git.500.d5910280cc7-150400.3.11.1.x86_64.rpm samba-winbind-libs-4.15.8+git.500.d5910280cc7-150400.3.11.1.x86_64.rpm libldb2-32bit-2.4.3-150400.4.8.1.x86_64.rpm samba-client-libs-32bit-4.15.8+git.500.d5910280cc7-150400.3.11.1.x86_64.rpm samba-libs-32bit-4.15.8+git.500.d5910280cc7-150400.3.11.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2550 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for git fixes the following issues: - CVE-2022-29187: Incomplete fix for CVE-2022-24765: potential command injection via git worktree (bsc#1201431). git-2.35.3-150300.10.15.1.src.rpm git-core-2.35.3-150300.10.15.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2874 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for perl-HTTP-Daemon fixes the following issues: - CVE-2022-31081: Fixed request smuggling in HTTP::Daemon (bsc#1201157). perl-HTTP-Daemon-6.01-150000.3.5.1.noarch.rpm perl-HTTP-Daemon-6.01-150000.3.5.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2532 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for python-M2Crypto fixes the following issues: - CVE-2020-25657: Fixed Bleichenbacher timing attacks in the RSA decryption API (bsc#1178829). python-M2Crypto-0.38.0-150400.3.3.1.src.rpm python3-M2Crypto-0.38.0-150400.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2818 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for ceph fixes the following issues: - Update to 16.2.9-536-g41a9f9a5573: + (bsc#1195359, bsc#1200553) rgw: check bucket shard init status in RGWRadosBILogTrimCR + (bsc#1194131) ceph-volume: honour osd_dmcrypt_key_size option (CVE-2021-3979) - Update to 16.2.9-158-gd93952c7eea: + cmake: check for python(\d)\.(\d+) when building boost + make-dist: patch boost source to support python 3.10 - Update to ceph-16.2.9-58-ge2e5cb80063: + (bsc#1200064, pr#480) Remove last vestiges of docker.io image paths - Update to 16.2.9.50-g7d9f12156fb: + (jsc#SES-2515) High-availability NFS export + (bsc#1196044) cephadm: prometheus: The generatorURL in alerts is only using hostname + (bsc#1196785) cephadm: avoid crashing on expected non-zero exit - Update to 16.2.7-969-g6195a460d89 + (jsc#SES-2515) High-availability NFS export ceph-16.2.9.536+g41a9f9a5573-150400.3.3.1.src.rpm ceph-common-16.2.9.536+g41a9f9a5573-150400.3.3.1.x86_64.rpm libcephfs-devel-16.2.9.536+g41a9f9a5573-150400.3.3.1.x86_64.rpm libcephfs2-16.2.9.536+g41a9f9a5573-150400.3.3.1.x86_64.rpm librados-devel-16.2.9.536+g41a9f9a5573-150400.3.3.1.x86_64.rpm librados2-16.2.9.536+g41a9f9a5573-150400.3.3.1.x86_64.rpm libradospp-devel-16.2.9.536+g41a9f9a5573-150400.3.3.1.x86_64.rpm librbd-devel-16.2.9.536+g41a9f9a5573-150400.3.3.1.x86_64.rpm librbd1-16.2.9.536+g41a9f9a5573-150400.3.3.1.x86_64.rpm librgw-devel-16.2.9.536+g41a9f9a5573-150400.3.3.1.x86_64.rpm librgw2-16.2.9.536+g41a9f9a5573-150400.3.3.1.x86_64.rpm python3-ceph-argparse-16.2.9.536+g41a9f9a5573-150400.3.3.1.x86_64.rpm python3-ceph-common-16.2.9.536+g41a9f9a5573-150400.3.3.1.x86_64.rpm python3-cephfs-16.2.9.536+g41a9f9a5573-150400.3.3.1.x86_64.rpm python3-rados-16.2.9.536+g41a9f9a5573-150400.3.3.1.x86_64.rpm python3-rbd-16.2.9.536+g41a9f9a5573-150400.3.3.1.x86_64.rpm python3-rgw-16.2.9.536+g41a9f9a5573-150400.3.3.1.x86_64.rpm rados-objclass-devel-16.2.9.536+g41a9f9a5573-150400.3.3.1.x86_64.rpm rbd-nbd-16.2.9.536+g41a9f9a5573-150400.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2717 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). libncurses6-6.1-150000.5.12.1.x86_64.rpm ncurses-6.1-150000.5.12.1.src.rpm ncurses-devel-6.1-150000.5.12.1.x86_64.rpm ncurses-utils-6.1-150000.5.12.1.x86_64.rpm tack-6.1-150000.5.12.1.x86_64.rpm terminfo-6.1-150000.5.12.1.x86_64.rpm terminfo-base-6.1-150000.5.12.1.x86_64.rpm terminfo-iterm-6.1-150000.5.12.1.x86_64.rpm terminfo-screen-6.1-150000.5.12.1.x86_64.rpm libncurses6-32bit-6.1-150000.5.12.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3015 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for yast2-registration fixes the following issue: - Do not crash when cloning an unregistered system with additional repositories. (bsc#1200035) yast2-registration-4.4.22-150400.3.3.1.noarch.rpm yast2-registration-4.4.22-150400.3.3.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2493 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for rpm-config-SUSE fixes the following issues: - Add SBAT values macros for other packages (bsc#1193282) rpm-config-SUSE-1-150400.14.3.1.noarch.rpm rpm-config-SUSE-1-150400.14.3.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3022 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for python-pyOpenSSL fixes the following issues: - Fixed checks for invalid ALPN lists before calling OpenSSL (gh#pyca/pyopenssl#1056). python-pyOpenSSL was updated to 21.0.0 (bsc#1200771, jsc#SLE-24519): - The minimum ``cryptography`` version is now 3.3. - Raise an error when an invalid ALPN value is set. - Added ``OpenSSL.SSL.Context.set_min_proto_version`` and ``OpenSSL.SSL.Context.set_max_proto_version`` - Updated ``to_cryptography`` and ``from_cryptography`` methods to support an upcoming release of ``cryptography`` without raising deprecation warnings. python-pyOpenSSL-21.0.0-150400.3.3.1.src.rpm python3-pyOpenSSL-21.0.0-150400.3.3.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3215 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for rpm fixes the following issues: - Support Ed25519 RPM signatures [jsc#SLE-24714] python-rpm-4.14.3-150300.49.1.src.rpm python3-rpm-4.14.3-150300.49.1.x86_64.rpm rpm-32bit-4.14.3-150300.49.1.x86_64.rpm rpm-4.14.3-150300.49.1.src.rpm rpm-4.14.3-150300.49.1.x86_64.rpm rpm-devel-4.14.3-150300.49.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3021 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for python-dmidecode fixes the following issues: - Fixed memory map size for "Type Detail" (bsc#1194351) - Use update-alternatives mechanism instead of shared subpackage. - Realign the spec file for python singlespec python-dmidecode-3.12.2-150400.14.3.1.src.rpm python3-dmidecode-3.12.2-150400.14.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2677 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for hwinfo fixes the following issues: - Keep NVMe's namespace output consistency when the option `nvme_core.multipath=1` (bsc#1199948) hwinfo-21.82-150400.3.3.1.src.rpm hwinfo-21.82-150400.3.3.1.x86_64.rpm hwinfo-devel-21.82-150400.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2494 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for glibc fixes the following issues: - Remove tunables from static tls surplus patch which caused crashes (bsc#1200855) - i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788) glibc-2.31-150300.37.1.src.rpm glibc-2.31-150300.37.1.x86_64.rpm glibc-devel-2.31-150300.37.1.x86_64.rpm glibc-extra-2.31-150300.37.1.x86_64.rpm glibc-i18ndata-2.31-150300.37.1.noarch.rpm glibc-info-2.31-150300.37.1.noarch.rpm glibc-lang-2.31-150300.37.1.noarch.rpm glibc-locale-2.31-150300.37.1.x86_64.rpm glibc-locale-base-2.31-150300.37.1.x86_64.rpm glibc-locale-base-32bit-2.31-150300.37.1.x86_64.rpm glibc-profile-2.31-150300.37.1.x86_64.rpm nscd-2.31-150300.37.1.x86_64.rpm glibc-32bit-2.31-150300.37.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3299 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for Yast2 fixes the following issues: autoyast2: - Revert the modification done in version 4.3.97 running the initscripts before systed-user-sessions service again once systemd fixed logind (bsc#1195059, bsc#1200780) - Run the registration step early only on the Online installation medium which does not provide any packages. On the other media run the registration step later.Fixes crash in the SLE Micro when the AutoYaST profile enables the registration step. (bsc#1200803) yast2: - Added a parameter to `NetworkService.EnableDisableNow` method in order to ensure that the selected network service is enabled even when the selection has not been modified (bsc#1202479) - Do not ask for user input while checking file conflicts if the delayed progress popup is not shown (bsc#1201924, bsc#1202892) - Avoid build failures when packager is not available (bsc#1196674) - Show what product is being installed (bsc#1196674) - Show file conflict checking progress in delayed popup (bsc#1195608) yast2-auth-client: - Fix internal error caused by a deprecated function that was still being called (bsc#1202919) - Remove deprecated nss_ldap and pam_ldap support in favour of SSSD (bsc#1201747) - Allow to define the dnsHostName attribute when connecting to an Active Directory (bsc#1200964) yast2-fcoe-client: - Use yast2-network to write the sysconfig files, to be aware of the new connections added during the installation (bsc#1199554) yast2-firstboot: - Do not skip client for root password automatically if the user password has not been set yet (bsc#1202228) yast2-installation: - Do not use "xrdb" for setting the "Xft.dpi" value, use a specific YaST tool from the yast2-x11 package (bsc#1201532) - Install yast2-x11 only when GUI (libyui-qt) is installed, avoid installing the dependent X libraries in minimal (text mode) installation (bsc#1201966) - AutoYaST SecondStage: Revert changes introduced in 4.3.46 running the initscript service before systemd-user-sessions again once systemd patched logind (bsc#1195059, bsc#1200780) - Do not restart services when updating the package (bsc#1199480, bsc#1200274) - AutoYaST Second Stage: Added a missing dependency to the service to prevent getty-autogeneration listen on 5901 port (bsc#1199746) yast2-network: - Added a class to generate the configuration needed for a FCoE device being aware of it during the installation (bsc#1199554) - AY: Added missing route extrapara element to the networking section (bsc#1201129) - CFA NM: replace problematic characters when getting the filename for the given wireless configuration (bsc#1199451) - Allow more than 6 domains in resolver search list (bsc#1200155) yast2-nfs-client: - Fix localization of NFS Version widget values (bsc#1198076) yast2-online-update-configuration: - Reduce nesting in the "category_filter" section of the AutoYaST profile. The old (nested) format is still accepted (bsc#1198848) yast2-packager: - Fix package counters in the installation slideshow (bsc#1199621) yast2-schema-default: - Add 'extrapara' to routes in the networking section (bsc#1201129) - Support for flatten and nested "category_filter" element in the "online_update_configuration" section (bsc#1198848) yast2-schema-micro: - Add 'extrapara' to routes in the networking section (bsc#1201129) - Support for flatten and nested "category_filter" element in the "online_update_configuration" section (bsc#1198848) yast2-security: - Do not crash when reading active LSM modules returns nil (jsc#SLE-22069) yast2-update: - Use the "norecovery" mount option when searching the root partitions (bsc#1195894) yast2-users: - Fix writing ssh keys for user without specified home (bsc#1201185) yast2-x11: - Added "xftdpi" tool to not depend on xrdb (which requires the C pre-processor), this decreases the installed size (bsc#1201966, bsc#1201532) autoyast2-4.4.39-150400.3.8.1.noarch.rpm autoyast2-4.4.39-150400.3.8.1.src.rpm autoyast2-installation-4.4.39-150400.3.8.1.noarch.rpm yast2-4.4.52-150400.3.8.1.src.rpm yast2-4.4.52-150400.3.8.1.x86_64.rpm yast2-auth-client-4.4.4-150400.3.7.1.noarch.rpm yast2-auth-client-4.4.4-150400.3.7.1.src.rpm yast2-fcoe-client-4.4.3-150400.3.3.1.noarch.rpm yast2-fcoe-client-4.4.3-150400.3.3.1.src.rpm yast2-firstboot-4.4.9-150400.3.3.1.noarch.rpm yast2-firstboot-4.4.9-150400.3.3.1.src.rpm yast2-firstboot-wsl-4.4.9-150400.3.3.1.noarch.rpm yast2-installation-4.4.56-150400.3.9.1.noarch.rpm yast2-installation-4.4.56-150400.3.9.1.src.rpm yast2-logs-4.4.52-150400.3.8.1.x86_64.rpm yast2-network-4.4.49-150400.3.6.1.noarch.rpm yast2-network-4.4.49-150400.3.6.1.src.rpm yast2-nfs-client-4.4.5-150400.3.4.1.noarch.rpm yast2-nfs-client-4.4.5-150400.3.4.1.src.rpm yast2-online-update-configuration-4.4.1-150400.3.10.1.noarch.rpm yast2-online-update-configuration-4.4.1-150400.3.10.1.src.rpm yast2-packager-4.4.32-150400.3.4.1.src.rpm yast2-packager-4.4.32-150400.3.4.1.x86_64.rpm yast2-schema-default-4.4.14-150400.3.6.2.src.rpm yast2-schema-default-4.4.14-150400.3.6.2.x86_64.rpm yast2-security-4.4.14-150400.3.3.1.noarch.rpm yast2-security-4.4.14-150400.3.3.1.src.rpm yast2-update-4.4.7-150400.3.3.1.src.rpm yast2-update-4.4.7-150400.3.3.1.x86_64.rpm yast2-users-4.4.11-150400.3.3.1.src.rpm yast2-users-4.4.11-150400.3.3.1.x86_64.rpm yast2-x11-4.4.2-150400.3.3.1.src.rpm yast2-x11-4.4.2-150400.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2597 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for xen fixes the following issues: - CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (XSA-402) (bsc#1199966). - CVE-2022-21123, CVE-2022-21125, CVE-2022-21166: Fixed MMIO stale data vulnerabilities on x86 (XSA-404) (bsc#1200549). - CVE-2022-26362: Fixed a race condition in typeref acquisition (XSA-401) (bsc#1199965). - CVE-2022-33745: Fixed insufficient TLB flush for x86 PV guests in shadow mode (XSA-408) (bsc#1201394). - CVE-2022-23816, CVE-2022-23825, CVE-2022-29900: Fixed RETBLEED vulnerability, arbitrary speculative code execution with return instructions (XSA-407) (bsc#1201469). Fixed several upstream bugs (bsc#1027519). xen-4.16.1_06-150400.4.8.1.src.rpm True xen-libs-4.16.1_06-150400.4.8.1.x86_64.rpm True xen-tools-domU-4.16.1_06-150400.4.8.1.x86_64.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2022-2566 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for pcre2 fixes the following issues: - CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235). libpcre2-16-0-10.39-150400.4.6.1.x86_64.rpm libpcre2-32-0-10.39-150400.4.6.1.x86_64.rpm libpcre2-8-0-10.39-150400.4.6.1.x86_64.rpm libpcre2-posix2-10.39-150400.4.6.1.x86_64.rpm pcre2-10.39-150400.4.6.1.src.rpm pcre2-devel-10.39-150400.4.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2681 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for wavpack fixes the following issues: - CVE-2022-2476: Fixed a Null pointer dereference in wvunpack (bsc#1201716). libwavpack1-5.4.0-150000.4.15.1.x86_64.rpm wavpack-5.4.0-150000.4.15.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2660 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for java-17-openjdk fixes the following issues: Update to upstream tag jdk-17.0.4+8 (July 2022 CPU) - CVE-2022-21540: Improve class compilation (bsc#1201694) - CVE-2022-21541: Enhance MethodHandle invocations (bsc#1201692) - CVE-2022-34169: Improve Xalan supports (bsc#1201684) - CVE-2022-21549: java.util.random does not correctly sample exponential or Gaussian distributions (bsc#1201685) java-17-openjdk-17.0.4.0-150400.3.3.1.src.rpm java-17-openjdk-17.0.4.0-150400.3.3.1.x86_64.rpm java-17-openjdk-demo-17.0.4.0-150400.3.3.1.x86_64.rpm java-17-openjdk-devel-17.0.4.0-150400.3.3.1.x86_64.rpm java-17-openjdk-headless-17.0.4.0-150400.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2707 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for java-11-openjdk fixes the following issues: Update to upstream tag jdk-11.0.16+8 (July 2022 CPU) - CVE-2022-21540: Improve class compilation (bsc#1201694) - CVE-2022-21541: Enhance MethodHandle invocations (bsc#1201692) - CVE-2022-34169: Improve Xalan supports (bsc#1201684) java-11-openjdk-11.0.16.0-150000.3.83.1.src.rpm java-11-openjdk-11.0.16.0-150000.3.83.1.x86_64.rpm java-11-openjdk-demo-11.0.16.0-150000.3.83.1.x86_64.rpm java-11-openjdk-devel-11.0.16.0-150000.3.83.1.x86_64.rpm java-11-openjdk-headless-11.0.16.0-150000.3.83.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2616 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for scap-security-guide fixes the following issues: - Fix the build for RHEL 7 and clones (python-setuptools is used) scap-security-guide-0.1.62-150000.1.42.1.noarch.rpm scap-security-guide-0.1.62-150000.1.42.1.src.rpm scap-security-guide-debian-0.1.62-150000.1.42.1.noarch.rpm scap-security-guide-redhat-0.1.62-150000.1.42.1.noarch.rpm scap-security-guide-ubuntu-0.1.62-150000.1.42.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2640 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for yaml-cpp fixes the following issue: - Version 0.6.3 changed ABI without changing SONAME. Re-add symbol from the old ABI to prevent ABI breakage and crash of applications compiled with 0.6.1 (bsc#1200624, bsc#1178332, bsc#1178331, bsc#1160171). libyaml-cpp0_6-0.6.3-150400.4.3.1.x86_64.rpm yaml-cpp-0.6.3-150400.4.3.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2548 critical SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for python-cssselect implements packages to the unrestrictied repository. python-cssselect-1.0.3-150000.3.3.1.src.rpm python3-cssselect-1.0.3-150000.3.3.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2989 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for postgresql14 fixes the following issues: - Upgrade to version 14.5: - CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension (bsc#1202368). - Upgrade to version 14.4 (bsc#1200437) - Release notes: https://www.postgresql.org/docs/release/14.4/ - Release announcement: https://www.postgresql.org/about/news/p-2470/ - Prevent possible corruption of indexes created or rebuilt with the CONCURRENTLY option (bsc#1200437) - Pin to llvm13 until the next patchlevel update (bsc#1198166) libpq5-14.5-150200.5.17.1.x86_64.rpm postgresql14-14.5-150200.5.17.1.src.rpm postgresql14-14.5-150200.5.17.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2661 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for u-boot fixes the following issues: - CVE-2022-33967: Fixed heap overflow in squashfs filesystem implementation (bsc#1201745). - CVE-2022-34835: Fixed stack buffer overflow vulnerability in i2c md command (bsc#1201214). u-boot-2021.10-150400.4.8.1.src.rpm u-boot-tools-2021.10-150400.4.8.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2664 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for harfbuzz fixes the following issues: - CVE-2022-33068: Fixed a integer overflow in hb-ot-shape-fallback.cc (bsc#1200900). harfbuzz-3.4.0-150400.3.3.1.src.rpm harfbuzz-devel-3.4.0-150400.3.3.1.x86_64.rpm libharfbuzz-gobject0-3.4.0-150400.3.3.1.x86_64.rpm libharfbuzz-icu0-3.4.0-150400.3.3.1.x86_64.rpm libharfbuzz-subset0-3.4.0-150400.3.3.1.x86_64.rpm libharfbuzz0-3.4.0-150400.3.3.1.x86_64.rpm typelib-1_0-HarfBuzz-0_0-3.4.0-150400.3.3.1.x86_64.rpm libharfbuzz0-32bit-3.4.0-150400.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3145 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for perl-LWP-Protocol-https fixes the following issues: - Explicitly add hostname for SNI to start_SSL (bsc#1199718) perl-LWP-Protocol-https-6.06-150000.3.3.1.noarch.rpm perl-LWP-Protocol-https-6.06-150000.3.3.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2901 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for elfutils fixes the following issues: - Fix runtime dependency for devel package debuginfod-client-0.185-150400.5.3.1.x86_64.rpm elfutils-0.185-150400.5.3.1.src.rpm elfutils-0.185-150400.5.3.1.x86_64.rpm elfutils-debuginfod-0.185-150400.5.3.1.src.rpm elfutils-debuginfod-0.185-150400.5.3.1.x86_64.rpm elfutils-lang-0.185-150400.5.3.1.noarch.rpm libasm-devel-0.185-150400.5.3.1.x86_64.rpm libasm1-0.185-150400.5.3.1.x86_64.rpm libdebuginfod1-0.185-150400.5.3.1.x86_64.rpm libdw-devel-0.185-150400.5.3.1.x86_64.rpm libdw1-0.185-150400.5.3.1.x86_64.rpm libdw1-32bit-0.185-150400.5.3.1.x86_64.rpm libelf-devel-0.185-150400.5.3.1.x86_64.rpm libelf1-0.185-150400.5.3.1.x86_64.rpm libelf1-32bit-0.185-150400.5.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2903 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for Mesa fixes the following issues: - Change default driver from 'iris' back to 'i965' for Intel Gen8-11 hardware; that way we also use the same driver used by X and Mesa (bsc#1200965, bsc#1197045, bsc#1197046) Mesa-21.2.4-150400.68.3.1.src.rpm Mesa-21.2.4-150400.68.3.1.x86_64.rpm Mesa-KHR-devel-21.2.4-150400.68.3.1.x86_64.rpm Mesa-devel-21.2.4-150400.68.3.1.x86_64.rpm Mesa-dri-21.2.4-150400.68.3.1.x86_64.rpm Mesa-dri-devel-21.2.4-150400.68.3.1.x86_64.rpm Mesa-drivers-21.2.4-150400.68.3.1.src.rpm Mesa-gallium-21.2.4-150400.68.3.1.x86_64.rpm Mesa-gallium-32bit-21.2.4-150400.68.3.1.x86_64.rpm Mesa-libEGL-devel-21.2.4-150400.68.3.1.x86_64.rpm Mesa-libEGL1-21.2.4-150400.68.3.1.x86_64.rpm Mesa-libGL-devel-21.2.4-150400.68.3.1.x86_64.rpm Mesa-libGL1-21.2.4-150400.68.3.1.x86_64.rpm Mesa-libGLESv1_CM-devel-21.2.4-150400.68.3.1.x86_64.rpm Mesa-libGLESv2-devel-21.2.4-150400.68.3.1.x86_64.rpm Mesa-libGLESv3-devel-21.2.4-150400.68.3.1.x86_64.rpm Mesa-libVulkan-devel-21.2.4-150400.68.3.1.x86_64.rpm Mesa-libd3d-21.2.4-150400.68.3.1.x86_64.rpm Mesa-libd3d-devel-21.2.4-150400.68.3.1.x86_64.rpm Mesa-libglapi-devel-21.2.4-150400.68.3.1.x86_64.rpm Mesa-libglapi0-21.2.4-150400.68.3.1.x86_64.rpm Mesa-libglapi0-32bit-21.2.4-150400.68.3.1.x86_64.rpm Mesa-libva-21.2.4-150400.68.3.1.x86_64.rpm Mesa-vulkan-device-select-21.2.4-150400.68.3.1.x86_64.rpm Mesa-vulkan-overlay-21.2.4-150400.68.3.1.x86_64.rpm libOSMesa-devel-21.2.4-150400.68.3.1.x86_64.rpm libOSMesa8-21.2.4-150400.68.3.1.x86_64.rpm libgbm-devel-21.2.4-150400.68.3.1.x86_64.rpm libgbm1-21.2.4-150400.68.3.1.x86_64.rpm libgbm1-32bit-21.2.4-150400.68.3.1.x86_64.rpm libvdpau_r300-21.2.4-150400.68.3.1.x86_64.rpm libvdpau_r600-21.2.4-150400.68.3.1.x86_64.rpm libvdpau_radeonsi-21.2.4-150400.68.3.1.x86_64.rpm libvulkan_intel-21.2.4-150400.68.3.1.x86_64.rpm libvulkan_lvp-21.2.4-150400.68.3.1.x86_64.rpm libvulkan_radeon-21.2.4-150400.68.3.1.x86_64.rpm libxatracker-devel-1.0.0-150400.68.3.1.x86_64.rpm libxatracker2-1.0.0-150400.68.3.1.x86_64.rpm Mesa-32bit-21.2.4-150400.68.3.1.x86_64.rpm Mesa-dri-32bit-21.2.4-150400.68.3.1.x86_64.rpm Mesa-libEGL1-32bit-21.2.4-150400.68.3.1.x86_64.rpm Mesa-libGL1-32bit-21.2.4-150400.68.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3682 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for bind fixes the following issues: - CVE-2022-2795: Fixed potential performance degredation due to missing database lookup limits when processing large delegations (bsc#1203614). - CVE-2022-38177: Fixed a memory leak that could be externally triggered in the DNSSEC verification code for the ECDSA algorithm (bsc#1203619). - CVE-2022-38178: Fixed memory leaks that could be externally triggered in the DNSSEC verification code for the EdDSA algorithm (bsc#1203620). Bugfixes: - Changed ownership of /var/lib/named/master from named:named to root:root (bsc#1201247) bind-9.16.6-150300.22.21.2.src.rpm libbind9-1600-9.16.6-150300.22.21.2.x86_64.rpm libdns1605-9.16.6-150300.22.21.2.x86_64.rpm libirs1601-9.16.6-150300.22.21.2.x86_64.rpm libisc1606-9.16.6-150300.22.21.2.x86_64.rpm libisccc1600-9.16.6-150300.22.21.2.x86_64.rpm libisccfg1600-9.16.6-150300.22.21.2.x86_64.rpm libns1604-9.16.6-150300.22.21.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3128 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for gtk3 and gtk3-branding fixes the following issues: gtk3: - Ensure python3-gobject-Gdk is isntalled as dependency (bsc#1200614) - Include legacy hicolor icons (bsc#1197480) - Fix axis name handling in GtkFontChooser - Fix border color for tiled windows. - Fix cell accessible leak in Accessibility - Fix the build with gcc 12 - Wayland: Fix problem with textview scrolling - Wayland: Support new high-contrast setting - Wayland: Avoid unnecessary display scale changes gtk3-branding: - Resolve installation issues gtk3-3.24.34-150400.3.3.1.src.rpm gtk3-branding-SLE-15.0-150400.16.2.1.noarch.rpm gtk3-branding-SLE-15.0-150400.16.2.1.src.rpm gtk3-data-3.24.34-150400.3.3.1.noarch.rpm gtk3-devel-3.24.34-150400.3.3.1.x86_64.rpm gtk3-lang-3.24.34-150400.3.3.1.noarch.rpm gtk3-schema-3.24.34-150400.3.3.1.noarch.rpm gtk3-tools-3.24.34-150400.3.3.1.x86_64.rpm libgtk-3-0-3.24.34-150400.3.3.1.x86_64.rpm typelib-1_0-Gtk-3_0-3.24.34-150400.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3102 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for gtk4 fixes the following issues: - Ensure python3-gobject-Gdk is isntalled as dependency (bsc#1200614) gettext-its-gtk4-4.6.0-150400.3.3.1.x86_64.rpm gtk4-4.6.0-150400.3.3.1.src.rpm gtk4-schema-4.6.0-150400.3.3.1.noarch.rpm libgtk-4-1-4.6.0-150400.3.3.1.x86_64.rpm typelib-1_0-Gtk-4_0-4.6.0-150400.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2944 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for procps fixes the following issues: - Fix 'free' command reporting misleading "used" value (bsc#1181475) libprocps7-3.3.15-150000.7.25.1.x86_64.rpm procps-3.3.15-150000.7.25.1.src.rpm procps-3.3.15-150000.7.25.1.x86_64.rpm procps-devel-3.3.15-150000.7.25.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2977 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for util-linux fixes the following issues: - agetty: Resolve tty name even if stdin is specified (bsc#1197178) - libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731) libblkid-devel-2.37.2-150400.8.3.1.x86_64.rpm libblkid-devel-static-2.37.2-150400.8.3.1.x86_64.rpm libblkid1-2.37.2-150400.8.3.1.x86_64.rpm libfdisk-devel-2.37.2-150400.8.3.1.x86_64.rpm libfdisk1-2.37.2-150400.8.3.1.x86_64.rpm libmount-devel-2.37.2-150400.8.3.1.x86_64.rpm libmount1-2.37.2-150400.8.3.1.x86_64.rpm libsmartcols-devel-2.37.2-150400.8.3.1.x86_64.rpm libsmartcols1-2.37.2-150400.8.3.1.x86_64.rpm libuuid-devel-2.37.2-150400.8.3.1.x86_64.rpm libuuid-devel-static-2.37.2-150400.8.3.1.x86_64.rpm libuuid1-2.37.2-150400.8.3.1.x86_64.rpm util-linux-2.37.2-150400.8.3.1.src.rpm util-linux-2.37.2-150400.8.3.1.x86_64.rpm util-linux-lang-2.37.2-150400.8.3.1.noarch.rpm util-linux-systemd-2.37.2-150400.8.3.1.src.rpm util-linux-systemd-2.37.2-150400.8.3.1.x86_64.rpm libblkid1-32bit-2.37.2-150400.8.3.1.x86_64.rpm libmount1-32bit-2.37.2-150400.8.3.1.x86_64.rpm libuuid1-32bit-2.37.2-150400.8.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2995 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for gdk-pixbuf fixes the following issues: Update to version 2.42.8, including the following: - CVE-2021-46829: Fixed a heap-based buffer overflow when compositing or clearing frames in GIF files (bsc#1201826). gdk-pixbuf-2.42.8-150400.5.3.1.src.rpm gdk-pixbuf-devel-2.42.8-150400.5.3.1.x86_64.rpm gdk-pixbuf-lang-2.42.8-150400.5.3.1.noarch.rpm gdk-pixbuf-query-loaders-2.42.8-150400.5.3.1.x86_64.rpm gdk-pixbuf-query-loaders-32bit-2.42.8-150400.5.3.1.x86_64.rpm gdk-pixbuf-thumbnailer-2.42.8-150400.5.3.1.x86_64.rpm libgdk_pixbuf-2_0-0-2.42.8-150400.5.3.1.x86_64.rpm typelib-1_0-GdkPixbuf-2_0-2.42.8-150400.5.3.1.x86_64.rpm typelib-1_0-GdkPixdata-2_0-2.42.8-150400.5.3.1.x86_64.rpm libgdk_pixbuf-2_0-0-32bit-2.42.8-150400.5.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3032 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libtcnative-1-0 fixes the following issues: - Avoid crash reading session ID after handshake failure. (bsc#1199170) libtcnative-1-0-1.2.23-150100.3.6.1.src.rpm libtcnative-1-0-1.2.23-150100.3.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2826 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for webkit2gtk3 fixes the following issues: - Update to version 2.36.5 (bsc#1201980): - Add support for PAC proxy in the WebDriver implementation. - Fix video playback when loaded through custom URIs, this fixes video playback in the Yelp documentation browser. - Fix WebKitWebView::context-menu when using GTK4. - Fix LTO builds with GCC. - Fix several crashes and rendering issues. - Security fixes: - CVE-2022-32792: Fixed processing maliciously crafted web content may lead to arbitrary code execution. - CVE-2022-32816: Fixed visiting a website that frames malicious content may lead to UI spoofing. libjavascriptcoregtk-4_0-18-2.36.5-150400.4.9.1.x86_64.rpm libwebkit2gtk-4_0-37-2.36.5-150400.4.9.1.x86_64.rpm typelib-1_0-JavaScriptCore-4_0-2.36.5-150400.4.9.1.x86_64.rpm typelib-1_0-WebKit2-4_0-2.36.5-150400.4.9.1.x86_64.rpm typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150400.4.9.1.x86_64.rpm webkit2gtk-4_0-injected-bundles-2.36.5-150400.4.9.1.x86_64.rpm webkit2gtk3-soup2-2.36.5-150400.4.9.1.src.rpm webkit2gtk3-soup2-devel-2.36.5-150400.4.9.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3009 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for rsyslog fixes the following issues: -Fix memory access violation issue in qDeqLinkedList during shutdown (bsc#1199283) rsyslog-8.2106.0-150400.5.6.1.src.rpm rsyslog-8.2106.0-150400.5.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3219 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for sysconfig fixes the following issues: - netconfig: remove sed dependency - netconfig/dns-resolver: remove search limit of 6 domains (bsc#1199093) - netconfig: cleanup /var/run leftovers (bsc#1194557) - netconfig: update ntp man page documentation, fix typos - netconfig: revert NM default policy change change (bsc#1185882) With the change to the default policy, netconfig with NetworkManager as network.service accepted settings from all services/programs directly instead only from NetworkManager, where plugins/services have to deliver their settings to apply them. - Also support service(network) provides sysconfig-0.85.9-150200.12.1.src.rpm sysconfig-0.85.9-150200.12.1.x86_64.rpm sysconfig-netconfig-0.85.9-150200.12.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3220 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libzypp, zypper fixes the following issues: libzypp: - Improve handling of package locks, allowing to reset the status of its initial state (bsc#1199895) - Fix issues when receiving exceptions from curl_easy_cleanup (bsc#1201092) - Don't auto-flag kernel-firmware as 'reboot-needed' (bsc#1200993) - Remove Medianetwork and its dependent code. First reason for this is that MediaNetwork was just meant as a way to test the new CURL based downloaded. Second the Provide API is going to completely replace the current media backend. zypper: - Truncate the 'Name' column when using `zypper lr`, if the table is wider than the terminal (bsc#1201638) - Reject install/remove modifier without argument (bsc#1201576) - zypper-download: Handle unresolvable arguments as errors - Put signing key supplying repository name in quotes libzypp-17.31.0-150400.3.6.1.src.rpm True libzypp-17.31.0-150400.3.6.1.x86_64.rpm True libzypp-devel-17.31.0-150400.3.6.1.x86_64.rpm True zypper-1.14.55-150400.3.6.1.src.rpm True zypper-1.14.55-150400.3.6.1.x86_64.rpm True zypper-log-1.14.55-150400.3.6.1.noarch.rpm True zypper-needs-restarting-1.14.55-150400.3.6.1.noarch.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2022-2803 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635). - CVE-2022-2585: Fixed use-after-free in POSIX CPU timer (bnc#1202094). - CVE-2022-21505: Fixed kexec lockdown bypass with IMA policy (bsc#1201458). - CVE-2022-26373: Fixed CPU info leak via post-barrier RSB predictions (bsc#1201726). - CVE-2022-29581: Fixed improper update of Reference Count in net/sched that could cause root privilege escalation (bnc#1199665). The following non-security bugs were fixed: - ACPI: CPPC: Only probe for _CPC if CPPC v2 is acked (git-fixes). - ACPI: video: Fix acpi_video_handles_brightness_key_presses() (git-fixes). - ALSA: hda - Add fixup for Dell Latitidue E5430 (git-fixes). - ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model (git-fixes). - ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop (git-fixes). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc221 (git-fixes). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo L140PU (git-fixes). - ALSA: hda/realtek: Fix headset mic for Acer SF313-51 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP machines (git-fixes). - ALSA: usb-audio: Add quirk for Fiero SC-01 (fw v1.0.0) (git-fixes). - ALSA: usb-audio: Add quirk for Fiero SC-01 (git-fixes). - ALSA: usb-audio: Add quirks for MacroSilicon MS2100/MS2106 devices (git-fixes). - ALSA: usb-audio: Workarounds for Behringer UMC 204/404 HD (git-fixes). - ARM: 9209/1: Spectre-BHB: avoid pr_info() every time a CPU comes out of idle (git-fixes). - ARM: 9210/1: Mark the FDT_FIXED sections as shareable (git-fixes). - ARM: 9213/1: Print message about disabled Spectre workarounds only once (git-fixes). - ARM: 9214/1: alignment: advance IT state after emulating Thumb instruction (git-fixes). - ARM: dts: at91: sama5d2: Fix typo in i2s1 node (git-fixes). - ARM: dts: imx6qdl-ts7970: Fix ngpio typo and count (git-fixes). - ARM: dts: stm32: use the correct clock source for CEC on stm32mp151 (git-fixes). - ARM: dts: sunxi: Fix SPI NOR campatible on Orange Pi Zero (git-fixes). - ASoC: Intel: Skylake: Correct the handling of fmt_config flexible array (git-fixes). - ASoC: Intel: Skylake: Correct the ssp rate discovery in skl_get_ssp_clks() (git-fixes). - ASoC: Intel: bytcr_wm5102: Fix GPIO related probe-ordering problem (git-fixes). - ASoC: Intel: sof_sdw: handle errors on card registration (git-fixes). - ASoC: Realtek/Maxim SoundWire codecs: disable pm_runtime on remove (git-fixes). - ASoC: Remove unused hw_write_t type (git-fixes). - ASoC: SOF: Intel: hda-loader: Clarify the cl_dsp_init() flow (git-fixes). - ASoC: codecs: rt700/rt711/rt711-sdca: initialize workqueues in probe (git-fixes). - ASoC: codecs: rt700/rt711/rt711-sdca: resume bus/codec in .set_jack_detect (git-fixes). - ASoC: cs47l15: Fix event generation for low power mux control (git-fixes). - ASoC: dapm: Initialise kcontrol data for mux/demux controls (git-fixes). - ASoC: madera: Fix event generation for OUT1 demux (git-fixes). - ASoC: madera: Fix event generation for rate controls (git-fixes). - ASoC: ops: Fix off by one in range control validation (git-fixes). - ASoC: rt5682: Avoid the unexpected IRQ event during going to suspend (git-fixes). - ASoC: rt5682: Fix deadlock on resume (git-fixes). - ASoC: rt5682: Re-detect the combo jack after resuming (git-fixes). - ASoC: rt5682: fix an incorrect NULL check on list iterator (git-fixes). - ASoC: rt5682: move clk related code to rt5682_i2c_probe (git-fixes). - ASoC: rt7*-sdw: harden jack_detect_handler (git-fixes). - ASoC: rt711-sdca-sdw: fix calibrate mutex initialization (git-fixes). - ASoC: rt711-sdca: Add endianness flag in snd_soc_component_driver (git-fixes). - ASoC: rt711-sdca: fix kernel NULL pointer dereference when IO error (git-fixes). - ASoC: rt711: Add endianness flag in snd_soc_component_driver (git-fixes). - ASoC: rt711: fix calibrate mutex initialization (git-fixes). - ASoC: sgtl5000: Fix noise on shutdown/remove (git-fixes). - ASoC: tas2764: Add post reset delays (git-fixes). - ASoC: tas2764: Correct playback volume range (git-fixes). - ASoC: tas2764: Fix amp gain register offset & default (git-fixes). - ASoC: tas2764: Fix and extend FSYNC polarity handling (git-fixes). - ASoC: wcd938x: Fix event generation for some controls (git-fixes). - ASoC: wm5110: Fix DRE control (git-fixes). - Bluetooth: btusb: Add the new support IDs for WCN6855 (git-fixxes). - Input: cpcap-pwrbutton - handle errors from platform_get_irq() (git-fixes). - Input: i8042 - Apply probe defer to more ASUS ZenBook models (bsc#1190256). - NFC: nxp-nci: do not print header length mismatch on i2c error (git-fixes). - VMCI: Add support for ARM64 (bsc#1199291, jsc#SLE-24635). - VMCI: Check exclusive_vectors when freeing interrupt 1 (bsc#1199291, jsc#SLE-24635). - VMCI: Fix some error handling paths in vmci_guest_probe_device() (bsc#1199291, jsc#SLE-24635). - VMCI: Release notification_bitmap in error path (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: add MMIO access to registers (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: add support for DMA datagrams receive (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: add support for DMA datagrams sends (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: allocate send and receive buffers for DMA datagrams (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: detect DMA datagram capability (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: register dummy IRQ handlers for DMA datagrams (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: set OS page size (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: whitespace formatting change for vmci register defines (bsc#1199291, jsc#SLE-24635). - arm64: Add HWCAP for self-synchronising virtual counter (git-fixes) - arm64: Add cavium_erratum_23154_cpus missing sentinel (jsc#SLE-24682). - arm64: cpufeature: add HWCAP for FEAT_AFP (git-fixes) - arm64: dts: broadcom: bcm4908: Fix cpu node for smp boot (git-fixes). - arm64: dts: broadcom: bcm4908: Fix timer node for BCM4906 SoC (git-fixes) - arm64: dts: broadcom: bcm4908: Fix timer node for BCM4906 SoC (git-fixes). - arm64: dts: rockchip: Assign RK3399 VDU clock rate (git-fixes). - arm64: mm: Do not invalidate FROM_DEVICE buffers at start of DMA transfer (git-fixes) - batman-adv: Use netif_rx() (git-fixes). - bcmgenet: add WOL IRQ check (git-fixes). - be2net: Fix buffer overflow in be_get_module_eeprom (bsc#1201323). - blk-mq: add one API for waiting until quiesce is done (bsc#1201651). - blk-mq: fix kabi support concurrent queue quiesce unquiesce (bsc#1201651). - blk-mq: support concurrent queue quiesce/unquiesce (bsc#1201651). - can: bcm: use call_rcu() instead of costly synchronize_rcu() (git-fixes). - can: grcan: grcan_probe(): remove extra of_node_get() (git-fixes). - can: gs_usb: gs_usb_open/close(): fix memory leak (git-fixes). - can: m_can: m_can_chip_config(): actually enable internal timestamping (git-fixes). - can: mcp251xfd: mcp251xfd_regmap_crc_read(): improve workaround handling for mcp2517fd (git-fixes). - can: mcp251xfd: mcp251xfd_regmap_crc_read(): update workaround broken CRC on TBC register (git-fixes). - ceph: fix up non-directory creation in SGID directories (bsc#1201595). - cpufreq: mediatek: Unregister platform device on exit (git-fixes). - cpufreq: mediatek: Use module_init and add module_exit (git-fixes). - cpufreq: pmac32-cpufreq: Fix refcount leak bug (git-fixes). - cpuidle: PSCI: Move the `has_lpi` check to the beginning of the (git-fixes) - crypto: hisilicon/qm - modify the uacce mode check (bsc#1201391). - crypto: octeontx2 - Avoid stack variable overflow (jsc#SLE-24682). - crypto: octeontx2 - CN10K CPT to RNM workaround (jsc#SLE-24682). - crypto: octeontx2 - Use swap() instead of swap_engines() (jsc#SLE-24682). - crypto: octeontx2 - add apis for custom engine groups (jsc#SLE-24682). - crypto: octeontx2 - add synchronization between mailbox accesses (jsc#SLE-24682). - crypto: octeontx2 - fix missing unlock (jsc#SLE-24682). - crypto: octeontx2 - increase CPT HW instruction queue length (jsc#SLE-24682). - crypto: octeontx2 - out of bounds access in otx2_cpt_dl_custom_egrp_delete() (jsc#SLE-24682). - crypto: octeontx2 - parameters for custom engine groups (jsc#SLE-24682). - crypto: octeontx2 - select CONFIG_NET_DEVLINK (jsc#SLE-24682). - crypto: octeontx2 - use swap() to make code cleaner (jsc#SLE-24682). - crypto: qat - fix memory leak in RSA (git-fixes). - crypto: qat - remove dma_free_coherent() for DH (git-fixes). - crypto: qat - remove dma_free_coherent() for RSA (git-fixes). - crypto: qat - set CIPHER capability for DH895XCC (git-fixes). - crypto: qat - set to zero DH parameters before free (git-fixes). - crypto: testmgr - allow ecdsa-nist in FIPS mode (jsc#SLE-21132,bsc#1201258). - device property: Add fwnode_irq_get_byname (jsc#SLE-24569) - dm: do not stop request queue after the dm device is suspended (bsc#1201651). - dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly (git-fixes). - dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (git-fixes). - dmaengine: lgm: Fix an error handling path in intel_ldma_probe() (git-fixes). - dmaengine: pl330: Fix lockdep warning about non-static key (git-fixes). - dmaengine: qcom: bam_dma: fix runtime PM underflow (git-fixes). - dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate (git-fixes). - dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate (git-fixes). - docs: firmware-guide: ACPI: Add named interrupt doc (jsc#SLE-24569) - docs: net: dsa: add more info about the other arguments to get_tag_protocol (git-fixes). - docs: net: dsa: delete port_mdb_dump (git-fixes). - docs: net: dsa: document change_tag_protocol (git-fixes). - docs: net: dsa: document port_fast_age (git-fixes). - docs: net: dsa: document port_setup and port_teardown (git-fixes). - docs: net: dsa: document the shutdown behavior (git-fixes). - docs: net: dsa: document the teardown method (git-fixes). - docs: net: dsa: re-explain what port_fdb_dump actually does (git-fixes). - docs: net: dsa: remove port_vlan_dump (git-fixes). - docs: net: dsa: rename tag_protocol to get_tag_protocol (git-fixes). - docs: net: dsa: update probing documentation (git-fixes). - dpaa2-eth: Initialize mutex used in one step timestamping path (git-fixes). - dpaa2-eth: destroy workqueue at the end of remove function (git-fixes). - dpaa2-eth: unregister the netdev before disconnecting from the PHY (git-fixes). - drbd: fix potential silent data corruption (git-fixes). - drivers: net: smc911x: Check for error irq (git-fixes). - drm/amd/display: Fix by adding FPU protection for dcn30_internal_validate_bw (git-fixes). - drm/amd/display: Only use depth 36 bpp linebuffers on DCN display engines (git-fixes). - drm/amd/display: Set min dcfclk if pipe count is 0 (git-fixes). - drm/amd/vcn: fix an error msg on vcn 3.0 (git-fixes). - drm/amdgpu: To flush tlb for MMHUB of RAVEN series (git-fixes). - drm/i915/dg2: Add Wa_22011100796 (git-fixes). - drm/i915/gt: Serialize GRDOM access between multiple engine resets (git-fixes). - drm/i915/gt: Serialize TLB invalidates with GT resets (git-fixes). - drm/i915/gvt: IS_ERR() vs NULL bug in intel_gvt_update_reg_whitelist() (git-fixes). - drm/i915/selftests: fix a couple IS_ERR() vs NULL tests (git-fixes). - drm/i915/uc: correctly track uc_fw init failure (git-fixes). - drm/i915: Fix a race between vma / object destruction and unbinding (git-fixes). - drm/i915: Require the vm mutex for i915_vma_bind() (git-fixes). - drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector() (git-fixes). - drm/imx/dcss: Add missing of_node_put() in fail path (git-fixes). - drm/mediatek: Detect CMDQ execution timeout (git-fixes). - drm/mediatek: Remove the pointer of struct cmdq_client (git-fixes). - drm/mediatek: Use mailbox rx_callback instead of cmdq_task_cb (git-fixes). - drm/panfrost: Fix shrinker list corruption by madvise IOCTL (git-fixes). - drm/panfrost: Put mapping instead of shmem obj on panfrost_mmu_map_fault_addr() error (git-fixes). - drm/ttm: fix locking in vmap/vunmap TTM GEM helpers (git-fixes). - dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo (git-fixes). - dt-bindings: gpio: Add Tegra241 support (jsc#SLE-24571) - dt-bindings: soc: qcom: smd-rpm: Add compatible for MSM8953 SoC (git-fixes). - dt-bindings: soc: qcom: smd-rpm: Fix missing MSM8936 compatible (git-fixes). - e1000e: Enable GPT clock before sending message to CSME (git-fixes). - efi/x86: use naked RET on mixed mode call wrapper (git-fixes). - ethernet: Fix error handling in xemaclite_of_probe (git-fixes). - ethtool: Fix get module eeprom fallback (bsc#1201323). - fbcon: Disallow setting font bigger than screen size (git-fixes). - fbcon: Prevent that screen size is smaller than font size (git-fixes). - fbdev: fbmem: Fix logo center image dx issue (git-fixes). - fbmem: Check virtual screen sizes in fb_set_var() (git-fixes). - fjes: Check for error irq (git-fixes). - fsl/fman: Check for null pointer after calling devm_ioremap (git-fixes). - fsl/fman: Fix missing put_device() call in fman_port_probe (git-fixes). - fuse: annotate lock in fuse_reverse_inval_entry() (bsc#1201593). - fuse: make sure reclaim does not write the inode (bsc#1201592). - gpio: gpio-xilinx: Fix integer overflow (git-fixes). - gpio: pca953x: only use single read/write for No AI mode (git-fixes). - gpio: pca953x: use the correct range when do regmap sync (git-fixes). - gpio: pca953x: use the correct register address when regcache sync during init (git-fixes). - gpio: tegra186: Add IRQ per bank for Tegra241 (jsc#SLE-24571) - gpio: tegra186: Add support for Tegra241 (jsc#SLE-24571) - gve: Recording rx queue before sending to napi (git-fixes). - hwmon: (occ) Prevent power cap command overwriting poll response (git-fixes). - hwmon: (occ) Remove sequence numbering and checksum calculation (git-fixes). - hwrng: cavium - fix NULL but dereferenced coccicheck error (jsc#SLE-24682). - i2c: cadence: Change large transfer count reset logic to be unconditional (git-fixes). - i2c: cadence: Unregister the clk notifier in error path (git-fixes). - i2c: mlxcpld: Fix register setting for 400KHz frequency (git-fixes). - i2c: piix4: Fix a memory leak in the EFCH MMIO support (git-fixes). - i2c: smbus: Check for parent device before dereference (git-fixes). - i2c: smbus: Use device_*() functions instead of of_*() (jsc#SLE-24569) - i2c: tegra: Add SMBus block read function (jsc#SLE-24569) - i2c: tegra: Add the ACPI support (jsc#SLE-24569) - i2c: tegra: use i2c_timings for bus clock freq (jsc#SLE-24569) - ice: Avoid RTNL lock when re-creating auxiliary device (git-fixes). - ice: Fix error with handling of bonding MTU (git-fixes). - ice: Fix race condition during interface enslave (git-fixes). - ice: stop disabling VFs due to PF error responses (git-fixes). - ida: do not use BUG_ON() for debugging (git-fixes). - ima: Fix a potential integer overflow in ima_appraise_measurement (git-fixes). - ima: Fix potential memory leak in ima_init_crypto() (git-fixes). - ima: force signature verification when CONFIG_KEXEC_SIG is configured (git-fixes). - irqchip/gic-v3: Workaround Marvell erratum 38545 when reading IAR (jsc#SLE-24682). - irqchip: or1k-pic: Undefine mask_ack for level triggered hardware (git-fixes). - ixgbevf: Require large buffers for build_skb on 82599VF (git-fixes). - kABI workaround for phy_device changes (git-fixes). - kABI workaround for rtsx_usb (git-fixes). - kABI workaround for snd-soc-rt5682-* (git-fixes). - kABI: fix adding field to scsi_device (git-fixes). - kABI: fix adding field to ufs_hba (git-fixes). - kABI: i2c: smbus: restore of_ alert variant (jsc#SLE-24569). kABI fix for "i2c: smbus: Use device_*() functions instead of of_*()" - kabi/severities: add intel ice - kabi/severities: add stmmac network driver local symbols - kabi/severities: ignore dropped symbol rt5682_headset_detect - kasan: fix tag for large allocations when using CONFIG_SLAB (git fixes (mm/kasan)). - kernel-obs-build: include qemu_fw_cfg (boo#1201705) - kvm: emulate: do not adjust size of fastop and setcc subroutines (bsc#1201930). - kvm: emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930). - libceph: fix potential use-after-free on linger ping and resends (bsc#1201596). - md: bcache: check the return value of kzalloc() in detached_dev_do_request() (git-fixes). - memcg: page_alloc: skip bulk allocator for __GFP_ACCOUNT (git fixes (mm/pgalloc)). - memregion: Fix memregion_free() fallback definition (git-fixes). - misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer (git-fixes). - misc: rtsx_usb: set return value in rsp_buf alloc err path (git-fixes). - misc: rtsx_usb: use separate command and response buffers (git-fixes). - mm/large system hash: avoid possible NULL deref in alloc_large_system_hash (git fixes (mm/pgalloc)). - mm/secretmem: avoid letting secretmem_users drop to zero (git fixes (mm/secretmem)). - mm/vmalloc: fix numa spreading for large hash tables (git fixes (mm/vmalloc)). - mm/vmalloc: make sure to dump unpurged areas in /proc/vmallocinfo (git fixes (mm/vmalloc)). - mm/vmalloc: repair warn_alloc()s in __vmalloc_area_node() (git fixes (mm/vmalloc)). - mm: do not try to NUMA-migrate COW pages that have other uses (git fixes (mm/numa)). - mm: swap: get rid of livelock in swapin readahead (git fixes (mm/swap)). - mt76: mt7921: get rid of mt7921_mac_set_beacon_filter (git-fixes). - natsemi: xtensa: fix section mismatch warnings (git-fixes). - nbd: fix possible overflow on 'first_minor' in nbd_dev_add() (git-fixes). - net/fsl: xgmac_mdio: Add workaround for erratum A-009885 (git-fixes). - net/fsl: xgmac_mdio: Fix incorrect iounmap when removing module (git-fixes). - net/qla3xxx: fix an error code in ql_adapter_up() (git-fixes). - net: ag71xx: Fix a potential double free in error handling paths (git-fixes). - net: altera: set a couple error code in probe() (git-fixes). - net: amd-xgbe: Fix skb data length underflow (git-fixes). - net: amd-xgbe: disable interrupts during pci removal (git-fixes). - net: amd-xgbe: ensure to reset the tx_timer_active flag (git-fixes). - net: annotate data-races on txq->xmit_lock_owner (git-fixes). - net: axienet: Fix TX ring slot available check (git-fixes). - net: axienet: Wait for PhyRstCmplt after core reset (git-fixes). - net: axienet: add missing memory barriers (git-fixes). - net: axienet: fix for TX busy handling (git-fixes). - net: axienet: fix number of TX ring slots for available check (git-fixes). - net: axienet: increase default TX ring size to 128 (git-fixes). - net: axienet: increase reset timeout (git-fixes). - net: axienet: limit minimum TX ring size (git-fixes). - net: bcm4908: Handle dma_set_coherent_mask error codes (git-fixes). - net: bcmgenet: Do not claim WOL when its not available (git-fixes). - net: bcmgenet: skip invalid partial checksums (git-fixes). - net: chelsio: cxgb3: check the return value of pci_find_capability() (git-fixes). - net: cpsw: Properly initialise struct page_pool_params (git-fixes). - net: cpsw: avoid alignment faults by taking NET_IP_ALIGN into account (git-fixes). - net: dsa: ar9331: register the mdiobus under devres (git-fixes). - net: dsa: bcm_sf2: do not use devres for mdiobus (git-fixes). - net: dsa: felix: do not use devres for mdiobus (git-fixes). - net: dsa: lan9303: add VLAN IDs to master device (git-fixes). - net: dsa: lan9303: fix reset on probe (git-fixes). - net: dsa: lantiq_gswip: do not use devres for mdiobus (git-fixes). - net: dsa: mt7530: fix incorrect test in mt753x_phylink_validate() (git-fixes). - net: dsa: mt7530: fix kernel bug in mdiobus_free() when unbinding (git-fixes). - net: dsa: mt7530: make NET_DSA_MT7530 select MEDIATEK_GE_PHY (git-fixes). - net: dsa: mv88e6xxx: do not use devres for mdiobus (git-fixes). - net: dsa: mv88e6xxx: fix use-after-free in mv88e6xxx_mdios_unregister (git-fixes). - net: dsa: mv88e6xxx: flush switchdev FDB workqueue before removing VLAN (git-fixes). - net: ethernet: lpc_eth: Handle error for clk_enable (git-fixes). - net: ethernet: mtk_eth_soc: fix error checking in mtk_mac_config() (git-fixes). - net: ethernet: mtk_eth_soc: fix return values and refactor MDIO ops (git-fixes). - net: ethernet: ti: cpts: Handle error for clk_enable (git-fixes). - net: fec: only clear interrupt of handling queue in fec_enet_rx_queue() (git-fixes). - net: ieee802154: ca8210: Fix lifs/sifs periods (git-fixes). - net: ieee802154: ca8210: Stop leaking skb's (git-fixes). - net: ieee802154: hwsim: Ensure proper channel selection at probe time (git-fixes). - net: ieee802154: mcr20a: Fix lifs/sifs periods (git-fixes). - net: ipa: add an interconnect dependency (git-fixes). - net: ipa: fix atomic update in ipa_endpoint_replenish() (git-fixes). - net: ipa: prevent concurrent replenish (git-fixes). - net: ipa: use a bitmap for endpoint replenish_enabled (git-fixes). - net: ks8851: Check for error irq (git-fixes). - net: lantiq_xrx200: fix statistics of received bytes (git-fixes). - net: ll_temac: check the return value of devm_kmalloc() (git-fixes). - net: macb: Fix lost RX packet wakeup race in NAPI receive (git-fixes). - net: macsec: Fix offload support for NETDEV_UNREGISTER event (git-fixes). - net: macsec: Verify that send_sci is on when setting Tx sci explicitly (git-fixes). - net: marvell: mvpp2: Fix the computation of shared CPUs (git-fixes). - net: marvell: prestera: Add missing of_node_put() in prestera_switch_set_base_mac_addr (git-fixes). - net: marvell: prestera: fix incorrect return of port_find (git-fixes). - net: mdio: aspeed: Add missing MODULE_DEVICE_TABLE (git-fixes). - net: mscc: ocelot: fix backwards compatibility with single-chain tc-flower offload (git-fixes). - net: mscc: ocelot: fix mutex lock error during ethtool stats read (git-fixes). - net: mscc: ocelot: fix using match before it is set (git-fixes). - net: mv643xx_eth: process retval from of_get_mac_address (git-fixes). - net: mvpp2: fix XDP rx queues registering (git-fixes). - net: phy: Do not trigger state machine while in suspend (git-fixes). - net: phylink: Force link down and retrigger resolve on interface change (git-fixes). - net: phylink: Force retrigger in case of latched link-fail indicator (git-fixes). - net: rose: fix UAF bug caused by rose_t0timer_expiry (git-fixes). - net: sfp: fix high power modules without diagnostic monitoring (git-fixes). - net: sfp: ignore disabled SFP node (git-fixes). - net: sparx5: Fix add vlan when invalid operation (git-fixes). - net: sparx5: Fix get_stat64 crash in tcpdump (git-fixes). - net: stmmac: Add platform level debug register dump feature (git-fixes). - net: stmmac: Avoid DMA_CHAN_CONTROL write if no Split Header support (git-fixes). - net: stmmac: configure PTP clock source prior to PTP initialization (git-fixes). - net: stmmac: dump gmac4 DMA registers correctly (git-fixes). - net: stmmac: dwmac-rk: fix oob read in rk_gmac_setup (git-fixes). - net: stmmac: dwmac-visconti: Fix bit definitions for ETHER_CLK_SEL (git-fixes). - net: stmmac: dwmac-visconti: Fix clock configuration for RMII mode (git-fixes). - net: stmmac: dwmac-visconti: Fix value of ETHER_CLK_SEL_FREQ_SEL_2P5M (git-fixes). - net: stmmac: dwmac-visconti: No change to ETHER_CLOCK_SEL for unexpected speed request (git-fixes). - net: stmmac: ensure PTP time register reads are consistent (git-fixes). - net: stmmac: fix return value of __setup handler (git-fixes). - net: stmmac: fix tc flower deletion for VLAN priority Rx steering (git-fixes). - net: stmmac: properly handle with runtime pm in stmmac_dvr_remove() (git-fixes). - net: stmmac: ptp: fix potentially overflowing expression (git-fixes). - net: stmmac: retain PTP clock time during SIOCSHWTSTAMP ioctls (git-fixes). - net: stmmac: skip only stmmac_ptp_register when resume from suspend (git-fixes). - net: sxgbe: fix return value of __setup handler (git-fixes). - net: systemport: Add global locking for descriptor lifecycle (git-fixes). - net: usb: qmi_wwan: add Telit 0x1060 composition (git-fixes). - net: usb: qmi_wwan: add Telit 0x1070 composition (git-fixes). - netdevsim: do not overwrite read only ethtool parms (git-fixes). - nfp: Fix memory leak in nfp_cpp_area_cache_add() (git-fixes). - nvme: add APIs for stopping/starting admin queue (bsc#1201651). - nvme: apply nvme API to quiesce/unquiesce admin queue (bsc#1201651). - nvme: loop: clear NVME_CTRL_ADMIN_Q_STOPPED after admin queue is reallocated (bsc#1201651). - nvme: paring quiesce/unquiesce (bsc#1201651). - nvme: prepare for pairing quiescing and unquiescing (bsc#1201651). - nvme: wait until quiesce is done (bsc#1201651). - octeontx2-af: Do not fixup all VF action entries (git-fixes). - octeontx2-af: Fix a memleak bug in rvu_mbox_init() (git-fixes). - octeontx2-af: cn10k: Do not enable RPM loopback for LPC interfaces (git-fixes). - octeontx2-pf: Forward error codes to VF (git-fixes). - page_alloc: fix invalid watemark check on a negative value (git fixes (mm/pgalloc)). - perf/amd/ibs: Add support for L3 miss filtering (jsc#SLE-24578). - perf/amd/ibs: Advertise zen4_ibs_extensions as pmu capability attribute (jsc#SLE-24578). - perf/amd/ibs: Cascade pmu init functions' return value (jsc#SLE-24578). - perf/amd/ibs: Use ->is_visible callback for dynamic attributes (jsc#SLE-24578). - pinctrl: aspeed: Fix potential NULL dereference in aspeed_pinmux_set_mux() (git-fixes). - pinctrl: sunxi: a83t: Fix NAND function name for some pins (git-fixes). - pinctrl: sunxi: sunxi_pconf_set: use correct offset (git-fixes). - platform/x86: hp-wmi: Ignore Sanitization Mode event (git-fixes). - posix_cpu_timers: fix race between exit_itimers() and /proc/pid/timers (git-fixes). - power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe (git-fixes). - powerpc/mobility: wait for memory transfer to complete (bsc#1201846 ltc#198761). - powerpc/pseries/mobility: set NMI watchdog factor during an LPM (bsc#1201846 ltc#198761). - powerpc/watchdog: introduce a NMI watchdog's factor (bsc#1201846 ltc#198761). - ppp: ensure minimum packet size in ppp_write() (git-fixes). - qede: validate non LSO skb length (git-fixes). - r8152: fix a WOL issue (git-fixes). - r8169: fix accessing unset transport header (git-fixes). - random: document add_hwgenerator_randomness() with other input functions (git-fixes). - random: fix typo in comments (git-fixes). - raw: Fix a data-race around sysctl_raw_l3mdev_accept (git-fixes). - reset: Fix devm bulk optional exclusive control getter (git-fixes). - rocker: fix a sleeping in atomic bug (git-fixes). - rpm/modules.fips: add ecdsa_generic (jsc#SLE-21132,bsc#1201258). - sched/core: Do not requeue task on CPU excluded from cpus_mask (bnc#1199356). - scsi: avoid to quiesce sdev->request_queue two times (bsc#1201651). - scsi: core: sd: Add silence_suspend flag to suppress some PM messages (git-fixes). - scsi: iscsi: Exclude zero from the endpoint ID range (git-fixes). - scsi: lpfc: Fix mailbox command failure during driver initialization (git-fixes). - scsi: make sure that request queue queiesce and unquiesce balanced (bsc#1201651). - scsi: scsi_debug: Do not call kcalloc() if size arg is zero (git-fixes). - scsi: scsi_debug: Fix type in min_t to avoid stack OOB (git-fixes). - scsi: scsi_debug: Fix zone transition to full condition (git-fixes). - scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() (git-fixes). - scsi: sd: Fix potential NULL pointer dereference (git-fixes). - scsi: sd: Fix sd_do_mode_sense() buffer length handling (git-fixes). - scsi: ufs: Fix a deadlock in the error handler (git-fixes). - scsi: ufs: Fix runtime PM messages never-ending cycle (git-fixes). - scsi: ufs: Remove dead code (git-fixes). - scsi: ufs: core: scsi_get_lba() error fix (git-fixes). - serial: 8250: Fix PM usage_count for console handover (git-fixes). - serial: 8250: fix return error code in serial8250_request_std_resource() (git-fixes). - serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle (git-fixes). - serial: sc16is7xx: Clear RS485 bits in the shutdown (git-fixes). - serial: stm32: Clear prev values before setting RTS delays (git-fixes). - soc: ixp4xx/npe: Fix unused match warning (git-fixes). - spi: Add Tegra234 QUAD SPI compatible (jsc#SLE-24570) - spi: amd: Limit max transfer and message size (git-fixes). - spi: bcm2835: bcm2835_spi_handle_err(): fix NULL pointer deref for non DMA transfers (git-fixes). - spi: tegra210-quad: add acpi support (jsc#SLE-24570) - spi: tegra210-quad: add new chips to compatible (jsc#SLE-24570) - spi: tegra210-quad: combined sequence mode (jsc#SLE-24570) - spi: tegra210-quad: use device_reset method (jsc#SLE-24570) - spi: tegra210-quad: use devm call for cdata memory (jsc#SLE-24570) - supported.conf: mark marvell octeontx2 crypto driver as supported (jsc#SLE-24682) Mark rvu_cptpf.ko and rvu_cptvf.ko as supported. - supported.conf: rvu_mbox as supported (jsc#SLE-24682) - sysctl: Fix data races in proc_dointvec() (git-fixes). - sysctl: Fix data races in proc_dointvec_jiffies() (git-fixes). - sysctl: Fix data races in proc_dointvec_minmax() (git-fixes). - sysctl: Fix data races in proc_douintvec() (git-fixes). - sysctl: Fix data races in proc_douintvec_minmax() (git-fixes). - sysctl: Fix data races in proc_doulongvec_minmax() (git-fixes). - sysctl: Fix data-races in proc_dointvec_ms_jiffies() (git-fixes). - sysctl: Fix data-races in proc_dou8vec_minmax() (git-fixes). - tee: fix put order in teedev_close_context() (git-fixes). - tty: serial: samsung_tty: set dma burst_size to 1 (git-fixes). - tun: fix bonding active backup with arp monitoring (git-fixes). - usb: dwc3: gadget: Fix event pending check (git-fixes). - usb: serial: ftdi_sio: add Belimo device ids (git-fixes). - usb: typec: add missing uevent when partner support PD (git-fixes). - usbnet: fix memory leak in error case (git-fixes). - veth: Do not record rx queue hint in veth_xmit (git-fixes). - veth: ensure skb entering GRO are not cloned (git-fixes). - video: of_display_timing.h: include errno.h (git-fixes). - virtio_mmio: Add missing PM calls to freeze/restore (git-fixes). - virtio_mmio: Restore guest page size on resume (git-fixes). - vrf: Reset IPCB/IP6CB when processing outbound pkts in vrf dev xmit (git-fixes). - vt: fix memory overlapping when deleting chars in the buffer (git-fixes). - watchdog: export lockup_detector_reconfigure (bsc#1201846 ltc#198761). - wifi: mac80211: fix queue selection for mesh/OCB interfaces (git-fixes). - wifi: mac80211_hwsim: set virtio device ready in probe() (git-fixes). - x86/bugs: Remove apostrophe typo (bsc#1190497). kernel-default-5.14.21-150400.24.18.1.nosrc.rpm True kernel-default-5.14.21-150400.24.18.1.x86_64.rpm True kernel-default-base-5.14.21-150400.24.18.1.150400.24.5.4.src.rpm True kernel-default-base-5.14.21-150400.24.18.1.150400.24.5.4.x86_64.rpm True kernel-default-devel-5.14.21-150400.24.18.1.x86_64.rpm True kernel-devel-5.14.21-150400.24.18.1.noarch.rpm True kernel-macros-5.14.21-150400.24.18.1.noarch.rpm True kernel-source-5.14.21-150400.24.18.1.src.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2022-3302 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This feature update for python310-pip and python-rpm-macros provides: python310-pip: Upgrade from version 20.2.4 to version 22.0.4 (jsc#SLE-24539) - Adjust SPEC file to generate python310 module only - Avoid cycle: BuildRequire ca-certificates only in tests - This version is not compatible with Python 3.6 and thus not suitable for SUSE Linux Enterprise 15. - Drop the doctype check, that presented a warning for index pages that use non-compliant HTML 5. - Print the exception via rich.traceback, when running with `--debug`. - Only calculate topological installation order, for packages that are going to be installed/upgraded. * This error occurred when determining the installation order for a very specific combination of upgrading of already installed packages, change of dependencies and fetching some packages from a package index. This combination was especially common in Read the Docs' builds. - Use html.parser by default, instead of falling back to html5lib when --use-deprecated=html5lib is not passed. - Clarify that using per-requirement overrides disables the usage of wheels. - Instead of failing on index pages that use non-compliant HTML 5, print a deprecation warning and fall back to html5lib-based parsing for now. This simplifies the migration for non-compliant index pages, by letting such indexes function with a warning. - Accept lowercase <!doctype html> on index pages. - Properly handle links parsed by html5lib, when using --use-deprecated=html5lib. - Changed PackageFinder to parse HTML documents using the stdlib :class:`html.parser.HTMLParser` class instead of the html5lib package. - For now, the deprecated html5lib code remains and can be used with the --use-deprecated=html5lib command line option. However, it will be removed in a future pip release. - Completely replace :pypi:`tox` in our development workflow, with :pypi:`nox`. - Deprecate alternative progress bar styles, leaving only on and off as available choices. - Drop support for Python 3.6. - Disable location mismatch warnings on Python versions prior to 3.10. * These warnings were helping identify potential issues as part of the sysconfig -> distutils transition, and we no longer need to rely on reports from older Python versions for information on the transition. - Utilize rich for presenting pip's default download progress bar. - Present a better error message when an invalid wheel file is encountered, providing more context where the invalid wheel file is. - Documents the --require-virtualenv flag for pip install. - pip install <tab> autocompletes paths. - Allow Python distributors to opt-out from or opt-in to the sysconfig installation scheme backend by setting sysconfig._PIP_USE_SYSCONFIG to True or False. - Make it possible to deselect tests requiring cryptography package on systems where it cannot be installed. - Start using Rich for presenting error messages in a consistent format. - Improve presentation of errors from subprocesses. - Forward pip's verbosity configuration to VCS tools to control their output accordingly. - Optimize installation order calculation to improve performance when installing requirements that form a complex dependency graph with a large amount of edges. - When a package is requested by the user for upgrade, correctly identify that the extra-ed variant of that same package depended by another user-requested package is requesting the same package, and upgrade it accordingly. - Prevent pip from installing yanked releases unless explicitly pinned via the `==` or `===` operators. - Stop backtracking on build failures, by instead surfacing them to the user and aborting immediately. This behaviour provides more immediate feedback when a package cannot be built due to missing build dependencies or platform incompatibility. - Silence Value for <location> does not match warning caused by an erroneous patch in Slackware-distributed Python 3.9. - Fix an issue where pip did not consider dependencies with and without extras to be equal - Always refuse installing or building projects that have no ``pyproject.toml`` nor ``setup.py``. - Tweak running-as-root detection, to check ``os.getuid`` if it exists, on Unix-y and non-Linux/non-MacOS machines. - When installing projects with a ``pyproject.toml`` in editable mode, and the build backend does not support :pep:`660`, prepare metadata using ``prepare_metadata_for_build_wheel`` instead of ``setup.py egg_info``. Also, refuse installing projects that only have a ``setup.cfg`` and no ``setup.py`` nor ``pyproject.toml``. These restore the pre-21.3 behaviour. - Restore compatibility of where configuration files are loaded from on MacOS - Upgrade pep517 to 0.12.0 - Improve deprecation warning regarding the copying of source trees when installing from a local directory. - Suppress location mismatch warnings when pip is invoked from a Python source tree, so ``ensurepip`` does not emit warnings on CPython ``make install``. - On Python 3.10 or later, the installation scheme backend has been changed to use ``sysconfig``. This is to anticipate the deprecation of ``distutils`` in Python 3.10, and its scheduled removal in 3.12. For compatibility considerations, pip installations running on Python 3.9 or lower will continue to use ``distutils``. - Remove the ``--build-dir`` option and aliases, one last time. - In-tree builds are now the default. ``--use-feature=in-tree-build`` is now ignored. ``--use-deprecated=out-of-tree-build`` may be used temporarily to ease the transition. - Un-deprecate source distribution re-installation behaviour. - Replace vendored appdirs with platformdirs. - Support `PEP 610 <https://www.python.org/dev/peps/pep-0610/>`_ to detect editable installs in ``pip freeze`` and ``pip list``. The ``pip list`` column output has a new ``Editable project location`` column, and the JSON output has a new ``editable_project_location`` field. - ``pip freeze`` will now always fallback to reporting the editable project location when it encounters a VCS error while analyzing an editable requirement. Before, it sometimes reported the requirement as non-editable. - ``pip show`` now sorts ``Requires`` and ``Required-By`` alphabetically. - Do not raise error when there are no files to remove with ``pip cache purge/remove``. Instead log a warning and continue (to log that we removed 0 files). - When backtracking during dependency resolution, prefer the dependencies which are involved in the most recent conflict. This can significantly reduce the amount of backtracking required. - Cache requirement objects, to improve performance reducing reparses of requirement strings. - Support editable installs for projects that have a ``pyproject.toml`` and use a build backend that supports :pep:`660`. - When a revision is specified in a Git URL, use git's partial clone feature to speed up source retrieval. - Add a ``--debug`` flag, to enable a mode that doesn't log errors and propagates them to the top level instead. This is primarily to aid with debugging pip's crashes. - If a host is explicitly specified as trusted by the user (via the --trusted-host option), cache HTTP responses from it in addition to HTTPS ones. - Present a better error message, when a ``file:`` URL is not found. - Fix the auth credential cache to allow for the case in which the index url contains the username, but the password comes from an external source, such as keyring. - Fix double unescape of HTML ``data-requires-python`` and ``data-yanked`` attributes. - New resolver: Fixes depth ordering of packages during resolution, e.g. a dependency 2 levels deep will be ordered before a dependency 3 levels deep. python-rpm-macros: Update from version 20220106.80d3756 to version 20220809.cf8a7b8 (bsc#1201041) - Pass `--ignore-installed` to `pip install` in %pyproject_install - restore end-of-line in alternative scriptlets - make python_flavored_alternatives less verbose - Move install of libalts from sciptlets to python_clone -a - hard-code %py_ver - print proper error on missing python interpreter - Update compile-macros.sh - Create python_flavored_alternatives and use for testing - Switch primary_interpreter from python38 to python310 - Avoid bashism in %() - Fix flavor executable substitution - Keep python38 as primary python3 - Add python310 to the buildset - Move python39 to the primary place in %pythons - Disable python36 flavor in Factory buildset - Add python310 flavor macros to compile set python-rpm-generators-20220809.cf8a7b8-150400.3.3.1.noarch.rpm python-rpm-macros-20220809.cf8a7b8-150400.3.3.1.noarch.rpm python-rpm-macros-20220809.cf8a7b8-150400.3.3.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2825 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for rsync fixes the following issues: - CVE-2022-29154: Fixed an arbitrary file write when connecting to a malicious server (bsc#1201840). rsync-3.2.3-150400.3.3.1.src.rpm rsync-3.2.3-150400.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3209 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for open-iscsi fixes the following issues: - Set the systemd unit files as non executable. (bsc#1200570) - For openSUSE Tumbleweed, moved logrotate files from user-specific directory `/etc/logrotate.d` to vendor-specific `/usr/etc/logrotate.d` iscsiuio-0.7.8.6-150400.39.8.1.x86_64.rpm libopeniscsiusr0_2_0-2.1.7-150400.39.8.1.x86_64.rpm open-iscsi-2.1.7-150400.39.8.1.src.rpm open-iscsi-2.1.7-150400.39.8.1.x86_64.rpm open-iscsi-devel-2.1.7-150400.39.8.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3019 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for lshw fixes the following issues: - Update to version B.02.19.2+git.20220628 * make version check optional - Update to version B.02.19.2+git.20220310: * Set product name for all netdevs sharing the same PCI number - Update to version B.02.19.2+git.20211222: * Add Spanish translation * Fix mistakes in Catalan translation - Update to version B.02.19.2+git.20211102: * Read and parse network transceiver module eeprom * use max (9) Gzip compression * Add Catalan translation * Update POT file * Add more network speeds - Update to version B.02.19.2+git.20211013: * support for new ethtool capabilities * code clean-up * allow pkg-config override * Translate all words of a phrase together lshw-B.02.19.2+git.20220628-150200.3.12.1.src.rpm lshw-B.02.19.2+git.20220628-150200.3.12.1.x86_64.rpm lshw-lang-B.02.19.2+git.20220628-150200.3.12.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2992 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for kernel-firmware fixes the following issues: - Fix missing aliases (bsc#1200889) kernel-firmware-20220509-150400.4.8.1.src.rpm True kernel-firmware-all-20220509-150400.4.8.1.noarch.rpm True kernel-firmware-amdgpu-20220509-150400.4.8.1.noarch.rpm True kernel-firmware-ath10k-20220509-150400.4.8.1.noarch.rpm True kernel-firmware-ath11k-20220509-150400.4.8.1.noarch.rpm True kernel-firmware-atheros-20220509-150400.4.8.1.noarch.rpm True kernel-firmware-bluetooth-20220509-150400.4.8.1.noarch.rpm True kernel-firmware-bnx2-20220509-150400.4.8.1.noarch.rpm True kernel-firmware-brcm-20220509-150400.4.8.1.noarch.rpm True kernel-firmware-chelsio-20220509-150400.4.8.1.noarch.rpm True kernel-firmware-dpaa2-20220509-150400.4.8.1.noarch.rpm True kernel-firmware-i915-20220509-150400.4.8.1.noarch.rpm True kernel-firmware-intel-20220509-150400.4.8.1.noarch.rpm True kernel-firmware-iwlwifi-20220509-150400.4.8.1.noarch.rpm True kernel-firmware-liquidio-20220509-150400.4.8.1.noarch.rpm True kernel-firmware-marvell-20220509-150400.4.8.1.noarch.rpm True kernel-firmware-media-20220509-150400.4.8.1.noarch.rpm True kernel-firmware-mediatek-20220509-150400.4.8.1.noarch.rpm True kernel-firmware-mellanox-20220509-150400.4.8.1.noarch.rpm True kernel-firmware-mwifiex-20220509-150400.4.8.1.noarch.rpm True kernel-firmware-network-20220509-150400.4.8.1.noarch.rpm True kernel-firmware-nfp-20220509-150400.4.8.1.noarch.rpm True kernel-firmware-nvidia-20220509-150400.4.8.1.noarch.rpm True kernel-firmware-platform-20220509-150400.4.8.1.noarch.rpm True kernel-firmware-prestera-20220509-150400.4.8.1.noarch.rpm True kernel-firmware-qcom-20220509-150400.4.8.1.noarch.rpm True kernel-firmware-qlogic-20220509-150400.4.8.1.noarch.rpm True kernel-firmware-radeon-20220509-150400.4.8.1.noarch.rpm True kernel-firmware-realtek-20220509-150400.4.8.1.noarch.rpm True kernel-firmware-serial-20220509-150400.4.8.1.noarch.rpm True kernel-firmware-sound-20220509-150400.4.8.1.noarch.rpm True kernel-firmware-ti-20220509-150400.4.8.1.noarch.rpm True kernel-firmware-ueagle-20220509-150400.4.8.1.noarch.rpm True kernel-firmware-usb-network-20220509-150400.4.8.1.noarch.rpm True ucode-amd-20220509-150400.4.8.1.noarch.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2022-2691 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for python-M2Crypto fixes the following issues: - CVE-2020-25657: Fixed Bleichenbacher timing attacks in the RSA decryption API (bsc#1178829). python-M2Crypto-0.38.0-150400.3.6.1.src.rpm python3-M2Crypto-0.38.0-150400.3.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2879 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for scap-security-guide fixes the following issues: scap-security-guide was updated to 0.1.63 (jsc#ECO-3319): - multiple bugfixes in SUSE profiles - Expand project guidelines - Add Draft OCP4 STIG profile - Add anssi_bp28_intermediary profile - add products/uos20 to support UnionTech OS Server 20 - products/alinux3: Add CIS Alibaba Cloud Linux 3 profiles - Remove WRLinux Products - Update CIS RHEL8 Benchmark for v2.0.0 SUSE specific issues fixed: - stig: /etc/shadow group owner should not be root but shadow (bsc#1200149) - sles15_script-stig.sh: remediation_functions: No such file or directory (bsc#1200163) - SLES-15-010130 - The SUSE operating system must initiate a session lock after a 15-minute period of inactivity (bsc#1200122) scap-security-guide-0.1.63-150000.1.45.1.noarch.rpm scap-security-guide-0.1.63-150000.1.45.1.src.rpm scap-security-guide-debian-0.1.63-150000.1.45.1.noarch.rpm scap-security-guide-redhat-0.1.63-150000.1.45.1.noarch.rpm scap-security-guide-ubuntu-0.1.63-150000.1.45.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2869 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for u-boot fixes the following issues: - CVE-2022-33103: Fixed a flaw in the squashfs subsystem that could lead to arbitrary code execution (bsc#1201213). u-boot-2021.10-150400.4.11.1.src.rpm u-boot-tools-2021.10-150400.4.11.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2796 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. jitterentropy-3.4.0-150000.1.3.1.src.rpm jitterentropy-devel-3.4.0-150000.1.3.1.x86_64.rpm jitterentropy-devel-32bit-3.4.0-150000.1.3.1.x86_64.rpm jitterentropy-devel-static-3.4.0-150000.1.3.1.x86_64.rpm libjitterentropy3-3.4.0-150000.1.3.1.x86_64.rpm libjitterentropy3-32bit-3.4.0-150000.1.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3179 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for golang-github-prometheus-node_exporter fixes the following issues: - Exclude s390 arch. - Update spec file in order to make --version work (bsc#1196652) golang-github-prometheus-node_exporter-1.3.0-150100.3.15.1.src.rpm golang-github-prometheus-node_exporter-1.3.0-150100.3.15.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3188 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This recommended update for salt fixes the following issues: - Add support for gpgautoimport in zypperpkg module - Update Salt to work with Jinja >= and <= 3.1.0 (bsc#1198744) - Fix salt.states.file.managed() for follow_symlinks=True and test=True (bsc#1199372) - Make Salt 3004 compatible with pyzmq >= 23.0.0 (bsc#1201082) - Add support for name, pkgs and diff_attr parameters to upgrade function for zypper and yum (bsc#1198489) - Fix ownership of salt thin directory when using the Salt Bundle - Set default target for pip from VENV_PIP_TARGET environment variable - Normalize package names once with pkg.installed/removed using yum (bsc#1195895) - Save log to logfile with docker.build - Use Salt Bundle in dockermod - Ignore errors on reading license files with dpkg_lowpkg (bsc#1197288) python3-salt-3004-150400.8.11.1.x86_64.rpm True salt-3004-150400.8.11.1.src.rpm True salt-3004-150400.8.11.1.x86_64.rpm True salt-bash-completion-3004-150400.8.11.1.noarch.rpm True salt-doc-3004-150400.8.11.1.x86_64.rpm True salt-minion-3004-150400.8.11.1.x86_64.rpm True salt-zsh-completion-3004-150400.8.11.1.noarch.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2022-3166 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update fixes the following issues: salt: - Add support for gpgautoimport in zypperpkg module - Update Salt to work with Jinja >= and <= 3.1.0 (bsc#1198744) - Fix salt.states.file.managed() for follow_symlinks=True and test=True (bsc#1199372) - Make Salt 3004 compatible with pyzmq >= 23.0.0 (bsc#1201082) - Add support for name, pkgs and diff_attr parameters to upgrade function for zypper and yum (bsc#1198489) - Fix ownership of salt thin directory when using the Salt Bundle - Set default target for pip from VENV_PIP_TARGET environment variable - Normalize package names once with pkg.installed/removed using yum (bsc#1195895) - Save log to logfile with docker.build - Use Salt Bundle in dockermod - Ignore errors on reading license files with dpkg_lowpkg (bsc#1197288) supportutils-plugin-salt: - Update to version 1.2.1 * Remove ERROR messages on Salt client systems - Declare the LICENSE file as license and not doc supportutils-plugin-salt-1.2.1-150000.3.9.1.noarch.rpm True supportutils-plugin-salt-1.2.1-150000.3.9.1.src.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2022-3256 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for installation-images fixes the following issues: - Leap Micro support (jsc#SMO-126) - rename the SLE Micro -release package (bsc#1199911) installation-images-SLES-16.57.24-150400.3.3.1.src.rpm tftpboot-installation-SLE-15-SP4-aarch64-16.57.24-150400.3.3.1.noarch.rpm tftpboot-installation-SLE-15-SP4-ppc64le-16.57.24-150400.3.3.1.noarch.rpm tftpboot-installation-SLE-15-SP4-s390x-16.57.24-150400.3.3.1.noarch.rpm tftpboot-installation-SLE-15-SP4-x86_64-16.57.24-150400.3.3.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3711 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for multipath-tools fixes the following issues: - CVE-2022-41973: Fixed a symlink attack in multipathd. (bsc#1202739) - CVE-2022-41974: Fixed an authorization bypass issue in multipathd. (bsc#1202739) - Avoid linking to libreadline to avoid licensing issue (bsc#1202616) - libmultipath: fix find_multipaths_timeout for unknown hardware (bsc#1201483) - multipath-tools: fix "multipath -ll" for Native NVME Multipath devices (bsc#1201483) - multipathd: don't switch to DAEMON_IDLE during startup (bsc#1199346, bsc#1197570) - multipathd: avoid delays during uevent processing (bsc#1199347) - multipathd: Don't keep starting TUR threads, if they always hang. (bsc#1199345) - Fix busy loop with delayed_reconfigure (bsc#1199342) - multipath.conf: add support for "protocol" subsection in "overrides" section to set certain config options by protocol. - Removed the previously deprecated options getuid_callout, config_dir, multipath_dir, pg_timeout - Add disclaimer about vendor support - Change built-in defaults for NVMe: group by prio, and immediate failback - Fixes for minor issues reported by coverity - Fix for memory leak with uid_attrs - Updates for built in hardware db - Logging improvements - multipathd: use remove_map_callback for delayed reconfigure - Fix handling of path addition in read-only arrays on NVMe - Updates of built-in hardware database - libmultipath: only warn once about unsupported dev_loss_tmo kpartx-0.9.0+62+suse.3e048d4-150400.4.7.1.x86_64.rpm libdmmp-devel-0.9.0+62+suse.3e048d4-150400.4.7.1.x86_64.rpm libdmmp0_2_0-0.9.0+62+suse.3e048d4-150400.4.7.1.x86_64.rpm libmpath0-0.9.0+62+suse.3e048d4-150400.4.7.1.x86_64.rpm multipath-tools-0.9.0+62+suse.3e048d4-150400.4.7.1.src.rpm multipath-tools-0.9.0+62+suse.3e048d4-150400.4.7.1.x86_64.rpm multipath-tools-devel-0.9.0+62+suse.3e048d4-150400.4.7.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3025 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for plymouth fixes the following issues: - Avoid aborting on multiple font path match, pick the first one. (bsc#1183425) - When screen DPI greater then 160, display will scale output twice. (bsc#1183425, bsc#1184309) libply-boot-client5-0.9.5~git20210406.e554475-150400.3.5.1.x86_64.rpm libply-splash-core5-0.9.5~git20210406.e554475-150400.3.5.1.x86_64.rpm libply-splash-graphics5-0.9.5~git20210406.e554475-150400.3.5.1.x86_64.rpm libply5-0.9.5~git20210406.e554475-150400.3.5.1.x86_64.rpm plymouth-0.9.5~git20210406.e554475-150400.3.5.1.src.rpm plymouth-0.9.5~git20210406.e554475-150400.3.5.1.x86_64.rpm plymouth-devel-0.9.5~git20210406.e554475-150400.3.5.1.x86_64.rpm plymouth-dracut-0.9.5~git20210406.e554475-150400.3.5.1.noarch.rpm plymouth-lang-0.9.5~git20210406.e554475-150400.3.5.1.noarch.rpm plymouth-plugin-label-0.9.5~git20210406.e554475-150400.3.5.1.x86_64.rpm plymouth-plugin-label-ft-0.9.5~git20210406.e554475-150400.3.5.1.x86_64.rpm plymouth-plugin-script-0.9.5~git20210406.e554475-150400.3.5.1.x86_64.rpm plymouth-scripts-0.9.5~git20210406.e554475-150400.3.5.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2973 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for dracut fixes the following issues: - Include fixes to make network-manager module work properly with dracut (bsc#1201975) - Add auto timeout to wicked DHCP test (bsc#1198709) dracut-055+suse.294.gc5bc4bb5-150400.3.8.1.src.rpm dracut-055+suse.294.gc5bc4bb5-150400.3.8.1.x86_64.rpm dracut-fips-055+suse.294.gc5bc4bb5-150400.3.8.1.x86_64.rpm dracut-ima-055+suse.294.gc5bc4bb5-150400.3.8.1.x86_64.rpm dracut-mkinitrd-deprecated-055+suse.294.gc5bc4bb5-150400.3.8.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2877 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for cosign fixes the following issues: - Updated to 1.10.1 (jsc#SLE-23879): - CVE-2022-35929: Fixed an issue where cosign verify-attestation --type could report false positives when there was at least one attestation with a valid signature and there were no attestations of the type being verified (bsc#1202157). cosign-1.10.1-150400.3.3.1.src.rpm cosign-1.10.1-150400.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2925 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for audit-secondary fixes the following issues: - Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519) audit-3.0.6-150400.4.3.1.x86_64.rpm audit-audispd-plugins-3.0.6-150400.4.3.1.x86_64.rpm audit-secondary-3.0.6-150400.4.3.1.src.rpm python3-audit-3.0.6-150400.4.3.1.x86_64.rpm system-group-audit-3.0.6-150400.4.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3118 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for lvm2 fixes the following issues: - Do not use udev for device listing or device information (bsc#1202011) device-mapper-1.02.163-150400.17.3.1.x86_64.rpm device-mapper-devel-1.02.163-150400.17.3.1.x86_64.rpm libdevmapper-event1_03-1.02.163-150400.17.3.1.x86_64.rpm libdevmapper1_03-1.02.163-150400.17.3.1.x86_64.rpm liblvm2cmd2_03-2.03.05-150400.175.1.x86_64.rpm lvm2-2.03.05-150400.175.1.src.rpm lvm2-2.03.05-150400.175.1.x86_64.rpm lvm2-devel-2.03.05-150400.175.1.x86_64.rpm lvm2-device-mapper-2.03.05-150400.17.3.1.src.rpm libdevmapper1_03-32bit-1.02.163-150400.17.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2945 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This recommended update for sssd fixes the following issues: - Fix sssd-common-32bit version conflict (bsc#1202326) libipa_hbac-devel-2.5.2-150400.4.8.1.x86_64.rpm libipa_hbac0-2.5.2-150400.4.8.1.x86_64.rpm libsss_certmap-devel-2.5.2-150400.4.8.1.x86_64.rpm libsss_certmap0-2.5.2-150400.4.8.1.x86_64.rpm libsss_idmap-devel-2.5.2-150400.4.8.1.x86_64.rpm libsss_idmap0-2.5.2-150400.4.8.1.x86_64.rpm libsss_nss_idmap-devel-2.5.2-150400.4.8.1.x86_64.rpm libsss_nss_idmap0-2.5.2-150400.4.8.1.x86_64.rpm libsss_simpleifp-devel-2.5.2-150400.4.8.1.x86_64.rpm libsss_simpleifp0-2.5.2-150400.4.8.1.x86_64.rpm python3-sssd-config-2.5.2-150400.4.8.1.x86_64.rpm sssd-2.5.2-150400.4.8.1.src.rpm sssd-2.5.2-150400.4.8.1.x86_64.rpm sssd-ad-2.5.2-150400.4.8.1.x86_64.rpm sssd-common-2.5.2-150400.4.8.1.x86_64.rpm sssd-common-32bit-2.5.2-150400.4.8.1.x86_64.rpm sssd-dbus-2.5.2-150400.4.8.1.x86_64.rpm sssd-ipa-2.5.2-150400.4.8.1.x86_64.rpm sssd-kcm-2.5.2-150400.4.8.1.x86_64.rpm sssd-krb5-2.5.2-150400.4.8.1.x86_64.rpm sssd-krb5-common-2.5.2-150400.4.8.1.x86_64.rpm sssd-ldap-2.5.2-150400.4.8.1.x86_64.rpm sssd-proxy-2.5.2-150400.4.8.1.x86_64.rpm sssd-tools-2.5.2-150400.4.8.1.x86_64.rpm sssd-winbind-idmap-2.5.2-150400.4.8.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3161 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for hwinfo fixes the following issue: - improve treatment of NVME devices (bsc#1200975) hwinfo-21.83-150400.3.6.1.src.rpm hwinfo-21.83-150400.3.6.1.x86_64.rpm hwinfo-devel-21.83-150400.3.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2947 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for zlib fixes the following issues: - CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175). libminizip1-1.2.11-150000.3.33.1.x86_64.rpm libz1-1.2.11-150000.3.33.1.x86_64.rpm libz1-32bit-1.2.11-150000.3.33.1.x86_64.rpm minizip-devel-1.2.11-150000.3.33.1.x86_64.rpm zlib-1.2.11-150000.3.33.1.src.rpm zlib-devel-1.2.11-150000.3.33.1.x86_64.rpm zlib-devel-static-1.2.11-150000.3.33.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4152 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for novnc fixes the following issues: - For greater compatibility specify string binary as protocol (bsc#1201933) novnc-1.2.0-150100.3.6.1.noarch.rpm novnc-1.2.0-150100.3.6.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3241 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for cups fixes the following issues: - Stuck print jobs being cancelled immediately, despite MaxJobTime being set to 0 (bsc#1201511) cups-2.2.7-150000.3.35.1.src.rpm cups-2.2.7-150000.3.35.1.x86_64.rpm cups-client-2.2.7-150000.3.35.1.x86_64.rpm cups-config-2.2.7-150000.3.35.1.x86_64.rpm cups-devel-2.2.7-150000.3.35.1.x86_64.rpm libcups2-2.2.7-150000.3.35.1.x86_64.rpm libcups2-32bit-2.2.7-150000.3.35.1.x86_64.rpm libcupscgi1-2.2.7-150000.3.35.1.x86_64.rpm libcupsimage2-2.2.7-150000.3.35.1.x86_64.rpm libcupsmime1-2.2.7-150000.3.35.1.x86_64.rpm libcupsppdc1-2.2.7-150000.3.35.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2960 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20220809 release (bsc#1201727): - CVE-2022-21233: Fixed an issue where stale data may have been leaked from the legacy xAPIC MMIO region, which could be used to compromise an SGX enclave (INTEL-SA-00657). See also: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00657.html Other fixes: - Update for functional issues. See also: https://www.intel.com/content/www/us/en/processors/xeon/scalable/xeon-scalable-spec-update.html?wapkw=processor+specification+update - Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | SKX-SP | B1 | 06-55-03/97 | 0100015d | 0100015e | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006d05 | 02006e05 | Xeon Scalable | SKX-D | M1 | 06-55-04/b7 | 02006d05 | 02006e05 | Xeon D-21xx | ICX-SP | D0 | 06-6a-06/87 | 0d000363 | 0d000375 | Xeon Scalable Gen3 | GLK | B0 | 06-7a-01/01 | 0000003a | 0000003c | Pentium Silver N/J5xxx, Celeron N/J4xxx | GLK-R | R0 | 06-7a-08/01 | 0000001e | 00000020 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | ICL-U/Y | D1 | 06-7e-05/80 | 000000b0 | 000000b2 | Core Gen10 Mobile | TGL-R | C0 | 06-8c-02/c2 | 00000026 | 00000028 | Core Gen11 Mobile | TGL-H | R0 | 06-8d-01/c2 | 0000003e | 00000040 | Core Gen11 Mobile | RKL-S | B0 | 06-a7-01/02 | 00000053 | 00000054 | Core Gen11 | ADL | C0 | 06-97-02/03 | 0000001f | 00000022 | Core Gen12 | ADL | C0 | 06-97-05/03 | 0000001f | 00000022 | Core Gen12 | ADL | L0 | 06-9a-03/80 | 0000041c | 00000421 | Core Gen12 | ADL | L0 | 06-9a-04/80 | 0000041c | 00000421 | Core Gen12 | ADL | C0 | 06-bf-02/03 | 0000001f | 00000022 | Core Gen12 | ADL | C0 | 06-bf-05/03 | 0000001f | 00000022 | Core Gen12 ------------------------------------------------------------------ ucode-intel-20220809-150200.18.1.src.rpm True ucode-intel-20220809-150200.18.1.x86_64.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2022-3162 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libyajl fixes the following issues: - CVE-2022-24795: Fixed heap-based buffer overflow when handling large inputs (bsc#1198405). libyajl-2.1.0-150000.4.3.1.src.rpm libyajl-devel-2.1.0-150000.4.3.1.x86_64.rpm libyajl2-2.1.0-150000.4.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2844 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for tar fixes the following issues: - A regression in a previous update lead to potential deadlocks when extracting an archive. (bsc#1202436) tar-1.34-150000.3.18.1.src.rpm tar-1.34-150000.3.18.1.x86_64.rpm tar-lang-1.34-150000.3.18.1.noarch.rpm tar-rmt-1.34-150000.3.18.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3525 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for cifs-utils fixes the following issues: - Fix changelog to include Bugzilla and CVE tracker id numbers missing from previous update cifs-utils-6.15-150400.3.9.1.src.rpm cifs-utils-6.15-150400.3.9.1.x86_64.rpm cifs-utils-devel-6.15-150400.3.9.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2920 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for systemd fixes the following issues: - Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795) - Drop or soften some of the deprecation warnings (jsc#PED-944) - Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059) - Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default - analyze: Fix offline check for syscal filter - calendarspec: Fix timer skipping the next elapse - core: Allow command argument to be longer - hwdb: Add AV production controllers to hwdb and add uaccess - hwdb: Allow console users access to rfkill - hwdb: Allow end-users root-less access to TL866 EPROM readers - hwdb: Permit unsetting power/persist for USB devices - hwdb: Tag IR cameras as such - hwdb: Fix parsing issue - hwdb: Make usb match patterns uppercase - hwdb: Update the hardware database - journal-file: Stop using the event loop if it's already shutting down - journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called - journald: Ensure resources are properly allocated for SIGTERM handling - kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed - macro: Account for negative values in DECIMAL_STR_WIDTH() - manager: Disallow clone3() function call in seccomp filters - missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing - pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable - resolve: Fix typo in dns_class_is_pseudo() - sd-event: Improve handling of process events and termination of processes - sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces - stdio-bridge: Improve the meaning of the error message - tmpfiles: Check for the correct directory libsystemd0-249.12-150400.8.10.1.x86_64.rpm True libsystemd0-32bit-249.12-150400.8.10.1.x86_64.rpm True libudev1-249.12-150400.8.10.1.x86_64.rpm True libudev1-32bit-249.12-150400.8.10.1.x86_64.rpm True systemd-249.12-150400.8.10.1.src.rpm True systemd-249.12-150400.8.10.1.x86_64.rpm True systemd-container-249.12-150400.8.10.1.x86_64.rpm True systemd-coredump-249.12-150400.8.10.1.x86_64.rpm True systemd-devel-249.12-150400.8.10.1.x86_64.rpm True systemd-doc-249.12-150400.8.10.1.x86_64.rpm True systemd-lang-249.12-150400.8.10.1.noarch.rpm True systemd-sysvinit-249.12-150400.8.10.1.x86_64.rpm True udev-249.12-150400.8.10.1.x86_64.rpm True systemd-32bit-249.12-150400.8.10.1.x86_64.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2022-2853 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for python-iniconfig provides the following fix: - Ship python3-iniconfig also to openSUSE 15.3 and 15.4 (bsc#1202498) python-iniconfig-1.1.1-150000.1.5.1.src.rpm python3-iniconfig-1.1.1-150000.1.5.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2943 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for python-iniconfig provides the following fix: - Ship missing python2-iniconfig to openSUSE 15.3 (bsc#1202498) python-iniconfig-1.1.1-150000.1.7.1.src.rpm python3-iniconfig-1.1.1-150000.1.7.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3142 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for icu fixes the following issues: - CVE-2020-21913: Fixed a memory safetey issue that could lead to use after free (bsc#1193951). icu-65.1-150200.4.5.1.src.rpm libicu-devel-65.1-150200.4.5.1.x86_64.rpm libicu-suse65_1-65.1-150200.4.5.1.x86_64.rpm libicu65_1-ledata-65.1-150200.4.5.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2908 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for python-lxml fixes the following issues: - CVE-2022-2309: Fixed NULL pointer dereference due to state leak between parser runs (bsc#1201253). python-lxml-4.7.1-150200.3.10.1.src.rpm python3-lxml-4.7.1-150200.3.10.1.x86_64.rpm python3-lxml-devel-4.7.1-150200.3.10.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3093 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for python-Flask-Security-Too fixes the following issues: - CVE-2021-21241: Fixed an issue where GET requests lacking CSRF protection to certain endpoints could return the user's authentication token (bsc#1181058). python-Flask-Security-Too-3.4.2-150200.3.3.1.src.rpm python3-Flask-Security-Too-3.4.2-150200.3.3.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3252 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for freetype2 fixes the following issues: - CVE-2022-27404 Fixed a segmentation fault via a crafted typeface (bsc#1198830). - CVE-2022-27405 Fixed a buffer overflow via a crafted typeface (bsc#1198832). - CVE-2022-27406 Fixed a segmentation fault via a crafted typeface (bsc#1198823). Non-security fixes: - Updated to version 2.10.4 freetype2-2.10.4-150000.4.12.1.src.rpm freetype2-devel-2.10.4-150000.4.12.1.x86_64.rpm libfreetype6-2.10.4-150000.4.12.1.x86_64.rpm libfreetype6-32bit-2.10.4-150000.4.12.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3003 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for curl fixes the following issues: - CVE-2022-35252: Fixed a potential injection of control characters into cookies, which could be exploited by sister sites to cause a denial of service (bsc#1202593). curl-7.79.1-150400.5.6.1.src.rpm curl-7.79.1-150400.5.6.1.x86_64.rpm libcurl-devel-7.79.1-150400.5.6.1.x86_64.rpm libcurl4-32bit-7.79.1-150400.5.6.1.x86_64.rpm libcurl4-7.79.1-150400.5.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3298 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for python-psutil fixes the following issues: - Adopt change of used memory calculation from upstream of procps (bsc#1181475) python-psutil-5.8.0-150300.3.3.2.src.rpm python3-psutil-5.8.0-150300.3.3.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2972 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This feature update for python-kubernetes provides: - Deliver python3-kubernetes to the Containers Module 15 SP4. (jsc#SLE-17904, MSC-443) * Deliver python3-google-auth to Basesystem Module 15 SP4 as dependency of python3-kubernetes. * Deliver python3-cachetools to Basesystem Module 15 SP4 as dependency of python3-google-auth. - There are no visible changes for the final user. python-cachetools-4.1.0-150200.3.4.1.src.rpm python-google-auth-1.21.2-150300.3.6.1.src.rpm python3-cachetools-4.1.0-150200.3.4.1.noarch.rpm python3-google-auth-1.21.2-150300.3.6.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2939 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for mozilla-nss fixes the following issues: Update to NSS 3.79.1 (bsc#1202645) * compare signature and signatureAlgorithm fields in legacy certificate verifier. * Uninitialized value in cert_ComputeCertType. * protect SFTKSlot needLogin with slotLock. * avoid data race on primary password change. * check for null template in sec_asn1{d,e}_push_state. - FIPS: unapprove the rest of the DSA ciphers, keeping signature verification only (bsc#1201298). libfreebl3-3.79.1-150400.3.10.2.x86_64.rpm libfreebl3-32bit-3.79.1-150400.3.10.2.x86_64.rpm libfreebl3-hmac-3.79.1-150400.3.10.2.x86_64.rpm libsoftokn3-3.79.1-150400.3.10.2.x86_64.rpm libsoftokn3-32bit-3.79.1-150400.3.10.2.x86_64.rpm libsoftokn3-hmac-3.79.1-150400.3.10.2.x86_64.rpm libsoftokn3-hmac-32bit-3.79.1-150400.3.10.2.x86_64.rpm mozilla-nss-3.79.1-150400.3.10.2.src.rpm mozilla-nss-3.79.1-150400.3.10.2.x86_64.rpm mozilla-nss-32bit-3.79.1-150400.3.10.2.x86_64.rpm mozilla-nss-certs-3.79.1-150400.3.10.2.x86_64.rpm mozilla-nss-devel-3.79.1-150400.3.10.2.x86_64.rpm mozilla-nss-sysinit-3.79.1-150400.3.10.2.x86_64.rpm mozilla-nss-tools-3.79.1-150400.3.10.2.x86_64.rpm libfreebl3-hmac-32bit-3.79.1-150400.3.10.2.x86_64.rpm mozilla-nss-certs-32bit-3.79.1-150400.3.10.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2936 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for open-vm-tools fixes the following issues: - Updated to version 12.1.0 (build 20219665) (bsc#1202733): - CVE-2022-31676: Fixed an issue that could allow unprivileged users inside a virtual machine to escalate privileges (bsc#1202657). libvmtools-devel-12.1.0-150300.19.1.x86_64.rpm libvmtools0-12.1.0-150300.19.1.x86_64.rpm open-vm-tools-12.1.0-150300.19.1.src.rpm open-vm-tools-12.1.0-150300.19.1.x86_64.rpm open-vm-tools-sdmp-12.1.0-150300.19.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2929 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for timezone fixes the following issue: - Reflect new Chile DST change (bsc#1202310) timezone-2022a-150000.75.10.1.src.rpm timezone-2022a-150000.75.10.1.x86_64.rpm timezone-java-2022a-150000.75.10.1.noarch.rpm timezone-java-2022a-150000.75.10.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3262 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140) gcc11-11.3.0+git1637-150000.1.11.2.src.rpm libada11-11.3.0+git1637-150000.1.11.2.x86_64.rpm libada11-32bit-11.3.0+git1637-150000.1.11.2.x86_64.rpm libasan6-11.3.0+git1637-150000.1.11.2.x86_64.rpm libasan6-32bit-11.3.0+git1637-150000.1.11.2.x86_64.rpm libatomic1-11.3.0+git1637-150000.1.11.2.x86_64.rpm libatomic1-32bit-11.3.0+git1637-150000.1.11.2.x86_64.rpm libgcc_s1-11.3.0+git1637-150000.1.11.2.x86_64.rpm libgcc_s1-32bit-11.3.0+git1637-150000.1.11.2.x86_64.rpm libgfortran5-11.3.0+git1637-150000.1.11.2.x86_64.rpm libgfortran5-32bit-11.3.0+git1637-150000.1.11.2.x86_64.rpm libgo19-11.3.0+git1637-150000.1.11.2.x86_64.rpm libgo19-32bit-11.3.0+git1637-150000.1.11.2.x86_64.rpm libgomp1-11.3.0+git1637-150000.1.11.2.x86_64.rpm libgomp1-32bit-11.3.0+git1637-150000.1.11.2.x86_64.rpm libitm1-11.3.0+git1637-150000.1.11.2.x86_64.rpm libitm1-32bit-11.3.0+git1637-150000.1.11.2.x86_64.rpm liblsan0-11.3.0+git1637-150000.1.11.2.x86_64.rpm libobjc4-11.3.0+git1637-150000.1.11.2.x86_64.rpm libobjc4-32bit-11.3.0+git1637-150000.1.11.2.x86_64.rpm libquadmath0-11.3.0+git1637-150000.1.11.2.x86_64.rpm libquadmath0-32bit-11.3.0+git1637-150000.1.11.2.x86_64.rpm libstdc++6-11.3.0+git1637-150000.1.11.2.x86_64.rpm libstdc++6-32bit-11.3.0+git1637-150000.1.11.2.x86_64.rpm libstdc++6-devel-gcc11-11.3.0+git1637-150000.1.11.2.x86_64.rpm libstdc++6-locale-11.3.0+git1637-150000.1.11.2.x86_64.rpm libstdc++6-pp-gcc11-11.3.0+git1637-150000.1.11.2.x86_64.rpm libstdc++6-pp-gcc11-32bit-11.3.0+git1637-150000.1.11.2.x86_64.rpm libtsan0-11.3.0+git1637-150000.1.11.2.x86_64.rpm libubsan1-11.3.0+git1637-150000.1.11.2.x86_64.rpm libubsan1-32bit-11.3.0+git1637-150000.1.11.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3327 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for oniguruma fixes the following issues: - CVE-2019-19246: Fixed an out of bounds access during regular expression matching (bsc#1157805). - CVE-2019-19204: Fixed an out of bounds access when compiling a crafted regular expression (bsc#1164569). - CVE-2019-19203: Fixed an out of bounds access when performing a string search (bsc#1164550). - CVE-2019-16163: Fixed an uncontrolled recursion issue when compiling a crafted regular expression, which could lead to denial of service (bsc#1150130). - CVE-2020-26159: Fixed an off-by-one buffer overflow (bsc#1177179). - CVE-2019-13224: Fixed a potential use-after-free when handling multiple different encodings (bsc#1142847). libonig4-6.7.0-150000.3.3.1.x86_64.rpm oniguruma-6.7.0-150000.3.3.1.src.rpm oniguruma-devel-6.7.0-150000.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3122 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for amavisd-milter fixes the following issues: - Provide the missing amavisd-milter in version 1.7.2. (bsc#1202232) * amavisd-milter was initially part of amavisd-new but it is now an independent source package. * The SMTP_AUTH* attributes are missing in policy_bank. * Added hardening to systemd service(s) with a modified amavisd-milter.service * An empty sender must always be enclosed in angle brackets. * Fork after initializing milter socket. * Use client_name if available instead of hostname passed to xxfi_connect. * Generate amamvisd-milter.8 from AMAVISD-MILTER.md. * Removed obsoleted file amavisd-milter.spec. amavisd-milter-1.7.2-150400.9.3.1.src.rpm amavisd-milter-1.7.2-150400.9.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-2967 critical SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for Mesa fixes the following issues: - Revert bsc#1200965 and make Xorg and Mesa able to load "i965" driver again. (bsc#1202850) Mesa-21.2.4-150400.68.6.1.src.rpm Mesa-21.2.4-150400.68.6.1.x86_64.rpm Mesa-KHR-devel-21.2.4-150400.68.6.1.x86_64.rpm Mesa-devel-21.2.4-150400.68.6.1.x86_64.rpm Mesa-dri-21.2.4-150400.68.6.1.x86_64.rpm Mesa-dri-devel-21.2.4-150400.68.6.1.x86_64.rpm Mesa-drivers-21.2.4-150400.68.6.1.src.rpm Mesa-gallium-21.2.4-150400.68.6.1.x86_64.rpm Mesa-gallium-32bit-21.2.4-150400.68.6.1.x86_64.rpm Mesa-libEGL-devel-21.2.4-150400.68.6.1.x86_64.rpm Mesa-libEGL1-21.2.4-150400.68.6.1.x86_64.rpm Mesa-libGL-devel-21.2.4-150400.68.6.1.x86_64.rpm Mesa-libGL1-21.2.4-150400.68.6.1.x86_64.rpm Mesa-libGLESv1_CM-devel-21.2.4-150400.68.6.1.x86_64.rpm Mesa-libGLESv2-devel-21.2.4-150400.68.6.1.x86_64.rpm Mesa-libGLESv3-devel-21.2.4-150400.68.6.1.x86_64.rpm Mesa-libVulkan-devel-21.2.4-150400.68.6.1.x86_64.rpm Mesa-libd3d-21.2.4-150400.68.6.1.x86_64.rpm Mesa-libd3d-devel-21.2.4-150400.68.6.1.x86_64.rpm Mesa-libglapi-devel-21.2.4-150400.68.6.1.x86_64.rpm Mesa-libglapi0-21.2.4-150400.68.6.1.x86_64.rpm Mesa-libglapi0-32bit-21.2.4-150400.68.6.1.x86_64.rpm Mesa-libva-21.2.4-150400.68.6.1.x86_64.rpm Mesa-vulkan-device-select-21.2.4-150400.68.6.1.x86_64.rpm Mesa-vulkan-overlay-21.2.4-150400.68.6.1.x86_64.rpm libOSMesa-devel-21.2.4-150400.68.6.1.x86_64.rpm libOSMesa8-21.2.4-150400.68.6.1.x86_64.rpm libgbm-devel-21.2.4-150400.68.6.1.x86_64.rpm libgbm1-21.2.4-150400.68.6.1.x86_64.rpm libgbm1-32bit-21.2.4-150400.68.6.1.x86_64.rpm libvdpau_r300-21.2.4-150400.68.6.1.x86_64.rpm libvdpau_r600-21.2.4-150400.68.6.1.x86_64.rpm libvdpau_radeonsi-21.2.4-150400.68.6.1.x86_64.rpm libvulkan_intel-21.2.4-150400.68.6.1.x86_64.rpm libvulkan_lvp-21.2.4-150400.68.6.1.x86_64.rpm libvulkan_radeon-21.2.4-150400.68.6.1.x86_64.rpm libxatracker-devel-1.0.0-150400.68.6.1.x86_64.rpm libxatracker2-1.0.0-150400.68.6.1.x86_64.rpm Mesa-32bit-21.2.4-150400.68.6.1.x86_64.rpm Mesa-dri-32bit-21.2.4-150400.68.6.1.x86_64.rpm Mesa-libEGL1-32bit-21.2.4-150400.68.6.1.x86_64.rpm Mesa-libGL1-32bit-21.2.4-150400.68.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3395 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for ca-certificates-mozilla fixes the following issues: Updated to 2.56 state of Mozilla SSL root CAs (bsc#1202868) - Added: - Certainly Root E1 - Certainly Root R1 - DigiCert SMIME ECC P384 Root G5 - DigiCert SMIME RSA4096 Root G5 - DigiCert TLS ECC P384 Root G5 - DigiCert TLS RSA4096 Root G5 - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 - Removed: - Hellenic Academic and Research Institutions RootCA 2011 Updated to 2.54 state of Mozilla SSL root CAs (bsc#1199079) - Added: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - D-TRUST BR Root CA 1 2020 - D-TRUST EV Root CA 1 2020 - GlobalSign ECC Root CA R4 - GTS Root R1 - GTS Root R2 - GTS Root R3 - GTS Root R4 - HiPKI Root CA - G1 - ISRG Root X2 - Telia Root CA v2 - vTrus ECC Root CA - vTrus Root CA - Removed: - Cybertrust Global Root - DST Root CA X3 - DigiNotar PKIoverheid CA Organisatie - G2 - GlobalSign ECC Root CA R4 - GlobalSign Root CA R2 - GTS Root R1 - GTS Root R2 - GTS Root R3 - GTS Root R4 Updated to 2.50 state of the Mozilla NSS Certificate store (bsc#1188006) - Added: - HARICA Client ECC Root CA 2021 - HARICA Client RSA Root CA 2021 - HARICA TLS ECC Root CA 2021 - HARICA TLS RSA Root CA 2021 - TunTrust Root CA Updated to 2.46 state of the Mozilla NSS Certificate store (bsc#1181994) - Added new root CAs: - NAVER Global Root Certification Authority - Removed old root CAs: - GeoTrust Global CA - GeoTrust Primary Certification Authority - GeoTrust Primary Certification Authority - G3 - GeoTrust Universal CA - GeoTrust Universal CA 2 - thawte Primary Root CA - thawte Primary Root CA - G2 - thawte Primary Root CA - G3 - VeriSign Class 3 Public Primary Certification Authority - G4 - VeriSign Class 3 Public Primary Certification Authority - G5 ca-certificates-mozilla-2.56-150200.24.1.noarch.rpm ca-certificates-mozilla-2.56-150200.24.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3137 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for webkit2gtk3 fixes the following issues: - Updated to version 2.36.7 (bsc#1202807): - CVE-2022-32893: Fixed an issue that would be triggered when processing malicious web content and that could lead to arbitrary code execution. - Fixed several crashes and rendering issues. - Updated to version 2.36.6: - Fixed handling of touchpad scrolling on GTK4 builds - Fixed WebKitGTK not allowing to be used from non-main threads (bsc#1202169). - Fixed several crashes and rendering issues libjavascriptcoregtk-4_0-18-2.36.7-150400.4.12.1.x86_64.rpm libwebkit2gtk-4_0-37-2.36.7-150400.4.12.1.x86_64.rpm typelib-1_0-JavaScriptCore-4_0-2.36.7-150400.4.12.1.x86_64.rpm typelib-1_0-WebKit2-4_0-2.36.7-150400.4.12.1.x86_64.rpm typelib-1_0-WebKit2WebExtension-4_0-2.36.7-150400.4.12.1.x86_64.rpm webkit2gtk-4_0-injected-bundles-2.36.7-150400.4.12.1.x86_64.rpm webkit2gtk3-soup2-2.36.7-150400.4.12.1.src.rpm webkit2gtk3-soup2-devel-2.36.7-150400.4.12.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3452 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for glibc fixes the following issues: - Reversing calculation of __x86_shared_non_temporal_threshold (bsc#1201942) - powerpc: Optimized memcmp for power10 (jsc#PED-987) glibc-2.31-150300.41.1.src.rpm glibc-2.31-150300.41.1.x86_64.rpm glibc-devel-2.31-150300.41.1.x86_64.rpm glibc-extra-2.31-150300.41.1.x86_64.rpm glibc-i18ndata-2.31-150300.41.1.noarch.rpm glibc-info-2.31-150300.41.1.noarch.rpm glibc-lang-2.31-150300.41.1.noarch.rpm glibc-locale-2.31-150300.41.1.x86_64.rpm glibc-locale-base-2.31-150300.41.1.x86_64.rpm glibc-locale-base-32bit-2.31-150300.41.1.x86_64.rpm glibc-profile-2.31-150300.41.1.x86_64.rpm nscd-2.31-150300.41.1.x86_64.rpm glibc-32bit-2.31-150300.41.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3308 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for mdadm fixes the following issues: - imsm: support for third Sata controller (bsc#1201297) - mdadm: enable Intel Alderlake RSTe configuration (bsc#1201297) mdadm-4.1-150300.24.18.1.src.rpm mdadm-4.1-150300.24.18.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3094 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libostree fixes the following issues: - CVE-2014-9862: Fixed a memory corruption issue that could be triggered when diffing binary files (bsc#1201770). libostree-1-1-2021.6-150400.3.3.1.x86_64.rpm libostree-2021.6-150400.3.3.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3249 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for clamav fixes the following issues: clamav was updated to 0.103.7 (bsc#1202986) * Upgrade the vendored UnRAR library to version 6.1.7. * Fix logical signature "Intermediates" feature. * Relax constraints on slightly malformed zip archives that contain overlapping file entries. clamav-0.103.7-150000.3.41.1.src.rpm clamav-0.103.7-150000.3.41.1.x86_64.rpm clamav-devel-0.103.7-150000.3.41.1.x86_64.rpm libclamav9-0.103.7-150000.3.41.1.x86_64.rpm libfreshclam2-0.103.7-150000.3.41.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3229 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for vim fixes the following issues: Updated to version 9.0 with patch level 0313: - CVE-2022-2183: Fixed out-of-bounds read through get_lisp_indent() (bsc#1200902). - CVE-2022-2182: Fixed heap-based buffer overflow through parse_cmd_address() (bsc#1200903). - CVE-2022-2175: Fixed buffer over-read through cmdline_insert_reg() (bsc#1200904). - CVE-2022-2304: Fixed stack buffer overflow in spell_dump_compl() (bsc#1201249). - CVE-2022-2343: Fixed heap-based buffer overflow in GitHub repository vim prior to 9.0.0044 (bsc#1201356). - CVE-2022-2344: Fixed another heap-based buffer overflow vim prior to 9.0.0045 (bsc#1201359). - CVE-2022-2345: Fixed use after free in GitHub repository vim prior to 9.0.0046. (bsc#1201363). - CVE-2022-2819: Fixed heap-based Buffer Overflow in compile_lock_unlock() (bsc#1202414). - CVE-2022-2874: Fixed NULL Pointer Dereference in generate_loadvar() (bsc#1202552). - CVE-2022-1968: Fixed use after free in utf_ptr2char (bsc#1200270). - CVE-2022-2124: Fixed out of bounds read in current_quote() (bsc#1200697). - CVE-2022-2125: Fixed out of bounds read in get_lisp_indent() (bsc#1200698). - CVE-2022-2126: Fixed out of bounds read in suggest_trie_walk() (bsc#1200700). - CVE-2022-2129: Fixed out of bounds write in vim_regsub_both() (bsc#1200701). - CVE-2022-1720: Fixed out of bounds read in grab_file_name() (bsc#1200732). - CVE-2022-2264: Fixed out of bounds read in inc() (bsc#1201132). - CVE-2022-2284: Fixed out of bounds read in utfc_ptr2len() (bsc#1201133). - CVE-2022-2285: Fixed negative size passed to memmove() due to integer overflow (bsc#1201134). - CVE-2022-2286: Fixed out of bounds read in ins_bytes() (bsc#1201135). - CVE-2022-2287: Fixed out of bounds read in suggest_trie_walk() (bsc#1201136). - CVE-2022-2231: Fixed null pointer dereference skipwhite() (bsc#1201150). - CVE-2022-2210: Fixed out of bounds read in ml_append_int() (bsc#1201151). - CVE-2022-2208: Fixed null pointer dereference in diff_check() (bsc#1201152). - CVE-2022-2207: Fixed out of bounds read in ins_bs() (bsc#1201153). - CVE-2022-2257: Fixed out of bounds read in msg_outtrans_special() (bsc#1201154). - CVE-2022-2206: Fixed out of bounds read in msg_outtrans_attr() (bsc#1201155). - CVE-2022-2522: Fixed out of bounds read via nested autocommand (bsc#1201863). - CVE-2022-2571: Fixed heap-based buffer overflow related to ins_comp_get_next_word_or_line() (bsc#1202046). - CVE-2022-2580: Fixed heap-based buffer overflow related to eval_string() (bsc#1202049). - CVE-2022-2581: Fixed out-of-bounds read related to cstrchr() (bsc#1202050). - CVE-2022-2598: Fixed undefined behavior for Input to API related to diff_mark_adjust_tp() and ex_diffgetput() (bsc#1202051). - CVE-2022-2817: Fixed use after gree in f_assert_fails() (bsc#1202420). - CVE-2022-2816: Fixed out-of-bounds Read in check_vim9_unlet() (bsc#1202421). - CVE-2022-2862: Fixed use-after-free in compile_nested_function() (bsc#1202511). - CVE-2022-2849: Fixed invalid memory access related to mb_ptr2len() (bsc#1202512). - CVE-2022-2845: Fixed buffer Over-read related to display_dollar() (bsc#1202515). - CVE-2022-2889: Fixed use-after-free in find_var_also_in_script() in evalvars.c (bsc#1202599). - CVE-2022-2923: Fixed NULL pointer dereference in GitHub repository vim/vim prior to 9.0.0240 (bsc#1202687). - CVE-2022-2946: Fixed use after free in function vim_vsnprintf_typval (bsc#1202689). - CVE-2022-3016: Fixed use after free in vim prior to 9.0.0285 (bsc#1202862). Bugfixes: - Fixing vim error on startup (bsc#1200884). - Fixing vim SUSE Linux Enterprise Server 15 SP4 Basesystem plugin-tlib issue (bsc#1201620). vim-9.0.0313-150000.5.25.1.src.rpm vim-9.0.0313-150000.5.25.1.x86_64.rpm vim-data-9.0.0313-150000.5.25.1.noarch.rpm vim-data-common-9.0.0313-150000.5.25.1.noarch.rpm vim-small-9.0.0313-150000.5.25.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3304 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libassuan fixes the following issues: - Add a timeout for writing to a SOCKS5 proxy - Add workaround for a problem with LD_LIBRARY_PATH on newer systems - Fix issue in the logging code - Fix some build trivialities - Upgrade autoconf libassuan-2.5.5-150000.4.3.1.src.rpm libassuan-devel-2.5.5-150000.4.3.1.x86_64.rpm libassuan0-2.5.5-150000.4.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3244 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for samba fixes the following issues: - CVE-2022-1615: Fixed error handling in random number generation (bso#15103)(bsc#1202976). - CVE-2022-32743: Implement validated dnsHostName write rights (bso#14833)(bsc#1202803). Bugfixes: - Fixed use after free when iterating smbd_server_connection->connections after tree disconnect failure (bso#15128)(bsc#1200102). libsamba-policy-devel-4.15.8+git.527.8d0c05d313e-150400.3.14.1.x86_64.rpm libsamba-policy-python3-devel-4.15.8+git.527.8d0c05d313e-150400.3.14.1.x86_64.rpm libsamba-policy0-python3-4.15.8+git.527.8d0c05d313e-150400.3.14.1.x86_64.rpm samba-4.15.8+git.527.8d0c05d313e-150400.3.14.1.src.rpm samba-4.15.8+git.527.8d0c05d313e-150400.3.14.1.x86_64.rpm samba-ad-dc-libs-4.15.8+git.527.8d0c05d313e-150400.3.14.1.x86_64.rpm samba-ceph-4.15.8+git.527.8d0c05d313e-150400.3.14.1.x86_64.rpm samba-client-4.15.8+git.527.8d0c05d313e-150400.3.14.1.x86_64.rpm samba-client-libs-4.15.8+git.527.8d0c05d313e-150400.3.14.1.x86_64.rpm samba-devel-4.15.8+git.527.8d0c05d313e-150400.3.14.1.x86_64.rpm samba-dsdb-modules-4.15.8+git.527.8d0c05d313e-150400.3.14.1.x86_64.rpm samba-gpupdate-4.15.8+git.527.8d0c05d313e-150400.3.14.1.x86_64.rpm samba-ldb-ldap-4.15.8+git.527.8d0c05d313e-150400.3.14.1.x86_64.rpm samba-libs-4.15.8+git.527.8d0c05d313e-150400.3.14.1.x86_64.rpm samba-libs-python3-4.15.8+git.527.8d0c05d313e-150400.3.14.1.x86_64.rpm samba-python3-4.15.8+git.527.8d0c05d313e-150400.3.14.1.x86_64.rpm samba-winbind-4.15.8+git.527.8d0c05d313e-150400.3.14.1.x86_64.rpm samba-winbind-libs-4.15.8+git.527.8d0c05d313e-150400.3.14.1.x86_64.rpm samba-client-libs-32bit-4.15.8+git.527.8d0c05d313e-150400.3.14.1.x86_64.rpm samba-libs-32bit-4.15.8+git.527.8d0c05d313e-150400.3.14.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3153 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for gdk-pixbuf fixes the following issues: Update to version 2.42.9: - CVE-2021-44648: Fixed overflow vulnerability in lzw code size (bsc#1194633). Bugfixes: - Fixed loading of larger images (glgo#GNOME/gdk-pixbuf#216). - Avoided bashism in baselibs postscript (bsc#1195391). gdk-pixbuf-2.42.9-150400.5.6.1.src.rpm gdk-pixbuf-devel-2.42.9-150400.5.6.1.x86_64.rpm gdk-pixbuf-lang-2.42.9-150400.5.6.1.noarch.rpm gdk-pixbuf-query-loaders-2.42.9-150400.5.6.1.x86_64.rpm gdk-pixbuf-query-loaders-32bit-2.42.9-150400.5.6.1.x86_64.rpm gdk-pixbuf-thumbnailer-2.42.9-150400.5.6.1.x86_64.rpm libgdk_pixbuf-2_0-0-2.42.9-150400.5.6.1.x86_64.rpm typelib-1_0-GdkPixbuf-2_0-2.42.9-150400.5.6.1.x86_64.rpm typelib-1_0-GdkPixdata-2_0-2.42.9-150400.5.6.1.x86_64.rpm libgdk_pixbuf-2_0-0-32bit-2.42.9-150400.5.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3301 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for Mesa fixes the following issues: - Do not use 'iris' as default driver on Intel Gen8-11 hardware but 'i965'. (bsc#1202850) Mesa-21.2.4-150400.68.9.1.src.rpm Mesa-21.2.4-150400.68.9.1.x86_64.rpm Mesa-KHR-devel-21.2.4-150400.68.9.1.x86_64.rpm Mesa-devel-21.2.4-150400.68.9.1.x86_64.rpm Mesa-dri-21.2.4-150400.68.9.1.x86_64.rpm Mesa-dri-devel-21.2.4-150400.68.9.1.x86_64.rpm Mesa-drivers-21.2.4-150400.68.9.1.src.rpm Mesa-gallium-21.2.4-150400.68.9.1.x86_64.rpm Mesa-gallium-32bit-21.2.4-150400.68.9.1.x86_64.rpm Mesa-libEGL-devel-21.2.4-150400.68.9.1.x86_64.rpm Mesa-libEGL1-21.2.4-150400.68.9.1.x86_64.rpm Mesa-libGL-devel-21.2.4-150400.68.9.1.x86_64.rpm Mesa-libGL1-21.2.4-150400.68.9.1.x86_64.rpm Mesa-libGLESv1_CM-devel-21.2.4-150400.68.9.1.x86_64.rpm Mesa-libGLESv2-devel-21.2.4-150400.68.9.1.x86_64.rpm Mesa-libGLESv3-devel-21.2.4-150400.68.9.1.x86_64.rpm Mesa-libVulkan-devel-21.2.4-150400.68.9.1.x86_64.rpm Mesa-libd3d-21.2.4-150400.68.9.1.x86_64.rpm Mesa-libd3d-devel-21.2.4-150400.68.9.1.x86_64.rpm Mesa-libglapi-devel-21.2.4-150400.68.9.1.x86_64.rpm Mesa-libglapi0-21.2.4-150400.68.9.1.x86_64.rpm Mesa-libglapi0-32bit-21.2.4-150400.68.9.1.x86_64.rpm Mesa-libva-21.2.4-150400.68.9.1.x86_64.rpm Mesa-vulkan-device-select-21.2.4-150400.68.9.1.x86_64.rpm Mesa-vulkan-overlay-21.2.4-150400.68.9.1.x86_64.rpm libOSMesa-devel-21.2.4-150400.68.9.1.x86_64.rpm libOSMesa8-21.2.4-150400.68.9.1.x86_64.rpm libgbm-devel-21.2.4-150400.68.9.1.x86_64.rpm libgbm1-21.2.4-150400.68.9.1.x86_64.rpm libgbm1-32bit-21.2.4-150400.68.9.1.x86_64.rpm libvdpau_r300-21.2.4-150400.68.9.1.x86_64.rpm libvdpau_r600-21.2.4-150400.68.9.1.x86_64.rpm libvdpau_radeonsi-21.2.4-150400.68.9.1.x86_64.rpm libvulkan_intel-21.2.4-150400.68.9.1.x86_64.rpm libvulkan_lvp-21.2.4-150400.68.9.1.x86_64.rpm libvulkan_radeon-21.2.4-150400.68.9.1.x86_64.rpm libxatracker-devel-1.0.0-150400.68.9.1.x86_64.rpm libxatracker2-1.0.0-150400.68.9.1.x86_64.rpm Mesa-32bit-21.2.4-150400.68.9.1.x86_64.rpm Mesa-dri-32bit-21.2.4-150400.68.9.1.x86_64.rpm Mesa-libEGL1-32bit-21.2.4-150400.68.9.1.x86_64.rpm Mesa-libGL1-32bit-21.2.4-150400.68.9.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3271 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for perl fixes the following issues: - CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178). perl-5.26.1-150300.17.11.1.src.rpm perl-5.26.1-150300.17.11.1.x86_64.rpm perl-base-5.26.1-150300.17.11.1.x86_64.rpm perl-core-DB_File-5.26.1-150300.17.11.1.x86_64.rpm perl-base-32bit-5.26.1-150300.17.11.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3248 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for qpdf fixes the following issues: - CVE-2021-36978: Fixed heap-based buffer overflow in Pl_ASCII85Decoder::write (bsc#1188514). libqpdf26-9.0.2-150200.3.3.1.x86_64.rpm qpdf-9.0.2-150200.3.3.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3551 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libgcrypt fixes the following issues: - FIPS: Fixed gpg/gpg2 gets out of core handler in FIPS mode while typing Tab key to Auto-Completion. [bsc#1182983] - FIPS: Ported libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941] * Enable the jitter based entropy generator by default in random.conf * Update the internal jitterentropy to version 3.4.0 - FIPS: Get most of the entropy from rndjent_poll [bsc#1202117] - FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700] * Consider approved keylength greater or equal to 112 bits. - FIPS: Zeroize buffer and digest in check_binary_integrity() [bsc#1191020] libgcrypt-1.9.4-150400.6.5.1.src.rpm libgcrypt-devel-1.9.4-150400.6.5.1.x86_64.rpm libgcrypt20-1.9.4-150400.6.5.1.x86_64.rpm libgcrypt20-32bit-1.9.4-150400.6.5.1.x86_64.rpm libgcrypt20-hmac-1.9.4-150400.6.5.1.x86_64.rpm libgcrypt20-hmac-32bit-1.9.4-150400.6.5.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3292 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for ruby2.5 fixes the following issues: - CVE-2021-41819: Fixed cookie prefix spoofing in CGI::Cookie.parse (bsc#1193081). libruby2_5-2_5-2.5.9-150000.4.26.1.x86_64.rpm ruby2.5-2.5.9-150000.4.26.1.src.rpm ruby2.5-2.5.9-150000.4.26.1.x86_64.rpm ruby2.5-devel-2.5.9-150000.4.26.1.x86_64.rpm ruby2.5-devel-extra-2.5.9-150000.4.26.1.x86_64.rpm ruby2.5-stdlib-2.5.9-150000.4.26.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3678 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for kdump fixes the following issues: - Fix broken URL in manpage (bsc#1187312) - Fix network-related dracut options handling for fadump case (bsc#1201051) - use inst_binary to install kdump-save (bsc#1202981) kdump-1.0.2+git14.gb49d4a3-150400.3.5.1.src.rpm kdump-1.0.2+git14.gb49d4a3-150400.3.5.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3556 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This feature update for nvme-stas fixes the following issues: Update from version 1.0 to version 1.1.6 (bsc#1200128, jsc#SLE-24805): - Added systemd service file (service disabled) - Install everything under `/usr/lib` instead of `/usr/lib64` - conf: Enable sticky-connections by default - doc: Troubleshoot guide for missing mDNS packets - doc: Update README.md - stacd: Add configuration parameter 'sticky-connections' - stacd: Fix D-Bus race condition between stacd and stafd - stacd: Allow disabling nvme-cli auto-connect udev rule - stacd: Audit connections - stacd: Fix I/O controller connection audits - stacd: Fix defered call to remove_controller() with wrong arguments - stafd, stacd: Add man page to systend service file. - staslib: Fix cback function deleting object that called the cback - staslib: Add override support - staslib: Calling wrong cback function on controller removal - staslib: Check that async operation hasn't been cancelled before proceeding - staslib: Fix race conditions during controller object removal - staslib: Fix support for fibre channel - staslib: Make sure controller object gets "purged" when removed - systemd: Add explicit dependency to modprobe@nvme_fabrics.service - udev: Fix I/O controller scan & detect algorithm nvme-stas-1.1.6-150400.3.3.1.src.rpm nvme-stas-1.1.6-150400.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3293 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-39190: Fixed an issue that was discovered in net/netfilter/nf_tables_api.c and could cause a denial of service upon binding to an already bound chain (bnc#1203117). - CVE-2022-39188: Fixed race condition in include/asm-generic/tlb.h where a device driver can free a page while it still has stale TLB entries (bnc#1203107). - CVE-2022-2663: Fixed an issue that was found in nf_conntrack_irc where the message handling could be confused and incorrectly matches the message (bnc#1202097). - CVE-2022-3078: Fixed a lack of check after calling vzalloc() and lack of free after allocation in drivers/media/test-drivers/vidtv/vidtv_s302m.c (bnc#1203041). - CVE-2022-28356: Fixed a refcount leak bug that was found in net/llc/af_llc.c (bnc#1197391). - CVE-2022-3028: Fixed race condition that was found in the IP framework for transforming packets (XFRM subsystem) (bnc#1202898). - CVE-2022-2905: Fixed tnum_range usage on array range checking for poke descriptors (bsc#1202564, bsc#1202860). - CVE-2022-2977: Fixed reference counting for struct tpm_chip (bsc#1202672). - CVE-2022-2938: Fixed a flaw that was found inside the Pressure Stall Information implementation that could have been used to allow an attacker to crash the system or have other memory-corruption side effects (bnc#1202623). - CVE-2022-28693: Fixed x86/speculation behavior by disabling RRSBA (bsc#1201455). - CVE-2021-33135: Fixed uncontrolled resource consumption inside Intel(R) SGX that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1199515). - CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096). - CVE-2022-2959: Fixed a race condition that was found inside the watch queue due to a missing lock in pipe_resize_ring() (bnc#1202681 bnc#1202685). - CVE-2022-36946: Fixed a denial of service (panic) inside nfqnl_mangle in net/netfilter/nfnetlink_queue.c (bnc#1201940 bnc#1201941 bnc#1202312 bnc#1202874). - CVE-2021-4037: Fixed function logic vulnerability that allowed local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set (bnc#1198702). - CVE-2022-2873: Fixed an out-of-bounds memory access flaw that was found in iSMT SMBus host controller driver (bnc#1202558). - CVE-2022-36879: Fixed an issue in xfrm_expand_policies in net/xfrm/xfrm_policy.c where a refcount could be dropped twice (bnc#1201948). - CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg() (bsc#1202346). - CVE-2022-20369: Fixed out of bounds write in v4l2_m2m_querybuf of v4l2-mem2mem.c (bnc#1202347). - CVE-2016-3695: Fixed an issue inside the einj_error_inject function in drivers/acpi/apei/einj.c that allowed users to simulate hardware errors and consequently cause a denial of service (bnc#1023051). - CVE-2022-2639: Fixed an integer coercion error that was found in the openvswitch kernel module (bnc#1202154). - CVE-2020-36516: Fixed an issue in the mixed IPID assignment method where an attacker was able to inject data into or terminate a victim's TCP session (bnc#1196616). - CVE-2022-32250: Fixed a privilege escalation issue in net/netfilter/nf_tables_api.c that allowed a local user to became root (bnc#1200015). The following non-security bugs were fixed: - 9p: Fix refcounting during full path walks for fid lookups (git-fixes). - 9p: fix fid refcount leak in v9fs_vfs_atomic_open_dotl (git-fixes). - 9p: fix fid refcount leak in v9fs_vfs_get_link (git-fixes). - ACPI: APEI: Better fix to avoid spamming the console with old error logs (git-fixes). - ACPI: APEI: explicit init of HEST and GHES in apci_init() (git-fixes). - ACPI: CPPC: Do not prevent CPPC from working in the future (git-fixes). - ACPI: EC: Drop the EC_FLAGS_IGNORE_DSDT_GPE quirk (git-fixes). - ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks (git-fixes). - ACPI: LPSS: Fix missing check in register_device_clock() (git-fixes). - ACPI: PM: save NVS memory for Lenovo G40-45 (git-fixes). - ACPI: VIOT: Fix ACS setup (git-fixes). - ACPI: processor/idle: Annotate more functions to live in cpuidle section (git-fixes). - ACPI: processor: Remove freq Qos request for all CPUs (git-fixes). - ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool (git-fixes). - ACPI: thermal: drop an always true check (git-fixes). - ACPI: video: Force backlight native for some TongFang devices (git-fixes). - ACPI: video: Shortening quirk list by identifying Clevo by board_name only (git-fixes). - ALSA: bcd2000: Fix a UAF bug on the error path of probing (git-fixes). - ALSA: hda/cirrus - support for iMac 12,1 model (git-fixes). - ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model (git-fixes). - ALSA: hda/conexant: add a new hda codec SN6140 (git-fixes). - ALSA: hda/realtek: Add a quirk for HP OMEN 15 (8786) mute LED (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NS50PU, NS70PU (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NV45PZ (git-fixes). - ALSA: hda/realtek: Add quirk for HP Spectre x360 15-eb0xxx (git-fixes). - ALSA: hda/realtek: Add quirk for Lenovo Yoga9 14IAP7 (git-fixes). - ALSA: hda/realtek: Add quirk for another Asus K42JZ model (git-fixes). - ALSA: hda/realtek: Add speaker AMP init for Samsung laptops with ALC298 (git-fixes). - ALSA: hda/sigmatel: Keep power up while beep is enabled (bsc#1200544). - ALSA: hda: intel-nhlt: Correct the handling of fmt_config flexible array (git-fixes). - ALSA: info: Fix llseek return value when using callback (git-fixes). - ALSA: seq: Fix data-race at module auto-loading (git-fixes). - ALSA: seq: oss: Fix data-race for max_midi_devs access (git-fixes). - ALSA: usb-audio: Add endianness annotations (git-fixes). - ALSA: usb-audio: Add quirk for Behringer UMC202HD (git-fixes). - ALSA: usb-audio: Add quirk for LH Labs Geek Out HD Audio 1V5 (git-fixes). - ALSA: usb-audio: More comprehensive mixer map for ASUS ROG Zenith II (git-fixes). - ALSA: usb-audio: Support jack detection on Dell dock (git-fixes). - ALSA: usb-audio: Turn off 'manual mode' on Dell dock (git-fixes). - ARM: 9216/1: Fix MAX_DMA_ADDRESS overflow (git-fixes). - ARM: OMAP2+: Fix refcount leak in omap3xxx_prm_late_init (git-fixes). - ARM: OMAP2+: Fix refcount leak in omapdss_init_of (git-fixes). - ARM: OMAP2+: display: Fix refcount leak bug (git-fixes). - ARM: OMAP2+: pdata-quirks: Fix refcount leak bug (git-fixes). - ARM: bcm: Fix refcount leak in bcm_kona_smc_init (git-fixes). - ARM: dts: BCM5301X: Add DT for Meraki MR26 (git-fixes). - ARM: dts: ast2500-evb: fix board compatible (git-fixes). - ARM: dts: ast2600-evb-a1: fix board compatible (git-fixes). - ARM: dts: ast2600-evb: fix board compatible (git-fixes). - ARM: dts: at91: sama5d27_wlsom1: do not keep ldo2 enabled all the time (git-fixes). - ARM: dts: at91: sama5d27_wlsom1: specify proper regulator output ranges (git-fixes). - ARM: dts: at91: sama5d2_icp: do not keep vdd_other enabled all the time (git-fixes). - ARM: dts: at91: sama5d2_icp: specify proper regulator output ranges (git-fixes). - ARM: dts: imx6qdl-kontron-samx6i: remove duplicated node (git-fixes). - ARM: dts: imx6ul: add missing properties for sram (git-fixes). - ARM: dts: imx6ul: change operating-points to uint32-matrix (git-fixes). - ARM: dts: imx6ul: fix csi node compatible (git-fixes). - ARM: dts: imx6ul: fix keypad compatible (git-fixes). - ARM: dts: imx6ul: fix lcdif node compatible (git-fixes). - ARM: dts: imx6ul: fix qspi node compatible (git-fixes). - ARM: dts: imx7d-colibri-emmc: add cpu1 supply (git-fixes). - ARM: dts: qcom: mdm9615: add missing PMIC GPIO reg (git-fixes). - ARM: dts: qcom: pm8841: add required thermal-sensor-cells (git-fixes). - ARM: dts: qcom: sdx55: Fix the IRQ trigger type for UART (git-fixes). - ARM: dts: uniphier: Fix USB interrupts for PXs2 SoC (git-fixes). - ARM: findbit: fix overflowing offset (git-fixes). - ARM: shmobile: rcar-gen2: Increase refcount for new reference (git-fixes). - ASoC: SOF: debug: Fix potential buffer overflow by snprintf() (git-fixes). - ASoC: audio-graph-card: Add of_node_put() in fail path (git-fixes). - ASoC: codec: tlv320aic32x4: fix mono playback via I2S (git-fixes). - ASoC: codecs: da7210: add check for i2c_add_driver (git-fixes). - ASoC: codecs: msm8916-wcd-digital: move gains from SX_TLV to S8_TLV (git-fixes). - ASoC: codecs: wcd9335: move gains from SX_TLV to S8_TLV (git-fixes). - ASoC: cros_ec_codec: Fix refcount leak in cros_ec_codec_platform_probe (git-fixes). - ASoC: fsl-asoc-card: force cast the asrc_format type (git-fixes). - ASoC: fsl_asrc: force cast the asrc_format type (git-fixes). - ASoC: fsl_easrc: use snd_pcm_format_t type for sample_format (git-fixes). - ASoC: imx-audmux: Silence a clang warning (git-fixes). - ASoC: imx-card: Fix DSD/PDM mclk frequency (git-fixes). - ASoC: imx-card: use snd_pcm_format_t type for asrc_format (git-fixes). - ASoC: mchp-spdifrx: disable end of block interrupt on failures (git-fixes). - ASoC: mt6359: Fix refcount leak bug (git-fixes). - ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe (git-fixes). - ASoC: qcom: Fix missing of_node_put() in asoc_qcom_lpass_cpu_platform_probe() (git-fixes). - ASoC: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp() (git-fixes). - ASoC: rsnd: care default case on rsnd_ssiu_busif_err_irq_ctrl() (git-fixes). - ASoC: samsung: Fix error handling in aries_audio_probe (git-fixes). - ASoC: samsung: change gpiod_speaker_power and rx1950_audio from global to static variables (git-fixes). - ASoC: samsung: change neo1973_audio from a global to static (git-fixes). - ASoC: samsung: h1940_uda1380: include proepr GPIO consumer header (git-fixes). - ASoC: tas2770: Allow mono streams (git-fixes). - ASoC: tas2770: Drop conflicting set_bias_level power setting (git-fixes). - ASoC: tas2770: Fix handling of mute/unmute (git-fixes). - ASoC: tas2770: Set correct FSYNC polarity (git-fixes). - Bluetooth: Add bt_skb_sendmmsg helper (git-fixes). - Bluetooth: Add bt_skb_sendmsg helper (git-fixes). - Bluetooth: Fix bt_skb_sendmmsg not allocating partial chunks (git-fixes). - Bluetooth: Fix passing NULL to PTR_ERR (git-fixes). - Bluetooth: L2CAP: Fix build errors in some archs (git-fixes). - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression (git-fixes). - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put (git-fixes). - Bluetooth: MGMT: Fixes build warnings with C=1 (git-fixes). - Bluetooth: RFCOMM: Replace use of memcpy_from_msg with bt_skb_sendmmsg (git-fixes). - Bluetooth: SCO: Fix sco_send_frame returning skb->len (git-fixes). - Bluetooth: SCO: Replace use of memcpy_from_msg with bt_skb_sendmsg (git-fixes). - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x04C5:0x1675 (git-fixes). - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x04CA:0x4007 (git-fixes). - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x0CB8:0xC558 (git-fixes). - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x13D3:0x3586 (git-fixes). - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x13D3:0x3587 (git-fixes). - Bluetooth: btusb: Add support of IMC Networks PID 0x3568 (git-fixes). - Bluetooth: hci_bcm: Add BCM4349B1 variant (git-fixes). - Bluetooth: hci_bcm: Add DT compatible for CYW55572 (git-fixes). - Bluetooth: hci_intel: Add check for platform_driver_register (git-fixes). - EDAC/ghes: Set the DIMM label unconditionally (bsc#1201768). - rpm: Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019). - HID: AMD_SFH: Add a DMI quirk entry for Chromebooks (git-fixes). - HID: add Lenovo Yoga C630 battery quirk (git-fixes). - HID: alps: Declare U1_UNICORN_LEGACY support (git-fixes). - HID: amd_sfh: Add NULL check for hid device (git-fixes). - HID: amd_sfh: Handle condition of "no sensors" (git-fixes). - HID: asus: ROG NKey: Ignore portion of 0x5a report (git-fixes). - HID: cp2112: prevent a buffer overflow in cp2112_xfer() (git-fixes). - HID: hid-input: add Surface Go battery quirk (git-fixes). - HID: mcp2221: prevent a buffer overflow in mcp_smbus_write() (git-fixes). - HID: multitouch: new device class fix Lenovo X12 trackpad sticky (git-fixes). - HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report (git-fies). - HID: thrustmaster: Add sparco wheel and fix array length (git-fixes). - HID: wacom: Do not register pad_input for touch switch (git-fixes). - HID: wacom: Only report rotation for art pen (git-fixes). - Input: exc3000 - fix return value check of wait_for_completion_timeout (git-fixes). - Input: gscps2 - check return value of ioremap() in gscps2_probe() (git-fixes). - Input: i8042 - add TUXEDO devices to i8042 quirk tables (git-fies). - Input: i8042 - add additional TUXEDO devices to i8042 quirk tables (git-fies). - Input: i8042 - merge quirk tables (git-fies). - Input: i8042 - move __initconst to fix code styling warning (git-fies). - Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag (git-fixes). - Input: rk805-pwrkey - fix module autoloading (git-fixes). - KABI: cgroup: Restore KABI of css_set (bsc#1201610). - KEYS: asymmetric: enforce SM2 signature use pkey algo (git-fixes). - KVM: LAPIC: Also cancel preemption timer during SET_LAPIC (git-fixes). - KVM: MMU: shadow nested paging does not have PKU (git-fixes). - KVM: PPC: Book3S HV: Check return value of kvmppc_radix_init (bsc#1194869). - KVM: PPC: Book3S HV: Prevent POWER7/8 TLB flush flushing SLB (bsc#1156395). - KVM: PPC: Book3S HV: Remove kvmhv_p9_[set,restore]_lpcr declarations (bsc#1194869). - KVM: PPC: Book3S HV: Use GLOBAL_TOC for kvmppc_h_set_dabr/xdabr() (bsc#1156395). - KVM: PPC: Book3S HV: fix incorrect NULL check on list iterator (bsc#1194869). - KVM: PPC: Book3s HV: Remove unused function kvmppc_bad_interrupt (bsc#1194869). - KVM: PPC: Fix vmx/vsx mixup in mmio emulation (bsc#1156395). - KVM: PPC: Use arch_get_random_seed_long instead of powernv variant (bsc#1156395). - KVM: SVM: Do not BUG if userspace injects an interrupt with GIF=0 (git-fixes). - KVM: SVM: Do not intercept #GP for SEV guests (git-fixes). - KVM: SVM: Unwind "speculative" RIP advancement if INTn injection "fails" (git-fixes). - KVM: SVM: fix panic on out-of-bounds guest IRQ (git-fixes). - KVM: VMX: Print VM-instruction error as unsigned (git-fixes). - KVM: VMX: prepare sync_pir_to_irr for running with APICv disabled (git-fixes). - KVM: VMX: switch blocked_vcpu_on_cpu_lock to raw spinlock (git-fixes). - KVM: X86: Use vcpu->arch.walk_mmu for kvm_mmu_invlpg() (git-fixes). - KVM: X86: avoid uninitialized 'fault.async_page_fault' from fixed-up #PF (git-fixes). - KVM: arm64: Avoid setting the upper 32 bits of TCR_EL2 and CPTR_EL2 (bsc#1201442) - KVM: nVMX: Defer APICv updates while L2 is active until L1 is active (git-fixes). - KVM: nVMX: Inject #UD if VMXON is attempted with incompatible CR0/CR4 (git-fixes). - KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported value (git-fixes). - KVM: nVMX: Set UMIP bit CR4_FIXED1 MSR when emulating UMIP (git-fixes). - KVM: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending case (git-fixes). - KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL for !nested_run_pending case (git-fixes). - KVM: nVMX: Synthesize TRIPLE_FAULT for L2 if emulation is required (git-fixes). - KVM: nVMX: do not use vcpu->arch.efer when checking host state on nested state load (git-fixes). - KVM: selftests: Make sure kvm_create_max_vcpus test won't hit RLIMIT_NOFILE (git-fixes). - KVM: selftests: Silence compiler warning in the kvm_page_table_test (git-fixes). - KVM: x86/mmu: Do not freak out if pml5_root is NULL on 4-level host (git-fixes). - KVM: x86/mmu: Move "invalid" check out of kvm_tdp_mmu_get_root() (git-fixes). - KVM: x86/mmu: Zap _all_ roots when unmapping gfn range in TDP MMU (git-fixes). - KVM: x86/mmu: include EFER.LMA in extended mmu role (git-fixes). - KVM: x86/mmu: make apf token non-zero to fix bug (git-fixes). - KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() (git-fixes). - KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq (git-fixes). - KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasn't activated (git-fixes). - KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks (git-fixes). - KVM: x86: SVM: do not passthrough SMAP/SMEP/PKE bits in !NPT && !gCR0.PG case (git-fixes). - KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP (git-fixes). - KVM: x86: check PIR even for vCPUs with disabled APICv (git-fixes). - KVM: x86: hyper-v: Drop redundant 'ex' parameter from kvm_hv_flush_tlb() (git-fixes). - KVM: x86: ignore APICv if LAPIC is not enabled (git-fixes). - KVM: x86: remove PMU FIXED_CTR3 from msrs_to_save_all (git-fixes). - KVM: x86: revalidate steal time cache if MSR value changes (git-fixes). - NFSD: Clamp WRITE offsets (git-fixes). - NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes (git-fixes). - NFSD: Fix ia_size underflow (git-fixes). - NFSD: Fix possible sleep during nfsd4_release_lockowner() (git-fixes). - NFSD: prevent integer overflow on 32 bit systems (git-fixes). - NFSD: prevent underflow in nfssvc_decode_writeargs() (git-fixes). - NTB: ntb_tool: uninitialized heap data in tool_fn_write() (git-fixes). - PCI/ACPI: Guard ARM64-specific mcfg_quirks (git-fixes). - PCI/AER: Iterate over error counters instead of error strings (git-fixes). - PCI/portdrv: Do not disable AER reporting in get_port_device_capability() (git-fixes). - PCI: Add ACS quirk for Broadcom BCM5750x NICs (git-fixes). - PCI: aardvark: Fix reporting Slot capabilities on emulated bridge (git-fixes). - PCI: dwc: Add unroll iATU space support to dw_pcie_disable_atu() (git-fixes). - PCI: dwc: Always enable CDM check if "snps,enable-cdm-check" exists (git-fixes). - PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors (git-fixes). - PCI: dwc: Disable outbound windows only for controllers using iATU (git-fixes). - PCI: dwc: Set INCREASE_REGION_SIZE flag based on limit address (git-fixes). - PCI: dwc: Stop link on host_init errors and de-initialization (git-fixes). - PCI: endpoint: Do not stop controller when unbinding endpoint function (git-fixes). - PCI: hv: Only reuse existing IRTE allocation for Multi-MSI (bsc#1200845). - PCI: microchip: Fix refcount leak in mc_pcie_init_irq_domains() (git-fixes). - PCI: qcom: Power on PHY before IPQ8074 DBI register accesses (git-fixes). - PCI: qcom: Set up rev 2.1.0 PARF_PHY before enabling clocks (git-fixes). - PCI: tegra194: Fix PM error handling in tegra_pcie_config_ep() (git-fixes). - PCI: tegra194: Fix Root Port interrupt handling (git-fixes). - PCI: tegra194: Fix link up retry sequence (git-fixes). - PM: domains: Ensure genpd_debugfs_dir exists before remove (git-fixes). - PM: hibernate: defer device probing when resuming from hibernation (git-fixes). - SUNRPC: Fix NFSD's request deferral on RDMA transports (git-fixes). - SUNRPC: Fix READ_PLUS crasher (git-fixes). - SUNRPC: Prevent immediate close+reconnect (git-fixes). - USB: Follow-up to SPDX GPL-2.0+ identifiers addition - remove now useless comments (git-fixes). - USB: Follow-up to SPDX identifiers addition - remove now useless comments (git-fixes). - USB: serial: ch314: use usb_control_msg_recv() (git-fixes). - USB: serial: ch341: fix disabled rx timer on older devices (git-fixes). - USB: serial: ch341: fix lost character on LCR updates (git-fixes). - USB: serial: fix tty-port initialized comments (git-fixes). - XArray: Update the LRU list in xas_split() (git-fixes). - apparmor: Fix failed mount permission check error message (git-fixes). - apparmor: Fix memleak in aa_simple_write_to_buffer() (git-fixes). - apparmor: fix aa_label_asxprint return check (git-fixes). - apparmor: fix absroot causing audited secids to begin with = (git-fixes). - apparmor: fix overlapping attachment computation (git-fixes). - apparmor: fix quiet_denied for file rules (git-fixes). - apparmor: fix reference count leak in aa_pivotroot() (git-fixes). - apparmor: fix setting unconfined mode on a loaded profile (git-fixes). - arm64: Do not forget syscall when starting a new thread (git-fixes). - arm64: Fix match_list for erratum 1286807 on Arm Cortex-A76 (git-fixes). - arm64: cpufeature: Allow different PMU versions in ID_DFR0_EL1 (git-fixes). - arm64: dts: allwinner: a64: orangepi-win: Fix LED node name (git-fixes). - arm64: dts: mt7622: fix BPI-R64 WPS button (git-fixes). - arm64: dts: mt8192: Fix idle-states entry-method (git-fixes). - arm64: dts: mt8192: Fix idle-states nodes naming scheme (git-fixes). - arm64: dts: qcom: ipq8074: fix NAND node name (git-fixes). - arm64: dts: qcom: msm8916: Fix typo in pronto remoteproc node (git-fixes). - arm64: dts: qcom: qcs404: Fix incorrect USB2 PHYs assignment (git-fixes). - arm64: dts: qcom: sm8250: add missing PCIe PHY clock-cells (git-fixes). - arm64: dts: renesas: Fix thermal-sensors on single-zone sensors (git-fixes). - arm64: dts: renesas: beacon: Fix regulator node names (git-fixes). - arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC (git-fixes). - arm64: fix oops in concurrently setting insn_emulation sysctls (git-fixes). - arm64: fix rodata=full (git-fixes). - arm64: kasan: Revert "arm64: mte: reset the page tag in page->flags" (git-fixes). - arm64: set UXN on swapper page tables (git-fixes). - arm64: tegra: Fix SDMMC1 CD on P2888 (git-fixes). - arm64: tegra: Fixup SYSRAM references (git-fixes). - arm64: tegra: Mark BPMP channels as no-memory-wc (git-fixes). - arm64: tegra: Update Tegra234 BPMP channel addresses (git-fixes). - arm_pmu: Validate single/group leader events (git-fixes). - asm-generic: remove a broken and needless ifdef conditional (git-fixes). - asm-generic: sections: refactor memory_intersects (git-fixes). - ata: libata-eh: Add missing command name (git-fixes). - ath10k: do not enforce interrupt trigger type (git-fixes). - ath11k: Fix incorrect debug_mask mappings (git-fixes). - ath11k: fix netdev open race (git-fixes). - atm: idt77252: fix use-after-free bugs caused by tst_timer (git-fixes). - audit: fix potential double free on error path from fsnotify_add_inode_mark (git-fixes). - ax25: Fix ax25 session cleanup problems (git-fixes). - bitfield.h: Fix "type of reg too small for mask" test (git-fixes). - block: Fix fsync always failed if once failed (bsc#1202779). - block: Fix wrong offset in bio_truncate() (bsc#1202780). - block: fix rq-qos breakage from skipping rq_qos_done_bio() (bsc#1202781). - block: only mark bio as tracked if it really is tracked (bsc#1202782). - bnx2x: Invalidate fastpath HSI version for VFs (git-fixes). - bnx2x: Utilize firmware 7.13.21.0 (git-fixes). - btrfs: properly flag filesystem with BTRFS_FEATURE_INCOMPAT_BIG_METADATA (git-fixes). - bus: hisi_lpc: fix missing platform_device_put() in hisi_lpc_acpi_probe() (git-fixes). - can: Break loopback loop on loopback documentation (git-fixes). - can: ems_usb: fix clang's -Wunaligned-access warning (git-fixes). - can: error: specify the values of data[5..7] of CAN error frames (git-fixes). - can: hi311x: do not report txerr and rxerr during bus-off (git-fixes). - can: j1939: j1939_sk_queue_activate_next_locked(): replace WARN_ON_ONCE with netdev_warn_once() (git-fixes). - can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off (git-fixes). - can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off (git-fixes). - can: mcp251x: Fix race condition on receive interrupt (git-fixes). - can: mcp251xfd: mcp251xfd_dump(): fix comment (git-fixes). - can: netlink: allow configuring of fixed bit rates without need for do_set_bittiming callback (git-fixes). - can: netlink: allow configuring of fixed data bit rates without need for do_set_data_bittiming callback (git-fixes). - can: pch_can: do not report txerr and rxerr during bus-off (git-fixes). - can: pch_can: pch_can_error(): initialize errc before using it (git-fixes). - can: rcar_can: do not report txerr and rxerr during bus-off (git-fixes). - can: sja1000: do not report txerr and rxerr during bus-off (git-fixes). - can: sun4i_can: do not report txerr and rxerr during bus-off (git-fixes). - can: usb_8dev: do not report txerr and rxerr during bus-off (git-fixes). - ceph: do not leak snap_rwsem in handle_cap_grant (bsc#1202823). - ceph: do not truncate file in atomic_open (bsc#1202824). - ceph: use correct index when encoding client supported features (bsc#1202822). - cfg80211/mac80211: assume CHECKSUM_COMPLETE includes SNAP (bsc#1202131). - cgroup: Use separate src/dst nodes when preloading css_sets for migration (bsc#1201610). - cifs: fix reconnect on smb3 mount types (bsc#1201427). - clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate (git-fixes). - clk: core: Fix runtime PM sequence in clk_core_unprepare() (git-fixes). - clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops (git-fixes). - clk: mediatek: reset: Fix written reset bit offset (git-fixes). - clk: qcom: camcc-sdm845: Fix topology around titan_top power domain (git-fixes). - clk: qcom: camcc-sm8250: Fix halt on boot by reducing driver's init level (git-fixes). - clk: qcom: camcc-sm8250: Fix topology around titan_top power domain (git-fixes). - clk: qcom: clk-alpha-pll: fix clk_trion_pll_configure description (git-fixes). - clk: qcom: clk-krait: unlock spin after mux completion (git-fixes). - clk: qcom: clk-rcg2: Fail Duty-Cycle configuration if MND divider is not enabled (git-fixes). - clk: qcom: clk-rcg2: Make sure to not write d=0 to the NMD register (git-fixes). - clk: qcom: gcc-msm8939: Add missing SYSTEM_MM_NOC_BFDCD_CLK_SRC (git-fixes). - clk: qcom: gcc-msm8939: Add missing system_mm_noc_bfdcd_clk_src (git-fixes). - clk: qcom: gcc-msm8939: Fix bimc_ddr_clk_src rcgr base address (git-fixes). - clk: qcom: gcc-msm8939: Fix weird field spacing in ftbl_gcc_camss_cci_clk (git-fixes). - clk: qcom: gcc-msm8939: Point MM peripherals to system_mm_noc clock (git-fixes). - clk: qcom: ipq8074: SW workaround for UBI32 PLL lock (git-fixes). - clk: qcom: ipq8074: dont disable gcc_sleep_clk_src (git-fixes). - clk: qcom: ipq8074: fix NSS core PLL-s (git-fixes). - clk: qcom: ipq8074: fix NSS port frequency tables (git-fixes). - clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks (git-fixes). - clk: renesas: r9a06g032: Fix UART clkgrp bitsel (git-fixes). - clk: ti: Stop using legacy clkctrl names for omap4 and 5 (git-fixes). - configfs: fix a race in configfs_{,un}register_subsystem() (git-fixes). - cpufreq: zynq: Fix refcount leak in zynq_get_revision (git-fixes). - crypto: arm64/poly1305 - fix a read out-of-bound (git-fixes). - crypto: ccp - During shutdown, check SEV data pointer before using (git-fixes). - crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel memory leak (git-fixes). - crypto: hisilicon - Kunpeng916 crypto driver do not sleep when in softirq (git-fixes). - crypto: hisilicon/hpre - do not use GFP_KERNEL to alloc mem during softirq (git-fixes). - crypto: hisilicon/sec - do not sleep when in softirq (git-fixes). - crypto: hisilicon/sec - fix auth key size error (git-fixes). - crypto: inside-secure - Add missing MODULE_DEVICE_TABLE for of (git-fixes). - crypto: sun8i-ss - do not allocate memory when handling hash requests (git-fixes). - crypto: sun8i-ss - fix error codes in allocate_flows() (git-fixes). - crypto: sun8i-ss - fix infinite loop in sun8i_ss_setup_ivs() (git-fixes). - device property: Check fwnode->secondary when finding properties (git-fixes). - devlink: Fix use-after-free after a failed reload (git-fixes). - dm raid: fix KASAN warning in raid5_add_disks (git-fixes). - dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC (git-fixes). - dma-debug: make things less spammy under memory pressure (git-fixes). - dmaengine: dw-axi-dmac: do not print NULL LLI during error (git-fixes). - dmaengine: dw-axi-dmac: ignore interrupt if no descriptor (git-fixes). - dmaengine: dw-edma: Fix eDMA Rd/Wr-channels and DMA-direction semantics (git-fixes). - dmaengine: imx-dma: Cast of_device_get_match_data() with (uintptr_t) (git-fixes). - dmaengine: sf-pdma: Add multithread support for a DMA channel (git-fixes). - dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed (git-fixes). - dmaengine: stm32-mdma: Remove dead code in stm32_mdma_irq_handler() (git-fixes). - docs/kernel-parameters: Update descriptions for "mitigations=" param with retbleed (git-fixes). - docs: i2c: i2c-sysfs: fix hyperlinks (git-fixes). - docs: zh_CN: fix a broken reference (git-fixes). - dpaa2-eth: fix ethtool statistics (git-fixes). - driver core: Do not probe devices after bus_type.match() probe deferral (git-fixes). - driver core: fix potential deadlock in __driver_attach (git-fixes). - drivers/iio: Remove all strcpy() uses (git-fixes). - drivers: usb: dwc3-qcom: Add sdm660 compatible (git-fixes). - drm/amd/amd_shared.h: Add missing doc for PP_GFX_DCS_MASK (git-fixes). - drm/amd/display: Add option to defer works of hpd_rx_irq (git-fixes). - drm/amd/display: Avoid MPC infinite loop (git-fixes). - drm/amd/display: Check correct bounds for stream encoder instances for DCN303 (git-fixes). - drm/amd/display: Enable building new display engine with KCOV enabled (git-fixes). - drm/amd/display: Fix HDMI VSIF V3 incorrect issue (git-fixes). - drm/amd/display: Fix pixel clock programming (git-fixes). - drm/amd/display: Fix surface optimization regression on Carrizo (git-fixes). - drm/amd/display: For stereo keep "FLIP_ANY_FRAME" (git-fixes). - drm/amd/display: Ignore First MST Sideband Message Return Error (git-fixes). - drm/amd/display: Optimize bandwidth on following fast update (git-fixes). - drm/amd/display: Reset DMCUB before HW init (git-fixes). - drm/amd/display: Revert "drm/amd/display: turn DPMS off on connector unplug" (git-fixes). - drm/amd/display: avoid doing vm_init multiple time (git-fixes). - drm/amd/display: clear optc underflow before turn off odm clock (git-fixes). - drm/amd/pm: add missing ->fini_microcode interface for Sienna Cichlid (git-fixes). - drm/amdgpu: Check BO's requested pinning domains against its preferred_domains (git-fixes). - drm/amdgpu: Increase tlb flush timeout for sriov (git-fixes). - drm/amdgpu: Remove one duplicated ef removal (git-fixes). - drm/amdgpu: remove useless condition in amdgpu_job_stop_all_jobs_on_sched() (git-fixes). - drm/bridge: lt9611uxc: Cancel only driver's work (git-fixes). - drm/bridge: tc358767: Fix (e)DP bridge endpoint parsing in dedicated function (git-fixes). - drm/bridge: tc358767: Make sure Refclk clock are enabled (git-fixes). - drm/bridge: tc358767: Move (e)DP bridge endpoint parsing into dedicated function (git-fixes). - drm/doc: Fix comment typo (git-fixes). - drm/exynos/exynos7_drm_decon: free resources when clk_set_parent() failed (git-fixes). - drm/gem: Properly annotate WW context on drm_gem_lock_reservations() error (git-fixes). - drm/i915/display: avoid warnings when registering dual panel backlight (git-fixes). - drm/i915/gt: Skip TLB invalidations once wedged (git-fixes). - drm/i915/reg: Fix spelling mistake "Unsupport" -> "Unsupported" (git-fixes). - drm/i915: fix null pointer dereference (git-fixes). - drm/mcde: Fix refcount leak in mcde_dsi_bind (git-fixes). - drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function (git-fixes). - drm/mediatek: Allow commands to be sent during video mode (git-fixes). - drm/mediatek: Keep dsi as LP00 before dcs cmds transfer (git-fixes). - drm/mediatek: Modify dsi funcs to atomic operations (git-fixes). - drm/mediatek: Separate poweron/poweroff from enable/disable and define new funcs (git-fixes). - drm/mediatek: dpi: Only enable dpi after the bridge is enabled (git-fixes). - drm/mediatek: dpi: Remove output format of YUV (git-fixes). - drm/meson: Fix overflow implicit truncation warnings (git-fixes). - drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors() (git-fixes). - drm/mipi-dbi: align max_chunk to 2 in spi_transfer (git-fixes). - drm/msm/dp: delete DP_RECOVERED_CLOCK_OUT_EN to fix tps4 (git-fixes). - drm/msm/dpu: Fix for non-visible planes (git-fixes). - drm/msm/dsi: Fix number of regulators for SDM660 (git-fixes). - drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg (git-fixes). - drm/msm/dsi: fix the inconsistent indenting (git-fixes). - drm/msm/hdmi: drop empty 'none' regulator lists (git-fixes). - drm/msm/hdmi: enable core-vcc/core-vdda-supply for 8996 platform (git-fixes). - drm/msm/mdp5: Fix global state lock backoff (git-fixes). - drm/msm: Avoid dirtyfb stalls on video mode displays (v2) (git-fixes). - drm/msm: Fix dirtyfb refcounting (git-fixes). - drm/nouveau/acpi: Do not print error when we get -EINPROGRESS from pm_runtime (git-fixes). - drm/nouveau/kms: Fix failure path for creating DP connectors (git-fixes). - drm/nouveau: Do not pm_runtime_put_sync(), only pm_runtime_put_autosuspend() (git-fixes). - drm/nouveau: fix another off-by-one in nvbios_addr (git-fixes). - drm/nouveau: recognise GA103 (git-fixes). - drm/radeon: fix incorrrect SPDX-License-Identifiers (git-fixes). - drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() (git-fixes). - drm/rockchip: Fix an error handling path rockchip_dp_probe() (git-fixes). - drm/rockchip: vop: Do not crash for invalid duplicate_state() (git-fixes). - drm/shmem-helper: Add missing vunmap on error (git-fixes). - drm/simpledrm: Fix return type of simpledrm_simple_display_pipe_mode_valid() (git-fixes). - drm/st7735r: Fix module autoloading for Okaya RH128128T (git-fixes). - drm/sun4i: dsi: Prevent underflow when computing packet sizes (git-fixes). - drm/ttm: Fix dummy res NULL ptr deref bug (git-fixes). - drm/udl: Add parameter to set number of URBs (bsc#1195917). - drm/udl: Add reset_resume (bsc#1195917) - drm/udl: Do not re-initialize stuff at retrying the URB list allocation (bsc#1195917). - drm/udl: Drop unneeded alignment (bsc#1195917). - drm/udl: Enable damage clipping (bsc#1195917). - drm/udl: Fix inconsistent urbs.count value during udl_free_urb_list() (bsc#1195917). - drm/udl: Fix potential URB leaks (bsc#1195917). - drm/udl: Increase the default URB list size to 20 (bsc#1195917). - drm/udl: Kill pending URBs at suspend and disconnect (bsc#1195917). - drm/udl: Replace BUG_ON() with WARN_ON() (bsc#1195917). - drm/udl: Replace semaphore with a simple wait queue (bsc#1195917). - drm/udl: Restore display mode on resume (bsc#1195917) - drm/udl: Suppress error print for -EPROTO at URB completion (bsc#1195917). - drm/udl: Sync pending URBs at suspend / disconnect (bsc#1195917). - drm/udl: Sync pending URBs at the end of suspend (bsc#1195917). - drm/vc4: change vc4_dma_range_matches from a global to static (git-fixes). - drm/vc4: drv: Adopt the dma configuration from the HVS or V3D component (git-fixes). - drm/vc4: dsi: Add correct stop condition to vc4_dsi_encoder_disable iteration (git-fixes). - drm/vc4: dsi: Correct DSI divider calculations (git-fixes). - drm/vc4: dsi: Correct pixel order for DSI0 (git-fixes). - drm/vc4: dsi: Fix dsi0 interrupt support (git-fixes). - drm/vc4: dsi: Register dsi0 as the correct vc4 encoder type (git-fixes). - drm/vc4: hdmi: Correct HDMI timing registers for interlaced modes (git-fixes). - drm/vc4: hdmi: Disable audio if dmas property is present but empty (git-fixes). - drm/vc4: hdmi: Fix timings for interlaced modes (git-fixes). - drm/vc4: hdmi: Reset HDMI MISC_CONTROL register (git-fixes). - drm/vc4: plane: Fix margin calculations for the right/bottom edges (git-fixes). - drm/vc4: plane: Remove subpixel positioning check (git-fixes). - drm: adv7511: override i2c address of cec before accessing it (git-fixes). - drm: bridge: adv7511: Add check for mipi_dsi_driver_register (git-fixes). - drm: bridge: sii8620: fix possible off-by-one (git-fixes). - dsa: mv88e6xxx: fix debug print for SPEED_UNFORCED (git-fixes). - dt-bindings: arm: qcom: fix MSM8916 MTP compatibles (git-fixes). - dt-bindings: arm: qcom: fix MSM8994 boards compatibles (git-fixes). - dt-bindings: bluetooth: broadcom: Add BCM4349B1 DT binding (git-fixes). - dt-bindings: clock: qcom,gcc-msm8996: add more GCC clock sources (git-fixes). - dt-bindings: gpio: zynq: Add missing compatible strings (git-fixes). - dt-bindings: iio: accel: Add DT binding doc for ADXL355 (git-fixes). - dt-bindings: usb: mtk-xhci: Allow wakeup interrupt-names to be optional (git-fixes). - eeprom: idt_89hpesx: uninitialized data in idt_dbgfs_csr_write() (git-fixes). - erofs: fix deadlock when shrink erofs slab (git-fixes). - ethernet: rocker: fix sleep in atomic context bug in neigh_timer_handler (git-fies). - exfat: Define NLS_NAME_* as bit flags explicitly (bsc#1201725). - exfat: Downgrade ENAMETOOLONG error message to debug messages (bsc#1201725). - exfat: Drop superfluous new line for error messages (bsc#1201725). - exfat: Expand exfat_err() and co directly to pr_*() macro (bsc#1201725). - exfat: Return ENAMETOOLONG consistently for oversized paths (bsc#1201725). - exfat: fix i_blocks for files truncated over 4 GiB (git-fixes). - exfat: fix referencing wrong parent directory information after renaming (git-fixes). - exfat: reuse exfat_inode_info variable instead of calling EXFAT_I() (git-fixes). - exfat: use updated exfat_chain directly during renaming (git-fixes). - export: fix string handling of namespace in EXPORT_SYMBOL_NS (git-fixes). - ext4: Fix BUG_ON in ext4_bread when write quota data (bsc#1197755). - ext4: add new helper interface ext4_try_to_trim_range() (bsc#1202783). - ext4: add reserved GDT blocks check (bsc#1202712). - ext4: do not use the orphan list when migrating an inode (bsc#1197756). - ext4: fast commit may miss tracking unwritten range during ftruncate (bsc#1202759). - ext4: filter out EXT4_FC_REPLAY from on-disk superblock field s_state (bsc#1202771). - ext4: fix a possible ABBA deadlock due to busy PA (bsc#1202762). - ext4: fix bug_on in ext4_writepages (bsc#1200872). - ext4: fix error handling in ext4_fc_record_modified_inode() (bsc#1202767). - ext4: fix error handling in ext4_restore_inline_data() (bsc#1197757). - ext4: fix fallocate to use file_modified to update permissions consistently (bsc#1202769). - ext4: fix fast commit may miss tracking range for FALLOC_FL_ZERO_RANGE (bsc#1202757). - ext4: fix fs corruption when tring to remove a non-empty directory with IO error (bsc#1202768). - ext4: fix incorrect type issue during replay_del_range (bsc#1202867). - ext4: fix null-ptr-deref in '__ext4_journal_ensure_credits' (bsc#1202764). - ext4: fix overhead calculation to account for the reserved gdt blocks (bsc#1200869). - ext4: fix race when reusing xattr blocks (bsc#1198971). - ext4: fix super block checksum incorrect after mount (bsc#1202773). - ext4: fix symlink file size not match to file content (bsc#1200868). - ext4: fix use-after-free in ext4_rename_dir_prepare (bsc#1200871). - ext4: fix use-after-free in ext4_search_dir (bsc#1202710). - ext4: fix warning in ext4_handle_inode_extension (bsc#1202711). - ext4: force overhead calculation if the s_overhead_cluster makes no sense (bsc#1200870). - ext4: initialize err_blk before calling __ext4_get_inode_loc (bsc#1202763). - ext4: make sure quota gets properly shutdown on error (bsc#1195480). - ext4: make sure to reset inode lockdep class when quota enabling fails (bsc#1202761). - ext4: mark group as trimmed only if it was fully scanned (bsc#1202770). - ext4: modify the logic of ext4_mb_new_blocks_simple (bsc#1202766). - ext4: prevent used blocks from being allocated during fast commit replay (bsc#1202765). - ext4: recover csum seed of tmp_inode after migrating to extents (bsc#1202713). - ext4: remove EA inode entry from mbcache on inode eviction (bsc#1198971). - ext4: unindent codeblock in ext4_xattr_block_set() (bsc#1198971). - ext4: use ext4_ext_remove_space() for fast commit replay delete range (bsc#1202758). - fat: add ratelimit to fat*_ent_bread() (git-fixes). - fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters (git-fixes). - fbdev: fb_pm2fb: Avoid potential divide by zero error (git-fixes). - fbdev: fbcon: Properly revert changes when vc_resize() failed (git-fies). - filemap: Handle sibling entries in filemap_get_read_batch() (bsc#1202774). - firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails (git-fixes). - firmware: tegra: Fix error check return value of debugfs_create_file() (git-fixes). - firmware: tegra: bpmp: Do only aligned access to IPC memory area (git-fixes). - fix race between exit_itimers() and /proc/pid/timers (git-fixes). - fpga: altera-pr-ip: fix unsigned comparison with less than zero (git-fixes). - fs-writeback: writeback_sb_inodes: Recalculate 'wrote' according skipped pages (bsc#1200873). - ftrace/x86: Add back ftrace_expected assignment (git-fixes). - fuse: ioctl: translate ENOSYS (bsc#1203139). - fuse: limit nsec (bsc#1203138). - gadgetfs: ep_io - wait until IRQ finishes (git-fixes). - geneve: do not use RT_TOS for IPv6 flowlabel (git-fixes). - geneve: fix TOS inheriting for ipv4 (git-fixes). - gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data() (git-fixes). - gpio: pca953x: Add mutex_lock for regcache sync in PM (git-fixes). - habanalabs/gaudi: fix shift out of bounds (git-fixes). - habanalabs/gaudi: mask constant value before cast (git-fixes). - hwmon: (dell-smm) Add Dell XPS 13 7390 to fan control whitelist (git-fixes). - hwmon: (drivetemp) Add module alias (git-fixes). - hwmon: (gpio-fan) Fix array out of bounds access (git-fixes). - hwmon: (sht15) Fix wrong assumptions in device remove callback (git-fixes). - i2c: Fix a potential use after free (git-fixes). - i2c: cadence: Support PEC for SMBus block read (git-fixes). - i2c: imx: Make sure to unregister adapter on remove() (git-fixes). - i2c: mux-gpmux: Add of_node_put() when breaking out of loop (git-fixes). - i2c: mxs: Silence a clang warning (git-fixes). - i2c: npcm: Capitalize the one-line comment (git-fixes). - i2c: npcm: Correct slave role behavior (git-fixes). - i2c: npcm: Remove own slave addresses 2:10 (git-fixes). - ice: fix 'scheduling while atomic' on aux critical err interrupt (git-fixes). - ieee80211: add EHT 1K aggregation definitions (bsc#1202131). - ieee80211: change HE nominal packet padding value defines (bsc#1202131). - ieee802154/adf7242: defer destroy_workqueue call (git-fixes). - iio: accel: bma220: Fix alignment for DMA safety (git-fixes). - iio: accel: bma400: Fix the scale min and max macro values (git-fixes). - iio: accel: bma400: Reordering of header files (git-fixes). - iio: accel: sca3000: Fix alignment for DMA safety (git-fixes). - iio: accel: sca3300: Fix alignment for DMA safety (git-fixes). - iio: ad7292: Prevent regulator double disable (git-fixes). - iio: adc: ad7266: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7292: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7298: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7476: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7766: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7768-1: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7887: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7923: Fix alignment for DMA safety (git-fixes). - iio: adc: hi8435: Fix alignment for DMA safety (git-fixes). - iio: adc: ltc2496: Fix alignment for DMA safety (git-fixes). - iio: adc: ltc2497: Fix alignment for DMA safety (git-fixes). - iio: adc: max1027: Fix alignment for DMA safety (git-fixes). - iio: adc: max11100: Fix alignment for DMA safety (git-fixes). - iio: adc: max1118: Fix alignment for DMA safety (git-fixes). - iio: adc: max1241: Fix alignment for DMA safety (git-fixes). - iio: adc: mcp320x: Fix alignment for DMA safety (git-fixes). - iio: adc: mcp3911: make use of the sign bit (git-fixes). - iio: adc: mcp3911: use correct formula for AD conversion (git-fixes). - iio: adc: ti-adc0832: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc084s021: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc108s102: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc12138: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc128s052: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc161s626: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads124s08: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads131e08: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads7950: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads8344: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads8688: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-tlc4541: Fix alignment for DMA safety (git-fixes). - iio: amplifiers: ad8366: Fix alignment for DMA safety (git-fixes). - iio: common: ssp: Fix alignment for DMA safety (git-fixes). - iio: core: Fix IIO_ALIGN and rename as it was not sufficiently large (git-fixes). - iio: dac: ad5064: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5360: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5421: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5449: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5504: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5755: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5761: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5764: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5766: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5770r: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5791: Fix alignment for DMA saftey (git-fixes). - iio: dac: ad7303: Fix alignment for DMA safety (git-fixes). - iio: dac: ad8801: Fix alignment for DMA safety (git-fixes). - iio: dac: mcp4922: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac082s085: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac5571: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac7311: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac7612: Fix alignment for DMA safety (git-fixes). - iio: fix iio_format_avail_range() printing for none IIO_VAL_INT (git-fixes). - iio: frequency: ad9523: Fix alignment for DMA safety (git-fixes). - iio: frequency: adf4350: Fix alignment for DMA safety (git-fixes). - iio: frequency: adf4371: Fix alignment for DMA safety (git-fixes). - iio: gyro: adis16080: Fix alignment for DMA safety (git-fixes). - iio: gyro: adis16130: Fix alignment for DMA safety (git-fixes). - iio: gyro: adxrs450: Fix alignment for DMA safety (git-fixes). - iio: gyro: fxas210002c: Fix alignment for DMA safety (git-fixes). - iio: imu: fxos8700: Fix alignment for DMA safety (git-fixes). - iio: light: isl29028: Fix the warning in isl29028_remove() (git-fixes). - iio: potentiometer: ad5272: Fix alignment for DMA safety (git-fixes). - iio: potentiometer: max5481: Fix alignment for DMA safety (git-fixes). - iio: potentiometer: mcp41010: Fix alignment for DMA safety (git-fixes). - iio: potentiometer: mcp4131: Fix alignment for DMA safety (git-fixes). - iio: proximity: as3935: Fix alignment for DMA safety (git-fixes). - iio: resolver: ad2s1200: Fix alignment for DMA safety (git-fixes). - iio: resolver: ad2s90: Fix alignment for DMA safety (git-fixes). - iio: temp: ltc2983: Fix alignment for DMA safety (git-fixes). - iio: temp: maxim_thermocouple: Fix alignment for DMA safety (git-fixes). - inet_diag: fix kernel-infoleak for UDP sockets (git-fixes). - intel_th: Fix a resource leak in an error handling path (git-fixes). - intel_th: msu-sink: Potential dereference of null pointer (git-fixes). - intel_th: msu: Fix vmalloced buffers (git-fixes). - intel_th: pci: Add Meteor Lake-P support (git-fixes). - intel_th: pci: Add Raptor Lake-S CPU support (git-fixes). - intel_th: pci: Add Raptor Lake-S PCH support (git-fixes). - interconnect: imx: fix max_node_id (git-fixes). - io_uring: add a schedule point in io_add_buffers() (git-fixes). - io_uring: terminate manual loop iterator loop correctly for non-vecs (git-fixes). - iommu/amd: Clarify AMD IOMMUv2 initialization messages (git-fixes). - iommu/amd: Enable swiotlb in all cases (git-fixes). - iommu/amd: Fix I/O page table memory leak (git-fixes). - iommu/amd: Recover from event log overflow (git-fixes). - iommu/amd: Simplify and Consolidate Virtual APIC (AVIC) Enablement (git-fixes). - iommu/arm-smmu-v3-sva: Fix mm use-after-free (git-fixes). - iommu/arm-smmu-v3: Fix size calculation in arm_smmu_mm_invalidate_range() (git-fixes). - iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop (git-fixes). - iommu/dart: Add missing module owner to ops structure (git-fixes). - iommu/dart: check return value after calling platform_get_resource() (git-fixes). - iommu/exynos: Handle failed IOMMU device registration properly (git-fixes). - iommu/iova: Improve 32-bit free space estimate (git-fixes). - iommu/ipmmu-vmsa: Check for error num after setting mask (git-fixes). - iommu/mediatek: Add list_del in mtk_iommu_remove (git-fixes). - iommu/mediatek: Add mutex for m4u_group and m4u_dom in data (git-fixes). - iommu/mediatek: Fix 2 HW sharing pgtable issue (git-fixes). - iommu/mediatek: Fix NULL pointer dereference when printing dev_name (git-fixes). - iommu/mediatek: Remove clk_disable in mtk_iommu_remove (git-fixes). - iommu/msm: Fix an incorrect NULL check on list iterator (git-fixes). - iommu/omap: Fix regression in probe for NULL pointer dereference (git-fixes). - iommu/tegra-smmu: Fix missing put_device() call in tegra_smmu_find (git-fixes). - iommu/vt-d: Acquiring lock in domain ID allocation helpers (bsc#1200301). - iommu/vt-d: Calculate mask for non-aligned flushes (git-fixes). - iommu/vt-d: Drop stop marker messages (git-fixes). - iommu/vt-d: Fix PCI bus rescan device hot add (git-fixes). - iommu/vt-d: Fix RID2PASID setup/teardown failure (git-fixes). - iommu/vt-d: Make DMAR_UNITS_SUPPORTED default 1024 (bsc#1200301). - iommu/vt-d: Refactor iommu information of each domain (bsc#1200301). - iommu/vt-d: Remove global g_iommus array (bsc#1200301). - iommu/vt-d: Remove intel_iommu::domains (bsc#1200301). - iommu/vt-d: Remove unnecessary check in intel_iommu_add() (bsc#1200301). - iommu/vt-d: Use IDA interface to manage iommu sequence id (bsc#1200301). - iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) (git-fixes). - iommu: Fix potential use-after-free during probe (git-fixes). - iov_iter: Fix iter_xarray_get_pages{,_alloc}() (git-fixes). - iov_iter: fix build issue due to possible type mis-match (git-fixes). - ipmi: fix initialization when workqueue allocation fails (git-fixes). - irqchip/sifive-plic: Add missing thead,c900-plic match string (git-fixes). - irqchip/tegra: Fix overflow implicit truncation warnings (git-fixes). - iwlwifi/fw: use struct_size over open coded arithmetic (bsc#1202131). - iwlwifi: ACPI: support revision 3 WGDS tables (bsc#1202131). - iwlwifi: Add support for getting rf id with blank otp (bsc#1202131). - iwlwifi: Add support for more BZ HWs (bsc#1202131). - iwlwifi: BZ Family BUS_MASTER_DISABLE_REQ code duplication (bsc#1202131). - iwlwifi: BZ Family SW reset support (bsc#1202131). - iwlwifi: Configure FW debug preset via module param (bsc#1202131). - iwlwifi: Fix FW name for gl (bsc#1202131). - iwlwifi: Fix missing error code in iwl_pci_probe() (bsc#1202131). - iwlwifi: Fix syntax errors in comments (bsc#1202131). - iwlwifi: Make use of the helper macro LIST_HEAD() (bsc#1202131). - iwlwifi: Read the correct addresses when getting the crf id (bsc#1202131). - iwlwifi: Start scratch debug register for Bz family (bsc#1202131). - iwlwifi: acpi: fix wgds rev 3 size (bsc#1202131). - iwlwifi: acpi: move ppag code from mvm to fw/acpi (bsc#1202131). - iwlwifi: add missing entries for Gf4 with So and SoF (bsc#1202131). - iwlwifi: add new Qu-Hr device (bsc#1202131). - iwlwifi: add new ax1650 killer device (bsc#1202131). - iwlwifi: add new device id 7F70 (bsc#1202131). - iwlwifi: add new pci SoF with JF (bsc#1202131). - iwlwifi: add some missing kernel-doc in struct iwl_fw (bsc#1202131). - iwlwifi: add support for BNJ HW (bsc#1202131). - iwlwifi: add support for BZ-U and BZ-L HW (bsc#1202131). - iwlwifi: add support for Bz-Z HW (bsc#1202131). - iwlwifi: add vendor specific capabilities for some RFs (bsc#1202131). - iwlwifi: advertise support for HE - DCM BPSK RX/TX (bsc#1202131). - iwlwifi: allow rate-limited error messages (bsc#1202131). - iwlwifi: api: fix struct iwl_wowlan_status_v7 kernel-doc (bsc#1202131). - iwlwifi: api: remove ttl field from TX command (bsc#1202131). - iwlwifi: api: remove unused RX status bits (bsc#1202131). - iwlwifi: avoid variable shadowing (bsc#1202131). - iwlwifi: avoid void pointer arithmetic (bsc#1202131). - iwlwifi: bump FW API to 67 for AX devices (bsc#1202131). - iwlwifi: bump FW API to 68 for AX devices (bsc#1202131). - iwlwifi: bump FW API to 69 for AX devices (bsc#1202131). - iwlwifi: bump FW API to 70 for AX devices (bsc#1202131). - iwlwifi: bump FW API to 71 for AX devices (bsc#1202131). - iwlwifi: bump FW API to 72 for AX devices (bsc#1202131). - iwlwifi: cfg: add support for 1K BA queue (bsc#1202131). - iwlwifi: dbg-tlv: clean up iwl_dbg_tlv_update_drams() (bsc#1202131). - iwlwifi: dbg: add infra for tracking free buffer size (bsc#1202131). - iwlwifi: dbg: check trigger data before access (bsc#1202131). - iwlwifi: dbg: disable ini debug in 8000 family and below (bsc#1202131). - iwlwifi: dbg: in sync mode do not call schedule (bsc#1202131). - iwlwifi: dbg: treat dbgc allocation failure when tlv is missing (bsc#1202131). - iwlwifi: dbg: treat non active regions as unsupported regions (bsc#1202131). - iwlwifi: dbg_ini: Split memcpy() to avoid multi-field write (bsc#1202131). - iwlwifi: de-const properly where needed (bsc#1202131). - iwlwifi: debugfs: remove useless double condition (bsc#1202131). - iwlwifi: do not dump_stack() when we get an unexpected interrupt (bsc#1202131). - iwlwifi: do not use __unused as variable name (bsc#1202131). - iwlwifi: drv: load tlv debug data earlier (bsc#1202131). - iwlwifi: dump CSR scratch from outer function (bsc#1202131). - iwlwifi: dump RCM error tables (bsc#1202131). - iwlwifi: dump both TCM error tables if present (bsc#1202131). - iwlwifi: dump host monitor data when NIC does not init (bsc#1202131). - iwlwifi: dvm: use struct_size over open coded arithmetic (bsc#1202131). - iwlwifi: eeprom: clean up macros (bsc#1202131). - iwlwifi: fix LED dependencies (bsc#1202131). - iwlwifi: fix debug TLV parsing (bsc#1202131). - iwlwifi: fix fw/img.c license statement (bsc#1202131). - iwlwifi: fix iwl_legacy_rate_to_fw_idx (bsc#1202131). - iwlwifi: fix small doc mistake for iwl_fw_ini_addr_val (bsc#1202131). - iwlwifi: fix various more -Wcast-qual warnings (bsc#1202131). - iwlwifi: fw dump: add infrastructure for dump scrubbing (bsc#1202131). - iwlwifi: fw: add support for splitting region type bits (bsc#1202131). - iwlwifi: fw: api: add link to PHY context command struct v1 (bsc#1202131). - iwlwifi: fw: correctly detect HW-SMEM region subtype (bsc#1202131). - iwlwifi: fw: fix some scan kernel-doc (bsc#1202131). - iwlwifi: fw: init SAR GEO table only if data is present (bsc#1202131). - iwlwifi: fw: make dump_start callback void (bsc#1202131). - iwlwifi: fw: remove dead error log code (bsc#1202131). - iwlwifi: implement reset flow for Bz devices (bsc#1202131). - iwlwifi: iwl-eeprom-parse: mostly dvm only (bsc#1202131). - iwlwifi: make iwl_fw_lookup_cmd_ver() take a cmd_id (bsc#1202131). - iwlwifi: make iwl_txq_dyn_alloc_dma() return the txq (bsc#1202131). - iwlwifi: make some functions friendly to sparse (bsc#1202131). - iwlwifi: move symbols into a separate namespace (bsc#1202131). - iwlwifi: mvm/api: define system control command (bsc#1202131). - iwlwifi: mvm: Add RTS and CTS flags to iwl_tx_cmd_flags (bsc#1202131). - iwlwifi: mvm: Add list of OEMs allowed to use TAS (bsc#1202131). - iwlwifi: mvm: Add support for a new version of scan request command (bsc#1202131). - iwlwifi: mvm: Add support for new rate_n_flags in tx_cmd (bsc#1202131). - iwlwifi: mvm: Consider P2P GO operation during scan (bsc#1202131). - iwlwifi: mvm: Disable WiFi bands selectively with BIOS (bsc#1202131). - iwlwifi: mvm: Do not fail if PPAG isn't supported (bsc#1202131). - iwlwifi: mvm: Fix wrong documentation for scan request command (bsc#1202131). - iwlwifi: mvm: Passively scan non PSC channels only when requested so (bsc#1202131). - iwlwifi: mvm: Read acpi dsm to get channel activation bitmap (bsc#1202131). - iwlwifi: mvm: Remove antenna c references (bsc#1202131). - iwlwifi: mvm: Support new TX_RSP and COMPRESSED_BA_RES versions (bsc#1202131). - iwlwifi: mvm: Support new rate_n_flags for REPLY_RX_MPDU_CMD and RX_NO_DATA_NOTIF (bsc#1202131). - iwlwifi: mvm: Support new version of BEACON_TEMPLATE_CMD (bsc#1202131). - iwlwifi: mvm: Support new version of ranging response notification (bsc#1202131). - iwlwifi: mvm: Support version 3 of tlc_update_notif (bsc#1202131). - iwlwifi: mvm: Unify the scan iteration functions (bsc#1202131). - iwlwifi: mvm: Use all Rx chains for roaming scan (bsc#1202131). - iwlwifi: mvm: add US/CA to TAS block list if OEM isn't allowed (bsc#1202131). - iwlwifi: mvm: add a flag to reduce power command (bsc#1202131). - iwlwifi: mvm: add additional info for boot info failures (bsc#1202131). - iwlwifi: mvm: add additional info for boot info failures (bsc#1202131). - iwlwifi: mvm: add dbg_time_point to debugfs (bsc#1202131). - iwlwifi: mvm: add definitions for new rate & flags (bsc#1202131). - iwlwifi: mvm: add lmac/umac PC info in case of error (bsc#1202131). - iwlwifi: mvm: add missing min_size to kernel-doc (bsc#1202131). - iwlwifi: mvm: add some missing command strings (bsc#1202131). - iwlwifi: mvm: add support for 160Mhz in ranging measurements (bsc#1202131). - iwlwifi: mvm: add support for CT-KILL notification version 2 (bsc#1202131). - iwlwifi: mvm: add support for IMR based on platform (bsc#1202131). - iwlwifi: mvm: add support for OCE scan (bsc#1202131). - iwlwifi: mvm: add support for PHY context command v4 (bsc#1202131). - iwlwifi: mvm: add support for statistics update version 15 (bsc#1202131). - iwlwifi: mvm: allow enabling UHB TAS in the USA via ACPI setting (bsc#1202131). - iwlwifi: mvm: always remove the session protection after association (bsc#1202131). - iwlwifi: mvm: always store the PPAG table as the latest version (bsc#1202131). - iwlwifi: mvm: always use 4K RB size by default (bsc#1202131). - iwlwifi: mvm: change old-SN drop threshold (bsc#1202131). - iwlwifi: mvm: clean up indenting in iwl_mvm_tlc_update_notif() (bsc#1202131). - iwlwifi: mvm: convert old rate & flags to the new format (bsc#1202131). - iwlwifi: mvm: correct sta-state logic for TDLS (bsc#1202131). - iwlwifi: mvm: correctly set channel flags (bsc#1202131). - iwlwifi: mvm: correctly set schedule scan profiles (bsc#1202131). - iwlwifi: mvm: d3: move GTK rekeys condition (bsc#1202131). - iwlwifi: mvm: d3: support v12 wowlan status (bsc#1202131). - iwlwifi: mvm: d3: use internal data representation (bsc#1202131). - iwlwifi: mvm: demote non-compliant kernel-doc header (bsc#1202131). - iwlwifi: mvm: do not get address of mvm->fwrt just to dereference as a pointer (bsc#1202131). - iwlwifi: mvm: do not send BAID removal to the FW during hw_restart (bsc#1202131). - iwlwifi: mvm: do not trust hardware queue number (bsc#1202131). - iwlwifi: mvm: drop too short packets silently (bsc#1202131). - iwlwifi: mvm: extend session protection on association (bsc#1202131). - iwlwifi: mvm: fix WGDS table print in iwl_mvm_chub_update_mcc() (bsc#1202131). - iwlwifi: mvm: fix a stray tab (bsc#1202131). - iwlwifi: mvm: fix condition which checks the version of rate_n_flags (bsc#1202131). - iwlwifi: mvm: fix delBA vs. NSSN queue sync race (bsc#1202131). - iwlwifi: mvm: fix ieee80211_get_he_iftype_cap() iftype (bsc#1202131). - iwlwifi: mvm: fix off by one in iwl_mvm_stat_iterator_all_macs() (bsc#1202131). - iwlwifi: mvm: fw: clean up hcmd struct creation (bsc#1202131). - iwlwifi: mvm: handle RX checksum on Bz devices (bsc#1202131). - iwlwifi: mvm: improve log when processing CSA (bsc#1202131). - iwlwifi: mvm: isolate offload assist (checksum) calculation (bsc#1202131). - iwlwifi: mvm: make iwl_mvm_reconfig_scd() static (bsc#1202131). - iwlwifi: mvm: offload channel switch timing to FW (bsc#1202131). - iwlwifi: mvm: only enable HE DCM if we also support TX (bsc#1202131). - iwlwifi: mvm: optionally suppress assert log (bsc#1202131). - iwlwifi: mvm: parse firmware alive message version 6 (bsc#1202131). - iwlwifi: mvm: read 6E enablement flags from DSM and pass to FW (bsc#1202131). - iwlwifi: mvm: reduce WARN_ON() in TX status path (bsc#1202131). - iwlwifi: mvm: refactor iwl_mvm_sta_rx_agg() (bsc#1202131). - iwlwifi: mvm: refactor setting PPE thresholds in STA_HE_CTXT_CMD (bsc#1202131). - iwlwifi: mvm: remove card state notification code (bsc#1202131). - iwlwifi: mvm: remove cipher scheme support (bsc#1202131). - iwlwifi: mvm: remove csi from iwl_mvm_pass_packet_to_mac80211() (bsc#1202131). - iwlwifi: mvm: remove iwl_mvm_disable_txq() flags argument (bsc#1202131). - iwlwifi: mvm: remove session protection after auth/assoc (bsc#1202131). - iwlwifi: mvm: remove session protection on disassoc (bsc#1202131). - iwlwifi: mvm: remove session protection upon station removal (bsc#1202131). - iwlwifi: mvm: rfi: handle deactivation notification (bsc#1202131). - iwlwifi: mvm: rfi: update rfi table (bsc#1202131). - iwlwifi: mvm: rfi: use kmemdup() to replace kzalloc + memcpy (bsc#1202131). - iwlwifi: mvm: scrub key material in firmware dumps (bsc#1202131). - iwlwifi: mvm: set BT-coex high priority for 802.1X/4-way-HS (bsc#1202131). - iwlwifi: mvm: set inactivity timeouts also for PS-poll (bsc#1202131). - iwlwifi: mvm: starting from 22000 we have 32 Rx AMPDU sessions (bsc#1202131). - iwlwifi: mvm: support Bz TX checksum offload (bsc#1202131). - iwlwifi: mvm: support RLC configuration command (bsc#1202131). - iwlwifi: mvm: support new BAID allocation command (bsc#1202131). - iwlwifi: mvm: support revision 1 of WTAS table (bsc#1202131). - iwlwifi: mvm: support v3 of station HE context command (bsc#1202131). - iwlwifi: mvm: update BAID allocation command again (bsc#1202131). - iwlwifi: mvm: update RFI TLV (bsc#1202131). - iwlwifi: mvm: update definitions due to new rate & flags (bsc#1202131). - iwlwifi: mvm: update rate scale in moving back to assoc state (bsc#1202131). - iwlwifi: mvm: use a define for checksum flags mask (bsc#1202131). - iwlwifi: mvm: use debug print instead of WARN_ON() (bsc#1202131). - iwlwifi: nvm: Correct HE capability (bsc#1202131). - iwlwifi: parse debug exclude data from firmware file (bsc#1202131). - iwlwifi: parse error tables from debug TLVs (bsc#1202131). - iwlwifi: pcie: Adapt rx queue write pointer for Bz family (bsc#1202131). - iwlwifi: pcie: add jacket bit to device configuration parsing (bsc#1202131). - iwlwifi: pcie: add support for MS devices (bsc#1202131). - iwlwifi: pcie: adjust to Bz completion descriptor (bsc#1202131). - iwlwifi: pcie: fix SW error MSI-X mapping (bsc#1202131). - iwlwifi: pcie: fix constant-conversion warning (bsc#1202131). - iwlwifi: pcie: fix killer name matching for AX200 (bsc#1202131). - iwlwifi: pcie: iwlwifi: fix device id 7F70 struct (bsc#1202131). - iwlwifi: pcie: make sure iwl_rx_packet_payload_len() will not underflow (bsc#1202131). - iwlwifi: pcie: refactor dev_info lookup (bsc#1202131). - iwlwifi: pcie: remove duplicate entry (bsc#1202131). - iwlwifi: pcie: remove two duplicate PNJ device entries (bsc#1202131). - iwlwifi: pcie: retake ownership after reset (bsc#1202131). - iwlwifi: pcie: simplify iwl_pci_find_dev_info() (bsc#1202131). - iwlwifi: pcie: support Bz suspend/resume trigger (bsc#1202131). - iwlwifi: pcie: try to grab NIC access early (bsc#1202131). - iwlwifi: pcie: update sw error interrupt for BZ family (bsc#1202131). - iwlwifi: pnvm: print out the version properly (bsc#1202131). - iwlwifi: prefer WIDE_ID() over iwl_cmd_id() (bsc#1202131). - iwlwifi: propagate (const) type qualifier (bsc#1202131). - iwlwifi: recognize missing PNVM data and then log filename (bsc#1202131). - iwlwifi: remove MODULE_AUTHOR() statements (bsc#1202131). - iwlwifi: remove command ID argument from queue allocation (bsc#1202131). - iwlwifi: remove contact information (bsc#1202131). - iwlwifi: remove deprecated broadcast filtering feature (bsc#1202131). - iwlwifi: remove redundant iwl_finish_nic_init() argument (bsc#1202131). - iwlwifi: remove unused DC2DC_CONFIG_CMD definitions (bsc#1202131). - iwlwifi: remove unused iwlax210_2ax_cfg_so_hr_a0 structure (bsc#1202131). - iwlwifi: remove unused macros (bsc#1202131). - iwlwifi: rename CHANNEL_SWITCH_NOA_NOTIF to CHANNEL_SWITCH_START_NOTIF (bsc#1202131). - iwlwifi: rename GEO_TX_POWER_LIMIT to PER_CHAIN_LIMIT_OFFSET_CMD (bsc#1202131). - iwlwifi: rs: add support for TLC config command ver 4 (bsc#1202131). - iwlwifi: scan: Modify return value of a function (bsc#1202131). - iwlwifi: support 4-bits in MAC step value (bsc#1202131). - iwlwifi: support SAR GEO Offset Mapping override via BIOS (bsc#1202131). - iwlwifi: support new queue allocation command (bsc#1202131). - iwlwifi: swap 1650i and 1650s killer struct names (bsc#1202131). - iwlwifi: tlc: Add logs in rs_fw_rate_init func to print TLC configuration (bsc#1202131). - iwlwifi: use 4k queue size for Bz A-step (bsc#1202131). - iwlwifi: yoyo: Avoid using dram data if allocation failed (bsc#1202131). - iwlwifi: yoyo: add IMR DRAM dump support (bsc#1202131). - iwlwifi: yoyo: disable IMR DRAM region if IMR is disabled (bsc#1202131). - iwlwifi: yoyo: dump IMR DRAM only for HW and FW error (bsc#1202131). - iwlwifi: yoyo: fix DBGC allocation flow (bsc#1202131). - iwlwifi: yoyo: fix DBGI_SRAM ini dump header (bsc#1202131). - iwlwifi: yoyo: fix issue with new DBGI_SRAM region read (bsc#1202131). - iwlwifi: yoyo: fw debug config from context info and preset (bsc#1202131). - iwlwifi: yoyo: send hcmd to fw after dump collection completes (bsc#1202131). - iwlwifi: yoyo: support TLV-based firmware reset (bsc#1202131). - iwlwifi: yoyo: support dump policy for the dump size (bsc#1202131). - iwlwifi: yoyo: support for DBGC4 for dram (bsc#1202131). - iwlwifi: yoyo: support for ROM usniffer (bsc#1202131). - jbd2: export jbd2_journal_[grab|put]_journal_head (bsc#1202775). - jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted (bsc#1202716). - jbd2: fix outstanding credits assert in jbd2_journal_commit_transaction() (bsc#1202715). - kABI: scsi: libiscsi: fix removal of iscsi_create_conn (bsc#1198410). - kabi/severities: Exclude ppc kvm - kabi/severities: add Qlogic qed symbols - kabi/severities: add drivers/scsi/hisi_sas for bsc#1202471 - kabi/severities: add hisilicon hns3 symbols - kabi/severities: add microchip dsa drivers - kabi/severities: ignore kABI changes in mwifiex drivers Those symbols are used only locally in mwifiex (sub-)modules. - kabi/severities: octeontx2 driver (jsc#SLE-24682) - kbuild: dummy-tools: avoid tmpdir leak in dummy gcc (git-fixes). - kbuild: fix the modules order between drivers and libs (git-fixes). - kbuild: link vmlinux only once for CONFIG_TRIM_UNUSED_KSYMS (2nd attempt) (git-fixes). - kcm: fix strp_init() order and cleanup (git-fies). - kernel-binary: move @NOSOURCE@ to @SOURCES@ as in other packages - kfifo: fix kfifo_to_user() return type (git-fixes). - kselftest/cgroup: fix test_stress.sh to use OUTPUT dir (git-fixes). - kselftest/vm: fix tests build with old libc (git-fixes). - kselftest: Fix vdso_test_abi return status (git-fixes). - kselftest: signal all child processes (git-fixes). - kvm: selftests: do not use bitfields larger than 32-bits for PTEs (git-fixes). - l3mdev: l3mdev_master_upper_ifindex_by_index_rcu should be using netdev_master_upper_dev_get_rcu (git-fixes). - landlock: Add clang-format exceptions (git-fixes). - landlock: Change landlock_add_rule(2) argument check ordering (git-fixes). - landlock: Change landlock_restrict_self(2) check ordering (git-fixes). - landlock: Create find_rule() from unmask_layers() (git-fixes). - landlock: Define access_mask_t to enforce a consistent access mask size (git-fixes). - landlock: Fix landlock_add_rule(2) documentation (git-fixes). - landlock: Fix same-layer rule unions (git-fixes). - landlock: Format with clang-format (git-fixes). - landlock: Reduce the maximum number of layers to 16 (git-fixes). - landlock: Use square brackets around "landlock-ruleset" (git-fixes). - lib/list_debug.c: Detect uninitialized lists (git-fixes). - lib/raid6/test: fix multiple definition linking error (git-fixes). - lib/smp_processor_id: fix imbalanced instrumentation_end() call (git-fixes). - lkdtm: Disable return thunks in rodata.c (bsc#1190497). - lockdep: Correct lock_classes index mapping (git-fixes). - locking/lockdep: Avoid potential access of invalid memory in lock_class (git-fixes). - locking/lockdep: Fix lockdep_init_map_*() confusion (git-fixes). - locking/lockdep: Iterate lock_classes directly when reading lockdep files (git-fixes). - loop: Check for overflow while configuring loop (git-fies). - loop: Use pr_warn_once() for loop_control_remove() warning (git-fixes). - loop: use sysfs_emit() in the sysfs xxx show() (git-fixes). - mac80211: fix a memory leak where sta_info is not freed (git-fixes). - mac80211: introduce channel switch disconnect function (bsc#1202131). - macsec: always read MACSEC_SA_ATTR_PN as a u64 (git-fixes). - macsec: fix NULL deref in macsec_add_rxsa (git-fixes). - macsec: fix error message in macsec_add_rxsa and _txsa (git-fixes). - macsec: limit replay window size with XPN (git-fixes). - marvell: octeontx2: build error: unknown type name 'u64' (jsc#SLE-24682). - mbcache: add functions to delete entry if unused (bsc#1198971). - mbcache: do not reclaim used entries (bsc#1198971). - md/bitmap: do not set sb values if can't pass sanity check (bsc#1197158). - md/raid0: Ignore RAID0 layout if the second zone has only one device (git-fixes). - md/raid1: fix missing bitmap update w/o WriteMostly devices (bsc#1203036). - media: [PATCH] pci: atomisp_cmd: fix three missing checks on list iterator (git-fixes). - media: atmel: atmel-sama7g5-isc: fix warning in configs without OF (git-fixes). - media: cedrus: h265: Fix flag name (git-fixes). - media: cedrus: hevc: Add check for invalid timestamp (git-fixes). - media: driver/nxp/imx-jpeg: fix a unexpected return value problem (git-fixes). - media: hantro: postproc: Fix motion vector space size (git-fixes). - media: hdpvr: fix error value returns in hdpvr_read (git-fixes). - media: hevc: Embedded indexes in RPS (git-fixes). - media: imx-jpeg: Add pm-runtime support for imx-jpeg (git-fixes). - media: imx-jpeg: use NV12M to represent non contiguous NV12 (git-fixes). - media: pvrusb2: fix memory leak in pvr_probe (git-fixes). - media: tw686x: Fix memory leak in tw686x_video_init (git-fixes). - media: tw686x: Register the irq at the end of probe (git-fixes). - media: v4l2-mem2mem: prevent pollerr when last_buffer_dequeued is set (git-fixes). - mediatek: mt76: eeprom: fix missing of_node_put() in mt76_find_power_limits_node() (git-fixes). - mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init() (git-fixes). - memstick/ms_block: Fix a memory leak (git-fixes). - memstick/ms_block: Fix some incorrect memory allocation (git-fixes). - meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init (git-fixes). - mfd: max77620: Fix refcount leak in max77620_initialise_fps (git-fixes). - mfd: t7l66xb: Drop platform disable callback (git-fixes). - minix: fix bug when opening a file with O_DIRECT (git-fixes). - misc: fastrpc: fix memory corruption on open (git-fixes). - misc: fastrpc: fix memory corruption on probe (git-fixes). - misc: rtsx: Fix an error handling path in rtsx_pci_probe() (git-fixes). - mkspec: eliminate @NOSOURCE@ macro This should be alsways used with @SOURCES@, just include the content there. - mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse (git-fixes). - mm: bdi: initialize bdi_min_ratio when bdi is unregistered (bsc#1197763). - mm: memcontrol: fix potential oom_lock recursion deadlock (bsc#1202447). - mm: pagewalk: Fix race between unmap and page walker (git-fixes, bsc#1203159). - mmc: block: Add single read for 4k sector cards (git-fixes). - mmc: cavium-octeon: Add of_node_put() when breaking out of loop (git-fixes). - mmc: cavium-thunderx: Add of_node_put() when breaking out of loop (git-fixes). - mmc: core: Fix UHS-I SD 1.8V workaround branch (git-fixes). - mmc: meson-gx: Fix an error handling path in meson_mmc_probe() (git-fixes). - mmc: mxcmmc: Silence a clang warning (git-fixes). - mmc: pxamci: Fix an error handling path in pxamci_probe() (git-fixes). - mmc: pxamci: Fix another error handling path in pxamci_probe() (git-fixes). - mmc: renesas_sdhi: Get the reset handle early in the probe (git-fixes). - mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R (git-fixes). - mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch (git-fixes). - mmc: tmio: avoid glitches when resetting (git-fixes). - msft-hv-2570-hv_netvsc: Add support for XDP_REDIRECT (bsc#1199364). - mt76: mt7615: do not update pm stats in case of error (git-fixes). - mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg (git-fixes). - mt76: mt7921: enlarge maximum VHT MPDU length to 11454 (git-fixes). - mt76: mt7921: fix aggregation subframes setting to HE max (git-fixes). - mtd: dataflash: Add SPI ID table (git-fixes). - mtd: maps: Fix refcount leak in ap_flash_init (git-fixes). - mtd: maps: Fix refcount leak in of_flash_probe_versatile (git-fixes). - mtd: parsers: ofpart: Fix refcount leak in bcm4908_partitions_fw_offset (git-fixes). - mtd: partitions: Fix refcount leak in parse_redboot_of (git-fixes). - mtd: rawnand: arasan: Fix clock rate in NV-DDR (git-fixes). - mtd: rawnand: arasan: Update NAND bus clock instead of system clock (git-fixes). - mtd: rawnand: gpmi: Set WAIT_FOR_READY timeout based on program/erase times (git-fixes). - mtd: rawnand: gpmi: validate controller clock rate (git-fixes). - mtd: rawnand: meson: Fix a potential double free issue (git-fixes). - mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release (git-fixes). - mtd: spi-nor: fix spi_nor_spimem_setup_op() call in spi_nor_erase_{sector,chip}() (git-fixes). - mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path (git-fixes). - musb: fix USB_MUSB_TUSB6010 dependency (git-fixes). - mwifiex: Ignore BTCOEX events from the 88W8897 firmware (git-fixes). - n_gsm: remove unused parameters from gsm_error() (git-fixes). - net: asix: fix "can't send until first packet is send" issue (git-fixes). - net: bcmgenet: Use stronger register read/writes to assure ordering (git-fixes). - net: dsa: b53: Add SPI ID table (git-fixes). - net: dsa: felix: Fix memory leak in felix_setup_mmio_filtering (git-fixes). - net: dsa: felix: purge skb from TX timestamping queue if it cannot be sent (git-fies). - net: dsa: hellcreek: Add STP forwarding rule (git-fixes). - net: dsa: hellcreek: Add missing PTP via UDP rules (git-fixes). - net: dsa: hellcreek: Allow PTP P2P measurements on blocked ports (git-fixes). - net: dsa: hellcreek: Fix insertion of static FDB entries (git-fixes). - net: dsa: microchip: implement multi-bridge support (git-fixes). - net: dsa: mv88e6xxx: Add fix for erratum 5.2 of 88E6393X family (git-fixes). - net: dsa: mv88e6xxx: Drop unnecessary check in mv88e6393x_serdes_erratum_4_6() (git-fixes). - net: dsa: mv88e6xxx: Enable port policy support on 6097 (git-fixes). - net: dsa: mv88e6xxx: Fix application of erratum 4.8 for 88E6393X (git-fixes). - net: dsa: mv88e6xxx: Fix inband AN for 2500base-x on 88E6393X family (git-fixes). - net: dsa: mv88e6xxx: Link in pcs_get_state() if AN is bypassed (git-fixes). - net: dsa: mv88e6xxx: Save power by disabling SerDes trasmitter and receiver (git-fixes). - net: dsa: mv88e6xxx: Unforce speed & duplex in mac_link_down() (git-fixes). - net: dsa: mv88e6xxx: allow use of PHYs on CPU and DSA ports (git-fixes). - net: dsa: mv88e6xxx: error handling for serdes_power functions (git-fixes). - net: dsa: mv88e6xxx: fix "do not use PHY_DETECT on internal PHY's" (git-fixes). - net: dsa: ocelot: seville: utilize of_mdiobus_register (git-fixes). - net: dsa: qca8k: fix MTU calculation (git-fixes). - net: dsa: seville: register the mdiobus under devres (git-fixes). - net: dsa: tag_ocelot_8021q: break circular dependency with ocelot switch lib (git-fies). - net: enetc: report software timestamping via SO_TIMESTAMPING (git-fixes). - net: hns3: clean residual vf config after disable sriov (git-fixes). - net: macsec: fix potential resource leak in macsec_add_rxsa() and macsec_add_txsa() (git-fixes). - net: marvell: prestera: fix incorrect structure access (git-fixes). - net: mscc: ocelot: correctly report the timestamping RX filters in ethtool (git-fixes). - net: mscc: ocelot: create a function that replaces an existing VCAP filter (git-fixes). - net: mscc: ocelot: do not dereference NULL pointers with shared tc filters (git-fixes). - net: mscc: ocelot: do not downgrade timestamping RX filters in SIOCSHWTSTAMP (git-fixes). - net: mscc: ocelot: fix incorrect balancing with down LAG ports (git-fixes). - net: mscc: ocelot: set up traps for PTP packets (git-fixes). - net: openvswitch: do not send internal clone attribute to the userspace (git-fixes). - net: openvswitch: fix leak of nested actions (git-fixes). - net: openvswitch: fix misuse of the cached connection on tuple changes (git-fixes). - net: openvswitch: fix parsing of nw_proto for IPv6 fragments (git-fixes). - net: phy: Do not WARN for PHY_READY state in mdio_bus_phy_resume() (git-fixes). - net: phy: Warn about incorrect mdio_bus_phy_resume() state (git-fixes). - net: phy: smsc: Disable Energy Detect Power-Down in interrupt mode (git-fixes). - net: ptp: add a definition for the UDP port for IEEE 1588 general messages (git-fixes). - net: rose: fix netdev reference changes (git-fixes). - net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale pointer (git-fixes). - net: stmmac: clean up impossible condition (git-fixes). - net: stmmac: disable Split Header (SPH) for Intel platforms (bsc#1194904). - net: stmmac: dwc-qos: Disable split header for Tegra194 (bsc#1194904). - net: stmmac: fix off-by-one error in sanity check (git-fixes). - net: usb: Correct PHY handling of smsc95xx (git-fixes). - net: usb: Correct reset handling of smsc95xx (git-fixes). - net: usb: ax88179_178a needs FLAG_SEND_ZLP (git-fixes). - net: usb: ax88179_178a: add Allied Telesis AT-UMCs (git-fixes). - net: usb: make USB_RTL8153_ECM non user configurable (git-fixes). - net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() (bsc#1200431). - net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() (bsc#1200431). - net: vmxnet3: remove multiple false checks in vmxnet3_ethtool.c (bsc#1200431). - net:enetc: allocate CBD ring data memory using DMA coherent methods (git-fixes). - net_sched: cls_route: disallow handle of 0 (bsc#1202393). - nfc: pn533: Fix use-after-free bugs caused by pn532_cmd_timeout (git-fixes). - nfsd: fix use-after-free due to delegation race (git-fixes). - nilfs2: fix incorrect masking of permission flags for symlinks (git-fixes). - nilfs2: fix lockdep warnings during disk space reclamation (git-fixes). - nilfs2: fix lockdep warnings in page operations for btree nodes (git-fixes). - nohz/full, sched/rt: Fix missed tick-reenabling bug in dequeue_task_rt() (bnc#1189999 (Scheduler functional and performance backports)). - nouveau/svm: Fix to migrate all requested pages (git-fixes). - nouveau: explicitly wait on the fence in nouveau_bo_move_m2mf (git-fies). - ntb_hw_amd: Add NTB PCI ID for new gen CPU (bsc#1202113). - nvme-auth: align to pre-upstream FFDHE implementation (bsc#1202265). - nvme-auth: retry command if DNR bit is not set (bsc#1201675). - nvme-fabrics: parse nvme connect Linux error codes (bsc#1201865). - nvme-rdma: Handle number of queue changes (bsc#1201865). - nvme-tcp: Handle number of queue changes (bsc#1201865). - nvme-tcp: fix UAF when detecting digest errors (bsc#1200313 bsc#1201489). - nvme: consider also host_iface when checking ip options (bsc#1199670). - nvme: fix RCU hole that allowed for endless looping in multipath round robin (bsc#1202636). - nvme: implement In-Band authentication (jsc#SLE-20183). - nvme: kabi fixes for in-band authentication (bsc#1199086). - nvmet-auth: expire authentication sessions (jsc#SLE-20183). - nvmet: Expose max queues to configfs (bsc#1201865). - nvmet: implement basic In-Band Authentication (jsc#SLE-20183). - ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock (bsc#1202778). - ocfs2: fix a deadlock when commit trans (bsc#1202776). - octeontx2-af: Add KPU changes to parse NGIO as separate layer (jsc#SLE-24682). - octeontx2-af: Add PTP device id for CN10K and 95O silcons (jsc#SLE-24682). - octeontx2-af: Add SDP interface support (jsc#SLE-24682). - octeontx2-af: Add debug messages for failures (jsc#SLE-24682). - octeontx2-af: Add external ptp input clock (jsc#SLE-24682). - octeontx2-af: Add free rsrc count mbox msg (jsc#SLE-24682). - octeontx2-af: Add mbox to retrieve bandwidth profile free count (jsc#SLE-24682). - octeontx2-af: Add support to flush full CPT CTX cache (jsc#SLE-24682). - octeontx2-af: Adjust LA pointer for cpt parse header (jsc#SLE-24682). - octeontx2-af: Allocate low priority entries for PF (jsc#SLE-24682). - octeontx2-af: Allow to configure flow tag LSB byte as RSS adder (jsc#SLE-24682). - octeontx2-af: Change the order of queue work and interrupt disable (jsc#SLE-24682). - octeontx2-af: Do not enable Pause frames by default (jsc#SLE-24682). - octeontx2-af: Enable CPT HW interrupts (jsc#SLE-24682). - octeontx2-af: Enhance mailbox trace entry (jsc#SLE-24682). - octeontx2-af: Fix LBK backpressure id count (jsc#SLE-24682). - octeontx2-af: Fix inconsistent license text (jsc#SLE-24682). - octeontx2-af: Fix interrupt name strings (jsc#SLE-24682). - octeontx2-af: Fix spelling mistake "Makesure" -> "Make sure" (jsc#SLE-24682). - octeontx2-af: Fix uninitialized variable val (jsc#SLE-24682). - octeontx2-af: Flow control resource management (jsc#SLE-24682). - octeontx2-af: Handle return value in block reset (jsc#SLE-24682). - octeontx2-af: Hardware configuration for inline IPsec (jsc#SLE-24682). - octeontx2-af: Increase link credit restore polling timeout (jsc#SLE-24682). - octeontx2-af: Increase number of reserved entries in KPU (jsc#SLE-24682). - octeontx2-af: Increment ptp refcount before use (jsc#SLE-24682). - octeontx2-af: Limit KPU parsing for GTPU packets (jsc#SLE-24682). - octeontx2-af: Modify install flow error codes (jsc#SLE-24682). - octeontx2-af: Optimize KPU1 processing for variable-length headers (jsc#SLE-24682). - octeontx2-af: Perform cpt lf teardown in non FLR path (jsc#SLE-24682). - octeontx2-af: Priority flow control configuration support (jsc#SLE-24682). - octeontx2-af: Remove channel verification while installing MCAM rules (jsc#SLE-24682). - octeontx2-af: Remove redundant initialization of variable blkaddr (jsc#SLE-24682). - octeontx2-af: Remove redundant initialization of variable pin (jsc#SLE-24682). - octeontx2-af: Reset PTP config in FLR handler (jsc#SLE-24682). - octeontx2-af: Retry until RVU block reset complete (jsc#SLE-24682). - octeontx2-af: Use DMA_ATTR_FORCE_CONTIGUOUS attribute in DMA alloc (jsc#SLE-24682). - octeontx2-af: Use NDC TX for transmit packet data (jsc#SLE-24682). - octeontx2-af: Use ptp input clock info from firmware data (jsc#SLE-24682). - octeontx2-af: Wait for TX link idle for credits change (jsc#SLE-24682). - octeontx2-af: add proper return codes for AF mailbox handlers (jsc#SLE-24682). - octeontx2-af: cn10K: Get NPC counters value (jsc#SLE-24682). - octeontx2-af: cn10K: support for sched lmtst and other features (jsc#SLE-24682). - octeontx2-af: cn10k: DWRR MTU configuration (jsc#SLE-24682). - octeontx2-af: cn10k: RPM hardware timestamp configuration (jsc#SLE-24682). - octeontx2-af: cn10k: Set cache lines for NPA batch alloc (jsc#SLE-24682). - octeontx2-af: cn10k: Use appropriate register for LMAC enable (jsc#SLE-24682). - octeontx2-af: cn10k: add workaround for ptp errata (jsc#SLE-24682). - octeontx2-af: cn10k: debugfs for dumping LMTST map table (jsc#SLE-24682). - octeontx2-af: configure npc for cn10k to allow packets from cpt (jsc#SLE-24682). - octeontx2-af: debugfs: Add channel and channel mask (jsc#SLE-24682). - octeontx2-af: debugfs: Minor changes (jsc#SLE-24682). - octeontx2-af: debugfs: do not corrupt user memory (jsc#SLE-24682). - octeontx2-af: debugfs: fix error return of allocations (jsc#SLE-24682). - octeontx2-af: enable tx shaping feature for 96xx C0 (jsc#SLE-24682). - octeontx2-af: fix array bound error (jsc#SLE-24682). - octeontx2-af: fix error code in is_valid_offset() (jsc#SLE-24682). - octeontx2-af: initialize action variable (jsc#SLE-24682). - octeontx2-af: nix and lbk in loop mode in 98xx (jsc#SLE-24682). - octeontx2-af: remove redudant second error check on variable err (jsc#SLE-24682). - octeontx2-af: use swap() to make code cleaner (jsc#SLE-24682). - octeontx2-af: verify CQ context updates (jsc#SLE-24682). - octeontx2-nic: fix mixed module build (jsc#SLE-24682). - octeontx2-nicvf: Add PTP hardware clock support to NIX VF (jsc#SLE-24682). - octeontx2-nicvf: Free VF PTP resources (jsc#SLE-24682). - octeontx2-pf: Add TC feature for VFs (jsc#SLE-24682). - octeontx2-pf: Add XDP support to netdev PF (jsc#SLE-24682). - octeontx2-pf: Add check for non zero mcam flows (jsc#SLE-24682). - octeontx2-pf: Add support for adaptive interrupt coalescing (jsc#SLE-24682). - octeontx2-pf: Add vlan-etype to ntuple filters (jsc#SLE-24682). - octeontx2-pf: Allow VLAN priority also in ntuple filters (jsc#SLE-24682). - octeontx2-pf: CN10K: Hide RPM stats over ethtool (jsc#SLE-24682). - octeontx2-pf: Do not mask out supported link modes (jsc#SLE-24682). - octeontx2-pf: Enable NETIF_F_RXALL support for VF driver (jsc#SLE-24682). - octeontx2-pf: Fix inconsistent license text (jsc#SLE-24682). - octeontx2-pf: Ntuple filters support for VF netdev (jsc#SLE-24682). - octeontx2-pf: PFC config support with DCBx (jsc#SLE-24682). - octeontx2-pf: Remove unnecessary synchronize_irq() before free_irq() (jsc#SLE-24682). - octeontx2-pf: Simplify the receive buffer size calculation (jsc#SLE-24682). - octeontx2-pf: Sort the allocated MCAM entry indices (jsc#SLE-24682). - octeontx2-pf: Unify flow management variables (jsc#SLE-24682). - octeontx2-pf: Use hardware register for CQE count (jsc#SLE-24682). - octeontx2-pf: cn10K: Reserve LMTST lines per core (jsc#SLE-24682). - octeontx2-pf: cn10k: Config DWRR weight based on MTU (jsc#SLE-24682). - octeontx2-pf: cn10k: Ensure valid pointers are freed to aura (jsc#SLE-24682). - octeontx2-pf: cn10k: add support for new ptp timestamp format (jsc#SLE-24682). - octeontx2-pf: devlink params support to set mcam entry count (jsc#SLE-24682). - octeontx2-pf: replace bitmap_weight with bitmap_empty where appropriate (jsc#SLE-24682). - octeontx2-pf: select CONFIG_NET_DEVLINK (jsc#SLE-24682). - octeontx2-vf: Add support for adaptive interrupt coalescing (jsc#SLE-24682). - octeontx2: Move devlink registration to be last devlink command (jsc#SLE-24682). - openvswitch: Fix setting ipv6 fields causing hw csum failure (git-fixes). - openvswitch: Fixed nd target mask field in the flow dump (git-fixes). - openvswitch: always update flow key after nat (git-fixes). - optee: add error checks in optee_ffa_do_call_with_arg() (git-fixes). - perf bench futex: Fix memory leak of perf_cpu_map__new() (git-fixes). - phy: samsung: phy-exynos-pcie: sanitize init/power_on callbacks (git-fixes). - phy: stm32: fix error return in stm32_usbphyc_phy_init (git-fixes). - pinctrl: amd: Do not save/restore interrupt status and wake status bits (git-fixes). - pinctrl: armada-37xx: Convert to use dev_err_probe() (git-fixes). - pinctrl: armada-37xx: Make use of the devm_platform_ioremap_resource() (git-fixes). - pinctrl: armada-37xx: Use temporary variable for struct device (git-fixes). - pinctrl: intel: Check against matching data instead of ACPI companion (git-fixes). - pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map (git-fixes). - pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed (git-fixes). - pinctrl: qcom: sm8250: Fix PDC map (git-fixes). - pinctrl: sunxi: Add I/O bias setting for H6 R-PIO (git-fixes). - platform/chrome: cros_ec: Always expose last resume result (git-fixes). - platform/chrome: cros_ec_proto: do not show MKBP version if unsupported (git-fixes). - platform/olpc: Fix uninitialized data in debugfs write (git-fixes). - platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask (git-fixes). - platform/x86: pmc_atom: Match all Lex BayTrail boards with critclk_systems DMI table (git-fixes). - powerpc/perf: Optimize clearing the pending PMI and remove WARN_ON for PMI check in power_pmu_disable (bsc#1156395). - powerpc/powernv/kvm: Use darn for H_RANDOM on Power9 (bsc#1065729). - powerpc/powernv: Avoid crashing if rng is NULL (bsc#1065729). - powerpc/powernv: delay rng platform device creation until later in boot (bsc#1065729). - powerpc/powernv: rename remaining rng powernv_ functions to pnv_ (bsc#1065729). - powerpc/powernv: wire up rng during setup_arch (bsc#1065729). - powerpc/pseries: Interface to represent PAPR firmware attributes (bsc#1200465 ltc#197256 jsc#SLE-18130). - powerpc/pseries: Rename TYPE1_AFFINITY to FORM1_AFFINITY (bsc#1200465 ltc#197256 jsc#SLE-18130). - powerpc/pseries: rename min_common_depth to primary_domain_index (bsc#1200465 ltc#197256 jsc#SLE-18130). - powerpc/pseries: wire up rng during setup_arch() (bsc#1065729). - powerpc/xive: Fix refcount leak in xive_get_max_prio (git-fixess). - powerpc: Avoid discarding flags in system_call_exception() (bsc#1194869). - powerpc: Enable execve syscall exit tracepoint (bsc#1065729). - powerpc: powernv: kABI: add back powernv_get_random_long (bsc#1065729). - proc: fix a dentry lock race between release_task and lookup (git-fixes). - proc: fix dentry/inode overinstantiating under /proc/${pid}/net (git-fixes). - profiling: fix shift too large makes kernel panic (git-fixes). - pwm: lpc18xx-sct: Reduce number of devm memory allocations (git-fixes). - pwm: lpc18xx-sct: Simplify driver by not using pwm_[gs]et_chip_data() (git-fixes). - pwm: lpc18xx: Fix period handling (git-fixes). - qed: validate and restrict untrusted VFs vlan promisc mode (git-fixes). - r8152: fix the RX FIFO settings when suspending (git-fixes). - r8152: fix the units of some registers for RTL8156A (git-fixes). - random: remove useless header comment (git-fixes). - ratelimit: Fix data-races in ___ratelimit() (git-fixes). - regulator: of: Fix refcount leak bug in of_get_regulation_constraints() (git-fixes). - regulator: pca9450: Remove restrictions for regulator-name (git-fixes). - regulator: qcom_smd: Fix pm8916_pldo range (git-fixes). - remoteproc: imx_rproc: Fix refcount leak in imx_rproc_addr_init (git-fixes). - remoteproc: k3-r5: Fix refcount leak in k3_r5_cluster_of_init (git-fixes). - remoteproc: qcom: pas: Check if coredump is enabled (git-fixes). - remoteproc: qcom: pas: Mark devices as wakeup capable (git-fixes). - remoteproc: qcom: q6v5-mss: add powerdomains to MSM8996 config (git-fixes). - remoteproc: qcom: wcnss: Fix handling of IRQs (git-fixes). - remoteproc: sysmon: Wait for SSCTL service to come up (git-fixes). - rose: check NULL rose_loopback_neigh->loopback (git-fixes). - rpm/kernel-binary.spec.in: move vdso to a separate package (bsc#1202385) - rpmsg: char: Add mutex protection for rpmsg_eptdev_open() (git-fixes). - rpmsg: mtk_rpmsg: Fix circular locking dependency (git-fixes). - rpmsg: qcom_smd: Fix refcount leak in qcom_smd_parse_edge (git-fixes). - s390/cpumf: Handle events cycles and instructions identical (git-fixes). - s390/crash: fix incorrect number of bytes to copy to user space (git-fixes). - s390/crash: make copy_oldmem_page() return number of bytes copied (git-fixes). - s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages (git-fixes). - s390/hypfs: avoid error message under KVM (bsc#1032323). - s390/kexec: handle R_390_PLT32DBL rela in arch_kexec_apply_relocations_add() (git-fixes). - s390/mm: do not trigger write fault when vma does not allow VM_WRITE (git-fixes). - s390/mm: use non-quiescing sske for KVM switch to keyed guest (git-fixes). - s390/qeth: cache link_info for ethtool (bsc#1202262 LTC#199322). - s390/stp: clock_delta should be signed (git-fixes). - s390/zcore: fix race when reading from hardware system area (git-fixes). - samples/landlock: Add clang-format exceptions (git-fixes). - samples/landlock: Fix path_list memory leak (git-fixes). - samples/landlock: Format with clang-format (git-fixes). - sched/core: Always flush pending blk_plug (bnc#1189999 (Scheduler functional and performance backports)). - sched/deadline: Fix BUG_ON condition for deboosted tasks (git-fixes) - sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq (bnc#1189999 (Scheduler functional and performance backports)). - sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq -kabi (git fixes (sched/fair)). - sched/fair: Remove redundant word " *" (bnc#1189999 (Scheduler functional and performance backports)). - sched/uclamp: Fix iowait boost escaping uclamp restriction (git-fixes) - sched/uclamp: Fix rq->uclamp_max not set on first enqueue (git-fixes) - sched: Allow newidle balancing to bail out of load_balance (bnc#1189999 (Scheduler functional and performance backports)). - sched: Fix the check of nr_running at queue wakelist (bnc#1189999 (Scheduler functional and performance backports)). - sched: Remove the limitation of WF_ON_CPU on wakelist if wakee cpu is idle (bnc#1189999 (Scheduler functional and performance backports)). Refresh - sched: Remove unused function group_first_cpu() (bnc#1189999 (Scheduler functional and performance backports)). - scripts/dtc: Call pkg-config POSIXly correct (git-fixes). - scripts/faddr2line: Fix vmlinux detection on arm64 (git-fixes). - scripts/gdb: change kernel config dumping method (git-fixes). - scripts: sphinx-pre-install: Fix ctex support on Debian (git-fixes). - scripts: sphinx-pre-install: add required ctex dependency (git-fixes). - scsi: hisi_sas: Keep controller active between ISR of phyup and the event being processed (bsc#1202471). - scsi: hisi_sas: Use autosuspend for the host controller (bsc#1202471). - scsi: libiscsi: Add iscsi_cls_conn to sysfs after initialization (bsc#1198410). - scsi: lpfc: Add warning notification period to CMF_SYNC_WQE (bsc#1203063). - scsi: lpfc: Check the return value of alloc_workqueue() (bsc#1203063). - scsi: lpfc: Copyright updates for 14.2.0.5 patches (bsc#1201956). - scsi: lpfc: Copyright updates for 14.2.0.6 patches (bsc#1203063). - scsi: lpfc: Fix attempted FA-PWWN usage after feature disable (bsc#1201956). - scsi: lpfc: Fix lost NVMe paths during LIF bounce stress test (bsc#1201956). - scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for GFT_ID (bsc#1203063). - scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE (bsc#1201956). - scsi: lpfc: Fix uninitialized cqe field in lpfc_nvme_cancel_iocb() (bsc#1201956). - scsi: lpfc: Fix unsolicited FLOGI receive handling during PT2PT discovery (bsc#1203063). - scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input (bsc#1201956). - scsi: lpfc: Refactor lpfc_nvmet_prep_abort_wqe() into lpfc_sli_prep_abort_xri() (bsc#1201956). - scsi: lpfc: Remove Menlo/Hornet related code (bsc#1201956). - scsi: lpfc: Remove SANDiags related code (bsc#1203063). - scsi: lpfc: Remove extra atomic_inc on cmd_pending in queuecommand after VMID (bsc#1201956). - scsi: lpfc: Revert RSCN_MEMENTO workaround for misbehaved configuration (bsc#1201956). - scsi: lpfc: Rework MIB Rx Monitor debug info logic (bsc#1203063). - scsi: lpfc: Set PU field when providing D_ID in XMIT_ELS_RSP64_CX iocb (bsc#1201956). - scsi: lpfc: Update lpfc version to 14.2.0.5 (bsc#1201956). - scsi: lpfc: Update lpfc version to 14.2.0.6 (bsc#1203063). - scsi: megaraid: Clear READ queue map's nr_queues (git-fixes). - scsi: mpt3sas: Stop fw fault watchdog work item during system shutdown (git-fixes). - scsi: qla2xxx: Check correct variable in qla24xx_async_gffid() (bsc#1201958). - scsi: qla2xxx: Fix discovery issues in FC-AL topology (bsc#1201958). - scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1201958). - scsi: qla2xxx: Fix incorrect display of max frame size (bsc#1201958). - scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1201958). - scsi: qla2xxx: Fix sparse warning for dport_data (bsc#1201958). - scsi: qla2xxx: Update manufacturer details (bsc#1201958). - scsi: qla2xxx: Update version to 10.02.07.800-k (bsc#1201958). - scsi: qla2xxx: Zero undefined mailbox IN registers (bsc#1201958). - scsi: qla2xxx: edif: Fix dropped IKE message (bsc#1201958). - scsi: sg: Allow waiting for commands to complete on removed device (git-fixes). - scsi: smartpqi: Fix DMA direction for RAID requests (git-fixes). - scsi: ufs: core: Fix another task management completion race (git-fixes). - scsi: ufs: core: Fix task management completion timeout race (git-fixes). - scsi: zfcp: Fix missing auto port scan and thus missing target ports (git-fixes). - seccomp: Invalidate seccomp mode to catch death failures (git-fixes). - selftest/net/forwarding: declare NETIFS p9 p10 (git-fixes). - selftest/powerpc: Add PAPR sysfs attributes sniff test (bsc#1200465 ltc#197256 jsc#SLE-18130). - selftest/vm: fix map_fixed_noreplace test failure (git-fixes). - selftest/vm: verify mmap addr in mremap_test (git-fixes). - selftest/vm: verify remap destination address in mremap_test (git-fixes). - selftests, x86: fix how check_cc.sh is being invoked (git-fixes). - selftests/exec: Add non-regular to TEST_GEN_PROGS (git-fixes). - selftests/exec: Remove pipe from TEST_GEN_FILES (git-fixes). - selftests/fib_tests: Rework fib_rp_filter_test() (git-fixes). - selftests/ftrace: Do not trace do_softirq because of PREEMPT_RT (git-fixes). - selftests/ftrace: make kprobe profile testcase description unique (git-fixes). - selftests/landlock: Add clang-format exceptions (git-fixes). - selftests/landlock: Add tests for O_PATH (git-fixes). - selftests/landlock: Add tests for unknown access rights (git-fixes). - selftests/landlock: Extend access right tests to directories (git-fixes). - selftests/landlock: Extend tests for minimal valid attribute size (git-fixes). - selftests/landlock: Format with clang-format (git-fixes). - selftests/landlock: Fully test file rename with "remove" access (git-fixes). - selftests/landlock: Make tests build with old libc (git-fixes). - selftests/landlock: Normalize array assignment (git-fixes). - selftests/landlock: Test landlock_create_ruleset(2) argument check ordering (git-fixes). - selftests/memfd: clean up mapping in mfd_fail_write (git-fixes). - selftests/memfd: remove unused variable (git-fixes). - selftests/net: pass ipv6_args to udpgso_bench's IPv6 TCP test (git-fixes). - selftests/net: so_txtime: fix parsing of start time stamp on 32 bit systems (git-fixes). - selftests/net: so_txtime: usage(): fix documentation of default clock (git-fixes). - selftests/net: timestamping: Fix bind_phc check (git-fixes). - selftests/net: udpgso_bench_tx: fix dst ip argument (git-fixes). - selftests/powerpc/spectre_v2: Return skip code when miss_percent is high (git-fixes). - selftests/powerpc: Add a test of sigreturning to the kernel (git-fixes). - selftests/resctrl: Fix null pointer dereference on open failed (git-fixes). - selftests/rseq: Change type of rseq_offset to ptrdiff_t (git-fixes). - selftests/rseq: Fix ppc32 missing instruction selection "u" and "x" for load/store (git-fixes). - selftests/rseq: Fix ppc32 offsets by using long rather than off_t (git-fixes). - selftests/rseq: Fix ppc32: wrong rseq_cs 32-bit field pointer on big endian (git-fixes). - selftests/rseq: Fix warnings about #if checks of undefined tokens (git-fixes). - selftests/rseq: Fix: work-around asm goto compiler bugs (git-fixes). - selftests/rseq: Introduce rseq_get_abi() helper (git-fixes). - selftests/rseq: Introduce thread pointer getters (git-fixes). - selftests/rseq: Remove arm/mips asm goto compiler work-around (git-fixes). - selftests/rseq: Remove useless assignment to cpu variable (git-fixes). - selftests/rseq: Remove volatile from __rseq_abi (git-fixes). - selftests/rseq: Uplift rseq selftests for compatibility with glibc-2.35 (git-fixes). - selftests/rseq: introduce own copy of rseq uapi header (git-fixes). - selftests/rseq: remove ARRAY_SIZE define from individual tests (git-fixes). - selftests/rseq: x86-32: use %gs segment selector for accessing rseq thread area (git-fixes). - selftests/rseq: x86-64: use %fs segment selector for accessing rseq thread area (git-fixes). - selftests/seccomp: Do not call read() on TTY from background pgrp (git-fixes). - selftests/seccomp: Fix compile warning when CC=clang (git-fixes). - selftests/seccomp: Fix seccomp failure by adding missing headers (git-fixes). - selftests/sgx: Treat CC as one argument (git-fixes). - selftests/vm/transhuge-stress: fix ram size thinko (git-fixes). - selftests/vm: make charge_reserved_hugetlb.sh work with existing cgroup setting (git-fixes). - selftests/x86: Add validity check and allow field splitting (git-fixes). - selftests/zram01.sh: Fix compression ratio calculation (git-fixes). - selftests/zram: Adapt the situation that /dev/zram0 is being used (git-fixes). - selftests/zram: Skip max_comp_streams interface on newer kernel (git-fixes). - selftests: Add duplicate config only for MD5 VRF tests (git-fixes). - selftests: Fix IPv6 address bind tests (git-fixes). - selftests: Fix raw socket bind tests with VRF (git-fixes). - selftests: add ping test with ping_group_range tuned (git-fixes). - selftests: cgroup: Make cg_create() use 0755 for permission instead of 0644 (git-fixes). - selftests: cgroup: Test open-time cgroup namespace usage for migration checks (git-fixes). - selftests: cgroup: Test open-time credential usage for migration checks (git-fixes). - selftests: clone3: clone3: add case CLONE3_ARGS_NO_TEST (git-fixes). - selftests: fixup build warnings in pidfd / clone3 tests (git-fixes). - selftests: forwarding: fix error message in learning_test (git-fixes). - selftests: forwarding: fix flood_unicast_test when h2 supports IFF_UNICAST_FLT (git-fixes). - selftests: forwarding: fix learning_test when h1 supports IFF_UNICAST_FLT (git-fixes). - selftests: futex: Use variable MAKE instead of make (git-fixes). - selftests: gpio: fix gpio compiling error (git-fixes). - selftests: harness: avoid false negatives if test has no ASSERTs (git-fixes). - selftests: icmp_redirect: pass xfail=0 to log_test() (git-fixes). - selftests: kvm: set rax before vmcall (git-fixes). - selftests: mirror_gre_bridge_1q: Avoid changing PVID while interface is operational (git-fixes). - selftests: mlxsw: resource_scale: Fix return value (git-fixes). - selftests: mlxsw: tc_police_scale: Make test more robust (git-fixes). - selftests: mlxsw: vxlan_flooding: Prevent flooding of unwanted packets (git-fixes). - selftests: mptcp: add csum mib check for mptcp_connect (git-fixes). - selftests: mptcp: fix diag instability (git-fixes). - selftests: mptcp: fix ipv6 routing setup (git-fixes). - selftests: mptcp: more stable diag tests (git-fixes). - selftests: net: Correct case name (git-fixes). - selftests: net: Correct ping6 expected rc from 2 to 1 (git-fixes). - selftests: net: Fix a typo in udpgro_fwd.sh (git-fixes). - selftests: net: tls: remove unused variable and code (git-fixes). - selftests: net: udpgro_fwd.sh: explicitly checking the available ping feature (git-fixes). - selftests: net: using ping6 for IPv6 in udpgro_fwd.sh (git-fixes). - selftests: netfilter: add a vrf+conntrack testcase (git-fixes). - selftests: netfilter: correct PKTGEN_SCRIPT_PATHS in nft_concat_range.sh (git-fixes). - selftests: netfilter: disable rp_filter on router (git-fixes). - selftests: netfilter: fix exit value for nft_concat_range (git-fixes). - selftests: nft_concat_range: add test for reload with no element add/del (git-fixes). - selftests: ocelot: tc_flower_chains: specify conform-exceed action for policer (git-fixes). - selftests: openat2: Add missing dependency in Makefile (git-fixes). - selftests: openat2: Print also errno in failure messages (git-fixes). - selftests: openat2: Skip testcases that fail with EOPNOTSUPP (git-fixes). - selftests: pmtu.sh: Kill nettest processes launched in subshell (git-fixes). - selftests: pmtu.sh: Kill tcpdump processes launched by subshell (git-fixes). - selftests: rtc: Increase test timeout so that all tests run (git-fixes). - selftests: skip mincore.check_file_mmap when fs lacks needed support (git-fixes). - selftests: test_vxlan_under_vrf: Fix broken test case (git-fixes). - selftests: timers: clocksource-switch: fix passing errors from child (git-fixes). - selftests: timers: valid-adjtimex: build fix for newer toolchains (git-fixes). - selftests: vm: Makefile: rename TARGETS to VMTARGETS (git-fixes). - selftests: vm: fix clang build error multiple output files (git-fixes). - selftests: x86: fix [-Wstringop-overread] warn in test_process_vm_readv() (git-fixes). - selinux: Add boundary check in put_entry() (git-fixes). - selinux: access superblock_security_struct in LSM blob way (git-fixes). - selinux: check return value of sel_make_avc_files (git-fixes). - selinux: fix bad cleanup on error in hashtab_duplicate() (git-fixes). - selinux: fix double free of cond_list on error paths (git-fixes). - selinux: fix memleak in security_read_state_kernel() (git-fixes). - selinux: fix misuse of mutex_is_locked() (git-fixes). - selinux: use correct type for context length (git-fixes). - serial: 8250: Add proper clock handling for OxSemi PCIe devices (git-fixes). - serial: 8250: Export ICR access helpers for internal use (git-fixes). - serial: 8250: Fold EndRun device support into OxSemi Tornado code (git-fixes). - serial: 8250_bcm7271: Save/restore RTS in suspend/resume (git-fixes). - serial: 8250_dw: Store LSR into lsr_saved_flags in dw8250_tx_wait_empty() (git-fixes). - serial: 8250_fsl: Do not report FE, PE and OE twice (git-fixes). - serial: 8250_pci: Refactor the loop in pci_ite887x_init() (git-fixes). - serial: 8250_pci: Replace dev_*() by pci_*() macros (git-fixes). - serial: fsl_lpuart: RS485 RTS polariy is inverse (git-fixes). - serial: mvebu-uart: uart2 error bits clearing (git-fixes). - smsc95xx: Ignore -ENODEV errors when device is unplugged (git-fixes). - soc: amlogic: Fix refcount leak in meson-secure-pwrc.c (git-fixes). - soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs (git-fixes). - soc: fsl: guts: machine variable might be unset (git-fixes). - soc: fsl: select FSL_GUTS driver for DPIO (git-fixes). - soc: imx: gpcv2: Assert reset before ungating clock (git-fixes). - soc: qcom: Make QCOM_RPMPD depend on PM (git-fixes). - soc: qcom: aoss: Fix refcount leak in qmp_cooling_devices_register (git-fixes). - soc: qcom: ocmem: Fix refcount leak in of_get_ocmem (git-fixes). - soc: renesas: r8a779a0-sysc: Fix A2DP1 and A2CV[2357] PDR values (git-fixes). - soundwire: bus_type: fix remove and shutdown support (git-fixes). - soundwire: qcom: Check device status before reading devid (git-fixes). - soundwire: qcom: fix device status array range (git-fixes). - spi: Fix incorrect cs_setup delay handling (git-fixes). - spi: Fix simplification of devm_spi_register_controller (git-fixes). - spi: dt-bindings: cadence: add missing 'required' (git-fixes). - spi: dt-bindings: zynqmp-qspi: add missing 'required' (git-fixes). - spi: meson-spicc: add local pow2 clock ops to preserve rate between messages (git-fixes). - spi: spi-altera-dfl: Fix an error handling path (git-fixes). - spi: spi-rspi: Fix PIO fallback on RZ platforms (git-fixes). - spi: synquacer: Add missing clk_disable_unprepare() (git-fixes). - spi: tegra20-slink: fix UAF in tegra_slink_remove() (git-fixes). - spmi: trace: fix stack-out-of-bound access in SPMI tracing functions (git-fixes). - staging: rtl8192u: Fix sleep in atomic context bug in dm_fsync_timer_callback (git-fixes). - staging: rtl8712: fix use after free bugs (git-fixes). - tee: optee: do not check memref size on return from Secure World (git-fixes). - tee: tee_get_drvdata(): fix description of return value (git-fixes). - testing/selftests/mqueue: Fix mq_perf_tests to free the allocated cpu set (git-fixes). - testing: nvdimm: asm/mce.h is not needed in nfit.c (git-fixes). - testing: nvdimm: iomap: make __nfit_test_ioremap a macro (git-fixes). - tests: fix idmapped mount_setattr test (git-fixes). - thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR (bsc#1201308). - thermal/tools/tmon: Include pthread and time headers in tmon.h (git-fixes). - thermal: sysfs: Fix cooling_device_stats_setup() error code path (git-fixes). - thunderbolt: Use the actual buffer in tb_async_error() (git-fixes). - tools include UAPI: Sync sound/asound.h copy with the kernel sources (git-fixes). - tools/nolibc: fix incorrect truncation of exit code (git-fixes). - tools/nolibc: i386: fix initial stack alignment (git-fixes). - tools/nolibc: x86-64: Fix startup code bug (git-fixes). - tools/testing/scatterlist: add missing defines (git-fixes). - tools/thermal: Fix possible path truncations (git-fixes). - tpm: eventlog: Fix section mismatch for DEBUG_SECTION_MISMATCH (git-fixes). - trace/osnoise: Add migrate-disabled field to the osnoise header (git-fixes). - trace/timerlat: Add migrate-disabled field to the timerlat header (git-fixes). - tracing/histograms: Fix memory leak problem (git-fixes). - tracing/kprobes: Check whether get_kretprobe() returns NULL in kretprobe_dispatcher() (git-fixes). - tracing/probes: Have kprobes and uprobes use $COMM too (git-fixes). - tracing: Add ustring operation to filtering string pointers (git-fixes). - tracing: Fix sleeping while atomic in kdb ftdump (git-fixes). - tracing: Have filter accept "common_cpu" to be consistent (git-fixes). - tracing: Use a struct alignof to determine trace event field alignment (git-fixes). - tty: 8250: Add support for Brainboxes PX cards (git-fixes). - tty: n_gsm: Delete gsm_disconnect when config requester (git-fixes). - tty: n_gsm: Delete gsmtty open SABM frame when config requester (git-fixes). - tty: n_gsm: Modify CR,PF bit printk info when config requester (git-fixes). - tty: n_gsm: Modify CR,PF bit when config requester (git-fixes). - tty: n_gsm: Modify cr bit value when config requester (git-fixes). - tty: n_gsm: Modify gsmtty driver register method when config requester (git-fixes). - tty: n_gsm: Save dlci address open status when config requester (git-fixes). - tty: n_gsm: add sanity check for gsm->receive in gsm_receive_buf() (git-fixes). - tty: n_gsm: avoid call of sleeping functions from atomic context (git-fixes). - tty: n_gsm: clean up dead code in gsm_queue() (git-fixes). - tty: n_gsm: clean up implicit CR bit encoding in address field (git-fixes). - tty: n_gsm: clean up indenting in gsm_queue() (git-fixes). - tty: n_gsm: fix DM command (git-fixes). - tty: n_gsm: fix broken virtual tty handling (git-fixes). - tty: n_gsm: fix buffer over-read in gsm_dlci_data() (git-fixes). - tty: n_gsm: fix deadlock and link starvation in outgoing data path (git-fixes). - tty: n_gsm: fix decoupled mux resource (git-fixes). - tty: n_gsm: fix encoding of command/response bit (git-fixes). - tty: n_gsm: fix flow control handling in tx path (git-fixes). - tty: n_gsm: fix frame reception handling (git-fixes). - tty: n_gsm: fix incorrect UA handling (git-fixes). - tty: n_gsm: fix insufficient txframe size (git-fixes). - tty: n_gsm: fix invalid gsmtty_write_room() result (git-fixes). - tty: n_gsm: fix invalid use of MSC in advanced option (git-fixes). - tty: n_gsm: fix malformed counter for out of frame data (git-fixes). - tty: n_gsm: fix missing corner cases in gsmld_poll() (git-fixes). - tty: n_gsm: fix missing explicit ldisc flush (git-fixes). - tty: n_gsm: fix missing mux reset on config change at responder (git-fixes). - tty: n_gsm: fix missing timer to handle stalled links (git-fixes). - tty: n_gsm: fix missing tty wakeup in convergence layer type 2 (git-fixes). - tty: n_gsm: fix missing update of modem controls after DLCI open (git-fixes). - tty: n_gsm: fix mux activation issues in gsm_config() (git-fixes). - tty: n_gsm: fix mux cleanup after unregister tty device (git-fixes). - tty: n_gsm: fix non flow control frames during mux flow off (git-fixes). - tty: n_gsm: fix packet re-transmission without open control channel (git-fixes). - tty: n_gsm: fix race condition in gsmld_write() (git-fixes). - tty: n_gsm: fix reset fifo race condition (git-fixes). - tty: n_gsm: fix resource allocation order in gsm_activate_mux() (git-fixes). - tty: n_gsm: fix restart handling via CLD command (git-fixes). - tty: n_gsm: fix software flow control handling (git-fixes). - tty: n_gsm: fix sometimes uninitialized warning in gsm_dlci_modem_output() (git-fixes). - tty: n_gsm: fix tty registration before control channel open (git-fixes). - tty: n_gsm: fix user open not possible at responder until initiator open (git-fixes). - tty: n_gsm: fix wrong DLCI release order (git-fixes). - tty: n_gsm: fix wrong T1 retry count handling (git-fixes). - tty: n_gsm: fix wrong command frame length field encoding (git-fixes). - tty: n_gsm: fix wrong command retry handling (git-fixes). - tty: n_gsm: fix wrong queuing behavior in gsm_dlci_data_output() (git-fixes). - tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2 (git-fixes). - tty: n_gsm: fix wrong signal octets encoding in MSC (git-fixes). - tty: n_gsm: initialize more members at gsm_alloc_mux() (git-fixes). - tty: n_gsm: replace kicktimer with delayed_work (git-fixes). - tty: serial: Fix refcount leak bug in ucc_uart.c (git-fixes). - tty: serial: fsl_lpuart: correct the count of break characters (git-fixes). - tty: serial: lpuart: disable flow control while waiting for the transmit engine to complete (git-fixes). - tty: vt: initialize unicode screen buffer (git-fixes). - tun: avoid double free in tun_free_netdev (git-fixes). - tunnels: do not assume mac header is set in skb_tunnel_check_pmtu() (git-fixes). - tuntap: add sanity checks about msg_controllen in sendmsg (git-fixes). - uaccess: fix type mismatch warnings from access_ok() (git-fixes). - ucounts: Base set_cred_ucounts changes on the real user (git-fixes). - ucounts: Fix rlimit max values check (git-fixes). - ucounts: Fix systemd LimitNPROC with private users regression (git-fixes). - ucounts: Handle wrapping in is_ucounts_overlimit (git-fixes). - ucounts: In set_cred_ucounts assume new->ucounts is non-NULL (git-fixes). - udf: Fix crash after seekdir (bsc#1194592). - udmabuf: Set the DMA mask for the udmabuf device (v2) (git-fixes). - udmabuf: add back sanity check (git-fixes). - usb: aspeed-vhub: Fix refcount leak bug in ast_vhub_init_desc() (git-fixes). - usb: cdns3 fix use-after-free at workaround 2 (git-fixes). - usb: cdns3: Do not use priv_dev uninitialized in cdns3_gadget_ep_enable() (git-fixes). - usb: cdns3: change place of 'priv_ep' assignment in cdns3_gadget_ep_dequeue(), cdns3_gadget_ep_enable() (git-fixes). - usb: cdns3: fix incorrect handling TRB_SMM flag for ISOC transfer (git-fixes). - usb: cdns3: fix issue with rearming ISO OUT endpoint (git-fixes). - usb: cdns3: fix random warning message when driver load (git-fixes). - usb: dwc2: fix wrong order of phy_power_on and phy_init (git-fixes). - usb: dwc2: gadget: remove D+ pull-up while no vbus with usb-role-switch (git-fixes). - usb: dwc3: core: Deprecate GCTL.CORESOFTRESET (git-fixes). - usb: dwc3: core: Do not perform GCTL_CORE_SOFTRESET during bootup (git-fixes). - usb: dwc3: dwc3-qcom: Add missing platform_device_put() in dwc3_qcom_acpi_register_core (git-fixes). - usb: dwc3: dwc3-qcom: Fix typo in the dwc3 vbus override API (git-fixes). - usb: dwc3: gadget: Avoid duplicate requests to enable Run/Stop (git-fixes). - usb: dwc3: gadget: fix high speed multiplier setting (git-fixes). - usb: dwc3: gadget: refactor dwc3_repare_one_trb (git-fixes). - usb: dwc3: qcom: Add helper functions to enable,disable wake irqs (git-fixes). - usb: dwc3: qcom: fix missing optional irq warnings (git-fixes). - usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup (git-fixes). - usb: gadget: f_uac2: clean up some inconsistent indenting (git-fixes). - usb: gadget: f_uac2: fix superspeed transfer (git-fixes). - usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS (git-fixes). - usb: gadget: tegra-xudc: Fix error check in tegra_xudc_powerdomain_init() (git-fixes). - usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes). - usb: gadget: udc: amd5536 depends on HAS_DMA (git-fixes). - usb: gadget: uvc: call uvc uvcg_warn on completed status instead of uvcg_info (git-fixes). - usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe (git-fixes). - usb: host: ohci-ppc-of: Fix refcount leak bug (git-fixes). - usb: host: xhci: use snprintf() in xhci_decode_trb() (git-fixes). - usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe (git-fixes). - usb: renesas: Fix refcount leak bug (git-fixes). - usb: typec: altmodes/displayport: correct pin assignment for UFP receptacles (git-fixes). - usb: typec: tcpm: Return ENOTSUPP for power supply prop writes (git-fixes). - usb: typec: ucsi: Acknowledge the GET_ERROR_STATUS command completion (git-fixes). - usb: xhci: tegra: Fix error check (git-fixes). - usbnet: Fix linkwatch use-after-free on disconnect (git-fixes). - usbnet: Run unregister_netdev() before unbind() again (git-fixes). - usbnet: smsc95xx: Avoid link settings race on interrupt reception (git-fixes). - usbnet: smsc95xx: Do not clear read-only PHY interrupt (git-fixes). - usbnet: smsc95xx: Fix deadlock on runtime resume (git-fixes). - usbnet: smsc95xx: Forward PHY interrupts to PHY driver to avoid polling (git-fixes). - userfaultfd/selftests: fix hugetlb area allocations (git-fixes). - vboxguest: Do not use devm for irq (git-fixes). - vdpa_sim: avoid putting an uninitialized iova_domain (git-fixes). - venus: pm_helpers: Fix warning in OPP during probe (git-fixes). - vfio/ccw: Do not change FSM state in subchannel event (git-fixes). - vfio/ccw: Remove UUID from s390 debug log (git-fixes). - vfio: Clear the caps->buf to NULL after free (git-fixes). - video: fbdev: amba-clcd: Fix refcount leak bugs (git-fixes). - video: fbdev: arkfb: Check the size of screen before memset_io() (git-fixes). - video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() (git-fixes). - video: fbdev: i740fb: Check the argument of i740_calc_vclk() (git-fixes). - video: fbdev: s3fb: Check the size of screen before memset_io() (git-fixes). - video: fbdev: sis: fix typos in SiS_GetModeID() (git-fixes). - video: fbdev: vt8623fb: Check the size of screen before memset_io() (git-fixes). - virtio-gpu: fix a missing check to avoid NULL dereference (git-fixes). - virtio-net: fix the race between refill work and close (git-fixes). - virtio_net: fix memory leak inside XPD_TX with mergeable (git-fixes). - vmxnet3: Implement ethtool's get_channels command (bsc#1200431). - vmxnet3: Record queue number to incoming packets (bsc#1200431). - vmxnet3: Remove useless DMA-32 fallback configuration (bsc#1200431). - vmxnet3: add command to set ring buffer sizes (bsc#1200431). - vmxnet3: add support for capability registers (bsc#1200431). - vmxnet3: add support for large passthrough BAR register (bsc#1200431). - vmxnet3: add support for out of order rx completion (bsc#1200431). - vmxnet3: disable overlay offloads if UPT device does not support (bsc#1200431). - vmxnet3: do not reschedule napi for rx processing (bsc#1200431). - vmxnet3: limit number of TXDs used for TSO packet (bsc#1200431). - vmxnet3: prepare for version 7 changes (bsc#1200431). - vmxnet3: switch from 'pci_' to 'dma_' API (bsc#1200431). - vmxnet3: update to version 7 (bsc#1200431). - vmxnet3: use ext1 field to indicate encapsulated packet (bsc#1200431). - vrf: do not run conntrack on vrf with !dflt qdisc (git-fixes). - vsock/virtio: enable VQs early on probe (git-fixes). - vsock/virtio: initialize vdev->priv before using VQs (git-fixes). - vsock/virtio: read the negotiated features before using VQs (git-fixes). - vsock: Fix memory leak in vsock_connect() (git-fixes). - vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout() (git-fixes). - vsock: remove vsock from connected table when connect is interrupted by a signal (git-fixes). - watch-queue: remove spurious double semicolon (git-fixes). - watch_queue: Fix missing locking in add_watch_to_object() (git-fixes). - watch_queue: Fix missing rcu annotation (git-fixes). - watchdog: armada_37xx_wdt: check the return value of devm_ioremap() in armada_37xx_wdt_probe() (git-fixes). - watchdog: sp5100_tco: Fix a memory leak of EFCH MMIO resource (git-fixes). - watchqueue: make sure to serialize 'wqueue->defunct' properly (git-fixes). - wifi: cfg80211: debugfs: fix return type in ht40allow_map_read() (git-fixes). - wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes). - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (git-fixes). - wifi: libertas: Fix possible refcount leak in if_usb_probe() (git-fixes). - wifi: mac80211: Do not finalize CSA in IBSS mode if state is disconnected (git-fixes). - wifi: mac80211: limit A-MSDU subframes for client too (git-fixes). - wifi: mac80211_hwsim: add back erroneously removed cast (git-fixes). - wifi: mac80211_hwsim: fix race condition in pending packet (git-fixes). - wifi: mac80211_hwsim: use 32-bit skb cookie (git-fixes). - wifi: p54: Fix an error handling path in p54spi_probe() (git-fixes). - wifi: p54: add missing parentheses in p54_flush() (git-fixes). - wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c() (git-fixes). - wifi: rtlwifi: remove always-true condition pointed out by GCC 12 (git-fies). - wifi: rtw88: check the return value of alloc_workqueue() (git-fixes). - wifi: rtw89: 8852a: rfk: fix div 0 exception (git-fixes). - wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() (git-fixes). - wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()` (git-fixes). - wireguard: device: check for metadata_dst with skb_valid_dst() (git-fixes). - wireless: Remove redundant 'flush_workqueue()' calls (bsc#1202131). - x86/Hyper-V: Add SEV negotiate protocol support in Isolation VM (bsc#1190497). - x86/olpc: fix 'logical not is only applied to the left hand side' (git-fixes). - x86/retbleed: Add fine grained Kconfig knobs (bsc#1190497). - x86/sev: Define the Linux-specific guest termination reasons (bsc#1190497). - x86/sev: Save the negotiated GHCB version (bsc#1190497). - xen/gntdev: fix unmap notification order (git-fixes). - xen/privcmd: fix error exit of privcmd_ioctl_dm_op() (git-fixes). - xen/xenbus: fix return type in xenbus_file_read() (git-fixes). - xen: detect uninitialized xenbus in xenbus_init (git-fixes). - xen: do not continue xenstore initialization in case of errors (git-fixes). - xfs: Fix the free logic of state in xfs_attr_node_hasname (git-fixes). - xfs: check sb_meta_uuid for dabuf buffer recovery (git-fixes). - xfs: fix soft lockup via spinning in filestream ag selection loop (git-fixes). - xfs: fix use-after-free in xattr node block inactivation (git-fixes). - xfs: fold perag loop iteration logic into helper function (git-fixes). - xfs: make xfs_rtalloc_query_range input parameters const (git-fixes). - xfs: only bother with sync_filesystem during readonly remount (git-fixes). - xfs: prevent UAF in xfs_log_item_in_current_chkpt (git-fixes). - xfs: prevent a UAF when log IO errors race with unmount (git-fixes). - xfs: remove incorrect ASSERT in xfs_rename (git-fixes). - xfs: rename the next_agno perag iteration variable (git-fixes). - xfs: reorder iunlink remove operation in xfs_ifree (git-fixes). - xfs: revert "xfs: actually bump warning counts when we send warnings" (git-fixes). - xfs: terminate perag iteration reliably on agcount (git-fixes). - xfs: use invalidate_lock to check the state of mmap_lock (git-fixes). - xfs: use kmem_cache_free() for kmem_cache objects (git-fixes). - xfs: use setattr_copy to set vfs inode attributes (git-fixes). - xhci: Set HCD flag to defer primary roothub registration (git-fixes). - xhci: dbc: Rename xhci_dbc_init and xhci_dbc_exit (git-fixes). - xhci: dbc: create and remove dbc structure in dbgtty driver (git-fixes). - xhci: dbc: refactor xhci_dbc_init() (git-fixes). - xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create (git-fixes). - xprtrdma: treat all calls not a bcall when bc_serv is NULL (git-fixes). - zonefs: Clear inode information flags on inode creation (git-fixes). - zonefs: Fix management of open zones (git-fixes). - zonefs: add MODULE_ALIAS_FS (git-fixes). kernel-default-5.14.21-150400.24.21.2.nosrc.rpm True kernel-default-5.14.21-150400.24.21.2.x86_64.rpm True kernel-default-base-5.14.21-150400.24.21.2.150400.24.7.2.src.rpm True kernel-default-base-5.14.21-150400.24.21.2.150400.24.7.2.x86_64.rpm True kernel-default-devel-5.14.21-150400.24.21.2.x86_64.rpm True kernel-devel-5.14.21-150400.24.21.2.noarch.rpm True kernel-macros-5.14.21-150400.24.21.2.noarch.rpm True kernel-source-5.14.21-150400.24.21.2.src.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2022-3767 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for bind fixes the following issues: Update to release 9.16.33: - CVE-2022-2795: Fixed potential performance degredation due to missing database lookup limits when processing large delegations (bsc#1203614). - CVE-2022-3080: Fixed assertion failure when there was a stale CNAME in the cache for the incoming query and the stale-answer-client-timeout option is set to 0 (bsc#1203618). - CVE-2022-38177: Fixed a memory leak that could be externally triggered in the DNSSEC verification code for the ECDSA algorithm (bsc#1203619). - CVE-2022-38178: Fixed memory leaks that could be externally triggered in the DNSSEC verification code for the EdDSA algorithm (bsc#1203620). - Add systemd drop-in directory for named service (bsc#1201689). - Add modified createNamedConfInclude script and README-bind.chrootenv (bsc#1203250). - Feature Changes: - Response Rate Limiting (RRL) code now treats all QNAMEs that are subject to wildcard processing within a given zone as the same name, to prevent circumventing the limits enforced by RRL. - Zones using dnssec-policy now require dynamic DNS or inline-signing to be configured explicitly. - A backward-compatible approach was implemented for encoding internationalized domain names (IDN) in dig and converting the domain to IDNA2008 form; if that fails, BIND tries an IDNA2003 conversion. - The DNSSEC algorithms RSASHA1 and NSEC3RSASHA1 are now automatically disabled on systems where they are disallowed by the security policy. Primary zones using those algorithms need to be migrated to new algorithms prior to running on these systems, as graceful migration to different DNSSEC algorithms is not possible when RSASHA1 is disallowed by the operating system. - Log messages related to fetch limiting have been improved to provide more complete information. Specifically, the final counts of allowed and spilled fetches are now logged before the counter object is destroyed. - Non-dynamic zones that inherit dnssec-policy from the view or options blocks were not marked as inline-signed and therefore never scheduled to be re-signed. This has been fixed. - The old max-zone-ttl zone option was meant to be superseded by the max-zone-ttl option in dnssec-policy; however, the latter option was not fully effective. This has been corrected: zones no longer load if they contain TTLs greater than the limit configured in dnssec-policy. For zones with both the old max-zone-ttl option and dnssec-policy configured, the old option is ignored, and a warning is generated. - rndc dumpdb -expired was fixed to include expired RRsets, even if stale-cache-enable is set to no and the cache-cleaning time window has passed. (jsc#SLE-24600) bind-9.16.33-150400.5.11.1.src.rpm bind-utils-9.16.33-150400.5.11.1.x86_64.rpm python3-bind-9.16.33-150400.5.11.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4019 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for apparmor fixes the following issues: - profiles: permit php-fpm pid files directly under run/ (bsc#1202344) apparmor-3.0.4-150400.5.3.1.src.rpm apparmor-abstractions-3.0.4-150400.5.3.1.noarch.rpm apparmor-docs-3.0.4-150400.5.3.1.noarch.rpm apparmor-parser-3.0.4-150400.5.3.1.x86_64.rpm apparmor-parser-lang-3.0.4-150400.5.3.1.noarch.rpm apparmor-profiles-3.0.4-150400.5.3.1.noarch.rpm apparmor-utils-3.0.4-150400.5.3.1.noarch.rpm apparmor-utils-lang-3.0.4-150400.5.3.1.noarch.rpm libapparmor-3.0.4-150400.5.3.1.src.rpm libapparmor-devel-3.0.4-150400.5.3.1.x86_64.rpm libapparmor1-3.0.4-150400.5.3.1.x86_64.rpm libapparmor1-32bit-3.0.4-150400.5.3.1.x86_64.rpm pam_apparmor-3.0.4-150400.5.3.1.x86_64.rpm pam_apparmor-32bit-3.0.4-150400.5.3.1.x86_64.rpm python3-apparmor-3.0.4-150400.5.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4135 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libeconf fixes the following issues: - Update to version 0.4.6+git - econftool: Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter. - libeconf: Parse files correctly on space characters (1198165) - Update to version 0.4.5+git - econftool: New call "syntax" for checking the configuration files only. Returns an error string with line number if error. New options "--comment" and "--delimeters" libeconf-0.4.6+git20220427.3016f4e-150400.3.3.1.src.rpm libeconf0-0.4.6+git20220427.3016f4e-150400.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4226 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for suseconnect-ng fixes the following issues: - Fix System-Token support in ruby binding (bsc#1203341) - Use system-wide proxy settings (bsc#1200994) - Add timer for SUSEConnect --keepalive (bsc#1196076) - Added support for the System-Token header - Add Keepalive command line option - Print nested zypper errors (bsc#1200803) - Fix migration json error with SMT (bsc#1198625) - Packaging adjustments (bsc#1204821) - Add option to run local scc tests libsuseconnect-1.0.0~git0.faee7c196dc1-150400.3.7.3.x86_64.rpm suseconnect-ng-1.0.0~git0.faee7c196dc1-150400.3.7.3.src.rpm suseconnect-ng-1.0.0~git0.faee7c196dc1-150400.3.7.3.x86_64.rpm suseconnect-ruby-bindings-1.0.0~git0.faee7c196dc1-150400.3.7.3.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3822 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for adcli fixes the following issues: - Remove errx() calls on error conditions to execute the cleanup function and delete the krb5 snippets created in /tmp (bsc#1202647) - Set umask before calling mkdtemp (bsc#1202647) adcli-0.8.2-150400.17.3.1.src.rpm adcli-0.8.2-150400.17.3.1.x86_64.rpm adcli-doc-0.8.2-150400.17.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3427 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for osinfo-db fixes the following issues: - Fail to deploy sle15sp5 guest via virt-install with osinfo (bsc#1202827) - Add support for openSUSE Leap 15.5, SLES 15.5, and SLE Micro 5.3 - Update to database version 20220516 osinfo-db-20220727-150400.3.6.1.noarch.rpm osinfo-db-20220727-150400.3.6.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3307 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for sqlite3 fixes the following issues: Security issues fixed: - CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783). - CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802). - Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773). sqlite was updated to 3.39.3: * Use a statement journal on DML statement affecting two or more database rows if the statement makes use of a SQL functions that might abort. * Use a mutex to protect the PRAGMA temp_store_directory and PRAGMA data_store_directory statements, even though they are decremented and documented as not being threadsafe. Update to 3.39.2: * Fix a performance regression in the query planner associated with rearranging the order of FROM clause terms in the presences of a LEFT JOIN. * Apply fixes for CVE-2022-35737, Chromium bugs 1343348 and 1345947, forum post 3607259d3c, and other minor problems discovered by internal testing. [boo#1201783] Update to 3.39.1: * Fix an incorrect result from a query that uses a view that contains a compound SELECT in which only one arm contains a RIGHT JOIN and where the view is not the first FROM clause term of the query that contains the view * Fix a long-standing problem with ALTER TABLE RENAME that can only arise if the sqlite3_limit(SQLITE_LIMIT_SQL_LENGTH) is set to a very small value. * Fix a long-standing problem in FTS3 that can only arise when compiled with the SQLITE_ENABLE_FTS3_PARENTHESIS compile-time option. * Fix the initial-prefix optimization for the REGEXP extension so that it works correctly even if the prefix contains characters that require a 3-byte UTF8 encoding. * Enhance the sqlite_stmt virtual table so that it buffers all of its output. Update to 3.39.0: * Add (long overdue) support for RIGHT and FULL OUTER JOIN * Add new binary comparison operators IS NOT DISTINCT FROM and IS DISTINCT FROM that are equivalent to IS and IS NOT, respective, for compatibility with PostgreSQL and SQL standards * Add a new return code (value "3") from the sqlite3_vtab_distinct() interface that indicates a query that has both DISTINCT and ORDER BY clauses * Added the sqlite3_db_name() interface * The unix os interface resolves all symbolic links in database filenames to create a canonical name for the database before the file is opened * Defer materializing views until the materialization is actually needed, thus avoiding unnecessary work if the materialization turns out to never be used * The HAVING clause of a SELECT statement is now allowed on any aggregate query, even queries that do not have a GROUP BY clause * Many microoptimizations collectively reduce CPU cycles by about 2.3%. Update to 3.38.5: * Fix a blunder in the CLI of the 3.38.4 release Update to 3.38.4: * fix a byte-code problem in the Bloom filter pull-down optimization added by release 3.38.0 in which an error in the byte code causes the byte code engine to enter an infinite loop when the pull-down optimization encounters a NULL key Update to 3.38.3: * Fix a case of the query planner be overly aggressive with optimizing automatic-index and Bloom-filter construction, using inappropriate ON clause terms to restrict the size of the automatic-index or Bloom filter, and resulting in missing rows in the output. * Other minor patches. See the timeline for details. Update to 3.38.2: * Fix a problem with the Bloom filter optimization that might cause an incorrect answer when doing a LEFT JOIN with a WHERE clause constraint that says that one of the columns on the right table of the LEFT JOIN is NULL. * Other minor patches. - Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773). Update to 3.38.1: * Fix problems with the new Bloom filter optimization that might cause some obscure queries to get an incorrect answer. * Fix the localtime modifier of the date and time functions so that it preserves fractional seconds. * Fix the sqlite_offset SQL function so that it works correctly even in corner cases such as when the argument is a virtual column or the column of a view. * Fix row value IN operator constraints on virtual tables so that they work correctly even if the virtual table implementation relies on bytecode to filter rows that do not satisfy the constraint. * Other minor fixes to assert() statements, test cases, and documentation. See the source code timeline for details. Update to 3.38.0 * Add the -> and ->> operators for easier processing of JSON * The JSON functions are now built-ins * Enhancements to date and time functions * Rename the printf() SQL function to format() for better compatibility, with alias for backwards compatibility. * Add the sqlite3_error_offset() interface for helping localize an SQL error to a specific character in the input SQL text * Enhance the interface to virtual tables * CLI columnar output modes are enhanced to correctly handle tabs and newlines embedded in text, and add options like "--wrap N", "--wordwrap on", and "--quote" to the columnar output modes. * Query planner enhancements using a Bloom filter to speed up large analytic queries, and a balanced merge tree to evaluate UNION or UNION ALL compound SELECT statements that have an ORDER BY clause. * The ALTER TABLE statement is changed to silently ignores entries in the sqlite_schema table that do not parse when PRAGMA writable_schema=ON Update to 3.37.2: * Fix a bug introduced in version 3.35.0 (2021-03-12) that can cause database corruption if a SAVEPOINT is rolled back while in PRAGMA temp_store=MEMORY mode, and other changes are made, and then the outer transaction commits * Fix a long-standing problem with ON DELETE CASCADE and ON UPDATE CASCADE in which a cache of the bytecode used to implement the cascading change was not being reset following a local DDL change Update to 3.37.1: * Fix a bug introduced by the UPSERT enhancements of version 3.35.0 that can cause incorrect byte-code to be generated for some obscure but valid SQL, possibly resulting in a NULL- pointer dereference. * Fix an OOB read that can occur in FTS5 when reading corrupt database files. * Improved robustness of the --safe option in the CLI. * Other minor fixes to assert() statements and test cases. Updated to 3.37.0: * STRICT tables provide a prescriptive style of data type management, for developers who prefer that kind of thing. * When adding columns that contain a CHECK constraint or a generated column containing a NOT NULL constraint, the ALTER TABLE ADD COLUMN now checks new constraints against preexisting rows in the database and will only proceed if no constraints are violated. * Added the PRAGMA table_list statement. * Add the .connection command, allowing the CLI to keep multiple database connections open at the same time. * Add the --safe command-line option that disables dot-commands and SQL statements that might cause side-effects that extend beyond the single database file named on the command-line. * CLI: Performance improvements when reading SQL statements that span many lines. * Added the sqlite3_autovacuum_pages() interface. * The sqlite3_deserialize() does not and has never worked for the TEMP database. That limitation is now noted in the documentation. * The query planner now omits ORDER BY clauses on subqueries and views if removing those clauses does not change the semantics of the query. * The generate_series table-valued function extension is modified so that the first parameter ("START") is now required. This is done as a way to demonstrate how to write table-valued functions with required parameters. The legacy behavior is available using the -DZERO_ARGUMENT_GENERATE_SERIES compile-time option. * Added new sqlite3_changes64() and sqlite3_total_changes64() interfaces. * Added the SQLITE_OPEN_EXRESCODE flag option to sqlite3_open_v2(). * Use less memory to hold the database schema. * bsc#1189802, CVE-2021-36690: Fix an issue with the SQLite Expert extension when a column has no collating sequence. libsqlite3-0-3.39.3-150000.3.17.1.x86_64.rpm sqlite3-3.39.3-150000.3.17.1.src.rpm sqlite3-3.39.3-150000.3.17.1.x86_64.rpm sqlite3-devel-3.39.3-150000.3.17.1.x86_64.rpm sqlite3-tcl-3.39.3-150000.3.17.1.x86_64.rpm libsqlite3-0-32bit-3.39.3-150000.3.17.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3247 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for bluez fixes the following issues: - CVE-2022-0204: Fixed check if the prepare writes would append more than the allowed maximum attribute length (bsc#1194704). bluez-5.62-150400.4.5.1.src.rpm bluez-5.62-150400.4.5.1.x86_64.rpm bluez-deprecated-5.62-150400.4.5.1.x86_64.rpm libbluetooth3-5.62-150400.4.5.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3305 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libtirpc fixes the following issues: - CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680). libtirpc-1.2.6-150300.3.14.1.src.rpm libtirpc-devel-1.2.6-150300.3.14.1.x86_64.rpm libtirpc-netconfig-1.2.6-150300.3.14.1.x86_64.rpm libtirpc3-1.2.6-150300.3.14.1.x86_64.rpm libtirpc3-32bit-1.2.6-150300.3.14.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3522 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This feature update for python-python-editor fixes the following issues: Version update from 1.0.3 to 1.0.4 (jsc#SLE-24984): - Clarify package summary and description - Remove superfluous devel dependency for noarch package python-python-editor-1.0.4-150400.11.3.1.src.rpm python3-python-editor-1.0.4-150400.11.3.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3306 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libarchive fixes the following issues: - CVE-2021-23177: Fixed symlink ACL extraction that modifies ACLs of the target system (bsc#1192425). libarchive-3.5.1-150400.3.6.1.src.rpm libarchive-devel-3.5.1-150400.3.6.1.x86_64.rpm libarchive13-3.5.1-150400.3.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4020 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for nfs-utils fixes the following issues: - Fix nfsdcltrack bug that affected non-x86 archs (bsc#1202627) - Ensure sysctl setting work (bsc#1199856) nfs-client-2.1.1-150100.10.27.1.x86_64.rpm nfs-doc-2.1.1-150100.10.27.1.x86_64.rpm nfs-kernel-server-2.1.1-150100.10.27.1.x86_64.rpm nfs-utils-2.1.1-150100.10.27.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3353 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for permissions fixes the following issues: - CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018). permissions-20201225-150400.5.11.1.src.rpm permissions-20201225-150400.5.11.1.x86_64.rpm permissions-zypp-plugin-20201225-150400.5.11.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3316 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for gnutls fixes the following issues: - FIPS: Zeroize the calculated hmac and new_hmac in the check_binary_integrity() function. [bsc#1191021] - FIPS: Additional modifications to the SLI. [bsc#1190698] * Mark CMAC and GMAC and non-approved in gnutls_pbkfd2(). * Mark HMAC keylength less than 112 bits as non-approved in gnutls_pbkfd2(). - FIPS: Port GnuTLS to use jitterentropy [bsc#1202146, jsc#SLE-24941] * Add new dependency on jitterentropy gnutls-3.7.3-150400.4.13.1.src.rpm gnutls-3.7.3-150400.4.13.1.x86_64.rpm libgnutls-devel-3.7.3-150400.4.13.1.x86_64.rpm libgnutls30-3.7.3-150400.4.13.1.x86_64.rpm libgnutls30-32bit-3.7.3-150400.4.13.1.x86_64.rpm libgnutls30-hmac-3.7.3-150400.4.13.1.x86_64.rpm libgnutls30-hmac-32bit-3.7.3-150400.4.13.1.x86_64.rpm libgnutlsxx-devel-3.7.3-150400.4.13.1.x86_64.rpm libgnutlsxx28-3.7.3-150400.4.13.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3684 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for celt, jack, libogg, libtheora fixes the following issue: - celt, jack, libogg, libtheora 32bit base libraries are shipped to meet dependencies of the ffmpeg 32bit libraries (bsc#1198925). Also two bugs in jack were fixed (bsc#1132458 bsc#1108981). libogg-1.3.2-150000.3.4.1.src.rpm libogg-devel-1.3.2-150000.3.4.1.x86_64.rpm libogg0-1.3.2-150000.3.4.1.x86_64.rpm libtheora-1.1.1-150000.3.3.1.src.rpm libtheoradec1-1.1.1-150000.3.3.1.x86_64.rpm libtheoraenc1-1.1.1-150000.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3309 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for wireshark fixes the following issues: Updated to Wireshark 3.6.8: - CVE-2022-3190: Fixed F5 Ethernet Trailer dissector infinite loop (bsc#1203388). - CVE-2021-4186: Fixed Gryphon dissector crash (bsc#1194165). libwireshark15-3.6.8-150000.3.74.1.x86_64.rpm libwiretap12-3.6.8-150000.3.74.1.x86_64.rpm libwsutil13-3.6.8-150000.3.74.1.x86_64.rpm wireshark-3.6.8-150000.3.74.1.src.rpm wireshark-3.6.8-150000.3.74.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3328 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) jitterentropy-3.4.0-150000.1.6.1.src.rpm jitterentropy-devel-3.4.0-150000.1.6.1.x86_64.rpm jitterentropy-devel-32bit-3.4.0-150000.1.6.1.x86_64.rpm jitterentropy-devel-static-3.4.0-150000.1.6.1.x86_64.rpm libjitterentropy3-3.4.0-150000.1.6.1.x86_64.rpm libjitterentropy3-32bit-3.4.0-150000.1.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3972 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for p7zip fixes the following issue: - Ship p7zip-full to SLE15-SP3 basesystem (bsc#1203316). p7zip-16.02-150200.14.9.2.src.rpm p7zip-16.02-150200.14.9.2.x86_64.rpm p7zip-full-16.02-150200.14.9.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3486 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for cosign fixes the following issues: Updated to version 1.12.0 (jsc#SLE-23879): - CVE-2022-36056: Fixed verify-blob could successfully verify an artifact when verification should have failed (bsc#1203430). cosign-1.12.0-150400.3.6.1.src.rpm cosign-1.12.0-150400.3.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3447 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This recommended update for myspell-dictionaries provides: - Deliver missing myspell-de_CH and myspell-de_AT to the SUSE Linux Enterprise Basesystem Module. (bsc#1203307) - There are NO code changes. myspell-de-20191219-150000.3.25.1.noarch.rpm myspell-de_AT-20191219-150000.3.25.1.noarch.rpm myspell-de_CH-20191219-150000.3.25.1.noarch.rpm myspell-de_DE-20191219-150000.3.25.1.noarch.rpm myspell-dictionaries-20191219-150000.3.25.1.src.rpm myspell-dictionaries-20191219-150000.3.25.1.x86_64.rpm myspell-en-20191219-150000.3.25.1.noarch.rpm myspell-en_US-20191219-150000.3.25.1.noarch.rpm myspell-es-20191219-150000.3.25.1.noarch.rpm myspell-es_ES-20191219-150000.3.25.1.noarch.rpm myspell-hu_HU-20191219-150000.3.25.1.noarch.rpm myspell-lightproof-en-20191219-150000.3.25.1.x86_64.rpm myspell-lightproof-hu_HU-20191219-150000.3.25.1.x86_64.rpm myspell-lightproof-pt_BR-20191219-150000.3.25.1.x86_64.rpm myspell-lightproof-ru_RU-20191219-150000.3.25.1.x86_64.rpm myspell-nb_NO-20191219-150000.3.25.1.noarch.rpm myspell-no-20191219-150000.3.25.1.noarch.rpm myspell-pt_BR-20191219-150000.3.25.1.noarch.rpm myspell-ro-20191219-150000.3.25.1.noarch.rpm myspell-ro_RO-20191219-150000.3.25.1.noarch.rpm myspell-ru_RU-20191219-150000.3.25.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3663 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for openssl-1_1 fixes the following issues: - FIPS: Default to RFC-7919 groups for genparam and dhparam - FIPS: list only FIPS approved digest and public key algorithms [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472] - FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069] - FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293] * The FIPS_drbg implementation is not FIPS validated anymore. To provide backwards compatibility for applications that need FIPS compliant RNG number generation and use FIPS_drbg_generate, this function was re-wired to call the FIPS validated DRBG instance instead through the RAND_bytes() call. - FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046] - FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941] libcrypto.so now requires libjitterentropy3 library. - FIPS: OpenSSL Provide a service-level indicator [bsc#1190651] - FIPS: Add zeroization of temporary variables to the hmac integrity function FIPSCHECK_verify(). [bsc#1190653] libopenssl-1_1-devel-1.1.1l-150400.7.10.5.x86_64.rpm libopenssl1_1-1.1.1l-150400.7.10.5.x86_64.rpm libopenssl1_1-32bit-1.1.1l-150400.7.10.5.x86_64.rpm libopenssl1_1-hmac-1.1.1l-150400.7.10.5.x86_64.rpm libopenssl1_1-hmac-32bit-1.1.1l-150400.7.10.5.x86_64.rpm openssl-1_1-1.1.1l-150400.7.10.5.src.rpm openssl-1_1-1.1.1l-150400.7.10.5.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3673 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for jasper fixes the following issues: - CVE-2022-2963: Fixed memory leaks in function cmdopts_parse (bsc#1202642). jasper-2.0.14-150000.3.28.1.src.rpm libjasper4-2.0.14-150000.3.28.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3400 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libcaca fixes the following issues: - CVE-2021-3410: Fixed overflow when multiplying large ints (bsc#1182731). libcaca-0.99.beta19.git20171003-150200.11.9.1.src.rpm libcaca-devel-0.99.beta19.git20171003-150200.11.9.1.x86_64.rpm libcaca0-0.99.beta19.git20171003-150200.11.9.1.x86_64.rpm libcaca0-plugins-0.99.beta19.git20171003-150200.11.9.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-97 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for installation-images fixes the following issues: Fix Bengali font issue: switch from MuktiNarrow.ttf to Mukti.ttf (bsc#1202083, bsc#1197977) installation-images-SLES-16.57.25-150400.3.6.4.src.rpm tftpboot-installation-SLE-15-SP4-aarch64-16.57.25-150400.3.6.4.noarch.rpm tftpboot-installation-SLE-15-SP4-ppc64le-16.57.25-150400.3.6.4.noarch.rpm tftpboot-installation-SLE-15-SP4-s390x-16.57.25-150400.3.6.4.noarch.rpm tftpboot-installation-SLE-15-SP4-x86_64-16.57.25-150400.3.6.4.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4370 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for rsyslog fixes the following issues: - Parsing of legacy config syntax (bsc#1205275) - Remove $klogConsoleLogLevel setting from rsyslog.conf as this legacy setting from pre-systemd times is obsolete and can block important systemd messages (bsc#1191833) rsyslog-8.2106.0-150400.5.11.1.src.rpm rsyslog-8.2106.0-150400.5.11.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4239 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for plymouth fixes the following issues: - Remove typo on patch to clear dracut 'command not found' error (bsc#1203147). libply-boot-client5-0.9.5~git20210406.e554475-150400.3.8.1.x86_64.rpm libply-splash-core5-0.9.5~git20210406.e554475-150400.3.8.1.x86_64.rpm libply-splash-graphics5-0.9.5~git20210406.e554475-150400.3.8.1.x86_64.rpm libply5-0.9.5~git20210406.e554475-150400.3.8.1.x86_64.rpm plymouth-0.9.5~git20210406.e554475-150400.3.8.1.src.rpm plymouth-0.9.5~git20210406.e554475-150400.3.8.1.x86_64.rpm plymouth-devel-0.9.5~git20210406.e554475-150400.3.8.1.x86_64.rpm plymouth-dracut-0.9.5~git20210406.e554475-150400.3.8.1.noarch.rpm plymouth-lang-0.9.5~git20210406.e554475-150400.3.8.1.noarch.rpm plymouth-plugin-label-0.9.5~git20210406.e554475-150400.3.8.1.x86_64.rpm plymouth-plugin-label-ft-0.9.5~git20210406.e554475-150400.3.8.1.x86_64.rpm plymouth-plugin-script-0.9.5~git20210406.e554475-150400.3.8.1.x86_64.rpm plymouth-scripts-0.9.5~git20210406.e554475-150400.3.8.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3812 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for sudo fixes the following issues: - Removed redundant and confusing 'secure_path' settings in sudo-sudoers file (bsc#1177578). sudo-1.9.9-150400.4.3.1.src.rpm sudo-1.9.9-150400.4.3.1.x86_64.rpm sudo-devel-1.9.9-150400.4.3.1.x86_64.rpm sudo-plugin-python-1.9.9-150400.4.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4387 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libteam fixes the following issues: - Set ports priority to local and kernel configurations (bsc#1200505) libteam-1.27-150000.4.6.1.src.rpm libteam-devel-1.27-150000.4.6.1.x86_64.rpm libteam5-1.27-150000.4.6.1.x86_64.rpm libteamdctl0-1.27-150000.4.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3520 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This feature update for dmidecode fixes the following issues: Update dmidecode from version 3.2 to version 3.4 (jsc#SLE-24502, jsc#SLE-24591, jsc#PED-411): - Add bios-revision, firmware-revision and system-sku-number to `-s` option - Decode HPE OEM records 194, 199, 203, 236, 237, 238 ans 240 - Decode system slot base bus width and peers - Document how the UUID fields are interpreted - Don't display the raw CPU ID in quiet mode - Don't use memcpy on /dev/mem on arm64 - Fix OEM vendor name matching - Fix small typo in NEWS file - Improve the formatting of the manual pages - Present HPE type 240 attributes as a proper list instead of packing them on a single line. This makes it more readable overall, and will also scale better if the number of attributes increases - Skip details of uninstalled memory modules - Support for SMBIOS 3.4.0. This includes new memory device types, new processor upgrades, new slot types and characteristics, decoding of memor module extended speed, new system slot types, new processor characteristic and new format of Processor ID - Support for SMBIOS 3.5.0. This includes new processor upgrades, BIOS characteristics, new slot characteristics, new on-board device types, new pointing device interface types, and a new record type (type 45 - Firmware Inventory Information) - Use the most appropriate unit for cache size dmidecode-3.4-150400.16.3.1.src.rpm dmidecode-3.4-150400.16.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3521 critical SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for lvm2 fixes the following issues: - Add additional check in the package to prevent removal of device-mapper library files during install (bsc#1198523) device-mapper-1.02.163-150400.178.1.x86_64.rpm device-mapper-devel-1.02.163-150400.178.1.x86_64.rpm libdevmapper-event1_03-1.02.163-150400.178.1.x86_64.rpm libdevmapper1_03-1.02.163-150400.178.1.x86_64.rpm liblvm2cmd2_03-2.03.05-150400.178.1.x86_64.rpm lvm2-2.03.05-150400.178.1.src.rpm lvm2-2.03.05-150400.178.1.x86_64.rpm lvm2-devel-2.03.05-150400.178.1.x86_64.rpm lvm2-device-mapper-2.03.05-150400.178.1.src.rpm libdevmapper1_03-32bit-1.02.163-150400.178.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4299 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for dconf fixes the following issues: - Re-enable fix for `dconf update` to restore correct permissions on db files (bsc#971074, bsc#1203344) dconf-0.40.0-150400.3.3.2.src.rpm dconf-0.40.0-150400.3.3.2.x86_64.rpm gsettings-backend-dconf-0.40.0-150400.3.3.2.x86_64.rpm libdconf1-0.40.0-150400.3.3.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3908 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for gstreamer-plugins-good fixes the following issues: - CVE-2022-1920: Fixed integer overflow in WavPack header handling code (bsc#1201688). - CVE-2022-1921: Fixed integer overflow resulting in heap corruption in avidemux element (bsc#1201693). - CVE-2022-1922: Fixed integer overflows in mkv demuxing (bsc#1201702). - CVE-2022-1923: Fixed integer overflows in mkv demuxing using bzip (bsc#1201704). - CVE-2022-1924: Fixed integer overflows in mkv demuxing using lzo (bsc#1201706). - CVE-2022-1925: Fixed integer overflows in mkv demuxing using HEADERSTRIP (bsc#1201707). - CVE-2022-2122: Fixed integer overflows in qtdemux using zlib (bsc#1201708). gstreamer-plugins-good-1.20.1-150400.3.3.1.src.rpm gstreamer-plugins-good-1.20.1-150400.3.3.1.x86_64.rpm gstreamer-plugins-good-lang-1.20.1-150400.3.3.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3904 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for openssh fixes the following issue: - Prevent empty messages from being sent. (bsc#1192439) openssh-8.4p1-150300.3.12.2.src.rpm openssh-8.4p1-150300.3.12.2.x86_64.rpm openssh-clients-8.4p1-150300.3.12.2.x86_64.rpm openssh-common-8.4p1-150300.3.12.2.x86_64.rpm openssh-fips-8.4p1-150300.3.12.2.x86_64.rpm openssh-helpers-8.4p1-150300.3.12.2.x86_64.rpm openssh-server-8.4p1-150300.3.12.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3845 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This feature update for grub2 fixes the following issues: - Include loopback into signed grub2 image (jsc#PED-2151, jsc#PED-2150) - Enable "Automatic TPM Disk Unlock" mechanism (jsc#PED-1423, jsc#PED-1091, bsc#1196668) - Fix installation failure due to unavailable nvram device on ppc64le (bsc#1201361) grub2-2.06-150400.11.12.1.src.rpm grub2-2.06-150400.11.12.1.x86_64.rpm grub2-i386-pc-2.06-150400.11.12.1.noarch.rpm grub2-snapper-plugin-2.06-150400.11.12.1.noarch.rpm grub2-systemd-sleep-plugin-2.06-150400.11.12.1.noarch.rpm grub2-x86_64-efi-2.06-150400.11.12.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3399 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for unzip fixes the following issues: - CVE-2022-0530: Fixed SIGSEGV during the conversion of an utf-8 string to a local string (bsc#1196177). - CVE-2022-0529: Fixed heap out-of-bound writes and reads during conversion of wide string to local string (bsc#1196180) unzip-6.00-150000.4.11.1.src.rpm unzip-6.00-150000.4.11.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4261 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This feature update for libvpd fixes the following issues: libvpd: - New package at version 2.2.9 needed by lsvpd (jsc#SLE-25107, jsc#SLE-24497) libvpd-2.2.9-150200.5.3.1.src.rpm libvpd-2_2-3-2.2.9-150200.5.3.1.x86_64.rpm libvpd-base-2.2.9-150200.5.3.1.x86_64.rpm libvpd-devel-2.2.9-150200.5.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-30 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for tcl fixes the following issues: - Fixed a race condition in test socket-13.1. - Removed the SQLite extension and use the packaged sqlite3 instead (bsc#1195773). tcl-8.6.12-150300.14.6.1.src.rpm tcl-8.6.12-150300.14.6.1.x86_64.rpm tcl-devel-8.6.12-150300.14.6.1.x86_64.rpm tcl-32bit-8.6.12-150300.14.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3496 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for colord fixes the following issues: - CVE-2021-42523: Fixed a small memory leak in sqlite3_exec (bsc#1202802). colord-1.4.5-150400.4.3.1.src.rpm libcolord2-1.4.5-150400.4.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3488 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for webkit2gtk3 fixes the following issues: Updated to version 2.36.8 (bsc#1203530): - CVE-2022-32886: Fixed a buffer overflow issue that could potentially lead to code execution. - CVE-2022-32912: Fixed an out-of-bounds read that could potentially lead to code execution. libjavascriptcoregtk-4_0-18-2.36.8-150400.4.15.1.x86_64.rpm libwebkit2gtk-4_0-37-2.36.8-150400.4.15.1.x86_64.rpm typelib-1_0-JavaScriptCore-4_0-2.36.8-150400.4.15.1.x86_64.rpm typelib-1_0-WebKit2-4_0-2.36.8-150400.4.15.1.x86_64.rpm typelib-1_0-WebKit2WebExtension-4_0-2.36.8-150400.4.15.1.x86_64.rpm webkit2gtk-4_0-injected-bundles-2.36.8-150400.4.15.1.x86_64.rpm webkit2gtk3-soup2-2.36.8-150400.4.15.1.src.rpm webkit2gtk3-soup2-devel-2.36.8-150400.4.15.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4238 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for rekor fixes the following issues: - updated to rekor 0.12.0 (jsc#SLE-23476) - enable server build rekor-0.12.0-150400.4.3.1.src.rpm rekor-0.12.0-150400.4.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4236 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for linux-glibc-devel fixes the following issues: - Add the rest of 1.0 IAA operation definitions to the user header (jsc#PED-813). linux-glibc-devel-5.14-150400.6.3.1.src.rpm linux-glibc-devel-5.14-150400.6.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4137 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for yast2-http-server fixes the following issue: - Find out php version dynamically to avoid hardcoded version (bsc#1200016) yast2-http-server-4.4.2-150400.3.3.1.noarch.rpm yast2-http-server-4.4.2-150400.3.3.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4021 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for mdadm fixes the following issues: - Add EXTRAVERSION as make argument on build (jsc#SLE-24761, bsc#1193566) mdadm-4.1-150300.24.21.1.src.rpm mdadm-4.1-150300.24.21.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3974 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. libblkid-devel-2.37.2-150400.8.8.1.x86_64.rpm libblkid-devel-static-2.37.2-150400.8.8.1.x86_64.rpm libblkid1-2.37.2-150400.8.8.1.x86_64.rpm libfdisk-devel-2.37.2-150400.8.8.1.x86_64.rpm libfdisk1-2.37.2-150400.8.8.1.x86_64.rpm libmount-devel-2.37.2-150400.8.8.1.x86_64.rpm libmount1-2.37.2-150400.8.8.1.x86_64.rpm libsmartcols-devel-2.37.2-150400.8.8.1.x86_64.rpm libsmartcols1-2.37.2-150400.8.8.1.x86_64.rpm libuuid-devel-2.37.2-150400.8.8.1.x86_64.rpm libuuid-devel-static-2.37.2-150400.8.8.1.x86_64.rpm libuuid1-2.37.2-150400.8.8.1.x86_64.rpm util-linux-2.37.2-150400.8.8.1.src.rpm util-linux-2.37.2-150400.8.8.1.x86_64.rpm util-linux-lang-2.37.2-150400.8.8.1.noarch.rpm util-linux-systemd-2.37.2-150400.8.8.1.src.rpm util-linux-systemd-2.37.2-150400.8.8.1.x86_64.rpm libblkid1-32bit-2.37.2-150400.8.8.1.x86_64.rpm libmount1-32bit-2.37.2-150400.8.8.1.x86_64.rpm libuuid1-32bit-2.37.2-150400.8.8.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3748 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for salt fixes the following issues: - Add Amazon EC2 detection for virtual grains (bsc#1195624) - Change the delimiters to prevent possible tracebacks on some packages with dpkg_lowpkg - Fix 'test_ipc' unit test - Fix Syndic authentication errors (bsc#1199562) - Fix state.apply in test mode with file state module on user/group checking (bsc#1202167) - Fix the regression in schedule module released in version 3004 (bsc#1202631) - Handle non-UTF-8 bytes in core grains generation (bsc#1202165) - Make zypperpkg to retry if RPM lock is temporarily unavailable (bsc#1200596) python3-salt-3004-150400.8.14.1.x86_64.rpm True salt-3004-150400.8.14.1.src.rpm True salt-3004-150400.8.14.1.x86_64.rpm True salt-bash-completion-3004-150400.8.14.1.noarch.rpm True salt-doc-3004-150400.8.14.1.x86_64.rpm True salt-minion-3004-150400.8.14.1.x86_64.rpm True salt-zsh-completion-3004-150400.8.14.1.noarch.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2022-3489 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438). expat-2.4.4-150400.3.9.1.src.rpm expat-2.4.4-150400.3.9.1.x86_64.rpm libexpat-devel-2.4.4-150400.3.9.1.x86_64.rpm libexpat1-2.4.4-150400.3.9.1.x86_64.rpm libexpat1-32bit-2.4.4-150400.3.9.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3867 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for python-Flask-Security-Too fixes the following issues: - CVE-2021-23385: Fixed open redirect (bsc#1202105). python-Flask-Security-Too-3.4.2-150200.3.6.1.src.rpm python3-Flask-Security-Too-3.4.2-150200.3.6.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3745 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for golang-github-prometheus-node_exporter fixes the following issues: (bsc#1196338, jsc#SLE-24238, jsc#SLE-24239, jsc#SUMA-114, CVE-2022-21698) golang-github-prometheus-node_exporter-1.3.0-150100.3.18.1.src.rpm golang-github-prometheus-node_exporter-1.3.0-150100.3.18.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3730 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for python-paramiko fixes the following issues: Updated to version 2.4.3: - CVE-2018-1000805: Fixed authentication bypass (bsc#1111151). Bugfixes: - Fixed Ed25519 key handling for certain key comment lengths (bsc#1200603). python-paramiko-2.4.3-150100.6.15.1.src.rpm python3-paramiko-2.4.3-150100.6.15.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3544 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for python3 fixes the following issues: - CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624). libpython3_6m1_0-3.6.15-150300.10.30.1.x86_64.rpm python3-3.6.15-150300.10.30.1.src.rpm python3-3.6.15-150300.10.30.1.x86_64.rpm python3-base-3.6.15-150300.10.30.1.x86_64.rpm python3-core-3.6.15-150300.10.30.1.src.rpm python3-curses-3.6.15-150300.10.30.1.x86_64.rpm python3-dbm-3.6.15-150300.10.30.1.x86_64.rpm python3-devel-3.6.15-150300.10.30.1.x86_64.rpm python3-idle-3.6.15-150300.10.30.1.x86_64.rpm python3-tk-3.6.15-150300.10.30.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3910 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) pam-1.3.0-150000.6.61.1.src.rpm pam-1.3.0-150000.6.61.1.x86_64.rpm pam-devel-1.3.0-150000.6.61.1.x86_64.rpm pam-doc-1.3.0-150000.6.61.1.noarch.rpm pam-extra-1.3.0-150000.6.61.1.x86_64.rpm pam-32bit-1.3.0-150000.6.61.1.x86_64.rpm pam-extra-32bit-1.3.0-150000.6.61.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4235 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for yast2-users fixes the following issues: - AutoYaST: Fix creation of home for system users (bsc#1202974) yast2-users-4.4.12-150400.3.6.1.src.rpm yast2-users-4.4.12-150400.3.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3595 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for certmonger fixes the following issues: - Use "pkgconfig(systemd)" for the BR to allow hacksaw systemd-mini package to satisfy dependencies in the openSUSE Build Service. - Add buildrequires on systemd which is required for correct installation of the .service file. - Update to 0.79.13 (bsc#1197745) certmonger-0.79.13-150400.3.3.1.src.rpm certmonger-0.79.13-150400.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3731 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for python-waitress fixes the following issues: - CVE-2022-24761: Fixed a bug to avoid inconsistent interpretation of HTTP requests leading to request smuggling. (bsc#1197255) python-waitress-1.4.3-150000.3.6.1.src.rpm python3-waitress-1.4.3-150000.3.6.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3795 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for qemu fixes the following issues: - CVE-2022-0216: Fixed a use after free issue found in hw/scsi/lsi53c895a.c. (bsc#1198038) - CVE-2022-35414: Fixed an uninitialized read during address translation that leads to a crash. (bsc#1201367) qemu-6.2.0-150400.37.8.2.src.rpm qemu-tools-6.2.0-150400.37.8.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3991 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for dhcp fixes the following issues: - CVE-2022-2928: Fixed an option refcount overflow (bsc#1203988). - CVE-2022-2929: Fixed a DHCP memory leak (bsc#1203989). dhcp-4.3.6.P1-150000.6.17.1.src.rpm dhcp-4.3.6.P1-150000.6.17.1.x86_64.rpm dhcp-client-4.3.6.P1-150000.6.17.1.x86_64.rpm dhcp-devel-4.3.6.P1-150000.6.17.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3844 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 The SUSE Linux Enterprise 15 SP4 kernel was updated. The following security bugs were fixed: - CVE-2022-3303: Fixed a race condition in the sound subsystem due to improper locking (bnc#1203769). - CVE-2022-41218: Fixed an use-after-free caused by refcount races in drivers/media/dvb-core/dmxdev.c (bnc#1202960). - CVE-2022-3239: Fixed an use-after-free in the video4linux driver that could lead a local user to able to crash the system or escalate their privileges (bnc#1203552). - CVE-2022-41848: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl (bnc#1203987). - CVE-2022-41849: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open (bnc#1203992). - CVE-2022-41674: Fixed a DoS issue where kernel can crash on the reception of specific WiFi Frames (bsc#1203770). - CVE-2022-1263: Fixed a NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allowed an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service (bnc#1198189). - CVE-2022-32296: Fixed a bug which allowed TCP servers to identify clients by observing what source ports are used (bnc#1200288). - CVE-2022-3202: Fixed a NULL pointer dereference flaw in Journaled File System. This could allow a local attacker to crash the system or leak kernel internal information (bnc#1203389). - CVE-2022-39189: Fixed a bug in the x86 KVM subsystem which allows unprivileged guest users to compromise the guest kernel because TLB flush operations are mishandled (bnc#1203066). - CVE-2022-2586: Fixed a use-after-free which can be triggered when a nft table is deleted (bnc#1202095). - CVE-2022-42722: Fixed crash in beacon protection for P2P-device. (bsc#1204125) - CVE-2022-42719: Fixed MBSSID parsing use-after-free. (bsc#1204051) - CVE-2022-42721: Avoid nontransmitted BSS list corruption. (bsc#1204060) - CVE-2022-42720: Fixed BSS refcounting bugs. (bsc#1204059) The following non-security bugs were fixed: - ACPI / scan: Create platform device for CS35L41 (bsc#1203699). - ACPI: processor idle: Practically limit "Dummy wait" workaround to old Intel systems (bsc#1203767). - ACPI: resource: skip IRQ override on AMD Zen platforms (git-fixes). - ACPI: scan: Add CLSA0101 Laptop Support (bsc#1203699). - ACPI: utils: Add api to read _SUB from ACPI (bsc#1203699). - ALSA: aloop: Fix random zeros in capture data when using jiffies timer (git-fixes). - ALSA: core: Fix double-free at snd_card_new() (git-fixes). - ALSA: cs35l41: Check hw_config before using it (bsc#1203699). - ALSA: cs35l41: Enable Internal Boost in shared lib (bsc#1203699). - ALSA: cs35l41: Move cs35l41_gpio_config to shared lib (bsc#1203699). - ALSA: cs35l41: Unify hardware configuration (bsc#1203699). - ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() (git-fixes). - ALSA: hda: add Intel 5 Series / 3400 PCI DID (git-fixes). - ALSA: hda: cs35l41: Add Amp Name based on channel and index (bsc#1203699). - ALSA: hda: cs35l41: Add Boost type flag (bsc#1203699). - ALSA: hda: cs35l41: Add calls to newly added test key function (bsc#1203699). - ALSA: hda: cs35l41: Add defaulted values into dsp bypass config sequence (bsc#1203699). - ALSA: hda: cs35l41: Add initial DSP support and firmware loading (bsc#1203699). - ALSA: hda: cs35l41: Add missing default cases (bsc#1203699). - ALSA: hda: cs35l41: Add module parameter to control firmware load (bsc#1203699). - ALSA: hda: cs35l41: Add support for CS35L41 in HDA systems (bsc#1203699). - ALSA: hda: cs35l41: Add Support for Interrupts (bsc#1203699). - ALSA: hda: cs35l41: Allow compilation test on non-ACPI configurations (bsc#1203699). - ALSA: hda: cs35l41: Always configure the DAI (bsc#1203699). - ALSA: hda: cs35l41: Avoid overwriting register patch (bsc#1203699). - ALSA: hda: cs35l41: Clarify support for CSC3551 without _DSD Properties (bsc#1203699). - ALSA: hda: cs35l41: Consolidate selections under SND_HDA_SCODEC_CS35L41 (bsc#1203699). - ALSA: hda: cs35l41: Do not dereference fwnode handle (bsc#1203699). - ALSA: hda: cs35l41: Drop wrong use of ACPI_PTR() (bsc#1203699). - ALSA: hda: cs35l41: Enable GPIO2 Interrupt for CLSA0100 laptops (bsc#1203699). - ALSA: hda: cs35l41: Fix comments wrt serial-multi-instantiate reference (bsc#1203699). - ALSA: hda: cs35l41: fix double free on error in probe() (bsc#1203699). - ALSA: hda: cs35l41: Fix error in spi cs35l41 hda driver name (bsc#1203699). - ALSA: hda: cs35l41: Fix I2S params comments (bsc#1203699). - ALSA: hda: cs35l41: Handle all external boost setups the same way (bsc#1203699). - ALSA: hda: cs35l41: Improve dev_err_probe() messaging (bsc#1203699). - ALSA: hda: cs35l41: Make cs35l41_hda_remove() return void (bsc#1203699). - ALSA: hda: cs35l41: Make use of the helper function dev_err_probe() (bsc#1203699). - ALSA: hda: cs35l41: Move boost config to initialization code (bsc#1203699). - ALSA: hda: cs35l41: Move cs35l41* calls to its own symbol namespace (bsc#1203699). - ALSA: hda: cs35l41: Move external boost handling to lib for ASoC use (bsc#1203699). - ALSA: hda: cs35l41: Mute the device before shutdown (bsc#1203699). - ALSA: hda: cs35l41: Put the device into safe mode for external boost (bsc#1203699). - ALSA: hda: cs35l41: Read Speaker Calibration data from UEFI variables (bsc#1203699). - ALSA: hda: cs35l41: Remove cs35l41_hda_reg_sequence struct (bsc#1203699). - ALSA: hda: cs35l41: Remove Set Channel Map api from binding (bsc#1203699). - ALSA: hda: cs35l41: Reorganize log for playback actions (bsc#1203699). - ALSA: hda: cs35l41: Save codec object inside component struct (bsc#1203699). - ALSA: hda: cs35l41: Save Subsystem ID inside CS35L41 Driver (bsc#1203699). - ALSA: hda: cs35l41: Set Speaker Position for CLSA0100 Laptop (bsc#1203699). - ALSA: hda: cs35l41: Support CLSA0101 (bsc#1203699). - ALSA: hda: cs35l41: Support Firmware switching and reloading (bsc#1203699). - ALSA: hda: cs35l41: Support Hibernation during Suspend (bsc#1203699). - ALSA: hda: cs35l41: Support multiple load paths for firmware (bsc#1203699). - ALSA: hda: cs35l41: Support reading subsystem id from ACPI (bsc#1203699). - ALSA: hda: cs35l41: Support Speaker ID for laptops (bsc#1203699). - ALSA: hda: cs35l41: Tidyup code (bsc#1203699). - ALSA: hda: cs35l41: Use the CS35L41 HDA internal define (bsc#1203699). - ALSA: hda: Fix dependencies of CS35L41 on SPI/I2C buses (bsc#1203699). - ALSA: hda: Fix dependency on ASoC cs35l41 codec (bsc#1203699). - ALSA: hda: Fix hang at HD-audio codec unbinding due to refcount saturation (git-fixes). - ALSA: hda: Fix Nvidia dp infoframe (git-fixes). - ALSA: hda: hda_cs_dsp_ctl: Add apis to write the controls directly (bsc#1203699). - ALSA: hda: hda_cs_dsp_ctl: Add fw id strings (bsc#1203699). - ALSA: hda: hda_cs_dsp_ctl: Add Library to support CS_DSP ALSA controls (bsc#1203699). - ALSA: hda: intel-dsp-config: Add RaptorLake PCI IDs (jsc#PED-720). - ALSA: hda/cs8409: Add new Dolphin HW variants (bsc#1203699). - ALSA: hda/cs8409: Add Speaker Playback Switch for Cyborg (bsc#1203699). - ALSA: hda/cs8409: Add Speaker Playback Switch for Warlock (bsc#1203699). - ALSA: hda/cs8409: change cs8409_fixups v.pins initializers to static (bsc#1203699). - ALSA: hda/cs8409: Disable HSBIAS_SENSE_EN for Cyborg (bsc#1203699). - ALSA: hda/cs8409: Fix Full Scale Volume setting for all variants (bsc#1203699). - ALSA: hda/cs8409: Fix Warlock to use mono mic configuration (bsc#1203699). - ALSA: hda/cs8409: Re-order quirk table into ascending order (bsc#1203699). - ALSA: hda/cs8409: Support manual mode detection for CS42L42 (bsc#1203699). - ALSA: hda/cs8409: Support new Dolphin Variants (bsc#1203699). - ALSA: hda/cs8409: Support new Odin Variants (bsc#1203699). - ALSA: hda/cs8409: Support new Warlock MLK Variants (bsc#1203699). - ALSA: hda/cs8409: Use general cs42l42 include in cs8409 hda driver (bsc#1203699). - ALSA: hda/realtek: Add a quirk for HP OMEN 16 (8902) mute LED (git-fixes). - ALSA: hda/realtek: Add CS35L41 support for Thinkpad laptops (bsc#1203699). - ALSA: hda/realtek: Add mute and micmut LED support for Zbook Fury 17 G9 (bsc#1203699). - ALSA: hda/realtek: Add pincfg for ASUS G513 HP jack (git-fixes). - ALSA: hda/realtek: Add pincfg for ASUS G533Z HP jack (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GA503R laptop (git-fixes). - ALSA: hda/realtek: Add quirk for HP Zbook Firefly 14 G9 model (bsc#1203699). - ALSA: hda/realtek: Add quirk for Huawei WRT-WX9 (git-fixes). - ALSA: hda/realtek: Add quirk for Lenovo Yoga7 14IAL7 (bsc#1203699). - ALSA: hda/realtek: Add quirks for ASUS Zenbooks using CS35L41 (bsc#1203699). - ALSA: hda/realtek: Add support for HP Laptops (bsc#1203699). - ALSA: hda/realtek: Add support for Legion 7 16ACHg6 laptop (bsc#1203699). - ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5570 laptop (git-fixes). - ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic boost on EliteBook 845/865 G9 (bsc#1203699). - ALSA: hda/realtek: Enable mute/micmute LEDs support for HP Laptops (bsc#1203699). - ALSA: hda/realtek: Enable speaker and mute LEDs for HP laptops (bsc#1203699). - ALSA: hda/realtek: Fix LED on Zbook Studio G9 (bsc#1203699). - ALSA: hda/realtek: Fix mute led issue on thinkpad with cs35l41 s-codec (bsc#1203699). - ALSA: hda/realtek: More robust component matching for CS35L41 (bsc#1203699). - ALSA: hda/realtek: Re-arrange quirk table entries (git-fixes). - ALSA: hda/sigmatel: Fix unused variable warning for beep power change (git-fixes). - ALSA: hda/tegra: Add Tegra234 hda driver support (git-fixes). - ALSA: hda/tegra: Align BDL entry to 4KB boundary (git-fixes). - ALSA: hda/tegra: set depop delay for tegra (git-fixes). - ALSA: hda/tegra: Update scratch reg. communication (git-fixes). - ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC (git-fixes). - ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() (git-fixes). - ALSA: usb-audio: Inform the delayed registration more properly (git-fixes). - ALSA: usb-audio: Register card again for iface over delayed_register option (git-fixes). - ALSA: usb-audio: Split endpoint setups for hw_params and prepare (git-fixes). - ARM: dts: am33xx: Fix MMCHS0 dma properties (git-fixes). - ARM: dts: imx: align SPI NOR node name with dtschema (git-fixes). - ARM: dts: imx6qdl-kontron-samx6i: fix spi-flash compatible (git-fixes). - arm64: dts: qcom: sm8350: fix UFS PHY serdes size (git-fixes). - arm64: dts: rockchip: Fix typo in lisense text for PX30.Core (git-fixes). - arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob (git-fixes). - arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma (git-fixes). - arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz (git-fixes). - arm64: errata: Add Cortex-A510 to the repeat tlbi list (git-fixes) Enable this errata fix configuration option to arm64/default. - arm64: kexec_file: use more system keyrings to verify kernel image signature (bsc#1196444). - arm64: lib: Import latest version of Arm Optimized Routines' strcmp (git-fixes) - arm64: select TRACE_IRQFLAGS_NMI_SUPPORT (git-fixes) - arm64: topology: fix possible overflow in amu_fie_setup() (git-fixes). - ASoC: cs35l41: Add ASP TX3/4 source to register patch (bsc#1203699). - ASoC: cs35l41: Add bindings for CS35L41 (bsc#1203699). - ASoC: cs35l41: Add common cs35l41 enter hibernate function (bsc#1203699). - ASoC: cs35l41: Add cs35l51/53 IDs (bsc#1203699). - ASoC: cs35l41: Add endianness flag in snd_soc_component_driver (bsc#1203699). - ASoC: cs35l41: Add one more variable in the debug log (bsc#1203699). - ASoC: cs35l41: Add one more variable in the debug log (bsc#1203699). - ASoC: cs35l41: Add support for CLSA3541 ACPI device ID (bsc#1203699). - ASoC: cs35l41: Add support for hibernate memory retention mode (bsc#1203699). - ASoC: cs35l41: Binding fixes (bsc#1203699). - ASoC: cs35l41: Change monitor widgets to siggens (bsc#1203699). - ASoC: cs35l41: Combine adjacent register writes (bsc#1203699). - ASoC: cs35l41: Convert tables to shared source code (bsc#1203699). - ASoC: cs35l41: Correct DSP power down (bsc#1203699). - ASoC: cs35l41: Correct handling of some registers in the cache (bsc#1203699). - ASoC: cs35l41: Correct some control names (bsc#1203699). - ASoC: cs35l41: Create shared function for boost configuration (bsc#1203699). - ASoC: cs35l41: Create shared function for errata patches (bsc#1203699). - ASoC: cs35l41: Create shared function for setting channels (bsc#1203699). - ASoC: cs35l41: CS35L41 Boosted Smart Amplifier (bsc#1203699). - ASoC: cs35l41: Do not overwrite returned error code (bsc#1203699). - ASoC: cs35l41: Do not print error when waking from hibernation (bsc#1203699). - ASoC: cs35l41: Document CS35l41 External Boost (bsc#1203699). - ASoC: cs35l41: DSP Support (bsc#1203699). - ASoC: cs35l41: Fix a bunch of trivial code formating/style issues (bsc#1203699). - ASoC: cs35l41: Fix a shift-out-of-bounds warning found by UBSAN (bsc#1203699). - ASoC: cs35l41: Fix an out-of-bounds access in otp_packed_element_t (bsc#1203699). - ASoC: cs35l41: Fix DSP mbox start command and global enable order (bsc#1203699). - ASoC: cs35l41: Fix GPIO2 configuration (bsc#1203699). - ASoC: cs35l41: Fix link problem (bsc#1203699). - ASoC: cs35l41: Fix max number of TX channels (bsc#1203699). - ASoC: cs35l41: Fix undefined reference to core functions (bsc#1203699). - ASoC: cs35l41: Fix use of an uninitialised variable (bsc#1203699). - ASoC: cs35l41: Fixup the error messages (bsc#1203699). - ASoC: cs35l41: Make cs35l41_remove() return void (bsc#1203699). - ASoC: cs35l41: Move cs_dsp config struct into shared code (bsc#1203699). - ASoC: cs35l41: Move cs35l41 exit hibernate function into shared code (bsc#1203699). - ASoC: cs35l41: Move cs35l41 fs errata into shared code (bsc#1203699). - ASoC: cs35l41: Move cs35l41_otp_unpack to shared code (bsc#1203699). - ASoC: cs35l41: Move cs35l41_set_cspl_mbox_cmd to shared code (bsc#1203699). - ASoC: cs35l41: Move power initializations to reg_sequence (bsc#1203699). - ASoC: cs35l41: Read System Name from ACPI _SUB to identify firmware (bsc#1203699). - ASoC: cs35l41: Remove incorrect comment (bsc#1203699). - ASoC: cs35l41: Remove unnecessary param (bsc#1203699). - ASoC: cs35l41: Set the max SPI speed for the whole device (bsc#1203699). - ASoC: cs35l41: Support external boost (bsc#1203699). - ASoC: cs35l41: Update handling of test key registers (bsc#1203699). - ASoC: cs35l41: Use regmap_read_poll_timeout to wait for OTP boot (bsc#1203699). - ASoC: cs42l42: Add control for audio slow-start switch (bsc#1203699). - ASoC: cs42l42: Add warnings about DETECT_MODE and PLL_START (bsc#1203699). - ASoC: cs42l42: Allow time for HP/ADC to power-up after enable (bsc#1203699). - ASoC: cs42l42: Always enable TS_PLUG and TS_UNPLUG interrupts (bsc#1203699). - ASoC: cs42l42: Change jack_detect_mutex to a lock of all IRQ handling (bsc#1203699). - ASoC: cs42l42: Do not claim to support 192k (bsc#1203699). - ASoC: cs42l42: Do not reconfigure the PLL while it is running (bsc#1203699). - ASoC: cs42l42: Fix WARN in remove() if running without an interrupt (bsc#1203699). - ASoC: cs42l42: free_irq() before powering-down on probe() fail (bsc#1203699). - ASoC: cs42l42: Handle system suspend (bsc#1203699). - ASoC: cs42l42: Implement Manual Type detection as fallback (bsc#1203699). - ASoC: cs42l42: Mark OSC_SWITCH_STATUS register volatile (bsc#1203699). - ASoC: cs42l42: Minor fix all errors reported by checkpatch.pl script (bsc#1203699). - ASoC: cs42l42: Move CS42L42 register descriptions to general include (bsc#1203699). - ASoC: cs42l42: Only report button state if there was a button interrupt (git-fixes). - ASoC: cs42l42: Prevent NULL pointer deref in interrupt handler (bsc#1203699). - ASoC: cs42l42: Remove redundant pll_divout member (bsc#1203699). - ASoC: cs42l42: Remove redundant writes to DETECT_MODE (bsc#1203699). - ASoC: cs42l42: Remove redundant writes to RS_PLUG/RS_UNPLUG masks (bsc#1203699). - ASoC: cs42l42: Remove unused runtime_suspend/runtime_resume callbacks (bsc#1203699). - ASoC: cs42l42: Report full jack status when plug is detected (bsc#1203699). - ASoC: cs42l42: Report initial jack state (bsc#1203699). - ASoC: cs42l42: Reset and power-down on remove() and failed probe() (bsc#1203699). - ASoC: cs42l42: Set correct SRC MCLK (bsc#1203699). - ASoC: cs42l42: Simplify reporting of jack unplug (bsc#1203699). - ASoC: cs42l42: Use PLL for SCLK > 12.288MHz (bsc#1203699). - ASoC: cs42l42: Use two thresholds and increased wait time for manual type detection (bsc#1203699). - ASoC: dt-bindings: cs42l42: Convert binding to yaml (bsc#1203699). - ASoC: imx-card: Fix refcount issue with of_node_put (git-fixes). - ASoC: mchp-spdiftx: Fix clang -Wbitfield-constant-conversion (git-fixes). - ASoC: mchp-spdiftx: remove references to mchp_i2s_caps (git-fixes). - ASoC: nau8824: Fix semaphore unbalance at error paths (git-fixes). - ASoC: qcom: sm8250: add missing module owner (git-fixes). - ASoC: SOF: Intel: pci-tgl: add ADL-PS support (jsc#PED-720). - ASoC: SOF: Intel: pci-tgl: add RPL-P support (jsc#PED-720). - ASoC: SOF: Intel: pci-tgl: add RPL-S support (jsc#PED-652). - ASoC: tas2770: Reinit regcache on reset (git-fixes). - ASoC: wm_adsp: Add support for "toggle" preloaders (bsc#1203699). - ASoC: wm_adsp: Add trace caps to speaker protection FW (bsc#1203699). - ASoC: wm_adsp: Cancel ongoing work when removing controls (bsc#1203699). - ASoC: wm_adsp: Compressed stream DSP memory structs should be __packed (bsc#1203699). - ASoC: wm_adsp: Correct control read size when parsing compressed buffer (bsc#1203699). - ASoC: wm_adsp: Expand firmware loading search options (bsc#1203699). - ASoC: wm_adsp: Fix event for preloader (bsc#1203699). - ASoC: wm_adsp: Introduce cs_dsp logging macros (bsc#1203699). - ASoC: wm_adsp: Make compressed buffers optional (bsc#1203699). - ASoC: wm_adsp: Minor clean and redundant code removal (bsc#1203699). - ASoC: wm_adsp: Move check for control existence (bsc#1203699). - ASoC: wm_adsp: Move check of dsp->running to better place (bsc#1203699). - ASoC: wm_adsp: move firmware loading to client (bsc#1203699). - ASoC: wm_adsp: Move sys_config_size to wm_adsp (bsc#1203699). - ASoC: wm_adsp: Pass firmware names as parameters when starting DSP core (bsc#1203699). - ASoC: wm_adsp: remove a repeated including (bsc#1203699). - ASoC: wm_adsp: Remove pointless string comparison (bsc#1203699). - ASoC: wm_adsp: Remove the wmfw_add_ctl helper function (bsc#1203699). - ASoC: wm_adsp: Remove use of snd_ctl_elem_type_t (bsc#1203699). - ASoC: wm_adsp: Rename generic DSP support (bsc#1203699). - ASoC: wm_adsp: Separate generic cs_dsp_coeff_ctl handling (bsc#1203699). - ASoC: wm_adsp: Separate some ASoC and generic functions (bsc#1203699). - ASoC: wm_adsp: Separate wm_adsp specifics in cs_dsp_client_ops (bsc#1203699). - ASoC: wm_adsp: Split DSP power operations into helper functions (bsc#1203699). - ASoC: wm_adsp: Split out struct cs_dsp from struct wm_adsp (bsc#1203699). - ASoC: wm_adsp: Switch to using wm_coeff_read_ctrl for compressed buffers (bsc#1203699). - ASoC: wm_adsp: wm_adsp_control_add() error: uninitialized symbol 'ret' (bsc#1203699). - batman-adv: Fix hang up with small MTU hard-interface (git-fixes). - Bluetooth: btusb: mediatek: fix WMT failure during runtime suspend (git-fixes). - Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure (git-fixes). - Bluetooth: hci_core: Fix not handling link timeouts propertly (git-fixes). - bnx2x: fix built-in kernel driver load failure (git-fixes). - bnx2x: fix driver load from initrd (git-fixes). - btrfs: fix relocation crash due to premature return from btrfs_commit_transaction() (bsc#1203360). - btrfs: fix space cache corruption and potential double allocations (bsc#1203361). - can: gs_usb: gs_can_open(): fix race dev->can.state condition (git-fixes). - can: rx-offload: can_rx_offload_init_queue(): fix typo (git-fixes). - cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all() (bsc#1196869). - cgroup: cgroup_get_from_id() must check the looked-up kn is a directory (bsc#1203906). - cgroup: Fix race condition at rebind_subsystems() (bsc#1203902). - cgroup: Fix threadgroup_rwsem cpus_read_lock() deadlock (bsc#1196869). - clk: bcm: rpi: Prevent out-of-bounds access (git-fixes). - clk: bcm: rpi: Use correct order for the parameters of devm_kcalloc() (git-fixes). - clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI clocks (git-fixes). - clk: ingenic-tcu: Properly enable registers before accessing timers (git-fixes). - clk: iproc: Do not rely on node name for correct PLL setup (git-fixes). - constraints: increase disk space for all architectures References: bsc#1203693 aarch64 is already suffering. SLE15-SP5 x86_64 stats show that it is very close to the limit. - crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes) - cs-dsp and serial-multi-instantiate enablement (bsc#1203699) - dmaengine: idxd: add helper for per interrupt handle drain (jsc#PED-682). - dmaengine: idxd: add knob for enqcmds retries (jsc#PED-755). - dmaengine: idxd: change MSIX allocation based on per wq activation (jsc#PED-664). - dmaengine: idxd: create locked version of idxd_quiesce() call (jsc#PED-682). - dmaengine: idxd: embed irq_entry in idxd_wq struct (jsc#PED-664). - dmaengine: idxd: fix descriptor flushing locking (jsc#PED-664). - dmaengine: idxd: fix retry value to be constant for duration of function call (git-fixes). - dmaengine: idxd: handle interrupt handle revoked event (jsc#PED-682). - dmaengine: idxd: handle invalid interrupt handle descriptors (jsc#PED-682). - dmaengine: idxd: int handle management refactoring (jsc#PED-682). - dmaengine: idxd: match type for retries var in idxd_enqcmds() (git-fixes). - dmaengine: idxd: move interrupt handle assignment (jsc#PED-682). - dmaengine: idxd: rework descriptor free path on failure (jsc#PED-682). - dmaengine: idxd: set defaults for wq configs (jsc#PED-688). - dmaengine: idxd: update IAA definitions for user header (jsc#PED-763). - dmaengine: ti: k3-udma-private: Fix refcount leak bug in of_xudma_dev_get() (git-fixes). - docs: i2c: i2c-topology: fix incorrect heading (git-fixes). - dpaa2-ptp: Fix refcount leak in dpaa2_ptp_probe (git-fixes). - drm/amd/amdgpu: fixing read wrong pf2vf data in SRIOV (git-fixes). - drm/amd/amdgpu: skip ucode loading if ucode_size == 0 (git-fixes). - drm/amd/display: Limit user regamma to a valid value (git-fixes). - drm/amd/display: Mark dml30's UseMinimumDCFCLK() as noinline for stack usage (git-fixes). - drm/amd/display: Reduce number of arguments of dml31's CalculateFlipSchedule() (git-fixes). - drm/amd/display: Reduce number of arguments of dml31's CalculateWatermarksAndDRAMSpeedChangeSupport() (git-fixes). - drm/amd/pm: disable BACO entry/exit completely on several sienna cichlid cards (git-fixes). - drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup (git-fixes). - drm/amdgpu: do not register a dirty callback for non-atomic (git-fixes). - drm/amdgpu: make sure to init common IP before gmc (git-fixes). - drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly (git-fixes). - drm/amdgpu: move nbio ih_doorbell_range() into ih code for vega (git-fixes). - drm/amdgpu: move nbio sdma_doorbell_range() into sdma code for vega (git-fixes). - drm/amdgpu: Move psp_xgmi_terminate call from amdgpu_xgmi_remove_device to psp_hw_fini (git-fixes). - drm/amdgpu: Separate vf2pf work item init from virt data exchange (git-fixes). - drm/amdgpu: use dirty framebuffer helper (git-fixes). - drm/bridge: display-connector: implement bus fmts callbacks (git-fixes). - drm/bridge: lt8912b: add vsync hsync (git-fixes). - drm/bridge: lt8912b: fix corrupted image output (git-fixes). - drm/bridge: lt8912b: set hdmi or dvi mode (git-fixes). - drm/gem: Fix GEM handle release errors (git-fixes). - drm/gma500: Fix BUG: sleeping function called from invalid context errors (git-fixes). - drm/i915: Implement WaEdpLinkRateDataReload (git-fixes). - drm/i915: Skip wm/ddb readout for disabled pipes (git-fixes). - drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk (git-fixes). - drm/i915/gt: Restrict forced preemption to the active context (git-fixes). - drm/mediatek: dsi: Add atomic {destroy,duplicate}_state, reset callbacks (git-fixes). - drm/mediatek: dsi: Move mtk_dsi_stop() call back to mtk_dsi_poweroff() (git-fixes). - drm/meson: Correct OSD1 global alpha value (git-fixes). - drm/meson: Fix OSD1 RGB to YCbCr coefficient (git-fixes). - drm/msm/rd: Fix FIFO-full deadlock (git-fixes). - drm/panel: simple: Fix innolux_g121i1_l01 bus_format (git-fixes). - drm/panfrost: devfreq: set opp to the recommended one to configure regulator (git-fixes). - drm/radeon: add a force flush to delay work when radeon (git-fixes). - drm/rockchip: Fix return type of cdn_dp_connector_mode_valid (git-fixes). - drm/tegra: vic: Fix build warning when CONFIG_PM=n (git-fixes). - dt-bindings: hwmon: (mr75203) fix "intel,vm-map" property to be optional (git-fixes). - EDAC/dmc520: Do not print an error for each unconfigured interrupt line (bsc#1190497). - efi: capsule-loader: Fix use-after-free in efi_capsule_write (git-fixes). - efi: libstub: Disable struct randomization (git-fixes). - eth: alx: take rtnl_lock on resume (git-fixes). - eth: sun: cassini: remove dead code (git-fixes). - fbcon: Add option to enable legacy hardware acceleration (bsc#1152472) Backporting changes: * context fixes in other patch * update config - fbcon: Fix accelerated fbdev scrolling while logo is still shown (bsc#1152472) - fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init() (git-fixes). - firmware: arm_scmi: Fix the asynchronous reset requests (git-fixes). - firmware: arm_scmi: Harden accesses to the reset domains (git-fixes). - firmware: cs_dsp: add driver to support firmware loading on Cirrus Logic DSPs (bsc#1203699). - firmware: cs_dsp: Add lockdep asserts to interface functions (bsc#1203699). - firmware: cs_dsp: Add memory chunk helpers (bsc#1203699). - firmware: cs_dsp: Add offset to cs_dsp read/write (bsc#1203699). - firmware: cs_dsp: Add pre_run callback (bsc#1203699). - firmware: cs_dsp: Add pre_stop callback (bsc#1203699). - firmware: cs_dsp: Add support for rev 2 coefficient files (bsc#1203699). - firmware: cs_dsp: Add version checks on coefficient loading (bsc#1203699). - firmware: cs_dsp: Allow creation of event controls (bsc#1203699). - firmware: cs_dsp: Clarify some kernel doc comments (bsc#1203699). - firmware: cs_dsp: Clear core reset for cache (bsc#1203699). - firmware: cs_dsp: Fix overrun of unterminated control name string (bsc#1203699). - firmware: cs_dsp: Move lockdep asserts to avoid potential null pointer (bsc#1203699). - firmware: cs_dsp: Perform NULL check in cs_dsp_coeff_write/read_ctrl (bsc#1203699). - firmware: cs_dsp: Print messages from bin files (bsc#1203699). - firmware: cs_dsp: tidy includes in cs_dsp.c and cs_dsp.h (bsc#1203699). - ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead (git-fixes). - fuse: Remove the control interface for virtio-fs (bsc#1203798). - gpio: mockup: fix NULL pointer dereference when removing debugfs (git-fixes). - gpio: mockup: remove gpio debugfs when remove device (git-fixes). - gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx (git-fixes). - gpio: mvebu: Fix check for pwm support on non-A8K platforms (git-fixes). - gpiolib: cdev: Set lineevent_state::irq after IRQ register successfully (git-fixes). - gve: Fix GFP flags when allocing pages (git-fixes). - hid: intel-ish-hid: ishtp: Fix ishtp client sending disordered message (git-fixes). - HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo (git-fixes). - hwmon: (gsc-hwmon) Call of_node_get() before of_find_xxx API (git-fixes). - hwmon: (mr75203) enable polling for all VM channels (git-fixes). - hwmon: (mr75203) fix multi-channel voltage reading (git-fixes). - hwmon: (mr75203) fix VM sensor allocation when "intel,vm-map" not defined (git-fixes). - hwmon: (mr75203) fix voltage equation for negative source input (git-fixes). - hwmon: (mr75203) update pvt->v_num and vm_num to the actual number of used sensors (git-fixes). - hwmon: (pmbus/mp2888) Fix sensors readouts for MPS Multi-phase mp2888 controller (git-fixes). - hwmon: (tps23861) fix byte order in resistance register (git-fixes). - i2c: acpi: Add an i2c_acpi_client_count() helper function (bsc#1203699). - i2c: imx: If pm_runtime_get_sync() returned 1 device access is possible (git-fixes). - i2c: mlxbf: Fix frequency calculation (git-fixes). - i2c: mlxbf: incorrect base address passed during io write (git-fixes). - i2c: mlxbf: prevent stack overflow in mlxbf_i2c_smbus_start_transaction() (git-fixes). - i2c: mlxbf: support lock mechanism (git-fixes). - ice: Allow operation with reduced device MSI-X (bsc#1201987). - ice: arfs: fix use-after-free when freeing @rx_cpu_rmap (git-fixes). - ice: Do not skip not enabled queues in ice_vc_dis_qs_msg (git-fixes). - ice: fix crash when writing timestamp on RX rings (git-fixes). - ice: Fix KASAN error in LAG NETDEV_UNREGISTER handler (git-fixes). - ice: fix possible under reporting of ethtool Tx and Rx statistics (git-fixes). - ice: Fix race during aux device (un)plugging (git-fixes). - ice: Match on all profiles in slow-path (git-fixes). - ieee802154: cc2520: add rc code in cc2520_tx() (git-fixes). - igb: skip phy status check where unavailable (git-fixes). - Input: goodix - add compatible string for GT1158 (git-fixes). - Input: goodix - add support for GT1158 (git-fixes). - Input: iforce - add support for Boeder Force Feedback Wheel (git-fixes). - Input: iqs62x-keys - drop unused device node references (git-fixes). - Input: melfas_mip4 - fix return value check in mip4_probe() (git-fixes). - Input: snvs_pwrkey - fix SNVS_HPVIDR1 register address (git-fixes). - kABI workaround for spi changes (bsc#1203699). - kABI: Add back removed struct paca member (bsc#1203664 ltc#199236). - kABI: fix adding another field to scsi_device (bsc#1203039). - kABI: Fix kABI after SNP-Guest backport (jsc#SLE-19924, jsc#SLE-24814). - kbuild: disable header exports for UML in a straightforward way (git-fixes). - kexec, KEYS, s390: Make use of built-in and secondary keyring for signature verification (bsc#1196444). - kexec, KEYS: make the code in bzImage64_verify_sig generic (bsc#1196444). - kexec: clean up arch_kexec_kernel_verify_sig (bsc#1196444). - kexec: drop weak attribute from functions (bsc#1196444). - KVM: SVM: Create a separate mapping for the GHCB save area (jsc#SLE-19924, jsc#SLE-24814). - KVM: SVM: Create a separate mapping for the SEV-ES save area (jsc#SLE-19924, jsc#SLE-24814). - KVM: SVM: Define sev_features and VMPL field in the VMSA (jsc#SLE-19924, jsc#SLE-24814). - KVM: SVM: fix tsc scaling cache logic (bsc#1203263). - KVM: SVM: Update the SEV-ES save area mapping (jsc#SLE-19924, jsc#SLE-24814). - KVM: VMX: Heed the 'msr' argument in msr_write_intercepted() (git-fixes). - KVM: X86: Fix when shadow_root_level=5 and guest root_level 4 (git-fixes). - KVM: x86: hyper-v: Drop redundant 'ex' parameter from kvm_hv_send_ipi() (git-fixes). - KVM: x86: hyper-v: HVCALL_SEND_IPI_EX is an XMM fast hypercall (git-fixes). - KVM: x86: Move lookup of indexed CPUID leafs to helper (jsc#SLE-19924, jsc#SLE-24814). - libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205 (git-fixes). - lockd: detect and reject lock arguments that overflow (git-fixes). - md-raid10: fix KASAN warning (git-fixes). - md: call __md_stop_writes in md_stop (git-fixes). - md: unlock mddev before reap sync_thread in action_store (bsc#1197659). - media: aspeed: Fix an error handling path in aspeed_video_probe() (git-fixes). - media: coda: Add more H264 levels for CODA960 (git-fixes). - media: coda: Fix reported H264 profile (git-fixes). - media: dvb_vb2: fix possible out of bound access (git-fixes). - media: exynos4-is: Change clk_disable to clk_disable_unprepare (git-fixes). - media: exynos4-is: Fix PM disable depth imbalance in fimc_is_probe (git-fixes). - media: flexcop-usb: fix endpoint type check (git-fixes). - media: imx-jpeg: Add pm-sleep support for imx-jpeg (git-fixes). - media: imx-jpeg: Correct some definition according specification (git-fixes). - media: imx-jpeg: Disable slot interrupt when frame done (git-fixes). - media: imx-jpeg: Fix potential array out of bounds in queue_setup (git-fixes). - media: imx-jpeg: Leave a blank space before the configuration data (git-fixes). - media: imx-jpeg: Refactor function mxc_jpeg_parse (git-fixes). - media: mceusb: Use new usb_control_msg_*() routines (git-fixes). - media: platform: mtk-mdp: Fix mdp_ipi_comm structure alignment. - media: rkvdec: Disable H.264 error detection (git-fixes). - media: st-delta: Fix PM disable depth imbalance in delta_probe (git-fixes). - media: vsp1: Fix offset calculation for plane cropping. - misc: cs35l41: Remove unused pdn variable (bsc#1203699). - mISDN: fix use-after-free bugs in l1oip timer handlers (git-fixes). - mlxsw: i2c: Fix initialization error flow (git-fixes). - mm: Fix PASID use-after-free issue (bsc#1203908). - mmc: core: Fix inconsistent sd3_bus_mode at UHS-I SD voltage switch failure (git-fixes). - mmc: hsq: Fix data stomping during mmc recovery (git-fixes). - mmc: moxart: fix 4-bit bus width and remove 8-bit bus width (git-fixes). - mwifiex: fix sleep in atomic context bugs caused by dev_coredumpv (git-fixes). - net: axienet: fix RX ring refill allocation failure handling (git-fixes). - net: axienet: reset core on initialization prior to MDIO access (git-fixes). - net: bcmgenet: hide status block before TX timestamping (git-fixes). - net: bcmgenet: Revert "Use stronger register read/writes to assure ordering" (git-fixes). - net: cpsw: add missing of_node_put() in cpsw_probe_dt() (git-fixes). - net: dsa: bcm_sf2_cfp: fix an incorrect NULL check on list iterator (git-fixes). - net: dsa: bcm_sf2: Fix Wake-on-LAN with mac_link_down() (git-fixes). - net: dsa: felix: fix tagging protocol changes with multiple CPU ports (git-fixes). - net: dsa: felix: suppress -EPROBE_DEFER errors (git-fixes). - net: dsa: introduce helpers for iterating through ports using dp (git-fixes). - net: dsa: lantiq_gswip: Do not set GSWIP_MII_CFG_RMII_CLK (git-fixes). - net: dsa: lantiq_gswip: fix use after free in gswip_remove() (git-fixes). - net: dsa: microchip: fix bridging with more than two member ports (git-fixes). - net: dsa: mt7530: 1G can also support 1000BASE-X link mode (git-fixes). - net: dsa: mt7530: add missing of_node_put() in mt7530_setup() (git-fixes). - net: dsa: mv88e6xxx: Fix port_hidden_wait to account for port_base_addr (git-fixes). - net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register (git-fixes). - net: dsa: restrict SMSC_LAN9303_I2C kconfig (git-fixes). - net: emaclite: Add error handling for of_address_to_resource() (git-fixes). - net: enetc: Use pci_release_region() to release some resources (git-fixes). - net: ethernet: mediatek: ppe: fix wrong size passed to memset() (git-fixes). - net: ethernet: mv643xx: Fix over zealous checking of_get_mac_address() (git-fixes). - net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link (git-fixes). - net: ethernet: stmmac: fix write to sgmii_adapter_base (git-fixes). - net: fec: add missing of_node_put() in fec_enet_init_stop_mode() (git-fixes). - net: ftgmac100: access hardware register after clock ready (git-fixes). - net: hns3: add netdev reset check for hns3_set_tunable() (git-fixes). - net: hns3: fix the concurrency between functions reading debugfs (git-fixes). - net: ipa: get rid of a duplicate initialization (git-fixes). - net: ipa: kill ipa_cmd_pipeline_clear() (git-fixes). - net: ipa: record proper RX transaction count (git-fixes). - net: macb: Fix PTP one step sync support (git-fixes). - net: macb: Increment rx bd head after allocating skb and buffer (git-fixes). - net: mana: Add rmb after checking owner bits (git-fixes). - net: mana: Add support of XDP_REDIRECT action (bug#1201310, jsc#PED-529). - net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529). - net: mdio: Fix ENOMEM return value in BCM6368 mux bus controller (git-fixes). - net: mscc: ocelot: avoid corrupting hardware counters when moving VCAP filters (git-fixes). - net: mscc: ocelot: fix all IP traffic getting trapped to CPU with PTP over IP (git-fixes). - net: mscc: ocelot: fix broken IP multicast flooding (git-fixes). - net: mscc: ocelot: fix last VCAP IS1/IS2 filter persisting in hardware when deleted (git-fixes). - net: mscc: ocelot: fix missing unlock on error in ocelot_hwstamp_set() (git-fixes). - net: mscc: ocelot: fix VCAP IS2 filters matching on both lookups (git-fixes). - net: mscc: ocelot: restrict tc-trap actions to VCAP IS2 lookup 0 (git-fixes). - net: phy: aquantia: wait for the suspend/resume operations to finish (git-fixes). - net: phy: at803x: move page selection fix to config_init (git-fixes). - net: phy: Do not WARN for PHY_UP state in mdio_bus_phy_resume() (git-fixes). - net: sparx5: depends on PTP_1588_CLOCK_OPTIONAL (git-fixes). - net: sparx5: uses, depends on BRIDGE or !BRIDGE (git-fixes). - net: stmmac: dwmac-qcom-ethqos: add platform level clocks management (git-fixes). - net: stmmac: dwmac-qcom-ethqos: Enable RGMII functional clock on resume (git-fixes). - net: stmmac: dwmac-sun8i: add missing of_node_put() in sun8i_dwmac_register_mdio_mux() (git-fixes). - net: stmmac: enhance XDP ZC driver level switching performance (git-fixes). - net: stmmac: fix out-of-bounds access in a selftest (git-fixes). - net: stmmac: Fix unset max_speed difference between DT and non-DT platforms (git-fixes). - net: stmmac: only enable DMA interrupts when ready (git-fixes). - net: stmmac: perserve TX and RX coalesce value during XDP setup (git-fixes). - net: stmmac: remove unused get_addr() callback (git-fixes). - net: stmmac: Use readl_poll_timeout_atomic() in atomic state (git-fixes). - net: systemport: Fix an error handling path in bcm_sysport_probe() (git-fixes). - net: thunderbolt: Enable DMA paths only after rings are enabled (git-fixes). - net: usb: qmi_wwan: add Quectel RM520N (git-fixes). - net: wwan: iosm: Call mutex_init before locking it (git-fixes). - net: wwan: iosm: remove pointless null check (git-fixes). - net/mlx5: CT: Fix header-rewrite re-use for tupels (git-fixes). - net/mlx5: Drain fw_reset when removing device (git-fixes). - net/mlx5e: Block rx-gro-hw feature in switchdev mode (git-fixes). - net/mlx5e: Properly block HW GRO when XDP is enabled (git-fixes). - net/mlx5e: Properly block LRO when XDP is enabled (git-fixes). - net/mlx5e: Remove HW-GRO from reported features (git-fixes). - net/mlx5e: TC NIC mode, fix tc chains miss table (git-fixes). - net/qla3xxx: Fix a test in ql_reset_work() (git-fixes). - net/sunrpc: fix potential memory leaks in rpc_sysfs_xprt_state_change() (git-fixes). - NFS: Do not decrease the value of seq_nr_highest_sent (git-fixes). - NFS: fix problems with __nfs42_ssc_open (git-fixes). - NFS: Fix races in the legacy idmapper upcall (git-fixes). - NFS: Fix WARN_ON due to unionization of nfs_inode.nrequests (git-fixes). - NFS: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly (git-fixes). - NFS: LOOKUP_DIRECTORY is also ok with symlinks (git-fixes). - NFS: RECLAIM_COMPLETE must handle EACCES (git-fixes). - NFS: Turn off open-by-filehandle and NFS re-export for NFSv4.0 (git-fixes). - NFS: Update mode bits after ALLOCATE and DEALLOCATE (git-fixes). - NFSD: Clean up the show_nf_flags() macro (git-fixes). - NFSD: eliminate the NFSD_FILE_BREAK_* flags (git-fixes). - NFSD: Fix offset type in I/O trace points (git-fixes). - NFSD: Report RDMA connection errors to the server (git-fixes). - NFSD: restore EINVAL error translation in nfsd_commit() (git-fixes). - of/device: Fix up of_dma_configure_id() stub (git-fixes). - of/fdt: fix off-by-one error in unflatten_dt_nodes() (git-fixes). - parisc/sticon: fix reverse colors (bsc#1152489) - parisc/stifb: Fix fb_is_primary_device() only available with (bsc#1152489) - parisc/stifb: Implement fb_is_primary_device() (bsc#1152489) - parisc/stifb: Keep track of hardware path of graphics card (bsc#1152489) - PCI: Correct misspelled words (git-fixes). - PCI: Disable MSI for Tegra234 Root Ports (git-fixes). - PCI: Prefer 'unsigned int' over bare 'unsigned' (git-fixes). - PCI/ASPM: Make Intel DG2 L1 acceptable latency unlimited (jsc#PED-387). - pinctrl: qcom: sc8180x: Fix gpio_wakeirq_map (git-fixes). - pinctrl: qcom: sc8180x: Fix wrong pin numbers (git-fixes). - pinctrl: sunxi: Fix name for A100 R_PIO (git-fixes). - platform/surface: aggregator_registry: Add support for Surface Laptop Go 2 (git-fixes). - platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes (git-fixes). - platform/x86: i2c-multi-instantiate: Rename it for a generic serial driver name (bsc#1203699). - platform/x86: serial-multi-instantiate: Add CLSA0101 Laptop (bsc#1203699). - platform/x86: serial-multi-instantiate: Add SPI support (bsc#1203699). - platform/x86: serial-multi-instantiate: Reorganize I2C functions (bsc#1203699). - powerpc/pseries/vas: Pass hw_cpu_id to node associativity HCALL (bsc#1194869). - ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904). - regulator: core: Clean up on enable failure (git-fixes). - regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe() (git-fixes). - regulator: qcom_rpm: Fix circular deferral regression (git-fixes). - reset: imx7: Fix the iMX8MP PCIe PHY PERST support (git-fixes). - s390: fix double free of GS and RI CBs on fork() failure (bsc#1203197 LTC#199895). - s390/boot: fix absolute zero lowcore corruption on boot (git-fixes). - scsi: core: Add BLIST_NO_ASK_VPD_SIZE for some VDASD (bsc#1203039). - scsi: lpfc: Add missing destroy_workqueue() in error path (bsc#1203939). - scsi: lpfc: Add missing free iocb and nlp kref put for early return VMID cases (bsc#1203939). - scsi: lpfc: Add reporting capability for Link Degrade Signaling (bsc#1203939). - scsi: lpfc: Fix FLOGI ACC with wrong SID in PT2PT topology (bsc#1203939). - scsi: lpfc: Fix mbuf pool resource detected as busy at driver unload (bsc#1203939). - scsi: lpfc: Fix multiple NVMe remoteport registration calls for the same NPort ID (bsc#1203939). - scsi: lpfc: Fix prli_fc4_req checks in PRLI handling (bsc#1203939). - scsi: lpfc: Fix various issues reported by tools (bsc#1203939). - scsi: lpfc: Move scsi_host_template outside dynamically allocated/freed phba (bsc#1185032 bsc#1203939). - scsi: lpfc: Remove the unneeded result variable (bsc#1203939). - scsi: lpfc: Remove unneeded result variable (bsc#1203939). - scsi: lpfc: Rename mp/bmp dma buffers to rq/rsp in lpfc_fdmi_cmd (bsc#1203939). - scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of DID_REQUEUE (bsc#1203939). - scsi: lpfc: Rework FDMI attribute registration for unintential padding (bsc#1203939). - scsi: lpfc: Rework lpfc_fdmi_cmd() routine for cleanup and consistency (bsc#1203939). - scsi: lpfc: Update congestion mode logging for Emulex SAN Manager application (bsc#1203939). - scsi: lpfc: Update lpfc version to 14.2.0.7 (bsc#1203939). - scsi: mpt3sas: Fix use-after-free warning (git-fixes). - scsi: qla2xxx: Add debugfs create/delete helpers (bsc#1203935). - scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image Status (bsc#1203935). - scsi: qla2xxx: Always wait for qlt_sess_work_fn() from qlt_stop_phase1() (bsc#1203935). - scsi: qla2xxx: Avoid flush_scheduled_work() usage (bsc#1203935). - scsi: qla2xxx: Define static symbols (bsc#1203935). - scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX (bsc#1203935). - scsi: qla2xxx: Drop DID_TARGET_FAILURE use (bsc#1203935). - scsi: qla2xxx: Enhance driver tracing with separate tunable and more (bsc#1203935). - scsi: qla2xxx: Fix disk failure to rediscover (git-fixes). - scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() (bsc#1203935). - scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1203935). - scsi: qla2xxx: Fix spelling mistake "definiton" "definition" (bsc#1203935). - scsi: qla2xxx: Log message "skipping scsi_scan_host()" as informational (bsc#1203935). - scsi: qla2xxx: Remove unused declarations for qla2xxx (bsc#1203935). - scsi: qla2xxx: Remove unused del_sess_list field (bsc#1203935). - scsi: qla2xxx: Remove unused qlt_tmr_work() (bsc#1203935). - scsi: qla2xxx: Revert "scsi: qla2xxx: Fix response queue handler reading stale packets" (bsc#1203935). - scsi: qla2xxx: Update version to 10.02.07.900-k (bsc#1203935). - scsi: Revert "scsi: qla2xxx: Fix disk failure to rediscover" (git-fixes). - scsi: smartpqi: Add module param to disable managed ints (bsc#1203893). - scsi: smartpqi: Shorten drive visibility after removal (bsc#1200622). - selftests: Fix the if conditions of in test_extra_filter() (git-fixes). - selftests: forwarding: add shebang for sch_red.sh (git-fixes). - selftests: forwarding: Fix failing tests with old libnet (git-fixes). - serial: atmel: remove redundant assignment in rs485_config (git-fixes). - serial: Create uart_xmit_advance() (git-fixes). - serial: fsl_lpuart: Reset prior to registration (git-fixes). - serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes). - serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes). - soc: sunxi: sram: Actually claim SRAM regions (git-fixes). - soc: sunxi: sram: Fix debugfs info for A64 SRAM C (git-fixes). - soc: sunxi: sram: Prevent the driver from being unbound (git-fixes). - spi: Add API to count spi acpi resources (bsc#1203699). - spi: Create helper API to lookup ACPI info for spi device (bsc#1203699). - spi: dw: Fix PM disable depth imbalance in dw_spi_bt1_probe (git-fixes). - spi: meson-spicc: do not rely on busy flag in pow2 clk ops (git-fixes). - spi: mt7621: Fix an error message in mt7621_spi_probe() (git-fixes). - spi: propagate error code to the caller of acpi_spi_device_alloc() (bsc#1203699). - spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime() (git-fixes). - spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume() (git-fixes). - spi: Return deferred probe error when controller isn't yet available (bsc#1203699). - spi: s3c64xx: Fix large transfers with DMA (git-fixes). - spi: Support selection of the index of the ACPI Spi Resource before alloc (bsc#1203699). - spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe (git-fixes). - struct ehci_hcd: hide new element going into a hole (git-fixes). - struct xhci_hcd: restore member now dynamically allocated (git-fixes). - SUNRPC: Do not call connect() more than once on a TCP socket (git-fixes). - SUNRPC: Do not leak sockets in xs_local_connect() (git-fixes). - SUNRPC: fix expiry of auth creds (git-fixes). - SUNRPC: Fix xdr_encode_bool() (git-fixes). - SUNRPC: Reinitialise the backchannel request buffers before reuse (git-fixes). - SUNRPC: RPC level errors should set task->tk_rpc_status (git-fixes). - thunderbolt: Add support for Intel Maple Ridge single port controller (git-fixes). - tracing: hold caller_addr to hardirq_{enable,disable}_ip (git-fixes). - tty: serial: atmel: Preserve previous USART mode if RS485 disabled (git-fixes). - USB: Add ignore-residue quirk for NXP PN7462AU (git-fixes). - USB: add quirks for Lenovo OneLink+ Dock (git-fixes). - USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) (git-fixes). - USB: core: Fix RST error in hub.c (git-fixes). - USB: core: Prevent nested device-reset calls (git-fixes). - USB: Drop commas after SoC match table sentinels (git-fixes). - USB: dwc3: core: leave default DMA if the controller does not support 64-bit DMA (git-fixes). - USB: dwc3: disable USB core PHY management (git-fixes). - USB: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind (git-fixes). - USB: dwc3: gadget: Do not modify GEVNTCOUNT in pullup() (git-fixes). - USB: dwc3: gadget: Refactor pullup() (git-fixes). - USB: dwc3: pci: Add support for Intel Raptor Lake (git-fixes). - USB: Fix ehci infinite suspend-resume loop issue in zhaoxin (git-fixes). - USB: Fix memory leak in usbnet_disconnect() (git-fixes). - USB: host: xhci: fix a comment typo in xhci_mem_init() (git-fixes). - USB: host: xhci: use ffs() in xhci_mem_init() (git-fixes). - USB: hub: avoid warm port reset during USB3 disconnect (git-fixes). - USB: serial: cp210x: add Decagon UCA device id (git-fixes). - USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id (git-fixes). - USB: serial: option: add Quectel BG95 0x0203 composition (git-fixes). - USB: serial: option: add Quectel EM060K modem (git-fixes). - USB: serial: option: add Quectel RM520N (git-fixes). - USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode (git-fixes). - USB: serial: option: add support for OPPO R11 diag port (git-fixes). - USB: storage: Add ASUS 0x0b05:0x1932 to IGNORE_UAS (git-fixes). - USB: struct usb_device: hide new member (git-fixes). - USB: typec: intel_pmc_mux: Add new ACPI ID for Meteor Lake IOM device (git-fixes). - USB: typec: tipd: Add an additional overflow check (git-fixes). - USB: typec: tipd: Do not read/write more bytes than required (git-fixes). - USB: typec: ucsi: Remove incorrect warning (git-fixes). - USB: xhci-mtk: relax TT periodic bandwidth allocation (git-fixes). - vfio/type1: Unpin zero pages (git-fixes). - vhost/vsock: Use kvmalloc/kvfree for larger packets (git-fixes). - video: fbdev: i740fb: Error out if 'pixclock' equals zero (git-fixes). - video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write (git-fixes). - virt: Add SEV-SNP guest driver (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Add documentation for SEV-SNP CPUID Enforcement (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Add support to derive key (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Add support to get extended report (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Fix bool function returning negative value (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Fix return value check in alloc_shared_pages() (jsc#SLE-19924, jsc#SLE-24814). - vrf: fix packet sniffing for traffic originating from ip tunnels (git-fixes). - vt: Clear selection before changing the font (git-fixes). - watchdog: wdat_wdt: Set the min and max timeout values properly (bsc#1194023). - wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state() (git-fixes). - wifi: ath11k: fix number of VHT beamformee spatial streams (git-fixes). - wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes). - wifi: mac80211_hwsim: check length for virtio packets (git-fixes). - wifi: mac80211: allow bw change during channel switch in mesh (git-fixes). - wifi: mac80211: fix regression with non-QoS drivers (git-fixes). - wifi: mac80211: Fix UAF in ieee80211_scan_rx() (git-fixes). - wifi: mt76: fix reading current per-tid starting sequence number for aggregation (git-fixes). - wifi: mt76: mt7615: add mt7615_mutex_acquire/release in mt7615_sta_set_decap_offload (git-fixes). - wifi: mt76: mt7915: do not check state before configuring implicit beamform (git-fixes). - wifi: mt76: sdio: fix transmitting packet hangs (git-fixes). - wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM (git-fixes). - wifi: rtl8xxxu: Fix skb misuse in TX queue selection (git-fixes). - wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration (git-fixes). - wifi: rtl8xxxu: Improve rtl8xxxu_queue_select (git-fixes). - wifi: rtl8xxxu: Remove copy-paste leftover in gen2_update_rate_mask (git-fixes). - wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse() (git-fixes). - wifi: rtlwifi: 8192de: correct checking of IQK reload (git-fixes). - wifi: rtw88: add missing destroy_workqueue() on error path in rtw_core_init() (git-fixes). - workqueue: do not skip lockdep work dependency in cancel_work_sync() (git-fixes). - x86/boot: Add a pointer to Confidential Computing blob in bootparams (jsc#SLE-19924, jsc#SLE-24814). - x86/boot: Add Confidential Computing type to setup_data (jsc#SLE-19924, jsc#SLE-24814). - x86/boot: Introduce helpers for MSR reads/writes (jsc#SLE-19924, jsc#SLE-24814). - x86/boot: Put globals that are accessed early into the .data section (jsc#SLE-19924, jsc#SLE-24814). - x86/boot: Use MSR read/write helpers instead of inline assembly (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Add helper for validating pages in the decompression stage (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Add SEV-SNP feature detection/setup (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Export and rename add_identity_map() (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Register GHCB memory when SEV-SNP is active (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Use firmware-validated CPUID leaves for SEV-SNP guests (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/64: Add identity mapping for Confidential Computing blob (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/64: Add support for SEV-SNP CPUID table in #VC handlers (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/64: Detect/setup SEV/SME features earlier during boot (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI config table lookup to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI detection to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI kexec handling into common code (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI system table lookup to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI vendor table lookup to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/head/64: Re-enable stack protection (jsc#SLE-19924, jsc#SLE-24814). - x86/ibt,ftrace: Make function-graph play nice (bsc#1203969). - x86/kernel: Mark the .bss..decrypted section as shared in the RMP table (jsc#SLE-19924, jsc#SLE-24814). - x86/kernel: Validate ROM memory before accessing when SEV-SNP is active (jsc#SLE-19924, jsc#SLE-24814). - x86/kexec: fix memory leak of elf header buffer (bsc#1196444). - x86/mm: Extend cc_attr to include AMD SEV-SNP (jsc#SLE-19924, jsc#SLE-24814). - x86/mm: Validate memory when changing the C-bit (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Add a helper for the PVALIDATE instruction (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Add a sev= cmdline option (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Add helper for validating pages in early enc attribute changes (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Add missing __init annotations to SEV init routines (jsc#SLE-19924 jsc#SLE-24814). - x86/sev: Add SEV-SNP feature detection/setup (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Check SEV-SNP features support (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Check the VMPL level (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Detect/setup SEV/SME features earlier in boot (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Get the AP jump table address from secrets page (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Move MSR-based VMGEXITs for CPUID to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Provide support for SNP guest request NAEs (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Register GHCB memory when SEV-SNP is active (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Register SEV-SNP guest request platform device (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Use firmware-validated CPUID for SEV-SNP guests (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Use SEV-SNP AP creation to start secondary CPUs (jsc#SLE-19924, jsc#SLE-24814). - x86/xen: Remove undefined behavior in setup_features() (git-fixes). - xen-blkback: Advertise feature-persistent as user requested (git-fixes). - xen-blkback: Apply 'feature_persistent' parameter when connect (git-fixes). - xen-blkback: fix persistent grants negotiation (git-fixes). - xen-blkfront: Advertise feature-persistent as user requested (git-fixes). - xen-blkfront: Apply 'feature_persistent' parameter when connect (git-fixes). - xen-blkfront: Cache feature_persistent value before advertisement (git-fixes). - xen-blkfront: Handle NULL gendisk (git-fixes). - xen-netback: only remove 'hotplug-status' when the vif is actually destroyed (git-fixes). - xen/gntdev: Avoid blocking in unmap_grant_pages() (git-fixes). - xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (git-fixes). - xen/grants: prevent integer overflow in gnttab_dma_alloc_pages() (git-fixes). - xen/usb: do not use arbitrary_virt_to_machine() (git-fixes). - xhci: Allocate separate command structures for each LPM command (git-fixes). kernel-default-5.14.21-150400.24.28.1.nosrc.rpm True kernel-default-5.14.21-150400.24.28.1.x86_64.rpm True kernel-default-base-5.14.21-150400.24.28.1.150400.24.9.5.src.rpm True kernel-default-base-5.14.21-150400.24.28.1.150400.24.9.5.x86_64.rpm True kernel-default-devel-5.14.21-150400.24.28.1.x86_64.rpm True kernel-devel-5.14.21-150400.24.28.1.noarch.rpm True kernel-macros-5.14.21-150400.24.28.1.noarch.rpm True kernel-source-5.14.21-150400.24.28.1.src.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2022-3922 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for protobuf fixes the following issues: - CVE-2021-22569: Fixed Denial of Service in protobuf-java in the parsing procedure for binary data (bsc#1194530). - CVE-2022-1941: Fix a potential DoS issue in protobuf-cpp and protobuf-python (bsc#1203681) - CVE-2022-3171: Fix a potential DoS issue when parsing with binary data in protobuf-java (bsc#1204256) libprotobuf-lite20-3.9.2-150200.4.19.2.x86_64.rpm libprotobuf20-3.9.2-150200.4.19.2.x86_64.rpm protobuf-3.9.2-150200.4.19.2.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3564 critical SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libzypp, zypper fixes the following issues: libzypp: - Enable 'zck' support for SUSE Linux Enterprise 15 Service Pack 4 and newer (bsc#1189282) - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Remove migration code that is no longer needed (bsc#1203649) - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined zypper: - Fix contradiction in the man page: `--download-in-advance` option is the default behavior - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Fix tests to use locale "C.UTF-8" rather than "en_US" - Make sure 'up' respects solver related CLI options (bsc#1201972) - Remove unneeded code to compute the PPP status because it is now auto established - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined libzypp-17.31.2-150400.3.9.1.src.rpm True libzypp-17.31.2-150400.3.9.1.x86_64.rpm True libzypp-devel-17.31.2-150400.3.9.1.x86_64.rpm True zypper-1.14.57-150400.3.9.1.src.rpm True zypper-1.14.57-150400.3.9.1.x86_64.rpm True zypper-log-1.14.57-150400.3.9.1.noarch.rpm True zypper-needs-restarting-1.14.57-150400.3.9.1.noarch.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2022-4205 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for net-snmp fixes the following issues: Updated to version 5.9.3 (bsc#1201103, jsc#SLE-11203): - CVE-2022-24805: Fixed a buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB that can cause an out-of-bounds memory access. - CVE-2022-24809: Fixed a malformed OID in a GET-NEXT to the nsVacmAccessTable that can cause a NULL pointer dereference. - CVE-2022-24806: Fixed an improper Input Validation when SETing malformed OIDs in master agent and subagent simultaneously. - CVE-2022-24807: Fixed a malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access. - CVE-2022-24808: Fixed a malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference. - CVE-2022-24810: Fixed a malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference. libsnmp40-5.9.3-150300.15.3.1.x86_64.rpm net-snmp-5.9.3-150300.15.3.1.src.rpm net-snmp-5.9.3-150300.15.3.1.x86_64.rpm net-snmp-devel-5.9.3-150300.15.3.1.x86_64.rpm perl-SNMP-5.9.3-150300.15.3.1.x86_64.rpm snmp-mibs-5.9.3-150300.15.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3979 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for python-Mako fixes the following issues: - CVE-2022-40023: Fixed regular expression Denial of Service when using the Lexer class to parse (bsc#1203246). python-Mako-1.0.7-150000.3.3.1.src.rpm python3-Mako-1.0.7-150000.3.3.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3881 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for scap-security-guide fixes the following issues: - Ship Ubuntu 2204 profiles. - ComplianceAsCode was updated to 0.1.64 (jsc#ECO-3319): - Introduce OL9 stig and anssi profiles - Update RHEL8 STIG to V1R7 - Introduce e8 profile for OL9 - Update RHEL7 STIG to V3R8 - some SUSE profile fixes - Added several RPM requires that are needed by the SUSE remediation scripts. scap-security-guide-0.1.64-150000.1.50.1.noarch.rpm scap-security-guide-0.1.64-150000.1.50.1.src.rpm scap-security-guide-debian-0.1.64-150000.1.50.1.noarch.rpm scap-security-guide-redhat-0.1.64-150000.1.50.1.noarch.rpm scap-security-guide-ubuntu-0.1.64-150000.1.50.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3727 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for xen fixes the following issues: Updated to version 4.16.2 (bsc#1027519): - CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing (bsc#1203806). - CVE-2022-33748: Fixed DoS due to race in locking (bsc#1203807). Bugfixes: - Fixed Xen DomU unable to emulate audio device (bsc#1201994). - Fixed logic error in built-in default of max_event_channels (bsc#1167608, bsc#1201631). xen-4.16.2_06-150400.4.11.1.src.rpm xen-libs-4.16.2_06-150400.4.11.1.x86_64.rpm xen-tools-domU-4.16.2_06-150400.4.11.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4062 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libusb-1_0 fixes the following issues: - Fix regression where some devices no longer work if they have a configuration value of 0 (bsc#1201590) libusb-1_0-0-1.0.24-150400.3.3.1.x86_64.rpm libusb-1_0-1.0.24-150400.3.3.1.src.rpm libusb-1_0-devel-1.0.24-150400.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3670 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for zchunk fixes the following issues: - Make sure to ship libzck1 to Micro 5.3 (bsc#1204244) libzck1-1.1.16-150400.3.2.1.x86_64.rpm zchunk-1.1.16-150400.3.2.1.src.rpm zchunk-1.1.16-150400.3.2.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3806 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for dbus-1 fixes the following issues: - CVE-2022-42010: Fixed potential crash that could be triggered by an invalid signature (bsc#1204111). - CVE-2022-42011: Fixed an out of bounds read caused by a fixed length array (bsc#1204112). - CVE-2022-42012: Fixed a use-after-free that could be trigged by a message in non-native endianness with out-of-band Unix file descriptor (bsc#1204113). Bugfixes: - Disable asserts (bsc#1087072). dbus-1-1.12.2-150400.18.5.1.src.rpm True dbus-1-1.12.2-150400.18.5.1.x86_64.rpm True dbus-1-devel-1.12.2-150400.18.5.1.x86_64.rpm True dbus-1-x11-1.12.2-150400.18.5.1.src.rpm True dbus-1-x11-1.12.2-150400.18.5.1.x86_64.rpm True libdbus-1-3-1.12.2-150400.18.5.1.x86_64.rpm True libdbus-1-3-32bit-1.12.2-150400.18.5.1.x86_64.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2022-3872 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for cepces fixes the following issues: - Fix cepces won't compile on SLE15SP5. (bsc#1203273) cepces-0.3.4-150400.3.3.1.noarch.rpm cepces-0.3.4-150400.3.3.1.src.rpm cepces-certmonger-0.3.4-150400.3.3.1.noarch.rpm python3-cepces-0.3.4-150400.3.3.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3690 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for tiff fixes the following issues: - CVE-2022-2519: Fixed a double free in rotateImage() (bsc#1202968). - CVE-2022-2520: Fixed a assertion failure in rotateImage() (bsc#1202973). - CVE-2022-2521: Fixed invalid free in TIFFClose() (bsc#1202971). - CVE-2022-2867: Fixed out of bounds read and write in tiffcrop.c (bsc#1202466). - CVE-2022-2868: Fixed out of bounds read in reverseSamples16bits() (bsc#1202467). - CVE-2022-2869: Fixed out of bounds read and write in extractContigSamples8bits() (bsc#1202468). - CVE-2022-34526: Fixed stack overflow in the _TIFFVGetField function of Tiffsplit (bsc#1202026). libtiff-devel-4.0.9-150000.45.16.1.x86_64.rpm libtiff5-32bit-4.0.9-150000.45.16.1.x86_64.rpm libtiff5-4.0.9-150000.45.16.1.x86_64.rpm tiff-4.0.9-150000.45.16.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3843 critical SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for openssl-3 fixes the following issues: - CVE-2022-3358: Fixed vulnerability where a custom cipher passed to EVP_CipherInit() could lead into NULL encryption being unexpectedly used (bsc#1204226). - CVE-2022-3602: Fixed a buffer overflow in the X.509 email address. (bsc#1204714) - CVE-2022-3786: Fixed another buffer overflow related to X.509 email address. (bsc#1204714) libopenssl-3-devel-3.0.1-150400.4.11.1.x86_64.rpm libopenssl3-3.0.1-150400.4.11.1.x86_64.rpm openssl-3-3.0.1-150400.4.11.1.src.rpm openssl-3-3.0.1-150400.4.11.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3799 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for gnutls fixes the following issues: - FIPS: Set error state when jent init failed in FIPS mode (bsc#1202146) - FIPS: Make XTS key check failure not fatal (bsc#1203779) gnutls-3.7.3-150400.4.16.1.src.rpm gnutls-3.7.3-150400.4.16.1.x86_64.rpm libgnutls-devel-3.7.3-150400.4.16.1.x86_64.rpm libgnutls30-3.7.3-150400.4.16.1.x86_64.rpm libgnutls30-32bit-3.7.3-150400.4.16.1.x86_64.rpm libgnutls30-hmac-3.7.3-150400.4.16.1.x86_64.rpm libgnutls30-hmac-32bit-3.7.3-150400.4.16.1.x86_64.rpm libgnutlsxx-devel-3.7.3-150400.4.16.1.x86_64.rpm libgnutlsxx28-3.7.3-150400.4.16.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4256 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the "Development Tools" module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install "gcc12" or "gcc12-c++" or one of the other "gcc12-COMPILER" frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html gcc12-12.2.1+git416-150000.1.5.1.src.rpm libasan8-12.2.1+git416-150000.1.5.1.x86_64.rpm libasan8-32bit-12.2.1+git416-150000.1.5.1.x86_64.rpm libatomic1-12.2.1+git416-150000.1.5.1.x86_64.rpm libatomic1-32bit-12.2.1+git416-150000.1.5.1.x86_64.rpm libgcc_s1-12.2.1+git416-150000.1.5.1.x86_64.rpm libgcc_s1-32bit-12.2.1+git416-150000.1.5.1.x86_64.rpm libgfortran5-12.2.1+git416-150000.1.5.1.x86_64.rpm libgfortran5-32bit-12.2.1+git416-150000.1.5.1.x86_64.rpm libgomp1-12.2.1+git416-150000.1.5.1.x86_64.rpm libgomp1-32bit-12.2.1+git416-150000.1.5.1.x86_64.rpm libitm1-12.2.1+git416-150000.1.5.1.x86_64.rpm libitm1-32bit-12.2.1+git416-150000.1.5.1.x86_64.rpm liblsan0-12.2.1+git416-150000.1.5.1.x86_64.rpm libobjc4-12.2.1+git416-150000.1.5.1.x86_64.rpm libobjc4-32bit-12.2.1+git416-150000.1.5.1.x86_64.rpm libquadmath0-12.2.1+git416-150000.1.5.1.x86_64.rpm libquadmath0-32bit-12.2.1+git416-150000.1.5.1.x86_64.rpm libstdc++6-12.2.1+git416-150000.1.5.1.x86_64.rpm libstdc++6-32bit-12.2.1+git416-150000.1.5.1.x86_64.rpm libstdc++6-locale-12.2.1+git416-150000.1.5.1.x86_64.rpm libstdc++6-pp-12.2.1+git416-150000.1.5.1.x86_64.rpm libstdc++6-pp-32bit-12.2.1+git416-150000.1.5.1.x86_64.rpm libtsan2-12.2.1+git416-150000.1.5.1.x86_64.rpm libubsan1-12.2.1+git416-150000.1.5.1.x86_64.rpm libubsan1-32bit-12.2.1+git416-150000.1.5.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3963 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for sssd fixes the following issues: - Fix the 'No matching host rule found' error in sdap_access_host (bsc#1202559) libipa_hbac-devel-2.5.2-150400.4.11.1.x86_64.rpm libipa_hbac0-2.5.2-150400.4.11.1.x86_64.rpm libsss_certmap-devel-2.5.2-150400.4.11.1.x86_64.rpm libsss_certmap0-2.5.2-150400.4.11.1.x86_64.rpm libsss_idmap-devel-2.5.2-150400.4.11.1.x86_64.rpm libsss_idmap0-2.5.2-150400.4.11.1.x86_64.rpm libsss_nss_idmap-devel-2.5.2-150400.4.11.1.x86_64.rpm libsss_nss_idmap0-2.5.2-150400.4.11.1.x86_64.rpm libsss_simpleifp-devel-2.5.2-150400.4.11.1.x86_64.rpm libsss_simpleifp0-2.5.2-150400.4.11.1.x86_64.rpm python3-sssd-config-2.5.2-150400.4.11.1.x86_64.rpm sssd-2.5.2-150400.4.11.1.src.rpm sssd-2.5.2-150400.4.11.1.x86_64.rpm sssd-ad-2.5.2-150400.4.11.1.x86_64.rpm sssd-common-2.5.2-150400.4.11.1.x86_64.rpm sssd-common-32bit-2.5.2-150400.4.11.1.x86_64.rpm sssd-dbus-2.5.2-150400.4.11.1.x86_64.rpm sssd-ipa-2.5.2-150400.4.11.1.x86_64.rpm sssd-kcm-2.5.2-150400.4.11.1.x86_64.rpm sssd-krb5-2.5.2-150400.4.11.1.x86_64.rpm sssd-krb5-common-2.5.2-150400.4.11.1.x86_64.rpm sssd-ldap-2.5.2-150400.4.11.1.x86_64.rpm sssd-proxy-2.5.2-150400.4.11.1.x86_64.rpm sssd-tools-2.5.2-150400.4.11.1.x86_64.rpm sssd-winbind-idmap-2.5.2-150400.4.11.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3692 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libxml2 fixes the following issues: - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). libxml2-2-2.9.14-150400.5.10.1.x86_64.rpm libxml2-2.9.14-150400.5.10.1.src.rpm libxml2-devel-2.9.14-150400.5.10.1.x86_64.rpm libxml2-python-2.9.14-150400.5.10.1.src.rpm libxml2-tools-2.9.14-150400.5.10.1.x86_64.rpm python3-libxml2-2.9.14-150400.5.10.1.x86_64.rpm libxml2-2-32bit-2.9.14-150400.5.10.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3995 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for jackson-databind fixes the following issues: Update to version 2.13.4.2: - CVE-2022-42003: Fixed missing check in primitive value deserializers to avoid deep wrapper array nesting wrt 'UNWRAP_SINGLE_VALUE_ARRAYS' (bsc#1204370). - CVE-2022-42004: Fixed missing check in 'BeanDeserializer._deserializeFromArray()' to prevent use of deeply nested arrays (bsc#1204369). jackson-databind-2.13.4.2-150200.3.12.1.noarch.rpm jackson-databind-2.13.4.2-150200.3.12.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3683 critical SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libksba fixes the following issues: - CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357). libksba-1.3.5-150000.4.3.1.src.rpm libksba-devel-1.3.5-150000.4.3.1.x86_64.rpm libksba8-1.3.5-150000.4.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4066 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z timezone-2022f-150000.75.15.1.src.rpm timezone-2022f-150000.75.15.1.x86_64.rpm timezone-java-2022f-150000.75.15.1.noarch.rpm timezone-java-2022f-150000.75.15.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3851 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for rsync fixes the following issues: - Fix regression with `--delay-updates` where files never update after interruption (bsc#1204538) - Add support for `--trust-sender` parameter (bsc#1202970) rsync-3.2.3-150400.3.8.1.src.rpm rsync-3.2.3-150400.3.8.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4491 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libsodium, python-Django, python-PyNaCl, python-cffi, python-hypothesis, python-packaging, python-readthedocs-sphinx-ext, python-semver, python-sphinx_rtd_theme fixes the following issues: libsodium: - Version update from 1.0.16 to 1.0.18 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) * Enterprise versions of Visual Studio are now supported * Visual Studio 2019 is now supported * 32-bit binaries for Visual Studio 2010 are now provided * Emscripten: print and printErr functions are overridden to send errors to the console, if there is one * Emscripten: UTF8ToString() is now exported since Pointer_stringify() has been deprecated * Libsodium version detection has been fixed in the CMake recipe * Generic hashing got a 10% speedup on AVX2. * New target: WebAssembly/WASI (compile with dist-builds/wasm32-wasi.sh) * New functions to map a hash to an edwards25519 point or get a random point: core_ed25519_from_hash() and core_ed25519_random() * crypto_core_ed25519_scalar_mul() has been implemented for scalar*scalar (mod L) multiplication * Support for the Ristretto group has been implemented for interoperability with wasm-crypto * Improvements have been made to the test suite * Portability improvements have been made * 'randombytes_salsa20' has been 'renamed to randombytes_internal' * Support for NativeClient has been removed * Most ((nonnull)) attributes have been relaxed to allow 0-length inputs to be NULL. * The -ftree-vectorize and -ftree-slp-vectorize compiler switches are now used, if available, for optimized builds * For the full list of changes please consult the packaged ChangeLog - Disable LTO to bypass build failures on Power PC architecture (bsc#1148184) python-cffi: - Version update from 1.11.2 to 1.15.0 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) * Fixed MANIFEST.in to include missing file for Windows arm64 support * Fixed Linux wheel build to use gcc default ISA for libffi * Updated setup.py Python trove specifiers to currently-tested Python versions * CPython 3.10 support (including wheels) * MacOS arm64 support (including wheels) * Initial Windows arm64 support * Misc. doc and test updates - Fix for using to proper void returning function not to corrupt memory in tests. (bsc#1111657) python-Django: - New package at version 2.0.7 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) python-hypothesis: - Version update from 3.40.1 to 3.76.0 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) * This release deprecates using floats for min_size and max_size * The type hint for average_size arguments has been changed from Optional[int] to None, because non-None values are always ignored and deprecated. * Fix a broken link in a docstring * Deprecate the use of 'min_size=None', setting the mdefault min_size to 0 * Strategies are now fully constructed and validated before the timer is started * Fix some broken formatting and links in the documentation * Check that the value of the print_blob setting is a PrintSettings instance * Being able to specify a boolean value was not intended, and is now deprecated. In addition, specifying True will now cause the blob to always be printed, instead of causing it to be suppressed. * Specifying any value that is not a PrintSettings or a boolean is now an error * Changes the documentation for hypothesis.strategies.datetimes, hypothesis.strategies.dates, hypothesis.strategies.times to use the new parameter names min_value and max_value instead of the deprecated names * Ensure that Hypothesis deprecation warnings display the code that emitted them when you’re not running in -Werror mode * For the full list of changes please consult the changelog at https://hypothesis.readthedocs.io/en/latest/changes.html#v3-76-0 python-packaging: - Version update from 16.8 to 21.3 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) * Fix testsuite on big-endian targets * Ignore python3.6.2 since the test doesn't support it * Replace the blank pyparsing 3 exclusion with a 3.0.5 exclusion * Fix a spelling mistake * Work around dependency generator issues (bsc#1186870) * Remove dependency on attrs (bsc#1144506) * Update documentation entry for 21.1. * Update pin to pyparsing to exclude 3.0.0. * PEP 656: musllinux support * Drop support for Python 2.7, Python 3.4 and Python 3.5. * Replace distutils usage with sysconfig * Add support for zip files in `parse_sdist_filename` * Use cached `_hash` attribute to short-circuit tag equality comparisons * Specify the default value for the `specifier` argument to `SpecifierSet` * Proper keyword-only "warn" argument in packaging.tags * Correctly remove prerelease suffixes from ~= check * Fix type hints for `Version.post`` and `Version.dev` * Use typing alias `UnparsedVersion`` * Improve type inference for `packaging.specifiers.filter()` * Tighten the return type of `canonicalize_version()` * For the full list of changes please consult the packaged CHANGELOG file python-PyNaCl: - Version update from 1.2.1 to 1.4.0 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) * Add dependency requirement to python-six, needed by the testsuite * Update `libsodium` to 1.0.18. * **BACKWARDS INCOMPATIBLE:** We no longer distribute 32-bit `manylinux1` wheels. Continuing to produce them was a maintenance burden. * Added support for Python 3.8, and removed support for Python 3.4. * Add low level bindings for extracting the seed and the public key from crypto_sign_ed25519 secret key * Add low level bindings for deterministic random generation. * Add `wheel` and `setuptools` setup_requirements in `setup.py` * Fix checks on very slow builders (#481, #495) * Add low-level bindings to ed25519 arithmetic functions * Update low-level blake2b state implementation * Fix wrong short-input behavior of SealedBox.decrypt() * Raise CryptPrefixError exception instead of InvalidkeyError when trying to check a password against a verifier stored in a unknown format * Add support for minimal builds of libsodium. Trying to call functions not available in a minimal build will raise an UnavailableError exception. To compile a minimal build of the bundled libsodium, set the SODIUM_INSTALL_MINIMAL environment variable to any non-empty string (e.g. `SODIUM_INSTALL_MINIMAL=1`) for setup. python-semver: - New package at version 2.13.0 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) python-sphinx_rtd_theme: - Version update from 0.2.4 to 0.5.1 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) * Add github, gitlab, bitbucket page arguments option * Add html language attribute * Add language to the JS output variable * Add open list spacing * Add option to style external links * Add pygments support * Add setuptools entry point allowing to use sphinx_rtd_theme as Sphinx html_theme directly. * Add Sphinx as a dependency * Allow setting 'rel' and 'title' attributes for stylesheets * Changed code and literals to use a native font stack * Color accessibility improvements on the left navigation * Compress our Javascript files * Do not rely on readthedocs.org for CSS/JS * Fix line height adjustments for Liberation Mono * Fix line number spacing to align with the code lines * Fix many sidebar glitches * Fix many styling issues * Fix mkdocs version selector * Fix small styling issues * Fix some HTML warnings and errors * Fix table centering * Hide Edit links on auto created pages * Include missing font files with the theme * Updated dependencies * Write theme version and build date at top of JavaScript and CSS libsodium-1.0.18-150000.4.6.1.src.rpm libsodium-devel-1.0.18-150000.4.6.1.x86_64.rpm libsodium23-1.0.18-150000.4.6.1.x86_64.rpm libsodium23-32bit-1.0.18-150000.4.6.1.x86_64.rpm python-PyNaCl-1.4.0-150000.3.6.6.src.rpm python-sphinx_rtd_theme-0.5.1-150000.3.5.1.src.rpm python3-PyNaCl-1.4.0-150000.3.6.6.x86_64.rpm python3-sphinx_rtd_theme-0.5.1-150000.3.5.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3932 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for python-rsa fixes the following issues: - CVE-2020-25658: Fixed bleichenbacher timing oracle attack against RSA decryption (bsc#1178676). python-rsa-3.4.2-150000.3.7.1.src.rpm python3-rsa-3.4.2-150000.3.7.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4233 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for publicsuffix fixes the following issues: - Update to version 20220903 publicsuffix-20220903-150000.3.12.1.noarch.rpm publicsuffix-20220903-150000.3.12.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4232 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for llvm11 fixes the following issues: - The LLVM test suite expects specific compressed binary payload but with IBM z HW compression that payload can vary and not match the software implementation, fixes testsuite errors (bsc#1189602) libLLVM11-11.0.1-150300.3.3.1.x86_64.rpm libLLVM11-32bit-11.0.1-150300.3.3.1.x86_64.rpm libc++-devel-11.0.1-150300.3.3.1.x86_64.rpm libc++1-11.0.1-150300.3.3.1.x86_64.rpm libc++abi-devel-11.0.1-150300.3.3.1.x86_64.rpm libc++abi1-11.0.1-150300.3.3.1.x86_64.rpm llvm11-11.0.1-150300.3.3.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4133 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for python-webencodings fixes the following issue: - Loose the filelist for the package info to avoid build failure (bsc#1203743) python-webencodings-0.5.1-150000.3.3.1.src.rpm python3-webencodings-0.5.1-150000.3.3.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4049 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libnvme fixes the following issues: - Fixes for controller authentication (bsc#1201501 bsc#1201700 bsc#1201701 bsc#1201717) - Subsystem scanning logic - Fabrics improvements libnvme-1.0-150400.3.6.1.src.rpm libnvme-devel-1.0-150400.3.6.1.x86_64.rpm libnvme1-1.0-150400.3.6.1.x86_64.rpm python3-libnvme-1.0-150400.3.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4200 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for perl-DBD-SQLite fixes the following issues: - Fixed a failing test when comparing lowercase data (bsc#1203742) perl-DBD-SQLite-1.66-150300.3.6.1.src.rpm perl-DBD-SQLite-1.66-150300.3.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4227 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for samba fixes the following issue: - Make samba-tool available in the basesystem (bsc#1204440) libsamba-policy-devel-4.15.8+git.527.8d0c05d313e-150400.3.16.11.x86_64.rpm libsamba-policy-python3-devel-4.15.8+git.527.8d0c05d313e-150400.3.16.11.x86_64.rpm libsamba-policy0-python3-4.15.8+git.527.8d0c05d313e-150400.3.16.11.x86_64.rpm samba-4.15.8+git.527.8d0c05d313e-150400.3.16.11.src.rpm samba-4.15.8+git.527.8d0c05d313e-150400.3.16.11.x86_64.rpm samba-ad-dc-libs-4.15.8+git.527.8d0c05d313e-150400.3.16.11.x86_64.rpm samba-ceph-4.15.8+git.527.8d0c05d313e-150400.3.16.11.x86_64.rpm samba-client-4.15.8+git.527.8d0c05d313e-150400.3.16.11.x86_64.rpm samba-client-libs-4.15.8+git.527.8d0c05d313e-150400.3.16.11.x86_64.rpm samba-devel-4.15.8+git.527.8d0c05d313e-150400.3.16.11.x86_64.rpm samba-dsdb-modules-4.15.8+git.527.8d0c05d313e-150400.3.16.11.x86_64.rpm samba-gpupdate-4.15.8+git.527.8d0c05d313e-150400.3.16.11.x86_64.rpm samba-ldb-ldap-4.15.8+git.527.8d0c05d313e-150400.3.16.11.x86_64.rpm samba-libs-4.15.8+git.527.8d0c05d313e-150400.3.16.11.x86_64.rpm samba-libs-python3-4.15.8+git.527.8d0c05d313e-150400.3.16.11.x86_64.rpm samba-python3-4.15.8+git.527.8d0c05d313e-150400.3.16.11.x86_64.rpm samba-tool-4.15.8+git.527.8d0c05d313e-150400.3.16.11.x86_64.rpm samba-winbind-4.15.8+git.527.8d0c05d313e-150400.3.16.11.x86_64.rpm samba-winbind-libs-4.15.8+git.527.8d0c05d313e-150400.3.16.11.x86_64.rpm samba-client-libs-32bit-4.15.8+git.527.8d0c05d313e-150400.3.16.11.x86_64.rpm samba-libs-32bit-4.15.8+git.527.8d0c05d313e-150400.3.16.11.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3787 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for permissions fixes the following issues: - Fix regression introduced by backport of security fix (bsc#1203911) - Add permissions for enlightenment helper on 32bit arches (bsc#1194047) permissions-20201225-150400.5.16.1.src.rpm permissions-20201225-150400.5.16.1.x86_64.rpm permissions-zypp-plugin-20201225-150400.5.16.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3986 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libX11 fixes the following issues: - CVE-2022-3554: Fixed memory leak in XRegisterIMInstantiateCallback() (bsc#1204422). - CVE-2022-3555: Fixed memory leak in _XFreeX11XCBStructure() (bsc#1204425). libX11-1.6.5-150000.3.24.1.src.rpm libX11-6-1.6.5-150000.3.24.1.x86_64.rpm libX11-data-1.6.5-150000.3.24.1.noarch.rpm libX11-devel-1.6.5-150000.3.24.1.x86_64.rpm libX11-xcb1-1.6.5-150000.3.24.1.x86_64.rpm libX11-xcb1-32bit-1.6.5-150000.3.24.1.x86_64.rpm libX11-6-32bit-1.6.5-150000.3.24.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3862 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for xorg-x11-server fixes the following issues: - CVE-2022-3550: Fixed out of bounds read/write in _GetCountedString() (bsc#1204412). - CVE-2022-3551: Fixed various leaks of the return value of GetComponentSpec() (bsc#1204416). xorg-x11-server-1.20.3-150400.38.8.1.src.rpm xorg-x11-server-1.20.3-150400.38.8.1.x86_64.rpm xorg-x11-server-extra-1.20.3-150400.38.8.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4006 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for kernel-firmware fixes the following issues: - Update firmware for CS35L41 codecs (bsc#1203699) kernel-firmware-20220509-150400.4.13.1.src.rpm True kernel-firmware-all-20220509-150400.4.13.1.noarch.rpm True kernel-firmware-amdgpu-20220509-150400.4.13.1.noarch.rpm True kernel-firmware-ath10k-20220509-150400.4.13.1.noarch.rpm True kernel-firmware-ath11k-20220509-150400.4.13.1.noarch.rpm True kernel-firmware-atheros-20220509-150400.4.13.1.noarch.rpm True kernel-firmware-bluetooth-20220509-150400.4.13.1.noarch.rpm True kernel-firmware-bnx2-20220509-150400.4.13.1.noarch.rpm True kernel-firmware-brcm-20220509-150400.4.13.1.noarch.rpm True kernel-firmware-chelsio-20220509-150400.4.13.1.noarch.rpm True kernel-firmware-dpaa2-20220509-150400.4.13.1.noarch.rpm True kernel-firmware-i915-20220509-150400.4.13.1.noarch.rpm True kernel-firmware-intel-20220509-150400.4.13.1.noarch.rpm True kernel-firmware-iwlwifi-20220509-150400.4.13.1.noarch.rpm True kernel-firmware-liquidio-20220509-150400.4.13.1.noarch.rpm True kernel-firmware-marvell-20220509-150400.4.13.1.noarch.rpm True kernel-firmware-media-20220509-150400.4.13.1.noarch.rpm True kernel-firmware-mediatek-20220509-150400.4.13.1.noarch.rpm True kernel-firmware-mellanox-20220509-150400.4.13.1.noarch.rpm True kernel-firmware-mwifiex-20220509-150400.4.13.1.noarch.rpm True kernel-firmware-network-20220509-150400.4.13.1.noarch.rpm True kernel-firmware-nfp-20220509-150400.4.13.1.noarch.rpm True kernel-firmware-nvidia-20220509-150400.4.13.1.noarch.rpm True kernel-firmware-platform-20220509-150400.4.13.1.noarch.rpm True kernel-firmware-prestera-20220509-150400.4.13.1.noarch.rpm True kernel-firmware-qcom-20220509-150400.4.13.1.noarch.rpm True kernel-firmware-qlogic-20220509-150400.4.13.1.noarch.rpm True kernel-firmware-radeon-20220509-150400.4.13.1.noarch.rpm True kernel-firmware-realtek-20220509-150400.4.13.1.noarch.rpm True kernel-firmware-serial-20220509-150400.4.13.1.noarch.rpm True kernel-firmware-sound-20220509-150400.4.13.1.noarch.rpm True kernel-firmware-ti-20220509-150400.4.13.1.noarch.rpm True kernel-firmware-ueagle-20220509-150400.4.13.1.noarch.rpm True kernel-firmware-usb-network-20220509-150400.4.13.1.noarch.rpm True ucode-amd-20220509-150400.4.13.1.noarch.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2022-4162 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for dracut fixes the following issues: - A series of fixes for NVMeoF boot to resolve wrong information that is added by dracut (bsc#1203368) - network-manager: always install the library plugins directory (bsc#1202014) - dmsquash-live: correct regression introduced with shellcheck changes (bsc#1203894) - systemd: add missing modprobe@.service (bsc#1203749) - i18n: do not fail if FONT in /etc/vconsole.conf has the file extension (bsc#1203267) dracut-055+suse.323.gca0e74f0-150400.3.13.1.src.rpm dracut-055+suse.323.gca0e74f0-150400.3.13.1.x86_64.rpm dracut-fips-055+suse.323.gca0e74f0-150400.3.13.1.x86_64.rpm dracut-ima-055+suse.323.gca0e74f0-150400.3.13.1.x86_64.rpm dracut-mkinitrd-deprecated-055+suse.323.gca0e74f0-150400.3.13.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3961 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) libminizip1-1.2.11-150000.3.36.1.x86_64.rpm libz1-1.2.11-150000.3.36.1.x86_64.rpm libz1-32bit-1.2.11-150000.3.36.1.x86_64.rpm minizip-devel-1.2.11-150000.3.36.1.x86_64.rpm zlib-1.2.11-150000.3.36.1.src.rpm zlib-devel-1.2.11-150000.3.36.1.x86_64.rpm zlib-devel-static-1.2.11-150000.3.36.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4059 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for ssg-apply fixes the following issues: This package contains a systemd service which can be run on boot which detects and/or mitigates hardening issues from the scap-security-guide, aka ComplianceAsCode. The behaviour can be configured in the config file /etc/ssg-apply/default.conf Options: - "profile" ... Which SCAP XCCDF profile to use. The default is "stig" for the SUSE supported DISA stig profile. Other profiles from the scap-security-guide can also be selected, like "cis", "hipaa", "pci-dss" and others. - "remediate" Whether to have the service immediately fix the issues. The default is "off", if you want to enable automatic remediation, use "on". - "tailoring-file" ... default is "" (none). A tailoring file is a XML configuration file that can be used to select/deselect rules to check / remediate. The service can be enabled with: * systemctl enable ssg-apply.service ssg-apply-1.0-150000.1.3.1.src.rpm ssg-apply-1.0-150000.1.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4197 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for strongswan fixes the following issues: Security issues fixed: - CVE-2022-40617: Fixed that using untrusted URIs for revocation checking could lead to denial of service (bsc#1203556) Feature changes: - Enable Marvell plugin (jsc#SLE-20151) strongswan-5.8.2-150400.19.3.3.src.rpm strongswan-5.8.2-150400.19.3.3.x86_64.rpm strongswan-doc-5.8.2-150400.19.3.3.noarch.rpm strongswan-hmac-5.8.2-150400.19.3.3.x86_64.rpm strongswan-ipsec-5.8.2-150400.19.3.3.x86_64.rpm strongswan-libs0-5.8.2-150400.19.3.3.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3953 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for xterm fixes the following issues: - CVE-2022-24130: Fixed buffer overflow in set_sixel when Sixel support is enabled (bsc#1195387). xterm-330-150200.11.6.1.src.rpm xterm-330-150200.11.6.1.x86_64.rpm xterm-bin-330-150200.11.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4078 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for java-11-openjdk fixes the following issues: - Update to jdk-11.0.17+8 (October 2022 CPU) - CVE-2022-39399: Improve HTTP/2 client usage(bsc#1204480) - CVE-2022-21628: Better HttpServer service (bsc#1204472) - CVE-2022-21624: Enhance icon presentations (bsc#1204475) - CVE-2022-21619: Improve NTLM support (bsc#1204473) - CVE-2022-21626: Key X509 usages (bsc#1204471) - CVE-2022-21618: Wider MultiByte (bsc#1204468) java-11-openjdk-11.0.17.0-150000.3.86.2.src.rpm java-11-openjdk-11.0.17.0-150000.3.86.2.x86_64.rpm java-11-openjdk-demo-11.0.17.0-150000.3.86.2.x86_64.rpm java-11-openjdk-devel-11.0.17.0-150000.3.86.2.x86_64.rpm java-11-openjdk-headless-11.0.17.0-150000.3.86.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4314 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for Yast2 fixes the following issues: autoyast2: - Allow empty values in ask/default, ask/selection/label and ask/selection/value elements (bsc#1204448) - Add needed packages for the selected network backend in order to prevent it is not declared in the software section (bsc#1201235, bsc#1201435) yast2-bootloader: - Prevent leak of grub2 password to logs (bsc#1201962) yast2-installation: - Fix copy of entropy pool during installation (bsc#1204559) yast2-network: - Do not assume wicked will be installed by default anymore and return the needed packages by the selected backend when them are not installed (bsc#1201235, bsc#1201435) - Fixed issue when writing the NetworkManager config without a gateway (bsc#1203866) - Activate s390 devices before importing and reading the network configuration or otherwise the related linux devices will not be present and could be ignored (bsc#1199746) - At the end of the installation, force an enablement of the selected network service even when the selected one has not been modified and ensure other backends are disabled (bsc#1202479) autoyast2-4.4.41-150400.3.13.1.noarch.rpm autoyast2-4.4.41-150400.3.13.1.src.rpm autoyast2-installation-4.4.41-150400.3.13.1.noarch.rpm yast2-bootloader-4.4.18-150400.3.3.1.src.rpm yast2-bootloader-4.4.18-150400.3.3.1.x86_64.rpm yast2-installation-4.4.57-150400.3.12.1.noarch.rpm yast2-installation-4.4.57-150400.3.12.1.src.rpm yast2-network-4.4.53-150400.3.10.1.noarch.rpm yast2-network-4.4.53-150400.3.10.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3783 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for telnet fixes the following issues: - CVE-2022-39028: Fixed NULL pointer dereference in telnetd (bsc#1203759). telnet-1.2-150000.3.6.1.src.rpm telnet-1.2-150000.3.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3936 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libarchive fixes the following issues: - CVE-2021-31566: Fixed vulnerability where libarchive modifies file flags of symlink target (bsc#1192426) - Fixed issue where processing fixup entries may follow symbolic links (bsc#1192427). libarchive-3.5.1-150400.3.9.1.src.rpm libarchive-devel-3.5.1-150400.3.9.1.x86_64.rpm libarchive13-3.5.1-150400.3.9.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4079 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for java-17-openjdk fixes the following issues: - Update to jdk-17.0.5+8 (October 2022 CPU) - CVE-2022-39399: Improve HTTP/2 client usage(bsc#1204480) - CVE-2022-21628: Better HttpServer service (bsc#1204472) - CVE-2022-21624: Enhance icon presentations (bsc#1204475) - CVE-2022-21619: Improve NTLM support (bsc#1204473) - CVE-2022-21618: Wider MultiByte (bsc#1204468) java-17-openjdk-17.0.5.0-150400.3.6.1.src.rpm java-17-openjdk-17.0.5.0-150400.3.6.1.x86_64.rpm java-17-openjdk-demo-17.0.5.0-150400.3.6.1.x86_64.rpm java-17-openjdk-devel-17.0.5.0-150400.3.6.1.x86_64.rpm java-17-openjdk-headless-17.0.5.0-150400.3.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3931 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for git fixes the following issues: - CVE-2022-39260: Fixed overflow in split_cmdline() (bsc#1204456). - CVE-2022-39253: Fixed dereference issue with symbolic links via the `--local` clone mechanism (bsc#1204455). git-2.35.3-150300.10.18.1.src.rpm git-core-2.35.3-150300.10.18.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3785 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386). curl-7.79.1-150400.5.9.1.src.rpm curl-7.79.1-150400.5.9.1.x86_64.rpm libcurl-devel-7.79.1-150400.5.9.1.x86_64.rpm libcurl4-32bit-7.79.1-150400.5.9.1.x86_64.rpm libcurl4-7.79.1-150400.5.9.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3802 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for openjpeg2 fixes the following issues: - CVE-2018-20846: Fixed OOB read in pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c (bsc#1140205). - CVE-2018-21010: Fixed heap buffer overflow in color_apply_icc_profile in bin/common/color.c (bsc#1149789). - CVE-2020-27814: Fixed heap buffer overflow in lib/openjp2/mqc.c (bsc#1179594), - CVE-2020-27824: Fixed OOB read in opj_dwt_calc_explicit_stepsizes() (bsc#1179821). - CVE-2020-27841: Fixed buffer over-read in lib/openjp2/pi.c (bsc#1180042). - CVE-2020-27842: Fixed null pointer dereference in opj_tgt_reset function in lib/openjp2/tgt.c (bsc#1180043). - CVE-2020-27843: Fixed OOB read in opj_t2_encode_packet function in openjp2/t2.c (bsc#1180044). - CVE-2020-27845: Fixed heap-based buffer over-read in functions opj_pi_next_rlcp, opj_pi_next_rpcl and opj_pi_next_lrcp in openjp2/pi.c (bsc#1180046). libopenjp2-7-2.3.0-150000.3.8.1.x86_64.rpm openjpeg2-2.3.0-150000.3.8.1.src.rpm openjpeg2-2.3.0-150000.3.8.1.x86_64.rpm openjpeg2-devel-2.3.0-150000.3.8.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3985 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update fixes for python3-apipkg the following issues: python-apipkg-1.4-150000.3.4.1.src.rpm python-iniconfig-1.1.1-150000.1.9.1.src.rpm python3-apipkg-1.4-150000.3.4.1.noarch.rpm python3-iniconfig-1.1.1-150000.1.9.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3875 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for xmlbeans fixes the following issues: - CVE-2021-23926: Fixed XML parsers not protecting from malicious XML input (bsc#1180915). xmlbeans-2.6.0-150000.5.3.1.noarch.rpm xmlbeans-2.6.0-150000.5.3.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3784 critical SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libtasn1 fixes the following issues: - CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690) libtasn1-4.13-150000.4.8.1.src.rpm libtasn1-4.13-150000.4.8.1.x86_64.rpm libtasn1-6-4.13-150000.4.8.1.x86_64.rpm libtasn1-devel-4.13-150000.4.8.1.x86_64.rpm libtasn1-6-32bit-4.13-150000.4.8.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3873 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nspr was updated to version 4.34.1: * add file descriptor sanity checks in the NSPR poll function. mozilla-nss was updated to NSS 3.79.2 (bsc#1204729): * Bump minimum NSPR version to 4.34.1. * Gracefully handle null nickname in CERT_GetCertNicknameWithValidity. Other fixes that were applied: - FIPS: Allow the use of DSA keys (verification only) (bsc#1201298). - FIPS: Add sftk_FIPSRepeatIntegrityCheck() to softoken's .def file (bsc#1198980). - FIPS: Allow the use of longer symmetric keys via the service level indicator (bsc#1191546). - FIPS: Prevent TLS sessions from getting flagged as non-FIPS (bsc#1191546). - FIPS: Mark DSA keygen unapproved (bsc#1191546, bsc#1201298). - FIPS: Use libjitterentropy for entropy (bsc#1202870). - FIPS: Fixed an abort() when both NSS_FIPS and /proc FIPS mode are enabled. mozilla-nspr-4.34.1-150000.3.26.1.src.rpm mozilla-nspr-4.34.1-150000.3.26.1.x86_64.rpm mozilla-nspr-devel-4.34.1-150000.3.26.1.x86_64.rpm mozilla-nspr-32bit-4.34.1-150000.3.26.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3958 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for mozilla-nss fixes the following issues: mozilla-nss was updated to NSS 3.79.2 (bsc#1204729) * Bump minimum NSPR version to 4.34.1. * Gracefully handle null nickname in CERT_GetCertNicknameWithValidity. - FIPS: Allow the use of DSA keys (verification only) (bsc#1201298). - FIPS: Add sftk_FIPSRepeatIntegrityCheck() to softoken's .def file (bsc#1198980). - FIPS: Allow the use of longer symmetric keys via the service level indicator (bsc#1191546). - FIPS: Export sftk_FIPSRepeatIntegrityCheck() correctly (bsc#1198980). - FIPS: Prevent sessions from getting flagged as non-FIPS (bsc#1191546). - FIPS: Mark DSA keygen unapproved (bsc#1191546, bsc#1201298). - FIPS: Enable userspace entropy gathering via libjitterentropy (bsc#1202870). - FIPS: Prevent keys from getting flagged as non-FIPS and add remaining TLS mechanisms. - FIPS: Use libjitterentropy for entropy. - FIPS: Fixed an abort() when both NSS_FIPS and /proc FIPS mode are enabled. libfreebl3-3.79.2-150400.3.15.1.x86_64.rpm libfreebl3-32bit-3.79.2-150400.3.15.1.x86_64.rpm libfreebl3-hmac-3.79.2-150400.3.15.1.x86_64.rpm libsoftokn3-3.79.2-150400.3.15.1.x86_64.rpm libsoftokn3-32bit-3.79.2-150400.3.15.1.x86_64.rpm libsoftokn3-hmac-3.79.2-150400.3.15.1.x86_64.rpm libsoftokn3-hmac-32bit-3.79.2-150400.3.15.1.x86_64.rpm mozilla-nss-3.79.2-150400.3.15.1.src.rpm mozilla-nss-3.79.2-150400.3.15.1.x86_64.rpm mozilla-nss-32bit-3.79.2-150400.3.15.1.x86_64.rpm mozilla-nss-certs-3.79.2-150400.3.15.1.x86_64.rpm mozilla-nss-devel-3.79.2-150400.3.15.1.x86_64.rpm mozilla-nss-sysinit-3.79.2-150400.3.15.1.x86_64.rpm mozilla-nss-tools-3.79.2-150400.3.15.1.x86_64.rpm libfreebl3-hmac-32bit-3.79.2-150400.3.15.1.x86_64.rpm mozilla-nss-certs-32bit-3.79.2-150400.3.15.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4412 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for suse-build-key fixes the following issues: - added /usr/share/pki/containers directory for container pem keys (cosign/sigstore style), put the SUSE Container signing PEM key there too (bsc#1204706) suse-build-key-12.0-150000.8.28.1.noarch.rpm suse-build-key-12.0-150000.8.28.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3899 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for sendmail fixes the following issues: - CVE-2022-31256: Fixed mail to root privilege escalation via sm-client.pre script (bsc#1204696, bsc#1202937). libmilter1_0-8.15.2-150000.8.9.1.x86_64.rpm sendmail-8.15.2-150000.8.9.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3884 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). expat-2.4.4-150400.3.12.1.src.rpm expat-2.4.4-150400.3.12.1.x86_64.rpm libexpat-devel-2.4.4-150400.3.12.1.x86_64.rpm libexpat1-2.4.4-150400.3.12.1.x86_64.rpm libexpat1-32bit-2.4.4-150400.3.12.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4047 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for nvme-cli fixes the following issues: - Support auto discovery, add %systemd_ordering to spec file (bsc#1186399) - fabrics: Remove dhchap-ctrl-secret from discover/connect-all (bsc#1201701) - Various other fabrics related bug fixes were added. nvme-cli-2.0-150400.3.6.1.src.rpm nvme-cli-2.0-150400.3.6.1.x86_64.rpm nvme-cli-bash-completion-2.0-150400.3.6.1.x86_64.rpm nvme-cli-zsh-completion-2.0-150400.3.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4160 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for nfsidmap fixes the following issues: - Various bugfixes and improvemes from upstream In particular, fixed a crash that can happen when a 'static' mapping is configured. (bsc#1200901) nfsidmap-0.26-150000.3.7.1.src.rpm nfsidmap-0.26-150000.3.7.1.x86_64.rpm nfsidmap-devel-0.26-150000.3.7.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4204 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for keylime fixes the following issues: - CVE-2022-3500: Fixed vulnerability where a node seems as attested when in reality it is not properly attested (bsc#1204782). keylime-6.3.2-150400.4.14.1.src.rpm keylime-agent-6.3.2-150400.4.14.1.noarch.rpm keylime-config-6.3.2-150400.4.14.1.noarch.rpm keylime-firewalld-6.3.2-150400.4.14.1.noarch.rpm keylime-logrotate-6.3.2-150400.4.14.1.noarch.rpm keylime-registrar-6.3.2-150400.4.14.1.noarch.rpm keylime-tpm_cert_store-6.3.2-150400.4.14.1.noarch.rpm keylime-verifier-6.3.2-150400.4.14.1.noarch.rpm python3-keylime-6.3.2-150400.4.14.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4340 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for wicked fixes the following issues: - build: Ensure binaries are Position Independent Executable (PIE) (bsc#1184124) - client: Add release options to ifdown/ifreload (jsc#SLE-25048, jsc#SLE-10249) - client: Fix memory access violation (SEGV) on empty xpath results - dbus: Clear string array before append - dhcp4: Fix issues in reuse of last lease (bsc#1187655) - dhcp6: Add option to refresh lease (jsc#SLE-24310, jsc#SLE-9492, jsc#SLE-24307) - dhcp6: Consider ppp interfaces supported - dhcp6: Ignore lease release status - dhcp6: Remove address before release - firewall-ext: No config change on ifdown (bsc#1201053, bsc#1189560) - socket: Fix memory access violation (SEGV) on heavy socket restart errors (bsc#1192508) - systemd: Remove systemd-udev-settle dependency (bsc#1186787) - team: Fix to configure port priority in teamd (bsc#1200505) - wireless: Add support for WPA3 and PMF (bsc#1198894) - wireless: Fix memory access violation (SEGV) on supplicant restart - wireless: Remove libiw dependencies wicked-0.6.70-150400.3.3.1.src.rpm wicked-0.6.70-150400.3.3.1.x86_64.rpm wicked-service-0.6.70-150400.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4063 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for hwdata fixes the following issues: - Updated pci, usb and vendor ids hwdata-0.363-150000.3.51.1.noarch.rpm hwdata-0.363-150000.3.51.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3959 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for busybox fixes the following issues: - Enable switch_root With this change virtme --force-initramfs works as expected. - Enable udhcpc busybox was updated to 1.35.0 - Adjust busybox.config for new features in find, date and cpio - Annotate CVEs already fixed in upstream, but not mentioned in .changes yet: * CVE-2017-16544 (bsc#1069412): Insufficient sanitization of filenames when autocompleting * CVE-2015-9261 (bsc#1102912): huft_build misuses a pointer, causing segfaults * CVE-2016-2147 (bsc#970663): out of bounds write (heap) due to integer underflow in udhcpc * CVE-2016-2148 (bsc#970662): heap-based buffer overflow in OPTION_6RD parsing * CVE-2016-6301 (bsc#991940): NTP server denial of service flaw * CVE-2017-15873 (bsc#1064976): The get_next_block function in archival/libarchive/decompress_bunzip2.c has an Integer Overflow * CVE-2017-15874 (bsc#1064978): archival/libarchive/decompress_unlzma.c has an Integer Underflow * CVE-2019-5747 (bsc#1121428): out of bounds read in udhcp components * CVE-2021-42373, CVE-2021-42374, CVE-2021-42375, CVE-2021-42376, CVE-2021-42377, CVE-2021-42378, CVE-2021-42379, CVE-2021-42380, CVE-2021-42381, CVE-2021-42382, CVE-2021-42383, CVE-2021-42384, CVE-2021-42385, CVE-2021-42386 (bsc#1192869) : v1.34.0 bugfixes * CVE-2021-28831 (bsc#1184522): invalid free or segmentation fault via malformed gzip data * CVE-2018-20679 (bsc#1121426): out of bounds read in udhcp * CVE-2018-1000517 (bsc#1099260): Heap-based buffer overflow in the retrieve_file_data() * CVE-2011-5325 (bsc#951562): tar directory traversal * CVE-2018-1000500 (bsc#1099263): wget: Missing SSL certificate validation busybox-1.35.0-150400.3.3.1.src.rpm busybox-1.35.0-150400.3.3.1.x86_64.rpm busybox-static-1.35.0-150400.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3870 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for openssl-1_1 fixes the following issues: - FIPS: Add a missing dependency on jitterentropy-devel for libopenssl-1_1-devel (bsc#1202148) - FIPS: OpenSSL service-level indicator: Allow AES XTS 256 (bsc#1190651) libopenssl-1_1-devel-1.1.1l-150400.7.13.1.x86_64.rpm libopenssl-1_1-devel-32bit-1.1.1l-150400.7.13.1.x86_64.rpm libopenssl1_1-1.1.1l-150400.7.13.1.x86_64.rpm libopenssl1_1-32bit-1.1.1l-150400.7.13.1.x86_64.rpm libopenssl1_1-hmac-1.1.1l-150400.7.13.1.x86_64.rpm libopenssl1_1-hmac-32bit-1.1.1l-150400.7.13.1.x86_64.rpm openssl-1_1-1.1.1l-150400.7.13.1.src.rpm openssl-1_1-1.1.1l-150400.7.13.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3885 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for gnutls fixes the following issues: - Fix AVX CPU feature detection for OSXSAVE (bsc#1203299) This fixes a SIGILL termination at the verzoupper instruction when trying to run GnuTLS on a Linux kernel with the noxsave command line parameter set. Relevant mostly for virtual systems. gnutls-3.7.3-150400.4.19.1.src.rpm gnutls-3.7.3-150400.4.19.1.x86_64.rpm libgnutls-devel-3.7.3-150400.4.19.1.x86_64.rpm libgnutls30-3.7.3-150400.4.19.1.x86_64.rpm libgnutls30-32bit-3.7.3-150400.4.19.1.x86_64.rpm libgnutls30-hmac-3.7.3-150400.4.19.1.x86_64.rpm libgnutls30-hmac-32bit-3.7.3-150400.4.19.1.x86_64.rpm libgnutlsxx-devel-3.7.3-150400.4.19.1.x86_64.rpm libgnutlsxx28-3.7.3-150400.4.19.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4016 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for rubygem-nokogiri fixes the following issues: - CVE-2022-24836: Fixes possibility to DoS because of inefficient RE in HTML encoding. (bsc#1198408) - CVE-2022-29181: Fixes Improper Handling of Unexpected Data Typesi. (bsc#1199782) ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1.x86_64.rpm rubygem-nokogiri-1.8.5-150400.14.3.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4262 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for lvm2 fixes the following issues: - Fix terminated lvmlockd not clearing/adopting locks, leading to inability to start volume group (bsc#1203216) - Fix device-mapper rpm package versioning to prevent migration issues (bsc#1199074) - Fix lvmlockd to support sanlock (bsc#1203482) device-mapper-2.03.05_1.02.163-150400.185.1.x86_64.rpm device-mapper-devel-2.03.05_1.02.163-150400.185.1.x86_64.rpm libdevmapper-event1_03-2.03.05_1.02.163-150400.185.1.x86_64.rpm libdevmapper1_03-2.03.05_1.02.163-150400.185.1.x86_64.rpm liblvm2cmd2_03-2.03.05-150400.185.1.x86_64.rpm lvm2-2.03.05-150400.185.1.src.rpm lvm2-2.03.05-150400.185.1.x86_64.rpm lvm2-devel-2.03.05-150400.185.1.x86_64.rpm lvm2-device-mapper-2.03.05-150400.185.1.src.rpm libdevmapper1_03-32bit-2.03.05_1.02.163-150400.185.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4040 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libvirt fixes the following issues: - apparmor: Fix QEMU access for UEFI variable files (bsc#1203976) - qemu: Don't assume that /usr/libexec/qemu-kvm exists (bsc#1158430, bsc#1196087) - qemu: Support memory allocation threads (bsc#1197084) - spec: Include aarch64 in the list of architectures that 'Require' dmidecode (bsc#1202608) - vmx: Require networkName for bridged and custom NICs (bsc#1202630) libvirt-8.0.0-150400.7.3.1.src.rpm libvirt-libs-8.0.0-150400.7.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3842 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for yast2-firstboot fixes the following issues: - Compute properly dependencies of WSL GUI pattern (jsc#PM-3439) yast2-firstboot-4.4.11-150400.3.9.1.noarch.rpm yast2-firstboot-4.4.11-150400.3.9.1.src.rpm yast2-firstboot-wsl-4.4.11-150400.3.9.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-1662 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for patterns-base fixes the following issues: - change label of FIPS 140-2 to 140-3 to reflect our current certifications (bsc#1203537) patterns-base-20200124-150400.20.4.1.src.rpm patterns-base-32bit-20200124-150400.20.4.1.x86_64.rpm patterns-base-apparmor-20200124-150400.20.4.1.x86_64.rpm patterns-base-apparmor-32bit-20200124-150400.20.4.1.x86_64.rpm patterns-base-base-20200124-150400.20.4.1.x86_64.rpm patterns-base-base-32bit-20200124-150400.20.4.1.x86_64.rpm patterns-base-basesystem-20200124-150400.20.4.1.x86_64.rpm patterns-base-basic_desktop-20200124-150400.20.4.1.x86_64.rpm patterns-base-bootloader-20200124-150400.20.4.1.x86_64.rpm patterns-base-documentation-20200124-150400.20.4.1.x86_64.rpm patterns-base-enhanced_base-20200124-150400.20.4.1.x86_64.rpm patterns-base-enhanced_base-32bit-20200124-150400.20.4.1.x86_64.rpm patterns-base-fips-20200124-150400.20.4.1.x86_64.rpm patterns-base-minimal_base-20200124-150400.20.4.1.x86_64.rpm patterns-base-minimal_base-32bit-20200124-150400.20.4.1.x86_64.rpm patterns-base-sw_management-20200124-150400.20.4.1.x86_64.rpm patterns-base-sw_management-32bit-20200124-150400.20.4.1.x86_64.rpm patterns-base-x11-20200124-150400.20.4.1.x86_64.rpm patterns-base-x11-32bit-20200124-150400.20.4.1.x86_64.rpm patterns-base-x11_enhanced-20200124-150400.20.4.1.x86_64.rpm patterns-base-x11_enhanced-32bit-20200124-150400.20.4.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4281 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for python3 fixes the following issues: - CVE-2022-37454: Fixed a buffer overflow in hashlib.sha3_* implementations. (bsc#1204577) - CVE-2020-10735: Fixed a bug to limit amount of digits converting text to int and vice vera. (bsc#1203125) The following non-security bug was fixed: - Fixed a crash in the garbage collection (bsc#1188607). libpython3_6m1_0-3.6.15-150300.10.37.2.x86_64.rpm python3-3.6.15-150300.10.37.2.src.rpm python3-3.6.15-150300.10.37.2.x86_64.rpm python3-base-3.6.15-150300.10.37.2.x86_64.rpm python3-core-3.6.15-150300.10.37.2.src.rpm python3-curses-3.6.15-150300.10.37.2.x86_64.rpm python3-dbm-3.6.15-150300.10.37.2.x86_64.rpm python3-devel-3.6.15-150300.10.37.2.x86_64.rpm python3-idle-3.6.15-150300.10.37.2.x86_64.rpm python3-tk-3.6.15-150300.10.37.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4007 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for xen fixes the following issues: - CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing (bsc#1203806). - CVE-2022-33748: Fixed DoS due to race in locking (bsc#1203807). - CVE-2022-42311, CVE-2022-42312, CVE-2022-42313, CVE-2022-42314, CVE-2022-42315, CVE-2022-42316, CVE-2022-42317, CVE-2022-42318: xen: Xenstore: Guests can let xenstored run out of memory (bsc#1204482) - CVE-2022-42309: xen: Xenstore: Guests can crash xenstored (bsc#1204485) - CVE-2022-42310: xen: Xenstore: Guests can create orphaned Xenstore nodes (bsc#1204487) - CVE-2022-42319: xen: Xenstore: Guests can cause Xenstore to not free temporary memory (bsc#1204488) - CVE-2022-42320: xen: Xenstore: Guests can get access to Xenstore nodes of deleted domains (bsc#1204489) - CVE-2022-42321: xen: Xenstore: Guests can crash xenstored via exhausting the stack (bsc#1204490) - CVE-2022-42322,CVE-2022-42323: xen: Xenstore: cooperating guests can create arbitrary numbers of nodes (bsc#1204494) - CVE-2022-42325,CVE-2022-42326: xen: Xenstore: Guests can create arbitrary number of nodes via transactions (bsc#1204496) - xen: Frontends vulnerable to backends (bsc#1193923). xen-4.16.2_08-150400.4.16.1.src.rpm True xen-libs-4.16.2_08-150400.4.16.1.x86_64.rpm True xen-tools-domU-4.16.2_08-150400.4.16.1.x86_64.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2022-4601 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for GNOME 41 fixes the following issues: atkmm1_6: - Version update from 2.28.1 to 2.28.3 (jsc#PED-2235): * Meson build: Avoid unnecessary configuration warnings * Meson build: Perl is not required by new versions of mm-common * Meson build: Require meson >= 0.55.0 * Meson build: Specify 'check' option in run_command(). Will be necessary with future versions of Meson. * Require atk >= 2.12.0 Not a new requirement, but previously it was not specified in configure.ac and meson.build * Support building with Visual Studio 2022 eog: - Version update from 41.1 to 41.2 (jsc#PED-2235): * eog-window: use correct type for display_profile * Fix discovery of Evince for multi-page images evince: - Version update 41.3 to 41.4 (jsc#PED-2235): * shell: Fix failures when thumbnail extraction takes too long * Fix build with meson 0.60.0 and newer evolution: - Ensure evolution-devel is forward compatible with evolution-data-server-devel in a same major version (jsc#PED-2235) evolution-data-center: - Version update from 3.42.4 to 3.42.5 (jsc#PED-2235): * Google OAuth out-of-band (oob) flow will be deprecated folks: - Version update 0.15.3 to 0.15.5 (jsc#PED-2235): * vapi: Add missing generic type argument * Fix docs build against newer eds version * Fix build against newer eds version * Remove volatile keyword from tests gcr: - Version update 3.41.0 to 3.41.1 (jsc#PED-2235): * Add G_SPAWN_CLOEXEC_PIPES flag to all the g_spawn commands * Add gi-docgen dependency which is needed by the docs * Fix build with meson 0.60.0 and newer * Fix build without systemd * Several CI fixes geocode-glib: - Version update from 3.26.2 to 3.26.4 (jsc#PED-2235): * Fix to a test data file not being installed, and a bug fix for a bug in the libsoup3 port * Add support for libsoup 3.x gjs: - Version update from 1.70.1 to 1.70.2 (jsc#PED-2235): * Build and compatibility fixes backported from the development branch * Reverse order of running-from-source checks - Require xorg-x11-Xvfb for proper package build (bsc#1203274) glib2: - Version update from 2.70.4 to 2.70.5 (jsc#PED-2235): * Bugs fixed: glgo#GNOME/GLib#2620, glgo#GNOME/GLib!2537, glgo#GNOME/GLib!2555 * Split gtk-docs from -devel package, these are not needed during building projects using glib2 gnome-control-center: - Fix the size of logo icon in About system (bsc#1200581) - Version update from 41.4 to 41.7 (jsc#PED-2235): * Cellular: Remove duplicate line from .desktop * Info: Allow changing "Device Name" by pressing "Enter" * Info: Remove trailing space after CPU name * Keyboard: Fix crash resetting all keyboard shortcuts * Keyboard: Fix leaks * Network: Fix saving passwords for non-wifi connections * Network: Fix critical when opening VPN details page * Wacom: Fix leaks gnome-desktop: - Version update from 41.2 to 41.8 (jsc#PED-2235): * Version increase but no actual changes gnome-music: - Version update from 41.0 to 41.1 (jsc#PED-2235): * Ensure the correct album is played * Fix build with meson 0.61.0 and newer * Fix crash on empty selection * Fix incorrect playlist import * Fix time displayed in RTL languages * Improve async queue work * Make random shuffle actually random * Make shuffle random * Speed increase on first startup on larger collections * Time is reversed in RTL gnome-remote-desktop: - Version update from 41.2 to 41.3 (jsc#PED-2235): * Add Icelandic translation gnome-session: - Clear error messages that can be ignored because expected to happen for GDM sessions (bsc#1204867) - Add fix for gnome-session to exit immediately when lost name on bus (bsc#1175622, bsc#1188882) gnome-shell: - Disable offline update suggestion before shutdown/reboot in SLE and openSUSE Leap (bsc#944832) - Version update from 41.4 to 41.9 (jsc#PED-2235): * Allow extension updates with only Extension Manager installed * Allow more intermediate icon sizes in app grid * Disable workspace switching while in search. * Do not create systemd scope for D-Bus activated apps * Fix calendar to correctly align world clocks header in RTL * Fix drag placeholder position in dash in RTL locales * Fix edge case where windows stay dimmed after a modal is closed * Fix feedback when turning on a11y features by keyboard * Fix focus tracking in magnifier on wayland * Fix fractional timezone offsets in world clock * Fix glitches in overview transition * Fix logging in with realmd * Fix memory leak * Fix opening device settings for enterprise WPA networks * Fix programatically set scrollview fade * Fix regression in ibus support * Fix unresponsive top bar in overview when in fullscreen * Handle monitor changes during startup animation * Hide overview after 'Show Details' from app context menu * Improve Belgian on-screen keyboard layout * Improve CSS shadow appearance * Make sure startup animation completes * Misc. bug fixes and cleanups * Only close messages via delete key if they can be closed * Respect IM hint for candidates list in on-screen keyboard gnome-software: - Disable offline update feature in SUSE Linux Enterprise and openSUSE Leap (bsc#944832) - Version update from 41.4 to 41.5 (jsc#PED-2235): * Added several appstream-related fixed * Disable scroll-by-mouse-wheel on featured carousel * Ensure details page shows app provided on command line gnome-terminal: - Version update from 3.42.2 to 3.42.3 (jsc#PED-2235): * Fix build with meson 0.61.0 and newer * window: Use a normal menu for the popup menu gnome-user-docs: - Version update from 41.1 to 41.5 (jsc#PED-2235): * Added missing icon for network-wired-symbolic gspell: - Version update from 1.8.4 to 1.10.0 (jsc#PED-2235): * Build: distribute more files in tarballs * Documentation improvements gtkmm3: - Version update from 3.24.5 to 3.24.6 (jsc#PED-2235): * Build with Meson: MSVC build: Support Visual Studio 2022 * Check if Perl is required for building documentation * Don't use deprecated python3.path() and execute (..., gui_app...) * GTK: TreeValueProxy: Declare copy constructor = default, avoiding warnings from the claing++ compiler * Object::_release_c_instance(): Unref orphan managed widgets * SizeGroup demo: Set active items in the combo boxs, so something is shown * Specify 'check' option in run_command() gtk-vnc: - Version update from 1.3.0 to 1.3.1 (jsc#PED-2235): * Add 'check' arg to meson run_command() * Fix invalid use of subprojects with meson * Support ZRLE encoding for zero size alpha cursors gupnp-av: - Version update from 0.12.11 to 0.14.1 (jsc#PED-2235): * Add utility function to format GDateTime to the iso variant DIDL expects * Allow to be used as a subproject * Drop autotools * Fix stripping @refID * Fix unsetting subtitleFileType * Make Feature derivable again * Obsolete code removal. * Port to modern GObject * Remove hand-written ref-counting, use RcBox/AtomicRcBox instead. * Switch to meson build system, following upstream - Rename libgupnp-av-1_0-2 subpackage to libgupnp-av-1_0-3, correcting the package name to match the provided library - Conflict with the wrongly provided libgupnp-av-1_0-2 gvfs: - Version update from 1.48.1 to 1.48.2 (jsc#PED-2235): * sftp: Adapt on new OpenSSH password prompts * smb: Rework anonymous handling to avoid EINVAL * smb: Ignore EINVAL for kerberos/ccache login libgsf: - Version update from 1.14.48 to 1.14.50 (jsc#PED-2235): * Fix error handling problem when writing ole files * Fix problems with non-western text in OLE properties * Use g_date_time_new_from_iso8601 and g_date_time_format_iso8601 when available libmediaart: - Version update from 1.9.5 to 1.9.6 (jsc#PED-2235): * build: Add introspection/vapi/tests options * build: Use library() to optionally build a static library libnma: - Version update from 1.8.32 to 1.8.40 (jsc#PED-2235): * Ad-Hoc networks now default to using WPA2 instead of WEP * Add possibility of building libnma-gtk4 library with Gtk4 support * Do not allow setting empty 802.1x domain for EAP TLS * Fixed keyboard accelerator for certificate chooser * Fixed libnma-gtk4 version of mobile-wizard * Include OWE wireless security option * The GtkBuilder files for Gtk4 are now included in the release tarball * WEP is no longer provided as an option for connecting to hidden networks due to its deprecated status - New sub-packages libnma-gtk4-0, typelib-1_0-NMA4-1_0 and libnma-gtk4-devel - Split out documentation files in own docs sub-package libnotify: - Version update from 0.7.10 to 0.7.12 (jsc#PED-2235): * Delete unused notifynotification.xml * Fix potential build errors with old glib version we require * docs/notify-send: Add --transient option to manpage * notification: Bookend calling NotifyActionCallback with temporary reference * notification: Include sender-pid hint by default if not provided * notify-send: Add debug message about server not supporting persistence * notify-send: Add explicit option to create transient notifications * notify-send: Add support for boolean hints * notify-send: Move server capabilities check to a separate function * notify-send: Support passing any hint value, by parsing variant strings libpeas: - Version update from 1.30.0 to 1.32.0 (jsc#PED-2235): * Icon licenses have been corrected * Parallel build system operation fixes * Use gi-docgen for documentation * Various build warnings squashed * Various GIR data that should not have been exported was removed - Stop packaging the demo files/sub-package librsvg: - Version update from 2.52.6 to 2.52.9 (jsc#PED-2235): * Catch circular references when rendering patterns * Fix regressions when computing element geometries * Fix regression outputting all text as paths libsecret: - Version update from 0.20.4 to 0.20.5 (jsc#PED-2235): * Add bash-completion for secret-tool * Add locking capabilities to secret tool * Add support for TPM2 based secret storage * Create default collection after DBus.Error.UnknownObject * Detect local storage in snaps in the same way as flatpaks * Drop autotools-based build * GI annotation and documentation fixes * Port documentation to gi-docgen * Use G_GNUC_NULL_TERMINATED where appropriate collection, methods, prompt: Port to GTask * secret-file-backend: Avoid closing the same file descriptor twice mutter: - Version update from 41.5 to 41.9 (jsc#PED-2235): * Fix '--replace option' * Fix missing root window properties after XWayland start * Fix night light without GAMMA_LUT property * KMS: Survive missing GAMMA_LUT property * wayland: Fix rotation transform * Misc. bug fixes nautilus: - Version update from 41.2 to 41.5(jsc#PED-2235): * Drag-and-drop bugfixes * HighContrast style fixes orca: - Version update from 41.1 to 41.3 (jsc#PED-2235): * Add more event-flood detection and handling for improved performance * Fix bug causing accessing preferences to fail for Esperanto * Web: Fix bug causing widgets descending from off-screen label elements to be skipped over * Web: Fix presentation of the FluentUI react dialog (and any other dialog which has an ARIA document-role descendant) * WebKitGtk: Fail gracefully when structural navigation commands are used in WebKitGtk 2.36.x python-cairo: - Add python3-cairo to SUSE Linux Enterprise Micro 5.3 as it is now required by python3-gobject-cairo python-gobject: - Add dependency on python-cairo to python-gobject-cairo: The introspection wrapper needs pycairo (bsc#1179584) - Version update from 3.42.0 to 3.42.2 (jsc#PED-2235): * Add a workaround for a PyPy 3.9+ bug when threads are used * Do not error out for unknown scopes * Prompt an error instead of crashing when marshaling unsupported fundamental types in some cases * Fix a crash/refcounting error in case marshaling a hash table fails * Fix crashes when marshaling zero terminated arrays for certain item types * Implement DynamicImporter.find_spec() to silence deprecation warning * Make the test suite pass again with PyPy * Some test/CI fixes * gtk overrides: Do not override Treeview.enable_model_drag_xx for GTK4 * gtk overrides: restore Gtk.ListStore.insert_with_valuesv with newer GTK4 * interface: Fix leak when overriding GInterfaceInfo * setup.py: look up pycairo headers without importing the module trackers-python: - Allow system calls used by gstreamer (bsc#1196205) - Version update from 3.2.2 to 3.2.1 (jsc#PED-2235): * Backport seccomp rules for rseq and mbind syscalls vala: - Version update from 0.54.6 to 0.54.8 (jsc#PED-2235): * Add missing TraverseVisitor.visit_data_type() * Add support for "copy_/free_function" metadata for compact classes * Catch and throw possible inner error of lock statements * Clear SemanticAnalyzer.current_{symbol,source_file} when not needed anymore * Don't count instance-parameter when checking for backwards closure reference * Fix a few binding errors * Free empty stack list for code contexts * Handle duplicated and unnamed symbols. * Improve UI parsing and handling of nested objects and properties * Make sure to drop our "trap" jump target in case of an error * Move dynamic property errors to semantic analyzer pass * Require lvalue access of delegate target/destroy "fields" * Show source location when reporting deprecations * Transform assignment of an array element as needed * manual: Update from wiki.gnome.org * parser: Improve handling of nullable VarType in with-statement * parser: Reduce the source reference of main block method to its beginning xdg-desktop-portal-gnome: - Version update from 0.54.6 to 0.54.8 (jsc#PED-2235): * Properly bind property in Lockdown portal gdk-pixbuf-loader-rsvg-2.52.9-150400.3.3.1.x86_64.rpm gio-branding-SLE-15-150400.27.2.1.noarch.rpm glib2-2.70.5-150400.3.3.1.src.rpm glib2-branding-SLE-15-150400.27.2.1.src.rpm glib2-devel-2.70.5-150400.3.3.1.x86_64.rpm glib2-lang-2.70.5-150400.3.3.1.noarch.rpm glib2-tools-2.70.5-150400.3.3.1.x86_64.rpm gtk-vnc-1.3.1-150400.3.3.1.src.rpm libgio-2_0-0-2.70.5-150400.3.3.1.x86_64.rpm libglib-2_0-0-2.70.5-150400.3.3.1.x86_64.rpm libgmodule-2_0-0-2.70.5-150400.3.3.1.x86_64.rpm libgmodule-2_0-0-32bit-2.70.5-150400.3.3.1.x86_64.rpm libgobject-2_0-0-2.70.5-150400.3.3.1.x86_64.rpm libgthread-2_0-0-2.70.5-150400.3.3.1.x86_64.rpm libgtk-vnc-2_0-0-1.3.1-150400.3.3.1.x86_64.rpm libgvnc-1_0-0-1.3.1-150400.3.3.1.x86_64.rpm libnotify-0.7.12-150400.3.3.1.src.rpm libnotify4-0.7.12-150400.3.3.1.x86_64.rpm librsvg-2-2-2.52.9-150400.3.3.1.x86_64.rpm librsvg-2.52.9-150400.3.3.1.src.rpm libsecret-0.20.5-150400.4.3.1.src.rpm libsecret-1-0-0.20.5-150400.4.3.1.x86_64.rpm libsecret-devel-0.20.5-150400.4.3.1.x86_64.rpm libsecret-lang-0.20.5-150400.4.3.1.noarch.rpm python-cairo-1.15.1-150000.3.6.1.src.rpm python-gobject-3.42.2-150400.3.3.2.src.rpm python3-cairo-1.15.1-150000.3.6.1.x86_64.rpm python3-gobject-3.42.2-150400.3.3.2.x86_64.rpm python3-gobject-Gdk-3.42.2-150400.3.3.2.x86_64.rpm python3-gobject-cairo-3.42.2-150400.3.3.2.x86_64.rpm typelib-1_0-Secret-1-0.20.5-150400.4.3.1.x86_64.rpm libgio-2_0-0-32bit-2.70.5-150400.3.3.1.x86_64.rpm libglib-2_0-0-32bit-2.70.5-150400.3.3.1.x86_64.rpm libgobject-2_0-0-32bit-2.70.5-150400.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4072 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-28748: Fixed a leak of kernel memory over the network by ax88179_178a devices (bsc#1196018). - CVE-2022-1882: Fixed a use-after-free flaw in free_pipe_info() that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1199904). - CVE-2022-2964: Fixed memory corruption issues in ax88179_178a devices (bnc#1202686). - CVE-2022-3169: Fixed an denial of service though request to NVME_IOCTL_RESET and NVME_IOCTL_SUBSYS_RESET (bsc#1203290). - CVE-2022-33981: Fixed a use-after-free in floppy driver (bnc#1200692). - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204166). - CVE-2022-3435: Fixed an out-of-bounds read in fib_nh_match() of the file net/ipv4/fib_semantics.c (bsc#1204171). - CVE-2022-3521: Fixed race condition in kcm_tx_work() in net/kcm/kcmsock.c (bnc#1204355). - CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bnc#1204354). - CVE-2022-3526: Fixed a memory leak in macvlan_handle_frame() from drivers/net/macvlan.c (bnc#1204353). - CVE-2022-3545: Fixed use-after-free in area_cache_get() in drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bnc#1204415). - CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bnc#1204431). - CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bnc#1204574). - CVE-2022-3625: Fixed use-after-free in devlink_param_set()/devlink_param_get() in net/core/devlink.c (bnc#1204637). - CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868). - CVE-2022-3640: Fixed use-after-free in l2cap_conn_del() in net/bluetooth/l2cap_core.c (bnc#1204619). - CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bnc#1204646). - CVE-2022-40476: Fixed a null pointer dereference in fs/io_uring.c (bnc#1203435). - CVE-2022-40768: Fixed information disclosure in stex_queuecommand_lck (bnc#1203514). - CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space client to corrupt the monitor's internal memory (bnc#1204653). The following non-security bugs were fixed: - acpi: APEI: do not add task_work to kernel thread to avoid memory leak (git-fixes). - acpi: HMAT: Release platform device in case of platform_device_add_data() fails (git-fixes). - acpi: extlog: Handle multiple records (git-fixes). - acpi: tables: FPDT: Do not call acpi_os_map_memory() on invalid phys address (git-fixes). - acpi: video: Add Toshiba Satellite/Portege Z830 quirk (git-fixes). - acpi: video: Make backlight class device registration a separate step (v2) (git-fixes). - acpi: x86: Add a quirk for Dell Inspiron 14 2-in-1 for StorageD3Enable (git-fixes). - alsa: Use del_timer_sync() before freeing timer (git-fixes). - alsa: ac97: fix possible memory leak in snd_ac97_dev_register() (git-fixes). - alsa: aoa: Fix I2S device accounting (git-fixes). - alsa: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev() (git-fixes). - alsa: asihpi - Remove useless code in hpi_meter_get_peak() (git-fixes). - alsa: au88x0: use explicitly signed char (git-fixes). - alsa: dmaengine: increment buffer pointer atomically (git-fixes). - alsa: hda/cs_dsp_ctl: Fix mutex inversion when creating controls (bsc#1203699). - alsa: hda/hdmi: Do not skip notification handling during PM operation (git-fixes). - alsa: hda/hdmi: Fix the converter allocation for the silent stream (git-fixes). - alsa: hda/hdmi: Fix the converter reuse for the silent stream (git-fixes). - alsa: hda/hdmi: change type for the 'assigned' variable (git-fixes). - alsa: hda/realtek: Add Intel Reference SSID to support headset keys (git-fixes). - alsa: hda/realtek: Add another HP ZBook G9 model quirks (bsc#1203699). - alsa: hda/realtek: Add quirk for ASUS GV601R laptop (git-fixes). - alsa: hda/realtek: Add quirk for ASUS Zenbook using CS35L41 (bsc#1203922). - alsa: hda/realtek: Correct pin configs for ASUS G533Z (git-fixes). - alsa: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530 (git-fixes). - alsa: hda: Fix position reporting on Poulsbo (git-fixes). - alsa: hda: cs35l41: Remove suspend/resume hda hooks (bsc#1203699). - alsa: hda: cs35l41: Support System Suspend (bsc#1203699). - alsa: hda: hda_cs_dsp_ctl: Ensure pwr_lock is held before reading/writing controls (bsc#1203699). - alsa: hda: hda_cs_dsp_ctl: Minor clean and redundant code removal (bsc#1203699). - alsa: hiface: fix repeated words in comments (git-fixes). - alsa: line6: Replace sprintf() with sysfs_emit() (git-fixes). - alsa: line6: remove line6_set_raw declaration (git-fixes). - alsa: oss: Fix potential deadlock at unregistration (git-fixes). - alsa: rawmidi: Drop register_mutex in snd_rawmidi_free() (git-fixes). - alsa: rme9652: use explicitly signed char (git-fixes). - alsa: scarlett2: Add Focusrite Clarett+ 8Pre support (git-fixes). - alsa: scarlett2: Add support for the internal "standalone" switch (git-fixes). - alsa: scarlett2: Split scarlett2_config_items[] into 3 sections (git-fixes). - alsa: usb-audio: Add mixer mapping for Gigabyte B450/550 Mobos (git-fixes). - alsa: usb-audio: Add quirk to enable Avid Mbox 3 support (git-fixes). - alsa: usb-audio: Add quirks for M-Audio Fast Track C400/600 (git-fixes). - alsa: usb-audio: Fix NULL dererence at error path (git-fixes). - alsa: usb-audio: Fix last interface check for registration (git-fixes). - alsa: usb-audio: Fix potential memory leaks (git-fixes). - alsa: usb-audio: Fix regression with Dell Dock jack detection (bsc#1204719). - alsa: usb-audio: Register card at the last interface (git-fixes). - alsa: usb-audio: make read-only array marker static const (git-fixes). - alsa: usb-audio: remove redundant assignment to variable c (git-fixes). - alsa: usb-audio: scarlett2: Use struct_size() helper in scarlett2_usb() (git-fixes). - alsa: usb/6fire: fix repeated words in comments (git-fixes). - arm64/bti: Disable in kernel BTI when cross section thunks are broken (git-fixes) - arm64/mm: Consolidate TCR_EL1 fields (git-fixes). - arm64: dts: imx8mp: Add snps,gfladj-refclk-lpm-sel quirk to USB nodes (git-fixes). - arm64: dts: imx8mq-librem5: Add bq25895 as max17055's power supply (git-fixes). - arm64: dts: qcom: sc7280: Cleanup the lpasscc node (git-fixes). - arm64: dts: ti: k3-j7200: fix main pinmux range (git-fixes). - arm64: ftrace: fix module PLTs with mcount (git-fixes). - arm64: mte: Avoid setting PG_mte_tagged if no tags cleared or restored (git-fixes). - arm64: topology: move store_cpu_topology() to shared code (git-fixes). - arm: 9242/1: kasan: Only map modules if CONFIG_KASAN_VMALLOC=n (git-fixes). - arm: 9244/1: dump: Fix wrong pg_level in walk_pmd() (git-fixes). - arm: 9247/1: mm: set readonly for MT_MEMORY_RO with ARM_LPAE (git-fixes). - arm: Drop CMDLINE_* dependency on ATAGS (git-fixes). - arm: decompressor: Include .data.rel.ro.local (git-fixes). - arm: defconfig: clean up multi_v4t and multi_v5 configs (git-fixes). - arm: defconfig: drop CONFIG_PTP_1588_CLOCK=y (git-fixes). - arm: defconfig: drop CONFIG_SERIAL_OMAP references (git-fixes). - arm: defconfig: drop CONFIG_USB_FSL_USB2 (git-fixes). - arm: dts: armada-38x: Add gpio-ranges for pin muxing (git-fixes). - arm: dts: exynos: correct s5k6a3 reset polarity on Midas family (git-fixes). - arm: dts: exynos: fix polarity of VBUS GPIO of Origen (git-fixes). - arm: dts: fix Moxa SDIO 'compatible', remove 'sdhci' misnomer (git-fixes). - arm: dts: imx6dl: add missing properties for sram (git-fixes). - arm: dts: imx6q: add missing properties for sram (git-fixes). - arm: dts: imx6qdl-kontron-samx6i: hook up DDC i2c bus (git-fixes). - arm: dts: imx6qp: add missing properties for sram (git-fixes). - arm: dts: imx6sl: add missing properties for sram (git-fixes). - arm: dts: imx6sll: add missing properties for sram (git-fixes). - arm: dts: imx6sx: add missing properties for sram (git-fixes). - arm: dts: imx7d-sdb: config the max pressure for tsc2046 (git-fixes). - arm: dts: integrator: Tag PCI host with device_type (git-fixes). - arm: dts: kirkwood: lsxl: fix serial line (git-fixes). - arm: dts: kirkwood: lsxl: remove first ethernet port (git-fixes). - arm: dts: turris-omnia: Add label for wan port (git-fixes). - arm: dts: turris-omnia: Fix mpp26 pin name and comment (git-fixes). - asoc: SOF: pci: Change DMI match info to support all Chrome platforms (git-fixes). - asoc: codecs: tx-macro: fix kcontrol put (git-fixes). - asoc: da7219: Fix an error handling path in da7219_register_dai_clks() (git-fixes). - asoc: eureka-tlv320: Hold reference returned from of_find_xxx API (git-fixes). - asoc: fsl_sai: Remove unnecessary FIFO reset in ISR (git-fixes). - asoc: mt6359: fix tests for platform_get_irq() failure (git-fixes). - asoc: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe (git-fixes). - asoc: qcom: lpass-cpu: Mark HDMI TX parity register as volatile (git-fixes). - asoc: qcom: lpass-cpu: mark HDMI TX registers as volatile (git-fixes). - asoc: rsnd: Add check for rsnd_mod_power_on (git-fixes). - asoc: tas2764: Allow mono streams (git-fixes). - asoc: tas2764: Drop conflicting set_bias_level power setting (git-fixes). - asoc: tas2764: Fix mute/unmute (git-fixes). - asoc: wcd9335: fix order of Slimbus unprepare/disable (git-fixes). - asoc: wcd934x: fix order of Slimbus unprepare/disable (git-fixes). - asoc: wm5102: Fix PM disable depth imbalance in wm5102_probe (git-fixes). - asoc: wm5110: Fix PM disable depth imbalance in wm5110_probe (git-fixes). - asoc: wm8997: Fix PM disable depth imbalance in wm8997_probe (git-fixes). - asoc: wm_adsp: Handle optional legacy support (git-fixes). - ata: ahci-imx: Fix MODULE_ALIAS (git-fixes). - ata: fix ata_id_has_devslp() (git-fixes). - ata: fix ata_id_has_dipm() (git-fixes). - ata: fix ata_id_has_ncq_autosense() (git-fixes). - ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting() (git-fixes). - ata: libahci_platform: Sanity check the DT child nodes number (git-fixes). - ata: pata_legacy: fix pdc20230_set_piomode() (git-fixes). - bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (git-fixes). - bluetooth: L2CAP: Fix user-after-free (git-fixes). - bluetooth: L2CAP: initialize delayed works at l2cap_chan_create() (git-fixes). - bluetooth: RFCOMM: Fix possible deadlock on socket shutdown/release (git-fixes). - bluetooth: btintel: Mark Intel controller to support LE_STATES quirk (git-fixes). - bluetooth: hci_sysfs: Fix attempting to call device_add multiple times (git-fixes). - bluetooth: virtio_bt: Use skb_put to set length (git-fixes). - bnxt_en: Fix bnxt_refclk_read() (git-fixes). - bnxt_en: Fix bnxt_reinit_after_abort() code path (git-fixes). - bnxt_en: fix livepatch query (git-fixes). - bnxt_en: reclaim max resources if sriov enable fails (git-fixes). - bonding: 802.3ad: fix no transmission of LACPDUs (git-fixes). - bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers (git-fixes). - can: bcm: check the result of can_send() in bcm_can_tx() (git-fixes). - can: j1939: transport: j1939_session_skb_drop_old(): spin_unlock_irqrestore() before kfree_skb() (git-fixes). - can: kvaser_usb: Fix possible completions during init_completion (git-fixes). - can: kvaser_usb: Fix use of uninitialized completion (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency regression (git-fixes). - can: kvaser_usb: replace run-time checks with struct kvaser_usb_driver_info (git-fixes). - can: kvaser_usb_leaf: Fix CAN state after restart (git-fixes). - can: kvaser_usb_leaf: Fix TX queue out of sync after restart (git-fixes). - can: mcp251x: mcp251x_can_probe(): add missing unregister_candev() in error path (git-fixes). - can: mcp251xfd: mcp251xfd_register_get_dev_id(): fix endianness conversion (git-fixes). - can: mcp251xfd: mcp251xfd_register_get_dev_id(): use correct length to read dev_id (git-fixes). - can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error path (git-fixes). - cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset (bsc#1204753). - clk: ast2600: BCLK comes from EPLL (git-fixes). - clk: at91: fix the build with binutils 2.27 (git-fixes). - clk: baikal-t1: Add SATA internal ref clock buffer (git-fixes). - clk: baikal-t1: Add shared xGMAC ref/ptp clocks internal parent (git-fixes). - clk: baikal-t1: Fix invalid xGMAC PTP clock divider (git-fixes). - clk: bcm2835: Make peripheral PLLC critical (git-fixes). - clk: bcm2835: Round UART input clock up (bsc#1188238) - clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration (git-fixes). - clk: bcm: rpi: Add support for VEC clock (bsc#1196632) - clk: berlin: Add of_node_put() for of_get_parent() (git-fixes). - clk: imx: scu: fix memleak on platform_device_add() fails (git-fixes). - clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent (git-fixes). - clk: meson: Hold reference returned by of_get_parent() (git-fixes). - clk: oxnas: Hold reference returned by of_get_parent() (git-fixes). - clk: qcom: apss-ipq6018: mark apcs_alias0_core_clk as critical (git-fixes). - clk: qcom: gcc-msm8916: use ARRAY_SIZE instead of specifying num_parents (git-fixes). - clk: qoriq: Hold reference returned by of_get_parent() (git-fixes). - clk: sprd: Hold reference returned by of_get_parent() (git-fixes). - clk: tegra20: Fix refcount leak in tegra20_clock_init (git-fixes). - clk: tegra: Fix refcount leak in tegra114_clock_init (git-fixes). - clk: tegra: Fix refcount leak in tegra210_clock_init (git-fixes). - clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe (git-fixes). - clk: vc5: Fix 5P49V6901 outputs disabling when enabling FOD (git-fixes). - clk: zynqmp: Fix stack-out-of-bounds in strncpy` (git-fixes). - clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate (git-fixes). - cpufreq: qcom: fix memory leak in error path (git-fixes). - cpufreq: qcom: fix writes in read-only memory region (git-fixes). - crypto: akcipher - default implementation for setting a private key (git-fixes). - crypto: cavium - prevent integer overflow loading firmware (git-fixes). - crypto: ccp - Release dma channels before dmaengine unrgister (git-fixes). - crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr (git-fixes). - crypto: inside-secure - Change swab to swab32 (git-fixes). - crypto: inside-secure - Replace generic aes with libaes (git-fixes). - crypto: marvell/octeontx - prevent integer overflows (git-fixes). - crypto: qat - fix default value of WDT timer (git-fixes). - crypto: sahara - do not sleep when in softirq (git-fixes). - device property: Fix documentation for *_match_string() APIs (git-fixes). - dmaengine: hisilicon: Add multi-thread support for a DMA channel (git-fixes). - dmaengine: hisilicon: Disable channels when unregister hisi_dma (git-fixes). - dmaengine: hisilicon: Fix CQ head update (git-fixes). - dmaengine: idxd: change bandwidth token to read buffers (jsc#PED-679). - dmaengine: idxd: deprecate token sysfs attributes for read buffers (jsc#PED-679). - dmaengine: idxd: force wq context cleanup on device disable path (git-fixes). - dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup() (git-fixes). - dmaengine: mxs: use platform_driver_register (git-fixes). - dmaengine: ti: k3-udma: Reset UDMA_CHAN_RT byte counters to prevent overflow (git-fixes). - dmaengine: xilinx_dma: Fix devm_platform_ioremap_resource error handling (git-fixes). - dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API failure (git-fixes). - dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property (git-fixes). - dpaa2-eth: trace the allocated address instead of page struct (git-fixes). - drivers: hv: vmbus: Fix handling of messages with transaction ID of zero (bsc#1204017). - drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017). - drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017). - drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017). - drivers: serial: jsm: fix some leaks in probe (git-fixes). - drm/amd/display: Assume an LTTPR is always present on fixed_vs links (git-fixes). - drm/amd/display: Changed pipe split policy to allow for multi-display (bsc#1152472) Backporting notes: * remove changes to non-existing 201 and 31 directories - drm/amd/display: Correct MPC split policy for DCN301 (git-fixes). - drm/amd/display: Fix build breakage with CONFIG_DEBUG_FS=n (git-fixes). - drm/amd/display: Fix double cursor on non-video RGB MPO (git-fixes). - drm/amd/display: Fix vblank refcount in vrr transition (git-fixes). - drm/amd/display: Remove interface for periodic interrupt 1 (git-fixes). - drm/amd/display: skip audio setup when audio stream is enabled (git-fixes). - drm/amd/display: update gamut remap if plane has changed (git-fixes). - drm/amd/pm: smu7_hwmgr: fix potential off-by-one overflow in 'performance_levels' (git-fixes). - drm/amdgpu/display: change pipe policy for DCN 2.0 (git-fixes). - drm/amdgpu/display: change pipe policy for DCN 2.1 (git-fixes). - drm/amdgpu/gfx10: add wraparound gpu counter check for APUs as well (bsc#1152472) Backporting notes: * also fix default branch - drm/amdgpu/gfx9: switch to golden tsc registers for renoir+ (bsc#1152472) Backporting notes: * replace IP_VERSION() with CHIP_ constants - drm/amdgpu: add missing pci_disable_device() in amdgpu_pmops_runtime_resume() (git-fixes). - drm/amdgpu: fix initial connector audio value (git-fixes). - drm/amdgpu: fix sdma doorbell init ordering on APUs (git-fixes). - drm/amdkfd: Fix memory leak in kfd_mem_dmamap_userptr() (git-fixes). - drm/bridge: Avoid uninitialized variable warning (git-fixes). - drm/bridge: megachips: Fix a null pointer dereference bug (git-fixes). - drm/bridge: parade-ps8640: Fix regulator supply order (git-fixes). - drm/i915/dp: Reset frl trained flag before restarting FRL training (git-fixes). - drm/i915/ehl: Update MOCS table for EHL (git-fixes). - drm/i915/gvt: fix a memory leak in intel_gvt_init_vgpu_types (git-fixes). - drm/i915/hdmi: convert intel_hdmi_to_dev to intel_hdmi_to_i915 (bsc#1152489) - drm/i915: Reject unsupported TMDS rates on ICL+ (git-fixes). - drm/komeda: Fix handling of atomic commits in the atomic_commit_tail hook (git-fixes). - drm/meson: explicitly remove aggregate driver at module unload time (git-fixes). - drm/mipi-dsi: Detach devices when removing the host (git-fixes). - drm/msm/dp: Silence inconsistent indent warning (git-fixes). - drm/msm/dp: correct 1.62G link rate at dp_catalog_ctrl_config_msa() (git-fixes). - drm/msm/dp: fix IRQ lifetime (git-fixes). - drm/msm/dpu: Fix comment typo (git-fixes). - drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx (git-fixes). - drm/msm/dsi: fix memory corruption with too many bridges (git-fixes). - drm/msm/hdmi: fix memory corruption with too many bridges (git-fixes). - drm/msm: Fix return type of mdp4_lvds_connector_mode_valid (git-fixes). - drm/msm: Make .remove and .shutdown HW shutdown consistent (git-fixes). - drm/msm: fix use-after-free on probe deferral (git-fixes). - drm/nouveau/kms/nv140-: Disable interlacing (git-fixes). - drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc() (git-fixes). - drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table() (git-fixes). - drm/nouveau: wait for the exclusive fence after the shared ones v2 (bsc#1152472) Backporting notes: * context changes - drm/omap: dss: Fix refcount leak bugs (git-fixes). - drm/scheduler: quieten kernel-doc warnings (git-fixes). - drm/virtio: Check whether transferred 2D BO is shmem (git-fixes). - drm/virtio: Unlock reservations on virtio_gpu_object_shmem_init() error (git-fixes). - drm: Prevent drm_copy_field() to attempt copying a NULL pointer (git-fixes). - drm: Use size_t type for len variable in drm_copy_field() (git-fixes). - drm: bridge: adv7511: fix CEC power down control register offset (git-fixes). - drm: bridge: dw_hdmi: only trigger hotplug event on link change (git-fixes). - drm: fix drm_mipi_dbi build errors (git-fixes). - drm: panel-orientation-quirks: Add quirk for Anbernic Win600 (git-fixes). - drm:pl111: Add of_node_put() when breaking out of for_each_available_child_of_node() (git-fixes). - drop Dell Dock regression fix patch again (bsc#1204719) - drop verbose nvme logging feature (bsc#1200567) - dt-bindings: crypto: ti,sa2ul: drop dma-coherent property (git-fixes). - dt-bindings: display/msm: dpu-sc7180: add missing DPU opp-table (git-fixes). - dt-bindings: display/msm: dpu-sdm845: add missing DPU opp-table (git-fixes). - dt-bindings: mtd: intel: lgm-nand: Fix compatible string (git-fixes). - dt-bindings: mtd: intel: lgm-nand: Fix maximum chip select value (git-fixes). - dt-bindings: pci: microchip,pcie-host: fix missing clocks properties (git-fixes). - dt-bindings: pci: microchip,pcie-host: fix missing dma-ranges (git-fixes). - dt-bindings: phy: qcom,qmp-usb3-dp: fix bogus clock-cells property (git-fixes). - dt-bindings: phy: qcom,qmp: fix bogus clock-cells property (git-fixes). - dyndbg: fix module.dyndbg handling (git-fixes). - dyndbg: fix static_branch manipulation (git-fixes). - dyndbg: let query-modname override actual module name (git-fixes). - efi: Correct Macmini DMI match in uefi cert quirk (git-fixes). - efi: libstub: drop pointless get_memory_map() call (git-fixes). - fbdev: cyber2000fb: fix missing pci_disable_device() (git-fixes). - fbdev: da8xx-fb: Fix error handling in .remove() (git-fixes). - fec: Fix timer capture timing in `fec_ptp_enable_pps()` (git-fixes). - firmware: arm_scmi: Add SCMI PM driver remove routine (git-fixes). - firmware: arm_scmi: Harden accesses to the sensor domains (git-fixes). - firmware: arm_scmi: Improve checks in the info_get operations (git-fixes). - firmware: google: Test spinlock on panic path to avoid lockups (git-fixes). - fpga: prevent integer overflow in dfl_feature_ioctl_set_irq() (git-fixes). - fs/binfmt_elf: Fix memory leak in load_elf_binary() (git-fixes). - ftrace: Fix char print issue in print_ip_ins() (git-fixes). - ftrace: Properly unset FTRACE_HASH_FL_MOD (git-fixes). - fuse: fix deadlock between atomic O_TRUNC and page invalidation (bsc#1204533). - gcov: support GCC 12.1 and newer compilers (git-fixes). - gpu: lontium-lt9611: Fix NULL pointer dereference in lt9611_connector_init() (git-fixes). - hid: hid-logitech-hidpp: avoid unnecessary assignments in hidpp_connect_event (git-fixes). - hid: hidraw: fix memory leak in hidraw_release() (git-fixes). - hid: magicmouse: Do not set BTN_MOUSE on double report (git-fixes). - hid: multitouch: Add memory barriers (git-fixes). - hid: roccat: Fix use-after-free in roccat_read() (git-fixes). - hinic: Avoid some over memory allocation (git-fixes). - hsi: omap_ssi: Fix refcount leak in ssi_probe (git-fixes). - hsi: omap_ssi_port: Fix dma_map_sg error check (git-fixes). - hwmon/coretemp: Handle large core ID value (git-fixes). - hwmon: (sht4x) do not overflow clamping operation on 32-bit platforms (git-fixes). - i2c: designware: Fix handling of real but unexpected device interrupts (git-fixes). - i2c: i801: Add support for Intel Ice Lake PCH-N (jsc#PED-634). - i2c: i801: Add support for Intel Meteor Lake-P (jsc#PED-732). - i2c: i801: Add support for Intel Raptor Lake PCH-S (jsc#PED-634). - i2c: i801: Improve handling of chip-specific feature definitions (jsc#PED-634). - i2c: qcom-cci: Fix ordering of pm_runtime_xx and i2c_add_adapter (git-fixes). - i40e: Fix call trace in setup_tx_descriptors (git-fixes). - i40e: Fix dropped jumbo frames statistics (git-fixes). - i40e: Fix to stop tx_timeout recovery if GLOBR fails (git-fixes). - iavf: Fix adminq error handling (git-fixes). - iavf: Fix handling of dummy receive descriptors (git-fixes). - iavf: Fix reset error handling (git-fixes). - ib/core: Fix a nested dead lock as part of ODP flow (git-fixes) - ib/rdmavt: Add __init/__exit annotations to module init/exit funcs (git-fixes) - ice: Fix switchdev rules book keeping (git-fixes). - ice: check (DD | EOF) bits on Rx descriptor rather than (EOP | RS) (git-fixes). - ice: do not setup vlan for loopback VSI (git-fixes). - igb: Make DMA faster when CPU is active on the PCIe link (git-fixes). - igb: fix a use-after-free issue in igb_clean_tx_ring (git-fixes). - iio: ABI: Fix wrong format of differential capacitance channel ABI (git-fixes). - iio: adc: ad7923: fix channel readings for some variants (git-fixes). - iio: adc: at91-sama5d2_adc: check return status for pressure and touch (git-fixes). - iio: adc: at91-sama5d2_adc: disable/prepare buffer on suspend/resume (git-fixes). - iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX (git-fixes). - iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq (git-fixes). - iio: adc: mcp3911: use correct id bits (git-fixes). - iio: adxl372: Fix unsafe buffer attributes (git-fixes). - iio: bmc150-accel-core: Fix unsafe buffer attributes (git-fixes). - iio: dac: ad5593r: Fix i2c read protocol requirements (git-fixes). - iio: inkern: fix return value in devm_of_iio_channel_get_by_name() (git-fixes). - iio: inkern: only release the device node when done with it (git-fixes). - iio: light: tsl2583: Fix module unloading (git-fixes). - iio: ltc2497: Fix reading conversion results (git-fixes). - iio: magnetometer: yas530: Change data type of hard_offsets to signed (git-fixes). - iio: pressure: dps310: Refactor startup procedure (git-fixes). - iio: pressure: dps310: Reset chip after timeout (git-fixes). - iio: temperature: ltc2983: allocate iio channels once (git-fixes). - ima: fix blocking of security.ima xattrs of unsupported algorithms (git-fixes). - input: i8042 - fix refount leak on sparc (git-fixes). - input: synaptics-rmi4 - fix firmware update operations with bootloader v8 (git-fixes). - input: xpad - add supported devices as contributed on github (git-fixes). - input: xpad - fix wireless 360 controller breaking after suspend (git-fixes). - iommu/vt-d: Do not falsely log intel_iommu is unsupported kernel option (bsc#1204947). - ip: Fix data-races around sysctl_ip_fwd_update_priority (git-fixes). - ipv4: Fix data-races around sysctl_fib_multipath_hash_policy (git-fixes). - irqchip/ls-extirq: Fix invalid wait context by avoiding to use regmap (git-fixes). - isdn: mISDN: netjet: fix wrong check of device registration (git-fixes). - ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero (git-fixes). - ixgbe: fix bcast packets Rx on VF after promisc removal (git-fixes). - ixgbe: fix unexpected VLAN Rx in promisc mode on VF (git-fixes). - kABI: Fix after adding trace_iterator.wait_index (git-fixes). - kABI: Fix kABI after backport Add pmc->intr to refactor kvm_perf_overflow{_intr}() (git-fixes). - kABI: Fix kABI after backport Always set kvm_run->if_flag (git-fixes). - kABI: Fix kABI after backport Forcibly leave nested virt when SMM state is toggled (git-fixes). - kABI: Fix kABI after backport Refactoring find_arch_event() to pmc_perf_hw_id() (git-fixes). - kABI: Fix kABI after backport Update vPMCs when retiring branch instructions (git-fixes). - kabi/severities: ignore CS35L41-specific exports (bsc#1203699) - kbuild: Add skip_encoding_btf_enum64 option to pahole (git-fixes). - kbuild: remove the target in signal traps when interrupted (git-fixes). - kbuild: rpm-pkg: fix breakage when V=1 is used (git-fixes). - kernfs: fix use-after-free in __kernfs_remove (git-fixes). - kselftest/arm64: Fix validatation termination record after EXTRA_CONTEXT (git-fixes). - kvm: SVM: Exit to userspace on ENOMEM/EFAULT GHCB errors (git-fixes). - kvm: VMX: Inject #PF on ENCLS as "emulated" #PF (git-fixes). - kvm: fix avic_set_running for preemptable kernels (git-fixes). - kvm: nVMX: Ignore SIPI that arrives in L2 when vCPU is not in WFS (git-fixes). - kvm: nVMX: Unconditionally purge queued/injected events on nested "exit" (git-fixes). - kvm: s390: Clarify SIGP orders versus STOP/RESTART (git-fixes). - kvm: s390: pv: do not present the ecall interrupt twice (bsc#1203229 LTC#199905). - kvm: s390x: fix SCK locking (git-fixes). - kvm: x86/emulator: Fix handing of POP SS to correctly set interruptibility (git-fixes). - kvm: x86/mmu: Do not advance iterator after restart due to yielding (git-fixes). - kvm: x86/mmu: Retry page fault if root is invalidated by memslot update (git-fixes). - kvm: x86/pmu: Add pmc->intr to refactor kvm_perf_overflow{_intr}() (git-fixes). - kvm: x86/pmu: Do not truncate the PerfEvtSeln MSR when creating a perf event (git-fixes). - kvm: x86/pmu: Fix available_event_types check for REF_CPU_CYCLES event (git-fixes). - kvm: x86/pmu: Refactoring find_arch_event() to pmc_perf_hw_id() (git-fixes). - kvm: x86: Add KVM_CAP_ENABLE_CAP to x86 (git-fixes). - kvm: x86: Add compat handler for KVM_X86_SET_MSR_FILTER (git-fixes). - kvm: x86: Always set kvm_run->if_flag (git-fixes). - kvm: x86: Forcibly leave nested virt when SMM state is toggled (git-fixes). - kvm: x86: Inject #UD on emulated XSETBV if XSAVES isn't enabled (git-fixes). - kvm: x86: Keep MSR_IA32_XSS unchanged for INIT (git-fixes). - kvm: x86: Register perf callbacks after calling vendor's hardware_setup() (git-fixes). - kvm: x86: Sync the states size with the XCR0/IA32_XSS at, any time (git-fixes). - kvm: x86: Update vPMCs when retiring branch instructions (git-fixes). - kvm: x86: Update vPMCs when retiring instructions (git-fixes). - kvm: x86: do not report preemption if the steal time cache is stale (git-fixes). - kvm: x86: nSVM/nVMX: set nested_run_pending on VM entry which is a result of RSM (git-fixes). - kvm: x86: nSVM: fix potential NULL derefernce on nested migration (git-fixes). - kvm: x86: nSVM: mark vmcb01 as dirty when restoring SMM saved state (git-fixes). - lib/sg_pool: change module_init(sg_pool_init) to subsys_initcall (git-fixes). - livepatch: Add a missing newline character in klp_module_coming() (bsc#1071995). - livepatch: fix race between fork and KLP transition (bsc#1071995). - mISDN: fix possible memory leak in mISDN_register_device() (git-fixes). - mISDN: hfcpci: Fix use-after-free bug in hfcpci_softirq (git-fixes). - mac802154: Fix LQI recording (git-fixes). - macvlan: enforce a consistent minimal mtu (git-fixes). - mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg (git-fixes). - mailbox: mpfs: account for mbox offsets while sending (git-fixes). - mailbox: mpfs: fix handling of the reg property (git-fixes). - media: atomisp: prevent integer overflow in sh_css_set_black_frame() (git-fixes). - media: cedrus: Fix endless loop in cedrus_h265_skip_bits() (git-fixes). - media: cedrus: Set the platform driver data earlier (git-fixes). - media: cx88: Fix a null-ptr-deref bug in buffer_prepare() (git-fixes). - media: ipu3-imgu: Fix NULL pointer dereference in active selection access (git-fixes). - media: mceusb: set timeout to at least timeout provided (git-fixes). - media: meson: vdec: add missing clk_disable_unprepare on error in vdec_hevc_start() (git-fixes). - media: uvcvideo: Fix memory leak in uvc_gpio_parse (git-fixes). - media: uvcvideo: Use entity get_cur in uvc_ctrl_set (git-fixes). - media: v4l2-compat-ioctl32.c: zero buffer passed to v4l2_compat_get_array_args() (git-fixes). - media: v4l2-dv-timings: add sanity checks for blanking values (git-fixes). - media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation (git-fixes). - media: venus: dec: Handle the case where find_format fails (git-fixes). - media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced' (git-fixes). - media: vivid: dev->bitmap_cap wasn't freed in all cases (git-fixes). - media: vivid: s_fbuf: add more sanity checks (git-fixes). - media: vivid: set num_in/outputs to 0 if not supported (git-fixes). - media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init (git-fixes). - memory: of: Fix refcount leak bug in of_get_ddr_timings() (git-fixes). - memory: of: Fix refcount leak bug in of_lpddr3_get_ddr_timings() (git-fixes). - memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe() (git-fixes). - mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq() (git-fixes). - mfd: fsl-imx25: Fix check for platform_get_irq() errors (git-fixes). - mfd: intel-lpss: Add Intel Raptor Lake PCH-S PCI IDs (jsc#PED-634). - mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe() (git-fixes). - mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init() (git-fixes). - mfd: lp8788: Fix an error handling path in lp8788_probe() (git-fixes). - mfd: sm501: Add check for platform_driver_register() (git-fixes). - misc: ocxl: fix possible refcount leak in afu_ioctl() (git-fixes). - misc: pci_endpoint_test: Aggregate params checking for xfer (git-fixes). - misc: pci_endpoint_test: Fix pci_endpoint_test_{copy,write,read}() panic (git-fixes). - mlxsw: spectrum: Clear PTP configuration after unregistering the netdevice (git-fixes). - mlxsw: spectrum_cnt: Reorder counter pools (git-fixes). - mlxsw: spectrum_router: Fix IPv4 nexthop gateway indication (git-fixes). - mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page (bsc#1204575). - mmc: au1xmmc: Fix an error handling path in au1xmmc_probe() (git-fixes). - mmc: core: Fix kernel panic when remove non-standard SDIO card (git-fixes). - mmc: core: Replace with already defined values for readability (git-fixes). - mmc: core: Terminate infinite loop in SD-UHS voltage switch (git-fixes). - mmc: sdhci-esdhc-imx: Propagate ESDHC_FLAG_HS400* only on 8bit bus (git-fixes). - mmc: sdhci-msm: add compatible string check for sdm670 (git-fixes). - mmc: sdhci-pci-core: Disable ES for ASUS BIOS on Jasper Lake (git-fixes). - mmc: sdhci-sprd: Fix minimum clock limit (git-fixes). - mmc: sdhci_am654: 'select', not 'depends' REGMAP_MMIO (git-fixes). - mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe() (git-fixes). - move upstreamed BT fixes into sorted section - move upstreamed patches into sorted section - move upstreamed sound patches into sorted section - mtd: devices: docg3: check the return value of devm_ioremap() in the probe (git-fixes). - mtd: rawnand: atmel: Unmap streaming DMA mappings (git-fixes). - mtd: rawnand: fsl_elbc: Fix none ECC mode (git-fixes). - mtd: rawnand: intel: Do not re-define NAND_DATA_IFACE_CHECK_ONLY (git-fixes). - mtd: rawnand: intel: Read the chip-select line from the correct OF node (git-fixes). - mtd: rawnand: intel: Remove undocumented compatible string (git-fixes). - mtd: rawnand: marvell: Use correct logic for nand-keep-config (git-fixes). - mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct() (git-fixes). - net/dsa/hirschmann: Add missing of_node_get() in hellcreek_led_setup() (git-fixes). - net/ice: fix initializing the bitmap in the switch code (git-fixes). - net/ieee802154: fix uninit value bug in dgram_sendmsg (git-fixes). - net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure (git-fixes). - net/mlx5e: Disable softirq in mlx5e_activate_rq to avoid race condition (git-fixes). - net/mlx5e: Fix enabling sriov while tc nic rules are offloaded (git-fixes). - net/mlx5e: Properly disable vlan strip on non-UL reps (git-fixes). - net/mlx5e: Remove WARN_ON when trying to offload an unsupported TLS cipher/version (git-fixes). - net/mlx5e: Ring the TX doorbell on DMA errors (git-fixes). - net/mlx5e: TC, fix decap fallback to uplink when int port not supported (git-fixes). - net/mlx5e: Update netdev features after changing XDP state (git-fixes). - net/mlx5e: xsk: Account for XSK RQ UMRs when calculating ICOSQ size (git-fixes). - net: altera: Fix refcount leak in altera_tse_mdio_create (git-fixes). - net: atlantic: fix aq_vec index out of range error (git-fixes). - net: bcmgenet: Indicate MAC is in charge of PHY PM (git-fixes). - net: bgmac: Fix a BUG triggered by wrong bytes_compl (git-fixes). - net: bgmac: Fix an erroneous kfree() in bgmac_remove() (git-fixes). - net: bgmac: support MDIO described in DT (git-fixes). - net: bonding: fix possible NULL deref in rlb code (git-fixes). - net: bonding: fix use-after-free after 802.3ad slave unbind (git-fixes). - net: chelsio: cxgb4: Avoid potential negative array offset (git-fixes). - net: dp83822: disable false carrier interrupt (git-fixes). - net: dp83822: disable rx error interrupt (git-fixes). - net: dsa: bcm_sf2: force pause link settings (git-fixes). - net: dsa: ksz9477: port mirror sniffing limited to one port (git-fixes). - net: dsa: lantiq_gswip: Fix refcount leak in gswip_gphy_fw_list (git-fixes). - net: dsa: microchip: ksz9477: fix fdb_dump last invalid entry (git-fixes). - net: dsa: microchip: ksz_common: Fix refcount leak bug (git-fixes). - net: dsa: mv88e6060: prevent crash on an unused port (git-fixes). - net: dsa: mv88e6xxx: use BMSR_ANEGCOMPLETE bit for filling an_complete (git-fixes). - net: dsa: sja1105: fix buffer overflow in sja1105_setup_devlink_regions() (git-fixes). - net: dsa: sja1105: silent spi_device_id warnings (git-fixes). - net: dsa: vitesse-vsc73xx: silent spi_device_id warnings (git-fixes). - net: ethernet: bgmac: Fix refcount leak in bcma_mdio_mii_register (git-fixes). - net: ethernet: ti: am65-cpsw: Fix devlink port register sequence (git-fixes). - net: ethernet: ti: davinci_mdio: Add workaround for errata i2329 (git-fixes). - net: ethernet: ti: davinci_mdio: fix build for mdio bitbang uses (git-fixes). - net: fix IFF_TX_SKB_NO_LINEAR definition (git-fixes). - net: ftgmac100: Hold reference returned by of_get_child_by_name() (git-fixes). - net: hns3: do not push link state to VF if unalive (git-fixes). - net: hns3: set port base vlan tbl_sta to false before removing old vlan (git-fixes). - net: huawei: hinic: Use devm_kcalloc() instead of devm_kzalloc() (git-fixes). - net: ieee802154: return -EINVAL for unknown addr type (git-fixes). - net: ipa: do not assume SMEM is page-aligned (git-fixes). - net: ipvtap - add __init/__exit annotations to module init/exit funcs (git-fixes). - net: moxa: get rid of asymmetry in DMA mapping/unmapping (git-fixes). - net: moxa: pass pdev instead of ndev to DMA functions (git-fixes). - net: mscc: ocelot: fix address of SYS_COUNT_TX_AGING counter (git-fixes). - net: pcs: xpcs: propagate xpcs_read error to xpcs_get_state_c37_sgmii (git-fixes). - net: phy: dp83822: disable MDI crossover status change interrupt (git-fixes). - net: phy: dp83867: Extend RX strap quirk for SGMII mode (git-fixes). - net: stmmac: fix dma queue left shift overflow issue (git-fixes). - net: stmmac: fix leaks in probe (git-fixes). - net: stmmac: fix pm runtime issue in stmmac_dvr_remove() (git-fixes). - net: stmmac: fix unbalanced ptp clock issue in suspend/resume flow (git-fixes). - net: stmmac: remove redunctant disable xPCS EEE call (git-fixes). - net: sungem_phy: Add of_node_put() for reference returned by of_get_parent() (git-fixes). - net: tap: NULL pointer derefence in dev_parse_header_protocol when skb->dev is null (git-fixes). - net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 (git-fixes). - net: usb: r8152: Add in new Devices that are supported for Mac-Passthru (git-fixes). - netdevsim: fib: Fix reference count leak on route deletion failure (git-fixes). - nfc: fdp: Fix potential memory leak in fdp_nci_send() (git-fixes). - nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (git-fixes). - nfc: nxp-nci: Fix potential memory leak in nxp_nci_send() (git-fixes). - nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() (git-fixes). - nfp: ethtool: fix the display error of `ethtool -m DEVNAME` (git-fixes). - nfs: Fix another fsync() issue after a server reboot (git-fixes). - nfsv4: Fixes for nfs4_inode_return_delegation() (git-fixes). - nvme: do not print verbose errors for internal passthrough requests (bsc#1202187). - nvmem: core: Check input parameter for NULL in nvmem_unregister() (bsc#1204241). - octeontx2-af: Apply tx nibble fixup always (git-fixes). - octeontx2-af: Fix key checking for source mac (git-fixes). - octeontx2-af: Fix mcam entry resource leak (git-fixes). - octeontx2-af: suppress external profile loading warning (git-fixes). - octeontx2-pf: Fix NIX_AF_TL3_TL2X_LINKX_CFG register configuration (git-fixes). - octeontx2-pf: Fix UDP/TCP src and dst port tc filters (git-fixes). - octeontx2-pf: cn10k: Fix egress ratelimit configuration (git-fixes). - openvswitch: Fix double reporting of drops in dropwatch (git-fixes). - openvswitch: Fix overreporting of drops in dropwatch (git-fixes). - openvswitch: add nf_ct_is_confirmed check before assigning the helper (git-fixes). - openvswitch: switch from WARN to pr_warn (git-fixes). - overflow.h: restore __ab_c_size (git-fixes). - overflow: Implement size_t saturating arithmetic helpers (jsc#PED-1211). - pci/aspm: Correct LTR_L1.2_THRESHOLD computation (git-fixes). - pci/aspm: Ignore L1 PM Substates if device lacks capability (git-fixes). - pci: Fix used_buses calculation in pci_scan_child_bus_extend() (git-fixes). - pci: Sanitise firmware BAR assignments behind a PCI-PCI bridge (git-fixes). - pci: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (bsc#1204017). - pci: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (bsc#1204017). - pci: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (bsc#1204017). - pci: mediatek-gen3: Change driver name to mtk-pcie-gen3 (git-fixes). - phy: amlogic: phy-meson-axg-mipi-pcie-analog: Hold reference returned by of_get_parent() (git-fixes). - phy: qualcomm: call clk_disable_unprepare in the error handling (git-fixes). - pinctrl: Ingenic: JZ4755 bug fixes (git-fixes). - pinctrl: alderlake: Add Intel Alder Lake-N pin controller support (jsc#PED-676). - pinctrl: alderlake: Add Raptor Lake-S ACPI ID (jsc#PED-634). - pinctrl: alderlake: Fix register offsets for ADL-N variant (jsc#PED-676). - pinctrl: armada-37xx: Add missing GPIO-only pins (git-fixes). - pinctrl: armada-37xx: Checks for errors in gpio_request_enable callback (git-fixes). - pinctrl: armada-37xx: Fix definitions for MPP pins 20-22 (git-fixes). - pinctrl: microchip-sgpio: Correct the fwnode_irq_get() return value check (git-fixes). - platform/chrome: cros_ec: Notify the PM of wake events during resume (git-fixes). - platform/chrome: cros_ec_proto: Update version on GET_NEXT_EVENT failure (git-fixes). - platform/chrome: cros_ec_typec: Correct alt mode index (git-fixes). - platform/chrome: fix double-free in chromeos_laptop_prepare() (git-fixes). - platform/chrome: fix memory corruption in ioctl (git-fixes). - platform/x86: asus-wmi: Document the dgpu_disable sysfs attribute (git-fixes). - platform/x86: asus-wmi: Document the egpu_enable sysfs attribute (git-fixes). - platform/x86: asus-wmi: Document the panel_od sysfs attribute (git-fixes). - platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading (git-fixes). - platform/x86: msi-laptop: Fix old-ec check for backlight registering (git-fixes). - platform/x86: msi-laptop: Fix resource cleanup (git-fixes). - plip: avoid rcu debug splat (git-fixes). - pm: domains: Fix handling of unavailable/disabled idle states (git-fixes). - pm: hibernate: Allow hybrid sleep to work with s2idle (git-fixes). - power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type() (git-fixes). - powerpc/64: Remove unused SYS_CALL_TABLE symbol (jsc#SLE-9246 git-fixes). - powerpc/64: pcpu setup avoid reading mmu_linear_psize on 64e or radix (bsc#1204413 ltc#200176). - powerpc/64s: Fix build failure when CONFIG_PPC_64S_HASH_MMU is not set (bsc#1204413 ltc#200176). - powerpc/64s: Make flush_and_reload_slb a no-op when radix is enabled (bsc#1204413 ltc#200176). - powerpc/64s: Make hash MMU support configurable (bsc#1204413 ltc#200176). - powerpc/64s: Move and rename do_bad_slb_fault as it is not hash specific (bsc#1204413 ltc#200176). - powerpc/64s: Move hash MMU support code under CONFIG_PPC_64S_HASH_MMU (bsc#1204413 ltc#200176). - powerpc/64s: Rename hash_hugetlbpage.c to hugetlbpage.c (bsc#1204413 ltc#200176). - powerpc/fadump: align destination address to pagesize (bsc#1204728 ltc#200074). - powerpc/kprobes: Fix null pointer reference in arch_prepare_kprobe() (jsc#SLE-13847 git-fixes). - powerpc/mm/64s: Drop pgd_huge() (bsc#1065729). - powerpc/pci_dn: Add missing of_node_put() (bsc#1065729). - powerpc/powernv: add missing of_node_put() in opal_export_attrs() (bsc#1065729). - powerpc/pseries/vas: Add VAS IRQ primary handler (bsc#1204413 ltc#200176). - powerpc/pseries: Stop selecting PPC_HASH_MMU_NATIVE (bsc#1204413 ltc#200176). - powerpc/pseries: lparcfg do not include slb_size line in radix mode (bsc#1204413 ltc#200176). - powerpc: Ignore DSI error caused by the copy/paste instruction (bsc#1204413 ltc#200176). - powerpc: Rename PPC_NATIVE to PPC_HASH_MMU_NATIVE (bsc#1204413 ltc#200176). Update config files. - powerpc: make memremap_compat_align 64s-only (bsc#1204413 ltc#200176). - printk: add missing memory barrier to wake_up_klogd() (bsc#1204934). - printk: use atomic updates for klogd work (bsc#1204934). - printk: wake waiters for safe and NMI contexts (bsc#1204934). - r8152: add PID for the Lenovo OneLink+ Dock (git-fixes). - rdma/cma: Fix arguments order in net device validation (git-fixes) - rdma/hfi1: Fix potential integer multiplication overflow errors (git-fixes) - rdma/hns: Add the detection for CMDQ status in the device initialization process (git-fixes) - rdma/irdma: Add support for address handle re-use (git-fixes) - rdma/irdma: Align AE id codes to correct flush code and event (git-fixes) - rdma/irdma: Do not advertise 1GB page size for x722 (git-fixes) - rdma/irdma: Fix VLAN connection with wildcard address (git-fixes) - rdma/irdma: Fix a window for use-after-free (git-fixes) - rdma/irdma: Fix setting of QP context err_rq_idx_valid field (git-fixes) - rdma/irdma: Fix sleep from invalid context BUG (git-fixes) - rdma/irdma: Move union irdma_sockaddr to header file (git-fixes) - rdma/irdma: Remove the unnecessary variable saddr (git-fixes) - rdma/irdma: Report RNR NAK generation in device caps (git-fixes) - rdma/irdma: Report the correct max cqes from query device (git-fixes) - rdma/irdma: Return correct WC error for bind operation failure (git-fixes) - rdma/irdma: Return error on MR deregister CQP failure (git-fixes) - rdma/irdma: Use net_type to check network type (git-fixes) - rdma/irdma: Validate udata inlen and outlen (git-fixes) - rdma/mlx5: Add missing check for return value in get namespace flow (git-fixes) - rdma/mlx5: Do not compare mkey tags in DEVX indirect mkey (git-fixes) - rdma/qedr: Fix potential memory leak in __qedr_alloc_mr() (git-fixes) - rdma/qedr: Fix reporting QP timeout attribute (git-fixes) - rdma/rxe: Fix "kernel NULL pointer dereference" error (git-fixes) - rdma/rxe: Fix deadlock in rxe_do_local_ops() (git-fixes) - rdma/rxe: Fix error unwind in rxe_create_qp() (git-fixes) - rdma/rxe: Fix mw bind to allow any consumer key portion (git-fixes) - rdma/rxe: Fix resize_finish() in rxe_queue.c (git-fixes) - rdma/rxe: Fix rnr retry behavior (git-fixes) - rdma/rxe: Fix the error caused by qp->sk (git-fixes) - rdma/rxe: For invalidate compare according to set keys in mr (git-fixes) - rdma/rxe: Generate a completion for unsupported/invalid opcode (git-fixes) - rdma/siw: Always consume all skbuf data in sk_data_ready() upcall. (git-fixes) - rdma/siw: Fix QP destroy to wait for all references dropped. (git-fixes) - rdma/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event (git-fixes) - rdma/siw: Pass a pointer to virt_to_page() (git-fixes) - rdma/srp: Fix srp_abort() (git-fixes) - rdma/srp: Handle dev_set_name() failure (git-fixes) - rdma/srp: Rework the srp_add_port() error path (git-fixes) - rdma/srp: Set scmnd->result only when scmnd is not NULL (git-fixes) - rdma/srp: Support more than 255 rdma ports (git-fixes) - rdma/srp: Use the attribute group mechanism for sysfs attributes (git-fixes) - rdma/srpt: Duplicate port name members (git-fixes) - rdma/srpt: Fix a use-after-free (git-fixes) - rdma/srpt: Introduce a reference count in struct srpt_device (git-fixes) - rdma/usnic: fix set-but-not-unused variable 'flags' warning (git-fixes) - rdma: remove useless condition in siw_create_cq() (git-fixes) - regulator: core: Prevent integer underflow (git-fixes). - remoteproc: imx_rproc: Simplify some error message (git-fixes). - revert "SUNRPC: Remove unreachable error condition" (git-fixes). - revert "crypto: qat - reduce size of mapped region" (git-fixes). - revert "drm/amdgpu: use dirty framebuffer helper" (git-fixes). - revert "usb: storage: Add quirk for Samsung Fit flash" (git-fixes). - revert "workqueue: remove unused cancel_work()" (bsc#1204933). - ring-buffer: Add ring_buffer_wake_waiters() (git-fixes). - ring-buffer: Allow splice to read previous partially read pages (git-fixes). - ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters() (bsc#1204705). - ring-buffer: Check pending waiters when doing wake ups as well (git-fixes). - ring-buffer: Fix race between reset page and reading page (git-fixes). - ring-buffer: Have the shortest_full queue be the shortest not longest (git-fixes). - rose: Fix NULL pointer dereference in rose_send_frame() (git-fixes). - rpm/check-for-config-changes: loosen pattern for AS_HAS_* This is needed to handle CONFIG_AS_HAS_NON_CONST_LEB128. - rpmsg: qcom: glink: replace strncpy() with strscpy_pad() (git-fixes). - rtc: stmp3xxx: Add failure handling for stmp3xxx_wdt_register() (git-fixes). - s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup (git-fixes). - s390/smp: enforce lowcore protection on CPU restart (git-fixes). - sbitmap: Avoid leaving waitqueue in invalid state in __sbq_wake_up() (git-fixes). - sbitmap: fix possible io hung due to lost wakeup (git-fixes). - scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() (git-fixes). - scsi: lpfc: Create a sysfs entry called lpfc_xcvr_data for transceiver info (bsc#1204957). - scsi: lpfc: Fix hard lockup when reading the rx_monitor from debugfs (bsc#1204957). - scsi: lpfc: Fix memory leak in lpfc_create_port() (bsc#1204957). - scsi: lpfc: Fix spelling mistake "unsolicted" -> "unsolicited" (bsc#1204957). - scsi: lpfc: Log when congestion management limits are in effect (bsc#1204957). - scsi: lpfc: Set sli4_param's cmf option to zero when CMF is turned off (bsc#1204957). - scsi: lpfc: Update lpfc version to 14.2.0.8 (bsc#1204957). - scsi: lpfc: Update the obsolete adapter list (bsc#1204142). - scsi: mpi3mr: Schedule IRQ kthreads only on non-RT kernels (bnc#1204498). - scsi: qla2xxx: Fix serialization of DCBX TLV data request (bsc#1204963). - scsi: qla2xxx: Use transport-defined speed mask for supported_speeds (bsc#1204963). - scsi: scsi_transport_fc: Use %u for dev_loss_tmo (bsc#1202914). - scsi: ufs: ufs-pci: Add support for Intel ADL (jsc#PED-707). - scsi: ufs: ufs-pci: Add support for Intel MTL (jsc#PED-732). - selftest: tpm2: Add Client.__del__() to close /dev/tpm* handle (git-fixes). - selftests/livepatch: better synchronize test_klp_callbacks_busy (bsc#1071995). - selftests/pidfd_test: Remove the erroneous ',' (git-fixes). - selftests/powerpc: Skip energy_scale_info test on older firmware (git-fixes). - selftests: netfilter: Fix nft_fib.sh for all.rp_filter=1 (git-fixes). - selinux: allow FIOCLEX and FIONCLEX with policy capability (git-fixes). - selinux: enable use of both GFP_KERNEL and GFP_ATOMIC in convert_context() (git-fixes). - selinux: use "grep -E" instead of "egrep" (git-fixes). - serial: 8250: Fix restoring termios speed after suspend (git-fixes). - serial: core: move RS485 configuration tasks from drivers into core (git-fixes). - sfc: disable softirqs for ptp TX (git-fixes). - sfc: fix kernel panic when creating VF (git-fixes). - sfc: fix use after free when disabling sriov (git-fixes). - signal: break out of wait loops on kthread_stop() (bsc#1204926). - slimbus: qcom-ngd: cleanup in probe error path (git-fixes). - slimbus: qcom-ngd: use correct error in message of pdr_add_lookup() failure (git-fixes). - soc/tegra: fuse: Drop Kconfig dependency on TEGRA20_APB_DMA (git-fixes). - soc: qcom: smem_state: Add refcounting for the 'state->of_node' (git-fixes). - soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe() (git-fixes). - soc: sunxi: sram: Fix probe function ordering issues (git-fixes). - soc: sunxi_sram: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - soundwire: cadence: Do not overwrite msg->buf during write commands (git-fixes). - soundwire: intel: fix error handling on dai registration issues (git-fixes). - spi: Ensure that sg_table won't be used after being freed (git-fixes). - spi: pxa2xx: Add support for Intel Meteor Lake-P (jsc#PED-732). - spi: pxa2xx: Add support for Intel Raptor Lake PCH-S (jsc#PED-634). - spmi: pmic-arb: correct duplicate APID to PPID mapping logic (git-fixes). - spmi: pmic-arb: do not ack and clear peripheral interrupts in cleanup_irq (git-fixes). - staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv() (git-fixes). - staging: rtl8723bs: fix potential memory leak in rtw_init_drv_sw() (git-fixes). - staging: vt6655: fix potential memory leak (git-fixes). - staging: vt6655: fix some erroneous memory clean-up loops (git-fixes). - stmmac: intel: Add a missing clk_disable_unprepare() call in intel_eth_pci_remove() (git-fixes). - stmmac: intel: Fix an error handling path in intel_eth_pci_probe() (git-fixes). - thermal/drivers/qcom/tsens-v0_1: Fix MSM8939 fourth sensor hw_id (git-fixes). - thermal: cpufreq_cooling: Check the policy first in cpufreq_cooling_register() (git-fixes). - thermal: int340x: Mode setting with new OS handshake (jsc#PED-678). - thermal: int340x: Update OS policy capability handshake (jsc#PED-678). - thermal: intel_powerclamp: Use first online CPU as control_cpu (git-fixes). - thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash (git-fixes). - thunderbolt: Add back Intel Falcon Ridge end-to-end flow control workaround (git-fixes). - thunderbolt: Add missing device ID to tb_switch_is_alpine_ridge() (git-fixes). - thunderbolt: Add support for Intel Raptor Lake (jsc#PED-634). - thunderbolt: Disable LTTPR on Intel Titan Ridge (git-fixes). - thunderbolt: Explicitly enable lane adapter hotplug events at startup (git-fixes). - thunderbolt: Explicitly reset plug events delay back to USB4 spec value (git-fixes). - thunderbolt: Fix buffer allocation of devices with no DisplayPort adapters (git-fixes). - tracing/osnoise: Fix possible recursive locking in stop_per_cpu_kthreads (git-fixes). - tracing: Add "(fault)" name injection to kernel probes (git-fixes). - tracing: Add ioctl() to force ring buffer waiters to wake up (git-fixes). - tracing: Disable interrupt or preemption before acquiring arch_spinlock_t (git-fixes). - tracing: Do not free snapshot if tracer is on cmdline (git-fixes). - tracing: Fix reading strings from synthetic events (git-fixes). - tracing: Move duplicate code of trace_kprobe/eprobe.c into header (git-fixes). - tracing: Replace deprecated CPU-hotplug functions (git-fixes). - tracing: Simplify conditional compilation code in tracing_set_tracer() (git-fixes). - tracing: Wake up ring buffer waiters on closing of the file (git-fixes). - tracing: Wake up waiters when tracing is disabled (git-fixes). - tracing: kprobe: Fix kprobe event gen test module on exit (git-fixes).++ kernel-source.spec (revision 4)Release: &lt;RELEASE>.g76cfe60Provides: %name-srchash-76cfe60e3ab724313d9fba4cf5ebaf12ad49ea0e - tracing: kprobe: Make gen test module work in arm and riscv (git-fixes). - tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown (git-fixes). - tty: xilinx_uartps: Fix the ignore_status (git-fixes). - uas: add no-uas quirk for Hiksemi usb_disk (git-fixes). - uas: ignore UAS for Thinkplus chips (git-fixes). - udmabuf: Set ubuf->sg = NULL if the creation of sg table fails (git-fixes). - update kabi files. Refresh from Nov 2022 MU - 5.14.21-150400.24.28.1 - update patches.suse/kbuild-Add-skip_encoding_btf_enum64-option-to-pahole.patch (bsc#1204693). - usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS (git-fixes). - usb/hcd: Fix dma_map_sg error check (git-fixes). - usb: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM (git-fixes). - usb: add quirks for Lenovo OneLink+ Dock (git-fixes). - usb: bdc: change state when port disconnected (git-fixes). - usb: cdc-wdm: Use skb_put_data() instead of skb_put/memcpy pair (git-fixes). - usb: common: debug: Check non-standard control requests (git-fixes). - usb: dwc3: core: Enable GUCTL1 bit 10 for fixing termination error after resume bug (git-fixes). - usb: dwc3: gadget: Do not set IMI for no_interrupt (git-fixes). - usb: dwc3: gadget: Stop processing more requests on IMI (git-fixes). - usb: ehci: Fix a function name in comments (git-fixes). - usb: gadget: bdc: fix typo in comment (git-fixes). - usb: gadget: f_fs: stricter integer overflow checks (git-fixes). - usb: gadget: function: fix dangling pnp_string in f_printer.c (git-fixes). - usb: host: xhci-plat: suspend and resume clocks (git-fixes). - usb: host: xhci-plat: suspend/resume clks for brcm (git-fixes). - usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() (git-fixes). - usb: idmouse: fix an uninit-value in idmouse_open (git-fixes). - usb: mon: make mmapped memory read only (git-fixes). - usb: mtu3: fix failed runtime suspend in host only mode (git-fixes). - usb: musb: Fix musb_gadget.c rxstate overflow bug (git-fixes). - usb: serial: console: move mutex_unlock() before usb_serial_put() (git-fixes). - usb: serial: ftdi_sio: fix 300 bps rate for SIO (git-fixes). - usb: serial: qcserial: add new usb-id for Dell branded EM7455 (git-fixes). - usb: typec: tcpm: fix typo in comment (git-fixes). - usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller (git-fixes). - virt: vbox: convert to use dev_groups (git-fixes). - vsock: fix possible infinite sleep in vsock_connectible_wait_data() (git-fixes). - vsock: remove the unused 'wait' in vsock_connectible_recvmsg() (git-fixes). - watchdog/hpwdt: Include nmi.h only if CONFIG_HPWDT_NMI_DECODING (git-fixes). - watchdog: armada_37xx_wdt: Fix .set_timeout callback (git-fixes). - watchdog: ftwdt010_wdt: fix test for platform_get_irq() failure (git-fixes). - wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() (git-fixes). - wifi: brcmfmac: fix invalid address access when enabling SCAN log level (git-fixes). - wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() (git-fixes). - wifi: cfg80211/mac80211: reject bad MBSSID elements (git-fixes). - wifi: cfg80211: fix ieee80211_data_to_8023_exthdr handling of small packets (git-fixes). - wifi: cfg80211: update hidden BSSes to avoid WARN_ON (git-fixes). - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (other cases) (git-fixes). - wifi: mac80211: do not drop packets smaller than the LLC-SNAP header on fast-rx (git-fixes). - wifi: mac80211: fix decap offload for stations on AP_VLAN interfaces (git-fixes). - wifi: mac80211: fix probe req HE capabilities access (git-fixes). - wifi: mac80211_hwsim: avoid mac80211 warning on bad rate (git-fixes). - wifi: mt76: mt7921: reset msta->airtime_ac while clearing up hw value (git-fixes). - wifi: rt2x00: correctly set BBP register 86 for MT7620 (git-fixes). - wifi: rt2x00: do not run Rt5592 IQ calibration on MT7620 (git-fixes). - wifi: rt2x00: set SoC wmac clock register (git-fixes). - wifi: rt2x00: set VGC gain for both chains of MT7620 (git-fixes). - wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620 (git-fixes). - wwan_hwsim: fix possible memory leak in wwan_hwsim_dev_new() (git-fixes). - x86/boot: Do not propagate uninitialized boot_params->cc_blob_address (bsc#1204970). - x86/boot: Fix the setup data types max limit (bsc#1204970). - x86/compressed/64: Add identity mappings for setup_data entries (bsc#1204970). - x86/sev: Annotate stack change in the #VC handler (bsc#1204970). - x86/sev: Do not use cc_platform_has() for early SEV-SNP calls (bsc#1204970). - x86/sev: Remove duplicated assignment to variable info (bsc#1204970). - xen/gntdev: Prevent leaking grants (git-fixes). - xhci-pci: Set runtime PM as default policy on all xHC 1.2 or later devices (git-fixes). - xhci: Add quirk to reset host back to default state at shutdown (git-fixes). - xhci: Do not show warning for reinit on known broken suspend (git-fixes). - xhci: Remove device endpoints from bandwidth list when freeing the device (git-fixes). - xhci: dbc: Fix memory leak in xhci_alloc_dbc() (git-fixes). kernel-default-5.14.21-150400.24.33.2.nosrc.rpm True kernel-default-5.14.21-150400.24.33.2.x86_64.rpm True kernel-default-base-5.14.21-150400.24.33.2.150400.24.11.4.src.rpm True kernel-default-base-5.14.21-150400.24.33.2.150400.24.11.4.x86_64.rpm True kernel-default-devel-5.14.21-150400.24.33.2.x86_64.rpm True kernel-devel-5.14.21-150400.24.33.1.noarch.rpm True kernel-macros-5.14.21-150400.24.33.1.noarch.rpm True kernel-source-5.14.21-150400.24.33.1.src.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2022-4198 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) python-rpm-4.14.3-150300.52.1.src.rpm python3-rpm-4.14.3-150300.52.1.x86_64.rpm rpm-32bit-4.14.3-150300.52.1.x86_64.rpm rpm-4.14.3-150300.52.1.src.rpm rpm-4.14.3-150300.52.1.x86_64.rpm rpm-devel-4.14.3-150300.52.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4146 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for binutils fixes the following issues: The following security bugs were fixed: - CVE-2019-1010204: Fixed out-of-bounds read in elfcpp/elfcpp_file.h (bsc#1142579). - CVE-2021-3530: Fixed stack-based buffer overflow in demangle_path() in rust-demangle.c (bsc#1185597). - CVE-2021-3648: Fixed infinite loop while demangling rust symbols (bsc#1188374). - CVE-2021-3826: Fixed heap/stack buffer overflow in the dlang_lname function in d-demangle.c (bsc#1202969). - CVE-2021-45078: Fixed out-of-bounds write in stab_xcoff_builtin_type() in stabs.c (bsc#1193929). - CVE-2021-46195: Fixed uncontrolled recursion in libiberty/rust-demangle.c (bsc#1194783). - CVE-2022-27943: Fixed stack exhaustion in demangle_const in (bsc#1197592). - CVE-2022-38126: Fixed assertion fail in the display_debug_names() function in binutils/dwarf.c (bsc#1202966). - CVE-2022-38127: Fixed NULL pointer dereference in the read_and_display_attr_value() function in binutils/dwarf.c (bsc#1202967). - CVE-2022-38533: Fixed heap out-of-bounds read in bfd_getl32 (bsc#1202816). The following non-security bugs were fixed: - SLE toolchain update of binutils, update to 2.39 from 2.37. - Update to 2.39: * The ELF linker will now generate a warning message if the stack is made executable. Similarly it will warn if the output binary contains a segment with all three of the read, write and execute permission bits set. These warnings are intended to help developers identify programs which might be vulnerable to attack via these executable memory regions. The warnings are enabled by default but can be disabled via a command line option. It is also possible to build a linker with the warnings disabled, should that be necessary. * The ELF linker now supports a --package-metadata option that allows embedding a JSON payload in accordance to the Package Metadata specification. * In linker scripts it is now possible to use TYPE=<type> in an output section description to set the section type value. * The objdump program now supports coloured/colored syntax highlighting of its disassembler output for some architectures. (Currently: AVR, RiscV, s390, x86, x86_64). * The nm program now supports a --no-weak/-W option to make it ignore weak symbols. * The readelf and objdump programs now support a -wE option to prevent them from attempting to access debuginfod servers when following links. * The objcopy program's --weaken, --weaken-symbol, and --weaken-symbols options now works with unique symbols as well. - Update to 2.38: * elfedit: Add --output-abiversion option to update ABIVERSION. * Add support for the LoongArch instruction set. * Tools which display symbols or strings (readelf, strings, nm, objdump) have a new command line option which controls how unicode characters are handled. By default they are treated as normal for the tool. Using --unicode=locale will display them according to the current locale. Using --unicode=hex will display them as hex byte values, whilst --unicode=escape will display them as escape sequences. In addition using --unicode=highlight will display them as unicode escape sequences highlighted in red (if supported by the output device). * readelf -r dumps RELR relative relocations now. * Support for efi-app-aarch64, efi-rtdrv-aarch64 and efi-bsdrv-aarch64 has been added to objcopy in order to enable UEFI development using binutils. * ar: Add --thin for creating thin archives. -T is a deprecated alias without diagnostics. In many ar implementations -T has a different meaning, as specified by X/Open System Interface. * Add support for AArch64 system registers that were missing in previous releases. * Add support for the LoongArch instruction set. * Add a command-line option, -muse-unaligned-vector-move, for x86 target to encode aligned vector move as unaligned vector move. * Add support for Cortex-R52+ for Arm. * Add support for Cortex-A510, Cortex-A710, Cortex-X2 for AArch64. * Add support for Cortex-A710 for Arm. * Add support for Scalable Matrix Extension (SME) for AArch64. * The --multibyte-handling=[allow|warn|warn-sym-only] option tells the assembler what to when it encoutners multibyte characters in the input. The default is to allow them. Setting the option to "warn" will generate a warning message whenever any multibyte character is encountered. Using the option to "warn-sym-only" will make the assembler generate a warning whenever a symbol is defined containing multibyte characters. (References to undefined symbols will not generate warnings). * Outputs of .ds.x directive and .tfloat directive with hex input from x86 assembler have been reduced from 12 bytes to 10 bytes to match the output of .tfloat directive. * Add support for 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and 'armv9.3-a' for -march in AArch64 GAS. * Add support for 'armv8.7-a', 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and 'armv9.3-a' for -march in Arm GAS. * Add support for Intel AVX512_FP16 instructions. * Add -z pack-relative-relocs/-z no pack-relative-relocs to x86 ELF linker to pack relative relocations in the DT_RELR section. * Add support for the LoongArch architecture. * Add -z indirect-extern-access/-z noindirect-extern-access to x86 ELF linker to control canonical function pointers and copy relocation. * Add --max-cache-size=SIZE to set the the maximum cache size to SIZE bytes. - Explicitly enable --enable-warn-execstack=yes and --enable-warn-rwx-segments=yes. - Add gprofng subpackage. - Include recognition of 'z16' name for 'arch14' on s390. (bsc#1198237). - Add back fix for bsc#1191473, which got lost in the update to 2.38. - Install symlinks for all target specific tools on arm-eabi-none (bsc#1185712). - Enable PRU architecture for AM335x CPU (Beagle Bone Black board) binutils-2.39-150100.7.40.1.src.rpm binutils-2.39-150100.7.40.1.x86_64.rpm binutils-devel-2.39-150100.7.40.1.x86_64.rpm libctf-nobfd0-2.39-150100.7.40.1.x86_64.rpm libctf0-2.39-150100.7.40.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4312 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for tar fixes the following issues: - Fix unexpected inconsistency when making directory (bsc#1203600) - Update race condition fix (bsc#1200657) tar-1.34-150000.3.22.3.src.rpm tar-1.34-150000.3.22.3.x86_64.rpm tar-lang-1.34-150000.3.22.3.noarch.rpm tar-rmt-1.34-150000.3.22.3.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-3999 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428 * 0469b9f2bc pstore: do not try to load all known pstore modules * ad05f54439 pstore: Run after modules are loaded * ccad817445 core: Add trigger limit for path units * 281d818fe3 core/mount: also add default before dependency for automount mount units * ffe5b4afa8 logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179) - Make "sle15-sp3" net naming scheme still available for backward compatibility reason libsystemd0-249.12-150400.8.13.1.x86_64.rpm True libsystemd0-32bit-249.12-150400.8.13.1.x86_64.rpm True libudev1-249.12-150400.8.13.1.x86_64.rpm True libudev1-32bit-249.12-150400.8.13.1.x86_64.rpm True systemd-249.12-150400.8.13.1.src.rpm True systemd-249.12-150400.8.13.1.x86_64.rpm True systemd-container-249.12-150400.8.13.1.x86_64.rpm True systemd-coredump-249.12-150400.8.13.1.x86_64.rpm True systemd-devel-249.12-150400.8.13.1.x86_64.rpm True systemd-doc-249.12-150400.8.13.1.x86_64.rpm True systemd-lang-249.12-150400.8.13.1.noarch.rpm True systemd-sysvinit-249.12-150400.8.13.1.x86_64.rpm True udev-249.12-150400.8.13.1.x86_64.rpm True systemd-32bit-249.12-150400.8.13.1.x86_64.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2022-4001 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for sudo fixes the following issues: - CVE-2022-43995: Fixed a potential heap-based buffer over-read when entering a password of seven characters or fewer and using the crypt() password backend (bsc#1204986). sudo-1.9.9-150400.4.6.1.src.rpm sudo-1.9.9-150400.4.6.1.x86_64.rpm sudo-devel-1.9.9-150400.4.6.1.x86_64.rpm sudo-plugin-python-1.9.9-150400.4.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4153 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). krb5-1.19.2-150400.3.3.1.src.rpm krb5-1.19.2-150400.3.3.1.x86_64.rpm krb5-32bit-1.19.2-150400.3.3.1.x86_64.rpm krb5-client-1.19.2-150400.3.3.1.x86_64.rpm krb5-devel-1.19.2-150400.3.3.1.x86_64.rpm krb5-plugin-preauth-otp-1.19.2-150400.3.3.1.x86_64.rpm krb5-plugin-preauth-pkinit-1.19.2-150400.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4206 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for pixman fixes the following issues: - CVE-2022-44638: Fixed an integer overflow in pixman_sample_floor_y leading to heap out-of-bounds write (bsc#1205033). libpixman-1-0-0.40.0-150400.3.3.1.x86_64.rpm libpixman-1-0-devel-0.40.0-150400.3.3.1.x86_64.rpm pixman-0.40.0-150400.3.3.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4306 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for bcel fixes the following issues: - CVE-2022-42920: Fixed producing arbitrary bytecode via out-of-bounds writing (bsc#1205125). bcel-5.2-150200.11.3.1.noarch.rpm bcel-5.2-150200.11.3.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4141 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for grub2 fixes the following issues: - CVE-2022-2601: Fixed buffer overflow in grub_font_construct_glyph (bsc#1205178). - CVE-2022-3775: Fixed integer underflow in blit_comb() (bsc#1205182). Other: - Bump upstream SBAT generation to 3 grub2-2.06-150400.11.17.1.src.rpm grub2-2.06-150400.11.17.1.x86_64.rpm grub2-i386-pc-2.06-150400.11.17.1.noarch.rpm grub2-snapper-plugin-2.06-150400.11.17.1.noarch.rpm grub2-systemd-sleep-plugin-2.06-150400.11.17.1.noarch.rpm grub2-x86_64-efi-2.06-150400.11.17.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4278 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for supportutils fixes the following issues: Security issues fixed: - Passwords correctly removed from email.txt, updates.txt and fs-iscsi.txt (bsc#1203818) Bug fixes: - Added lifecycle information - Fixed KVM virtualization detection on bare metal (bsc#1184689) - Added logging using journalctl (bsc#1200330) - Get current sar data before collecting files (bsc#1192648) - Collects everything in /etc/multipath/ (bsc#1192252) - Collects power management information in hardware.txt (bsc#1197428) - Checks for suseconnect-ng or SUSEConnect packages (bsc#1202337) - Fixed conf_files and conf_text_files so y2log is gathered (bsc#1202269) - Update to nvme_info and block_info (bsc#1202417) - Added includedir directories from /etc/sudoers (bsc#1188086) supportutils-3.1.21-150300.7.35.15.1.noarch.rpm supportutils-3.1.21-150300.7.35.15.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4138 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for python-msgpack fixes the following issues: - Fix build failures on SUSE Linux Enterprise 15 Service Pack 5 (bsc#1203743) python-msgpack-0.5.6-150100.3.3.1.src.rpm python3-msgpack-0.5.6-150100.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4328 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for audit-secondary fixes the following issues: - Fix rules not loaded when restarting auditd.service (bsc#1204844) audit-3.0.6-150400.4.6.1.x86_64.rpm audit-audispd-plugins-3.0.6-150400.4.6.1.x86_64.rpm audit-secondary-3.0.6-150400.4.6.1.src.rpm python3-audit-3.0.6-150400.4.6.1.x86_64.rpm system-group-audit-3.0.6-150400.4.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-42 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for YaST fixes the following issues: yast2-cluster: - Set crypto_hash as "sha1" and set crypto_cipher as "aes256" (bsc#1204530) - Set transport as "udpu" when detect in cloud - Set default values for mcastaddr/mcastport/bindnedaddr when cluster firstly configured - Set focus on "Generate Auth Key File" when secauth is true - Implement ValidateSecurity method - Set focus on 'memberaddr add' when using udpu yast2-country: - Ensure the correct language translations are always used (bsc#1204845, bsc#1193009) yast2-online-update: - Fix to prevent the unconditional refresh of all repositories when it's not needed (bsc#1204907) yast2-packager: - Do not add an empty repository to the system when upgrading a registered system using the Full installation medium (bsc#1204399) yast2-pkg-bindings: - Allow querying orphaned packages (bsc#1202007) yast2-update: - Display a warning in the upgrade summary when removing orphaned 3rd party packages (bsc#1202007) yast2-country-4.4.13-150400.3.3.1.src.rpm yast2-country-4.4.13-150400.3.3.1.x86_64.rpm yast2-country-data-4.4.13-150400.3.3.1.x86_64.rpm yast2-online-update-4.4.4-150400.3.3.1.noarch.rpm yast2-online-update-4.4.4-150400.3.3.1.src.rpm yast2-online-update-frontend-4.4.4-150400.3.3.1.noarch.rpm yast2-packager-4.4.33-150400.3.7.2.src.rpm yast2-packager-4.4.33-150400.3.7.2.x86_64.rpm yast2-pkg-bindings-4.4.5-150400.3.3.1.src.rpm yast2-pkg-bindings-4.4.5-150400.3.3.1.x86_64.rpm yast2-update-4.4.8-150400.3.6.1.src.rpm yast2-update-4.4.8-150400.3.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4464 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for YaST fixes the following issues: autoyast2: - Add needed packages for kdump if the product enables kdump by default (bsc#1204180) - Add support for DISA STIG security policy validation (jsc#SLE-25087, jsc#SLE-24764) skelcd-control-leanos: - Add support for DISA STIG security policy validation (jsc#SLE-25087, jsc#SLE-24764) yast2-installation: - Fixed the help in the installation summary (jsc#SLE-25087, jsc#SLE-24764) - Write configuration for ssg-apply script according to the enabled security policy (jsc#SLE-25087, jsc#SLE-24764) yast2-schema-default: - Add support for DISA STIG security policy validation (jsc#SLE-25087, jsc#SLE-24764) yast2-security: - Fixed wrong steps count causing a crash during saving (bsc#1205918) - Disable the ssg-apply service if the selected SCAP action is "do nothing" (jsc#SLE-25087, jsc#SLE-24764) - Add support for DISA STIG security policy validation (jsc#SLE-25087, jsc#SLE-24764) yast2-storage-ng: - Validate security policies in both guided proposal and partitioner (jsc#SLE-25087, jsc#SLE-24764) autoyast2-4.4.43-150400.3.16.1.noarch.rpm autoyast2-4.4.43-150400.3.16.1.src.rpm autoyast2-installation-4.4.43-150400.3.16.1.noarch.rpm yast2-installation-4.4.58-150400.3.15.1.noarch.rpm yast2-installation-4.4.58-150400.3.15.1.src.rpm yast2-schema-default-4.4.15-150400.3.9.1.src.rpm yast2-schema-default-4.4.15-150400.3.9.1.x86_64.rpm yast2-security-4.4.17-150400.3.10.1.noarch.rpm yast2-security-4.4.17-150400.3.10.1.src.rpm yast2-storage-ng-4.4.41-150400.3.6.1.src.rpm yast2-storage-ng-4.4.41-150400.3.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4214 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libdb-4_8 fixes the following issues: - CVE-2019-2708: Fixed partial DoS due to data store execution (bsc#1174414). db48-utils-4.8.30-150000.7.6.1.x86_64.rpm libdb-4_8-4.8.30-150000.7.6.1.src.rpm libdb-4_8-4.8.30-150000.7.6.1.x86_64.rpm libdb-4_8-devel-4.8.30-150000.7.6.1.x86_64.rpm libdb-4_8-32bit-4.8.30-150000.7.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4259 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for tiff fixes the following issues: - CVE-2022-3597: Fixed out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c (bnc#1204641). - CVE-2022-3599: Fixed out-of-bounds read in writeSingleSection in tools/tiffcrop.c (bnc#1204643). - CVE-2022-3626: Fixed out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c (bnc#1204644) - CVE-2022-3627: Fixed out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c (bnc#1204645). - CVE-2022-3970: Fixed unsigned integer overflow in TIFFReadRGBATileExt() (bnc#1205392). libtiff-devel-4.0.9-150000.45.19.1.x86_64.rpm libtiff5-32bit-4.0.9-150000.45.19.1.x86_64.rpm libtiff5-4.0.9-150000.45.19.1.x86_64.rpm tiff-4.0.9-150000.45.19.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4645 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for postgresql14, postgresql15 fixes the following issues: postgresql15 is shipped in version 15.1. * https://www.postgresql.org/about/news/2543/ * https://www.postgresql.org/docs/15/release-15-1.html Update to 15.0: * https://www.postgresql.org/about/news/p-2526/ * https://www.postgresql.org/docs/15/release-15.html postgresql14 was updated to 14.6. (bsc#1205300) * https://www.postgresql.org/about/news/2543/ * https://www.postgresql.org/docs/14/release-14-6.html The libpq5 and libecpg6 libraries are now provided by postgresql15. libpq5-15.1-150200.5.3.2.x86_64.rpm postgresql-15-150400.4.6.2.noarch.rpm postgresql-15-150400.4.6.2.src.rpm postgresql14-14.6-150200.5.20.2.src.rpm postgresql14-14.6-150200.5.20.2.x86_64.rpm postgresql15-15.1-150200.5.3.2.src.rpm postgresql15-15.1-150200.5.3.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4420 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for salt fixes the following issues: - Pass the context to pillar ext modules - Align Amazon EC2 (Nitro) grains with upstream (bsc#1203685) - Detect module run syntax version - Implement automated patches alignment for the Salt Bundle - Ignore extend declarations from excluded SLS files (bsc#1203886) - Clarify pkg.installed pkg_verify documentation - Enhance capture of error messages for Zypper calls in zypperpkg module - Make pass renderer configurable and fix detected issues - Workaround fopen line buffering for binary mode (bsc#1203834) python3-salt-3004-150400.8.17.7.x86_64.rpm True salt-3004-150400.8.17.7.src.rpm True salt-3004-150400.8.17.7.x86_64.rpm True salt-bash-completion-3004-150400.8.17.7.noarch.rpm True salt-doc-3004-150400.8.17.7.x86_64.rpm True salt-minion-3004-150400.8.17.7.x86_64.rpm True salt-zsh-completion-3004-150400.8.17.7.noarch.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2022-4207 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 Security fixes: - CVE-2022-32888: Fixed possible arbitrary code execution via maliciously crafted web content (bsc#1205121). - CVE-2022-32923: Fixed possible information leak via maliciously crafted web content (bsc#1205122). - CVE-2022-42799: Fixed user interface spoofing when visiting a malicious website (bsc#1205123). - CVE-2022-42823: Fixed possible arbitrary code execution via maliciously crafted web content (bsc#1205120). - CVE-2022-42824: Fixed possible sensitive user information leak via maliciously crafted web content (bsc#1205124). Update to version 2.38.2: - Fix scrolling issues in some sites having fixed background. - Fix prolonged buffering during progressive live playback. - Fix the build with accessibility disabled. - Fix several crashes and rendering issues. Update to version 2.38.1: - Make xdg-dbus-proxy work if host session bus address is an abstract socket. - Use a single xdg-dbus-proxy process when sandbox is enabled. - Fix high resolution video playback due to unimplemented changeType operation. - Ensure GSubprocess uses posix_spawn() again and inherit file descriptors. - Fix player stucking in buffering (paused) state for progressive streaming. - Do not try to preconnect on link click when link preconnect setting is disabled. - Fix close status code returned when the client closes a WebSocket in some cases. - Fix media player duration calculation. - Fix several crashes and rendering issues. Update to version 2.38.0: - New media controls UI style. - Add new API to set WebView's Content-Security-Policy for web extensions support. - Make it possible to use the remote inspector from other browsers using WEBKIT_INSPECTOR_HTTP_SERVER env var. - MediaSession is enabled by default, allowing remote media control using MPRIS. - Add support for PDF documents using PDF.js. libjavascriptcoregtk-4_0-18-2.38.2-150400.4.22.1.x86_64.rpm libwebkit2gtk-4_0-37-2.38.2-150400.4.22.1.x86_64.rpm typelib-1_0-JavaScriptCore-4_0-2.38.2-150400.4.22.1.x86_64.rpm typelib-1_0-WebKit2-4_0-2.38.2-150400.4.22.1.x86_64.rpm typelib-1_0-WebKit2WebExtension-4_0-2.38.2-150400.4.22.1.x86_64.rpm webkit2gtk-4_0-injected-bundles-2.38.2-150400.4.22.1.x86_64.rpm webkit2gtk3-soup2-2.38.2-150400.4.22.1.src.rpm webkit2gtk3-soup2-devel-2.38.2-150400.4.22.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4371 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for busybox fixes the following issues: - CVE-2022-30065: Fixed use-after-free in the AWK applet (bsc#1199744). - CVE-2014-9645: Fixed loading of unwanted module with / in module names (bsc#914660). - Update to 1.35.0 also introduced: - awk: fix printf %%, fix read beyond end of buffer - chrt: silence analyzer warning - libarchive: remove duplicate forward declaration - mount: "mount -o rw ...." should not fall back to RO mount - ps: fix -o pid=PID,args interpreting entire "PID,args" as header - tar: prevent malicious archives with long name sizes causing OOM - udhcpc6: fix udhcp_find_option to actually find DHCP6 options - xxd: fix -p -r - support for new optoins added to basename, cpio, date, find, mktemp, wget and others busybox-1.35.0-150400.3.8.1.src.rpm busybox-1.35.0-150400.3.8.1.x86_64.rpm busybox-static-1.35.0-150400.3.8.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4382 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libnvme fixes the following issues: libnvme: - Fix 'connect-all' failures when handling JSON configuration file (bsc#1205019) nvme-cli: - Honor JSON config file in 'connect-all' command (bsc#1203204 bsc#1203163) - Add 'show-topology' command (bsc#1200089) libnvme-1.0-150400.3.9.3.src.rpm libnvme-devel-1.0-150400.3.9.3.x86_64.rpm libnvme1-1.0-150400.3.9.3.x86_64.rpm nvme-cli-2.0-150400.3.9.3.src.rpm nvme-cli-2.0-150400.3.9.3.x86_64.rpm nvme-cli-bash-completion-2.0-150400.3.9.3.x86_64.rpm nvme-cli-zsh-completion-2.0-150400.3.9.3.x86_64.rpm python3-libnvme-1.0-150400.3.9.3.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4499 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for openssh fixes the following issues: - Make ssh connections update their dbus environment (bsc#1179465): * Add openssh-dbus.sh, openssh-dbus.csh, openssh-dbus.fish openssh-8.4p1-150300.3.15.4.src.rpm openssh-8.4p1-150300.3.15.4.x86_64.rpm openssh-clients-8.4p1-150300.3.15.4.x86_64.rpm openssh-common-8.4p1-150300.3.15.4.x86_64.rpm openssh-fips-8.4p1-150300.3.15.4.x86_64.rpm openssh-helpers-8.4p1-150300.3.15.4.x86_64.rpm openssh-server-8.4p1-150300.3.15.4.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4383 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for iputils fixes the following issues: - Fix occasional memory access violation when using `ping` (bsc#1203957) iputils-20211215-150400.3.3.2.src.rpm iputils-20211215-150400.3.3.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4380 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for ipset fixes the following issues: Version update from 6.36 to 7.15 (jsc#PED-2086): - Update needed to match kernel protocol version - Fix bug with 'ipset save -file <filename>' that wrongly produced empty files (bsc#1116432) - A new internal protocol version between the kernel and userspace is used. This is required in order to support two new functions and the extendend LIST operation, which makes possible to run ipset in every case entirely over netlink without the need to use getsockopt() - Allow specifying protocols by number - Enable memory accounting for ipset allocations - Fix argument parsing buffer overflow in ipset_parse_argv - Fix parsing the service names for ports - Fix memory accounting for hash types on resize - Fix rename concurrency with listing, which can result broken list/save results - Fix to list/save into file specified by option - Implement sorting for hash types in the ipset tool - Limit the maximum range of consecutive elements to add/delete - Support the '-exist' flag with the destroy command - For the full list of changes please consult the changelog at https://ipset.netfilter.org/changelog.html ipset-7.15-150400.12.3.2.src.rpm ipset-7.15-150400.12.3.2.x86_64.rpm ipset-devel-7.15-150400.12.3.2.x86_64.rpm libipset13-7.15-150400.12.3.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4217 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for wget fixes the following issues: - Truncate long file names to prevent wget failures (bsc#1204720) wget-1.20.3-150000.3.15.1.src.rpm wget-1.20.3-150000.3.15.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4212 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for openssl-1_1 fixes the following issues: - FIPS: Mark PBKDF2 with key shorter than 112 bits as non-approved (bsc#1190651) - FIPS: Consider RSA siggen/sigver with PKCS1 padding also approved (bsc#1190651) - FIPS: Return the correct indicator for a given EC group order bits (bsc#1190651) libopenssl-1_1-devel-1.1.1l-150400.7.16.1.x86_64.rpm libopenssl-1_1-devel-32bit-1.1.1l-150400.7.16.1.x86_64.rpm libopenssl1_1-1.1.1l-150400.7.16.1.x86_64.rpm libopenssl1_1-32bit-1.1.1l-150400.7.16.1.x86_64.rpm libopenssl1_1-hmac-1.1.1l-150400.7.16.1.x86_64.rpm libopenssl1_1-hmac-32bit-1.1.1l-150400.7.16.1.x86_64.rpm openssl-1_1-1.1.1l-150400.7.16.1.src.rpm openssl-1_1-1.1.1l-150400.7.16.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4209 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libarchive fixes the following issues: - CVE-2022-36227: Fixed potential NULL pointer dereference in __archive_write_allocate_filter() (bsc#1205629). libarchive-3.5.1-150400.3.12.1.src.rpm libarchive-devel-3.5.1-150400.3.12.1.x86_64.rpm libarchive13-3.5.1-150400.3.12.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4282 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for vim fixes the following issues: Updated to version 9.0 with patch level 0814: - CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478). - CVE-2022-3234: Fixed heap-based buffer overflow (bsc#1203508). - CVE-2022-3235: Fixed use-after-free (bsc#1203509). - CVE-2022-3324: Fixed stack-based buffer overflow (bsc#1203820). - CVE-2022-3705: Fixed use-after-free in function qf_update_buffer of the file quickfix.c (bsc#1204779). - CVE-2022-2982: Fixed use-after-free in qf_fill_buffer() (bsc#1203152). - CVE-2022-3296: Fixed stack out of bounds read in ex_finally() in ex_eval.c (bsc#1203796). - CVE-2022-3297: Fixed use-after-free in process_next_cpt_value() at insexpand.c (bsc#1203797). - CVE-2022-3099: Fixed use-after-free in ex_docmd.c (bsc#1203110). - CVE-2022-3134: Fixed use-after-free in do_tag() (bsc#1203194). - CVE-2022-3153: Fixed NULL pointer dereference (bsc#1203272). - CVE-2022-3278: Fixed NULL pointer dereference in eval_next_non_blank() in eval.c (bsc#1203799). - CVE-2022-3352: Fixed use-after-free (bsc#1203924). - CVE-2022-2980: Fixed NULL pointer dereference in do_mouse() (bsc#1203155). - CVE-2022-3037: Fixed use-after-free (bsc#1202962). vim-9.0.0814-150000.5.28.1.src.rpm vim-9.0.0814-150000.5.28.1.x86_64.rpm vim-data-9.0.0814-150000.5.28.1.noarch.rpm vim-data-common-9.0.0814-150000.5.28.1.noarch.rpm vim-small-9.0.0814-150000.5.28.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4339 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update of hplip fixes the following issues: - rebuild against the new net-snmp (jsc#SLE-11203). hplip-3.21.10-150400.3.5.1.src.rpm hplip-devel-3.21.10-150400.3.5.1.x86_64.rpm hplip-hpijs-3.21.10-150400.3.5.1.x86_64.rpm hplip-sane-3.21.10-150400.3.5.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4311 critical SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for open-vm-tools fixes the following issues: - Include binaries of open-vm-tools for ARM architecture aarch64 in SUSE Linux Enterprise 15 Service Pack 4 (jsc#SLE-22385) libvmtools-devel-12.1.0-150300.21.2.x86_64.rpm libvmtools0-12.1.0-150300.21.2.x86_64.rpm open-vm-tools-12.1.0-150300.21.2.src.rpm open-vm-tools-12.1.0-150300.21.2.x86_64.rpm open-vm-tools-sdmp-12.1.0-150300.21.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4411 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for tiff fixes the following issues: - CVE-2022-3570: Fixed heap buffer overflows in tiffcrop.c (bsc#1205422). - CVE-2022-3598: Fixed out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c [bsc#1204642] libtiff-devel-4.0.9-150000.45.22.1.x86_64.rpm libtiff5-32bit-4.0.9-150000.45.22.1.x86_64.rpm libtiff5-4.0.9-150000.45.22.1.x86_64.rpm tiff-4.0.9-150000.45.22.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4304 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for emacs fixes the following issues: - CVE-2022-45939: Fixed shell command injection via source code files when using ctags (bsc#1205822). emacs-27.2-150400.3.3.1.src.rpm emacs-27.2-150400.3.3.1.x86_64.rpm emacs-el-27.2-150400.3.3.1.noarch.rpm emacs-info-27.2-150400.3.3.1.noarch.rpm emacs-nox-27.2-150400.3.3.1.x86_64.rpm etags-27.2-150400.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-1702 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for shim fixes the following issues: - Updated shim signature after shim 15.7 be signed back: signature-sles.x86_64.asc, signature-sles.aarch64.asc (bsc#1198458) - Add POST_PROCESS_PE_FLAGS=-N to the build command in shim.spec to disable the NX compatibility flag when using post-process-pe because grub2 is not ready. (bsc#1205588) - Enable the NX compatibility flag by default. (jsc#PED-127) Update to 15.7 (bsc#1198458) (jsc#PED-127): - Make SBAT variable payload introspectable - Reference MokListRT instead of MokList - Add a link to the test plan in the readme. - [V3] Enable TDX measurement to RTMR register - Discard load-options that start with a NUL - Fixed load_cert_file bugs - Add -malign-double to IA32 compiler flags - pe: Fix image section entry-point validation - make-archive: Build reproducible tarball - mok: remove MokListTrusted from PCR 7 Other fixes: - Support enhance shim measurement to TD RTMR. (jsc#PED-1273) - shim-install: ensure grub.cfg created is not overwritten after installing grub related files - Add logic to shim.spec to only set sbat policy when efivarfs is writeable. (bsc#1201066) - Add logic to shim.spec for detecting --set-sbat-policy option before using mokutil to set sbat policy. (bsc#1202120) - Change the URL in SBAT section to mail:security@suse.de. (bsc#1193282) Update to 15.6 (bsc#1198458): - MokManager: removed Locate graphic output protocol fail error message - shim: implement SBAT verification for the shim_lock protocol - post-process-pe: Fix a missing return code check - Update github actions matrix to be more useful - post-process-pe: Fix format string warnings on 32-bit platforms - Allow MokListTrusted to be enabled by default - Re-add ARM AArch64 support - Use ASCII as fallback if Unicode Box Drawing characters fail - make: don't treat cert.S specially - shim: use SHIM_DEVEL_VERBOSE when built in devel mode - Break out of the inner sbat loop if we find the entry. - Support loading additional certificates - Add support for NX (W^X) mitigations. - Fix preserve_sbat_uefi_variable() logic - SBAT Policy latest should be a one-shot - pe: Fix a buffer overflow when SizeOfRawData > VirtualSize - pe: Perform image verification earlier when loading grub - Update advertised sbat generation number for shim - Update SBAT generation requirements for 05/24/22 - Also avoid CVE-2022-28737 in verify_image() by @vathpela Update to 15.5 (bsc#1198458): - Broken ia32 relocs and an unimportant submodule change. - mok: allocate MOK config table as BootServicesData - Don't call QueryVariableInfo() on EFI 1.10 machines (bsc#1187260) - Relax the check for import_mok_state() (bsc#1185261) - SBAT.md: trivial changes - shim: another attempt to fix load options handling - Add tests for our load options parsing. - arm/aa64: fix the size of .rela* sections - mok: fix potential buffer overrun in import_mok_state - mok: relax the maximum variable size check - Don't unhook ExitBootServices when EBS protection is disabled - fallback: find_boot_option() needs to return the index for the boot entry in optnum - httpboot: Ignore case when checking HTTP headers - Fallback allocation errors - shim: avoid BOOTx64.EFI in message on other architectures - str: remove duplicate parameter check - fallback: add compile option FALLBACK_NONINTERACTIVE - Test mok mirror - Modify sbat.md to help with readability. - csv: detect end of csv file correctly - Specify that the .sbat section is ASCII not UTF-8 - tests: add "include-fixed" GCC directory to include directories - pe: simplify generate_hash() - Don't make shim abort when TPM log event fails (RHBZ #2002265) - Fallback to default loader if parsed one does not exist - fallback: Fix for BootOrder crash when index returned - Better console checks - docs: update SBAT UEFI variable name - Don't parse load options if invoked from removable media path - fallback: fix fallback not passing arguments of the first boot option - shim: Don't stop forever at "Secure Boot not enabled" notification - Allocate mokvar table in runtime memory. - Remove post-process-pe on 'make clean' - pe: missing perror argument - CVE-2022-28737: Fixed a buffer overflow when SizeOfRawData > VirtualSize (bsc#1198458) - Add mokutil command to post script for setting sbat policy to latest mode when the SbatPolicy-605dab50-e046-4300-abb6-3dd810dd8b23 is not created. (bsc#1198458) - Updated vendor dbx binary and script (bsc#1198458) - Updated dbx-cert.tar.xz and vendor-dbx-sles.bin for adding SLES-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list. - Updated dbx-cert.tar.xz and vendor-dbx-opensuse.bin for adding openSUSE-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list. - Updated vendor-dbx.bin for adding SLES-UEFI-SIGN-Certificate-2021-05.crt and openSUSE-UEFI-SIGN-Certificate-2021-05.crt for testing environment. - Updated generate-vendor-dbx.sh script for generating a vendor-dbx.bin file which includes all .der for testing environment. - avoid buffer overflow when copying data to the MOK config table (bsc#1185232) - Disable exporting vendor-dbx to MokListXRT since writing a large RT variable could crash some machines (bsc#1185261) - ignore the odd LoadOptions length (bsc#1185232) - shim-install: reset def_shim_efi to "shim.efi" if the given file doesn't exist - relax the maximum variable size check for u-boot (bsc#1185621) - handle ignore_db and user_insecure_mode correctly (bsc#1185441, bsc#1187071) - Split the keys in vendor-dbx.bin to vendor-dbx-sles and vendor-dbx-opensuse for shim-sles and shim-opensuse to reduce the size of MokListXRT (bsc#1185261) + Also update generate-vendor-dbx.sh in dbx-cert.tar.xz shim-15.7-150300.4.11.1.src.rpm shim-15.7-150300.4.11.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4337 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update of collectd fixes the following issues: - rebuild against the new net-snmp (jsc#SLE-11203). collectd-5.12.0-150400.3.2.1.src.rpm collectd-5.12.0-150400.3.2.1.x86_64.rpm collectd-plugin-buddyinfo-5.12.0-150400.3.2.1.x86_64.rpm collectd-plugin-connectivity-5.12.0-150400.3.2.1.x86_64.rpm collectd-plugin-dbi-5.12.0-150400.3.2.1.x86_64.rpm collectd-plugin-ipmi-5.12.0-150400.3.2.1.x86_64.rpm collectd-plugin-java-5.12.0-150400.3.2.1.x86_64.rpm collectd-plugin-logparser-5.12.0-150400.3.2.1.x86_64.rpm collectd-plugin-lua-5.12.0-150400.3.2.1.x86_64.rpm collectd-plugin-mcelog-5.12.0-150400.3.2.1.x86_64.rpm collectd-plugin-memcachec-5.12.0-150400.3.2.1.x86_64.rpm collectd-plugin-mysql-5.12.0-150400.3.2.1.x86_64.rpm collectd-plugin-notify-desktop-5.12.0-150400.3.2.1.x86_64.rpm collectd-plugin-nut-5.12.0-150400.3.2.1.x86_64.rpm collectd-plugin-openldap-5.12.0-150400.3.2.1.x86_64.rpm collectd-plugin-ovs-5.12.0-150400.3.2.1.x86_64.rpm collectd-plugin-pcie-5.12.0-150400.3.2.1.x86_64.rpm collectd-plugin-pinba-5.12.0-150400.3.2.1.x86_64.rpm collectd-plugin-postgresql-5.12.0-150400.3.2.1.x86_64.rpm collectd-plugin-procevent-5.12.0-150400.3.2.1.x86_64.rpm collectd-plugin-python3-5.12.0-150400.3.2.1.x86_64.rpm collectd-plugin-smart-5.12.0-150400.3.2.1.x86_64.rpm collectd-plugin-snmp-5.12.0-150400.3.2.1.x86_64.rpm collectd-plugin-synproxy-5.12.0-150400.3.2.1.x86_64.rpm collectd-plugin-sysevent-5.12.0-150400.3.2.1.x86_64.rpm collectd-plugin-ubi-5.12.0-150400.3.2.1.x86_64.rpm collectd-plugin-uptime-5.12.0-150400.3.2.1.x86_64.rpm collectd-plugin-virt-5.12.0-150400.3.2.1.x86_64.rpm collectd-plugin-write_influxdb_udp-5.12.0-150400.3.2.1.x86_64.rpm collectd-plugin-write_stackdriver-5.12.0-150400.3.2.1.x86_64.rpm collectd-plugin-write_syslog-5.12.0-150400.3.2.1.x86_64.rpm collectd-plugins-all-5.12.0-150400.3.2.1.x86_64.rpm collectd-spamassassin-5.12.0-150400.3.2.1.x86_64.rpm collectd-web-5.12.0-150400.3.2.1.x86_64.rpm collectd-web-js-5.12.0-150400.3.2.1.x86_64.rpm libcollectdclient-devel-5.12.0-150400.3.2.1.x86_64.rpm libcollectdclient1-5.12.0-150400.3.2.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4474 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for python-paramiko fixes the following issues: - Fix loading of RSA key (bsc#1205132) python-paramiko-2.4.3-150100.6.18.1.src.rpm python3-paramiko-2.4.3-150100.6.18.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4479 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for xorg-x11-server fixes the following issues: - CVE-2022-46340: Server XTestSwapFakeInput stack overflow (bsc#1205874) - CVE-2022-46341: Server XIPassiveUngrabDevice out-of-bounds access (bsc#1205877) - CVE-2022-46342: Server XvdiSelectVideoNotify use-after-free (bsc#1205879) - CVE-2022-46343: Server ScreenSaverSetAttributes use-after-free (bsc#1205878) - CVE-2022-46344: Server XIChangeProperty out-of-bounds access (bsc#1205876) - CVE-2022-4283: Reset the radio_groups pointer to NULL after freeing it (bsc#1206017) - Xi: return an error from XI property changes if verification failed (bsc#1205875) xorg-x11-server-1.20.3-150400.38.13.1.src.rpm xorg-x11-server-1.20.3-150400.38.13.1.x86_64.rpm xorg-x11-server-extra-1.20.3-150400.38.13.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-45 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libxml2 fixes the following issues: - Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz libxml2-2-2.9.14-150400.5.13.1.x86_64.rpm libxml2-2.9.14-150400.5.13.1.src.rpm libxml2-devel-2.9.14-150400.5.13.1.x86_64.rpm libxml2-python-2.9.14-150400.5.13.1.src.rpm libxml2-tools-2.9.14-150400.5.13.1.x86_64.rpm python3-libxml2-2.9.14-150400.5.13.1.x86_64.rpm libxml2-2-32bit-2.9.14-150400.5.13.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4472 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for pesign fixes the following issues: - Fix OID array indices (bsc#1205323) pesign-0.112-150000.4.12.1.src.rpm pesign-0.112-150000.4.12.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4469 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for sudo fixes the following issues: - Change sudo-ldap schema from ASCII to UTF8 to fix a regression introduced in a previous maintenance update (bsc#1197998) sudo-1.9.9-150400.4.9.1.src.rpm sudo-1.9.9-150400.4.9.1.x86_64.rpm sudo-devel-1.9.9-150400.4.9.1.x86_64.rpm sudo-plugin-python-1.9.9-150400.4.9.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4375 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for pam_saslauthd fixes the following issues: Initial shipment of version 0.1.0~1. pam_saslauthd-0.1.0~1-150400.9.4.1.src.rpm pam_saslauthd-0.1.0~1-150400.9.4.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4502 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for rekor fixes the following issues: Rekor was updated to 1.0.1 (jsc#SLE-23476): - stop inserting envelope hash for intoto:0.0.2 types into index - build with FIPSified go1.18. updated to rekor 1.0.0 (jsc#SLE-23476): - add description on /api/v1/index/retrieve endpoint - Adding e2e test coverage - export rekor build/version information - Use POST instead of GET for /api/log/entries/retrieve metrics. - Search through all shards when searching - verify: verify checkpoint's STH against the inclusion proof root hash - add ability to enable/disable specific rekor API endpoints - enable configurable client retries with backoff in RekorClient - remove dead code around api-key and timestamp references - update swagger API version to 1.0.0 - remove unused RekorVersion API definition - install gocovmerge in hack/tools - add retry command line flag on rekor-cli - Add some info and debug logging to commonly used funcs updated to rekor 0.12.2 (jsc#SLE-23476): - add description on /api/v1/index/retrieve endpoint - Adding e2e test coverage - export rekor build/version information - Use POST instead of GET for /api/log/entries/retrieve metrics. - Search through all shards when searching by hash updated to rekor 0.12.1 (jsc#SLE-23476): - ** Rekor ** v0.12.1 comes with a breaking change to rekor-cli v0.12.1. Users of rekor-cli MUST upgrade to the latest version The addition of the intotov2 created a breaking change for the rekor-cli - What's Changed - fix: fix harness tests with intoto v0.0.2 - feat: add file based signer and password - Adds new rekor metrics for latency and QPS. rekor-1.0.1-150400.4.6.1.src.rpm rekor-1.0.1-150400.4.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4568 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update of OpenIPMI fixes the following issues: - rebuild against the new net-snmp (jsc#SLE-11203). OpenIPMI-2.0.31-150400.3.2.1.src.rpm OpenIPMI-2.0.31-150400.3.2.1.x86_64.rpm OpenIPMI-devel-2.0.31-150400.3.2.1.x86_64.rpm libOpenIPMI0-2.0.31-150400.3.2.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4590 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for openscap fixes the following issues: Added openSUSE Leap 15.4 and 15.5 dictionary entries. (bsc#1203408 bsc#1197599) openscap was updated to 1.3.6 * New features - Select and exclude groups of rules on the command line - The boot-time remediation service for systemd's Offline Update mode - Memory limit control using OSCAP_PROBE_MEMORY_USAGE_RATIO environment variable - Allow disablement of SHA-1 and MD5 - Allow providing pre-downloaded components - Introduce OSBuild Blueprint fix type * Maintenance, bug fixes - Fix coverity issues - Patch the `segfault` in dpkginfo_fini() - Add an alternative source of hostname - Fail download on HTTP errors - Compile "environmentvariable_probe" on Windows - FreeBSD build and test fixes - Add offline mode for password probe - Initialize crypto API only once - Fix UBI 9 scan - oval/yamlfilecontent: Add 'null' values handling - Do not set Rpath - Do not split `XCCDF:requires` with multiple `idrefs` - Allow empty /proc in offline mode - oscap-remediate is shipped via /usr/bin. libopenscap25-1.3.6-150400.11.3.1.x86_64.rpm openscap-1.3.6-150400.11.3.1.src.rpm openscap-1.3.6-150400.11.3.1.x86_64.rpm openscap-containers-1.3.6-150400.11.3.1.x86_64.rpm openscap-content-1.3.6-150400.11.3.1.x86_64.rpm openscap-devel-1.3.6-150400.11.3.1.x86_64.rpm openscap-utils-1.3.6-150400.11.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4585 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-42328: Guests could trigger denial of service via the netback driver (bsc#1206114). - CVE-2022-42329: Guests could trigger denial of service via the netback driver (bsc#1206113). - CVE-2022-3643: Guests could trigger NIC interface reset/abort/crash via netback driver (bsc#1206113). - CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c (bsc#1204631). - CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960). - CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796). - CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414). - CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671). - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514). - CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220). - CVE-2022-45869: Fixed a race condition in the x86 KVM subsystem which could cause a denial of service (bsc#1205882). - CVE-2022-45888: Fixed a use-after-free during physical removal of a USB devices when using drivers/char/xillybus/xillyusb.c (bsc#1205764). - CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700). - CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. (bsc#1205711) - CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709). - CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705). - CVE-2022-3566: Fixed a race condition in the functions tcp_getsockopt/tcp_setsockopt. The manipulation leads to a race condition (bsc#1204405). - CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1204228). - CVE-2022-3176: Fixed a use-after-free in io_uring related to signalfd_poll() and binder_poll() (bsc#1203391). - CVE-2022-3707: Fixed a double free in the Intel GVT-g graphics driver (bsc#1204780). The following non-security bugs were fixed: - ACPI: APEI: Fix integer overflow in ghes_estatus_pool_init() (git-fixes). - ACPI: HMAT: Fix initiator registration for single-initiator systems (git-fixes). - ACPI: HMAT: remove unnecessary variable initialization (git-fixes). - ACPI: scan: Add LATT2021 to acpi_ignore_dep_ids[] (git-fixes). - ACPI: x86: Add another system to quirk list for forcing StorageD3Enable (git-fixes). - ALSA: dice: fix regression for Lexicon I-ONIX FW810S (git-fixes). - ALSA: hda/ca0132: add quirk for EVGA Z390 DARK (git-fixes). - ALSA: hda/hdmi - enable runtime pm for more AMD display audio (git-fixes). - ALSA: hda/realtek: Add Positivo C6300 model quirk (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS Zenbook using CS35L41 (git-fixes). - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 (bsc#1205100). - ALSA: hda/realtek: fix speakers for Samsung Galaxy Book Pro (bsc#1205100). - ALSA: hda: fix potential memleak in 'add_widget_node' (git-fixes). - ALSA: usb-audio: Add DSD support for Accuphase DAC-60 (git-fixes). - ALSA: usb-audio: Add quirk entry for M-Audio Micro (git-fixes). - ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() (git-fixes). - ALSA: usb-audio: Remove redundant workaround for Roland quirk (bsc#1205111). - ALSA: usb-audio: Yet more regression for for the delayed card registration (bsc#1205111). - ALSA: usb-audio: add quirk to fix Hamedal C20 disconnect issue (git-fixes). - ARM: at91: rm9200: fix usb device clock id (git-fixes). - ARM: dts: am335x-pcm-953: Define fixed regulators in root node (git-fixes). - ARM: dts: at91: sam9g20ek: enable udc vbus gpio pinctrl (git-fixes). - ARM: dts: imx6q-prti6q: Fix ref/tcxo-clock-frequency properties (git-fixes). - ARM: dts: imx6qdl-gw59{10,13}: fix user pushbutton GPIO offset (git-fixes). - ARM: dts: imx7: Fix NAND controller size-cells (git-fixes). - ARM: mxs: fix memory leak in mxs_machine_init() (git-fixes). - ASoC: Intel: bytcht_es8316: Add quirk for the Nanote UMPC-01 (git-fixes). - ASoC: Intel: sof_sdw: add quirk variant for LAPBC710 NUC15 (git-fixes). - ASoC: codecs: jz4725b: Fix spelling mistake "Sourc" -> "Source", "Routee" -> "Route" (git-fixes). - ASoC: codecs: jz4725b: add missed Line In power control bit (git-fixes). - ASoC: codecs: jz4725b: fix capture selector naming (git-fixes). - ASoC: codecs: jz4725b: fix reported volume for Master ctl (git-fixes). - ASoC: codecs: jz4725b: use right control for Capture Volume (git-fixes). - ASoC: core: Fix use-after-free in snd_soc_exit() (git-fixes). - ASoC: fsl_asrc fsl_esai fsl_sai: allow CONFIG_PM=N (git-fixes). - ASoC: fsl_sai: use local device pointer (git-fixes). - ASoC: max98373: Add checks for devm_kcalloc (git-fixes). - ASoC: mt6660: Keep the pm_runtime enables before component stuff in mt6660_i2c_probe (git-fixes). - ASoC: ops: Fix bounds check for _sx controls (git-fixes). - ASoC: rt1019: Fix the TDM settings (git-fixes). - ASoC: sgtl5000: Reset the CHIP_CLK_CTRL reg on remove (git-fixes). - ASoC: soc-pcm: Do not zero TDM masks in __soc_pcm_open() (git-fixes). - ASoC: soc-utils: Remove __exit for snd_soc_util_exit() (git-fixes). - ASoC: stm32: dfsdm: manage cb buffers cleanup (git-fixes). - ASoC: tas2764: Fix set_tdm_slot in case of single slot (git-fixes). - ASoC: tas2770: Fix set_tdm_slot in case of single slot (git-fixes). - ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK (git-fixes). - Bluetooth: 6LoWPAN: add missing hci_dev_put() in get_l2cap_conn() (git-fixes). - Bluetooth: Fix not cleanup led when bt_init fails (git-fixes). - Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM (git-fixes). - Bluetooth: L2CAP: Fix attempting to access uninitialized memory (git-fixes). - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm (git-fixes). - Decrease the number of SMB3 smbdirect client SGEs (bsc#1193629). - Drivers: hv: Always reserve framebuffer region for Gen1 VMs (git-fixes). - Drivers: hv: Fix syntax errors in comments (git-fixes). - Drivers: hv: Never allocate anything besides framebuffer from framebuffer memory region (git-fixes). - Drivers: hv: fix repeated words in comments (git-fixes). - Drivers: hv: remove duplicate word in a comment (git-fixes). - Drivers: hv: vmbus: Accept hv_sock offers in isolated guests (git-fixes). - Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes). - Drivers: hv: vmbus: Do not wait for the ACPI device upon initialization (git-fixes). - Drivers: hv: vmbus: Fix kernel-doc (git-fixes). - Drivers: hv: vmbus: Optimize vmbus_on_event (git-fixes). - Drivers: hv: vmbus: Release cpu lock in error case (git-fixes). - Drivers: hv: vmbus: Use PCI_VENDOR_ID_MICROSOFT for better discoverability (git-fixes). - Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (git-fixes). - Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (git-fixes). - Drivers: hv: vmbus: fix typo in comment (git-fixes). - Fix formatting of client smbdirect RDMA logging (bsc#1193629). - HID: core: fix shift-out-of-bounds in hid_report_raw_event (git-fixes). - HID: hid-lg4ff: Add check for empty lbuf (git-fixes). - HID: hyperv: fix possible memory leak in mousevsc_probe() (git-fixes). - HID: playstation: add initial DualSense Edge controller support (git-fixes). - HID: saitek: add madcatz variant of MMO7 mouse device ID (git-fixes). - Handle variable number of SGEs in client smbdirect send (bsc#1193629). - IB/hfi1: Correctly move list in sc_disable() (git-fixes) - IB: Set IOVA/LENGTH on IB_MR in core/uverbs layers (git-fixes) - Input: goodix - try resetting the controller when no config is set (git-fixes). - Input: i8042 - fix leaking of platform device on module removal (git-fixes). - Input: iforce - invert valid length check when fetching device IDs (git-fixes). - Input: raydium_ts_i2c - fix memory leak in raydium_i2c_send() (git-fixes). - Input: soc_button_array - add Acer Switch V 10 to dmi_use_low_level_irq[] (git-fixes). - Input: soc_button_array - add use_low_level_irq module parameter (git-fixes). - Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode (git-fixes). - KVM: Move wiping of the kvm->vcpus array to common code (git-fixes). - KVM: SEV: Mark nested locking of vcpu->lock (git-fixes). - KVM: SVM: Disable SEV-ES support if MMIO caching is disable (git-fixes). - KVM: SVM: Stuff next_rip on emulated INT3 injection if NRIPS is supported (git-fixes). - KVM: SVM: adjust register allocation for __svm_vcpu_run() (git-fixes). - KVM: SVM: move guest vmsave/vmload back to assembly (git-fixes). - KVM: SVM: replace regs argument of __svm_vcpu_run() with vcpu_svm (git-fixes). - KVM: SVM: retrieve VMCB from assembly (git-fixes). - KVM: VMX: Add helper to check if the guest PMU has PERF_GLOBAL_CTRL (git-fixes). - KVM: VMX: Drop bits 31:16 when shoving exception error code into VMCS (git-fixes). - KVM: VMX: Mark all PERF_GLOBAL_(OVF)_CTRL bits reserved if there's no vPMU (git-fixes). - KVM: VMX: clear vmx_x86_ops.sync_pir_to_irr if APICv is disabled (bsc#1205007). - KVM: VMX: fully disable SGX if SECONDARY_EXEC_ENCLS_EXITING unavailable (git-fixes). - KVM: nVMX: Always enable TSC scaling for L2 when it was enabled for L1 (git-fixes). - KVM: nVMX: Attempt to load PERF_GLOBAL_CTRL on nVMX xfer iff it exists (git-fixes). - KVM: nVMX: Rename handle_vm{on,off}() to handle_vmx{on,off}() (git-fixes). - KVM: s390: Add a routine for setting userspace CPU state (git-fixes jsc#PED-611). - KVM: s390: Simplify SIGP Set Arch handling (git-fixes jsc#PED-611). - KVM: s390: pv: do not allow userspace to set the clock under PV (git-fixes). - KVM: s390: pv: leak the topmost page table when destroy fails (git-fixes). - KVM: x86/mmu: Fix wrong/misleading comments in TDP MMU fast zap (git-fixes). - KVM: x86/mmu: WARN if old _or_ new SPTE is REMOVED in non-atomic path (git-fixes). - KVM: x86/mmu: fix memoryleak in kvm_mmu_vendor_module_init() (git-fixes). - KVM: x86/pmu: Fix and isolate TSX-specific performance event logic (git-fixes). - KVM: x86/pmu: Update AMD PMC sample period to fix guest NMI-watchdog (git-fixes). - KVM: x86/pmu: Use different raw event masks for AMD and Intel (git-fixes). - KVM: x86/svm: Account for family 17h event renumberings in amd_pmc_perf_hw_id (git-fixes). - KVM: x86: Fully initialize 'struct kvm_lapic_irq' in kvm_pv_kick_cpu_op() (git-fixes). - KVM: x86: Hide IA32_PLATFORM_DCA_CAP[31:0] from the guest (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.80000001H (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.80000006H (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.80000008H (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.8000001AH (git-fixes). - KVM: x86: Report error when setting CPUID if Hyper-V allocation fails (git-fixes). - KVM: x86: Retry page fault if MMU reload is pending and root has no sp (bsc#1205744). - KVM: x86: Signal #GP, not -EPERM, on bad WRMSR(MCi_CTL/STATUS) (git-fixes). - KVM: x86: Treat #DBs from the emulator as fault-like (code and DR7.GD=1) (git-fixes). - KVM: x86: Use __try_cmpxchg_user() to emulate atomic accesses (git-fixes). - KVM: x86: Use __try_cmpxchg_user() to update guest PTE A/D bits (git-fixes). - KVM: x86: avoid loading a vCPU after .vm_destroy was called (git-fixes). - KVM: x86: emulator: em_sysexit should update ctxt->mode (git-fixes). - KVM: x86: emulator: introduce emulator_recalc_and_set_mode (git-fixes). - KVM: x86: emulator: update the emulation mode after CR0 write (git-fixes). - KVM: x86: emulator: update the emulation mode after rsm (git-fixes). - KVM: x86: use a separate asm-offsets.c file (git-fixes). - MIPS: Loongson: Use hwmon_device_register_with_groups() to register hwmon (git-fixes). - NFC: nci: Bounds check struct nfc_target arrays (git-fixes). - NFC: nci: fix memory leak in nci_rx_data_packet() (git-fixes). - PCI: Move PCI_VENDOR_ID_MICROSOFT/PCI_DEVICE_ID_HYPERV_VIDEO definitions to pci_ids.h (git-fixes). - PCI: hv: Add validation for untrusted Hyper-V values (git-fixes). - PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (git-fixes). - RDMA/cm: Fix memory leak in ib_cm_insert_listen (git-fixes) - RDMA/cm: Use SLID in the work completion as the DLID in responder side (git-fixes) - RDMA/cma: Use output interface for net_dev check (git-fixes) - RDMA/core: Fix null-ptr-deref in ib_core_cleanup() (git-fixes) - RDMA/hfi1: Prevent panic when SDMA is disabled (git-fixes) - RDMA/hfi1: Prevent use of lock before it is initialized (git-fixes) - RDMA/hfi1: fix potential memory leak in setup_base_ctxt() (git-fixes) - RDMA/hns: Correct the type of variables participating in the shift operation (git-fixes) - RDMA/hns: Disable local invalidate operation (git-fixes) - RDMA/hns: Fix incorrect clearing of interrupt status register (git-fixes) - RDMA/hns: Fix supported page size (git-fixes) - RDMA/hns: Fix wrong fixed value of qp->rq.wqe_shift (git-fixes) - RDMA/hns: Remove magic number (git-fixes) - RDMA/hns: Remove the num_cqc_timer variable (git-fixes) - RDMA/hns: Remove the num_qpc_timer variable (git-fixes) - RDMA/hns: Remove unnecessary check for the sgid_attr when modifying QP (git-fixes) - RDMA/hns: Replace tab with space in the right-side comments (git-fixes) - RDMA/hns: Use hr_reg_xxx() instead of remaining roce_set_xxx() (git-fixes) - RDMA/irdma: Fix deadlock in irdma_cleanup_cm_core() (git-fixes) - RDMA/irdma: Use s/g array in post send only when its valid (git-fixes) - RDMA/mlx5: Set local port to one when accessing counters (git-fixes) - RDMA/qedr: clean up work queue on failure in qedr_alloc_resources() (git-fixes) - RDMA/rtrs-clt: Use the right sg_cnt after ib_dma_map_sg (git-fixes) - RDMA/rtrs-srv: Fix modinfo output for stringify (git-fixes) - RDMA/rxe: Limit the number of calls to each tasklet (git-fixes) - RDMA/rxe: Remove useless pkt parameters (git-fixes) - Reduce client smbdirect max receive segment size (bsc#1193629). - SCSI: scsi_probe_lun: retry INQUIRY after timeout (bsc#1189297). - SMB3: fix lease break timeout when multiple deferred close handles for the same file (bsc#1193629). - USB: bcma: Make GPIO explicitly optional (git-fixes). - USB: serial: option: add Fibocom FM160 0x0111 composition (git-fixes). - USB: serial: option: add Sierra Wireless EM9191 (git-fixes). - USB: serial: option: add u-blox LARA-L6 modem (git-fixes). - USB: serial: option: add u-blox LARA-R6 00B modem (git-fixes). - USB: serial: option: remove old LARA-R6 PID (git-fixes). - arcnet: fix potential memory leak in com20020_probe() (git-fixes). - arm64/syscall: Include asm/ptrace.h in syscall_wrapper header (git-fixes). - arm64: Add AMPERE1 to the Spectre-BHB affected list (git-fixes). - arm64: Fix bit-shifting UB in the MIDR_CPU_MODEL() macro (git-fixes) - arm64: dts: imx8: correct clock order (git-fixes). - arm64: dts: imx8mm: Fix NAND controller size-cells (git-fixes). - arm64: dts: imx8mn: Fix NAND controller size-cells (git-fixes). - arm64: dts: juno: Add thermal critical trip points (git-fixes). - arm64: dts: ls1088a: specify clock frequencies for the MDIO controllers (git-fixes). - arm64: dts: ls208xa: specify clock frequencies for the MDIO controllers (git-fixes). - arm64: dts: lx2160a: specify clock frequencies for the MDIO controllers (git-fixes). - arm64: dts: qcom: sa8155p-adp: Specify which LDO modes are allowed (git-fixes). - arm64: dts: qcom: sm8150-xperia-kumano: Specify which LDO modes are allowed (git-fixes). - arm64: dts: qcom: sm8250-xperia-edo: Specify which LDO modes are allowed (git-fixes). - arm64: dts: qcom: sm8350-hdk: Specify which LDO modes are allowed (git-fixes). - arm64: dts: rockchip: add enable-strobe-pulldown to emmc phy on nanopi4 (git-fixes). - arm64: dts: rockchip: lower rk3399-puma-haikou SD controller clock frequency (git-fixes). - arm64: efi: Fix handling of misaligned runtime regions and drop warning (git-fixes). - arm64: entry: avoid kprobe recursion (git-fixes). - arm64: errata: Add Cortex-A55 to the repeat tlbi list (git-fixes). Enable CONFIG_ARM64_ERRATUM_2441007, too - arm64: errata: Remove AES hwcap for COMPAT tasks (git-fixes) Enable CONFIG_ARM64_ERRATUM_1742098 in arm64/default - arm64: fix rodata=full again (git-fixes) - ata: libata-core: do not issue non-internal commands once EH is pending (git-fixes). - ata: libata-scsi: fix SYNCHRONIZE CACHE (16) command failure (git-fixes). - ata: libata-scsi: simplify __ata_scsi_queuecmd() (git-fixes). - ata: libata-transport: fix double ata_host_put() in ata_tport_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tdev_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tlink_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tport_add() (git-fixes). - audit: fix undefined behavior in bit shift for AUDIT_BIT (git-fixes). - blk-cgroup: fix missing put device in error path from blkg_conf_pref() (git-fixes). - blk-mq: Properly init requests from blk_mq_alloc_request_hctx() (git-fixes). - blk-mq: do not create hctx debugfs dir until q->debugfs_dir is created (git-fixes). - blk-mq: fix io hung due to missing commit_rqs (git-fixes). - blk-wbt: call rq_qos_add() after wb_normal is initialized (git-fixes). - blktrace: Trace remapped requests correctly (git-fixes). - block/rnbd-srv: Set keep_id to true after mutex_trylock (git-fixes). - block: add bio_start_io_acct_time() to control start_time (git-fixes). - block: blk_queue_enter() / __bio_queue_enter() must return -EAGAIN for nowait (git-fixes). - block: drop unused includes in &lt;linux/genhd.h> (git-fixes). - bridge: switchdev: Fix memory leaks when changing VLAN protocol (git-fixes). - btrfs: check if root is readonly while setting security xattr (bsc#1206147). - btrfs: do not allow compression on nodatacow files (bsc#1206149). - btrfs: export a helper for compression hard check (bsc#1206149). - btrfs: fix processing of delayed data refs during backref walking (bsc#1206056). - btrfs: fix processing of delayed tree block refs during backref walking (bsc#1206057). - btrfs: prevent subvol with swapfile from being deleted (bsc#1206035). - btrfs: send: always use the rbtree based inode ref management infrastructure (bsc#1206036). - btrfs: send: fix failures when processing inodes with no links (bsc#1206036). - btrfs: send: fix send failure of a subcase of orphan inodes (bsc#1206036). - btrfs: send: fix sending link commands for existing file paths (bsc#1206036). - btrfs: send: introduce recorded_ref_alloc and recorded_ref_free (bsc#1206036). - btrfs: send: refactor arguments of get_inode_info() (bsc#1206036). - btrfs: send: remove unused found_type parameter to lookup_dir_item_inode() (bsc#1206036). - btrfs: send: remove unused type parameter to iterate_inode_ref_t (bsc#1206036). - btrfs: send: use boolean types for current inode status (bsc#1206036). - bus: sunxi-rsb: Remove the shutdown callback (git-fixes). - bus: sunxi-rsb: Support atomic transfers (git-fixes). - ca8210: Fix crash by zero initializing data (git-fixes). - can: af_can: fix NULL pointer dereference in can_rx_register() (git-fixes). - can: cc770: cc770_isa_probe(): add missing free_cc770dev() (git-fixes). - can: etas_es58x: es58x_init_netdev(): free netdev when register_candev() (git-fixes). - can: j1939: j1939_send_one(): fix missing CAN header initialization (git-fixes). - can: m_can: Add check for devm_clk_get (git-fixes). - can: m_can: pci: add missing m_can_class_free_dev() in probe/remove methods (git-fixes). - can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev() (git-fixes). - capabilities: fix potential memleak on error path from vfs_getxattr_alloc() (git-fixes). - capabilities: fix undefined behavior in bit shift for CAP_TO_MASK (git-fixes). - ceph: allow ceph.dir.rctime xattr to be updatable (bsc#1206050). - ceph: avoid putting the realm twice when decoding snaps fails (bsc#1206051). - ceph: do not update snapshot context when there is no new snapshot (bsc#1206047). - ceph: fix inode reference leakage in ceph_get_snapdir() (bsc#1206048). - ceph: fix memory leak in ceph_readdir when note_last_dentry returns error (bsc#1206049). - ceph: properly handle statfs on multifs setups (bsc#1206045). - ceph: switch netfs read ops to use rreq->inode instead of rreq->mapping->host (bsc#1206046). - char: tpm: Protect tpm_pm_suspend with locks (git-fixes). - cifs: Add constructor/destructors for tcon->cfid (bsc#1193629). - cifs: Add helper function to check smb1+ server (bsc#1193629). - cifs: Do not access tcon->cfids->cfid directly from is_path_accessible (bsc#1193629). - cifs: Do not use tcon->cfid directly, use the cfid we get from open_cached_dir (bsc#1193629). - cifs: Fix connections leak when tlink setup failed (git-fixes). - cifs: Fix memory leak on the deferred close (bsc#1193629). - cifs: Fix memory leak when build ntlmssp negotiate blob failed (bsc#1193629). - cifs: Fix pages array leak when writedata alloc failed in cifs_writedata_alloc() (bsc#1193629). - cifs: Fix pages leak when writedata alloc failed in cifs_write_from_iter() (bsc#1193629). - cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message (bsc#1193629). - cifs: Fix wrong return value checking when GETFLAGS (git-fixes). - cifs: Fix xid leak in cifs_copy_file_range() (bsc#1193629). - cifs: Fix xid leak in cifs_create() (bsc#1193629). - cifs: Fix xid leak in cifs_flock() (bsc#1193629). - cifs: Fix xid leak in cifs_get_file_info_unix() (bsc#1193629). - cifs: Fix xid leak in cifs_ses_add_channel() (bsc#1193629). - cifs: Make tcon contain a wrapper structure cached_fids instead of cached_fid (bsc#1193629). - cifs: Move cached-dir functions into a separate file (bsc#1193629). - cifs: Replace a couple of one-element arrays with flexible-array members (bsc#1193629). - cifs: Use after free in debug code (git-fixes). - cifs: Use help macro to get the header preamble size (bsc#1193629). - cifs: Use help macro to get the mid header size (bsc#1193629). - cifs: add check for returning value of SMB2_close_init (git-fixes). - cifs: add check for returning value of SMB2_set_info_init (git-fixes). - cifs: add missing spinlock around tcon refcount (bsc#1193629). - cifs: alloc_mid function should be marked as static (bsc#1193629). - cifs: always initialize struct msghdr smb_msg completely (bsc#1193629). - cifs: always iterate smb sessions using primary channel (bsc#1193629). - cifs: avoid deadlocks while updating iface (bsc#1193629). - cifs: avoid unnecessary iteration of tcp sessions (bsc#1193629). - cifs: avoid use of global locks for high contention data (bsc#1193629). - cifs: cache the dirents for entries in a cached directory (bsc#1193629). - cifs: change iface_list from array to sorted linked list (bsc#1193629). - cifs: destage dirty pages before re-reading them for cache=none (bsc#1193629). - cifs: do not send down the destination address to sendmsg for a SOCK_STREAM (bsc#1193629). - cifs: drop the lease for cached directories on rmdir or rename (bsc#1193629). - cifs: during reconnect, update interface if necessary (bsc#1193629). - cifs: enable caching of directories for which a lease is held (bsc#1193629). - cifs: find and use the dentry for cached non-root directories also (bsc#1193629). - cifs: fix double-fault crash during ntlmssp (bsc#1193629). - cifs: fix lock length calculation (bsc#1193629). - cifs: fix memory leaks in session setup (bsc#1193629). - cifs: fix missing unlock in cifs_file_copychunk_range() (git-fixes). - cifs: fix race condition with delayed threads (bsc#1193629). - cifs: fix skipping to incorrect offset in emit_cached_dirents (bsc#1193629). - cifs: fix small mempool leak in SMB2_negotiate() (bsc#1193629). - cifs: fix static checker warning (bsc#1193629). - cifs: fix uninitialised var in smb2_compound_op() (bsc#1193629). - cifs: fix use-after-free caused by invalid pointer `hostname` (bsc#1193629). - cifs: fix use-after-free on the link name (bsc#1193629). - cifs: fix wrong unlock before return from cifs_tree_connect() (bsc#1193629). - cifs: improve handlecaching (bsc#1193629). - cifs: improve symlink handling for smb2+ (bsc#1193629). - cifs: lease key is uninitialized in smb1 paths (bsc#1193629). - cifs: lease key is uninitialized in two additional functions when smb1 (bsc#1193629). - cifs: list_for_each() -> list_for_each_entry() (bsc#1193629). - cifs: misc: fix spelling typo in comment (bsc#1193629). - cifs: move from strlcpy with unused retval to strscpy (bsc#1193629). - cifs: periodically query network interfaces from server (bsc#1193629). - cifs: populate empty hostnames for extra channels (bsc#1193629). - cifs: prevent copying past input buffer boundaries (bsc#1193629). - cifs: remove "cifs_" prefix from init/destroy mids functions (bsc#1193629). - cifs: remove initialization value (bsc#1193629). - cifs: remove minor build warning (bsc#1193629). - cifs: remove redundant initialization to variable mnt_sign_enabled (bsc#1193629). - cifs: remove remaining build warnings (bsc#1193629). - cifs: remove some camelCase and also some static build warnings (bsc#1193629). - cifs: remove unnecessary (void*) conversions (bsc#1193629). - cifs: remove unnecessary locking of chan_lock while freeing session (bsc#1193629). - cifs: remove unnecessary type castings (bsc#1193629). - cifs: remove unused server parameter from calc_smb_size() (bsc#1193629). - cifs: remove useless DeleteMidQEntry() (bsc#1193629). - cifs: remove useless parameter 'is_fsctl' from SMB2_ioctl() (bsc#1193629). - cifs: replace kfree() with kfree_sensitive() for sensitive data (bsc#1193629). - cifs: return correct error in ->calc_signature() (bsc#1193629). - cifs: return errors during session setup during reconnects (bsc#1193629). - cifs: revalidate mapping when doing direct writes (bsc#1193629). - cifs: secmech: use shash_desc directly, remove sdesc (bsc#1193629). - cifs: set rc to -ENOENT if we can not get a dentry for the cached dir (bsc#1193629). - cifs: skip extra NULL byte in filenames (bsc#1193629). - cifs: store a pointer to a fid in the cfid structure instead of the struct (bsc#1193629). - cifs: truncate the inode and mapping when we simulate fcollapse (bsc#1193629). - cifs: update cifs_ses::ip_addr after failover (bsc#1193629). - cifs: update internal module number (bsc#1193629). - cifs: use ALIGN() and round_up() macros (bsc#1193629). - cifs: use LIST_HEAD() and list_move() to simplify code (bsc#1193629). - cifs: when a channel is not found for server, log its connection id (bsc#1193629). - cifs: when insecure legacy is disabled shrink amount of SMB1 code (bsc#1193629). - clocksource/drivers/hyperv: add data structure for reference TSC MSR (git-fixes). - cpufreq: intel_pstate: Handle no_turbo in frequency invariance (jsc#PED-849). - cpufreq: intel_pstate: Support Sapphire Rapids OOB mode (jsc#PED-849). - cpuidle: intel_idle: Drop redundant backslash at line end (jsc#PED-1936). - dm btree remove: fix use after free in rebalance_children() (git-fixes). - dm crypt: make printing of the key constant-time (git-fixes). - dm era: commit metadata in postsuspend after worker stops (git-fixes). - dm integrity: fix memory corruption when tag_size is less than digest size (git-fixes). - dm mirror log: clear log bits up to BITS_PER_LONG boundary (git-fixes). - dm raid: fix accesses beyond end of raid member array (git-fixes). - dm stats: add cond_resched when looping over entries (git-fixes). - dm thin: fix use-after-free crash in dm_sm_register_threshold_callback (git-fixes). - dm: fix double accounting of flush with data (git-fixes). - dm: interlock pending dm_io and dm_wait_for_bios_completion (git-fixes). - dm: properly fix redundant bio-based IO accounting (git-fixes). - dm: remove unnecessary assignment statement in alloc_dev() (git-fixes). - dm: return early from dm_pr_call() if DM device is suspended (git-fixes). - dm: revert partial fix for redundant bio-based IO accounting (git-fixes). - dma-buf: fix racing conflict of dma_heap_add() (git-fixes). - dmaengine: at_hdmac: Check return code of dma_async_device_register (git-fixes). - dmaengine: at_hdmac: Do not allow CPU to reorder channel enable (git-fixes). - dmaengine: at_hdmac: Do not call the complete callback on device_terminate_all (git-fixes). - dmaengine: at_hdmac: Do not start transactions at tx_submit level (git-fixes). - dmaengine: at_hdmac: Fix at_lli struct definition (git-fixes). - dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors (git-fixes). - dmaengine: at_hdmac: Fix concurrency over descriptor (git-fixes). - dmaengine: at_hdmac: Fix concurrency over the active list (git-fixes). - dmaengine: at_hdmac: Fix concurrency problems by removing atc_complete_all() (git-fixes). - dmaengine: at_hdmac: Fix descriptor handling when issuing it to hardware (git-fixes). - dmaengine: at_hdmac: Fix impossible condition (git-fixes). - dmaengine: at_hdmac: Fix premature completion of desc in issue_pending (git-fixes). - dmaengine: at_hdmac: Free the memset buf without holding the chan lock (git-fixes). - dmaengine: at_hdmac: Protect atchan->status with the channel lock (git-fixes). - dmaengine: at_hdmac: Start transfer for cyclic channels in issue_pending (git-fixes). - dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove() (git-fixes). - dmaengine: pxa_dma: use platform_get_irq_optional (git-fixes). - dmaengine: ti: k3-udma-glue: fix memory leak when register device fail (git-fixes). - docs, kprobes: Fix the wrong location of Kprobes (git-fixes). - docs/core-api: expand Fedora instructions for GCC plugins (git-fixes). - drm/amd/display: Add HUBP surface flip interrupt handler (git-fixes). - drm/amdgpu: disable BACO on special BEIGE_GOBY card (git-fixes). - drm/amdkfd: Fix NULL pointer dereference in svm_migrate_to_ram() (git-fixes). - drm/amdkfd: Migrate in CPU page fault use current mm (git-fixes). - drm/amdkfd: avoid recursive lock in migrations back to RAM (git-fixes). - drm/amdkfd: handle CPU fault on COW mapping (git-fixes). - drm/drv: Fix potential memory leak in drm_dev_init() (git-fixes). - drm/hyperv: Add ratelimit on error message (git-fixes). - drm/hyperv: Do not overwrite dirt_needed value set by host (git-fixes). - drm/i915/dmabuf: fix sg_table handling in map_dma_buf (git-fixes). - drm/i915/sdvo: Filter out invalid outputs more sensibly (git-fixes). - drm/i915/sdvo: Setup DDC fully before output init (git-fixes). - drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid (git-fixes). - drm/msm/hdmi: Remove spurious IRQF_ONESHOT flag (git-fixes). - drm/msm/hdmi: fix IRQ lifetime (git-fixes). - drm/panel: simple: set bpc field for logic technologies displays (git-fixes). - drm/rockchip: dsi: Force synchronous probe (git-fixes). - drm/vc4: Fix missing platform_unregister_drivers() call in vc4_drm_register() (git-fixes). - drm/vc4: kms: Fix IS_ERR() vs NULL check for vc4_kms (git-fixes). - drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker() (git-fixes). - dt-bindings: power: gpcv2: add power-domains property (git-fixes). - e1000e: Fix TX dispatch condition (git-fixes). - e100: Fix possible use after free in e100_xmit_prepare (git-fixes). - efi/tpm: Pass correct address to memblock_reserve (git-fixes). - efi: random: Use 'ACPI reclaim' memory for random seed (git-fixes). - efi: random: reduce seed size to 32 bytes (git-fixes). - firmware: arm_scmi: Make Rx chan_setup fail on memory errors (git-fixes). - firmware: arm_scmi: Suppress the driver's bind attributes (git-fixes). - firmware: coreboot: Register bus in module init (git-fixes). - fm10k: Fix error handling in fm10k_init_module() (git-fixes). - ftrace: Fix null pointer dereference in ftrace_add_mod() (git-fixes). - ftrace: Fix the possible incorrect kernel message (git-fixes). - ftrace: Fix use-after-free for dynamic ftrace_ops (git-fixes). - ftrace: Optimize the allocation for mcount entries (git-fixes). - fuse: add file_modified() to fallocate (bsc#1205332). - fuse: fix readdir cache race (bsc#1205331). - gpio: amd8111: Fix PCI device reference count leak (git-fixes). - hamradio: fix issue of dev reference count leakage in bpq_device_event() (git-fixes). - hv_netvsc: Fix potential dereference of NULL pointer (git-fixes). - hv_netvsc: Fix race between VF offering and VF association message from host (bsc#1204850). - hv_netvsc: Print value of invalid ID in netvsc_send_{completion,tx_complete}() (git-fixes). - hv_sock: Add validation for untrusted Hyper-V values (git-fixes). - hv_sock: Check hv_pkt_iter_first_raw()'s return value (git-fixes). - hv_sock: Copy packets sent by Hyper-V out of the ring buffer (git-fixes). - hwmon: (coretemp) Check for null before removing sysfs attrs (git-fixes). - hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() (git-fixes). - hwmon: (i5500_temp) fix missing pci_disable_device() (git-fixes). - hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails (git-fixes). - hwmon: (ina3221) Fix shunt sum critical calculation (git-fixes). - hwmon: (ltc2947) fix temperature scaling (git-fixes). - i2c: i801: add lis3lv02d's I2C address for Vostro 5568 (git-fixes). - i2c: imx: Only DMA messages with I2C_M_DMA_SAFE flag set (git-fixes). - i2c: npcm7xx: Fix error handling in npcm_i2c_init() (git-fixes). - i2c: piix4: Fix adapter not be removed in piix4_remove() (git-fixes). - i2c: tegra: Allocate DMA memory for DMA engine (git-fixes). - i2c: xiic: Add platform module alias (git-fixes). - ibmvnic: Free rwi on reset success (bsc#1184350 ltc#191533 git-fixes). - ieee802154: cc2520: Fix error return code in cc2520_hw_init() (git-fixes). - iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() (git-fixes). - iio: adc: mp2629: fix potential array out of bound access (git-fixes). - iio: adc: mp2629: fix wrong comparison of channel (git-fixes). - iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails (git-fixes). - iio: health: afe4403: Fix oob read in afe4403_read_raw (git-fixes). - iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw (git-fixes). - iio: light: apds9960: fix wrong register for gesture gain (git-fixes). - iio: light: rpr0521: add missing Kconfig dependencies (git-fixes). - iio: ms5611: Simplify IO callback parameters (git-fixes). - iio: pressure: ms5611: changed hardcoded SPI speed to value limited (git-fixes). - iio: pressure: ms5611: fixed value compensation bug (git-fixes). - iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init() (git-fixes). - init/Kconfig: fix CC_HAS_ASM_GOTO_TIED_OUTPUT test with dash (git-fixes). - intel_idle: Add AlderLake support (jsc#PED-824). - intel_idle: Fix SPR C6 optimization (jsc#PED-824 jsc#PED-1936). - intel_idle: Fix the 'preferred_cstates' module parameter (jsc#PED-824 jsc#PED-1936). - intel_idle: make SPR C1 and C1E be independent (jsc#PED-1936). - io-wq: Remove duplicate code in io_workqueue_create() (bnc#1205113). - io-wq: do not retry task_work creation failure on fatal conditions (bnc#1205113). - io-wq: ensure we exit if thread group is exiting (git-fixes). - io-wq: exclusively gate signal based exit on get_signal() return (git-fixes). - io-wq: fix cancellation on create-worker failure (bnc#1205113). - io-wq: fix silly logic error in io_task_work_match() (bnc#1205113). - io_uring: correct __must_hold annotation (git-fixes). - io_uring: drop ctx->uring_lock before acquiring sqd->lock (git-fixes). - io_uring: ensure IORING_REGISTER_IOWQ_MAX_WORKERS works with SQPOLL (git-fixes). - io_uring: fix io_timeout_remove locking (git-fixes). - io_uring: fix missing mb() before waitqueue_active (git-fixes). - io_uring: fix missing sigmask restore in io_cqring_wait() (git-fixes). - io_uring: fix possible poll event lost in multi shot mode (git-fixes). - io_uring: pin SQPOLL data before unlocking ring lock (git-fixes). - ipv6: ping: fix wrong checksum for large frames (bsc#1203183). - kABI: Fix kABI after "KVM: x86/pmu: Use different raw event masks for AMD and Intel" (git-fixes). - kbuild: Unify options for BTF generation for vmlinux and modules (bsc#1204693). - kexec: turn all kexec_mutex acquisitions into trylocks (git-fixes). - mISDN: fix misuse of put_device() in mISDN_register_device() (git-fixes). - mISDN: fix possible memory leak in mISDN_dsp_element_register() (git-fixes). - mac80211: radiotap: Use BIT() instead of shifts (git-fixes). - mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add() (git-fixes). - macsec: Fix invalid error code set (git-fixes). - macsec: add missing attribute validation for offload (git-fixes). - macsec: clear encryption keys from the stack after setting up offload (git-fixes). - macsec: delete new rxsc when offload fails (git-fixes). - macsec: fix detection of RXSCs when toggling offloading (git-fixes). - macsec: fix secy->n_rx_sc accounting (git-fixes). - md/raid5: Ensure stripe_fill happens on non-read IO with journal (git-fixes). - md/raid5: Remove unnecessary bio_put() in raid5_read_one_chunk() (git-fixes). - md: Replace snprintf with scnprintf (git-fixes, bsc#1164051). - media: cros-ec-cec: limit msg.len to CEC_MAX_MSG_SIZE (git-fixes). - media: dvb-frontends/drxk: initialize err to 0 (git-fixes). - media: meson: vdec: fix possible refcount leak in vdec_probe() (git-fixes). - media: rkisp1: Do not pass the quantization to rkisp1_csm_config() (git-fixes). - media: rkisp1: Initialize color space on resizer sink and source pads (git-fixes). - media: rkisp1: Use correct macro for gradient registers (git-fixes). - media: rkisp1: Zero v4l2_subdev_format fields in when validating links (git-fixes). - media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE (git-fixes). - media: v4l: subdev: Fail graciously when getting try data for NULL state (git-fixes). - misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (git-fixes). - mmc: core: Fix ambiguous TRIM and DISCARD arg (git-fixes). - mmc: core: properly select voltage range without power cycle (git-fixes). - mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI (git-fixes). - mmc: mmc_test: Fix removal of debugfs file (git-fixes). - mmc: sdhci-brcmstb: Enable Clock Gating to save power (git-fixes). - mmc: sdhci-brcmstb: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mmc: sdhci-brcmstb: Re-organize flags (git-fixes). - mmc: sdhci-esdhc-imx: correct CQHCI exit halt state check (git-fixes). - mmc: sdhci-esdhc-imx: use the correct host caps for MMC_CAP_8_BIT_DATA (git-fixes). - mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce timeout (git-fixes). - mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() (git-fixes). - mmc: sdhci-sprd: Fix no reset data and command after voltage switch (git-fixes). - mmc: sdhci-tegra: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mmc: sdhci_am654: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mms: sdhci-esdhc-imx: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mtd: parsers: bcm47xxpart: Fix halfblock reads (git-fixes). - mtd: parsers: bcm47xxpart: print correct offset on read error (git-fixes). - mtd: spi-nor: intel-spi: Disable write protection only if asked (git-fixes). - nbd: Fix incorrect error handle when first_minor is illegal in nbd_dev_add (git-fixes). - net/smc: Avoid overwriting the copies of clcsock callback functions (git-fixes). - net/smc: Fix an error code in smc_lgr_create() (git-fixes). - net/smc: Fix possible access to freed memory in link clear (git-fixes). - net/smc: Fix possible leaked pernet namespace in smc_init() (git-fixes). - net/smc: Fix slab-out-of-bounds issue in fallback (git-fixes). - net/smc: Fix sock leak when release after smc_shutdown() (git-fixes). - net/smc: Forward wakeup to smc socket waitqueue after fallback (git-fixes). - net/smc: Only save the original clcsock callback functions (git-fixes). - net/smc: Send directly when TCP_CORK is cleared (git-fixes). - net/smc: kABI workarounds for struct smc_link (git-fixes). - net/smc: kABI workarounds for struct smc_sock (git-fixes). - net/smc: send directly on setting TCP_NODELAY (git-fixes). - net/x25: Fix skb leak in x25_lapb_receive_frame() (git-fixes). - net: ethernet: nixge: fix NULL dereference (git-fixes). - net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed (git-fixes). - net: ethernet: ti: am65-cpsw: fix error handling in am65_cpsw_nuss_probe() (git-fixes). - net: hyperv: remove use of bpf_op_t (git-fixes). - net: mdio: fix unbalanced fwnode reference count in mdio_device_release() (git-fixes). - net: mdiobus: fix unbalanced node reference count (git-fixes). - net: phy: fix null-ptr-deref while probe() failed (git-fixes). - net: phy: marvell: add sleep time after enabling the loopback bit (git-fixes). - net: phy: mscc: macsec: clear encryption keys when freeing a flow (git-fixes). - net: smsc95xx: add support for Microchip EVB-LAN8670-USB (git-fixes). - net: stmmac: work around sporadic tx issue on link-up (git-fixes). - net: thunderbolt: Fix error handling in tbnet_init() (git-fixes). - net: thunderbolt: fix memory leak in tbnet_open() (git-fixes). - net: thunderx: Fix the ACPI memory leak (git-fixes). - net: usb: qmi_wwan: add Telit 0x103a composition (git-fixes). - net: wwan: iosm: fix dma_alloc_coherent incompatible pointer type (git-fixes). - net: wwan: iosm: fix kernel test robot reported error (git-fixes). - nfc/nci: fix race with opening and closing (git-fixes). - nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (git-fixes). - nfc: nxp-nci: Fix potential memory leak in nxp_nci_send() (git-fixes). - nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() (git-fixes). - nfc: st-nci: fix incorrect sizing calculations in EVT_TRANSACTION (git-fixes). - nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION (git-fixes). - nfc: st-nci: fix memory leaks in EVT_TRANSACTION (git-fixes). - nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry() (git-fixes). - nilfs2: fix deadlock in nilfs_count_free_blocks() (git-fixes). - nilfs2: fix nilfs_sufile_mark_dirty() not set segment usage as dirty (git-fixes). - nilfs2: fix use-after-free bug of ns_writer on remount (git-fixes). - nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure (git-fixes). - panic, kexec: make __crash_kexec() NMI safe (git-fixes). - parport_pc: Avoid FIFO port location truncation (git-fixes). - phy: ralink: mt7621-pci: add sentinel to quirks table (git-fixes). - phy: stm32: fix an error code in probe (git-fixes). - pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map (git-fixes). - pinctrl: intel: Save and restore pins in "direct IRQ" mode (git-fixes). - pinctrl: rockchip: list all pins in a possible mux route for PX30 (git-fixes). - pinctrl: single: Fix potential division by zero (git-fixes). - platform/surface: aggregator: Do not check for repeated unsequenced packets (git-fixes). - platform/x86/intel/pmt: Sapphire Rapids PMT errata fix (jsc#PED-2684 bsc#1205683). - platform/x86/intel: hid: add quirk to support Surface Go 3 (git-fixes). - platform/x86/intel: pmc: Do not unconditionally attach Intel PMC when virtualized (git-fixes). - platform/x86: acer-wmi: Enable SW_TABLET_MODE on Switch V 10 (SW5-017) (git-fixes). - platform/x86: asus-wmi: add missing pci_dev_put() in asus_wmi_set_xusb2pr() (git-fixes). - platform/x86: hp-wmi: Ignore Smart Experience App event (git-fixes). - platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi (git-fixes). - platform/x86: ideapad-laptop: Disable touchpad_switch (git-fixes). - platform/x86: touchscreen_dmi: Add info for the RCA Cambio W101 v2 2-in-1 (git-fixes). - powerpc/64: Fix build failure with allyesconfig in book3s_64_entry.S (bsc#1194869). - powerpc/boot: Explicitly disable usage of SPE instructions (bsc#1156395). - powerpc/kvm: Fix kvm_use_magic_page (bsc#1156395). - powerpc/pseries/vas: Declare pseries_vas_fault_thread_fn() as static (bsc#1194869). - proc: avoid integer type confusion in get_proc_long (git-fixes). - proc: proc_skip_spaces() shouldn't think it is working on C strings (git-fixes). - rbd: fix possible memory leak in rbd_sysfs_init() (git-fixes). - regulator: core: fix UAF in destroy_regulator() (git-fixes). - regulator: core: fix kobject release warning and memory leak in regulator_register() (git-fixes). - regulator: twl6030: re-add TWL6032_SUBCLASS (git-fixes). - ring-buffer: Include dropped pages in counting dirty patches (git-fixes). - ring_buffer: Do not deactivate non-existant pages (git-fixes). - s390/futex: add missing EX_TABLE entry to __futex_atomic_op() (bsc#1205427 LTC#200502). - s390/pci: add missing EX_TABLE entries to __pcistg_mio_inuser()/__pcilg_mio_inuser() (bsc#1205427 LTC#200502). - s390/uaccess: add missing EX_TABLE entries to __clear_user(), copy_in_user_mvcos(), copy_in_user_mvc(), clear_user_xc() and __strnlen_user() (bsc#1205428 LTC#200501). - s390: fix nospec table alignments (git-fixes). - sched: Clear ttwu_pending after enqueue_task() (git fixes (sched/core)). - sched: Disable sched domain debugfs creation on ppc64 unless sched_verbose is specified (bnc#1205653). - scripts/faddr2line: Fix regression in name resolution on ppc64le (git-fixes). - scsi: ibmvfc: Avoid path failures during live migration (bsc#1065729). - scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024 (bsc#1156395). - scsi: megaraid_sas: Correct value passed to scsi_device_lookup() (git-fixes). - scsi: mpt3sas: Fix return value check of dma_get_required_mask() (git-fixes). - scsi: qedf: Populate sysfs attributes for vport (git-fixes). - scsi: scsi_transport_sas: Fix error handling in sas_phy_add() (git-fixes). - scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes). - scsi: storvsc: Fix handling of srb_status and capacity change events (git-fixes). - scsi: storvsc: Fix typo in comment (git-fixes). - scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes). - scsi: storvsc: remove an extraneous "to" in a comment (git-fixes). - scsi: zfcp: Fix double free of FSF request when qdio send fails (git-fixes). - selftests/intel_pstate: fix build for ARCH=x86_64 (git-fixes). - selftests: mptcp: fix mibit vs mbit mix up (git-fixes). - selftests: mptcp: make sendfile selftest work (git-fixes). - selftests: mptcp: more stable simult_flows tests (git-fixes). - selftests: rtnetlink: correct xfrm policy rule in kci_test_ipsec_offload (git-fixes). - serial: 8250: 8250_omap: Avoid RS485 RTS glitch on ->set_termios() (git-fixes). - serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs (git-fixes). - serial: 8250: Flush DMA Rx on RLSI (git-fixes). - serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove() (git-fixes). - serial: 8250: omap: Flush PM QOS work on remove (git-fixes). - serial: 8250_lpss: Configure DMA also w/o DMA filter (git-fixes). - serial: 8250_omap: remove wait loop from Errata i202 workaround (git-fixes). - serial: imx: Add missing .thaw_noirq hook (git-fixes). - siox: fix possible memory leak in siox_device_add() (git-fixes). - slimbus: stream: correct presence rate frequencies (git-fixes). - smb2: small refactor in smb2_check_message() (bsc#1193629). - smb3: Move the flush out of smb2_copychunk_range() into its callers (bsc#1193629). - smb3: add dynamic trace points for tree disconnect (bsc#1193629). - smb3: add trace point for SMB2_set_eof (bsc#1193629). - smb3: allow deferred close timeout to be configurable (bsc#1193629). - smb3: check xattr value length earlier (bsc#1193629). - smb3: clarify multichannel warning (bsc#1193629). - smb3: do not log confusing message when server returns no network interfaces (bsc#1193629). - smb3: fix empty netname context on secondary channels (bsc#1193629). - smb3: fix oops in calculating shash_setkey (bsc#1193629). - smb3: fix temporary data corruption in collapse range (bsc#1193629). - smb3: fix temporary data corruption in insert range (bsc#1193629). - smb3: improve SMB3 change notification support (bsc#1193629). - smb3: interface count displayed incorrectly (bsc#1193629). - smb3: missing inode locks in punch hole (bsc#1193629). - smb3: missing inode locks in zero range (bsc#1193629). - smb3: must initialize two ACL struct fields to zero (bsc#1193629). - smb3: remove unneeded null check in cifs_readdir (bsc#1193629). - smb3: rename encryption/decryption TFMs (bsc#1193629). - smb3: use filemap_write_and_wait_range instead of filemap_write_and_wait (bsc#1193629). - smb3: use netname when available on secondary channels (bsc#1193629). - smb3: workaround negprot bug in some Samba servers (bsc#1193629). - soc: imx8m: Enable OCOTP clock before reading the register (git-fixes). - soundwire: intel: Initialize clock stop timeout (bsc#1205507). - soundwire: qcom: check for outanding writes before doing a read (git-fixes). - soundwire: qcom: reinit broadcast completion (git-fixes). - speakup: fix a segfault caused by switching consoles (git-fixes). - spi: dw-dma: decrease reference count in dw_spi_dma_init_mfld() (git-fixes). - spi: spi-imx: Fix spi_bus_clk if requested clock is higher than input clock (git-fixes). - spi: stm32: Print summary 'callbacks suppressed' message (git-fixes). - spi: stm32: fix stm32_spi_prepare_mbr() that halves spi clk for every run (git-fixes). - spi: tegra210-quad: Fix duplicate resource error (git-fixes). - thunderbolt: Add DP OUT resource when DP tunnel is discovered (git-fixes). - tools: hv: Remove an extraneous "the" (git-fixes). - tools: hv: kvp: remove unnecessary (void*) conversions (git-fixes). - tools: iio: iio_generic_buffer: Fix read size (git-fixes). - tracing/ring-buffer: Have polling block on watermark (git-fixes). - tracing: Fix memory leak in test_gen_synth_cmd() and test_empty_synth_event() (git-fixes). - tracing: Fix memory leak in tracing_read_pipe() (git-fixes). - tracing: Fix wild-memory-access in register_synth_event() (git-fixes). - tracing: kprobe: Fix memory leak in test_gen_kprobe/kretprobe_cmd() (git-fixes). - tracing: kprobe: Fix potential null-ptr-deref on trace_array in kprobe_event_gen_test_exit() (git-fixes). - tracing: kprobe: Fix potential null-ptr-deref on trace_event_file in kprobe_event_gen_test_exit() (git-fixes). - tty: n_gsm: fix sleep-in-atomic-context bug in gsm_control_send (git-fixes). - tty: serial: fsl_lpuart: do not break the on-going transfer when global reset (git-fixes). - usb: add NO_LPM quirk for Realforce 87U Keyboard (git-fixes). - usb: cdns3: host: fix endless superspeed hub port reset (git-fixes). - usb: cdnsp: Fix issue with Clear Feature Halt Endpoint (git-fixes). - usb: cdnsp: fix issue with ZLP - added TD_SIZE = 1 (git-fixes). - usb: chipidea: fix deadlock in ci_otg_del_timer (git-fixes). - usb: dwc3: exynos: Fix remove() function (git-fixes). - usb: dwc3: gadget: Clear ep descriptor last (git-fixes). - usb: dwc3: gadget: Return -ESHUTDOWN on ep disable (git-fixes). - usb: dwc3: gadget: conditionally remove requests (git-fixes). - usb: smsc: use eth_hw_addr_set() (git-fixes). - usb: typec: mux: Enter safe mode only when pins need to be reconfigured (git-fixes). - usb: xhci-mtk: check boundary before check tt (git-fixes). - usb: xhci-mtk: update fs bus bandwidth by bw_budget_table (git-fixes). - usbnet: smsc95xx: Do not reset PHY behind PHY driver's back (git-fixes). - v3 of "PCI: hv: Only reuse existing IRTE allocation for Multi-MSI" - video/fbdev/stifb: Implement the stifb_fillrect() function (git-fixes). - virtio-blk: Use blk_validate_block_size() to validate block size (git-fixes). - vmxnet3: correctly report encapsulated LRO packet (git-fixes). - vmxnet3: use correct intrConf reference when using extended queues (git-fixes). - wifi: airo: do not assign -1 to unsigned char (git-fixes). - wifi: ath11k: Fix QCN9074 firmware boot on x86 (git-fixes). - wifi: ath11k: avoid deadlock during regulatory update in ath11k_regd_update() (git-fixes). - wifi: cfg80211: do not allow multi-BSSID in S1G (git-fixes). - wifi: cfg80211: fix buffer overflow in elem comparison (git-fixes). - wifi: cfg80211: fix memory leak in query_regdb_file() (git-fixes). - wifi: cfg80211: silence a sparse RCU warning (git-fixes). - wifi: mac80211: Fix ack frame idr leak when mesh has no route (git-fixes). - wifi: mac80211: fix memory free error when registering wiphy fail (git-fixes). - wifi: mac80211_hwsim: fix debugfs attribute ps with rc table support (git-fixes). - wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration (git-fixes). - wifi: wext: use flex array destination for memcpy() (git-fixes). - wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_CHANNEL_LIST attribute (git-fixes). - wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_OPER_CHANNEL attribute (git-fixes). - wifi: wilc1000: validate number of channels (git-fixes). - wifi: wilc1000: validate pairwise and authentication suite offsets (git-fixes). - x86/Xen: streamline (and fix) PV CPU enumeration (git-fixes). - x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from S3 (bsc#1206037). - x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473). - x86/entry: Work around Clang __bdos() bug (git-fixes). - x86/extable: Extend extable functionality (git-fixes). - x86/fpu: Drop fpregs lock before inheriting FPU permissions (bnc#1205282). - x86/futex: Remove .fixup usage (git-fixes). - x86/hyperv: Disable hardlockup detector by default in Hyper-V guests (git-fixes). - x86/hyperv: Fix 'struct hv_enlightened_vmcs' definition (git-fixes). - x86/hyperv: Update 'struct hv_enlightened_vmcs' definition (git-fixes). - x86/hyperv: fix invalid writes to MSRs during root partition kexec (git-fixes). - x86/kexec: Fix double-free of elf header buffer (bsc#1205567). - x86/microcode/AMD: Apply the patch early on every logical thread (bsc#1205264). - x86/uaccess: Implement macros for CMPXCHG on user addresses (git-fixes). - xen/gntdev: Accommodate VMA splitting (git-fixes). - xen/pcpu: fix possible memory leak in register_pcpu() (git-fixes). - xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32 (git-fixes). - xfs: convert XLOG_FORCED_SHUTDOWN() to xlog_is_shutdown() (git-fixes). - xfs: fix perag reference leak on iteration race with growfs (git-fixes). - xfs: fix xfs_ifree() error handling to not leak perag ref (git-fixes). - xfs: reserve quota for dir expansion when linking/unlinking files (bsc#1205616). - xfs: reserve quota for target dir expansion when renaming files (bsc#1205679). kernel-default-5.14.21-150400.24.38.1.nosrc.rpm True kernel-default-5.14.21-150400.24.38.1.x86_64.rpm True kernel-default-base-5.14.21-150400.24.38.1.150400.24.13.2.src.rpm True kernel-default-base-5.14.21-150400.24.38.1.150400.24.13.2.x86_64.rpm True kernel-default-devel-5.14.21-150400.24.38.1.x86_64.rpm True kernel-devel-5.14.21-150400.24.38.1.noarch.rpm True kernel-macros-5.14.21-150400.24.38.1.noarch.rpm True kernel-source-5.14.21-150400.24.38.1.src.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2022-4453 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for wireshark fixes the following issues: Update to version 3.6.10: - CVE-2022-3725: OPUS dissector crash (bsc#1204822). - Multiple dissector infinite loops (bsc#1206189). - Kafka dissector memory exhaustion (bsc#1206190). libwireshark15-3.6.10-150000.3.78.1.x86_64.rpm libwiretap12-3.6.10-150000.3.78.1.x86_64.rpm libwsutil13-3.6.10-150000.3.78.1.x86_64.rpm wireshark-3.6.10-150000.3.78.1.src.rpm wireshark-3.6.10-150000.3.78.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-25 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for timezone fixes the following issues: Version update from 2022f to 2022g (bsc#1177460): - In the Mexican state of Chihuahua: * The border strip near the US will change to agree with nearby US locations on 2022-11-30. * The strip's western part, represented by Ciudad Juarez, switches from -06 all year to -07/-06 with US DST rules, like El Paso, TX. * The eastern part, represented by Ojinaga, will observe US DST next year, like Presidio, TX. * A new Zone America/Ciudad_Juarez splits from America/Ojinaga. - Much of Greenland, represented by America/Nuuk, stops observing winter time after March 2023, so its daylight saving time becomes standard time. - Changes for pre-1996 northern Canada - Update to past DST transition in Colombia (1993), Singapore (1981) - 'timegm' is now supported by default timezone-2022g-150000.75.18.1.src.rpm timezone-2022g-150000.75.18.1.x86_64.rpm timezone-java-2022g-150000.75.18.1.noarch.rpm timezone-java-2022g-150000.75.18.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-87 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for python-cairo ships the missing python3-cairo to openSUSE Leap Micro 5.3. python-cairo-1.15.1-150000.3.8.1.src.rpm python3-cairo-1.15.1-150000.3.8.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4492 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for mozilla-nss fixes the following issues: - FIPS: Disapprove the creation of DSA keys, i.e. mark them as not-fips (bsc#1201298) - FIPS: Allow the use SHA keygen mechs (bsc#1191546). - FIPS: ensure abort() is called when the repeat integrity check fails (bsc#1198980). libfreebl3-3.79.2-150400.3.18.1.x86_64.rpm libfreebl3-32bit-3.79.2-150400.3.18.1.x86_64.rpm libfreebl3-hmac-3.79.2-150400.3.18.1.x86_64.rpm libsoftokn3-3.79.2-150400.3.18.1.x86_64.rpm libsoftokn3-32bit-3.79.2-150400.3.18.1.x86_64.rpm libsoftokn3-hmac-3.79.2-150400.3.18.1.x86_64.rpm libsoftokn3-hmac-32bit-3.79.2-150400.3.18.1.x86_64.rpm mozilla-nss-3.79.2-150400.3.18.1.src.rpm mozilla-nss-3.79.2-150400.3.18.1.x86_64.rpm mozilla-nss-32bit-3.79.2-150400.3.18.1.x86_64.rpm mozilla-nss-certs-3.79.2-150400.3.18.1.x86_64.rpm mozilla-nss-devel-3.79.2-150400.3.18.1.x86_64.rpm mozilla-nss-sysinit-3.79.2-150400.3.18.1.x86_64.rpm mozilla-nss-tools-3.79.2-150400.3.18.1.x86_64.rpm libfreebl3-hmac-32bit-3.79.2-150400.3.18.1.x86_64.rpm mozilla-nss-certs-32bit-3.79.2-150400.3.18.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4597 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). - CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308). curl-7.79.1-150400.5.12.1.src.rpm curl-7.79.1-150400.5.12.1.x86_64.rpm libcurl-devel-7.79.1-150400.5.12.1.x86_64.rpm libcurl4-32bit-7.79.1-150400.5.12.1.x86_64.rpm libcurl4-7.79.1-150400.5.12.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-18 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libnvme, nvme-cli and nvme-stas fixes the following issues: libnvme, nvme-cli: - Fix 'persistent' handling during connect-all with JSON file (bsc#1205657) nvme-stas: - Avahi: Handle upper/lower case 'NQN/nqn' in TXT attribute (bsc#1205873) - staslib: Trim whitespaces at the source (bsc#1204975) - stafd: Add "origin" parameter to DC controller objects libnvme-1.0-150400.3.12.1.src.rpm libnvme-devel-1.0-150400.3.12.1.x86_64.rpm libnvme1-1.0-150400.3.12.1.x86_64.rpm nvme-cli-2.0-150400.3.12.1.src.rpm nvme-cli-2.0-150400.3.12.1.x86_64.rpm nvme-cli-bash-completion-2.0-150400.3.12.1.x86_64.rpm nvme-cli-zsh-completion-2.0-150400.3.12.1.x86_64.rpm nvme-stas-1.1.8-150400.3.6.1.src.rpm nvme-stas-1.1.8-150400.3.6.1.x86_64.rpm python3-libnvme-1.0-150400.3.12.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4629 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). libsystemd0-249.12-150400.8.16.1.x86_64.rpm libsystemd0-32bit-249.12-150400.8.16.1.x86_64.rpm libudev1-249.12-150400.8.16.1.x86_64.rpm libudev1-32bit-249.12-150400.8.16.1.x86_64.rpm systemd-249.12-150400.8.16.1.src.rpm systemd-249.12-150400.8.16.1.x86_64.rpm systemd-container-249.12-150400.8.16.1.x86_64.rpm systemd-coredump-249.12-150400.8.16.1.x86_64.rpm systemd-devel-249.12-150400.8.16.1.x86_64.rpm systemd-doc-249.12-150400.8.16.1.x86_64.rpm systemd-lang-249.12-150400.8.16.1.noarch.rpm systemd-sysvinit-249.12-150400.8.16.1.x86_64.rpm udev-249.12-150400.8.16.1.x86_64.rpm systemd-32bit-249.12-150400.8.16.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-82 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for scap-security-guide fixes the following issues: scap-security-guide was updated to 0.1.65 (jsc#ECO-3319) - Introduce cui profile for OL9 - Remove Support for OVAL 5.10 - Rename account_passwords_pam_faillock_audit - CI ansible hardening and rename of existing Bash hardening - Update contributors list for v0.1.65 release - various SUSE profile specific fixes - require sudo, as remediations touch sudo config or use sudo. (bsc#1203602) scap-security-guide-0.1.65-150000.1.53.1.noarch.rpm scap-security-guide-0.1.65-150000.1.53.1.src.rpm scap-security-guide-debian-0.1.65-150000.1.53.1.noarch.rpm scap-security-guide-redhat-0.1.65-150000.1.53.1.noarch.rpm scap-security-guide-ubuntu-0.1.65-150000.1.53.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-39 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for yast2-security fixes the following issues: yast2-security was updated to 4.4.18: - AutoYaST: export security policy settings (related to DISA STIG enablement / jsc#SLE-24764). skelcd-control-leanos: - is delivered to the INSTALLER channel to enable the DISA STIG feature. yast2-security-4.4.18-150400.3.13.1.noarch.rpm yast2-security-4.4.18-150400.3.13.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-52 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for xfsprogs fixes the following issues: - mkfs: don't trample the gid set in the protofile (bsc#1205266) - mkfs: prevent corruption of passed-in suboption string values (bsc#1205377) - mkfs: terminate getsubopt arrays properly (bsc#1205284) - xfs_repair: ignore empty xattr leaf blocks (bsc#1205272) libhandle1-5.13.0-150400.3.3.1.x86_64.rpm xfsprogs-5.13.0-150400.3.3.1.src.rpm xfsprogs-5.13.0-150400.3.3.1.x86_64.rpm xfsprogs-devel-5.13.0-150400.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-54 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for bash-completion fixes the following issues: - Fix curl help completion (bsc#1200791) bash-completion-2.7-150400.13.3.1.noarch.rpm bash-completion-2.7-150400.13.3.1.src.rpm bash-completion-devel-2.7-150400.13.3.1.noarch.rpm bash-completion-doc-2.7-150400.13.3.1.noarch.rpm bash-completion-doc-2.7-150400.13.3.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-51 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for suse-module-tools fixes the following issues: - 80-hotplug-cpu-mem.rules: Restrict udev rule for Hotplug physical CPU to x86_64 architecture (bsc#1204423) - driver-check.sh, unblacklist: Convert `egrep` to `grep -E` (bsc#1203092) - driver-check.sh: Avoid false positive error messages (bsc#1200107) - kernel-scriptlets: Don't pass flags to weak-modules2 (bsc#1195391) suse-module-tools-15.4.15-150400.3.5.1.src.rpm suse-module-tools-15.4.15-150400.3.5.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4586 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for openssl-3 fixes the following issues: - CVE-2022-3996: Fixed X.509 Policy Constraints Double Locking (bsc#1206374) libopenssl-3-devel-3.0.1-150400.4.14.1.x86_64.rpm libopenssl3-3.0.1-150400.4.14.1.x86_64.rpm openssl-3-3.0.1-150400.4.14.1.src.rpm openssl-3-3.0.1-150400.4.14.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-50 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for shadow fixes the following issues: - Fix issue with user id field that cannot be interpreted (bsc#1205502) login_defs-4.8.1-150400.10.3.1.noarch.rpm shadow-4.8.1-150400.10.3.1.src.rpm shadow-4.8.1-150400.10.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-384 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for irqbalance fixes the following issues: - Fix `--banmod` option not working as expected (bsc#1206661, bsc#1204962) irqbalance-1.8.0.18.git+2435e8d-150400.3.5.1.src.rpm irqbalance-1.8.0.18.git+2435e8d-150400.3.5.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-49 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for llvm9 fixes the following issues: - Keep DFLTCC environment during testing so we can disable the compression facility on s390x which causes testsuite issues (bsc#1189602) - Drop RUNPATH from packaged binaries, instead set LD_LIBRARY_PATH for building and testing to simulate behavior of actual package (bsc#1197776) libLLVM9-9.0.1-150200.3.6.1.x86_64.rpm libclang9-9.0.1-150200.3.6.1.x86_64.rpm llvm9-9.0.1-150200.3.6.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4639 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for polkit-default-privs fixes the following issues: Update to version 13.2+20221216.a0c29e6: - backport usbguard actions (bsc#1206414). polkit-default-privs-13.2+20221216.a0c29e6-150400.3.3.1.noarch.rpm polkit-default-privs-13.2+20221216.a0c29e6-150400.3.3.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-142 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for bind fixes the following issues: Version update from 9.16.33 to 9.16.35 (jsc#SLE-24801, jsc#SLE-24600) - New Features: * Support for parsing and validating the dohpath service parameter in SVCB records was added. * named now logs the supported cryptographic algorithms during startup and in the output of named -V - Bug Fixes: * A crash was fixed that happened when a dnssec-policy zone that used NSEC3 was reconfigured to enable inline-signing. * In certain resolution scenarios, quotas could be erroneously reached for servers, including any configured forwarders, resulting in SERVFAIL answers being sent to clients. * rpz-ip rules in response-policy zones could be ineffective in some cases if a query had the CD (Checking Disabled) bit set to 1. * Previously, if Internet connectivity issues were experienced during the initial startup of named, a BIND resolver with dnssec-validation set to auto could enter into a state where it would not recover without stopping named, manually deleting the managed-keys.bind and managed-keys.bind.jnl files, and starting named again. * The statistics counter representing the current number of clients awaiting recursive resolution results (RecursClients) could overflow in certain resolution scenarios. * Previously, BIND failed to start on Solaris-based systems with hundreds of CPUs. * When a DNS resource records TTL value was equal to the resolver configured prefetch eligibility value, the record was erroneously not treated as eligible for prefetching. * Changing just the TSIG key names for primaries in catalog zones member zones was not effective. This has been fixed. - Known Issues: * Upgrading from BIND 9.16.32 or any older version may require a manual configuration change. The following configurations are affected: + type primary zones configured with dnssec-policy but without either allow-update or update-policy + type secondary zones configured with dnssec-policy In these cases please add inline-signing yes; to the individual zone configuration(s). Without applying this change, named will fail to start. For more details, see https://kb.isc.org/docs/dnssec-policy-requires-dynamic-dns-or-inline-signing bind-9.16.35-150400.5.14.1.src.rpm bind-utils-9.16.35-150400.5.14.1.x86_64.rpm python3-bind-9.16.35-150400.5.14.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-41 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for kdump fixes the following issues: - Make the kdump-save.service reboot after kdump-save is finished (bsc#1204000) - Fix renaming of qeth interfaces (bsc#1204743, bsc#1144337) - Rebuild initrd image after migration on ppc64 architecture (bsc#1191410) kdump-1.0.2+git18.g615d6ab-150400.3.8.1.src.rpm kdump-1.0.2+git18.g615d6ab-150400.3.8.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4631 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for vim fixes the following issues: Updated to version 9.0.1040: - CVE-2022-3491: vim: Heap-based Buffer Overflow prior to 9.0.0742 (bsc#1206028). - CVE-2022-3520: vim: Heap-based Buffer Overflow (bsc#1206071). - CVE-2022-3591: vim: Use After Free (bsc#1206072). - CVE-2022-4292: vim: Use After Free in GitHub repository vim/vim prior to 9.0.0882 (bsc#1206075). - CVE-2022-4293: vim: Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804 (bsc#1206077). - CVE-2022-4141: vim: heap-buffer-overflow in alloc.c 246:11 (bsc#1205797). - CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c (bsc#1204779). vim-9.0.1040-150000.5.31.1.src.rpm vim-9.0.1040-150000.5.31.1.x86_64.rpm vim-data-9.0.1040-150000.5.31.1.noarch.rpm vim-data-common-9.0.1040-150000.5.31.1.noarch.rpm vim-small-9.0.1040-150000.5.31.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4628 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). libsqlite3-0-3.39.3-150000.3.20.1.x86_64.rpm sqlite3-3.39.3-150000.3.20.1.src.rpm sqlite3-3.39.3-150000.3.20.1.x86_64.rpm sqlite3-devel-3.39.3-150000.3.20.1.x86_64.rpm sqlite3-tcl-3.39.3-150000.3.20.1.x86_64.rpm libsqlite3-0-32bit-3.39.3-150000.3.20.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-143 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for bind fixes the following issues: - Add systemd drop-in directory for named service (bsc#1201689) bind-9.16.6-150300.22.24.1.src.rpm libbind9-1600-9.16.6-150300.22.24.1.x86_64.rpm libdns1605-9.16.6-150300.22.24.1.x86_64.rpm libirs1601-9.16.6-150300.22.24.1.x86_64.rpm libisc1606-9.16.6-150300.22.24.1.x86_64.rpm libisccc1600-9.16.6-150300.22.24.1.x86_64.rpm libisccfg1600-9.16.6-150300.22.24.1.x86_64.rpm libns1604-9.16.6-150300.22.24.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-177 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for util-linux fixes the following issues: - Fix tests not passing when '@' character is in build path: Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038). - libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646). libblkid-devel-2.37.2-150400.8.14.1.x86_64.rpm libblkid-devel-static-2.37.2-150400.8.14.1.x86_64.rpm libblkid1-2.37.2-150400.8.14.1.x86_64.rpm libfdisk-devel-2.37.2-150400.8.14.1.x86_64.rpm libfdisk1-2.37.2-150400.8.14.1.x86_64.rpm libmount-devel-2.37.2-150400.8.14.1.x86_64.rpm libmount1-2.37.2-150400.8.14.1.x86_64.rpm libsmartcols-devel-2.37.2-150400.8.14.1.x86_64.rpm libsmartcols1-2.37.2-150400.8.14.1.x86_64.rpm libuuid-devel-2.37.2-150400.8.14.1.x86_64.rpm libuuid-devel-static-2.37.2-150400.8.14.1.x86_64.rpm libuuid1-2.37.2-150400.8.14.1.x86_64.rpm util-linux-2.37.2-150400.8.14.1.src.rpm util-linux-2.37.2-150400.8.14.1.x86_64.rpm util-linux-lang-2.37.2-150400.8.14.1.noarch.rpm util-linux-systemd-2.37.2-150400.8.14.1.src.rpm util-linux-systemd-2.37.2-150400.8.14.1.x86_64.rpm libblkid1-32bit-2.37.2-150400.8.14.1.x86_64.rpm libmount1-32bit-2.37.2-150400.8.14.1.x86_64.rpm libuuid1-32bit-2.37.2-150400.8.14.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-37 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622) Removed CAs: - Global Chambersign Root - EC-ACC - Network Solutions Certificate Authority - Staat der Nederlanden EV Root CA - SwissSign Platinum CA - G2 Added CAs: - DIGITALSIGN GLOBAL ROOT ECDSA CA - DIGITALSIGN GLOBAL ROOT RSA CA - Security Communication ECC RootCA1 - Security Communication RootCA3 Changed trust: - TrustCor certificates only trusted up to Nov 30 (bsc#1206212) - Removed CAs (bsc#1206212) as most code does not handle "valid before nov 30 2022" and it is not clear how many certs were issued for SSL middleware by TrustCor: - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 ca-certificates-mozilla-2.60-150200.27.1.noarch.rpm ca-certificates-mozilla-2.60-150200.27.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2022-4634 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for webkit2gtk3 fixes the following issues: Update to version 2.38.3: - CVE-2022-42856: Fixed a potential arbitrary code execution when processing maliciously crafted web content (bsc#1206474). libjavascriptcoregtk-4_0-18-2.38.3-150400.4.25.1.x86_64.rpm libwebkit2gtk-4_0-37-2.38.3-150400.4.25.1.x86_64.rpm typelib-1_0-JavaScriptCore-4_0-2.38.3-150400.4.25.1.x86_64.rpm typelib-1_0-WebKit2-4_0-2.38.3-150400.4.25.1.x86_64.rpm typelib-1_0-WebKit2WebExtension-4_0-2.38.3-150400.4.25.1.x86_64.rpm webkit2gtk-4_0-injected-bundles-2.38.3-150400.4.25.1.x86_64.rpm webkit2gtk3-soup2-2.38.3-150400.4.25.1.src.rpm webkit2gtk3-soup2-devel-2.38.3-150400.4.25.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-33 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for xrdp fixes the following issues: - CVE-2022-23468: Fixed a buffer overflow in xrdp_login_wnd_create() (bsc#1206300). - CVE-2022-23478: Fixed an out of bound write in xrdp_mm_trans_process_drdynvc_chan() (bsc#1206302). - CVE-2022-23479: Fixed a buffer overflow in xrdp_mm_chan_data_in() (bsc#1206303). - CVE-2022-23480: Fixed a buffer overflow in devredir_proc_client_devlist_announce_req() (bsc#1206306). - CVE-2022-23481: Fixed an out of bound read in xrdp_caps_process_confirm_active() (bsc#1206307). - CVE-2022-23482: Fixed an out of bound read in xrdp_sec_process_mcs_data_CS_CORE() (bsc#1206310). - CVE-2022-23483: Fixed an out of bound read in libxrdp_send_to_channel() (bsc#1206311). - CVE-2022-23484: Fixed a integer overflow in xrdp_mm_process_rail_update_window_text() (bsc#1206312). - CVE-2022-23493: Fixed an out of bound read in xrdp_mm_trans_process_drdynvc_channel_close() (bsc#1206313). libpainter0-0.9.13.1-150200.4.15.1.x86_64.rpm librfxencode0-0.9.13.1-150200.4.15.1.x86_64.rpm xrdp-0.9.13.1-150200.4.15.1.src.rpm xrdp-0.9.13.1-150200.4.15.1.x86_64.rpm xrdp-devel-0.9.13.1-150200.4.15.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-860 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for yast2-add-on fixes the following issues: - Fixed failure with the "media_url" element in AutoYaST profile containing CDATA block with spaces (bsc#1205928) yast2-add-on-4.4.8-150400.3.3.1.noarch.rpm yast2-add-on-4.4.8-150400.3.3.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-47 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for cepces fixes the following issues: - Make the openssl security level configurable (bsc#1204788) cepces-0.3.4-150400.3.6.1.noarch.rpm cepces-0.3.4-150400.3.6.1.src.rpm cepces-certmonger-0.3.4-150400.3.6.1.noarch.rpm python3-cepces-0.3.4-150400.3.6.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-46 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for hwdata fixes the following issues: - Update pci, usb and vendor ids hwdata-0.365-150000.3.54.1.noarch.rpm hwdata-0.365-150000.3.54.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-48 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libtirpc fixes the following issues: - Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467) libtirpc-1.2.6-150300.3.17.1.src.rpm libtirpc-devel-1.2.6-150300.3.17.1.x86_64.rpm libtirpc-netconfig-1.2.6-150300.3.17.1.x86_64.rpm libtirpc3-1.2.6-150300.3.17.1.x86_64.rpm libtirpc3-32bit-1.2.6-150300.3.17.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-56 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libksba fixes the following issues: - CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL signature parser (bsc#1206579). libksba-1.3.5-150000.4.6.1.src.rpm libksba-devel-1.3.5-150000.4.6.1.x86_64.rpm libksba8-1.3.5-150000.4.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-75 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for net-snmp fixes the following issues: - CVE-2022-44793: Fixed a NULL pointer dereference issue that could allow a remote attacker with write access to crash the server instance (bsc#1205148). - CVE-2022-44792: Fixed a NULL pointer dereference issue that could allow a remote attacker with write access to crash the server instance (bsc#1205150). Other fixes: - Enabled AES-192 and AES-256 privacy protocols (bsc#1206828). - Fixed an incorrect systemd hardening that caused home directory size and allocation to be listed incorrectly (bsc#1206044) libsnmp40-5.9.3-150300.15.8.1.x86_64.rpm net-snmp-5.9.3-150300.15.8.1.src.rpm net-snmp-5.9.3-150300.15.8.1.x86_64.rpm net-snmp-devel-5.9.3-150300.15.8.1.x86_64.rpm perl-SNMP-5.9.3-150300.15.8.1.x86_64.rpm snmp-mibs-5.9.3-150300.15.8.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-79 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for python-future fixes the following issues: - CVE-2022-40899: Fixed an issue that could allow attackers to cause an excessive CPU usage via a crafted Set-Cookie header (bsc#1206673). python-future-0.18.2-150300.3.3.1.src.rpm python3-future-0.18.2-150300.3.3.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-139 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for python-certifi fixes the following issues: - remove all TrustCor CAs, as TrustCor issued multiple man-in-the-middle certs (bsc#1206212 CVE-2022-23491) - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 - Add removeTrustCor.patch python-certifi-2018.1.18-150000.3.3.1.src.rpm python3-certifi-2018.1.18-150000.3.3.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-65 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for w3m fixes the following issues: - CVE-2022-38223: Fixed a memory safety issue when dumping crafted input to standard out (bsc#1202684). w3m-0.5.3+git20180125-150000.3.3.1.src.rpm w3m-0.5.3+git20180125-150000.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-151 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for xrdp fixes the following issues: - CVE-2022-23477: Fixed a buffer overflow for oversized audio format from client (bsc#1206301). libpainter0-0.9.13.1-150200.4.18.1.x86_64.rpm librfxencode0-0.9.13.1-150200.4.18.1.x86_64.rpm xrdp-0.9.13.1-150200.4.18.1.src.rpm xrdp-0.9.13.1-150200.4.18.1.x86_64.rpm xrdp-devel-0.9.13.1-150200.4.18.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-88 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for python-wheel fixes the following issues: - CVE-2022-40898: Fixed an excessive use of CPU that could be triggered via a crafted regular expression (bsc#1206670). python-wheel-0.32.3-150100.6.5.1.src.rpm python3-wheel-0.32.3-150100.6.5.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-489 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for webkit2gtk3 fixes the following issues: Update to version 2.38.5 (boo#1208328): - CVE-2023-23529: Fixed possible arbitrary code execution via maliciously crafted web content. Update to version 2.38.4 (boo#1207997): - CVE-2023-23517: Fixed web content processing that could have led to arbitrary code execution. - CVE-2023-23518: Fixed web content processing that could have led to arbitrary code execution. - CVE-2022-42826: Fixed a use-after-free issue that was caused by improper memory management. New CVE and bug references where added for already released updates: Update to version 2.38.3 (boo#1206750): - CVE-2022-42852: Fixed disclosure of process memory by improved memory handling. - CVE-2022-42867: Fixed a use after free issue was addressed with improved memory management. - CVE-2022-46692: Fixed bypass of Same Origin Policy through improved state management. - CVE-2022-46698: Fixed disclosure of sensitive user information with improved checks. - CVE-2022-46699: Fixed an arbitrary code execution caused by memory corruption. - CVE-2022-46700: Fixed a potential arbitrary code execution when processing maliciously crafted web content. Update to version 2.38.1: - CVE-2022-46691: Fixed a potential arbitrary code execution when processing maliciously crafted web content. Update to version 2.38.0: - CVE-2022-42863: Fixed a potential arbitrary code execution when processing maliciously crafted web content. libjavascriptcoregtk-4_0-18-2.38.5-150400.4.34.2.x86_64.rpm libwebkit2gtk-4_0-37-2.38.5-150400.4.34.2.x86_64.rpm typelib-1_0-JavaScriptCore-4_0-2.38.5-150400.4.34.2.x86_64.rpm typelib-1_0-WebKit2-4_0-2.38.5-150400.4.34.2.x86_64.rpm typelib-1_0-WebKit2WebExtension-4_0-2.38.5-150400.4.34.2.x86_64.rpm webkit2gtk-4_0-injected-bundles-2.38.5-150400.4.34.2.x86_64.rpm webkit2gtk3-soup2-2.38.5-150400.4.34.2.src.rpm webkit2gtk3-soup2-devel-2.38.5-150400.4.34.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-159 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for python-setuptools fixes the following issues: - CVE-2022-40897: Fixed an excessive CPU usage that could be triggered by fetching a malicious HTML document (bsc#1206667). python-setuptools-44.1.1-150400.3.3.1.src.rpm python-setuptools-test-44.1.1-150400.3.3.1.src.rpm python-setuptools-wheel-44.1.1-150400.3.3.1.src.rpm python3-setuptools-44.1.1-150400.3.3.1.noarch.rpm python3-setuptools-test-44.1.1-150400.3.3.1.noarch.rpm python3-setuptools-wheel-44.1.1-150400.3.3.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-119 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for mozilla-nss fixes the following issues: - CVE-2022-3479: Fixed a potential crash that could be triggered when a server requested a client authentication certificate, but the client had no certificates stored (bsc#1204272). - Updated to version 3.79.3 (bsc#1207038): - CVE-2022-23491: Removed trust for 3 root certificates from TrustCor. libfreebl3-3.79.3-150400.3.23.1.x86_64.rpm libfreebl3-32bit-3.79.3-150400.3.23.1.x86_64.rpm libfreebl3-hmac-3.79.3-150400.3.23.1.x86_64.rpm libsoftokn3-3.79.3-150400.3.23.1.x86_64.rpm libsoftokn3-32bit-3.79.3-150400.3.23.1.x86_64.rpm libsoftokn3-hmac-3.79.3-150400.3.23.1.x86_64.rpm libsoftokn3-hmac-32bit-3.79.3-150400.3.23.1.x86_64.rpm mozilla-nss-3.79.3-150400.3.23.1.src.rpm mozilla-nss-3.79.3-150400.3.23.1.x86_64.rpm mozilla-nss-32bit-3.79.3-150400.3.23.1.x86_64.rpm mozilla-nss-certs-3.79.3-150400.3.23.1.x86_64.rpm mozilla-nss-devel-3.79.3-150400.3.23.1.x86_64.rpm mozilla-nss-sysinit-3.79.3-150400.3.23.1.x86_64.rpm mozilla-nss-tools-3.79.3-150400.3.23.1.x86_64.rpm libfreebl3-hmac-32bit-3.79.3-150400.3.23.1.x86_64.rpm mozilla-nss-certs-32bit-3.79.3-150400.3.23.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-171 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libXpm fixes the following issues: - CVE-2022-46285: Fixed an infinite loop that could be triggered when reading a XPM image with a C-style comment that is never closed (bsc#1207029). - CVE-2022-44617: Fixed an excessive resource consumption that could be triggered when reading small crafted XPM image (bsc#1207030). - CVE-2022-4883: Fixed an issue that made decompression commands susceptible to PATH environment variable manipulation attacks (bsc#1207031). libXpm-3.5.12-150000.3.7.2.src.rpm libXpm-devel-3.5.12-150000.3.7.2.x86_64.rpm libXpm4-3.5.12-150000.3.7.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-788 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libsolv, libzypp, zypper fixes the following issues: libsolv: - Do not autouninstall SUSE PTF packages - Ensure 'duplinvolvedmap_all' is reset when a solver is reused - Fix "keep installed" jobs not disabling "best update" rules - New '-P' and '-W' options for `testsolv` - New introspection interface for weak dependencies similar to ruleinfos - Ensure special case file dependencies are written correctly in the testcase writer - Support better info about alternatives - Support decision reason queries - Support merging of related decisions - Support stringification of multiple solvables - Support stringification of ruleinfo, decisioninfo and decision reasons libzypp: - Avoid calling getsockopt when we know the info already. This patch should fix logging on WSL, getsockopt seems to not be fully supported but the code required it when accepting new socket connections (bsc#1178233) - Avoid redirecting 'history.logfile=/dev/null' into the target - Create '.no_auto_prune' in the package cache dir to prevent auto cleanup of orphaned repositories (bsc#1204956) - Enhance yaml-cpp detection - Improve download of optional files - MultiCurl: Make sure to reset the progress function when falling back. - Properly reset range requests (bsc#1204548) - Removing a PTF without enabled repos should always fail (bsc#1203248) Without enabled repos, the dependent PTF-packages would be removed (not replaced!) as well. To remove a PTF `zypper install -- -PTF` or a dedicated `zypper removeptf PTF` should be used. This will update the installed PTF packages to theit latest version. - Skip media.1/media download for http repo status calc. This patch allows zypp to skip a extra media.1/media download to calculate if a repository needs to be refreshed. This optimisation only takes place if the repo does specify only downloading base urls. - Use a dynamic fallback for BLKSIZE in downloads. When not receiving a blocklist via metalink file from the server MediaMultiCurl used to fallback to a fixed, relatively small BLKSIZE. This patch changes the fallback into a dynamic value based on the filesize using a similar metric as the MirrorCache implementation on the server side. - ProgressData: enforce reporting the INIT||END state (bsc#1206949) - ps: fix service detection on newer Tumbleweed systems (bsc#1205636) zypper: - Allow to (re)add a service with the same URL (bsc#1203715) - Bump dependency requirement to libzypp-devel 17.31.7 or greater - Explain outdatedness of repositories - patterns: Avoid dispylaing superfluous @System entries (bsc#1205570) - Provide `removeptf` command (bsc#1203249) A remove command which prefers replacing dependant packages to removing them as well. A PTF is typically removed as soon as the fix it provides is applied to the latest official update of the dependant packages. However it is not desired for the dependant packages to be removed together with the PTF, which is what the remove command would do. The `removeptf` command however will aim to replace the dependant packages by their official update versions. - Update man page and explain '.no_auto_prune' (bsc#1204956) libsolv-0.7.23-150400.3.3.1.src.rpm True libsolv-devel-0.7.23-150400.3.3.1.x86_64.rpm True libsolv-tools-0.7.23-150400.3.3.1.x86_64.rpm True libzypp-17.31.8-150400.3.14.1.src.rpm True libzypp-17.31.8-150400.3.14.1.x86_64.rpm True libzypp-devel-17.31.8-150400.3.14.1.x86_64.rpm True python3-solv-0.7.23-150400.3.3.1.x86_64.rpm True ruby-solv-0.7.23-150400.3.3.1.x86_64.rpm True zypper-1.14.59-150400.3.12.2.src.rpm True zypper-1.14.59-150400.3.12.2.x86_64.rpm True zypper-log-1.14.59-150400.3.12.2.noarch.rpm True zypper-needs-restarting-1.14.59-150400.3.12.2.noarch.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2023-188 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues libminizip1-1.2.11-150000.3.39.1.x86_64.rpm libz1-1.2.11-150000.3.39.1.x86_64.rpm libz1-32bit-1.2.11-150000.3.39.1.x86_64.rpm minizip-devel-1.2.11-150000.3.39.1.x86_64.rpm zlib-1.2.11-150000.3.39.1.src.rpm zlib-devel-1.2.11-150000.3.39.1.x86_64.rpm zlib-devel-static-1.2.11-150000.3.39.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-110 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for git fixes the following issues: - CVE-2022-41903: Fixed a heap overflow in the "git archive" and "git log --format" commands (bsc#1207033). - CVE-2022-23521: Fixed an integer overflow that could be triggered when parsing a gitattributes file (bsc#1207032). git-2.35.3-150300.10.21.1.src.rpm git-core-2.35.3-150300.10.21.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-346 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for salt fixes the following issues: - Control the collection of lvm grains via config (bsc#1204939) python3-salt-3004-150400.8.20.1.x86_64.rpm True salt-3004-150400.8.20.1.src.rpm True salt-3004-150400.8.20.1.x86_64.rpm True salt-bash-completion-3004-150400.8.20.1.noarch.rpm True salt-doc-3004-150400.8.20.1.x86_64.rpm True salt-minion-3004-150400.8.20.1.x86_64.rpm True salt-zsh-completion-3004-150400.8.20.1.noarch.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2023-1809 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for haveged fixes the following issues: - Synchronize haveged instances during switching root (bsc#1203079) haveged-1.9.14-150400.3.3.1.src.rpm haveged-1.9.14-150400.3.3.1.x86_64.rpm haveged-devel-1.9.14-150400.3.3.1.x86_64.rpm libhavege2-1.9.14-150400.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-149 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-3344: Fixed a bug where nested shutdown interception could lead to host crash (bsc#1204652) - CVE-2022-4662: Fixed a recursive locking violation in usb-storage that can cause the kernel to deadlock. (bsc#1206664) - CVE-2022-3115: Fixed a null pointer dereference in malidp_crtc.c caused by a lack of checks of the return value of kzalloc. (bsc#1206393) - CVE-2022-47520: Fixed an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet. (bsc#1206515) - CVE-2022-3112: Fixed a null pointer dereference caused by lacks check of the return value of kzalloc() in vdec_helpers.c:amvdec_set_canvases. (bsc#1206399) - CVE-2022-3564: Fixed a bug which could lead to use after free, it was found in the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. (bsc#1206073) - CVE-2022-4379: Fixed a use-after-free vulnerability in nfs4file.c:__nfs42_ssc_open. (bsc#1206209) - CVE-2022-3108: Fixed a bug in kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c where a lack of check of the return value of kmemdup() could lead to a NULL pointer dereference. (bsc#1206389) - CVE-2022-3104: Fixed a null pointer dereference caused by caused by a missing check of the return value of kzalloc() in bugs.c:lkdtm_ARRAY_BOUNDS. (bsc#1206396) - CVE-2022-3113: Fixed a null pointer dereference caused by a missing check of the return value of devm_kzalloc. (bsc#1206390) - CVE-2022-3107: Fixed a null pointer dereference caused by a missing check of the return value of kvmalloc_array. (bsc#1206395) - CVE-2022-3114: Fixed a null pointer dereference caused by a missing check of the return value of kcalloc. (bsc#1206391) - CVE-2022-3111: Fixed a missing release of resource after effective lifetime bug caused by a missing free of the WM8350_IRQ_CHG_FAST_RDY in wm8350_init_charger. (bsc#1206394) - CVE-2022-3105: Fixed a null pointer dereference caused by a missing check of the return value of kmalloc_array. (bsc#1206398) - CVE-2022-3106: Fixed a null pointer dereference caused by a missing check of the return value of kmalloc. (bsc#1206397) The following non-security bugs were fixed: - acct: fix potential integer overflow in encode_comp_t() (git-fixes). - ACPI: resource: Skip IRQ override on Asus Vivobook K3402ZA/K3502ZA (git-fixes). - ACPICA: Fix error code path in acpi_ds_call_control_method() (git-fixes). - ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage() (git-fixes). - ALSA: asihpi: fix missing pci_disable_device() (git-fixes). - ALSA: hda/hdmi: Add HP Device 0x8711 to force connect list (git-fixes). - ALSA: hda/realtek: Add quirk for Lenovo TianYi510Pro-14IOB (git-fixes). - ALSA: hda/realtek: Apply dual codec fixup for Dell Latitude laptops (git-fixes). - ALSA: line6: correct midi status byte when receiving data from podxt (git-fixes). - ALSA: line6: fix stack overflow in line6_midi_transmit (git-fixes). - ALSA: mts64: fix possible null-ptr-defer in snd_mts64_interrupt (git-fixes). - ALSA: patch_realtek: Fix Dell Inspiron Plus 16 (git-fixes). - ALSA: pcm: fix undefined behavior in bit shift for SNDRV_PCM_RATE_KNOT (git-fixes). - ALSA: pcm: Set missing stop_operating flag at undoing trigger start (git-fixes). - ALSA: seq: Fix function prototype mismatch in snd_seq_expand_var_event (git-fixes). - ALSA: seq: fix undefined behavior in bit shift for SNDRV_SEQ_FILTER_USE_EVENT (git-fixes). - ALSA: usb-audio: add the quirk for KT0206 device (git-fixes). - amdgpu/pm: prevent array underflow in vega20_odn_edit_dpm_table() (git-fixes). - apparmor: fix a memleak in multi_transaction_new() (git-fixes). - apparmor: Fix abi check to include v8 abi (git-fixes). - apparmor: fix lockdep warning when removing a namespace (git-fixes). - apparmor: Fix memleak in alloc_ns() (git-fixes). - apparmor: Use pointer to struct aa_label for lbs_cred (git-fixes). - ARM: 9251/1: perf: Fix stacktraces for tracepoint events in THUMB2 kernels (git-fixes). - ARM: 9256/1: NWFPE: avoid compiler-generated __aeabi_uldivmod (git-fixes). - ARM: dts: armada-370: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: armada-375: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: armada-38x: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: armada-38x: Fix compatible string for gpios (git-fixes). - ARM: dts: armada-39x: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: armada-39x: Fix compatible string for gpios (git-fixes). - ARM: dts: armada-xp: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: dove: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: nuvoton: Remove bogus unit addresses from fixed-partition nodes (git-fixes). - ARM: dts: qcom: apq8064: fix coresight compatible (git-fixes). - ARM: dts: rockchip: disable arm_global_timer on rk3066 and rk3188 (git-fixes). - ARM: dts: rockchip: fix ir-receiver node names (git-fixes). - ARM: dts: rockchip: fix node name for hym8563 rtc (git-fixes). - ARM: dts: rockchip: remove clock-frequency from rtc (git-fixes). - ARM: dts: rockchip: rk3188: fix lcdc1-rgb24 node name (git-fixes). - ARM: dts: spear600: Fix clcd interrupt (git-fixes). - ARM: dts: stm32: Drop stm32mp15xc.dtsi from Avenger96 (git-fixes). - ARM: dts: stm32: Fix AV96 WLAN regulator gpio property (git-fixes). - ARM: dts: turris-omnia: Add ethernet aliases (git-fixes). - ARM: dts: turris-omnia: Add switch port 6 node (git-fixes). - ARM: mmp: fix timer_read delay (git-fixes). - ARM: ux500: do not directly dereference __iomem (git-fixes). - arm64: Avoid repeated AA64MMFR1_EL1 register read on pagefault path (performance bsc#1203219). - arm64: dts: armada-3720-turris-mox: Add missing interrupt for RTC (git-fixes). - arm64: dts: mediatek: mt6797: Fix 26M oscillator unit name (git-fixes). - arm64: dts: mediatek: pumpkin-common: Fix devicetree warnings (git-fixes). - arm64: dts: mt2712-evb: Fix usb vbus regulators unit names (git-fixes). - arm64: dts: mt2712-evb: Fix vproc fixed regulators unit names (git-fixes). - arm64: dts: mt2712e: Fix unit address for pinctrl node (git-fixes). - arm64: dts: mt2712e: Fix unit_address_vs_reg warning for oscillators (git-fixes). - arm64: dts: mt6779: Fix devicetree build warnings (git-fixes). - arm64: dts: mt7622: drop r_smpl property from mmc node (git-fixes). - arm64: dts: mt8183: drop drv-type from mmc-node (git-fixes). - arm64: dts: mt8183: Fix Mali GPU clock (git-fixes). - arm64: dts: qcom: ipq6018-cp01-c1: use BLSPI1 pins (git-fixes). - arm64: dts: qcom: msm8916: Drop MSS fallback compatible (git-fixes). - arm64: dts: qcom: msm8996: Add MSM8996 Pro support (git-fixes). - arm64: dts: qcom: msm8996: fix GPU OPP table (git-fixes). - arm64: dts: qcom: msm8996: fix supported-hw in cpufreq OPP tables (git-fixes). - arm64: dts: qcom: sdm630: fix UART1 pin bias (git-fixes). - arm64: dts: qcom: sdm845-cheza: fix AP suspend pin bias (git-fixes). - arm64: dts: qcom: sdm845-db845c: correct SPI2 pins drive strength (git-fixes). - arm64: dts: qcom: sdm850-lenovo-yoga-c630: correct I2C12 pins drive strength (git-fixes). - arm64: dts: qcom: sm8250-sony-xperia-edo: fix touchscreen bias-disable (git-fixes). - arm64: dts: qcom: sm8250: correct LPASS pin pull down (git-fixes). - arm64: dts: qcom: sm8250: drop bogus DP PHY clock (git-fixes). - arm64: dts: qcom: sm8250: fix USB-DP PHY registers (git-fixes). - arm64: dts: rockchip: fix ir-receiver node names (git-fixes). - arm64: dts: rockchip: keep I2S1 disabled for GPIO function on ROCK Pi 4 series (git-fixes). - arm64: dts: ti: k3-am65-main: Drop dma-coherent in crypto node (git-fixes). - arm64: dts: ti: k3-j721e-main: Drop dma-coherent in crypto node (git-fixes). - ASoC: audio-graph-card: fix refcount leak of cpu_ep in __graph_for_each_link() (git-fixes). - ASoC: codecs: rt298: Add quirk for KBL-R RVP platform (git-fixes). - ASoC: cs42l51: Correct PGA Volume minimum value (git-fixes). - ASoC: dt-bindings: wcd9335: fix reset line polarity in example (git-fixes). - ASoC: fsl_micfil: explicitly clear CHnF flags (git-fixes). - ASoC: fsl_micfil: explicitly clear software reset bit (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Advantech MICA-071 tablet (git-fixes). - ASoC: jz4740-i2s: Handle independent FIFO flush bits (git-fixes). - ASoC: mediatek: mt8173-rt5650-rt5514: fix refcount leak in mt8173_rt5650_rt5514_dev_probe() (git-fixes). - ASoC: mediatek: mt8173: Enable IRQ when pdata is ready (git-fixes). - ASoC: mediatek: mt8183: fix refcount leak in mt8183_mt6358_ts3a227_max98357_dev_probe() (git-fixes). - ASoC: mediatek: mtk-btcvsd: Add checks for write and read of mtk_btcvsd_snd (git-fixes). - ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx() (git-fixes). - ASoC: ops: Correct bounds check for second channel on SX controls (git-fixes). - ASoC: pcm512x: Fix PM disable depth imbalance in pcm512x_probe (git-fixes). - ASoC: pxa: fix null-pointer dereference in filter() (git-fixes). - ASoC: qcom: Add checks for devm_kcalloc (git-fixes). - ASoC: rockchip: pdm: Add missing clk_disable_unprepare() in rockchip_pdm_runtime_resume() (git-fixes). - ASoC: rockchip: spdif: Add missing clk_disable_unprepare() in rk_spdif_runtime_resume() (git-fixes). - ASoC: rt5670: Remove unbalanced pm_runtime_put() (git-fixes). - ASoC: rt711-sdca: fix the latency time of clock stop prepare state machine transitions (git-fixes). - ASoC: soc-pcm: Add NULL check in BE reparenting (git-fixes). - ASoC: wm8962: Wait for updated value of WM8962_CLOCKING1 register (git-fixes). - ASoC: wm8994: Fix potential deadlock (git-fixes). - ata: ahci: Fix PCS quirk application for suspend (git-fixes). - binfmt_elf: fix documented return value for load_elf_phdrs() (git-fixes). - binfmt_misc: fix shift-out-of-bounds in check_special_flags (git-fixes). - binfmt: Fix error return code in load_elf_fdpic_binary() (git-fixes). - block: Do not reread partition table on exclusively open device (bsc#1190969). - Bluetooth: btintel: Fix missing free skb in btintel_setup_combined() (git-fixes). - Bluetooth: btusb: Add debug message for CSR controllers (git-fixes). - Bluetooth: btusb: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_bcsp: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_core: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_h5: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_ll: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_qca: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: MGMT: Fix error report for ADD_EXT_ADV_PARAMS (git-fixes). - Bluetooth: RFCOMM: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - brcmfmac: return error when getting invalid max_flowrings from dongle (git-fixes). - caif: fix memory leak in cfctrl_linkup_request() (git-fixes). - can: do not increase rx statistics when generating a CAN rx error message frame (git-fixes). - can: do not increase rx_bytes statistics for RTR frames (git-fixes). - can: kvaser_usb_leaf: Fix bogus restart events (git-fixes). - can: kvaser_usb_leaf: Fix wrong CAN state after stopping (git-fixes). - can: kvaser_usb_leaf: Set Warning state even without bus errors (git-fixes). - can: kvaser_usb: do not increase tx statistics when sending error message frames (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits (git-fixes). - can: kvaser_usb: make use of units.h in assignment of frequency (git-fixes). - can: m_can: fix typo prescalar -> prescaler (git-fixes). - can: m_can: is_lec_err(): clean up LEC error handling (git-fixes). - can: mcba_usb: Fix termination command argument (git-fixes). - can: sja1000: fix size of OCR_MODE_MASK define (git-fixes). - can: tcan4x5x: Remove invalid write in clear_interrupts (git-fixes). - chardev: fix error handling in cdev_device_add() (git-fixes). - cifs: Add "extbuf" and "extbuflen" args to smb2_compound_op() (bsc#1193629). - cifs: do not block in dfs_cache_noreq_update_tgthint() (bsc#1193629). - cifs: do not leak -ENOMEM in smb2_open_file() (bsc#1193629). - cifs: do not refresh cached referrals from unactive mounts (bsc#1193629). - cifs: fix confusing debug message (bsc#1193629). - cifs: Fix kmap_local_page() unmapping (git-fixes). - cifs: fix missing display of three mount options (bsc#1193629). - cifs: fix oops during encryption (bsc#1199294). - cifs: fix refresh of cached referrals (bsc#1193629). - cifs: fix source pathname comparison of dfs supers (bsc#1193629). - cifs: fix various whitespace errors in headers (bsc#1193629). - cifs: get rid of mount options string parsing (bsc#1193629). - cifs: minor cleanup of some headers (bsc#1193629). - cifs: optimize reconnect of nested links (bsc#1193629). - cifs: Parse owner/group for stat in smb311 posix extensions (bsc#1193629). - cifs: print warning when conflicting soft vs. hard mount options specified (bsc#1193629). - cifs: reduce roundtrips on create/qinfo requests (bsc#1193629). - cifs: refresh root referrals (bsc#1193629). - cifs: Remove duplicated include in cifsglob.h (bsc#1193629). - cifs: remove unused smb3_fs_context::mount_options (bsc#1193629). - cifs: set correct ipc status after initial tree connect (bsc#1193629). - cifs: set correct status of tcon ipc when reconnecting (bsc#1193629). - cifs: set correct tcon status after initial tree connect (bsc#1193629). - cifs: set resolved ip in sockaddr (bsc#1193629). - cifs: share dfs connections and supers (bsc#1193629). - cifs: skip alloc when request has no pages (bsc#1193629). - cifs: split out ses and tcon retrieval from mount_get_conns() (bsc#1193629). - cifs: update internal module number (bsc#1193629). - cifs: use fs_context for automounts (bsc#1193629). - cifs: use origin fullpath for automounts (bsc#1193629). - class: fix possible memory leak in __class_register() (git-fixes). - clk: Fix pointer casting to prevent oops in devm_clk_release() (git-fixes). - clk: generalize devm_clk_get() a bit (git-fixes). - clk: imx: imx8mp: add shared clk gate for usb suspend clk (git-fixes). - clk: imx: replace osc_hdmi with dummy (git-fixes). - clk: nomadik: correct struct name kernel-doc warning (git-fixes). - clk: Provide new devm_clk helpers for prepared and enabled clocks (git-fixes). - clk: qcom: clk-krait: fix wrong div2 functions (git-fixes). - clk: qcom: gcc-sm8250: Use retention mode for USB GDSCs (git-fixes). - clk: qcom: lpass-sc7180: Fix pm_runtime usage (git-fixes). - clk: renesas: r9a06g032: Repair grave increment error (git-fixes). - clk: rockchip: Fix memory leak in rockchip_clk_register_pll() (git-fixes). - clk: samsung: Fix memory leak in _samsung_clk_register_pll() (git-fixes). - clk: socfpga: Fix memory leak in socfpga_gate_init() (git-fixes). - clk: st: Fix memory leak in st_of_quadfs_setup() (git-fixes). - clk: sunxi-ng: v3s: Correct the header guard of ccu-sun8i-v3s.h (git-fixes). - clocksource/drivers/sh_cmt: Access registers according to spec (git-fixes). - clocksource/drivers/timer-ti-dm: Fix missing clk_disable_unprepare in dmtimer_systimer_init_clock() (git-fixes). - cpufreq: ACPI: Defer setting boost MSRs (bsc#1205485). - cpufreq: ACPI: Only set boost MSRs on supported CPUs (bsc#1205485). - cpufreq: ACPI: Remove unused variables 'acpi_cpufreq_online' and 'ret' (bsc#1205485). - cpufreq: intel_pstate: Add Sapphire Rapids support in no-HWP mode (bsc#1201068). - crypto: ccree - Make cc_debugfs_global_fini() available for module init function (git-fixes). - crypto: ccree - Remove debugfs when platform_driver_register failed (git-fixes). - crypto: cryptd - Use request context instead of stack for sub-request (git-fixes). - crypto: hisilicon/qm - fix missing destroy qp_idr (git-fixes). - crypto: img-hash - Fix variable dereferenced before check 'hdev->req' (git-fixes). - crypto: n2 - add missing hash statesize (git-fixes). - crypto: nitrox - avoid double free on error path in nitrox_sriov_init() (git-fixes). - crypto: omap-sham - Use pm_runtime_resume_and_get() in omap_sham_probe() (git-fixes). - crypto: rockchip - add fallback for ahash (git-fixes). - crypto: rockchip - add fallback for cipher (git-fixes). - crypto: rockchip - better handle cipher key (git-fixes). - crypto: rockchip - do not do custom power management (git-fixes). - crypto: rockchip - do not store mode globally (git-fixes). - crypto: rockchip - remove non-aligned handling (git-fixes). - crypto: rockchip - rework by using crypto_engine (git-fixes). - crypto: sun8i-ss - use dma_addr instead u32 (git-fixes). - crypto: tcrypt - Fix multibuffer skcipher speed test mem leak (git-fixes). - device property: Fix documentation for fwnode_get_next_parent() (git-fixes). - dmaengine: idxd: Fix crc_val field for completion record (git-fixes). - docs/zh_CN: Fix '.. only::' directive's expression (git-fixes). - Documentation: devres: add missing devm_acpi_dma_controller_free() helper (git-fixes). - Documentation: devres: add missing MEM helper (git-fixes). - Documentation: devres: add missing PHY helpers (git-fixes). - Documentation: devres: add missing PWM helper (git-fixes). - drbd: destroy workqueue when drbd device was freed (git-fixes). - drbd: remove call to memset before free device/resource/connection (git-fixes). - drbd: remove usage of list iterator variable after loop (git-fixes). - drbd: set QUEUE_FLAG_STABLE_WRITES (git-fixes). - drbd: use after free in drbd_create_device() (git-fixes). - driver core: Fix bus_type.match() error handling in __driver_attach() (git-fixes). - drivers: dio: fix possible memory leak in dio_init() (git-fixes). - drivers: soc: ti: knav_qmss_queue: Mark knav_acc_firmwares as static (git-fixes). - drm: bridge: dw_hdmi: fix preference of RGB modes over YUV420 (git-fixes). - drm/amd/display: fix array index out of bound error in bios parser (git-fixes). - drm/amd/display: Manually adjust strobe for DCN303 (git-fixes). - drm/amd/display: prevent memory leak (git-fixes). - drm/amd/display: Use the largest vready_offset in pipe group (git-fixes). - drm/amd/pm/smu11: BACO is supported when it's in BACO state (git-fixes). - drm/amdgpu: fix pci device refcount leak (git-fixes). - drm/amdgpu: Fix PCI device refcount leak in amdgpu_atrm_get_bios() (git-fixes). - drm/amdgpu: Fix type of second parameter in odn_edit_dpm_table() callback (git-fixes). - drm/amdgpu: Fix type of second parameter in trans_msg() callback (git-fixes). - drm/amdgpu: handle polaris10/11 overlap asics (v2) (git-fixes). - drm/amdgpu: make display pinning more flexible (v2) (git-fixes). - drm/amdgpu/powerplay/psm: Fix memory leak in power state init (git-fixes). - drm/amdgpu/sdma_v4_0: turn off SDMA ring buffer in the s2idle suspend (git-fixes). - drm/amdkfd: Fix memory leakage (git-fixes). - drm/bridge: adv7533: remove dynamic lane switching from adv7533 bridge (git-fixes). - drm/bridge: anx7625: Fix edid_read break case in sp_tx_edid_read() (git-fixes). - drm/bridge: ti-sn65dsi86: Fix output polarity setting bug (git-fixes). - drm/connector: send hotplug uevent on connector cleanup (git-fixes). - drm/edid: Fix minimum bpc supported with DSC1.2 for HDMI sink (git-fixes). - drm/etnaviv: add missing quirks for GC300 (git-fixes). - drm/etnaviv: do not truncate physical page address (git-fixes). - drm/fourcc: Add packed 10bit YUV 4:2:0 format (git-fixes). - drm/fourcc: Fix vsub/hsub for Q410 and Q401 (git-fixes). - drm/fsl-dcu: Fix return type of fsl_dcu_drm_connector_mode_valid() (git-fixes). - drm/i915: Fix documentation for intel_uncore_forcewake_put__locked (git-fixes). - drm/i915: remove circ_buf.h includes (git-fixes). - drm/i915: unpin on error in intel_vgpu_shadow_mm_pin() (git-fixes). - drm/i915/display: Do not disable DDI/Transcoder when setting phy test pattern (git-fixes). - drm/i915/dsi: fix VBT send packet port selection for dual link DSI (git-fixes). - drm/i915/gvt: fix gvt debugfs destroy (git-fixes). - drm/i915/gvt: fix vgpu debugfs clean in remove (git-fixes). - drm/i915/migrate: do not check the scratch page (git-fixes). - drm/i915/migrate: fix length calculation (git-fixes). - drm/i915/migrate: fix offset calculation (git-fixes). - drm/i915/ttm: never purge busy objects (git-fixes). - drm/imx: ipuv3-plane: Fix overlay plane width (git-fixes). - drm/ingenic: Fix missing platform_driver_unregister() call in ingenic_drm_init() (git-fixes). - drm/mediatek: Fix return type of mtk_hdmi_bridge_mode_valid() (git-fixes). - drm/mediatek: Modify dpi power on/off sequence (git-fixes). - drm/meson: Reduce the FIFO lines held when AFBC is not used (git-fixes). - drm/msm: Use drm_mode_copy() (git-fixes). - drm/panel/panel-sitronix-st7701: Remove panel on DSI attach failure (git-fixes). - drm/panfrost: Fix GEM handle creation ref-counting (git-fixes). - drm/radeon: Add the missed acpi_put_table() to fix memory leak (git-fixes). - drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios() (git-fixes). - drm/rockchip: lvds: fix PM usage counter unbalance in poweron (git-fixes). - drm/rockchip: Use drm_mode_copy() (git-fixes). - drm/shmem-helper: Avoid vm_open error paths (git-fixes). - drm/shmem-helper: Remove errant put in error path (git-fixes). - drm/sti: Fix return type of sti_{dvo,hda,hdmi}_connector_mode_valid() (git-fixes). - drm/sti: Use drm_mode_copy() (git-fixes). - drm/tegra: Add missing clk_disable_unprepare() in tegra_dc_probe() (git-fixes). - drm/vmwgfx: Do not use screen objects when SEV is active (git-fixes). - drm/vmwgfx: Fix a sparse warning in kernel docs (git-fixes). - drm/vmwgfx: Validate the box size for the snooped cursor (git-fixes). - Drop FIPS mode DRBG->getrandom(2) wire-up (bsc#1191259) - dt-bindings: clock: qcom,aoncc-sm8250: fix compatible (git-fixes). - dt-bindings: clocks: imx8mp: Add ID for usb suspend clock (git-fixes). - dt-bindings: display: sun6i-dsi: Fix clock conditional (git-fixes). - dt-bindings: gpio: gpio-davinci: Increase maxItems in gpio-line-names (git-fixes). - dt-bindings: net: sun8i-emac: Add phy-supply property (git-fixes). - EDAC/mc_sysfs: Increase legacy channel support to 12 (bsc#1205263). - efi: Add iMac Pro 2017 to uefi skip cert quirk (git-fixes). - ext4: avoid BUG_ON when creating xattrs (bsc#1205496). - extcon: usbc-tusb320: Add support for mode setting and reset (git-fixes). - extcon: usbc-tusb320: Add support for TUSB320L (git-fixes). - extcon: usbc-tusb320: Factor out extcon into dedicated functions (git-fixes). - fbcon: Use kzalloc() in fbcon_prepare_logo() (git-fixes). - fbdev: fbcon: release buffer when fbcon_do_set_font() failed (git-fixes). - fbdev: geode: do not build on UML (git-fixes). - fbdev: matroxfb: G200eW: Increase max memory from 1 MB to 16 MB (git-fixes). - fbdev: pm2fb: fix missing pci_disable_device() (git-fixes). - fbdev: smscufx: Fix several use-after-free bugs (git-fixes). - fbdev: ssd1307fb: Drop optional dependency (git-fixes). - fbdev: uvesafb: do not build on UML (git-fixes). - fbdev: uvesafb: Fixes an error handling path in uvesafb_probe() (git-fixes). - fbdev: vermilion: decrease reference count in error path (git-fixes). - fbdev: via: Fix error in via_core_init() (git-fixes). - firmware: raspberrypi: fix possible memory leak in rpi_firmware_probe() (git-fixes). - floppy: Fix memory leak in do_floppy_init() (git-fixes). - fuse: lock inode unconditionally in fuse_fallocate() (bsc#1206273). - gpio: sifive: Fix refcount leak in sifive_gpio_probe (git-fixes). - gpiolib: cdev: fix NULL-pointer dereferences (git-fixes). - gpiolib: check the 'ngpios' property in core gpiolib code (git-fixes). - gpiolib: fix memory leak in gpiochip_setup_dev() (git-fixes). - gpiolib: Get rid of redundant 'else' (git-fixes). - gpiolib: improve coding style for local variables (git-fixes). - gpiolib: make struct comments into real kernel docs (git-fixes). - hamradio: baycom_epp: Fix return type of baycom_send_packet() (git-fixes). - hamradio: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes). - HID: hid-sensor-custom: set fixed size for custom attributes (git-fixes). - HID: ite: Enable QUIRK_TOUCHPAD_ON_OFF_REPORT on Acer Aspire Switch V 10 (git-fixes). - HID: mcp2221: do not connect hidraw (git-fixes). - HID: multitouch: fix Asus ExpertBook P2 P2451FA trackpoint (git-fixes). - HID: plantronics: Additional PIDs for double volume key presses quirk (git-fixes). - HID: uclogic: Add HID_QUIRK_HIDINPUT_FORCE quirk (git-fixes). - HID: usbhid: Add ALWAYS_POLL quirk for some mice (git-fixes). - HID: wacom: Ensure bootloader PID is usable in hidraw mode (git-fixes). - HSI: omap_ssi_core: Fix error handling in ssi_init() (git-fixes). - HSI: omap_ssi_core: fix possible memory leak in ssi_probe() (git-fixes). - HSI: omap_ssi_core: fix unbalanced pm_runtime_disable() (git-fixes). - hwmon: (jc42) Convert register access and caching to regmap/regcache (git-fixes). - hwmon: (jc42) Fix missing unlock on error in jc42_write() (git-fixes). - hwmon: (jc42) Restore the min/max/critical temperatures on resume (git-fixes). - hwrng: amd - Fix PCI device refcount leak (git-fixes). - i2c: ismt: Fix an out-of-bounds bug in ismt_access() (git-fixes). - i2c: mux: reg: check return value after calling platform_get_resource() (git-fixes). - i2c: pxa-pci: fix missing pci_disable_device() on error in ce4100_i2c_probe (git-fixes). - IB/IPoIB: Fix queue count inconsistency for PKEY child interfaces (git-fixes) - ibmveth: Always stop tx queues during close (bsc#1065729). - iio: adc: ad_sigma_delta: do not use internal iio_dev lock (git-fixes). - iio: adc128s052: add proper .data members in adc128_of_match table (git-fixes). - iio: fix memory leak in iio_device_register_eventset() (git-fixes). - iio: temperature: ltc2983: make bulk write buffer DMA-safe (git-fixes). - ima: Fix a potential NULL pointer access in ima_restore_measurement_list (git-fixes). - Input: elants_i2c - properly handle the reset GPIO when power is off (git-fixes). - Input: joystick - fix Kconfig warning for JOYSTICK_ADC (git-fixes). - Input: wistron_btns - disable on UML (git-fixes). - integrity: Fix memory leakage in keyring allocation error path (git-fixes). - ipmi: fix long wait in unload when IPMI disconnect (git-fixes). - ipmi: fix memleak when unload ipmi driver (git-fixes). - ipmi: fix use after free in _ipmi_destroy_user() (git-fixes). - ipmi: kcs: Poll OBF briefly to reduce OBE latency (git-fixes). - ipu3-imgu: Fix NULL pointer dereference in imgu_subdev_set_selection() (git-fixes). - kABI: reintroduce a non-inline usleep_range (git-fixes). - lib/debugobjects: fix stat count and optimize debug_objects_mem_init (git-fixes). - lib/fonts: fix undefined behavior in bit shift for get_default_font (git-fixes). - mailbox: arm_mhuv2: Fix return value check in mhuv2_probe() (git-fixes). - mailbox: mpfs: read the system controller's status (git-fixes). - mailbox: zynq-ipi: fix error handling while device_register() fails (git-fixes). - media: adv748x: afe: Select input port when initializing AFE (git-fixes). - media: camss: Clean up received buffers on failed start of streaming (git-fixes). - media: dvb-core: Fix double free in dvb_register_device() (git-fixes). - media: dvb-core: Fix ignored return value in dvb_register_frontend() (git-fixes). - media: dvb-frontends: fix leak of memory fw (git-fixes). - media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer() (git-fixes). - media: dvb-usb: fix memory leak in dvb_usb_adapter_init() (git-fixes). - media: i2c: ad5820: Fix error path (git-fixes). - media: imon: fix a race condition in send_packet() (git-fixes). - media: saa7164: fix missing pci_disable_device() (git-fixes). - media: si470x: Fix use-after-free in si470x_int_in_callback() (git-fixes). - media: solo6x10: fix possible memory leak in solo_sysfs_init() (git-fixes). - media: stv0288: use explicitly signed char (git-fixes). - media: v4l2-ctrls: Fix off-by-one error in integer menu control check (git-fixes). - media: v4l2-dv-timings.c: fix too strict blanking sanity checks (git-fixes). - media: videobuf-dma-contig: use dma_mmap_coherent (git-fixes). - media: vidtv: Fix use-after-free in vidtv_bridge_dvb_init() (git-fixes). - media: vimc: Fix wrong function called when vimc_init() fails (git-fixes). - media: vivid: fix compose size exceed boundary (git-fixes). - memcg, kmem: further deprecate kmem.limit_in_bytes (bsc#1206896). - memcg: Fix possible use-after-free in memcg_write_event_control() (bsc#1206344). - mfd: bd957x: Fix Kconfig dependency on REGMAP_IRQ (git-fixes). - mfd: mt6360: Add bounds checking in Regmap read/write call-backs (git-fixes). - mfd: pm8008: Fix return value check in pm8008_probe() (git-fixes). - mfd: pm8008: Remove driver data structure pm8008_data (git-fixes). - mfd: qcom_rpm: Fix an error handling path in qcom_rpm_probe() (git-fixes). - mfd: qcom_rpm: Use devm_of_platform_populate() to simplify code (git-fixes). - misc: ocxl: fix possible name leak in ocxl_file_register_afu() (git-fixes). - misc: tifm: fix possible memory leak in tifm_7xx1_switch_media() (git-fixes). - mISDN: hfcmulti: do not call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (git-fixes). - mISDN: hfcpci: do not call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (git-fixes). - mISDN: hfcsusb: do not call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (git-fixes). - mm: fix race between MADV_FREE reclaim and blkdev direct IO read (bsc#1204989,bsc#1205601). - mm/mempolicy: fix memory leak in set_mempolicy_home_node system call (bsc#1206468). - mmc: alcor: fix return value check of mmc_add_host() (git-fixes). - mmc: atmel-mci: fix return value check of mmc_add_host() (git-fixes). - mmc: core: Normalize the error handling branch in sd_read_ext_regs() (git-fixes). - mmc: f-sdh30: Add quirks for broken timeout clock capability (git-fixes). - mmc: meson-gx: fix return value check of mmc_add_host() (git-fixes). - mmc: mmci: fix return value check of mmc_add_host() (git-fixes). - mmc: moxart: fix return value check of mmc_add_host() (git-fixes). - mmc: mtk-sd: Fix missing clk_disable_unprepare in msdc_of_clock_parse() (git-fixes). - mmc: mxcmmc: fix return value check of mmc_add_host() (git-fixes). - mmc: omap_hsmmc: fix return value check of mmc_add_host() (git-fixes). - mmc: pxamci: fix return value check of mmc_add_host() (git-fixes). - mmc: renesas_sdhi: alway populate SCC pointer (git-fixes). - mmc: renesas_sdhi: better reset from HS400 mode (git-fixes). - mmc: rtsx_pci: fix return value check of mmc_add_host() (git-fixes). - mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host() (git-fixes). - mmc: sdhci-sprd: Disable CLK_AUTO when the clock is less than 400K (git-fixes). - mmc: toshsd: fix return value check of mmc_add_host() (git-fixes). - mmc: via-sdmmc: fix return value check of mmc_add_host() (git-fixes). - mmc: vub300: fix return value check of mmc_add_host() (git-fixes). - mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING (git-fixes). - mmc: wbsd: fix return value check of mmc_add_host() (git-fixes). - mmc: wmt-sdmmc: fix return value check of mmc_add_host() (git-fixes). - module: change to print useful messages from elf_validity_check() (git-fixes). - module: fix [e_shstrndx].sh_size=0 OOB access (git-fixes). - mt76: stop the radar detector after leaving dfs channel (git-fixes). - mtd: Fix device name leak when register device failed in add_mtd_device() (git-fixes). - mtd: lpddr2_nvm: Fix possible null-ptr-deref (git-fixes). - mtd: maps: pxa2xx-flash: fix memory leak in probe (git-fixes). - mtd: spi-nor: Check for zero erase size in spi_nor_find_best_erase_type() (git-fixes). - mtd: spi-nor: Fix the number of bytes for the dummy cycles (git-fixes). - mtd: spi-nor: hide jedec_id sysfs attribute if not present (git-fixes). - net: allow retransmitting a TCP packet if original is still in queue (bsc#1188605 bsc#1187428 bsc#1206619). - net: mana: Fix race on per-CQ variable napi work_done (git-fixes). - net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe (git-fixes). - net: usb: qmi_wwan: add u-blox 0x1342 composition (git-fixes). - net: usb: smsc95xx: fix external PHY reset (git-fixes). - net/mlx5: Fix mlx5_get_next_dev() peer device matching (bsc#1206536). - net/mlx5: Lag, filter non compatible devices (bsc#1206536). - netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() (bsc#1204614). - nfc: Fix potential resource leaks (git-fixes). - nfc: pn533: Clear nfc_target before being used (git-fixes). - nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame() (git-fixes). - NFS: Handle missing attributes in OPEN reply (bsc#1203740). - nilfs2: fix shift-out-of-bounds due to too large exponent of block size (git-fixes). - nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset() (git-fixes). - octeontx2-af: Add PTP PPS Errata workaround on CN10K silicon (jsc#SLE-24682). - octeontx2-af: Allow mkex profile without DMAC and add L2M/L2B header extraction support (jsc#SLE-24682). - octeontx2-af: Do not reset previous pfc config (jsc#SLE-24682). - octeontx2-af: fix operand size in bitwise operation (jsc#SLE-24682). - octeontx2-af: Initialize PTP_SEC_ROLLOVER register properly (jsc#SLE-24682). - octeontx2-af: Limit link bringup time at firmware (jsc#SLE-24682). - octeontx2-af: return correct ptp timestamp for CN10K silicon (jsc#SLE-24682). - octeontx2-af: Set NIX link credits based on max LMAC (jsc#SLE-24682). - octeontx2-af: Skip CGX/RPM probe incase of zero lmac count (jsc#SLE-24682). - octeontx2-pf: Add egress PFC support (jsc#SLE-24682). - octeontx2-pf: Add support for ptp 1-step mode on CN10K silicon (jsc#SLE-24682). - octeontx2-pf: Fix lmtst ID used in aura free (jsc#SLE-24682). - octeontx2-pf: Fix pfc_alloc_status array overflow (jsc#SLE-24682). - octeontx2-pf: Fix SQE threshold checking (jsc#SLE-24682). - octeontx2-pf: Fix unused variable build error (jsc#SLE-24682). - octeontx2-pf: NIX TX overwrites SQ_CTX_HW_S[SQ_INT] (jsc#SLE-24682). - octeontx2-pf: Reduce minimum mtu size to 60 (jsc#SLE-24682). - octeontx2: Modify mbox request and response structures (jsc#SLE-24682). - padata: Fix list iterator in padata_do_serial() (git-fixes). - PCI: Check for alloc failure in pci_request_irq() (git-fixes). - PCI: dwc: Fix n_fts[] array overrun (git-fixes). - PCI: Fix pci_device_is_present() for VFs by checking PF (git-fixes). - PCI: pci-epf-test: Register notifier if only core_init_notifier is enabled (git-fixes). - PCI: vmd: Disable MSI remapping after suspend (git-fixes). - PCI/sysfs: Fix double free in error path (git-fixes). - phy: usb: s2 WoL wakeup_count not incremented for USB->Eth devices (git-fixes). - pinctrl: k210: call of_node_put() (git-fixes). - pinctrl: meditatek: Startup with the IRQs disabled (git-fixes). - pinctrl: pinconf-generic: add missing of_node_put() (git-fixes). - platform/chrome: cros_ec_typec: Cleanup switch handle return paths (git-fixes). - platform/chrome: cros_usbpd_notify: Fix error handling in cros_usbpd_notify_init() (git-fixes). - platform/mellanox: mlxbf-pmc: Fix event typo (git-fixes). - platform/x86: huawei-wmi: fix return value calculation (git-fixes). - platform/x86: intel_scu_ipc: fix possible name leak in __intel_scu_ipc_register() (git-fixes). - platform/x86: mxm-wmi: fix memleak in mxm_wmi_call_mx[ds|mx]() (git-fixes). - PM: hibernate: Fix mistake in kerneldoc comment (git-fixes). - PM: runtime: Do not call __rpm_callback() from rpm_idle() (git-fixes). - PNP: fix name memory leak in pnp_alloc_dev() (git-fixes). - power: supply: ab8500: Fix error handling in ab8500_charger_init() (git-fixes). - power: supply: fix null pointer dereferencing in power_supply_get_battery_info (git-fixes). - power: supply: fix residue sysfs file in error handle route of __power_supply_register() (git-fixes). - power: supply: z2_battery: Fix possible memleak in z2_batt_probe() (git-fixes). - powerpc: export the CPU node count (bsc#1207016 ltc#201108). - powerpc: Take in account addition CPU node when building kexec FDT (bsc#1207016 ltc#201108). - powerpc/64: Init jump labels before parse_early_param() (bsc#1065729). - powerpc/pci: Fix get_phb_number() locking (bsc#1065729). - powerpc/perf: callchain validate kernel stack pointer bounds (bsc#1065729). - powerpc/powernv: add missing of_node_put (bsc#1065729). - powerpc/pseries: unregister VPA when hot unplugging a CPU (bsc#1205695 ltc#200603). - powerpc/pseries/eeh: use correct API for error log size (bsc#1065729). - powerpc/xive: add missing iounmap() in error path in xive_spapr_populate_irq_data() (git-fixes). - powerpc/xive/spapr: correct bitmap allocation size (git-fixes). - proc: fixup uptime selftest (git-fixes). - pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP (git-fixes). - pstore: Make sure CONFIG_PSTORE_PMSG selects CONFIG_RT_MUTEXES (git-fixes). - pstore: Properly assign mem_type property (git-fixes). - pstore: Switch pmsg_lock to an rt_mutex to avoid priority inversion (git-fixes). - pstore/ram: Fix error return code in ramoops_probe() (git-fixes). - pstore/zone: Use GFP_ATOMIC to allocate zone buffer (git-fixes). - pwm: lpc18xx-sct: Fix a comment to match code (git-fixes). - pwm: mediatek: always use bus clock for PWM on MT7622 (git-fixes). - pwm: sifive: Call pwm_sifive_update_clock() while mutex is held (git-fixes). - pwm: tegra: Improve required rate calculation (git-fixes). - r6040: Fix kmemleak in probe and remove (git-fixes). - random: allow partial reads if later user copies fail (bsc#1204911). - random: check for signals every PAGE_SIZE chunk of /dev/random (bsc#1204911). - random: convert to using fops->read_iter() (bsc#1204911). - random: convert to using fops->write_iter() (bsc#1204911). - random: remove outdated INT_MAX >> 6 check in urandom_read() (bsc#1204911). - random: zero buffer after reading entropy from userspace (bsc#1204911). - RDMA: Disable IB HW for UML (git-fixes) - RDMA/core: Fix order of nldev_exit call (git-fixes) - RDMA/core: Make sure "ib_port" is valid when access sysfs node (git-fixes) - RDMA/efa: Add EFA 0xefa2 PCI ID (git-fixes) - RDMA/hfi: Decrease PCI device reference count in error path (git-fixes) - RDMA/hfi1: Fix error return code in parse_platform_config() (git-fixes) - RDMA/hns: Fix AH attr queried by query_qp (git-fixes) - RDMA/hns: Fix error code of CMD (git-fixes) - RDMA/hns: Fix ext_sge num error when post send (git-fixes) - RDMA/hns: fix memory leak in hns_roce_alloc_mr() (git-fixes) - RDMA/hns: Fix page size cap from firmware (git-fixes) - RDMA/hns: Fix PBL page MTR find (git-fixes) - RDMA/hns: Fix XRC caps on HIP08 (git-fixes) - RDMA/hns: Repacing 'dseg_len' by macros in fill_ext_sge_inl_data() (git-fixes) - RDMA/irdma: Do not request 2-level PBLEs for CQ alloc (git-fixes) - RDMA/irdma: Initialize net_type before checking it (git-fixes) - RDMA/irdma: Report the correct link speed (git-fixes) - RDMA/nldev: Add checks for nla_nest_start() in fill_stat_counter_qps() (git-fixes) - RDMA/nldev: Fix failure to send large messages (git-fixes) - RDMA/nldev: Return "-EAGAIN" if the cm_id isn't from expected port (git-fixes) - RDMA/restrack: Release MR restrack when delete (git-fixes) - RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed (git-fixes) - RDMA/siw: Fix immediate work request flush to completion queue (git-fixes) - RDMA/siw: Fix pointer cast warning (git-fixes) - RDMA/siw: Set defined status for work completion with undefined status (git-fixes) - RDMA/srp: Fix error return code in srp_parse_options() (git-fixes) - regulator: bd718x7: Drop unnecessary info print (git-fixes). - regulator: core: fix deadlock on regulator enable (git-fixes). - regulator: core: fix module refcount leak in set_supply() (git-fixes). - regulator: core: fix resource leak in regulator_register() (git-fixes). - regulator: core: fix unbalanced of node refcount in regulator_dev_lookup() (git-fixes). - regulator: core: fix use_count leakage when handling boot-on (git-fixes). - regulator: core: use kfree_const() to free space conditionally (git-fixes). - regulator: qcom-labibb: Fix missing of_node_put() in qcom_labibb_regulator_probe() (git-fixes). - regulator: qcom-rpmh: Fix PMR735a S3 regulator spec (git-fixes). - regulator: slg51000: Wait after asserting CS pin (git-fixes). - regulator: twl6030: fix get status of twl6032 regulators (git-fixes). - remoteproc: core: Do pm_relax when in RPROC_OFFLINE state (git-fixes). - remoteproc: qcom_q6v5_pas: detach power domains on remove (git-fixes). - remoteproc: qcom_q6v5_pas: disable wakeup on probe fail or remove (git-fixes). - remoteproc: qcom_q6v5_pas: Fix missing of_node_put() in adsp_alloc_memory_region() (git-fixes). - remoteproc: qcom: q6v5: Fix missing clk_disable_unprepare() in q6v5_wcss_qcs404_power_on() (git-fixes). - remoteproc: qcom: q6v5: Fix potential null-ptr-deref in q6v5_wcss_init_mmio() (git-fixes). - remoteproc: sysmon: fix memory leak in qcom_add_sysmon_subdev() (git-fixes). - rtc: cmos: fix build on non-ACPI platforms (git-fixes). - rtc: cmos: Fix event handler registration ordering issue (git-fixes). - rtc: cmos: Fix wake alarm breakage (git-fixes). - rtc: ds1347: fix value written to century register (git-fixes). - rtc: mxc_v2: Add missing clk_disable_unprepare() (git-fixes). - rtc: pcf85063: fix pcf85063_clkout_control (gut-fixes). - rtc: pcf85063: Fix reading alarm (git-fixes). - rtc: pic32: Move devm_rtc_allocate_device earlier in pic32_rtc_probe() (git-fixes). - rtc: rtc-cmos: Do not check ACPI_FADT_LOW_POWER_S0 (git-fixes). - rtc: snvs: Allow a time difference on clock register read (git-fixes). - rtc: st-lpc: Add missing clk_disable_unprepare in st_rtc_probe() (git-fixes). - rtmutex: Add acquire semantics for rtmutex lock acquisition slow path (bnc#1203829). - s390/boot: add secure boot trailer (bsc#1205257 LTC#200451). - sbitmap: fix lockup while swapping (bsc#1206602). - sched/core: Fix comparison in sched_group_cookie_match() (git-fixes) - sched/core: Fix the bug that task won't enqueue into core (git-fixes) - sched/topology: Remove redundant variable and fix incorrect (git-fixes) - sched/uclamp: Fix relationship between uclamp and migration (git-fixes) - sched/uclamp: Make task_fits_capacity() use util_fits_cpu() (git-fixes) - scsi: 3w-9xxx: Avoid disabling device if failing to enable it (git-fixes). - scsi: advansys: Fix kernel pointer leak (git-fixes). - scsi: aha152x: Fix aha152x_setup() __setup handler return value (git-fixes). - scsi: bfa: Replace snprintf() with sysfs_emit() (git-fixes). - scsi: core: Fix sbitmap depth in scsi_realloc_sdev_budget_map() (git-fixes). - scsi: core: Fix scsi_mode_sense() buffer length handling (git-fixes). - scsi: core: Reallocate device's budget map on queue depth change (git-fixes). - scsi: core: Restrict legal sdev_state transitions via sysfs (git-fixes). - scsi: hisi_sas: Free irq vectors in order for v3 HW (git-fixes). - scsi: hisi_sas: Limit max hw sectors for v3 HW (git-fixes). - scsi: hisi_sas: Use managed PCI functions (git-fixes). - scsi: ipr: Fix missing/incorrect resource cleanup in error case (git-fixes). - scsi: iscsi: Add recv workqueue helpers (git-fixes). - scsi: iscsi: Fix harmless double shift bug (git-fixes). - scsi: iscsi: Fix possible memory leak when device_register() failed (git-fixes). - scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername() (git-fixes). - scsi: iscsi: kabi: add iscsi_conn_queue_work back (git-fixes). - scsi: iscsi: kabi: fix libiscsi new field (git-fixes). - scsi: iscsi: Merge suspend fields (git-fixes). - scsi: iscsi: Rename iscsi_conn_queue_work() (git-fixes). - scsi: iscsi: Run recv path from workqueue (git-fixes). - scsi: iscsi: Unblock session then wake up error handler (git-fixes). - scsi: libfc: Fix use after free in fc_exch_abts_resp() (git-fixes). - scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() (git-fixes). - scsi: lpfc: Correct bandwidth logging during receipt of congestion sync WCQE (jsc#PED-1445). - scsi: lpfc: Fix crash involving race between FLOGI timeout and devloss handler (jsc#PED-1445). - scsi: lpfc: Fix MI capability display in cmf_info sysfs attribute (jsc#PED-1445). - scsi: lpfc: Fix WQ|CQ|EQ resource check (jsc#PED-1445). - scsi: lpfc: Remove linux/msi.h include (jsc#PED-1445). - scsi: lpfc: Remove redundant pointer 'lp' (jsc#PED-1445). - scsi: lpfc: Update lpfc version to 14.2.0.9 (jsc#PED-1445). - scsi: lpfc: Use memset_startat() helper (jsc#PED-1445). - scsi: megaraid_sas: Fix double kfree() (git-fixes). - scsi: megaraid_sas: Target with invalid LUN ID is deleted during scan (git-fixes). - scsi: megaraid: Fix error check return value of register_chrdev() (git-fixes). - scsi: mpi3mr: Fix memory leaks (git-fixes). - scsi: mpi3mr: Fix reporting of actual data transfer size (git-fixes). - scsi: mpi3mr: Fixes around reply request queues (git-fixes). - scsi: mpt3sas: Do not change DMA mask while reallocating pools (bsc#1206912,bsc#1206098). - scsi: mpt3sas: Fail reset operation if config request timed out (git-fixes). - scsi: mpt3sas: Fix out-of-bounds compiler warning (git-fixes). - scsi: mpt3sas: re-do lost mpt3sas DMA mask fix (bsc#1206912,bsc#1206098). - scsi: mpt3sas: Remove usage of dma_get_required_mask() API (bsc#1206912,bsc#1206098). - scsi: mvsas: Add PCI ID of RocketRaid 2640 (git-fixes). - scsi: mvsas: Replace snprintf() with sysfs_emit() (git-fixes). - scsi: myrb: Fix up null pointer access on myrb_cleanup() (git-fixes). - scsi: myrs: Fix crash in error case (git-fixes). - scsi: ncr53c8xx: Remove unused retrieve_from_waiting_list() function (git-fixes). - scsi: pm8001: Fix bogus FW crash for maxcpus=1 (git-fixes). - scsi: pm8001: Fix memory leak in pm8001_chip_fw_flash_update_req() (git-fixes). - scsi: pm8001: Fix pm8001_mpi_task_abort_resp() (git-fixes). - scsi: pm8001: Fix pm80xx_pci_mem_copy() interface (git-fixes). - scsi: pm8001: Fix tag leaks on error (git-fixes). - scsi: pm8001: Fix task leak in pm8001_send_abort_all() (git-fixes). - scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task (git-fixes). - scsi: pm8001: Fix use-after-free for aborted TMF sas_task (git-fixes). - scsi: pm80xx: Fix double completion for SATA devices (git-fixes). - scsi: pm80xx: Fix memory leak during rmmod (git-fixes). - scsi: pmcraid: Fix missing resource cleanup in error case (git-fixes). - scsi: qedf: Add stag_work to all the vports (git-fixes). - scsi: qedf: Change context reset messages to ratelimited (git-fixes). - scsi: qedf: Fix a UAF bug in __qedf_probe() (git-fixes). - scsi: qedf: Fix refcount issue when LOGO is received during TMF (git-fixes). - scsi: qla2xxx: Fix crash when I/O abort times out (jsc#PED-568). - scsi: qla2xxx: Fix set-but-not-used variable warnings (jsc#PED-568). - scsi: qla2xxx: Initialize vha->unknown_atio_[list, work] for NPIV hosts (jsc#PED-568). - scsi: qla2xxx: Remove duplicate of vha->iocb_work initialization (jsc#PED-568). - scsi: qla2xxx: Remove unused variable 'found_devs' (jsc#PED-568). - scsi: scsi_debug: Fix out-of-bound read in resp_readcap16() (git-fixes). - scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs() (git-fixes). - scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper() (git-fixes). - scsi: scsi_debug: Make the READ CAPACITY response compliant with ZBC (git-fixes). - scsi: scsi_dh_alua: Properly handle the ALUA transitioning state (git-fixes). - scsi: smartpqi: Fix kdump issue when controller is locked up (git-fixes). - scsi: sr: Do not use GFP_DMA (git-fixes). - scsi: ufs: core: Fix ufshcd_probe_hba() prototype to match the definition (git-fixes). - scsi: ufs: Fix a kernel crash during shutdown (git-fixes). - scsi: ufs: Treat link loss as fatal error (git-fixes). - scsi: ufs: ufshcd-pltfrm: Check the return value of devm_kstrdup() (git-fixes). - scsi: ufs: Use generic error code in ufshcd_set_dev_pwr_mode() (git-fixes). - scsi: ufs: Use pm_runtime_resume_and_get() instead of pm_runtime_get_sync() (git-fixes). - scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (git-fixes). - sctp: sysctl: make extra pointers netns aware (bsc#1204760). - selftests: devlink: fix the fd redirect in dummy_reporter_test (git-fixes). - selftests: set the BUILD variable to absolute path (git-fixes). - selftests: Use optional USERCFLAGS and USERLDFLAGS (git-fixes). - selftests/efivarfs: Add checking of the test return value (git-fixes). - selftests/ftrace: event_triggers: wait longer for test_event_enable (git-fixes). - selftests/powerpc: Fix resource leaks (git-fixes). - serial: 8250_bcm7271: Fix error handling in brcmuart_init() (git-fixes). - serial: amba-pl011: avoid SBSA UART accessing DMACR register (git-fixes). - serial: pch: Fix PCI device refcount leak in pch_request_dma() (git-fixes). - serial: pl011: Do not clear RX FIFO & RX interrupt in unthrottle (git-fixes). - serial: stm32: move dma_request_chan() before clk_prepare_enable() (git-fixes). - serial: sunsab: Fix error handling in sunsab_init() (git-fixes). - serial: tegra: Read DMA status before terminating (git-fixes). - soc: mediatek: pm-domains: Fix the power glitch issue (git-fixes). - soc: qcom: llcc: make irq truly optional (git-fixes). - soc: qcom: Select REMAP_MMIO for LLCC driver (git-fixes). - soc: ti: knav_qmss_queue: Fix PM disable depth imbalance in knav_queue_probe (git-fixes). - soc: ti: knav_qmss_queue: Use pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes). - soc: ti: smartreflex: Fix PM disable depth imbalance in omap_sr_probe (git-fixes). - soundwire: dmi-quirks: add quirk variant for LAPBC710 NUC15 (git-fixes). - spi: spi-gpio: Do not set MOSI as an input if not 3WIRE mode (git-fixes). - spi: spidev: mask SPI_CS_HIGH in SPI_IOC_RD_MODE (git-fixes). - spi: Update reference to struct spi_controller (git-fixes). - staging: media: tegra-video: fix chan->mipi value on error (git-fixes). - staging: media: tegra-video: fix device_node use after free (git-fixes). - staging: rtl8192e: Fix potential use-after-free in rtllib_rx_Monitor() (git-fixes). - staging: rtl8192u: Fix use after free in ieee80211_rx() (git-fixes). - string.h: Introduce memset_startat() for wiping trailing members and padding (jsc#PED-1445). - test_firmware: fix memory leak in test_firmware_init() (git-fixes). - thermal: core: fix some possible name leaks in error paths (git-fixes). - thermal: int340x: Add missing attribute for data rate base (git-fixes). - thermal/drivers/imx8mm_thermal: Validate temperature range (git-fixes). - thermal/drivers/qcom/temp-alarm: Fix inaccurate warning for gen2 (git-fixes). - timers: implement usleep_idle_range() (git-fixes). - tpm: acpi: Call acpi_put_table() to fix memory leak (git-fixes). - tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak (git-fixes). - tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak (git-fixes). - tpm/tpm_crb: Fix error message in __crb_relinquish_locality() (git-fixes). - tpm/tpm_ftpm_tee: Fix error handling in ftpm_mod_init() (git-fixes). - tracing: Add tracing_reset_all_online_cpus_unlocked() function (git-fixes). - tracing: Free buffers when a used dynamic event is removed (git-fixes). - tracing/doc: Fix typos on the timerlat tracer documentation (git-fixes). - tracing/osnoise: Fix duration type (git-fixes). - tty: serial: altera_uart_{r,t}x_chars() need only uart_port (git-fixes). - tty: serial: clean up stop-tx part in altera_uart_tx_chars() (git-fixes). - uio: uio_dmem_genirq: Fix deadlock between irq config and handling (git-fixes). - uio: uio_dmem_genirq: Fix missing unlock in irq configuration (git-fixes). - units: Add SI metric prefix definitions (git-fixes). - units: add the HZ macros (git-fixes). - usb: cdnsp: fix lack of ZLP for ep0 (git-fixes). - usb: dwc3: core: defer probe on ulpi_read_id timeout (git-fixes). - usb: dwc3: fix PHY disable sequence (git-fixes). - usb: dwc3: Fix race between dwc3_set_mode and __dwc3_set_mode (git-fixes). - usb: dwc3: gadget: Disable GUSB2PHYCFG.SUSPHY for End Transfer (git-fixes). - usb: dwc3: pci: Update PCIe device ID for USB3 controller on CPU sub-system for Raptor Lake (git-fixes). - usb: dwc3: qcom: fix runtime PM wakeup (git-fixes). - usb: gadget: uvc: Prevent buffer overflow in setup handler (git-fixes). - usb: gadget: uvc: Rename bmInterfaceFlags -> bmInterlaceFlags (git-fixes). - usb: rndis_host: Secure rndis_query check against int overflow (git-fixes). - usb: roles: fix of node refcount leak in usb_role_switch_is_parent() (git-fixes). - usb: serial: cp210x: add Kamstrup RF sniffer PIDs (git-fixes). - usb: serial: f81232: fix division by zero on line-speed change (git-fixes). - usb: serial: f81534: fix division by zero on line-speed change (git-fixes). - usb: serial: option: add Quectel EM05-G modem (git-fixes). - usb: storage: Add check for kcalloc (git-fixes). - usb: typec: Check for ops->exit instead of ops->enter in altmode_exit (git-fixes). - usb: typec: Factor out non-PD fwnode properties (git-fixes). - usb: typec: tcpci: fix of node refcount leak in tcpci_register_port() (git-fixes). - usb: typec: tipd: Cleanup resources if devm_tps6598_psy_register fails (git-fixes). - usb: typec: tipd: Fix spurious fwnode_handle_put in error path (git-fixes). - usb: ulpi: defer ulpi_register on ulpi_read_id timeout (git-fixes). - usb: xhci-mtk: fix leakage of shared hcd when fail to set wakeup irq (git-fixes). - vdpa_sim: fix possible memory leak in vdpasim_net_init() and vdpasim_blk_init() (git-fixes). - vdpa_sim: fix vringh initialization in vdpasim_queue_ready() (git-fixes). - vfio: platform: Do not pass return buffer to ACPI _RST method (git-fixes). - vhost: fix range used in translate_desc() (git-fixes). - vhost/vsock: Fix error handling in vhost_vsock_init() (git-fixes). - vmxnet3: correctly report csum_level for encapsulated packet (git-fixes). - vringh: fix range used in iotlb_translate() (git-fixes). - vsock: Enable y2038 safe timeval for timeout (bsc#1206101). - vsock: Refactor vsock_*_getsockopt to resemble sock_getsockopt (bsc#1206101). - wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out (git-fixes). - wifi: ath10k: Fix return value in ath10k_pci_init() (git-fixes). - wifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs() (git-fixes). - wifi: ath9k: hif_usb: Fix use-after-free in ath9k_hif_usb_reg_in_cb() (git-fixes). - wifi: ath9k: verify the expected usb_endpoints are present (git-fixes). - wifi: brcmfmac: Fix error return code in brcmf_sdio_download_firmware() (git-fixes). - wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request() (git-fixes). - wifi: cfg80211: Fix not unregister reg_pdev when load_builtin_regdb_keys() fails (git-fixes). - wifi: iwlwifi: mvm: fix double free on tx path (git-fixes). - wifi: mac80211: fix memory leak in ieee80211_if_add() (git-fixes). - wifi: mt76: do not run mt76u_status_worker if the device is not running (git-fixes). - wifi: mt76: fix coverity overrun-call in mt76_get_txpower() (git-fixes). - wifi: rsi: Fix handling of 802.3 EAPOL frames sent via control port (git-fixes). - wifi: rtl8xxxu: Add __packed to struct rtl8723bu_c2h (git-fixes). - wifi: rtl8xxxu: Fix the channel width reporting (git-fixes). - wifi: rtl8xxxu: gen2: Turn on the rate control (git-fixes). - wifi: rtw89: fix physts IE page check (git-fixes). - wifi: rtw89: Fix some error handling path in rtw89_core_sta_assoc() (git-fixes). - wifi: rtw89: use u32_encode_bits() to fill MAC quota value (git-fixes). - wifi: wilc1000: sdio: fix module autoloading (git-fixes). - xfrm: Fix oops in __xfrm_state_delete() (bsc#1206794). - xhci: Apply XHCI_RESET_TO_DEFAULT quirk to ADL-N (git-fixes). kernel-default-5.14.21-150400.24.41.1.nosrc.rpm True kernel-default-5.14.21-150400.24.41.1.x86_64.rpm True kernel-default-base-5.14.21-150400.24.41.1.150400.24.15.1.src.rpm True kernel-default-base-5.14.21-150400.24.41.1.150400.24.15.1.x86_64.rpm True kernel-default-devel-5.14.21-150400.24.41.1.x86_64.rpm True kernel-devel-5.14.21-150400.24.41.1.noarch.rpm True kernel-macros-5.14.21-150400.24.41.1.noarch.rpm True kernel-source-5.14.21-150400.24.41.1.src.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2023-114 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for sudo fixes the following issues: - CVE-2023-22809: Fixed an arbitrary file write issue that could be exploited by users with sudoedit permissions (bsc#1207082). sudo-1.9.9-150400.4.12.1.src.rpm sudo-1.9.9-150400.4.12.1.x86_64.rpm sudo-devel-1.9.9-150400.4.12.1.x86_64.rpm sudo-plugin-python-1.9.9-150400.4.12.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-160 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for samba fixes the following issues: - CVE-2021-20251: Fixed an issue where the bad password count would not be properly incremented, which could allow attackers to brute force a user's password (bsc#1206546). - Updated to version 4.15.13: - CVE-2022-37966: Fixed an issue where a weak cipher would be selected to encrypt session keys, which could lead to privilege escalation (bsc#1205385). - CVE-2022-37967: Fixed a potential privilege escalation issue via constrained delegation due to weak a cryptographic algorithm being selected (bsc#1205386). - CVE-2022-38023: Disabled weak ciphers by default in the Netlogon Secure channel (bsc#1206504). - Updated to version 4.15.12: - CVE-2022-42898: Fixed several buffer overflow vulnerabilities on 32-bit systems (bsc#1205126). - Updated to version 4.15.11: - CVE-2022-3437: Fixed a buffer overflow in Heimdal unwrap_des3() (bsc#1204254). - Updated to version 4.15.10: - Fixed a potential crash due to a concurrency issue (bsc#1200102). - Updated to version 4.15.9: - CVE-2022-32742: Fixed an information leak that could be triggered via SMB1 (bsc#1201496). - CVE-2022-32746: Fixed a memory corruption issue in database audit logging (bsc#1201490). - CVE-2022-2031: Fixed AD restrictions bypass associated with changing passwords (bsc#1201495). - CVE-2022-32745: Fixed a remote server crash that could be triggered with certain LDAP requests (bsc#1201492). - CVE-2022-32744: Fixed an issue where AD users could have forged password change requests on behalf of other users (bsc#1201493). Other fixes: - Fixed a problem when using bind as samba-ad-dc backend related to the named service (bsc#1201689). libsamba-policy-devel-4.15.13+git.591.ab36624310c-150400.3.19.1.x86_64.rpm libsamba-policy-python3-devel-4.15.13+git.591.ab36624310c-150400.3.19.1.x86_64.rpm libsamba-policy0-python3-4.15.13+git.591.ab36624310c-150400.3.19.1.x86_64.rpm samba-4.15.13+git.591.ab36624310c-150400.3.19.1.src.rpm samba-4.15.13+git.591.ab36624310c-150400.3.19.1.x86_64.rpm samba-ad-dc-libs-4.15.13+git.591.ab36624310c-150400.3.19.1.x86_64.rpm samba-ceph-4.15.13+git.591.ab36624310c-150400.3.19.1.x86_64.rpm samba-client-4.15.13+git.591.ab36624310c-150400.3.19.1.x86_64.rpm samba-client-libs-4.15.13+git.591.ab36624310c-150400.3.19.1.x86_64.rpm samba-devel-4.15.13+git.591.ab36624310c-150400.3.19.1.x86_64.rpm samba-dsdb-modules-4.15.13+git.591.ab36624310c-150400.3.19.1.x86_64.rpm samba-gpupdate-4.15.13+git.591.ab36624310c-150400.3.19.1.x86_64.rpm samba-ldb-ldap-4.15.13+git.591.ab36624310c-150400.3.19.1.x86_64.rpm samba-libs-4.15.13+git.591.ab36624310c-150400.3.19.1.x86_64.rpm samba-libs-python3-4.15.13+git.591.ab36624310c-150400.3.19.1.x86_64.rpm samba-python3-4.15.13+git.591.ab36624310c-150400.3.19.1.x86_64.rpm samba-tool-4.15.13+git.591.ab36624310c-150400.3.19.1.x86_64.rpm samba-winbind-4.15.13+git.591.ab36624310c-150400.3.19.1.x86_64.rpm samba-winbind-libs-4.15.13+git.591.ab36624310c-150400.3.19.1.x86_64.rpm samba-client-libs-32bit-4.15.13+git.591.ab36624310c-150400.3.19.1.x86_64.rpm samba-libs-32bit-4.15.13+git.591.ab36624310c-150400.3.19.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-161 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for python-py fixes the following issues: - CVE-2022-42969: Fixed an excessive resource consumption that could be triggered when interacting with a Subversion repository containing crated data (bsc#1204364). python-py-1.10.0-150100.5.12.1.src.rpm python3-py-1.10.0-150100.5.12.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-167 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for bluez fixes the following issues: - CVE-2022-3563: Fixed a potential crash in the mgmt-tester tool (bsc#1204426). bluez-5.62-150400.4.8.1.src.rpm bluez-5.62-150400.4.8.1.x86_64.rpm bluez-deprecated-5.62-150400.4.8.1.x86_64.rpm libbluetooth3-5.62-150400.4.8.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2099 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for cronie fixes the following issue: - Allow to define the logger info and warning priority. cron-4.2-150400.84.3.1.x86_64.rpm cronie-1.5.7-150400.84.3.1.src.rpm cronie-1.5.7-150400.84.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-330 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for pesign-obs-integration fixes the following issues: - Fix for a filename issue in the scripts of generated ueficert package (bsc#1195805, bsc#1205917) - fixed dependency generators (bsc#1207520)(jsc#PED-2658): - Add support for including macros in pesign-repackage.spec by using pesign-spec-macros - Add support for copying sources to the new build directory by using pesign-copy-sources - Update README for dependency generation, add Dependency Generation section pesign-obs-integration-10.2+git20210804.ff18da1-150400.3.5.1.src.rpm pesign-obs-integration-10.2+git20210804.ff18da1-150400.3.5.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-793 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for purge-kernels-service fixes the following issues: - Change systemd service type to 'exec' (bsc#1198668) purge-kernels-service-0-150200.8.6.1.noarch.rpm purge-kernels-service-0-150200.8.6.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-507 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for numatop implements the following features: - update to version 2.3 - Add support for SPR CPUs (jsc#PED-2015) numatop-2.3-150100.3.6.1.src.rpm numatop-2.3-150100.3.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-190 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for llvm11 fixes the following issues: - Drop RUNPATH from packaged binaries, instead set LD_LIBRARY_PATH for building and testing to simulate behavior of the actual package (bsc#1197773) - Propagate the complete host environment to the tests run. This ensures that all envvars needed e.g. for the compiler to work correctly are present. This run libc++ tests successfully getting the en LD_LIBRARY_PATH, otherwise, library were not found. libLLVM11-11.0.1-150300.3.6.1.x86_64.rpm libLLVM11-32bit-11.0.1-150300.3.6.1.x86_64.rpm libc++-devel-11.0.1-150300.3.6.1.x86_64.rpm libc++1-11.0.1-150300.3.6.1.x86_64.rpm libc++abi-devel-11.0.1-150300.3.6.1.x86_64.rpm libc++abi1-11.0.1-150300.3.6.1.x86_64.rpm llvm11-11.0.1-150300.3.6.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-178 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for openssl-1_1 fixes the following issues: - FIPS: Add Pair-wise Consistency Test when generating DH key [bsc#1207182] libopenssl-1_1-devel-1.1.1l-150400.7.19.1.x86_64.rpm libopenssl-1_1-devel-32bit-1.1.1l-150400.7.19.1.x86_64.rpm libopenssl1_1-1.1.1l-150400.7.19.1.x86_64.rpm libopenssl1_1-32bit-1.1.1l-150400.7.19.1.x86_64.rpm libopenssl1_1-hmac-1.1.1l-150400.7.19.1.x86_64.rpm libopenssl1_1-hmac-32bit-1.1.1l-150400.7.19.1.x86_64.rpm openssl-1_1-1.1.1l-150400.7.19.1.src.rpm openssl-1_1-1.1.1l-150400.7.19.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-158 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for mlocate fixes the following issues: - Pass "--shell=/bin/sh" to "su" when running the "updatedb" command so that we don't depend on the "${RUN_UPDATEDB_AS}" user's login shell. Since that user is "nobody" by default, the login shell will oftentimes be "/bin/false". - require apparmor-abstractions mlocate-0.26-150400.16.3.1.src.rpm mlocate-0.26-150400.16.3.1.x86_64.rpm mlocate-lang-0.26-150400.16.3.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-169 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for xen fixes the following issues: - CVE-2022-23824: Fixed multiple speculative execution issues (bnc#1205209). Non-security fixes: - Updated to version 4.16.3 (bsc#1027519). xen-4.16.3_02-150400.4.19.1.src.rpm True xen-libs-4.16.3_02-150400.4.19.1.x86_64.rpm True xen-tools-domU-4.16.3_02-150400.4.19.1.x86_64.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2023-297 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for java-17-openjdk fixes the following issues: - Modified patches: Revert fips patch to a version used with 17.0.4.0 (bsc#1205916) Apply nss-security-provider patch after the fips patch, thus rediff the hunk to changed context. - Fix jconsole.desktop icon java-17-openjdk-17.0.5.0-150400.3.9.3.src.rpm java-17-openjdk-17.0.5.0-150400.3.9.3.x86_64.rpm java-17-openjdk-demo-17.0.5.0-150400.3.9.3.x86_64.rpm java-17-openjdk-devel-17.0.5.0-150400.3.9.3.x86_64.rpm java-17-openjdk-headless-17.0.5.0-150400.3.9.3.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-439 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for dracut fixes the following issues: - Exclude USB drivers in strict hostonly mode (bsc#1186056) - Warn if included with no multipath devices and no user conf (bsc#1069169) - Improve detection of installed kernel versions (bsc#1205175) - chown using rpc default group (bsc#1204929) dracut-055+suse.331.g05b9ccb7-150400.3.16.1.src.rpm dracut-055+suse.331.g05b9ccb7-150400.3.16.1.x86_64.rpm dracut-fips-055+suse.331.g05b9ccb7-150400.3.16.1.x86_64.rpm dracut-ima-055+suse.331.g05b9ccb7-150400.3.16.1.x86_64.rpm dracut-mkinitrd-deprecated-055+suse.331.g05b9ccb7-150400.3.16.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-181 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for procps fixes the following issues: - Improve memory handling/usage (bsc#1206412) - Make sure that correct library version is installed (bsc#1206412) libprocps7-3.3.15-150000.7.28.1.x86_64.rpm procps-3.3.15-150000.7.28.1.src.rpm procps-3.3.15-150000.7.28.1.x86_64.rpm procps-devel-3.3.15-150000.7.28.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-175 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for gnutls fixes the following issues: - FIPS: Added GnuTLS DH/ECDH pairwise consistency check for public key regeneration [bsc#1207183] - FIPS: Change all the 140-2 references to FIPS 140-3 in order to account for the new FIPS certification [bsc#1207346] gnutls-3.7.3-150400.4.24.1.src.rpm gnutls-3.7.3-150400.4.24.1.x86_64.rpm libgnutls-devel-3.7.3-150400.4.24.1.x86_64.rpm libgnutls30-3.7.3-150400.4.24.1.x86_64.rpm libgnutls30-32bit-3.7.3-150400.4.24.1.x86_64.rpm libgnutls30-hmac-3.7.3-150400.4.24.1.x86_64.rpm libgnutls30-hmac-32bit-3.7.3-150400.4.24.1.x86_64.rpm libgnutlsxx-devel-3.7.3-150400.4.24.1.x86_64.rpm libgnutlsxx28-3.7.3-150400.4.24.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-709 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for console-setup and kbd fixes the following issue: - Fix Caps_Lock mapping for us.map and others (bsc#1202853) kbd-2.4.0-150400.5.3.1.src.rpm kbd-2.4.0-150400.5.3.1.x86_64.rpm kbd-legacy-2.4.0-150400.5.3.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-651 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for strongswan fixes the following issue: - Fix crash in packet sender (bsc#1199205) - Remove deprecated option "StandardOutput=syslog" from strongswan systemd unit file (bsc#1185153) strongswan-5.8.2-150400.19.8.1.src.rpm strongswan-5.8.2-150400.19.8.1.x86_64.rpm strongswan-doc-5.8.2-150400.19.8.1.noarch.rpm strongswan-hmac-5.8.2-150400.19.8.1.x86_64.rpm strongswan-ipsec-5.8.2-150400.19.8.1.x86_64.rpm strongswan-libs0-5.8.2-150400.19.8.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-179 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for tar fixes the following issue: - Fix hang when unpacking test tarball (bsc#1202436) tar-1.34-150000.3.26.1.src.rpm tar-1.34-150000.3.26.1.x86_64.rpm tar-lang-1.34-150000.3.26.1.noarch.rpm tar-rmt-1.34-150000.3.26.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-526 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for tpm2-0-tss fixes the following issues: - CVE-2023-22745: Fixed a memory safety issue that could be exploited by local attackers with TPM access (bsc#1207325). libtss2-esys0-3.1.0-150400.3.3.1.x86_64.rpm libtss2-fapi1-3.1.0-150400.3.3.1.x86_64.rpm libtss2-mu0-3.1.0-150400.3.3.1.x86_64.rpm libtss2-rc0-3.1.0-150400.3.3.1.x86_64.rpm libtss2-sys1-3.1.0-150400.3.3.1.x86_64.rpm libtss2-tcti-cmd0-3.1.0-150400.3.3.1.x86_64.rpm libtss2-tcti-device0-3.1.0-150400.3.3.1.x86_64.rpm libtss2-tcti-mssim0-3.1.0-150400.3.3.1.x86_64.rpm libtss2-tcti-pcap0-3.1.0-150400.3.3.1.x86_64.rpm libtss2-tcti-swtpm0-3.1.0-150400.3.3.1.x86_64.rpm libtss2-tctildr0-3.1.0-150400.3.3.1.x86_64.rpm tpm2-0-tss-3.1.0-150400.3.3.1.src.rpm tpm2-0-tss-3.1.0-150400.3.3.1.x86_64.rpm tpm2-0-tss-devel-3.1.0-150400.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-221 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for xterm fixes the following issues: - CVE-2022-45063: Fixed an arbitrary code execution issue under configurations using vi and zsh (bsc#1205305). xterm-330-150200.11.9.1.src.rpm xterm-330-150200.11.9.1.x86_64.rpm xterm-bin-330-150200.11.9.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-201 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed an issue where users could access coredumps with changed uid, gid or capabilities (bsc#1205000). Non-security fixes: - Enabled the pstore service (jsc#PED-2663). - Fixed an issue accessing TPM when secure boot is enabled (bsc#1204944). - Fixed an issue where a pamd file could get accidentally overwritten after an update (bsc#1207264). libsystemd0-249.14-150400.8.19.1.x86_64.rpm True libsystemd0-32bit-249.14-150400.8.19.1.x86_64.rpm True libudev1-249.14-150400.8.19.1.x86_64.rpm True libudev1-32bit-249.14-150400.8.19.1.x86_64.rpm True systemd-249.14-150400.8.19.1.src.rpm True systemd-249.14-150400.8.19.1.x86_64.rpm True systemd-container-249.14-150400.8.19.1.x86_64.rpm True systemd-coredump-249.14-150400.8.19.1.x86_64.rpm True systemd-devel-249.14-150400.8.19.1.x86_64.rpm True systemd-doc-249.14-150400.8.19.1.x86_64.rpm True systemd-lang-249.14-150400.8.19.1.noarch.rpm True systemd-sysvinit-249.14-150400.8.19.1.x86_64.rpm True udev-249.14-150400.8.19.1.x86_64.rpm True systemd-32bit-249.14-150400.8.19.1.x86_64.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2023-343 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for wireshark fixes the following issues: - Updated to version 3.6.11 (bsc#1207447): - CVE-2023-0417: Fixed a memory leak in the NFS dissector (bsc#1207669). - CVE-2023-0413: Fixed a crash in the dissection engine (bsc#1207665). - CVE-2023-0416: Fixed a crash in the GNW dissector (bsc#1207668). - CVE-2023-0415: Fixed a crash in the iSCSI dissector (bsc#1207667). - CVE-2023-0411: Fixed several issues where an excessive CPU consumption could be triggered in multiple dissectors (bsc#1207663). - CVE-2023-0412: Fixed a crash in the TIPC dissector (bsc#1207664). libwireshark15-3.6.11-150000.3.83.1.x86_64.rpm libwiretap12-3.6.11-150000.3.83.1.x86_64.rpm libwsutil13-3.6.11-150000.3.83.1.x86_64.rpm wireshark-3.6.11-150000.3.83.1.src.rpm wireshark-3.6.11-150000.3.83.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-335 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for hyper-v fixes the following issues: - Provide the latest version for SLE-15-SP4. hyper-v-8-150200.14.8.1.src.rpm hyper-v-8-150200.14.8.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-322 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for apache2 fixes the following issues: - CVE-2022-37436: Fixed an issue in mod_proxy where a malicious backend could cause the response headers to be truncated early, resulting in some headers being incorporated into the response body (bsc#1207251). - CVE-2022-36760: Fixed an issue in mod_proxy_ajp that could allow request smuggling attacks (bsc#1207250). - CVE-2006-20001: Fixed an issue in mod_proxy_ajp where a request header could cause memory corruption (bsc#1207247). apache2-2.4.51-150400.6.6.1.src.rpm apache2-2.4.51-150400.6.6.1.x86_64.rpm apache2-prefork-2.4.51-150400.6.6.1.x86_64.rpm apache2-utils-2.4.51-150400.6.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-211 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for vim fixes the following issues: - Updated to version 9.0.1234: - CVE-2023-0433: Fixed an out of bounds memory access that could cause a crash (bsc#1207396). - CVE-2023-0288: Fixed an out of bounds memory access that could cause a crash (bsc#1207162). - CVE-2023-0054: Fixed an out of bounds memory write that could cause a crash or memory corruption (bsc#1206868). - CVE-2023-0051: Fixed an out of bounds memory access that could cause a crash (bsc#1206867). - CVE-2023-0049: Fixed an out of bounds memory access that could cause a crash (bsc#1206866). vim-9.0.1234-150000.5.34.1.src.rpm vim-9.0.1234-150000.5.34.1.x86_64.rpm vim-data-9.0.1234-150000.5.34.1.noarch.rpm vim-data-common-9.0.1234-150000.5.34.1.noarch.rpm vim-small-9.0.1234-150000.5.34.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-342 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for tiff fixes the following issues: - CVE-2022-48281: Fixed a buffer overflow that could be triggered via a crafted image (bsc#1207413). libtiff-devel-4.0.9-150000.45.25.1.x86_64.rpm libtiff5-32bit-4.0.9-150000.45.25.1.x86_64.rpm libtiff5-4.0.9-150000.45.25.1.x86_64.rpm tiff-4.0.9-150000.45.25.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-341 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for bind fixes the following issues: - Updated to version 9.16.37 (jsc#SLE-24600): - CVE-2022-3094: Fixed an issue where a message flood could exhaust all available memory (bsc#1207471). - CVE-2022-3736: Fixed a potential crash upon receiving an RRSIG in configurations with stale cache and stale answers enabled and stale-answer-client-timeout set to a positive value (bsc#1207473). - CVE-2022-3924: Fixed a potential crash upon reaching the recursive-clients soft quota in configurations with stale answers enabled and stale-answer-client-timeout set to a positive value (bsc#1207475). bind-9.16.37-150400.5.17.1.src.rpm bind-utils-9.16.37-150400.5.17.1.x86_64.rpm python3-bind-9.16.37-150400.5.17.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-617 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) jitterentropy-3.4.0-150000.1.9.1.src.rpm jitterentropy-devel-3.4.0-150000.1.9.1.x86_64.rpm jitterentropy-devel-32bit-3.4.0-150000.1.9.1.x86_64.rpm jitterentropy-devel-static-3.4.0-150000.1.9.1.x86_64.rpm libjitterentropy3-3.4.0-150000.1.9.1.x86_64.rpm libjitterentropy3-32bit-3.4.0-150000.1.9.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-312 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0401: Fixed NULL pointer dereference during PKCS7 data verification (bsc#1207541). - CVE-2023-0217: Fixed NULL pointer dereference validating DSA public key (bsc#1207540). - CVE-2023-0216: Fixed invalid pointer dereference in d2i_PKCS7 functions (bsc#1207539). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). - CVE-2022-4203: Fixed read Buffer Overflow with X.509 Name Constraints (bsc#1207535). Non-security fixes: - Fix SHA, SHAKE, KECCAK ASM and EC ASM flag passing (bsc#1206222). - Enable zlib compression support (bsc#1195149). - Add crypto-policies dependency. libopenssl-3-devel-3.0.1-150400.4.17.1.x86_64.rpm libopenssl3-3.0.1-150400.4.17.1.x86_64.rpm openssl-3-3.0.1-150400.4.17.1.src.rpm openssl-3-3.0.1-150400.4.17.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-288 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for xorg-x11-server fixes the following issues: - CVE-2023-0494: Fixed a use-after-free in DeepCopyPointerClasses (bsc#1207783). xorg-x11-server-1.20.3-150400.38.16.1.src.rpm xorg-x11-server-1.20.3-150400.38.16.1.x86_64.rpm xorg-x11-server-extra-1.20.3-150400.38.16.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-311 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). libopenssl-1_1-devel-1.1.1l-150400.7.22.1.x86_64.rpm libopenssl-1_1-devel-32bit-1.1.1l-150400.7.22.1.x86_64.rpm libopenssl1_1-1.1.1l-150400.7.22.1.x86_64.rpm libopenssl1_1-32bit-1.1.1l-150400.7.22.1.x86_64.rpm libopenssl1_1-hmac-1.1.1l-150400.7.22.1.x86_64.rpm libopenssl1_1-hmac-32bit-1.1.1l-150400.7.22.1.x86_64.rpm openssl-1_1-1.1.1l-150400.7.22.1.src.rpm openssl-1_1-1.1.1l-150400.7.22.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-389 critical SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for apr-util fixes the following issues: - CVE-2022-25147: Fixed a buffer overflow possible with specially crafted input during base64 encoding (bsc#1207866) apr-util-1.6.1-150300.18.5.1.src.rpm apr-util-devel-1.6.1-150300.18.5.1.x86_64.rpm libapr-util1-1.6.1-150300.18.5.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-405 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libbpf fixes the following issues: - CVE-2022-3534: Fixed use-after-free in btf_dump_name_dups (bsc#1204391). - CVE-2022-3606: Fixed null pointer dereference in find_prog_by_sec_insn() (bsc#1204502). libbpf-0.5.0-150400.3.3.1.src.rpm libbpf0-0.5.0-150400.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-484 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for pesign fixes the following issues: - CVE-2022-3560: Fixed pesign-authorize ExecStartPost script allowing privilege escalation from pesign to root (bsc#1202933). pesign-0.112-150000.4.15.1.src.rpm pesign-0.112-150000.4.15.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-700 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for multipath-tools fixes the following issue: - Fix "rpm --verify" (bsc#1207232) kpartx-0.9.0+62+suse.3e048d4-150400.4.10.1.x86_64.rpm libdmmp-devel-0.9.0+62+suse.3e048d4-150400.4.10.1.x86_64.rpm libdmmp0_2_0-0.9.0+62+suse.3e048d4-150400.4.10.1.x86_64.rpm libmpath0-0.9.0+62+suse.3e048d4-150400.4.10.1.x86_64.rpm multipath-tools-0.9.0+62+suse.3e048d4-150400.4.10.1.src.rpm multipath-tools-0.9.0+62+suse.3e048d4-150400.4.10.1.x86_64.rpm multipath-tools-devel-0.9.0+62+suse.3e048d4-150400.4.10.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-427 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for bind fixes the following issues: - CVE-2022-3094: Fixed memory exhaustion due to UPDATE message flooding (bsc#1207471). bind-9.16.6-150300.22.27.1.src.rpm libbind9-1600-9.16.6-150300.22.27.1.x86_64.rpm libdns1605-9.16.6-150300.22.27.1.x86_64.rpm libirs1601-9.16.6-150300.22.27.1.x86_64.rpm libisc1606-9.16.6-150300.22.27.1.x86_64.rpm libisccc1600-9.16.6-150300.22.27.1.x86_64.rpm libisccfg1600-9.16.6-150300.22.27.1.x86_64.rpm libns1604-9.16.6-150300.22.27.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-433 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207125). - CVE-2023-23454: Fixed denial or service in cbq_classify in net/sched/sch_cbq.c (bnc#1207036). - CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). - CVE-2023-0266: Fixed a use-after-free vulnerability inside the ALSA PCM package. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 was missing locks that could have been used in a use-after-free that could have resulted in a priviledge escalation to gain ring0 access from the system user (bsc#1207134). - CVE-2023-0179: Fixed incorrect arithmetics when fetching VLAN header bits (bsc#1207034). - CVE-2023-0122: Fixed a NULL pointer dereference vulnerability in nvmet_setup_auth(), that allowed an attacker to perform a Pre-Auth Denial of Service (DoS) attack on a remote machine (bnc#1207050). - CVE-2022-4382: Fixed a use-after-free flaw that was caused by a race condition among the superblock operations inside the gadgetfs code (bsc#1206258). - CVE-2020-24588: Fixed injection of arbitrary network packets against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n) (bsc#1199701). The following non-security bugs were fixed: - ACPI: EC: Fix EC address space handler unregistration (bsc#1207149). - ACPI: EC: Fix ECDT probe ordering issues (bsc#1207149). - ACPI: PRM: Check whether EFI runtime is available (git-fixes). - ACPICA: Allow address_space_handler Install and _REG execution as 2 separate steps (bsc#1207149). - ACPICA: include/acpi/acpixf.h: Fix indentation (bsc#1207149). - ALSA: control-led: use strscpy in set_led_id() (git-fixes). - ALSA: hda - Enable headset mic on another Dell laptop with ALC3254 (git-fixes). - ALSA: hda/hdmi: Add a HP device 0x8715 to force connect list (git-fixes). - ALSA: hda/realtek - Turn on power early (git-fixes). - ALSA: hda/realtek: Add Acer Predator PH315-54 (git-fixes). - ALSA: hda/realtek: Enable mute/micmute LEDs on HP Spectre x360 13-aw0xxx (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs, speaker do not work for a HP platform (git-fixes). - ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path() (git-fixes). - ALSA: hda: cs35l41: Check runtime suspend capability at runtime_idle (git-fixes). - ALSA: hda: cs35l41: Do not return -EINVAL from system suspend/resume (git-fixes). - ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (git-fixes). - ALSA: usb-audio: Make sure to stop endpoints before closing EPs (git-fixes). - ALSA: usb-audio: Relax hw constraints for implicit fb sync (git-fixes). - ARM: dts: at91: sam9x60: fix the ddr clock for sam9x60 (git-fixes). - ARM: dts: imx6qdl-gw560x: Remove incorrect 'uart-has-rtscts' (git-fixes). - ARM: dts: imx6ul-pico-dwarf: Use 'clock-frequency' (git-fixes). - ARM: dts: imx7d-pico: Use 'clock-frequency' (git-fixes). - ARM: dts: imx: Fix pca9547 i2c-mux node name (git-fixes). - ARM: dts: vf610: Fix pca9548 i2c-mux node names (git-fixes). - ARM: imx: add missing of_node_put() (git-fixes). - ASoC: Intel: bytcr_rt5651: Drop reference count of ACPI device after use (git-fixes). - ASoC: Intel: bytcr_wm5102: Drop reference count of ACPI device after use (git-fixes). - ASoC: fsl-asoc-card: Fix naming of AC'97 CODEC widgets (git-fixes). - ASoC: fsl_micfil: Correct the number of steps on SX controls (git-fixes). - ASoC: fsl_ssi: Rename AC'97 streams to avoid collisions with AC'97 CODEC (git-fixes). - ASoC: qcom: lpass-cpu: Fix fallback SD line index handling (git-fixes). - ASoC: wm8904: fix wrong outputs volume after power reactivation (git-fixes). - Bluetooth: Fix possible deadlock in rfcomm_sk_state_change (git-fixes). - Bluetooth: hci_qca: Fix driver shutdown on closed serdev (git-fixes). - Documentation: Remove bogus claim about del_timer_sync() (git-fixes). - HID: betop: check shape of output reports (git-fixes). - HID: betop: check shape of output reports (git-fixes, bsc#1207186). - HID: check empty report_list in bigben_probe() (git-fixes). - HID: check empty report_list in hid_validate_values() (git-fixes). - HID: drop assumptions on non-empty lists (git-fixes, bsc#1206784). - HID: intel_ish-hid: Add check for ishtp_dma_tx_map (git-fixes). - HID: playstation: sanity check DualSense calibration data (git-fixes). - HID: revert CHERRY_MOUSE_000C quirk (git-fixes). - IB/hfi1: Fix expected receive setup error exit issues (git-fixes) - IB/hfi1: Immediately remove invalid memory from hardware (git-fixes) - IB/hfi1: Reject a zero-length user expected buffer (git-fixes) - IB/hfi1: Remove user expected buffer invalidate race (git-fixes) - IB/hfi1: Reserve user expected TIDs (git-fixes) - IB/mad: Do not call to function that might sleep while in atomic context (git-fixes). - KVM: x86: Check for existing Hyper-V vCPU in kvm_hv_vcpu_init() (bsc#1206616). - PCI/PM: Define pci_restore_standard_config() only for CONFIG_PM_SLEEP (bsc#1207269). - PM: AVS: qcom-cpr: Fix an error handling path in cpr_probe() (git-fixes). - RDMA/core: Fix ib block iterator counter overflow (bsc#1207878). - RDMA/core: Fix ib block iterator counter overflow (git-fixes) - RDMA/mlx5: Fix mlx5_ib_get_hw_stats when used for device (git-fixes) - RDMA/mlx5: Fix validation of max_rd_atomic caps for DC (git-fixes) - RDMA/rxe: Prevent faulty rkey generation (git-fixes) - RDMA/srp: Move large values to a new enum for gcc13 (git-fixes) - Revert "ARM: dts: armada-38x: Fix compatible string for gpios" (git-fixes). - Revert "ARM: dts: armada-39x: Fix compatible string for gpios" (git-fixes). - Revert "Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode" (git-fixes). - Revert "Revert "block, bfq: honor already-setup queue merges"" (git-fixes). - Revert "arm64: dts: meson-sm1-odroid-hc4: disable unused USB PHY0" (git-fixes). - Revert "wifi: mac80211: fix memory leak in ieee80211_if_add()" (git-fixes). - SUNRPC: Do not dereference xprt->snd_task if it's a cookie (git-fixes). - SUNRPC: Use BIT() macro in rpc_show_xprt_state() (git-fixes). - USB: gadget: Fix use-after-free during usb config switch (git-fixes). - USB: misc: iowarrior: fix up header size for USB_DEVICE_ID_CODEMERCS_IOW100 (git-fixes). - USB: serial: cp210x: add SCALANCE LPE-9000 device id (git-fixes). - USB: serial: option: add Quectel EC200U modem (git-fixes). - USB: serial: option: add Quectel EM05-G (CS) modem (git-fixes). - USB: serial: option: add Quectel EM05-G (GR) modem (git-fixes). - USB: serial: option: add Quectel EM05-G (RS) modem (git-fixes). - USB: serial: option: add Quectel EM05CN (SG) modem (git-fixes). - USB: serial: option: add Quectel EM05CN modem (git-fixes). - VMCI: Use threaded irqs instead of tasklets (git-fixes). - arm64: atomics: format whitespace consistently (git-fixes). - arm64: dts: imx8mm-beacon: Fix ecspi2 pinmux (git-fixes). - arm64: dts: imx8mm-venice-gw7901: fix USB2 controller OC polarity (git-fixes). - arm64: dts: imx8mm: Fix pad control for UART1_DTE_RX (git-fixes). - arm64: dts: imx8mq-thor96: fix no-mmc property for SDHCI (git-fixes). - arm64: dts: qcom: msm8992-libra: Add CPU regulators (git-fixes). - arm64: dts: qcom: msm8992-libra: Fix the memory map (git-fixes). - arm64: dts: qcom: msm8992: Do not use sfpb mutex (git-fixes). - arm64: efi: Execute runtime services from a dedicated stack (git-fixes). - ata: libata: Fix sata_down_spd_limit() when no link speed is reported (git-fixes). - ath11k: Fix unexpected return buffer manager error for QCA6390 (git-fixes). - bcache: fix set_at_max_writeback_rate() for multiple attached devices (git-fixes). - bfq: fix use-after-free in bfq_dispatch_request (git-fixes). - bfq: fix waker_bfqq inconsistency crash (git-fixes). - blk-throttle: prevent overflow while calculating wait time (git-fixes). - blk-wbt: fix that 'rwb->wc' is always set to 1 in wbt_init() (git-fixes). - blktrace: Fix output non-blktrace event when blk_classic option enabled (git-fixes). - block, bfq: do not move oom_bfqq (git-fixes). - block, bfq: fix null pointer dereference in bfq_bio_bfqg() (git-fixes). - block, bfq: fix possible uaf for 'bfqq->bic' (git-fixes). - block, bfq: fix uaf for bfqq in bfq_exit_icq_bfqq (git-fixes). - block, bfq: protect 'bfqd->queued' by 'bfqd->lock' (git-fixes). - block/bfq_wf2q: correct weight to ioprio (git-fixes). - block/bio: remove duplicate append pages code (git-fixes). - block: check minor range in device_add_disk() (git-fixes). - block: ensure iov_iter advances for added pages (git-fixes). - block: fix infinite loop for invalid zone append (git-fixes). - block: mq-deadline: Fix dd_finish_request() for zoned devices (git-fixes). - block: use bdev_get_queue() in bio.c (git-fixes). - bnx2x: fix pci device refcount leak in bnx2x_vf_is_pcie_pending() (git-fixes). - bnxt_en: Fix possible crash in bnxt_hwrm_set_coal() (git-fixes). - bnxt_en: Remove debugfs when pci_register_driver failed (git-fixes). - bnxt_en: add dynamic debug support for HWRM messages (git-fixes). - bnxt_en: fix potentially incorrect return value for ndo_rx_flow_steer (git-fixes). - bnxt_en: fix the handling of PCIE-AER (git-fixes). - bnxt_en: refactor bnxt_cancel_reservations() (git-fixes). - btrfs: add helper to delete a dir entry from a log tree (bsc#1207263). - btrfs: avoid inode logging during rename and link when possible (bsc#1207263). - btrfs: avoid logging all directory changes during renames (bsc#1207263). - btrfs: backport recent fixes for send/receive into SLE15 SP4/SP5 (bsc#1206036 bsc#1207500 ltc#201363). - btrfs: do not log unnecessary boundary keys when logging directory (bsc#1207263). - btrfs: fix assertion failure when logging directory key range item (bsc#1207263). - btrfs: fix processing of delayed data refs during backref walking (bsc#1206056 bsc#1207507 ltc#201367). - btrfs: fix processing of delayed tree block refs during backref walking (bsc#1206057 bsc#1207506 ltc#201368). - btrfs: fix race between quota enable and quota rescan ioctl (bsc#1207158). - btrfs: fix race between quota rescan and disable leading to NULL pointer deref (bsc#1207158). - btrfs: fix trace event name typo for FLUSH_DELAYED_REFS (git-fixes). - btrfs: join running log transaction when logging new name (bsc#1207263). - btrfs: move QUOTA_ENABLED check to rescan_should_stop from btrfs_qgroup_rescan_worker (bsc#1207158). - btrfs: pass the dentry to btrfs_log_new_name() instead of the inode (bsc#1207263). - btrfs: prepare extents to be logged before locking a log tree path (bsc#1207263). - btrfs: put initial index value of a directory in a constant (bsc#1207263). - btrfs: qgroup: remove duplicated check in adding qgroup relations (bsc#1207158). - btrfs: qgroup: remove outdated TODO comments (bsc#1207158). - btrfs: remove unnecessary NULL check for the new inode during rename exchange (bsc#1207263). - btrfs: remove useless path release in the fast fsync path (bsc#1207263). - btrfs: remove write and wait of struct walk_control (bsc#1207263). - btrfs: stop copying old dir items when logging a directory (bsc#1207263). - btrfs: stop doing unnecessary log updates during a rename (bsc#1207263). - btrfs: stop trying to log subdirectories created in past transactions (bsc#1207263). - btrfs: use single variable to track return value at btrfs_log_inode() (bsc#1207263). - bus: sunxi-rsb: Fix error handling in sunxi_rsb_init() (git-fixes). - can: j1939: fix errant WARN_ON_ONCE in j1939_session_deactivate (git-fixes). - cifs: Fix uninitialized memory read for smb311 posix symlink create (git-fixes). - cifs: avoid re-lookups in dfs_cache_find() (bsc#1193629). - cifs: do not include page data when checking signature (git-fixes). - cifs: do not query ifaces on smb1 mounts (git-fixes). - cifs: don't take exclusive lock for updating target hints (bsc#1193629). - cifs: fix double free on failed kerberos auth (git-fixes). - cifs: fix file info setting in cifs_open_file() (git-fixes). - cifs: fix file info setting in cifs_query_path_info() (git-fixes). - cifs: fix potential deadlock in cache_refresh_path() (git-fixes). - cifs: fix potential memory leaks in session setup (bsc#1193629). - cifs: fix race in assemble_neg_contexts() (bsc#1193629). - cifs: fix return of uninitialized rc in dfs_cache_update_tgthint() (bsc#1193629). - cifs: handle cache lookup errors different than -ENOENT (bsc#1193629). - cifs: ignore ipc reconnect failures during dfs failover (bsc#1193629). - cifs: protect access of TCP_Server_Info::{dstaddr,hostname} (bsc#1193629). - cifs: remove duplicate code in __refresh_tcon() (bsc#1193629). - cifs: remove redundant assignment to the variable match (bsc#1193629). - cifs: remove unused function (bsc#1193629). - comedi: adv_pci1760: Fix PWM instruction handling (git-fixes). - config: arm64: Fix Freescale LPUART dependency (boo#1204063). - cpufreq: Add Tegra234 to cpufreq-dt-platdev blocklist (git-fixes). - cpufreq: armada-37xx: stop using 0 as NULL pointer (git-fixes). - crypto: fixed DH and ECDH implemention for FIPS PCT (jsc#SLE-21132,bsc#1191256,bsc#1207184). - dm btree: add a defensive bounds check to insert_at() (git-fixes). - dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort (git-fixes). - dm cache: Fix UAF in destroy() (git-fixes). - dm cache: set needs_check flag after aborting metadata (git-fixes). - dm clone: Fix UAF in clone_dtr() (git-fixes). - dm integrity: Fix UAF in dm_integrity_dtr() (git-fixes). - dm integrity: clear the journal on suspend (git-fixes). - dm integrity: flush the journal on suspend (git-fixes). - dm ioctl: fix misbehavior if list_versions races with module loading (git-fixes). - dm ioctl: prevent potential spectre v1 gadget (git-fixes). - dm raid: fix address sanitizer warning in raid_resume (git-fixes). - dm raid: fix address sanitizer warning in raid_status (git-fixes). - dm space map common: add bounds check to sm_ll_lookup_bitmap() (git-fixes). - dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata (git-fixes). - dm thin: Fix UAF in run_timer_softirq() (git-fixes). - dm thin: Use last transaction's pmd->root when commit failed (git-fixes). - dm thin: resume even if in FAIL mode (git-fixes). - dm writecache: set a default MAX_WRITEBACK_JOBS (git-fixes). - dm: fix alloc_dax error handling in alloc_dev (git-fixes). - dm: requeue IO if mapping table not yet available (git-fixes). - dmaengine: Fix double increment of client_count in dma_chan_get() (git-fixes). - dmaengine: idxd: Do not call DMX TX callbacks during workqueue disable (git-fixes). - dmaengine: idxd: Let probe fail when workqueue cannot be enabled (git-fixes). - dmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init (git-fixes). - dmaengine: lgm: Move DT parsing after initialization (git-fixes). - dmaengine: tegra210-adma: fix global intr clear (git-fixes). - dmaengine: ti: k3-udma: Do conditional decrement of UDMA_CHAN_RT_PEER_BCNT_REG (git-fixes). - dmaengine: xilinx_dma: call of_node_put() when breaking out of for_each_child_of_node() (git-fixes). - docs: Fix the docs build with Sphinx 6.0 (git-fixes). - driver core: Fix test_async_probe_init saves device in wrong array (git-fixes). - drivers: net: xgene: disable napi when register irq failed in xgene_enet_open() (git-fixes). - drivers:md:fix a potential use-after-free bug (git-fixes). - drm/amd/display: Calculate output_color_space after pixel encoding adjustment (git-fixes). - drm/amd/display: Fix COLOR_SPACE_YCBCR2020_TYPE matrix (git-fixes). - drm/amd/display: Fix set scaling doesn's work (git-fixes). - drm/amd/display: Take emulated dc_sink into account for HDCP (bsc#1207734). - drm/amd/display: fix issues with driver unload (git-fixes). - drm/amdgpu: complete gfxoff allow signal during suspend without delay (git-fixes). - drm/amdgpu: disable runtime pm on several sienna cichlid cards(v2) (git-fixes). - drm/amdgpu: drop experimental flag on aldebaran (git-fixes). - drm/hyperv: Add error message for fb size greater than allocated (git-fixes). - drm/i915/adlp: Fix typo for reference clock (git-fixes). - drm/i915/display: Check source height is > 0 (git-fixes). - drm/i915/gt: Reset twice (git-fixes). - drm/i915/selftest: fix intel_selftest_modify_policy argument types (git-fixes). - drm/i915: Fix potential bit_17 double-free (git-fixes). - drm/i915: re-disable RC6p on Sandy Bridge (git-fixes). - drm/msm/adreno: Make adreno quirks not overwrite each other (git-fixes). - drm/msm/dp: do not complete dp_aux_cmd_fifo_tx() if irq is not for aux transfer (git-fixes). - drm/msm: another fix for the headless Adreno GPU (git-fixes). - drm/panfrost: fix GENERIC_ATOMIC64 dependency (git-fixes). - drm/vc4: hdmi: make CEC adapter name unique (git-fixes). - drm/virtio: Fix GEM handle creation UAF (git-fixes). - drm: Add orientation quirk for Lenovo ideapad D330-10IGL (git-fixes). - dt-bindings: msm/dsi: Do not require vcca-supply on 14nm PHY (git-fixes). - dt-bindings: msm/dsi: Do not require vdds-supply on 10nm PHY (git-fixes). - dt-bindings: msm: dsi-controller-main: Fix description of core clock (git-fixes). - dt-bindings: msm: dsi-controller-main: Fix operating-points-v2 constraint (git-fixes). - dt-bindings: msm: dsi-phy-28nm: Add missing qcom, dsi-phy-regulator-ldo-mode (git-fixes). - efi: fix potential NULL deref in efi_mem_reserve_persistent (git-fixes). - efi: fix userspace infinite retry read efivars after EFI runtime services page fault (git-fixes). - efi: rt-wrapper: Add missing include (git-fixes). - efi: tpm: Avoid READ_ONCE() for accessing the event log (git-fixes). - ext4: Fixup pages without buffers (bsc#1205495). - extcon: usbc-tusb320: fix kernel-doc warning (git-fixes). - fbcon: Check font dimension limits (git-fixes). - fbdev: omapfb: avoid stack overflow warning (git-fixes). - firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region (git-fixes). - firmware: arm_scmi: Harden shared memory access in fetch_notification (git-fixes). - firmware: arm_scmi: Harden shared memory access in fetch_response (git-fixes). - fpga: stratix10-soc: Fix return value check in s10_ops_write_init() (git-fixes). - fs: remove __sync_filesystem (git-fixes). - ftrace/x86: Add back ftrace_expected for ftrace bug reports (git-fixes). - ftrace: Clean comments related to FTRACE_OPS_FL_PER_CPU (git-fixes). - git_sort: add usb-linus branch for gregkh/usb - gsmi: fix null-deref in gsmi_get_variable (git-fixes). - hv_netvsc: Fix missed pagebuf entries in netvsc_dma_map/unmap() (git-fixes). - i2c: mv64xxx: Add atomic_xfer method to driver (git-fixes). - i2c: mv64xxx: Remove shutdown method from driver (git-fixes). - i40e: Disallow ip4 and ip6 l4_4_bytes (git-fixes). - i40e: Fix error handling in i40e_init_module() (git-fixes). - i40e: Fix not setting default xps_cpus after reset (git-fixes). - igb: Allocate MSI-X vector when testing (git-fixes). - iio: adc: berlin2-adc: Add missing of_node_put() in error path (git-fixes). - iio: adc: stm32-dfsdm: fill module aliases (git-fixes). - iio: hid: fix the retval in accel_3d_capture_sample (git-fixes). - iio: hid: fix the retval in gyro_3d_capture_sample (git-fixes). - iio: imu: fxos8700: fix ACCEL measurement range selection (git-fixes). - iio: imu: fxos8700: fix IMU data bits returned to user space (git-fixes). - iio: imu: fxos8700: fix MAGN sensor scale and unit (git-fixes). - iio: imu: fxos8700: fix failed initialization ODR mode assignment (git-fixes). - iio: imu: fxos8700: fix incomplete ACCEL and MAGN channels readback (git-fixes). - iio: imu: fxos8700: fix incorrect ODR mode readback (git-fixes). - iio: imu: fxos8700: fix map label of channel type to MAGN sensor (git-fixes). - iio: imu: fxos8700: fix swapped ACCEL and MAGN channels readback (git-fixes). - iio: imu: fxos8700: remove definition FXOS8700_CTRL_ODR_MIN (git-fixes). - iio:adc:twl6030: Enable measurement of VAC (git-fixes). - iio:adc:twl6030: Enable measurements of VUSB, VBAT and others (git-fixes). - ipmi:ssif: Add 60ms time internal between write retries (bsc#1206459). - ipmi:ssif: Increase the message retry time (bsc#1206459). - ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network (git-fixes). - ixgbevf: Fix resource leak in ixgbevf_init_module() (git-fixes). - jbd2: use the correct print format (git-fixes). - kABI workaround for struct acpi_ec (bsc#1207149). - kABI: Preserve TRACE_EVENT_FL values (git-fixes). - kabi/severities: add mlx5 internal symbols - l2tp: Do not sleep and disable BH under writer-side sk_callback_lock (git-fixes). - loop: Fix the max_loop commandline argument treatment when it is set to 0 (git-fixes). - md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (git-fixes). - md: Flush workqueue md_rdev_misc_wq in md_alloc() (git-fixes). - md: Notify sysfs sync_completed in md_reap_sync_thread() (git-fixes). - md: protect md_unregister_thread from reentrancy (git-fixes). - mei: me: add meteor lake point M DID (git-fixes). - memory: atmel-sdramc: Fix missing clk_disable_unprepare in atmel_ramc_probe() (git-fixes). - memory: mvebu-devbus: Fix missing clk_disable_unprepare in mvebu_devbus_probe() (git-fixes). - memory: tegra: Remove clients SID override programming (git-fixes). - misc: fastrpc: Do not remove map on creater_process and device_release (git-fixes). - misc: fastrpc: Fix use-after-free race condition for maps (git-fixes). - mm: /proc/pid/smaps_rollup: fix no vma's null-deref (bsc#1207769). - mm: compaction: kABI: avoid pglist_data kABI breakage (bsc#1207010). - mm: compaction: support triggering of proactive compaction by user (bsc#1207010). - mmc: sdhci-esdhc-imx: correct the tuning start tap and step setting (git-fixes). - mmc: sunxi-mmc: Fix clock refcount imbalance during unbind (git-fixes). - module: Do not wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662). - mt76: fix use-after-free by removing a non-RCU wcid pointer (git-fixes). - mt76: mt7921: avoid unnecessary spin_lock/spin_unlock in mt7921_mcu_tx_done_event (git-fixes). - nbd: Fix hung on disconnect request if socket is closed before (git-fixes). - nbd: Fix hung when signal interrupts nbd_start_device_ioctl() (git-fixes). - nbd: call genl_unregister_family() first in nbd_cleanup() (git-fixes). - nbd: fix io hung while disconnecting device (git-fixes). - nbd: fix race between nbd_alloc_config() and module removal (git-fixes). - net/mlx4: Check retval of mlx4_bitmap_init (git-fixes). - net/mlx5: Dynamically resize flow counters query buffer (bsc#1195175). - net/tg3: resolve deadlock in tg3_reset_task() during EEH (bsc#1207842). - net: cxgb3_main: disable napi when bind qsets failed in cxgb_up() (git-fixes). - net: ena: Fix error handling in ena_init() (git-fixes). - net: liquidio: release resources when liquidio driver open failed (git-fixes). - net: liquidio: simplify if expression (git-fixes). - net: macvlan: Use built-in RCU list checking (git-fixes). - net: macvlan: fix memory leaks of macvlan_common_newlink (git-fixes). - net: mdio: validate parameter addr in mdiobus_get_phy() (git-fixes). - net: nfc: Fix use-after-free in local_cleanup() (git-fixes). - net: phy: dp83822: Fix null pointer access on DP83825/DP83826 devices (git-fixes). - net: phy: meson-gxl: Add generic dummy stubs for MMD register access (git-fixes). - net: tun: Fix memory leaks of napi_get_frags (git-fixes). - net: tun: Fix use-after-free in tun_detach() (git-fixes). - net: tun: call napi_schedule_prep() to ensure we own a napi (git-fixes). - net: usb: cdc_ether: add support for Thales Cinterion PLS62-W modem (git-fixes). - net: usb: sr9700: Handle negative len (git-fixes). - net: wan: Add checks for NULL for utdm in undo_uhdlc_init and unmap_si_regs (git-fixes). - netrom: Fix use-after-free caused by accept on already connected socket (git-fixes). - netrom: Fix use-after-free of a listening socket (git-fixes). - nilfs2: fix general protection fault in nilfs_btree_insert() (git-fixes). - null_blk: fix ida error handling in null_add_dev() (git-fixes). - octeontx2-af: Fix reference count issue in rvu_sdp_init() (jsc#SLE-24682). - octeontx2-af: debugsfs: fix pci device refcount leak (git-fixes). - octeontx2-pf: Add check for devm_kcalloc (git-fixes). - octeontx2-pf: Fix potential memory leak in otx2_init_tc() (jsc#SLE-24682). - of/address: Return an error when no valid dma-ranges are found (git-fixes). - phy: Revert "phy: qualcomm: usb28nm: Add MDM9607 init sequence" (git-fixes). - phy: phy-can-transceiver: Skip warning if no "max-bitrate" (git-fixes). - phy: rockchip-inno-usb2: Fix missing clk_disable_unprepare() in rockchip_usb2phy_power_on() (git-fixes). - phy: ti: fix Kconfig warning and operator precedence (git-fixes). - pinctrl: amd: Add dynamic debugging for active GPIOs (git-fixes). - pinctrl: rockchip: fix mux route data for rk3568 (git-fixes). - platform/surface: aggregator: Add missing call to ssam_request_sync_free() (git-fixes). - platform/surface: aggregator: Ignore command messages not intended for us (git-fixes). - platform/x86: asus-nb-wmi: Add alternate mapping for KEY_SCREENLOCK (git-fixes). - platform/x86: dell-privacy: Fix SW_CAMERA_LENS_COVER reporting (git-fixes). - platform/x86: dell-privacy: Only register SW_CAMERA_LENS_COVER if present (git-fixes). - platform/x86: sony-laptop: Do not turn off 0x153 keyboard backlight during probe (git-fixes). - platform/x86: touchscreen_dmi: Add info for the CSL Panther Tab HD (git-fixes). - powerpc/64s/radix: Fix RWX mapping with relocated kernel (bsc#1194869). - powerpc/64s/radix: Fix crash with unaligned relocated kernel (bsc#1194869). - powerpc/64s: Fix local irq disable when PMIs are disabled (bsc#1195655 ltc#1195655 git-fixes). - powerpc/kexec_file: Count hot-pluggable memory in FDT estimate (bsc#1194869). - powerpc/kexec_file: Fix division by zero in extra size estimation (bsc#1194869). - powerpc/rtas: avoid device tree lookups in rtas_os_term() (bsc#1065729). - powerpc/rtas: avoid scheduling in rtas_os_term() (bsc#1065729). - powerpc/vmlinux.lds: Add an explicit symbol for the SRWX boundary (bsc#1194869). - powerpc/vmlinux.lds: Ensure STRICT_ALIGN_SIZE is at least page aligned (bsc#1194869). - powerpc: move __end_rodata to cover arch read-only sections (bsc#1194869). - qlcnic: fix sleep-in-atomic-context bugs caused by msleep (git-fixes). - r8152: add vendor/device ID pair for Microsoft Devkit (git-fixes). - r8169: move rtl_wol_enable_rx() and rtl_prepare_power_down() (git-fixes). - regulator: da9211: Use irq handler when ready (git-fixes). - rpm/mkspec-dtb: add riscv64 dtb-renesas subpackage - s390/qeth: fix various format strings (git-fixes). - sched/core: Fix arch_scale_freq_tick() on tickless systems (git-fixes) - sched/core: Introduce sched_asym_cpucap_active() (git-fixes) - sched/cpuset: Fix dl_cpu_busy() panic due to empty (git-fixes) - sched/deadline: Merge dl_task_can_attach() and dl_cpu_busy() (git-fixes) - sched/tracing: Report TASK_RTLOCK_WAIT tasks as (git-fixes) - sched/uclamp: Make asym_fits_capacity() use util_fits_cpu() (git-fixes) - sched: Avoid double preemption in __cond_resched_*lock*() (git-fixes) - scsi: Revert "scsi: core: map PQ=1, PDT=other values to SCSI_SCAN_TARGET_PRESENT" (git-fixes). - scsi: core: Fix a race between scsi_done() and scsi_timeout() (git-fixes). - scsi: efct: Fix possible memleak in efct_device_init() (git-fixes). - scsi: elx: libefc: Fix second parameter type in state callbacks (git-fixes). - scsi: fcoe: Fix possible name leak when device_register() fails (git-fixes). - scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails (git-fixes). - scsi: hpsa: Fix allocation size for scsi_host_alloc() (git-fixes). - scsi: hpsa: Fix error handling in hpsa_add_sas_host() (git-fixes). - scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device() (git-fixes). - scsi: hpsa: Fix possible memory leak in hpsa_init_one() (git-fixes). - scsi: ipr: Fix WARNING in ipr_init() (git-fixes). - scsi: mpi3mr: Refer CONFIG_SCSI_MPI3MR in Makefile (git-fixes). - scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add() (git-fixes). - scsi: mpt3sas: Remove scsi_dma_map() error messages (git-fixes). - scsi: scsi_debug: Fix a warning in resp_report_zones() (git-fixes). - scsi: scsi_debug: Fix a warning in resp_verify() (git-fixes). - scsi: scsi_debug: Fix a warning in resp_write_scat() (git-fixes). - scsi: scsi_debug: Fix possible name leak in sdebug_add_host_helper() (git-fixes). - scsi: snic: Fix possible UAF in snic_tgt_create() (git-fixes). - scsi: storvsc: Correct reporting of Hyper-V I/O size limits (git-fixes). - scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM (bsc#1206006). - scsi: tracing: Fix compile error in trace_array calls when TRACING is disabled (git-fixes). - scsi: ufs: Stop using the clock scaling lock in the error handler (git-fixes). - scsi: ufs: core: Enable link lost interrupt (git-fixes). - sctp: fail if no bound addresses can be used for a given scope (bsc#1206677). - selftests/vm: remove ARRAY_SIZE define from individual tests (git-fixes). - selftests: Provide local define of __cpuid_count() (git-fixes). - serial: 8250_dma: Fix DMA Rx rearm race (git-fixes). - serial: atmel: fix incorrect baudrate setup (git-fixes). - serial: pch_uart: Pass correct sg to dma_unmap_sg() (git-fixes). - sfc: fix potential memleak in __ef100_hard_start_xmit() (git-fixes). - soc: imx8m: Fix incorrect check for of_clk_get_by_name() (git-fixes). - spi: spidev: remove debug messages that access spidev->spi without locking (git-fixes). - staging: mt7621-dts: change some node hex addresses to lower case (git-fixes). - staging: vchiq_arm: fix enum vchiq_status return types (git-fixes). - swim3: add missing major.h include (git-fixes). - tcp: prohibit TCP_REPAIR_OPTIONS if data was already sent (git-fixes). - thermal/core: Remove duplicate information when an error occurs (git-fixes). - thunderbolt: Do not call PM runtime functions in tb_retimer_scan() (git-fixes). - thunderbolt: Do not report errors if on-board retimers are found (git-fixes). - thunderbolt: Use correct function to calculate maximum USB3 link rate (git-fixes). - tick/nohz: Use WARN_ON_ONCE() to prevent console saturation. - tick/sched: Fix non-kernel-doc comment (git-fixes). - tomoyo: fix broken dependency on *.conf.default (git-fixes). - tools: fix ARRAY_SIZE defines in tools and selftests hdrs (git-fixes). - tracing/hist: Fix issue of losting command info in error_log (git-fixes). - tracing/hist: Fix out-of-bound write on 'action_data.var_ref_idx' (git-fixes). - tracing/hist: Fix wrong return value in parse_action_params() (git-fixes). - tracing/osnoise: Make osnoise_main to sleep for microseconds (git-fixes). - tracing/perf: Avoid -Warray-bounds warning for __rel_loc macro (git-fixes). - tracing/probes: Handle system names with hyphens (git-fixes). - tracing: Add '__rel_loc' using trace event macros (git-fixes). - tracing: Add DYNAMIC flag for dynamic events (git-fixes). - tracing: Add trace_event helper macros __string_len() and __assign_str_len() (git-fixes). - tracing: Avoid -Warray-bounds warning for __rel_loc macro (git-fixes). - tracing: Do not use out-of-sync va_list in event printing (git-fixes). - tracing: Ensure trace buffer is at least 4096 bytes large (git-fixes). - tracing: Fix a kmemleak false positive in tracing_map (git-fixes). - tracing: Fix complicated dependency of CONFIG_TRACER_MAX_TRACE (git-fixes). - tracing: Fix infinite loop in tracing_read_pipe on overflowed print_trace_line (git-fixes). - tracing: Fix issue of missing one synthetic field (git-fixes). - tracing: Fix mismatched comment in __string_len (git-fixes). - tracing: Fix possible memory leak in __create_synth_event() error path (git-fixes). - tracing: Fix race where histograms can be called before the event (git-fixes). - tracing: Fix sleeping function called from invalid context on RT kernel (git-fixes). - tracing: Fix tp_printk option related with tp_printk_stop_on_boot (git-fixes). - tracing: Fix warning on variable 'struct trace_array' (git-fixes). - tracing: Have TRACE_DEFINE_ENUM affect trace event types as well (git-fixes). - tracing: Have syscall trace events use trace_event_buffer_lock_reserve() (git-fixes). - tracing: Have type enum modifications copy the strings (git-fixes). - tracing: Make tp_printk work on syscall tracepoints (git-fixes). - tracing: Use alignof__(struct {type b;}) instead of offsetof() (git-fixes). - tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate (git-fixes). - tty: fix possible null-ptr-defer in spk_ttyio_release (git-fixes). - tty: serial: qcom-geni-serial: fix slab-out-of-bounds on RX FIFO buffer (git-fixes). - usb-storage: apply IGNORE_UAS only for HIKSEMI MD202 on RTL9210 (git-fixes). - usb: acpi: add helper to check port lpm capability using acpi _DSM (git-fixes). - usb: cdns3: remove fetched trb from cache before dequeuing (git-fixes). - usb: core: hub: disable autosuspend for TI TUSB8041 (git-fixes). - usb: dwc3: qcom: enable vbus override when in OTG dr-mode (git-fixes). - usb: fotg210-udc: Fix ages old endianness issues (git-fixes). - usb: gadget: f_fs: Ensure ep0req is dequeued before free_request (git-fixes). - usb: gadget: f_fs: Fix unbalanced spinlock in __ffs_ep0_queue_wait (git-fixes). - usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait (git-fixes). - usb: gadget: f_hid: fix f_hidg lifetime vs cdev (git-fixes). - usb: gadget: f_hid: fix refcount leak on error path (git-fixes). - usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate() (git-fixes). - usb: gadget: f_uac2: Fix incorrect increment of bNumEndpoints (git-fixes). - usb: gadget: g_webcam: Send color matching descriptor per frame (git-fixes). - usb: gadget: udc: core: Print error code in usb_gadget_probe_driver() (git-fixes). - usb: gadget: udc: core: Revise comments for USB ep enable/disable (git-fixes). - usb: gadget: udc: core: Use pr_fmt() to prefix messages (git-fixes). - usb: gadget: udc: core: remove usage of list iterator past the loop body (git-fixes). - usb: host: ehci-fsl: Fix module alias (git-fixes). - usb: typec: altmodes/displayport: Add pin assignment helper (git-fixes). - usb: typec: altmodes/displayport: Fix pin assignment calculation (git-fixes). - usb: typec: tcpm: Fix altmode re-registration causes sysfs create fail (git-fixes). - usb: xhci: Check endpoint is valid before dereferencing it (git-fixes). - vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF (git-fixes). - vfs: make sync_filesystem return errors from ->sync_fs (git-fixes). - virtio-blk: modify the value type of num in virtio_queue_rq() (git-fixes). - virtio-net: correctly enable callback during start_xmit (git-fixes). - virtio_pci: modify ENOENT to EINVAL (git-fixes). - w1: fix WARNING after calling w1_process() (git-fixes). - w1: fix deadloop in __w1_remove_master_device() (git-fixes). - wait: Fix __wait_event_hrtimeout for RT/DL tasks (git-fixes) - watchdog: diag288_wdt: do not use stack buffers for hardware data (bsc#1207497). - watchdog: diag288_wdt: fix __diag288() inline assembly (bsc#1207497). - wifi: brcmfmac: fix regression for Broadcom PCIe wifi devices (git-fixes). - wifi: mac80211: sdata can be NULL during AMPDU start (git-fixes). - wifi: mt76: mt7921: add mt7921_mutex_acquire at mt7921_sta_set_decap_offload (git-fixes). - wifi: mt76: mt7921e: fix race issue between reset and suspend/resume (git-fixes). - wifi: mt76: sdio: fix the deadlock caused by sdio->stat_work (git-fixes). - wifi: mt76: sdio: poll sta stat when device transmits data (git-fixes). - wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid (git-fixes). - x86/hyperv: Remove unregister syscore call from Hyper-V cleanup (git-fixes). - x86/hyperv: Restore VP assist page after cpu offlining/onlining (git-fixes). - xfs: Fix unreferenced object reported by kmemleak in xfs_sysfs_init() (git-fixes). - xfs: fix incorrect error-out in xfs_remove (git-fixes). - xfs: fix incorrect i_nlink caused by inode racing (git-fixes). - xfs: fix maxlevels comparisons in the btree staging code (git-fixes). - xfs: fix memory leak in xfs_errortag_init (git-fixes). - xfs: get rid of assert from xfs_btree_islastblock (git-fixes). - xfs: get root inode correctly at bulkstat (git-fixes). - xfs: initialize the check_owner object fully (git-fixes). - xfs: prevent a WARN_ONCE() in xfs_ioc_attr_list() (git-fixes). - xfs: reject crazy array sizes being fed to XFS_IOC_GETBMAP* (git-fixes). - xfs: return errors in xfs_fs_sync_fs (git-fixes). - xfs: xfstest fails with error missing kernel patch (git-fixes bsc#1207501 ltc#201370). - xhci-pci: set the dma max_seg_size (git-fixes). - xhci: Fix null pointer dereference when host dies (git-fixes). - zram: Delete patch for regression addressed (bsc#1207933). - zram: do not lookup algorithm in backends table (git-fixes). kernel-default-5.14.21-150400.24.46.1.nosrc.rpm True kernel-default-5.14.21-150400.24.46.1.x86_64.rpm True kernel-default-base-5.14.21-150400.24.46.1.150400.24.17.3.src.rpm True kernel-default-base-5.14.21-150400.24.46.1.150400.24.17.3.x86_64.rpm True kernel-default-devel-5.14.21-150400.24.46.1.x86_64.rpm True kernel-devel-5.14.21-150400.24.46.1.noarch.rpm True kernel-macros-5.14.21-150400.24.46.1.noarch.rpm True kernel-source-5.14.21-150400.24.46.1.src.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2023-491 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for yast2-network fixes the following issues: - Fix the return of packages needed by the selected backend when running an autoinstallation (bsc#1207221) - Report a warning message for issues detected when the NETMASK or PREFIXLEN are invalid and allow the user to stop or to continue with the broken configuration (bsc#1206551) yast2-network-4.4.55-150400.3.15.1.noarch.rpm yast2-network-4.4.55-150400.3.15.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-702 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for patterns-wsl fixes the following issues: - Add support for a subset of systemd on WSL (jsc#PED-3213) patterns-wsl-20221221-150400.3.8.1.src.rpm patterns-wsl-base-20221221-150400.3.8.1.noarch.rpm patterns-wsl-gui-20221221-150400.3.8.1.noarch.rpm patterns-wsl-systemd-20221221-150400.3.8.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-348 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for less fixes the following issues: - CVE-2022-46663: Fixed denial-of-service by printing specially crafted escape sequences to the terminal (bsc#1207815). less-590-150400.3.3.1.src.rpm less-590-150400.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-785 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for grub2 fixes the following issues: - Remove zfs modules (bsc#1205554) - Make grub.cfg invariant to efi and legacy platforms (bsc#1205200) grub2-2.06-150400.11.23.2.src.rpm grub2-2.06-150400.11.23.2.x86_64.rpm grub2-i386-pc-2.06-150400.11.23.2.noarch.rpm grub2-snapper-plugin-2.06-150400.11.23.2.noarch.rpm grub2-systemd-sleep-plugin-2.06-150400.11.23.2.noarch.rpm grub2-x86_64-efi-2.06-150400.11.23.2.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-349 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for hwinfo fixes the following issues: - Create Xen usb controller device if necessary. (bsc#1204294) hwinfo-21.84-150400.3.9.1.src.rpm hwinfo-21.84-150400.3.9.1.x86_64.rpm hwinfo-devel-21.84-150400.3.9.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-752 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for java-11-openjdk fixes the following issues: - CVE-2023-21843: Fixed soundbank URL remote loading (bsc#1207248). - CVE-2023-21835: Fixed handshake DoS attack against DTLS connections (bsc#1207246). Bugfixes: - Remove broken accessibility sub-package (bsc#1206549). java-11-openjdk-11.0.18.0-150000.3.93.1.src.rpm java-11-openjdk-11.0.18.0-150000.3.93.1.x86_64.rpm java-11-openjdk-demo-11.0.18.0-150000.3.93.1.x86_64.rpm java-11-openjdk-devel-11.0.18.0-150000.3.93.1.x86_64.rpm java-11-openjdk-headless-11.0.18.0-150000.3.93.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-569 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for postgresql15 fixes the following issues: Update to 15.2: - CVE-2022-41862: Fixed memory leak in libpq (bsc#1208102). libpq5-15.2-150200.5.6.1.x86_64.rpm postgresql15-15.2-150200.5.6.1.src.rpm postgresql15-15.2-150200.5.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-486 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for c-ares fixes the following issues: Updated to version 1.19.0: - CVE-2022-4904: Fixed missing string length check in config_sortlist() (bsc#1208067). c-ares-1.19.0-150000.3.20.1.src.rpm c-ares-devel-1.19.0-150000.3.20.1.x86_64.rpm libcares2-1.19.0-150000.3.20.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-457 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for scap-security-guide fixes the following issues: scap-security-guide was updated to 0.1.66 (jsc#ECO-3319) - Ubuntu 22.04 CIS - OL7 stig v2r9 update - Bump OL8 STIG version to V1R4 - Update RHEL7 STIG to V3R10 - Update RHEL8 STIG to V1R9 - Introduce CIS RHEL9 profiles - also various SUSE profile fixes were done scap-security-guide-0.1.66-150000.1.56.1.noarch.rpm scap-security-guide-0.1.66-150000.1.56.1.src.rpm scap-security-guide-debian-0.1.66-150000.1.56.1.noarch.rpm scap-security-guide-redhat-0.1.66-150000.1.56.1.noarch.rpm scap-security-guide-ubuntu-0.1.66-150000.1.56.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-713 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for suse-build-key fixes the following issues: This update provides multiple new 4096 RSA keys for SUSE Linux Enterprise 15, SUSE Manager 4.2/4.3, Storage 7.1, SUSE Registry) that we will switch to mid of 2023. (jsc#PED-2777) - gpg-pubkey-3fa1d6ce-63c9481c.asc: new 4096 RSA signing key for SUSE Linux Enterprise (RPM and repositories). - gpg-pubkey-d588dc46-63c939db.asc: new 4096 RSA reserve key for SUSE Linux Enterprise (RPM and repositories). - suse_ptf_key_4096.asc: new 4096 RSA signing key for PTF packages. - build-container-8fd6c337-63c94b45.asc/build-container-8fd6c337-63c94b45.pem: New RSA 4096 key for the SUSE registry registry.suse.com, installed as suse-container-key-2023.pem and suse-container-key-2023.asc - suse_ptf_containerkey_2023.asc suse_ptf_containerkey_2023.pem: New PTF container signing key for registry.suse.com/ptf/ space. suse-build-key-12.0-150000.8.31.1.noarch.rpm suse-build-key-12.0-150000.8.31.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-429 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for curl fixes the following issues: - CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990). - CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). curl-7.79.1-150400.5.15.1.src.rpm curl-7.79.1-150400.5.15.1.x86_64.rpm libcurl-devel-7.79.1-150400.5.15.1.x86_64.rpm libcurl4-32bit-7.79.1-150400.5.15.1.x86_64.rpm libcurl4-7.79.1-150400.5.15.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-622 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for tcl fixes the following issues: - Fix string compare -length on big endian and improve string equal on little endian. (bsc#1206623) tcl-8.6.12-150300.14.9.1.src.rpm tcl-8.6.12-150300.14.9.1.x86_64.rpm tcl-devel-8.6.12-150300.14.9.1.x86_64.rpm tcl-32bit-8.6.12-150300.14.9.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-623 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for xscreensaver fixes the following issues: - Let XScreenSaver search for its configuration in the right default path. (bsc#1199742) xscreensaver-6.03-150400.3.3.1.src.rpm xscreensaver-6.03-150400.3.3.1.x86_64.rpm xscreensaver-data-6.03-150400.3.3.1.x86_64.rpm xscreensaver-lang-6.03-150400.3.3.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-434 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for mozilla-nss fixes the following issues: Updated to NSS 3.79.4 (bsc#1208138): - CVE-2023-0767: Fixed handling of unknown PKCS#12 safe bag types. libfreebl3-3.79.4-150400.3.26.1.x86_64.rpm libfreebl3-32bit-3.79.4-150400.3.26.1.x86_64.rpm libfreebl3-hmac-3.79.4-150400.3.26.1.x86_64.rpm libsoftokn3-3.79.4-150400.3.26.1.x86_64.rpm libsoftokn3-32bit-3.79.4-150400.3.26.1.x86_64.rpm libsoftokn3-hmac-3.79.4-150400.3.26.1.x86_64.rpm libsoftokn3-hmac-32bit-3.79.4-150400.3.26.1.x86_64.rpm mozilla-nss-3.79.4-150400.3.26.1.src.rpm mozilla-nss-3.79.4-150400.3.26.1.x86_64.rpm mozilla-nss-32bit-3.79.4-150400.3.26.1.x86_64.rpm mozilla-nss-certs-3.79.4-150400.3.26.1.x86_64.rpm mozilla-nss-devel-3.79.4-150400.3.26.1.x86_64.rpm mozilla-nss-sysinit-3.79.4-150400.3.26.1.x86_64.rpm mozilla-nss-tools-3.79.4-150400.3.26.1.x86_64.rpm libfreebl3-hmac-32bit-3.79.4-150400.3.26.1.x86_64.rpm mozilla-nss-certs-32bit-3.79.4-150400.3.26.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-754 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for pam_saslauthd fixes the following issues: - Improve pam_saslauthd default configuration for openldap migration (bsc#1206563) pam_saslauthd-0.1.0~3-150400.9.9.1.src.rpm pam_saslauthd-0.1.0~3-150400.9.9.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-1732 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for google-noto-sans-cjk-fonts fixes the following issues: - Solved a "Fails to Build From Source" (FTBFS) issue. (bsc#1203741) - Use '%license' to store OFL license text instead of '%doc' google-noto-sans-cjk-fonts-20170403-150200.10.3.1.src.rpm noto-sans-cjk-fonts-20170403-150200.10.3.1.noarch.rpm noto-sans-jp-black-fonts-20170403-150200.10.3.1.noarch.rpm noto-sans-jp-bold-fonts-20170403-150200.10.3.1.noarch.rpm noto-sans-jp-demilight-fonts-20170403-150200.10.3.1.noarch.rpm noto-sans-jp-fonts-20170403-150200.10.3.1.noarch.rpm noto-sans-jp-fonts-full-20170403-150200.10.3.1.noarch.rpm noto-sans-jp-light-fonts-20170403-150200.10.3.1.noarch.rpm noto-sans-jp-medium-fonts-20170403-150200.10.3.1.noarch.rpm noto-sans-jp-mono-fonts-20170403-150200.10.3.1.noarch.rpm noto-sans-jp-regular-fonts-20170403-150200.10.3.1.noarch.rpm noto-sans-jp-thin-fonts-20170403-150200.10.3.1.noarch.rpm noto-sans-kr-black-fonts-20170403-150200.10.3.1.noarch.rpm noto-sans-kr-bold-fonts-20170403-150200.10.3.1.noarch.rpm noto-sans-kr-demilight-fonts-20170403-150200.10.3.1.noarch.rpm noto-sans-kr-fonts-20170403-150200.10.3.1.noarch.rpm noto-sans-kr-fonts-full-20170403-150200.10.3.1.noarch.rpm noto-sans-kr-light-fonts-20170403-150200.10.3.1.noarch.rpm noto-sans-kr-medium-fonts-20170403-150200.10.3.1.noarch.rpm noto-sans-kr-mono-fonts-20170403-150200.10.3.1.noarch.rpm noto-sans-kr-regular-fonts-20170403-150200.10.3.1.noarch.rpm noto-sans-kr-thin-fonts-20170403-150200.10.3.1.noarch.rpm noto-sans-sc-black-fonts-20170403-150200.10.3.1.noarch.rpm noto-sans-sc-bold-fonts-20170403-150200.10.3.1.noarch.rpm noto-sans-sc-demilight-fonts-20170403-150200.10.3.1.noarch.rpm noto-sans-sc-fonts-20170403-150200.10.3.1.noarch.rpm noto-sans-sc-fonts-full-20170403-150200.10.3.1.noarch.rpm noto-sans-sc-light-fonts-20170403-150200.10.3.1.noarch.rpm noto-sans-sc-medium-fonts-20170403-150200.10.3.1.noarch.rpm noto-sans-sc-mono-fonts-20170403-150200.10.3.1.noarch.rpm noto-sans-sc-regular-fonts-20170403-150200.10.3.1.noarch.rpm noto-sans-sc-thin-fonts-20170403-150200.10.3.1.noarch.rpm noto-sans-tc-black-fonts-20170403-150200.10.3.1.noarch.rpm noto-sans-tc-bold-fonts-20170403-150200.10.3.1.noarch.rpm noto-sans-tc-demilight-fonts-20170403-150200.10.3.1.noarch.rpm noto-sans-tc-fonts-20170403-150200.10.3.1.noarch.rpm noto-sans-tc-fonts-full-20170403-150200.10.3.1.noarch.rpm noto-sans-tc-light-fonts-20170403-150200.10.3.1.noarch.rpm noto-sans-tc-medium-fonts-20170403-150200.10.3.1.noarch.rpm noto-sans-tc-mono-fonts-20170403-150200.10.3.1.noarch.rpm noto-sans-tc-regular-fonts-20170403-150200.10.3.1.noarch.rpm noto-sans-tc-thin-fonts-20170403-150200.10.3.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-432 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for graphite2 fixes the following issue: - Correct license string to LGPL-2.1-or-later OR MPL-2.0 OR GPL-2.0-or-later (bsc#1207676) graphite2-1.3.11-150000.4.3.1.src.rpm graphite2-devel-1.3.11-150000.4.3.1.x86_64.rpm libgraphite2-3-1.3.11-150000.4.3.1.x86_64.rpm libgraphite2-3-32bit-1.3.11-150000.4.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-430 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for git fixes the following issues: - CVE-2023-22490: Fixed incorrectly usable local clone optimization even when using a non-local transport (bsc#1208027). - CVE-2023-23946: Fixed issue where a path outside the working tree can be overwritten as the user who is running "git apply" (bsc#1208028). git-2.35.3-150300.10.24.1.src.rpm git-core-2.35.3-150300.10.24.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-435 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for java-17-openjdk fixes the following issues: Updated to version jdk-17.0.6.0+10: - CVE-2023-21835: Fixed handshake DoS attack against DTLS connections (bsc#1207246). - CVE-2023-21843: Fixed soundbank URL remote loading (bsc#1207248). Bugfixes: - Avoid calling C_GetInfo() too early, before cryptoki is initialized (bsc#1205916). java-17-openjdk-17.0.6.0-150400.3.12.1.src.rpm java-17-openjdk-17.0.6.0-150400.3.12.1.x86_64.rpm java-17-openjdk-demo-17.0.6.0-150400.3.12.1.x86_64.rpm java-17-openjdk-devel-17.0.6.0-150400.3.12.1.x86_64.rpm java-17-openjdk-headless-17.0.6.0-150400.3.12.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-789 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for lapack fixes the following issues: Version update from 3.5.0 to 3.9.0 (jsc#PED-3628): - As a configurable option, add tmglib code to the LAPACK library and enable TMG in LAPACKE as the header files provide its API (bsc#1207989, bsc#1087426) - Build deprecated functions to avoid breaking the ABI (bsc#1207989) - Make library links in the alternatives directory architecture dependent. This avoids conflicts when both 32-bit and 64-bit versions are installed (bsc#1207563) - Fix conflicts with openblas (bsc#1207358) - Fix build failures with GCC 10 (bsc#1166619) - For the full list of changes and features implemented by this update please consult the release notes at: * https://netlib.org/lapack/lapack-3.9.0.html * https://netlib.org/lapack/lapack-3.8.0.html * https://netlib.org/lapack/lapack-3.7.0.html * https://netlib.org/lapack/lapack-3.6.0.html blas-devel-3.9.0-150000.4.13.2.x86_64.rpm lapack-3.9.0-150000.4.13.2.src.rpm lapack-devel-3.9.0-150000.4.13.2.x86_64.rpm libblas3-3.9.0-150000.4.13.2.x86_64.rpm liblapack3-3.9.0-150000.4.13.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-756 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libappindicator fixes the following issues: - Provide compatibility symbol required by Slack RPM package (bsc#1207112) libappindicator3-1-12.10.1+bzr20170215-150200.3.3.1.x86_64.rpm libappindicator3-12.10.1+bzr20170215-150200.3.3.1.src.rpm typelib-1_0-AppIndicator3-0_1-12.10.1+bzr20170215-150200.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-1618 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for tgt fixes the following issues: - update to 1.0.85 - Packaging cleanup and fixes. (bsc#1206639) - Remove duplicate includes. - Fix blank documentation line in service file. - Target bound initiator-name but client cannot discovery the target device. - Fix FMK and other flags. - README fixes. - Add LICENSE file. - Replace sourceforge with github. tgt-1.0.85-150400.3.3.1.src.rpm tgt-1.0.85-150400.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-464 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for systemd fixes the following issues: - Merge of v249.15 - Drop workaround related to systemd-timesyncd that addressed a Factory issue. - Conditionalize the use of /lib/modprobe.d only on systems with split usr support enabled (i.e. SLE). - Make use of the %systemd_* rpm macros consistently. Using the upstream variants will ease the backports of Factory changes to SLE since Factory systemd uses the upstream variants exclusively. - machines.target belongs to systemd-container, do its init/cleanup steps from the scriptlets of this sub-package. - Make sure we apply the presets on units shipped by systemd package. - systemd-testsuite: move the integration tests in a dedicated sub directory. - Move systemd-cryptenroll into udev package. libsystemd0-249.15-150400.8.22.1.x86_64.rpm True libsystemd0-32bit-249.15-150400.8.22.1.x86_64.rpm True libudev1-249.15-150400.8.22.1.x86_64.rpm True libudev1-32bit-249.15-150400.8.22.1.x86_64.rpm True systemd-249.15-150400.8.22.1.src.rpm True systemd-249.15-150400.8.22.1.x86_64.rpm True systemd-container-249.15-150400.8.22.1.x86_64.rpm True systemd-coredump-249.15-150400.8.22.1.x86_64.rpm True systemd-devel-249.15-150400.8.22.1.x86_64.rpm True systemd-doc-249.15-150400.8.22.1.x86_64.rpm True systemd-lang-249.15-150400.8.22.1.noarch.rpm True systemd-sysvinit-249.15-150400.8.22.1.x86_64.rpm True udev-249.15-150400.8.22.1.x86_64.rpm True systemd-32bit-249.15-150400.8.22.1.x86_64.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2023-1753 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for systemd-presets-common-SUSE fixes the following issue: - Enable systemd-pstore.service by default (jsc#PED-2663) systemd-presets-common-SUSE-15-150100.8.20.1.noarch.rpm systemd-presets-common-SUSE-15-150100.8.20.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-463 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for tar fixes the following issues: - CVE-2022-48303: Fixed a one-byte out-of-bounds read that resulted in use of uninitialized memory for a conditional jump (bsc#1207753). Bug fixes: - Fix hang when unpacking test tarball (bsc#1202436). tar-1.34-150000.3.31.1.src.rpm tar-1.34-150000.3.31.1.x86_64.rpm tar-lang-1.34-150000.3.31.1.noarch.rpm tar-rmt-1.34-150000.3.31.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-1671 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for pkcs11-helper fixes the following issues: - Fix a problem with inconsistent padding between OpenSSL and pkcs11-helper (bsc#1175219) libpkcs11-helper1-1.25.1-150100.3.3.1.x86_64.rpm pkcs11-helper-1.25.1-150100.3.3.1.src.rpm pkcs11-helper-1.25.1-150100.3.3.1.x86_64.rpm pkcs11-helper-devel-1.25.1-150100.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-568 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20230214 release. Security issues fixed: - CVE-2022-38090: Security updates for [INTEL-SA-00767](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00767.html) (bsc#1208275) - CVE-2022-33196: Security updates for [INTEL-SA-00738](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00738.html) (bsc#1208276) - CVE-2022-21216: Security updates for [INTEL-SA-00700](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00700.html) (bsc#1208277) - New Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | SPR-SP | E2 | 06-8f-05/87 | | 2b000181 | Xeon Scalable Gen4 | SPR-SP | E3 | 06-8f-06/87 | | 2b000181 | Xeon Scalable Gen4 | SPR-SP | E4 | 06-8f-07/87 | | 2b000181 | Xeon Scalable Gen4 | SPR-SP | E5 | 06-8f-08/87 | | 2b000181 | Xeon Scalable Gen4 | SPR-HBM | B3 | 06-8f-08/10 | | 2c000170 | Xeon Max | RPL-P 6+8 | J0 | 06-ba-02/07 | | 0000410e | Core Gen13 | RPL-H 6+8 | J0 | 06-ba-02/07 | | 0000410e | Core Gen13 | RPL-U 2+8 | Q0 | 06-ba-02/07 | | 0000410e | Core Gen13 - Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ADL | C0 | 06-97-02/07 | 00000026 | 0000002c | Core Gen12 | ADL | C0 | 06-97-05/07 | 00000026 | 0000002c | Core Gen12 | ADL | C0 | 06-bf-02/07 | 00000026 | 0000002c | Core Gen12 | ADL | C0 | 06-bf-05/07 | 00000026 | 0000002c | Core Gen12 | ADL | L0 | 06-9a-03/80 | 00000424 | 00000429 | Core Gen12 | ADL | L0 | 06-9a-04/80 | 00000424 | 00000429 | Core Gen12 | CLX-SP | B0 | 06-55-06/bf | 04003302 | 04003303 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05003302 | 05003303 | Xeon Scalable Gen2 | CPX-SP | A1 | 06-55-0b/bf | 07002501 | 07002503 | Xeon Scalable Gen3 | GLK | B0 | 06-7a-01/01 | 0000003c | 0000003e | Pentium Silver N/J5xxx, Celeron N/J4xxx | GLK-R | R0 | 06-7a-08/01 | 00000020 | 00000022 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | ICL-D | B0 | 06-6c-01/10 | 01000201 | 01000211 | Xeon D-17xx, D-27xx | ICL-U/Y | D1 | 06-7e-05/80 | 000000b6 | 000000b8 | Core Gen10 Mobile | ICX-SP | D0 | 06-6a-06/87 | 0d000375 | 0d000389 | Xeon Scalable Gen3 | JSL | A0/A1 | 06-9c-00/01 | 24000023 | 24000024 | Pentium N6000/N6005, Celeron N4500/N4505/N5100/N5105 | LKF | B2/B3 | 06-8a-01/10 | 00000031 | 00000032 | Core w/Hybrid Technology | RKL-S | B0 | 06-a7-01/02 | 00000056 | 00000057 | Core Gen11 | RPL-S | S0 | 06-b7-01/32 | 0000010e | 00000112 | Core Gen13 | SKX-SP | B1 | 06-55-03/97 | 0100015e | 01000161 | Xeon Scalable ucode-intel-20230214-150200.21.1.src.rpm ucode-intel-20230214-150200.21.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-1586 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for nfs-utils fixes the following issues: - Rename all drop-in options.conf files as 10-options.conf This makes it easier for other packages to over-ride with a drop-in with a later sequence number (bsc#1207843) - Avoid modprobe errors when sysctl is not installed (bsc#1200710 bsc#1207022 bsc#1206781) - Add "-S scope" option to rpc.nfsd to simplify fail-over cluster configuration (bsc#1203746) nfs-client-2.1.1-150100.10.32.1.x86_64.rpm nfs-doc-2.1.1-150100.10.32.1.x86_64.rpm nfs-kernel-server-2.1.1-150100.10.32.1.x86_64.rpm nfs-utils-2.1.1-150100.10.32.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-722 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for python-cryptography fixes the following issues: - CVE-2023-23931: Fixed memory corruption due to invalidly changed immutable object (bsc#1208036). python-cryptography-3.3.2-150400.16.6.1.src.rpm python3-cryptography-3.3.2-150400.16.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-1670 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for cpupower fixes the following issues: - Replace error with a warning if perf is unavailable (bsc#1202890) cpupower-5.14-150400.3.3.1.src.rpm cpupower-5.14-150400.3.3.1.x86_64.rpm cpupower-devel-5.14-150400.3.3.1.x86_64.rpm libcpupower0-5.14-150400.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-714 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for rpm fixes the following issues: - Fix missing python(abi) for 3.XX versions (bsc#1207294) python-rpm-4.14.3-150300.55.1.src.rpm python3-rpm-4.14.3-150300.55.1.x86_64.rpm rpm-32bit-4.14.3-150300.55.1.x86_64.rpm rpm-4.14.3-150300.55.1.src.rpm rpm-4.14.3-150300.55.1.x86_64.rpm rpm-devel-4.14.3-150300.55.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-470 critical SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for clamav fixes the following issues: - CVE-2023-20032: Fixed a possible remote code execution vulnerability in the HFS+ file parser (bsc#1208363). - CVE-2023-20052: Fixed a possible remote information leak vulnerability in the DMG file parser (bsc#1208365). clamav-0.103.8-150000.3.44.1.src.rpm clamav-0.103.8-150000.3.44.1.x86_64.rpm clamav-devel-0.103.8-150000.3.44.1.x86_64.rpm libclamav9-0.103.8-150000.3.44.1.x86_64.rpm libfreshclam2-0.103.8-150000.3.44.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-475 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for gnutls fixes the following issues: - CVE-2023-0361: Fixed a Bleichenbacher oracle in the TLS RSA key exchange (bsc#1208143). - FIPS: Make the jitterentropy calls thread-safe (bsc#1208146). - FIPS: GnuTLS DH/ECDH PCT public key regeneration (bsc#1207183). gnutls-3.7.3-150400.4.27.1.src.rpm gnutls-3.7.3-150400.4.27.1.x86_64.rpm libgnutls-devel-3.7.3-150400.4.27.1.x86_64.rpm libgnutls30-3.7.3-150400.4.27.1.x86_64.rpm libgnutls30-32bit-3.7.3-150400.4.27.1.x86_64.rpm libgnutls30-hmac-3.7.3-150400.4.27.1.x86_64.rpm libgnutls30-hmac-32bit-3.7.3-150400.4.27.1.x86_64.rpm libgnutlsxx-devel-3.7.3-150400.4.27.1.x86_64.rpm libgnutlsxx28-3.7.3-150400.4.27.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-692 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for xen fixes the following issues: - CVE-2022-27672: Fixed speculative execution vulnerability due to RAS being dynamically partitioned between non-idle threads (bsc#1208286). Bugfixes: - Fixed launch-xenstore error (bsc#1205792) - Fixed issues in VMX (bsc#1027519). xen-4.16.3_04-150400.4.22.1.src.rpm xen-libs-4.16.3_04-150400.4.22.1.x86_64.rpm xen-tools-domU-4.16.3_04-150400.4.22.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-1668 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for firewalld fixes the following issues: - Fix `firewall-offline-cmd` command failing with error (bsc#1206928) firewalld-0.9.3-150400.8.9.1.noarch.rpm firewalld-0.9.3-150400.8.9.1.src.rpm firewalld-lang-0.9.3-150400.8.9.1.noarch.rpm python3-firewall-0.9.3-150400.8.9.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-1581 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for ceph fixes the following issues: Security issues fixed: - CVE-2022-0670: Fixed user/tenant read/write access to an entire file system (bsc#1201837). - CVE-2022-3650: Fixed Python script that allowed privilege escalation from ceph to root (bsc#1204430). - CVE-2022-3854: Fixed possible DoS issue in ceph URL processing on RGW backends (bsc#1205025). Bug fixes: - osd, tools, kv: non-aggressive, on-line trimming of accumulated dups (bsc#1199183). - ceph-volume: fix fast device alloc size on mulitple device (bsc#1200262). - cephadm: update monitoring container images (bsc#1200501). - mgr/dashboard: prevent alert redirect (bsc#1200978). - mgr/volumes: Add subvolumegroup resize cmd (bsc#1201797). - monitoring/ceph-mixin: add RGW host to label info (bsc#1201976). - mgr/dashboard: enable addition of custom Prometheus alerts (bsc#1202077). - python-common: Add 'KB' to supported suffixes in SizeMatcher (bsc#1203375). - mgr/dashboard: fix rgw connect when using ssl (bsc#1205436). - ceph.spec.in: Add -DFMT_DEPRECATED_OSTREAM to CXXFLAGS (bsc#1202292). - cephfs-shell: move source to separate subdirectory (bsc#1201604). Fix in previous release: - mgr/cephadm: try to get FQDN for configuration files (bsc#1196046). - When an RBD is mapped, it is attempted to be deployed as an OSD. (bsc#1187748). - OSD marked down causes wrong backfill_toofull (bsc#1188911). - cephadm: Fix iscsi client caps (allow mgr <service status> calls) (bsc#1192838). - mgr/cephadm: fix and improve osd draining (bsc#1200317). - add iscsi and nfs to upgrade process (bsc#1206158). - mgr/mgr_module.py: CLICommand: Fix parsing of kwargs arguments (bsc#1192840). ceph-16.2.11.58+g38d6afd3b78-150400.3.6.1.src.rpm ceph-common-16.2.11.58+g38d6afd3b78-150400.3.6.1.x86_64.rpm libcephfs-devel-16.2.11.58+g38d6afd3b78-150400.3.6.1.x86_64.rpm libcephfs2-16.2.11.58+g38d6afd3b78-150400.3.6.1.x86_64.rpm librados-devel-16.2.11.58+g38d6afd3b78-150400.3.6.1.x86_64.rpm librados2-16.2.11.58+g38d6afd3b78-150400.3.6.1.x86_64.rpm libradospp-devel-16.2.11.58+g38d6afd3b78-150400.3.6.1.x86_64.rpm librbd-devel-16.2.11.58+g38d6afd3b78-150400.3.6.1.x86_64.rpm librbd1-16.2.11.58+g38d6afd3b78-150400.3.6.1.x86_64.rpm librgw-devel-16.2.11.58+g38d6afd3b78-150400.3.6.1.x86_64.rpm librgw2-16.2.11.58+g38d6afd3b78-150400.3.6.1.x86_64.rpm python3-ceph-argparse-16.2.11.58+g38d6afd3b78-150400.3.6.1.x86_64.rpm python3-ceph-common-16.2.11.58+g38d6afd3b78-150400.3.6.1.x86_64.rpm python3-cephfs-16.2.11.58+g38d6afd3b78-150400.3.6.1.x86_64.rpm python3-rados-16.2.11.58+g38d6afd3b78-150400.3.6.1.x86_64.rpm python3-rbd-16.2.11.58+g38d6afd3b78-150400.3.6.1.x86_64.rpm python3-rgw-16.2.11.58+g38d6afd3b78-150400.3.6.1.x86_64.rpm rados-objclass-devel-16.2.11.58+g38d6afd3b78-150400.3.6.1.x86_64.rpm rbd-nbd-16.2.11.58+g38d6afd3b78-150400.3.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-677 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for poppler fixes the following issues: - CVE-2022-38784: Fixed integer overflow in the JBIG2 decoder (bsc#1202692). Bugfixes: - Fixed issue where some PDF generators generate PDF with some wrong numbers in entry table, but the content is still valid (bsc#1181551). libpoppler89-0.79.0-150200.3.8.1.x86_64.rpm poppler-0.79.0-150200.3.8.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-495 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for poppler fixes the following issues: - CVE-2022-38784: Fixed integer overflow in the JBIG2 decoder (bsc#1202692). libpoppler-cpp0-22.01.0-150400.3.3.1.x86_64.rpm libpoppler-devel-22.01.0-150400.3.3.1.x86_64.rpm libpoppler-glib-devel-22.01.0-150400.3.3.1.x86_64.rpm libpoppler-glib8-22.01.0-150400.3.3.1.x86_64.rpm libpoppler117-22.01.0-150400.3.3.1.x86_64.rpm poppler-22.01.0-150400.3.3.1.src.rpm poppler-tools-22.01.0-150400.3.3.1.x86_64.rpm typelib-1_0-Poppler-0_18-22.01.0-150400.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-563 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for openssl-1_1 fixes the following issues: - FIPS: Serialize jitterentropy calls to avoid thread safety issues [bsc#1207994] libopenssl-1_1-devel-1.1.1l-150400.7.25.1.x86_64.rpm libopenssl-1_1-devel-32bit-1.1.1l-150400.7.25.1.x86_64.rpm libopenssl1_1-1.1.1l-150400.7.25.1.x86_64.rpm libopenssl1_1-32bit-1.1.1l-150400.7.25.1.x86_64.rpm libopenssl1_1-hmac-1.1.1l-150400.7.25.1.x86_64.rpm libopenssl1_1-hmac-32bit-1.1.1l-150400.7.25.1.x86_64.rpm openssl-1_1-1.1.1l-150400.7.25.1.src.rpm openssl-1_1-1.1.1l-150400.7.25.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-626 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libnvme fixes the following issues: - Fix import error in python-libnvme (bsc#1207159) libnvme-1.0-150400.3.15.1.src.rpm libnvme-devel-1.0-150400.3.15.1.x86_64.rpm libnvme1-1.0-150400.3.15.1.x86_64.rpm python3-libnvme-1.0-150400.3.15.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-1725 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for openvpn fixes the following issues: - Add back `--enable-iproute2` as default option (bsc#1202792) openvpn-2.5.6-150400.3.6.1.src.rpm openvpn-2.5.6-150400.3.6.1.x86_64.rpm openvpn-auth-pam-plugin-2.5.6-150400.3.6.1.x86_64.rpm openvpn-devel-2.5.6-150400.3.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-1743 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for yast2-storage-ng fixes the following issues: - Fix to properly identify Dell BOSS storage devices (bsc#1200975) yast2-storage-ng-4.4.42-150400.3.9.1.src.rpm yast2-storage-ng-4.4.42-150400.3.9.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-875 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for sg3_utils fixes the following issues: - Speed large multipath scans (bsc#1207706) libsgutils-devel-1.47+13.75d23ac-150400.3.6.1.x86_64.rpm libsgutils2-1_47-2-1.47+13.75d23ac-150400.3.6.1.x86_64.rpm sg3_utils-1.47+13.75d23ac-150400.3.6.1.src.rpm sg3_utils-1.47+13.75d23ac-150400.3.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-1636 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for suse-module-tools fixes the following issues: - Update to version 15.4.16: * modprobe.conf: s390x: remove softdep on fbcon (bsc#1207853) suse-module-tools-15.4.16-150400.3.8.1.src.rpm suse-module-tools-15.4.16-150400.3.8.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-598 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for emacs fixes the following issues: - CVE-2022-48337: Fixed etags local command injection vulnerability (bsc#1208515). - CVE-2022-48339: Fixed htmlfontify.el command injection vulnerability (bsc#1208512). - CVE-2022-48338: Fixed ruby-mode.el local command injection vulnerability (bsc#1208514). emacs-27.2-150400.3.6.1.src.rpm emacs-27.2-150400.3.6.1.x86_64.rpm emacs-el-27.2-150400.3.6.1.noarch.rpm emacs-info-27.2-150400.3.6.1.noarch.rpm emacs-nox-27.2-150400.3.6.1.x86_64.rpm etags-27.2-150400.3.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-1617 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for exfatprogs fixes the following issues: - Fix mkfs on block devices with 4K sector sizes (bsc#1193534) exfatprogs-1.0.4-150300.3.6.1.src.rpm exfatprogs-1.0.4-150300.3.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-1658 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for apache2 fixes the following issues: - CVE-2023-27522: Fixed HTTP response splitting in mod_proxy_uwsgi (bsc#1209049). - CVE-2023-25690: Fixed HTTP request splitting with mod_rewrite and mod_proxy (bsc#1209047). The following non-security bugs were fixed: - Fixed mod_proxy handling of very long urls (bsc#1207327) - Fixed passing health check does not recover worker from its error state (bsc#1208708). apache2-2.4.51-150400.6.11.1.src.rpm apache2-2.4.51-150400.6.11.1.x86_64.rpm apache2-prefork-2.4.51-150400.6.11.1.x86_64.rpm apache2-utils-2.4.51-150400.6.11.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-1881 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for Mesa fixes the following issues: -Fixes blackscreen in Return To Monkey Island on Intel graphics (bsc#1208145) Mesa-21.2.4-150400.68.12.1.src.rpm Mesa-21.2.4-150400.68.12.1.x86_64.rpm Mesa-KHR-devel-21.2.4-150400.68.12.1.x86_64.rpm Mesa-devel-21.2.4-150400.68.12.1.x86_64.rpm Mesa-dri-21.2.4-150400.68.12.1.x86_64.rpm Mesa-dri-devel-21.2.4-150400.68.12.1.x86_64.rpm Mesa-drivers-21.2.4-150400.68.12.1.src.rpm Mesa-gallium-21.2.4-150400.68.12.1.x86_64.rpm Mesa-gallium-32bit-21.2.4-150400.68.12.1.x86_64.rpm Mesa-libEGL-devel-21.2.4-150400.68.12.1.x86_64.rpm Mesa-libEGL1-21.2.4-150400.68.12.1.x86_64.rpm Mesa-libGL-devel-21.2.4-150400.68.12.1.x86_64.rpm Mesa-libGL1-21.2.4-150400.68.12.1.x86_64.rpm Mesa-libGLESv1_CM-devel-21.2.4-150400.68.12.1.x86_64.rpm Mesa-libGLESv2-devel-21.2.4-150400.68.12.1.x86_64.rpm Mesa-libGLESv3-devel-21.2.4-150400.68.12.1.x86_64.rpm Mesa-libVulkan-devel-21.2.4-150400.68.12.1.x86_64.rpm Mesa-libd3d-21.2.4-150400.68.12.1.x86_64.rpm Mesa-libd3d-devel-21.2.4-150400.68.12.1.x86_64.rpm Mesa-libglapi-devel-21.2.4-150400.68.12.1.x86_64.rpm Mesa-libglapi0-21.2.4-150400.68.12.1.x86_64.rpm Mesa-libglapi0-32bit-21.2.4-150400.68.12.1.x86_64.rpm Mesa-libva-21.2.4-150400.68.12.1.x86_64.rpm Mesa-vulkan-device-select-21.2.4-150400.68.12.1.x86_64.rpm Mesa-vulkan-overlay-21.2.4-150400.68.12.1.x86_64.rpm libOSMesa-devel-21.2.4-150400.68.12.1.x86_64.rpm libOSMesa8-21.2.4-150400.68.12.1.x86_64.rpm libgbm-devel-21.2.4-150400.68.12.1.x86_64.rpm libgbm1-21.2.4-150400.68.12.1.x86_64.rpm libgbm1-32bit-21.2.4-150400.68.12.1.x86_64.rpm libvdpau_r300-21.2.4-150400.68.12.1.x86_64.rpm libvdpau_r600-21.2.4-150400.68.12.1.x86_64.rpm libvdpau_radeonsi-21.2.4-150400.68.12.1.x86_64.rpm libvulkan_intel-21.2.4-150400.68.12.1.x86_64.rpm libvulkan_lvp-21.2.4-150400.68.12.1.x86_64.rpm libvulkan_radeon-21.2.4-150400.68.12.1.x86_64.rpm libxatracker-devel-1.0.0-150400.68.12.1.x86_64.rpm libxatracker2-1.0.0-150400.68.12.1.x86_64.rpm Mesa-32bit-21.2.4-150400.68.12.1.x86_64.rpm Mesa-dri-32bit-21.2.4-150400.68.12.1.x86_64.rpm Mesa-libEGL1-32bit-21.2.4-150400.68.12.1.x86_64.rpm Mesa-libGL1-32bit-21.2.4-150400.68.12.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-1665 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for sudo fixes the following issue: Security issues: - CVE-2023-28486: Fixed sudo does not escape control characters in log messages. (bsc#1209362) - CVE-2023-28487: Fixed sudo does not escape control characters in sudoreplay output. (bsc#1209361) - CVE-2023-27320: Fixed a potential security issue with a double free with per-command chroot sudoers rules (bsc#1208595). Bug fixes: - Fix a situation where "sudo -U otheruser -l" would dereference a NULL pointer (bsc#1206483) - If NOPASSWD is specified, don't ask for password if command is not found (bsc#1206772). - Do not re-enable the reader when flushing the buffers as part of pty_finish() (bsc#1203201). sudo-1.9.9-150400.4.26.1.src.rpm sudo-1.9.9-150400.4.26.1.x86_64.rpm sudo-devel-1.9.9-150400.4.26.1.x86_64.rpm sudo-plugin-python-1.9.9-150400.4.26.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-614 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update of nut fixes the following issues: - rebuild against the new net-snmp (jsc#SLE-11203). libupsclient1-2.7.4-150400.15.2.1.x86_64.rpm nut-2.7.4-150400.15.2.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-557 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libxslt fixes the following issues: - CVE-2021-30560: Fixing a use after free vulnerability in Blink XSLT (bsc#1208574). libxslt-1.1.34-150400.3.3.1.src.rpm libxslt-devel-1.1.34-150400.3.3.1.x86_64.rpm libxslt-tools-1.1.34-150400.3.3.1.x86_64.rpm libxslt1-1.1.34-150400.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-549 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for python3 fixes the following issues: - CVE-2022-45061: Fixed DoS when IDNA decodes extremely long domain names (bsc#1205244). Bugfixes: - Fixed issue where email.generator.py replaces a non-existent header (bsc#1208443). libpython3_6m1_0-3.6.15-150300.10.40.1.x86_64.rpm python3-3.6.15-150300.10.40.1.src.rpm python3-3.6.15-150300.10.40.1.x86_64.rpm python3-base-3.6.15-150300.10.40.1.x86_64.rpm python3-core-3.6.15-150300.10.40.1.src.rpm python3-curses-3.6.15-150300.10.40.1.x86_64.rpm python3-dbm-3.6.15-150300.10.40.1.x86_64.rpm python3-devel-3.6.15-150300.10.40.1.x86_64.rpm python3-idle-3.6.15-150300.10.40.1.x86_64.rpm python3-tk-3.6.15-150300.10.40.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-1689 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for ldb, samba fixes the following issues: ldb: - CVE-2022-32746: Fixed an use-after-free issue in the database audit logging module (bsc#1201490). - CVE-2023-0614: Fixed discovering of access controlled AD LDAP attributes (bso#15270) (bsc#1209485). samba: - CVE-2023-0922: Fixed cleartext password sending by AD DC admin tool (bso#15315) (bsc#1209481). - CVE-2023-0225: Fixed deletion of AD DC "dnsHostname" attribute by unprivileged authenticated users (bso#15276) (bsc#1209483). - CVE-2023-0614: Fixed discovering of access controlled AD LDAP attributes (bso#15270) (bsc#1209485). The following non-security bug were fixed: - Prevent use after free of messaging_ctdb_fde_ev structs (bso#15293) (bsc#1207416). - Ship missing samba-winbind-libs-32bit package (bsc#1207996) - Ship missing samba-libs to SLE Micro 5.3 (bsc#1207723) ldb-2.4.4-150400.4.11.1.src.rpm ldb-tools-2.4.4-150400.4.11.1.x86_64.rpm libldb-devel-2.4.4-150400.4.11.1.x86_64.rpm libldb2-2.4.4-150400.4.11.1.x86_64.rpm libsamba-policy-devel-4.15.13+git.636.53d93c5b9d6-150400.3.23.1.x86_64.rpm libsamba-policy-python3-devel-4.15.13+git.636.53d93c5b9d6-150400.3.23.1.x86_64.rpm libsamba-policy0-python3-4.15.13+git.636.53d93c5b9d6-150400.3.23.1.x86_64.rpm python3-ldb-2.4.4-150400.4.11.1.x86_64.rpm python3-ldb-devel-2.4.4-150400.4.11.1.x86_64.rpm samba-4.15.13+git.636.53d93c5b9d6-150400.3.23.1.src.rpm samba-4.15.13+git.636.53d93c5b9d6-150400.3.23.1.x86_64.rpm samba-ad-dc-libs-32bit-4.15.13+git.636.53d93c5b9d6-150400.3.23.1.x86_64.rpm samba-ad-dc-libs-4.15.13+git.636.53d93c5b9d6-150400.3.23.1.x86_64.rpm samba-ceph-4.15.13+git.636.53d93c5b9d6-150400.3.23.1.x86_64.rpm samba-client-32bit-4.15.13+git.636.53d93c5b9d6-150400.3.23.1.x86_64.rpm samba-client-4.15.13+git.636.53d93c5b9d6-150400.3.23.1.x86_64.rpm samba-client-libs-4.15.13+git.636.53d93c5b9d6-150400.3.23.1.x86_64.rpm samba-devel-32bit-4.15.13+git.636.53d93c5b9d6-150400.3.23.1.x86_64.rpm samba-devel-4.15.13+git.636.53d93c5b9d6-150400.3.23.1.x86_64.rpm samba-dsdb-modules-4.15.13+git.636.53d93c5b9d6-150400.3.23.1.x86_64.rpm samba-gpupdate-4.15.13+git.636.53d93c5b9d6-150400.3.23.1.x86_64.rpm samba-ldb-ldap-4.15.13+git.636.53d93c5b9d6-150400.3.23.1.x86_64.rpm samba-libs-4.15.13+git.636.53d93c5b9d6-150400.3.23.1.x86_64.rpm samba-libs-python3-4.15.13+git.636.53d93c5b9d6-150400.3.23.1.x86_64.rpm samba-python3-4.15.13+git.636.53d93c5b9d6-150400.3.23.1.x86_64.rpm samba-tool-4.15.13+git.636.53d93c5b9d6-150400.3.23.1.x86_64.rpm samba-winbind-4.15.13+git.636.53d93c5b9d6-150400.3.23.1.x86_64.rpm samba-winbind-libs-32bit-4.15.13+git.636.53d93c5b9d6-150400.3.23.1.x86_64.rpm samba-winbind-libs-4.15.13+git.636.53d93c5b9d6-150400.3.23.1.x86_64.rpm libldb2-32bit-2.4.4-150400.4.11.1.x86_64.rpm samba-client-libs-32bit-4.15.13+git.636.53d93c5b9d6-150400.3.23.1.x86_64.rpm samba-libs-32bit-4.15.13+git.636.53d93c5b9d6-150400.3.23.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-776 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install "gcc12" or "gcc12-c++" or one of the other "gcc12-COMPILER" frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html gcc12-12.2.1+git416-150000.1.7.1.src.rpm libasan8-12.2.1+git416-150000.1.7.1.x86_64.rpm libasan8-32bit-12.2.1+git416-150000.1.7.1.x86_64.rpm libatomic1-12.2.1+git416-150000.1.7.1.x86_64.rpm libatomic1-32bit-12.2.1+git416-150000.1.7.1.x86_64.rpm libgcc_s1-12.2.1+git416-150000.1.7.1.x86_64.rpm libgcc_s1-32bit-12.2.1+git416-150000.1.7.1.x86_64.rpm libgfortran5-12.2.1+git416-150000.1.7.1.x86_64.rpm libgfortran5-32bit-12.2.1+git416-150000.1.7.1.x86_64.rpm libgomp1-12.2.1+git416-150000.1.7.1.x86_64.rpm libgomp1-32bit-12.2.1+git416-150000.1.7.1.x86_64.rpm libitm1-12.2.1+git416-150000.1.7.1.x86_64.rpm libitm1-32bit-12.2.1+git416-150000.1.7.1.x86_64.rpm liblsan0-12.2.1+git416-150000.1.7.1.x86_64.rpm libobjc4-12.2.1+git416-150000.1.7.1.x86_64.rpm libobjc4-32bit-12.2.1+git416-150000.1.7.1.x86_64.rpm libquadmath0-12.2.1+git416-150000.1.7.1.x86_64.rpm libquadmath0-32bit-12.2.1+git416-150000.1.7.1.x86_64.rpm libstdc++6-12.2.1+git416-150000.1.7.1.x86_64.rpm libstdc++6-32bit-12.2.1+git416-150000.1.7.1.x86_64.rpm libstdc++6-locale-12.2.1+git416-150000.1.7.1.x86_64.rpm libstdc++6-pp-12.2.1+git416-150000.1.7.1.x86_64.rpm libstdc++6-pp-32bit-12.2.1+git416-150000.1.7.1.x86_64.rpm libtsan2-12.2.1+git416-150000.1.7.1.x86_64.rpm libubsan1-12.2.1+git416-150000.1.7.1.x86_64.rpm libubsan1-32bit-12.2.1+git416-150000.1.7.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-753 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for cpuid fixes the following issues: - Inclued cpuid in SUSE Linux Enterprise 15 Service Pack 4 Basesystem Module on x86_64 architecture (jsc#PED-3044) - Version update from 20201006 to 20221201 (jsc#PED-2804, jsc#PED-3028): * Multiple detection and decodings updated * Many updated and added identified CPU models and variants * Updated hypervisor support * For the detailed list of changes please consult the packaged Changelog cpuid-20221201-150300.3.4.1.src.rpm cpuid-20221201-150300.3.4.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-775 critical SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This feature update for the Java stack provides: ant: - Update ant from version 1.10.7 to version 1.10.12. (jsc#SLE-23217) * CVE-2021-36374: Excessive memory allocation when reading a crafted ZIP archive or a derived formats. (bsc#1188469) * CVE-2021-36373: Excessive memory allocation when reading a crafted TAR archive. (bsc#1188468) * Do not follow redirects if the "followRedirects" attribute is set to "false". * Make sure setting build.compiler to the fully qualified classname that corresponds to extJavac or modern has the same effect as using the shorter alias names. * Prevent potential deadlocks in org.apache.tools.ant.IntrospectionHelper. * Avoid file name canonicalization when possible. * Upgraded AntUnit to 1.4.1. * CVE-2020-11979: Fixed an insecure temporary file vulnerability. (bnc#1177180) * CVE-2020-1945: insecure temporary file vulnerability. (bsc#1171696) * sshexec, sshsession and scp now support a new sshConfig parameter. It specifies the SSH configuration file (typically ${user.home}/.ssh/config) defining the username and keyfile to be used per host. * Add rhino to the ant-apache-bsf optional tasks. (bsc#1134001) * Remove jakarta-commons-* dependencies and use apache-commons-logging and apache-commons-net in optional tasks. (bsc#1133997) * Use xml-commons-apis-bootstrap as jar in classpath instead of the common xml-apis jar. * Do not build against the log4j12 packages, use the new reload4j ant-antlr: - Update ant-antlr from version 1.10.7 to version 1.10.12. (jsc#SLE-23217) * CVE-2021-36374: Excessive memory allocation when reading a crafted ZIP archive or a derived formats. (bsc#1188469) * CVE-2021-36373: Excessive memory allocation when reading a crafted TAR archive. (bsc#1188468) * Do not follow redirects if the "followRedirects" attribute is set to "false". * Make sure setting build.compiler to the fully qualified classname that corresponds to extJavac or modern has the same effect as using the shorter alias names. * Prevent potential deadlocks in org.apache.tools.ant.IntrospectionHelper. * Avoid file name canonicalization when possible. * Upgraded AntUnit to 1.4.1. * CVE-2020-11979: Fixed an insecure temporary file vulnerability. (bnc#1177180) * CVE-2020-1945: insecure temporary file vulnerability. (bsc#1171696) * sshexec, sshsession and scp now support a new sshConfig parameter. It specifies the SSH configuration file (typically ${user.home}/.ssh/config) defining the username and keyfile to be used per host. * Add rhino to the ant-apache-bsf optional tasks. (bsc#1134001) * Remove jakarta-commons-* dependencies and use apache-commons-logging and apache-commons-net in optional tasks. (bsc#1133997) * Use xml-commons-apis-bootstrap as jar in classpath instead of the common xml-apis jar. * Do not build against the log4j12 packages, use the new reload4j ant-contrib: - Fix build with apache-ivy 2.5.1 (jsc#SLE-23217) ant-junit: - Update ant-junit from version 1.10.7 to version 1.10.12. (jsc#SLE-23217) * CVE-2021-36374: Excessive memory allocation when reading a crafted ZIP archive or a derived formats. (bsc#1188469) * CVE-2021-36373: Excessive memory allocation when reading a crafted TAR archive. (bsc#1188468) * Do not follow redirects if the "followRedirects" attribute is set to "false". * Make sure setting build.compiler to the fully qualified classname that corresponds to extJavac or modern has the same effect as using the shorter alias names. * Prevent potential deadlocks in org.apache.tools.ant.IntrospectionHelper. * Avoid file name canonicalization when possible. * Upgraded AntUnit to 1.4.1. * CVE-2020-11979: Fixed an insecure temporary file vulnerability. (bnc#1177180) * CVE-2020-1945: insecure temporary file vulnerability. (bsc#1171696) * sshexec, sshsession and scp now support a new sshConfig parameter. It specifies the SSH configuration file (typically ${user.home}/.ssh/config) defining the username and keyfile to be used per host. * Add rhino to the ant-apache-bsf optional tasks. (bsc#1134001) * Remove jakarta-commons-* dependencies and use apache-commons-logging and apache-commons-net in optional tasks. (bsc#1133997) * Use xml-commons-apis-bootstrap as jar in classpath instead of the common xml-apis jar. * Do not build against the log4j12 packages, use the new reload4j ant-junit5: - Update ant-junit5 from version 1.10.7 to version 1.10.12. (jsc#SLE-23217) * CVE-2021-36374: Excessive memory allocation when reading a crafted ZIP archive or a derived formats. (bsc#1188469) * CVE-2021-36373: Excessive memory allocation when reading a crafted TAR archive. (bsc#1188468) * Do not follow redirects if the "followRedirects" attribute is set to "false". * Make sure setting build.compiler to the fully qualified classname that corresponds to extJavac or modern has the same effect as using the shorter alias names. * Prevent potential deadlocks in org.apache.tools.ant.IntrospectionHelper. * Avoid file name canonicalization when possible. * Upgraded AntUnit to 1.4.1. * CVE-2020-11979: Fixed an insecure temporary file vulnerability. (bnc#1177180) * CVE-2020-1945: insecure temporary file vulnerability. (bsc#1171696) * sshexec, sshsession and scp now support a new sshConfig parameter. It specifies the SSH configuration file (typically ${user.home}/.ssh/config) defining the username and keyfile to be used per host. * Add rhino to the ant-apache-bsf optional tasks. (bsc#1134001) * Remove jakarta-commons-* dependencies and use apache-commons-logging and apache-commons-net in optional tasks. (bsc#1133997) * Use xml-commons-apis-bootstrap as jar in classpath instead of the common xml-apis jar. - Do not build against the log4j12 packages, use the new reload4j antlr: - Build antlr-manual package without examples files. (bsc#1120360) antlr3: - Build with source and target levels 8 (jsc#SLE-23217) antlr4: - Update antlr4 from version 4.7.2 to version 4.9.3. (jsc#SLE-23217) * The libantlr4-runtime-devel now requires utfcpp-devel * For more details check: https://github.com/antlr/antlr4/compare/4.7.2...4.9.3 aopalliance: - Build with source and target levels 8 (jsc#SLE-23217) apache-commons-beanutils: - Provide apache-commons-beanutils 1.9.4 and solve installation issues. (jsc#SLE-23217) - There are no source changes. apache-commons-cli: - Update apache-commons-cli from version 1.4 to version 1.5.0. (jsc#SLE-23217) * Replace deprecated FindBugs with SpotBugs * Replace CLIRR with JApiCmp. * Update Java from version 5 to 7 * Remove deprecated sudo setting * Bump junit:junit to 4.13.2 * Bump commons-parent to 52 * Bump maven-pmd-plugin to 3.15.0 * Bump actions/checkout to v2.3.5 * Bump actions/setup-java to v2 * Bump maven-antrun-plugin to 3.0.0 * Bump maven-checkstyle-plugin to 3.1.2 * Bump checkstyle to 9.0.1 * Bump actions/cache to 2.1.6 * Bump commons.animal-sniffer.version to 1.20 * Bump maven-bundle-plugin to 5.1.2 * Bump biz.aQute.bndlib.version to 6.0.0 * Bump spotbugs to 4.4.2 * Bump spotbugs-maven-plugin to 4.4.2.2 * Add OSGi manifest to the build files. * Set java source/target levels to 6 apache-commons-codec: - Update apache-commons-codec from version 1.11 to version 1.15. (jsc#SLE-23217) * Do not alias the artifact to itself * Base16Codec and Base16Input/OutputStream. * Hex encode/decode with existing arrays. * Base32/Base64 Input/OutputStream: Added strict decoding property to control handling of trailing bits. Default lenient mode discards them without error. Strict mode raise an exception. * Update tests from JUnit to 4.13. * Update actions/checkout to v2.3.2 * Update actions/setup-java to v1.4.1. * MurmurHash3: Deprecate hash64 methods and hash methods accepting a String that use the default encoding. * Allow repeat calls to MurmurHash3.IncrementalHash32.end() to generate the same value. * Add RandomAccessFile digest methods * Add Path APIs to org.apache.commons.codec.digest.DigestUtils similar to File APIs. * Add SHA-512/224 and SHA-512/256 to DigestUtils for Java 9 and up. * Deprecate Charset constants in org.apache.commons.codec.Charsets in favor of java.nio.charset.StandardCharsets. * Reject any decode request for a value that is impossible to encode to for Base32/Base64. * MurmurHash2 for 32-bit or 64-bit value. * MurmurHash3 for 32-bit or 128-bit value. * Update from Java 6 to Java 7. * Add Percent-Encoding Codec (described in RFC3986 and RFC7578) * Add SHA-3 methods in DigestUtils. apache-commons-collections4: - Build with source and target levels 8 (jsc#SLE-23217) apache-commons-collections: - Do not use a dummy pom that only declares dependencies for the testframework artifact apache-commons-compress: - Remove support for pack200 which depends on old asm3. (jsc#SLE-23217) apache-commons-configuration: - Build with source and target levels 8 (jsc#SLE-23217) apache-commons-csv: - Provide apache-commons-csv version 1.9.0 (jsc#SLE-23217) apache-commons-daemon: - Update apache-commons-daemon from version 1.0.15 to version 1.2.4. (jsc#SLE-23217) * Build with source/target levels 8 * Ensure that log messages written to stdout and stderr are not lost during start-up. * Enable the service to start if the Options value is not present in the registry. * jsvc. Don't fail if the CAP_DAC_READ_SEARCH capability is not available. Fall back to using argv[0] rather than /proc/self/exe to determine the path for the current binary. * Improved JRE/JDK detection to support increased range of both JVM versions and vendors * Correct multiple issues related to enabling a service to interact with the desktop. Provide a better error message if this option is used with an invalid user, install the service with the option enabled if requested and correctly save the setting if it is enabled in the GUI. * Update the list of paths searched for libjvm.so to include the path used by OpenJDK 11. * Add additional debug logging for Java start mode. * Remove incorrect definition 'supported_os' which defined in psupport.m4 file to fix jsvc build error on s390, arm, aarch64, mipsel and mips. * More debug logging in prunsrv.c and javajni.c. * Update arguments.c to support Java 11 --enable-preview. * jsvc and Procrun: ad support for Java native memory tracking. * Procrun. Add a new command, print, that outputs the command to (re-)configure the service with the current settings. This is intended to be used to save settings such as before an upgrade. * Update: Update Commons-Parent to version 49. * Add AArch64 support to src/native/unix/support/apsupport.m4. * Procrun. When running in jre mode, if the standard Java registry entries for JavaHome and RuntimeLib are not present, attempt to use the Procrun JavaHome key to find the runtime library. * Procrun. Add an option to configure the service to use the 'Automatic (Delayed Start)' startup mode. * jsvc. Include the full path to the jsvc executable in the debug log. * Remove support for building Procrun for the Itanium platform. apache-commons-dbcp: - Provide apache-commons-dbcp version 2.1.1 and solve installation issues. (jsc#SLE-23217) - There are no source changes. apache-commons-digester: - Build with source and target levels 8 (jsc#SLE-23217) apache-commons-el: - Build with source and target levels 8 (jsc#SLE-23217) apache-commons-exec: - Build with source and target levels 8 (jsc#SLE-23217) apache-commons-fileupload: - Build with source and target levels 8 (jsc#SLE-23217) apache-commons-io: - Update apache-commons-io from version 2.6 to version 2.11.0. (jsc#SLE-23217) * CVE-2021-29425: Limited path traversal in Apache Commons IO (bsc#1184755) * Java 8 or later is required * This update provides several fixes and enhancements. For a full overview please, visit: https://commons.apache.org/proper/commons-io/changes-report.html apache-commons-jexl: - Build with source and target levels 8 (jsc#SLE-23217) apache-commons-lang3: - Update apache-commons-lang3 from version 3.8.1 to version 3.12.0. (jsc#SLE-23217) * Remove the junit bom dependency as it breaks the build of other packages like log4j. * Fix component version in default.properties to 3.12 * Add BooleanUtils.booleanValues(). * Add BooleanUtils.primitiveValues(). * Add StringUtils.containsAnyIgnoreCase(CharSequence, CharSequence...). * Add StopWatch.getStopTime(). * Add fluent-style ArraySorter. * Add and use LocaleUtils.toLocale(Locale) to avoid NPEs. * Add FailableShortSupplier, handy for JDBC APIs. * Add JavaVersion.JAVA_17. * Add missing boolean[] join method. * Add StringUtils.substringBefore(String, int). * Add Range.INTEGER. * Add DurationUtils. * Introduce the use of @Nonnull, and @Nullable, and the Objects class as a helper tool. * Add and use true and false String constants. * Add and use ObjectUtils.requireNonEmpty(). * Correct implementation of RandomUtils.nextLong(long, long). * Restore handling of collections for non-JSON ToStringStyle. * ContextedException Javadoc add missing semicolon. * Resolve JUnit pioneer transitive dependencies using JUnit BOM. * NumberUtilsTest - incorrect types in min/max tests. * Improve StringUtils.stripAccents conversion of remaining accents. * StringUtils.countMatches - clarify Javadoc. * Remove redundant argument from substring call. * BigDecimal is created when you pass it the min and max values. * TypeUtils.isAssignable returns wrong result for GenericArrayType and ParameterizedType. * testGetAllFields and testGetFieldsWithAnnotation sometimes fail. * TypeUtils. containsTypeVariables does not support GenericArrayType. * Refine StringUtils.lastIndexOfIgnoreCase. * Refine StringUtils.abbreviate. * Refine StringUtils.isNumericSpace. * Refine StringUtils.deleteWhitespace. * MethodUtils.invokeMethod NullPointerException in case of null in args list. * Fix 2 digit week year formatting. * Add and use ThreadUtils.sleep(Duration). * Add and use ThreadUtils.join(Thread, Duration). * Add ObjectUtils.wait(Duration). * ArrayUtils.toPrimitive(Object) does not support boolean and other types. * Processor.java: check enum equality with == instead of .equals() method. * Use own validator ObjectUtils.anyNull to check null String input. * Add ArrayUtils.isSameLength() to compare more array types. * Added the Locks class as a convenient possibility to deal with locked objects. * Add to Functions: FailableBooleanSupplier, FailableIntSupplier, FailableLongSupplier, FailableDoubleSupplier... * Add ArrayUtils.get(T[], index, T) to provide an out-of-bounds default value. * Add JavaVersion enum constants for Java 14, 15 and 16. * Use Java 8 lambdas and Map operations. * Change removeLastFieldSeparator to use endsWith. * Change a Pattern to a static final field, for not letting it compile each time the function invoked. * Add ImmutablePair factory methods left() and right(). * Add ObjectUtils.toString(Object, Supplier<String>). * Add org.apache.commons.lang3.StringUtils.substringAfter(String, int). * Add org.apache.commons.lang3.StringUtils.substringAfterLast(String, int). * Use StandardCharsets.UTF_8. * Use Collections.singletonList insteadof Arrays.asList when there be only one element. * Change array style from `int a[]` to `int[] a`. * Change from addAll to constructors for some List. * Simplify if as some conditions are covered by others. * Fixed Javadocs for setTestRecursive(). * ToStringBuilder.reflectionToString - Wrong JSON format when object has a List of Enum. * Make org.apache.commons.lang3.CharSequenceUtils.toCharArray(CharSequence) public. * Update actions/cache from v2 to v2.1.4. * Update actions/checkout from v2.3.1 to v2.3.4. * Update actions/setup-java from v1.4.0 to v1.4.2. * Update biz.aQute.bndlib from 5.1.1 to 5.3.0. * Update com.puppycrawl.tools:checkstyle to 8.34. * Update commons.jacoco.version 0.8.5 to 0.8.6 (Fixes Java 15 builds). * Update commons.japicmp.version to 0.15.2. * Update jmh.version from 1.21 to 1.27. * Update junit-bom from 5.7.0 to 5.7.1. * Update junit-jupiter to 5.7.0. * Update junit-pioneer to 1.3.0. * Update maven-checkstyle-plugin to 3.1.2. * Update maven-pmd-plugin from 3.13.0 to 3.14.0. * Update maven-surefire-plugin 2.22.2 -> 3.0.0-M5. * Update org.apache.commons:commons-parent to 51. * Update org.easymock:easymock to 4.2. * Update org.hamcrest:hamcrest 2.1 -> 2.2. * Update org.junit.jupiter:junit-jupiter to 5.6.2. * Update spotbugs to 4.2.1. * Update spotbugs-maven-plugin from 4.0.0 to 4.2.0. * Add ExceptionUtils.throwableOfType(Throwable, Class) and friends. * Add EMPTY_ARRAY constants to classes in org.apache.commons.lang3.tuple. * Add null-safe StringUtils APIs to wrap String#getBytes([Charset|String]). * Add zero arg constructor for org.apache.commons.lang3.NotImplementedException. * Add ArrayUtils.addFirst() methods. * Add Range.fit(T) to fit a value into a range. * Added Functions.as*, and tests thereof, as suggested by Peter Verhas * Add getters for lhs and rhs objects in DiffResult. * Generify builder classes Diffable, DiffBuilder, and DiffResult. * Add ClassLoaderUtils with toString() implementations. * Add null-safe APIs as StringUtils.toRootLowerCase(String) and StringUtils.toRootUpperCase(String). * Add org.apache.commons.lang3.time.Calendars. * Add EnumUtils getEnum() methods with default values. * Added indexesOf methods and simplified removeAllOccurences. * Add support of lambda value evaluation for defaulting methods. * Add factory methods to Pair classes with Map.Entry input. * Add StopWatch convenience APIs to format times and create a simple instance. * Allow a StopWatch to carry an optional message. * Add ComparableUtils. * Add org.apache.commons.lang3.SystemUtils.getUserName(). * Add ObjectToStringComparator. * Add org.apache.commons.lang3.arch.Processor.Arch.getLabel(). * Add IS_JAVA_14 and IS_JAVA_15 to org.apache.commons.lang3.SystemUtils. * ObjectUtils: Get first non-null supplier value. * Added the Streams class, and Functions.stream() as an accessor thereof. * Make test more stable by wrapping assertions in hashset. * Use synchronize on a set created with Collections.synchronizedSet before iterating. * StringUtils.unwrap incorrect throw StringIndexOutOfBoundsException. * StringIndexOutOfBoundsException in StringUtils.replaceIgnoreCase. * StringUtils.removeIgnoreCase("?a", "a") throws IndexOutOfBoundsException. * StringUtils abbreviate returns String of length greater than maxWidth. * Deprecate org.apache.commons.lang3.ArrayUtils.removeAllOccurences(*) for org.apache.commons.lang3.ArrayUtils.removeAllOccurrences(*). * Requires jdk >= 1.8 * Add more SystemUtils.IS_JAVA_XX variants * Adding the Functions class * Add @FunctionalInterface to ThreadPredicate and ThreadGroupPredicate * Add isEmpty method to ObjectUtils * null-safe StringUtils.valueOf(char[]) to delegate to String.valueOf(char[]). * Add API org.apache.commons.lang3.SystemUtils.isJavaVersionAtMost(JavaVersion) * Consolidate the StringUtils equals and equalsIgnoreCase * Add OSGi manifest apache-commons-logging: - Do not build against the log4j12 packages, use the new reload4j (jsc#SLE-23217) apache-commons-math: - Provide apache-commons-math version 3.6.1 (jsc#SLE-23217) apache-commons-net: - Update from version 3.6 to version 3.9.0 (jsc#SLE-23217) * CVE-2021-37533: FTP client trusts the host from PASV response by default (bsc#1206018) * Build with source and target levels 8 apache-commons-ognl: - Provide apache-commons-ognl version 4.0-20191021git51cf8f4. (jsc#SLE-23217) apache-commons-parent: - Update apache-commons-parent from version 47 to version 52. (jsc#SLE-23217) * For a full changelog, please visit: https://github.com/apache/commons-parent/compare/commons-parent-47...rel/commons-parent-52 apache-commons-pool2: - Provide apache-commons-pool2 2.4.2 and solve installation issues. (jsc#SLE-23217) - There are no source changes. apache-commons-text: - Provide apache-commons-text version 1.10.0 (jsc#SLE-23217) * CVE-2022-42889: code execution when processing untrusted input due to insecure interpolation defaults. (bsc#1204284) * This is a new dependency of maven-javadoc-plugin. * Build with ant in order to avoid build cycles. apache-ivy: - Upgrade from version 2.4.0 to version 2.5.1. (jsc#SLE-23217) * CVE-2022-37866: path traversal via user-supplied pattern (bsc#1205142) * CVE-2022-37865: apache-ivy: Apache Ivy allow create/overwrite any file on the system. (bsc#1205138) * Breaking: + Removed old `fr\jayasoft\ivy\ant\antlib.xml` AntLib definition file. * Force building with JDK < 14, since it imports statically a class removed in JDK14. * Change dependencies for the httpclient to httpcomponents-client instead of apache-commons-httpclient. apache-logging-parent: - Update apache-logging-parent from version 2 to version 5. (jsc#SLE-23217) * Do not require maven-local, since it can be handled by javapackages-local apache-parent: - Check upstream source signature apache-pdfbox: - Update apache-pdfbox from version 1.8.16 to version 2.0.23. (jsc#SLE-23217) * CVE-2021-27807: infinite loop while loading a crafted PDF file. (bsc#1184356) * CVE-2021-27906: OutOfMemory-Exception while loading a crafted PDF file. (bsc#1184357) * Fix build with bouncycastle 1.71 and the new bcutil artifact * Build with source/target levels 8 * Package all resources in pdfbox module * Improve document signing * Allow reuse of subsetted fonts by inverting the ToUnicode CMap * Improve performance in signature validation * Add more checks to PDFXrefStreamParser and reduce memory footprint * Use StringBuilder for key in PDDeviceN.toRGBWithTintTransform() * Don't use RGB loop in PDDeviceN.toRGBWithTintTransform() * Add source signature and keyring * Move from 1.x release line to the 2.x one. This is a ABI change * Generate the ant build system from the maven one and customize it. apache-resource-bundles: - Provide apache-resource-bundles version 2 (jsc#SLE-23217) * This package contains templates for generating necessary license files and notices for all Apache releases. * This is a build dependency of apache-sshd apache-sshd: - Provide apache-sshd version 2.7.0 as dependency of eclipse-jgit (jsc#SLE-23217) apiguardian: - Build with source and target levels 8 (jsc#SLE-23217) aqute-bnd: - Update aqute-bnd from version 3.5.0 to version 5.2.0. (jsc#SLE-23217) * ant plugin is in separate artifact. * Produce bytecode compatible with Java 8 * Port to OSGI 7.0.0 * Require aqute-bndlib args4j: - Build with source and target levels 8 (jsc#SLE-23217) asm3: - Build with source and target levels 8 (jsc#SLE-23217) atinject: - Update atinject from version 1+20100611git1f74ea7 to version 1+20160610git1f74ea7. (jsc#SLE-23217) * Alias to the new jakarta name * Fetch the sources using a source service * Do not use the upstream build.sh, but use it to write a necessary part directly to the spec file * Build with source/target levels 8 * Fix build with javadoc 17. auto: - Update auto from version 1.3 to version 1.6.1. (jsc#SLE-23217) * Provide the auto-value-annotations artifact needed by google-errorprone * Provide auto-service-annotations and fix dependencies issues. avalon-framework: - Do not build against the log4j12 packages, use the new reload4j. (jsc#SLE-23217) avalon-logkit: - Do not build against the log4j12 packages, use the new reload4j. (jsc#SLE-23217) - Do not build the org.apache.log.output.lf5 package aws-sdk-java: - Build with java source and target levels 8. (jsc#SLE-23217) - Build against the standalone JavaEE modules unconditionally - Double the maximum memory for javadoc to avoid out-of-memory on certain architectures - Force generating javadoc with maven-javadoc-plugin, since the xmvn javadoc mojo doesn't work here. axis: - Require glassfish-activation-api in order to prevent missing APIs when running the ant task. (jsc#SLE-23217) - Unify the dependency on glassfish-activation-api instead of jaf and gnu-jaf. (jsc#SLE-23217) - On systems where the JavaEE modules exist, allow building against newer versions of APIs (jsc#SLE-23217) - Alias relevant artifacts to org.apache.axis (jsc#SLE-23217) - Do not build against the log4j12 packages, use the new reload4j (jsc#SLE-23217) - Require Java >= 1.8 (jsc#SLE-23217) base64coder: - Provide base64coder 20101219 and solve installation issues. (jsc#SLE-23217) - There are no source changes. beust-jcommander: - Provide beust-jcommander 1.71 and solve installation issues. (jsc#SLE-23217) - There are no source changes. bnd-maven-plugin: - Update bnd-maven-plugin from version 3.5.2 to version 5.2.0. (jsc#SLE-23217) * Produce bytecode compatible with Java 8 * Port to OSGI 7.0.0 * Require maven-mapping bouncycastle: - Update bouncycastle from version 1.64 to version 1.71. (jsc#SLE-23217) * Relevant fixes - CVE-2020-28052: OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password. (bsc#1180215) - CVE-2020-15522: Timing issue within the EC math library. (bsc#1186328) - Blake 3 output limit is enforced. - The PKCS12 KeyStore was relying on default precedence for its key Cipher implementation so was sometimes failing if used from the keytool. The KeyStore class now makes sure it uses the correct Cipher implementation. - ASN.1: More robust handling of high tag numbers and definite-length forms. - BCJSSE: Don't log sensitive system property values (GH#976). - The IES AlgorithmParameters object has been re-written to properly support all the variations of IESParameterSpec. - PGPPublicKey.getBitStrength() now properly recognises EdDSA keys. - In line with GPG the PGP API now attempts to preserve comments containing non-ascii UTF8 characters. - An accidental partial dependency on Java 1.7 has been removed from the TLS API. - Lightweight and JCA conversion of Ed25519 keys in the PGP API could drop the leading byte as it was zero. This has been fixed. - Marker packets appearing at the start of PGP public key rings could cause parsing failure. This has been fixed. - ESTService could fail for some valid Content-Type headers. This has been fixed. - CertificateFactory.generateCertificates()/generateCRLs() would throw an exception if extra data was found at the end of a PEM file even if valid objects had been found. Extra data is now ignored providing at least one object found. - PGP ArmoredInputStream now fails earlier on malformed headers. - Ed25519 keys being passed in via OpenSSH key spec are now validated in the KeyFactory. - Blowfish keys are now range checked on cipher construction. - The BasicConstraintsValidation class in the BC cert path validation tools has improved conformance to RFC 5280. - Fix various conversions and interoperability for XDH and EdDSA between BC and SunEC providers. - TLS: Prevent attempts to use KeyUpdate mechanism in versions before TLS 1.3. - Some BigIntegers utility methods would fail for BigInteger.ZERO. This has been fixed. - PGPUtil.isKeyRing() was not detecting secret sub-keys in its input. This has been fixed. - BCJSSE: Lock against multiple writers - a possible synchronization issue has been removed. - Certificates/CRLs with short signatures could cause an exception in toString() in the BC X509 Certificate implmentation - In line with latest changes in the JVM, SignatureSpis which don't require parameters now return null on engineGetParameters() - The RSA KeyFactory now always preferentially produces RSAPrivateCrtKey where it can on requests for a KeySpec based on an RSAPrivateKey - CMSTypedStream$FullReaderStream now handles zero length reads correctly - CMS with Ed448 using a direct signature was using id-shake256-len rather than id-shake256. - Use of GCMParameterSpec could cause an AccessControlException under some circumstances. - DTLS: Fixed high-latency HelloVerifyRequest handshakes. - An encoding bug for rightEncoded() in KMAC has been fixed. - For a few values the cSHAKE implementation would add unnecessary pad bytes where the N and S strings produced encoded data that was block aligned. - DLExternal would encode using DER encoding for tagged SETs. - ChaCha20Poly1305 could fail for large (>~2GB) files. - ChaCha20Poly1305 could fail for small updates when used via the provider. - Properties.getPropertyValue could ignore system property when other local overrides set. - The entropy gathering thread was not running in daemon mode, meaning there could be a delay in an application shutting down due to it. - A recent change in Java 11 could cause an exception with the BC Provider's implementation of PSS. - BCJSSE: TrustManager now tolerates having no trusted certificates. - BCJSSE: Choice of credentials and signing algorithm now respect the peer's signature_algorithms extension properly. * Additional Features and Functionality - Missing PGP CRC checksums can now be optionally ignored using setDetectMissingCRC() (default false) on ArmoredInputStream. - PGPSecretKey.copyWithNewPassword() now has a variant which uses USAGE_SHA1 for key protection if a PGPDigestCalculator is passed in. - PGP ASCII armored data now skips "\t", "\v", and "\f". - PKCS12 files with duplicate localKeyId attributes on certificates will now have the incorrect attributes filtered out, rather than the duplicate causing an exception. - PGPObjectFactory will now ignore packets representing unrecognised signature versions in the input stream. - The X.509 extension generator will now accumulate some duplicate X.509 extensions into a single extension where it is possible to do so. - Removed support for maxXofLen in Kangaroo digest. - Ignore marker packets in PGP Public and Secret key ring collection. - An implementation of LEA has been added to the low-level API. - Access, recovery, and direct use for PGP session keys has been added to the OpenPGP API for processing encrypted data. - A PGPCanonicalizedDataGenerator has been added which converts input into canonicalized literal data for text and UTF-8 mode. - A getUserKeyingMaterial() method has been added to the KeyAgreeRecipientInformation class. - ASN.1: Tagged objects (and parsers) now support all tag classes. Special code for ApplicationSpecific has been deprecated and re-implemented in terms of TaggedObject. - ASN.1: Improved support for nested tagging. - ASN.1: Added support for GraphicString, ObjectDescriptor, RelativeOID. - ASN.1: Added support for constructed BitString encodings, including efficient parsing for large values. - TLS: Added support for external PSK handshakes. - TLS: Check policy restrictions on key size when determining cipher suite support. - A performance issue in KeccakDigest due to left over debug code has been identified and dealt with. - BKS key stores can now be used for collecting protected keys (note: any attempt to store such a store will cause an exception). - A method for recovering user keying material has been added to KeyAgreeRecipientInformation. - Support has been added to the CMS API for SHA-3 based PLAIN-ECDSA. - The low level BcDefaultDigestProvider now supports the SHAKEfamily of algorithms and the SM3 alogirthm. - PGPKeyRingGenerator now supports creation of key-rings with direct-key identified keys. - The PQC NIST candidate, signature algorithm SPHINCS+ has been added to the low-level API. - ArmoredInputStream now explicitly checks for a '\n' if in crLF mode. - Direct support for NotationDataOccurances, Exportable,Revocable, IntendedRecipientFingerPrints, and AEAD algorithm preferences has been added to PGPSignatureSubpacketVector. - Further support has been added for keys described using S-Expressions in GPG 2.2.X. - Support for OpenPGP Session Keys from the (draft) Stateless OpenPGP CLI has been added. - Additional checks have been added for PGP marker packets in the parsing of PGP objects. - A CMSSignedData.addDigestAlgorithm() has been added to allow for adding additional digest algorithm identifiers to CMS SignedData structures when required. - Support has been added to CMS for the LMS/HSS signature algorithm. - The system property "org.bouncycastle.jsse.client.assumeOriginalHostName" (default false) has been added for dealing with SNI problems related to the host name not being propagate by the JVM. - The JcePKCSPBEOutputEncryptorBuilder now supports SCRYPT with ciphers that do not have algorithm parameters (e.g. AESKWP). - Support is now added for certificates using ETSI TS 103 097, "Intelligent Transport Systems (ITS)" in the bcpkix package. - Added support for OpenPGP regular expression signature packets. - added support for OpenPGP PolicyURI signature packets. - A utility method has been added to PGPSecretKeyRing to allow for inserting or replacing a PGPPublicKey. - The NIST PQC Finalist, Classic McEliece has been added to the low level API and the BCPQC provider. - The NIST PQC Alternate Candidate, SPHINCS+ has been added to the BCPQC provider. - The NIST PQC Alternate Candidate, FrodoKEM has been added to the low level API and the BCPQC provider. - The NIST PQC Finalist, SABER has been added to the low level API and the BCPQC provider. - KMAC128, KMAC256 has been added to the BC provider (empty customization string). - TupleHash128, TupleHash256 has been added to the BC provider (empty customization string). - ParallelHash128, ParallelHash256 has been added to the BC provider (empty customization string, block size 1024 bits). - Two new properties: "org.bouncycastle.rsa.max_size" (default 15360) and "org.bouncycastle.ec.fp_max_size" (default 1042) have been added to cap the maximum size of RSA and EC keys. - RSA modulus are now checked to be provably composite using the enhanced MR probable prime test. - Imported EC Fp basis values are now validated against the MR prime number test before use. The certainty level of the prime test can be determined by "org.bouncycastle.ec.fp_certainty" (default 100). - The BC entropy thread now has a specific name: "BC-ENTROPY-GATHERER". - Utility methods have been added for joining/merging PGP public keys and signatures. - Blake3-256 has been added to the BC provider. - DTLS: optimisation to delayed handshake hash. - Further additions to the ETSI 102 941 support in the ETSI/ITS package: certification request, signed message generation and verification now supported. - CMSSignedDataGenerator now supports the direct generation of definite-length data. - The NetscapeCertType class now has a hasUsages() method on it for querying usage settings on its bit string. - Support for additional input has been added for deterministic (EC)DSA. - The OpenPGP API provides better support for subkey generation. - BCJSSE: Added boolean system properties "org.bouncycastle.jsse.client.dh.disableDefaultSuites" and "org.bouncycastle.jsse.server.dh.disableDefaultSuites". Default "false". Set to "true" to disable inclusion of DH cipher suites in the default cipher suites for client/server respectively. - GCM-SIV has been added to the lightweight API and the provider. - Blake3 has been added to the lightweight API. - The OpenSSL PEMParser can now be extended to add specialised parsers. - Base32 encoding has now been added, the default alphabet is from RFC 4648. - The KangarooTwelve message digest has been added to the lightweight API. - An implementation of the two FPE algorithms, FF1 and FF3-1 in SP 800-38G has been added to the lightweight API and the JCE provider. - An implementation of ParallelHash has been added to the lightweight API. - An implementation of TupleHash has been added to the lightweight API. - RSA-PSS now supports the use of SHAKE128 and SHAKE256 as the mask generation function and digest. - ECDSA now supports the use of SHAKE128 and SHAKE256. - PGPPBEEncryptedData will now reset the stream if the initial checksum fails so another password can be tried. - Iterators on public and secret key ring collections in PGP now reflect the original order of the public/secret key rings they contain. - KeyAgreeRecipientInformation now has a getOriginator() method for retrieving the underlying orginator information. - PGPSignature now has a getDigestPrefix() method for people wanting exposure to the signature finger print details. - The old BKS-V1 format keystore is now disabled by default. If you need to use BKS-V1 for legacy reasons, it can be re-enabled by adding: org.bouncycastle.bks.enable_v1=true to the java.security file. We would be interested in hearing from anyone that needs to do this. - PLAIN-ECDSA now supports the SHA3 digests. - Some highlevel support for RFC 4998 ERS has been added for ArchiveTimeStamp and EvidenceRecord. The new classes are in the org.bouncycastle.tsp.ers package. - ECIES has now also support SHA256, SHA384, and SHA512. - digestAlgorithms filed in CMS SignedData now includes counter signature digest algorithms where possible. - A new property "org.bouncycastle.jsse.config" has been added which can be used to configure the BCJSSE provider when it is created using the no-args constructor. - In line with changes in OpenSSL 1.1.0, OpenSSLPBEParametersGenerator can now be configured with a digest. - PGPKeyRingGenerator now includes a method for adding a subkey with a primary key binding signature. - Support for ASN.1 PRIVATE tags has been added. - Performance enhancements to Nokeon, AES, GCM, and SICBlockCipher. - Support for ecoding/decoding McElieceCCA2 keys has been added to the PQC API - BCJSSE: Added support for jdk.tls.maxCertificateChainLength system property (default is 10). - BCJSSE: Added support for jdk.tls.maxHandshakeMessageSize system property (default is 32768). - BCJSSE: Added support for jdk.tls.client.enableCAExtension (default is 'false'). - BCJSSE: Added support for jdk.tls.client.cipherSuites system property. - BCJSSE: Added support for jdk.tls.server.cipherSuites system property. - BCJSSE: Extended ALPN support via standard JSSE API to JDK 8 versions after u251/u252. - BCJSSE: Key managers now support EC credentials for use with TLS 1.3 ECDSA signature schemes (including brainpool). - TLS: Add TLS 1.3 support for brainpool curves per RFC 8734. - BCJSSE: Added support for system property com.sun.net.ssl.requireCloseNotify. Note that we are using a default value of 'true'. - BCJSSE: 'TLSv1.3' is now a supported protocol for both client and server. For now it is only enabled by default for the 'TLSv1.3' SSLContext, but can be explicitly enabled using 'setEnabledProtocols' on an SSLSocket or SSLEngine, or via SSLParameters. - BCJSSE: Session resumption is now also supported for servers in TLS 1.2 and earlier. For now it is disabled by default, and can be enabled by setting the boolean system property org.bouncycastle.jsse.server.enableSessionResumption to 'true'. - The provider RSA-PSS signature names that follow the JCA naming convention. - FIPS mode for the BCJSSE now enforces namedCurves for any presented certificates. - PGPSignatureSubpacketGenerator now supports editing of a pre-existing sub-packet list. - Performance improvement of Argon2 and Noekeon - A setSessionKeyObfuscation() method has been added to PublicKeyKeyEncryptionMethodGenerator to allow turning off of session key obfuscation (default is on, method primarily to get around early version GPG issues with AES-128 keys) - Implemented 'safegcd' constant-time modular inversion (as well as a variable-time variant). It has replaced Fermat inversion in all our EC code, and BigInteger.modInverse in several other places, particularly signers. This improves side-channel protection, and also gives a significant performance boost - Performance of custom binary ECC curves and Edwards Curves has been improved - BCJSSE: New boolean system property 'org.bouncycastle.jsse.keyManager.checkEKU' allows to disable ExtendedKeyUsage restrictions when selecting credentials (although the peer may still complain) - Initial support has been added for "Composite Keys and Signatures For Use In Internet PKI" using the test OID. Please note there will be further refinements to this as the draft is standardised - The BC EdDSA signature API now supports keys implementing all methods on the EdECKey and XECKey interfaces directly - Further optimization work has been done on GCM - A NewHope based processor, similar to the one for Key Agreement has been added for trying to "quantum hard" KEM algorithms - PGP clear signed signatures now support SHA-224 - Treating absent vs NULL as equivalent can now be configured by a system property. By default this is not enabled - Mode name checks in Cipher strings should now make sure an improper mode name always results in a NoSuchAlgorithmException - In line with changes in OpenSSL, the OpenSSLPBKDF now uses UTF8 encoding - The qTESLA signature algorithm has been updated to v2.8 (20191108). - BCJSSE: Client-side OCSP stapling now supports status_request_v2 extension. - Support has been added for "ocsp.enable", "ocsp.responderURL" and PKIXRevocationChecker for users of Java 8 and later. - Support has been added for "org.bouncycastle.x509.enableCRLDP" to the PKIX validator. - BCJSSE: Now supports system property 'jsse.enableFFDHE' - BCJSSE: Now supports system properties 'jdk.tls.client.SignatureSchemes' and 'jdk.tls.server.SignatureSchemes'. - Multi-release support has been added for Java 11 XECKeys. - Multi-release support has been added for Java 15 EdECKeys. - The MiscPEMGenerator will now output general PrivateKeyInfo structures. - A new property "org.bouncycastle.pkcs8.v1_info_only" has been added to make the provider only produce version 1 PKCS8 PrivateKeyInfo structures. - The PKIX CertPathBuilder will now take the target certificate from the target constraints if a specific certificate is given to the selector. - BCJSSE: A range of ARIA and CAMELLIA cipher suites added to supported list. - BCJSSE: Now supports the PSS signature schemes from RFC 8446 (TLS 1.2 onwards). - Performance of the Base64 encoder has been improved. - The PGPPublicKey class will now include direct key signatures when checking for key expiry times. - LMS and HSS (RFC 8554) support has been added to the low level library and the PQC provider. - SipHash128 support has been added to the low level library and the JCE provider. - BCJSSE: BC API now supports explicitly specifying the session to resume. - BCJSSE: Ed25519, Ed448 are now supported when TLS 1.2 or higher is negotiated (except in FIPS mode). - BCJSSE: Added support for extended_master_secret system properties: jdk.tls.allowLegacyMasterSecret, jdk.tls.allowLegacyResumption, jdk.tls.useExtendedMasterSecret. - BCJSSE: Ed25519, Ed448 are now supported when TLS 1.2 or higher is negotiated (except in FIPS mode). - BCJSSE: KeyManager and TrustManager now check algorithm constraints for keys and certificate chains. - BCJSSE: KeyManager selection of server credentials now prefers matching SNI hostname (if any). - BCJSSE: KeyManager may now fallback to imperfect credentials (expired, SNI mismatch). - BCJSSE: Client-side OCSP stapling support (beta version: via status_request extension only, provides jdk.tls.client.enableStatusRequestExtension, and requires CertPathBuilder support). - TLS: DSA in JcaTlsCrypto now falls back to stream signing to work around NoneWithDSA limitations in default provider. * Notes - The deprecated QTESLA implementation has been removed from the BCPQC provider. - The submission update to SPHINCS+ has been added. This changes the generation of signatures - particularly deterministic ones. - While this release should maintain source code compatibility, developers making use of some parts of the ASN.1 library will find that some classes need recompiling. Apologies for the inconvenience. - There is a small API change in the PKIX package to the DigestAlgorithmIdentifierFinder interface as a find() method that takes an ASN1ObjectIdentifier has been added to it. For people wishing to extend their own implementations, see DefaultDigestAlgorithmIdentifierFinder for a sample implementation. - A version of the bcmail API supporting Jakarta Mail has now been added (see bcjmail jar). - Some work has been done on moving out code that does not need to be in the provider jar. This has reduced the size of the provider jar and should also make it easier for developers to patch the classes involved as they no longer need to be signed. bcpkix and bctls are both dependent on the new bcutil jar. - The qTESLA update breaks compatibility with previous versions. Private keys now include a hash of the public key at the end, and signatures are no longer interoperable with previous versions. - Add build dependencies on mvn(jakarta.activation:jakarta.activation-api) and mvn(jakarta.mail:jakarta.mail-api) - Remove unneeded script bouncycastle_getpoms.sh from sources - Build against the standalone JavaEE modules unconditionally - Build with source/target levels 8 - Add glassfish-activation-api dependency so that we can build with JDK that does not contain the JavaEE modules - Add bouncycastle_getpoms.sh to get pom files from Maven repos - Add OSGi manifests to the distributed jars so that they can be used from eclipse (default enabled protocols). bsf: - Provide bsf 2.4.0 and solve installation issues. (jsc#SLE-23217) - There are no source changes. bsh2: - Provide bsh2 2.0.0.b6 and solve installation issues. (jsc#SLE-23217) - There are no source changes. cal10n: - Update cal10n from version 0.7.7 to version 0.8.1.10. (jsc#SLE-23217) * Fetch sources using source service from ch.qos git * Upgrade to the 10th commit after 0.8.1 calling it 0.8.1.10 * Add the cal10n-ant-task to built artifacts * This release adds JSR-269 support. In other words, verification of bundles can be performed at compilation time. See the related documentation for more details. * Fix issue with Eclipse not finding existing resources. Eclipse will find bundles located under "src/main/resources" but still fail to find bundles located under "src/test/resources/". * When reading in bundles, the verify method in MessageKeyVerifier now uses the locale passed as parameter instead of always Locale.FR. * Update build.xml-0.7.7.tar.xz to build.xml-0.8.1.tar.xz with references to version 0.8.1 to build correctly versioned jar files. cbi-plugins: - Build only on architectures where eclipse is supported. (jsc#SLE-23217) - Do not build against the legacy version of guava any more. (jsc#SLE-23217) - Fix build with newer auto version by adding the auto-value-annotations artifact to the dependencies cdi-api: - Update cdi-api from version 1.2 to version 2.0.2. (jsc#SLE-23217) * Build with java source and target levels 8 * Remove dependency on glassfish-el cglib: - Update cglib from version 3.2.4 to version 3.3.0. (jsc#SLE-23217) * Remove links between artifacts and their parent since we are not building with maven * Don't inject <optional>true</optional> in cglib pom, as 3.3.0 already provides that option and it makes the POM xml incorrect. checker-qual: - Provide checker-qual version 3.22.0. (jsc#SLE-23217) * Checker Qual contains annotations (type qualifiers) that a programmer writes to specify Java code for type-checking by the Checker Framework. * This is a dependency of Guava classmate: - Provide classmate version 1.5.1 (jsc#SLE-23217) codemodel: - Provide codemodel version 2.6 (jsc#SLE-23217) codenarc: - Do not generate test stubs by gmavenplus-plugin, since we are not building or running tests during build. - Build with source and target levels 8 (jsc#SLE-23217) concurrentlinkedhashmap-lru: - Provide concurrentlinkedhashmap-lru version 1.3.2 (jsc#SLE-23217) decentxml: - Build with source and target levels 8 (jsc#SLE-23217) dom4j: - Build against the standalone JavaEE modules unconditionally. (jsc#SLE-23217) - Add alias to the new artifact coordinates org.dom4j:dom4j. (jsc#SLE-23217) - Add jaxb-api dependency for relevant distribution versions so that we can build with JDKs that do not include the JavaEE modules. (jsc#SLE-23217) ecj: - Update ecj from version 4.12 to version 4.18. (jsc#SLE-23217) * the encoding needs to be set for all JDK versions * Upgrade to eclipse 4.18 ecj * Switch java14api to java15api to be compatible to JDK 15 * Switch to JDK 11 for build a JDK 8 is not supported anymore by ecj * Switch java10api to java14api to be compatible to JDK 14 eclipse: - Update eclipse from version 4.9.0 to version 4.15. (jsc#SLE-23217) * Force building with Java 11, since tycho is not knowing about any Java >= 15 * Add support for riscv64 * Allow building with objectweb-asm 9.x * Do not require Java10 APIs artifact when building with java 11 * Fix unresolved symbols when trying to load libkeystorelinuxnative.so on platforms that have it * Build only on 64-bit architectures, since 32-bit support was dropped upstream * Fix build with gcc 10 * Build against jgit, since jgit-bootstrap does not exist * The dependencies of felix-scr changed. So stop linking xpp3 and kxml and link osgi.cmpn as symlink plugins. * Filter out the *SUNWprivate_1.1* symbols from requires eclipse-ecf: - Update eclipse-ecffrom version 3.14.1 to version 3.14.8. (jsc#SLE-23217) * Build against jgit, since jgit-bootstrap does not exist * Allow building with objectweb-asm 9.x * Force building with Java 11, since tycho is not knowing about any Java >= 15 eclipse-egit: - Update eclipse-egit from version 5.1.3 to version 5.11.0. (jsc#SLE-23217) * Needed because of change of eclipse-jgit to 5.11.0 * Force building with Java 11, since tycho is not knowing about any Java >= 15 * Build only on 64-bit architectures, since 32-bit support was dropped upstream eclipse-emf: - Update eclipse-emf from version 2.15.0~gitd1e5fdd to version 2.22.0. (jsc#SLE-23217) * Build against jgit, since jgit-bootstrap does not exist * Force building with Java 11, since tycho is not knowing about any Java >= 15 * Build only on 64-bit architectures, since 32-bit support was dropped upstream eclipse-jgit: - Update eclipse-jgit from version 5.1.3 to version 5.11.0. (jsc#SLE-23217) * Fix build against apache-sshd 2.7.0 * Restore java 8 compatibility when building with java 9+ * Split the build into two spec files instead of multibuild. One produces the maven artifacts, the jgit command-line and the other produces eclipse features. eclipse-license: - Update eclipse-license from version 2.0.1 to version 2.0.2. (jsc#SLE-23217) * Build only on architectures where eclipse is supported * Force building with Java 11, since tycho is not knowing about any Java >= 15 * Update the eclipse-license2 feature to 2.0.0 eclipse-swt: - Provide eclipse-swt version 4.9.0 for i586 architecture. (jsc#SLE-23217) ed25519-java: - Provide ed25519-java version 0.3.0. (jsc#SLE-23217) ee4j: - Provide ee4j veersion 1.0.7 exec-maven-plugin: - Update exec-maven-plugin from version 1.6.0 to version 3.0.0. (jsc#SLE-23217) extra166y: - Build with source and target levels 8 (jsc#SLE-23217) ezmorph: - Do not build against the log4j12 packages. (jsc#SLE-23217) - Build with source and target levels 8. (jsc#SLE-23217) felix-bundlerepository: - Provide felix-bundlerepository version 2.0.10. (jsc#SLE-23217) felix-gogo-command: - Remove forcing of maven.compiler.release, since it is not needed anymore. (jsc#SLE-23217) felix-gogo-runtime: - Rewrite the build system to ant so that is it possible to eventually avoid build cycles with maven-plugin-bundle built against felix-bundlerepository. (jsc#SLE-23217) felix-osgi-compendium: - Build with source and target levels 8 (jsc#SLE-23217) felix-osgi-foundation: - Build with source and target levels 8 (jsc#SLE-23217) felix-osgi-obr: - Provide felix-osgi-obr version 1.0.2. (jsc#SLE-23217) felix-scr: - Update felix-scr from version 2.0.14 to version 2.1.16. (jsc#SLE-23217) * Drop dependencies on kxml and xpp, use the system SAX implementation instead * Do not embed dependencies, use import-package instead felix-shell: - Rewrite the build system to ant so that is it possible to eventually avoid build cycles with maven-plugin-bundle built against felix-bundlerepository. (jsc#SLE-23217) - Build against OSGi R7 APIs felix-utils: - Update felix-utils from version 1.10.4 to version 1.11.4. (jsc#SLE-23217) * Migrate away from the old felix-osgi implementation fmpp: - Build with source and target levels 8 (jsc#SLE-23217) freemarker: - Update freemarker from version 2.3.28 to version 2.3.31. (jsc#SLE-23217) * Fix build with javacc 7.0.11 * Package the manual. Add build dependency on docbook5-xsl-stylesheets * On supported platforms, avoid building with OpenJ9, in order to prevent build cycles geronimo-specs: - Set version for the specs comming from tag 1_1_1 in order to avoid unexpanded version macros in pom files. - On supported platforms, avoid building with OpenJ9, in order to prevent build cycles. glassfish-activation: - Provide glassfish-activation version 1.2.0. (jsc#SLE-23217) glassfish-annotation-api: - Build with source and target levels 8 (jsc#SLE-23217) glassfish-dtd-parser: - Provide glassfish-dtd-parser version 1.4 (jsc#SLE-23217) glassfish-fastinfoset: - Provide glassfish-fastinfoset version 1.2.15. (jsc#SLE-23217) glassfish-jaxb-api: - Provide glassfish-activation version 2.4.0. (jsc#SLE-23217) glassfish-jaxb: - Provide glassfish-jaxb version 2.3.1. (jsc#SLE-23217) glassfish-jax-rs-api: - Change the tarball location, since the old location does not work anymore glassfish-jsp: - Build with source and target levels 8 (jsc#SLE-23217) glassfish-servlet-api: - Provide glassfish-servlet-api 3.1.0 and solve installation issues. (jsc#SLE-23217) - There are no source changes. glassfish-transaction-api: - Build with target source and target levels 8. (jsc#SLE-23217) - Specify specMode=javaee to be able to use newer spec-version-maven-plugin. gmavenplus-plugin: - Update gmavenplus-plugin from version 1.5 to version 1.13.1. (jsc#SLE-23217) * Relevant fixes: + Using bindAllProjectProperties and bindSessionUserOverrideProperties together can cause an NPE. + Certain AST transformations had classloader issues because 1.12.0 was no longer setting the context classloader. + The classloader project dependencies are loaded onto is reused between modules, so each module was a superset of all modules that preceded it. Also, the console, execute, and shell mojos didn't pass the classloader to use into the instantiated GroovyConsole/GroovyShell, so it accidentally was using the plugin classloader, even when configured to use PROJECT_ONLY classpath. Potentially breaking changes: This should be a non-breaking change (except for unusual situations that were relying on the previous incorrect behavior). However, since it's a significant change, there's a version bump for highlighitng the potential issue. + Disable system exits by default, to avoid potential thread safety issues. * Potentially breaking changes: changes the default of not allowing System.exits to allowing them. * Enhancements: + Add support for targetting Java 10, 11, 13, 14, 15, 17, 18. + Update Ant from 1.10.8 to 1.10.11. + Update Jansi to 2.x. + Change JDK compatibility check to also account for Java 16. + Some tweaks for Groovy 4 (most notably, invokedynamic is enabled by default for Groovy 4 and cannot be disabled). + New parameter (attachGroovyDocAnnotation) to enable attaching GroovyDoc annotation. + New parameter (parallelParsing) to enable parallel parsing (enabled by default with Groovy 4). + Remove previewFeatures parameter from stub generation goals, since it's not used there. + Ability to override classes used to generate GroovyDoc (#91) + Ability to override GStringTemplates used for GroovyDoc (#105) + Ability to bind overridden properties (by binding project properties and/or session user properties) (#72) + Ability to load a script when launching GroovyConsole (#165) + Change default GroovyDoc jar artifact type to javadoc, so its extension gets set to "jar" by the artifact handler instead of "groovydoc" by the default handler logic which uses the type for the extension in the case of unknown types (#151). + Add skipBytecodeCheck property and parameter, so if a Java version comes out the plugin doesn't recognize, you can use it without having to wait for an update. + Use groovy.ant.AntBuilder instead of groovy.util.AntBuilder (if available). + Support Java preview features (#125) + New goals to create GroovyDoc jars (#124) + Use the new "groovy.console.ui.Console" package, if available, fall back to "groovy.ui.Console" + [36] - Allow script files to be executed as filenames as well as URLs (see Significant changes of note for an example) + [41] - Verify Groovy version supports target bytecode (See Potentially breaking changes for a description) + [46] - Remove scriptExtensions config option + [31/58] - Goals not consistantly named / IntelliJ improperly adding stub directories to sources + [61] - You can now skip Groovydoc generation with new skipGroovyDoc property (Thanks rvenutolo!) + [45] - GROOVY-7423 (JEP 118) Support (requires Groovy 2.5.0-alpha-1 or newer and enabled with new parameters boolean property) * Potentially breaking changes: + 46 will break your build if you are using scriptExtensions. But the fix is simple, just the delete the configuration option and GMavenPlus will automatically do the right thing. + 41 will break your build if you were passing an invalid target bytecode. GMavenPlus will no longer allow Groovy to silently default to 1.4 or 1.5. It will verify that the bytecode is supported by your Groovy version (that is, the option exists in org.codehaus.groovy.control.CompilerConfiguration), and fail if it isn't. + 58 will require renaming goals testGenerateStubs to generateTestStubs and testCompile to compileTests. IntelliJ has hard-coded the goal names in their plugin, and these names will make IntelliJ work with both GMaven and GMavenPlus. + In order to support using the latest Maven plugins (and to make GMavenPlus easier to maintain), GMavenPlus now requires Java 6 or newer and Maven 3.0.1 or newer (previously was Java 5 or newer and Maven 2.2.1 or newer). + testStubsOutputDirectory and stubsOutputDirectory inadvertently got renamed to outputDirectory, which conflicts with the configuration in the compile and compileTests goals. You may need to setup separate executions with separate configurations for each if you need to set that configuration option. + The Jansi upgrade should generally be compatible, but could cause issues with scripts that were using Jansi 1.x specific classes. + If you were using the previewFeatures parameter without also including a compilation goal that would make that config valid, the build will fail because it's no longer a valid parameter. The fix would be to move that configuration to the appropriate execution(s). + GroovyDoc jars and test GroovyDoc jars will now be of type "javadoc" and have extension "jar". Rather than type and extension "groovydoc". If you do not wish to transition to this new behavior, set the new artifactType or testArtifactType property to "groovydoc" to revert to the previous behavior. Notes: while the artifact type of GroovyDoc jars has changed, the Maven classifier has not. It remains "groovydoc", and you can still override that, just as before. + maven.groovydoc.skip property was renamed to skipGroovydoc so it matches the pattern of the other properties and won't seem to imply it's a property for a standard Maven plugin. + Using groovy.ant.AntBuilder instead of groovy.util.AntBuilder (when available on classpath). + Bundling Ant 1.10.7 instead of 1.10.5. + Bundling Ivy 2.5.0 instead of 2.4.0. + If you were using useSharedClasspath before, you will need to replace it with new values. Please, check the docuemntation for the full details. + Another notable difference is that when using this new configuration parameter in compile, compileTests, generateStubs, or generateTestStubs goals, now also uses the configurator to add the project dependencies to the classpath with the plugin's dependencies. Previously, this only happened in the goals other than the ones mentioned. + corrects an inadvertent breaking change made in 1.6.0 Please, check the documentation the full list of changes. + In addition, unused parameters have been removed: * addSources * -> skipTests * -> testSources * addStubSources * -> skipTests * -> sources * -> testSources * addTestSources * -> outputDirectory * -> skipTests * -> sources * addTestStubSources * -> sources * -> testSources * compile * -> skipTests * -> testSources * compileTests * -> sources * console * -> skipTests * execute * -> skipTests * generateStubs * -> skipTests * -> testSources * generateTestStubs * -> sources * groovydoc * -> skipTests * -> testSources * -> testGroovyDocOutputDirectory * groovydocTests * -> skipTests * -> sources * removeStubs * -> skipTests * -> sources * -> testSources * removeTestStubs * -> sources * -> testSources * shell * -> skipTests + Lastly, addTestStubSources and removeTestStubs now respect the skipTests flag, for consistency. * Notes: + Now officially requires Java 7 instead of 6. This is not a breaking change, however, since this was actually already required because of plexus-classworlds. This just wasn't discovered until an enforcer rule was added to check bytecode versions of dependencies. gmetrics: - Do not generate test stubs by gmavenplus-plugin, since we are not building or running tests during build. (jsc#SLE-23217) google-errorprone-annotations: - Provide google-errorprone-annotations 2.11.0. (jsc#SLE-23217) * This is a new dependency of Guava google-gson: - Update google-gson to version 2.8.9. (jsc#SLE-24261) * Make OSGi bundle's dependency on sun.misc optional. * Deprecate Gson.excluder() exposing internal Excluder class. * Prevent Java deserialization of internal classes. * Improve number strategy implementation. * Fix LongSerializationPolicy null handling being inconsistent with Gson. * Support arbitrary Number implementation for Object and Number deserialization. * Bump proguard-maven-plugin from 2.4.0 to 2.5.1. * Fix RuntimeTypeAdapterFactory depending on internal Streams class. * Build with Java >= 9 in order to produce a modular jar by compiling the module-info.java sources with all other classes built with release 8 and still compatible with Java 8 google-guice: - Avoid using xmvn-resolve and xmvn-install in order to avoid build cycles with new dependencies in dependent packages - Build only the NO_AOP version of the guice.jar and alias accordingly so that it provides both (jsc#SLE-23217) - Build with source/target 8 so that the default override from the interface can be used - Build javadoc with source level 8 - Do not build against the compatibility guava20 (jsc#SLE-23217) google-http-java-client: - Build with source and target levels 8 (jsc#SLE-23217) google-oauth-java-client: - Build with source and target levels 8 (jsc#SLE-23217) gpars: - Do not force building with java <= 15, since we now can run gradle-bootstrap with Java 17 too. (jsc#SLE-23217) - Build against the org.jboss.netty:netty artifact, since the compat versions are not existing any more - Build with source and target levels 8 gradle-bootstrap: - Update gradle-bootstrap from version 2.4.16 to version 2.4.21. (jsc#SLE-23217) * Regenerate to account for changes in gradle and groovy packages * Modify the launcher so that gradle-bootstrap can work with Java 17 * Adapt to the change in jline/jansi dependencies of gradle * The org.jboss.netty:netty artifact does not exist any more under compatibility versions * Regenerate to account for maven-resolver upgrade to 1.7.3 and the new added maven-resolver-named-locks artifact * Regenerate to account for aqute-bnd upgrade to 5.1.1 and related changes in other libraries * Regenerate to account for guava upgrade to 30.1.1 * Regenerate to account for groovy upgrade to 2.4.21 gradle: - Allow actually build gradle using Java 16+ - Modify the launcher so that gradle can work with Java 17 - Do not force building with java <= 15, since we now can run gradle-bootstrap with Java 17 too. (jsc#SLE-23217) - Build against jansi 2.x - Remove the jansi-native and hawtjni-runtime dependencies, since jansi 2.x does not depend on them - Fix build with maven-resolver 1.7.x - Remove from build dependencies some artifacts that are not needed - Add osgi-compendium to the dependencies, since newer qute-bnd uses it - Do not build against the legacy guava20 package any more - Port gradle 4.4.1 to guava 30.1.1 - Set source level to 1.8, since guava 30 uses default functions in interfaces, which is Java 8+ feature groovy: - Solve illegal reflective access with Java 16+ - Do not force building with java <= 15, since we now can run gradle-bootstrap with Java 17 too. (jsc#SLE-23217) - Add the content of org.gradle.jvmargs to to the forked jvm in root compileJava task - Fixes build with Java 17 - Port to build against jansi 2.4.0 - Build the whole with java source and target levels 8 - Resolve parameter ambiguities with recent Java versions - Remove a bogus dependency on old asm3 groovy18: - Fix build against jansi 2.4.0 - Port to use jline 2.x instead of 1.x - Do not fork the groovyc and java tasks in the ant build.xml file, so that the ANT_OPTS are propagated to the tasks - Fix build with jdk17 - Build with source and target levels 8. (jsc#SLE-23217) - Cast to Collection to help compiler to resolve ambiguities with new JDKs - Remove dependency on the old asm3 guava20: - Build with java source and target levels 8. (jsc#SLE-23217) - Add bundle manifest to the guava jar so that it might be usable from eclipse guava: - Update Guava from version 25.0 to version 30.1.1. (jsc#SLE-23217) * CVE-2020-8908: A temp directory creation vulnerability allows an attacker with access to the machine to potentially access data in a temporary directory created by the Guava com.google.common.io.Files.createTempDir(). (bsc#1179926) * Remove parent reference from ALL distributed pom files hamcrest: - Build with source/target levels 8 - Fix build with jdk17 hawtjni-maven-plugin: - Update hawtjni-maven-pluginfrom version 1.17 to version 1.18. (jsc#SLE-23217) * Build with java source and target levels 8 * Use commons-lang3 instead of the old commons-lang hawtjni-runtime: - Update hawtjni-runtime from version 1.17 to version 1.18. (jsc#SLE-23217) * Build with java source and target levels 8 * Use commons-lang3 instead of the old commons-lang * Use in the path of hawtjni-generator the asm-all.jar that is not modular. This solves some problems with ASM version mismatch. http-builder: - Build with source and target levels 8. (jsc#SLE-23217) - Do not require gmavenplus-plugin, since it is only necessary to generate test stubs, but we do not run tests during build httpcomponents-client: - Update httpcomponents-client from version 4.5.6 to version 4.5.12. (jsc#SLE-23217) * Build with source/target levels 8 httpcomponents-core: - Update httpcomponents-core from version 4.4.10 to version 4.4.13. (jsc#SLE-23217) * Build with source/target levels 8 icu4j: - Update icu4j from version 63.1 to version 71.1. (jsc#SLE-23217) * Remove build-dependency on java-javadoc, since it is not necessary with this version. * Updates to CLDR 41 locale data with various additions and corrections. * Adds phrase-based line breaking for Japanese. Existing line breaking methods follow standards and conventions for body text but do not work well for short Japanese text, such as in titles and headings. This new feature is optimized for these use cases. * Adds support for Hindi written in Latin letters (hi_Latn). The CLDR data for this increasingly popular locale has been significantly revised and expanded. Note that based on user expectations, hi_Latn incorporates a large amount of English, and can also be referred to as "Hinglish". * ICU 71 and CLDR 41 are minor releases, mostly focused on bug fixes and small enhancements. * Updates to the time zone data version 2022a. Note that pre-1970 data for a number of time zones has been removed, as has been the case in the upstream tzdata release since 2021b. * Unicode 13 (ICU-20893, same as in ICU 66) * CLDR 37 + New language at Modern coverage: Nigerian Pidgin + New languages at Basic coverage: Fulah (Adlam), Maithili, Manipuri, Santali, Sindhi (Devanagari), Sundanese + Unicode 13 root collation data and Chinese data for collation and transliteration * DateTimePatternGenerator now obeys the "hc" preference in the locale identifier (ICU-20442) * Various other improvements for ECMA-402 conformance * Number skeletons have a new "concise" form that can be used in MessageFormat strings (ICU-20418) * Currency formatting options for formal and other currency display name variants (ICU-20854) * ListFormatter: new public API to select the style and type * Locale ID canonicalization upgraded to implement the complete CLDR spec (ICU-20834, ICU-20272) * LocaleMatcher: New option to ignore one-way matches, and other tweaks to the code and data isorelax: - Build with java target and source version 1.8 (jsc#SLE-23217) istack-commons: - Provide istack-commons version 3.0.7 (jsc#SLE-23217) j2objc-annotations: - Provide j2objc-annotations version 2.2 (jsc#SLE-23217) * This is a new dependency of Guava jackson-modules-base: - Provide jackson-modules-base version 2.13.3 (jsc#SLE-23217) jackson-parent: - Update jackson-parent from version 2.10 to version 2.13. (jsc#SLE-23217) * Add 'mvnw' wrapper * 'JsonSubType.Type' should accept array of names * Jackson version alignment with Gradle 6 * Add '@JsonIncludeProperties' * Add '@JsonTypeInfo(use=DEDUCTION)' * Ability to use '@JsonAnyGetter' on fields * Add '@JsonKey' annotation * Allow repeated calls to 'SimpleObjectIdResolver.bindItem()' for same mapping * Add 'namespace' property for '@JsonProperty' (for XML module) * Add target 'ElementType.ANNOTATION_TYPE' for '@JsonEnumDefaultValue' (was missing for some reason) * 'JsonPattern.Value.pattern' retained as "", never (accidentally) exposed as 'null' * Remove `jackson-annotations` baseline dependency, version * Upgrade to oss-parent 43 (jacoco, javadoc plugin versions) * Remove managed junit version (due to [jackson-bom#43]), promoted higher up on parent pom stack (to "jackson-base") * JDK baseline now JDK 8 jackson: - Remove all dependencies on asm3 - Build with java source and target levels 1.8 (jsc#SLE-23217) - Do not hardcode source and target levels, so that they can be overriden on command-line - Set classpath correctly so that the project builds with standalone JavaEE modules too jakarta-activation: - Provide jakarta-activation version 2.1.0. (jsc#SLE-23217) * Required by bouncycastle-jmail. jakarta-commons-discovery: - Distribute commons-discovery as maven artifact - Build with source and target levels 8 - Added build support for Enterprise Linux. jakarta-commons-modeler: - Update jakarta-commons-modeler from version 2.0 to version 2.0.1. (jsc#SLE-23217) * Build with java source and target levels 8 * Modeler 2.0.1 is binary and source compatible with Modeler 2.0 jakarta-mail: - Provide jakarta-mail version 2.1.0. (jsc#SLE-23217) * Requrired by bouncycastle-jmail. jakarta-taglibs-standard: - Provide jakarta-taglibs-standard 1.1.1 and solve installation issues. (jsc#SLE-23217) - There are no source changes. jandex: - Provide jandex version 2.4.2. (jsc#SLE-23217) janino: - Update janino from version 2.7.8 to version 3.1.6. (jsc#SLE-23217) * Build with source and target levels 8 * Require javapackages-tools * Provide commons-compiler subpackage that is needed by gradle jansi-native: - Build with source and target levels 8 (jsc#SLE-23217) jansi: - Update jansi from version 1.17.1 to version 2.4.0. (jsc#SLE-23217) * Build with source and target levels 8 * Give a possibility to load the native libjansi.so from system * Make the jansi package archful since it installs a native library and jni jar * Do not depend on jansi-native and hawtjni-runtime * Integrates jansi-native libraries jarjar: - Filter out the distributionManagement section from pom files, since we use aliases and not relocations - Drop maven2-plugin. (jsc#SLE-23217) jatl: - Build with source and target levels 8 (jsc#SLE-23217) javacc-maven-plugin: - Build with source and target levels 8 (jsc#SLE-23217) javacc: - Update javacc from version 7.0.4 to version 7.0.11. (jsc#SLE-23217) * The following changes are not upward compatible with the previous 7.0.5 version but have a very little impact on existing grammars. Main advantage is to prepare a more smooth upgrade with the upcoming javacc-8.0.0 major release. * C++ generation: renaming the option TOKEN_EXTENDS by TOKEN_SUPER_CLASS * C++ generation: renaming the option TOKEN_INCLUDES by TOKEN_INCLUDE * C++ generation: renaming the option PARSER_INCLUDES by PARSER_INCLUDE * C++ generation: renaming the option TOKEN_MANAGER_INCLUDES by TOKEN_MANAGER_INCLUDE * Add support for Java7 language features. * Allow empty type parameters in Java code of grammar files. * LookaheadSuccess creation performance improved. * Removing IDE specific files. * Declare trace_indent only if debug parser is enabled. * CPPParser.jj grammar added to grammars. * Build with Maven is working again. * WARNING: Required Java Platform: Standard Edition 7.0: known under Eclipse as JavaSE-1.7 * Build with source/target levels 8 java-cup: - Update java-cup from version 11a to version 11b. (jsc#SLE-23217) * Regenerate the generated files with newer flex * Fetch sources using source service java-cup-bootstrap: - Update java-cup-bootstrap from version 11a to version 11b. (jsc#SLE-23217) * Regenerate the generated files with newer flex * Fetch sources using source service javaewah: - Build with source and target levels 8 (jsc#SLE-23217) javamail: - Add alias to com.sun.mail:jakarta.mail needed by ant-javamail - Remove all parents, since this package is not built with maven - Assure that every dependency has a version, or at least "any" and fixes use with gradle. (jsc#SLE-23217) - Build against the standalone JavaEE modules unconditionally - Build with source/target levels 8 - Add glassfish-activation-api dependency for relevant distribution versions to make buildable with JDK that does not contain the JavaEE modules javapackages-meta: - Fix requires not to have to redo the package on each javapackages-tools update. (jsc#SLE-23217) javapackages-tools: - Update javapackages-tools from version 5.3.0 to version 5.3.1. (jsc#SLE-23217) * Let maven_depmap.py generate metadata with dependencies under certain circumstances * Fix the python subpackage generation with python-rpm-macro * Support python subpackages for each flavor * Replace old nose with pytest gh#fedora-java/javapackages#86 * when building extra flavor, BuildRequire javapackages-filesystem: /etc/java is being cleaned out of the filesystems package. javaparser: - Update javaparser from version 3.3.5 to version 3.24.2. (jsc#SLE-23217) * Upgrade needed to be able to upgrade jctools and make them not depend hard on Java 8. For the full changelog, please refer to the official documentation. javassist: - Update javassist from version 3.23.1 to version 3.29.0. (jsc#SLE-23217) * Requires java >= 1.8 * Add OSGi manifest to the javassist.jar * For the full changelog, please check the official documentation. jboss-interceptors-1.2-api: - Build with source and target levels 8 (jsc#SLE-23217) jboss-websocket-1.0-api: - Build with source and target levels 8 (jsc#SLE-23217) jcache: - Provide jcache version 1.1.0 (jsc#SLE-23217) jcifs: - Build with source and target levels 8 (jsc#SLE-23217) jcip-annotations: - Provide jcip-annotations 1.0 and solve installation issues. (jsc#SLE-23217) - There are no source changes. jcsp: - Build with source and target levels 8 (jsc#SLE-23217) jctools: - Update jctools from version 2.1.2 to version 3.3.0. (jsc#SLE-23217) * Build with java source and target levels 8 * API Changes: * Removed MpscLinkedQueue7 and MpscLinkedQueue8 and consolidated into parent. This removes the need for the builder method on MpscLinkedQueue. * Deprecated QueueFactory and spec package classes. These are not used by any users and are only used for testing internally. * Removed some internal classes and reduced visibility of internal utilities where practical. The @InternalAPI tagging annotation is also used more extensively to discourage dependency. * XADD unbounded mpsc/mpmc queue: highly scalable linked array queues * New blocking consumer MPSC * Enhancements: * Xadd queues consumers can help producers * Update to latest JCStress * New features: * MpscBlockingConsumerArrayQueue * After long incubation and following a user request we move counters into core * Merging some experimental utils and we add a 'PaddedAtomicLong' * MpscBlockingConsumerArrayQueue::offerIfBelowThreshold is added jdependency: - Build with source and target levels 8 (jsc#SLE-23217) jdepend: - Update jdepend from version 2.9.1 to version 2.10. (jsc#SLE-23217) * Specify the source/target levels 8 on ant invocation * Official release that includes support for Java 8 constants * Updated license from BSD-3 Clause to MIT (as per LICENSE.md file). jdom: - Update jdom from version 1.1.1 to version 1.1.6. (jsc#SLE-23217) * CVE-2021-33813: XXE issue in SAXBuilder can cause a denial of service via a crafted HTTP request (bsc#1187446) * Remove unneeded dependency on glassfish-jaxb-api * Build against the standalone JavaEE modules unconditionally * Build with source/target levels 8 * Build against standalone jaxb-api on distributions that have JDK without the JavaEE modules * Alias the xom artifact to the new com.io7m.xom groupId * Update jaxen to version 1.1.6 * Increase java stack size to avoid overflow jdom2: - Update jdom2 from version 2.0.6 to version 2.0.6.1. (jsc#SLE-23217) * CVE-2021-33813: Fixed XXE issue in SAXBuilder that can cause a denial of service via a crafted HTTP request. (bsc#1187446) * Build with java-devel >= 1.7 jettison: - Update from version 1.3.7 to version 1.5.3 (jsc#SLE-23217) - CVE-2022-45685: Fixed stack overflow on malformed input. (bsc#1206400) - CVE-2022-45693: Fixed stack overflow when creating a JSON from a HashMap. (bsc#1206401) - CVE-2022-40149: Fixed stack overflow on malformed JSONs. (bsc#1203515) - CVE-2022-40150: Fixed infinite loop on non-terminated comments. (bsc#1203516) - Introducing new static methods to set the recursion depth limit - Incorrect recursion depth check in JSONTokener - Build with source and target levels 8 jetty-minimal: - Update jetty-minimal from version 9.4.43.v20210629 to version 9.4.48.v20220622 (jsc#SLE-23217) * CVE-2022-2047: Invalid URI parsing may produce invalid HttpURI.authority. (bsc#1201317) * CVE-2022-2048: Invalid HTTP/2 requests can lead to denial of service (bsc#1201316) * Make importing of package sun.misc optional since not all jdk versions export it * Build with java source and target levels 8 * Fix javadoc generation on JDK >= 13 * Option --write-module-graph produces wrong .dot file * ArrayTrie getBest fails to match the empty string entry in certain cases * For the full set of changes, please check the official documentation. jetty-websocket: - Update jetty-websocket from version 9.4.43.v20210629 to version 9.4.48.v20220622 (jsc#SLE-23217) * CVE-2022-2047: Invalid URI parsing may produce invalid HttpURI.authority. (bsc#1201317) * CVE-2022-2048: Invalid HTTP/2 requests can lead to denial of service (bsc#1201316) * Make importing of package sun.misc optional since not all jdk versions export it * Build with java source and target levels 8 * Fix javadoc generation on JDK >= 13 * Option --write-module-graph produces wrong .dot file * Make importing of package sun.misc optional since not all jdk versions export it jeuclid: - Update jeuclid from version 3.1.3 to version 3.1.9. (jsc#SLE-23217) * Build with source and target levels 8 * This version includes several changes and improvements. For the full overview please check the changelog. jflex: - Update jflex from version 1.4.3 to version 1.8.2. (jsc#SLE-23217) * Build against the standalone JavaEE modules unconditionally * Build against standalone glassfish-annotation-api for relevant distribution versions that have JDK that does not contain the JavaEE modules * Fix build with recent java-cup * Build the bootstrap package using ant with a generated build.xml * Build the non-bootstrap package using maven, since its dependency auto is already built with maven * Do not process auto-value-annotations in bootstrap build jflex-bootstrap: - Update jflex-bootstrap from version 1.4.3 to version 1.8.2. (jsc#SLE-23217) * Build against the standalone JavaEE modules unconditionally * Build against standalone glassfish-annotation-api for relevant distribution versions that have JDK that does not contain the JavaEE modules * Fix build with recent java-cup * Build the bootstrap package using ant with a generated build.xml * Build the non-bootstrap package using maven, since its dependency auto is already built with maven * Do not process auto-value-annotations in bootstrap build jformatstring: - Build with source and target levels 8 (jsc#SLE-23217) jgit: - Provide jgit version 5.11.0. (jsc#SLE-23217) * Fix build against apache-sshd 2.7.0 * Restore java 8 compatibility when building with java 9+ * Split the build into two spec files instead of multibuild. One produces the maven artifacts, the jgit command-line and the other produces eclipse features. jhighlight: - Build with source and target levels 8 (jsc#SLE-23217) jing-trang: - Update jing-trang from version 20151127 to version 20181222. (jsc#SLE-23217) * Avoid building old saxon validator in order to avoid dependency on old saxon6 * Do not use xmvn-tools, since this is a ring package * Package maven metadata * Use testng in build process * Require com.github.relaxng:relaxngDatatype >= 2011.1 * Require xml-resolver:xml-resolver jline: - Build with source and target levels 8 (jsc#SLE-23217) - Remove dependency on jansi-native and hawtjni-runtime - Fix jline build against jansi 2.4.x jline1: - Build with source and target levels 8 (jsc#SLE-23217) jna: - Update jna from version 5.4.0 to version 5.5.0. (jsc#SLE-23217) * Build with java source/target levels 8 * Features: * Add CoreFoundation, IOKit, and DiskArbitration mappings in c.s.j.p.mac. * c.s.j.p.mac.SystemB now extends c.s.j.p.unix.LibCAPI. * Add additional OSGi headers for the JNA bundle to support 32bit ARM (hardfloat) * Include Win32 COM utils (c.s.j.p.win32.com.util and c.s.j.p.win32.com.annotation) in OSGI bundle joda-convert: - Build with java source and target levels 8. (jsc#SLE-23217) - Do not use the legacy guava20 any more joda-time: - Build with source and target levels 8 (jsc#SLE-23217) jsch-agent-proxy: - Build with source and target levels 8 (jsc#SLE-23217) jsch: - Build with source and target levels 8 (jsc#SLE-23217) json-lib: - Do not build against the log4j12 packages - Build with source and target levels 8 (jsc#SLE-23217) - Do not depend on the old asm3 - Fix build with jdk17 - Specify source and target levels 8 for maven-antrun-plugin and for groovyc ant task jsonp: - Build with java source and target levels 8. (jsc#SLE-23217) - Build against standalone annotation api jsr-311: - Build with source and target levels 8 (jsc#SLE-23217) jtidy: - Build with java source and target levels 8. (jsc#SLE-23217) - Rewamp and simplify the build system junit: - Update junit from version 4.12 to version 4.13.2. (jsc#SLE-23217) * CVE-2020-1945: insecure temporary file vulnerability (bsc#1171696) * Build with source/target levels 8 junit5: - Update from version 5.5.2 to version 5.8.2. (jsc#SLE-23217) * This is a bugfix update. For the complete overview please check the documentation. jython: - Change dependencies to Python 3. (jsc#SLE-23217) - Build with java source and tartget level 1.8 jzlib: - Build with source and target levels 8 (jsc#SLE-23217) kryo: - Provide kryo 4.0.2 and solve installation issues. (jsc#SLE-23217) - There are no source changes. kxml: - Fetch the sources using https instead of http protocol. (bsc#1182284) - Specify java source and target levels 1.8 libreadline-java: - Provide libreadline-java 0.8.0 and solve installation issues. (jsc#SLE-23217) - There are no source changes. log4j: - Add dependency on standalone javax.activation-api that is not included in newer JDKs. (jsc#SLE-23217) logback: - Update logback from version 1.2.8 to version 1.2.11. (jsc#SLE-23217) * CVE-2021-42550: remote code execution through JNDI call from within its configuration file. (bsc#1193795) * Hardened logback's JNDI lookup mechanism to only honor requests in the java: namespace. All other types of requests are ignored. * SMTPAppender was hardened. * Temporarily removed DB support for security reasons. * Removed Groovy configuration support. As logging is so pervasive and configuration with Groovy is probably too powerful, this feature is unlikely to be reinstated for security reasons. * Set project.build.sourceEncoding property to ISO-8859-1 to avoid the new maven-resources-plugin chocking on trying to filter in UTF-8 encoding JKS (binary) resources * Do not build against the log4j12 packages lucene: - Update lucene from version 7.1.0 to version 8.5.0. (jsc#SLE-23217) * Do not abort compilation on html5 errors with javadoc 17 * Upgrade forbiddenapis to version 2.7; upgrade Groovy to 2.4.17. * Upgrade ecj to 3.19.0 to fix sporadic precommit javadoc issues * This update includes several API changes, runtime behavior, bugfixes and new features. For a full overview, please check the official documentation. maven: - Update maven from version 3.6.3 to version 3.8.5. (jsc#SLE-23217) * CVE-2021-26291: block repositories using http by default. (bsc#1188529) * CVE-2020-13956: incorrect handling of malformed URI authority component. (bsc#1177488) * Upgrade Maven Wagon to 3.5.1 * Upgrade Maven JAR Plugin to 3.2.2 * Upgrade Maven Parent to 35 * Upgrade Maven Resolver to 1.6.3 * Upgrade Maven Shared Utils to 3.3.4 * Upgrade Plexus Utils to 3.3.0 * Upgrade Plexus Interpolation to 1.26 * Upgrade Plexus Cipher and Sec Dispatcher to 2.0 * Upgrade Sisu Inject/Plexus to 0.3.5 * Upgrade SLF4J to 1.7.32 * Upgrade Jansi to 2.4.0 * Upgrade Guice to 4.2.2 * Fix syntax error with qdox 2.0.1 and method declarations containing the new keyword "record" as name of variables * Fix build with modello-2.0.0 * Remove using of alternatives, since the symlinks are in a separate package that one can decide not to install and this is the only provider for mvn and mvnDebug links * Use libalternatives instead of update-alternatives. * Remove dependency on cglib and aopalliance, since the no_aop version of guice does not really depend on them * Fix build with the API incompatible maven-resolver 1.7.3 * Link the new maven-resolver-named-locks artifact too * Add upstream signing key and verify source signature * Do not build against the compatibility version guava20 any more, but use the default guava package * This update includes several bugfixes and new features. For a full overview, please check the official documentation. maven2: - Fix build with modello 2.0.0. (jsc#SLE-23217) - Build with source and target levels 8 maven-antrun-plugin: - Update maven-antrun-plugin from version 1.8 to version 3.0.0. (jsc#SLE-23217) * Removal of tasks (use target instead), sourceRoot and testSourceRoot parameters * Compatibility with new JDK versions * Build with java source and target levels 8 maven-archiver: - Build with source and target levels 8 (jsc#SLE-23217) maven-artifact-resolver: - Build with source and target levels 8 (jsc#SLE-23217) maven-artifact-transfer: - Update maven-artifact-transfer from version 0.11.0 to version 0.13.1. (jsc#SLE-23217) * Remove the old org.sonatype.aether dependencies, since we don't need maven 3.0.x * Build with source and target levels 8 * Do not use the legacy guava20 any more * Fix build against newer maven maven-assembly-plugin: - Update maven-assembly-plugin from version 3.2.0 to version 3.3.0. (jsc#SLE-23217) * Add Documentation for duplicateBehaviour option * Allow to override UID/GID for files stored in TAR * Apply try-with-resources * Use HTTPS instead of HTTP to resolve dependencies * Support concatenation of files maven-clean-plugin: - Build with source and target levels 8 (jsc#SLE-23217) maven-common-artifact-filters: - Build with source and target levels 8 (jsc#SLE-23217) maven-compiler-plugin: - Update maven-compiler-plugin from version 3.8.1 to version 3.10.1. (jsc#SLE-23217) * Remove deprecated mojos * Add flag to enable-preview java compiler feature * Add a boolean to generate missing package-info classes by default * Check jar files when determining if dependencies changed * Compile module descriptors with TestCompilerMojo * Changed dependency detection maven-dependency-analyzer: - Build with source and target levels 8. (jsc#SLE-23217) - Do not build against the legacy guava20 any more maven-dependency-plugin: - Update maven-dependency-plugin from version 3.1.1 to version 3.1.2. (jsc#SLE-23217) * Add a TOC to ease navigating to each goal usage * Add note on dependecy:tree -Dverbose support in 3.0+ * Perform transformation to artifact keys just once * Remove @param for a parameter which does not exists. * Remove newline and trailing space from log line. * Replace CapturingLog class with Mockito usage * Rewrite go-offline so it resembles resolve-plugins * Switch to asfMavenTlpPlgnBuild * Update ASM so it works with Java 13 * Upgrade maven-artifact-transfer to 0.11.0 * Upgrade maven-common-artifact-filters to 3.1.0 * Upgrade maven-dependency-analyzer to 1.11.1 * Upgrade maven-plugins parent to version 32 * Upgrade maven-shared-utils 3.2.1 * Upgrade parent POM from 32 to 33 * Upgrade plexus-archiver to 4.1.0 * Upgrade plexus-io to 3.1.0 * Upgrade plexus-utils to 3.3.0 * Use https for sigs, hashes and KEYS * Use sha512 checksums instead of sha1 maven-dependency-tree: - Update maven-dependency-tree from version 3.0 to version 3.0.1. (jsc#SLE-23217) * Build with java source and target levels 8 * Do not build against the legacy guava20 any more * Fixed JavaDoc issue for JDK 8 * maven-dependency-tree removes optional flag from managed dependencies * Change characters used to diplay trees to make relationships clearer * Pass source+target to m-invoker-p, easiest way to override default values of maven-compiler-plugin * Upgrade org.codehaus.plexus:plexus-component-metadata to 1.7.1 maven-doxia: - Fix build with modello 2.0.0 (jsc#SLE-23217) - Do not build against the log4j12 packages. (jsc#SLE-23217) - Fix the version of the log4j that doxia-module-fo needs at runtime. (jsc#SLE-23217) - Do not build against the legacy guava20 any more. (jsc#SLE-23217) maven-doxia-sitetools: - Fix build with modello 2.0.0 (jsc#SLE-23217) - Build with source and target levels 8 (jsc#SLE-23217) - Do not build against the legacy guava20 any more. (jsc#SLE-23217) maven-enforcer: - Build with source and target levels 8 (jsc#SLE-23217) maven-file-management: - Build with java source and target levels 8 (jsc#SLE-23217) - Fix build with modello 2.0.0 maven-filtering: - Update maven-filtering from version 3.1.1 to version 3.2.0 (jsc#SLE-23217) * Allow using a different encoding when filtering properties files * Upgrade plexus-interpolation to 1.25 * Upgrade maven-shared-utils to 3.2.1 * Upgrade plexus-utils to 3.1.0 * Upgrade parent to 32 * Upgrade maven-surefire/failsafe-plugin to 2.21.0 for JDK 10 * Upgrade maven-artifact-transfer to version 0.9.1 * Upgrade JUnit to 4.12 * Upgrade plexus-interpolation to 1.25 * Build with java source and target levels 8 * Do not build against legacy guava20 any more maven-install-plugin: - Update maven-install-plugin from version 2.5.2 to version 3.0.0. (jsc#SLE-23217) * Upgrade plexus-utils to 3.2.0 * Upgrade maven-plugins parent version 32 * Upgrade maven-plugin-testing-harness to 1.3 * Upgrade maven-shared-utils to 3.2.1 * Upgrade maven-shared-components parent to version 33 * Upgrade of commons-io to 2.5. maven-invoker: - Update maven-invoker from version 3.0.1 to version 3.1.0. (jsc#SLE-23217) * Build with java source and target levels 8 * Fixes build with maven-shared-utils 3.3.3 * Upgrade maven-shared-utils to 3.2.1 * Upgrade parent to 31 * Upgrade to JDK 7 minimum * Refactored to use maven-shared-utils instead of plexus-utils. * Remove hardcoded versions for plexus-component-annotations/plexus-component-metadata maven-jar-plugin: - Update maven-jar-plugin from version 3.2.0 to version 3.2.2. (jsc#SLE-23217) * Upgrade Maven Archiver to 3.5.2 * Upgrade Plexus Utils to 3.3.1 * Upgrade plexus-archiver 3.7.0 * Upgrade JUnit to 4.12 * Upgrade maven-plugins parent to version 32 * Build with java source and target levels 8 * Don't log a warning when jar will be empty and creation is forced * Reproducible Builds: make entries in output jar files reproducible (order + timestamp) maven-javadoc-plugin: - Update maven-javadoc-plugin from versionn 3.1.1. to version 3.3.2. (jsc#SLE-23217) * Fix build with modello 2.0.0 * Use the same encoding when writing and getting the stale data * Fixes build with utf-8 sources on non utf-8 platforms * Do not build against the legacy guava20 package anymore maven-mapping: - Provide maven-mapping version 3.0.0. (jsc#SLE-23217) * Required by bnd-maven-plugin maven-plugin-build-helper: - Update maven-plugin-build-helper from version 1.9.1 to version 3.2.0. (jsc#SLE-23217) * Set a property based on the maven.build.timestamp * rootlocation does not correctly work * Add profile to avoid showing warnings for maven plugin plugin goals not supported in m2e * Site: Properly showing 'value' tag on regex-properties usage page * Integration test reserve-ports-with-urls fails on windows maven-plugin-bundle: - Fix building with the new maven-reporting-api . (jsc#SLE-23217) - Build with the osgi bundle repository by default maven-plugin-testing: - Fix build against newer maven. (jsc#SLE-23217) - Do not build against the legacy guava20 package any more - Build with source and target levels 8 maven-plugin-tools: - Fix build with modello 2.0.0. (jsc#SLE-23217) - Do not force building with java-1_8_0-openjdk, since the package builds just fine with higher versions. - Do not build against the legacy guava20 package any more maven-remote-resources-plugin: - Update maven-remote-resources-plugin from version 1.5 to version 1.7.0. (jsc#SLE-23217) * use reproducible project.build.outputTimestamp * use sha512 checksums instead of sha1 * use https for sigs, hashes and KEYS * Upgrade plexus-utils from 3.0.24 to 3.1.0 * Upgrade plexus-interpolation to 1.25 * Upgrade JUnit to 4.12 * Upgrade parent to 32 * Upgrade maven-filtering to 3.1.1 * Upgrade plexus-resources from 1.0-alpha-7 to 1.0.1 * Avoid overwrite of the destination file if the produced contents is the same * Remove unused dependency maven-monitor * Upgrade to maven-plugins parent version 27 * Upgrade maven-plugin-testing-harness to 1.3 * Updated plexus-archiver * Build with source and target levels 8 maven-reporting-api: - Update maven-reporting-api from version 3.0 to version 3.1.0. (jsc#SLE-23217) * Build with source and target levels 8 * make build Reproducible * Upgrade to Doxia 1.11.1 maven-resolver: - Update maven-resolver from version 1.4.1 to version 1.7.3. (jsc#SLE-23217) * Build against the standalone JavaEE modules unconditionally * Remove the javax.annotation:javax.annotation-api dependency on distribution versions that do not incorporate the JavaEE modules * Add the glassfish-annotation-api jar to the build classpath * Upgrade Sisu Components to 0.3.4 * Upgrade SLF4J to 1.7.30 * Update mockito-core to 2.28.2 * Update Wagon Provider API to 3.4.0 * Update HttpComponents * Update Plexus Components * Remove synchronization in TrackingFileManager * Move GlobalSyncContextFactory to a separate module * Migrate from maven-bundle-plugin to bnd-maven-plugin * Support SHA-256 and SHA-512 as checksums * Upgrade Redisson to 3.15.6 * Change of API and incompatible with maven-resolver < 1.7 maven-resources-plugin: - Update maven-resources-plugin from version 3.1.0 to version 3.2.0. (jsc#SLE-23217) * ISO8859-1 properties files get changed into UTF-8 when filtered * Upgrade plexus-interpolation 1.26 * Add m2e lifecycle Metadata to plugin * make build Reproducible * Upgrade maven-plugins parent to version 32 * Upgrade plexus-utils 3.3.0 * Make Maven 3.1.0 the minimum version * Update to maven-filtering 3.2.0 * Build with java source and target levels 8 maven-shared-incremental: - Build with source and target levels 8 (jsc#SLE-23217) maven-shared-io: - Build with source and target levels 8 (jsc#SLE-23217) maven-shared-utils: - Update maven-shared-utils from version 3.2.1 to 3.3.3. (jsc#SLE-23217) * Commandline class shell injection vulnerabilities (bsc#1198833, CVE-2022-29599) * Build with source and target levels 8 * make build Reproducible * Upgrade maven-shared-parent to 32 * Upgrade parent to 31 maven-source-plugin: - Build with source and target levels 8 (jsc#SLE-23217) maven-surefire: - Build with source and target levels 8 (jsc#SLE-23217) - Update generate-tarball.sh to use https URL (bsc#1182708) maven-verifier: - Build with source and target levels 8 (jsc#SLE-23217) maven-wagon: - Provide maven-wagon 3.2.0 and solve installation issues. (jsc#SLE-23217) - There are no source changes. minlog: - Provide minlog 1.3.0 and solve installation issues. (jsc#SLE-23217) - There are no source changes. modello-maven-plugin: - Update modello-maven-plugin from version 1.10.0 to version 2.0.0. (jsc#SLE-23217) * Add Modello 2.0.0 model XSD * Build with java source and target levels 8 * Bump actions/cache to 2.1.6 * Bump actions/checkout to 2.3.4 * Bump actions/setup-java to 2.3.1 * Bump checkstyle to 9.3 * Bump jackson-bom to 2.13.1 * Bump jaxb-api to 2.3.1 * Bump jsoup to 1.14.3 * Bump junit to 4.13.1 * Bump maven-assembly-plugin to 3.3.0 * Bump maven-checkstyle-plugin to 3.1.1 * Bump maven-clean-plugin to 3.1.0 * Bump maven-compiler-plugin to 3.9.0 * Bump maven-dependency-plugin to 3.2.0 * Bump maven-enforcer-plugin to 3.0.0-M3 * Bump maven-gpg-plugin to 3.0.1 * Bump maven-jar-plugin to 3.2.2 * Bump maven-javadoc-plugin to 3.3.2 * Bump maven-jxr-plugin to 3.1.1 * Bump maven-pmd-plugin to 3.15.0 * Bump maven-project-info-reports-plugin to 3.1.2 * Bump maven-release-plugin to 3.0.0-M5 * Bump maven-resources-plugin to 3.2.0 * Bump maven-scm-publish-plugin to 3.1.0 * Bump maven-shared-resources to 4 * Bump maven-site-plugin to 3.10.0 * Bump maven-surefire-plugin to 2.22.2 * Bump maven-surefire-report-plugin to 2.22.2 * Bump maven-verifier-plugin to 1.1 * Bump mavenPluginTools to 3.6.4 * Bump org.eclipse.sisu.plexus to 0.3.5 * Bump persistence-api to 1.0.2 * Bump plexus-compiler-api to 2.9.0 * Bump plexus-compiler-javac to 2.9.0 * Bump plexus-utils to 3.4.1 * Bump plexus-velocity to 1.3 * Bump release-drafter/release-drafter to 5.18.0 * Bump snakeyaml to 1.30 * Bump stax2-api to 4.2.1 * Bump taglist-maven-plugin to 3.0.0 * Bump woodstox-core to 6.2.8 * Bump xercesImpl to 2.12.1 * Bump xercesImpl to 2.12.2 in /modello-plugins/modello-plugin-jsonschema * Bump xercesImpl to 2.12.2 in /modello-plugins/modello-plugin-xsd * Bump xml-apis to 2.0.2 * Bump xmlunit to 1.6 * Bump xmlunit-core to 2.9.0 * Depend on the jackson and jsonschema plugins too * Manage xdoc anchor name conflicts (2 classes with same anchor) * Migrate from codehaus:wstx to com.fasterxml.woodstox:woodstox-core 6.2.4 * Require Maven 3.1.1 * Security upgrade org.jsoup:jsoup to 1.14.2 modello: - Update modello from version 1.10.0 to version 2.0.0. (jsc#SLE-23217) * New features and improvements + Add Modello 2.0.0 model XSD + Manage xdoc anchor name conflicts (2 classes with same anchor) + Drop unnecessary check for identical branches + Require Maven 3.1.1 + Use a caching writer to avoid overwriting identical files + Migrate from codehaus:wstx to com.fasterxml.woodstox:woodstox-core 6.2.4 + Make location handling more memory efficient + Xpp3 extended writer + Refactor some old java APIs usage + Add a new field fileComment * Bug Fixes + Fix javaSource default value + Fix modello-plugin-snakeyaml * Dependency updates + Bump actions/cache to 2.1.6 + Bump actions/checkout from 2 to 2.3.4 + Bump actions/setup-java to 2.3.1 + Bump checkstyle to 9.3 + Bump jackson-bom to 2.13.1 + Bump jaxb-api from 2.1 to 2.3.1 + Bump jsoup from 1.14.2 to 1.14.3 + Bump junit from 4.12 to 4.13.1 + Bump junit from 4.12 to 4.13.1 in /modello-maven-plugin/src/it/maven-model + Bump maven-assembly-plugin from 3.2.0 to 3.3.0 + Bump maven-checkstyle-plugin from 2.15 to 3.1.1 + Bump maven-clean-plugin from 3.0.0 to 3.1.0 + Bump maven-compiler-plugin to 3.9.0 + Bump maven-dependency-plugin to 3.2.0 + Bump maven-enforcer-plugin from to 3.0.0-M3 + Bump maven-gpg-plugin from 1.6 to 3.0.1 + Bump maven-jar-plugin from 3.2.0 to 3.2.2 + Bump maven-javadoc-plugin to 3.3.2 + Bump maven-jxr-plugin from to 3.1.1 + Bump maven-pmd-plugin to 3.15.0 + Bump maven-project-info-reports-plugin from 3.1.1 to 3.1.2 + Bump maven-release-plugin from 3.0.0-M4 to 3.0.0-M5 + Bump maven-resources-plugin from 3.0.1 to 3.2.0 + Bump maven-scm-publish-plugin from 3.0.0 to 3.1.0 + Bump maven-shared-resources from 3 to 4 + Bump maven-site-plugin to 3.10.0 + Bump maven-surefire-plugin to 2.22.2 + Bump maven-surefire-report-plugin to 2.22.2 + Bump maven-verifier-plugin from 1.0 to 1.1 + Bump mavenPluginTools to 3.6.4 + Bump org.eclipse.sisu.plexus from 0.3.4 to 0.3.5 + Bump persistence-api from 1.0 to 1.0.2 + Bump plexus-compiler-api to 2.9.0 + Bump plexus-compiler-javac to 2.9.0 + Bump plexus-utils from 3.2.0 to 3.4.1 + Bump plexus-velocity from 1.2 to 1.3 + Bump release-drafter/release-drafter to 5.18.0 + Bump snakeyaml to 1.30 + Bump stax2-api from 4.2 to 4.2.1 + Bump taglist-maven-plugin to 3.0.0 + Bump woodstox-core to 6.2.8 + Bump xercesImpl from 2.12.1 to 2.12.2 in /modello-plugins/modello-plugin-jsonschema + Bump xercesImpl from 2.12.1 to 2.12.2 in /modello-plugins/modello-plugin-xsd + Bump xml-apis from 1.3.04 to 2.0.2 + Bump xmlunit from 1.2 to 1.6 + Bump xmlunit-core to 2.9.0 + Security upgrade org.jsoup:jsoup from 1.13.1 to 1.14.2 - Build with java source and target levels 8 - Build the jackson and jsonschema plugins too mojo-parent: - Update mojo-parent from version 40 to version 60. (jsc#SLE-23217) msv: - Build with source and target levels 8 (jsc#SLE-23217) multiverse: - Build with source and target levels 8 (jsc#SLE-23217) mx4j: - Build against the standalone JavaEE modules unconditionally (jsc#SLE-23217) - Depend on glassfish-activation-api instead of on gnu-jaf (jsc#SLE-23217) - Do not build against the log4j12 packages, use the new reload4j (jsc#SLE-23217) - Require for build gnu-jaf instead of a virtual jaf provider in order to avoid build cycles (jsc#SLE-23217) - On supported platforms, avoid building with OpenJ9, in order to prevent build cycles (jsc#SLE-23217) mybatis-parent: - Provide mybatis-parent version 31 (jsc#SLE-23217) mybatis: - Provide mybatis version 3.5.6 (jsc#SLE-23217) * CVE-2020-26945: remote code execution due to mishandles deserialization of object streams (bsc#1177568) mysql-connector-java: - Update mysql-connector-java from version 5.1.47 to version 8.0.29. (jsc#SLE-23217) * CVE-2021-2471: mysql-connector-java: unauthorized access (bsc#1195557) * CVE-2020-2875, CVE-2020-2933, CVE-2020-2934: Vulnerability in the MySQL Connectors product of Oracle MySQL (bsc#1173600) * Historically, MySQL has used utf8 as an alias for utf8mb3. Since release 8.0.29, utf8mb3 has become a recognized (though deprecated) character set on its own for MySQL Server. Therefore, Connector/J has added utf8mb3 to its character set mapping, and users are encouraged to update to Connector/J 8.0.29 to avoid potential issues when working with MySQL Server 8.0.29 or later. * A new connection property socksProxyRemoteDns has been added, which, when set to true, makes the SocksProxySocketFactory execute its own connect() implementation that passes the unresolved InetSocketAddress of a MySQL Server host to the created proxy socket, instead of having the address resolved locally. * The code for prepared statements has been refactored to make the code simpler and the logic for binding more consistent between ServerPreparedStatement and ClientPreparedStatement. * Connector/J now supports Fast Identity Online (FIDO) Authentication. See Connecting Using Fast Identity Online (FIDO) Authentication for details. * Do not build against the log4j12 packages, use the new reload4j * This update provide several fixes and enhancements. Please, check the chenges for a full overview. nailgun: - Build with source and target levels 8 (jsc#SLE-23217) native-platform: - Build with source and target levels 8 (jsc#SLE-23217) nekohtml: - Update nekohtml from version 1.9.22 to version 1.9.22.noko2. (jsc#SLE-23217) * CVE-2022-28366: Uncontrolled Resource Consumption in nekohtml. (bsc#1198404) * CVE-2022-24839: Denial of service via crafted Processing Instruction (PI) input. (bsc#1198739) * Use the security patched fork at https://github.com/sparklemotion/nekohtml * Build with source and target levels 8 netty3: - Remove dependency on javax.activation. (jsc#SLE-23217) - Build again against mvn(log4j:log4j). (jsc#SLE-23217) - Use the standalone JavaEE modules unconditionally - Remove the compat versions, since the io.netty:netty artifact coordinates exist only in version 3.x. (jsc#SLE-23217) netty-tcnative: - Update netty-tcnative to version 2.0.36. (jsc#SLE-23217) * Upgrade to OpenSSL 1.1.1i * Update to latest openssl version for static build * Update to LibreSSL 3.1.4 * Update to latest stable libressl release * Cleanup BoringSSL TLSv1.3 support and consistent handle empty ciphers. * Support TLSv1.3 with compiling against boringssl * Return 0 for SSL_OP_NO_TLSv1_3 when TLSv1.3 is not supported. * Allow to load a private key from the OpenSSL engine. * Support KeyManagerFactory if compiled against OpenSSL < 1.0.2 but using OpenSSL >= 1.0.2 at runtime. * Build with java source and target levels 1.8 objectweb-asm: - Update objectweb-asm from version 7.2 to version 9.3. (jsc#SLE-23217) * new Opcodes.V19 constant for Java 19 * new size() method in ByteVector * checkDataFlow option in CheckClassAdapter can now be used without valid maxStack and maxLocals values * New Maven BOM * Build asm as modular jar files to be used as such by java >= 9 * Leave asm-all.jar as a non-modular jar * JDK 18 support * Replace -debug flag in Printer with -nodebug (-debug continues to work) * New V15 constant * Experimental support for PermittedSubtypes and RecordComponent * This update provide several fixes and enhancements. Please, check the chenges for a full overview. objenesis: - Fix build with javadoc 17 (jsc#SLE-23217) opentest4j: - Update opentest4j from version 1.0.0 to version 1.2.0. (jsc#SLE-23217) * Build with java source and target levels 8 * Remove unused dependency on commons-codec * Rename serialized output file for clarity * Create an OSGi compatible MANIFEST.MF oro: - Build with source and target levels 8 (jsc#SLE-23217) osgi-annotation: - Update osgi-annotation from version 6.0.0 to version 7.0.0. (jsc#SLE-23217) * Build with source and target levels 8 osgi-compendium: - Update osgi-compendium from version 6.0.0 to version 7.0.0. (jsc#SLE-23217) * Build with source and target levels 8 osgi-core: - Update osgi-core from version 6.0.0 to version 7.0.0. (jsc#SLE-23217) * Build with source and target levels 8 os-maven-plugin: - Update os-maven-plugin from version 1.2.3 to version 1.7.0. (jsc#SLE-23217) * Build with java source and target levels 8 * Changes: + Added a new property os.detected.arch.bitness + Added detection of RISC-V architecture, riscv + Added an abstraction layer for System property and file system access + Added thread safety information to Maven plugin metadata so that Maven doesn't warn about thread safety anymore + Added detection of z/OS operating system + Added m2e life cycle mapping metadata so os-maven-plugin works better with Eclipse m2e + Added support for MIPS and MIPSEL 32/64-bit architecture mips_32 - if the value is one of: mips, mips32 mips_64 - if the value is mips64 mipsel_32 - if the value is one of: mipsel, mips32el mipsel_64 - if the value is mips64el + Added support for PPCLE 32-bit architecture ppcle_32 - if the value is one of: ppcle, ppc32le + Added support for IA64N and IA64W architecture itanium_32 - if the value is ia64n itanium_64 - if the value is one of: ia64, ia64w (new), itanium64 + Fixed classpath conflicts due to outdated Guava version in transitive dependencies + Fixed incorrect prerequisite paradise: - Build with source and target levels 8 (jsc#SLE-23217) paranamer: - Build with source and target levels 8 (jsc#SLE-23217) parboiled: - Build with source and target levels 1.8 (jsc#SLE-23217) pegdown: - Build with source and target levels 8 (jsc#SLE-23217) picocli: - Update picocli from version 4.0.4 to version 4.6.2. (jsc#SLE-23217) * Full changes from previous versions are in https://github.com/remkop/picocli/blob/v4.6.2/RELEASE-NOTES.md plexus-ant-factory: - Build with source and target levels 8 (jsc#SLE-23217) plexus-archiver: - Do not compile the test build against the legacy guava20 any more. (jsc#SLE-23217) plexus-bsh-factory: - Build with source and target levels 8 (jsc#SLE-23217) plexus-build-api: - Build with source and target levels 8 (jsc#SLE-23217) - Fix an error of tag in javadoc plexus-cipher: - Update plexus-cipher from version 1.7 to version 2.0. (jsc#SLE-23217) * Switch from Sonatype to Plexus * Switch to the Eclipse sisu-maven-plugin * Bump junit from 4.12 to 4.13.1 * Bump plexus from 6.5 to 8 * Fix surefire warnings * This version is needed by maven 3.8.4 and plexus-sec-dispatcher 2.0 plexus-classworlds: - Update plexus-classworlds from version 2.5.2 to version 2.6.0. (jsc#SLE-23217) * Modular java JPMS support plexus-cli: - Do not compile/run tests against the legacy guava20 package. (jsc#SLE-23217) - Build with java source and target levels 8. (jsc#SLE-23217) - Replace raw java.util.List with typed java.util.List<E> interface - The GnuParser and OptionBuilder classes are deprecated in commons-cli since version 1.3 plexus-compiler: - Update plexus-compiler from version 2.8.2 to version 2.11.1. (jsc#SLE-23217) * Plexus testing is a dependency with scope test * Removed: jikes compiler * New features and improvements + add paremeter to configure javac feature --enable-preview + make java 11 as project base but keep javac release 8, we will be able to upgrade ecj and errorprone + Bump plexus-components from 6.5 to 6.6 and upgrade to junit5 + add adopt-openj9 build + Fix AspectJ basics + fix methods of lint and warning + Add new showLint compiler configuration + add jdk distribution to the matrix + Added primitive support for --processor-module-path + Refactor and add unit tests for support for multiple --add-exports custom compiler arguments + Add Maven Compiler Plugin compiler it tests + Close StandardJavaFileManager + Use latest ecj from official Eclipse release * Bug fixes: + [eclipse-compiler] Resort sources to have module-info.java first + Issue #106: Retain error messages from annotation processors + Issue #147: Support module-path for ECJ + Issue #166: Fix maven dependencies + eclipse compiler: set generated source dir even if no annotation processor is configured + CSharp compiler: fix role + Eclipse compiler: close the StandardJavaFileManager + Use plexus annotations rather than doclet to fix javadoc with java11 + fix Java15 build + Update Error prone 2.4 + Rename method, now that EA of JDK 16 is available + Eclipse Compiler Support release specifier instead of source/target + Issue #73: Use configured file encoding for JSR-199 Eclipse compiler * Dependency updates + Bump actions/cache to 2.1.6 + Bump animal-sniffer-maven-plugin to 1.21 + Bump aspectj.version from 1.9.2 to 1.9.6 + Bump assertj-core from 3.21.0 to 3.22.0 + Bump ecj to 3.28.0 + Bump error_prone_core to 2.10.0 + Bump junit to 4.13.2 + Bump junit-jupiter-api from 5.8.1 to 5.8.2 + Bump maven-artifact from 2.0 to 2.2.1 + Bump maven-enforcer-plugin from 3.0.0-M3 to 3.0.0 + Bump maven-invoker-plugin from 3.2.1 to 3.2.2 + Bump maven-settings from 2.0 to 2.2.1 + Bump plexus-component-annotations to 2.1.1 + Bump plexus-components to 6.6 and upgrade to junit5 + Bump release-drafter/release-drafter to 5.18.1 * needed by the latest maven-compiler-plugin * Rewrite the plexus metadata generation in the ant build files plexus-component-api: - Build with source and target levels 8 (jsc#SLE-23217) plexus-component-metadata: - Update plexus-component-metadata from version 2.1.0 to version 2.1.1. (jsc#SLE-23217) * Build using asm >= 7 * Build with java source and target levels 8 plexus-containers: - Update plexus-containers from version 2.1.0 to version 2.1.1. (jsc#SLE-23217) * This is the last version before deprecation * Security upgrade org.jdom:jdom2 from 2.0.6 to 2.0.6.1 * Build with java source and target levels 8 * Upgrade ASM to 9.2 * Requires Java 7 and Maven 3.2.5+ plexus-i18n: - Build with java source and target levels 8 (jsc#SLE-23217) - Do not compile/run tests against the legacy guava20 package (jsc#SLE-23217) plexus-interactivity: - Build with source and target levels 8 (jsc#SLE-23217) plexus-interpolation: - Build with java source and target levels 1.8 plexus-io: - Do not build/run tests against the legacy guava20 package (jsc#SLE-23217) plexus-languages: - Update plexus-languages from version 1.0.3 to version 1.1.1. (jsc#SLE-23217) * Build using java >= 9 * Build as multirelease modular jar * Fix builds with a mix of modular and classic jar files * generate-tarball.sh: use safe temporary directory, avoid accidental deletion of *.jar, *.class in the current working directory. plexus-metadata-generator: - Update plexus-metadata-generator from version 2.1.0 to version 2.1.1 (jsc#SLE-23217) * Build using asm >= 7 * Build with java source and target levels 8 * Do not use the deprecated plexus-cli functions, but port the generator to the recommended replacement plexus-resources: - Build with source and target levels 8 (jsc#SLE-23217) plexus-sec-dispatcher: - Update plexus-sec-dispatcher from version 1.4 to version 2.0. (jsc#SLE-23217) * Fix build with modello-2.0.0 * Changes: + Bump plexus-utils to 3.4.1 + Bump plexus from 6.5 to 8 + Switch from Sonatype to Plexus + Update pom to use modello source 1.4 * needed for maven 3.8.4 and plexus-cipher 2.0 plexus-utils: - Update plexus-utils from version 3.3.0 to version 3.3.1. (jsc#SLE-23217) * Build with source and target levels 8 (jsc#SLE-23217) * Don't ignore valid SCM files * This is the latest version still supporting Java 8 plexus-velocity: - Do not compiler/run the test build against legacy guava20 anymore. (jsc#SLE-23217) - Build with java source and target levels 8. (jsc#SLE-23217) - Simplify the build file and remove tests which depend onapache-commons-lang. (jsc#SLE-23217) qdox: - Update qdox from version 2.0.M9 to version 2.0.1. (jsc#SLE-23217) * Don't use deprecated inputstreamctor option * Add Automatic-Module-Name to the manifest * Generate ant build file from maven pom and build using ant * Update jflex-maven-plugin to 1.8.2 * Changes: * Support Lambda Expression * Add SEALED / NON_SEALED tokens * CodeBlock for Annotation with FieldReference should prefix field with canonical name * Add UnqualifiedClassInstanceCreationExpression * Add reference to grammar documentation and hints to transform it * Support Text Blocks * Support Sealed Classes * Support records * Get interface via javaProjectBuilder.getClassByName reflectasm: - Build with source and target levels 8 (jsc#SLE-23217) regexp: - Build with source and target levels 8 (jsc#SLE-23217) relaxngcc: - Provide relaxngcc version 1.12 (jsc#SLE-23217) relaxngDatatype: - Build with source and target levels 8 (jsc#SLE-23217) reload4j: - Update from version 1.2.19 to version 1.2.20. (jsc#SLE-23217) * Build with source/target levels 8 * For enabled logging statements, the performance of iterating on appenders attached to a logger has been significantly improved. replacer: - Build with source and target levels 8 (jsc#SLE-23217) rhino: - Update rhino from version 1.7R3 to version 1.7.14. (jsc#SLE-23217) sat4j: - Build with source and target levels 8 (jsc#SLE-23217) saxon9: - Build with source and target levels 8 (jsc#SLE-23217) sbt-launcher: - Build with source/target levels 8 (jsc#SLE-23217) - Fix build against ivy 2.5.0 sbt: - Do not depend on hawtjni-runtime and jansi-native anymore (jsc#SLE-23217) - Fix build against maven 3.8.5 - Fix build against apache-ivy 2.5.0 - Override javax.inject:javax:inject artifact coordinates in order to be able to build against newer atinject versions if needed - Fix build with maven-resolver 1.7.3 - Build package as noarch, since it does not have archfull binaries - Build with java 8 scala-pickling: - Build with source and target levels 8 (jsc#SLE-23217) scala: - No longer package /usr/share/mime-info (bsc#1062631) * Drop scala.keys and scala.mime source files. (jsc#SLE-23217) - Fix the scala build to find correctly the jansi.jar file - Make the package that links the jansi.jar file archfull - Bootstrap the build with our own built jar instead of downloading prebuilt binaries from www.scala-lang.org servletapi4: - Provide servletapi4 4.0.4 and solve installation issues. (jsc#SLE-23217) - There are no source changes. signpost-core: - Build with source and target levels 8 (jsc#SLE-23217) sisu: - Update siu from version 0.3.3 to version 0.3.5 (jsc#SLE-23217) * Remove dependency on glassfish-servlet-api * Relax bytecode check in scanner so it can scan up to and including Java14 * Support reproducible builds by sorting generated javax.inject.Named index * Build with java source and target levels 8 * Change to generate maven meta-data using the %%add_maven_depmap so that it can be built before the xmvn-tools slf4j: - Update slf4j from version 1.7.30 to version 1.7.36. (jsc#SLE-23217) * Don't use %%mvn_artifact, but %%add_maven_depmap * In the jcl-over-slf4j module avoid Object to String conversion. * In the log4j-over-slf4j module added empty constructors for ConsoleAppender. * In the slf4j-simple module, SimpleLogger now caters for concurrent access. * Fix build against reload4j * Fix dependencies of the module slf4j-log4j12 * Depend for build on reload4j * Do not use a separate spec file for sources. * slf4j-log4j12 artifact automatically instructs Maven to use the slf4j-reload4j artifact instead. * slf4j releases are now reproducible. * Build with source/target levels 8 * Add symlink to reload4j -> log4j12 for applications that expect that name. snakeyaml: - Update snakeyaml from version 1.31 to version 1.33. (jsc#SLE-23217) * Output error grow the rhn_web_ui.log rapidly (bsc#1204173) * CVE-2022-38752: Uncaught exception in java.base/java.util.ArrayList.hashCode (bsc#1203154) spec-version-maven-plugin: - Update spec-version-maven-plugin from 1.2 version to version 2.1 (jsc#SLE-23217) * Support both the jakarta.* and the javax.* apis * Build with java source and target levels 8 stax2-api: - Build with source and target levels 8 (jsc#SLE-23217) stax-ex: - Provide stax-ex version 1.8 (jsc#SLE-23217) stringtemplate4: - Build with source and target levels 8 (jsc#SLE-23217) string-template-maven-plugin: - Build with source and target levels 8 (jsc#SLE-23217) stringtemplate: tagsoup: - Build with source and target levels 8 (jsc#SLE-23217) template-resolver: - Build with source and target levels 8 (jsc#SLE-23217) tesla-polyglot: - Update tesla-polyglot from version 0.2.1 to version 0.4.5. (jsc#SLE-23217) * Build with source and target levels 8 * Remove upper bound for JDK version to allow Java 11 and newer * polyglot-kotlin - revert automatic source folder setting to koltin * Update xstream version in test resources to avoid security alerts * Avoid assumption about replacement pom file being readable * Upgrade scala-maven-plugin, clojure-maven-plugin and Clojure * polyglot-kotlin: Set source folders to kotlin * Upgrade to kotlin 1.3.60 * Provide a mechanism to override properties of a polyglot build * TeslaModelProcessor.locatePom(File) ignores files ending in.xml * Use platform encoding in ModelReaderSupport * Invoker plugin update * takari parent update * plexus-component-metadata update to 2.1.0 * maven-enforcer-plugin update to 3.0.0-M3 * polyglot-kotlin: Avoid IllegalStateException * polyglot-kotlin: improved support for IntelliJ Idea usage * polyglot-kotlin: kotlin update and numerous improvements to more idiomatic kotlin * polyglot-common: + Execute tasks are now installed with inheritable set to false + The ExecuteContext interface now has default implementations + The ExecuteContext now includes getMavenSession() + the ExecuteContext now includes getLog() to comport with Java bean conventions. The log() operation has been deprecated. + the ExecuteContext now includes getBasedir() to comport with Java bean conventions. The basedir() operation has been deprecated. * polyglot-kotlin: + Updates Kotlin to 1.3.21 + Includes support for Maven's ClassRealm + Includes full support for the entire Maven model + Includes support for execute tasks via as inline lambdas or as external scripts. + Resolves ClassLoader issues that affected integration with IntelliJ IDEA * polyglot-java: fixed depMgt conversion * polyglot-ruby: java9+ support improvement * added polyglot-kotlin * polyglot-scala: + Convenience methods for Dependency (classifier, intransitive, % (scope)) + Support reporting-section in pom + Added default value for pom property modelversion (4.0.0) + Updated used Scala Version (2.11.12) + Made output dir to pom.scala files compilation configurable via system property polyglot.scala.outputdir + Improved support and docs for configuration elements of plugins * Upgrade to latest takari-pom parent * polyglot-yaml: Support for xml attributes * polyglot-yaml: exclude pomFile property from serialization * polyglot-java: Linux support and test fixes * polyglot-java: Moved examples into polyglot-maven-examples * Updated Scala version * Scala warning fixes * polyglot-scala: Scala syntax friendly include preprocessor * Added link to user of yml version * polyglot-scala: Use Zinc server for Scala module * polyglot-scala: Support more valid XML element name chars in dynamic Config * Experimental addition of Java as polyglot language. test-interface: - Build with source and target levels 8 (jsc#SLE-23217) testng: - Update testng from version 6.14.3 to version 7.4.0. (jsc#SLE-23217) * CVE-2020-11022: jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (bsc#1190663) * CVE-2020-11023: jquery: Untrusted code execution while passing HTML containing <option> elements (bsc#1190660) * Features: + Ability to be notified when a data provider fails, through a TestNG listener. TestNG already has a listener that will let you plug in your callbacks for the following with respect to a data provider (implement org.testng.IDataProviderListener interface) You can now use this listener to be notified when a data provider fails as well. + Add the ability to override explicitly included test methods if they belong to any excluded groups via the configuration property : overrideIncludedMethods + Reduced memory foot print when trying to run tests with larger projects. This is now a toggle feature which can be enabled via the JVM argument: -Dtestng.memory.friendly=true * Bug fixes: + GITHUB-2459: Support configurable start time - emailable report + GITHUB-2467: XmlTest does not copy the xmlClasses during clone + GITHUB-2469: Parameters added in XmlTest during AlterSuiteListener not available in SuiteListener + GITHUB-2296: Fix for assertEquals not working for sets as order is not guaranteed + GITHUB-2465: Fix bux where Strings.join returns empty String + GITHUB-1632: throwing SkipException sets iTestResult status to Failure instead of Skip + GITHUB-2456: Add onDataProviderFailure listener + GITHUB-2407: Adds "overrideIncludedMethods" to the global config as a command-line argument, which excludes explicitly included test methods if they belong to any excluded groups + GITHUB-2432: Rework MethodInheritance.fixMethodInheritance to "soft" dependencies + GITHUB-2435: getParameterIndex() always return 0 in test listener + GITHUB-2405: Regression: Using TestNG via Maven breaks when optional Guice dependency is unavailable + GITHUB-2419: TestNG JUnit reports are not valid if system output contains XML tags + GITHUB-2374: Add file name to the warning message + GITHUB-2321: -Dtestng.thread.affinity=true do not work when running multiple instance of test in parallel + GITHUB-2363: JS error when switching theme * Build with java source and target levels 8 * Require snakeyaml and beust-jcommander tomcat: - Update from version 9.0.31 to version 9.0.43 (jsc#SLE-23217) - CVE-2021-43980: Improve the recycling of Processor objects to make it more robust. (bsc#1203868) - CVE-2022-42252: Fixed a request smuggling. (bsc#1204918) - set logrotate for localhost.log, manager.log, host-manager.log and localhost_access_log.txt - use logrotate for catalina.out and configure server.xml - Use catalina.out for logging (bsc#1205647) - Do not hardcode /usr/libexec but use %%_libexecdir during the build where /usr/libexec and %%_libexecdir are different. - Build with source, target and release levels 8 (bsc#1201081) treelayout: - Build with source and target levels 8 (jsc#SLE-23217) trilead-ssh2: - Build with source and target levels 8 (jsc#SLE-23217) tycho: - Update tycho from version 1.2.0 to version 1.6.0. (jsc#SLE-23217) * Fix bootstrapping with new version of maven-install-plugin * Assure that all classes in tycho are understood by Java 8 (bsc#1198279) * Force building with java 11, since there is no config in tycho for java >= 15 * Do not force building with java 1.8, but with any java >= 1.8 * Drop support for obsolete modular JVMs (10 and 12) * Plexus Utils has been updated to version 3.3.0 as a prerequisite for other dependency updates. * ECJ has been updated to version 3.19.0. This version adds support for Java 12 bytecode and features. * JGit has been updated to version 5.5.0. * Equinox and p2 has been updated to their 2019-09 versions. * ObjectWeb ASM has been updated to version 7.0 from 5.0.3 which provides Java 11 compatibility in artifactcomparator. * Java 11: JDT was updated to 3.15.1 univocity-parsers: - Update univocity-parsers from version 2.5.5 to version 2.9.1. (jsc#SLE-23217) * Build with source and target levels 8 utfcpp: - Provide utfcpp version 3.2.1. (jsc#SLE-23217) * Required by antlr4. velocity: - Build with java source and target levels 8 (jsc#SLE-23217) - Do not build against the log4j12 packages, use the new reload4j werken-xpath: - Build with source and target levels 8 (jsc#SLE-23217) woodstox-core: - Update from version 5.2.0 to version 6.2.8. (jsc#SLE-23217) * Build with java source and target levels 8 wsdl4j: - Build with source and target levels 8 - Alias to axis:axis-wsdl4j ws-jaxme: - Do not build against the log4j12 packages, use the new reload4j (jsc#SLE-23217) - On relevant distributions, build against the standalone jaxb-api - Build with source/target levels 8 - Build against the standalone JavaEE modules unconditionally xalan-j2: - Do not link to the java_cup* compatibility links, but to the java-cup* ones - Build with source/target levels 8 xbean: - Update xbean from version 4.5 to version 4.20 (jsc#SLE-23217) * Do not build against the log4j12 packages, use the new reload4j * Upgrade to asm 9.1 * Remove unnecessary dependency on log4j and commons-logging xerces-j2: - Update xerces-j2 from version 2.12.0 to versionn 2.12.2 (jsc#SLE-23217) * CVE-2022-23437: Infinite loop within Apache XercesJ xml parser (bsc#1195108) * Build with source/target levels 8 xml-commons-apis: - Build with source and target levels 8 (jsc#SLE-23217) xml-commons-resolver: - Build with source and target levels 8 (jsc#SLE-23217) xmlgraphics-batik: - Update from version 1.10 to version 1.15 (jsc#SLE-23217) * CVE-2022-38398: Fixed information disclosure due to Jar url not being blocked by DefaultExternalResourceSecurity (bsc#1203674) * CVE-2022-38648: Fixed information disclosure due to missing blocking of external resource before calling fop (bsc#1203673) * CVE-2022-40146: Fixed information disclosure due to Jar url not being blocked by DefaultScriptSecurity (bsc#1203672) * CVE-2020-11987: Fixed SSRF due to improper input validation by the NodePickerPanel (bsc#1182748). * CVE-2019-17566: Fixed SSRF via "xlink:href" attributes (bsc#1172961). xmlgraphics-commons: - CVE-2020-11988: Fixed a server-side request forgery caused by improper input validation by the XMPParser. (bsc#281607) - Build with source/target levels 8 xmlgraphics-fop: - Update xmlgraphics-fop from version 2.1 to version 2.7. (jsc#SLE-23217) * Update PDFBox to 2.0.24 * Upgrade ant to 1.9.15 * Make the build reproducible (bsc#1047218) * Build against fontbox from apache-pdfbox >= 2 * Requires batik >= 1.11 * Package xmlgraphics-fop-hyph.jar and xmlgraphics-fop-sandbox.jar (bsc#1145693) xml-maven-plugin: - Build with source and target levels 8 (jsc#SLE-23217) xmlstreambuffer: - Provide xmlstreambuffer version 1.5.4 (jsc#SLE-23217) xmlunit: - Update xmlunit from version 1.5 to version 1.6 (jsc#SLE-23217) * Build with java source and target levels 8 xmvn-connector: Rename xmvn-connector-aether to xmvn-connector and provide it as version 4.0.0. (jsc#SLE-23217) xmvn-connector-gradle: - Update xmvn-connector-gradle from version 3.1.0 to version 4.0.0. (jsc#SLE-23217) * Make it standalone from xmvn sources xmvn-connector-ivy: - Update xmvn-connector-ivy from version 3.1.0 to version 4.0.0. (jsc#SLE-23217) * Make it standalone from xmvn sources xmvn-mojo: - Update xmvn-mojo from version 3.1.0 to version 4.0.0. (jsc#SLE-23217) * Bump codecov/codecov-action to 2.0.2 * Bump commons-compress from 1.20 to 1.21 in /xmvn-parent * Bump junit from 4.12 to 4.13.1 * Update compiler source/target to JDK 11 xmvn-parent: - Update xmvn-parent from version 3.1.0 to version 4.0.0. (jsc#SLE-23217) * Bump codecov/codecov-action to 2.0.2 * Bump commons-compress from 1.20 to 1.21 in /xmvn-parent * Update compiler source/target to JDK 11 xmvn-tools: - Update xmvn-tools from version 3.1.0 to version 4.0.0. (jsc#SLE-23217) * Build with modello 2.0.0 * Bump codecov/codecov-action to 2.0.2 * Drop bisect tool * Update compiler source/target to JDK 11 xmvn: - Update xmvn from version 3.1.0 to version 4.0.0. (jsc#SLE-23217) * Bump codecov/codecov-action to 2.0.2 * Bump commons-compress from 1.20 to 1.21 in /xmvn-parent * Fix Javadoc generation for non-JPMS project with JDK 11 * Remove superflous JARs from assembly * Rename xmvn-connector-aether to xmvn-connector * Move release plugins to pluginManagement * Move prerequisites on Maven version to xmvn-mojo * Bump junit 4.13.1 * Bump slf4jVersion from 1.8.0-beta4 to 2.0.0-alpha2 in /xmvn-parent * Update Maven plugin versions * Drop Ivy * Drop Gradle * Switch to SHA-256 in CacheManager * Update dependency xmlunit.assertj to xmlunit.assertj3 * Update compiler source/target to JDK 11 * Require the maven-libs we built against in order to avoid hanging symlinks xpp2: - Build with source/target levels 8 xpp3: - Build with source and target levels 8 (jsc#SLE-23217) xsom: - Provide xsom version 0~20140925. (jsc#SLE-23217) xstream: - Build against the standalone JavaEE modules unconditionally - Build against standalone activation-api and jaxb-api on systems where the JavaEE modules are not part of JDK xz-java: - Provide xz-java 1.8 and solve installation issues. (jsc#SLE-23217) - There are no source changes. zinc: - Disambiguate the requirements. Require directly sbt non-bootstrap - Build only *.scala and *.java files apache-commons-codec-1.15-150200.3.6.4.noarch.rpm apache-commons-codec-1.15-150200.3.6.4.src.rpm apache-commons-collections-3.2.2-150200.13.6.4.noarch.rpm apache-commons-collections-3.2.2-150200.13.6.4.src.rpm apache-commons-io-2.11.0-150200.3.9.4.noarch.rpm apache-commons-io-2.11.0-150200.3.9.4.src.rpm apache-commons-logging-1.2-150200.11.6.4.noarch.rpm apache-commons-logging-1.2-150200.11.6.4.src.rpm axis-1.4-150200.13.6.4.noarch.rpm axis-1.4-150200.13.6.4.src.rpm cal10n-0.8.1.10-150200.11.6.3.noarch.rpm cal10n-0.8.1.10-150200.11.6.3.src.rpm cglib-3.3.0-150200.3.6.5.noarch.rpm cglib-3.3.0-150200.3.6.5.src.rpm ecj-4.18-150200.3.6.4.noarch.rpm ecj-4.18-150200.3.6.4.src.rpm glassfish-activation-1.2.0-150200.5.3.4.src.rpm glassfish-activation-api-1.2.0-150200.5.3.4.noarch.rpm jakarta-commons-discovery-0.4-150000.4.8.2.noarch.rpm jakarta-commons-discovery-0.4-150000.4.8.2.src.rpm javamail-1.5.2-150200.3.4.4.noarch.rpm javamail-1.5.2-150200.3.4.4.src.rpm javapackages-filesystem-5.3.1-150200.3.4.4.x86_64.rpm javapackages-tools-5.3.1-150200.3.4.4.src.rpm javapackages-tools-5.3.1-150200.3.4.4.x86_64.rpm javapackages-tools-extras-5.3.1-150200.3.4.4.src.rpm jline1-1.0-150200.3.4.4.src.rpm jline1-1.0-150200.3.4.4.x86_64.rpm log4j-2.17.2-150200.4.24.13.noarch.rpm log4j-2.17.2-150200.4.24.13.src.rpm log4j-javadoc-2.17.2-150200.4.24.13.noarch.rpm log4j-jcl-2.17.2-150200.4.24.13.noarch.rpm log4j-slf4j-2.17.2-150200.4.24.13.noarch.rpm mx4j-3.0.2-150200.13.4.2.noarch.rpm mx4j-3.0.2-150200.13.4.2.src.rpm objectweb-asm-9.3-150200.3.4.4.noarch.rpm objectweb-asm-9.3-150200.3.4.4.src.rpm oro-2.0.8-150200.11.4.4.noarch.rpm oro-2.0.8-150200.11.4.4.src.rpm python3-javapackages-5.3.1-150200.3.4.4.noarch.rpm regexp-1.5-150200.11.4.4.noarch.rpm regexp-1.5-150200.11.4.4.src.rpm reload4j-1.2.20-150200.5.7.3.noarch.rpm reload4j-1.2.20-150200.5.7.3.src.rpm rhino-1.7.14-150200.12.4.4.noarch.rpm rhino-1.7.14-150200.12.4.4.src.rpm saxon9-9.4.0.7-150200.12.4.3.noarch.rpm saxon9-9.4.0.7-150200.12.4.3.src.rpm slf4j-1.7.36-150200.3.4.3.noarch.rpm slf4j-1.7.36-150200.3.4.3.src.rpm wsdl4j-1.6.3-150000.4.8.2.noarch.rpm wsdl4j-1.6.3-150000.4.8.2.src.rpm xalan-j2-2.7.2-150200.11.4.3.noarch.rpm xalan-j2-2.7.2-150200.11.4.3.src.rpm xerces-j2-2.12.2-150200.3.7.3.noarch.rpm xerces-j2-2.12.2-150200.3.7.3.src.rpm xml-commons-apis-1.4.01-150200.3.4.3.noarch.rpm xml-commons-apis-1.4.01-150200.3.4.3.src.rpm xml-commons-resolver-1.2-150200.3.4.3.noarch.rpm xml-commons-resolver-1.2-150200.3.4.3.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-812 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update fixes the following issues: dracut-saltboot: - Update to verion 0.1.1674034019.a93ff61 * Install copied wicked config as client.xml (bsc#1205599) - Update to version 0.1.1673279145.e7616bd grafana: - CVE-2022-46146: Fix basic authentication bypass by updating the exporter toolkit to version 0.7.3 (bsc#1208065,) - CVE-2022-41723: Require Go 1.19 or newer (bsc#1208293) - Update to version 8.5.20: * CVE-2022-23552: Security: SVG: Add dompurify preprocessor step (bsc#1207749) * CVE-2022-39324: Security: Snapshots: Fix originalUrl spoof security issue (bsc#1207750) * Security: Omit error from http response * Bug fix: Email and username trimming and invitation validation spacecmd: - Version 4.3.19-1 * Fix spacecmd not showing any output for softwarechannel_diff and softwarechannel_errata_diff (bsc#1207352) * Prevent string api parameters to be parsed as dates if not in ISO-8601 format (bsc#1205759) spacewalk-client-tools: - Version 4.3.15-1 * Update translation strings supportutils-plugin-salt: - Update to version 1.2.2 * Remove possible passwords from Salt configuration files (bsc#1201059) uyuni-proxy-systemd-services: - Version 4.3.8-1 * Allow using container images from different registry paths supportutils-plugin-salt-1.2.2-150000.3.13.1.noarch.rpm supportutils-plugin-salt-1.2.2-150000.3.13.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-807 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for salt fixes the following issues: - Fix problem with detecting PTF packages (bsc#1208691) - Fix pkg.version_cmp on openEuler systems and a few other OS flavors - Make pkg.remove function from zypperpkg module to handle also PTF packages python3-salt-3004-150400.8.25.1.x86_64.rpm True salt-3004-150400.8.25.1.src.rpm True salt-3004-150400.8.25.1.x86_64.rpm True salt-bash-completion-3004-150400.8.25.1.noarch.rpm True salt-doc-3004-150400.8.25.1.x86_64.rpm True salt-minion-3004-150400.8.25.1.x86_64.rpm True salt-zsh-completion-3004-150400.8.25.1.noarch.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2023-671 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for qemu fixes the following issues: - CVE-2022-4144: Fixed qxl_phys2virt unsafe address translation that can lead to out-of-bounds read (bsc#1205808). - CVE-2022-3165: Fixed integer underflow in vnc_client_cut_text_ext() (bsc#1203788). - CVE-2022-1050: Fixed use-after-free issue in pvrdma_exec_cmd() (bsc#1197653). Bugfixes: - Fixed deviation of guest clock (bsc#1206527). - Fixed broken "block limits" VPD emulation (bsc#1202364). qemu-6.2.0-150400.37.11.1.src.rpm qemu-tools-6.2.0-150400.37.11.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-1661 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for mdadm fixes the following issue: - Update the enable Intel Alderlake RSTe-configuration patca (bsc#1207868) mdadm-4.1-150300.24.24.2.src.rpm mdadm-4.1-150300.24.24.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-1709 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for yast2-bootloader fixes the following issue: - make secure boot for ppc64 consistent with how secure boot works on other architectures (bsc#1206295) yast2-bootloader-4.4.19-150400.3.6.1.src.rpm yast2-bootloader-4.4.19-150400.3.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-1880 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for systemd-rpm-macros fixes the following issue: - Don't emit a warning when the flag file in /var/lib/systemd/migrated/ is not present as it's expected (bsc#1208079). systemd-rpm-macros-12-150000.7.30.1.noarch.rpm systemd-rpm-macros-12-150000.7.30.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-1697 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for bind fixes the following issues: - A constant stream of zone additions and deletions via rndc reconfig could cause increased memory consumption due to delayed cleaning of view memory. - The speed of the message digest algorithms (MD5, SHA-1, SHA-2) and of NSEC3 hashing has been improved. - Building BIND 9 failed when the --enable-dnsrps switch for ./configure was used. (jsc#SLE-24600) - Updated keyring and signature bind-9.16.38-150400.5.20.2.src.rpm bind-utils-9.16.38-150400.5.20.2.x86_64.rpm python3-bind-9.16.38-150400.5.20.2.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-632 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for gnutls fixes the following issues: - FIPS: Fix pct_test() return code in case of error (bsc#1207183) - Increase the limit of TLS PSK usernames from 128 to 65535 characters. [bsc#1208237, jsc#PED-1562] gnutls-3.7.3-150400.4.32.1.src.rpm gnutls-3.7.3-150400.4.32.1.x86_64.rpm libgnutls-devel-3.7.3-150400.4.32.1.x86_64.rpm libgnutls30-3.7.3-150400.4.32.1.x86_64.rpm libgnutls30-32bit-3.7.3-150400.4.32.1.x86_64.rpm libgnutls30-hmac-3.7.3-150400.4.32.1.x86_64.rpm libgnutls30-hmac-32bit-3.7.3-150400.4.32.1.x86_64.rpm libgnutlsxx-devel-3.7.3-150400.4.32.1.x86_64.rpm libgnutlsxx28-3.7.3-150400.4.32.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-588 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for kdump fixes the following issues: - run kdump.service only after kdump-early.service (bsc#1196335) - don't skip infiniband interfaces (bsc#1186745) kdump-1.0.2+git20.g64239cc-150400.3.11.1.src.rpm kdump-1.0.2+git20.g64239cc-150400.3.11.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-705 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for postgresql14 fixes the following issues: Update to 14.7: - CVE-2022-41862: Fixed memory leak in libpq (bsc#1208102). postgresql14-14.7-150200.5.23.1.src.rpm postgresql14-14.7-150200.5.23.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-1954 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for xmlsec1 fixes the following issue: - Ship missing xmlsec1 to synchronize its version across different products (bsc#1201617) libxmlsec1-1-1.2.28-150100.7.13.4.x86_64.rpm libxmlsec1-gcrypt1-1.2.28-150100.7.13.4.x86_64.rpm libxmlsec1-gnutls1-1.2.28-150100.7.13.4.x86_64.rpm libxmlsec1-nss1-1.2.28-150100.7.13.4.x86_64.rpm libxmlsec1-openssl1-1.2.28-150100.7.13.4.x86_64.rpm xmlsec1-1.2.28-150100.7.13.4.src.rpm xmlsec1-1.2.28-150100.7.13.4.x86_64.rpm xmlsec1-devel-1.2.28-150100.7.13.4.x86_64.rpm xmlsec1-gcrypt-devel-1.2.28-150100.7.13.4.x86_64.rpm xmlsec1-gnutls-devel-1.2.28-150100.7.13.4.x86_64.rpm xmlsec1-nss-devel-1.2.28-150100.7.13.4.x86_64.rpm xmlsec1-openssl-devel-1.2.28-150100.7.13.4.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-1686 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libmicrohttpd fixes the following issues: - CVE-2023-27371: Fixed a parser bug that could be used to crash servers using the MHD_PostProcessor (bsc#1208745). libmicrohttpd-0.9.57-150000.3.3.1.src.rpm libmicrohttpd12-0.9.57-150000.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-794 critical SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for python-PyJWT fixes the following issues: - CVE-2022-29217: Fixed Key confusion through non-blocklisted public key formats (bsc#1199756). - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Update to 2.4.0 (bsc#1199756) - Explicit check the key for ECAlgorithm - Don't use implicit optionals - documentation fix: show correct scope - fix: Update copyright information - Don't mutate options dictionary in .decode_complete() - Add support for Python 3.10 - api_jwk: Add PyJWKSet.__getitem__ - Update usage.rst - Docs: mention performance reasons for reusing RSAPrivateKey when encoding - Fixed typo in usage.rst - Add detached payload support for JWS encoding and decoding - Replace various string interpolations with f-strings by python-PyJWT-2.4.0-150200.3.6.2.src.rpm python3-PyJWT-2.4.0-150200.3.6.2.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-1718 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) glibc-2.31-150300.46.1.src.rpm glibc-2.31-150300.46.1.x86_64.rpm glibc-devel-2.31-150300.46.1.x86_64.rpm glibc-extra-2.31-150300.46.1.x86_64.rpm glibc-i18ndata-2.31-150300.46.1.noarch.rpm glibc-info-2.31-150300.46.1.noarch.rpm glibc-lang-2.31-150300.46.1.noarch.rpm glibc-locale-2.31-150300.46.1.x86_64.rpm glibc-locale-base-2.31-150300.46.1.x86_64.rpm glibc-locale-base-32bit-2.31-150300.46.1.x86_64.rpm glibc-profile-2.31-150300.46.1.x86_64.rpm nscd-2.31-150300.46.1.x86_64.rpm glibc-32bit-2.31-150300.46.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-668 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libX11 fixes the following issues: - Fixed a regression introduced with security update for CVE-2022-3555 (bsc#1204425, bsc#1208881) libX11-1.6.5-150000.3.27.1.src.rpm libX11-6-1.6.5-150000.3.27.1.x86_64.rpm libX11-data-1.6.5-150000.3.27.1.noarch.rpm libX11-devel-1.6.5-150000.3.27.1.x86_64.rpm libX11-xcb1-1.6.5-150000.3.27.1.x86_64.rpm libX11-xcb1-32bit-1.6.5-150000.3.27.1.x86_64.rpm libX11-6-32bit-1.6.5-150000.3.27.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-868 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for python3 fixes the following issues: - CVE-2023-24329: Fixed a blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters (bsc#1208471). The following non-security bug was fixed: - Eliminate unnecessary and dangerous calls to PyThread_exit_thread() (bsc#1203355). libpython3_6m1_0-3.6.15-150300.10.45.1.x86_64.rpm python3-3.6.15-150300.10.45.1.src.rpm python3-3.6.15-150300.10.45.1.x86_64.rpm python3-base-3.6.15-150300.10.45.1.x86_64.rpm python3-core-3.6.15-150300.10.45.1.src.rpm python3-curses-3.6.15-150300.10.45.1.x86_64.rpm python3-dbm-3.6.15-150300.10.45.1.x86_64.rpm python3-devel-3.6.15-150300.10.45.1.x86_64.rpm python3-idle-3.6.15-150300.10.45.1.x86_64.rpm python3-tk-3.6.15-150300.10.45.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-731 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for xorg-x11-server fixes the following issues: - Fixed a regression introduced with security update for CVE-2022-46340 (bsc#1205874). xorg-x11-server-1.20.3-150400.38.19.1.src.rpm xorg-x11-server-1.20.3-150400.38.19.1.x86_64.rpm xorg-x11-server-extra-1.20.3-150400.38.19.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-1768 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for skopeo fixes the following issue: - rebuild against the current go1.19 version to make sure bugs and security issues are fixed. skopeo-0.1.41-150000.4.14.1.src.rpm skopeo-0.1.41-150000.4.14.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-746 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for perl-Net-Server fixes the following issues: - CVE-2013-1841: Fixed insufficient hostname access checking (bsc#808830). perl-Net-Server-2.009-150000.3.3.1.noarch.rpm perl-Net-Server-2.009-150000.3.3.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-1762 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for wireshark fixes the following issues: - CVE-2023-1161: Fixed crash in ISO 15765 and ISO 10681 dissector (bsc#1208914). Update to 3.6.12: * https://www.wireshark.org/docs/relnotes/wireshark-3.6.12.html libwireshark15-3.6.12-150000.3.86.1.x86_64.rpm libwiretap12-3.6.12-150000.3.86.1.x86_64.rpm libwsutil13-3.6.12-150000.3.86.1.x86_64.rpm wireshark-3.6.12-150000.3.86.1.src.rpm wireshark-3.6.12-150000.3.86.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-1298 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for ndctl fixes the following issues: - Fix parsing of environment variable NDCTL_TIMEOUT (bsc#1208548) libndctl-devel-71.1-150400.10.3.1.x86_64.rpm libndctl6-71.1-150400.10.3.1.x86_64.rpm ndctl-71.1-150400.10.3.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-790 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for kexec-tools fixes the following issues: - Remove ram_top restriction (bsc#1203410) kexec-tools-2.0.20-150400.16.3.1.src.rpm kexec-tools-2.0.20-150400.16.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-755 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for xf86-input-libinput fixes the following issues: - Make sure the device is valid when setting the tap button map (bsc#1208486) xf86-input-libinput-0.28.1-150400.15.3.1.src.rpm xf86-input-libinput-0.28.1-150400.15.3.1.x86_64.rpm xf86-input-libinput-devel-0.28.1-150400.15.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-781 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for vim fixes the following issues: - CVE-2023-0512: Fixed a divide By Zero (bsc#1207780). - CVE-2023-1175: vim: an incorrect calculation of buffer size (bsc#1208957). - CVE-2023-1170: Fixed a heap-based Buffer Overflow (bsc#1208959). - CVE-2023-1127: Fixed divide by zero in scrolldown() (bsc#1208828). Updated to version 9.0 with patch level 1386. - https://github.com/vim/vim/compare/v9.0.1234...v9.0.1386 vim-9.0.1386-150000.5.37.1.src.rpm vim-9.0.1386-150000.5.37.1.x86_64.rpm vim-data-9.0.1386-150000.5.37.1.noarch.rpm vim-data-common-9.0.1386-150000.5.37.1.noarch.rpm vim-small-9.0.1386-150000.5.37.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-743 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for gnutls fixes the following issues: FIPS: Establish PBKDF2 additional requirements [bsc#1209001] * Set the minimum output key length to 112 bits (FIPS 140-3 IG D.N) * Set the minimum salt length to 128 bits (SP 800-132 sec. 5.1) * Set the minimum iterations count to 1000 (SP 800-132 sec 5.2) * Set the minimum passlen of 20 characters (SP SP800-132 sec 5) * Add regression tests for the new PBKDF2 requirements. gnutls-3.7.3-150400.4.35.1.src.rpm gnutls-3.7.3-150400.4.35.1.x86_64.rpm libgnutls-devel-3.7.3-150400.4.35.1.x86_64.rpm libgnutls30-3.7.3-150400.4.35.1.x86_64.rpm libgnutls30-32bit-3.7.3-150400.4.35.1.x86_64.rpm libgnutls30-hmac-3.7.3-150400.4.35.1.x86_64.rpm libgnutls30-hmac-32bit-3.7.3-150400.4.35.1.x86_64.rpm libgnutlsxx-devel-3.7.3-150400.4.35.1.x86_64.rpm libgnutlsxx28-3.7.3-150400.4.35.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-782 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libgcrypt fixes the following issues: - FIPS: ECC: Transition to error-state if PCT fail [bsc#1208925] - FIPS: ECDSA: Avoid no-keytest in ECDSA keygen [bsc#1208924] - FIPS: PBKDF2: Added additional checks for the minimum key length, salt length, iteration count and passphrase length to the kdf FIPS indicator in _gcry_fips_indicator_kdf() [bsc#1208926] libgcrypt-1.9.4-150400.6.8.1.src.rpm libgcrypt-devel-1.9.4-150400.6.8.1.x86_64.rpm libgcrypt20-1.9.4-150400.6.8.1.x86_64.rpm libgcrypt20-32bit-1.9.4-150400.6.8.1.x86_64.rpm libgcrypt20-hmac-1.9.4-150400.6.8.1.x86_64.rpm libgcrypt20-hmac-32bit-1.9.4-150400.6.8.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-1810 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for cups fixes the following issues: - Fix print jobs on cups.sock return with EAGAIN (Resource temporarily unavailable) (bsc#1191525) - Fix "/usr/bin/lpr: Error - The printer or class does not exist (bsc#1203446) - Improves logging on 'IPP_STATUS_ERROR_NOT_FOUND' error (bsc#1191467, bsc#1198932) - Add "After=network.target sssd.service" to the systemd unit (bsc#1201234, bsc#1200321) cups-2.2.7-150000.3.40.1.src.rpm cups-2.2.7-150000.3.40.1.x86_64.rpm cups-client-2.2.7-150000.3.40.1.x86_64.rpm cups-config-2.2.7-150000.3.40.1.x86_64.rpm cups-devel-2.2.7-150000.3.40.1.x86_64.rpm libcups2-2.2.7-150000.3.40.1.x86_64.rpm libcups2-32bit-2.2.7-150000.3.40.1.x86_64.rpm libcupscgi1-2.2.7-150000.3.40.1.x86_64.rpm libcupsimage2-2.2.7-150000.3.40.1.x86_64.rpm libcupsmime1-2.2.7-150000.3.40.1.x86_64.rpm libcupsppdc1-2.2.7-150000.3.40.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-1882 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for makedumpfile fixes the following issues: - Fix memory leak issue in init_xen_crash_info (bsc#1201209) makedumpfile-1.7.0-150400.4.3.1.src.rpm makedumpfile-1.7.0-150400.4.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-796 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. NOTE: This update was retracted due to a serious regression in the i915 graphics card driver. - CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332). - CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331). - CVE-2023-0045: Fixed missing Flush IBP in ib_prctl_set (bsc#1207773). - CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208787). - CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm (bsc#1207845). - CVE-2023-22995: Fixed lacks of certain platform_device_put and kfree in drivers/usb/dwc3/dwc3-qcom.c (bsc#1208741). - CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer overflow (bsc#1207051). - CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700). The following non-security bugs were fixed: - [infiniband] READ is "data destination", not source... (git-fixes) - [xen] fix "direction" argument of iov_iter_kvec() (git-fixes). - acpi/x86: Add support for LPS0 callback handler (git-fixes). - acpi: NFIT: fix a potential deadlock during NFIT teardown (git-fixes). - acpi: PM: s2idle: Add support for upcoming AMD uPEP HID AMDI008 (bsc#1206224). - acpi: PM: s2idle: Use LPS0 idle if ACPI_FADT_LOW_POWER_S0 is unset (bsc#1206224). - acpi: battery: Fix missing NUL-termination with large strings (git-fixes). - acpi: x86: s2idle: Add a quirk for ASUS ROG Zephyrus G14 (bsc#1206224). - acpi: x86: s2idle: Add a quirk for ASUS TUF Gaming A17 FA707RE (bsc#1206224). - acpi: x86: s2idle: Add a quirk for ASUSTeK COMPUTER INC. ROG Flow X13 (bsc#1206224). - acpi: x86: s2idle: Add a quirk for Lenovo Slim 7 Pro 14ARH7 (bsc#1206224). - acpi: x86: s2idle: Add another ID to s2idle_dmi_table (bsc#1206224). - acpi: x86: s2idle: Add module parameter to prefer Microsoft GUID (bsc#1206224). - acpi: x86: s2idle: Fix a NULL pointer dereference (bsc#1206224). - acpi: x86: s2idle: Force AMD GUID/_REV 2 on HP Elitebook 865 (bsc#1206224). - acpi: x86: s2idle: If a new AMD _HID is missing assume Rembrandt (bsc#1206224). - acpi: x86: s2idle: Move _HID handling for AMD systems into structures (bsc#1206224). - acpi: x86: s2idle: Stop using AMD specific codepath for Rembrandt+ (bsc#1206224). - acpica: Drop port I/O validation for some regions (git-fixes). - acpica: nsrepair: handle cases without a return value correctly (git-fixes). - alsa: emux: Avoid potential array out-of-bound in snd_emux_xg_control() (git-fixes). - alsa: hda/ca0132: minor fix for allocation size (git-fixes). - alsa: hda/conexant: add a new hda codec SN6180 (git-fixes). - alsa: hda/realtek - fixed wrong gpio assigned (git-fixes). - alsa: hda/realtek: Add Positivo N14KP6-TG (git-fixes). - alsa: hda/realtek: Add quirk for ASUS UM3402 using CS35L41 (git-fixes). - alsa: hda/realtek: Enable mute/micmute LEDs on HP Elitebook, 645 G9 (git-fixes). - alsa: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro 360 (git-fixes). - alsa: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-fixes). - alsa: hda: Do not unset preset when cleaning up codec (git-fixes). - alsa: ice1712: Delete unreachable code in aureon_add_controls() (git-fixes). - alsa: ice1712: Do not left ice->gpio_mutex locked in aureon_add_controls() (git-fixes). - alsa: pci: lx6464es: fix a debug loop (git-fixes). - applicom: Fix PCI device refcount leak in applicom_init() (git-fixes). - arm64: dts: amlogic: meson-sm1-odroid-hc4: fix active fan thermal trip (git-fixes). - arm64: dts: imx8m: Align SoC unique ID node unit address (git-fixes). - arm64: dts: mediatek: mt7622: Add missing pwm-cells to pwm node (git-fixes). - arm64: dts: mediatek: mt8183: Fix systimer 13 MHz clock description (git-fixes). - arm64: dts: meson-axg: Make mmc host controller interrupts level-sensitive (git-fixes). - arm64: dts: meson-g12-common: Make mmc host controller interrupts level-sensitive (git-fixes). - arm64: dts: meson-g12a: Fix internal Ethernet PHY unit name (git-fixes). - arm64: dts: meson-gx: Fix Ethernet MAC address unit name (git-fixes). - arm64: dts: meson-gx: Fix the SCPI DVFS node name and unit address (git-fixes). - arm64: dts: meson-gx: Make mmc host controller interrupts level-sensitive (git-fixes). - arm64: dts: meson: bananapi-m5: switch VDDIO_C pin to OPEN_DRAIN (git-fixes). - arm64: dts: meson: remove CPU opps below 1GHz for G12A boards (git-fixes). - arm64: dts: mt8192: Fix CPU map for single-cluster SoC (git-fixes). - arm64: dts: qcom: ipq8074: correct Gen2 PCIe ranges (git-fixes). - arm64: dts: qcom: ipq8074: correct USB3 QMP PHY-s clock output names (git-fixes). - arm64: dts: qcom: ipq8074: fix Gen3 PCIe node (git-fixes). - arm64: dts: qcom: qcs404: use symbol names for PCIe resets (git-fixes). - arm64: dts: qcom: sc7180: correct SPMI bus address cells (git-fixes). - arm64: dts: qcom: sc7280: correct SPMI bus address cells (git-fixes). - arm64: dts: qcom: sdm845-db845c: fix audio codec interrupt pin name (git-fixes). - arm64: dts: qcom: sm8150-kumano: Panel framebuffer is 2.5k instead of 4k (git-fixes). - arm64: dts: renesas: beacon-renesom: Fix gpio expander reference (git-fixes). - arm64: dts: rockchip: drop unused LED mode property from rk3328-roc-cc (git-fixes). - arm64: dts: ti: k3-j7200: Fix wakeup pinmux range (git-fixes). - arm64: efi: Make efi_rt_lock a raw_spinlock (git-fixes). - arm: OMAP1: call platform_device_put() in error case in omap1_dm_timer_init() (git-fixes). - arm: OMAP2+: Fix memory leak in realtime_counter_init() (git-fixes). - arm: bcm2835_defconfig: Enable the framebuffer (git-fixes). - arm: dts: am5748: keep usb4_tm disabled (git-fixes) - arm: dts: exynos: correct HDMI phy compatible in Exynos4 (git-fixes). - arm: dts: exynos: correct TMU phandle in Exynos4 (git-fixes). - arm: dts: exynos: correct TMU phandle in Exynos4210 (git-fixes). - arm: dts: exynos: correct TMU phandle in Exynos5250 (git-fixes). - arm: dts: exynos: correct TMU phandle in Odroid HC1 (git-fixes). - arm: dts: exynos: correct TMU phandle in Odroid XU (git-fixes). - arm: dts: exynos: correct TMU phandle in Odroid XU3 family (git-fixes). - arm: dts: exynos: correct wr-active property in Exynos3250 Rinato (git-fixes). - arm: dts: imx7-colibri-eval-v3: correct can controller comment (git-fixes) - arm: dts: imx7s: correct iomuxc gpr mux controller cells (git-fixes). - arm: dts: qcom: msm8974: add required ranges to OCMEM (git-fixes) - arm: dts: qcom: sdx55: Add Qcom SMMU-500 as the fallback for IOMMU node (git-fixes). - arm: dts: rockchip: add power-domains property to dp node on rk3288 (git-fixes). - arm: dts: spear320-hmi: correct STMPE GPIO compatible (git-fixes). - arm: dts: stm32: add missing usbh clock and fix clk order on (git-fixes) - arm: dts: stm32: use usbphyc ck_usbo_48m as USBH OHCI clock on (git-fixes) - arm: dts: sun8i: nanopi-duo2: Fix regulator GPIO reference (git-fixes). - arm: imx: Call ida_simple_remove() for ida_simple_get (git-fixes). - arm: imx: rename DEBUG_IMX21_IMX27_UART to DEBUG_IMX27_UART (git-fixes) - arm: omap: remove debug-leds driver (git-fixes) - arm: remove some dead code (git-fixes) - arm: renumber bits related to _TIF_WORK_MASK (git-fixes) - arm: s3c: fix s3c64xx_set_timer_source prototype (git-fixes). - arm: shmobile: rcar-gen2: Add missing of_node_put() (git-fixes) - arm: zynq: Fix refcount leak in zynq_early_slcr_init (git-fixes). - asoc: Intel: boards: fix spelling in comments (git-fixes). - asoc: Intel: bytcht_es8316: Drop reference count of ACPI device after use (git-fixes). - asoc: Intel: bytcht_es8316: move comment to the right place (git-fixes). - asoc: Intel: sof_cs42l42: always set dpcm_capture for amplifiers (git-fixes). - asoc: Intel: sof_rt5682: always set dpcm_capture for amplifiers (git-fixes). - asoc: adau7118: do not disable regulators on device unbind (git-fixes). - asoc: cs42l56: fix DT probe (git-fixes). - asoc: dt-bindings: meson: fix gx-card codec node regex (git-fixes). - asoc: mchp-spdifrx: Fix uninitialized use of mr in mchp_spdifrx_hw_params() (git-fixes). - asoc: mchp-spdifrx: disable all interrupts in mchp_spdifrx_dai_remove() (git-fixes). - asoc: mchp-spdifrx: fix controls which rely on rsr register (git-fixes). - asoc: rsnd: Remove unnecessary rsnd_dbg_dai_call() (git-fixes). - asoc: rsnd: fixup #endif position (git-fixes). - asoc: rt715-sdca: fix clock stop prepare timeout issue (git-fixes). - asoc: soc-compress.c: fixup private_data on snd_soc_new_compress() (git-fixes). - asoc: soc-dapm.h: fixup warning struct snd_pcm_substream not declared (git-fixes). - asoc: tlv320adcx140: fix 'ti,gpio-config' DT property init (git-fixes). - asoc: topology: Return -ENOMEM on memory allocation failure (git-fixes). - auxdisplay: hd44780: Fix potential memory leak in hd44780_remove() (git-fixes). - avoid deadlock for recursive I/O on dm-thin when used as swap (bsc#1177529). - backlight: backlight: Fix doc for backlight_device_get_by_name (git-fixes). - blk-cgroup: fix missing pd_online_fn() while activating policy (git-fixes). - blk-mq: fix possible memleak when register 'hctx' failed (git-fixes). - block, bfq: fix uaf for bfqq in bic_set_bfqq() (git-fixes). - block/bfq-iosched.c: use "false" rather than "BLK_RW_ASYNC" (git-fixes). - block: bio-integrity: Copy flags when bio_integrity_payload is cloned (bsc#1208541). - block: clear ->slave_dir when dropping the main slave_dir reference (git-fixes). - block: do not allow splitting of a REQ_NOWAIT bio (git-fixes). - block: fix and cleanup bio_check_ro (git-fixes). - block: mq-deadline: Do not break sequential write streams to zoned HDDs (git-fixes). - block: mq-deadline: Rename deadline_is_seq_writes() (git-fixes). - bluetooth: L2CAP: Fix potential user-after-free (git-fixes). - bluetooth: hci_qca: get wakeup status from serdev device handle (git-fixes). - bpf: Fix a possible task gone issue with bpf_send_signal[_thread]() helpers (git-fixes). - bpf: Skip task with pid=1 in send_signal_common() (git-fixes). - can: j1939: do not wait 250 ms if the same addr was already claimed (git-fixes). - ceph: flush cap releases when the session is flushed (bsc#1208428). - clk: Honor CLK_OPS_PARENT_ENABLE in clk_core_is_enabled() (git-fixes). - clk: imx: avoid memory leak (git-fixes). - clk: mxl: Add option to override gate clks (git-fixes). - clk: mxl: Fix a clk entry by adding relevant flags (git-fixes). - clk: mxl: Remove redundant spinlocks (git-fixes). - clk: mxl: Switch from direct readl/writel based IO to regmap based IO (git-fixes). - clk: mxl: syscon_node_to_regmap() returns error pointers (git-fixes). - clk: qcom: gcc-qcs404: disable gpll[04]_out_aux parents (git-fixes). - clk: qcom: gcc-qcs404: fix names of the DSI clocks used as parents (git-fixes). - clk: ralink: fix 'mt7621_gate_is_enabled()' function (git-fixes). - clk: renesas: cpg-mssr: Fix use after free if cpg_mssr_common_init() failed (git-fixes). - clk: renesas: cpg-mssr: Remove superfluous check in resume code (git-fixes). - comedi: use menuconfig for main Comedi menu (git-fixes). - crypto: ccp - Avoid page allocation failure warning for SEV_GET_ID2 (git-fixes). - crypto: ccp - Failure on re-initialization due to duplicate sysfs filename (git-fixes). - crypto: crypto4xx - Call dma_unmap_page when done (git-fixes). - crypto: essiv - Handle EBUSY correctly (git-fixes). - crypto: qat - fix out-of-bounds read (git-fixes). - crypto: rsa-pkcs1pad - Use akcipher_request_complete (git-fixes). - crypto: seqiv - Handle EBUSY correctly (git-fixes). - crypto: x86/ghash - fix unaligned access in ghash_setkey() (git-fixes). - crypto: xts - Handle EBUSY correctly (git-fixes). - dmaengine: dw-axi-dmac: Do not dereference NULL structure (git-fixes). - dmaengine: dw-edma: Do not permit non-inc interleaved xfers (git-fixes). - dmaengine: dw-edma: Drop chancnt initialization (git-fixes). - dmaengine: dw-edma: Fix invalid interleaved xfers semantics (git-fixes). - dmaengine: dw-edma: Fix missing src/dst address of interleaved xfers (git-fixes). - dmaengine: dw-edma: Fix readq_ch() return value truncation (git-fixes). - dmaengine: idxd: Set traffic class values in GRPCFG on DSA 2.0 (git-fixes). - dmaengine: ptdma: check for null desc before calling pt_cmd_callback (git-fixes). - docs: ftrace: fix a issue with duplicated subtitle number (git-fixes). - docs: gdbmacros: print newest record (git-fixes). - documentation: simplify and clarify DCO contribution example language (git-fixes). - driver core: fix potential null-ptr-deref in device_add() (git-fixes). - driver core: fix resource leak in device_add() (git-fixes). - driver core: fw_devlink: Add DL_FLAG_CYCLE support to device links (git-fixes). - drivers/md/md-bitmap: check the return value of md_bitmap_get_counter() (git-fixes). - drivers: base: transport_class: fix possible memory leak (git-fixes). - drivers: base: transport_class: fix resource leak when transport_add_device() fails (git-fixes). - drm/amd/display: Fail atomic_check early on normalize_zpos error (git-fixes). - drm/amd/display: Fix timing not changning when freesync video is enabled (git-fixes). - drm/amd/display: Properly handle additional cases where DCN is not supported (git-fixes). - drm/amd/display: reduce else-if to else in dcn10_blank_pixel_data() (git-fixes). - drm/amdgpu/fence: Fix oops due to non-matching drm_sched init/fini (git-fixes). - drm/amdgpu: fix enum odm_combine_mode mismatch (git-fixes). - drm/bridge: lt8912b: Add hot plug detection (git-fixes). - drm/bridge: lt9611: fix HPD reenablement (git-fixes). - drm/bridge: lt9611: fix clock calculation (git-fixes). - drm/bridge: lt9611: fix polarity programming (git-fixes). - drm/bridge: lt9611: fix programming of video modes (git-fixes). - drm/bridge: lt9611: fix sleep mode setup (git-fixes). - drm/bridge: lt9611: pass a pointer to the of node (git-fixes). - drm/bridge: megachips: Fix error handling in i2c_register_driver() (git-fixes). - drm/fourcc: Add missing big-endian XRGB1555 and RGB565 formats (git-fixes). - drm/hyperv : Removing the restruction of VRAM allocation with PCI bar size (git-fixes). - drm/hyperv: Fix an error handling path in hyperv_vmbus_probe() (git-fixes). - drm/i915/gen11: Moving WAs to icl_gt_workarounds_init() (git-fixes). - drm/i915/gen11: Wa_1408615072/Wa_1407596294 should be on GT list (git-fixes). - drm/i915: Do not use BAR mappings for ring buffers with LLC (git-fixes). - drm/i915: Fix VBT DSI DVO port handling (git-fixes). - drm/i915: Initialize the obj flags for shmem objects (git-fixes). - drm/mediatek: Clean dangling pointer on bind error path (git-fixes). - drm/mediatek: Drop unbalanced obj unref (git-fixes). - drm/mediatek: Use NULL instead of 0 for NULL pointer (git-fixes). - drm/mediatek: dsi: Reduce the time of dsi from LP11 to sending cmd (git-fixes). - drm/mediatek: mtk_drm_crtc: Add checks for devm_kcalloc (git-fixes). - drm/mipi-dsi: Fix byte order of 16-bit DCS set/get brightness (git-fixes). - drm/msm/adreno: Fix null ptr access in adreno_gpu_cleanup() (git-fixes). - drm/msm/dpu: Add check for cstate (git-fixes). - drm/msm/dpu: Add check for pstates (git-fixes). - drm/msm/dpu: Disallow unallocated resources to be returned (git-fixes). - drm/msm/dpu: drop stale comment from struct dpu_mdp_cfg doc (git-fixes). - drm/msm/dpu: set pdpu->is_rt_pipe early in dpu_plane_sspp_atomic_update() (git-fixes). - drm/msm/gem: Add check for kmalloc (git-fixes). - drm/msm/hdmi: Add missing check for alloc_ordered_workqueue (git-fixes). - drm/msm/mdp5: Add check for kzalloc (git-fixes). - drm/msm: clean event_thread->worker in case of an error (git-fixes). - drm/msm: use strscpy instead of strncpy (git-fixes). - drm/nouveau/devinit/tu102-: wait for GFW_BOOT_PROGRESS == COMPLETED (git-fixes). - drm/omapdrm: Remove unused struct csc_coef_rgb2yuv (git-fixes). - drm/vc4: hdmi: Correct interlaced timings again (git-fixes). - drm/vc4: hvs: Fix colour order for xRGB1555 on HVS5 (git-fixes). - drm/vc4: hvs: Set AXI panic modes (git-fixes). - drm/vc4: vec: Use pm_runtime_resume_and_get() in vc4_vec_encoder_enable() (git-fixes). - drm/virtio: exbuf->fence_fd unmodified on interrupted wait (git-fixes). - drm/vkms: Fix memory leak in vkms_init() (git-fixes). - drm/vkms: Fix null-ptr-deref in vkms_release() (git-fixes). - drm: Fix potential null-ptr-deref due to drmm_mode_config_init() (git-fixes). - drm: mxsfb: DRM_MXSFB should depend on ARCH_MXS || ARCH_MXC (git-fixes). - drm: tidss: Fix pixel format definition (git-fixes). - dt-bindings: arm: fsl: Fix bindings for APF28Dev board (git-fixes). - dt-bindings: hwlock: sun6i: Add missing #hwlock-cells (git-fixes). - dt-bindings: input: iqs626a: Redefine trackpad property types (git-fixes). - dt-bindings: msm: dsi-controller-main: Add vdd* descriptions back in (git-fixes). - dt-bindings: net: snps,dwmac: Fix snps,reset-delays-us dependency (git-fixes). - dt-bindings: power: supply: pm8941-coincell: Do not require charging properties (git-fixes). - dt-bindings: usb: amlogic,meson-g12a-usb-ctrl: make G12A usb3-phy0 optional (git-fixes). - eeprom: idt_89hpesx: Fix error handling in idt_init() (git-fixes). - efi: Accept version 2 of memory attributes table (git-fixes). - exit: Add and use make_task_dead (bsc#1207328). - exit: Allow oops_limit to be disabled (bsc#1207328). - exit: Guarantee make_task_dead leaks the tsk when calling do_task_exit (bsc#1207328). - exit: Move force_uaccess back into do_exit (bsc#1207328). - exit: Move oops specific logic from do_exit into make_task_dead (bsc#1207328). - exit: Put an upper limit on how often we can oops (bsc#1207328). - exit: Stop poorly open coding do_task_dead in make_task_dead (bsc#1207328). - exit: Use READ_ONCE() for all oops/warn limit reads (bsc#1207328). - ext4,f2fs: fix readahead of verity data (bsc#1207648). - ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode (bsc#1207619). - ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878). - ext4: add helper to check quota inums (bsc#1207618). - ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop (bsc#1207617). - ext4: add missing validation of fast-commit record lengths (bsc#1207626). - ext4: allocate extended attribute value in vmalloc area (bsc#1207635). - ext4: avoid crash when inline data creation follows DIO write (bsc#1206883). - ext4: avoid resizing to a partial cluster size (bsc#1206880). - ext4: avoid unaccounted block allocation when expanding inode (bsc#1207634). - ext4: continue to expand file system when the target size does not reach (bsc#1206882). - ext4: correct cluster len and clusters changed accounting in ext4_mb_mark_bb (bsc#1207592). - ext4: correct max_inline_xattr_value_size computing (bsc#1206878). - ext4: correct the misjudgment in ext4_iget_extra_inode (bsc#1206878). - ext4: disable fast-commit of encrypted dir operations (bsc#1207623). - ext4: do not allow journal inode to have encrypt flag (bsc#1207621). - ext4: do not increase iversion counter for ea_inodes (bsc#1207605). - ext4: do not run ext4lazyinit for read-only filesystems (bsc#1207603). - ext4: do not set up encryption key during jbd2 transaction (bsc#1207624). - ext4: drop ineligible txn start stop APIs (bsc#1207588). - ext4: ext4_read_bh_lock() should submit IO if the buffer isn't uptodate (bsc#1207606). - ext4: factor out ext4_fc_get_tl() (bsc#1207615). - ext4: fast commit may miss file actions (bsc#1207591). - ext4: fast commit may not fallback for ineligible commit (bsc#1207590). - ext4: fix BUG_ON() when directory entry has invalid rec_len (bsc#1206886). - ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0 (bsc#1206881). - ext4: fix bug_on in __es_tree_search caused by bad boot loader inode (bsc#1207620). - ext4: fix bug_on in start_this_handle during umount filesystem (bsc#1207594). - ext4: fix deadlock due to mbcache entry corruption (bsc#1207653). - ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline (bsc#1207631). - ext4: fix dir corruption when ext4_dx_add_entry() fails (bsc#1207608). - ext4: fix error code return to user-space in ext4_get_branch() (bsc#1207630). - ext4: fix ext4_mb_mark_bb() with flex_bg with fast_commit (bsc#1207593). - ext4: fix extent status tree race in writeback error recovery path (bsc#1206877). - ext4: fix inode leak in ext4_xattr_inode_create() on an error path (bsc#1207636). - ext4: fix kernel BUG in 'ext4_write_inline_data_end()' (bsc#1206894). - ext4: fix leaking uninitialized memory in fast-commit journal (bsc#1207625). - ext4: fix miss release buffer head in ext4_fc_write_inode (bsc#1207609). - ext4: fix null-ptr-deref in ext4_write_info (bsc#1206884). - ext4: fix off-by-one errors in fast-commit block filling (bsc#1207628). - ext4: fix potential memory leak in ext4_fc_record_modified_inode() (bsc#1207611). - ext4: fix potential memory leak in ext4_fc_record_regions() (bsc#1207612). - ext4: fix potential out of bound read in ext4_fc_replay_scan() (bsc#1207616). - ext4: fix reserved cluster accounting in __es_remove_extent() (bsc#1207637). - ext4: fix unaligned memory access in ext4_fc_reserve_space() (bsc#1207627). - ext4: fix undefined behavior in bit shift for ext4_check_flag_values (bsc#1206890). - ext4: fix uninititialized value in 'ext4_evict_inode' (bsc#1206893). - ext4: fix use-after-free in ext4_ext_shift_extents (bsc#1206888). - ext4: fix use-after-free in ext4_orphan_cleanup (bsc#1207622). - ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878). - ext4: fix warning in 'ext4_da_release_space' (bsc#1206887). - ext4: goto right label 'failed_mount3a' (bsc#1207610). - ext4: init quota for 'old.inode' in 'ext4_rename' (bsc#1207629). - ext4: initialize quota before expanding inode in setproject ioctl (bsc#1207633). - ext4: introduce EXT4_FC_TAG_BASE_LEN helper (bsc#1207614). - ext4: limit the number of retries after discarding preallocations blocks (bsc#1207602). - ext4: make ext4_lazyinit_thread freezable (bsc#1206885). - ext4: place buffer head allocation before handle start (bsc#1207607). - ext4: silence the warning when evicting inode with dioread_nolock (bsc#1206889). - ext4: simplify updating of fast commit stats (bsc#1207589). - ext4: update 'state->fc_regions_size' after successful memory allocation (bsc#1207613). - ext4: update s_overhead_clusters in the superblock during an on-line resize (bsc#1206876). - fbdev: smscufx: fix error handling code in ufx_usb_probe (git-fixes). - firmware: coreboot: Remove GOOGLE_COREBOOT_TABLE_ACPI/OF Kconfig entries (git-fixes). - firmware: dmi-sysfs: Fix null-ptr-deref in dmi_sysfs_register_handle (git-fixes). - firmware: stratix10-svc: add missing gen_pool_destroy() in stratix10_svc_drv_probe() (git-fixes). - fix page corruption caused by racy check in __free_pages (bsc#1208149). - fs: ext4: initialize fsdata in pagecache_write() (bsc#1207632). - fscache_cookie_enabled: check cookie is valid before accessing it (bsc#1208429). - fuse: add inode/permission checks to fileattr_get/fileattr_set (bsc#1208759). - genirq: Provide new interfaces for affinity hints (bsc#1208153). - gpio: tegra186: remove unneeded loop in tegra186_gpio_init_route_mapping() (git-fixes). - gpio: vf610: connect GPIO label to dev name (git-fixes). - gpu: host1x: Do not skip assigning syncpoints to channels (git-fixes). - gpu: ipu-v3: common: Add of_node_put() for reference returned by of_graph_get_port_by_id() (git-fixes). - hid: asus: use spinlock to protect concurrent accesses (git-fixes). - hid: asus: use spinlock to safely schedule workers (git-fixes). - hid: bigben: use spinlock to protect concurrent accesses (git-fixes). - hid: bigben: use spinlock to safely schedule workers (git-fixes). - hid: bigben_probe(): validate report count (git-fixes). - hid: bigben_worker() remove unneeded check on report_field (git-fixes). - hid: core: Fix deadloop in hid_apply_multiplier (git-fixes). - hid: elecom: add support for TrackBall 056E:011C (git-fixes). - hv: fix comment typo in vmbus_channel/low_latency (git-fixes). - hv_netvsc: Allocate memory in netvsc_dma_map() with GFP_ATOMIC (git-fixes). - hv_netvsc: Check status in SEND_RNDIS_PKT completion message (git-fixes). - hwmon: (ftsteutates) Fix scaling of measurements (git-fixes). - hwmon: (ltc2945) Handle error case in ltc2945_value_store (git-fixes). - hwmon: (mlxreg-fan) Return zero speed for broken fan (git-fixes). - i2c: designware-pci: Add new PCI IDs for AMD NAVI GPU (git-fixes). - i2c: designware: fix i2c_dw_clk_rate() return size to be u32 (git-fixes). - i2c: mxs: suppress probe-deferral error message (git-fixes). - i2c: rk3x: fix a bunch of kernel-doc warnings (git-fixes). - ib/hfi1: Restore allocated resources on failed copyout (git-fixes) - ib/ipoib: Fix legacy IPoIB due to wrong number of queues (git-fixes) - iio: light: tsl2563: Do not hardcode interrupt trigger type (git-fixes). - input: ads7846 - always set last command to PWRDOWN (git-fixes). - input: ads7846 - do not check penirq immediately for 7845 (git-fixes). - input: ads7846 - do not report pressure for ads7845 (git-fixes). - input: iqs269a - configure device with a single block write (git-fixes). - input: iqs269a - drop unused device node references (git-fixes). - input: iqs269a - increase interrupt handler return delay (git-fixes). - input: iqs626a - drop unused device node references (git-fixes). - iommu/hyper-v: Allow hyperv irq remapping without x2apic (git-fixes). - ipmi:ssif: Add a timer between request retries (bsc#1206459). - ipmi:ssif: Remove rtc_us_timer (bsc#1206459). - ipmi:ssif: resend_msg() cannot fail (bsc#1206459). - ipmi_ssif: Rename idle state and check (bsc#1206459). - irqchip/gic-v3: Refactor ISB + EOIR at ack time (git-fixes) - jbd2: Fix up kABI of ext4 fast commit interface (bsc#1207590). - jbd2: add miss release buffer head in fc_do_one_pass() (bsc#1207646). - jbd2: fix a potential race while discarding reserved buffers after an abort (bsc#1207641). - jbd2: fix potential buffer head reference count leak (bsc#1207644). - jbd2: fix potential use-after-free in jbd2_fc_wait_bufs (bsc#1207645). - jbd2: wake up journal waiters in FIFO order, not LIFO (bsc#1207643). - kabi fix for: NFSv3: handle out-of-order write replies (bsc#1205544). - kasan: no need to unset panic_on_warn in end_report() (bsc#1207328). - leds: led-class: Add missing put_device() to led_put() (git-fixes). - leds: led-core: Fix refcount leak in of_led_get() (git-fixes). - lib/mpi: Fix buffer overrun when SG is too long (git-fixes). - lib/zlib: remove redundation assignement of avail_in dfltcc_gdht() (git-fixes). - locking/rwsem: Allow slowpath writer to ignore handoff bit if not set by first waiter (bsc#1207270). - locking/rwsem: Always try to wake waiters in out_nolock path (bsc#1207270). - locking/rwsem: Conditionally wake waiters in reader/writer slowpaths (bsc#1207270). - locking/rwsem: Disable preemption in all down_read*() and up_read() code paths (bsc#1207270). - locking/rwsem: Disable preemption in all down_write*() and up_write() code paths (bsc#1207270). - locking/rwsem: Disable preemption while trying for rwsem lock (bsc#1207270). - locking/rwsem: Make handoff bit handling more consistent (bsc#1207270). - locking/rwsem: No need to check for handoff bit if wait queue empty (bsc#1207270). - locking/rwsem: Prevent non-first waiter from spinning in down_write() slowpath (bsc#1207270). - locking: Add missing __sched attributes (bsc#1207270). - mbcache: Avoid nesting of cache->c_list_lock under bit locks (bsc#1207647). - mbcache: Fixup kABI of mb_cache_entry (bsc#1207653). - md/bitmap: Fix bitmap chunk size overflow issues (git-fixes). - md/raid1: stop mdx_raid1 thread when raid1 array run failed (git-fixes). - md: fix a crash in mempool_free (git-fixes). - media: i2c: ov7670: 0 instead of -EINVAL was returned (git-fixes). - media: i2c: ov772x: Fix memleak in ov772x_probe() (git-fixes). - media: ipu3-cio2: Fix PM runtime usage_count in driver unbind (git-fixes). - media: max9286: Fix memleak in max9286_v4l2_register() (git-fixes). - media: ov2740: Fix memleak in ov2740_init_controls() (git-fixes). - media: ov5675: Fix memleak in ov5675_init_controls() (git-fixes). - media: rc: Fix use-after-free bugs caused by ene_tx_irqsim() (git-fixes). - media: saa7134: Use video_unregister_device for radio_dev (git-fixes). - media: usb: siano: Fix use after free bugs caused by do_submit_urb (git-fixes). - media: v4l2-jpeg: correct the skip count in jpeg_parse_app14_data (git-fixes). - media: v4l2-jpeg: ignore the unknown APP14 marker (git-fixes). - mfd: cs5535: Do not build on UML (git-fixes). - mfd: pcf50633-adc: Fix potential memleak in pcf50633_adc_async_read() (git-fixes). - misc/mei/hdcp: Use correct macros to initialize uuid_le (git-fixes). - misc: enclosure: Fix doc for enclosure_find() (git-fixes). - mmc: jz4740: Work around bug on JZ4760(B) (git-fixes). - mmc: mmc_spi: fix error handling in mmc_spi_probe() (git-fixes). - mmc: sdio: fix possible resource leaks in some error paths (git-fixes). - move upstreamed i915 and media fixes into sorted section - mtd: dataflash: remove duplicate SPI ID table (git-fixes). - mtd: rawnand: fsl_elbc: Propagate HW ECC settings to HW (git-fixes). - mtd: rawnand: sunxi: Clean up chips after failed init (git-fixes). - mtd: rawnand: sunxi: Fix the size of the last OOB region (git-fixes). - mtd: spi-nor: Fix shift-out-of-bounds in spi_nor_set_erase_type (git-fixes). - mtd: spi-nor: core: fix implicit declaration warning (git-fixes). - mtd: spi-nor: sfdp: Fix index value for SCCR dwords (git-fixes). - mtd: spi-nor: spansion: Consider reserved bits in CFR5 register (git-fixes). - net/rose: Fix to not accept on connected socket (git-fixes). - net/usb: kalmia: Do not pass act_len in usb_bulk_msg error path (git-fixes). - net/x25: Fix to not accept on connected socket (git-fixes). - net: USB: Fix wrong-direction WARNING in plusb.c (git-fixes). - net: mana: Assign interrupts to CPUs based on NUMA nodes (bsc#1208153). - net: mana: Fix IRQ name - add PCI and queue number (bsc#1207875). - net: mana: Fix accessing freed irq affinity_hint (bsc#1208153). - net: openvswitch: fix possible memory leak in ovs_meter_cmd_set() (git-fixes). - net: phy: meson-gxl: use MMD access dummy stubs for GXL, internal PHY (git-fixes). - nfc: fix memory leak of se_io context in nfc_genl_se_io (git-fixes). - nfcv3: handle out-of-order write replies (bsc#1205544). - nvdimm: disable namespace on error (bsc#1166486). - nvme-fabrics: show well known discovery name (bsc#1200054). - objtool: Add a missing comma to avoid string concatenation (bsc#1207328). - ocfs2: Fix data corruption after failed write (bsc#1208542). - ocfs2: clear dinode links count in case of error (bsc#1207650). - ocfs2: fix BUG when iput after ocfs2_mknod fails (bsc#1207649). - ocfs2: fix crash when mount with quota enabled (bsc#1207640). - ocfs2: fix memory leak in ocfs2_mount_volume() (bsc#1207652). - ocfs2: fix memory leak in ocfs2_stack_glue_init() (bsc#1207651). - ocfs2: ocfs2_mount_volume does cleanup job before return error (bsc#1207770). - ocfs2: quota_local: fix possible uninitialized-variable access in ocfs2_local_read_info() (bsc#1207768). - ocfs2: rewrite error handling of ocfs2_fill_super (bsc#1207771). - panic: Consolidate open-coded panic_on_warn checks (bsc#1207328). - panic: Introduce warn_limit (bsc#1207328). - panic: unset panic_on_warn inside panic() (bsc#1207328). - pci/iov: Enlarge virtfn sysfs name buffer (git-fixes). - pci/pm: Observe reset delay irrespective of bridge_d3 (git-fixes). - pci: Fix dropping valid root bus resources with .end = zero (git-fixes). - pci: hotplug: Allow marking devices as disconnected during bind/unbind (git-fixes). - pci: switchtec: Return -EFAULT for copy_to_user() errors (git-fixes). - phy: rockchip-typec: fix tcphy_get_mode error case (git-fixes). - pinctrl: aspeed: Fix confusing types in return value (git-fixes). - pinctrl: intel: Restore the pins that used to be in Direct IRQ mode (git-fixes). - pinctrl: mediatek: Fix the drive register definition of some Pins (git-fixes). - pinctrl: mediatek: Initialize variable *buf to zero (git-fixes). - pinctrl: qcom: pinctrl-msm8976: Correct function names for wcss pins (git-fixes). - pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups (git-fixes). - pinctrl: single: fix potential NULL dereference (git-fixes). - pinctrl: stm32: Fix refcount leak in stm32_pctrl_get_irq_domain (git-fixes). - platform/x86: ISST: PUNIT device mapping with Sub-NUMA clustering (bsc#1208420). - platform/x86: amd-pmc: Correct usage of SMU version (git-fixes). - platform/x86: amd-pmc: Export Idlemask values based on the APU (git-fixes). - platform/x86: amd-pmc: Fix compilation when CONFIG_DEBUGFS is disabled (git-fixes). - platform/x86: dell-wmi: Add a keymap for KEY_MUTE in type 0x0010 table (git-fixes). - platform/x86: gigabyte-wmi: add support for B450M DS3H WIFI-CF (git-fixes). - platform/x86: touchscreen_dmi: Add Chuwi Vi8 (CWI501) DMI match (git-fixes). - powercap: fix possible name leak in powercap_register_zone() (git-fixes). - powerpc/eeh: Set channel state after notifying the drivers (bsc#1208784 ltc#201612). - printf: fix errname.c list (git-fixes). - quota: Check next/prev free block number after reading from quota file (bsc#1206640). - quota: Prevent memory allocation recursion while holding dq_lock (bsc#1207639). - rdma/irdma: Fix potential NULL-ptr-dereference (git-fixes) - rdma/usnic: use iommu_map_atomic() under spin_lock() (git-fixes) - remoteproc/mtk_scp: Move clk ops outside send_lock (git-fixes). - remoteproc: qcom_q6v5_mss: Use a carveout to authenticate modem headers (git-fixes). - revert "HID: logitech-hidpp: add a module parameter to keep firmware gestures" (git-fixes). - revert "char: pcmcia: cm4000_cs: Replace mdelay with usleep_range in set_protocol" (git-fixes). - revert "crypto: rsa-pkcs1pad - Replace GFP_ATOMIC with GFP_KERNEL in pkcs1pad_encrypt_sign_complete" (git-fixes). - revert "usb: dwc3: qcom: Keep power domain on to retain controller status" (git-fixes). - rtc: allow rtc_read_alarm without read_alarm callback (git-fixes). - rtc: pm8xxx: fix set-alarm race (git-fixes). - rtc: sun6i: Always export the internal oscillator (git-fixes). - s390/dasd: Fix potential memleak in dasd_eckd_init() (git-fixes). - scsi: lpfc: Exit PRLI completion handling early if ndlp not in PRLI_ISSUE state (bsc#1208607). - scsi: lpfc: Fix space indentation in lpfc_xcvr_data_show() (bsc#1208607). - scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write (bsc#1208607). - scsi: lpfc: Introduce new attention types for lpfc_sli4_async_fc_evt() handler (bsc#1208607). - scsi: lpfc: Reinitialize internal VMID data structures after FLOGI completion (bsc#1208607). - scsi: lpfc: Remove duplicate ndlp kref decrement in lpfc_cleanup_rpis() (bsc#1208607 bsc#1208534). - scsi: lpfc: Remove redundant clean up code in disable_vport() (bsc#1208607). - scsi: lpfc: Replace outdated strncpy() with strscpy() (bsc#1208607). - scsi: lpfc: Resolve miscellaneous variable set but not used compiler warnings (bsc#1208607). - scsi: lpfc: Set max DMA segment size to HBA supported SGE length (bsc#1208607). - scsi: lpfc: Update lpfc version to 14.2.0.10 (bsc#1208607). - scsi: qla2xxx: Check if port is online before sending ELS (bsc#1208570). - scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests (bsc#1208570). - scsi: qla2xxx: Fix IOCB resource check warning (bsc#1208570). - scsi: qla2xxx: Fix erroneous link down (bsc#1208570). - scsi: qla2xxx: Fix exchange oversubscription (bsc#1208570). - scsi: qla2xxx: Fix exchange oversubscription for management commands (bsc#1208570). - scsi: qla2xxx: Fix link failure in NPIV environment (bsc#1208570). - scsi: qla2xxx: Fix printk() format string (bsc#1208570). - scsi: qla2xxx: Fix stalled login (bsc#1208570). - scsi: qla2xxx: Make qla_trim_buf() and __qla_adjust_buf() static (bsc#1208570). - scsi: qla2xxx: Relocate/rename vp map (bsc#1208570). - scsi: qla2xxx: Remove dead code (GNN ID) (bsc#1208570). - scsi: qla2xxx: Remove dead code (GPNID) (bsc#1208570). - scsi: qla2xxx: Remove dead code (bsc#1208570). - scsi: qla2xxx: Remove increment of interface err cnt (bsc#1208570). - scsi: qla2xxx: Remove the unused variable wwn (bsc#1208570). - scsi: qla2xxx: Remove unintended flag clearing (bsc#1208570). - scsi: qla2xxx: Select qpair depending on which CPU post_cmd() gets called (bsc#1208570). - scsi: qla2xxx: Simplify if condition evaluation (bsc#1208570). - scsi: qla2xxx: Update version to 10.02.08.100-k (bsc#1208570). - scsi: qla2xxx: Update version to 10.02.08.200-k (bsc#1208570). - scsi: qla2xxx: Use a variable for repeated mem_size computation (bsc#1208570). - scsi: qla2xxx: edif: Fix clang warning (bsc#1208570). - scsi: qla2xxx: edif: Fix performance dip due to lock contention (bsc#1208570). - scsi: qla2xxx: edif: Fix stall session after app start (bsc#1208570). - scsi: qla2xxx: edif: Reduce memory usage during low I/O (bsc#1208570). - sefltests: netdevsim: wait for devlink instance after netns removal (git-fixes). - selftest/lkdtm: Skip stack-entropy test if lkdtm is not available (git-fixes). - selftests/ftrace: Add check for ping command for trigger tests (bsc#1204993 ltc#200103). - selftests/ftrace: Convert tracer tests to use 'requires' to specify program dependency (bsc#1204993 ltc#200103). - selftests/powerpc: Account for offline cpus in perf-hwbreak test (bsc#1206232). - selftests/powerpc: Bump up rlimit for perf-hwbreak test (bsc#1206232). - selftests/powerpc: Move perror closer to its use (bsc#1206232). - selftests: forwarding: lib: quote the sysctl values (git-fixes). - selftests: net: udpgso_bench: Fix racing bug between the rx/tx programs (git-fixes). - selftests: net: udpgso_bench_rx/tx: Stop when wrong CLI args are provided (git-fixes). - selftests: net: udpgso_bench_rx: Fix 'used uninitialized' compiler warning (git-fixes). - selftests: net: udpgso_bench_tx: Cater for pending datagrams zerocopy benchmarking (git-fixes). - serial: fsl_lpuart: fix RS485 RTS polariy inverse issue (git-fixes). - serial: tegra: Add missing clk_disable_unprepare() in tegra_uart_hw_init() (git-fixes). - signal/vm86_32: Properly send SIGSEGV when the vm86 state cannot be saved (git-fixes). - soundwire: cadence: Do not overflow the command FIFOs (git-fixes). - spi: bcm63xx-hsspi: Endianness fix for ARM based SoC (git-fixes). - spi: dw: Fix wrong FIFO level setting for long xfers (git-fixes). - spi: synquacer: Fix timeout handling in synquacer_spi_transfer_one() (git-fixes). - spi: tegra210-quad: Fix validate combined sequence (git-fixes). - staging: mt7621-dts: change palmbus address to lower case (git-fixes). - sysctl: add a new register_sysctl_init() interface (bsc#1207328). - thermal/drivers/hisi: Drop second sensor hi3660 (git-fixes). - thermal/drivers/tsens: Drop msm8976-specific defines (git-fixes). - thermal/drivers/tsens: Sort out msm8976 vs msm8956 data (git-fixes). - thermal/drivers/tsens: fix slope values for msm8939 (git-fixes). - thermal/drivers/tsens: limit num_sensors to 9 for msm8939 (git-fixes). - thermal: intel: BXT_PMIC: select REGMAP instead of depending on it (git-fixes). - thermal: intel: powerclamp: Fix cur_state for multi package system (git-fixes). - thermal: intel: quark_dts: fix error pointer dereference (git-fixes). - trace_events_hist: add check for return value of 'create_hist_field' (git-fixes). - tracing: Fix poll() and select() do not work on per_cpu trace_pipe and trace_pipe_raw (git-fixes). - tracing: Make sure trace_printk() can output as soon as it can be used (git-fixes). - tty: serial: fsl_lpuart: Fix the wrong RXWATER setting for rx dma case (git-fixes). - tty: serial: fsl_lpuart: clear LPUART Status Register in lpuart32_shutdown() (git-fixes). - tty: serial: fsl_lpuart: disable Rx/Tx DMA in lpuart32_shutdown() (git-fixes). - tty: serial: qcom-geni-serial: stop operations in progress at shutdown (git-fixes). - ubsan: no need to unset panic_on_warn in ubsan_epilogue() (bsc#1207328). - usb: core: Do not hold device lock while reading the "descriptors" sysfs file (git-fixes). - usb: core: add quirk for Alcor Link AK9563 smartcard reader (git-fixes). - usb: dwc3: core: Host wake up support from system suspend (git-fixes). - usb: dwc3: pci: add support for the Intel Meteor Lake-M (git-fixes). - usb: dwc3: qcom: Configure wakeup interrupts during suspend (git-fixes). - usb: dwc3: qcom: Fix memory leak in dwc3_qcom_interconnect_init (git-fixes). - usb: dwc3: qcom: Keep power domain on to retain controller status (git-fixes). - usb: dwc3: qcom: clean up icc init (git-fixes). - usb: dwc3: qcom: clean up suspend callbacks (git-fixes). - usb: dwc3: qcom: fix gadget-only builds (git-fixes). - usb: dwc3: qcom: fix peripheral and OTG suspend (git-fixes). - usb: dwc3: qcom: fix wakeup implementation (git-fixes). - usb: dwc3: qcom: only parse 'maximum-speed' once (git-fixes). - usb: dwc3: qcom: suppress unused-variable warning (git-fixes). - usb: early: xhci-dbc: Fix a potential out-of-bound memory access (git-fixes). - usb: gadget: fusb300_udc: free irq on the error path in fusb300_probe() (git-fixes). - usb: gadget: u_serial: Add null pointer check in gserial_resume (git-fixes). - usb: max-3421: Fix setting of I/O pins (git-fixes). - usb: musb: Add and use inline function musb_otg_state_string (git-fixes). - usb: musb: Add and use inline functions musb_{get,set}_state (git-fixes). - usb: musb: mediatek: do not unregister something that wasn't registered (git-fixes). - usb: musb: remove schedule work called after flush (git-fixes). - usb: serial: option: add support for VW/Skoda "Carstick LTE" (git-fixes). - usb: typec: altmodes/displayport: Fix probe pin assign check (git-fixes). - vc_screen: do not clobber return value in vcs_read (git-fixes). - vc_screen: modify vcs_size() handling in vcs_read() (git-fixes). - vdpa_sim: not reset state in vdpasim_queue_ready (git-fixes). - vfs: Check the truncate maximum size in inode_newsize_ok() (bsc#1207642). - virt/sev-guest: Add a MODULE_ALIAS (bsc#1208449). - virt/sev-guest: Prevent IV reuse in the SNP guest driver (bsc#1208449). - virt/sev-guest: Remove unnecessary free in init_crypto() (bsc#1208449). - virt: sev-guest: Pass the appropriate argument type to iounmap() (bsc#1208449). - virt: sevguest: Change driver name to reflect generic SEV support (bsc#1208449). - virt: sevguest: Rename the sevguest dir and files to sev-guest (bsc#1208449). - vmci: check context->notify_page after call to get_user_pages_fast() to avoid GPF (git-fixes). - vmxnet3: move rss code block under eop descriptor (bsc#1208212). - watchdog/hpwdt: Enable HP_WATCHDOG for ARM64 systems. (jsc#PED-3210) Also enable module in aarch64 default configuration. - watchdog: Fix kmemleak in watchdog_cdev_register (git-fixes). - watchdog: at91sam9_wdt: use devm_request_irq to avoid missing free_irq() in error path (git-fixes). - watchdog: pcwd_usb: Fix attempting to access uninitialized memory (git-fixes). - watchdog: sbsa_wdog: Make sure the timeout programming is within the limits (git-fixes). - wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup (git-fixes). - wifi: ath11k: allow system suspend to survive ath11k (git-fixes). - wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback() (git-fixes). - wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function (git-fixes). - wifi: brcmfmac: fix potential memory leak in brcmf_netdev_start_xmit() (git-fixes). - wifi: brcmfmac: unmap dma buffer in brcmf_msgbuf_alloc_pktid() (git-fixes). - wifi: cfg80211: Fix extended KCK key length check in nl80211_set_rekey_data() (git-fixes). - wifi: cfg80211: Fix use after free for wext (git-fixes). - wifi: ipw2200: fix memory leak in ipw_wdev_init() (git-fixes). - wifi: ipw2x00: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: iwl3945: Add missing check for create_singlethread_workqueue (git-fixes). - wifi: iwl4965: Add missing check for create_singlethread_workqueue() (git-fixes). - wifi: iwlegacy: common: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: libertas: cmdresp: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: libertas: fix memory leak in lbs_init_adapter() (git-fixes). - wifi: libertas: if_usb: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: libertas: main: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: libertas_tf: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: mac80211: make rate u32 in sta_set_rate_info_rx() (git-fixes). - wifi: mwifiex: Add missing compatible string for SD8787 (git-fixes). - wifi: mwifiex: fix loop iterator in mwifiex_update_ampdu_txwinsize() (git-fixes). - wifi: orinoco: check return value of hermes_write_wordrec() (git-fixes). - wifi: rsi: Fix memory leak in rsi_coex_attach() (git-fixes). - wifi: rtl8xxxu: Fix memory leaks with RTL8723BU, RTL8192EU (git-fixes). - wifi: rtl8xxxu: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: rtlwifi: Fix global-out-of-bounds bug in _rtl8812ae_phy_set_txpower_limit() (git-fixes). - wifi: rtlwifi: rtl8188ee: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: rtlwifi: rtl8723be: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: rtlwifi: rtl8821ae: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: rtw89: Add missing check for alloc_workqueue (git-fixes). - wifi: wilc1000: fix potential memory leak in wilc_mac_xmit() (git-fixes). - wifi: wl3501_cs: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - writeback: avoid use-after-free after removing device (bsc#1207638). - x86/MCE/AMD: Clear DFR errors found in THR handler (git-fixes). - x86/asm: Fix an assembler warning with current binutils (git-fixes). - x86/boot: Avoid using Intel mnemonics in AT&T syntax asm (git-fixes). - x86/hyperv: Introduce HV_MAX_SPARSE_VCPU_BANKS/HV_VCPUS_PER_SPARSE_BANK constants (git-fixes). - x86/kprobes: Fix kprobes instruction boudary check with CONFIG_RETHUNK (git-fixes). - x86/kprobes: Fix optprobe optimization check with CONFIG_RETHUNK (git-fixes). - x86/kvm: Remove unused virt to phys translation in kvm_guest_cpu_init() (git-fixes). - x86/microcode/intel: Do not retry microcode reloading on the APs (git-fixes). - x86/xen: Fix memory leak in xen_init_lock_cpu() (git-fixes). - x86/xen: Fix memory leak in xen_smp_intr_init{_pv}() (git-fixes). - x86: acpi: cstate: Optimize C3 entry on AMD CPUs (git-fixes). - xen-netfront: Fix NULL sring after live migration (git-fixes). - xen-pciback: Allow setting PCI_MSIX_FLAGS_MASKALL too (git-fixes). - xen/arm: Fix race in RB-tree based P2M accounting (git-fixes) - xen/netback: do some code cleanup (git-fixes). - xen/netback: fix build warning (git-fixes). - xen/netfront: destroy queues before real_num_tx_queues is zeroed (git-fixes). - xen/platform-pci: add missing free_irq() in error path (git-fixes). - xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource() (git-fixes). - xfs: estimate post-merge refcounts correctly (bsc#1208183). - xfs: hoist refcount record merge predicates (bsc#1208183). kernel-default-5.14.21-150400.24.49.3.nosrc.rpm True kernel-default-5.14.21-150400.24.49.3.x86_64.rpm True kernel-default-base-5.14.21-150400.24.49.3.150400.24.19.3.src.rpm True kernel-default-base-5.14.21-150400.24.49.3.150400.24.19.3.x86_64.rpm True kernel-default-devel-5.14.21-150400.24.49.3.x86_64.rpm True kernel-devel-5.14.21-150400.24.49.4.noarch.rpm True kernel-macros-5.14.21-150400.24.49.4.noarch.rpm True kernel-source-5.14.21-150400.24.49.4.src.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2023-879 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for qemu fixes the following issues: - CVE-2021-3507: Fixed heap buffer overflow in DMA read data transfers in fdc (bsc#1185000). - CVE-2020-14394: Fixed infinite loop in xhci_ring_chain_length() (bsc#1180207). qemu-6.2.0-150400.37.14.2.src.rpm qemu-tools-6.2.0-150400.37.14.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-783 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for openssl-1_1 fixes the following issues: FIPS: Service-level indicator changes [bsc#1208998] * Add additional checks required by FIPS 140-3. Minimum values for PBKDF2 are: 112 bits for key, 128 bits for salt, 1000 for iteration count and 20 characters for password. libopenssl-1_1-devel-1.1.1l-150400.7.28.1.x86_64.rpm libopenssl-1_1-devel-32bit-1.1.1l-150400.7.28.1.x86_64.rpm libopenssl1_1-1.1.1l-150400.7.28.1.x86_64.rpm libopenssl1_1-32bit-1.1.1l-150400.7.28.1.x86_64.rpm libopenssl1_1-hmac-1.1.1l-150400.7.28.1.x86_64.rpm libopenssl1_1-hmac-32bit-1.1.1l-150400.7.28.1.x86_64.rpm openssl-1_1-1.1.1l-150400.7.28.1.src.rpm openssl-1_1-1.1.1l-150400.7.28.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-848 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for xen fixes the following issues: - CVE-2022-42332: Fixed use-after-free in x86 shadow plus log-dirty mode (bsc#1209017). - CVE-2022-42333,CVE-2022-42334: Fixed x86/HVM pinned cache attributes mis-handling (bsc#1209018). - CVE-2022-42331: Fixed speculative vulnerability in 32bit SYSCALL path on x86 (bsc#1209019). xen-4.16.3_06-150400.4.25.1.src.rpm True xen-libs-4.16.3_06-150400.4.25.1.x86_64.rpm True xen-tools-domU-4.16.3_06-150400.4.25.1.x86_64.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2023-1779 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for systemd fixes the following issues: - Fix return non-zero value when disabling SysVinit service (bsc#1208432) - Drop build requirement on libpci, it's not no longer needed - Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package, so they aren't installed in systemd based containers libsystemd0-249.16-150400.8.25.7.x86_64.rpm libsystemd0-32bit-249.16-150400.8.25.7.x86_64.rpm libudev1-249.16-150400.8.25.7.x86_64.rpm libudev1-32bit-249.16-150400.8.25.7.x86_64.rpm systemd-249.16-150400.8.25.7.src.rpm systemd-249.16-150400.8.25.7.x86_64.rpm systemd-container-249.16-150400.8.25.7.x86_64.rpm systemd-coredump-249.16-150400.8.25.7.x86_64.rpm systemd-devel-249.16-150400.8.25.7.x86_64.rpm systemd-doc-249.16-150400.8.25.7.x86_64.rpm systemd-lang-249.16-150400.8.25.7.noarch.rpm systemd-sysvinit-249.16-150400.8.25.7.x86_64.rpm udev-249.16-150400.8.25.7.x86_64.rpm systemd-32bit-249.16-150400.8.25.7.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-1632 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for java-17-openjdk fixes the following issues: - Remove the accessibility RPM sub-package because it causes problems (bsc#1206549) java-17-openjdk-17.0.6.0-150400.3.15.1.src.rpm java-17-openjdk-17.0.6.0-150400.3.15.1.x86_64.rpm java-17-openjdk-demo-17.0.6.0-150400.3.15.1.x86_64.rpm java-17-openjdk-devel-17.0.6.0-150400.3.15.1.x86_64.rpm java-17-openjdk-headless-17.0.6.0-150400.3.15.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-1774 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libcontainers-common fixes the following issues: - Add registry.suse.com to the unqualified-search-registries (bsc#1205536) - New upstream release 20230214 - bump c/storage to 1.45.3 - bump c/image to 5.24.1 - bump c/common to 0.51.0 - containers.conf: - add commented out options containers.read_only, engine.platform_to_oci_runtime, engine.events_container_create_inspect_data, network.volume_plugin_timeout, engine.runtimes.youki, machine.provider - remove deprecated setting containers.userns_size - add youki to engine.runtime_supports_json - shortnames.conf: pull in latest upstream version - storage.conf: add commented out option storage.transient_store - correct license to APACHE-2.0 - Changes introduced to c/storage's storage.conf which adds a driver_priority attribute would break consumers of libcontainer-common as long as those packages are vendoring an older c/storage version. (bsc#1207509) - storage.conf: Unset 'driver' and set 'driver_priority' to allow podman to use 'btrfs' if available and fallback to 'overlay' if not. - .spec: rm %post script to set 'btrfs' as storage driver in storage.conf - Remove registry.suse.com from search unqualified-search-registries - add requires on util-linux-systemd for findmnt in profile script - only set storage_driver env when no libpod exists - add container-storage-driver.sh (bsc#1197093) - postinstall script: slight cleanup, no functional change - set detached sigstore attachments for the SUSE controlled registries - Fix obvious typo in containers.conf - Resync containers.conf / storage.conf with Fedora - Create /etc/containers/registries.conf.d and add 000-shortnames.conf to it. - Use $() again in %post, but with a space for POSIX compliance - Add missing Requires(post): sed (bsc#1200524) - Make %post compatible with dash - Switch registries.conf to v2 format - Reintroduce SLE specific mounts config, to avoid errors on non-SLE systems - Require util-linux-systemd for %post scripts (bsc#1182998, jsc#SLE-12122, bsc#1175821) - Update default registry (bsc#1171578) libcontainers-common-20230214-150400.3.5.2.noarch.rpm libcontainers-common-20230214-150400.3.5.2.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-791 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for golang-github-prometheus-node_exporter fixes the following issues: - Move package for SUSE Linux Enterprise Micro to the correct codestream - No source changes golang-github-prometheus-node_exporter-1.3.0-150100.3.20.2.src.rpm golang-github-prometheus-node_exporter-1.3.0-150100.3.20.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-1813 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for open-vm-tools fixes the following issue: - Ship missing open-vm-tools-salt-minion package. (bsc#1208880) libvmtools-devel-12.1.0-150300.23.5.x86_64.rpm libvmtools0-12.1.0-150300.23.5.x86_64.rpm open-vm-tools-12.1.0-150300.23.5.src.rpm open-vm-tools-12.1.0-150300.23.5.x86_64.rpm open-vm-tools-salt-minion-12.1.0-150300.23.5.x86_64.rpm open-vm-tools-sdmp-12.1.0-150300.23.5.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-1582 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). curl-7.79.1-150400.5.18.1.src.rpm curl-7.79.1-150400.5.18.1.x86_64.rpm libcurl-devel-7.79.1-150400.5.18.1.x86_64.rpm libcurl4-32bit-7.79.1-150400.5.18.1.x86_64.rpm libcurl4-7.79.1-150400.5.18.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-1731 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for yast2-network fixes the following issues: - Fix build failure (introduced by the previous fix for bsc#1207221) (bsc#1208796) yast2-network-4.4.56-150400.3.18.1.noarch.rpm yast2-network-4.4.56-150400.3.18.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-1868 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for polkit-default-privs fixes the following issues: * backport of kinfocenter5 whitelisting (bsc#1209378) polkit-default-privs-13.2+20230317.d2bceab-150400.3.6.1.noarch.rpm polkit-default-privs-13.2+20230317.d2bceab-150400.3.6.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-1717 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update of grub2 fixes the following issues: - rebuild the package with the new secure boot key (bsc#1209188). grub2-2.06-150400.11.25.1.src.rpm grub2-2.06-150400.11.25.1.x86_64.rpm grub2-i386-pc-2.06-150400.11.25.1.noarch.rpm grub2-snapper-plugin-2.06-150400.11.25.1.noarch.rpm grub2-systemd-sleep-plugin-2.06-150400.11.25.1.noarch.rpm grub2-x86_64-efi-2.06-150400.11.25.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4885 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for Jackson fixes the following issues: jackson-annotations was updated from version 2.13.0 to 2.15.2: - Add 'JsonFormat.Feature's: READ_UNKNOWN_ENUM_VALUES_AS_NULL, READ_UNKNOWN_ENUM_VALUES_USING_DEFAULT_VALUE - Add NOTICE file with copyright information - Add 'JsonFormat.Feature.READ_DATE_TIMESTAMPS_AS_NANOSECONDS' - Allow explicit 'JsonSubTypes' repeated names check - Version allignment to other jackson packages jackson-bom was updated from version 2.13.0 to 2.15.2: - Update 'de.jjohannes:gradle-module-metadata-maven-plugin' to 0.4.0 - Add override for 'version.plugin.moditect' to be '1.0.0.Final' until upgraded in 'oss-parent'/51 - Change defaults for Felix OSGi Bundle plug-in to fix timestamps for Reproducible Builds - Add version for 'jackson-datatype-hibernate6' - Add version for 'jackson-module-jsonSchema-jakarta' - Gradle reports incorrect jackson-bom dependency version - Moved 'module-info.java' to 'META-INF/versions/11' instead of 'META-INF/versions/9' jackson-core was updated from version 2.13.0 to 2.15.2: - Version 2.15.2: * Allow override of 'StreamReadContraints' default with 'overrideDefaultStreamReadConstraints()' - Version 2.15.1: * Add FastDoubleParser section to 'NOTICE' * Increase default max allowed String value length from 5 megs to 20 megs * Problem with 'FilteringGeneratorDelegate' wrt 'TokenFilter.Inclusion.INCLUDE_NON_NULL' - Version 2.15.0: * Add numeric value size limits via 'StreamReadConstraints' * Add SLSA provenance via build script * Add 'StreamReadFeature.USE_FAST_BIG_DECIMAL_PARSER' to enable faster 'BigDecimal', 'BigInteger' parsing * Add 'StreamReadConstraints' limit for longest textual value to allow (default: 5M) * Optimize parsing 19 digit longs * Fix possible flaw in 'TokenFilterContext#skipParentChecks()' * Add 'Object JsonParser.getNumberValueDeferred()' method to allow for deferred decoding in some cases * Add 'JsonFactory.Feature.CHARSET_DETECTION' to disable charset detection * Use 'StreamConstraintsException' in name canonicalizers * Offer a way to directly set 'StreamReadConstraints' via 'JsonFactory' (not just Builder) * Prevent inefficient internal conversion from 'BigDecimal' to 'BigInteger' wrt ultra-large scale * Add 'JsonGenerator.copyCurrentEventExact' as alternative to 'copyCurrentEvent()' - Version 2.14.3: * Optional padding Base64Variant still throws exception on missing padding character * Address performance issue with 'BigDecimalParser' * Backport removal of BigDecimal to BigInt conersio * FastDoubleParser license * Got 'NegativeArraySizeException' when calling 'writeValueAsString()' - Version 2.14.2: * Allow TokenFIlter to skip last elements in arrays * Avoid instance creations in fast parser code * Fix 'FilteringGeneratorDelegate' not creating new 'filterContext' if 'tokenFilter' is null - Version 2.14.0: * Add 'NumberInput.parseFloat()' * Add 'StreamReadCapability.EXACT_FLOATS' to indicate whether parser reports exact floating-point values or not * Add "JsonPointer#appendProperty" and "JsonPointer#appendIndex" * Add a feature to allow leading plus sign ('JsonReadFeature.ALLOW_LEADING_PLUS_SIGN_FOR_NUMBERS') * Add explicit bounds checks for 'JsonFactory.createParser()' methods that take 'byte[]'/'char[]'-with-offsets input * Add explicit bounds checks for 'JsonGenerator' methods that take 'byte[]'/'char[]'/String-with-offsets input * Add option to accept non-standard trailing decimal point ('JsonReadFeature.ALLOW_TRAILING_DECIMAL_POINT_FOR_NUMBERS') * Allow TokenFilters to keep empty arrays and objects * Allow use of faster floating-point number parsing with 'StreamReadFeature.USE_FAST_DOUBLE_PARSER' * Allow use of faster floating-point number serialization ('StreamWriteFeature.USE_FAST_DOUBLE_WRITER') * Avoid copy when parsing 'BigDecimal' * Change minimum Java version to 8 * Fix 'JsonFactory.createGenerator()' with 'File' that may leak 'OutputStream's * Fix 'JsonFactory.createParser()' with 'File' that may leak 'InputStream's * Fix 'JsonPointer.empty()' should NOT indicate match of a property with key of "" * Fix 'JsonPointer' quadratic memory use: Out Of Memory (OOME) on deep inputs * Fix calling 'JsonPointer.compile(...)' on very deeply nested expression throwing 'StackOverflowError' * Fix Hex capitalization for JsonWriter to be configurable (add 'JsonWriteFeature.WRITE_HEX_UPPER_CASE') * Fix ReaderBaseJsonParser._verifyRootSpace() that can cause buffer boundary failure * JsonGenerator to provide current value to the context before starting objects * Make 'BigDecimal' parsing lazy * Make 'BigInteger' parsing lazy * Make 'JsonPointer' 'java.io.Serializable' * Provide implementation of async JSON parser fed by 'ByteBufferFeeder' * Remove workaround for old issue with a particular double * Update ParserBase to support floats directly * Use 'BigDecimalParser' for BigInteger parsing very long numbers - Version 2.13.3: * Limit size of exception message in BigDecimalParser - Version 2.13.2: * Fix `JsonLocation` in 2.13 that only uses identity comparison for "content reference" * Update Maven wrapper - Version 2.13.1: * Fix incorrect parsing of single-quoted surrounded String values containing double quotes jackson-databind was updated from 2.13.4.2 to 2.15.2: - Version 2.15.2: * Fix record setter not included from interface (2.15 regression) - Version 2.15.1: * Fix error in creating nested 'ArrayNode's with * 'JsonNode.withArray()' * Only avoid Records fields detection for deserialization * Fix issue with deserialization when there are unexpected properties (due to null 'StreamReadConstraints') * Fix TypeId serialization for 'JsonTypeInfo.Id.DEDUCTION', native type ids - Version 2.15.0: * Add '@EnumNaming', 'EnumNamingStrategy' to allow use of naming strategies for Enums * Add 'EnumFeature.READ_ENUM_KEYS_USING_INDEX' to work with existing "WRITE_ENUM_KEYS_USING_INDEX" * Add 'MapperFeature.REQUIRE_TYPE_ID_FOR_SUBTYPES' to enable/disable strict subtype Type Id handling * Add convenience method 'SimpleBeanPropertyFilter.filterOutAll()' as counterpart of 'serializeAll()' * Add enum features into '@JsonFormat.Feature' * Add Stream-friendly alternative to 'ObjectNode.fields()': 'Set<Map.Entry<String, JsonNode>> properties()' * Add support in 'TokenBuffer' for lazily decoded (big) numbers * Allow serializing enums to lowercase ('EnumFeature.WRITE_ENUMS_TO_LOWERCASE') * Allow use of '@JsonCreator(mode = Mode.PROPERTIES)' creator for POJOs with"empty String" coercion * Cannot use both 'JsonCreator.Mode.DELEGATING' and 'JsonCreator.Mode.PROPERTIES' static creator factory methods for Enums * Case-insensitive and number-based enum deserialization are (unnecessarily) mutually exclusive * Deprecate "exact values" setting from 'JsonNodeFactory', replace with 'JsonNodeFeature.STRIP_TRAILING_BIGDECIMAL_ZEROES' * Deprecate classes in package 'com.fasterxml.jackson.databind.jsonschema' * Do not require the usage of opens in a modular app when using records * Enhance 'StdNodeBasedDeserializer' to support 'readerForUpdating' * Fix Enum Deserialisation Failing with Polymorphic type validator * Fix '@JsonDeserialize(converter = ...)' not working with Records * Fix 'DelegatingDeserializer' missing override of 'getAbsentValue()' (and couple of other methods) * Fix 'JsonTypeInfo.As.EXTERNAL_PROPERTY' not working with record wrappers * Fix 'Optional<Boolean>' not recognized as boolean field * Fix 'TypeFactory' cache performance degradation with 'constructSpecializedType()' * Fix classloader leak: DEFAULT_ANNOTATION_INTROSPECTOR holds annotation reference * Fix deserialization of '@JsonTypeInfo' annotated type fails with missing type id even for explicit concrete subtypes * Fix Incorrect target type for arrays when disabling coercion * Fix InvalidDefinitionException when calling mapper.createObjectNode().putPOJO * Fix Null coercion with '@JsonSetter' not working with 'java.lang.Record' * Fix properties naming strategy not working with Record * Fix Timestamp in classes inside jar showing 02/01/1980 * Fix TokenBuffer does not implement writeString(Reader reader, int len) * Fix transient 'Field's are not ignored as Mutators if there is visible Getter * Fix wrong schemaType of 'LongSerializer' * Flush readonly map together with shared on 'SerializerCache.flush()' * Infer '@JsonCreator(mode = Mode.DELEGATING)' from use of '@JsonValue') * Support '@JsonCreator' annotation on record classes * Try to avoid auto-detecting Fields for Record types - Version 2.14.3: * Fix 'PrimitiveArrayDeserializers$ByteDeser.deserialize' ignores 'DeserializationProblemHandler' for invalid Base64 content * Set transformer factory attributes to improve protection against XXE - Version 2.14.2: * Allow custom 'JsonNode' implementations * Fix '@JsonTypeInfo' does not work if the Type Id is an Integer value * Fix '@JsonValue' failing for Java Record * Fix 'StdDelegatingDeserializer' ignoring 'nullValue' of '_delegateDeserializer'. * Fix Enum polymorphism not working correctly with DEDUCTION - Version 2.14.1: * Fix 'Enum' values that cannot be read from single-element array even with 'DeserializationFeature.UNWRAP_SINGLE_VALUE_ARRAYS' - Version 2.14.0: * Add method 'ObjectMapper.copyWith(JsonFactory)' * Add method(s) in 'JsonNode' that works like combination of 'at()' and 'with()': 'withObject(...)' and 'withArray(...)' * Add optional explicit 'JsonSubTypes' repeated names check * Add serializer-cache size limit to avoid Metaspace issues from caching Serializers * Allow (de)serializing records using Bean(De)SerializerModifier even when reflection is unavailable * Allow disabling Integer to String coercion via 'CoercionConfig' * Allow non-boolean return type for "is-getters" with 'MapperFeature.ALLOW_IS_GETTERS_FOR_NON_BOOLEAN' * Allow use of 'JsonNode' field for '@JsonAnySetter' * Change 'JsonNode.with(String)' and 'withArray(String)' to consider argument as 'JsonPointer' if valid expression * Change 'TypeSerializerBase' to skip 'generator.writeTypePrefix()' for 'null' typeId * Change LRUMap to just evict one entry when maxEntries reached * Create DataTypeFeature abstraction (for JSTEP-7) with placeholder features * Deeply nested JsonNode throws StackOverflowError for toString() * Deserialization of Throwables with PropertyNamingStrategy does not work * Deserialize missing value of 'EXTERNAL_PROPERTY' type using custom 'NullValueProvider' * Do not strip generic type from 'Class<C>' when resolving 'JavaType' * Expose 'translate()' method of standard 'PropertyNamingStrategy' implementations * Filter method only got called once if the field is null when using '@JsonInclude(value = JsonInclude.Include.CUSTOM, valueFilter = SomeFieldFilter.class)' * Fix '@JsonIgnore' does not if together with '@JsonProperty' or '@JsonFormat' * Fix 'configOverride.setMergeable(false)' not supported by 'ArrayNode' * Fix 'StdDeserializer' that coerces ints to floats even if configured to fail * Fix 'TokenBuffer' defaults for parser/stream-read features which neither passed from parser nor use real defaults * Fix deduction deserializer with DefaultTypeResolverBuilder * Fix issue preventing merge of polymorphic objects * Implement 'float' and 'boolean' to 'String' coercion config * Implement 'JsonNodeFeature.READ_NULL_PROPERTIES' to allow skipping of JSON 'null' values on reading * Implement 'JsonNodeFeature.WRITE_NULL_PROPERTIES' to allow skipping JSON 'null' values on writing * Improve performance of 'UnresolvedForwardReference' for forward reference resolution * Legacy 'ALLOW_COERCION_OF_SCALARS' interacts poorly with Integer to Float coercion * Replace 'JsonNode.with()' with 'JsonNode.withObject()' * Support 'null'-valued 'Map' fields with "any setter" * Support use of fast double parse * Update 'MapDeserializer' to support 'StreamReadCapability.DUPLICATE_PROPERTIES' - Version 2.13.5: * Improve testing (likely via CI) to try to ensure compatibility with specific Android SDKs * Jackson 2.13 uses Class.getTypeName() that is only available on Android SDK 26 (with fix works on ASDK 24) jackson-dataformats-binary was updated from 2.13.0 to 2.15.2: - Version 2.15.2: * Fix 'logback-test.xml' in wrong place (avro/src/main/resources) - Version 2.15.0: * Add support for CBOR stringref extension ('CBORGenerator.Feature.STRINGREF') * Add 'CBORGenerat.Feature.WRITE_MINIMAL_DOUBLES' for writing 'double's as 'float's if safe to do so * Remove optimized 'CBORParser.nextTextValue()' implementation - Version 2.14.3: * Fix missing license file in Maven package for newer versions * Fix 'CBORGenerator.writeRawUTF8String()' ignoring offset - Version 2.14.1: * Possible performance improvement on jdk9+ for Smile decoding - Version 2.14.0: * Avro schema generation: allow override namespace with new '@AvroNamespace' annotation * Ensure 'IonReader' instances created within 'IonFactory' are always resource-managed * Fix 'IonObjectMapper' does not throw JacksonException for some invalid Ion * Fix missing configuration methods for format-specific parser/generator features * Short NUL-only keys incorrectly detected as duplicates * Update to Amazon Ion 1.9.5 * Use passed "current value" in 'writeStartObject()' overload - Version 2.13.3: * Fix IonValueDeserializer that does not handle getNullValue correctly for a missing property - Version 2.13.1: * Fix 'IllegalArgumentException' in 'IonParser.getEmbeddedObject()' jackson-modules-base was updated from 2.13.3 to 2.15.2: - Version 2.15.2: * Mr Bean exposing 'Asm' as Maven dependency despite shading * 'org.ow2.asm:asm' updated to 9.5 - Version 2.15.1: * Gradle metadata for 'jackson-core' '2.15.0' adds dependency on shaded 'org.ow2.asm:asm' - Version 2.15.0: * Filter annotated by JsonInclude.Include.CUSTOM does not get called if property is null with Afterburner/Blackbird module registered - Version 2.14.3: * Fix failing tests in java17 CI run * Fix Gradle Module Metadata for Afterburner, Blackbird * jaxb and jakarta-xmlbind put module-info in versions/11 - Version 2.14.0: * Blackbird doesn't work on Java 15+ * Remove stack trace from Blackbirds warnings wrt missing 'MethodHandles.lookup()' (on Java 8) * Update Asm version from 9.0 to 9.4 - Enhance SUSE Manager and Uyuni (ijsc#MSC-611) jackson-parent was updated from 2.13 to 2.15: - Remove settings for 'org.eclipse.m2e:lifecycle-mapping' - Upgrade to oss-parent 50 (many plugin version updates) jackson-annotations-2.15.2-150200.3.11.2.noarch.rpm jackson-annotations-2.15.2-150200.3.11.2.src.rpm jackson-core-2.15.2-150200.3.11.2.noarch.rpm jackson-core-2.15.2-150200.3.11.2.src.rpm jackson-databind-2.15.2-150200.3.15.1.noarch.rpm jackson-databind-2.15.2-150200.3.15.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4233 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for log4j fixes the following issues: - Build taglib, jmx-gui, bom, nosql and web modules, on platforms where we have the dependencies log4j-2.17.2-150200.4.27.45.noarch.rpm log4j-2.17.2-150200.4.27.45.src.rpm log4j-javadoc-2.17.2-150200.4.27.45.noarch.rpm log4j-jcl-2.17.2-150200.4.27.45.noarch.rpm log4j-slf4j-2.17.2-150200.4.27.45.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-1920 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for hwdata fixes the following issues: - Update pci, usb and vendor ids hwdata-0.368-150000.3.57.1.noarch.rpm hwdata-0.368-150000.3.57.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-1938 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for NetworkManager fixes the following issue: - Adds missing NetworkManager and dependencies to Micro 5.3 (bsc#1204549, bsc#1205529) - rp-pppoe: replace deprecated ifconfig dependency with iproute2. (bsc#1194715, jsc#SLE-24004) bluez-5.62-150400.4.10.3.src.rpm bluez-5.62-150400.4.10.3.x86_64.rpm bluez-deprecated-5.62-150400.4.10.3.x86_64.rpm libbluetooth3-5.62-150400.4.10.3.x86_64.rpm libnewt0_52-0.52.20-150000.7.2.3.x86_64.rpm libslang2-2.3.1a-150000.5.2.3.x86_64.rpm newt-0.52.20-150000.7.2.3.src.rpm newt-0.52.20-150000.7.2.3.x86_64.rpm python3-newt-0.52.20-150000.7.2.3.x86_64.rpm slang-2.3.1a-150000.5.2.3.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2269 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for javapackages-tools fixes the following issues: - Version update from 5.3.1 to 6.1.0 (jsc#SLE-23217): * Add apache-rat-plugin to skippedPlugins * Add bootstrap metadata to XMvn resolver config * Add location of java binary used by the java-1.8.0-openjdk (JRE) package so that setting JAVA_HOME will work correctly * Add lua interpreter to check and GH actions * Add Lua scripts for removing annotations * Add more tests, fix behaviour * Add separate subpackage with RPM generators * Adding ppc64le architecture support on travis-ci * Delete run_tests.py * Drop deprecated add_maven_depmap macro * Drop SCL support * Fix builddep snippet generation * Fix extra XML handling of pom_change_dep * Fix invalid <skippedPlugins> in XMvn configuration * Fix provides matching * Fix running tests without coverage * Implement separate simple class name matching * Introduce common and extra subpackages * Make generated javadoc package noarch * Make scripts compatible with rpmlua * Migrate CI from TravisCI to GitHub Actions * Modularize Lua scripts * Remove dependency on Six compatibility library * Remove explicit import of Python 3 features * Remove license headers from wrapper scripts * Remove Python 3.5 from .travis.yml * Replace nose by pytest * Skip execution of various Maven plugins * Update build status badge in README.md * Update documentation * Update ivy-local-classpath * Use XMvn Javadoc MOJO by default - Remove requirement to python-six as it is not needed javapackages-filesystem-6.1.0-150200.3.7.1.x86_64.rpm javapackages-tools-6.1.0-150200.3.7.1.src.rpm javapackages-tools-6.1.0-150200.3.7.1.x86_64.rpm javapackages-tools-extras-6.1.0-150200.3.7.1.src.rpm python3-javapackages-6.1.0-150200.3.7.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-1688 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). libzstd-devel-1.5.0-150400.3.3.1.x86_64.rpm libzstd1-1.5.0-150400.3.3.1.x86_64.rpm zstd-1.5.0-150400.3.3.1.src.rpm zstd-1.5.0-150400.3.3.1.x86_64.rpm libzstd1-32bit-1.5.0-150400.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-1710 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. - CVE-2022-3523: Fixed a use after free related to device private page handling (bsc#1204363). - CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332). - CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331). - CVE-2023-0045: Fixed missing Flush IBP in ib_prctl_set (bsc#1207773). - CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208787). - CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm (bsc#1207845). - CVE-2023-1075: Fixed a type confusion in tls_is_tx_ready (bsc#1208598). - CVE-2023-1076: Fixed incorrect UID assigned to tun/tap sockets (bsc#1208599). - CVE-2023-1078: Fixed a heap out-of-bounds write in rds_rm_zerocopy_callback (bsc#1208601). - CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed list head (bsc#1208777). - CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). - CVE-2023-22995: Fixed lacks of certain platform_device_put and kfree in drivers/usb/dwc3/dwc3-qcom.c (bsc#1208741). - CVE-2023-22998: Fixed NULL vs IS_ERR checking in virtio_gpu_object_shmem_init (bsc#1208776). - CVE-2023-23000: Fixed return value of tegra_xusb_find_port_node function phy/tegra (bsc#1208816). - CVE-2023-23004: Fixed misinterpretation of get_sg_table return value (bsc#1208843). - CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer overflow (bsc#1207051). - CVE-2023-25012: Fixed a use-after-free in bigben_set_led() (bsc#1207560). - CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700). - CVE-2023-28328: Fixed a denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c (bsc#1209291). The following non-security bugs were fixed: - [infiniband] READ is "data destination", not source... (git-fixes) - [xen] fix "direction" argument of iov_iter_kvec() (git-fixes). - acpi/x86: Add support for LPS0 callback handler (git-fixes). - acpi: Do not build ACPICA with '-Os' (git-fixes). - acpi: NFIT: fix a potential deadlock during NFIT teardown (git-fixes). - acpi: PM: s2idle: Add support for upcoming AMD uPEP HID AMDI008 (bsc#1206224). - acpi: PM: s2idle: Use LPS0 idle if ACPI_FADT_LOW_POWER_S0 is unset (bsc#1206224). - acpi: battery: Fix missing NUL-termination with large strings (git-fixes). - acpi: resource: Add helper function acpi_dev_get_memory_resources() (git-fixes). - acpi: video: Fix Lenovo Ideapad Z570 DMI match (git-fixes). - acpi: x86: s2idle: Add a quirk for ASUS ROG Zephyrus G14 (bsc#1206224). - acpi: x86: s2idle: Add a quirk for ASUS TUF Gaming A17 FA707RE (bsc#1206224). - acpi: x86: s2idle: Add a quirk for ASUSTeK COMPUTER INC. ROG Flow X13 (bsc#1206224). - acpi: x86: s2idle: Add a quirk for Lenovo Slim 7 Pro 14ARH7 (bsc#1206224). - acpi: x86: s2idle: Add another ID to s2idle_dmi_table (bsc#1206224). - acpi: x86: s2idle: Add module parameter to prefer Microsoft GUID (bsc#1206224). - acpi: x86: s2idle: Fix a NULL pointer dereference (bsc#1206224). - acpi: x86: s2idle: Force AMD GUID/_REV 2 on HP Elitebook 865 (bsc#1206224). - acpi: x86: s2idle: If a new AMD _HID is missing assume Rembrandt (bsc#1206224). - acpi: x86: s2idle: Move _HID handling for AMD systems into structures (bsc#1206224). - acpi: x86: s2idle: Stop using AMD specific codepath for Rembrandt+ (bsc#1206224). - acpica: Drop port I/O validation for some regions (git-fixes). - acpica: nsrepair: handle cases without a return value correctly (git-fixes). - add cherry-picked id for nouveau patch - alsa: emux: Avoid potential array out-of-bound in snd_emux_xg_control() (git-fixes). - alsa: hda/ca0132: minor fix for allocation size (git-fixes). - alsa: hda/conexant: add a new hda codec SN6180 (git-fixes). - alsa: hda/realtek - fixed wrong gpio assigned (git-fixes). - alsa: hda/realtek: Add Positivo N14KP6-TG (git-fixes). - alsa: hda/realtek: Add quirk for ASUS UM3402 using CS35L41 (git-fixes). - alsa: hda/realtek: Add quirk for HP EliteDesk 800 G6 Tower PC (git-fixes). - alsa: hda/realtek: Enable mute/micmute LEDs on HP Elitebook, 645 G9 (git-fixes). - alsa: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro 360 (git-fixes). - alsa: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-fixes). - alsa: hda: Do not unset preset when cleaning up codec (git-fixes). - alsa: hda: Match only Intel devices with CONTROLLER_IN_GPU() (git-fixes). - alsa: ice1712: Delete unreachable code in aureon_add_controls() (git-fixes). - alsa: ice1712: Do not left ice->gpio_mutex locked in aureon_add_controls() (git-fixes). - alsa: pci: lx6464es: fix a debug loop (git-fixes). - applicom: Fix PCI device refcount leak in applicom_init() (git-fixes). - arm64: Treat ESR_ELx as a 64-bit register (git-fixes) - arm64: atomics: remove LL/SC trampolines (git-fixes) - arm64: cacheinfo: Fix incorrect assignment of signed error value to (git-fixes) - arm64: cmpxchg_double*: hazard against entire exchange variable (git-fixes) - arm64: dts: amlogic: meson-axg: fix SCPI clock dvfs node name (git-fixes). - arm64: dts: amlogic: meson-gx-libretech-pc: fix update button name (git-fixes). - arm64: dts: amlogic: meson-gx: add missing SCPI sensors compatible (git-fixes). - arm64: dts: amlogic: meson-gx: add missing unit address to rng node name (git-fixes). - arm64: dts: amlogic: meson-gx: fix SCPI clock dvfs node name (git-fixes). - arm64: dts: amlogic: meson-gxbb-kii-pro: fix led node name (git-fixes). - arm64: dts: amlogic: meson-gxl-s905d-phicomm-n1: fix led node name (git-fixes). - arm64: dts: amlogic: meson-gxl-s905d-sml5442tw: drop invalid clock-names property (git-fixes). - arm64: dts: amlogic: meson-gxl: add missing unit address to eth-phy-mux node name (git-fixes). - arm64: dts: amlogic: meson-sm1-bananapi-m5: fix adc keys node names (git-fixes). - arm64: dts: amlogic: meson-sm1-odroid-hc4: fix active fan thermal trip (git-fixes). - arm64: dts: arm: drop unused interrupt-names in MHU (git-fixes) - arm64: dts: imx8m: Align SoC unique ID node unit address (git-fixes). - arm64: dts: juno: Add missing MHU secure-irq (git-fixes) - arm64: dts: mediatek: mt7622: Add missing pwm-cells to pwm node (git-fixes). - arm64: dts: mediatek: mt8183: Fix systimer 13 MHz clock description (git-fixes). - arm64: dts: meson-axg: Make mmc host controller interrupts level-sensitive (git-fixes). - arm64: dts: meson-g12-common: Make mmc host controller interrupts level-sensitive (git-fixes). - arm64: dts: meson-g12a: Fix internal Ethernet PHY unit name (git-fixes). - arm64: dts: meson-gx: Fix Ethernet MAC address unit name (git-fixes). - arm64: dts: meson-gx: Fix the SCPI DVFS node name and unit address (git-fixes). - arm64: dts: meson-gx: Make mmc host controller interrupts level-sensitive (git-fixes). - arm64: dts: meson: bananapi-m5: switch VDDIO_C pin to OPEN_DRAIN (git-fixes). - arm64: dts: meson: remove CPU opps below 1GHz for G12A boards (git-fixes). - arm64: dts: mt8192: Fix CPU map for single-cluster SoC (git-fixes). - arm64: dts: qcom: Fix IPQ8074 PCIe PHY nodes (git-fixes). - arm64: dts: qcom: ipq8074: correct Gen2 PCIe ranges (git-fixes). - arm64: dts: qcom: ipq8074: correct PCIe QMP PHY output clock names (git-fixes). - arm64: dts: qcom: ipq8074: correct USB3 QMP PHY-s clock output names (git-fixes). - arm64: dts: qcom: ipq8074: fix Gen2 PCIe QMP PHY (git-fixes). - arm64: dts: qcom: ipq8074: fix Gen3 PCIe QMP PHY (git-fixes). - arm64: dts: qcom: ipq8074: fix Gen3 PCIe node (git-fixes). - arm64: dts: qcom: ipq8074: fix PCIe PHY serdes size (git-fixes). - arm64: dts: qcom: pmk8350: Specify PBS register for PON (git-fixes). - arm64: dts: qcom: pmk8350: Use the correct PON compatible (git-fixes). - arm64: dts: qcom: qcs404: use symbol names for PCIe resets (git-fixes). - arm64: dts: qcom: sc7180: correct SPMI bus address cells (git-fixes). - arm64: dts: qcom: sc7280: correct SPMI bus address cells (git-fixes). - arm64: dts: qcom: sdm845-db845c: fix audio codec interrupt pin name (git-fixes). - arm64: dts: qcom: sm8150-kumano: Panel framebuffer is 2.5k instead of 4k (git-fixes). - arm64: dts: renesas: beacon-renesom: Fix gpio expander reference (git-fixes). - arm64: dts: rockchip: drop unused LED mode property from rk3328-roc-cc (git-fixes). - arm64: dts: ti: k3-j7200: Fix wakeup pinmux range (git-fixes). - arm64: efi: Make efi_rt_lock a raw_spinlock (git-fixes). - arm64: make is_ttbrX_addr() noinstr-safe (git-fixes) - arm64: mm: kfence: only handle translation faults (git-fixes) - arm: OMAP1: call platform_device_put() in error case in omap1_dm_timer_init() (git-fixes). - arm: OMAP2+: Fix memory leak in realtime_counter_init() (git-fixes). - arm: bcm2835_defconfig: Enable the framebuffer (git-fixes). - arm: dts: am5748: keep usb4_tm disabled (git-fixes) - arm: dts: exynos: Use Exynos5420 compatible for the MIPI video phy (git-fixes). - arm: dts: exynos: correct HDMI phy compatible in Exynos4 (git-fixes). - arm: dts: exynos: correct TMU phandle in Exynos4 (git-fixes). - arm: dts: exynos: correct TMU phandle in Exynos4210 (git-fixes). - arm: dts: exynos: correct TMU phandle in Exynos5250 (git-fixes). - arm: dts: exynos: correct TMU phandle in Odroid HC1 (git-fixes). - arm: dts: exynos: correct TMU phandle in Odroid XU (git-fixes). - arm: dts: exynos: correct TMU phandle in Odroid XU3 family (git-fixes). - arm: dts: exynos: correct wr-active property in Exynos3250 Rinato (git-fixes). - arm: dts: imx7-colibri-eval-v3: correct can controller comment (git-fixes) - arm: dts: imx7s: correct iomuxc gpr mux controller cells (git-fixes). - arm: dts: qcom: msm8974: add required ranges to OCMEM (git-fixes) - arm: dts: qcom: sdx55: Add Qcom SMMU-500 as the fallback for IOMMU node (git-fixes). - arm: dts: rockchip: add power-domains property to dp node on rk3288 (git-fixes). - arm: dts: spear320-hmi: correct STMPE GPIO compatible (git-fixes). - arm: dts: stm32: add missing usbh clock and fix clk order on (git-fixes) - arm: dts: stm32: use usbphyc ck_usbo_48m as USBH OHCI clock on (git-fixes) - arm: dts: sun8i: nanopi-duo2: Fix regulator GPIO reference (git-fixes). - arm: imx: Call ida_simple_remove() for ida_simple_get (git-fixes). - arm: imx: rename DEBUG_IMX21_IMX27_UART to DEBUG_IMX27_UART (git-fixes) - arm: omap: remove debug-leds driver (git-fixes) - arm: remove some dead code (git-fixes) - arm: renumber bits related to _TIF_WORK_MASK (git-fixes) - arm: s3c: fix s3c64xx_set_timer_source prototype (git-fixes). - arm: shmobile: rcar-gen2: Add missing of_node_put() (git-fixes) - arm: zynq: Fix refcount leak in zynq_early_slcr_init (git-fixes). - asoc: Intel: boards: fix spelling in comments (git-fixes). - asoc: Intel: bytcht_es8316: Drop reference count of ACPI device after use (git-fixes). - asoc: Intel: bytcht_es8316: move comment to the right place (git-fixes). - asoc: Intel: sof_cs42l42: always set dpcm_capture for amplifiers (git-fixes). - asoc: Intel: sof_rt5682: always set dpcm_capture for amplifiers (git-fixes). - asoc: adau7118: do not disable regulators on device unbind (git-fixes). - asoc: codecs: Change bulk clock voting to optional voting in digital codecs (git-fixes). - asoc: codecs: lpass: fix incorrect mclk rate (git-fixes). - asoc: codecs: rx-macro: move clk provider to managed variants (git-fixes). - asoc: codecs: rx-macro: move to individual clks from bulk (git-fixes). - asoc: codecs: tx-macro: move clk provider to managed variants (git-fixes). - asoc: codecs: tx-macro: move to individual clks from bulk (git-fixes). - asoc: cs42l56: fix DT probe (git-fixes). - asoc: dt-bindings: meson: fix gx-card codec node regex (git-fixes). - asoc: fsl_sai: Update to modern clocking terminology (git-fixes). - asoc: kirkwood: Iterate over array indexes instead of using pointer math (git-fixes). - asoc: mchp-spdifrx: Fix uninitialized use of mr in mchp_spdifrx_hw_params() (git-fixes). - asoc: mchp-spdifrx: disable all interrupts in mchp_spdifrx_dai_remove() (git-fixes). - asoc: mchp-spdifrx: fix controls which rely on rsr register (git-fixes). - asoc: rsnd: Remove unnecessary rsnd_dbg_dai_call() (git-fixes). - asoc: rsnd: fixup #endif position (git-fixes). - asoc: rt715-sdca: fix clock stop prepare timeout issue (git-fixes). - asoc: soc-compress.c: fixup private_data on snd_soc_new_compress() (git-fixes). - asoc: soc-compress: Reposition and add pcm_mutex (git-fixes). - asoc: soc-dapm.h: fixup warning struct snd_pcm_substream not declared (git-fixes). - asoc: tlv320adcx140: fix 'ti,gpio-config' DT property init (git-fixes). - asoc: topology: Return -ENOMEM on memory allocation failure (git-fixes). - asoc: zl38060 add gpiolib dependency (git-fixes). - asoc: zl38060: Remove spurious gpiolib select (git-fixes). - ath9k: hif_usb: simplify if-if to if-else (git-fixes). - ath9k: htc: clean up statistics macros (git-fixes). - auxdisplay: hd44780: Fix potential memory leak in hd44780_remove() (git-fixes). - avoid deadlock for recursive I/O on dm-thin when used as swap (bsc#1177529). - backlight: backlight: Fix doc for backlight_device_get_by_name (git-fixes). - blk-cgroup: fix missing pd_online_fn() while activating policy (git-fixes). - blk-mq: fix possible memleak when register 'hctx' failed (git-fixes). - block, bfq: fix uaf for bfqq in bic_set_bfqq() (git-fixes). - block/bfq-iosched.c: use "false" rather than "BLK_RW_ASYNC" (git-fixes). - block: bio-integrity: Copy flags when bio_integrity_payload is cloned (bsc#1208541). - block: clear ->slave_dir when dropping the main slave_dir reference (git-fixes). - block: do not allow splitting of a REQ_NOWAIT bio (git-fixes). - block: fix and cleanup bio_check_ro (git-fixes). - block: mq-deadline: Do not break sequential write streams to zoned HDDs (git-fixes). - block: mq-deadline: Rename deadline_is_seq_writes() (git-fixes). - bluetooth: L2CAP: Fix potential user-after-free (git-fixes). - bluetooth: btusb: Add VID:PID 13d3:3529 for Realtek RTL8821CE (git-fixes). - bluetooth: hci_qca: get wakeup status from serdev device handle (git-fixes). - bluetooth: hci_sock: purge socket queues in the destruct() callback (git-fixes). - bpf, perf: Use subprog name when reporting subprog ksymbol (git fixes). - bpf, x64: Factor out emission of REX byte in more cases (git-fixes). - bpf: Fix a possible task gone issue with bpf_send_signal[_thread]() helpers (git-fixes). - bpf: Fix extable address check (git-fixes). - bpf: Fix extable fixup offset (git-fixes). - bpf: Skip task with pid=1 in send_signal_common() (git-fixes). - can: j1939: do not wait 250 ms if the same addr was already claimed (git-fixes). - ceph: flush cap releases when the session is flushed (bsc#1208428). - ceph: update the time stamps and try to drop the suid/sgid (bsc#1209504). - cifs: Check the lease context if we actually got a lease (bsc#1193629). - cifs: Convert struct fealist away from 1-element array (bsc#1193629). - cifs: Fix lost destroy smbd connection when MR allocate failed (git-fixes). - cifs: Fix oops due to uncleared server->smbd_conn in reconnect (git-fixes). - cifs: Fix uninitialized memory read in smb3_qfs_tcon() (bsc#1193629). - cifs: Fix uninitialized memory reads for oparms.mode (bsc#1193629). - cifs: Fix use-after-free in rdata->read_into_pages() (git-fixes). - cifs: Fix warning and UAF when destroy the MR list (git-fixes). - cifs: Get rid of unneeded conditional in the smb2_get_aead_req() (bsc#1193629). - cifs: Replace remaining 1-element arrays (bsc#1193629). - cifs: Replace zero-length arrays with flexible-array members (bsc#1193629). - cifs: Use kstrtobool() instead of strtobool() (bsc#1193629). - cifs: do not try to use rdma offload on encrypted connections (bsc#1193629). - cifs: fix mount on old smb servers (boo#1206935). - cifs: get rid of dns resolve worker (bsc#1193629). - cifs: get rid of unneeded conditional in cifs_get_num_sgs() (bsc#1193629). - cifs: improve checking of DFS links over STATUS_OBJECT_NAME_INVALID (git-fixes). - cifs: introduce cifs_io_parms in smb2_async_writev() (bsc#1193629). - cifs: match even the scope id for ipv6 addresses (bsc#1193629). - cifs: prevent data race in cifs_reconnect_tcon() (bsc#1193629). - cifs: prevent data race in smb2_reconnect() (bsc#1193629). - cifs: print last update time for interface list (bsc#1193629). - cifs: remove unneeded 2bytes of padding from smb2 tree connect (bsc#1193629). - cifs: return a single-use cfid if we did not get a lease (bsc#1193629). - cifs: reuse cifs_match_ipaddr for comparison of dstaddr too (bsc#1193629). - cifs: split out smb3_use_rdma_offload() helper (bsc#1193629). - cifs: update ip_addr for ses only for primary chan setup (bsc#1193629). - cifs: use tcon allocation functions even for dummy tcon (git-fixes). - cifs: use the least loaded channel for sending requests (bsc#1193629). - clk: HI655X: select REGMAP instead of depending on it (git-fixes). - clk: Honor CLK_OPS_PARENT_ENABLE in clk_core_is_enabled() (git-fixes). - clk: imx: avoid memory leak (git-fixes). - clk: mxl: Add option to override gate clks (git-fixes). - clk: mxl: Fix a clk entry by adding relevant flags (git-fixes). - clk: mxl: Remove redundant spinlocks (git-fixes). - clk: mxl: Switch from direct readl/writel based IO to regmap based IO (git-fixes). - clk: mxl: syscon_node_to_regmap() returns error pointers (git-fixes). - clk: qcom: gcc-qcs404: disable gpll[04]_out_aux parents (git-fixes). - clk: qcom: gcc-qcs404: fix names of the DSI clocks used as parents (git-fixes). - clk: ralink: fix 'mt7621_gate_is_enabled()' function (git-fixes). - clk: renesas: cpg-mssr: Fix use after free if cpg_mssr_common_init() failed (git-fixes). - clk: renesas: cpg-mssr: Remove superfluous check in resume code (git-fixes). - clocksource: Suspend the watchdog temporarily when high read latency detected (git-fixes). - comedi: use menuconfig for main Comedi menu (git-fixes). - crypto: arm64 - Fix unused variable compilation warnings of (git-fixes) - crypto: ccp - Avoid page allocation failure warning for SEV_GET_ID2 (git-fixes). - crypto: ccp - Failure on re-initialization due to duplicate sysfs filename (git-fixes). - crypto: crypto4xx - Call dma_unmap_page when done (git-fixes). - crypto: essiv - Handle EBUSY correctly (git-fixes). - crypto: qat - fix out-of-bounds read (git-fixes). - crypto: rsa-pkcs1pad - Use akcipher_request_complete (git-fixes). - crypto: seqiv - Handle EBUSY correctly (git-fixes). - crypto: x86/ghash - fix unaligned access in ghash_setkey() (git-fixes). - crypto: xts - Handle EBUSY correctly (git-fixes). - delete patches.suse/drm-i915-Don-t-use-BAR-mappings-for-ring-buffers-wit.patch Resulted in an Oops / hang at boot (bsc#1209436) - dmaengine: dw-axi-dmac: Do not dereference NULL structure (git-fixes). - dmaengine: dw-edma: Do not permit non-inc interleaved xfers (git-fixes). - dmaengine: dw-edma: Drop chancnt initialization (git-fixes). - dmaengine: dw-edma: Fix invalid interleaved xfers semantics (git-fixes). - dmaengine: dw-edma: Fix missing src/dst address of interleaved xfers (git-fixes). - dmaengine: dw-edma: Fix readq_ch() return value truncation (git-fixes). - dmaengine: idxd: Set traffic class values in GRPCFG on DSA 2.0 (git-fixes). - dmaengine: ptdma: check for null desc before calling pt_cmd_callback (git-fixes). - dmaengine: sf-pdma: pdma_desc memory leak fix (git-fixes). - do not sign the vanilla kernel (bsc#1209008). - docs/scripts/gdb: add necessary make scripts_gdb step (git-fixes). - docs: Correct missing "d_" prefix for dentry_operations member d_weak_revalidate (git-fixes). - docs: ftrace: fix a issue with duplicated subtitle number (git-fixes). - docs: gdbmacros: print newest record (git-fixes). - documentation/hw-vuln: Document the interaction between IBRS and STIBP (git-fixes). - documentation: simplify and clarify DCO contribution example language (git-fixes). - driver core: fix potential null-ptr-deref in device_add() (git-fixes). - driver core: fix resource leak in device_add() (git-fixes). - driver core: fw_devlink: Add DL_FLAG_CYCLE support to device links (git-fixes). - drivers/md/md-bitmap: check the return value of md_bitmap_get_counter() (git-fixes). - drivers: base: transport_class: fix possible memory leak (git-fixes). - drivers: base: transport_class: fix resource leak when transport_add_device() fails (git-fixes). - drm/amd/display: Fail atomic_check early on normalize_zpos error (git-fixes). - drm/amd/display: Fix potential null-deref in dm_resume (git-fixes). - drm/amd/display: Fix timing not changning when freesync video is enabled (git-fixes). - drm/amd/display: Properly handle additional cases where DCN is not supported (git-fixes). - drm/amd/display: reduce else-if to else in dcn10_blank_pixel_data() (git-fixes). - drm/amdgpu/fence: Fix oops due to non-matching drm_sched init/fini (git-fixes). - drm/amdgpu: fix enum odm_combine_mode mismatch (git-fixes). - drm/amdgpu: fix error checking in amdgpu_read_mm_registers for soc15 (git-fixes). - drm/bridge: Fix returned array size name for atomic_get_input_bus_fmts kdoc (git-fixes). - drm/bridge: lt8912b: Add hot plug detection (git-fixes). - drm/bridge: lt9611: fix HPD reenablement (git-fixes). - drm/bridge: lt9611: fix clock calculation (git-fixes). - drm/bridge: lt9611: fix polarity programming (git-fixes). - drm/bridge: lt9611: fix programming of video modes (git-fixes). - drm/bridge: lt9611: fix sleep mode setup (git-fixes). - drm/bridge: lt9611: pass a pointer to the of node (git-fixes). - drm/bridge: megachips: Fix error handling in i2c_register_driver() (git-fixes). - drm/connector: print max_requested_bpc in state debugfs (git-fixes). - drm/edid: fix AVI infoframe aspect ratio handling (git-fixes). - drm/fourcc: Add missing big-endian XRGB1555 and RGB565 formats (git-fixes). - drm/hyperv : Removing the restruction of VRAM allocation with PCI bar size (git-fixes). - drm/hyperv: Fix an error handling path in hyperv_vmbus_probe() (git-fixes). - drm/i915/gen11: Moving WAs to icl_gt_workarounds_init() (git-fixes). - drm/i915/gen11: Wa_1408615072/Wa_1407596294 should be on GT list (git-fixes). - drm/i915/quirks: Add inverted backlight quirk for HP 14-r206nv (git-fixes). - drm/i915: Do not use BAR mappings for ring buffers with LLC (git-fixes). - drm/i915: Fix VBT DSI DVO port handling (git-fixes). - drm/i915: Initialize the obj flags for shmem objects (git-fixes). - drm/mediatek: Clean dangling pointer on bind error path (git-fixes). - drm/mediatek: Drop unbalanced obj unref (git-fixes). - drm/mediatek: Use NULL instead of 0 for NULL pointer (git-fixes). - drm/mediatek: dsi: Reduce the time of dsi from LP11 to sending cmd (git-fixes). - drm/mediatek: mtk_drm_crtc: Add checks for devm_kcalloc (git-fixes). - drm/meson: fix 1px pink line on GXM when scaling video overlay (git-fixes). - drm/mipi-dsi: Fix byte order of 16-bit DCS set/get brightness (git-fixes). - drm/msm/a5xx: fix context faults during ring switch (git-fixes). - drm/msm/a5xx: fix highest bank bit for a530 (git-fixes). - drm/msm/a5xx: fix setting of the CP_PREEMPT_ENABLE_LOCAL register (git-fixes). - drm/msm/a5xx: fix the emptyness check in the preempt code (git-fixes). - drm/msm/adreno: Fix null ptr access in adreno_gpu_cleanup() (git-fixes). - drm/msm/disp/dpu: fix sc7280_pp base offset (git-fixes). - drm/msm/dpu: Add check for cstate (git-fixes). - drm/msm/dpu: Add check for pstates (git-fixes). - drm/msm/dpu: Disallow unallocated resources to be returned (git-fixes). - drm/msm/dpu: drop stale comment from struct dpu_mdp_cfg doc (git-fixes). - drm/msm/dpu: fix len of sc7180 ctl blocks (git-fixes). - drm/msm/dpu: set pdpu->is_rt_pipe early in dpu_plane_sspp_atomic_update() (git-fixes). - drm/msm/dsi: Add missing check for alloc_ordered_workqueue (git-fixes). - drm/msm/gem: Add check for kmalloc (git-fixes). - drm/msm/hdmi: Add missing check for alloc_ordered_workqueue (git-fixes). - drm/msm/mdp5: Add check for kzalloc (git-fixes). - drm/msm: Fix potential invalid ptr free (git-fixes). - drm/msm: clean event_thread->worker in case of an error (git-fixes). - drm/msm: use strscpy instead of strncpy (git-fixes). - drm/nouveau/devinit/tu102-: wait for GFW_BOOT_PROGRESS == COMPLETED (git-fixes). - drm/nouveau/kms/nv50-: remove unused functions (git-fixes). - drm/nouveau/kms/nv50: fix nv50_wndw_new_ prototype (git-fixes). - drm/omap: dsi: Fix excessive stack usage (git-fixes). - drm/omapdrm: Remove unused struct csc_coef_rgb2yuv (git-fixes). - drm/panfrost: Do not sync rpm suspension after mmu flushing (git-fixes). - drm/radeon: Fix eDP for single-display iMac11,2 (git-fixes). - drm/radeon: free iio for atombios when driver shutdown (git-fixes). - drm/shmem-helper: Remove another errant put in error path (git-fixes). - drm/sun4i: fix missing component unbind on bind errors (git-fixes). - drm/tiny: ili9486: Do not assume 8-bit only SPI controllers (git-fixes). - drm/vc4: dpi: Add option for inverting pixel clock and output enable (git-fixes). - drm/vc4: dpi: Fix format mapping for RGB565 (git-fixes). - drm/vc4: hdmi: Correct interlaced timings again (git-fixes). - drm/vc4: hvs: Fix colour order for xRGB1555 on HVS5 (git-fixes). - drm/vc4: hvs: Set AXI panic modes (git-fixes). - drm/vc4: vec: Use pm_runtime_resume_and_get() in vc4_vec_encoder_enable() (git-fixes). - drm/virtio: exbuf->fence_fd unmodified on interrupted wait (git-fixes). - drm/vkms: Fix memory leak in vkms_init() (git-fixes). - drm/vkms: Fix null-ptr-deref in vkms_release() (git-fixes). - drm: Fix potential null-ptr-deref due to drmm_mode_config_init() (git-fixes). - drm: amd: display: Fix memory leakage (git-fixes). - drm: mxsfb: DRM_MXSFB should depend on ARCH_MXS || ARCH_MXC (git-fixes). - drm: panel-orientation-quirks: Add quirk for Lenovo IdeaPad Duet 3 10IGL5 (git-fixes). - drm: tidss: Fix pixel format definition (git-fixes). - dt-bindings: arm: fsl: Fix bindings for APF28Dev board (git-fixes). - dt-bindings: hwlock: sun6i: Add missing #hwlock-cells (git-fixes). - dt-bindings: input: iqs626a: Redefine trackpad property types (git-fixes). - dt-bindings: msm: dsi-controller-main: Add vdd* descriptions back in (git-fixes). - dt-bindings: net: snps,dwmac: Fix snps,reset-delays-us dependency (git-fixes). - dt-bindings: power: supply: pm8941-coincell: Do not require charging properties (git-fixes). - dt-bindings: usb: amlogic,meson-g12a-usb-ctrl: make G12A usb3-phy0 optional (git-fixes). - eeprom: idt_89hpesx: Fix error handling in idt_init() (git-fixes). - efi: Accept version 2 of memory attributes table (git-fixes). - exit: Add and use make_task_dead (bsc#1207328). - exit: Allow oops_limit to be disabled (bsc#1207328). - exit: Guarantee make_task_dead leaks the tsk when calling do_task_exit (bsc#1207328). - exit: Move force_uaccess back into do_exit (bsc#1207328). - exit: Move oops specific logic from do_exit into make_task_dead (bsc#1207328). - exit: Put an upper limit on how often we can oops (bsc#1207328). - exit: Stop poorly open coding do_task_dead in make_task_dead (bsc#1207328). - exit: Use READ_ONCE() for all oops/warn limit reads (bsc#1207328). - ext4,f2fs: fix readahead of verity data (bsc#1207648). - ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode (bsc#1207619). - ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878). - ext4: add helper to check quota inums (bsc#1207618). - ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop (bsc#1207617). - ext4: add missing validation of fast-commit record lengths (bsc#1207626). - ext4: allocate extended attribute value in vmalloc area (bsc#1207635). - ext4: avoid crash when inline data creation follows DIO write (bsc#1206883). - ext4: avoid resizing to a partial cluster size (bsc#1206880). - ext4: avoid unaccounted block allocation when expanding inode (bsc#1207634). - ext4: continue to expand file system when the target size does not reach (bsc#1206882). - ext4: correct cluster len and clusters changed accounting in ext4_mb_mark_bb (bsc#1207592). - ext4: correct max_inline_xattr_value_size computing (bsc#1206878). - ext4: correct the misjudgment in ext4_iget_extra_inode (bsc#1206878). - ext4: disable fast-commit of encrypted dir operations (bsc#1207623). - ext4: do not allow journal inode to have encrypt flag (bsc#1207621). - ext4: do not increase iversion counter for ea_inodes (bsc#1207605). - ext4: do not run ext4lazyinit for read-only filesystems (bsc#1207603). - ext4: do not set up encryption key during jbd2 transaction (bsc#1207624). - ext4: drop ineligible txn start stop APIs (bsc#1207588). - ext4: ext4_read_bh_lock() should submit IO if the buffer isn't uptodate (bsc#1207606). - ext4: factor out ext4_fc_get_tl() (bsc#1207615). - ext4: fast commit may miss file actions (bsc#1207591). - ext4: fast commit may not fallback for ineligible commit (bsc#1207590). - ext4: fix BUG_ON() when directory entry has invalid rec_len (bsc#1206886). - ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0 (bsc#1206881). - ext4: fix bug_on in __es_tree_search caused by bad boot loader inode (bsc#1207620). - ext4: fix bug_on in start_this_handle during umount filesystem (bsc#1207594). - ext4: fix deadlock due to mbcache entry corruption (bsc#1207653). - ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline (bsc#1207631). - ext4: fix dir corruption when ext4_dx_add_entry() fails (bsc#1207608). - ext4: fix error code return to user-space in ext4_get_branch() (bsc#1207630). - ext4: fix ext4_mb_mark_bb() with flex_bg with fast_commit (bsc#1207593). - ext4: fix extent status tree race in writeback error recovery path (bsc#1206877). - ext4: fix inode leak in ext4_xattr_inode_create() on an error path (bsc#1207636). - ext4: fix kernel BUG in 'ext4_write_inline_data_end()' (bsc#1206894). - ext4: fix leaking uninitialized memory in fast-commit journal (bsc#1207625). - ext4: fix miss release buffer head in ext4_fc_write_inode (bsc#1207609). - ext4: fix null-ptr-deref in ext4_write_info (bsc#1206884). - ext4: fix off-by-one errors in fast-commit block filling (bsc#1207628). - ext4: fix potential memory leak in ext4_fc_record_modified_inode() (bsc#1207611). - ext4: fix potential memory leak in ext4_fc_record_regions() (bsc#1207612). - ext4: fix potential out of bound read in ext4_fc_replay_scan() (bsc#1207616). - ext4: fix reserved cluster accounting in __es_remove_extent() (bsc#1207637). - ext4: fix unaligned memory access in ext4_fc_reserve_space() (bsc#1207627). - ext4: fix undefined behavior in bit shift for ext4_check_flag_values (bsc#1206890). - ext4: fix uninititialized value in 'ext4_evict_inode' (bsc#1206893). - ext4: fix use-after-free in ext4_ext_shift_extents (bsc#1206888). - ext4: fix use-after-free in ext4_orphan_cleanup (bsc#1207622). - ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878). - ext4: fix warning in 'ext4_da_release_space' (bsc#1206887). - ext4: goto right label 'failed_mount3a' (bsc#1207610). - ext4: init quota for 'old.inode' in 'ext4_rename' (bsc#1207629). - ext4: initialize quota before expanding inode in setproject ioctl (bsc#1207633). - ext4: introduce EXT4_FC_TAG_BASE_LEN helper (bsc#1207614). - ext4: limit the number of retries after discarding preallocations blocks (bsc#1207602). - ext4: make ext4_lazyinit_thread freezable (bsc#1206885). - ext4: place buffer head allocation before handle start (bsc#1207607). - ext4: silence the warning when evicting inode with dioread_nolock (bsc#1206889). - ext4: simplify updating of fast commit stats (bsc#1207589). - ext4: update 'state->fc_regions_size' after successful memory allocation (bsc#1207613). - ext4: update s_overhead_clusters in the superblock during an on-line resize (bsc#1206876). - fbdev: omapfb: cleanup inconsistent indentation (git-fixes). - fbdev: smscufx: fix error handling code in ufx_usb_probe (git-fixes). - firmware/efi sysfb_efi: Add quirk for Lenovo IdeaPad Duet 3 (git-fixes). - firmware: coreboot: Remove GOOGLE_COREBOOT_TABLE_ACPI/OF Kconfig entries (git-fixes). - firmware: coreboot: framebuffer: Ignore reserved pixel color bits (git-fixes). - firmware: dmi-sysfs: Fix null-ptr-deref in dmi_sysfs_register_handle (git-fixes). - firmware: stratix10-svc: add missing gen_pool_destroy() in stratix10_svc_drv_probe() (git-fixes). - firmware: xilinx: do not make a sleepable memory allocation from an atomic context (git-fixes). - fix page corruption caused by racy check in __free_pages (bsc#1208149). - fork: allow CLONE_NEWTIME in clone3 flags (bsc#1209258). - fs: ext4: initialize fsdata in pagecache_write() (bsc#1207632). - fscache_cookie_enabled: check cookie is valid before accessing it (bsc#1208429). - fuse: add inode/permission checks to fileattr_get/fileattr_set (bsc#1208759). - genirq: Provide new interfaces for affinity hints (bsc#1208153). - gpio: tegra186: remove unneeded loop in tegra186_gpio_init_route_mapping() (git-fixes). - gpio: vf610: connect GPIO label to dev name (git-fixes). - gpu: host1x: Do not skip assigning syncpoints to channels (git-fixes). - gpu: ipu-v3: common: Add of_node_put() for reference returned by of_graph_get_port_by_id() (git-fixes). - hid: Add Mapping for System Microphone Mute (git-fixes). - hid: asus: use spinlock to protect concurrent accesses (git-fixes). - hid: asus: use spinlock to safely schedule workers (git-fixes). - hid: bigben: use spinlock to protect concurrent accesses (git-fixes). - hid: bigben: use spinlock to safely schedule workers (git-fixes). - hid: bigben_probe(): validate report count (git-fixes). - hid: bigben_worker() remove unneeded check on report_field (git-fixes). - hid: core: Fix deadloop in hid_apply_multiplier (git-fixes). - hid: elecom: add support for TrackBall 056E:011C (git-fixes). - hid: logitech-hidpp: Do not restart communication if not necessary (git-fixes). - hid: multitouch: Add quirks for flipped axes (git-fixes). - hid: retain initial quirks set up when creating HID devices (git-fixes). - hv: fix comment typo in vmbus_channel/low_latency (git-fixes). - hv_netvsc: Allocate memory in netvsc_dma_map() with GFP_ATOMIC (git-fixes). - hv_netvsc: Check status in SEND_RNDIS_PKT completion message (git-fixes). - hwmon: (adm1266) Set `can_sleep` flag for GPIO chip (git-fixes). - hwmon: (adt7475) Display smoothing attributes in correct order (git-fixes). - hwmon: (adt7475) Fix masking of hysteresis registers (git-fixes). - hwmon: (coretemp) Simplify platform device handling (git-fixes). - hwmon: (ftsteutates) Fix scaling of measurements (git-fixes). - hwmon: (ina3221) return prober error code (git-fixes). - hwmon: (k10temp): Add support for new family 17h and 19h models (bsc#1208848). - hwmon: (ltc2945) Handle error case in ltc2945_value_store (git-fixes). - hwmon: (ltc2992) Set `can_sleep` flag for GPIO chip (git-fixes). - hwmon: (mlxreg-fan) Return zero speed for broken fan (git-fixes). - hwmon: (ucd90320) Add minimum delay between bus accesses (git-fixes). - hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race condition (git-fixes). - hwmon: tmp512: drop of_match_ptr for ID table (git-fixes). - i2c: designware-pci: Add new PCI IDs for AMD NAVI GPU (git-fixes). - i2c: designware: fix i2c_dw_clk_rate() return size to be u32 (git-fixes). - i2c: mxs: suppress probe-deferral error message (git-fixes). - i2c: rk3x: fix a bunch of kernel-doc warnings (git-fixes). - ib/hfi1: Assign npages earlier (git-fixes) - ib/hfi1: Fix math bugs in hfi1_can_pin_pages() (git-fixes) - ib/hfi1: Fix sdma.h tx->num_descs off-by-one errors (git-fixes) - ib/hfi1: Restore allocated resources on failed copyout (git-fixes) - ib/hfi1: Update RMT size calculation (git-fixes) - ib/ipoib: Fix legacy IPoIB due to wrong number of queues (git-fixes) - iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_config_word() (git-fixes). - iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_status_word() (git-fixes). - iio: light: tsl2563: Do not hardcode interrupt trigger type (git-fixes). - input: ads7846 - always set last command to PWRDOWN (git-fixes). - input: ads7846 - do not check penirq immediately for 7845 (git-fixes). - input: ads7846 - do not report pressure for ads7845 (git-fixes). - input: iqs269a - configure device with a single block write (git-fixes). - input: iqs269a - drop unused device node references (git-fixes). - input: iqs269a - increase interrupt handler return delay (git-fixes). - input: iqs626a - drop unused device node references (git-fixes). - interconnect: exynos: fix node leak in probe PM QoS error path (git-fixes). - interconnect: fix mem leak when freeing nodes (git-fixes). - interconnect: qcom: osm-l3: fix icc_onecell_data allocation (git-fixes). - iommu/hyper-v: Allow hyperv irq remapping without x2apic (git-fixes). - ipmi:ssif: Add a timer between request retries (bsc#1206459). - ipmi:ssif: Remove rtc_us_timer (bsc#1206459). - ipmi:ssif: resend_msg() cannot fail (bsc#1206459). - ipmi_ssif: Rename idle state and check (bsc#1206459). - irqchip/gic-v3: Refactor ISB + EOIR at ack time (git-fixes) - iw_cxgb4: Fix potential NULL dereference in c4iw_fill_res_cm_id_entry() (git-fixes) - jbd2: Fix up kABI of ext4 fast commit interface (bsc#1207590). - jbd2: add miss release buffer head in fc_do_one_pass() (bsc#1207646). - jbd2: fix a potential race while discarding reserved buffers after an abort (bsc#1207641). - jbd2: fix potential buffer head reference count leak (bsc#1207644). - jbd2: fix potential use-after-free in jbd2_fc_wait_bufs (bsc#1207645). - jbd2: wake up journal waiters in FIFO order, not LIFO (bsc#1207643). - kABI workaround for hid quirks (git-fixes). - kABI: pci: Reduce warnings on possible RW1C corruption (kabi). - kABI: pci: dwc: Add dw_pcie_ops.host_deinit() callback (kabi). - kabi fix for nfsv4: Fix free of uninitialized nfs4_label on referral lookup (git-fixes). - kabi fix for: NFSv3: handle out-of-order write replies (bsc#1205544). - kabi fix for: nfs: Further optimisations for 'ls -l' (git-fixes). - kabi fix for: nfsd: Have legacy NFSD WRITE decoders use xdr_stream_subsegment() (git-fixes). - kabi fix for: nfsv4.1 query for fs_location attr on a new file system (Never, kabi). - kasan: no need to unset panic_on_warn in end_report() (bsc#1207328). - kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179). When -b is specified the script is prefixed with KMP_NEEDS_MKINITRD=1 which sets the variable for a simple command. However, the script is no longer a simple command. Export the variable instead. - keys: asymmetric: Fix ECDSA use via keyctl uapi (git-fixes). - leds: led-class: Add missing put_device() to led_put() (git-fixes). - leds: led-core: Fix refcount leak in of_led_get() (git-fixes). - lib/mpi: Fix buffer overrun when SG is too long (git-fixes). - lib/zlib: remove redundation assignement of avail_in dfltcc_gdht() (git-fixes). - locking/rwsem: Allow slowpath writer to ignore handoff bit if not set by first waiter (bsc#1207270). - locking/rwsem: Always try to wake waiters in out_nolock path (bsc#1207270). - locking/rwsem: Conditionally wake waiters in reader/writer slowpaths (bsc#1207270). - locking/rwsem: Disable preemption in all down_read*() and up_read() code paths (bsc#1207270). - locking/rwsem: Disable preemption in all down_write*() and up_write() code paths (bsc#1207270). - locking/rwsem: Disable preemption while trying for rwsem lock (bsc#1207270). - locking/rwsem: Make handoff bit handling more consistent (bsc#1207270). - locking/rwsem: No need to check for handoff bit if wait queue empty (bsc#1207270). - locking/rwsem: Prevent non-first waiter from spinning in down_write() slowpath (bsc#1207270). - locking: Add missing __sched attributes (bsc#1207270). - makefile: link with -z noexecstack --no-warn-rwx-segments (bsc#1203200). - mbcache: Avoid nesting of cache->c_list_lock under bit locks (bsc#1207647). - mbcache: Fixup kABI of mb_cache_entry (bsc#1207653). - md/bitmap: Fix bitmap chunk size overflow issues (git-fixes). - md/raid1: stop mdx_raid1 thread when raid1 array run failed (git-fixes). - md: fix a crash in mempool_free (git-fixes). - media: coda: Add check for dcoda_iram_alloc (git-fixes). - media: coda: Add check for kmalloc (git-fixes). - media: i2c: imx219: Fix binning for RAW8 capture (git-fixes). - media: i2c: imx219: Split common registers from mode tables (git-fixes). - media: i2c: ov7670: 0 instead of -EINVAL was returned (git-fixes). - media: i2c: ov772x: Fix memleak in ov772x_probe() (git-fixes). - media: imx: imx7-media-csi: fix missing clk_disable_unprepare() in imx7_csi_init() (git-fixes). - media: ipu3-cio2: Fix PM runtime usage_count in driver unbind (git-fixes). - media: m5mols: fix off-by-one loop termination error (git-fixes). - media: max9286: Fix memleak in max9286_v4l2_register() (git-fixes). - media: ov2740: Fix memleak in ov2740_init_controls() (git-fixes). - media: ov5640: Fix analogue gain control (git-fixes). - media: ov5675: Fix memleak in ov5675_init_controls() (git-fixes). - media: platform: ti: Add missing check for devm_regulator_get (git-fixes). - media: rc: Fix use-after-free bugs caused by ene_tx_irqsim() (git-fixes). - media: rc: gpio-ir-recv: add remove function (git-fixes). - media: saa7134: Use video_unregister_device for radio_dev (git-fixes). - media: ti: cal: fix possible memory leak in cal_ctx_create() (git-fixes). - media: usb: siano: Fix use after free bugs caused by do_submit_urb (git-fixes). - media: uvcvideo: Add support for V4L2_CTRL_TYPE_CTRL_CLASS (git-fixes). - media: uvcvideo: Check controls flags before accessing them (git-fixes). - media: uvcvideo: Check for INACTIVE in uvc_ctrl_is_accessible() (git-fixes). - media: uvcvideo: Do not check for V4L2_CTRL_WHICH_DEF_VAL (git-fixes). - media: uvcvideo: Fix memory leak of object map on error exit path (git-fixes). - media: uvcvideo: Fix race condition with usb_kill_urb (git-fixes). - media: uvcvideo: Handle cameras with invalid descriptors (git-fixes). - media: uvcvideo: Handle errors from calls to usb_string (git-fixes). - media: uvcvideo: Quirk for autosuspend in Logitech B910 and C910 (git-fixes). - media: uvcvideo: Remove s_ctrl and g_ctrl (git-fixes). - media: uvcvideo: Silence memcpy() run-time false positive warnings (git-fixes). - media: uvcvideo: Use control names from framework (git-fixes). - media: uvcvideo: refactor __uvc_ctrl_add_mapping (git-fixes). - media: v4l2-jpeg: correct the skip count in jpeg_parse_app14_data (git-fixes). - media: v4l2-jpeg: ignore the unknown APP14 marker (git-fixes). - mei: bus-fixup:upon error print return values of send and receive (git-fixes). - mfd: arizona: Use pm_runtime_resume_and_get() to prevent refcnt leak (git-fixes). - mfd: cs5535: Do not build on UML (git-fixes). - mfd: pcf50633-adc: Fix potential memleak in pcf50633_adc_async_read() (git-fixes). - misc/mei/hdcp: Use correct macros to initialize uuid_le (git-fixes). - misc: enclosure: Fix doc for enclosure_find() (git-fixes). - mm: memcg: fix NULL pointer in mem_cgroup_track_foreign_dirty_slowpath() (bsc#1209262). - mmc: jz4740: Work around bug on JZ4760(B) (git-fixes). - mmc: mmc_spi: fix error handling in mmc_spi_probe() (git-fixes). - mmc: sdhci_am654: lower power-on failed message severity (git-fixes). - mmc: sdio: fix possible resource leaks in some error paths (git-fixes). - move upstreamed i915 and media fixes into sorted section - mt76: mt7915: fix polling firmware-own status (git-fixes). - mtd: dataflash: remove duplicate SPI ID table (git-fixes). - mtd: rawnand: fsl_elbc: Propagate HW ECC settings to HW (git-fixes). - mtd: rawnand: sunxi: Clean up chips after failed init (git-fixes). - mtd: rawnand: sunxi: Fix the size of the last OOB region (git-fixes). - mtd: spi-nor: Fix shift-out-of-bounds in spi_nor_set_erase_type (git-fixes). - mtd: spi-nor: core: fix implicit declaration warning (git-fixes). - mtd: spi-nor: sfdp: Fix index value for SCCR dwords (git-fixes). - mtd: spi-nor: spansion: Consider reserved bits in CFR5 register (git-fixes). - net/rose: Fix to not accept on connected socket (git-fixes). - net/sunrpc: fix reference count leaks in rpc_sysfs_xprt_state_change (git-fixes). - net/usb: kalmia: Do not pass act_len in usb_bulk_msg error path (git-fixes). - net/x25: Fix to not accept on connected socket (git-fixes). - net: USB: Fix wrong-direction WARNING in plusb.c (git-fixes). - net: mana: Assign interrupts to CPUs based on NUMA nodes (bsc#1208153). - net: mana: Fix IRQ name - add PCI and queue number (bsc#1207875). - net: mana: Fix accessing freed irq affinity_hint (bsc#1208153). - net: openvswitch: fix possible memory leak in ovs_meter_cmd_set() (git-fixes). - net: phy: meson-gxl: use MMD access dummy stubs for GXL, internal PHY (git-fixes). - nfc: change order inside nfc_se_io error path (git-fixes). - nfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties (git-fixes). - nfc: fix memory leak of se_io context in nfc_genl_se_io (git-fixes). - nfc: pn533: initialize struct pn533_out_arg properly (git-fixes). - nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition (git-fixes). - nfcv3: handle out-of-order write replies (bsc#1205544). - nfs4: Fix kmemleak when allocate slot failed (git-fixes). - nfs: Always initialise fattr->label in nfs_fattr_alloc() (git-fixes). - nfs: Avoid writeback threads getting stuck in mempool_alloc() (git-fixes). - nfs: Create a new nfs_alloc_fattr_with_label() function (git-fixes). - nfs: Do not allocate nfs_fattr on the stack in __nfs42_ssc_open() (git-fixes). - nfs: Further optimisations for 'ls -l' (git-fixes). - nfs: nfs4clinet: check the return value of kstrdup() (git-fixes). - nfs: nfsiod should not block forever in mempool_alloc() (git-fixes). - nfs: nfsiod should not block forever in mempool_alloc() (git-fixes). - nfsd: COMMIT operations must not return NFS?ERR_INVAL (git-fixes). - nfsd: De-duplicate net_generic(nf->nf_net, nfsd_net_id) (git-fixes). - nfsd: Finish converting the NFSv2 GETACL result encoder (git-fixes). - nfsd: Finish converting the NFSv3 GETACL result encoder (git-fixes). - nfsd: Fix a memory leak in an error handling path (git-fixes). - nfsd: Fix handling of oversized nfsv4 COMPOUND requests (git-fixes). - nfsd: Fix nfsd_breaker_owns_lease() return values (git-fixes). - nfsd: Have legacy NFSD WRITE decoders use xdr_stream_subsegment() (git-fixes). - nfsd: Return nfserr_serverfault if splice_ok but buf->pages have data (git-fixes). - nfsd: do not call nfsd_file_put from client states seqfile display (git-fixes). - nfsd: fix use-after-free on source server when doing inter-server copy (git-fixes). - nfsd: pass range end to vfs_fsync_range() instead of count (git-fixes). - nfsv4 expose nfs_parse_server_name function (git-fixes). - nfsv4 handle port presence in fs_location server string (git-fixes). - nfsv4 only print the label when its queried (git-fixes). - nfsv4 remove zero number of fs_locations entries error check (git-fixes). - nfsv4 store server support for fs_location attribute (git-fixes). - nfsv4.1 query for fs_location attr on a new file system (git-fixes). - nfsv4.1: Fix uninitialised variable in devicenotify (git-fixes). - nfsv4.1: Handle RECLAIM_COMPLETE trunking errors (git-fixes). - nfsv4.1: We must always send RECLAIM_COMPLETE after a reboot (git-fixes). - nfsv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding (git-fixes). - nfsv4.2: Fix a memory stomp in decode_attr_security_label (git-fixes). - nfsv4.2: Fixup CLONE dest file size for zero-length count (git-fixes). - nfsv4.2: fix reference count leaks in _nfs42_proc_copy_notify() (git-fixes). - nfsv4/pnfs: Always return layout stats on layout return for flexfiles (git-fixes). - nfsv4/pnfs: Fix a use-after-free bug in open (git-fixes). - nfsv4: Add an fattr allocation to _nfs4_discover_trunking() (git-fixes). - nfsv4: Do not hold the layoutget locks across multiple RPC calls (git-fixes). - nfsv4: Fix a potential state reclaim deadlock (git-fixes). - nfsv4: Fix free of uninitialized nfs4_label on referral lookup (git-fixes). - nfsv4: Protect the state recovery thread against direct reclaim (git-fixes). - nfsv4: Retry LOCK on OLD_STATEID during delegation return (git-fixes). - nvdimm: disable namespace on error (bsc#1166486). - nvme-auth: check chap ctrl_key once constructed (bsc#1202633). - nvme-auth: clear sensitive info right after authentication completes (bsc#1202633). - nvme-auth: convert dhchap_auth_list to an array (bsc#1202633). - nvme-auth: do not ignore key generation failures when initializing ctrl keys (bsc#1202633). - nvme-auth: do not keep long lived 4k dhchap buffer (bsc#1202633). - nvme-auth: do not override ctrl keys before validation (bsc#1202633). - nvme-auth: do not re-authenticate if the controller is not LIVE (bsc#1202633). - nvme-auth: do not use NVMe status codes (bsc#1202633). - nvme-auth: fix an error code in nvme_auth_process_dhchap_challenge() (bsc#1202633). - nvme-auth: fix smatch warning complaints (bsc#1202633). - nvme-auth: guarantee dhchap buffers under memory pressure (bsc#1202633). - nvme-auth: have dhchap_auth_work wait for queues auth to complete (bsc#1202633). - nvme-auth: mark nvme_auth_wq static (bsc#1202633). - nvme-auth: no need to reset chap contexts on re-authentication (bsc#1202633). - nvme-auth: remove redundant auth_work flush (bsc#1202633). - nvme-auth: remove redundant buffer deallocations (bsc#1202633). - nvme-auth: remove redundant deallocations (bsc#1202633). - nvme-auth: remove redundant if statement (bsc#1202633). - nvme-auth: remove symbol export from nvme_auth_reset (bsc#1202633). - nvme-auth: rename __nvme_auth_[reset|free] to nvme_auth[reset|free]_dhchap (bsc#1202633). - nvme-auth: rename authentication work elements (bsc#1202633). - nvme-auth: use workqueue dedicated to authentication (bsc#1202633). - nvme-fabrics: show well known discovery name (bsc#1200054). - objtool: Add a missing comma to avoid string concatenation (bsc#1207328). - ocfs2: Fix data corruption after failed write (bsc#1208542). - ocfs2: clear dinode links count in case of error (bsc#1207650). - ocfs2: fix BUG when iput after ocfs2_mknod fails (bsc#1207649). - ocfs2: fix crash when mount with quota enabled (bsc#1207640). - ocfs2: fix memory leak in ocfs2_mount_volume() (bsc#1207652). - ocfs2: fix memory leak in ocfs2_stack_glue_init() (bsc#1207651). - ocfs2: ocfs2_mount_volume does cleanup job before return error (bsc#1207770). - ocfs2: quota_local: fix possible uninitialized-variable access in ocfs2_local_read_info() (bsc#1207768). - ocfs2: rewrite error handling of ocfs2_fill_super (bsc#1207771). - panic: Consolidate open-coded panic_on_warn checks (bsc#1207328). - panic: Introduce warn_limit (bsc#1207328). - panic: unset panic_on_warn inside panic() (bsc#1207328). - pci/iov: Enlarge virtfn sysfs name buffer (git-fixes). - pci/pm: Always disable PTM for all devices during suspend (git-fixes). - pci/pm: Avoid putting Elo i2 PCIe Ports in D3cold (git-fixes). - pci/pm: Fix bridge_d3_blacklist Elo i2 overwrite of Gigabyte X299 (git-fixes). - pci/pm: Observe reset delay irrespective of bridge_d3 (git-fixes). - pci/ptm: Add pci_suspend_ptm() and pci_resume_ptm() (git-fixes). - pci: Add ACS quirk for Wangxun NICs (git-fixes). - pci: Add SolidRun vendor ID (git-fixes). - pci: Align extra resources for hotplug bridges properly (git-fixes). - pci: Avoid FLR for AMD FCH AHCI adapters (git-fixes). - pci: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store() (git-fixes). - pci: Fix dropping valid root bus resources with .end = zero (git-fixes). - pci: Reduce warnings on possible RW1C corruption (git-fixes). - pci: Take other bus devices into account when distributing resources (git-fixes). - pci: Unify delay handling for reset and resume (git-fixes). - pci: aardvark: Check return value of generic_handle_domain_irq() when processing INTx IRQ (git-fixes). - pci: aardvark: Fix link training (git-fixes). - pci: dwc: Add dw_pcie_ops.host_deinit() callback (git-fixes). - pci: hotplug: Allow marking devices as disconnected during bind/unbind (git-fixes). - pci: mediatek-gen3: Assert resets to ensure expected init state (git-fixes). - pci: mediatek-gen3: Fix refcount leak in mtk_pcie_init_irq_domains() (git-fixes). - pci: qcom: Fix host-init error handling (git-fixes). - pci: qcom: Fix pipe clock imbalance (git-fixes). - pci: switchtec: Return -EFAULT for copy_to_user() errors (git-fixes). - pci: xgene: Revert "PCI: xgene: Use inbound resources for setup" (git-fixes). - perf/amd/ibs: Use interrupt regs ip for stack unwinding (git fixes). - perf/core: Call LSM hook after copying perf_event_attr (git fixes). - perf/core: Fix data race between perf_event_set_output() and perf_mmap_close() (git fixes). - perf/core: Inherit event_caps (git fixes). - perf/x86/amd: fix potential integer overflow on shift of a int (git fixes). - perf/x86/intel/ds: Fix precise store latency handling (git fixes). - perf/x86/intel/lbr: Use setup_clear_cpu_cap() instead of clear_cpu_cap() (git fixes). - perf/x86/intel/pt: Fix sampling using single range output (git fixes). - perf/x86/intel/pt: Relax address filter validation (git fixes). - perf/x86/intel/uncore: Add Emerald Rapids (git fixes). - perf/x86/intel/uncore: Clear attr_update properly (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Disable I/O stacks to PMU mapping on ICX-D (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Enable UPI topology discovery for Icelake Server (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Enable UPI topology discovery for Sapphire Rapids (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Enable UPI topology discovery for Skylake Server (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Fix broken read_counter() for SNB IMC PMU (git fixes). - perf/x86/intel/uncore: Fix reference count leak in __uncore_imc_init_box() (git fixes). - perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox() (git fixes). - perf/x86/intel/uncore: Fix reference count leak in sad_cfg_iio_topology() (git fixes). - perf/x86/intel/uncore: Fix reference count leak in snr_uncore_mmio_map() (git fixes). - perf/x86/intel/uncore: Generalize IIO topology support (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Generalize get_topology() for SKX PMUs (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Get UPI NodeID and GroupID (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Introduce UPI topology type (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Make set_mapping() procedure void (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Update sysfs-devices-mapping file (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel: Add Cooper Lake stepping to isolation_ucodes (git fixes). - perf/x86/intel: Add Emerald Rapids (git fixes). - perf/x86/intel: Do not extend the pseudo-encoding to GP counters (git fixes). - perf/x86/intel: Fix PEBS data source encoding for ADL (git fixes). - perf/x86/intel: Fix PEBS memory access info encoding for ADL (git fixes). - perf/x86/intel: Fix event constraints for ICL (git fixes). - perf/x86/intel: Fix pebs event constraints for ADL (git fixes). - perf/x86/intel: Fix pebs event constraints for ICL (git fixes). - perf/x86/intel: Fix pebs event constraints for SPR (git fixes). - perf/x86/lbr: Enable the branch type for the Arch LBR by default (git fixes). - perf/x86/msr: Add Emerald Rapids (git fixes). - perf/x86/rapl: Add support for Intel AlderLake-N (git fixes). - perf/x86/rapl: Treat Tigerlake like Icelake (git fixes). - perf/x86/rapl: Use standard Energy Unit for SPR Dram RAPL domain (git fixes). - perf/x86/rapl: fix AMD event handling (git fixes). - perf/x86/uncore: Add Raptor Lake uncore support (git fixes). - perf/x86/uncore: Add a quirk for UPI on SPR (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/uncore: Add new Alder Lake and Raptor Lake support (git fixes). - perf/x86/uncore: Add new Raptor Lake S support (git fixes). - perf/x86/uncore: Clean up uncore_pci_ids (git fixes). - perf/x86/uncore: Do not WARN_ON_ONCE() for a broken discovery table (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/uncore: Factor out uncore_device_to_die() (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/uncore: Fix potential NULL pointer in uncore_get_alias_name (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/uncore: Ignore broken units in discovery table (bsc#1206824, bsc#1206493, bsc#1206492). - perf: Always wake the parent event (git fixes). - perf: Fix possible memleak in pmu_dev_alloc() (git fixes). - phy: rockchip-typec: Fix unsigned comparison with less than zero (git-fixes). - phy: rockchip-typec: fix tcphy_get_mode error case (git-fixes). - pinctrl: aspeed: Fix confusing types in return value (git-fixes). - pinctrl: at91: use devm_kasprintf() to avoid potential leaks (git-fixes). - pinctrl: intel: Restore the pins that used to be in Direct IRQ mode (git-fixes). - pinctrl: mediatek: Fix the drive register definition of some Pins (git-fixes). - pinctrl: mediatek: Initialize variable *buf to zero (git-fixes). - pinctrl: mediatek: fix coding style (git-fixes). - pinctrl: qcom: pinctrl-msm8976: Correct function names for wcss pins (git-fixes). - pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups (git-fixes). - pinctrl: single: fix potential NULL dereference (git-fixes). - pinctrl: stm32: Fix refcount leak in stm32_pctrl_get_irq_domain (git-fixes). - platform/x86: ISST: PUNIT device mapping with Sub-NUMA clustering (bsc#1208420). - platform/x86: amd-pmc: Correct usage of SMU version (git-fixes). - platform/x86: amd-pmc: Export Idlemask values based on the APU (git-fixes). - platform/x86: amd-pmc: Fix compilation when CONFIG_DEBUGFS is disabled (git-fixes). - platform/x86: dell-wmi: Add a keymap for KEY_MUTE in type 0x0010 table (git-fixes). - platform/x86: gigabyte-wmi: add support for B450M DS3H WIFI-CF (git-fixes). - platform/x86: touchscreen_dmi: Add Chuwi Vi8 (CWI501) DMI match (git-fixes). - platform: x86: MLX_PLATFORM: select REGMAP instead of depending on it (git-fixes). - powercap: fix possible name leak in powercap_register_zone() (git-fixes). - powerpc/eeh: Set channel state after notifying the drivers (bsc#1208784 ltc#201612). - printf: fix errname.c list (git-fixes). - prlimit: do_prlimit needs to have a speculation check (bsc#1209256). - pwm: stm32-lp: fix the check on arr and cmp registers update (git-fixes). - qede: avoid uninitialized entries in coal_entry array (bsc#1205846). - qede: fix interrupt coalescing configuration (bsc#1205846). - quota: Check next/prev free block number after reading from quota file (bsc#1206640). - quota: Prevent memory allocation recursion while holding dq_lock (bsc#1207639). - rcu: Tighten rcu_advance_cbs_nowake() checks (bsc#1209159). - rdma/cxgb4: Fix potential null-ptr-deref in pass_establish() (git-fixes) - rdma/cxgb4: add null-ptr-check after ip_dev_find() (git-fixes) - rdma/cxgb4: remove unnecessary NULL check in __c4iw_poll_cq_one() (git-fixes) - rdma/irdma: Cap MSIX used to online CPUs + 1 (git-fixes) - rdma/irdma: Fix potential NULL-ptr-dereference (git-fixes) - rdma/rxe: Fix missing memory barriers in rxe_queue.h (git-fixes) - rdma/siw: Fix user page pinning accounting (git-fixes) - rdma/usnic: use iommu_map_atomic() under spin_lock() (git-fixes) - refresh patches.suse/NFSv3-handle-out-of-order-write-replies (bsc#1209457). - regulator: Flag uncontrollable regulators as always_on (git-fixes). - regulator: core: Fix off-on-delay-us for always-on/boot-on regulators (git-fixes). - regulator: core: Use ktime_get_boottime() to determine how long a regulator was off (git-fixes). - regulator: max77802: Bounds check regulator id against opmode (git-fixes). - regulator: s5m8767: Bounds check id indexing into arrays (git-fixes). - remoteproc/mtk_scp: Move clk ops outside send_lock (git-fixes). - remoteproc: qcom_q6v5_mss: Use a carveout to authenticate modem headers (git-fixes). - replace mkinitrd dependency with dracut (bsc#1202353). Also update mkinitrd refrences in documentation and comments. - require suse-kernel-rpm-scriptlets at all times. The kernel packages call scriptlets for each stage, add the dependency to make it clear to libzypp that the scriptlets are required. There is no special dependency for posttrans, these scriptlets run when transactions are resolved. The plain dependency has to be used to support posttrans. - revert "HID: logitech-hidpp: add a module parameter to keep firmware gestures" (git-fixes). - revert "char: pcmcia: cm4000_cs: Replace mdelay with usleep_range in set_protocol" (git-fixes). - revert "crypto: rsa-pkcs1pad - Replace GFP_ATOMIC with GFP_KERNEL in pkcs1pad_encrypt_sign_complete" (git-fixes). - revert "usb: dwc3: qcom: Keep power domain on to retain controller status" (git-fixes). - rpm/group-source-files.pl: Deal with {pre,post}fixed / in location When the source file location provided with -L is either prefixed or postfixed with forward slash, the script get stuck in a infinite loop inside calc_dirs() where $path is an empty string. user@localhost:/tmp> perl "$HOME/group-source-files.pl" -D devel.files -N nondevel.files -L /usr/src/linux-5.14.21-150500.41/ ... path = /usr/src/linux-5.14.21-150500.41/Documentation/Kconfig path = /usr/src/linux-5.14.21-150500.41/Documentation path = /usr/src/linux-5.14.21-150500.41 path = /usr/src path = /usr path = path = path = ... # Stuck in an infinite loop This workarounds the issue by breaking out the loop once path is an empty string. For a proper fix we'd want something that filesystem-aware, but this workaround should be enough for the rare occation that this script is ran manually. Link: http://mailman.suse.de/mlarch/SuSE/kernel/2023/kernel.2023.03/msg00024.html - rpm/group-source-files.pl: Fix output difference when / is in location While previous attempt to fix group-source-files.pl in 6d651362c38 "rpm/group-source-files.pl: Deal with {pre,post}fixed / in location" breaks the infinite loop, it does not properly address the issue. Having prefixed and/or postfixed forward slash still result in different output. This commit changes the script to use the Perl core module File::Spec for proper path manipulation to give consistent output. - rpm/kernel-obs-build.spec.in: Remove SLE11 cruft - rtc: allow rtc_read_alarm without read_alarm callback (git-fixes). - rtc: pm8xxx: fix set-alarm race (git-fixes). - rtc: sun6i: Always export the internal oscillator (git-fixes). - runrpc allow for unspecified transport time in rpc_clnt_add_xprt (git-fixes). - s390/dasd: Fix potential memleak in dasd_eckd_init() (git-fixes). - s390/kexec: fix ipl report address for kdump (bsc#1207529). - scsi: lpfc: Exit PRLI completion handling early if ndlp not in PRLI_ISSUE state (bsc#1208607). - scsi: lpfc: Fix space indentation in lpfc_xcvr_data_show() (bsc#1208607). - scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write (bsc#1208607). - scsi: lpfc: Introduce new attention types for lpfc_sli4_async_fc_evt() handler (bsc#1208607). - scsi: lpfc: Reinitialize internal VMID data structures after FLOGI completion (bsc#1208607). - scsi: lpfc: Remove duplicate ndlp kref decrement in lpfc_cleanup_rpis() (bsc#1208607 bsc#1208534). - scsi: lpfc: Remove redundant clean up code in disable_vport() (bsc#1208607). - scsi: lpfc: Replace outdated strncpy() with strscpy() (bsc#1208607). - scsi: lpfc: Resolve miscellaneous variable set but not used compiler warnings (bsc#1208607). - scsi: lpfc: Set max DMA segment size to HBA supported SGE length (bsc#1208607). - scsi: lpfc: Update lpfc version to 14.2.0.10 (bsc#1208607). - scsi: qla2xxx: Add option to disable FC2 Target support (bsc#1198438 bsc#1206103). - scsi: qla2xxx: Check if port is online before sending ELS (bsc#1208570). - scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests (bsc#1208570). - scsi: qla2xxx: Fix IOCB resource check warning (bsc#1208570). - scsi: qla2xxx: Fix erroneous link down (bsc#1208570). - scsi: qla2xxx: Fix exchange oversubscription (bsc#1208570). - scsi: qla2xxx: Fix exchange oversubscription for management commands (bsc#1208570). - scsi: qla2xxx: Fix link failure in NPIV environment (bsc#1208570). - scsi: qla2xxx: Fix printk() format string (bsc#1208570). - scsi: qla2xxx: Fix stalled login (bsc#1208570). - scsi: qla2xxx: Make qla_trim_buf() and __qla_adjust_buf() static (bsc#1208570). - scsi: qla2xxx: Relocate/rename vp map (bsc#1208570). - scsi: qla2xxx: Remove dead code (GNN ID) (bsc#1208570). - scsi: qla2xxx: Remove dead code (GPNID) (bsc#1208570). - scsi: qla2xxx: Remove dead code (bsc#1208570). - scsi: qla2xxx: Remove increment of interface err cnt (bsc#1208570). - scsi: qla2xxx: Remove the unused variable wwn (bsc#1208570). - scsi: qla2xxx: Remove unintended flag clearing (bsc#1208570). - scsi: qla2xxx: Select qpair depending on which CPU post_cmd() gets called (bsc#1208570). - scsi: qla2xxx: Simplify if condition evaluation (bsc#1208570). - scsi: qla2xxx: Update version to 10.02.08.100-k (bsc#1208570). - scsi: qla2xxx: Update version to 10.02.08.200-k (bsc#1208570). - scsi: qla2xxx: Use a variable for repeated mem_size computation (bsc#1208570). - scsi: qla2xxx: edif: Fix clang warning (bsc#1208570). - scsi: qla2xxx: edif: Fix performance dip due to lock contention (bsc#1208570). - scsi: qla2xxx: edif: Fix stall session after app start (bsc#1208570). - scsi: qla2xxx: edif: Reduce memory usage during low I/O (bsc#1208570). - scsi: storvsc: Handle BlockSize change in Hyper-V VHD/VHDX file (git-fixes). - sefltests: netdevsim: wait for devlink instance after netns removal (git-fixes). - selftest/lkdtm: Skip stack-entropy test if lkdtm is not available (git-fixes). - selftests/ftrace: Add check for ping command for trigger tests (bsc#1204993 ltc#200103). - selftests/ftrace: Convert tracer tests to use 'requires' to specify program dependency (bsc#1204993 ltc#200103). - selftests/powerpc: Account for offline cpus in perf-hwbreak test (bsc#1206232). - selftests/powerpc: Bump up rlimit for perf-hwbreak test (bsc#1206232). - selftests/powerpc: Move perror closer to its use (bsc#1206232). - selftests: forwarding: lib: quote the sysctl values (git-fixes). - selftests: net: udpgso_bench: Fix racing bug between the rx/tx programs (git-fixes). - selftests: net: udpgso_bench_rx/tx: Stop when wrong CLI args are provided (git-fixes). - selftests: net: udpgso_bench_rx: Fix 'used uninitialized' compiler warning (git-fixes). - selftests: net: udpgso_bench_tx: Cater for pending datagrams zerocopy benchmarking (git-fixes). - serial: 8250_em: Fix UART port type (git-fixes). - serial: 8250_fsl: fix handle_irq locking (git-fixes). - serial: fsl_lpuart: fix RS485 RTS polariy inverse issue (git-fixes). - serial: qcom-geni: fix console shutdown hang (git-fixes). - serial: sc16is7xx: setup GPIO controller later in probe (git-fixes). - serial: tegra: Add missing clk_disable_unprepare() in tegra_uart_hw_init() (git-fixes). - signal/seccomp: Refactor seccomp signal and coredump generation (git-fixes). - signal/vm86_32: Properly send SIGSEGV when the vm86 state cannot be saved (git-fixes). - signal/x86: In emulate_vsyscall force a signal instead of calling do_exit (git-fixes). - signal: Implement force_fatal_sig (git-fixes). - smb3: Replace smb2pdu 1-element arrays with flex-arrays (bsc#1193629). - soundwire: cadence: Do not overflow the command FIFOs (git-fixes). - spi: bcm63xx-hsspi: Endianness fix for ARM based SoC (git-fixes). - spi: dw: Fix wrong FIFO level setting for long xfers (git-fixes). - spi: dw_bt1: fix MUX_MMIO dependencies (git-fixes). - spi: synquacer: Fix timeout handling in synquacer_spi_transfer_one() (git-fixes). - spi: tegra210-quad: Fix validate combined sequence (git-fixes). - staging: emxx_udc: Add checks for dma_alloc_coherent() (git-fixes). - staging: mt7621-dts: change palmbus address to lower case (git-fixes). - struct uvc_device move flush_status new member to end (git-fixes). - sunrpc: Do not leak netobj memory when gss_read_proxy_verf() fails (git-fixes). - sunrpc: Fix null-ptr-deref when xps sysfs alloc failed (git-fixes). - sunrpc: Fix potential race conditions in rpc_sysfs_xprt_state_change() (git-fixes). - sunrpc: Fix socket waits for write buffer space (git-fixes). - sunrpc: Return true/false (not 1/0) from bool functions (git-fixes). - supported.conf: Remove duplicate entry. - sysctl: add a new register_sysctl_init() interface (bsc#1207328). - thermal/drivers/hisi: Drop second sensor hi3660 (git-fixes). - thermal/drivers/tsens: Add compat string for the qcom,msm8960 (git-fixes). - thermal/drivers/tsens: Drop msm8976-specific defines (git-fixes). - thermal/drivers/tsens: Sort out msm8976 vs msm8956 data (git-fixes). - thermal/drivers/tsens: fix slope values for msm8939 (git-fixes). - thermal/drivers/tsens: limit num_sensors to 9 for msm8939 (git-fixes). - thermal: intel: BXT_PMIC: select REGMAP instead of depending on it (git-fixes). - thermal: intel: Fix unsigned comparison with less than zero (git-fixes). - thermal: intel: intel_pch: Add support for Wellsburg PCH (git-fixes). - thermal: intel: powerclamp: Fix cur_state for multi package system (git-fixes). - thermal: intel: quark_dts: fix error pointer dereference (git-fixes). - tools/iio/iio_utils:fix memory leak (git-fixes). - tpm/eventlog: Do not abort tpm_read_log on faulty ACPI address (git-fixes). - trace_events_hist: add check for return value of 'create_hist_field' (git-fixes). - tracing: Fix poll() and select() do not work on per_cpu trace_pipe and trace_pipe_raw (git-fixes). - tracing: Make sure trace_printk() can output as soon as it can be used (git-fixes). - tty: fix out-of-bounds access in tty_driver_lookup_tty() (git-fixes). - tty: serial: fsl_lpuart: Fix the wrong RXWATER setting for rx dma case (git-fixes). - tty: serial: fsl_lpuart: clear LPUART Status Register in lpuart32_shutdown() (git-fixes). - tty: serial: fsl_lpuart: disable Rx/Tx DMA in lpuart32_shutdown() (git-fixes). - tty: serial: fsl_lpuart: disable the CTS when send break signal (git-fixes). - tty: serial: imx: Handle RS485 DE signal active high (git-fixes). - tty: serial: imx: disable Ageing Timer interrupt request irq (git-fixes). - tty: serial: qcom-geni-serial: stop operations in progress at shutdown (git-fixes). - ubsan: no need to unset panic_on_warn in ubsan_epilogue() (bsc#1207328). - update internal module version number for cifs.ko (bsc#1193629). - update suse/hid-bigben_probe-validate-report-count (bsc#1208605). - usb: core: Do not hold device lock while reading the "descriptors" sysfs file (git-fixes). - usb: core: add quirk for Alcor Link AK9563 smartcard reader (git-fixes). - usb: dwc3: core: Host wake up support from system suspend (git-fixes). - usb: dwc3: pci: add support for the Intel Meteor Lake-M (git-fixes). - usb: dwc3: qcom: Configure wakeup interrupts during suspend (git-fixes). - usb: dwc3: qcom: Fix memory leak in dwc3_qcom_interconnect_init (git-fixes). - usb: dwc3: qcom: Keep power domain on to retain controller status (git-fixes). - usb: dwc3: qcom: clean up icc init (git-fixes). - usb: dwc3: qcom: clean up suspend callbacks (git-fixes). - usb: dwc3: qcom: fix gadget-only builds (git-fixes). - usb: dwc3: qcom: fix peripheral and OTG suspend (git-fixes). - usb: dwc3: qcom: fix wakeup implementation (git-fixes). - usb: dwc3: qcom: only parse 'maximum-speed' once (git-fixes). - usb: dwc3: qcom: suppress unused-variable warning (git-fixes). - usb: early: xhci-dbc: Fix a potential out-of-bound memory access (git-fixes). - usb: ene_usb6250: Allocate enough memory for full object (git-fixes). - usb: gadget: configfs: Restrict symlink creation is UDC already binded (git-fixes). - usb: gadget: configfs: remove using list iterator after loop body as a ptr (git-fixes). - usb: gadget: configfs: use to_config_usb_cfg() in os_desc_link() (git-fixes). - usb: gadget: configfs: use to_usb_function_instance() in cfg (un)link func (git-fixes). - usb: gadget: fusb300_udc: free irq on the error path in fusb300_probe() (git-fixes). - usb: gadget: u_serial: Add null pointer check in gserial_resume (git-fixes). - usb: host: xhci: mvebu: Iterate over array indexes instead of using pointer math (git-fixes). - usb: max-3421: Fix setting of I/O pins (git-fixes). - usb: musb: Add and use inline function musb_otg_state_string (git-fixes). - usb: musb: Add and use inline functions musb_{get,set}_state (git-fixes). - usb: musb: mediatek: do not unregister something that wasn't registered (git-fixes). - usb: musb: remove schedule work called after flush (git-fixes). - usb: serial: option: add support for VW/Skoda "Carstick LTE" (git-fixes). - usb: typec: altmodes/displayport: Fix probe pin assign check (git-fixes). - usb: typec: intel_pmc_mux: Do not leak the ACPI device reference count (git-fixes). - usb: typec: intel_pmc_mux: Use the helper acpi_dev_get_memory_resources() (git-fixes). - usb: uvc: Enumerate valid values for color matching (git-fixes). - vc_screen: do not clobber return value in vcs_read (git-fixes). - vc_screen: modify vcs_size() handling in vcs_read() (git-fixes). - vdpa_sim: not reset state in vdpasim_queue_ready (git-fixes). - vfio/type1: prevent underflow of locked_vm via exec() (git-fixes). - vfio/type1: restore locked_vm (git-fixes). - vfio/type1: track locked_vm per dma (git-fixes). - vfs: Check the truncate maximum size in inode_newsize_ok() (bsc#1207642). - vfs: filename_create(): fix incorrect intent (bsc#1197534). - virt/sev-guest: Add a MODULE_ALIAS (bsc#1208449). - virt/sev-guest: Prevent IV reuse in the SNP guest driver (bsc#1208449). - virt/sev-guest: Remove unnecessary free in init_crypto() (bsc#1208449). - virt: sev-guest: Pass the appropriate argument type to iounmap() (bsc#1208449). - virt: sevguest: Change driver name to reflect generic SEV support (bsc#1208449). - virt: sevguest: Rename the sevguest dir and files to sev-guest (bsc#1208449). - vmci: check context->notify_page after call to get_user_pages_fast() to avoid GPF (git-fixes). - vmxnet3: move rss code block under eop descriptor (bsc#1208212). - watch_queue: fix IOC_WATCH_QUEUE_SET_SIZE alloc error paths (bsc#1197617). - watchdog/hpwdt: Enable HP_WATCHDOG for ARM64 systems. (jsc#PED-3210) Also enable module in aarch64 default configuration. - watchdog: Fix kmemleak in watchdog_cdev_register (git-fixes). - watchdog: at91sam9_wdt: use devm_request_irq to avoid missing free_irq() in error path (git-fixes). - watchdog: pcwd_usb: Fix attempting to access uninitialized memory (git-fixes). - watchdog: sbsa_wdog: Make sure the timeout programming is within the limits (git-fixes). - wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup (git-fixes). - wifi: ath11k: allow system suspend to survive ath11k (git-fixes). - wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback() (git-fixes). - wifi: ath9k: Fix use-after-free in ath9k_hif_usb_disconnect() (git-fixes). - wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream() fails (git-fixes). - wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function (git-fixes). - wifi: ath9k: use proper statements in conditionals (git-fixes). - wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds() (git-fixes). - wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-of-bounds (git-fixes). - wifi: brcmfmac: fix potential memory leak in brcmf_netdev_start_xmit() (git-fixes). - wifi: brcmfmac: unmap dma buffer in brcmf_msgbuf_alloc_pktid() (git-fixes). - wifi: cfg80211: Fix extended KCK key length check in nl80211_set_rekey_data() (git-fixes). - wifi: cfg80211: Fix use after free for wext (git-fixes). - wifi: cfg80211: Partial revert "wifi: cfg80211: Fix use after free for wext" (git-fixes). - wifi: ipw2200: fix memory leak in ipw_wdev_init() (git-fixes). - wifi: ipw2x00: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: iwl3945: Add missing check for create_singlethread_workqueue (git-fixes). - wifi: iwl4965: Add missing check for create_singlethread_workqueue() (git-fixes). - wifi: iwlegacy: common: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: libertas: cmdresp: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: libertas: fix memory leak in lbs_init_adapter() (git-fixes). - wifi: libertas: if_usb: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: libertas: main: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: libertas_tf: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: mac80211: make rate u32 in sta_set_rate_info_rx() (git-fixes). - wifi: mt7601u: fix an integer underflow (git-fixes). - wifi: mt76: dma: free rx_head in mt76_dma_rx_cleanup (git-fixes). - wifi: mwifiex: Add missing compatible string for SD8787 (git-fixes). - wifi: mwifiex: fix loop iterator in mwifiex_update_ampdu_txwinsize() (git-fixes). - wifi: orinoco: check return value of hermes_write_wordrec() (git-fixes). - wifi: rsi: Fix memory leak in rsi_coex_attach() (git-fixes). - wifi: rtl8xxxu: Fix memory leaks with RTL8723BU, RTL8192EU (git-fixes). - wifi: rtl8xxxu: Use a longer retry limit of 48 (git-fixes). - wifi: rtl8xxxu: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: rtl8xxxu: fixing transmisison failure for rtl8192eu (git-fixes). - wifi: rtlwifi: Fix global-out-of-bounds bug in _rtl8812ae_phy_set_txpower_limit() (git-fixes). - wifi: rtlwifi: rtl8188ee: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: rtlwifi: rtl8723be: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: rtlwifi: rtl8821ae: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: rtw89: Add missing check for alloc_workqueue (git-fixes). - wifi: wilc1000: fix potential memory leak in wilc_mac_xmit() (git-fixes). - wifi: wl3501_cs: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - writeback: avoid use-after-free after removing device (bsc#1207638). - x86/64/mm: Map all kernel memory into trampoline_pgd (git-fixes). - x86/MCE/AMD: Clear DFR errors found in THR handler (git-fixes). - x86/amd_nb: Add AMD PCI IDs for SMN communication (bsc#1208848). - x86/asm: Fix an assembler warning with current binutils (git-fixes). - x86/boot: Avoid using Intel mnemonics in AT&T syntax asm (git-fixes). - x86/cpu: Add CPU model numbers for Meteor Lake (git fixes). - x86/cpu: Add Raptor Lake to Intel family (git fixes). - x86/cpu: Add new Alderlake and Raptorlake CPU model numbers (git fixes). - x86/cpu: Add new Raptor Lake CPU model number (git fixes). - x86/cpu: Add several Intel server CPU model numbers (git fixes). - x86/cpu: Drop spurious underscore from RAPTOR_LAKE #define (git fixes). - x86/hyperv: Introduce HV_MAX_SPARSE_VCPU_BANKS/HV_VCPUS_PER_SPARSE_BANK constants (git-fixes). - x86/kprobes: Fix kprobes instruction boudary check with CONFIG_RETHUNK (git-fixes). - x86/kprobes: Fix optprobe optimization check with CONFIG_RETHUNK (git-fixes). - x86/kvm: Remove unused virt to phys translation in kvm_guest_cpu_init() (git-fixes). - x86/microcode/intel: Do not retry microcode reloading on the APs (git-fixes). - x86/perf/zhaoxin: Add stepping check for ZXC (git fixes). - x86/perf: Avoid warning for Arch LBR without XSAVE (git fixes). - x86/perf: Default set FREEZE_ON_SMI for all (git fixes). - x86/sgx: Fix free page accounting (git-fixes). - x86/xen: Fix memory leak in xen_init_lock_cpu() (git-fixes). - x86/xen: Fix memory leak in xen_smp_intr_init{_pv}() (git-fixes). - x86: acpi: cstate: Optimize C3 entry on AMD CPUs (git-fixes). - x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments (bsc#1203200). - xen-netfront: Fix NULL sring after live migration (git-fixes). - xen-pciback: Allow setting PCI_MSIX_FLAGS_MASKALL too (git-fixes). - xen/arm: Fix race in RB-tree based P2M accounting (git-fixes) - xen/netback: do some code cleanup (git-fixes). - xen/netback: fix build warning (git-fixes). - xen/netfront: destroy queues before real_num_tx_queues is zeroed (git-fixes). - xen/platform-pci: add missing free_irq() in error path (git-fixes). - xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource() (git-fixes). - xfs: estimate post-merge refcounts correctly (bsc#1208183). - xfs: hoist refcount record merge predicates (bsc#1208183). kernel-default-5.14.21-150400.24.55.3.nosrc.rpm True kernel-default-5.14.21-150400.24.55.3.x86_64.rpm True kernel-default-base-5.14.21-150400.24.55.3.150400.24.22.7.src.rpm True kernel-default-base-5.14.21-150400.24.55.3.150400.24.22.7.x86_64.rpm True kernel-default-devel-5.14.21-150400.24.55.3.x86_64.rpm True kernel-devel-5.14.21-150400.24.55.2.noarch.rpm True kernel-macros-5.14.21-150400.24.55.2.noarch.rpm True kernel-source-5.14.21-150400.24.55.2.src.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2023-2783 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for grpc, protobuf, python-Deprecated, python-PyGithub, python-aiocontextvars, python-avro, python-bcrypt, python-cryptography, python-cryptography-vectors, python-google-api-core, python-googleapis-common-protos, python-grpcio-gcp, python-humanfriendly, python-jsondiff, python-knack, python-opencensus, python-opencensus-context, python-opencensus-ext-threading, python-opentelemetry-api, python-psutil, python-pytest-asyncio, python-requests, python-websocket-client, python-websockets fixes the following issues: grpc: - Update in SLE-15 (bsc#1197726, bsc#1144068) protobuf: - Fix a potential DoS issue in protobuf-cpp and protobuf-python, CVE-2022-1941, bsc#1203681 - Fix a potential DoS issue when parsing with binary data in protobuf-java, CVE-2022-3171, bsc#1204256 - Fix potential Denial of Service in protobuf-java in the parsing procedure for binary data, CVE-2021-22569, bsc#1194530 - Add missing dependency of python subpackages on python-six (bsc#1177127) - Updated to version 3.9.2 (bsc#1162343) * Remove OSReadLittle* due to alignment requirements. * Don't use unions and instead use memcpy for the type swaps. - Disable LTO (bsc#1133277) python-aiocontextvars: - Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) python-avro: - Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) python-cryptography: - update to 3.3.2 (bsc#1182066, CVE-2020-36242, bsc#1198331) * SECURITY ISSUE: Fixed a bug where certain sequences of update() calls when symmetrically encrypting very large payloads (>2GB) could result in an integer overflow, leading to buffer overflows. CVE-2020-36242 python-cryptography-vectors: - update to 3.2 (bsc#1178168, CVE-2020-25659): * CVE-2020-25659: Attempted to make RSA PKCS#1v1.5 decryption more constant time, to protect against Bleichenbacher vulnerabilities. Due to limitations imposed by our API, we cannot completely mitigate this vulnerability. * Support for OpenSSL 1.0.2 has been removed. * Added basic support for PKCS7 signing (including SMIME) via PKCS7SignatureBuilder. - update to 3.3.2 (bsc#1198331) python-Deprecated: - Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - update to 1.2.13: python-google-api-core: - Update to 1.14.2 python-googleapis-common-protos: - Update to 1.6.0 python-grpcio-gcp: - Initial spec for v0.2.2 python-humanfriendly: - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Update to 10.0 python-jsondiff: - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Update to version 1.3.0 python-knack: - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Update to version 0.9.0 python-opencensus: - Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Disable Python2 build - Update to 0.8.0 python-opencensus-context: - Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) python-opencensus-ext-threading: - Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Initial build version 0.1.2 python-opentelemetry-api: - Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Version update to 1.5.0 python-psutil: - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - update to 5.9.1 - remove the dependency on net-tools, since it conflicts with busybox-hostnmame which is default on MicroOS. (bsc#1184753) - Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) python-PyGithub: - Update to 1.43.5: python-pytest-asyncio: - Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Initial release of python-pytest-asyncio 0.8.0 python-requests: - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) python-websocket-client: - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Update to version 1.3.2 python-websockets: - Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - update to 9.1: python-websocket-client-1.3.2-150100.6.7.3.src.rpm python3-websocket-client-1.3.2-150100.6.7.3.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-1675 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for xorg-x11-server fixes the following issues: - CVE-2023-1393: Fixed use-after-free overlay window (ZDI-CAN-19866) (bsc#1209543). xorg-x11-server-1.20.3-150400.38.22.1.src.rpm xorg-x11-server-1.20.3-150400.38.22.1.x86_64.rpm xorg-x11-server-extra-1.20.3-150400.38.22.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-1885 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for dracut fixes the following issues: - Update to version 055+suse.335.gccf7fbc6: * Always include all drivers that LVM can use (bsc#1206195) * Require libopenssl1_1-hmac for dracut-fips (bsc#1206439) dracut-055+suse.335.gccf7fbc6-150400.3.19.1.src.rpm dracut-055+suse.335.gccf7fbc6-150400.3.19.1.x86_64.rpm dracut-fips-055+suse.335.gccf7fbc6-150400.3.19.1.x86_64.rpm dracut-ima-055+suse.335.gccf7fbc6-150400.3.19.1.x86_64.rpm dracut-mkinitrd-deprecated-055+suse.335.gccf7fbc6-150400.3.19.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-1919 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for kernel-firmware-nvidia-gsp-G06 fixes the following issue: - New package kernel-firmware-nvidia-gsp-G06 firmware 525.105.17 - New package nvidia-open-driver-G06-signed: Added config files needed to fix repackaging step required for securebooot signing kernel modules (bsc#1207520) Added config to omit nvidia modules in initrd (bsc#1173733) Added conflicts to nvidia-driver-G06-kmp package (bsc#1207495) kernel-firmware-nvidia-gsp-G06-525.105.17-150400.9.5.1.nosrc.rpm kernel-firmware-nvidia-gsp-G06-525.105.17-150400.9.5.1.x86_64.rpm nvidia-open-driver-G06-signed-525.105.17-150400.9.5.3.src.rpm nvidia-open-driver-G06-signed-kmp-default-525.105.17_k5.14.21_150400.24.55-150400.9.5.3.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-1757 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for smartmontools fixes the following issues: - Fix `smartctl` issue affecting NVMe on big endian systems (bsc#1208905) smartmontools-7.2-150300.8.8.1.src.rpm smartmontools-7.2-150300.8.8.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-1915 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for kexec-tools fixes the following issues: - kexec-bootloader: Add -a argument to load using kexec_load_file() when available (bsc#1202820). kexec-tools-2.0.20-150400.16.6.1.src.rpm kexec-tools-2.0.20-150400.16.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-1957 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for bcache-tools fixes the following issues: - Improve device recognition (bsc#1208425) bcache-tools-1.1-150400.8.3.1.src.rpm bcache-tools-1.1-150400.8.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-1693 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for python-Werkzeug fixes the following issues: - CVE-2023-25577: Fixed high resource usage when parsing multipart form data with many fields (bsc#1208283). python-Werkzeug-1.0.1-150300.3.3.1.src.rpm python3-Werkzeug-1.0.1-150300.3.3.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-1805 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. timezone-2023c-150000.75.23.1.src.rpm timezone-2023c-150000.75.23.1.x86_64.rpm timezone-java-2023c-150000.75.23.1.noarch.rpm timezone-java-2023c-150000.75.23.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-1843 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for installation-images fixes the following issues: - Include openssl hmac for SUSE Linux Enterprise Micro (bsc#1208981) installation-images-SLES-16.57.26-150400.3.9.4.src.rpm tftpboot-installation-SLE-15-SP4-aarch64-16.57.26-150400.3.9.4.noarch.rpm tftpboot-installation-SLE-15-SP4-ppc64le-16.57.26-150400.3.9.4.noarch.rpm tftpboot-installation-SLE-15-SP4-s390x-16.57.26-150400.3.9.4.noarch.rpm tftpboot-installation-SLE-15-SP4-x86_64-16.57.26-150400.3.9.4.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-1746 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for openssl-3 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). libopenssl-3-devel-3.0.1-150400.4.20.1.x86_64.rpm libopenssl3-3.0.1-150400.4.20.1.x86_64.rpm openssl-3-3.0.1-150400.4.20.1.src.rpm openssl-3-3.0.1-150400.4.20.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-1745 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). libopenssl-1_1-devel-1.1.1l-150400.7.31.2.x86_64.rpm libopenssl-1_1-devel-32bit-1.1.1l-150400.7.31.2.x86_64.rpm libopenssl1_1-1.1.1l-150400.7.31.2.x86_64.rpm libopenssl1_1-32bit-1.1.1l-150400.7.31.2.x86_64.rpm libopenssl1_1-hmac-1.1.1l-150400.7.31.2.x86_64.rpm libopenssl1_1-hmac-32bit-1.1.1l-150400.7.31.2.x86_64.rpm openssl-1_1-1.1.1l-150400.7.31.2.src.rpm openssl-1_1-1.1.1l-150400.7.31.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-1735 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for nvme-cli fixes the following issues: - Switch from quilt based to git based maintenance - Sanitize traddr and trsvcid avoid buffer overrun (bsc#1207435) - Extend udev rule to pass --host-interface argument to nvme-cli (bsc#1208001) - Build documentation to be up to date - Fix build warning (git-fixes) - Improvements for supported-log-pages (bsc#1209550) - Fix read command (bsc#1209564) - Fix mounting filesystems via fstab (bsc#1208075) - Allow tracking unique discover controllers (bsc#1186689) libnvme-1.0+28.g0e21f3af122a-150400.3.18.1.src.rpm libnvme-devel-1.0+28.g0e21f3af122a-150400.3.18.1.x86_64.rpm libnvme1-1.0+28.g0e21f3af122a-150400.3.18.1.x86_64.rpm nvme-cli-2.0+30.g86f82c58cb97-150400.3.15.1.src.rpm nvme-cli-2.0+30.g86f82c58cb97-150400.3.15.1.x86_64.rpm nvme-cli-bash-completion-2.0+30.g86f82c58cb97-150400.3.15.1.x86_64.rpm nvme-cli-zsh-completion-2.0+30.g86f82c58cb97-150400.3.15.1.x86_64.rpm python3-libnvme-1.0+28.g0e21f3af122a-150400.3.18.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-1900 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libdnet fixes the following issues: - update to 1.16.3: IPv6 support fixed some potential buffer overflows libdnet-1.16.3-150400.3.3.1.src.rpm libdnet-devel-1.16.3-150400.3.3.1.x86_64.rpm libdnet1-1.16.3-150400.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-1917 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for yast2-online-update fixes the following issues: - Fix showing of release notes when we update a rubygem (bsc#1205913) yast2-online-update-4.4.5-150400.3.6.1.noarch.rpm yast2-online-update-4.4.5-150400.3.6.1.src.rpm yast2-online-update-frontend-4.4.5-150400.3.6.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-1937 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for multipath-tools fixes the following issues: - libmultipath: avoid grouping paths wrongly with "find_multipaths smart" (bsc#1209623) - fix multipath-tools build with liburcu 0.14.0 - libmultipath: pathinfo: don't fail for devices lacking INQUIRY properties - libmpathpersist: use conf timeout for updating persistent reservations - libmultipath: check if device is in use (bsc#1203141) - libmultipath: orphan paths if coalesce_paths frees newmp (bsc#1207546) - multipathd: handle no active paths in update_map_pr (bsc#1207546) - multipathd: make pr registration consistent (bsc#1207546) - multipath.conf: improve documentation of dev_loss_tmo (bsc#1207546) - libmpathpersist: fix command keyword ordering (bsc#1207546, bsc#1209345) - libmultipath: fix 'show paths format' failure - Use "queue_mode bio" for NVMeoF/TCP devices - minor upstream bug fixes - man page fixes - hwtable fixes kpartx-0.9.0+117+suse.78cc20b-150400.4.13.1.x86_64.rpm libdmmp-devel-0.9.0+117+suse.78cc20b-150400.4.13.1.x86_64.rpm libdmmp0_2_0-0.9.0+117+suse.78cc20b-150400.4.13.1.x86_64.rpm libmpath0-0.9.0+117+suse.78cc20b-150400.4.13.1.x86_64.rpm multipath-tools-0.9.0+117+suse.78cc20b-150400.4.13.1.src.rpm multipath-tools-0.9.0+117+suse.78cc20b-150400.4.13.1.x86_64.rpm multipath-tools-devel-0.9.0+117+suse.78cc20b-150400.4.13.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-1935 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for osinfo-db fixes the following issues: - Update to database version 20230308 - Add support for SLE Micro 5.4 - [Virt Tools] Refresh Virtualization Tools for Xen and KVM Management (jsc#PED-2113) osinfo-db-20230308-150400.3.9.1.noarch.rpm osinfo-db-20230308-150400.3.9.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2040 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for suseconnect-ng fixes the following issues: - Update to version 1.1.0~git0.e3c41e60892e * Added MemTotal detection for HwInfo * Make keepalive on SUMA systems exit without error (bsc#1207876) * Add deactivate API to ruby bindings (bsc#1202705) * Allow non-root users to use --version * Update Dockerfile.yast * Use openssl go for SLE and Leap 15.5+ builds libsuseconnect-1.1.0~git0.e3c41e60892e-150400.3.10.1.x86_64.rpm suseconnect-ng-1.1.0~git0.e3c41e60892e-150400.3.10.1.src.rpm suseconnect-ng-1.1.0~git0.e3c41e60892e-150400.3.10.1.x86_64.rpm suseconnect-ruby-bindings-1.1.0~git0.e3c41e60892e-150400.3.10.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2039 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for lshw fixes the following issues: - Update to version B.02.19.2+git.20230320 (bsc#1209531) lshw-B.02.19.2+git.20230320-150200.3.15.4.src.rpm lshw-B.02.19.2+git.20230320-150200.3.15.4.x86_64.rpm lshw-lang-B.02.19.2+git.20230320-150200.3.15.4.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-1963 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for grub2 fixes the following issues: - Fix aarch64 kiwi image's file not found due to '/@' prepended to path in btrfs filesystem. (bsc#1209165) - Make grub more robust against storage race condition causing system boot failures (bsc#1189036) - Fix unknown filesystem error on disks with 4096 sector size (bsc#1207064, bsc#1209234) - Fix installation over serial console ends up in infinite boot loop (bsc#1187810, bsc#1209667, bsc#1209372) grub2-2.06-150400.11.30.1.src.rpm grub2-2.06-150400.11.30.1.x86_64.rpm grub2-i386-pc-2.06-150400.11.30.1.noarch.rpm grub2-snapper-plugin-2.06-150400.11.30.1.noarch.rpm grub2-systemd-sleep-plugin-2.06-150400.11.30.1.noarch.rpm grub2-x86_64-efi-2.06-150400.11.30.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2060 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for glib2 fixes the following issues: - CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714). - CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713). The following non-security bug was fixed: - Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978). glib2-2.70.5-150400.3.8.1.src.rpm glib2-devel-2.70.5-150400.3.8.1.x86_64.rpm glib2-lang-2.70.5-150400.3.8.1.noarch.rpm glib2-tools-2.70.5-150400.3.8.1.x86_64.rpm libgio-2_0-0-2.70.5-150400.3.8.1.x86_64.rpm libglib-2_0-0-2.70.5-150400.3.8.1.x86_64.rpm libgmodule-2_0-0-2.70.5-150400.3.8.1.x86_64.rpm libgmodule-2_0-0-32bit-2.70.5-150400.3.8.1.x86_64.rpm libgobject-2_0-0-2.70.5-150400.3.8.1.x86_64.rpm libgthread-2_0-0-2.70.5-150400.3.8.1.x86_64.rpm libgio-2_0-0-32bit-2.70.5-150400.3.8.1.x86_64.rpm libglib-2_0-0-32bit-2.70.5-150400.3.8.1.x86_64.rpm libgobject-2_0-0-32bit-2.70.5-150400.3.8.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-1799 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for ghostscript fixes the following issues: - CVE-2023-28879: Fixed buffer Overflow in s_xBCPE_process (bsc#1210062). ghostscript-9.52-150000.164.1.src.rpm ghostscript-9.52-150000.164.1.x86_64.rpm ghostscript-devel-9.52-150000.164.1.x86_64.rpm ghostscript-x11-9.52-150000.164.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-1897 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687). - CVE-2023-1838: Fixed an use-after-free flaw in virtio network subcomponent. This flaw could allow a local attacker to crash the system and lead to a kernel information leak problem. (bsc#1210203). - CVE-2023-0394: Fixed a null pointer dereference in the network subcomponent. This flaw could cause system crashes (bsc#1207168). - CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532). - CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547). - CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256). - CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/bluetooth/hci_conn.c (bsc#1209052). - CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1209366). - CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779). - CVE-2023-1652: Fixed use-after-free that could lead to DoS and information leak in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c (bsc#1209788). - CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635). - CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209634). - CVE-2023-1582: Fixed soft lockup in __page_mapcount (bsc#1209636). - CVE-2023-28327: Fixed DoS in in_skb in unix_diag_get_exact() (bsc#1209290). - CVE-2023-23001: Fixed misinterpretation of regulator_get return value in drivers/scsi/ufs/ufs-mediatek.c (bsc#1208829). The following non-security bugs were fixed: - ACPI: x86: utils: Add Cezanne to the list for forcing StorageD3Enable (git-fixes). - alarmtimer: Prevent starvation by small intervals and SIG_IGN (git-fixes) - ALSA: asihpi: check pao in control_message() (git-fixes). - ALSA: hda: intel-dsp-config: add MTL PCI id (git-fixes). - ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set() (git-fixes). - ALSA: hda/conexant: Partial revert of a quirk for Lenovo (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo X370SNW (git-fixes). - ALSA: hda/realtek: Add quirk for Lenovo ZhaoYang CF4620Z (git-fixes). - ALSA: hda/realtek: Add quirks for some Clevo laptops (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). - ALSA: hda/realtek: Fix support for Dell Precision 3260 (git-fixes). - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro (git-fixes). - ALSA: usb-audio: Fix recursive locking at XRUN during syncing (git-fixes). - ALSA: usb-audio: Fix regression on detection of Roland VS-100 (git-fixes). - ALSA: ymfpci: Fix BUG_ON in probe function (git-fixes). - arch: fix broken BuildID for arm64 and riscv (bsc#1209798). - ARM: dts: imx6sl: tolino-shine2hd: fix usbotg1 pinctrl (git-fixes). - ARM: dts: imx6sll: e60k02: fix usbotg1 pinctrl (git-fixes). - arm64: dts: freescale: Fix pca954x i2c-mux node names (git-fixes) - arm64: dts: imx8mm-nitrogen-r2: fix WM8960 clock name (git-fixes). - arm64: dts: imx8mn: specify #sound-dai-cells for SAI nodes (git-fixes). - arm64: dts: imx8mp-phycore-som: Remove invalid PMIC property (git-fixes) - arm64: dts: imx8mp: correct usb clocks (git-fixes) - arm64: dts: imx8mq: add mipi csi phy and csi bridge descriptions (git-fixes) - arm64: dts: imx8mq: fix mipi_csi bidirectional port numbers (git-fixes) - arm64: dts: qcom: sm8350: Mark UFS controller as cache coherent (git-fixes). - arm64/cpufeature: Fix field sign for DIT hwcap detection (git-fixes) - ASoC: codecs: tx-macro: Fix for KASAN: slab-out-of-bounds (git-fixes). - atm: idt77252: fix kmemleak when rmmod idt77252 (git-fixes). - Bluetooth: btqcomsmd: Fix command timeout after setting BD address (git-fixes). - Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work (git-fixes). - Bluetooth: L2CAP: Fix responding with wrong PDU type (git-fixes). - ca8210: fix mac_len negative array access (git-fixes). - ca8210: Fix unsigned mac_len comparison with zero in ca8210_skb_tx() (git-fixes). - can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write (git-fixes). - can: isotp: isotp_ops: fix poll() to not report false EPOLLOUT events (git-fixes). - can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access (git-fixes). - cifs: append path to open_enter trace event (bsc#1193629). - cifs: avoid race conditions with parallel reconnects (bsc#1193629). - cifs: avoid races in parallel reconnects in smb1 (bsc#1193629). - cifs: check only tcon status on tcon related functions (bsc#1193629). - cifs: do not poll server interfaces too regularly (bsc#1193629). - cifs: double lock in cifs_reconnect_tcon() (git-fixes). - cifs: dump pending mids for all channels in DebugData (bsc#1193629). - cifs: empty interface list when server does not support query interfaces (bsc#1193629). - cifs: fix dentry lookups in directory handle cache (bsc#1193629). - cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL (bsc#1193629). - cifs: fix missing unload_nls() in smb2_reconnect() (bsc#1193629). - cifs: Fix smb2_set_path_size() (git-fixes). - cifs: fix use-after-free bug in refresh_cache_worker() (bsc#1193629). - cifs: generate signkey for the channel that's reconnecting (bsc#1193629). - cifs: get rid of dead check in smb2_reconnect() (bsc#1193629). - cifs: lock chan_lock outside match_session (bsc#1193629). - cifs: Move the in_send statistic to __smb_send_rqst() (git-fixes). - cifs: prevent infinite recursion in CIFSGetDFSRefer() (bsc#1193629). - cifs: print session id while listing open files (bsc#1193629). - cifs: return DFS root session id in DebugData (bsc#1193629). - cifs: set DFS root session in cifs_get_smb_ses() (bsc#1193629). - cifs: use DFS root session instead of tcon ses (bsc#1193629). - clocksource/drivers/mediatek: Optimize systimer irq clear flow on shutdown (git-fixes). - debugfs: add debugfs_lookup_and_remove() (git-fixes). - drivers/base: Fix unsigned comparison to -1 in CPUMAP_FILE_MAX_BYTES (bsc#1208815). - drivers/base: fix userspace break from using bin_attributes for cpumap and cpulist (bsc#1208815). - drm/amd/display: Add DSC Support for Synaptics Cascaded MST Hub (git-fixes). - drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes (git-fixes). - drm/amdkfd: Fix an illegal memory access (git-fixes). - drm/bridge: lt8912b: return EPROBE_DEFER if bridge is not found (git-fixes). - drm/etnaviv: fix reference leak when mmaping imported buffer (git-fixes). - drm/i915: Do not use BAR mappings for ring buffers with LLC (git-fixes). - drm/i915: Do not use stolen memory for ring buffers with LLC (git-fixes). - drm/i915: Preserve crtc_state->inherited during state clearing (git-fixes). - drm/i915: Remove unused bits of i915_vma/active api (git-fixes). - drm/i915/active: Fix missing debug object activation (git-fixes). - drm/i915/active: Fix misuse of non-idle barriers as fence trackers (git-fixes). - drm/i915/display: clean up comments (git-fixes). - drm/i915/display: Workaround cursor left overs with PSR2 selective fetch enabled (git-fixes). - drm/i915/display/psr: Handle plane and pipe restrictions at every page flip (git-fixes). - drm/i915/display/psr: Use drm damage helpers to calculate plane damaged area (git-fixes). - drm/i915/gt: perform uc late init after probe error injection (git-fixes). - drm/i915/psr: Use calculated io and fast wake lines (git-fixes). - drm/i915/tc: Fix the ICL PHY ownership check in TC-cold state (git-fixes). - drm/panfrost: Fix the panfrost_mmu_map_fault_addr() error path (git-fixes). - dt-bindings: serial: renesas,scif: Fix 4th IRQ for 4-IRQ SCIFs (git-fixes). - efi: sysfb_efi: Fix DMI quirks not working for simpledrm (git-fixes). - fbdev: au1200fb: Fix potential divide by zero (git-fixes). - fbdev: intelfb: Fix potential divide by zero (git-fixes). - fbdev: lxfb: Fix potential divide by zero (git-fixes). - fbdev: nvidia: Fix potential divide by zero (git-fixes). - fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks (git-fixes). - fbdev: tgafb: Fix potential divide by zero (git-fixes). - firmware: arm_scmi: Fix device node validation for mailbox transport (git-fixes). - fotg210-udc: Add missing completion handler (git-fixes). - ftrace: Fix invalid address access in lookup_rec() when index is 0 (git-fixes). - ftrace: Fix issue that 'direct->addr' not restored in modify_ftrace_direct() (git-fixes). - ftrace: Mark get_lock_parent_ip() __always_inline (git-fixes). - gpio: davinci: Add irq chip flag to skip set wake (git-fixes). - gpio: GPIO_REGMAP: select REGMAP instead of depending on it (git-fixes). - HID: cp2112: Fix driver not registering GPIO IRQ chip as threaded (git-fixes). - HID: intel-ish-hid: ipc: Fix potential use-after-free in work function (git-fixes). - hwmon: fix potential sensor registration fail if of_node is missing (git-fixes). - i2c: hisi: Only use the completion interrupt to finish the transfer (git-fixes). - i2c: imx-lpi2c: check only for enabled interrupt flags (git-fixes). - i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() (git-fixes). - iio: adc: ad7791: fix IRQ flags (git-fixes). - iio: adc: ti-ads7950: Set `can_sleep` flag for GPIO chip (git-fixes). - iio: adis16480: select CONFIG_CRC32 (git-fixes). - iio: dac: cio-dac: Fix max DAC write value check for 12-bit (git-fixes). - iio: light: cm32181: Unregister second I2C client if present (git-fixes). - Input: alps - fix compatibility with -funsigned-char (bsc#1209805). - Input: focaltech - use explicitly signed char type (git-fixes). - Input: goodix - add Lenovo Yoga Book X90F to nine_bytes_report DMI table (git-fixes). - KABI FIX FOR: NFSv4: keep state manager thread active if swap is enabled (Never, kabi). - kABI workaround for xhci (git-fixes). - kABI: x86/msr: Remove .fixup usage (kabi). - kconfig: Update config changed flag before calling callback (git-fixes). - keys: Do not cache key in task struct if key is requested from kernel thread (git-fixes). - KVM: x86: fix sending PV IPI (git-fixes). - KVM: x86: fix sending PV IPI (git-fixes). - lan78xx: Add missing return code checks (git-fixes). - lan78xx: Fix exception on link speed change (git-fixes). - lan78xx: Fix memory allocation bug (git-fixes). - lan78xx: Fix partial packet errors on suspend/resume (git-fixes). - lan78xx: Fix race condition in disconnect handling (git-fixes). - lan78xx: Fix race conditions in suspend/resume handling (git-fixes). - lan78xx: Fix white space and style issues (git-fixes). - lan78xx: Remove unused pause frame queue (git-fixes). - lan78xx: Remove unused timer (git-fixes). - lan78xx: Set flow control threshold to prevent packet loss (git-fixes). - lockd: set file_lock start and end when decoding nlm4 testargs (git-fixes). - locking/rwbase: Mitigate indefinite writer starvation (bsc#1189998 (PREEMPT_RT prerequisite backports), bsc#1206552). - mm: memcg: fix swapcached stat accounting (bsc#1209804). - mm: mmap: remove newline at the end of the trace (git-fixes). - mmc: atmel-mci: fix race between stop command and start of next command (git-fixes). - mtd: rawnand: meson: fix bitmask for length in command word (git-fixes). - mtd: rawnand: meson: invalidate cache on polling ECC bit (git-fixes). - mtd: rawnand: stm32_fmc2: remove unsupported EDO mode (git-fixes). - mtd: rawnand: stm32_fmc2: use timings.mode instead of checking tRC_min (git-fixes). - mtdblock: tolerate corrected bit-flips (git-fixes). - net: asix: fix modprobe "sysfs: cannot create duplicate filename" (git-fixes). - net: mdio: thunder: Add missing fwnode_handle_put() (git-fixes). - net: phy: dp83869: fix default value for tx-/rx-internal-delay (git-fixes). - net: phy: Ensure state transitions are processed from phy_stop() (git-fixes). - net: phy: nxp-c45-tja11xx: fix MII_BASIC_CONFIG_REV bit (git-fixes). - net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails (git-fixes). - net: qcom/emac: Fix use after free bug in emac_remove due to race condition (git-fixes). - net: usb: asix: remove redundant assignment to variable reg (git-fixes). - net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990 (git-fixes). - net: usb: lan78xx: Limit packet length to skb->len (git-fixes). - net: usb: qmi_wwan: add Telit 0x1080 composition (git-fixes). - net: usb: smsc75xx: Limit packet length to skb->len (git-fixes). - net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull (git-fixes). - net: usb: smsc95xx: Limit packet length to skb->len (git-fixes). - net: usb: use eth_hw_addr_set() (git-fixes). - NFS: Fix an Oops in nfs_d_automount() (git-fixes). - NFS: fix disabling of swap (git-fixes). - NFS4trace: fix state manager flag printing (git-fixes). - NFSD: fix handling of readdir in v4root vs. mount upcall timeout (git-fixes). - NFSD: fix leaked reference count of nfsd4_ssc_umount_item (git-fixes). - NFSD: fix problems with cleanup on errors in nfsd4_copy (git-fixes). - NFSD: fix race to check ls_layouts (git-fixes). - NFSD: fix use-after-free in nfsd4_ssc_setup_dul() (git-fixes). - NFSD: Protect against filesystem freezing (git-fixes). - NFSD: shut down the NFSv4 state objects before the filecache (git-fixes). - NFSD: under NFSv4.1, fix double svc_xprt_put on rpc_create failure (git-fixes). - NFSD: zero out pointers after putting nfsd_files on COPY setup error (git-fixes). - NFSv4: Fix a credential leak in _nfs4_discover_trunking() (git-fixes). - NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn (git-fixes). - NFSv4: Fix hangs when recovering open state after a server reboot (git-fixes). - NFSv4: keep state manager thread active if swap is enabled (git-fixes). - NFSv4: provide mount option to toggle trunking discovery (git-fixes). - NFSv4: Fix initialisation of struct nfs4_label (git-fixes). - NFSv4: Fail client initialisation if state manager thread can't run (git-fixes). - nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() (git-fixes). - nilfs2: fix sysfs interface lifetime (git-fixes). - nvme-tcp: always fail a request when sending it failed (bsc#1208902). - PCI: hv: Add a per-bus mutex state_lock (bsc#1207185). - PCI: hv: fix a race condition bug in hv_pci_query_relations() (bsc#1207185). - PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1207185). - PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1207185). - PCI: hv: Use async probing to reduce boot time (bsc#1207185). - PCI/DPC: Await readiness of secondary bus after reset (git-fixes). - pinctrl: amd: Disable and mask interrupts on resume (git-fixes). - pinctrl: at91-pio4: fix domain name assignment (git-fixes). - pinctrl: ocelot: Fix alt mode for ocelot (git-fixes). - platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl (git-fixes). - platform/x86: think-lmi: add debug_cmd (bsc#1210050). - platform/x86: think-lmi: add missing type attribute (git-fixes). - platform/x86: think-lmi: Add possible_values for ThinkStation (git-fixes). - platform/x86: think-lmi: Certificate authentication support (bsc#1210050). - platform/x86: think-lmi: certificate support clean ups (bsc#1210050). - platform/x86: think-lmi: Clean up display of current_value on Thinkstation (git-fixes). - platform/x86: think-lmi: Fix memory leak when showing current settings (git-fixes). - platform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI strings (git-fixes). - platform/x86: think-lmi: Move kobject_init() call into tlmi_create_auth() (bsc#1210050). - platform/x86: think-lmi: only display possible_values if available (git-fixes). - platform/x86: think-lmi: Opcode support (bsc#1210050). - platform/x86: think-lmi: Prevent underflow in index_store() (bsc#1210050). - platform/x86: think-lmi: Simplify tlmi_analyze() error handling a bit (bsc#1210050). - platform/x86: think-lmi: use correct possible_values delimiters (git-fixes). - platform/x86: think-lmi: Use min_t() for comparison and assignment (bsc#1210050). - platform/x86: thinkpad_acpi: Accept ibm_init_struct.init() returning -ENODEV (bsc#1210050). - platform/x86: thinkpad_acpi: Add a s2idle resume quirk for a number of laptops (bsc#1210050). - platform/x86: thinkpad_acpi: Add dual fan probe (bsc#1210050). - platform/x86: thinkpad_acpi: Add dual-fan quirk for T15g (2nd gen) (bsc#1210050). - platform/x86: thinkpad_acpi: Add hotkey_notify_extended_hotkey() helper (bsc#1210050). - platform/x86: thinkpad_acpi: Add LED_RETAIN_AT_SHUTDOWN to led_class_devs (bsc#1210050). - platform/x86: thinkpad_acpi: Add lid_logo_dot to the list of safe LEDs (bsc#1210050). - platform/x86: thinkpad_acpi: Add PSC mode support (bsc#1210050). - platform/x86: thinkpad_acpi: Add quirk for ThinkPads without a fan (bsc#1210050). - platform/x86: thinkpad_acpi: clean up dytc profile convert (bsc#1210050). - platform/x86: thinkpad_acpi: Cleanup dytc_profile_available (bsc#1210050). - platform/x86: thinkpad_acpi: consistently check fan_get_status return (bsc#1210050). - platform/x86: thinkpad_acpi: Convert btusb DMI list to quirks (bsc#1210050). - platform/x86: thinkpad_acpi: Convert platform driver to use dev_groups (bsc#1210050). - platform/x86: thinkpad_acpi: Correct dual fan probe (bsc#1210050). - platform/x86: thinkpad_acpi: do not use PSC mode on Intel platforms (bsc#1210050). - platform/x86: thinkpad_acpi: Do not use test_bit on an integer (bsc#1210050). - platform/x86: thinkpad_acpi: Enable s2idle quirk for 21A1 machine type (bsc#1210050). - platform/x86: thinkpad_acpi: Explicitly set to balanced mode on startup (bsc#1210050). - platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO resource (bsc#1210050). - platform/x86: thinkpad_acpi: Fix coccinelle warnings (bsc#1210050). - platform/x86: thinkpad_acpi: Fix compiler warning about uninitialized err variable (bsc#1210050). - platform/x86: thinkpad_acpi: Fix incorrect use of platform profile on AMD platforms (bsc#1210050). - platform/x86: thinkpad_acpi: Fix max_brightness of thinklight (bsc#1210050). - platform/x86: thinkpad_acpi: Fix profile mode display in AMT mode (bsc#1210050). - platform/x86: thinkpad_acpi: Fix profile modes on Intel platforms (bsc#1210050). - platform/x86: thinkpad_acpi: Fix reporting a non present second fan on some models (bsc#1210050). - platform/x86: thinkpad_acpi: Fix the hwmon sysfs-attr showing up in the wrong place (bsc#1210050). - platform/x86: thinkpad_acpi: Fix thermal_temp_input_attr sorting (bsc#1210050). - platform/x86: thinkpad_acpi: Fix thinklight LED brightness returning 255 (bsc#1210050). - platform/x86: thinkpad_acpi: Get privacy-screen / lcdshadow ACPI handles only once (bsc#1210050). - platform/x86: thinkpad_acpi: Make *_init() functions return -ENODEV instead of 1 (bsc#1210050). - platform/x86: thinkpad_acpi: Properly indent code in tpacpi_dytc_profile_init() (bsc#1210050). - platform/x86: thinkpad_acpi: Register tpacpi_pdriver after subdriver init (bsc#1210050). - platform/x86: thinkpad_acpi: Remove "goto err_exit" from hotkey_init() (bsc#1210050). - platform/x86: thinkpad_acpi: Remove unused sensors_pdev_attrs_registered flag (bsc#1210050). - platform/x86: thinkpad_acpi: Restore missing hotkey_tablet_mode and hotkey_radio_sw sysfs-attr (bsc#1210050). - platform/x86: thinkpad_acpi: Simplify dytc_version handling (bsc#1210050). - platform/x86: thinkpad_acpi: Switch to common use of attributes (bsc#1210050). - platform/x86: thinkpad_acpi: tpacpi_attr_group contains driver attributes not device attrs (bsc#1210050). - platform/x86: thinkpad_acpi: Use backlight helper (bsc#1210050). - platform/x86: thinkpad_acpi: use strstarts() (bsc#1210050). - platform/x86: thinkpad-acpi: Add support for automatic mode transitions (bsc#1210050). - platform/x86: thinkpad-acpi: Enable AMT by default on supported systems (bsc#1210050). - platform/x86: thinkpad-acpi: profile capabilities as integer (bsc#1210050). - platform/x86/intel/pmc: Alder Lake PCH slp_s0_residency fix (git-fixes). - pNFS/filelayout: Fix coalescing test for single DS (git-fixes). - power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition (git-fixes). - powerpc: Remove linker flag from KBUILD_AFLAGS (bsc#1194869). - powerpc/64s/interrupt: Fix interrupt exit race with security mitigation switch (bsc#1194869). - powerpc/btext: add missing of_node_put (bsc#1065729). - powerpc/ioda/iommu/debugfs: Generate unique debugfs entries (bsc#1194869). - powerpc/iommu: Add missing of_node_put in iommu_init_early_dart (bsc#1194869). - powerpc/iommu: fix memory leak with using debugfs_lookup() (bsc#1194869). - powerpc/kcsan: Exclude udelay to prevent recursive instrumentation (bsc#1194869). - powerpc/kexec_file: fix implicit decl error (bsc#1194869). - powerpc/powernv: fix missing of_node_put in uv_init() (bsc#1194869). - powerpc/powernv/ioda: Skip unallocated resources when mapping to PE (bsc#1065729). - powerpc/pseries/lpar: add missing RTAS retry status handling (bsc#1109158 ltc#169177 git-fixes). - powerpc/pseries/lparcfg: add missing RTAS retry status handling (bsc#1065729). - powerpc/rtas: ensure 4KB alignment for rtas_data_buf (bsc#1065729). - powerpc/vmlinux.lds: Define RUNTIME_DISCARD_EXIT (bsc#1194869). - powerpc/vmlinux.lds: Do not discard .comment (bsc#1194869). - powerpc/vmlinux.lds: Do not discard .rela* for relocatable builds (bsc#1194869). - powerpc/xmon: Fix -Wswitch-unreachable warning in bpt_cmds (bsc#1194869). - ppc64le: HWPOISON_INJECT=m (bsc#1209572). - pwm: cros-ec: Explicitly set .polarity in .get_state() (git-fixes). - pwm: sprd: Explicitly set .polarity in .get_state() (git-fixes). - r8169: fix RTL8168H and RTL8107E rx crc error (git-fixes). - rcu: Fix rcu_torture_read ftrace event (git-fixes). - regulator: Handle deferred clk (git-fixes). - ring-buffer: Fix race while reader and writer are on the same page (git-fixes). - ring-buffer: Handle race between rb_move_tail and rb_check_pages (git-fixes). - ring-buffer: remove obsolete comment for free_buffer_page() (git-fixes). - rpm/constraints.in: increase the disk size for armv6/7 to 24GB It grows and the build fails recently on SLE15-SP4/5. - s390/boot: simplify and fix kernel memory layout setup (bsc#1209600). - s390/dasd: fix no record found for raw_track_access (bsc#1207574). - s390/vfio-ap: fix memory leak in vfio_ap device driver (git-fixes). - sbitmap: Avoid lockups when waker gets preempted (bsc#1209118). - sched/psi: Fix use-after-free in ep_remove_wait_queue() (bsc#1209799). - scsi: qla2xxx: Synchronize the IOCB count to be in order (bsc#1209292 bsc#1209684 bsc#1209556). - sctp: sctp_sock_filter(): avoid list_entry() on possibly empty list (bsc#1208602, git-fixes). - serial: 8250: ASPEED_VUART: select REGMAP instead of depending on it (git-fixes). - serial: 8250: SERIAL_8250_ASPEED_VUART should depend on ARCH_ASPEED (git-fixes). - serial: fsl_lpuart: Fix comment typo (git-fixes). - smb3: fix unusable share after force unmount failure (bsc#1193629). - smb3: lower default deferred close timeout to address perf regression (bsc#1193629). - struct dwc3: mask new member (git-fixes). - SUNRPC: ensure the matching upcall is in-flight upon downcall (git-fixes). - SUNRPC: Fix a server shutdown leak (git-fixes). - SUNRPC: Fix missing release socket in rpc_sockname() (git-fixes). - thunderbolt: Add missing UNSET_INBOUND_SBTX for retimer access (git-fixes). - thunderbolt: Call tb_check_quirks() after initializing adapters (git-fixes). - thunderbolt: Disable interrupt auto clear for rings (git-fixes). - thunderbolt: Rename shadowed variables bit to interrupt_bit and auto_clear_bit (git-fixes). - thunderbolt: Use const qualifier for `ring_interrupt_index` (git-fixes). - thunderbolt: Use scale field when allocating USB3 bandwidth (git-fixes). - timers: Prevent union confusion from unexpected (git-fixes) - trace/hwlat: Do not start per-cpu thread if it is already running (git-fixes). - trace/hwlat: Do not wipe the contents of per-cpu thread data (git-fixes). - trace/hwlat: make use of the helper function kthread_run_on_cpu() (git-fixes). - tracing: Add NULL checks for buffer in ring_buffer_free_read_page() (git-fixes). - tracing: Add trace_array_puts() to write into instance (git-fixes). - tracing: Check field value in hist_field_name() (git-fixes). - tracing: Do not let histogram values have some modifiers (git-fixes). - tracing: Fix wrong return in kprobe_event_gen_test.c (git-fixes). - tracing: Free error logs of tracing instances (git-fixes). - tracing: Have tracing_snapshot_instance_cond() write errors to the appropriate instance (git-fixes). - tracing: Make splice_read available again (git-fixes). - tracing: Make tracepoint lockdep check actually test something (git-fixes). - tracing/hwlat: Replace sched_setaffinity with set_cpus_allowed_ptr (git-fixes). - tty: serial: fsl_lpuart: avoid checking for transfer complete when UARTCTRL_SBK is asserted in lpuart32_tx_empty (git-fixes). - tty: serial: fsl_lpuart: skip waiting for transmission complete when UARTCTRL_SBK is asserted (git-fixes). - tty: serial: sh-sci: Fix Rx on RZ/G2L SCI (git-fixes). - tty: serial: sh-sci: Fix transmit end interrupt handler (git-fixes). - uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2 (git-fixes). - USB: cdns3: Fix issue with using incorrect PCI device function (git-fixes). - USB: cdnsp: changes PCI Device ID to fix conflict with CNDS3 driver (git-fixes). - USB: cdnsp: Fixes error: uninitialized symbol 'len' (git-fixes). - USB: cdnsp: Fixes issue with redundant Status Stage (git-fixes). - USB: chipdea: core: fix return -EINVAL if request role is the same with current role (git-fixes). - USB: chipidea: fix memory leak with using debugfs_lookup() (git-fixes). - USB: dwc2: fix a devres leak in hw_enable upon suspend resume (git-fixes). - USB: dwc3: Fix a typo in field name (git-fixes). - USB: dwc3: fix memory leak with using debugfs_lookup() (git-fixes). - USB: dwc3: gadget: Add 1ms delay after end transfer command without IOC (git-fixes). - USB: fix memory leak with using debugfs_lookup() (git-fixes). - USB: fotg210: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: bcm63xx_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: gr_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: lpc32xx_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: pxa25x_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: pxa27x_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: u_audio: do not let userspace block driver unbind (git-fixes). - USB: isp116x: fix memory leak with using debugfs_lookup() (git-fixes). - USB: isp1362: fix memory leak with using debugfs_lookup() (git-fixes). - USB: sl811: fix memory leak with using debugfs_lookup() (git-fixes). - USB: typec: altmodes/displayport: Fix configure initial pin assignment (git-fixes). - USB: typec: tcpm: fix warning when handle discover_identity message (git-fixes). - USB: ucsi: Fix NULL pointer deref in ucsi_connector_change() (git-fixes). - USB: ucsi: Fix ucsi->connector race (git-fixes). - USB: uhci: fix memory leak with using debugfs_lookup() (git-fixes). - USB: xhci: tegra: fix sleep in atomic call (git-fixes). - vdpa_sim: set last_used_idx as last_avail_idx in vdpasim_queue_ready (git-fixes). - wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta (git-fixes). - wifi: mac80211: fix qos on mesh interfaces (git-fixes). - wireguard: ratelimiter: use hrtimer in selftest (git-fixes) - x86: Annotate call_on_stack() (git-fixes). - x86: Annotate call_on_stack() (git-fixes). - x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments (bsc#1203200). - x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes). - x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes). - x86/fpu: Cache xfeature flags from CPUID (git-fixes). - x86/fpu: Remove unused supervisor only offsets (git-fixes). - x86/fpu: Remove unused supervisor only offsets (git-fixes). - x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes). - x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes). - x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes). - x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes). - x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes). - x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes). - x86/mce: Allow instrumentation during task work queueing (git-fixes). - x86/mce: Allow instrumentation during task work queueing (git-fixes). - x86/mce: Mark mce_end() noinstr (git-fixes). - x86/mce: Mark mce_end() noinstr (git-fixes). - x86/mce: Mark mce_panic() noinstr (git-fixes). - x86/mce: Mark mce_panic() noinstr (git-fixes). - x86/mce: Mark mce_read_aux() noinstr (git-fixes). - x86/mce: Mark mce_read_aux() noinstr (git-fixes). - x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes). - x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes). - x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes). - x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes). - x86/msr: Remove .fixup usage (git-fixes). - x86/sgx: Free backing memory after faulting the enclave page (git-fixes). - x86/sgx: Free backing memory after faulting the enclave page (git-fixes). - x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes). - x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes). - x86/uaccess: Move variable into switch case statement (git-fixes). - x86/uaccess: Move variable into switch case statement (git-fixes). - xfs: convert ptag flags to unsigned (git-fixes). - xfs: do not assert fail on perag references on teardown (git-fixes). - xfs: do not leak btree cursor when insrec fails after a split (git-fixes). - xfs: pass the correct cursor to xfs_iomap_prealloc_size (git-fixes). - xfs: remove xfs_setattr_time() declaration (git-fixes). - xfs: zero inode fork buffer at allocation (git-fixes). - xhci: also avoid the XHCI_ZERO_64B_REGS quirk with a passthrough iommu (git-fixes). - xhci: Free the command allocated for setting LPM if we return early (git-fixes). - xirc2ps_cs: Fix use after free bug in xirc2ps_detach (git-fixes). - xprtrdma: Fix regbuf data not freed in rpcrdma_req_create() (git-fixes). kernel-default-5.14.21-150400.24.60.1.nosrc.rpm True kernel-default-5.14.21-150400.24.60.1.x86_64.rpm True kernel-default-base-5.14.21-150400.24.60.1.150400.24.24.3.src.rpm True kernel-default-base-5.14.21-150400.24.60.1.150400.24.24.3.x86_64.rpm True kernel-default-devel-5.14.21-150400.24.60.1.x86_64.rpm True kernel-devel-5.14.21-150400.24.60.1.noarch.rpm True kernel-macros-5.14.21-150400.24.60.1.noarch.rpm True kernel-source-5.14.21-150400.24.60.1.src.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2023-1898 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for openssl-3 fixes the following issues: - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). - Update further expiring certificates that affect tests (bsc#1210060) libopenssl-3-devel-3.0.1-150400.4.23.1.x86_64.rpm libopenssl3-3.0.1-150400.4.23.1.x86_64.rpm openssl-3-3.0.1-150400.4.23.1.src.rpm openssl-3-3.0.1-150400.4.23.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-1911 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for openssl-1_1 fixes the following issues: - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). libopenssl-1_1-devel-1.1.1l-150400.7.34.1.x86_64.rpm libopenssl-1_1-devel-32bit-1.1.1l-150400.7.34.1.x86_64.rpm libopenssl1_1-1.1.1l-150400.7.34.1.x86_64.rpm libopenssl1_1-32bit-1.1.1l-150400.7.34.1.x86_64.rpm libopenssl1_1-hmac-1.1.1l-150400.7.34.1.x86_64.rpm libopenssl1_1-hmac-32bit-1.1.1l-150400.7.34.1.x86_64.rpm openssl-1_1-1.1.1l-150400.7.34.1.src.rpm openssl-1_1-1.1.1l-150400.7.34.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2245 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libzypp, zypper fixes the following issues: - Installing local RPM packages fails if /usr/bin/find is not installed (bsc#1195633) - multicurl: propagate ssl settings stored in repo url (bsc#1127591) - MediaCurl: Fix endless loop if wrong credentials are stored in credentials.cat (bsc#1210870) - zypp.conf: Introduce 'download.connect_timeout' [60 sec.] (bsc#1208329) - Teach MediaNetwork to retry on HTTP2 errors. - Fix selecting installed patterns from picklist (bsc#1209406) - man: better explanation of --priority libsolv-0.7.24-150400.3.6.4.src.rpm True libsolv-devel-0.7.24-150400.3.6.4.x86_64.rpm True libsolv-tools-0.7.24-150400.3.6.4.x86_64.rpm True libzypp-17.31.11-150400.3.25.2.src.rpm True libzypp-17.31.11-150400.3.25.2.x86_64.rpm True libzypp-devel-17.31.11-150400.3.25.2.x86_64.rpm True python3-solv-0.7.24-150400.3.6.4.x86_64.rpm True ruby-solv-0.7.24-150400.3.6.4.x86_64.rpm True zypper-1.14.60-150400.3.21.2.src.rpm True zypper-1.14.60-150400.3.21.2.x86_64.rpm True zypper-log-1.14.60-150400.3.21.2.noarch.rpm True zypper-needs-restarting-1.14.60-150400.3.21.2.noarch.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2023-1852 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for harfbuzz fixes the following issues: - CVE-2023-25193: Fixed vulnerability that allowed attackers to trigger O(n^2) growth via consecutive marks (bsc#1207922). harfbuzz-3.4.0-150400.3.6.1.src.rpm harfbuzz-devel-3.4.0-150400.3.6.1.x86_64.rpm libharfbuzz-gobject0-3.4.0-150400.3.6.1.x86_64.rpm libharfbuzz-icu0-3.4.0-150400.3.6.1.x86_64.rpm libharfbuzz-subset0-3.4.0-150400.3.6.1.x86_64.rpm libharfbuzz0-3.4.0-150400.3.6.1.x86_64.rpm typelib-1_0-HarfBuzz-0_0-3.4.0-150400.3.6.1.x86_64.rpm libharfbuzz0-32bit-3.4.0-150400.3.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-1860 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for wayland fixes the following issues: - CVE-2021-3782: Fixed a reference-count overflow in libwayland-server SHM handling. (bsc#1190486) libwayland-client0-1.19.0-150400.3.3.1.x86_64.rpm libwayland-cursor0-1.19.0-150400.3.3.1.x86_64.rpm libwayland-egl1-99~1.19.0-150400.3.3.1.x86_64.rpm libwayland-server0-1.19.0-150400.3.3.1.x86_64.rpm wayland-1.19.0-150400.3.3.1.src.rpm wayland-devel-1.19.0-150400.3.3.1.x86_64.rpm libwayland-client0-32bit-1.19.0-150400.3.3.1.x86_64.rpm libwayland-server0-32bit-1.19.0-150400.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2028 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for yast2-users fixes the following issues: - Fix bug causing failures when creating new users (bsc#1209377) yast2-users-4.4.13-150400.3.9.1.src.rpm yast2-users-4.4.13-150400.3.9.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-1994 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for avahi fixes the following issues: - CVE-2023-1981: Fixed crash in avahi-daemon (bsc#1210328). avahi-0.8-150400.7.3.1.src.rpm avahi-0.8-150400.7.3.1.x86_64.rpm avahi-compat-howl-devel-0.8-150400.7.3.1.x86_64.rpm avahi-compat-mDNSResponder-devel-0.8-150400.7.3.1.x86_64.rpm avahi-glib2-0.8-150400.7.3.1.src.rpm avahi-lang-0.8-150400.7.3.1.noarch.rpm avahi-utils-0.8-150400.7.3.1.x86_64.rpm libavahi-client3-0.8-150400.7.3.1.x86_64.rpm libavahi-client3-32bit-0.8-150400.7.3.1.x86_64.rpm libavahi-common3-0.8-150400.7.3.1.x86_64.rpm libavahi-core7-0.8-150400.7.3.1.x86_64.rpm libavahi-devel-0.8-150400.7.3.1.x86_64.rpm libavahi-glib-devel-0.8-150400.7.3.1.x86_64.rpm libavahi-glib1-0.8-150400.7.3.1.x86_64.rpm libavahi-gobject0-0.8-150400.7.3.1.x86_64.rpm libavahi-libevent1-0.8-150400.7.3.1.x86_64.rpm libavahi-ui-gtk3-0-0.8-150400.7.3.1.x86_64.rpm libdns_sd-0.8-150400.7.3.1.x86_64.rpm libhowl0-0.8-150400.7.3.1.x86_64.rpm typelib-1_0-Avahi-0_6-0.8-150400.7.3.1.x86_64.rpm libavahi-common3-32bit-0.8-150400.7.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-1931 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for wireshark fixes the following issues: - CVE-2023-1992: Fixed RPCoRDMA dissector crash (bsc#1210405). - CVE-2023-1993: Fixed LISP dissector large loop (bsc#1210404). - CVE-2023-1994: Fixed GQUIC dissector crash (bsc#1210403). Update to 3.6.13: - Further features, bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-3.6.13.html libwireshark15-3.6.13-150000.3.89.1.x86_64.rpm libwiretap12-3.6.13-150000.3.89.1.x86_64.rpm libwsutil13-3.6.13-150000.3.89.1.x86_64.rpm wireshark-3.6.13-150000.3.89.1.src.rpm wireshark-3.6.13-150000.3.89.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-1946 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for nvme-stas fixes the following issue: - Update to version 1.1.9 * Add _nvme-disc._udp to the list of mDNS service types * Fix RoCe and iwarp support (bsc#1207436) nvme-stas-1.1.9-150400.3.9.3.src.rpm nvme-stas-1.1.9-150400.3.9.3.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2084 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for shim fixes the following issues: - CVE-2022-28737 was missing as reference previously. - Upgrade shim-install for bsc#1210382 After closing Leap-gap project since Leap 15.3, openSUSE Leap direct uses shim from SLE. So the ca_string is 'SUSE Linux Enterprise Secure Boot CA1', not 'openSUSE Secure Boot CA1'. It causes that the update_boot=no, so all files in /boot/efi/EFI/boot are not updated. Logic was added that is using ID field in os-release for checking Leap distro and set ca_string to 'SUSE Linux Enterprise Secure Boot CA1'. Then /boot/efi/EFI/boot/* can also be updated. shim-15.7-150300.4.16.1.src.rpm shim-15.7-150300.4.16.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-1947 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for dmidecode fixes the following issues: - CVE-2023-30630: Fixed potential privilege escalation vulnerability via file overwrite (bsc#1210418). dmidecode-3.4-150400.16.8.1.src.rpm dmidecode-3.4-150400.16.8.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-1939 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for mozilla-nss fixes the following issues: - FIPS 140-3: Adjust SLI reporting for PBKDF2 parameter validation (bsc#1208999) - FIPS 140-3: Update session->lastOpWasFIPS before destroying the key after derivation in the CKM_TLS12_KEY_AND_MAC_DERIVE, CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256, CKM_TLS_KEY_AND_MAC_DERIVE and CKM_SSL3_KEY_AND_MAC_DERIVE cases. (bsc#1191546) - FIPS 140-3: more changes for pairwise consistency checks. (bsc#1207209) - Add manpages to mozilla-nss-tools (bsc#1208242) libfreebl3-3.79.4-150400.3.29.1.x86_64.rpm libfreebl3-32bit-3.79.4-150400.3.29.1.x86_64.rpm libfreebl3-hmac-3.79.4-150400.3.29.1.x86_64.rpm libsoftokn3-3.79.4-150400.3.29.1.x86_64.rpm libsoftokn3-32bit-3.79.4-150400.3.29.1.x86_64.rpm libsoftokn3-hmac-3.79.4-150400.3.29.1.x86_64.rpm libsoftokn3-hmac-32bit-3.79.4-150400.3.29.1.x86_64.rpm mozilla-nss-3.79.4-150400.3.29.1.src.rpm mozilla-nss-3.79.4-150400.3.29.1.x86_64.rpm mozilla-nss-32bit-3.79.4-150400.3.29.1.x86_64.rpm mozilla-nss-certs-3.79.4-150400.3.29.1.x86_64.rpm mozilla-nss-devel-3.79.4-150400.3.29.1.x86_64.rpm mozilla-nss-sysinit-3.79.4-150400.3.29.1.x86_64.rpm mozilla-nss-tools-3.79.4-150400.3.29.1.x86_64.rpm libfreebl3-hmac-32bit-3.79.4-150400.3.29.1.x86_64.rpm mozilla-nss-certs-32bit-3.79.4-150400.3.29.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2216 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for python-packaging fixes the following issues: - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Add patch to fix testsuite on big-endian targets - Ignore python3.6.2 since the test doesn't support it. - update to 21.3: * Add a pp3-none-any tag * Replace the blank pyparsing 3 exclusion with a 3.0.5 exclusion * Fix a spelling mistake - update to 21.2: * Update documentation entry for 21.1. * Update pin to pyparsing to exclude 3.0.0. * PEP 656: musllinux support * Drop support for Python 2.7, Python 3.4 and Python 3.5 * Replace distutils usage with sysconfig * Add support for zip files * Use cached hash attribute to short-circuit tag equality comparisons * Specify the default value for the 'specifier' argument to 'SpecifierSet' * Proper keyword-only "warn" argument in packaging.tags * Correctly remove prerelease suffixes from ~= check * Fix type hints for 'Version.post' and 'Version.dev' * Use typing alias 'UnparsedVersion' * Improve type inference * Tighten the return typeo - Add Provides: for python*dist(packaging). (bsc#1186870) - add no-legacyversion-warning.patch to restore compatibility with 20.4 - update to 20.9: * Add support for the ``macosx_10_*_universal2`` platform tags * Introduce ``packaging.utils.parse_wheel_filename()`` and ``parse_sdist_filename()`` - update to 20.8: * Revert back to setuptools for compatibility purposes for some Linux distros * Do not insert an underscore in wheel tags when the interpreter version number is more than 2 digits * Fix flit configuration, to include LICENSE files * Make `intel` a recognized CPU architecture for the `universal` macOS platform tag * Add some missing type hints to `packaging.requirements` * Officially support Python 3.9 * Deprecate the ``LegacyVersion`` and ``LegacySpecifier`` classes * Handle ``OSError`` on non-dynamic executables when attempting to resolve the glibc version string. - update to 20.4: * Canonicalize version before comparing specifiers. * Change type hint for ``canonicalize_name`` to return ``packaging.utils.NormalizedName``. This enables the use of static typing tools (like mypy) to detect mixing of normalized and un-normalized names. python-packaging-21.3-150200.3.3.1.src.rpm python3-packaging-21.3-150200.3.3.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2066 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). login_defs-4.8.1-150400.10.6.1.noarch.rpm shadow-4.8.1-150400.10.6.1.src.rpm shadow-4.8.1-150400.10.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2239 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for zram-generator fixes the following issues: - Fixed typo in the description (bsc#1200961) zram-generator-1.1.1~git5.8612dbb-150400.3.3.2.src.rpm zram-generator-1.1.1~git5.8612dbb-150400.3.3.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2192 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This release of python311, python311-pip, python311-setuptools adds the following feature: - Add Python-3.11 to SLE-15-SP4 Python Module (jsc#PED-68, jsc#PED-2634) python3-pip-20.0.2-150400.20.1.noarch.rpm python3-pip-20.0.2-150400.20.1.src.rpm python3-pip-wheel-20.0.2-150400.20.1.noarch.rpm python3-pip-wheel-20.0.2-150400.20.1.src.rpm python3-setuptools-44.1.1-150400.9.3.3.noarch.rpm python3-setuptools-44.1.1-150400.9.3.3.src.rpm python3-setuptools-test-44.1.1-150400.9.3.3.noarch.rpm python3-setuptools-test-44.1.1-150400.9.3.3.src.rpm python3-setuptools-wheel-44.1.1-150400.9.3.3.noarch.rpm python3-setuptools-wheel-44.1.1-150400.9.3.3.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2102 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for usbguard fixes the following issues: Update to 1.1.2 * Fixed - Polkit: Always allow getParameter/listDevices/listRules in active sessions - D-Bus: Send reply on auth failure - Polkit: Unreference PolkitAuthorizationResult and PolkitAuthority structs if needed Update to 1.1.1 * Fixed/Changed - Use authentication instead of authentification - Restore support for access control filenames without a group - Enable dbus support (bsc#1196621, jsc#PED-3789). libusbguard1-1.1.2-150400.3.3.1.x86_64.rpm usbguard-1.1.2-150400.3.3.1.src.rpm usbguard-1.1.2-150400.3.3.1.x86_64.rpm usbguard-devel-1.1.2-150400.3.3.1.x86_64.rpm usbguard-tools-1.1.2-150400.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2143 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for protobuf-c fixes the following issues: - CVE-2022-48468: Fixed an unsigned integer overflow. (bsc#1210323) libprotobuf-c-devel-1.3.2-150200.3.3.1.x86_64.rpm libprotobuf-c1-1.3.2-150200.3.3.1.x86_64.rpm protobuf-c-1.3.2-150200.3.3.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2053 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). The following non-security bug was fixed: - Remove unneeded dependency (bsc#1209918). libxml2-2-2.9.14-150400.5.16.1.x86_64.rpm libxml2-2.9.14-150400.5.16.1.src.rpm libxml2-devel-2.9.14-150400.5.16.1.x86_64.rpm libxml2-python-2.9.14-150400.5.16.1.src.rpm libxml2-tools-2.9.14-150400.5.16.1.x86_64.rpm python3-libxml2-2.9.14-150400.5.16.1.x86_64.rpm libxml2-2-32bit-2.9.14-150400.5.16.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2038 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for git fixes the following issues: - CVE-2023-25652: Fixed partial overwrite of paths outside the working tree (bsc#1210686). - CVE-2023-25815: Fixed malicious placemtn of crafted message (bsc#1210686). - CVE-2023-29007: Fixed arbitrary configuration injection (bsc#1210686). git-2.35.3-150300.10.27.1.src.rpm git-core-2.35.3-150300.10.27.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2065 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for webkit2gtk3 fixes the following issues: Update to version 2.38.6 (bsc#1210731): - CVE-2022-0108: Fixed information leak. - CVE-2022-32885: Fixed arbitrary code execution. - CVE-2023-25358: Fixed use-after-free vulnerability in WebCore::RenderLayer. - CVE-2023-27932: Fixed Same Origin Policy bypass. - CVE-2023-27954: Fixed sensitive user information tracking. - CVE-2023-28205: Fixed arbitrary code execution (bsc#1210295). Already fixed in version 2.38.5: - CVE-2022-32886, CVE-2022-32912, CVE-2023-25360, CVE-2023-25361, CVE-2023-25362, CVE-2023-25363. libjavascriptcoregtk-4_0-18-2.38.6-150400.4.39.1.x86_64.rpm libwebkit2gtk-4_0-37-2.38.6-150400.4.39.1.x86_64.rpm typelib-1_0-JavaScriptCore-4_0-2.38.6-150400.4.39.1.x86_64.rpm typelib-1_0-WebKit2-4_0-2.38.6-150400.4.39.1.x86_64.rpm typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150400.4.39.1.x86_64.rpm webkit2gtk-4_0-injected-bundles-2.38.6-150400.4.39.1.x86_64.rpm webkit2gtk3-soup2-2.38.6-150400.4.39.1.src.rpm webkit2gtk3-soup2-devel-2.38.6-150400.4.39.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2437 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for hplip fixes the following issues: - Fix printer attribute handling which could provoke a buffer overflow if CUPS returned a printer with too large `name/location/uri/etc` (bsc#1209866) hplip-3.21.10-150400.3.8.1.src.rpm hplip-devel-3.21.10-150400.3.8.1.x86_64.rpm hplip-hpijs-3.21.10-150400.3.8.1.x86_64.rpm hplip-sane-3.21.10-150400.3.8.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2438 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for kernel-firmware fixes the following issues: - Add firmware for QAT 4xxx (jsc#PED-3699, bsc#1209601) - Add iwlwifi-*-72 ucode (bsc#1209681) - Update constraints for 8GB (bsc#1205811) kernel-firmware-20220509-150400.4.16.1.src.rpm True kernel-firmware-all-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-amdgpu-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-ath10k-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-ath11k-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-atheros-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-bluetooth-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-bnx2-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-brcm-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-chelsio-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-dpaa2-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-i915-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-intel-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-iwlwifi-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-liquidio-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-marvell-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-media-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-mediatek-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-mellanox-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-mwifiex-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-network-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-nfp-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-nvidia-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-platform-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-prestera-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-qcom-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-qlogic-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-radeon-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-realtek-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-serial-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-sound-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-ti-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-ueagle-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-usb-network-20220509-150400.4.16.1.noarch.rpm True ucode-amd-20220509-150400.4.16.1.noarch.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2023-2833 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update of installation-images fixes the following issues: - rebuild the package with the new secure boot key (bsc#1209188). installation-images-SLES-16.57.26-150400.3.11.9.src.rpm tftpboot-installation-SLE-15-SP4-aarch64-16.57.26-150400.3.11.9.noarch.rpm tftpboot-installation-SLE-15-SP4-ppc64le-16.57.26-150400.3.11.9.noarch.rpm tftpboot-installation-SLE-15-SP4-s390x-16.57.26-150400.3.11.9.noarch.rpm tftpboot-installation-SLE-15-SP4-x86_64-16.57.26-150400.3.11.9.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2161 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for aws-cli, python-boto3, python-botocore, python-s3transfer fixes the following issues: aws-cli: - Version update from 1.23.11 to 1.27.89 (bsc#1209255, jsc#PED-3780, bsc#1204537, jsc#PED-2333) * For the detailed list of changes please consult upstream changelog: https://github.com/aws/aws-cli/blob/1.27.89/CHANGELOG.rst * Updated required dependencies python-botocore: - Version update from 1.25.11 to 1.29.89 (bsc#1209255, jsc#PED-3780, bsc#1204537, jsc#PED-2333): * For the detailed list of changes please consult https://github.com/boto/botocore/blob/develop/CHANGELOG.rst * Updated required dependencies python-boto3: - Version update from 1.22.11 to 1.26.89 (bsc#1209255, jsc#PED-3780, bsc#1204537, jsc#PED-2333): * For the detailed list of changes please consult https://github.com/boto/boto3/blob/develop/CHANGELOG.rst * Updated required dependencies - Add additional build dependency requirements to python-python-dateutil and python-jmespath to resolve build failures python-s3transfer: - Version update from 0.5.0 to 0.6.0 (bsc#1209255, jsc#PED-3780, bsc#1204537, jsc#PED-2333): * Dropped support for Python 3.6 * Added support for flexible checksum when uploading or downloading objects * Officially add Python 3.10 support - Add additional build dependency requirements to python-python-dateutil and python-jmespath to resolve build failures - Drop unused python-mock build dependency python-boto3-1.26.89-150200.23.12.1.src.rpm python-botocore-1.29.89-150200.37.14.1.src.rpm python-s3transfer-0.6.0-150200.9.7.1.src.rpm python3-boto3-1.26.89-150200.23.12.1.noarch.rpm python3-botocore-1.29.89-150200.37.14.1.noarch.rpm python3-s3transfer-0.6.0-150200.9.7.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2222 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for java-11-openjdk fixes the following issues: Upgrade to upsteam tag jdk-11.0.19+7 (April 2023 CPU): - CVE-2023-21930: Fixed AES support (bsc#1210628). - CVE-2023-21937: Fixed String platform support (bsc#1210631). - CVE-2023-21938: Fixed runtime support (bsc#1210632). - CVE-2023-21939: Fixed Swing platform support (bsc#1210634). - CVE-2023-21954: Fixed object reclamation process (bsc#1210635). - CVE-2023-21967: Fixed TLS session negotiation (bsc#1210636). - CVE-2023-21968: Fixed path handling (bsc#1210637). java-11-openjdk-11.0.19.0-150000.3.96.1.src.rpm java-11-openjdk-11.0.19.0-150000.3.96.1.x86_64.rpm java-11-openjdk-demo-11.0.19.0-150000.3.96.1.x86_64.rpm java-11-openjdk-devel-11.0.19.0-150000.3.96.1.x86_64.rpm java-11-openjdk-headless-11.0.19.0-150000.3.96.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2110 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for java-17-openjdk fixes the following issues: Update to upstrem tag jdk-17.0.7+7 (April 2023 CPU) Security fixes: - CVE-2023-21930: Fixed AES support (bsc#1210628). - CVE-2023-21937: Fixed String platform support (bsc#1210631). - CVE-2023-21938: Fixed runtime support (bsc#1210632). - CVE-2023-21939: Fixed Swing platform support (bsc#1210634). - CVE-2023-21954: Fixed object reclamation process (bsc#1210635). - CVE-2023-21967: Fixed TLS session negotiation (bsc#1210636). - CVE-2023-21968: Fixed path handling (bsc#1210637). Other fixes: - Fixed socket setTrafficClass not working for IPv4 connections when IPv6 is enabled (bsc#1209333). java-17-openjdk-17.0.7.0-150400.3.18.2.src.rpm java-17-openjdk-17.0.7.0-150400.3.18.2.x86_64.rpm java-17-openjdk-demo-17.0.7.0-150400.3.18.2.x86_64.rpm java-17-openjdk-devel-17.0.7.0-150400.3.18.2.x86_64.rpm java-17-openjdk-headless-17.0.7.0-150400.3.18.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2187 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for golang-github-prometheus-alertmanager and golang-github-prometheus-node_exporter fixes the following issues: golang-github-prometheus-alertmanager: - Security issues fixed: * CVE-2022-46146: Fix authentication bypass via cache poisoning (bsc#1208051) golang-github-prometheus-node_exporter: - Security issues fixed in this version update to version 1.5.0 (jsc#PED-3578): * CVE-2022-27191: Update go/x/crypto (bsc#1197284) * CVE-2022-27664: Update go/x/net (bsc#1203185) * CVE-2022-46146: Update exporter-toolkit (bsc#1208064) - Other non-security bug fixes and changes in this version update to 1.5.0 (jsc#PED-3578): * NOTE: This changes the Go runtime "GOMAXPROCS" to 1. This is done to limit the concurrency of the exporter to 1 CPU thread at a time in order to avoid a race condition problem in the Linux kernel and parallel IO issues on nodes with high numbers of CPUs/CPU threads. * [BUGFIX] Fix hwmon label sanitizer * [BUGFIX] Use native endianness when encoding InetDiagMsg * [BUGFIX] Fix btrfs device stats always being zero * [BUGFIX] Fix diskstats exclude flags * [BUGFIX] [node-mixin] Fix fsSpaceAvailableCriticalThreshold and fsSpaceAvailableWarning * [BUGFIX] Fix concurrency issue in ethtool collector * [BUGFIX] Fix concurrency issue in netdev collector * [BUGFIX] Fix diskstat reads and write metrics for disks with different sector sizes * [BUGFIX] Fix iostat on macos broken by deprecation warning * [BUGFIX] Fix NodeFileDescriptorLimit alerts * [BUGFIX] Sanitize rapl zone names * [BUGFIX] Add file descriptor close safely in test * [BUGFIX] Fix race condition in os_release.go * [BUGFIX] Skip ZFS IO metrics if their paths are missing * [BUGFIX] Handle nil CPU thermal power status on M1 * [BUGFIX] bsd: Ignore filesystems flagged as MNT_IGNORE * [BUGFIX] Sanitize UTF-8 in dmi collector * [CHANGE] Merge metrics descriptions in textfile collector * [FEATURE] Add multiple listeners and systemd socket listener activation * [FEATURE] [node-mixin] Add darwin dashboard to mixin * [FEATURE] Add "isolated" metric on cpu collector on linux * [FEATURE] Add cgroup summary collector * [FEATURE] Add selinux collector * [FEATURE] Add slab info collector * [FEATURE] Add sysctl collector * [FEATURE] Also track the CPU Spin time for OpenBSD systems * [FEATURE] Add support for MacOS version * [ENHANCEMENT] Add RTNL version of netclass collector * [ENHANCEMENT] [node-mixin] Add missing selectors * [ENHANCEMENT] [node-mixin] Change current datasource to grafana's default * [ENHANCEMENT] [node-mixin] Change disk graph to disk table * [ENHANCEMENT] [node-mixin] Change io time units to %util * [ENHANCEMENT] Ad user_wired_bytes and laundry_bytes on *bsd * [ENHANCEMENT] Add additional vm_stat memory metrics for darwin * [ENHANCEMENT] Add device filter flags to arp collector * [ENHANCEMENT] Add diskstats include and exclude device flags * [ENHANCEMENT] Add node_softirqs_total metric * [ENHANCEMENT] Add rapl zone name label option * [ENHANCEMENT] Add slabinfo collector * [ENHANCEMENT] Allow user to select port on NTP server to query * [ENHANCEMENT] collector/diskstats: Add labels and metrics from udev * [ENHANCEMENT] Enable builds against older macOS SDK * [ENHANCEMENT] qdisk-linux: Add exclude and include flags for interface name * [ENHANCEMENT] systemd: Expose systemd minor version * [ENHANCEMENT] Use netlink for tcpstat collector * [ENHANCEMENT] Use netlink to get netdev stats * [ENHANCEMENT] Add additional perf counters for stalled frontend/backend cycles * [ENHANCEMENT] Add btrfs device error stats - Change build requirement to go1.18 or higher (previously this was fixed to version 1.14) golang-github-prometheus-node_exporter-1.5.0-150100.3.23.2.src.rpm golang-github-prometheus-node_exporter-1.5.0-150100.3.23.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2240 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for systemd fixes the following issues: - udev-rules: fix nvme symlink creation on namespace changes (bsc#1207410) - Optimize when hundred workers claim the same symlink with the same priority (bsc#1203141) - Add nss-resolve and systemd-network to Packagehub-Subpackages (MSC-626) libsystemd0-249.16-150400.8.28.3.x86_64.rpm libsystemd0-32bit-249.16-150400.8.28.3.x86_64.rpm libudev1-249.16-150400.8.28.3.x86_64.rpm libudev1-32bit-249.16-150400.8.28.3.x86_64.rpm systemd-249.16-150400.8.28.3.src.rpm systemd-249.16-150400.8.28.3.x86_64.rpm systemd-container-249.16-150400.8.28.3.x86_64.rpm systemd-coredump-249.16-150400.8.28.3.x86_64.rpm systemd-devel-249.16-150400.8.28.3.x86_64.rpm systemd-doc-249.16-150400.8.28.3.x86_64.rpm systemd-lang-249.16-150400.8.28.3.noarch.rpm systemd-sysvinit-249.16-150400.8.28.3.x86_64.rpm udev-249.16-150400.8.28.3.x86_64.rpm systemd-32bit-249.16-150400.8.28.3.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2103 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for vim fixes the following issues: Updated to version 9.0 with patch level 1443, fixes the following security problems - CVE-2023-1264: Fixed NULL Pointer Dereference (bsc#1209042). - CVE-2023-1355: Fixed NULL Pointer Dereference (bsc#1209187). - CVE-2023-1127: Fixed divide by zero in scrolldown() (bsc#1208828). vim-9.0.1443-150000.5.40.1.src.rpm vim-9.0.1443-150000.5.40.1.x86_64.rpm vim-data-9.0.1443-150000.5.40.1.noarch.rpm vim-data-common-9.0.1443-150000.5.40.1.noarch.rpm vim-small-9.0.1443-150000.5.40.1.x86_64.rpm xxd-9.0.1443-150000.5.40.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2111 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). libncurses6-6.1-150000.5.15.1.x86_64.rpm ncurses-6.1-150000.5.15.1.src.rpm ncurses-devel-6.1-150000.5.15.1.x86_64.rpm ncurses-utils-6.1-150000.5.15.1.x86_64.rpm tack-6.1-150000.5.15.1.x86_64.rpm terminfo-6.1-150000.5.15.1.x86_64.rpm terminfo-base-6.1-150000.5.15.1.x86_64.rpm terminfo-iterm-6.1-150000.5.15.1.x86_64.rpm terminfo-screen-6.1-150000.5.15.1.x86_64.rpm libncurses6-32bit-6.1-150000.5.15.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2197 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for issue-generator fixes the following issues: - Update to version 1.13 - SELinux: Do not call agetty --reload (bsc#1186178) - Update manual page - Use python3 instead of python 2.x - Don't display issue.d/*.issue files, agetty will do that (bsc#1177891) - Ignore /run/issue.d in issue-generator.path, else issue-generator will be called too fast too often (bsc#1177865) - Ignore *.bak, *~ and *.rpm* files (bsc#1118862) - Display wlan interfaces (bsc#1169070) - Handle network interface renames issue-generator-1.13-150100.3.3.1.noarch.rpm issue-generator-1.13-150100.3.3.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2131 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for openssh fixes the following issues: - Remove some patches that cause invalid environment assignments (bsc#1207014). openssh-8.4p1-150300.3.18.2.src.rpm openssh-8.4p1-150300.3.18.2.x86_64.rpm openssh-clients-8.4p1-150300.3.18.2.x86_64.rpm openssh-common-8.4p1-150300.3.18.2.x86_64.rpm openssh-fips-8.4p1-150300.3.18.2.x86_64.rpm openssh-helpers-8.4p1-150300.3.18.2.x86_64.rpm openssh-server-8.4p1-150300.3.18.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2354 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for yast2-transfer fixes the following issues - Fixed TFTP download, truncate the target file to avoid garbage at the end of the file when saving to an already existing file (bsc#1208754) yast2-transfer-4.4.2-150400.3.3.2.src.rpm yast2-transfer-4.4.2-150400.3.3.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2760 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for dnsdist fixes the following issues: - update to 1.8.0 - Implements dnsdist in SLE15 (jsc#PED-3402) - Security fix: fixes a possible record smugging with a crafted DNS query with trailing data (CVE-2018-14663, bsc#1114511) - update to 1.2.0 (bsc#1054799, bsc#1054802) This release also addresses two security issues of low severity, CVE-2016-7069 and CVE-2017-7557. The first issue can lead to a denial of service on 32-bit if a backend sends crafted answers, and the second to an alteration of dnsdist’s ACL if the API is enabled, writable and an authenticated user is tricked into visiting a crafted website. dnsdist-1.8.0-150400.9.3.1.src.rpm dnsdist-1.8.0-150400.9.3.1.x86_64.rpm libluajit-5_1-2-2.1.0~beta3+git.1624618403.e9577376-150400.4.2.1.x86_64.rpm luajit-2.1.0~beta3+git.1624618403.e9577376-150400.4.2.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2155 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for python-rpm-macros fixes the following issues: - Update to version 20230304.050c1a4 (bsc#1209881, bsc#1209353) python-rpm-generators-20230304.050c1a4-150400.3.6.1.noarch.rpm python-rpm-macros-20230304.050c1a4-150400.3.6.1.noarch.rpm python-rpm-macros-20230304.050c1a4-150400.3.6.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2317 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for util-linux fixes the following issue: - Add upstream patch to prevent possible performance degradation of libuuid (bsc#1210164) libblkid-devel-2.37.2-150400.8.17.1.x86_64.rpm libblkid-devel-static-2.37.2-150400.8.17.1.x86_64.rpm libblkid1-2.37.2-150400.8.17.1.x86_64.rpm libfdisk-devel-2.37.2-150400.8.17.1.x86_64.rpm libfdisk1-2.37.2-150400.8.17.1.x86_64.rpm libmount-devel-2.37.2-150400.8.17.1.x86_64.rpm libmount1-2.37.2-150400.8.17.1.x86_64.rpm libsmartcols-devel-2.37.2-150400.8.17.1.x86_64.rpm libsmartcols1-2.37.2-150400.8.17.1.x86_64.rpm libuuid-devel-2.37.2-150400.8.17.1.x86_64.rpm libuuid-devel-static-2.37.2-150400.8.17.1.x86_64.rpm libuuid1-2.37.2-150400.8.17.1.x86_64.rpm util-linux-2.37.2-150400.8.17.1.src.rpm util-linux-2.37.2-150400.8.17.1.x86_64.rpm util-linux-lang-2.37.2-150400.8.17.1.noarch.rpm util-linux-systemd-2.37.2-150400.8.17.1.src.rpm util-linux-systemd-2.37.2-150400.8.17.1.x86_64.rpm libblkid1-32bit-2.37.2-150400.8.17.1.x86_64.rpm libmount1-32bit-2.37.2-150400.8.17.1.x86_64.rpm libuuid1-32bit-2.37.2-150400.8.17.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2104 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for procps fixes the following issue: - Allow - as leading character to ignore possible errors on systctl entries (bsc#1209122) libprocps7-3.3.15-150000.7.31.1.x86_64.rpm procps-3.3.15-150000.7.31.1.src.rpm procps-3.3.15-150000.7.31.1.x86_64.rpm procps-devel-3.3.15-150000.7.31.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2299 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for mdadm fixes the following issues: - Fixes for mdmon to ensure it runs at the right time in the fight mount namespace, this fixes various problems with IMSM raid arrays (bsc#1205493, bsc#1205830) mdadm-4.1-150300.24.27.1.src.rpm mdadm-4.1-150300.24.27.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2159 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for open-vm-tools fixes the following issues: - Update to 12.2.0 (bsc#1209128) - Build the containerinfo plugin for TW/SLES15-SP5 and newer.(jsc#PED-1344) libvmtools-devel-12.2.0-150300.26.1.x86_64.rpm libvmtools0-12.2.0-150300.26.1.x86_64.rpm open-vm-tools-12.2.0-150300.26.1.src.rpm open-vm-tools-12.2.0-150300.26.1.x86_64.rpm open-vm-tools-salt-minion-12.2.0-150300.26.1.x86_64.rpm open-vm-tools-sdmp-12.2.0-150300.26.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2149 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for tigervnc fixes the following issues: - Drop chown vnc:vnc calls in with-vnc-key.sh (bsc#1209283) - Add TLSNone to -securitytypes to increase security in xvnc@.service (bsc#1209283) libXvnc1-1.10.1-150400.7.8.1.x86_64.rpm tigervnc-1.10.1-150400.7.8.1.src.rpm tigervnc-1.10.1-150400.7.8.1.x86_64.rpm xorg-x11-Xvnc-1.10.1-150400.7.8.1.x86_64.rpm xorg-x11-Xvnc-module-1.10.1-150400.7.8.1.x86_64.rpm xorg-x11-Xvnc-novnc-1.10.1-150400.7.8.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3413 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for LibreOffice and xmlsec1 fixes the following issue: libreoffice: - Version update from 7.4.3.2 to 7.5.4.1 (jsc#PED-3561, jsc#PED-3550, jsc#3549): * For the highlights of changes of version 7.5 please consult the official release notes: https://wiki.documentfoundation.org/ReleaseNotes/7.5 * Security issues fixed: + CVE-2023-0950: Fixed stack underflow in ScInterpreter (bsc#1209242) + CVE-2023-2255: Fixed vulnerability where remote documents could be loaded without prompt via IFrame (bsc#1211746) * Bug fixes: + Fix PPTX shadow effect for table offset (bsc#1204040) + Fix ability to set the default tab size for each text object (bsc#1198666) + Fix PPTX extra vertical space between different text formats (bsc#1200085) + Do not use binutils-gold as the package is unmaintained and will be removed in the future (boo#1210687) * Updated bundled dependencies: * boost version update from 1_77_0 to 1_80_0 * curl version update from 7.83.1 to 8.0.1 * gpgme version update from 1.16.0 to 1.18.0 * icu4c-data version update from 70_1 to 72_1 * icu4c version update from 70_1 to 72_1 * pdfium version update from 4699 to 5408 * poppler version update from 21.11.0 to 22.12.0 xmlsec1: - Version update from 1.2.28 to 1.2.37 required by LibreOffice 7.5.2.2 (jsc#PED-3561, jsc#PED-3550): * Retired the XMLSec mailing list "xmlsec@aleksey.com" and the XMLSec Online Signature Verifier. * Migration to OpenSSL 3.0 API Note that OpenSSL engines are disabled by default when XMLSec library is compiled against OpenSSL 3.0. To re-enable OpenSSL engines, use `--enable-openssl3-engines` configure flag (there will be a lot of deprecation warnings). * The OpenSSL before 1.1.0 and LibreSSL before 2.7.0 are now deprecated and will be removed in the future versions of XMLSec Library. * Refactored all the integer casts to ensure cast-safety. Fixed all warnings and enabled `-Werror` and `-pedantic` flags on CI builds. * Added configure flag to use size_t for xmlSecSize (currently disabled by default for backward compatibility). * Support for OpenSSL compiled with OPENSSL_NO_ERR. * Full support for LibreSSL 3.5.0 and above * Several other small fixes * Fix decrypting session key for two recipients * Added `--privkey-openssl-engine` option to enhance openssl engine support * Remove MD5 for NSS 3.59 and above * Fix PKCS12_parse return code handling * Fix OpenSSL lookup * xmlSecX509DataGetNodeContent(): don't return 0 for non-empty elements - fix for LibreOffice * Unload error strings in OpenSSL shutdown. * Make userData available when executing preExecCallback function * Add an option to use secure memset. * Enabled XML_PARSE_HUGE for all xml parsers. * Various build and tests fixes and improvements. * Move remaining private header files away from xmlsec/include/`` folder - Other packaging changes: * Relax the crypto policies for the test-suite. It allows the tests using certificates with small key lengths to pass. * Pass `--disable-md5` to configure: The cryptographic strength of the MD5 algorithm is sufficiently doubtful that its use is discouraged at this time. It is not listed as an algorithm in [XMLDSIG-CORE1] https://www.w3.org/TR/xmlsec-algorithms/#bib-XMLDSIG-CORE1 libxmlsec1-1-1.2.37-150400.14.3.4.x86_64.rpm libxmlsec1-gcrypt1-1.2.37-150400.14.3.4.x86_64.rpm libxmlsec1-gnutls1-1.2.37-150400.14.3.4.x86_64.rpm libxmlsec1-nss1-1.2.37-150400.14.3.4.x86_64.rpm libxmlsec1-openssl1-1.2.37-150400.14.3.4.x86_64.rpm xmlsec1-1.2.37-150400.14.3.4.src.rpm xmlsec1-1.2.37-150400.14.3.4.x86_64.rpm xmlsec1-devel-1.2.37-150400.14.3.4.x86_64.rpm xmlsec1-gcrypt-devel-1.2.37-150400.14.3.4.x86_64.rpm xmlsec1-gnutls-devel-1.2.37-150400.14.3.4.x86_64.rpm xmlsec1-nss-devel-1.2.37-150400.14.3.4.x86_64.rpm xmlsec1-openssl-devel-1.2.37-150400.14.3.4.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2132 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for hwloc fixes the following issue: - Added fix to avoid crash of slurmctld when using pmix (bsc#1210227) hwloc-2.5.0-150400.3.3.1.src.rpm hwloc-data-2.5.0-150400.3.3.1.noarch.rpm libhwloc15-2.5.0-150400.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2193 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for snapper fixes the following issues: - avoid stale btrfs qgroups on transactional systems (bsc#1210151) - wait for existing btrfs quota rescans to finish (bsc#1210150) libsnapper-devel-0.8.16-150300.3.3.1.x86_64.rpm libsnapper5-0.8.16-150300.3.3.1.x86_64.rpm pam_snapper-0.8.16-150300.3.3.1.x86_64.rpm snapper-0.8.16-150300.3.3.1.src.rpm snapper-0.8.16-150300.3.3.1.x86_64.rpm snapper-zypp-plugin-0.8.16-150300.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2918 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for gpgme fixes the following issues: gpgme: - Address failure handling issues when using gpg 2.2.6 via gpgme, as used by libzypp (bsc#1089497) libassuan: - Version upgrade to 2.5.5 in LTSS to address gpgme new requirements libassuan-2.5.5-150000.4.5.2.src.rpm libassuan-devel-2.5.5-150000.4.5.2.x86_64.rpm libassuan0-2.5.5-150000.4.5.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2140 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-2235: A use-after-free vulnerability in the Performance Events system can be exploited to achieve local privilege escalation (bsc#1210986). - CVE-2022-2196: Fixed a regression related to KVM that allowed for speculative execution attacks (bsc#1206992). - CVE-2023-23006: Fixed NULL checking against IS_ERR in dr_domain_init_resources (bsc#1208845). - CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871). - CVE-2023-2176: A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege (bsc#1210629). - CVE-2023-0386: A flaw was found where unauthorized access to the execution of the setuid file with capabilities was found in the OverlayFS subsystem, when a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allowed a local user to escalate their privileges on the system (bsc#1209615). - CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress (bsc#1210506). - CVE-2023-1855: Fixed a use after free in xgene_hwmon_remove (bsc#1210202). - CVE-2023-30772: Fixed a race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329). - CVE-2023-2019: A flaw was found in the netdevsim device driver, more specifically within the scheduling of events. This issue results from the improper management of a reference count and may lead to a denial of service (bsc#1210454). - CVE-2023-2008: A flaw was found in the fault handler of the udmabuf device driver. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code (bsc#1210453). - CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336). - CVE-2023-1990: Fixed a use after free in ndlc_remove (bsc#1210337). The following non-security bugs were fixed: - ACPI: CPPC: Disable FIE if registers in PCC regions (bsc#1210953). - ACPI: VIOT: Initialize the correct IOMMU fwspec (git-fixes). - ACPI: resource: Add Medion S17413 to IRQ override quirk (git-fixes). - ALSA: emu10k1: do not create old pass-through playback device on Audigy (git-fixes). - ALSA: emu10k1: fix capture interrupt handler unlinking (git-fixes). - ALSA: firewire-tascam: add missing unwind goto in snd_tscm_stream_start_duplex() (git-fixes). - ALSA: hda/cirrus: Add extra 10 ms delay to allow PLL settle and lock (git-fixes). - ALSA: hda/realtek: Add quirks for Lenovo Z13/Z16 Gen2 (git-fixes). - ALSA: hda/realtek: Enable mute/micmute LEDs and speaker support for HP Laptops (git-fixes). - ALSA: hda/realtek: Remove specific patch for Dell Precision 3260 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). - ALSA: hda/realtek: fix speaker, mute/micmute LEDs not work on a HP platform (git-fixes). - ALSA: hda/sigmatel: add pin overrides for Intel DP45SG motherboard (git-fixes). - ALSA: hda/sigmatel: fix S/PDIF out on Intel D*45* motherboards (git-fixes). - ALSA: hda: cs35l41: Enable Amp High Pass Filter (git-fixes). - ALSA: hda: patch_realtek: add quirk for Asus N7601ZM (git-fixes). - ALSA: i2c/cs8427: fix iec958 mixer control deactivation (git-fixes). - ARM: 9290/1: uaccess: Fix KASAN false-positives (git-fixes). - ARM: dts: exynos: fix WM8960 clock name in Itop Elite (git-fixes). - ARM: dts: gta04: fix excess dma channel usage (git-fixes). - ARM: dts: qcom: ipq4019: Fix the PCI I/O port range (git-fixes). - ARM: dts: rockchip: fix a typo error for rk3288 spdif node (git-fixes). - ARM: dts: s5pv210: correct MIPI CSIS clock name (git-fixes). - ASN.1: Fix check for strdup() success (git-fixes). - ASoC: cs35l41: Only disable internal boost (git-fixes). - ASoC: es8316: Handle optional IRQ assignment (git-fixes). - ASoC: fsl_asrc_dma: fix potential null-ptr-deref (git-fixes). - ASoC: fsl_mqs: move of_node_put() to the correct location (git-fixes). - Bluetooth: Fix race condition in hidp_session_thread (git-fixes). - Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp} (git-fixes). - Drivers: vmbus: Check for channel allocation before looking up relids (git-fixes). - IB/mlx5: Add support for 400G_8X lane speed (git-fixes) - Input: hp_sdc_rtc - mark an unused function as __maybe_unused (git-fixes). - Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe (git-fixes). - KEYS: Add missing function documentation (git-fixes). - KEYS: Create static version of public_key_verify_signature (git-fixes). - NFS: Cleanup unused rpc_clnt variable (git-fixes). - NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL (git-fixes). - NFSD: callback request does not use correct credential for AUTH_SYS (git-fixes). - PCI/EDR: Clear Device Status after EDR error recovery (git-fixes). - PCI: dwc: Fix PORT_LINK_CONTROL update when CDM check enabled (git-fixes). - PCI: imx6: Install the fault handler only on compatible match (git-fixes). - PCI: loongson: Add more devices that need MRRS quirk (git-fixes). - PCI: loongson: Prevent LS7A MRRS increases (git-fixes). - PCI: pciehp: Fix AB-BA deadlock between reset_lock and device_lock (git-fixes). - PCI: qcom: Fix the incorrect register usage in v2.7.0 config (git-fixes). - RDMA/cma: Allow UD qp_type to join multicast only (git-fixes) - RDMA/core: Fix GID entry ref leak when create_ah fails (git-fixes) - RDMA/irdma: Add ipv4 check to irdma_find_listener() (git-fixes) - RDMA/irdma: Fix memory leak of PBLE objects (git-fixes) - RDMA/irdma: Increase iWARP CM default rexmit count (git-fixes) - Remove obsolete KMP obsoletes (bsc#1210469). - Revert "Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work" (git-fixes). - Revert "pinctrl: amd: Disable and mask interrupts on resume" (git-fixes). - USB: dwc3: fix runtime pm imbalance on probe errors (git-fixes). - USB: dwc3: fix runtime pm imbalance on unbind (git-fixes). - USB: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs (git-fixes). - USB: serial: option: add Quectel RM500U-CN modem (git-fixes). - USB: serial: option: add Telit FE990 compositions (git-fixes). - USB: serial: option: add UNISOC vendor and TOZED LT70C product (git-fixes). - amdgpu: disable powerpc support for the newer display engine (bsc#1194869). - arm64: dts: imx8mm-evk: correct pmic clock source (git-fixes). - arm64: dts: meson-g12-common: specify full DMC range (git-fixes). - arm64: dts: qcom: ipq8074-hk01: enable QMP device, not the PHY node (git-fixes). - arm64: dts: qcom: ipq8074: Fix the PCI I/O port range (git-fixes). - arm64: dts: qcom: msm8994-kitakami: drop unit address from PMI8994 regulator (git-fixes). - arm64: dts: qcom: msm8994-msft-lumia-octagon: drop unit address from PMI8994 regulator (git-fixes). - arm64: dts: qcom: msm8996: Fix the PCI I/O port range (git-fixes). - arm64: dts: qcom: msm8998: Fix stm-stimulus-base reg name (git-fixes). - arm64: dts: qcom: msm8998: Fix the PCI I/O port range (git-fixes). - arm64: dts: qcom: sc7180-trogdor-lazor: correct trackpad supply (git-fixes). - arm64: dts: qcom: sdm845: Fix the PCI I/O port range (git-fixes). - arm64: dts: qcom: sm8250: Fix the PCI I/O port range (git-fixes). - arm64: dts: renesas: r8a774c0: Remove bogus voltages from OPP table (git-fixes). - arm64: dts: renesas: r8a77990: Remove bogus voltages from OPP table (git-fixes). - arm64: dts: ti: k3-j721e-main: Remove ti,strobe-sel property (git-fixes). - bluetooth: Perform careful capability checks in hci_sock_ioctl() (git-fixes). - cgroup/cpuset: Add cpuset_can_fork() and cpuset_cancel_fork() methods - cgroup/cpuset: Make cpuset_fork() handle CLONE_INTO_CGROUP properly - cgroup/cpuset: Wake up cpuset_attach_wq tasks in cpuset_cancel_attach() (bsc#1210827). - cifs: fix negotiate context parsing (bsc#1210301). - clk: add missing of_node_put() in "assigned-clocks" property parsing (git-fixes). - clk: at91: clk-sam9x60-pll: fix return value check (git-fixes). - clk: rockchip: rk3399: allow clk_cifout to force clk_cifout_src to reparent (git-fixes). - clk: sprd: set max_register according to mapping range (git-fixes). - clocksource/drivers/davinci: Fix memory leak in davinci_timer_register when init fails (git-fixes). - cpufreq: CPPC: Fix build error without CONFIG_ACPI_CPPC_CPUFREQ_FIE (bsc#1210953). - cpufreq: CPPC: Fix performance/frequency conversion (git-fixes). - cpumask: fix incorrect cpumask scanning result checks (bsc#1210943). - crypto: caam - Clear some memory in instantiate_rng (git-fixes). - crypto: drbg - Only fail when jent is unavailable in FIPS mode (git-fixes). - crypto: sa2ul - Select CRYPTO_DES (git-fixes). - crypto: safexcel - Cleanup ring IRQ workqueues on load failure (git-fixes). - driver core: Do not require dynamic_debug for initcall_debug probe timing (git-fixes). - drivers: staging: rtl8723bs: Fix locking in _rtw_join_timeout_handler() (git-fixes). - drivers: staging: rtl8723bs: Fix locking in rtw_scan_timeout_handler() (git-fixes). - drm/amd/display/dc/dce60/Makefile: Fix previous attempt to silence known override-init warnings (git-fixes). - drm/amd/display: Fix potential null dereference (git-fixes). - drm/amdgpu: Re-enable DCN for 64-bit powerpc (bsc#1194869). - drm/armada: Fix a potential double free in an error handling path (git-fixes). - drm/bridge: adv7533: Fix adv7533_mode_valid for adv7533 and adv7535 (git-fixes). - drm/bridge: lt8912b: Fix DSI Video Mode (git-fixes). - drm/bridge: lt9611: Fix PLL being unable to lock (git-fixes). - drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var (git-fixes). - drm/i915/dsi: fix DSS CTL register offsets for TGL+ (git-fixes). - drm/i915: Fix fast wake AUX sync len (git-fixes). - drm/i915: Make intel_get_crtc_new_encoder() less oopsy (git-fixes). - drm/i915: fix race condition UAF in i915_perf_add_config_ioctl (git-fixes). - drm/lima/lima_drv: Add missing unwind goto in lima_pdev_probe() (git-fixes). - drm/msm/adreno: drop bogus pm_runtime_set_active() (git-fixes). - drm/msm/disp/dpu: check for crtc enable rather than crtc active to release shared resources (git-fixes). - drm/msm: fix NULL-deref on snapshot tear down (git-fixes). - drm/nouveau/disp: Support more modes by checking with lower bpc (git-fixes). - drm/panel: otm8009a: Set backlight parent to panel device (git-fixes). - drm/probe-helper: Cancel previous job before starting new one (git-fixes). - drm/rockchip: Drop unbalanced obj unref (git-fixes). - drm/vgem: add missing mutex_destroy (git-fixes). - drm: msm: adreno: Disable preemption on Adreno 510 (git-fixes). - drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Book X90F (git-fixes). - drm: rcar-du: Fix a NULL vs IS_ERR() bug (git-fixes). - dt-bindings: arm: fsl: Fix copy-paste error in comment (git-fixes). - dt-bindings: iio: ti,tmp117: fix documentation link (git-fixes). - dt-bindings: mailbox: qcom,apcs-kpss-global: fix SDX55 'if' match (git-fixes). - dt-bindings: nvmem: qcom,spmi-sdam: fix example 'reg' property (git-fixes). - dt-bindings: remoteproc: stm32-rproc: Typo fix (git-fixes). - dt-bindings: soc: qcom: smd-rpm: re-add missing qcom,rpm-msm8994 (git-fixes). - e1000e: Disable TSO on i219-LM card to increase speed (git-fixes). - efi: sysfb_efi: Add quirk for Lenovo Yoga Book X91F/L (git-fixes). - ext4: Fix deadlock during directory rename (bsc#1210763). - ext4: Fix possible corruption when moving a directory (bsc#1210763). - ext4: fix RENAME_WHITEOUT handling for inline directories (bsc#1210766). - ext4: fix another off-by-one fsmap error on 1k block filesystems (bsc#1210767). - ext4: fix bad checksum after online resize (bsc#1210762 bsc#1208076). - ext4: fix cgroup writeback accounting with fs-layer encryption (bsc#1210765). - ext4: fix corruption when online resizing a 1K bigalloc fs (bsc#1206891). - ext4: fix incorrect options show of original mount_opt and extend mount_opt2 (bsc#1210764). - ext4: fix possible double unlock when moving a directory (bsc#1210763). - ext4: use ext4_journal_start/stop for fast commit transactions (bsc#1210793). - fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace (git-fixes). - firmware: qcom_scm: Clear download bit during reboot (git-fixes). - firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe (git-fixes). - fpga: bridge: fix kernel-doc parameter description (git-fixes). - hwmon: (adt7475) Use device_property APIs when configuring polarity (git-fixes). - hwmon: (k10temp) Check range scale when CUR_TEMP register is read-write (git-fixes). - hwmon: (pmbus/fsp-3y) Fix functionality bitmask in FSP-3Y YM-2151E (git-fixes). - i2c: cadence: cdns_i2c_master_xfer(): Fix runtime PM leak on error path (git-fixes). - i2c: hisi: Avoid redundant interrupts (git-fixes). - i2c: imx-lpi2c: clean rx/tx buffers upon new message (git-fixes). - i2c: ocores: generate stop condition after timeout in polling mode (git-fixes). - i915/perf: Replace DRM_DEBUG with driver specific drm_dbg call (git-fixes). - ice: avoid bonding causing auxiliary plug/unplug under RTNL lock (bsc#1210158). - iio: adc: at91-sama5d2_adc: fix an error code in at91_adc_allocate_trigger() (git-fixes). - iio: light: tsl2772: fix reading proximity-diodes from device tree (git-fixes). - ipmi: fix SSIF not responding under certain cond (git-fixes). - ipmi:ssif: Add send_retries increment (git-fixes). - k-m-s: Drop Linux 2.6 support - kABI: PCI: loongson: Prevent LS7A MRRS increases (kabi). - kABI: x86/msi: Fix msi message data shadow struct (kabi). - kabi/severities: ignore KABI for NVMe target (bsc#1174777). - keys: Fix linking a duplicate key to a keyring's assoc_array (bsc#1207088). - locking/rwbase: Mitigate indefinite writer starvation. - media: av7110: prevent underflow in write_ts_to_decoder() (git-fixes). - media: dm1105: Fix use after free bug in dm1105_remove due to race condition (git-fixes). - media: max9286: Free control handler (git-fixes). - media: rc: gpio-ir-recv: Fix support for wake-up (git-fixes). - media: rkvdec: fix use after free bug in rkvdec_remove (git-fixes). - media: saa7134: fix use after free bug in saa7134_finidev due to race condition (git-fixes). - media: venus: dec: Fix handling of the start cmd (git-fixes). - memstick: fix memory leak if card device is never registered (git-fixes). - mm/filemap: fix page end in filemap_get_read_batch (bsc#1210768). - mm: page_alloc: skip regions with hugetlbfs pages when allocating 1G pages (bsc#1210034). - mm: take a page reference when removing device exclusive entries (bsc#1211025). - mmc: sdhci-of-esdhc: fix quirk to ignore command inhibit for data (git-fixes). - mmc: sdhci_am654: Set HIGH_SPEED_ENA for SDR12 and SDR25 (git-fixes). - mtd: core: fix error path for nvmem provider (git-fixes). - mtd: core: fix nvmem error reporting (git-fixes). - mtd: core: provide unique name for nvmem device, take two (git-fixes). - mtd: spi-nor: Fix a trivial typo (git-fixes). - net: phy: nxp-c45-tja11xx: add remove callback (git-fixes). - net: phy: nxp-c45-tja11xx: fix unsigned long multiplication overflow (git-fixes). - nfsd: call op_release, even when op_func returns an error (git-fixes). - nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread() (git-fixes). - nilfs2: initialize unused bytes in segment summary blocks (git-fixes). - nvme initialize core quirks before calling nvme_init_subsystem (git-fixes). - nvme-auth: uninitialized variable in nvme_auth_transform_key() (git-fixes). - nvme-fcloop: fix "inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage" (git-fixes). - nvme-hwmon: consistently ignore errors from nvme_hwmon_init (git-fixes). - nvme-hwmon: kmalloc the NVME SMART log buffer (git-fixes). - nvme-multipath: fix possible hang in live ns resize with ANA access (git-fixes). - nvme-pci: fix doorbell buffer value endianness (git-fixes). - nvme-pci: fix mempool alloc size (git-fixes). - nvme-pci: fix page size checks (git-fixes). - nvme-pci: fix timeout request state check (git-fixes). - nvme-rdma: fix possible hang caused during ctrl deletion (git-fixes). - nvme-tcp: fix possible circular locking when deleting a controller under memory pressure (git-fixes). - nvme-tcp: fix possible hang caused during ctrl deletion (git-fixes). - nvme-tcp: fix regression that causes sporadic requests to time out (git-fixes). - nvme: Fix IOC_PR_CLEAR and IOC_PR_RELEASE ioctls for nvme devices (git-fixes). - nvme: add device name to warning in uuid_show() (git-fixes). - nvme: catch -ENODEV from nvme_revalidate_zones again (git-fixes). - nvme: copy firmware_rev on each init (git-fixes). - nvme: define compat_ioctl again to unbreak 32-bit userspace (git-fixes). - nvme: fix async event trace event (git-fixes). - nvme: fix handling single range discard request (git-fixes). - nvme: fix per-namespace chardev deletion (git-fixes). - nvme: fix the NVME_CMD_EFFECTS_CSE_MASK definition (git-fixes). - nvme: fix the read-only state for zoned namespaces with unsupposed features (git-fixes). - nvme: improve the NVME_CONNECT_AUTHREQ* definitions (git-fixes). - nvme: move nvme_multi_css into nvme.h (git-fixes). - nvme: return err on nvme_init_non_mdts_limits fail (git-fixes). - nvme: send Identify with CNS 06h only to I/O controllers (bsc#1209693). - nvme: set dma alignment to dword (git-fixes). - nvme: use command_id instead of req->tag in trace_nvme_complete_rq() (git-fixes). - nvmet-auth: do not try to cancel a non-initialized work_struct (git-fixes). - nvmet-tcp: fix incomplete data digest send (git-fixes). - nvmet-tcp: fix regression in data_digest calculation (git-fixes). - nvmet: add helpers to set the result field for connect commands (git-fixes). - nvmet: avoid potential UAF in nvmet_req_complete() (git-fixes). - nvmet: do not defer passthrough commands with trivial effects to the workqueue (git-fixes). - nvmet: fix I/O Command Set specific Identify Controller (git-fixes). - nvmet: fix Identify Active Namespace ID list handling (git-fixes). - nvmet: fix Identify Controller handling (git-fixes). - nvmet: fix Identify Namespace handling (git-fixes). - nvmet: fix a memory leak (git-fixes). - nvmet: fix a memory leak in nvmet_auth_set_key (git-fixes). - nvmet: fix a use-after-free (git-fixes). - nvmet: fix invalid memory reference in nvmet_subsys_attr_qid_max_show (git-fixes). - nvmet: force reconnect when number of queue changes (git-fixes). - nvmet: looks at the passthrough controller when initializing CAP (git-fixes). - nvmet: only allocate a single slab for bvecs (git-fixes). - nvmet: use IOCB_NOWAIT only if the filesystem supports it (git-fixes). - perf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output (git fixes). - perf/core: Fix the same task check in perf_event_set_output (git fixes). - perf: Fix check before add_event_to_groups() in perf_group_detach() (git fixes). - perf: fix perf_event_context->time (git fixes). - platform/x86 (gigabyte-wmi): Add support for A320M-S2H V2 (git-fixes). - platform/x86: gigabyte-wmi: add support for X570S AORUS ELITE (git-fixes). - power: supply: cros_usbpd: reclassify "default case!" as debug (git-fixes). - power: supply: generic-adc-battery: fix unit scaling (git-fixes). - powerpc/64: Always build with 128-bit long double (bsc#1194869). - powerpc/64e: Fix amdgpu build on Book3E w/o AltiVec (bsc#1194869). - powerpc/hv-gpci: Fix hv_gpci event list (git fixes). - powerpc/papr_scm: Update the NUMA distance table for the target node (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes). - powerpc/perf/hv-24x7: add missing RTAS retry status handling (git fixes). - powerpc/pseries: Consolidate different NUMA distance update code paths (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes). - powerpc: declare unmodified attribute_group usages const (git-fixes). - regulator: core: Avoid lockdep reports when resolving supplies (git-fixes). - regulator: core: Consistently set mutex_owner when using ww_mutex_lock_slow() (git-fixes). - regulator: core: Shorten off-on-delay-us for always-on/boot-on by time since booted (git-fixes). - regulator: fan53555: Explicitly include bits header (git-fixes). - regulator: fan53555: Fix wrong TCS_SLEW_MASK (git-fixes). - regulator: stm32-pwr: fix of_iomap leak (git-fixes). - remoteproc: Harden rproc_handle_vdev() against integer overflow (git-fixes). - remoteproc: imx_rproc: Call of_node_put() on iteration error (git-fixes). - remoteproc: st: Call of_node_put() on iteration error (git-fixes). - remoteproc: stm32: Call of_node_put() on iteration error (git-fixes). - rtc: meson-vrtc: Use ktime_get_real_ts64() to get the current time (git-fixes). - rtc: omap: include header for omap_rtc_power_off_program prototype (git-fixes). - sched/fair: Fix imbalance overflow (bsc#1155798). - sched/fair: Limit sched slice duration (bsc#1189999). - sched/fair: Move calculate of avg_load to a better location (bsc#1155798). - sched/fair: Sanitize vruntime of entity being migrated (bsc#1203325). - sched/fair: sanitize vruntime of entity being placed (bsc#1203325). - sched/numa: Stop an exhastive search if an idle core is found (bsc#1189999). - sched_getaffinity: do not assume 'cpumask_size()' is fully initialized (bsc#1155798). - scsi: aic94xx: Add missing check for dma_map_single() (git-fixes). - scsi: core: Add BLIST_NO_VPD_SIZE for some VDASD (git-fixes bsc#1203039). - scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR (git-fixes). - scsi: core: Fix a procfs host directory removal regression (git-fixes). - scsi: core: Fix a source code comment (git-fixes). - scsi: core: Remove the /proc/scsi/${proc_name} directory earlier (git-fixes). - scsi: hisi_sas: Check devm_add_action() return value (git-fixes). - scsi: hisi_sas: Set a port invalid only if there are no devices attached when refreshing port id (git-fixes). - scsi: ipr: Work around fortify-string warning (git-fixes). - scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param() (git-fixes). - scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress (git-fixes). - scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress (git-fixes). - scsi: kABI workaround for fc_host_fpin_rcv (git-fixes). - scsi: libsas: Remove useless dev_list delete in sas_ex_discover_end_dev() (git-fixes). - scsi: lpfc: Avoid usage of list iterator variable after loop (git-fixes). - scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read() (git-fixes). - scsi: lpfc: Copyright updates for 14.2.0.11 patches (bsc#1210943). - scsi: lpfc: Correct used_rpi count when devloss tmo fires with no recovery (bsc#1210943). - scsi: lpfc: Defer issuing new PLOGI if received RSCN before completing REG_LOGIN (bsc#1210943). - scsi: lpfc: Drop redundant pci_enable_pcie_error_reporting() (bsc#1210943). - scsi: lpfc: Fix double word in comments (bsc#1210943). - scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup() (bsc#1210943). - scsi: lpfc: Fix lockdep warning for rx_monitor lock when unloading driver (bsc#1210943). - scsi: lpfc: Prevent lpfc_debugfs_lockstat_write() buffer overflow (bsc#1210943). - scsi: lpfc: Record LOGO state with discovery engine even if aborted (bsc#1210943). - scsi: lpfc: Reorder freeing of various DMA buffers and their list removal (bsc#1210943). - scsi: lpfc: Revise lpfc_error_lost_link() reason code evaluation logic (bsc#1210943). - scsi: lpfc: Silence an incorrect device output (bsc#1210943). - scsi: lpfc: Skip waiting for register ready bits when in unrecoverable state (bsc#1210943). - scsi: lpfc: Update lpfc version to 14.2.0.11 (bsc#1210943). - scsi: megaraid_sas: Fix crash after a double completion (git-fixes). - scsi: megaraid_sas: Update max supported LD IDs to 240 (git-fixes). - scsi: mpt3sas: Do not print sense pool info twice (git-fixes). - scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add() (git-fixes). - scsi: mpt3sas: Fix a memory leak (git-fixes). - scsi: qla2xxx: Fix memory leak in qla2x00_probe_one() (git-fixes). - scsi: qla2xxx: Perform lockless command completion in abort path (git-fixes). - scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate() (git-fixes). - scsi: scsi_transport_fc: Add an additional flag to fc_host_fpin_rcv() (bsc#1210943). - scsi: sd: Fix wrong zone_write_granularity value during revalidate (git-fixes). - scsi: ses: Do not attach if enclosure has no components (git-fixes). - scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses (git-fixes). - scsi: ses: Fix possible desc_ptr out-of-bounds accesses (git-fixes). - scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process() (git-fixes). - scsi: ses: Fix slab-out-of-bounds in ses_intf_remove() (git-fixes). - scsi: snic: Fix memory leak with using debugfs_lookup() (git-fixes). - seccomp: Move copy_seccomp() to no failure path (bsc#1210817). - selftests/kselftest/runner/run_one(): allow running non-executable files (git-fixes). - selftests: sigaltstack: fix -Wuninitialized (git-fixes). - selinux: ensure av_permissions.h is built when needed (git-fixes). - selinux: fix Makefile dependencies of flask.h (git-fixes). - serial: 8250: Add missing wakeup event reporting (git-fixes). - serial: 8250_bcm7271: Fix arbitration handling (git-fixes). - serial: 8250_exar: derive nr_ports from PCI ID for Acces I/O cards (git-fixes). - serial: exar: Add support for Sealevel 7xxxC serial cards (git-fixes). - signal handling: do not use BUG_ON() for debugging (bsc#1210439). - signal: Add SA_IMMUTABLE to ensure forced siganls do not get changed (bsc#1210816). - signal: Do not always set SA_IMMUTABLE for forced signals (bsc#1210816). - signal: HANDLER_EXIT should clear SIGNAL_UNKILLABLE (bsc#1210816). - soc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe (git-fixes). - spi: cadence-quadspi: fix suspend-resume implementations (git-fixes). - spi: fsl-spi: Fix CPM/QE mode Litte Endian (git-fixes). - spi: qup: Do not skip cleanup in remove's error path (git-fixes). - staging: iio: resolver: ads1210: fix config mode (git-fixes). - staging: rtl8192e: Fix W_DISABLE# does not work after stop/start (git-fixes). - stat: fix inconsistency between struct stat and struct compat_stat (git-fixes). - sunrpc: only free unix grouplist after RCU settles (git-fixes). - tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH (git-fixes). - tty: serial: fsl_lpuart: adjust buffer length to the intended size (git-fixes). - udf: Check consistency of Space Bitmap Descriptor (bsc#1210771). - udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (bsc#1206649). - udf: Support splicing to file (bsc#1210770). - usb: chipidea: fix missing goto in `ci_hdrc_probe` (git-fixes). - usb: chipidea: imx: avoid unnecessary probe defer (git-fixes). - usb: dwc3: gadget: Change condition for processing suspend event (git-fixes). - usb: dwc3: pci: add support for the Intel Meteor Lake-S (git-fixes). - usb: gadget: tegra-xudc: Fix crash in vbus_draw (git-fixes). - usb: gadget: udc: renesas_usb3: Fix use after free bug in renesas_usb3_remove due to race condition (git-fixes). - usb: host: xhci-rcar: remove leftover quirk handling (git-fixes). - virt/coco/sev-guest: Add throttling awareness (bsc#1209927). - virt/coco/sev-guest: Carve out the request issuing logic into a helper (bsc#1209927). - virt/coco/sev-guest: Check SEV_SNP attribute at probe time (bsc#1209927). - virt/coco/sev-guest: Convert the sw_exit_info_2 checking to a switch-case (bsc#1209927). - virt/coco/sev-guest: Do some code style cleanups (bsc#1209927). - virt/coco/sev-guest: Remove the disable_vmpck label in handle_guest_request() (bsc#1209927). - virt/coco/sev-guest: Simplify extended guest request handling (bsc#1209927). - virt/sev-guest: Return -EIO if certificate buffer is not large enough (bsc#1209927). - virtio_ring: do not update event idx on get_buf (git-fixes). - vmci_host: fix a race condition in vmci_host_poll() causing GPF (git-fixes). - vmxnet3: use gro callback when UPT is enabled (bsc#1209739). - wifi: ath5k: fix an off by one check in ath5k_eeprom_read_freq_list() (git-fixes). - wifi: ath6kl: minor fix for allocation size (git-fixes). - wifi: ath6kl: reduce WARN to dev_dbg() in callback (git-fixes). - wifi: ath9k: hif_usb: fix memory leak of remain_skbs (git-fixes). - wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (git-fixes). - wifi: brcmfmac: support CQM RSSI notification with older firmware (git-fixes). - wifi: iwlwifi: debug: fix crash in __iwl_err() (git-fixes). - wifi: iwlwifi: fix duplicate entry in iwl_dev_info_table (git-fixes). - wifi: iwlwifi: fw: fix memory leak in debugfs (git-fixes). - wifi: iwlwifi: fw: move memset before early return (git-fixes). - wifi: iwlwifi: make the loop for card preparation effective (git-fixes). - wifi: iwlwifi: mvm: check firmware response size (git-fixes). - wifi: iwlwifi: mvm: do not set CHECKSUM_COMPLETE for unsupported protocols (git-fixes). - wifi: iwlwifi: mvm: fix mvmtxq->stopped handling (git-fixes). - wifi: iwlwifi: mvm: initialize seq variable (git-fixes). - wifi: iwlwifi: trans: do not trigger d3 interrupt twice (git-fixes). - wifi: iwlwifi: yoyo: Fix possible division by zero (git-fixes). - wifi: iwlwifi: yoyo: skip dump correctly on hw error (git-fixes). - wifi: mac80211: adjust scan cancel comment/check (git-fixes). - wifi: mt76: add missing locking to protect against concurrent rx/status calls (git-fixes). - wifi: mt76: fix 6GHz high channel not be scanned (git-fixes). - wifi: mt76: handle failure of vzalloc in mt7615_coredump_work (git-fixes). - wifi: mwifiex: mark OF related data as maybe unused (git-fixes). - wifi: rt2x00: Fix memory leak when handling surveys (git-fixes). - wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_reg() (git-fixes). - wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_rfreg() (git-fixes). - wifi: rtw88: mac: Return the original error from rtw_mac_power_switch() (git-fixes). - wifi: rtw88: mac: Return the original error from rtw_pwr_seq_parser() (git-fixes). - wifi: rtw89: fix potential race condition between napi_init and napi_enable (git-fixes). - writeback, cgroup: fix null-ptr-deref write in bdi_split_work_to_wbs (bsc#1210769). - x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails (git-fixes). - x86/PCI: Add quirk for AMD XHCI controller that loses MSI-X state in D3hot (git-fixes). - x86/bug: Prevent shadowing in __WARN_FLAGS (git-fixes). - x86/bugs: Enable STIBP for IBPB mitigated RETBleed (git-fixes). - x86/entry: Avoid very early RET (git-fixes). - x86/entry: Do not call error_entry() for XENPV (git-fixes). - x86/entry: Move CLD to the start of the idtentry macro (git-fixes). - x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry() (git-fixes). - x86/entry: Switch the stack after error_entry() returns (git-fixes). - x86/fpu: Prevent FPU state corruption (git-fixes). - x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume (git-fixes). - x86/msi: Fix msi message data shadow struct (git-fixes). - x86/pci/xen: Disable PCI/MSI masking for XEN_HVM guests (git-fixes). - x86/traps: Use pt_regs directly in fixup_bad_iret() (git-fixes). - x86/tsx: Disable TSX development mode at boot (git-fixes). - x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 (git-fixes). - xhci: fix debugfs register accesses while suspended (git-fixes). kernel-default-base changed: - Do not ship on s390x (bsc#1210729) - Add exfat (bsc#1208822) - Add _diag modules for included socket types (bsc#1204042) kernel-default-5.14.21-150400.24.63.1.nosrc.rpm True kernel-default-5.14.21-150400.24.63.1.x86_64.rpm True kernel-default-base-5.14.21-150400.24.63.1.150400.24.27.1.src.rpm True kernel-default-base-5.14.21-150400.24.63.1.150400.24.27.1.x86_64.rpm True kernel-default-devel-5.14.21-150400.24.63.1.x86_64.rpm True kernel-devel-5.14.21-150400.24.63.1.noarch.rpm True kernel-macros-5.14.21-150400.24.63.1.noarch.rpm True kernel-source-5.14.21-150400.24.63.1.src.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2023-2217 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for strongswan fixes the following issues: - Allow to use ipsec interface by default instead of swanctl (bsc#1184144) - Fix crash when swanctl command gets stuck intermittently (bsc#1207489) - Modified README file to reflect rcipsec usage strongswan-5.8.2-150400.19.11.1.src.rpm strongswan-5.8.2-150400.19.11.1.x86_64.rpm strongswan-doc-5.8.2-150400.19.11.1.noarch.rpm strongswan-hmac-5.8.2-150400.19.11.1.x86_64.rpm strongswan-ipsec-5.8.2-150400.19.11.1.x86_64.rpm strongswan-libs0-5.8.2-150400.19.11.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2133 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) libminizip1-1.2.11-150000.3.42.1.x86_64.rpm libz1-1.2.11-150000.3.42.1.x86_64.rpm libz1-32bit-1.2.11-150000.3.42.1.x86_64.rpm minizip-devel-1.2.11-150000.3.42.1.x86_64.rpm zlib-1.2.11-150000.3.42.1.src.rpm zlib-devel-1.2.11-150000.3.42.1.x86_64.rpm zlib-devel-static-1.2.11-150000.3.42.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2341 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libsigc++2 fixes the following issues: - Remove executable permission for file (bsc#1209094, bsc#1209140) libsigc++2-2.10.7-150400.3.3.1.src.rpm libsigc++2-devel-2.10.7-150400.3.3.1.x86_64.rpm libsigc-2_0-0-2.10.7-150400.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2224 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). curl-8.0.1-150400.5.23.1.src.rpm curl-8.0.1-150400.5.23.1.x86_64.rpm libcurl-devel-8.0.1-150400.5.23.1.x86_64.rpm libcurl4-32bit-8.0.1-150400.5.23.1.x86_64.rpm libcurl4-8.0.1-150400.5.23.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2188 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for autofs fixes the following issues: - Fix off-by-one error in recursive map handling (bsc#1209653) autofs-5.1.3-150000.7.14.1.src.rpm autofs-5.1.3-150000.7.14.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2135 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libfastjson fixes the following issues: - CVE-2020-12762: Fixed an integer overflow and out-of-bounds write via a large JSON file (bsc#1171479). libfastjson-0.99.9-150400.3.3.1.src.rpm libfastjson-devel-0.99.9-150400.3.3.1.x86_64.rpm libfastjson4-0.99.9-150400.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2667 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for bind fixes the following issues: Update to release 9.16.42 Security Fixes: * The overmem cleaning process has been improved, to prevent the cache from significantly exceeding the configured max-cache-size limit. (CVE-2023-2828) * A query that prioritizes stale data over lookup triggers a fetch to refresh the stale data in cache. If the fetch is aborted for exceeding the recursion quota, it was possible for named to enter an infinite callback loop and crash due to stack overflow. This has been fixed. (CVE-2023-2911) Bug Fixes: * Previously, it was possible for a delegation from cache to be returned to the client after the stale-answer-client-timeout duration. This has been fixed. [bsc#1212544, bsc#1212567, jsc#SLE-24600] Update to release 9.16.41 Bug Fixes: * When removing delegations from an opt-out range, empty-non-terminal NSEC3 records generated by those delegations were not cleaned up. This has been fixed. [jsc#SLE-24600] Update to release 9.16.40 Bug Fixes: * Logfiles using timestamp-style suffixes were not always correctly removed when the number of files exceeded the limit set by versions. This has been fixed for configurations which do not explicitly specify a directory path as part of the file argument in the channel specification. * Performance of DNSSEC validation in zones with many DNSKEY records has been improved. Update to release 9.16.39 Feature Changes: * libuv support for receiving multiple UDP messages in a single recvmmsg() system call has been tweaked several times between libuv versions 1.35.0 and 1.40.0; the current recommended libuv version is 1.40.0 or higher. New rules are now in effect for running with a different version of libuv than the one used at compilation time. These rules may trigger a fatal error at startup: - Building against or running with libuv versions 1.35.0 and 1.36.0 is now a fatal error. - Running with libuv version higher than 1.34.2 is now a fatal error when named is built against libuv version 1.34.2 or lower. - Running with libuv version higher than 1.39.0 is now a fatal error when named is built against libuv version 1.37.0, 1.38.0, 1.38.1, or 1.39.0. * This prevents the use of libuv versions that may trigger an assertion failure when receiving multiple UDP messages in a single system call. Bug Fixes: * named could crash with an assertion failure when adding a new zone into the configuration file for a name which was already configured as a member zone for a catalog zone. This has been fixed. * When named starts up, it sends a query for the DNSSEC key for each configured trust anchor to determine whether the key has changed. In some unusual cases, the query might depend on a zone for which the server is itself authoritative, and would have failed if it were sent before the zone was fully loaded. This has now been fixed by delaying the key queries until all zones have finished loading. [jsc#SLE-24600] bind-9.16.42-150400.5.27.1.src.rpm bind-utils-9.16.42-150400.5.27.1.x86_64.rpm python3-bind-9.16.42-150400.5.27.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2301 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for cosign fixes the following issues: cosign was updated to 2.0.1 (jsc#SLE-23879) - Enhancements - Add environment variable token provider (#2864) - Remove cosign policy command (#2846) - Allow customising 'go' executable with GOEXE var (#2841) - Consistent tlog warnings during verification (#2840) - Add riscv64 arch (#2821) - Default generated PEM labels to SIGSTORE (#2735) - Update privacy statement and confirmation (#2797) - Add exit codes for verify errors (#2766) - Add Buildkite provider (#2779) - verify-blob-attestation: Loosen arg requirements if --check-claims=false (#2746) - Bug Fixes - PKCS11 sessions are now opened read only (#2853) - Makefile: date format of log should not show signatures (#2835) - Add missing flags to cosign verify dockerfile/manifest (#2830) - Add a warning to remember how to configure a custom Gitlab host (#2816) - Remove tag warning message from save/copy commands (#2799) - Mark keyless pem files with b64 (#2671) - build against a maintained golang version (upstream uses go1.20) cosign was updated to 2.0.0 (jsc#SLE-23879) - Breaking Changes: - insecure-skip-tlog-verify: rename and adapt the cert expiration check (#2620) - Deprecate --certificate-email flag. Make --certificate-identity and -… (#2411) - Enhancements: - Change go module name to github.com/sigstore/cosign/v2 for Cosign 2.0 (#2544) - Allow users to pass in a path for the --identity-token flag (#2538) - Breaking change: Respect tlog-upload=false, default to true (#2505) - Support outputing a certificate without uploading to the tlog (#2506) - Attestation/Blob signing and verification using a RFC3161 time-stamping server (#2464) - respect tlog-upload flag with TSA (#2474) - Better feedback if specifying incompatible argument on cosign sign --attachment (#2449) - Support TSA and Rekor verifications (#2463) - add support for tsa signing and verification of images (#2460) - cosign policy sign: remove experimental flag and make keyless signing default (#2459) - Remove experimental mode from cosign attest and verify-attestation (#2458) - Remove experimental mode from sign-blob and verify-blob (#2457) - Add --offline flag to force offline verification (#2427) - Air gap support (#2299) - Breaking change: Change SCT verification behavior to default to enforcement (#2400) - Breaking change: remove --force flag from sign and attest and rely on --yes flag to skip confirmation (#2399) - Breaking change: replace --no-tlog-upload flag with --tlog-upload flag (#2397) - Remove experimental flag from cosign sign and cosign verify (#2387) - verify: remove SIGSTORE_TRUST_REKOR_API_PUBLIC_KEY test env var for using a key from rekor's API (#2362) - Add warning to use digest instead of tags to other cosign commands (#2650) - Fix up UI messages (#2629) - Remove hardcoded Fulcio from output (#2621) - Fix missing privacy statement, print in multiple locations (#2622) - feat: allows custom key names for import-key-pair (#2587) - feat: support keyless verification for verify-blob-attestation (#2525) - attest-blob: add functionality for keyless signing (#2515) - Rego: add support for custom error/warning messages when evaluating rego rules (#2577) - feat: add debug information to cert validation error (#2579) - Support non-Sigstore TSA requests (#2708) - Add COSIGN_OCI_EXPERIMENTAL, push .sig/.sbom using OCI 1.1+ digest tag (#2684) - Output certificate in bundle when entry is not uploaded to Rekor (#2715) - attach signature and attach sbom must use STDIN to upload raw string (#2637) - add generate-key-pair GitHub Enterprise server support (#2676) - add in format string for warning (#2699) - Support for fetching Fulcio certs with self-managed key (#2532) - 2476 predicate type download (#2484) - Bug Fixes: - Fix the file existence check. (#2552) - Fix timestamp verification, add verify-blob tests (#2527) - Fix(verify): Consolidate certificate expiry logic (#2504) - Updates to Timestamp signing and verification (#2499) - Fix: removes attestation payload from attest-blob's output & no base64 encoding (#2498) - Fix path for e2e-tests badge (#2490) - Fix spdx json media type (#2479) - Fix sct verificaction (#2426) - Fix: panic with unsigned local image (#2656) - Make sure a cert passed in via --cert matches the bundle cert (#2652) - Fix: fix github oidc post submit test (#2594) - Fix: add enhanced error messages for failing verification with TUF targets (#2589) - Fix: Add missing schemes to cosign predicate types. (#2717) - Fix: Drop the CosignPredicate wrapper around SBOM attestations. (#2718) - Fix prompts with Windows line endings (#2674) cosing was update to 1.13.1: - verify-blob-attestation: allow multiple subjects in in_toto attestation (#2341) - Nits for #2337 (#2342) - Add verify-blob-attestation command and tests (#2337) - Update warning when users sign images by tag. (#2313) - Remove experimental flags from attest-blob and refactor (#2338) - Add --output-attestation flag to attest-blob and remove experimental signing (#2332) - Add attest-blob command (#2286) - Add '--cert-identity' flag to support subject alternate names for ver… (#2278) - Update Dockerfile section of README (#2323) - Fix option description: "sign" --> "verify" (#2306) cosign was updated to 1.13.0: - feat: use stdin as an input for predicate by @developer-guy in https://github.com/sigstore/cosign/pull/2269 - feat: improve the verification message by @developer-guy in https://github.com/sigstore/cosign/pull/2268 - use scaffolding 0.4.8 for tests. by @vaikas in https://github.com/sigstore/cosign/pull/2280 - fix pivtool generate key touch policy by @cpanato in https://github.com/sigstore/cosign/pull/2282 - Check error on chain verification failure by @haydentherapper in https://github.com/sigstore/cosign/pull/2284 - Fix: Remove an extra registry request from verification path. by @mattmoor in https://github.com/sigstore/cosign/pull/2285 - Fix: Create a static copy of signatures as part of verification. by @mattmoor in https://github.com/sigstore/cosign/pull/2287 - Data race in FetchSignaturesForReference by @RTann in https://github.com/sigstore/cosign/pull/2283 - Add support for Fulcio username identity in SAN by @haydentherapper in https://github.com/sigstore/cosign/pull/2291 - fix: make tlog entry lookups for online verification shard-aware by @asraa in https://github.com/sigstore/cosign/pull/2297 - Better help text to sign and verify SBOM by @ChristianCiach in https://github.com/sigstore/cosign/pull/2308 - Adding warning to pin to digest by @ChaosInTheCRD in https://github.com/sigstore/cosign/pull/2311 - Add annotations for upload blob. by @cldmnky in https://github.com/sigstore/cosign/pull/2188 - replace deprecate package by @cpanato in https://github.com/sigstore/cosign/pull/2314 - update release images to use go1.19.2 and cosign v1.12.1 by @cpanato in https://github.com/sigstore/cosign/pull/2315 cosign was updated to 1.12.1: - fix: Pulls Fulcio root and intermediate when --certificate-chain is not passed into verify-blob command. The v1.12.0 release introduced a regression: when COSIGN_EXPERIMENTAL was not set, cosign verify-blob would check a --certificate (without a --certificate-chain provided) against the operating system root CA bundle. In this release, Cosign checks the certificate against Fulcio's CA root instead (restoring the earlier behavior). - fix: fix cert chain validation for verify-blob in non-experimental mode - fix: add COSIGN_EXPERIMENTAL=1 for verify-bloba - Fix BYO-root with intermediate to fetch intermediates from annotation - fix: fixing breaking changes in rekor v1.12.0 upgrade cosign-2.0.1-150400.3.9.1.src.rpm cosign-2.0.1-150400.3.9.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2180 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update of skopeo fixes the following issues: - rebuild the package with the go 19.9 secure release (bsc#1200441). skopeo-0.1.41-150000.4.16.1.src.rpm skopeo-0.1.41-150000.4.16.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2761 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libjansson fixes the following issues: - Update to 2.14 (bsc#1201817): * New Features: + Add `json_object_getn`, `json_object_setn`, `json_object_deln`, and the corresponding `nocheck` functions. + Add jansson_version_str() and jansson_version_cmp() for runtime version checking + Add json_object_update_new(), json_object_update_existing_new() and json_object_update_missing_new() functions + Add json_object_update_recursive() + Add `json_pack()` format specifiers s*, o* and O* for values that can be omitted if null + Add `json_error_code()` to retrieve numeric error codes + Enable thread safety for `json_dump()` on all systems. Enable thread safe `json_decref()` and `json_incref()` for modern compilers + Add `json_sprintf()` and `json_vsprintf()` * Fixes: + Handle `sprintf` corner cases. + Add infinite loop check in json_deep_copy() + Enhance JANSSON_ATTRS macro to support earlier C standard(C89) + Update version detection for sphinx-build + Fix error message in `json_pack()` for NULL object + Avoid invalid memory read in `json_pack()` + Call va_end after va_copy in `json_vsprintf()` + Improve handling of formats with '?' and '*' in `json_pack()` + Remove inappropriate `jsonp_free()` which caused segmentation fault in error handling + Fix incorrect report of success from `json_dump_file()` when an error is returned by `fclose()` + Make json_equal() const-correct + Fix incomplete stealing of references by `json_pack()` - Use GitHub as source URLs: Release hasn't been uploaded to digip.org. - Add check section. libjansson-2.14-150000.3.3.1.src.rpm libjansson-devel-2.14-150000.3.3.1.x86_64.rpm libjansson4-2.14-150000.3.3.1.x86_64.rpm libjansson4-32bit-2.14-150000.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2273 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update of geoipupdate fixes the following issues: - rebuild the package with the go 1.19 security release (bsc#1200441 bsc#1209658). geoipupdate-4.2.2-150000.1.10.1.src.rpm geoipupdate-4.2.2-150000.1.10.1.x86_64.rpm geoipupdate-legacy-4.2.2-150000.1.10.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2585 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for salt and python-pyzmq fixes the following issues: salt: - Update to Salt release version 3006.0 (jsc#PED-4361) * See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html - Add missing patch after rebase to fix collections Mapping issues - Add python3-looseversion as new dependency for salt - Add python3-packaging as new dependency for salt - Allow entrypoint compatibility for "importlib-metadata>=5.0.0" (bsc#1207071) - Avoid conflicts with Salt dependencies versions (bsc#1211612) - Avoid failures due transactional_update module not available in Salt 3006.0 (bsc#1211754) - Create new salt-tests subpackage containing Salt tests - Drop conflictive patch dicarded from upstream - Fix package build with old setuptools versions - Fix SLS rendering error when Jinja macros are used - Fix version detection and avoid building and testing failures - Prevent deadlocks in salt-ssh executions - Require python3-jmespath runtime dependency (bsc#1209233) - Make master_tops compatible with Salt 3000 and older minions (bsc#1212516, bsc#1212517) python-pyzmq: - Update python-pyzmq to version 17.1.2 in LTSS products (bsc#1186945) python-pyzmq-17.1.2-150000.3.5.2.src.rpm True python3-pyzmq-17.1.2-150000.3.5.2.x86_64.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2023-2571 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for salt fixes the following issues: salt: - Update to Salt release version 3006.0 (jsc#PED-4361) * See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html - Add missing patch after rebase to fix collections Mapping issues - Add python3-looseversion as new dependency for salt - Add python3-packaging as new dependency for salt - Allow entrypoint compatibility for "importlib-metadata>=5.0.0" (bsc#1207071) - Avoid conflicts with Salt dependencies versions (bsc#1211612) - Avoid failures due transactional_update module not available in Salt 3006.0 (bsc#1211754) - Create new salt-tests subpackage containing Salt tests - Drop conflictive patch dicarded from upstream - Fix package build with old setuptools versions - Fix SLS rendering error when Jinja macros are used - Fix version detection and avoid building and testing failures - Prevent deadlocks in salt-ssh executions - Require python3-jmespath runtime dependency (bsc#1209233) - Make master_tops compatible with Salt 3000 and older minions (bsc#1212516, bsc#1212517) python-jmespath: - Deliver python3-jmespath to SUSE Linux Enterprise Micro on s390x architecture as it is now required by Salt (no source changes) python-ply: - Deliver python3-ply to SUSE Linux Enterprise Micro on s390x architecture as it is a requirement for python-jmespath (no source changes) python-jmespath-0.9.3-150000.3.3.4.src.rpm True python-ply-3.10-150000.3.3.4.src.rpm True python-simplejson-3.17.2-150300.3.2.3.src.rpm True python3-jmespath-0.9.3-150000.3.3.4.noarch.rpm True python3-ply-3.10-150000.3.3.4.noarch.rpm True python3-salt-3006.0-150400.8.34.2.x86_64.rpm True python3-simplejson-3.17.2-150300.3.2.3.x86_64.rpm True salt-3006.0-150400.8.34.2.src.rpm True salt-3006.0-150400.8.34.2.x86_64.rpm True salt-bash-completion-3006.0-150400.8.34.2.noarch.rpm True salt-doc-3006.0-150400.8.34.2.x86_64.rpm True salt-minion-3006.0-150400.8.34.2.x86_64.rpm True salt-zsh-completion-3006.0-150400.8.34.2.noarch.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2023-2207 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for postgresql15 fixes the following issues: Updated to version 15.3: - CVE-2023-2454: Fixed an issue where a user having permission to create a schema could hijack the privileges of a security definer function or extension script (bsc#1211228). - CVE-2023-2455: Fixed an issue that could allow a user to see or modify rows that should have been invisible (bsc#1211229). - Internal fixes (bsc#1210303). libpq5-15.3-150200.5.9.1.x86_64.rpm postgresql15-15.3-150200.5.9.1.src.rpm postgresql15-15.3-150200.5.9.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2205 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for postgresql14 fixes the following issues: Updated to version 14.8: - CVE-2023-2454: Fixed an issue where a user having permission to create a schema could hijack the privileges of a security definer function or extension script (bsc#1211228). - CVE-2023-2455: Fixed an issue that could allow a user to see or modify rows that should have been invisible (bsc#1211229). - Internal fixes (bsc#1210303). postgresql14-14.8-150200.5.26.1.src.rpm postgresql14-14.8-150200.5.26.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2210 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for rekor fixes the following issues: Updated to version 1.1.1 (jsc#SLE-23476): Functional Enhancements - Refactor Trillian client with exported methods (#1454) - Switch to official redis-go client (#1459) - Remove replace in go.mod (#1444) - Add Rekor OID info. (#1390) Quality Enhancements - remove legacy encrypted cosign key (#1446) - swap cjson dependency (#1441) - Update release readme (#1456) Security fixes: - CVE-2023-30551: Fixed a potential denial of service when processing JAR META-INF files or .SIGN/.PKINFO files in APK files (bsc#1211210). - updated to rekor 1.1.0 (jsc#SLE-23476): Functional Enhancements - improve validation on intoto v0.0.2 type (#1351) - add feature to limit HTTP request body length to process (#1334) - add information about the file size limit (#1313) - Add script to backfill Redis from Rekor (#1163) - Feature: add search support for sha512 (#1142) Quality Enhancements - various fuzzing fixes Bug Fixes - remove goroutine usage from SearchLogQuery (#1407) - drop log messages regarding attestation storage to debug (#1408) - fix validation for proposed vs committed log entries for intoto v0.0.1 (#1309) - fix: fix regex for multi-digit counts (#1321) - return NotFound if treesize is 0 rather than calling trillian (#1311) - enumerate slice to get sugared logs (#1312) - put a reasonable size limit on ssh key reader (#1288) - CLIENT: Fix Custom Host and Path Issue (#1306) - do not persist local state if log is empty; fail consistency proofs from 0 size (#1290) - correctly handle invalid or missing pki format (#1281) - Add Verifier to get public key/cert and identities for entry type (#1210) - fix goroutine leak in client; add insecure TLS option (#1238) - Fix - Remove the force-recreate flag (#1179) - trim whitespace around public keys before parsing (#1175) - stop inserting envelope hash for intoto:0.0.2 types into index (#1171) - Revert "remove double encoding of payload and signature fields for intoto (#1150)" (#1158) - remove double encoding of payload and signature fields for intoto (#1150) - fix SearchLogQuery behavior to conform to openapi spec (#1145) - Remove pem-certificate-chain from client (#1138) - fix flag type for operator in search (#1136) - use sigstore/community dep review (#1132) rekor-1.1.1-150400.4.9.1.src.rpm rekor-1.1.1-150400.4.9.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2236 critical SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for python-looseversion fixes the following issues: - Provide python-looseversion version 1.0.2 as new Salt 3006 dependency. (jsc#PED-4360) python-looseversion-1.0.2-150100.3.3.1.src.rpm python3-looseversion-1.0.2-150100.3.3.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2237 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for vim fixes the following issues: * Make xxd conflict with the previous vim packages to avoid a file conflict during migration (bsc#1211144) vim-9.0.1443-150000.5.43.1.src.rpm vim-9.0.1443-150000.5.43.1.x86_64.rpm vim-data-9.0.1443-150000.5.43.1.noarch.rpm vim-data-common-9.0.1443-150000.5.43.1.noarch.rpm vim-small-9.0.1443-150000.5.43.1.x86_64.rpm xxd-9.0.1443-150000.5.43.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2262 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for nftables fixes the following issue: - A crash in nftables if layer2 reject rules are processed (bsc#1210773). libnftables1-0.9.8-150300.3.6.1.x86_64.rpm nftables-0.9.8-150300.3.6.1.src.rpm nftables-0.9.8-150300.3.6.1.x86_64.rpm python3-nftables-0.9.8-150300.3.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2263 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for python-Flask fixes the following issues: - CVE-2023-30861: Fixed a potential cookie confusion due to incorrect caching (bsc#1211246). python-Flask-1.0.4-150400.3.3.1.src.rpm python3-Flask-1.0.4-150400.3.3.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2233 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for cups-filters fixes the following issues: - CVE-2023-24805: Fixed a remote code execution in the beh backend (bsc#1211340). cups-filters-1.25.0-150200.3.6.1.src.rpm cups-filters-1.25.0-150200.3.6.1.x86_64.rpm cups-filters-devel-1.25.0-150200.3.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2279 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for dracut fixes the following issues: - Update to version 055+suse.342.g2e6dce8e: fips=1 and separate /boot break s390x (bsc#1204478): * fix(fips): move fips-boot script to pre-pivot * fix(fips): only unmount /boot if it was mounted by the fips module * feat(fips): add progress messages * fix(fips): do not blindly remove /boot * fix(network-legacy): handle do_dhcp calls without arguments (bsc#1210640) dracut-055+suse.342.g2e6dce8e-150400.3.22.1.src.rpm dracut-055+suse.342.g2e6dce8e-150400.3.22.1.x86_64.rpm dracut-fips-055+suse.342.g2e6dce8e-150400.3.22.1.x86_64.rpm dracut-ima-055+suse.342.g2e6dce8e-150400.3.22.1.x86_64.rpm dracut-mkinitrd-deprecated-055+suse.342.g2e6dce8e-150400.3.22.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2284 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for texlive fixes the following issues: - CVE-2023-32700: Fixed arbitrary code execution in LuaTeX (bsc#1211389). perl-biber-2021.20210325.svn30357-150400.31.3.1.noarch.rpm texlive-2021.20210325-150400.31.3.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2340 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for java-17-openjdk fixes the following issues: - In SSLSessionImpl, interpret length of SNIServerName as an unsigned byte so that it can have length up to 255 rather than 127 (SG#65673, bsc#1210392) - Do not install separate nss.fips.cfg file, since there is now one in the tree and the install happens automatically - Enable system property file by default, without which the FIPS mode would never get enabled (bsc#1211259) java-17-openjdk-17.0.7.0-150400.3.21.1.src.rpm java-17-openjdk-17.0.7.0-150400.3.21.1.x86_64.rpm java-17-openjdk-demo-17.0.7.0-150400.3.21.1.x86_64.rpm java-17-openjdk-devel-17.0.7.0-150400.3.21.1.x86_64.rpm java-17-openjdk-headless-17.0.7.0-150400.3.21.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2243 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for ucode-intel fixes the following issues: - Updated to Intel CPU Microcode 20230512 release. (bsc#1211382). - New platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ADL-N | A0 | 06-be-00/01 | | 00000010 | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E | AZB | A0 | 06-9a-04/40 | | 00000004 | Intel(R) Atom(R) C1100 | AZB | R0 | 06-9a-04/40 | | 00000004 | Intel(R) Atom(R) C1100 - Updated Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ADL | L0 | 06-9a-03/80 | 00000429 | 0000042a | Core Gen12 | ADL | L0 | 06-9a-04/80 | 00000429 | 0000042a | Core Gen12 | AML-Y22 | H0 | 06-8e-09/10 | | 000000f2 | Core Gen8 Mobile | AML-Y42 | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen10 Mobile | CFL-H | R0 | 06-9e-0d/22 | 000000f4 | 000000f8 | Core Gen9 Mobile | CFL-H/S | P0 | 06-9e-0c/22 | 000000f0 | 000000f2 | Core Gen9 | CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000f0 | 000000f2 | Core Gen8 Desktop, Mobile, Xeon E | CFL-S | B0 | 06-9e-0b/02 | 000000f0 | 000000f2 | Core Gen8 | CFL-U43e | D0 | 06-8e-0a/c0 | 000000f0 | 000000f2 | Core Gen8 Mobile | CLX-SP | B0 | 06-55-06/bf | 04003303 | 04003501 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05003303 | 05003501 | Xeon Scalable Gen2 | CML-H | R1 | 06-a5-02/20 | 000000f4 | 000000f6 | Core Gen10 Mobile | CML-S102 | Q0 | 06-a5-05/22 | 000000f4 | 000000f6 | Core Gen10 | CML-S62 | G1 | 06-a5-03/22 | 000000f4 | 000000f6 | Core Gen10 | CML-U62 V1 | A0 | 06-a6-00/80 | 000000f4 | 000000f6 | Core Gen10 Mobile | CML-U62 V2 | K1 | 06-a6-01/80 | 000000f4 | 000000f6 | Core Gen10 Mobile | CML-Y42 | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen10 Mobile | CPX-SP | A1 | 06-55-0b/bf | 07002503 | 07002601 | Xeon Scalable Gen3 | ICL-D | B0 | 06-6c-01/10 | 01000211 | 01000230 | Xeon D-17xx, D-27xx | ICL-U/Y | D1 | 06-7e-05/80 | 000000b8 | 000000ba | Core Gen10 Mobile | ICX-SP | D0 | 06-6a-06/87 | 0d000389 | 0d000390 | Xeon Scalable Gen3 | KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000f0 | 000000f2 | Core Gen7; Xeon E3 v6 | KBL-U/Y | H0 | 06-8e-09/c0 | | 000000f2 | Core Gen7 Mobile | LKF | B2/B3 | 06-8a-01/10 | 00000032 | 00000033 | Core w/Hybrid Technology | RKL-S | B0 | 06-a7-01/02 | 00000057 | 00000058 | Core Gen11 | RPL-H 6+8 | J0 | 06-ba-02/07 | 0000410e | 00004112 | Core Gen13 | RPL-P 6+8 | J0 | 06-ba-02/07 | 0000410e | 00004112 | Core Gen13 | RPL-S | S0 | 06-b7-01/32 | 00000112 | 00000113 | Core Gen13 | RPL-U 2+8 | Q0 | 06-ba-03/07 | 0000410e | 00004112 | Core Gen13 | SKX-D | H0 | 06-55-04/b7 | | 02006f05 | Xeon D-21xx | SKX-SP | B1 | 06-55-03/97 | 01000161 | 01000171 | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | | 02006f05 | Xeon Scalable | SPR-HBM | B3 | 06-8f-08/10 | 2c000170 | 2c0001d1 | Xeon Max | SPR-SP | E0 | 06-8f-04/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | E2 | 06-8f-05/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | E3 | 06-8f-06/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | E4 | 06-8f-07/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | E5 | 06-8f-08/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | S2 | 06-8f-07/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | S3 | 06-8f-08/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | TGL | B1 | 06-8c-01/80 | 000000a6 | 000000aa | Core Gen11 Mobile | TGL-H | R0 | 06-8d-01/c2 | 00000042 | 00000044 | Core Gen11 Mobile | TGL-R | C0 | 06-8c-02/c2 | 00000028 | 0000002a | Core Gen11 Mobile | WHL-U | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen8 Mobile | WHL-U | W0 | 06-8e-0b/d0 | | 000000f2 | Core Gen8 Mobile ucode-intel-20230512-150200.24.1.src.rpm True ucode-intel-20230512-150200.24.1.x86_64.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2023-2276 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for grub2 fixes the following issues: - grub2-once: Fix 'sh: terminal_output: command not found' error (bsc#1204563) - Fix PowerVS deployment fails to boot with 90 cores (bsc#1208581) grub2-2.06-150400.11.33.1.src.rpm grub2-2.06-150400.11.33.1.x86_64.rpm grub2-i386-pc-2.06-150400.11.33.1.noarch.rpm grub2-snapper-plugin-2.06-150400.11.33.1.noarch.rpm grub2-systemd-sleep-plugin-2.06-150400.11.33.1.noarch.rpm grub2-x86_64-efi-2.06-150400.11.33.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2293 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for mercurial fixes the following issues: - Fix unexprted abort at cloning a repo (bsc#1210707) mercurial-5.9.1-150400.3.3.1.src.rpm mercurial-5.9.1-150400.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2307 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for kbd fixes the following issue: - Add 'ara' vc keymap, 'ara' is slightly better than 'arabic' as it matches the name of its X11 layout counterpart. (bsc#1210702) kbd-2.4.0-150400.5.6.1.src.rpm kbd-2.4.0-150400.5.6.1.x86_64.rpm kbd-legacy-2.4.0-150400.5.6.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2649 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for hwdata fixes the following issues: - update to 0.371: hwdata-0.371-150000.3.62.1.noarch.rpm hwdata-0.371-150000.3.62.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2482 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for systemd-rpm-macros fixes the following issues: - Adjust functions so they are disabled when called from a chroot (bsc#1211272) systemd-rpm-macros-13-150000.7.33.1.noarch.rpm systemd-rpm-macros-13-150000.7.33.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2333 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) libminizip1-1.2.11-150000.3.45.1.x86_64.rpm libz1-1.2.11-150000.3.45.1.x86_64.rpm libz1-32bit-1.2.11-150000.3.45.1.x86_64.rpm minizip-devel-1.2.11-150000.3.45.1.x86_64.rpm zlib-1.2.11-150000.3.45.1.src.rpm zlib-devel-1.2.11-150000.3.45.1.x86_64.rpm zlib-devel-static-1.2.11-150000.3.45.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2494 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for yast2-network fixes the following issues: - Fix wicked failing with wpa-enterprise (bsc#1211026) - Update to 4.4.57 yast2-network-4.4.57-150400.3.21.1.noarch.rpm yast2-network-4.4.57-150400.3.21.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2625 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 gcc12-12.3.0+git1204-150000.1.10.1.src.rpm libasan8-12.3.0+git1204-150000.1.10.1.x86_64.rpm libasan8-32bit-12.3.0+git1204-150000.1.10.1.x86_64.rpm libatomic1-12.3.0+git1204-150000.1.10.1.x86_64.rpm libatomic1-32bit-12.3.0+git1204-150000.1.10.1.x86_64.rpm libgcc_s1-12.3.0+git1204-150000.1.10.1.x86_64.rpm libgcc_s1-32bit-12.3.0+git1204-150000.1.10.1.x86_64.rpm libgfortran5-12.3.0+git1204-150000.1.10.1.x86_64.rpm libgfortran5-32bit-12.3.0+git1204-150000.1.10.1.x86_64.rpm libgomp1-12.3.0+git1204-150000.1.10.1.x86_64.rpm libgomp1-32bit-12.3.0+git1204-150000.1.10.1.x86_64.rpm libitm1-12.3.0+git1204-150000.1.10.1.x86_64.rpm libitm1-32bit-12.3.0+git1204-150000.1.10.1.x86_64.rpm liblsan0-12.3.0+git1204-150000.1.10.1.x86_64.rpm libobjc4-12.3.0+git1204-150000.1.10.1.x86_64.rpm libobjc4-32bit-12.3.0+git1204-150000.1.10.1.x86_64.rpm libquadmath0-12.3.0+git1204-150000.1.10.1.x86_64.rpm libquadmath0-32bit-12.3.0+git1204-150000.1.10.1.x86_64.rpm libstdc++6-12.3.0+git1204-150000.1.10.1.x86_64.rpm libstdc++6-32bit-12.3.0+git1204-150000.1.10.1.x86_64.rpm libstdc++6-locale-12.3.0+git1204-150000.1.10.1.x86_64.rpm libstdc++6-pp-12.3.0+git1204-150000.1.10.1.x86_64.rpm libstdc++6-pp-32bit-12.3.0+git1204-150000.1.10.1.x86_64.rpm libtsan2-12.3.0+git1204-150000.1.10.1.x86_64.rpm libubsan1-12.3.0+git1204-150000.1.10.1.x86_64.rpm libubsan1-32bit-12.3.0+git1204-150000.1.10.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2366 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for xen fixes the following issues: - Added debug-info to xen-syms (bsc#1209237) - Update to Xen 4.16.4 bug fix release (bsc#1027519) - Added upstream bug fixes (bsc#1027519) - Fix host-assisted kexec/kdump for HVM domUs (bsc#1209245) - Drop patches contained in new tarball and switch to upstream backports for some patches xen-4.16.4_02-150400.4.28.1.src.rpm xen-libs-4.16.4_02-150400.4.28.1.x86_64.rpm xen-tools-domU-4.16.4_02-150400.4.28.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2313 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for c-ares fixes the following issues: Update to version 1.19.1: - CVE-2023-32067: 0-byte UDP payload causes Denial of Service (bsc#1211604) - CVE-2023-31147: Insufficient randomness in generation of DNS query IDs (bsc#1211605) - CVE-2023-31130: Buffer Underwrite in ares_inet_net_pton() (bsc#1211606) - CVE-2023-31124: AutoTools does not set CARES_RANDOM_FILE during cross compilation (bsc#1211607) - Fix uninitialized memory warning in test - ares_getaddrinfo() should allow a port of 0 - Fix memory leak in ares_send() on error - Fix comment style in ares_data.h - Fix typo in ares_init_options.3 - Sync ax_pthread.m4 with upstream - Sync ax_cxx_compile_stdcxx_11.m4 with upstream to fix uclibc support c-ares-1.19.1-150000.3.23.1.src.rpm c-ares-devel-1.19.1-150000.3.23.1.x86_64.rpm libcares2-1.19.1-150000.3.23.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3316 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for jakarta-commons-discovery fixes the following issues: - Version update from 0.4 to 0.5 (jsc#SLE-23217): * The minimum JDK requirement is now JDK 1.5 * Dependencies: Commons Discovery depends on Commons Logging * New features: Discovery APIs use Java5 Generics * Known bugs/limitations: `resource.classes.DiscoverClasses` doesn't work with Oracle embedded JVM in DBMS, see DISCOVERY-13: https://issues.apache.org/jira/browse/DISCOVERY-13 * Deprecations: + Classes in `org.apache.commons.discovery.log` package have been deprecated; depending on Apache Commons Logging 1.1.1 there is no more circular dependency between Apache Commons Discovery and Apache Commons Logging + `setLog(org.apache.commons.logging.Log)` methods have been deprecated; they are not thread-safe jakarta-commons-discovery-0.5-150000.4.11.1.noarch.rpm jakarta-commons-discovery-0.5-150000.4.11.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3577 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for crypto-policies fixes the following issues: - Update update-crypto-policies(8) man pages and README.SUSE to mention the supported back-end policies. (bsc#1209998) crypto-policies-20210917.c9d86d1-150400.3.3.1.noarch.rpm crypto-policies-20210917.c9d86d1-150400.3.3.1.src.rpm crypto-policies-scripts-20210917.c9d86d1-150400.3.3.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2347 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for cups fixes the following issues: - CVE-2023-32324: Fixed a buffer overflow in format_log_line() which could cause a denial-of-service (bsc#1211643). cups-2.2.7-150000.3.43.1.src.rpm cups-2.2.7-150000.3.43.1.x86_64.rpm cups-client-2.2.7-150000.3.43.1.x86_64.rpm cups-config-2.2.7-150000.3.43.1.x86_64.rpm cups-devel-2.2.7-150000.3.43.1.x86_64.rpm libcups2-2.2.7-150000.3.43.1.x86_64.rpm libcups2-32bit-2.2.7-150000.3.43.1.x86_64.rpm libcupscgi1-2.2.7-150000.3.43.1.x86_64.rpm libcupsimage2-2.2.7-150000.3.43.1.x86_64.rpm libcupsmime1-2.2.7-150000.3.43.1.x86_64.rpm libcupsppdc1-2.2.7-150000.3.43.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3150 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for kernel-firmware-nvidia-gsp-G06,nvidia-open-driver-G06-signed fixes the following issues: nvidia-open-driver-G06-signed and kernel-firmware-nvidia-gsp-G06 were updated to version 535.86.05. kernel-firmware-nvidia-gspx-G06-535.86.05-150400.9.3.1.nosrc.rpm kernel-firmware-nvidia-gspx-G06-535.86.05-150400.9.3.1.x86_64.rpm nvidia-open-driver-G06-signed-535.86.05-150400.9.14.1.src.rpm nvidia-open-driver-G06-signed-kmp-default-535.86.05_k5.14.21_150400.24.69-150400.9.14.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2334 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for tiff fixes the following issues: Fixed multiple out of bounds read/write security issues: CVE-2023-0795 (bsc#1208226), CVE-2023-0796 (bsc#1208227), CVE-2023-0797 (bsc#1208228), CVE-2023-0798 (bsc#1208229), CVE-2023-0799 (bsc#1208230), CVE-2023-0800 (bsc#1208231), CVE-2023-0801 (bsc#1208232), CVE-2023-0802 (bsc#1208233), CVE-2023-0803 (bsc#1208234), CVE-2023-0804 (bsc#1208236). libtiff-devel-4.0.9-150000.45.28.1.x86_64.rpm libtiff5-32bit-4.0.9-150000.45.28.1.x86_64.rpm libtiff5-4.0.9-150000.45.28.1.x86_64.rpm tiff-4.0.9-150000.45.28.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2912 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for linux-glibc-devel fixes the following issues: - Add linux/sev-guest.h (bsc#1211096) linux-glibc-devel-5.14-150400.6.6.1.src.rpm linux-glibc-devel-5.14-150400.6.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2342 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). libopenssl-1_1-devel-1.1.1l-150400.7.37.1.x86_64.rpm libopenssl-1_1-devel-32bit-1.1.1l-150400.7.37.1.x86_64.rpm libopenssl1_1-1.1.1l-150400.7.37.1.x86_64.rpm libopenssl1_1-32bit-1.1.1l-150400.7.37.1.x86_64.rpm libopenssl1_1-hmac-1.1.1l-150400.7.37.1.x86_64.rpm libopenssl1_1-hmac-32bit-1.1.1l-150400.7.37.1.x86_64.rpm openssl-1_1-1.1.1l-150400.7.37.1.src.rpm openssl-1_1-1.1.1l-150400.7.37.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2320 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for wireshark fixes the following issues: Updated to version 3.6.14: - CVE-2023-2855: Fixed a crash in the Candump log file parser (boo#1211703). - CVE-2023-2856: Fixed a crash in the VMS TCPIPtrace file parser (boo#1211707). - CVE-2023-2857: Fixed a crash in the BLF file parser (boo#1211705). - CVE-2023-2858: Fixed a crash in the NetScaler file parser (boo#1211706). - CVE-2023-0668: Fixed a crash in the IEEE C37.118 Synchrophasor dissector (boo#1211710). - CVE-2023-2879: GDSDB dissector infinite loop (boo#1211793). Further features, bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-3.6.14.html libwireshark15-3.6.14-150000.3.92.1.x86_64.rpm libwiretap12-3.6.14-150000.3.92.1.x86_64.rpm libwsutil13-3.6.14-150000.3.92.1.x86_64.rpm wireshark-3.6.14-150000.3.92.1.src.rpm wireshark-3.6.14-150000.3.92.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2363 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libnvme, nvme-cli fixes the following issues: - Fix GC in Python binding (bsc#1209905 bsc#1209131) - Fix crash when printing json output for supported log pages (bsc#1209550) - Add coverity reported fixes (bsc#1209669) - Update host_traddr when using config.json file (bsc#1210089) - Fix compiler warning (git-fixes) - Fix condition in autoconnect service (bsc#1210105) - Set version-tag so that version are correctly reported libnvme-1.0+32.gb30ab4c96c2d-150400.3.21.1.src.rpm libnvme-devel-1.0+32.gb30ab4c96c2d-150400.3.21.1.x86_64.rpm libnvme1-1.0+32.gb30ab4c96c2d-150400.3.21.1.x86_64.rpm nvme-cli-2.0+40.gd857ed9befd6-150400.3.18.1.src.rpm nvme-cli-2.0+40.gd857ed9befd6-150400.3.18.1.x86_64.rpm nvme-cli-bash-completion-2.0+40.gd857ed9befd6-150400.3.18.1.x86_64.rpm nvme-cli-zsh-completion-2.0+40.gd857ed9befd6-150400.3.18.1.x86_64.rpm python3-libnvme-1.0+32.gb30ab4c96c2d-150400.3.21.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2657 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libcontainers-common fixes the following issues: - New subpackage libcontainers-sles-mounts which adds SLE-specific mounts on SLE systems (bsc#1211124) - Own /etc/containers/systemd and /usr/share/containers/systemd for podman quadlet - Remove container-storage-driver.sh to default to the overlay driver instead of btrfs libcontainers-common-20230214-150400.3.8.1.noarch.rpm libcontainers-common-20230214-150400.3.8.1.src.rpm libcontainers-sles-mounts-20230214-150400.3.8.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2484 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). libldap-2_4-2-2.4.46-150200.14.14.1.x86_64.rpm libldap-data-2.4.46-150200.14.14.1.noarch.rpm openldap2-2.4.46-150200.14.14.1.src.rpm openldap2-client-2.4.46-150200.14.14.1.x86_64.rpm openldap2-devel-2.4.46-150200.14.14.1.x86_64.rpm openldap2-devel-static-2.4.46-150200.14.14.1.x86_64.rpm libldap-2_4-2-32bit-2.4.46-150200.14.14.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2885 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) glibc-2.31-150300.52.2.src.rpm glibc-2.31-150300.52.2.x86_64.rpm glibc-devel-2.31-150300.52.2.x86_64.rpm glibc-extra-2.31-150300.52.2.x86_64.rpm glibc-i18ndata-2.31-150300.52.2.noarch.rpm glibc-info-2.31-150300.52.2.noarch.rpm glibc-lang-2.31-150300.52.2.noarch.rpm glibc-locale-2.31-150300.52.2.x86_64.rpm glibc-locale-base-2.31-150300.52.2.x86_64.rpm glibc-locale-base-32bit-2.31-150300.52.2.x86_64.rpm glibc-profile-2.31-150300.52.2.x86_64.rpm nscd-2.31-150300.52.2.x86_64.rpm glibc-32bit-2.31-150300.52.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2356 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libvirt fixes the following issues: - CVE-2023-2700: Fixed a memory leak that could be triggered by repeatedly querying an SR-IOV PCI device's capabilities (bsc#1211390). Non-security fixes: - Fixed a potential crash during driver cleanup (bsc#1209861). - Added Apparmor support for SUSE edk2 firmware paths (boo#1208567). - Fixed lxc container initialization with systemd and hybrid groups (boo#1183247). - Added the option to specify the virtual CPU address size in bits for qemu (bsc#1199583). libvirt-8.0.0-150400.7.6.1.src.rpm libvirt-libs-8.0.0-150400.7.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2599 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 Initial release of bpftool: - Initial release (jsc#PED-3924) bpftool allows for inspection and simple modification of BPF objects on the system. bpftool-5.14.21-150400.9.4.1.src.rpm bpftool-5.14.21-150400.9.4.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2470 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for openssl-3 fixes the following issues: - Update to version 3.0.8 (bsc#1207541). - CVE-2022-40735: Fixed remote trigger of expensive server-side DHE modular-exponentiation with long exponents in Diffie-Hellman Key Agreement Protocol (bsc#1205476). - CVE-2023-1255: Fixed input buffer over-read in AES-XTS implementation on 64 bit ARM (bsc#1210714). - CVE-2023-2650: Fixed possible DoS translating ASN.1 object identifiers (bsc#1211430). libopenssl-3-devel-3.0.8-150400.4.26.1.x86_64.rpm libopenssl3-3.0.8-150400.4.26.1.x86_64.rpm openssl-3-3.0.8-150400.4.26.1.src.rpm openssl-3-3.0.8-150400.4.26.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2515 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for rekor fixes the following issues: - updated to rekor 1.2.1 (jsc#SLE-23476): - CVE-2023-33199: Fixed that malformed proposed intoto v0.0.2 entries can cause a panic (bsc#1211790). rekor-1.2.1-150400.4.12.1.src.rpm rekor-1.2.1-150400.4.12.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2648 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for openssl-1_1 fixes the following issues: - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - Update further expiring certificates that affect the testsuite (bsc#1201627). libopenssl-1_1-devel-1.1.1l-150400.7.42.1.x86_64.rpm libopenssl-1_1-devel-32bit-1.1.1l-150400.7.42.1.x86_64.rpm libopenssl1_1-1.1.1l-150400.7.42.1.x86_64.rpm libopenssl1_1-32bit-1.1.1l-150400.7.42.1.x86_64.rpm libopenssl1_1-hmac-1.1.1l-150400.7.42.1.x86_64.rpm libopenssl1_1-hmac-32bit-1.1.1l-150400.7.42.1.x86_64.rpm openssl-1_1-1.1.1l-150400.7.42.1.src.rpm openssl-1_1-1.1.1l-150400.7.42.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2467 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libwebp fixes the following issues: - CVE-2023-1999: Fixed a double free (bsc#1210212). libwebp-1.0.3-150200.3.5.1.src.rpm libwebp-devel-1.0.3-150200.3.5.1.x86_64.rpm libwebp7-1.0.3-150200.3.5.1.x86_64.rpm libwebpdecoder3-1.0.3-150200.3.5.1.x86_64.rpm libwebpdemux2-1.0.3-150200.3.5.1.x86_64.rpm libwebpmux3-1.0.3-150200.3.5.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2516 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for opensc fixes the following issues: - CVE-2023-2977: Fixed out of bounds read in pkcs15 cardos_have_verifyrc_package() (bsc#1211894). opensc-0.22.0-150400.3.3.1.src.rpm opensc-0.22.0-150400.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2517 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for python3 fixes the following issues: - CVE-2007-4559: Fixed filter for tarfile.extractall (bsc#1203750). - Fixed unittest.mock.patch.dict returns function when applied to coroutines (bsc#1211158). libpython3_6m1_0-3.6.15-150300.10.48.1.x86_64.rpm python3-3.6.15-150300.10.48.1.src.rpm python3-3.6.15-150300.10.48.1.x86_64.rpm python3-base-3.6.15-150300.10.48.1.x86_64.rpm python3-core-3.6.15-150300.10.48.1.src.rpm python3-curses-3.6.15-150300.10.48.1.x86_64.rpm python3-dbm-3.6.15-150300.10.48.1.x86_64.rpm python3-devel-3.6.15-150300.10.48.1.x86_64.rpm python3-idle-3.6.15-150300.10.48.1.x86_64.rpm python3-tk-3.6.15-150300.10.48.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2619 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for python-sqlparse fixes the following issues: - CVE-2023-30608: Fixed a Regular Expression Denial of Service (ReDOS) vulnerability (bsc#1210617). python-sqlparse-0.4.2-150300.3.6.1.src.rpm python3-sqlparse-0.4.2-150300.3.6.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2519 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for supportutils fixes the following issues: - Added missed sanitation check on crash.txt (bsc#1203818) - Added check to _sanitize_file - Using variable for replement text in _sanitize_file supportutils-3.1.21-150300.7.35.18.1.noarch.rpm supportutils-3.1.21-150300.7.35.18.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2811 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libfido2, python-fido2, yubikey-manager, yubikey-manager-qt fixes the following issues: This update provides a feature update to the FIDO2 stack. Changes in libfido2: - Version 1.13.0 (2023-02-20) * New API calls: + fido_assert_empty_allow_list; + fido_cred_empty_exclude_list. * fido2-token: fix issue when listing large blobs. - Version 1.12.0 (2022-09-22) * Support for COSE_ES384. * Improved support for FIDO 2.1 authenticators. * New API calls: + es384_pk_free; + es384_pk_from_EC_KEY; + es384_pk_from_EVP_PKEY; + es384_pk_from_ptr; + es384_pk_new; + es384_pk_to_EVP_PKEY; + fido_cbor_info_certs_len; + fido_cbor_info_certs_name_ptr; + fido_cbor_info_certs_value_ptr; + fido_cbor_info_maxrpid_minpinlen; + fido_cbor_info_minpinlen; + fido_cbor_info_new_pin_required; + fido_cbor_info_rk_remaining; + fido_cbor_info_uv_attempts; + fido_cbor_info_uv_modality. * Documentation and reliability fixes. - Version 1.11.0 (2022-05-03) * Experimental PCSC support; enable with -DUSE_PCSC. * Improved OpenSSL 3.0 compatibility. * Use RFC1951 raw deflate to compress CTAP 2.1 largeBlobs. * winhello: advertise "uv" instead of "clientPin". * winhello: support hmac-secret in fido_dev_get_assert(). * New API calls: + fido_cbor_info_maxlargeblob. * Documentation and reliability fixes. * Separate build and regress targets. - Version 1.10.0 (2022-01-17) * bio: fix CTAP2 canonical CBOR encoding in fido_bio_dev_enroll_*(); gh#480. * New API calls: - fido_dev_info_set; - fido_dev_io_handle; - fido_dev_new_with_info; - fido_dev_open_with_info. * Cygwin and NetBSD build fixes. * Documentation and reliability fixes. * Support for TPM 2.0 attestation of COSE_ES256 credentials. - Version 1.9.0 (2021-10-27) * Enabled NFC support on Linux. * Support for FIDO 2.1 "minPinLength" extension. * Support for COSE_EDDSA, COSE_ES256, and COSE_RS1 attestation. * Support for TPM 2.0 attestation. * Support for device timeouts; see fido_dev_set_timeout(). * New API calls: - es256_pk_from_EVP_PKEY; - fido_cred_attstmt_len; - fido_cred_attstmt_ptr; - fido_cred_pin_minlen; - fido_cred_set_attstmt; - fido_cred_set_pin_minlen; - fido_dev_set_pin_minlen_rpid; - fido_dev_set_timeout; - rs256_pk_from_EVP_PKEY. * Reliability and portability fixes. * Better handling of HID devices without identification strings; gh#381. - Update to version 1.8.0: * Better support for FIDO 2.1 authenticators. * Support for attestation format 'none'. * New API calls: - fido_assert_set_clientdata; - fido_cbor_info_algorithm_cose; - fido_cbor_info_algorithm_count; - fido_cbor_info_algorithm_type; - fido_cbor_info_transports_len; - fido_cbor_info_transports_ptr; - fido_cred_set_clientdata; - fido_cred_set_id; - fido_credman_set_dev_rk; - fido_dev_is_winhello. * fido2-token: new -Sc option to update a resident credential. * Documentation and reliability fixes. * HID access serialisation on Linux. - Update to version 1.7.0: * hid_win: detect devices with vendor or product IDs > 0x7fff * Support for FIDO 2.1 authenticator configuration. * Support for FIDO 2.1 UV token permissions. * Support for FIDO 2.1 "credBlobs" and "largeBlobs" extensions. * New API calls * New fido_init flag to disable fido_dev_open’s U2F fallback * Experimental NFC support on Linux. - Enabled hidapi again, issues related to hidapi are fixed upstream - Update to version 1.6.0: * Documentation and reliability fixes. * New API calls: + fido_cred_authdata_raw_len; + fido_cred_authdata_raw_ptr; + fido_cred_sigcount; + fido_dev_get_uv_retry_count; + fido_dev_supports_credman. * Hardened Windows build. * Native FreeBSD and NetBSD support. * Use CTAP2 canonical CBOR when combining hmac-secret and credProtect. - Create a udev subpackage and ship the udev rule. Changes in python-fido2: - update to 0.9.3: * Don't fail device discovery when hidraw doesn't support HIDIOCGRAWUNIQ * Support the latest Windows webauthn.h API (included in Windows 11). * Add product name and serial number to HidDescriptors. * Remove the need for the uhid-freebsd dependency on FreeBSD. - Update to version 0.9.1 * Add new CTAP error codes and improve handling of unknown codes. * Client: API changes to better support extensions. * Client.make_credential now returns a AuthenticatorAttestationResponse, which holds the AttestationObject and ClientData, as well as any client extension results for the credential. * Client.get_assertion now returns an AssertionSelection object, which is used to select between multiple assertions * Renames: The CTAP1 and CTAP2 classes have been renamed to Ctap1 and Ctap2, respectively. * ClientPin: The ClientPin API has been restructured to support multiple PIN protocols, UV tokens, and token permissions. * CTAP 2.1 PRE: Several new features have been added for CTAP 2.1 * HID: The platform specific HID code has been revamped - Version 0.8.1 (released 2019-11-25) * Bugfix: WindowsClient.make_credential error when resident key requirement is unspecified. - Version 0.8.0 (released 2019-11-25) * New fido2.webauthn classes modeled after the W3C WebAuthn spec introduced. * CTAP2 send_cbor/make_credential/get_assertion and U2fClient request/authenticate timeout arguments replaced with event used to cancel a request. * Fido2Client: - make_credential/get_assertion now take WebAuthn options objects. - timeout is now provided in ms in WebAuthn options objects. Event based cancelation also available by passing an Event. * Fido2Server: - ATTESTATION, USER_VERIFICATION, and AUTHENTICATOR_ATTACHMENT enums have been replaced with fido2.webauthn classes. - RelyingParty has been replaced with PublicKeyCredentialRpEntity, and name is no longer optional. - Options returned by register_begin/authenticate_begin now omit unspecified values if they are optional, instead of filling in default values. - Fido2Server.allowed_algorithms now contains a list of PublicKeyCredentialParameters instead of algorithm identifiers. - Fido2Server.timeout is now in ms and of type int. * Support native WebAuthn API on Windows through WindowsClient. - Version 0.7.2 (released 2019-10-24) * Support for the TPM attestation format. * Allow passing custom challenges to register/authenticate in Fido2Server. * Bugfix: CTAP2 CANCEL command response handling fixed. * Bugfix: Fido2Client fix handling of empty allow_list. * Bugfix: Fix typo in CTAP2.get_assertions() causing it to fail. - Version 0.7.1 (released 2019-09-20) * Enforce canonical CBOR on Authenticator responses by default. * PCSC: Support extended APDUs. * Server: Verify that UP flag is set. * U2FFido2Server: Implement AppID exclusion extension. * U2FFido2Server: Allow custom U2F facet verification. * Bugfix: U2FFido2Server.authenticate_complete now returns the result. - Version 0.7.0 (released 2019-06-17) * Add support for NFC devices using PCSC. * Add support for the hmac-secret Authenticator extension. * Honor max credential ID length and number of credentials to Authenticator. * Add close() method to CTAP devices to explicitly release their resources. - Version 0.6.0 (released 2019-05-10) * Don't fail if CTAP2 Info contains unknown fields. * Replace cbor loads/dumps functions with encode/decode/decode_from. * Server: Add support for AuthenticatorAttachment. * Server: Add support for more key algorithms. * Client: Expose CTAP2 Info object as Fido2Client.info. Changes in yubikey-manager: - Update to version 4.0.9 (released 2022-06-17) * Dependency: Add support for python-fido2 1.x * Fix: Drop stated support for Click 6 as features from 7 are being used. - Update to version 4.0.8 (released 2022-01-31) * Bugfix: Fix error message for invalid modhex when programing a YubiOTP credential. * Bugfix: Fix issue with displaying a Steam credential when it is the only account. * Bugfix: Prevent installation of files in site-packages root. * Bugfix: Fix cleanup logic in PIV for protected management key. * Add support for token identifier when programming slot-based HOTP. * Add support for programming NDEF in text mode. * Dependency: Add support for Cryptography ⇐ 38. - version update to 4.0.7 ** Bugfix release: Fix broken naming for "YubiKey 4", and a small OATH issue with touch Steam credentials. - version 4.0.6 (released 2021-09-08) ** Improve handling of YubiKey device reboots. ** More consistently mask PIN/password input in prompts. ** Support switching mode over CCID for YubiKey Edge. ** Run pkill from PATH instead of fixed location. - version 4.0.5 (released 2021-07-16) ** Bugfix: Fix PIV feature detection for some YubiKey NEO versions. ** Bugfix: Fix argument short form for --period when adding TOTP credentials. ** Bugfix: More strict validation for some arguments, resulting in better error messages. ** Bugfix: Correctly handle TOTP credentials using period != 30 AND touch_required. ** Bugfix: Fix prompting for access code in the otp settings command (now uses "-A -"). - Update to version 4.0.3 * Add support for fido reset over NFC. * Bugfix: The --touch argument to piv change-management-key was ignored. * Bugfix: Don’t prompt for password when importing PIV key/cert if file is invalid. * Bugfix: Fix setting touch-eject/auto-eject for YubiKey 4 and NEO. * Bugfix: Detect PKCS#12 format when outer sequence uses indefinite length. * Dependency: Add support for Click 8. - Update to version 4.0.2 * Update device names * Add read_info output to the --diagnose command, and show exception types. * Bugfix: Fix read_info for YubiKey Plus. * Add support for YK5-based FIPS YubiKeys. * Bugfix: Fix OTP device enumeration on Win32. * Drop reliance on libusb and libykpersonalize. * Support the "fido" and "otp" subcommands over NFC * New "ykman --diagnose" command to aid in troubleshooting. * New "ykman apdu" command for sending raw APDUs over the smart card interface. * New "yubikit" package added for custom development and advanced scripting. * OpenPGP: Add support for KDF enabled YubiKeys. * Static password: Add support for FR, IT, UK and BEPO keyboard layouts. - Update to 3.1.1 * Add support for YubiKey 5C NFC * OpenPGP: set-touch now performs compatibility checks before prompting for PIN * OpenPGP: Improve error messages and documentation for set-touch * PIV: read-object command no longer adds a trailing newline * CLI: Hint at missing permissions when opening a device fails * Linux: Improve error handling when pcscd is not running * Windows: Improve how .DLL files are loaded, thanks to Marius Gabriel Mihai for reporting this! * Bugfix: set-touch now accepts the cached-fixed option * Bugfix: Fix crash in OtpController.prepare_upload_key() error parsing * Bugfix: Fix crash in piv info command when a certificate slot contains an invalid certificate * Library: PivController.read_certificate(slot) now wraps certificate parsing exceptions in new exception type InvalidCertificate * Library: PivController.list_certificates() now returns None for slots containing invalid certificate, instead of raising an exception - Version 3.1.0 (released 2019-08-20) * Add support for YubiKey 5Ci * OpenPGP: the info command now prints OpenPGP specification version as well * OpenPGP: Update support for attestation to match OpenPGP v3.4 * PIV: Use UTC time for self-signed certificates * OTP: Static password now supports the Norman keyboard layout - Version 3.0.0 (released 2019-06-24) * Add support for new YubiKey Preview and lightning form factor * FIDO: Support for credential management * OpenPGP: Support for OpenPGP attestation, cardholder certificates and cached touch policies * OTP: Add flag for using numeric keypad when sending digits - Version 2.1.1 (released 2019-05-28) * OTP: Add initial support for uploading Yubico OTP credentials to YubiCloud * Don’t automatically select the U2F applet on YubiKey NEO, it might be blocked by the OS * ChalResp: Always pad challenge correctly * Bugfix: Don’t crash with older versions of cryptography * Bugfix: Password was always prompted in OATH command, even if sent as argument Changes in yubikey-manager-qt: - update to 1.2.5: * Compatibility update for ykman 5.0.1. * Update to Python 3.11. * Update product images. - Update to version 1.2.4 (released 2021-10-26) * Update device names and images. * PIV: Fix import of certificate. - Update to version 1.2.3 * Improved error handling when using Security Key Series devices. * PIV: Fix generation of certificate in slot 9c. - Update to version 1.2.2 * Fix detection of YubiKey Plus * Compatibility update for yubikey-manager 4.0 * Bugfix: Device caching with multiple devices * Drop dependencies on libusb and libykpers. * Add additional product names and images - update to 1.1.5 * Add support for YubiKey 5C NFC - Update to version 1.1.4 * OTP: Add option to upload YubiOTP credential to YubiCloud * Linux: Show hint about pcscd service if opening device fails * Bugfix: Signal handling now compatible with Python 3.8 - Version 1.1.3 (released 2019-08-20) * Add suppport for YubiKey 5Ci * PIV: Use UTC time for self-signed certificates - Version 1.1.2 (released 2019-06-24) * Add support for new YubiKey Preview * PIV: The popup for the management key now have a "Use default" option * Windows: Fix issue with importing PIV certificates * Bugfix: generate static password now works correctly libfido2-1-1.13.0-150400.5.3.1.x86_64.rpm libfido2-1.13.0-150400.5.3.1.src.rpm libfido2-devel-1.13.0-150400.5.3.1.x86_64.rpm libfido2-udev-1.13.0-150400.5.3.1.noarch.rpm python-fido2-0.9.3-150400.9.3.1.src.rpm python3-dataclasses-0.8-150400.3.2.1.noarch.rpm python3-dataclasses-0.8-150400.3.2.1.src.rpm python3-fido2-0.9.3-150400.9.3.1.noarch.rpm yubikey-manager-4.0.9-150400.9.3.1.noarch.rpm yubikey-manager-4.0.9-150400.9.3.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2742 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for yast2-pkg-bindings fixes the following issues: libzypp was updated to version 17.31.14 (22): - Curl: trim all custom headers (bsc#1212187) HTTP/2 RFC 9113 forbids fields ending with a space. So we make sure all custom headers are trimmed. This also includes headers returned by URL-Resolver plugins. - build: honor libproxy.pc's includedir (bsc#1212222) zypper was updated to version 1.14.61: - targetos: Add an error note if XPath:/product/register/target is not defined in /etc/products.d/baseproduct (bsc#1211261) - targetos: Update help and man page (bsc#1211261) yast2-pkg-bindings, autoyast: - Added a new option for rebuilding the RPM database (--rebuilddb) (bsc#1209565) - Selected products are not installed after resetting the package manager internally (bsc#1202234) yast2-update: - Rebuild the RPM database during upgrade (--rebuilddb) (bsc#1209565) libprotobuf-lite20-3.9.2-150200.4.21.1.x86_64.rpm True libprotobuf20-3.9.2-150200.4.21.1.x86_64.rpm True protobuf-3.9.2-150200.4.21.1.src.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2023-2825 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for java-17-openjdk fixes the following issues: - Bring back our nss.fips.cfg file, as the variable expansion in the upstream file does not work (bsc#1211679) java-17-openjdk-17.0.7.0-150400.3.24.1.src.rpm java-17-openjdk-17.0.7.0-150400.3.24.1.x86_64.rpm java-17-openjdk-demo-17.0.7.0-150400.3.24.1.x86_64.rpm java-17-openjdk-devel-17.0.7.0-150400.3.24.1.x86_64.rpm java-17-openjdk-headless-17.0.7.0-150400.3.24.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2640 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for vim fixes the following issues: - CVE-2023-2426: Fixed out-of-range pointer offset (bsc#1210996). - CVE-2023-2609: Fixed NULL pointer dereference (bsc#1211256). - CVE-2023-2610: Fixed integer overflow or wraparound (bsc#1211257). vim-9.0.1572-150000.5.46.1.src.rpm vim-9.0.1572-150000.5.46.1.x86_64.rpm vim-data-9.0.1572-150000.5.46.1.noarch.rpm vim-data-common-9.0.1572-150000.5.46.1.noarch.rpm vim-small-9.0.1572-150000.5.46.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2653 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-28410: Fixed improper restriction of operations within the bounds of a memory buffer in some Intel(R) i915 Graphics drivers that may have allowed an authenticated user to potentially enable escalation of privilege via local access (bsc#1211263). - CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131). - CVE-2023-1382: Fixed denial of service in tipc_conn_close (bsc#1209288). - CVE-2023-3006: Fixed a known cache speculation vulnerability, known as Branch History Injection (BHI) or Spectre-BHB, for the new hw AmpereOne (bsc#1211855). - CVE-2023-2269: Fixed a denial-of-service problem due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c (bsc#1210806). - CVE-2023-1079: Fixed a use-after-free problem that could have been triggered in asus_kbd_backlight_set when plugging/disconnecting a malicious USB device (bsc#1208604). - CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647). - CVE-2023-33288: Fixed a use-after-free in bq24190_remove in drivers/power/supply/bq24190_charger.c (bsc#1211590). - CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760). - CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758). - CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762). - CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803). - CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756). - CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb-core/dvb_frontend.c (bsc#1210783). - CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210533). - CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940). - CVE-2023-30456: Fixed an issue in arch/x86/kvm/vmx/nested.c with nVMX on x86_64 lacks consistency checks for CR0 and CR4 (bsc#1210294). - CVE-2022-4269: Fixed a flaw was found inside the Traffic Control (TC) subsystem (bsc#1206024). - CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests (bsc#1211043). - CVE-2023-1380: Fixed a slab-out-of-bound read problem in brcmf_get_assoc_ies() (bsc#1209287). - CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem (bsc#1211105). - CVE-2023-2483: Fixed a use after free bug in emac_remove caused by a race condition (bsc#1211037). - CVE-2023-2124: Fixed an out-of-bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498). The following non-security bugs were fixed: - 3c589_cs: Fix an error handling path in tc589_probe() (git-fixes). - ACPI: EC: Fix oops when removing custom query handlers (git-fixes). - ACPI: bus: Ensure that notify handlers are not running after removal (git-fixes). - ACPI: processor: Fix evaluating _PDC method when running as Xen dom0 (git-fixes). - ACPI: tables: Add support for NBFT (bsc#1195921). - ACPICA: ACPICA: check null return of ACPI_ALLOCATE_ZEROED in acpi_db_display_objects (git-fixes). - ACPICA: Avoid undefined behavior: applying zero offset to null pointer (git-fixes). - ALSA: caiaq: input: Add error handling for unsupported input methods in `snd_usb_caiaq_input_init` (git-fixes). - ALSA: cs46xx: mark snd_cs46xx_download_image as static (git-fixes). - ALSA: firewire-digi00x: prevent potential use after free (git-fixes). - ALSA: hda/ca0132: add quirk for EVGA X299 DARK (git-fixes). - ALSA: hda/realtek: Add a quirk for HP EliteDesk 805 (git-fixes). - ALSA: hda/realtek: Add quirk for 2nd ASUS GU603 (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS UM3402YAR using CS35L41 (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo L140AU (git-fixes). - ALSA: hda/realtek: Add quirk for HP EliteBook G10 laptops (git-fixes). - ALSA: hda/realtek: Add quirk for ThinkPad P1 Gen 6 (git-fixes). - ALSA: hda/realtek: Apply HP B&O top speaker profile to Pavilion 15 (git-fixes). - ALSA: hda/realtek: Enable headset onLenovo M70/M90 (git-fixes). - ALSA: hda/realtek: Fix mute and micmute LEDs for an HP laptop (git-fixes). - ALSA: hda/realtek: Fix mute and micmute LEDs for yet another HP laptop (git-fixes). - ALSA: hda/realtek: support HP Pavilion Aero 13-be0xxx Mute LED (git-fixes). - ALSA: hda: Add NVIDIA codec IDs a3 through a7 to patch table (git-fixes). - ALSA: hda: Fix Oops by 9.1 surround channel names (git-fixes). - ALSA: usb-audio: Add a sample rate workaround for Line6 Pod Go (git-fixes). - ALSA: usb-audio: Add quirk for Pioneer DDJ-800 (git-fixes). - ARM64: dts: Add DTS files for bcmbca SoC BCM6858 (git-fixes). - ARM: 9296/1: HP Jornada 7XX: fix kernel-doc warnings (git-fixes). - ARM: dts: qcom: ipq8064: Fix the PCI I/O port range (git-fixes). - ARM: dts: qcom: ipq8064: reduce pci IO size to 64K (git-fixes). - ASOC: Intel: sof_sdw: add quirk for Intel 'Rooks County' NUC M15 (git-fixes). - ASoC: Intel: Skylake: Fix declaration of enum skl_ch_cfg (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Acer Iconia One 7 B1-750 (git-fixes). - ASoC: fsl_micfil: Fix error handler with pm_runtime_enable (git-fixes). - ASoC: lpass: Fix for KASAN use_after_free out of bounds (git-fixes). - ASoC: rt5682: Disable jack detection interrupt during suspend (git-fixes). - ASoC: soc-pcm: fix hw->formats cleared by soc_pcm_hw_init() for dpcm (git-fixes). - Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp (git-fixes). - Bluetooth: btintel: Add LE States quirk support (git-fixes). - Bluetooth: hci_bcm: Fall back to getting bdaddr from EFI if not set (git-fixes). - HID: logitech-hidpp: Do not use the USB serial for USB devices (git-fixes). - HID: logitech-hidpp: Reconcile USB and Unifying serials (git-fixes). - HID: microsoft: Add rumble support to latest xbox controllers (bsc#1211280). - HID: wacom: Add new Intuos Pro Small (PTH-460) device IDs (git-fixes). - HID: wacom: Force pen out of prox if no events have been received in a while (git-fixes). - HID: wacom: Set a default resolution for older tablets (git-fixes). - HID: wacom: add three styli to wacom_intuos_get_tool_type (git-fixes). - HID: wacom: avoid integer overflow in wacom_intuos_inout() (git-fixes). - HID: wacom: generic: Set battery quirk only when we see battery data (git-fixes). - IB/hfi1: Fix SDMA mmu_rb_node not being evicted in LRU order (git-fixes) - IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests (git-fixes) - IB/hifi1: add a null check of kzalloc_node in hfi1_ipoib_txreq_init (git-fixes) - Input: xpad - add constants for GIP interface numbers (git-fixes). - KEYS: asymmetric: Copy sig and digest in public_key_verify_signature() (git-fixes). - KVM: Destroy target device if coalesced MMIO unregistration fails (git-fixes) - KVM: Disallow user memslot with size that exceeds "unsigned long" (git-fixes) - KVM: Do not create VM debugfs files outside of the VM directory (git-fixes) - KVM: Do not set Accessed/Dirty bits for ZERO_PAGE (git-fixes) - KVM: LAPIC: Enable timer posted-interrupt only when mwait/hlt is advertised (git-fixes). - KVM: Prevent module exit until all VMs are freed (git-fixes) - KVM: SVM: Do not rewrite guest ICR on AVIC IPI virtualization failure (git-fixes). - KVM: SVM: Fix benign "bool vs. int" comparison in svm_set_cr0() (git-fixes). - KVM: SVM: Require logical ID to be power-of-2 for AVIC entry (git-fixes). - KVM: SVM: Skip WRMSR fastpath on VM-Exit if next RIP isn't valid (git-fixes). - KVM: SVM: hyper-v: placate modpost section mismatch error (git-fixes). - KVM: VMX: Introduce vmx_msr_bitmap_l01_changed() helper (git-fixes). - KVM: VMX: Resume guest immediately when injecting #GP on ECREATE (git-fixes). - KVM: VMX: Set vmcs.PENDING_DBG.BS on #DB in STI/MOVSS blocking shadow (git-fixes). - KVM: VMX: Use is_64_bit_mode() to check 64-bit mode in SGX handler (git-fixes). - KVM: X86: Fix tlb flush for tdp in kvm_invalidate_pcid() (git-fixes). - KVM: arm64: Do not arm a hrtimer for an already pending timer (git-fixes) - KVM: arm64: Do not return from void function (git-fixes) - KVM: arm64: Fix PAR_TO_HPFAR() to work independently of PA_BITS. (git-fixes) - KVM: arm64: Fix S1PTW handling on RO memslots (git-fixes) - KVM: arm64: Fix bad dereference on MTE-enabled systems (git-fixes) - KVM: arm64: Fix buffer overflow in kvm_arm_set_fw_reg() (git-fixes) - KVM: arm64: Fix kvm init failure when mode!=vhe and VA_BITS=52. (git-fixes) - KVM: arm64: Free hypervisor allocations if vector slot init fails (git-fixes) - KVM: arm64: GICv4.1: Fix race with doorbell on VPE (git-fixes) - KVM: arm64: Limit length in kvm_vm_ioctl_mte_copy_tags() to INT_MAX (git-fixes) - KVM: arm64: PMU: Restore the guest's EL0 event counting after (git-fixes) - KVM: arm64: Reject 32bit user PSTATE on asymmetric systems (git-fixes) - KVM: arm64: Stop handle_exit() from handling HVC twice when an SError (git-fixes) - KVM: arm64: Treat PMCR_EL1.LC as RES1 on asymmetric systems (git-fixes) - KVM: arm64: nvhe: Eliminate kernel-doc warnings (git-fixes) - KVM: arm64: vgic: Fix exit condition in scan_its_table() (git-fixes) - KVM: nVMX: Also filter MSR_IA32_VMX_TRUE_PINBASED_CTLS when eVMCS (git-fixes). - KVM: nVMX: Do not use Enlightened MSR Bitmap for L3 (git-fixes). - KVM: nVMX: Document that ignoring memory failures for VMCLEAR is deliberate (git-fixes). - KVM: nVMX: Emulate NOPs in L2, and PAUSE if it's not intercepted (git-fixes). - KVM: nVMX: Inject #GP, not #UD, if "generic" VMXON CR0/CR4 check fails (git-fixes). - KVM: nVMX: Prioritize TSS T-flag #DBs over Monitor Trap Flag (git-fixes). - KVM: nVMX: Properly expose ENABLE_USR_WAIT_PAUSE control to L1 (git-fixes). - KVM: nVMX: Treat General Detect #DB (DR7.GD=1) as fault-like (git-fixes). - KVM: nVMX: eVMCS: Filter out VM_EXIT_SAVE_VMX_PREEMPTION_TIMER (git-fixes). - KVM: x86/emulator: Emulate RDPID only if it is enabled in guest (git-fixes). - KVM: x86/mmu: avoid NULL-pointer dereference on page freeing bugs (git-fixes). - KVM: x86/pmu: Ignore pmu->global_ctrl check if vPMU does not support global_ctrl (git-fixes). - KVM: x86/svm: add __GFP_ACCOUNT to __sev_dbg_{en,de}crypt_user() (git-fixes). - KVM: x86/vmx: Do not skip segment attributes if unusable bit is set (git-fixes). - KVM: x86/xen: Fix memory leak in kvm_xen_write_hypercall_page() (git-fixes). - KVM: x86: Copy filter arg outside kvm_vm_ioctl_set_msr_filter() (git-fixes). - KVM: x86: Do not change ICR on write to APIC_SELF_IPI (git-fixes). - KVM: x86: Fail emulation during EMULTYPE_SKIP on any exception (git-fixes). - KVM: x86: Inject #GP if WRMSR sets reserved bits in APIC Self-IPI (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.8000001FH (git-fixes). - KVM: x86: Mask off unsupported and unknown bits of IA32_ARCH_CAPABILITIES (git-fixes). - KVM: x86: Protect the unused bits in MSR exiting flags (git-fixes). - KVM: x86: Remove a redundant guest cpuid check in kvm_set_cr4() (git-fixes). - KVM: x86: Report deprecated x87 features in supported CPUID (git-fixes). - KVM: x86: do not set st->preempted when going back to user space (git-fixes). - KVM: x86: fix typo in __try_cmpxchg_user causing non-atomicness (git-fixes). - KVM: x86: ioapic: Fix level-triggered EOI and userspace I/OAPIC reconfigure race (git-fixes). - PCI/ASPM: Remove pcie_aspm_pm_state_change() (git-fixes). - PM: hibernate: Do not get block device exclusively in test_resume mode (git-fixes). - PM: hibernate: Turn snapshot_test into global variable (git-fixes). - PM: hibernate: fix load_image_and_restore() error path (git-fixes). - RDMA/bnxt_re: Fix a possible memory leak (git-fixes) - RDMA/bnxt_re: Fix return value of bnxt_re_process_raw_qp_pkt_rx (git-fixes) - RDMA/bnxt_re: Fix the page_size used during the MR creation (git-fixes) - RDMA/cm: Trace icm_send_rej event before the cm state is reset (git-fixes) - RDMA/core: Fix multiple -Warray-bounds warnings (git-fixes) - RDMA/efa: Fix unsupported page sizes in device (git-fixes) - RDMA/hns: Fix base address table allocation (git-fixes) - RDMA/hns: Fix timeout attr in query qp for HIP08 (git-fixes) - RDMA/hns: Modify the value of long message loopback slice (git-fixes) - RDMA/irdma: Add SW mechanism to generate completions on error (jsc#SLE-18383). - RDMA/irdma: Do not generate SW completions for NOPs (jsc#SLE-18383). - RDMA/irdma: Fix Local Invalidate fencing (git-fixes) - RDMA/irdma: Fix RQ completion opcode (jsc#SLE-18383). - RDMA/irdma: Fix drain SQ hang with no completion (jsc#SLE-18383). - RDMA/irdma: Fix inline for multiple SGE's (jsc#SLE-18383). - RDMA/irdma: Prevent QP use after free (git-fixes) - RDMA/irdma: Remove enum irdma_status_code (jsc#SLE-18383). - RDMA/irdma: Remove excess error variables (jsc#SLE-18383). - RDMA/mana: Remove redefinition of basic u64 type (bsc#1210741 jsc#PED-4022). - RDMA/mana: hide new rdma_driver_ids (bsc#1210741 jsc#PED-4022). - RDMA/mana_ib: Add a driver for Microsoft Azure Network Adapter (bsc#1210741 jsc#PED-4022). - RDMA/mana_ib: Prevent array underflow in mana_ib_create_qp_raw() (bsc#1210741 jsc#PED-4022). - RDMA/mlx4: Prevent shift wrapping in set_user_sq_size() (jsc#SLE-19255). - RDMA/mlx5: Fix flow counter query via DEVX (git-fixes) - RDMA/mlx5: Use correct device num_ports when modify DC (git-fixes) - RDMA/rxe: Remove tasklet call from rxe_cq.c (git-fixes) - RDMA/siw: Fix potential page_array out of range access (git-fixes) - RDMA/siw: Remove namespace check from siw_netdev_event() (git-fixes) - RDMA/srpt: Add a check for valid 'mad_agent' pointer (git-fixes) - Revert "KVM: set owner of cpu and vm file operations" (git-fixes) - SMB3.1.1: add new tree connect ShareFlags (bsc#1193629). - SMB3: Add missing locks to protect deferred close file list (git-fixes). - SMB3: Close all deferred handles of inode in case of handle lease break (bsc#1193629). - SMB3: Close deferred file handles in case of handle lease break (bsc#1193629). - SMB3: drop reference to cfile before sending oplock break (bsc#1193629). - SMB3: force unmount was failing to close deferred close files (bsc#1193629). - SUNRPC: fix breakage caused by introduction of rq_xprt_ctxt (bsc#1210775). - USB / dwc3: Fix a checkpatch warning in core.c (git-fixes). - USB: UHCI: adjust zhaoxin UHCI controllers OverCurrent bit value (git-fixes). - USB: core: Add routines for endpoint checks in old drivers (git-fixes). - USB: sisusbvga: Add endpoint checks (git-fixes). - USB: usbtmc: Fix direction for 0-length ioctl control messages (git-fixes). - apparmor: add a kernel label to use on kernel objects (bsc#1211113). - arm64: dts: Add DTS files for bcmbca SoC BCM4912 (git-fixes). - arm64: dts: Add DTS files for bcmbca SoC BCM63158 (git-fixes). - arm64: dts: Add base DTS file for bcmbca device Asus GT-AX6000 (git-fixes). - arm64: dts: broadcom: bcm4908: add DT for Netgear RAXE500 (git-fixes). - arm64: dts: qcom: msm8996: Add missing DWC3 quirks (git-fixes). - arm64: errata: add detection for AMEVCNTR01 incrementing incorrectly (git-fixes) Enable workaround and fix kABI breakage. - arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes) - arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes). - asm-generic/io.h: suppress endianness warnings for readq() and writeq() (git-fixes). - ata: libata-scsi: Use correct device no in ata_find_dev() (git-fixes). - ata: pata_octeon_cf: drop kernel-doc notation (git-fixes). - block: add a bdev_max_zone_append_sectors helper (git-fixes). - bluetooth: Add cmd validity checks at the start of hci_sock_ioctl() (git-fixes). - bnxt: Do not read past the end of test names (jsc#SLE-18978). - bnxt: prevent skb UAF after handing over to PTP worker (jsc#SLE-18978). - bnxt_en: Add missing 200G link speed reporting (jsc#SLE-18978). - bnxt_en: Avoid order-5 memory allocation for TPA data (jsc#SLE-18978). - bnxt_en: Do not initialize PTP on older P3/P4 chips (jsc#SLE-18978). - bnxt_en: Fix mqprio and XDP ring checking logic (jsc#SLE-18978). - bnxt_en: Fix reporting of test result in ethtool selftest (jsc#SLE-18978). - bnxt_en: Fix typo in PCI id to device description string mapping (jsc#SLE-18978). - bnxt_en: fix NQ resource accounting during vf creation on 57500 chips (jsc#SLE-18978). - bnxt_en: set missing reload flag in devlink features (jsc#SLE-18978). - can: isotp: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes). - can: j1939: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes). - can: kvaser_pciefd: Call request_irq() before enabling interrupts (git-fixes). - can: kvaser_pciefd: Clear listen-only bit if not explicitly requested (git-fixes). - can: kvaser_pciefd: Disable interrupts in probe error path (git-fixes). - can: kvaser_pciefd: Do not send EFLUSH command on TFD interrupt (git-fixes). - can: kvaser_pciefd: Empty SRB buffer in probe (git-fixes). - can: kvaser_pciefd: Set CAN_STATE_STOPPED in kvaser_pciefd_stop() (git-fixes). - can: kvaser_usb: Add struct kvaser_usb_busparams (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: Get capabilities from device (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: Handle CMD_ERROR_EVENT (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: Rename {leaf,usbcan}_cmd_error_event to {leaf,usbcan}_cmd_can_error_event (git-fixes). - can: kvaser_usb_leaf: Fix overread with an invalid command (git-fixes). - cassini: Fix a memory leak in the error handling path of cas_init_one() (git-fixes). - ceph: force updating the msg pointer in non-split case (bsc#1211804). - cgroup.c: add helper __cset_cgroup_from_root to cleanup duplicated codes (bsc#1203906). - cgroup: Homogenize cgroup_get_from_id() return value (bsc#1205650). - cgroup: Honor caller's cgroup NS when resolving path (bsc#1205650). - cgroup: Make cgroup_get_from_id() prettier (bsc#1205650). - cgroup: Reorganize css_set_lock and kernfs path processing (bsc#1205650). - cgroup: cgroup: Honor caller's cgroup NS when resolving cgroup id (bsc#1205650). - cgroup: reduce dependency on cgroup_mutex (bsc#1205650). - cifs: Avoid a cast in add_lease_context() (bsc#1193629). - cifs: Simplify SMB2_open_init() (bsc#1193629). - cifs: Simplify SMB2_open_init() (bsc#1193629). - cifs: Simplify SMB2_open_init() (bsc#1193629). - cifs: avoid dup prefix path in dfs_get_automount_devname() (git-fixes). - cifs: avoid potential races when handling multiple dfs tcons (bsc#1208758). - cifs: fix pcchunk length type in smb2_copychunk_range (bsc#1193629). - cifs: fix potential race when tree connecting ipc (bsc#1208758). - cifs: fix potential use-after-free bugs in TCP_Server_Info::hostname (bsc#1208758). - cifs: fix sharing of DFS connections (bsc#1208758). - cifs: fix smb1 mount regression (bsc#1193629). - cifs: mapchars mount option ignored (bsc#1193629). - cifs: missing lock when updating session status (bsc#1193629). - cifs: print smb3_fs_context::source when mounting (bsc#1193629). - cifs: protect access of TCP_Server_Info::{origin,leaf}_fullpath (bsc#1208758). - cifs: protect session status check in smb2_reconnect() (bsc#1208758). - cifs: release leases for deferred close handles when freezing (bsc#1193629). - cifs: update internal module version number for cifs.ko (bsc#1193629). - clk: qcom: gcc-sm8350: fix PCIe PIPE clocks handling (git-fixes). - clk: qcom: regmap: add PHY clock source implementation (git-fixes). - clk: tegra20: fix gcc-7 constant overflow warning (git-fixes). - configfs: fix possible memory leak in configfs_create_dir() (git-fixes). - crypto: acomp - define max size for destination (jsc#PED-3692) - crypto: drivers - move from strlcpy with unused retval to (jsc#PED-3692) - crypto: qat - Fix unsigned function returning negative (jsc#PED-3692) - crypto: qat - Removes the x86 dependency on the QAT drivers (jsc#PED-3692) - crypto: qat - abstract PFVF messages with struct pfvf_message (jsc#PED-3692) - crypto: qat - abstract PFVF receive logic (jsc#PED-3692) - crypto: qat - abstract PFVF send function (jsc#PED-3692) - crypto: qat - add PFVF support to enable the reset of ring (jsc#PED-3692) - crypto: qat - add PFVF support to the GEN4 host driver (jsc#PED-3692) - crypto: qat - add VF and PF wrappers to common send function (jsc#PED-3692) - crypto: qat - add backlog mechanism (jsc#PED-3692) - crypto: qat - add check for invalid PFVF protocol version 0 (jsc#PED-3692) - crypto: qat - add check to validate firmware images (jsc#PED-3692) - crypto: qat - add limit to linked list parsing (jsc#PED-3692) - crypto: qat - add misc workqueue (jsc#PED-3692) - crypto: qat - add missing restarting event notification in (jsc#PED-3692) - crypto: qat - add param check for DH (jsc#PED-3692) - crypto: qat - add param check for RSA (jsc#PED-3692) - crypto: qat - add pfvf_ops (jsc#PED-3692) - crypto: qat - add resubmit logic for decompression (jsc#PED-3692) - crypto: qat - add support for 401xx devices (jsc#PED-3692) - crypto: qat - add support for compression for 4xxx (jsc#PED-3692) - crypto: qat - add the adf_get_pmisc_base() helper function (jsc#PED-3692) - crypto: qat - allow detection of dc capabilities for 4xxx (jsc#PED-3692) - crypto: qat - change PFVF ACK behaviour (jsc#PED-3692) - crypto: qat - change behaviour of (jsc#PED-3692) - crypto: qat - change bufferlist logic interface (jsc#PED-3692) - crypto: qat - config VFs based on ring-to-svc mapping (jsc#PED-3692) - crypto: qat - differentiate between pf2vf and vf2pf offset (jsc#PED-3692) - crypto: qat - disable AER if an error occurs in probe (jsc#PED-3692) - crypto: qat - do not handle PFVF sources for qat_4xxx (jsc#PED-3692) - crypto: qat - do not rely on min version (jsc#PED-3692) - crypto: qat - enable deflate for QAT GEN4 (jsc#PED-3692) - crypto: qat - enable power management for QAT GEN4 (jsc#PED-3692) - crypto: qat - exchange device capabilities over PFVF (jsc#PED-3692) - crypto: qat - exchange ring-to-service mappings over PFVF (jsc#PED-3692) - crypto: qat - expose deflate through acomp api for QAT GEN2 (jsc#PED-3692) - crypto: qat - expose device config through sysfs for 4xxx (jsc#PED-3692) - crypto: qat - expose device state through sysfs for 4xxx (jsc#PED-3692) - crypto: qat - extend buffer list interface (jsc#PED-3692) - crypto: qat - extend crypto capability detection for 4xxx (jsc#PED-3692) - crypto: qat - extract send and wait from (jsc#PED-3692) - crypto: qat - fix DMA transfer direction (jsc#PED-3692) - crypto: qat - fix ETR sources enabled by default on GEN2 (jsc#PED-3692) - crypto: qat - fix VF IDs in PFVF log messages (jsc#PED-3692) - crypto: qat - fix a signedness bug in get_service_enabled() (jsc#PED-3692) - crypto: qat - fix a typo in a comment (jsc#PED-3692) - crypto: qat - fix access to PFVF interrupt registers for GEN4 (jsc#PED-3692) - crypto: qat - fix definition of ring reset results (jsc#PED-3692) - crypto: qat - fix error return code in adf_probe (jsc#PED-3692) - crypto: qat - fix handling of VF to PF interrupts (jsc#PED-3692) - crypto: qat - fix initialization of pfvf cap_msg structures (jsc#PED-3692) - crypto: qat - fix initialization of pfvf rts_map_msg (jsc#PED-3692) - crypto: qat - fix off-by-one error in PFVF debug print (jsc#PED-3692) - crypto: qat - fix wording and formatting in code comment (jsc#PED-3692) - crypto: qat - flush vf workqueue at driver removal (jsc#PED-3692) - crypto: qat - free irq in case of failure (jsc#PED-3692) - crypto: qat - free irqs only if allocated (jsc#PED-3692) - crypto: qat - generalize crypto request buffers (jsc#PED-3692) - crypto: qat - get compression extended capabilities (jsc#PED-3692) - crypto: qat - handle retries due to collisions in (jsc#PED-3692) - crypto: qat - honor CRYPTO_TFM_REQ_MAY_SLEEP flag (jsc#PED-3692) - crypto: qat - improve logging of PFVF messages (jsc#PED-3692) - crypto: qat - improve the ACK timings in PFVF send (jsc#PED-3692) - crypto: qat - introduce support for PFVF block messages (jsc#PED-3692) - crypto: qat - leverage bitfield.h utils for PFVF messages (jsc#PED-3692) - crypto: qat - leverage read_poll_timeout in PFVF send (jsc#PED-3692) - crypto: qat - leverage the GEN2 VF mask definiton (jsc#PED-3692) - crypto: qat - make PFVF message construction direction (jsc#PED-3692) - crypto: qat - make PFVF send and receive direction agnostic (jsc#PED-3692) - crypto: qat - move VF message handler to adf_vf2pf_msg.c (jsc#PED-3692) - crypto: qat - move and rename GEN4 error register definitions (jsc#PED-3692) - crypto: qat - move interrupt code out of the PFVF handler (jsc#PED-3692) - crypto: qat - move pfvf collision detection values (jsc#PED-3692) - crypto: qat - move vf2pf interrupt helpers (jsc#PED-3692) - crypto: qat - pass the PF2VF responses back to the callers (jsc#PED-3692) - crypto: qat - prevent spurious MSI interrupt in VF (jsc#PED-3692) - crypto: qat - re-enable interrupts for legacy PFVF messages (jsc#PED-3692) - crypto: qat - re-enable registration of algorithms (jsc#PED-3692) - crypto: qat - refactor PF top half for PFVF (jsc#PED-3692) - crypto: qat - refactor pfvf version request messages (jsc#PED-3692) - crypto: qat - refactor submission logic (jsc#PED-3692) - crypto: qat - relocate PFVF PF related logic (jsc#PED-3692) - crypto: qat - relocate PFVF VF related logic (jsc#PED-3692) - crypto: qat - relocate PFVF disabled function (jsc#PED-3692) - crypto: qat - relocate and rename adf_sriov_prepare_restart() (jsc#PED-3692) - crypto: qat - relocate backlog related structures (jsc#PED-3692) - crypto: qat - relocate bufferlist logic (jsc#PED-3692) - crypto: qat - relocate qat_algs_alloc_flags() (jsc#PED-3692) - crypto: qat - remove duplicated logic across GEN2 drivers (jsc#PED-3692) - crypto: qat - remove empty sriov_configure() (jsc#PED-3692) - crypto: qat - remove line wrapping for pfvf_ops functions (jsc#PED-3692) - crypto: qat - remove the unnecessary get_vintmsk_offset() (jsc#PED-3692) - crypto: qat - remove unmatched CPU affinity to cluster IRQ (jsc#PED-3692) - crypto: qat - remove unnecessary tests to detect PFVF support (jsc#PED-3692) - crypto: qat - remove unneeded assignment (jsc#PED-3692) - crypto: qat - remove unneeded braces (jsc#PED-3692) - crypto: qat - remove unneeded packed attribute (jsc#PED-3692) - crypto: qat - remove unused PFVF stubs (jsc#PED-3692) - crypto: qat - rename and relocate GEN2 config function (jsc#PED-3692) - crypto: qat - rename bufferlist functions (jsc#PED-3692) - crypto: qat - rename pfvf collision constants (jsc#PED-3692) - crypto: qat - reorganize PFVF code (jsc#PED-3692) - crypto: qat - reorganize PFVF protocol definitions (jsc#PED-3692) - crypto: qat - replace deprecated MSI API (jsc#PED-3692) - crypto: qat - replace disable_vf2pf_interrupts() (jsc#PED-3692) - crypto: qat - replace get_current_node() with numa_node_id() (jsc#PED-3692) - crypto: qat - rework the VF2PF interrupt handling logic (jsc#PED-3692) - crypto: qat - set CIPHER capability for QAT GEN2 (jsc#PED-3692) - crypto: qat - set COMPRESSION capability for DH895XCC (jsc#PED-3692) - crypto: qat - set COMPRESSION capability for QAT GEN2 (jsc#PED-3692) - crypto: qat - set DMA mask to 48 bits for Gen2 (jsc#PED-3692) - crypto: qat - set PFVF_MSGORIGIN just before sending (jsc#PED-3692) - crypto: qat - share adf_enable_pf2vf_comms() from (jsc#PED-3692) - crypto: qat - simplify adf_enable_aer() (jsc#PED-3692) - crypto: qat - simplify code and axe the use of a deprecated (jsc#PED-3692) - crypto: qat - split PFVF message decoding from handling (jsc#PED-3692) - crypto: qat - stop using iommu_present() (jsc#PED-3692) - crypto: qat - store the PFVF protocol version of the (jsc#PED-3692) - crypto: qat - store the ring-to-service mapping (jsc#PED-3692) - crypto: qat - support fast ACKs in the PFVF protocol (jsc#PED-3692) - crypto: qat - support the reset of ring pairs on PF (jsc#PED-3692) - crypto: qat - test PFVF registers for spurious interrupts on (jsc#PED-3692) - crypto: qat - use enums for PFVF protocol codes (jsc#PED-3692) - crypto: qat - use hweight for bit counting (jsc#PED-3692) - crypto: qat - use pre-allocated buffers in datapath (jsc#PED-3692) - crypto: qat - use reference to structure in dma_map_single() (jsc#PED-3692) - crypto: qat - use u32 variables in all GEN4 pfvf_ops (jsc#PED-3692) - crypto: sun8i-ss - Fix a test in sun8i_ss_setup_ivs() (git-fixes). - cxgb4: fix missing unlock on ETHOFLD desc collect fail path (jsc#SLE-18992). - debugfs: fix error when writing negative value to atomic_t debugfs file (git-fixes). - dma: gpi: remove spurious unlock in gpi_ch_init (git-fixes). - dmaengine: at_xdmac: do not enable all cyclic channels (git-fixes). - dmaengine: dw-edma: Fix to change for continuous transfer (git-fixes). - dmaengine: dw-edma: Fix to enable to issue dma request on DMA processing (git-fixes). - dmaengine: idxd: Do not enable user type Work Queue without Shared Virtual Addressing (git-fixes). - dmaengine: idxd: Only call idxd_enable_system_pasid() if succeeded in enabling SVA feature (git-fixes). - dmaengine: idxd: Separate user and kernel pasid enabling (git-fixes). - dmaengine: mv_xor_v2: Fix an error code (git-fixes). - do not reuse connection if share marked as isolated (bsc#1193629). - docs: networking: fix x25-iface.rst heading & index order (git-fixes). - drivers: base: component: fix memory leak with using debugfs_lookup() (git-fixes). - drivers: base: dd: fix memory leak with using debugfs_lookup() (git-fixes). - drm-hyperv: Add a bug reference to two existing changes (bsc#1211281). - drm/amd/display: Fix hang when skipping modeset (git-fixes). - drm/amd/display: Use DC_LOG_DC in the trasform pixel function (git-fixes). - drm/amd/display: fix flickering caused by S/G mode (git-fixes). - drm/amd: Fix an out of bounds error in BIOS parser (git-fixes). - drm/amdgpu/gfx: disable gfx9 cp_ecc_error_irq only when enabling legacy gfx ras (git-fixes). - drm/amdgpu: Fix vram recover does not work after whole GPU reset (v2) (git-fixes). - drm/amdgpu: add a missing lock for AMDGPU_SCHED (git-fixes). - drm/amdgpu: disable sdma ecc irq only when sdma RAS is enabled in suspend (git-fixes). - drm/displayid: add displayid_get_header() and check bounds better (git-fixes). - drm/exynos: fix g2d_open/close helper function definitions (git-fixes). - drm/i915/dg2: Add HDMI pixel clock frequencies 267.30 and 319.89 MHz (git-fixes). - drm/i915/dg2: Add additional HDMI pixel clock frequencies (git-fixes). - drm/i915/dg2: Support 4k@30 on HDMI (git-fixes). - drm/i915/dp: prevent potential div-by-zero (git-fixes). - drm/mipi-dsi: Set the fwnode for mipi_dsi_device (git-fixes). - drm/msm/dp: Clean up handling of DP AUX interrupts (git-fixes). - drm/msm/dp: unregister audio driver during unbind (git-fixes). - drm/msm/dpu: Add INTF_5 interrupts (git-fixes). - drm/msm/dpu: Move non-MDP_TOP INTF_INTR offsets out of hwio header (git-fixes). - drm/msm/dpu: Remove duplicate register defines from INTF (git-fixes). - drm/sched: Remove redundant check (git-fixes). - drm/tegra: Avoid potential 32-bit integer overflow (git-fixes). - drm/ttm/pool: Fix ttm_pool_alloc error path (git-fixes). - drm/ttm: optimize pool allocations a bit v2 (git-fixes). - dt-binding: cdns,usb3: Fix cdns,on-chip-buff-size type (git-fixes). - dt-bindings: ata: ahci-ceva: Cover all 4 iommus entries (git-fixes). - dt-bindings: ata: ahci-ceva: convert to yaml (git-fixes). - dt-bindings: iio: adc: renesas,rcar-gyroadc: Fix adi,ad7476 compatible value (git-fixes). - dt-bindings: usb: snps,dwc3: Fix "snps,hsphy_interface" type (git-fixes). - f2fs: Fix f2fs_truncate_partial_nodes ftrace event (git-fixes). - fbdev: arcfb: Fix error handling in arcfb_probe() (git-fixes). - fbdev: ep93xx-fb: Add missing clk_disable_unprepare in ep93xxfb_probe() (git-fixes). - fbdev: stifb: Fall back to cfb_fillrect() on 32-bit HCRX cards (git-fixes). - fbdev: udlfb: Fix endpoint check (git-fixes). - firmware: arm_ffa: Check if ffa_driver remove is present before executing (git-fixes). - firmware: arm_ffa: Set reserved/MBZ fields to zero in the memory descriptors (git-fixes). - fuse: always revalidate rename target dentry (bsc#1211808). - fuse: fix attr version comparison in fuse_read_update_size() (bsc#1211807). - futex: Resend potentially swallowed owner death notification (git-fixes). - google/gve:fix repeated words in comments (bsc#1211519). - gpio: mockup: Fix mode of debugfs files (git-fixes). - gve: Adding a new AdminQ command to verify driver (bsc#1211519). - gve: Cache link_speed value from device (git-fixes). - gve: Fix error return code in gve_prefill_rx_pages() (bsc#1211519). - gve: Fix spelling mistake "droping" -> "dropping" (bsc#1211519). - gve: Handle alternate miss completions (bsc#1211519). - gve: Reduce alloc and copy costs in the GQ rx path (bsc#1211519). - gve: Remove the code of clearing PBA bit (git-fixes). - gve: Secure enough bytes in the first TX desc for all TCP pkts (git-fixes). - gve: enhance no queue page list detection (bsc#1211519). - i2c: omap: Fix standard mode false ACK readings (git-fixes). - i2c: tegra: Fix PEC support for SMBUS block read (git-fixes). - i40e: Add checking for null for nlmsg_find_attr() (jsc#SLE-18378). - i40e: Fix ADQ rate limiting for PF (jsc#SLE-18378). - i40e: Fix DMA mappings leak (jsc#SLE-18378). - i40e: Fix VF hang when reset is triggered on another VF (jsc#SLE-18378). - i40e: Fix VF set max MTU size (jsc#SLE-18378). - i40e: Fix VF's MAC Address change on VM (jsc#SLE-18378). - i40e: Fix adding ADQ filter to TC0 (jsc#SLE-18378). - i40e: Fix calculating the number of queue pairs (jsc#SLE-18378). - i40e: Fix erroneous adapter reinitialization during recovery process (jsc#SLE-18378). - i40e: Fix ethtool rx-flow-hash setting for X722 (jsc#SLE-18378). - i40e: Fix flow-type by setting GL_HASH_INSET registers (jsc#SLE-18378). - i40e: Fix for VF MAC address 0 (jsc#SLE-18378). - i40e: Fix incorrect address type for IPv6 flow rules (jsc#SLE-18378). - i40e: Fix interface init with MSI interrupts (no MSI-X) (jsc#SLE-18378). - i40e: Fix kernel crash during module removal (jsc#SLE-18378). - i40e: Fix kernel crash during reboot when adapter is in recovery mode (jsc#SLE-18378). - i40e: Fix set max_tx_rate when it is lower than 1 Mbps (jsc#SLE-18378). - i40e: Fix the inability to attach XDP program on downed interface (jsc#SLE-18378). - i40e: Refactor tc mqprio checks (jsc#SLE-18378). - i40e: add double of VLAN header when computing the max MTU (jsc#SLE-18378). - i40e: fix accessing vsi->active_filters without holding lock (jsc#SLE-18378). - i40e: fix flow director packet filter programming (jsc#SLE-18378). - i40e: fix i40e_setup_misc_vector() error handling (jsc#SLE-18378). - i40e: fix registers dump after run ethtool adapter self test (jsc#SLE-18378). - iavf/iavf_main: actually log ->src mask when talking about it (jsc#SLE-18385). - iavf: Detach device during reset task (jsc#SLE-18385). - iavf: Disallow changing rx/tx-frames and rx/tx-frames-irq (jsc#SLE-18385). - iavf: Do not restart Tx queues after reset task failure (jsc#SLE-18385). - iavf: Fix 'tc qdisc show' listing too many queues (jsc#SLE-18385). - iavf: Fix a crash during reset task (jsc#SLE-18385). - iavf: Fix bad page state (jsc#SLE-18385). - iavf: Fix cached head and tail value for iavf_get_tx_pending (jsc#SLE-18385). - iavf: Fix error handling in iavf_init_module() (jsc#SLE-18385). - iavf: Fix max_rate limiting (jsc#SLE-18385). - iavf: Fix race condition between iavf_shutdown and iavf_remove (jsc#SLE-18385). - iavf: Fix set max MTU size with port VLAN and jumbo frames (jsc#SLE-18385). - iavf: fix hang on reboot with ice (jsc#SLE-18385). - iavf: fix inverted Rx hash condition leading to disabled hash (jsc#SLE-18385). - iavf: fix non-tunneled IPv6 UDP packet type and hashing (jsc#SLE-18385). - ice: Fix interrupt moderation settings getting cleared (jsc#SLE-18375). - ice: Set txq_teid to ICE_INVAL_TEID on ring creation (jsc#SLE-18375). - igb: Add lock to avoid data race (jsc#SLE-18379). - igb: Enable SR-IOV after reinit (jsc#SLE-18379). - igb: Initialize mailbox message for VF reset (jsc#SLE-18379). - igb: conditionalize I2C bit banging on external thermal sensor support (jsc#SLE-18379). - igb: revert rtnl_lock() that causes deadlock (jsc#SLE-18379). - igbvf: Regard vf reset nack as success (jsc#SLE-18379). - igc: Add checking for basetime less than zero (jsc#SLE-18377). - igc: Add ndo_tx_timeout support (jsc#SLE-18377). - igc: Enhance Qbv scheduling by using first flag bit (jsc#SLE-18377). - igc: Fix PPS delta between two synchronized end-points (jsc#SLE-18377). - igc: Lift TAPRIO schedule restriction (jsc#SLE-18377). - igc: Reinstate IGC_REMOVED logic and implement it properly (jsc#SLE-18377). - igc: Set Qbv start_time and end_time to end_time if not being configured in GCL (jsc#SLE-18377). - igc: Use strict cycles for Qbv scheduling (jsc#SLE-18377). - igc: allow BaseTime 0 enrollment for Qbv (jsc#SLE-18377). - igc: fix the validation logic for taprio's gate list (jsc#SLE-18377). - igc: read before write to SRRCTL register (jsc#SLE-18377). - igc: recalculate Qbv end_time by considering cycle time (jsc#SLE-18377). - igc: return an error if the mac type is unknown in igc_ptp_systim_to_hwtstamp() (jsc#SLE-18377). - iio: accel: st_accel: Fix invalid mount_matrix on devices without ACPI _ONT method (git-fixes). - iio: adc: ad7192: Change "shorted" channels to differential (git-fixes). - iio: adc: ad_sigma_delta: Fix IRQ issue by setting IRQ_DISABLE_UNLAZY flag (git-fixes). - iio: adc: mxs-lradc: fix the order of two cleanup operations (git-fixes). - iio: adc: palmas_gpadc: fix NULL dereference on rmmod (git-fixes). - iio: dac: mcp4725: Fix i2c_master_send() return value handling (git-fixes). - iio: imu: inv_icm42600: fix timestamp reset (git-fixes). - iio: light: vcnl4035: fixed chip ID check (git-fixes). - intel/igbvf: free irq on the error path in igbvf_request_msix() (jsc#SLE-18379). - ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592). - iwlwifi: cfg: Add missing MODULE_FIRMWARE() for *.pnvm (bsc#1207553). - ixgbe: Allow flow hash to be set via ethtool (jsc#SLE-18384). - ixgbe: Enable setting RSS table to default values (jsc#SLE-18384). - ixgbe: Fix panic during XDP_TX with > 64 CPUs (jsc#SLE-18384). - ixgbe: add double of VLAN header when computing the max MTU (jsc#SLE-18384). - ixgbe: allow to increase MTU to 3K with XDP enabled (jsc#SLE-18384). - ixgbe: fix pci device refcount leak (jsc#SLE-18384). - ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter (jsc#SLE-18384). - kABI workaround for btbcm.c (git-fixes). - kABI workaround for mt76_poll_msec() (git-fixes). - kABI: Fix kABI after backport Emulate RDPID only if it is enabled in guest (git-fixes) - kabi/severities: added Microsoft mana symbold (bsc#1210551) - kernel-binary: install expoline.o (boo#1210791 bsc#1211089) - kernel-source: Remove unused macro variant_symbols - kernel-spec-macros: Fix up obsolete_rebuilds_subpackage to generate obsoletes correctly (boo#1172073 bsc#1191731). - kvm: x86: Disable KVM_HC_CLOCK_PAIRING if tsc is in always catchup mode (git-fixes). - leds: Fix reference to led_set_brightness() in doc (git-fixes). - leds: TI_LMU_COMMON: select REGMAP instead of depending on it (git-fixes). - leds: tca6507: Fix error handling of using fwnode_property_read_string (git-fixes). - libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value (git-fixes). - locking/rwsem: Add __always_inline annotation to __down_read_common() and inlined callers (git-fixes). - mailbox: zynqmp: Fix IPI isr handling (git-fixes). - mailbox: zynqmp: Fix typo in IPI documentation (git-fixes). - mce: fix set_mce_nospec to always unmap the whole page (git-fixes). - media: cx23885: Fix a null-ptr-deref bug in buffer_prepare() and buffer_finish() (git-fixes). - media: netup_unidvb: fix use-after-free at del_timer() (git-fixes). - media: pci: tw68: Fix null-ptr-deref bug in buf prepare and finish (git-fixes). - media: radio-shark: Add endpoint checks (git-fixes). - media: rcar_fdp1: Fix the correct variable assignments (git-fixes). - media: rcar_fdp1: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - memstick: r592: Fix UAF bug in r592_remove due to race condition (bsc#1211449). - mfd: dln2: Fix memory leak in dln2_probe() (git-fixes). - mfd: tqmx86: Correct board names for TQMxE39x (git-fixes). - mfd: tqmx86: Do not access I2C_DETECT register through io_base (git-fixes). - misc: fastrpc: reject new invocations during device removal (git-fixes). - misc: fastrpc: return -EPIPE to invocations on device removal (git-fixes). - mmc: sdhci-esdhc-imx: make "no-mmc-hs400" works (git-fixes). - mmc: vub300: fix invalid response handling (git-fixes). - mt76: mt7915: fix incorrect testmode ipg on band 1 caused by wmm_idx (git-fixes). - mtd: rawnand: ingenic: fix empty stub helper definitions (git-fixes). - mtd: rawnand: marvell: do not set the NAND frequency select (git-fixes). - mtd: rawnand: marvell: ensure timing values are written (git-fixes). - net/iucv: Fix size of interrupt data (bsc#1211465 git-fixes). - net: accept UFOv6 packages in virtio_net_hdr_to_skb (git-fixes). - net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize (git-fixes). - net: mana: Add new MANA VF performance counters for easier troubleshooting (bsc#1209982). - net: mana: Add support for auxiliary device (bsc#1210741 jsc#PED-4022). - net: mana: Add support for jumbo frame (bsc#1210551). - net: mana: Check if netdev/napi_alloc_frag returns single page (bsc#1210551). - net: mana: Define and process GDMA response code GDMA_STATUS_MORE_ENTRIES (bsc#1210741 jsc#PED-4022). - net: mana: Define data structures for allocating doorbell page from GDMA (bsc#1210741 jsc#PED-4022). - net: mana: Define data structures for protection domain and memory registration (bsc#1210741 jsc#PED-4022). - net: mana: Define max values for SGL entries (bsc#1210741 jsc#PED-4022). - net: mana: Enable RX path to handle various MTU sizes (bsc#1210551). - net: mana: Export Work Queue functions for use by RDMA driver (bsc#1210741 jsc#PED-4022). - net: mana: Fix perf regression: remove rx_cqes, tx_cqes counters (git-fixes). - net: mana: Handle vport sharing between devices (bsc#1210741 jsc#PED-4022). - net: mana: Move header files to a common location (bsc#1210741 jsc#PED-4022). - net: mana: Record port number in netdev (bsc#1210741 jsc#PED-4022). - net: mana: Record the physical address for doorbell page region (bsc#1210741 jsc#PED-4022). - net: mana: Refactor RX buffer allocation code to prepare for various MTU (bsc#1210551). - net: mana: Rename mana_refill_rxoob and remove some empty lines (bsc#1210551). - net: mana: Set the DMA device max segment size (bsc#1210741 jsc#PED-4022). - net: mana: Use napi_build_skb in RX path (bsc#1210551). - net: mdio: mvusb: Fix an error handling path in mvusb_mdio_probe() (git-fixes). - net: mellanox: mlxbf_gige: Fix skb_panic splat under memory pressure (bsc#1211564). - net: phy: dp83867: add w/a for packet errors seen with short cables (git-fixes). - net: qrtr: correct types of trace event parameters (git-fixes). - net: skip virtio_net_hdr_set_proto if protocol already set (git-fixes). - net: tun: avoid disabling NAPI twice (git-fixes). - net: tun: fix bugs for oversize packet when napi frags enabled (git-fixes). - net: tun: stop NAPI when detaching queues (git-fixes). - net: tun: unlink NAPI from device on destruction (git-fixes). - net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818 (git-fixes). - net: virtio_net_hdr_to_skb: count transport header in UFO (git-fixes). - nilfs2: do not write dirty data after degenerating to read-only (git-fixes). - nilfs2: fix infinite loop in nilfs_mdt_get_block() (git-fixes). - nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode() (git-fixes). - nvme-fc: fix a missing queue put in nvmet_fc_ls_create_association (git-fixes). - nvme-multipath: fix hang when disk goes live over reconnect (git-fixes). - nvme-pci: add quirks for Samsung X5 SSDs (git-fixes). - nvme-pci: add the IGNORE_DEV_SUBNQN quirk for Intel P4500/P4600 SSDs (git-fixes). - nvme-pci: avoid the deepest sleep state on ZHITAI TiPro5000 SSDs (git-fixes). - nvme-pci: avoid the deepest sleep state on ZHITAI TiPro7000 SSDs (git-fixes). - nvme-pci: clear the prp2 field when not used (git-fixes). - nvme-pci: disable write zeroes on various Kingston SSD (git-fixes). - nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags (git-fixes). - nvme-pci: mark Lexar NM760 as IGNORE_DEV_SUBNQN (git-fixes). - nvme-pci: set min_align_mask before calculating max_hw_sectors (git-fixes). - nvme-tcp: fix a possible UAF when failing to allocate an io queue (git-fixes). - nvme-tcp: fix bogus request completion when failing to send AER (git-fixes). - nvme-tcp: lockdep: annotate in-kernel sockets (git-fixes). - nvme: add a bogus subsystem NQN quirk for Micron MTFDKBA2T0TFH (git-fixes). - nvme: also return I/O command effects from nvme_command_effects (git-fixes). - nvme: check for duplicate identifiers earlier (git-fixes). - nvme: cleanup __nvme_check_ids (git-fixes). - nvme: fix discard support without oncs (git-fixes). - nvme: fix interpretation of DMRSL (git-fixes). - nvme: fix multipath crash caused by flush request when blktrace is enabled (git-fixes). - nvme: fix passthrough csi check (git-fixes). - nvme: generalize the nvme_multi_css check in nvme_scan_ns (git-fixes). - nvme: move the Samsung X5 quirk entry to the core quirks (git-fixes). - nvme: rename nvme_validate_or_alloc_ns to nvme_scan_ns (git-fixes). - nvme: set non-mdts limits in nvme_scan_work (git-fixes). - nvmet-tcp: add bounds check on Transfer Tag (git-fixes). - nvmet-tcp: fix lockdep complaint on nvmet_tcp_wq flush during queue teardown (git-fixes). - nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change() (git-fixes). - nvmet: fix mar and mor off-by-one errors (git-fixes). - nvmet: fix memory leak in nvmet_subsys_attr_model_store_locked (git-fixes). - nvmet: fix workqueue MEM_RECLAIM flushing dependency (git-fixes). - nvmet: move the call to nvmet_ns_changed out of nvmet_ns_revalidate (git-fixes). - nvmet: use NVME_CMD_EFFECTS_CSUPP instead of open coding it (git-fixes). - phy: st: miphy28lp: use _poll_timeout functions for waits (git-fixes). - phy: tegra: xusb: Add missing tegra_xusb_port_unregister for usb2_port and ulpi_port (git-fixes). - pinctrl: qcom: lpass-lpi: set output value before enabling output (git-fixes). - pinctrl: renesas: r8a779a0: Remove incorrect AVB[01] pinmux configuration (git-fixes). - platform/x86: hp-wmi: Support touchpad on/off (git-fixes). - platform/x86: thinkpad_acpi: Fix platform profiles on T490 (git-fixes). - platform/x86: touchscreen_dmi: Add info for the Dexp Ursus KX210i (git-fixes). - platform/x86: touchscreen_dmi: Add upside-down quirk for GDIX1002 ts on the Juno Tablet (git-fixes). - power: supply: bq24190_charger: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes). - power: supply: bq27xxx: Add cache parameter to bq27xxx_battery_current_and_status() (git-fixes). - power: supply: bq27xxx: After charger plug in/out wait 0.5s for things to stabilize (git-fixes). - power: supply: bq27xxx: Ensure power_supply_changed() is called on current sign changes (git-fixes). - power: supply: bq27xxx: Fix I2C IRQ race on remove (git-fixes). - power: supply: bq27xxx: Fix poll_interval handling and races on remove (git-fixes). - power: supply: bq27xxx: expose battery data when CI=1 (git-fixes). - power: supply: leds: Fix blink to LED on transition (git-fixes). - power: supply: sbs-charger: Fix INHIBITED bit for Status reg (git-fixes). - powerpc/iommu: DMA address offset is incorrectly calculated with 2MB TCEs (jsc#SLE-19556 git-fixes). - powerpc/rtas: use memmove for potentially overlapping buffer copy (bsc#1065729). - powerpc: Do not try to copy PPR for task with NULL pt_regs (bsc#1065729). - pstore: Revert pmsg_lock back to a normal mutex (git-fixes). - purgatory: fix disabling debug info (git-fixes). - pwm: meson: Fix axg ao mux parents (git-fixes). - pwm: meson: Fix g12a ao clk81 name (git-fixes). - qed/qed_dev: guard against a possible division by zero (jsc#SLE-19001). - qed/qed_mng_tlv: correctly zero out ->min instead of ->hour (jsc#SLE-19001). - qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info (jsc#SLE-19001). - qed: allow sleep in qed_mcp_trace_dump() (jsc#SLE-19001). - qede: execute xdp_do_flush() before napi_complete_done() (jsc#SLE-19001). - r8152: fix flow control issue of RTL8156A (git-fixes). - r8152: fix the poor throughput for 2.5G devices (git-fixes). - r8152: move setting r8153b_rx_agg_chg_indicate() (git-fixes). - regmap: cache: Return error in cache sync operations for REGCACHE_NONE (git-fixes). - regulator: mt6359: add read check for PMIC MT6359 (git-fixes). - regulator: pca9450: Fix BUCK2 enable_mask (git-fixes). - remoteproc: stm32_rproc: Add mutex protection for workqueue (git-fixes). - ring-buffer: Ensure proper resetting of atomic variables in ring_buffer_reset_online_cpus (git-fixes). - ring-buffer: Fix kernel-doc (git-fixes). - ring-buffer: Sync IRQ works before buffer destruction (git-fixes). - rpm/constraints.in: Increase disk size constraint for riscv64 to 52GB - rtmutex: Ensure that the top waiter is always woken up (git-fixes). - s390/ap: fix crash on older machines based on QCI info missing (bsc#1210947) - s390/ctcm: Fix return type of ctc{mp,}m_tx() (git-fixes bsc#1211686). - s390/dasd: fix hanging blockdevice after request requeue (git-fixes bsc#1211687). - s390/extmem: return correct segment type in __segment_load() (bsc#1210450 git-fixes). - s390/kprobes: fix current_kprobe never cleared after kprobes reenter (git-fixes bsc#1211688). - s390/kprobes: fix irq mask clobbering on kprobe reenter from post_handler (git-fixes bsc#1211689). - s390/lcs: Fix return type of lcs_start_xmit() (git-fixes bsc#1211690). - s390/mem_detect: fix detect_memory() error handling (git-fixes bsc#1211691). - s390/netiucv: Fix return type of netiucv_tx() (git-fixes bsc#1211692). - s390/qdio: fix do_sqbs() inline assembly constraint (git-fixes bsc#1211693). - s390/qeth: fix use-after-free in hsci (bsc#1210449 git-fixes). - s390/uaccess: add missing earlyclobber annotations to __clear_user() (bsc#1209856 git-fixes). - s390/vdso: remove -nostdlib compiler flag (git-fixes bsc#1211714). - s390x: Fixed hard lockups while running stress-ng and LPAR hangs (bsc#1195655 ltc#195733). - scsi: core: Improve scsi_vpd_inquiry() checks (git-fixes). - scsi: hisi_sas: Handle NCQ error when IPTT is valid (git-fixes). - scsi: libsas: Add sas_ata_device_link_abort() (git-fixes). - scsi: libsas: Grab the ATA port lock in sas_ata_device_link_abort() (git-fixes). - scsi: lpfc: Add new RCQE status for handling DMA failures (bsc#1211847). - scsi: lpfc: Fix double free in lpfc_cmpl_els_logo_acc() caused by lpfc_nlp_not_used() (bsc#1211847). - scsi: lpfc: Fix verbose logging for SCSI commands issued to SES devices (bsc#1211847). - scsi: lpfc: Match lock ordering of lpfc_cmd->buf_lock and hbalock for abort paths (bsc#1211847). - scsi: lpfc: Replace blk_irq_poll intr handler with threaded IRQ (bsc#1211847). - scsi: lpfc: Update congestion warning notification period (bsc#1211847). - scsi: lpfc: Update lpfc version to 14.2.0.12 (bsc#1211847). - scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS (git-fixes). - scsi: megaraid_sas: Fix fw_crash_buffer_show() (git-fixes). - scsi: qedi: Fix use after free bug in qedi_remove() (git-fixes). - scsi: qla2xxx: Drop redundant pci_enable_pcie_error_reporting() (bsc#1211960). - scsi: qla2xxx: Fix hang in task management (bsc#1211960). - scsi: qla2xxx: Fix mem access after free (bsc#1211960). - scsi: qla2xxx: Fix task management cmd fail due to unavailable resource (bsc#1211960). - scsi: qla2xxx: Fix task management cmd failure (bsc#1211960). - scsi: qla2xxx: Multi-que support for TMF (bsc#1211960). - scsi: qla2xxx: Refer directly to the qla2xxx_driver_template (bsc#1211960). - scsi: qla2xxx: Remove default fabric ops callouts (bsc#1211960). - scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy() (bsc#1211960). - scsi: qla2xxx: Update version to 10.02.08.300-k (bsc#1211960). - scsi: qla2xxx: Wait for io return on terminate rport (bsc#1211960). - scsi: ses: Handle enclosure with just a primary component gracefully (git-fixes). - scsi: storvsc: Do not pass unused PFNs to Hyper-V host (git-fixes). - selftests mount: Fix mount_setattr_test builds failed (git-fixes). - selftests/resctrl: Allow ->setup() to return errors (git-fixes). - selftests/resctrl: Check for return value after write_schemata() (git-fixes). - selftests/resctrl: Extend CPU vendor detection (git-fixes). - selftests/resctrl: Move ->setup() call outside of test specific branches (git-fixes). - selftests/resctrl: Return NULL if malloc_and_init_memory() did not alloc mem (git-fixes). - selftests/sgx: Add "test_encl.elf" to TEST_FILES (git-fixes). - selftests: mptcp: connect: skip if MPTCP is not supported (git-fixes). - selftests: mptcp: pm nl: skip if MPTCP is not supported (git-fixes). - selftests: mptcp: sockopt: skip if MPTCP is not supported (git-fixes). - selftests: seg6: disable DAD on IPv6 router cfg for srv6_end_dt4_l3vpn_test (git-fixes). - selftests: srv6: make srv6_end_dt46_l3vpn_test more robust (git-fixes). - selftests: xsk: Disable IPv6 on VETH1 (git-fixes). - selftets: seg6: disable rp_filter by default in srv6_end_dt4_l3vpn_test (git-fixes). - selinux: do not use make's grouped targets feature yet (git-fixes). - serial: 8250: Reinit port->pm on port specific driver unbind (git-fixes). - serial: 8250_bcm7271: balance clk_enable calls (git-fixes). - serial: 8250_bcm7271: fix leak in `brcmuart_probe` (git-fixes). - serial: 8250_exar: Add support for USR298x PCI Modems (git-fixes). - serial: 8250_tegra: Fix an error handling path in tegra_uart_probe() (git-fixes). - serial: Add support for Advantech PCI-1611U card (git-fixes). - serial: arc_uart: fix of_iomap leak in `arc_serial_probe` (git-fixes). - serial: qcom-geni: fix enabling deactivated interrupt (git-fixes). - serial: stm32: re-introduce an irq flag condition in usart_receive_chars (git-fixes). - sfc: Change VF mac via PF as first preference if available (git-fixes). - sfc: Fix module EEPROM reporting for QSFP modules (git-fixes). - sfc: Fix use-after-free due to selftest_work (git-fixes). - sfc: correctly advertise tunneled IPv6 segmentation (git-fixes). - sfc: ef10: do not overwrite offload features at NIC reset (git-fixes). - sfc: fix TX channel offset when using legacy interrupts (git-fixes). - sfc: fix considering that all channels have TX queues (git-fixes). - sfc: fix null pointer dereference in efx_hard_start_xmit (git-fixes). - sfc: fix wrong tx channel offset with efx_separate_tx_channels (git-fixes). - sfc: include vport_id in filter spec hash and equal() (git-fixes). - smb3: display debug information better for encryption (bsc#1193629). - smb3: fix problem remounting a share after shutdown (bsc#1193629). - smb3: improve parallel reads of large files (bsc#1193629). - smb3: make query_on_disk_id open context consistent and move to common code (bsc#1193629). - smb3: move some common open context structs to smbfs_common (bsc#1193629). - soundwire: qcom: correct setting ignore bit on v1.5.1 (git-fixes). - soundwire: qcom: gracefully handle too many ports in DT (git-fixes). - spi: spi-imx: fix MX51_ECSPI_* macros when cs > 3 (git-fixes). - spi: spi-imx: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes). - staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE (git-fixes). - struct ci_hdrc: hide new member at end (git-fixes). - supported.conf: mark mana_ib supported - swiotlb: relocate PageHighMem test away from rmem_swiotlb_setup (git-fixes). - thunderbolt: Clear registers properly when auto clear isn't in use (bsc#1210165). - thunderbolt: Mask ring interrupt on Intel hardware as well (bsc#1210165). - tools/virtio: compile with -pthread (git-fixes). - tools/virtio: fix the vringh test for virtio ring changes (git-fixes). - tools/virtio: fix virtio_test execution (git-fixes). - tools/virtio: initialize spinlocks in vring_test.c (git-fixes). - tpm, tpm_tis: Claim locality before writing TPM_INT_ENABLE register (git-fixes). - tpm, tpm_tis: Disable interrupts if tpm_tis_probe_irq() failed (git-fixes). - tpm/tpm_tis: Disable interrupts for more Lenovo devices (git-fixes). - tracing: Fix permissions for the buffer_percent file (git-fixes). - tty: serial: fsl_lpuart: use UARTCTRL_TXINV to send break instead of UARTCTRL_SBK (git-fixes). - usb-storage: fix deadlock when a scsi command timeouts more than once (git-fixes). - usb: chipidea: core: fix possible concurrent when switch role (git-fixes). - usb: dwc3: Align DWC3_EP_* flag macros (git-fixes). - usb: dwc3: Fix a repeated word checkpatch warning (git-fixes). - usb: dwc3: Fix ep0 handling when getting reset while doing control transfer (git-fixes). - usb: dwc3: debugfs: Resume dwc3 before accessing registers (git-fixes). - usb: dwc3: drd: use helper to get role-switch-default-mode (git-fixes). - usb: dwc3: ep0: Do not prepare beyond Setup stage (git-fixes). - usb: dwc3: gadget: Delay issuing End Transfer (git-fixes). - usb: dwc3: gadget: Execute gadget stop after halting the controller (git-fixes). - usb: dwc3: gadget: Improve dwc3_gadget_suspend() and dwc3_gadget_resume() (git-fixes). - usb: dwc3: gadget: Only End Transfer for ep0 data phase (git-fixes). - usb: dwc3: gadget: Stall and restart EP0 if host is unresponsive (git-fixes). - usb: dwc3: remove a possible unnecessary 'out of memory' message (git-fixes). - usb: gadget: f_fs: Add unbind event before functionfs_unbind (git-fixes). - usb: gadget: u_ether: Fix host MAC address case (git-fixes). - usb: mtu3: fix kernel panic at qmu transfer done irq handler (git-fixes). - usb: typec: altmodes/displayport: fix pin_assignment_show (git-fixes). - usb: typec: tcpm: fix multiple times discover svids error (git-fixes). - usb: usbfs: Enforce page requirements for mmap (git-fixes). - usb: usbfs: Use consistent mmap functions (git-fixes). - usrmerge: Remove usrmerge compatibility symlink in buildroot (boo#1211796). - vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF (git-fixes). - vdpa: fix use-after-free on vp_vdpa_remove (git-fixes). - vhost/net: Clear the pending messages when the backend is removed (git-fixes). - virtio-net: Keep stop() to follow mirror sequence of open() (git-fixes). - virtio-net: execute xdp_do_flush() before napi_complete_done() (git-fixes). - virtio_net: bugfix overflow inside xdp_linearize_page() (git-fixes). - virtio_net: split free_unused_bufs() (git-fixes). - virtio_net: suppress cpu stall when free_unused_bufs (git-fixes). - watchdog: dw_wdt: Fix the error handling path of dw_wdt_drv_probe() (git-fixes). - watchdog: sp5100_tco: Immediately trigger upon starting (git-fixes). - wifi: ath11k: Fix SKB corruption in REO destination ring (git-fixes). - wifi: ath: Silence memcpy run-time false positive warning (git-fixes). - wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex (git-fixes). - wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace (git-fixes). - wifi: iwlwifi: fix OEM's name in the ppag approved list (git-fixes). - wifi: iwlwifi: fw: fix DBGI dump (git-fixes). - wifi: iwlwifi: mvm: do not trust firmware n_channels (git-fixes). - wifi: iwlwifi: mvm: fix OEM's name in the tas approved list (git-fixes). - wifi: iwlwifi: mvm: fix cancel_delayed_work_sync() deadlock (git-fixes). - wifi: iwlwifi: pcie: Fix integer overflow in iwl_write_to_user_buf (git-fixes). - wifi: iwlwifi: pcie: fix possible NULL pointer dereference (git-fixes). - wifi: mac80211: fix min center freq offset tracing (git-fixes). - wifi: mt76: add flexible polling wait-interval support (git-fixes). - wifi: mt76: mt7921e: Set memory space enable in PCI_COMMAND if unset (git-fixes). - wifi: mt76: mt7921e: fix probe timeout after reboot (git-fixes). - wifi: mt76: mt7921e: improve reliability of dma reset (git-fixes). - wifi: rtl8xxxu: RTL8192EU always needs full init (git-fixes). - workqueue: Fix hung time report of worker pools (bsc#1211044). - workqueue: Interrupted create_worker() is not a repeated event (bsc#1211044). - workqueue: Print backtraces from CPUs with hung CPU bound workqueues (bsc#1211044). - workqueue: Warn when a new worker could not be created (bsc#1211044). - workqueue: Warn when a rescuer could not be created (bsc#1211044). - x86, sched: Fix undefined reference to init_freq_invariance_cppc() build error (git-fixes). - x86/MCE/AMD: Use an u64 for bank_map (git-fixes). - x86/alternative: Make debug-alternative selective (bsc#1206578). - x86/alternative: Report missing return thunk details (git-fixes). - x86/alternative: Support relocations in alternatives (bsc#1206578). - x86/amd: Use IBPB for firmware calls (git-fixes). - x86/boot: Skip realmode init code when running as Xen PV guest (git-fixes). - x86/bugs: Add "unknown" reporting for MMIO Stale Data (git-fixes). - x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available (git-fixes). - x86/bugs: Warn when "ibrs" mitigation is selected on Enhanced IBRS parts (git-fixes). - x86/crash: Disable virt in core NMI crash handler to avoid double shootdown (git-fixes). - x86/delay: Fix the wrong asm constraint in delay_loop() (git-fixes). - x86/entry: Build thunk_$(BITS) only if CONFIG_PREEMPTION=y (git-fixes). - x86/fault: Cast an argument to the proper address space in prefetch() (git-fixes). - x86/fpu/xsave: Initialize offset/size cache early (bsc#1211205). - x86/fpu: Fix copy_xstate_to_uabi() to copy init states correctly (git-fixes). - x86/fpu: Fix the init_fpstate size check with the actual size (git-fixes). - x86/fpu: Use _Alignof to avoid undefined behavior in TYPE_ALIGN (git-fixes). - x86/hyperv: Block root partition functionality in a Confidential VM (git-fixes). - x86/lib/memmove: Decouple ERMS from FSRM (bsc#1206578). - x86/mce: relocate set{clear}_mce_nospec() functions (git-fixes). This is a preparation for the next patch - x86/microcode/AMD: Add a @cpu parameter to the reloading functions (git-fixes). - x86/microcode/AMD: Fix mixed steppings support (git-fixes). - x86/microcode/AMD: Track patch allocation size explicitly (git-fixes). - x86/microcode: Add a parameter to microcode_check() to store CPU capabilities (git-fixes). - x86/microcode: Add explicit CPU vendor dependency (git-fixes). - x86/microcode: Adjust late loading result reporting message (git-fixes). - x86/microcode: Rip out the OLD_INTERFACE (git-fixes). - x86/mm: Cleanup the control_va_addr_alignment() __setup handler (git-fixes). - x86/mm: Use proper mask when setting PUD mapping (git-fixes). - x86/nospec: Unwreck the RSB stuffing (git-fixes). - x86/numa: Use cpumask_available instead of hardcoded NULL check (git-fixes). - x86/pat: Fix x86_has_pat_wp() (git-fixes). - x86/pm: Add enumeration check before spec MSRs save/restore setup (git-fixes). - x86/reboot: Disable SVM, not just VMX, when stopping CPUs (git-fixes). - x86/resctrl: Fix min_cbm_bits for AMD (git-fixes). - x86/sev: Add SEV-SNP guest feature negotiation support (git-fixes). - x86/signal: Fix the value returned by strict_sas_size() (git-fixes). - x86/speculation/mmio: Print SMT warning (git-fixes). - x86/speculation: Identify processors vulnerable to SMT RSB predictions (git-fixes). - x86/static_call: Serialize __static_call_fixup() properly (git-fixes). - x86/syscall: Include asm/ptrace.h in syscall_wrapper header (git-fixes). - x86/topology: Fix duplicated core ID within a package (git-fixes). - x86/topology: Fix multiple packages shown on a single-package system (git-fixes). - x86/tsx: Add a feature bit for TSX control MSR support (git-fixes). - x86: Fix return value of __setup handlers (git-fixes). - x86: drop bogus "cc" clobber from __try_cmpxchg_user_asm() (git-fixes). - xen/netback: do not do grant copy across page boundary (git-fixes). - xen/netback: use same error messages for same errors (git-fixes). - xhci-pci: Only run d3cold avoidance quirk for s2idle (git-fixes). - xhci: Fix incorrect tracking of free space on transfer rings (git-fixes). kernel-default-5.14.21-150400.24.66.1.nosrc.rpm True kernel-default-5.14.21-150400.24.66.1.x86_64.rpm True kernel-default-base-5.14.21-150400.24.66.1.150400.24.29.1.src.rpm True kernel-default-base-5.14.21-150400.24.66.1.150400.24.29.1.x86_64.rpm True kernel-default-devel-5.14.21-150400.24.66.1.x86_64.rpm True kernel-devel-5.14.21-150400.24.66.1.noarch.rpm True kernel-macros-5.14.21-150400.24.66.1.noarch.rpm True kernel-source-5.14.21-150400.24.66.1.src.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2023-2495 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libzypp fixes the following issues: - Fix "Curl error 92" when synchronizing SUSE Manager repositories. [bsc#1212187] - Do not unconditionally release a medium if provideFile failed. [bsc#1211661] libzypp-17.31.13-150400.3.30.1.src.rpm True libzypp-17.31.13-150400.3.30.1.x86_64.rpm True libzypp-devel-17.31.13-150400.3.30.1.x86_64.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2023-2547 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for qemu fixes the following issues: - vCPU stalls in Qemu with NFS storage (bsc#1211000) qemu-6.2.0-150400.37.17.1.src.rpm qemu-tools-6.2.0-150400.37.17.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2647 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for webkit2gtk3 fixes the following issues: Add security patches (bsc#1211846): - CVE-2023-28204: Fixed processing of web content that may disclose sensitive information (bsc#1211659). - CVE-2023-32373: Fixed processing of maliciously crafted web content that may lead to arbitrary code execution (bsc#1211658). libjavascriptcoregtk-4_0-18-2.38.6-150400.4.42.4.x86_64.rpm libwebkit2gtk-4_0-37-2.38.6-150400.4.42.4.x86_64.rpm typelib-1_0-JavaScriptCore-4_0-2.38.6-150400.4.42.4.x86_64.rpm typelib-1_0-WebKit2-4_0-2.38.6-150400.4.42.4.x86_64.rpm typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150400.4.42.4.x86_64.rpm webkit2gtk-4_0-injected-bundles-2.38.6-150400.4.42.4.x86_64.rpm webkit2gtk3-soup2-2.38.6-150400.4.42.4.src.rpm webkit2gtk3-soup2-devel-2.38.6-150400.4.42.4.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2858 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for fonts-config fixes the following issues: - Get the homedir from getpwuid when no $ENV{"HOME"} set (bsc#1210700) fonts-config-20200609+git0.42e2b1b-150000.4.10.1.noarch.rpm fonts-config-20200609+git0.42e2b1b-150000.4.10.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2942 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for gtk3 fixes the following issues: - Fix nautilus crash after entering wrong SMB password (bsc#1211952) gtk3-3.24.34-150400.3.6.1.src.rpm gtk3-data-3.24.34-150400.3.6.1.noarch.rpm gtk3-devel-3.24.34-150400.3.6.1.x86_64.rpm gtk3-lang-3.24.34-150400.3.6.1.noarch.rpm gtk3-schema-3.24.34-150400.3.6.1.noarch.rpm gtk3-tools-3.24.34-150400.3.6.1.x86_64.rpm libgtk-3-0-3.24.34-150400.3.6.1.x86_64.rpm typelib-1_0-Gtk-3_0-3.24.34-150400.3.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2632 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for suseconnect-ng fixes the following issues: - Update to version 1.1.0~git2.f42b4b2a060e: - Keep keepalive timer states when replacing SUSEConnect (bsc#1211588) libsuseconnect-1.1.0~git2.f42b4b2a060e-150400.3.13.1.x86_64.rpm suseconnect-ng-1.1.0~git2.f42b4b2a060e-150400.3.13.1.src.rpm suseconnect-ng-1.1.0~git2.f42b4b2a060e-150400.3.13.1.x86_64.rpm suseconnect-ruby-bindings-1.1.0~git2.f42b4b2a060e-150400.3.13.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2604 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for open-vm-tools fixes the following issues: - CVE-2023-20867: Fixed authentication bypass vulnerability in the vgauth module (bsc#1212143). Bug fixes: - Fixed build problem with grpc 1.54 (bsc#1210695). libvmtools-devel-12.2.0-150300.29.1.x86_64.rpm libvmtools0-12.2.0-150300.29.1.x86_64.rpm open-vm-tools-12.2.0-150300.29.1.src.rpm open-vm-tools-12.2.0-150300.29.1.x86_64.rpm open-vm-tools-salt-minion-12.2.0-150300.29.1.x86_64.rpm open-vm-tools-sdmp-12.2.0-150300.29.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2614 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libX11 fixes the following issues: - CVE-2023-3138: Fixed buffer overflows in InitExt.c (bsc#1212102). libX11-1.6.5-150000.3.30.1.src.rpm libX11-6-1.6.5-150000.3.30.1.x86_64.rpm libX11-data-1.6.5-150000.3.30.1.noarch.rpm libX11-devel-1.6.5-150000.3.30.1.x86_64.rpm libX11-xcb1-1.6.5-150000.3.30.1.x86_64.rpm libX11-xcb1-32bit-1.6.5-150000.3.30.1.x86_64.rpm libX11-6-32bit-1.6.5-150000.3.30.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2616 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for cups fixes the following issues: - CVE-2023-34241: Fixed a use-after-free problem in cupsdAcceptClient() (bsc#1212230). cups-2.2.7-150000.3.46.1.src.rpm cups-2.2.7-150000.3.46.1.x86_64.rpm cups-client-2.2.7-150000.3.46.1.x86_64.rpm cups-config-2.2.7-150000.3.46.1.x86_64.rpm cups-devel-2.2.7-150000.3.46.1.x86_64.rpm libcups2-2.2.7-150000.3.46.1.x86_64.rpm libcups2-32bit-2.2.7-150000.3.46.1.x86_64.rpm libcupscgi1-2.2.7-150000.3.46.1.x86_64.rpm libcupsimage2-2.2.7-150000.3.46.1.x86_64.rpm libcupsmime1-2.2.7-150000.3.46.1.x86_64.rpm libcupsppdc1-2.2.7-150000.3.46.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3190 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for xtrans fixes the following issues: - CVE-2020-25697: Fixed local privilege escalation via TRANS_ABSTRACT on the client side (bsc#1178613). xtrans-1.3.5-150000.3.3.1.noarch.rpm xtrans-1.3.5-150000.3.3.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2994 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for nfs-utils fixes the following issues: - SLE15-SP5 and earlier don't use /usr/lib/modprobe.d (bsc#1200710) - Avoid unhelpful warnings (bsc#1157881) - Fix rpc.nfsd man pages (bsc#1209859) - Allow scope to be set in sysconfig: NFSD_SCOPE nfs-client-2.1.1-150100.10.37.1.x86_64.rpm nfs-doc-2.1.1-150100.10.37.1.x86_64.rpm nfs-kernel-server-2.1.1-150100.10.37.1.x86_64.rpm nfs-utils-2.1.1-150100.10.37.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2856 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for publicsuffix fixes the following issues: - Update to version 20230607 publicsuffix-20230607-150000.3.15.1.noarch.rpm publicsuffix-20230607-150000.3.15.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2671 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for hwloc fixes the following issues: - Remove header files for feature we don't ship (jsc#PED-4156) - Remove libXNVCtrl (bsc#1207545) - Update to version 2.9.0 hwloc-2.9.0-150400.3.6.1.src.rpm hwloc-data-2.9.0-150400.3.6.1.noarch.rpm libhwloc15-2.9.0-150400.3.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2605 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for bluez fixes the following issues: - CVE-2023-27349: Fixed crash while handling unsupported events (bsc#1210398). bluez-5.62-150400.4.13.1.src.rpm bluez-5.62-150400.4.13.1.x86_64.rpm bluez-deprecated-5.62-150400.4.13.1.x86_64.rpm libbluetooth3-5.62-150400.4.13.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2938 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for yast2-apparmor fixes the following issues: - Added missing textdomain (bsc#1211980) - Update to version 4.4.2 yast2-apparmor-4.4.2-150400.3.3.1.noarch.rpm yast2-apparmor-4.4.2-150400.3.3.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2873 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for yast2-users fixes the following issues: - Write the users when using AutoYaST on an installed system (bsc#1211753) - Update to version 4.4.14 yast2-users-4.4.14-150400.3.12.1.src.rpm yast2-users-4.4.14-150400.3.12.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2851 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for rdma-core fixes the following issues: - Update to rdma-core v38.3 (bsc#1204271, bsc#1212069) infiniband-diags-38.3-150400.6.3.1.x86_64.rpm libefa1-38.3-150400.6.3.1.x86_64.rpm libibmad5-38.3-150400.6.3.1.x86_64.rpm libibnetdisc5-38.3-150400.6.3.1.x86_64.rpm libibumad3-38.3-150400.6.3.1.x86_64.rpm libibverbs-38.3-150400.6.3.1.x86_64.rpm libibverbs1-38.3-150400.6.3.1.x86_64.rpm libmlx4-1-38.3-150400.6.3.1.x86_64.rpm libmlx5-1-38.3-150400.6.3.1.x86_64.rpm librdmacm1-38.3-150400.6.3.1.x86_64.rpm rdma-core-38.3-150400.6.3.1.src.rpm rdma-core-38.3-150400.6.3.1.x86_64.rpm rdma-core-devel-38.3-150400.6.3.1.x86_64.rpm rsocket-38.3-150400.6.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2550 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for autoyast2, libsolv, libyui, libzypp, yast2-pkg-bindings ships the update stack to the INSTALLER self-update channel. yast2-pkg-bindings: - Added a new option for rebuilding the RPM database (--rebuilddb) (bsc#1209565) autoyast2: - Selected products are not installed after resetting the package manager internally (bsc#1202234) libyui: - Prevent buffer overflow when drawing very wide labels in ncurses (bsc#1211354) - Fixed loading icons from an absolute path (bsc#1210591) - Fix for main window stacking order to avoid unintentional transparency (bsc#1199020, bsc#1191112) - Force messages from .ui file through our translation mechanism (bsc#1198097) autoyast2-4.4.45-150400.3.19.1.noarch.rpm True autoyast2-4.4.45-150400.3.19.1.src.rpm True autoyast2-installation-4.4.45-150400.3.19.1.noarch.rpm True libsolv-0.7.24-150400.3.8.1.src.rpm True libsolv-devel-0.7.24-150400.3.8.1.x86_64.rpm True libsolv-tools-0.7.24-150400.3.8.1.x86_64.rpm True libyui-4.3.7-150400.3.3.1.src.rpm True libyui-devel-4.3.7-150400.3.3.1.x86_64.rpm True libyui-ncurses-4.3.7-150400.3.3.1.src.rpm True libyui-ncurses-devel-4.3.7-150400.3.3.1.x86_64.rpm True libyui-ncurses-pkg-4.3.7-150400.3.3.1.src.rpm True libyui-ncurses-pkg-devel-4.3.7-150400.3.3.1.x86_64.rpm True libyui-ncurses-pkg16-4.3.7-150400.3.3.1.x86_64.rpm True libyui-ncurses-tools-4.3.7-150400.3.3.1.x86_64.rpm True libyui-ncurses16-4.3.7-150400.3.3.1.x86_64.rpm True libyui-qt-4.3.7-150400.3.3.1.src.rpm True libyui-qt-devel-4.3.7-150400.3.3.1.x86_64.rpm True libyui-qt-graph-4.3.7-150400.3.3.1.src.rpm True libyui-qt-graph-devel-4.3.7-150400.3.3.1.x86_64.rpm True libyui-qt-graph16-4.3.7-150400.3.3.1.x86_64.rpm True libyui-qt16-4.3.7-150400.3.3.1.x86_64.rpm True libyui16-4.3.7-150400.3.3.1.x86_64.rpm True libzck-devel-1.1.16-150400.3.4.1.x86_64.rpm True libzck1-1.1.16-150400.3.4.1.x86_64.rpm True libzypp-17.31.13-150400.3.32.1.src.rpm True libzypp-17.31.13-150400.3.32.1.x86_64.rpm True libzypp-devel-17.31.13-150400.3.32.1.x86_64.rpm True python3-solv-0.7.24-150400.3.8.1.x86_64.rpm True ruby-solv-0.7.24-150400.3.8.1.x86_64.rpm True yast2-pkg-bindings-4.4.6-150400.3.6.1.src.rpm True yast2-pkg-bindings-4.4.6-150400.3.6.1.x86_64.rpm True zchunk-1.1.16-150400.3.4.1.src.rpm True zchunk-1.1.16-150400.3.4.1.x86_64.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2023-2847 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for audit fixes the following issues: - Check for AF_UNIX unnamed sockets (bsc#1210004) - Enable livepatching on main library on x86_64 audit-3.0.6-150400.4.10.1.src.rpm audit-3.0.6-150400.4.10.1.x86_64.rpm audit-audispd-plugins-3.0.6-150400.4.10.1.x86_64.rpm audit-devel-3.0.6-150400.4.10.1.x86_64.rpm audit-secondary-3.0.6-150400.4.10.1.src.rpm libaudit1-3.0.6-150400.4.10.1.x86_64.rpm libauparse0-3.0.6-150400.4.10.1.x86_64.rpm python3-audit-3.0.6-150400.4.10.1.x86_64.rpm system-group-audit-3.0.6-150400.4.10.1.x86_64.rpm libaudit1-32bit-3.0.6-150400.4.10.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3252 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for wireshark fixes the following issues: Update to Wireshark 3.6.15: - Further features, bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-3.6.15.html Security fixes: - CVE-2023-0667: Fixed failure to validate MS-MMS packet length (bsc#1212084). - CVE-2023-0668: Fixed IEEE C37.118 Synchrophasor dissector crash (bsc#1211710). - CVE-2023-2855: Fixed Candump log file parser crash (bsc#1211703). - CVE-2023-2856: Fixed VMS TCPIPtrace file parser crash (bsc#1211707). - CVE-2023-2857: Fixed BLF file parser crash (bsc#1211705). - CVE-2023-2858: Fixed NetScaler file parser crash (bsc#1211706). - CVE-2023-2879: Fixed GDSDB dissector infinite loop (bsc#1211793). - CVE-2023-2952: Fixed XRA dissector infinite loop (bsc#1211844). - CVE-2023-3648: Fixed Kafka dissector crash (bsc#1213319). libwireshark15-3.6.15-150000.3.97.1.x86_64.rpm libwiretap12-3.6.15-150000.3.97.1.x86_64.rpm libwsutil13-3.6.15-150000.3.97.1.x86_64.rpm wireshark-3.6.15-150000.3.97.1.src.rpm wireshark-3.6.15-150000.3.97.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2855 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for openldap2 fixes the following issues: - libldap2 crashes on ldap_sasl_bind_s (bsc#1212260) libldap-2_4-2-2.4.46-150200.14.17.1.x86_64.rpm libldap-data-2.4.46-150200.14.17.1.noarch.rpm openldap2-2.4.46-150200.14.17.1.src.rpm openldap2-client-2.4.46-150200.14.17.1.x86_64.rpm openldap2-devel-2.4.46-150200.14.17.1.x86_64.rpm openldap2-devel-static-2.4.46-150200.14.17.1.x86_64.rpm libldap-2_4-2-32bit-2.4.46-150200.14.17.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3146 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This optional update provides the following feature: - Add additional binaries to PackageHub: mono-core, ghc, ghc-xml-conduit, gstreamer, poppler and python-mccabe. libopenjp2-7-2.3.0-150000.3.10.1.x86_64.rpm libwebp-1.0.3-150200.3.7.3.src.rpm libwebp-devel-1.0.3-150200.3.7.3.x86_64.rpm libwebp7-1.0.3-150200.3.7.3.x86_64.rpm libwebpdecoder3-1.0.3-150200.3.7.3.x86_64.rpm libwebpdemux2-1.0.3-150200.3.7.3.x86_64.rpm libwebpmux3-1.0.3-150200.3.7.3.x86_64.rpm openjpeg2-2.3.0-150000.3.10.1.src.rpm openjpeg2-2.3.0-150000.3.10.1.x86_64.rpm openjpeg2-devel-2.3.0-150000.3.10.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2866 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for python-requests fixes the following issues: - CVE-2023-32681: Fixed unintended leak of Proxy-Authorization header (bsc#1211674). python-requests-2.24.0-150300.3.3.1.src.rpm python3-requests-2.24.0-150300.3.3.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2893 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for wicked fixes the following issues: - Update to version 0.6.73 - Fix arp notify loop and burst sending (boo#1212806) - Allow verify/notify counter and interval configuration - Handle ENOBUFS sending errors (bsc#1203300) - Improve environment variable handling - Refactor firmware extension definition - Enable, disable and revert cli commands - Fix memory leaks, add array/list utils - Ignore WIRELESS_EAP_AUTH within TLS (bsc#1211026) - Cleanup /var/run leftovers in extension scripts (bsc#1194557) - Output formatting improvements and Unicode support - bond: workaround 6.1 kernel enslave regression (bsc#1206674) - Add `wicked firmware` command to improve `ibft`,`nbft`,`redfish` firmware extension and interface handling. - Improve error handling in netif firmware discovery extension execution and extension definition overrides in the wicked-config. - Fix use-after-free in debug mode (bsc#1206447) - Replace transitional `%usrmerged` macro with regular version check (bsc#1206798) - Improve to show `no-carrier` in ifstatus output - Cleanup inclusions and update uapi header to 6.0 - Link mode nwords cleanup and new advertise mode names - Enable raw-ip support for wwan-qmi interfaces (jsc#PED-90) wicked-0.6.73-150400.3.8.1.src.rpm wicked-0.6.73-150400.3.8.1.x86_64.rpm wicked-service-0.6.73-150400.3.8.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2645 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for snapper fixes the following issues: - improved responsiveness of snapperd when a btrfs quota rescan is running (see bsc#1211459) libsnapper-devel-0.8.16-150300.3.6.1.x86_64.rpm libsnapper5-0.8.16-150300.3.6.1.x86_64.rpm pam_snapper-0.8.16-150300.3.6.1.x86_64.rpm snapper-0.8.16-150300.3.6.1.src.rpm snapper-0.8.16-150300.3.6.1.x86_64.rpm snapper-zypp-plugin-0.8.16-150300.3.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2665 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update of cosign fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1206346). cosign-2.0.1-150400.3.11.1.src.rpm cosign-2.0.1-150400.3.11.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2744 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update of rekor fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1206346). rekor-1.2.1-150400.4.14.1.src.rpm rekor-1.2.1-150400.4.14.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2812 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update of geoipupdate fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1206346). geoipupdate-4.2.2-150000.1.12.1.src.rpm geoipupdate-4.2.2-150000.1.12.1.x86_64.rpm geoipupdate-legacy-4.2.2-150000.1.12.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2813 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update of skopeo fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1206346). skopeo-0.1.41-150000.4.18.1.src.rpm skopeo-0.1.41-150000.4.18.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2877 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for dbus-1 fixes the following issues: - CVE-2023-34969: Fixed a possible dbus-daemon crash by an unprivileged users (bsc#1212126). dbus-1-1.12.2-150400.18.8.1.src.rpm dbus-1-1.12.2-150400.18.8.1.x86_64.rpm dbus-1-devel-1.12.2-150400.18.8.1.x86_64.rpm dbus-1-x11-1.12.2-150400.18.8.1.src.rpm dbus-1-x11-1.12.2-150400.18.8.1.x86_64.rpm libdbus-1-3-1.12.2-150400.18.8.1.x86_64.rpm libdbus-1-3-32bit-1.12.2-150400.18.8.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2772 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libzypp, zypper fixes the following issues: libzypp was updated to version 17.31.14 (22): - Curl: trim all custom headers (bsc#1212187) HTTP/2 RFC 9113 forbids fields ending with a space. So we make sure all custom headers are trimmed. This also includes headers returned by URL-Resolver plugins. - build: honor libproxy.pc's includedir (bsc#1212222) zypper was updated to version 1.14.61: - targetos: Add an error note if XPath:/product/register/target is not defined in /etc/products.d/baseproduct (bsc#1211261) - targetos: Update help and man page (bsc#1211261) libzypp-17.31.14-150400.3.35.1.src.rpm True libzypp-17.31.14-150400.3.35.1.x86_64.rpm True libzypp-devel-17.31.14-150400.3.35.1.x86_64.rpm True zypper-1.14.61-150400.3.24.1.src.rpm True zypper-1.14.61-150400.3.24.1.x86_64.rpm True zypper-log-1.14.61-150400.3.24.1.noarch.rpm True zypper-needs-restarting-1.14.61-150400.3.24.1.noarch.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2023-2827 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) libxml2-2-2.9.14-150400.5.19.1.x86_64.rpm libxml2-2.9.14-150400.5.19.1.src.rpm libxml2-devel-2.9.14-150400.5.19.1.x86_64.rpm libxml2-python-2.9.14-150400.5.19.1.src.rpm libxml2-tools-2.9.14-150400.5.19.1.x86_64.rpm python-rpm-generators-20230403.29b58f8-150400.3.9.1.noarch.rpm python-rpm-macros-20230403.29b58f8-150400.3.9.1.noarch.rpm python-rpm-macros-20230403.29b58f8-150400.3.9.1.src.rpm python3-libxml2-2.9.14-150400.5.19.1.x86_64.rpm libxml2-2-32bit-2.9.14-150400.5.19.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3205 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for yast2-installation fixes the following issues: - Don't always enable sshd and open the ssh port (bsc#1211764) - Update to version 4.4.59 yast2-installation-4.4.59-150400.3.18.1.noarch.rpm yast2-installation-4.4.59-150400.3.18.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2984 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for scap-security-guide fixes the following issues: - scap-security-guide was updated to 0.1.68 (jsc#ECO-3319) - Bump OL8 STIG version to V1R6 - Introduce a Product class, make the project work with it - Introduce Fedora and Firefox CaC profiles for common workstation users - OL7 DISA STIG v2r11 update - Publish rendered policy artifacts - Update ANSSI BP-028 to version 2.0 - scap-security-guide was updated to 0.1.67 (jsc#ECO-3319) - Add utils/controlrefcheck.py - RHEL 9 STIG Update Q1 2023 - Include warning for NetworkManager keyfiles in RHEL9 - OL7 stig v2r10 update - Bump version of OL8 STIG to V1R5 - various enhancements to SLE profiles scap-security-guide-0.1.68-150000.1.59.1.noarch.rpm scap-security-guide-0.1.68-150000.1.59.1.src.rpm scap-security-guide-debian-0.1.68-150000.1.59.1.noarch.rpm scap-security-guide-redhat-0.1.68-150000.1.59.1.noarch.rpm scap-security-guide-ubuntu-0.1.68-150000.1.59.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2954 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for bind fixes the following issues: - CVE-2023-2828: Fixed denial-of-service against recursive resolvers related to cache-cleaning algorithm (bsc#1212544). bind-9.16.6-150300.22.30.1.src.rpm libbind9-1600-9.16.6-150300.22.30.1.x86_64.rpm libdns1605-9.16.6-150300.22.30.1.x86_64.rpm libirs1601-9.16.6-150300.22.30.1.x86_64.rpm libisc1606-9.16.6-150300.22.30.1.x86_64.rpm libisccc1600-9.16.6-150300.22.30.1.x86_64.rpm libisccfg1600-9.16.6-150300.22.30.1.x86_64.rpm libns1604-9.16.6-150300.22.30.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2998 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libdb-4_8 fixes the following issues: - Fix incomplete license tag (bsc#1099695) db48-utils-4.8.30-150000.7.9.1.x86_64.rpm libdb-4_8-4.8.30-150000.7.9.1.src.rpm libdb-4_8-4.8.30-150000.7.9.1.x86_64.rpm libdb-4_8-devel-4.8.30-150000.7.9.1.x86_64.rpm libdb-4_8-32bit-4.8.30-150000.7.9.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2715 critical SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for yast2-network fixes the following issues: - bsc#1211431 - Do not crash installation when storing vlan configuration into NetworkManager - 4.4.58 yast2-network-4.4.58-150400.3.24.1.noarch.rpm yast2-network-4.4.58-150400.3.24.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3314 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for skopeo fixes the following issues: skopeo was updated to version 1.12.0. skopeo-1.12.0-150300.11.3.3.src.rpm skopeo-1.12.0-150300.11.3.3.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2767 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for dracut fixes the following issues: - Update to version 055+suse.344.g3d5cd8fb - Continue parsing if ldd prints "cannot execute binary file" (bsc#1212662) dracut-055+suse.344.g3d5cd8fb-150400.3.25.1.src.rpm dracut-055+suse.344.g3d5cd8fb-150400.3.25.1.x86_64.rpm dracut-fips-055+suse.344.g3d5cd8fb-150400.3.25.1.x86_64.rpm dracut-ima-055+suse.344.g3d5cd8fb-150400.3.25.1.x86_64.rpm dracut-mkinitrd-deprecated-055+suse.344.g3d5cd8fb-150400.3.25.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3468 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for python3 fixes the following issue: - Rename sources in preparation of python3.11 (jsc#PED-68) python3-Flask-1.0.4-150400.7.64.noarch.rpm python3-Flask-1.0.4-150400.7.64.src.rpm python3-Flask-Migrate-2.4.0-150400.14.69.noarch.rpm python3-Flask-Migrate-2.4.0-150400.14.69.src.rpm python3-M2Crypto-0.38.0-150400.7.64.src.rpm python3-M2Crypto-0.38.0-150400.7.64.x86_64.rpm python3-Sphinx_4_2_0-4.2.0-150400.21.26.noarch.rpm python3-Sphinx_4_2_0-4.2.0-150400.21.26.src.rpm python3-atspi-2.38.2-150400.5.68.noarch.rpm python3-atspi-2.38.2-150400.5.68.src.rpm python3-dasbus-1.6-150400.5.69.noarch.rpm python3-dasbus-1.6-150400.5.69.src.rpm python3-dmidecode-3.12.2-150400.18.64.src.rpm python3-dmidecode-3.12.2-150400.18.64.x86_64.rpm python3-dulwich-0.20.24-150400.5.67.src.rpm python3-dulwich-0.20.24-150400.5.67.x86_64.rpm python3-fastimport-0.9.8-150400.5.69.noarch.rpm python3-fastimport-0.9.8-150400.5.69.src.rpm python3-gobject-3.42.2-150400.10.23.src.rpm python3-gobject-3.42.2-150400.10.23.x86_64.rpm python3-gobject-Gdk-3.42.2-150400.10.23.x86_64.rpm python3-gobject-cairo-3.42.2-150400.10.23.x86_64.rpm python3-gobject2-2.28.7-150400.14.6.46.src.rpm python3-gobject2-2.28.7-150400.14.6.46.x86_64.rpm python3-ldap-3.4.0-150400.5.69.src.rpm python3-ldap-3.4.0-150400.5.69.x86_64.rpm python3-libvirt-python-8.0.0-150400.5.69.src.rpm python3-libvirt-python-8.0.0-150400.5.69.x86_64.rpm python3-more-itertools-8.10.0-150400.5.69.noarch.rpm python3-more-itertools-8.10.0-150400.5.69.src.rpm python3-notify2-0.3.1-150400.5.68.noarch.rpm python3-notify2-0.3.1-150400.5.68.src.rpm python3-numpy-1.17.3-150400.28.37.src.rpm python3-numpy-1.17.3-150400.28.37.x86_64.rpm python3-numpy-devel-1.17.3-150400.28.37.x86_64.rpm python3-ordered-set-4.0.2-150400.8.34.noarch.rpm python3-ordered-set-4.0.2-150400.8.34.src.rpm python3-patiencediff-0.2.0-150400.5.69.src.rpm python3-patiencediff-0.2.0-150400.5.69.x86_64.rpm python3-pexpect-4.8.0-150400.17.64.noarch.rpm python3-pexpect-4.8.0-150400.17.64.src.rpm python3-pyOpenSSL-21.0.0-150400.7.62.noarch.rpm python3-pyOpenSSL-21.0.0-150400.7.62.src.rpm python3-pycairo-1.20.1-150400.5.69.src.rpm python3-pycairo-1.20.1-150400.5.69.x86_64.rpm python3-python-gnupg-0.4.7-150400.5.69.noarch.rpm python3-python-gnupg-0.4.7-150400.5.69.src.rpm python3-python3-saml-1.7.0-150400.12.69.noarch.rpm python3-python3-saml-1.7.0-150400.12.69.src.rpm python3-pyudev-0.22.0+git.1642212208.d5630bf-150400.5.50.noarch.rpm python3-pyudev-0.22.0+git.1642212208.d5630bf-150400.5.50.src.rpm python3-semanage-3.1-150400.5.69.src.rpm python3-semanage-3.1-150400.5.69.x86_64.rpm python3-sip-6.5.0-150400.5.69.src.rpm python3-sip-devel-6.5.0-150400.5.69.noarch.rpm python3-sip6-6.5.0-150400.9.3.92.src.rpm python3-sip6-devel-6.5.0-150400.9.3.92.x86_64.rpm python3-sphinxcontrib-applehelp-1.0.2-150400.5.69.noarch.rpm python3-sphinxcontrib-applehelp-1.0.2-150400.5.69.src.rpm python3-sphinxcontrib-devhelp-1.0.2-150400.5.69.noarch.rpm python3-sphinxcontrib-devhelp-1.0.2-150400.5.69.src.rpm python3-sphinxcontrib-htmlhelp-2.0.0-150400.5.69.noarch.rpm python3-sphinxcontrib-htmlhelp-2.0.0-150400.5.69.src.rpm python3-sphinxcontrib-jsmath-1.0.1-150400.5.69.noarch.rpm python3-sphinxcontrib-jsmath-1.0.1-150400.5.69.src.rpm python3-sphinxcontrib-qthelp-1.0.3-150400.5.69.noarch.rpm python3-sphinxcontrib-qthelp-1.0.3-150400.5.69.src.rpm python3-sphinxcontrib-serializinghtml-1.1.5-150400.5.69.noarch.rpm python3-sphinxcontrib-serializinghtml-1.1.5-150400.5.69.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2765 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libcap fixes the following issues: - CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). libcap-2.63-150400.3.3.1.src.rpm libcap-devel-2.63-150400.3.3.1.x86_64.rpm libcap-progs-2.63-150400.3.3.1.x86_64.rpm libcap2-2.63-150400.3.3.1.x86_64.rpm libpsx2-2.63-150400.3.3.1.x86_64.rpm libcap2-32bit-2.63-150400.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2977 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for wayland fixes the following issues: - Update to version 1.21 (PED-2423) - New wl_pointer high-resolution scroll event, new convenience functions, collection of bug fixes libwayland-client0-1.21.0-150400.3.6.1.x86_64.rpm libwayland-cursor0-1.21.0-150400.3.6.1.x86_64.rpm libwayland-egl1-99~1.21.0-150400.3.6.1.x86_64.rpm libwayland-server0-1.21.0-150400.3.6.1.x86_64.rpm wayland-1.21.0-150400.3.6.1.src.rpm wayland-devel-1.21.0-150400.3.6.1.x86_64.rpm libwayland-client0-32bit-1.21.0-150400.3.6.1.x86_64.rpm libwayland-server0-32bit-1.21.0-150400.3.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3145 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for salt fixes the following issues: Security fixes: - CVE-2023-28370: Fix an open redirect vulnerability in 'StaticFileHandler' under certain configurations (bsc#1211741) Bug fixes: - Prevent error loading 'known_hosts' when '$HOME' is not set (bsc#1210994) - Fix ModuleNotFoundError and other issues raised by salt-support module (bsc#1211591) python3-salt-3006.0-150400.8.37.2.x86_64.rpm True salt-3006.0-150400.8.37.2.src.rpm True salt-3006.0-150400.8.37.2.x86_64.rpm True salt-bash-completion-3006.0-150400.8.37.2.noarch.rpm True salt-doc-3006.0-150400.8.37.2.x86_64.rpm True salt-minion-3006.0-150400.8.37.2.x86_64.rpm True salt-zsh-completion-3006.0-150400.8.37.2.noarch.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2023-3144 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update fixes the following issues: python-tornado: - Security fixes: * CVE-2023-28370: Fixed an open redirect issue in the static file handler (bsc#1211741) prometheus-blackbox_exporter: - Use obscpio for go modules service - Set version number - Set build date from SOURCE_DATE_EPOCH - Update to 0.24.0 (bsc#1212279, jsc#PED-4556) * Requires go1.19 - Avoid empty validation script - Add rc symlink for backwards compatibility spacecmd: - Version 4.3.22-1 * Bypass traditional systems check on older SUMA instances (bsc#1208612) python-tornado-4.5.3-150000.3.6.1.src.rpm python3-tornado-4.5.3-150000.3.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2779 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for system-role-common-criteria, yast2-storage-ng fixes the following issues: system-role-common-criteria was updated to 15.4.2: - Set the encryption password directly from the role dialog (jsc#PED-4166, jsc#PED-4474) yast2-storage-ng was updated to 4.4.44: - Honor encryption settings if they are set into ProductFeatures by the Common Critera role (jsc#PED-4166, jsc#PED-4474). - Prevent setting the volume label for a mounted btrfs or swap (bsc#1211337) yast2-storage-ng-4.4.44-150400.3.13.1.src.rpm yast2-storage-ng-4.4.44-150400.3.13.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3027 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libteam fixes the following issues: - Add option to change evaluation logic of multiple link-watchers (jsc#PED-2209) libteam-1.27-150000.4.9.1.src.rpm libteam-devel-1.27-150000.4.9.1.x86_64.rpm libteam5-1.27-150000.4.9.1.x86_64.rpm libteamdctl0-1.27-150000.4.9.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3330 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for python-pyasn1 fixes the following issues: - To avoid users of this package having to recompile bytecode files, change the mtime of any __init__.py. (bsc#1207805) python-pyasn1-0.4.2-150000.3.5.1.src.rpm python3-pyasn1-0.4.2-150000.3.5.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2829 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for ghostscript fixes the following issues: - CVE-2023-36664: Fixed permission validation mishandling for pipe devices with the %pipe% prefix or the | pipe character prefix (bsc#1212711). ghostscript-9.52-150000.167.1.src.rpm ghostscript-9.52-150000.167.1.x86_64.rpm ghostscript-devel-9.52-150000.167.1.x86_64.rpm ghostscript-x11-9.52-150000.167.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2800 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for openssl-1_1 fixes the following issues: - Check the OCSP RESPONSE in openssl s_client command and terminate connection if a revoked certificate is found. [bsc#1212623] libopenssl-1_1-devel-1.1.1l-150400.7.45.1.x86_64.rpm libopenssl-1_1-devel-32bit-1.1.1l-150400.7.45.1.x86_64.rpm libopenssl1_1-1.1.1l-150400.7.45.1.x86_64.rpm libopenssl1_1-32bit-1.1.1l-150400.7.45.1.x86_64.rpm libopenssl1_1-hmac-1.1.1l-150400.7.45.1.x86_64.rpm libopenssl1_1-hmac-32bit-1.1.1l-150400.7.45.1.x86_64.rpm openssl-1_1-1.1.1l-150400.7.45.1.src.rpm openssl-1_1-1.1.1l-150400.7.45.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2788 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nspr was updated to version 4.35 * fixes for building with clang * use the number of online processors for the PR_GetNumberOfProcessors() API on some platforms * fix build on mips+musl libc * Add support for the LoongArch 64-bit architecture mozilla-nss was update to NSS 3.90: * clang-format lib/freebl/stubs.c * Add a constant time select function * Updating an old dbm with lots of certs with keys to sql results in a database that is slow to access. * output early build errors by default * Update the technical constraints for KamuSM * Add BJCA Global Root CA1 and CA2 root certificates * Enable default UBSan Checks * Add explicit handling of zero length records * Tidy up DTLS ACK Error Handling Path * Refactor zero length record tests * Fix compiler warning via correct assert * run linux tests on nss-t/t-linux-xlarge-gcp * In FIPS mode, nss should reject RSASSA-PSS salt lengths larger than the output size of the hash function used, or provide an indicator * Fix reading raw negative numbers * Repairing unreachable code in clang built with gyp * Integrate Vale Curve25519 * Removing unused flags for Hacl* * Adding a better error message * Update HACL* till 51a72a953a4ee6f91e63b2816ae5c4e62edf35d6 * Fall back to the softokn when writing certificate trust * FIPS-104-3 requires we restart post programmatically * cmd/ecperf: fix dangling pointer warning on gcc 13 * Update ACVP dockerfile for compatibility with debian package changes * Add a CI task for tracking ECCKiila code status, update whitespace in ECCKiila files * Removed deprecated sprintf function and replaced with snprintf * fix rst warnings in nss doc * Fix incorrect pygment style * Change GYP directive to apply across platforms * Add libsmime3 abi-check exception for NSS_CMSSignerInfo_GetDigestAlgTag - Merge the libfreebl3-hmac and libsoftokn3-hmac packages into the respective libraries. (bsc#1185116) update to NSS 3.89.1 * Update the technical constraints for KamuSM. * Add BJCA Global Root CA1 and CA2 root certificates. update to NSS 3.89 * revert freebl/softoken RSA_MIN_MODULUS_BITS increase * PR_STATIC_ASSERT is cursed * Need to add policy control to keys lengths for signatures * Fix unreachable code warning in fuzz builds * Fix various compiler warnings in NSS * Enable various compiler warnings for clang builds * set PORT error after sftk_HMACCmp failure * Need to add policy control to keys lengths for signatures * remove data length assertion in sec_PKCS7Decrypt * Make high tag number assertion failure an error * CKM_SHA384_KEY_DERIVATION correction maximum key length from 284 to 384 * Tolerate certificate_authorities xtn in ClientHello * Fix build failure on Windows * migrate Win 2012 tasks to Azure * fix title length in doc * Add interop tests for HRR and PSK to GREASE suite * Add presence/absence tests for TLS GREASE * Correct addition of GREASE value to ALPN xtn * CH extension permutation * TLS GREASE (RFC8701) * improve handling of unknown PKCS#12 safe bag types * use a different treeherder symbol for each docker image build task * remove nested table in rst doc * Export NSS_CMSSignerInfo_GetDigestAlgTag * build failure while implicitly casting SECStatus to PRUInt32 update to NSS 3.88.1 * improve handling of unknown PKCS#12 safe bag types update to NSS 3.88 * remove nested table in rst doc * Export NSS_CMSSignerInfo_GetDigestAlgTag. * build failure while implicitly casting SECStatus to PRUInt32 * Add check for ClientHello SID max length * Added EarlyData ALPN test support to BoGo shim * ECH client - Discard resumption TLS < 1.3 Session(IDs|Tickets) if ECH configs are setup * On HRR skip PSK incompatible with negotiated ciphersuites hash algorithm * ECH client: Send ech_required alert on server negotiating TLS 1.2. Fixed misleading Gtest, enabled corresponding BoGo test * Added Bogo ECH rejection test support * Added ECH 0Rtt support to BoGo shim * RSA OAEP Wycheproof JSON * RSA decrypt Wycheproof JSON * ECDSA Wycheproof JSON * ECDH Wycheproof JSON * PKCS#1v1.5 wycheproof json * Use X25519 wycheproof json * Move scripts to python3 * Properly link FuzzingEngine for oss-fuzz. * Extending RSA-PSS bltest test coverage (Adding SHA-256 and SHA-384) * NSS needs to move off of DSA for integrity checks * Add initial testing with ACVP vector sets using acvp-rust * Don't clone libFuzzer, rely on clang instead update to NSS 3.87 * NULL password encoding incorrect * Fix rng stub signature for fuzzing builds * Updating the compiler parsing for build * Modification of supported compilers * tstclnt crashes when accessing gnutls server without a user cert in the database. * Add configuration option to enable source-based coverage sanitizer * Update ECCKiila generated files. * Add support for the LoongArch 64-bit architecture * add checks for zero-length RSA modulus to avoid memory errors and failed assertions later * Additional zero-length RSA modulus checks update to NSS 3.86 * conscious language removal in NSS * Set nssckbi version number to 2.60 * Set CKA_NSS_SERVER_DISTRUST_AFTER and CKA_NSS_EMAIL_DISTRUST_AFTER for 3 TrustCor Root Certificates * Remove Staat der Nederlanden EV Root CA from NSS * Remove EC-ACC root cert from NSS * Remove SwissSign Platinum CA - G2 from NSS * Remove Network Solutions Certificate Authority * compress docker image artifact with zstd * Migrate nss from AWS to GCP * Enable static builds in the CI * Removing SAW docker from the NSS build system * Initialising variables in the rsa blinding code * Implementation of the double-signing of the message for ECDSA * Adding exponent blinding for RSA. update to NSS 3.85 * Modification of the primes.c and dhe-params.c in order to have better looking tables * Update zlib in NSS to 1.2.13 * Skip building modutil and shlibsign when building in Firefox * Mark _nss_version_c unused on clang-cl * bmo#1795668 - Remove redundant variable definitions in lowhashtest * Add note about python executable to build instructions. update to NSS 3.84 * Bump minimum NSPR version to 4.35 * Add a flag to disable building libnssckbi. update to NSS 3.83 * Remove set-but-unused variables from SEC_PKCS12DecoderValidateBags * Set nssckbi version number to 2.58 * Add two SECOM root certificates to NSS * Add two DigitalSign root certificates to NSS * Remove Camerfirma Global Chambersign Root from NSS * Added bug reference and description to disabled UnsolicitedServerNameAck bogo ECH test * Removed skipping of ECH on equality of private and public server name * Added comment and bug reference to ECHRandomHRRExtension bogo test * Added Bogo shim client HRR test support. Fixed overwriting of CHInner.random on HRR * Added check for server only sending ECH extension with retry configs in EncryptedExtensions and if not accepting ECH. Changed config setting behavior to skip configs with unsupported mandatory extensions instead of failing * Added ECH client support to BoGo shim. Changed CHInner creation to skip TLS 1.2 only extensions to comply with BoGo * Added ECH server support to BoGo shim. Fixed NSS ECH server accept_confirmation bugs * Update BoGo tests to recent BoringSSL version * Bump minimum NSPR version to 4.34.1 update to NSS 3.82 * check for null template in sec_asn1{d,e}_push_state * QuickDER: Forbid NULL tags with non-zero length * Initialize local variables in TlsConnectTestBase::ConnectAndCheckCipherSuite * Cast the result of GetProcAddress * pk11wrap: Tighten certificate lookup based on PKCS #11 URI. update to NSS 3.81 * Enable aarch64 hardware crypto support on OpenBSD * make NSS_SecureMemcmp 0/1 valued * Add no_application_protocol alert handler and test client error code is set * Gracefully handle null nickname in CERT_GetCertNicknameWithValidity * required for Firefox 104 - raised NSPR requirement to 4.34.1 - changing some Requires from (pre) to generic as (pre) is not sufficient (bsc#1202118) update to NSS 3.80 * Fix SEC_ERROR_ALGORITHM_MISMATCH entry in SECerrs.h. * Add support for asynchronous client auth hooks. * nss-policy-check: make unknown keyword check optional. * GatherBuffer: Reduced plaintext buffer allocations by allocating it on initialization. Replaced redundant code with assert. Debug builds: Added buffer freeing/allocation for each record. * Mark 3.79 as an ESR release. * Bump nssckbi version number for June. * Remove Hellenic Academic 2011 Root. * Add E-Tugra Roots. * Add Certainly Roots. * Add DigitCert Roots. * Protect SFTKSlot needLogin with slotLock. * Compare signature and signatureAlgorithm fields in legacy certificate verifier. * Uninitialized value in cert_VerifyCertChainOld. * Unchecked return code in sec_DecodeSigAlg. * Uninitialized value in cert_ComputeCertType. * Avoid data race on primary password change. * Replace ppc64 dcbzl intrinisic. * Allow LDFLAGS override in makefile builds. mozilla-nspr-4.35-150000.3.29.1.src.rpm mozilla-nspr-4.35-150000.3.29.1.x86_64.rpm mozilla-nspr-devel-4.35-150000.3.29.1.x86_64.rpm mozilla-nspr-32bit-4.35-150000.3.29.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2900 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libnss_nis fixes the following issues: - Update to version 3.2 - Do not call malloc_usable_size [bsc#1207551] - Drop an upstreamed patch libnss_nis-3.2-150000.3.6.1.src.rpm libnss_nis2-3.2-150000.3.6.1.x86_64.rpm libnss_nis2-32bit-3.2-150000.3.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2820 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335). - CVE-2023-3389: Fixed a use-after-free vulnerability in the io_uring subsystem (bsc#1212838). - CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842). - CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c (bsc#1212051). - CVE-2023-3212: Fixed a NULL pointer dereference flaw in the gfs2 file system (bsc#1212265). - CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated Sensor Hub (ISH) driver (bsc#1212606). - CVE-2023-3357: Fixed a NULL pointer dereference flaw in the AMD Sensor Fusion Hub driver (bsc#1212605). - CVE-2023-35828: Fixed a use-after-free flaw in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c (bsc#1212513). - CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that allowed a local user to crash the system (bsc#1209039). - CVE-2023-35829: Fixed a use-after-free flaw in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c (bsc#1212495). - CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212504). - CVE-2023-35823: Fixed a use-after-free flaw in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c (bsc#1212494). - CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154). - CVE-2023-21102: Fixed possible bypass of shadow stack protection in __efi_rt_asm_wrapper of efi-rt-wrapper.S (bsc#1212155). - CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129). - CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600). The following non-security bugs were fixed: - Drop dvb-core fix patch due to a bug (bsc#1205758). - Enable kernel modules bttv bt878 and snd-bt878 (jsc#PED-3931). - Fix missing top level chapter numbers on SLE12 SP5 (bsc#1212158). - Fix usrmerge error (boo#1211796). - Generalize kernel-doc build requirements. - Get module prefix from kmod (bsc#1212835). - Remove orphaned CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT (bsc#1189998 git-fixes). - Revert "mtd: rawnand: arasan: Prevent an unsupported configuration" (git-fixes). - Revert "net: phy: dp83867: perform soft reset and retain established link" (git-fixes). - Squashfs: fix handling and sanity checking of xattr_ids count (git-fixes). - Update the Mellanox/Nvidia mlx5_core driver (jsc#SLE-19253). - acpi: sleep: Avoid breaking S3 wakeup due to might_sleep() (git-fixes). - affs: initialize fsdata in affs_truncate() (git-fixes). - alsa: ac97: Fix possible NULL dereference in snd_ac97_mixer (git-fixes). - alsa: hda/realtek: Add "Intel Reference board" and "NUC 13" SSID in the ALC256 (git-fixes). - alsa: hda/realtek: Add Lenovo P3 Tower platform (git-fixes). - alsa: hda/realtek: Add a quirk for Compaq N14JP6 (git-fixes). - alsa: hda/realtek: Add a quirk for HP Slim Desktop S01 (git-fixes). - alsa: hda/realtek: Add quirk for ASUS ROG G634Z (git-fixes). - alsa: hda/realtek: Add quirk for ASUS ROG GV601V (git-fixes). - alsa: hda/realtek: Add quirk for Clevo NS50AU (git-fixes). - alsa: hda/realtek: Add quirks for ASUS GU604V and GU603V (git-fixes). - alsa: hda/realtek: Add quirks for Asus ROG 2024 laptops using CS35L41 (git-fixes). - alsa: hda/realtek: Add quirks for ROG ALLY CS35l41 audio (git-fixes). - alsa: hda/realtek: Enable 4 amplifiers instead of 2 on a HP platform (git-fixes). - alsa: hda/realtek: Enable mute/micmute LEDs and limit mic boost on EliteBook (git-fixes). - alsa: hda: Glenfly: add HD Audio PCI IDs and HDMI Codec Vendor IDs (git-fixes). - alsa: oss: avoid missing-prototype warnings (git-fixes). - alsa: usb-audio: Add quirk flag for HEM devices to enable native DSD playback (git-fixes). - alsa: usb-audio: Fix broken resume due to UAC3 power state (git-fixes). - amdgpu: validate offset_in_bo of drm_amdgpu_gem_va (git-fixes). - arm64: Add missing Set/Way CMO encodings (git-fixes). - arm64: Always load shadow stack pointer directly from the task struct (git-fixes) - arm64: Stash shadow stack pointer in the task struct on interrupt (git-fixes) - arm64: dts: Move BCM4908 dts to bcmbca folder (git-fixes) - arm64: dts: broadcom: bcmbca: bcm4908: fix NAND interrupt name (git-fixes) - arm64: dts: broadcom: bcmbca: bcm4908: fix procmon nodename (git-fixes) - arm64: dts: imx8-ss-dma: assign default clock rate for lpuarts (git-fixes). - arm64: dts: imx8mn-beacon: Fix SPI CS pinmux (git-fixes). - arm64: dts: imx8mn-var-som: fix PHY detection bug by adding deassert (git-fixes) - arm64: dts: imx8qm-mek: correct GPIOs for USDHC2 CD and WP signals (git-fixes). - arm64: dts: qcom: sc7180-lite: Fix SDRAM freq for misidentified sc7180-lite boards (git-fixes). - arm: 9295/1: unwind:fix unwind abort for uleb128 case (git-fixes) - arm: cpu: Switch to arch_cpu_finalize_init() (bsc#1212448). - arm: dts: Fix erroneous ADS touchscreen polarities (git-fixes). - arm: dts: vexpress: add missing cache properties (git-fixes). - asoc: codecs: wsa881x: do not set can_multi_write flag (git-fixes). - asoc: dwc: limit the number of overrun messages (git-fixes). - asoc: dwc: move DMA init to snd_soc_dai_driver probe() (git-fixes). - asoc: es8316: Do not set rate constraints for unsupported MCLKs (git-fixes). - asoc: es8316: Increment max value for ALC Capture Target Volume control (git-fixes). - asoc: imx-audmix: check return value of devm_kasprintf() (git-fixes). - asoc: mediatek: mt8173: Fix irq error path (git-fixes). - asoc: nau8824: Add quirk to active-high jack-detect (git-fixes). - asoc: simple-card: Add missing of_node_put() in case of error (git-fixes). - asoc: soc-pcm: test if a BE can be prepared (git-fixes). - asoc: ssm2602: Add workaround for playback distortions (git-fixes). - ath6kl: Use struct_group() to avoid size-mismatched casting (git-fixes). - batman-adv: Broken sync while rescheduling delayed work (git-fixes). - binfmt_elf: Take the mmap lock when walking the VMA list (bsc#1209039 CVE-2023-1249). - bluetooth: Fix l2cap_disconnect_req deadlock (git-fixes). - bluetooth: Fix use-after-free in hci_remove_ltk/hci_remove_irk (git-fixes). - bluetooth: L2CAP: Add missing checks for invalid DCID (git-fixes). - bluetooth: hci_qca: fix debugfs registration (git-fixes). - bnxt_en: Do not issue AP reset during ethtool's reset operation (git-fixes). - bnxt_en: Implement .set_port / .unset_port UDP tunnel callbacks (git-fixes). - bnxt_en: Query default VLAN before VNIC setup on a VF (git-fixes). - bnxt_en: Skip firmware fatal error recovery if chip is not accessible (git-fixes). - bpf, arm64: Call build_prologue() first in first JIT pass (git-fixes) - bpf, arm64: Clear prog->jited_len along prog->jited (git-fixes) - bpf, arm64: Feed byte-offset into bpf line info (git-fixes) - bpf, arm64: Use emit_addr_mov_i64() for BPF_PSEUDO_FUNC (git-fixes) - bpf: Add extra path pointer check to d_path helper (git-fixes). - bpf: Fix UAF in task local storage (bsc#1212564). - btrfs: unset reloc control if transaction commit fails in prepare_to_relocate() (bsc#1212051 CVE-2023-3111). - bus: fsl-mc: fsl-mc-allocator: Drop a write-only variable (git-fixes). - bus: ti-sysc: Fix dispc quirk masking bool variables (git-fixes). - can: isotp: isotp_sendmsg(): fix return error fix on TX path (git-fixes). - can: j1939: avoid possible use-after-free when j1939_can_rx_register fails (git-fixes). - can: j1939: change j1939_netdev_lock type to mutex (git-fixes). - can: j1939: j1939_sk_send_loop_abort(): improved error queue handling in J1939 Socket (git-fixes). - can: kvaser_pciefd: Remove handler for unused KVASER_PCIEFD_PACK_TYPE_EFRAME_ACK (git-fixes). - can: kvaser_pciefd: Remove useless write to interrupt register (git-fixes). - can: length: fix bitstuffing count (git-fixes). - can: length: fix description of the RRS field (git-fixes). - can: length: make header self contained (git-fixes). - ceph: fix use-after-free bug for inodes when flushing capsnaps (bsc#1212540). - cgroup: Use cgroup_attach_{lock,unlock}() from cgroup_attach_task_all() (bsc#1212563). - cgroup: always put cset in cgroup_css_set_put_fork (bsc#1212561). - cgroup: fix missing cpus_read_{lock,unlock}() in cgroup_transfer_tasks() (bsc#1212563). - clk: Fix memory leak in devm_clk_notifier_register() (git-fixes). - clk: cdce925: check return value of kasprintf() (git-fixes). - clk: imx: clk-imx8mn: fix memory leak in imx8mn_clocks_probe (git-fixes). - clk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe() (git-fixes). - clk: imx: scu: use _safe list iterator to avoid a use after free (git-fixes). - clk: keystone: sci-clk: check return value of kasprintf() (git-fixes). - clk: samsung: Add Exynos4212 compatible to CLKOUT driver (git-fixes). - clk: si5341: check return value of {devm_}kasprintf() (git-fixes). - clk: si5341: free unused memory on probe failure (git-fixes). - clk: si5341: return error if one synth clock registration fails (git-fixes). - clk: tegra: tegra124-emc: Fix potential memory leak (git-fixes). - clk: ti: clkctrl: check return value of kasprintf() (git-fixes). - clk: vc5: check memory returned by kasprintf() (git-fixes). - clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe (git-fixes). - crypto: marvell/cesa - Fix type mismatch warning (git-fixes). - crypto: nx - fix build warnings when DEBUG_FS is not enabled (git-fixes). - dmaengine: at_xdmac: Move the free desc to the tail of the desc list (git-fixes). - dmaengine: at_xdmac: fix potential Oops in at_xdmac_prep_interleaved() (git-fixes). - dmaengine: pl330: rename _start to prevent build error (git-fixes). - drivers: meson: secure-pwrc: always enable DMA domain (git-fixes). - drm/amd/display: Add logging for display MALL refresh setting (git-fixes). - drm/amd/display: Add minimal pipe split transition state (git-fixes). - drm/amd/display: Add wrapper to call planes and stream update (git-fixes). - drm/amd/display: Explicitly specify update type per plane info change (git-fixes). - drm/amd/display: Fix artifacting on eDP panels when engaging freesync video mode (git-fixes). - drm/amd/display: Use dc_update_planes_and_stream (git-fixes). - drm/amd/display: drop redundant memset() in get_available_dsc_slices() (git-fixes). - drm/amd/display: edp do not add non-edid timings (git-fixes). - drm/amd/display: fix the system hang while disable PSR (git-fixes). - drm/amd/pm: Fix power context allocation in SMU13 (git-fixes). - drm/amd/pm: reverse mclk and fclk clocks levels for renoir (git-fixes). - drm/amd/pm: reverse mclk and fclk clocks levels for vangogh (git-fixes). - drm/amd/pm: reverse mclk and fclk clocks levels for yellow carp (git-fixes). - drm/amdgpu: Use the default reset when loading or reloading the driver (git-fixes). - drm/amdgpu: fix xclk freq on CHIP_STONEY (git-fixes). - drm/amdgpu: release gpu full access after "amdgpu_device_ip_late_init" (git-fixes). - drm/amdgpu: skip disabling fence driver src_irqs when device is unplugged (git-fixes). - drm/amdkfd: Fix potential deallocation of previously deallocated memory (git-fixes). - drm/ast: Fix ARM compatibility (git-fixes). - drm/bridge: tc358768: always enable HS video mode (git-fixes). - drm/bridge: tc358768: fix PLL parameters computation (git-fixes). - drm/bridge: tc358768: fix PLL target frequency (git-fixes). - drm/bridge: tc358768: fix TCLK_ZEROCNT computation (git-fixes). - drm/bridge: tc358768: fix TXTAGOCNT computation (git-fixes). - drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl (git-fixes). - drm/exynos: vidi: fix a wrong error return (git-fixes). - drm/i915/gt: Use the correct error value when kernel_context() fails (git-fixes). - drm/i915/gvt: remove unused variable gma_bottom in command parser (git-fixes). - drm/i915/selftests: Add some missing error propagation (git-fixes). - drm/i915/selftests: Increase timeout for live_parallel_switch (git-fixes). - drm/i915/selftests: Stop using kthread_stop() (git-fixes). - drm/i915: Explain the magic numbers for AUX SYNC/precharge length (git-fixes). - drm/i915: Use 18 fast wake AUX sync len (git-fixes). - drm/msm/adreno: fix sparse warnings in a6xx code (git-fixes). - drm/msm/dp: Free resources after unregistering them (git-fixes). - drm/msm/dpu: correct MERGE_3D length (git-fixes). - drm/msm/dpu: do not enable color-management if DSPPs are not available (git-fixes). - drm/msm/dsi: do not allow enabling 14nm VCO with unprogrammed rate (git-fixes). - drm/msm: Be more shouty if per-process pgtables are not working (git-fixes). - drm/msm: Set max segment size earlier (git-fixes). - drm/nouveau/dp: check for NULL nv_connector->native_mode (git-fixes). - drm/nouveau: add nv_encoder pointer check for NULL (git-fixes). - drm/nouveau: do not detect DSM for non-NVIDIA device (git-fixes). - drm/panel: sharp-ls043t1le01: adjust mode settings (git-fixes). - drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H (git-fixes). - drm/radeon: fix possible division-by-zero errors (git-fixes). - drm/radeon: fix race condition UAF in radeon_gem_set_domain_ioctl (git-fixes). - drm/rockchip: vop: Leave vblank enabled in self-refresh (git-fixes). - drm/vram-helper: fix function names in vram helper doc (git-fixes). - drm: sun4i_tcon: use devm_clk_get_enabled in `sun4i_tcon_init_clocks` (git-fixes). - drm:amd:amdgpu: Fix missing buffer object unlock in failure path (git-fixes). - dt-bindings: i3c: silvaco,i3c-master: fix missing schema restriction (git-fixes). - eeprom: at24: also select REGMAP (git-fixes). - elf: correct note name comment (git-fixes). - ext4: unconditionally enable the i_version counter (bsc#1211299). - extcon: Fix kernel doc of property capability fields to avoid warnings (git-fixes). - extcon: Fix kernel doc of property fields to avoid warnings (git-fixes). - extcon: usbc-tusb320: Add USB TYPE-C support (git-fixes). - extcon: usbc-tusb320: Call the Type-C IRQ handler only if a port is registered (git-fixes). - extcon: usbc-tusb320: Unregister typec port on driver removal (git-fixes). - extcon: usbc-tusb320: Update state on probe even if no IRQ pending (git-fixes). - fbcon: Fix null-ptr-deref in soft_cursor (git-fixes). - fbdev: Prevent possible use-after-free in fb_release() (bsc#1152472) Backporting changes: * replace refcount_read() with atomic_read() - fbdev: fbcon: Destroy mutex on freeing struct fb_info (bsc#1152489) - fbdev: imsttfb: Fix use after free bug in imsttfb_probe (git-fixes bsc#1211387). - fbdev: modedb: Add 1920x1080 at 60 Hz video mode (git-fixes). - fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe() (git-fixes). - fbdev: stifb: Fix info entry in sti_struct on error path (git-fixes). - firmware: arm_ffa: Set handle field to zero in memory descriptor (git-fixes). - firmware: stratix10-svc: Fix a potential resource leak in svc_create_memory_pool() (git-fixes). - fs/jfs: fix shift exponent db_agl2size negative (git-fixes). - fs: hfsplus: fix UAF issue in hfsplus_put_super (git-fixes). - fs: jfs: fix possible NULL pointer dereference in dbFree() (git-fixes). - fs: jfs: fix shift-out-of-bounds in dbAllocAG (git-fixes). - fs: jfs: fix shift-out-of-bounds in dbDiscardAG (git-fixes). - fs: sysv: Fix sysv_nblocks() returns wrong value (git-fixes). - gfs2: Do not deref jdesc in evict (bsc#1212265 CVE-2023-3212). - hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling (git-fixes). - hfs/hfsplus: use WARN_ON for sanity check (git-fixes). - hfs: Fix OOB Write in hfs_asc2mac (git-fixes). - hfs: fix OOB Read in __hfs_brec_find (git-fixes). - hfs: fix missing hfs_bnode_get() in __hfs_bnode_create (git-fixes). - hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount (git-fixes). - hid: amd_sfh: Add missing check for dma_alloc_coherent (bsc#1212605 CVE-2023-3357). - hid: google: add jewel USB id (git-fixes). - hid: logitech-hidpp: add HIDPP_QUIRK_DELAYED_INIT for the T651 (git-fixes). - hid: wacom: Add error check to wacom_parse_and_register() (git-fixes). - hwmon: (gsc-hwmon) fix fan pwm temperature scaling (git-fixes). - hwrng: imx-rngc - fix the timeout for init and self check (git-fixes). - hwrng: st - keep clock enabled while hwrng is registered (git-fixes). - i2c: imx-lpi2c: fix type char overflow issue when calculating the clock cycle (git-fixes). - i2c: mv64xxx: Fix reading invalid status value in atomic mode (git-fixes). - i2c: qup: Add missing unwind goto in qup_i2c_probe() (git-fixes). - i2c: sprd: Delete i2c adapter in .remove's error path (git-fixes). - iavf: remove mask from iavf_irq_enable_queues() (git-fixes). - ib/hfi1: Fix wrong mmu_node used for user SDMA packet after invalidate (git-fixes) - ib/isert: Fix dead lock in ib_isert (git-fixes) - ib/isert: Fix incorrect release of isert connection (git-fixes) - ib/isert: Fix possible list corruption in CMA handler (git-fixes) - ib/rdmavt: add missing locks in rvt_ruc_loopback (git-fixes) - ib/uverbs: Fix to consider event queue closing also upon non-blocking mode (git-fixes) - ibmvnic: Do not reset dql stats on NON_FATAL err (bsc#1212603 ltc#202604). - ice, xsk: Diversify return values from xsk_wakeup call paths (git-fixes). - ice: Do not double unplug aux on peer initiated reset (git-fixes). - ice: Do not use WQ_MEM_RECLAIM flag for workqueue (git-fixes). - ice: Fix DSCP PFC TLV creation (git-fixes). - ice: Fix XDP memory leak when NIC is brought up and down (git-fixes). - ice: Fix ice_xdp_xmit() when XDP TX queue number is not sufficient (git-fixes). - ice: Fix memory corruption in VF driver (git-fixes). - ice: Ignore EEXIST when setting promisc mode (git-fixes). - ice: Prevent set_channel from changing queues while RDMA active (git-fixes). - ice: Reset FDIR counter in FDIR init stage (git-fixes). - ice: add profile conflict check for AVF FDIR (git-fixes). - ice: block LAN in case of VF to VF offload (git-fixes). - ice: config netdev tc before setting queues number (git-fixes). - ice: copy last block omitted in ice_get_module_eeprom() (git-fixes). - ice: ethtool: Prohibit improper channel config for DCB (git-fixes). - ice: ethtool: advertise 1000M speeds properly (git-fixes). - ice: fix invalid check for empty list in ice_sched_assoc_vsi_to_agg() (git-fixes). - ice: fix wrong fallback logic for FDIR (git-fixes). - ice: handle E822 generic device ID in PLDM header (git-fixes). - ice: switch: fix potential memleak in ice_add_adv_recipe() (git-fixes). - ice: use bitmap_free instead of devm_kfree (git-fixes). - ice: xsk: use Rx ring's XDP ring when picking NAPI context (git-fixes). - ieee802154: hwsim: Fix possible memory leaks (git-fixes). - ifcvf/vDPA: fix misuse virtio-net device config size for blk dev (jsc#SLE-19253). - igb: fix bit_shift to be in [1..8] range (git-fixes). - igb: fix nvm.ops.read() error handling (git-fixes). - igc: Clean the TX buffer and TX descriptor ring (git-fixes). - igc: Fix possible system crash when loading module (git-fixes). - iio: accel: fxls8962af: errata bug only applicable for FXLS8962AF (git-fixes). - iio: accel: fxls8962af: fixup buffer scan element type (git-fixes). - iio: adc: ad7192: Fix internal/external clock selection (git-fixes). - iio: adc: ad7192: Fix null ad7192_state pointer access (git-fixes). - init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init() (bsc#1212448). - init: Invoke arch_cpu_finalize_init() earlier (bsc#1212448). - init: Provide arch_cpu_finalize_init() (bsc#1212448). - init: Remove check_bugs() leftovers (bsc#1212448). - input: adxl34x - do not hardcode interrupt trigger type (git-fixes). - input: drv260x - fix typo in register value define (git-fixes). - input: drv260x - remove unused .reg_defaults (git-fixes). - input: drv260x - sleep between polling GO bit (git-fixes). - input: fix open count when closing inhibited device (git-fixes). - input: psmouse - fix OOB access in Elantech protocol (git-fixes). - input: soc_button_array - add invalid acpi_index DMI quirk handling (git-fixes). - input: xpad - delete a Razer DeathAdder mouse VID/PID entry (git-fixes). - integrity: Fix possible multiple allocation in integrity_inode_get() (git-fixes). - io_uring: hold uring mutex around poll removal (bsc#1212838 CVE-2023-3389). - ipvlan:Fix out-of-bounds caused by unclear skb->cb (bsc#1212842 CVE-2023-3090). - irqchip/clps711x: Remove unused clps711x_intc_init() function (git-fixes). - irqchip/ftintc010: Mark all function static (git-fixes). - irqchip/jcore-aic: Fix missing allocation of IRQ descriptors (git-fixes). - jfs: Fix fortify moan in symlink (git-fixes). - kernel-binary: Add back kernel-default-base guarded by option Add configsh option for splitting off kernel-default-base, and for not signing the kernel on non-efi - kernel-docs: Add buildrequires on python3-base when using python3 The python3 binary is provided by python3-base. - kernel-docs: Use python3 together with python3-Sphinx (bsc#1212741). - kprobe: reverse kp->flags when arm_kprobe failed (git-fixes). - kprobes: Fix check for probe enabled in kill_kprobe() (git-fixes). - kprobes: Fix to handle forcibly unoptimized kprobes on freeing_list (git-fixes). - kprobes: Forbid probing on trampoline and BPF code areas (git-fixes). - kprobes: Prohibit probes in gate area (git-fixes). - kprobes: Skip clearing aggrprobe's post_handler in kprobe-on-ftrace case (git-fixes). - kprobes: do not call disarm_kprobe() for disabled kprobes (git-fixes). - kvm: arm64: Do not hypercall before EL2 init (git-fixes) - kvm: arm64: Propagate errors from __pkvm_prot_finalize hypercall (git-fixes) - kvm: arm64: Save PSTATE early on exit (git-fixes) - kvm: arm64: vgic: Read HW interrupt pending state from the HW (git-fixes) - lpfc: Account for fabric domain ctlr device loss recovery (bsc#1211346, bsc#1211852). - lpfc: Change firmware upgrade logging to KERN_NOTICE instead of TRACE_EVENT (bsc#1211852). - lpfc: Clean up SLI-4 CQE status handling (bsc#1211852). - lpfc: Clear NLP_IN_DEV_LOSS flag if already in rediscovery (bsc#1211852). - lpfc: Copyright updates for 14.2.0.13 patches (bsc#1211852). - lpfc: Enhance congestion statistics collection (bsc#1211852). - lpfc: Fix use-after-free rport memory access in lpfc_register_remote_port (bsc#1211852, bsc#1208410, bsc#1211346). - lpfc: Revise NPIV ELS unsol rcv cmpl logic to drop ndlp based on nlp_state (bsc#1211852). - lpfc: Update lpfc version to 14.2.0.13 (bsc#1211852). - mailbox: mailbox-test: Fix potential double-free in mbox_test_message_write() (git-fixes). - mailbox: mailbox-test: fix a locking issue in mbox_test_message_write() (git-fixes). - mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0 (git-fixes). - media: cec: core: do not set last_initiator if tx in progress (git-fixes). - media: dvb-usb-v2: ce6230: fix null-ptr-deref in ce6230_i2c_master_xfer() (git-fixes). - media: dvb-usb-v2: ec168: fix null-ptr-deref in ec168_i2c_xfer() (git-fixes). - media: dvb-usb-v2: rtl28xxu: fix null-ptr-deref in rtl28xxu_i2c_xfer (git-fixes). - media: dvb-usb: az6027: fix three null-ptr-deref in az6027_i2c_xfer() (git-fixes). - media: dvb-usb: digitv: fix null-ptr-deref in digitv_i2c_xfer() (git-fixes). - media: dvb-usb: dw2102: fix uninit-value in su3000_read_mac_address (git-fixes). - media: dvb_ca_en50221: fix a size write bug (git-fixes). - media: dvb_demux: fix a bug for the continuity counter (git-fixes). - media: mn88443x: fix !CONFIG_OF error by drop of_match_ptr from ID table (git-fixes). - media: netup_unidvb: fix irq init by register it at the end of probe (git-fixes). - memory: brcmstb_dpfe: fix testing array offset after use (git-fixes). - meson saradc: fix clock divider mask length (git-fixes). - mfd: intel-lpss: Add missing check for platform_get_resource (git-fixes). - mfd: pm8008: Fix module autoloading (git-fixes). - mfd: rt5033: Drop rt5033-battery sub-device (git-fixes). - mfd: stmfx: Fix error path in stmfx_chip_init (git-fixes). - mfd: stmfx: Nullify stmfx->vdd in case of error (git-fixes). - mfd: stmpe: Only disable the regulators if they are enabled (git-fixes). - misc: fastrpc: Create fastrpc scalar with correct buffer count (git-fixes). - misc: pci_endpoint_test: Free IRQs before removing the device (git-fixes). - misc: pci_endpoint_test: Re-init completion for every test (git-fixes). - mlx5: do not use RT_TOS for IPv6 flowlabel (jsc#SLE-19253). - mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next() (git-fixes). - mm/vmalloc: do not output a spurious warning when huge vmalloc() fails (bsc#1211410). - mm: Move mm_cachep initialization to mm_init() (bsc#1212448). - mm: vmalloc: avoid warn_alloc noise caused by fatal signal (bsc#1211410). - mmc: bcm2835: fix deferred probing (git-fixes). - mmc: meson-gx: remove redundant mmc_request_done() call from irq context (git-fixes). - mmc: mmci: Set PROBE_PREFER_ASYNCHRONOUS (git-fixes). - mmc: mmci: stm32: fix max busy timeout calculation (git-fixes). - mmc: mtk-sd: fix deferred probing (git-fixes). - mmc: mvsdio: fix deferred probing (git-fixes). - mmc: omap: fix deferred probing (git-fixes). - mmc: omap_hsmmc: fix deferred probing (git-fixes). - mmc: owl: fix deferred probing (git-fixes). - mmc: sdhci-acpi: fix deferred probing (git-fixes). - mmc: sdhci-msm: Disable broken 64-bit DMA on MSM8916 (git-fixes). - mmc: sdhci-spear: fix deferred probing (git-fixes). - mmc: sh_mmcif: fix deferred probing (git-fixes). - mmc: sunxi: fix deferred probing (git-fixes). - mmc: usdhi60rol0: fix deferred probing (git-fixes). - mtd: rawnand: meson: fix unaligned DMA buffers handling (git-fixes). - net/mlx5: Add forgotten cleanup calls into mlx5_init_once() error path (jsc#SLE-19253). - net/mlx5: Allow async trigger completion execution on single CPU systems (jsc#SLE-19253). - net/mlx5: Allow future addition of IPsec object modifiers (jsc#SLE-19253). - net/mlx5: Avoid false positive lockdep warning by adding lock_class_key (jsc#SLE-19253). - net/mlx5: Avoid recovery in probe flows (jsc#SLE-19253). - net/mlx5: Bridge, fix ageing of peer FDB entries (jsc#SLE-19253). - net/mlx5: Bridge, verify LAG state when adding bond to bridge (jsc#SLE-19253). - net/mlx5: DR, Check force-loopback RC QP capability independently from RoCE (jsc#SLE-19253). - net/mlx5: DR, Fix crc32 calculation to work on big-endian (BE) CPUs (jsc#SLE-19253). - net/mlx5: DR, Fix missing flow_source when creating multi-destination FW table (jsc#SLE-19253). - net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device (jsc#SLE-19253). - net/mlx5: Do not advertise IPsec netdev support for non-IPsec device (jsc#SLE-19253). - net/mlx5: Do not use already freed action pointer (jsc#SLE-19253). - net/mlx5: E-Switch, Fix an Oops in error handling code (jsc#SLE-19253). - net/mlx5: E-Switch, properly handle ingress tagged packets on VST (jsc#SLE-19253). - net/mlx5: E-switch, Create per vport table based on devlink encap mode (jsc#SLE-19253). - net/mlx5: E-switch, Do not destroy indirect table in split rule (jsc#SLE-19253). - net/mlx5: E-switch, Fix missing set of split_count when forward to ovs internal port (jsc#SLE-19253). - net/mlx5: E-switch, Fix setting of reserved fields on MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253). - net/mlx5: Enhance debug print in page allocation failure (jsc#SLE-19253). - net/mlx5: Fix FW tracer timestamp calculation (jsc#SLE-19253). - net/mlx5: Fix RoCE setting at HCA level (jsc#SLE-19253). - net/mlx5: Fix crash during sync firmware reset (jsc#SLE-19253). - net/mlx5: Fix error message when failing to allocate device memory (jsc#SLE-19253). - net/mlx5: Fix handling of entry refcount when command is not issued to FW (jsc#SLE-19253). - net/mlx5: Fix possible use-after-free in async command interface (jsc#SLE-19253). - net/mlx5: Fix ptp max frequency adjustment range (jsc#SLE-19253). - net/mlx5: Fix steering rules cleanup (jsc#SLE-19253). - net/mlx5: Fix uninitialized variable bug in outlen_write() (jsc#SLE-19253). - net/mlx5: Geneve, Fix handling of Geneve object id as error code (jsc#SLE-19253). - net/mlx5: Initialize flow steering during driver probe (jsc#SLE-19253). - net/mlx5: Read embedded cpu after init bit cleared (jsc#SLE-19253). - net/mlx5: Read the TC mapping of all priorities on ETS query (jsc#SLE-19253). - net/mlx5: Rearm the FW tracer after each tracer event (jsc#SLE-19253). - net/mlx5: SF, Drain health before removing device (jsc#SLE-19253). - net/mlx5: SF: Fix probing active SFs during driver probe phase (jsc#SLE-19253). - net/mlx5: Serialize module cleanup with reload and remove (jsc#SLE-19253). - net/mlx5: Wait for firmware to enable CRS before pci_restore_state (jsc#SLE-19253). - net/mlx5: add IFC bits for bypassing port select flow table (git-fixes) - net/mlx5: check attr pointer validity before dereferencing it (jsc#SLE-19253). - net/mlx5: correct ECE offset in query qp output (jsc#SLE-19253). - net/mlx5: fix missing mutex_unlock in mlx5_fw_fatal_reporter_err_work() (jsc#SLE-19253). - net/mlx5: fs, fail conflicting actions (jsc#SLE-19253). - net/mlx5: fw_tracer, Clear load bit when freeing string DBs buffers (jsc#SLE-19253). - net/mlx5: fw_tracer, Fix event handling (jsc#SLE-19253). - net/mlx5: fw_tracer, Zero consumer index when reloading the tracer (jsc#SLE-19253). - net/mlx5e: Always clear dest encap in neigh-update-del (jsc#SLE-19253). - net/mlx5e: Avoid false lock dependency warning on tc_ht even more (jsc#SLE-19253). - net/mlx5e: Block entering switchdev mode with ns inconsistency (jsc#SLE-19253). - net/mlx5e: Do not attach netdev profile while handling internal error (jsc#SLE-19253). - net/mlx5e: Do not increment ESN when updating IPsec ESN state (jsc#SLE-19253). - net/mlx5e: Do not support encap rules with gbp option (jsc#SLE-19253). - net/mlx5e: E-Switch, Fix comparing termination table instance (jsc#SLE-19253). - net/mlx5e: Extend SKB room check to include PTP-SQ (jsc#SLE-19253). - net/mlx5e: Fix MPLSoUDP encap to use MPLS action information (jsc#SLE-19253). - net/mlx5e: Fix SQ wake logic in ptp napi_poll context (jsc#SLE-19253). - net/mlx5e: Fix capability check for updating vnic env counters (jsc#SLE-19253). - net/mlx5e: Fix error handling in mlx5e_refresh_tirs (jsc#SLE-19253). - net/mlx5e: Fix hw mtu initializing at XDP SQ allocation (jsc#SLE-19253). - net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS (jsc#SLE-19253). - net/mlx5e: Fix use-after-free when reverting termination table (jsc#SLE-19253). - net/mlx5e: Fix wrong application of the LRO state (jsc#SLE-19253). - net/mlx5e: Fix wrong tc flag used when set hw-tc-offload off (jsc#SLE-19253). - net/mlx5e: IPoIB, Do not allow CQE compression to be turned on by default (jsc#SLE-19253). - net/mlx5e: IPoIB, Show unknown speed instead of error (jsc#SLE-19253). - net/mlx5e: Modify slow path rules to go to slow fdb (jsc#SLE-19253). - net/mlx5e: QoS, Fix wrongfully setting parent_element_id on MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253). - net/mlx5e: Set uplink rep as NETNS_LOCAL (jsc#SLE-19253). - net/mlx5e: TC, Fix ct_clear overwriting ct action metadata (jsc#SLE-19253). - net/mlx5e: Update rx ring hw mtu upon each rx-fcs flag change (jsc#SLE-19253). - net/mlx5e: Verify flow_source cap before using it (jsc#SLE-19253). - net/mlx5e: do as little as possible in napi poll when budget is 0 (jsc#SLE-19253). - net/mlx5e: kTLS, Fix build time constant test in RX (jsc#SLE-19253). - net/mlx5e: kTLS, Fix build time constant test in TX (jsc#SLE-19253). - net/net_failover: fix txq exceeding warning (git-fixes). - net/sched: fix initialization order when updating chain 0 head (git-fixes). - net/sched: flower: fix possible OOB write in fl_set_geneve_opt() (git-fixes). - net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit platforms (git-fixes). - net/sched: tcindex: Do not use perfect hashing (bsc#1210335 CVE-2023-1829). - net: ena: Account for the number of processed bytes in XDP (git-fixes). - net: ena: Do not register memory info on XDP exchange (git-fixes). - net: ena: Fix rx_copybreak value update (git-fixes). - net: ena: Fix toeplitz initial hash value (git-fixes). - net: ena: Set default value for RX interrupt moderation (git-fixes). - net: ena: Update NUMA TPH hint register upon NUMA node update (git-fixes). - net: ena: Use bitmask to indicate packet redirection (git-fixes). - net: hns3: add interrupts re-initialization while doing VF FLR (git-fixes). - net: hns3: fix output information incomplete for dumping tx queue info with debugfs (git-fixes). - net: hns3: fix reset delay time to avoid configuration timeout (git-fixes). - net: hns3: fix sending pfc frames after reset issue (git-fixes). - net: hns3: fix tm port shapping of fibre port is incorrect after driver initialization (git-fixes). - net: mlx5: eliminate anonymous module_init & module_exit (jsc#SLE-19253). - net: sched: fix possible refcount leak in tc_chain_tmplt_add() (git-fixes). - net: usb: qmi_wwan: add support for Compal RXM-G1 (git-fixes). - nfcsim.c: Fix error checking for debugfs_create_dir (git-fixes). - nfp: only report pause frame configuration for physical device (git-fixes). - nilfs2: fix buffer corruption due to concurrent device reads (git-fixes). - nilfs2: fix incomplete buffer cleanup in nilfs_btnode_abort_change_key() (git-fixes). - nilfs2: fix possible out-of-bounds segment allocation in resize ioctl (git-fixes). - nouveau: fix client work fence deletion race (git-fixes). - nvme-core: fix dev_pm_qos memleak (git-fixes). - nvme-core: fix memory leak in dhchap_ctrl_secret (git-fixes). - nvme-core: fix memory leak in dhchap_secret_store (git-fixes). - nvme-pci: add quirk for missing secondary temperature thresholds (git-fixes). - nvme: double KA polling frequency to avoid KATO with TBKAS on (git-fixes). - ocfs2: fix defrag path triggering jbd2 ASSERT (git-fixes). - ocfs2: fix freeing uninitialized resource on ocfs2_dlm_shutdown (git-fixes). - ocfs2: fix non-auto defrag path not working issue (git-fixes). - octeontx2-pf: Avoid use of GFP_KERNEL in atomic context (git-fixes). - octeontx2-pf: Fix resource leakage in VF driver unbind (git-fixes). - octeontx2-pf: Fix the use of GFP_KERNEL in atomic context on rt (git-fixes). - octeontx2-pf: Recalculate UDP checksum for ptp 1-step sync packet (git-fixes). - pci/aspm: Disable ASPM on MFD function removal to avoid use-after-free (git-fixes). - pci: Add pci_clear_master() stub for non-CONFIG_PCI (git-fixes). - pci: Release resource invalidated by coalescing (git-fixes). - pci: cadence: Fix Gen2 Link Retraining process (git-fixes). - pci: endpoint: Add missing documentation about the MSI/MSI-X range (git-fixes). - pci: ftpci100: Release the clock resources (git-fixes). - pci: pciehp: Cancel bringup sequence if card is not present (git-fixes). - pci: qcom: Disable write access to read only registers for IP v2.3.3 (git-fixes). - pci: rockchip: Add poll and timeout to wait for PHY PLLs to be locked (git-fixes). - pci: rockchip: Assert PCI Configuration Enable bit after probe (git-fixes). - pci: rockchip: Fix legacy IRQ generation for RK3399 PCIe endpoint core (git-fixes). - pci: rockchip: Set address alignment for endpoint mode (git-fixes). - pci: rockchip: Use u32 variable to access 32-bit registers (git-fixes). - pci: rockchip: Write PCI Device ID to correct register (git-fixes). - pci: vmd: Reset VMD config register between soft reboots (git-fixes). - pinctrl: at91-pio4: check return value of devm_kasprintf() (git-fixes). - pinctrl: cherryview: Return correct value if pin in push-pull mode (git-fixes). - pinctrl: meson-axg: add missing GPIOA_18 gpio group (git-fixes). - pinctrl: microchip-sgpio: check return value of devm_kasprintf() (git-fixes). - platform/surface: aggregator: Allow completion work-items to be executed in parallel (git-fixes). - platform/x86: asus-wmi: Ignore WMI events with codes 0x7B, 0xC0 (git-fixes). - platform/x86: intel_scu_pcidrv: Add back PCI ID for Medfield (git-fixes). - platform/x86: think-lmi: Correct NVME password handling (git-fixes). - platform/x86: think-lmi: Correct System password interface (git-fixes). - platform/x86: think-lmi: mutex protection around multiple WMI calls (git-fixes). - platform/x86: thinkpad_acpi: Fix lkp-tests warnings for platform profiles (git-fixes). - pm: domains: fix integer overflow issues in genpd_parse_state() (git-fixes). - power: supply: Fix logic checking if system is running from battery (git-fixes). - power: supply: Ratelimit no data debug output (git-fixes). - power: supply: ab8500: Fix external_power_changed race (git-fixes). - power: supply: bq27xxx: Use mod_delayed_work() instead of cancel() + schedule() (git-fixes). - power: supply: sc27xx: Fix external_power_changed race (git-fixes). - powerpc/64s/radix: Fix exit lazy tlb mm switch with irqs enabled (bsc#1194869). - powerpc/64s/radix: Fix soft dirty tracking (bsc#1065729). - powerpc/64s: Make POWER10 and later use pause_short in cpu_relax loops (bsc#1209367 ltc#195662). - powerpc/iommu: Limit number of TCEs to 512 for H_STUFF_TCE hcall (bsc#1194869 bsc#1212701). - powerpc/purgatory: remove PGO flags (bsc#1194869). - powerpc/set_memory: Avoid spinlock recursion in change_page_attr() (bsc#1194869). - powerpc: Redefine HMT_xxx macros as empty on PPC32 (bsc#1209367 ltc#195662). - powerpc: add ISA v3.0 / v3.1 wait opcode macro (bsc#1209367 ltc#195662). - pstore/ram: Add check for kstrdup (git-fixes). - qed/qede: Fix scheduling while atomic (git-fixes). - radeon: avoid double free in ci_dpm_init() (git-fixes). - rcu: Fix missing TICK_DEP_MASK_RCU_EXP dependency check (git-fixes). - rdma/bnxt_re: Avoid calling wake_up threads from spin_lock context (git-fixes) - rdma/bnxt_re: Disable/kill tasklet only if it is enabled (git-fixes) - rdma/bnxt_re: Fix to remove an unnecessary log (git-fixes) - rdma/bnxt_re: Fix to remove unnecessary return labels (git-fixes) - rdma/bnxt_re: Remove a redundant check inside bnxt_re_update_gid (git-fixes) - rdma/bnxt_re: Remove unnecessary checks (git-fixes) - rdma/bnxt_re: Return directly without goto jumps (git-fixes) - rdma/bnxt_re: Use unique names while registering interrupts (git-fixes) - rdma/bnxt_re: wraparound mbox producer index (git-fixes) - rdma/cma: Always set static rate to 0 for RoCE (git-fixes) - rdma/hns: Fix hns_roce_table_get return value (git-fixes) - rdma/irdma: avoid fortify-string warning in irdma_clr_wqes (git-fixes) - rdma/mlx5: Do not set tx affinity when lag is in hash mode (git-fixes) - rdma/mlx5: Fix affinity assignment (git-fixes) - rdma/mlx5: Initiate dropless RQ for RAW Ethernet functions (git-fixes) - rdma/mlx5: Rely on RoCE fw cap instead of devlink when setting profile (jsc#SLE-19253). - rdma/rtrs-clt: Replace list_next_or_null_rr_rcu with an inline function (git-fixes) - rdma/rtrs-srv: Pass the correct number of entries for dma mapped SGL (git-fixes) - rdma/rtrs: Fix rxe_dealloc_pd warning (git-fixes) - rdma/rtrs: Fix the last iu->buf leak in err path (git-fixes) - rdma/rxe: Fix packet length checks (git-fixes) - rdma/rxe: Fix ref count error in check_rkey() (git-fixes) - rdma/rxe: Fix rxe_cq_post (git-fixes) - rdma/rxe: Fix the error "trying to register non-static key in rxe_cleanup_task" (git-fixes) - rdma/rxe: Fix the use-before-initialization error of resp_pkts (git-fixes) - rdma/rxe: Remove dangling declaration of rxe_cq_disable() (git-fixes) - rdma/rxe: Remove the unused variable obj (git-fixes) - rdma/rxe: Removed unused name from rxe_task struct (git-fixes) - rdma/uverbs: Restrict usage of privileged QKEYs (git-fixes) - rdma/vmw_pvrdma: Remove unnecessary check on wr->opcode (git-fixes) - regmap: Account for register length when chunking (git-fixes). - regmap: spi-avmm: Fix regmap_bus max_raw_write (git-fixes). - regulator: Fix error checking for debugfs_create_dir (git-fixes). - regulator: core: Fix more error checking for debugfs_create_dir() (git-fixes). - regulator: core: Streamline debugfs operations (git-fixes). - regulator: helper: Document ramp_delay parameter of regulator_set_ramp_delay_regmap() (git-fixes). - regulator: pca9450: Fix LDO3OUT and LDO4OUT MASK (git-fixes). - reiserfs: Add missing calls to reiserfs_security_free() (git-fixes). - reiserfs: Add security prefix to xattr name in reiserfs_security_write() (git-fixes). - revert "squashfs: harden sanity check in squashfs_read_xattr_id_table" (git-fixes). - rpm/check-for-config-changes: ignore also PAHOLE_HAS_* We now also have options like CONFIG_PAHOLE_HAS_LANG_EXCLUDE. - rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm - rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435) - rtc: st-lpc: Release some resources in st_rtc_probe() in case of error (git-fixes). - s390/dasd: Use correct lock while counting channel queue length (git-fixes bsc#1212592). - s390/gmap: voluntarily schedule during key setting (git-fixes bsc#1212892). - s390/pkey: zeroize key blobs (git-fixes bsc#1212619). - sched/rt: pick_next_rt_entity(): check list_entry (bsc#1208600 CVE-2023-1077) - scsi: core: Decrease scsi_device's iorequest_cnt if dispatch failed (git-fixes). - scsi: stex: Fix gcc 13 warnings (git-fixes). - selftests/ptp: Fix timestamp printf format for PTP_SYS_OFFSET (git-fixes). - serial: 8250: lock port for UART_IER access in omap8250_irq() (git-fixes). - serial: 8250: lock port for stop_rx() in omap8250_irq() (git-fixes). - serial: 8250: omap: Fix freeing of resources on failed register (git-fixes). - serial: 8250_omap: Use force_suspend and resume for system suspend (git-fixes). - serial: atmel: do not enable IRQs prematurely (git-fixes). - serial: lantiq: add missing interrupt ack (git-fixes). - sfc: disable RXFCS and RXALL features by default (git-fixes). - signal/s390: Use force_sigsegv in default_trap_handler (git-fixes bsc#1212861). - soc/fsl/qe: fix usb.c build errors (git-fixes). - soc: samsung: exynos-pmu: Re-introduce Exynos4212 support (git-fixes). - soundwire: dmi-quirks: add new mapping for HP Spectre x360 (git-fixes). - spi: dw: Round of n_bytes to power of 2 (git-fixes). - spi: fsl-dspi: avoid SCK glitches with continuous transfers (git-fixes). - spi: lpspi: disable lpspi module irq in DMA mode (git-fixes). - spi: qup: Request DMA before enabling clocks (git-fixes). - spi: spi-geni-qcom: Correct CS_TOGGLE bit in SPI_TRANS_CFG (git-fixes). - spi: tegra210-quad: Fix combined sequence (bsc#1212584) - spi: tegra210-quad: Fix iterator outside loop (git-fixes). - spi: tegra210-quad: Multi-cs support (bsc#1212584) - squashfs: harden sanity check in squashfs_read_xattr_id_table (git-fixes). - staging: octeon: delete my name from TODO contact (git-fixes). - sunrpc: Clean up svc_deferred_class trace events (git-fixes). - supported.conf: Move bt878 and bttv modules to kernel-*-extra (jsc#PED-3931) - test_firmware: Use kstrtobool() instead of strtobool() (git-fixes). - test_firmware: fix the memory leak of the allocated firmware buffer (git-fixes). - test_firmware: prevent race conditions by a correct implementation of locking (git-fixes). - test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation (git-fixes). - thermal/drivers/sun8i: Fix some error handling paths in sun8i_ths_probe() (git-fixes). - thunderbolt: dma_test: Use correct value for absent rings when creating paths (git-fixes). - tls: Skip tls_append_frag on zero copy size (git-fixes). - tools: bpftool: Remove invalid \' json escape (git-fixes). - tpm, tpm_tis: Request threaded interrupt handler (git-fixes). - tracing/histograms: Allow variables to have some modifiers (git-fixes). - tracing/probe: trace_probe_primary_from_call(): checked list_first_entry (git-fixes). - tracing/timer: Add missing hrtimer modes to decode_hrtimer_mode() (git-fixes). - tracing: Have event format check not flag %p* on __get_dynamic_array() (git-fixes, bsc#1212350). - tracing: Introduce helpers to safely handle dynamic-sized sockaddrs (git-fixes). - tracing: Update print fmt check to handle new __get_sockaddr() macro (git-fixes, bsc#1212350). - tty: serial: imx: fix rs485 rx after tx (git-fixes). - tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error (git-fixes). - tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk (git-fixes). - usb: cdns3: fix NCM gadget RX speed 20x slow than expection at iMX8QM (git-fixes). - usb: dwc3-meson-g12a: Fix an error handling path in dwc3_meson_g12a_probe() (git-fixes). - usb: dwc3: fix use-after-free on core driver unbind (git-fixes). - usb: dwc3: gadget: Propagate core init errors to UDC during pullup (git-fixes). - usb: dwc3: gadget: Reset num TRBs before giving back the request (git-fixes). - usb: dwc3: qcom: Fix an error handling path in dwc3_qcom_probe() (git-fixes). - usb: dwc3: qcom: Fix potential memory leak (git-fixes). - usb: dwc3: qcom: Release the correct resources in dwc3_qcom_remove() (git-fixes). - usb: dwc3: qcom: fix NULL-deref on suspend (git-fixes). - usb: gadget: u_serial: Add null pointer check in gserial_suspend (git-fixes). - usb: gadget: udc: fix NULL dereference in remove() (git-fixes). - usb: hide unused usbfs_notify_suspend/resume functions (git-fixes). - usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe() (git-fixes). - usb: serial: option: add Quectel EM061KGL series (git-fixes). - usb: typec: ucsi: Fix command cancellation (git-fixes). - usb: xhci: Remove unused udev from xhci_log_ctx trace event (git-fixes). - usrmerge: Adjust module path in the kernel sources (bsc#1212835). - usrmerge: Compatibility with earlier rpm (boo#1211796) - vdpa/mlx5: Directly assign memory key (jsc#SLE-19253). - vdpa/mlx5: Do not clear mr struct on destroy MR (jsc#SLE-19253). - vdpa/mlx5: Fix wrong configuration of virtio_version_1_0 (jsc#SLE-19253). - vdpa: Fix error logic in vdpa_nl_cmd_dev_get_doit (jsc#SLE-19253). - vhost_vdpa: support PACKED when setting-getting vring_base (jsc#SLE-19253). - w1: fix loop in w1_fini() (git-fixes). - w1: w1_therm: fix locking behavior in convert_t (git-fixes). - watchdog: menz069_wdt: fix watchdog initialisation (git-fixes). - wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key() (git-fixes). - wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx (git-fixes). - wifi: ath9k: convert msecs to jiffies where needed (git-fixes). - wifi: ath9k: do not allow to overwrite ENDPOINT0 attributes (git-fixes). - wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation (git-fixes). - wifi: atmel: Fix an error handling path in atmel_probe() (git-fixes). - wifi: b43: fix incorrect __packed annotation (git-fixes). - wifi: cfg80211: fix locking in regulatory disconnect (git-fixes). - wifi: cfg80211: fix locking in sched scan stop work (git-fixes). - wifi: cfg80211: rewrite merging of inherited elements (git-fixes). - wifi: iwlwifi: mvm: indicate HW decrypt for beacon protection (git-fixes). - wifi: iwlwifi: pcie: fix NULL pointer dereference in iwl_pcie_irq_rx_msix_handler() (git-fixes). - wifi: iwlwifi: pull from TXQs with softirqs disabled (git-fixes). - wifi: mac80211: simplify chanctx allocation (git-fixes). - wifi: mt76: mt7615: fix possible race in mt7615_mac_sta_poll (git-fixes). - wifi: mwifiex: Fix the size of a memory allocation in mwifiex_ret_802_11_scan() (git-fixes). - wifi: orinoco: Fix an error handling path in orinoco_cs_probe() (git-fixes). - wifi: orinoco: Fix an error handling path in spectrum_cs_probe() (git-fixes). - wifi: rsi: Do not configure WoWlan in shutdown hook if not enabled (git-fixes). - wifi: rsi: Do not set MMC_PM_KEEP_POWER in shutdown (git-fixes). - wifi: rtl8xxxu: fix authentication timeout due to incorrect RCR value (git-fixes). - wifi: wilc1000: fix for absent RSN capabilities WFA testcase (git-fixes). - writeback: fix dereferencing NULL mapping->host on writeback_page_template (git-fixes). - x86/build: Avoid relocation information in final vmlinux (bsc#1187829). - x86/cpu: Switch to arch_cpu_finalize_init() (bsc#1212448). - x86/fpu: Mark init functions __init (bsc#1212448). - x86/fpu: Move FPU initialization into arch_cpu_finalize_init() (bsc#1212448). - x86/fpu: Remove cpuinfo argument from init functions (bsc#1212448). - x86/init: Initialize signal frame size late (bsc#1212448). - x86/kprobes: Fix __recover_optprobed_insn check optimizing logic (git-fixes). - x86/kprobes: Fix arch_check_optimized_kprobe check within optimized_kprobe range (git-fixes). - x86/microcode/amd: Remove load_microcode_amd()'s bsp parameter (git-fixes). - x86/microcode: Print previous version of microcode after reload (git-fixes). - x86/mm: Fix RESERVE_BRK() for older binutils (git-fixes). - x86/mm: Fix use of uninitialized buffer in sme_enable() (git-fixes). - x86/mm: Initialize text poking earlier (bsc#1212448). - x86/mm: Use mm_alloc() in poking_init() (bsc#1212448). - x86/mm: fix poking_init() for Xen PV guests (git-fixes). - x86/sgx: Fix race between reclaimer and page fault handler (git-fixes). - x86/sgx: Mark PCMD page as dirty when modifying contents (git-fixes). - x86/xen: fix secondary processor fpu initialization (bsc#1212869). - xfs: fix rm_offset flag handling in rmap keys (git-fixes). - xfs: set bnobt/cntbt numrecs correctly when formatting new AGs (git-fixes). kernel-default-5.14.21-150400.24.69.1.nosrc.rpm True kernel-default-5.14.21-150400.24.69.1.x86_64.rpm True kernel-default-base-5.14.21-150400.24.69.1.150400.24.31.1.src.rpm True kernel-default-base-5.14.21-150400.24.69.1.150400.24.31.1.x86_64.rpm True kernel-default-devel-5.14.21-150400.24.69.1.x86_64.rpm True kernel-devel-5.14.21-150400.24.69.1.noarch.rpm True kernel-macros-5.14.21-150400.24.69.1.noarch.rpm True kernel-source-5.14.21-150400.24.69.1.src.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2023-2882 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). perl-5.26.1-150300.17.14.1.src.rpm perl-5.26.1-150300.17.14.1.x86_64.rpm perl-base-5.26.1-150300.17.14.1.x86_64.rpm perl-core-DB_File-5.26.1-150300.17.14.1.x86_64.rpm perl-base-32bit-5.26.1-150300.17.14.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3169 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for multipath-tools fixes the following issues: - libmultipath: Fix `dev_loss_tmo` even if not set in configuration (bsc#1212440) kpartx-0.9.0+119+suse.308c007-150400.4.16.1.x86_64.rpm libdmmp-devel-0.9.0+119+suse.308c007-150400.4.16.1.x86_64.rpm libdmmp0_2_0-0.9.0+119+suse.308c007-150400.4.16.1.x86_64.rpm libmpath0-0.9.0+119+suse.308c007-150400.4.16.1.x86_64.rpm multipath-tools-0.9.0+119+suse.308c007-150400.4.16.1.src.rpm multipath-tools-0.9.0+119+suse.308c007-150400.4.16.1.x86_64.rpm multipath-tools-devel-0.9.0+119+suse.308c007-150400.4.16.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3170 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for perl-Bootloader fixes the following issues: - Use signed grub EFI binary when updating grub in default EFI location (bsc#1210799) - UEFI: update also default location, if it is controlled by SUSE (bsc#1210799, bsc#1201399) - Use `fw_platform_size` to distinguish between 32 bit and 64 bit UEFI platforms (bsc#1208003) - Add basic support for systemd-boot perl-Bootloader-0.944-150400.3.6.1.src.rpm perl-Bootloader-0.944-150400.3.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2814 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for mozilla-nss fixes the following issues: mozilla-nss was updated to NSS 3.90: * Add a constant time select function * Updating an old dbm with lots of certs with keys to sql results in a database that is slow to access. * output early build errors by default * Update the technical constraints for KamuSM * Add BJCA Global Root CA1 and CA2 root certificates * Enable default UBSan Checks * Add explicit handling of zero length records * Tidy up DTLS ACK Error Handling Path * Refactor zero length record tests * Fix compiler warning via correct assert * run linux tests on nss-t/t-linux-xlarge-gcp * In FIPS mode, nss should reject RSASSA-PSS salt lengths larger than the output size of the hash function used, or provide an indicator * Fix reading raw negative numbers * Repairing unreachable code in clang built with gyp * Integrate Vale Curve25519 * Removing unused flags for Hacl* * Adding a better error message * Update HACL* till 51a72a953a4ee6f91e63b2816ae5c4e62edf35d6 * Fall back to the softokn when writing certificate trust * FIPS-104-3 requires we restart post programmatically * cmd/ecperf: fix dangling pointer warning on gcc 13 * Update ACVP dockerfile for compatibility with debian package changes * Add a CI task for tracking ECCKiila code status, update whitespace in ECCKiila files * Removed deprecated sprintf function and replaced with snprintf * fix rst warnings in nss doc * Fix incorrect pygment style * Change GYP directive to apply across platforms * Add libsmime3 abi-check exception for NSS_CMSSignerInfo_GetDigestAlgTag - Merge the libfreebl3-hmac and libsoftokn3-hmac packages into the respective libraries. (bsc#1185116) update to NSS 3.89.1 * Update the technical constraints for KamuSM. * Add BJCA Global Root CA1 and CA2 root certificates. update to NSS 3.89 * revert freebl/softoken RSA_MIN_MODULUS_BITS increase * PR_STATIC_ASSERT is cursed * Need to add policy control to keys lengths for signatures * Fix unreachable code warning in fuzz builds * Fix various compiler warnings in NSS * Enable various compiler warnings for clang builds * set PORT error after sftk_HMACCmp failure * Need to add policy control to keys lengths for signatures * remove data length assertion in sec_PKCS7Decrypt * Make high tag number assertion failure an error * CKM_SHA384_KEY_DERIVATION correction maximum key length from 284 to 384 * Tolerate certificate_authorities xtn in ClientHello * Fix build failure on Windows * migrate Win 2012 tasks to Azure * fix title length in doc * Add interop tests for HRR and PSK to GREASE suite * Add presence/absence tests for TLS GREASE * Correct addition of GREASE value to ALPN xtn * CH extension permutation * TLS GREASE (RFC8701) * improve handling of unknown PKCS#12 safe bag types * use a different treeherder symbol for each docker image build task * remove nested table in rst doc * Export NSS_CMSSignerInfo_GetDigestAlgTag * build failure while implicitly casting SECStatus to PRUInt32 update to NSS 3.88.1 * improve handling of unknown PKCS#12 safe bag types update to NSS 3.88 * remove nested table in rst doc * Export NSS_CMSSignerInfo_GetDigestAlgTag. * build failure while implicitly casting SECStatus to PRUInt32 * Add check for ClientHello SID max length * Added EarlyData ALPN test support to BoGo shim * ECH client - Discard resumption TLS < 1.3 Session(IDs|Tickets) if ECH configs are setup * On HRR skip PSK incompatible with negotiated ciphersuites hash algorithm * ECH client: Send ech_required alert on server negotiating TLS 1.2. Fixed misleading Gtest, enabled corresponding BoGo test * Added Bogo ECH rejection test support * Added ECH 0Rtt support to BoGo shim * RSA OAEP Wycheproof JSON * RSA decrypt Wycheproof JSON * ECDSA Wycheproof JSON * ECDH Wycheproof JSON * PKCS#1v1.5 wycheproof json * Use X25519 wycheproof json * Move scripts to python3 * Properly link FuzzingEngine for oss-fuzz. * Extending RSA-PSS bltest test coverage (Adding SHA-256 and SHA-384) * NSS needs to move off of DSA for integrity checks * Add initial testing with ACVP vector sets using acvp-rust * Don't clone libFuzzer, rely on clang instead update to NSS 3.87 * NULL password encoding incorrect * Fix rng stub signature for fuzzing builds * Updating the compiler parsing for build * Modification of supported compilers * tstclnt crashes when accessing gnutls server without a user cert in the database. * Add configuration option to enable source-based coverage sanitizer * Update ECCKiila generated files. * Add support for the LoongArch 64-bit architecture * add checks for zero-length RSA modulus to avoid memory errors and failed assertions later * Additional zero-length RSA modulus checks update to NSS 3.86 * conscious language removal in NSS * Set nssckbi version number to 2.60 * Set CKA_NSS_SERVER_DISTRUST_AFTER and CKA_NSS_EMAIL_DISTRUST_AFTER for 3 TrustCor Root Certificates * Remove Staat der Nederlanden EV Root CA from NSS * Remove EC-ACC root cert from NSS * Remove SwissSign Platinum CA - G2 from NSS * Remove Network Solutions Certificate Authority * compress docker image artifact with zstd * Migrate nss from AWS to GCP * Enable static builds in the CI * Removing SAW docker from the NSS build system * Initialising variables in the rsa blinding code * Implementation of the double-signing of the message for ECDSA * Adding exponent blinding for RSA. update to NSS 3.85 * Modification of the primes.c and dhe-params.c in order to have better looking tables * Update zlib in NSS to 1.2.13 * Skip building modutil and shlibsign when building in Firefox * Use __STDC_VERSION__ rather than __STDC__ as a guard * Remove redundant variable definitions in lowhashtest * Add note about python executable to build instructions. update to NSS 3.84 * Bump minimum NSPR version to 4.35 * Add a flag to disable building libnssckbi. update to NSS 3.83 * Remove set-but-unused variables from SEC_PKCS12DecoderValidateBags * Set nssckbi version number to 2.58 * Add two SECOM root certificates to NSS * Add two DigitalSign root certificates to NSS * Remove Camerfirma Global Chambersign Root from NSS * Added bug reference and description to disabled UnsolicitedServerNameAck bogo ECH test * Removed skipping of ECH on equality of private and public server name * Added comment and bug reference to ECHRandomHRRExtension bogo test * Added Bogo shim client HRR test support. Fixed overwriting of CHInner.random on HRR * Added check for server only sending ECH extension with retry configs in EncryptedExtensions and if not accepting ECH. Changed config setting behavior to skip configs with unsupported mandatory extensions instead of failing * Added ECH client support to BoGo shim. Changed CHInner creation to skip TLS 1.2 only extensions to comply with BoGo * Added ECH server support to BoGo shim. Fixed NSS ECH server accept_confirmation bugs * Update BoGo tests to recent BoringSSL version * Bump minimum NSPR version to 4.34.1 update to NSS 3.82 * check for null template in sec_asn1{d,e}_push_state * QuickDER: Forbid NULL tags with non-zero length * Initialize local variables in TlsConnectTestBase::ConnectAndCheckCipherSuite * Cast the result of GetProcAddress * pk11wrap: Tighten certificate lookup based on PKCS #11 URI. update to NSS 3.81 * Enable aarch64 hardware crypto support on OpenBSD * make NSS_SecureMemcmp 0/1 valued * Add no_application_protocol alert handler and test client error code is set * Gracefully handle null nickname in CERT_GetCertNicknameWithValidity * required for Firefox 104 - raised NSPR requirement to 4.34.1 - changing some Requires from (pre) to generic as (pre) is not sufficient (bsc#1202118) update to NSS 3.80 * Fix SEC_ERROR_ALGORITHM_MISMATCH entry in SECerrs.h. * Add support for asynchronous client auth hooks. * nss-policy-check: make unknown keyword check optional. * GatherBuffer: Reduced plaintext buffer allocations by allocating it on initialization. Replaced redundant code with assert. Debug builds: Added buffer freeing/allocation for each record. * Mark 3.79 as an ESR release. * Bump nssckbi version number for June. * Remove Hellenic Academic 2011 Root. * Add E-Tugra Roots. * Add Certainly Roots. * Add DigitCert Roots. * Protect SFTKSlot needLogin with slotLock. * Compare signature and signatureAlgorithm fields in legacy certificate verifier. * Uninitialized value in cert_VerifyCertChainOld. * Unchecked return code in sec_DecodeSigAlg. * Uninitialized value in cert_ComputeCertType. * Avoid data race on primary password change. * Replace ppc64 dcbzl intrinisic. * Allow LDFLAGS override in makefile builds. libfreebl3-3.90-150400.3.32.1.x86_64.rpm libfreebl3-32bit-3.90-150400.3.32.1.x86_64.rpm libsoftokn3-3.90-150400.3.32.1.x86_64.rpm libsoftokn3-32bit-3.90-150400.3.32.1.x86_64.rpm mozilla-nss-3.90-150400.3.32.1.src.rpm mozilla-nss-3.90-150400.3.32.1.x86_64.rpm mozilla-nss-32bit-3.90-150400.3.32.1.x86_64.rpm mozilla-nss-certs-3.90-150400.3.32.1.x86_64.rpm mozilla-nss-devel-3.90-150400.3.32.1.x86_64.rpm mozilla-nss-sysinit-3.90-150400.3.32.1.x86_64.rpm mozilla-nss-tools-3.90-150400.3.32.1.x86_64.rpm mozilla-nss-certs-32bit-3.90-150400.3.32.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3168 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for poppler fixes the following issues: - CVE-2022-27337: Fixed a logic error in the Hints::Hints function which can cause denial of service (bsc#1199272). libpoppler-cpp0-22.01.0-150400.3.6.1.x86_64.rpm libpoppler-devel-22.01.0-150400.3.6.1.x86_64.rpm libpoppler-glib-devel-22.01.0-150400.3.6.1.x86_64.rpm libpoppler-glib8-22.01.0-150400.3.6.1.x86_64.rpm libpoppler117-22.01.0-150400.3.6.1.x86_64.rpm poppler-22.01.0-150400.3.6.1.src.rpm poppler-tools-22.01.0-150400.3.6.1.x86_64.rpm typelib-1_0-Poppler-0_18-22.01.0-150400.3.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2941 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for poppler fixes the following issues: - CVE-2022-27337: Fixed a logic error in the Hints::Hints function which can cause denial of service (bsc#1199272). libpoppler89-0.79.0-150200.3.11.1.x86_64.rpm poppler-0.79.0-150200.3.11.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3118 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for hwinfo fixes the following issues: - Avoid linking problems with libsamba (bsc#1212756) - Update to version 21.85 hwinfo-21.85-150400.3.12.1.src.rpm hwinfo-21.85-150400.3.12.1.x86_64.rpm hwinfo-devel-21.85-150400.3.12.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3301 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libyajl fixes the following issues: - CVE-2023-33460: Fixed memory leak which could cause out-of-memory in server (bsc#1212928). libyajl-2.1.0-150000.4.6.1.src.rpm libyajl-devel-2.1.0-150000.4.6.1.x86_64.rpm libyajl2-2.1.0-150000.4.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3369 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for python-configobj fixes the following issues: - CVE-2023-26112: Fixed regular expression denial of service vulnerability in validate.py (bsc#1210070). python-configobj-5.0.6-150000.3.3.1.src.rpm python3-configobj-5.0.6-150000.3.3.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2024-81 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for ceph fixes the following issues: - Fix FTBFS on gcc 13 (bsc#1201088) - Fix FTBFS on s390x (bsc#1211090) - ceph-volume: Fix regression in activate (bsc#1210243, bsc#1210314) - cephadm: Fix NFS haproxy failover if active node disappears (bsc#1209621) - cephadm: Mount host /etc/hosts for daemon containers in podman deployments (bsc#1210719) - cmake: Patch boost source to support python 3.11 (bsc#1210944) - mgr: Don't dump global config holding gil (bsc#1199880) - mgr/cephadm: Fix handling of mgr upgrades with 3 or more mgrs (bsc#1210153) - mgr/dashboard: allow to pass controls on iscsi disk create (bsc#1208820) - mgr/dashboard: Fix SSO error: 'str' object has no attribute 'decode' (bsc#1210784) ceph-16.2.13.66+g54799ee0666-150400.3.9.2.src.rpm ceph-common-16.2.13.66+g54799ee0666-150400.3.9.2.x86_64.rpm libcephfs-devel-16.2.13.66+g54799ee0666-150400.3.9.2.x86_64.rpm libcephfs2-16.2.13.66+g54799ee0666-150400.3.9.2.x86_64.rpm librados-devel-16.2.13.66+g54799ee0666-150400.3.9.2.x86_64.rpm librados2-16.2.13.66+g54799ee0666-150400.3.9.2.x86_64.rpm libradospp-devel-16.2.13.66+g54799ee0666-150400.3.9.2.x86_64.rpm librbd-devel-16.2.13.66+g54799ee0666-150400.3.9.2.x86_64.rpm librbd1-16.2.13.66+g54799ee0666-150400.3.9.2.x86_64.rpm librgw-devel-16.2.13.66+g54799ee0666-150400.3.9.2.x86_64.rpm librgw2-16.2.13.66+g54799ee0666-150400.3.9.2.x86_64.rpm python3-ceph-argparse-16.2.13.66+g54799ee0666-150400.3.9.2.x86_64.rpm python3-ceph-common-16.2.13.66+g54799ee0666-150400.3.9.2.x86_64.rpm python3-cephfs-16.2.13.66+g54799ee0666-150400.3.9.2.x86_64.rpm python3-rados-16.2.13.66+g54799ee0666-150400.3.9.2.x86_64.rpm python3-rbd-16.2.13.66+g54799ee0666-150400.3.9.2.x86_64.rpm python3-rgw-16.2.13.66+g54799ee0666-150400.3.9.2.x86_64.rpm rados-objclass-devel-16.2.13.66+g54799ee0666-150400.3.9.2.x86_64.rpm rbd-nbd-16.2.13.66+g54799ee0666-150400.3.9.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2951 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for yast2-network fixes the following issues: - Fix typo when writing the wireless channel (bsc#1212976) yast2-network-4.4.59-150400.3.27.1.noarch.rpm yast2-network-4.4.59-150400.3.27.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2891 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for curl fixes the following issues: - CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237). curl-8.0.1-150400.5.26.1.src.rpm curl-8.0.1-150400.5.26.1.x86_64.rpm libcurl-devel-8.0.1-150400.5.26.1.x86_64.rpm libcurl4-32bit-8.0.1-150400.5.26.1.x86_64.rpm libcurl4-8.0.1-150400.5.26.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3204 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for tboot fixes the following issues: - Correctly move MBI from a lower address above tboot (bsc#1207833). This fixes a broken boot situation in some configurations stopping with log line "TBOOT: loader context was moved from 0x<address> to 0x<address>". - Bump date in version string to fix the upgrade path from SLE-12-SP5 and SLE-15-SP2 (currently at 2019070 and 20200501 respectively). tboot-20200901_1.10.2-150400.3.4.1.src.rpm tboot-20200901_1.10.2-150400.3.4.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3484 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for bind fixes the following issues: - Add dnstap support (jsc#PED-4852, jsc#PED-4853) - Log named-checkconf output (bsc#1213049) - Update to release 9.16.43 bind-9.16.43-150400.5.34.1.src.rpm bind-utils-9.16.43-150400.5.34.1.x86_64.rpm python3-bind-9.16.43-150400.5.34.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2905 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for fstrm fixes the following issues: - Update to 0.6.1: - fstrm_capture: ignore SIGPIPE, which will cause the interrupted connections to generate an EPIPE instead. - Fix truncation in snprintf calls in argument processing. - fstrm_capture: Fix output printf format. - Update to 0.6.0 It adds a new feature for fstrm_capture. It can perform output file rotation when a SIGUSR1 signal is received by fstrm_capture. (See the --gmtime or --localtime options.) This allows fstrm_capture's output file to be rotated by logrotate or a similar external utility. (Output rotation is suppressed if fstrm_capture is writing to stdout.) Update to 0.5.0 - Change license to modern MIT license for compatibility with GPLv2 software. Contact software@farsightsecurity.com for alternate licensing. - src/fstrm_replay.c: For OpenBSD and Posix portability include netinet/in.h and sys/socket.h to get struct sockaddr_in and the AF_* defines respectively. - Fix various compiler warnings. Update to 0.4.0 The C implementation of the Frame Streams data transport protocol, fstrm version 0.4.0, was released. It adds TCP support, a new tool, new documentation, and several improvements. - Added manual pages for fstrm_capture and fstrm_dump. - Added new tool, fstrm_replay, for replaying saved Frame Streams data to a socket connection. - Adds TCP support. Add tcp_writer to the core library which implements a bi-directional Frame Streams writer as a TCP socket client. Introduces new developer API: fstrm_tcp_writer_init, fstrm_tcp_writer_options_init, fstrm_tcp_writer_options_destroy, fstrm_tcp_writer_options_set_socket_address, and fstrm_tcp_writer_options_set_socket_port. - fstrm_capture: new options for reading from TCP socket. - fstrm_capture: add "-c" / "--connections" option to limit the number of concurrent connections it will accept. - fstrm_capture: add "-b / --buffer-size" option to set the read buffer size (effectively the maximum frame size) to a value other than the default 256 KiB. - fstrm_capture: skip oversize messages to fix stalled connections caused by messages larger than the read highwater mark of the input buffer. Discarded messages are logged for the purposes of tuning the input buffer size. - fstrm_capture: complete sending of FINISH frame before closing connection. - Various test additions and improvements. fstrm-0.6.1-150300.9.3.1.src.rpm fstrm-0.6.1-150300.9.3.1.x86_64.rpm fstrm-devel-0.6.1-150300.9.3.1.x86_64.rpm libfstrm0-0.6.1-150300.9.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3148 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for firewalld fixes the following issues: - Firewalld does not accept IPv4 network mask in full form (bsc#1212974) firewalld-0.9.3-150400.8.12.1.noarch.rpm firewalld-0.9.3-150400.8.12.1.src.rpm firewalld-lang-0.9.3-150400.8.12.1.noarch.rpm python3-firewall-0.9.3-150400.8.12.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3227 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for yast2-storage-ng fixes the following issues: - Ensure adding storage support software packages for SUSE Linux Enterprise Micro (bsc#1212452) yast2-storage-ng-4.4.45-150400.3.16.1.src.rpm yast2-storage-ng-4.4.45-150400.3.16.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3025 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for xrdp fixes the following issues: - Convert username exported to env variables to canonical form to prevent issues with different username and domain formats (bsc#1211740) libpainter0-0.9.13.1-150200.4.21.1.x86_64.rpm librfxencode0-0.9.13.1-150200.4.21.1.x86_64.rpm xrdp-0.9.13.1-150200.4.21.1.src.rpm xrdp-0.9.13.1-150200.4.21.1.x86_64.rpm xrdp-devel-0.9.13.1-150200.4.21.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3087 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for unixODBC fixes the following issues: - Add missing dependency requirement for glibc-locale-base (bsc#1213242) libodbc2-2.3.9-150400.16.3.3.x86_64.rpm unixODBC-2.3.9-150400.16.3.3.src.rpm unixODBC-2.3.9-150400.16.3.3.x86_64.rpm unixODBC-devel-2.3.9-150400.16.3.3.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3286 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for util-linux fixes the following issues: - Fix blkid for floppy drives (bsc#1194900) - Fix rpmbuild %checks fail when @ in the directory path (bsc#1194038) libblkid-devel-2.37.2-150400.8.20.1.x86_64.rpm libblkid-devel-static-2.37.2-150400.8.20.1.x86_64.rpm libblkid1-2.37.2-150400.8.20.1.x86_64.rpm libfdisk-devel-2.37.2-150400.8.20.1.x86_64.rpm libfdisk1-2.37.2-150400.8.20.1.x86_64.rpm libmount-devel-2.37.2-150400.8.20.1.x86_64.rpm libmount1-2.37.2-150400.8.20.1.x86_64.rpm libsmartcols-devel-2.37.2-150400.8.20.1.x86_64.rpm libsmartcols1-2.37.2-150400.8.20.1.x86_64.rpm libuuid-devel-2.37.2-150400.8.20.1.x86_64.rpm libuuid-devel-static-2.37.2-150400.8.20.1.x86_64.rpm libuuid1-2.37.2-150400.8.20.1.x86_64.rpm util-linux-2.37.2-150400.8.20.1.src.rpm util-linux-2.37.2-150400.8.20.1.x86_64.rpm util-linux-lang-2.37.2-150400.8.20.1.noarch.rpm util-linux-systemd-2.37.2-150400.8.20.1.src.rpm util-linux-systemd-2.37.2-150400.8.20.1.x86_64.rpm libblkid1-32bit-2.37.2-150400.8.20.1.x86_64.rpm libmount1-32bit-2.37.2-150400.8.20.1.x86_64.rpm libuuid1-32bit-2.37.2-150400.8.20.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3285 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for shadow fixes the following issues: - Prevent lock files from remaining after power interruptions (bsc#1213189) - Add --prefix support to passwd, chpasswd and chage (bsc#1206627) login_defs-4.8.1-150400.10.9.1.noarch.rpm shadow-4.8.1-150400.10.9.1.src.rpm shadow-4.8.1-150400.10.9.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3372 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for rsyslog fixes the following issues: - Fix removal of imfile state files (bsc#1213212) - Fix segfaults in modExit() of imklog.c (bsc#1211757) rsyslog-8.2306.0-150400.5.18.1.src.rpm rsyslog-8.2306.0-150400.5.18.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2930 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for samba fixes the following issues: - CVE-2022-2127: Fixed issue where lm_resp_len was not checked properly in winbindd_pam_auth_crap_send (bsc#1213174). - CVE-2023-34966: Fixed samba spotlight mdssvc RPC Request Infinite Loop Denial-of-Service Vulnerability (bsc#1213173). - CVE-2023-34967: Fixed samba spotlight mdssvc RPC Request Type Confusion Denial-of-Service Vulnerability (bsc#1213172). - CVE-2023-34968: Fixed spotlight server-side Share Path Disclosure (bsc#1213171). Bugfixes: - Fixed trust relationship failure (bsc#1213384). libsamba-policy-devel-4.15.13+git.663.9c654e06cdb-150400.3.28.1.x86_64.rpm libsamba-policy-python3-devel-4.15.13+git.663.9c654e06cdb-150400.3.28.1.x86_64.rpm libsamba-policy0-python3-4.15.13+git.663.9c654e06cdb-150400.3.28.1.x86_64.rpm samba-4.15.13+git.663.9c654e06cdb-150400.3.28.1.src.rpm samba-4.15.13+git.663.9c654e06cdb-150400.3.28.1.x86_64.rpm samba-ad-dc-libs-32bit-4.15.13+git.663.9c654e06cdb-150400.3.28.1.x86_64.rpm samba-ad-dc-libs-4.15.13+git.663.9c654e06cdb-150400.3.28.1.x86_64.rpm samba-ceph-4.15.13+git.663.9c654e06cdb-150400.3.28.1.x86_64.rpm samba-client-32bit-4.15.13+git.663.9c654e06cdb-150400.3.28.1.x86_64.rpm samba-client-4.15.13+git.663.9c654e06cdb-150400.3.28.1.x86_64.rpm samba-client-libs-4.15.13+git.663.9c654e06cdb-150400.3.28.1.x86_64.rpm samba-devel-32bit-4.15.13+git.663.9c654e06cdb-150400.3.28.1.x86_64.rpm samba-devel-4.15.13+git.663.9c654e06cdb-150400.3.28.1.x86_64.rpm samba-dsdb-modules-4.15.13+git.663.9c654e06cdb-150400.3.28.1.x86_64.rpm samba-gpupdate-4.15.13+git.663.9c654e06cdb-150400.3.28.1.x86_64.rpm samba-ldb-ldap-4.15.13+git.663.9c654e06cdb-150400.3.28.1.x86_64.rpm samba-libs-4.15.13+git.663.9c654e06cdb-150400.3.28.1.x86_64.rpm samba-libs-python3-4.15.13+git.663.9c654e06cdb-150400.3.28.1.x86_64.rpm samba-python3-4.15.13+git.663.9c654e06cdb-150400.3.28.1.x86_64.rpm samba-tool-4.15.13+git.663.9c654e06cdb-150400.3.28.1.x86_64.rpm samba-winbind-4.15.13+git.663.9c654e06cdb-150400.3.28.1.x86_64.rpm samba-winbind-libs-32bit-4.15.13+git.663.9c654e06cdb-150400.3.28.1.x86_64.rpm samba-winbind-libs-4.15.13+git.663.9c654e06cdb-150400.3.28.1.x86_64.rpm samba-client-libs-32bit-4.15.13+git.663.9c654e06cdb-150400.3.28.1.x86_64.rpm samba-libs-32bit-4.15.13+git.663.9c654e06cdb-150400.3.28.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3217 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for cryptsetup fixes the following issues: - Handle system with low memory and no swap space (bsc#1211079) cryptsetup-2.4.3-150400.3.3.1.src.rpm cryptsetup-2.4.3-150400.3.3.1.x86_64.rpm cryptsetup-lang-2.4.3-150400.3.3.1.noarch.rpm cryptsetup-ssh-2.4.3-150400.3.3.1.x86_64.rpm libcryptsetup-devel-2.4.3-150400.3.3.1.x86_64.rpm libcryptsetup12-2.4.3-150400.3.3.1.x86_64.rpm libcryptsetup12-32bit-2.4.3-150400.3.3.1.x86_64.rpm libcryptsetup12-hmac-2.4.3-150400.3.3.1.x86_64.rpm libcryptsetup12-hmac-32bit-2.4.3-150400.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2922 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libfido2 fixes the following issues: - Use openssl 1.1 still on SUSE Linux Enterprise 15 to avoid pulling unneeded openssl-3 dependency. (jsc#PED-4521) libfido2-1-1.13.0-150400.5.6.1.x86_64.rpm libfido2-1.13.0-150400.5.6.1.src.rpm libfido2-devel-1.13.0-150400.5.6.1.x86_64.rpm libfido2-udev-1.13.0-150400.5.6.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3013 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for openssl-3 fixes the following issues: - CVE-2023-2975: Fixed AES-SIV implementation ignores empty associated data entries (bsc#1213383). - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). libopenssl-3-devel-3.0.8-150400.4.31.2.x86_64.rpm libopenssl3-3.0.8-150400.4.31.2.x86_64.rpm openssl-3-3.0.8-150400.4.31.2.src.rpm openssl-3-3.0.8-150400.4.31.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3282 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for blog fixes the following issues: - Fix big endian cast problems to be able to read commands and ansers as well as passphrases blog-2.26-150300.4.6.1.src.rpm blog-2.26-150300.4.6.1.x86_64.rpm blog-devel-2.26-150300.4.6.1.x86_64.rpm blog-plymouth-2.26-150300.4.6.1.x86_64.rpm libblogger2-2.26-150300.4.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3336 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for plymouth fixes the following issues: - Change bootup terminal to default to satisfy Nvidia proprietary driver (bsc#1208726) - Change configure options --with-shutdown-tty from 1 to 7 for shutdown message to be displayed (bsc#1141749) - Enable plymouth log by default to resolve random appear problems (bsc#1193736) libply-boot-client5-0.9.5~git20210406.e554475-150400.3.12.1.x86_64.rpm libply-splash-core5-0.9.5~git20210406.e554475-150400.3.12.1.x86_64.rpm libply-splash-graphics5-0.9.5~git20210406.e554475-150400.3.12.1.x86_64.rpm libply5-0.9.5~git20210406.e554475-150400.3.12.1.x86_64.rpm plymouth-0.9.5~git20210406.e554475-150400.3.12.1.src.rpm plymouth-0.9.5~git20210406.e554475-150400.3.12.1.x86_64.rpm plymouth-devel-0.9.5~git20210406.e554475-150400.3.12.1.x86_64.rpm plymouth-dracut-0.9.5~git20210406.e554475-150400.3.12.1.noarch.rpm plymouth-lang-0.9.5~git20210406.e554475-150400.3.12.1.noarch.rpm plymouth-plugin-label-0.9.5~git20210406.e554475-150400.3.12.1.x86_64.rpm plymouth-plugin-label-ft-0.9.5~git20210406.e554475-150400.3.12.1.x86_64.rpm plymouth-plugin-script-0.9.5~git20210406.e554475-150400.3.12.1.x86_64.rpm plymouth-scripts-0.9.5~git20210406.e554475-150400.3.12.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2962 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for openssl-1_1 fixes the following issues: - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). libopenssl-1_1-devel-1.1.1l-150400.7.48.1.x86_64.rpm libopenssl-1_1-devel-32bit-1.1.1l-150400.7.48.1.x86_64.rpm libopenssl1_1-1.1.1l-150400.7.48.1.x86_64.rpm libopenssl1_1-32bit-1.1.1l-150400.7.48.1.x86_64.rpm libopenssl1_1-hmac-1.1.1l-150400.7.48.1.x86_64.rpm libopenssl1_1-hmac-32bit-1.1.1l-150400.7.48.1.x86_64.rpm openssl-1_1-1.1.1l-150400.7.48.1.src.rpm openssl-1_1-1.1.1l-150400.7.48.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3351 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for oddjob, oddjob-gpupdate fixes the following issues: This update provides the oddjob, oddjob-gpupdate packages. (jsc#SLE-18457) oddjob-0.34.5-150400.3.2.1.src.rpm oddjob-0.34.5-150400.3.2.1.x86_64.rpm oddjob-gpupdate-0.2.0+git.5.ed70836-150400.9.3.1.src.rpm oddjob-gpupdate-0.2.0+git.5.ed70836-150400.9.3.1.x86_64.rpm oddjob-mkhomedir-0.34.5-150400.3.2.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3196 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for protobuf-c fixes the following issues: - Include executables required to generate Protocol Buffers glue code in the devel subpackage (bsc#1213443) libprotobuf-c-devel-1.3.2-150200.3.6.1.x86_64.rpm libprotobuf-c1-1.3.2-150200.3.6.1.x86_64.rpm protobuf-c-1.3.2-150200.3.6.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2945 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for openssh fixes the following issues: - CVE-2023-38408: Fixed a condition where specific libaries loaded via ssh-agent(1)'s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket if those libraries were present on the victim's system and if the agent was forwarded to an attacker-controlled system. [bsc#1213504, CVE-2023-38408] - Close the right filedescriptor and also close fdh in read_hmac to avoid file descriptor leaks. [bsc#1209536] - Attempts to mitigate instances of secrets lingering in memory after a session exits. [bsc#1186673, bsc#1213004, bsc#1213008] openssh-8.4p1-150300.3.22.1.src.rpm openssh-8.4p1-150300.3.22.1.x86_64.rpm openssh-clients-8.4p1-150300.3.22.1.x86_64.rpm openssh-common-8.4p1-150300.3.22.1.x86_64.rpm openssh-fips-8.4p1-150300.3.22.1.x86_64.rpm openssh-helpers-8.4p1-150300.3.22.1.x86_64.rpm openssh-server-8.4p1-150300.3.22.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2981 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libqt5-qtsvg fixes the following issues: - CVE-2021-45930: Fixed an out-of-bounds write that may have lead to a denial-of-service (bsc#1196654). - CVE-2023-32573: Fixed missing initialization of QtSvg QSvgFont m_unitsPerEm variable (bsc#1211298). libQt5Svg5-5.15.2+kde16-150400.3.3.1.x86_64.rpm libqt5-qtsvg-5.15.2+kde16-150400.3.3.1.src.rpm libqt5-qtsvg-devel-5.15.2+kde16-150400.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-2982 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libqt5-qtbase fixes the following issues: - CVE-2023-24607: Fixed Qt SQL ODBC driver plugin DOS (bsc#1209616). - CVE-2023-32762: Fixed Qt Network incorrectly parses the strict-transport-security (HSTS) header (bsc#1211797). - CVE-2023-32763: Fixed buffer overflow when rendering an SVG file with an image inside it (bsc#1211798). - CVE-2023-33285: Fixed buffer overflow in QDnsLookup (bsc#1211642). - CVE-2023-34410: Fixed certificate validation does not always consider whether the root of a chain is a configured CA certificate (bsc#1211994). - CVE-2023-38197: Fixed infinite loops in QXmlStreamReader(bsc#1213326). libQt5Concurrent-devel-5.15.2+kde294-150400.6.6.1.x86_64.rpm libQt5Concurrent5-5.15.2+kde294-150400.6.6.1.x86_64.rpm libQt5Core-devel-5.15.2+kde294-150400.6.6.1.x86_64.rpm libQt5Core-private-headers-devel-5.15.2+kde294-150400.6.6.1.noarch.rpm libQt5Core5-5.15.2+kde294-150400.6.6.1.x86_64.rpm libQt5DBus-devel-5.15.2+kde294-150400.6.6.1.x86_64.rpm libQt5DBus-private-headers-devel-5.15.2+kde294-150400.6.6.1.noarch.rpm libQt5DBus5-5.15.2+kde294-150400.6.6.1.x86_64.rpm libQt5Gui-devel-5.15.2+kde294-150400.6.6.1.x86_64.rpm libQt5Gui-private-headers-devel-5.15.2+kde294-150400.6.6.1.noarch.rpm libQt5Gui5-5.15.2+kde294-150400.6.6.1.x86_64.rpm libQt5KmsSupport-devel-static-5.15.2+kde294-150400.6.6.1.x86_64.rpm libQt5KmsSupport-private-headers-devel-5.15.2+kde294-150400.6.6.1.noarch.rpm libQt5Network-devel-5.15.2+kde294-150400.6.6.1.x86_64.rpm libQt5Network-private-headers-devel-5.15.2+kde294-150400.6.6.1.noarch.rpm libQt5Network5-5.15.2+kde294-150400.6.6.1.x86_64.rpm libQt5OpenGL-devel-5.15.2+kde294-150400.6.6.1.x86_64.rpm libQt5OpenGL-private-headers-devel-5.15.2+kde294-150400.6.6.1.noarch.rpm libQt5OpenGL5-5.15.2+kde294-150400.6.6.1.x86_64.rpm libQt5PlatformHeaders-devel-5.15.2+kde294-150400.6.6.1.x86_64.rpm libQt5PlatformSupport-devel-static-5.15.2+kde294-150400.6.6.1.x86_64.rpm libQt5PlatformSupport-private-headers-devel-5.15.2+kde294-150400.6.6.1.noarch.rpm libQt5PrintSupport-devel-5.15.2+kde294-150400.6.6.1.x86_64.rpm libQt5PrintSupport-private-headers-devel-5.15.2+kde294-150400.6.6.1.noarch.rpm libQt5PrintSupport5-5.15.2+kde294-150400.6.6.1.x86_64.rpm libQt5Sql-devel-5.15.2+kde294-150400.6.6.1.x86_64.rpm libQt5Sql-private-headers-devel-5.15.2+kde294-150400.6.6.1.noarch.rpm libQt5Sql5-5.15.2+kde294-150400.6.6.1.x86_64.rpm libQt5Sql5-sqlite-5.15.2+kde294-150400.6.6.1.x86_64.rpm libQt5Test-devel-5.15.2+kde294-150400.6.6.1.x86_64.rpm libQt5Test-private-headers-devel-5.15.2+kde294-150400.6.6.1.noarch.rpm libQt5Test5-5.15.2+kde294-150400.6.6.1.x86_64.rpm libQt5Widgets-devel-5.15.2+kde294-150400.6.6.1.x86_64.rpm libQt5Widgets-private-headers-devel-5.15.2+kde294-150400.6.6.1.noarch.rpm libQt5Widgets5-5.15.2+kde294-150400.6.6.1.x86_64.rpm libQt5Xml-devel-5.15.2+kde294-150400.6.6.1.x86_64.rpm libQt5Xml5-5.15.2+kde294-150400.6.6.1.x86_64.rpm libqt5-qtbase-5.15.2+kde294-150400.6.6.1.src.rpm libqt5-qtbase-common-devel-5.15.2+kde294-150400.6.6.1.x86_64.rpm libqt5-qtbase-devel-5.15.2+kde294-150400.6.6.1.x86_64.rpm libqt5-qtbase-private-headers-devel-5.15.2+kde294-150400.6.6.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3327 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for pcre2 fixes the following issues: - CVE-2022-41409: Fixed integer overflow vulnerability in pcre2test that allows attackers to cause a denial of service via negative input (bsc#1213514). libpcre2-16-0-10.39-150400.4.9.1.x86_64.rpm libpcre2-32-0-10.39-150400.4.9.1.x86_64.rpm libpcre2-8-0-10.39-150400.4.9.1.x86_64.rpm libpcre2-posix2-10.39-150400.4.9.1.x86_64.rpm pcre2-10.39-150400.4.9.1.src.rpm pcre2-devel-10.39-150400.4.9.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3021 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for librsvg fixes the following issues: librsvg was updated to version 2.52.10: - CVE-2023-38633: Fixed directory traversal in URI decoder (bsc#1213502). gdk-pixbuf-loader-rsvg-2.52.10-150400.3.6.1.x86_64.rpm librsvg-2-2-2.52.10-150400.3.6.1.x86_64.rpm librsvg-2.52.10-150400.3.6.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3171 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867). - CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter subsystem when processing named and anonymous sets in batch requests that could allow a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system (bsc#1213245). - CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212846). - CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543). - CVE-2023-20593: Fixed a ZenBleed issue in "Zen 2" CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286). - CVE-2023-31248: Fixed an use-after-free vulnerability in nft_chain_lookup_byid that could allow a local attacker to escalate their privilege (bsc#1213061). - CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059). The following non-security bugs were fixed: - ACPI: utils: Fix acpi_evaluate_dsm_typed() redefinition error (git-fixes). - ALSA: fireface: make read-only const array for model names static (git-fixes). - ALSA: hda/realtek - remove 3k pull low procedure (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS ROG G614Jx (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS ROG GA402X (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS ROG GX650P (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS ROG GZ301V (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NPx0SNx (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NS70AU (git-fixes). - ALSA: hda/realtek: Add quirks for Unis H3C Desktop B760 & Q760 (git-fixes). - ALSA: hda/realtek: Add support for DELL Oasis 13/14/16 laptops (git-fixes). - ALSA: hda/realtek: Amend G634 quirk to enable rear speakers (git-fixes). - ALSA: hda/realtek: Enable Mute LED on HP Laptop 15s-eq2xxx (git-fixes). - ALSA: hda/realtek: Fix generic fixup definition for cs35l41 amp (git-fixes). - ALSA: hda/realtek: Whitespace fix (git-fixes). - ALSA: hda: fix a possible null-pointer dereference due to data race in snd_hdac_regmap_sync() (git-fixes). - ALSA: oxfw: make read-only const array models static (git-fixes). - ALSA: pcm: Fix potential data race at PCM memory allocation helpers (git-fixes). - ASoC: codecs: wcd-mbhc-v2: fix resource leaks on component remove (git-fixes). - ASoC: codecs: wcd934x: fix resource leaks on component remove (git-fixes). - ASoC: codecs: wcd938x: fix codec initialisation race (git-fixes). - ASoC: codecs: wcd938x: fix dB range for HPHL and HPHR (git-fixes). - ASoC: codecs: wcd938x: fix missing clsh ctrl error handling (git-fixes). - ASoC: codecs: wcd938x: fix soundwire initialisation race (git-fixes). - ASoC: tegra: Fix ADX byte map (git-fixes). - ASoC: tegra: Fix AMX byte map (git-fixes). - Add MODULE_FIRMWARE() for FIRMWARE_TG357766 (git-fixes). - Documentation: ABI: sysfs-class-net-qmi: pass_through contact update (git-fixes). - Documentation: bonding: fix the doc of peer_notif_delay (git-fixes). - Documentation: timers: hrtimers: Make hybrid union historical (git-fixes). - Enable NXP SNVS RTC driver for i.MX 8MQ/8MP (jsc#PED-4758) - Fix documentation of panic_on_warn (git-fixes). - IB/hfi1: Use bitmap_zalloc() when applicable (git-fixes) - PCI/PM: Avoid putting EloPOS E2/S2/H2 PCIe Ports in D3cold (git-fixes). - PCI: Add function 1 DMA alias quirk for Marvell 88SE9235 (git-fixes). - RDMA/rxe: Fix access checks in rxe_check_bind_mw (git-fixes) - Revert "arm64: dts: zynqmp: Add address-cells property to interrupt (git-fixes) - Revert "drm/amd/display: edp do not add non-edid timings" (git-fixes). - USB: dwc2: Fix some error handling paths (git-fixes). - USB: dwc2: platform: Improve error reporting for problems during .remove() (git-fixes). - USB: gadget: udc: core: Offload usb_udc_vbus_handler processing (git-fixes). - USB: gadget: udc: core: Prevent soft_connect_store() race (git-fixes). - USB: serial: option: add LARA-R6 01B PIDs (git-fixes). - Update config and supported.conf files due to renaming. - apparmor: fix missing error check for rhashtable_insert_fast (git-fixes). - arm64/mm: mark private VM_FAULT_X defines as vm_fault_t (git-fixes) - arm64: dts: microchip: sparx5: do not use PSCI on reference boards (git-fixes) - arm64: vdso: Pass (void *) to virt_to_page() (git-fixes) - arm64: xor-neon: mark xor_arm64_neon_*() static (git-fixes) - can: bcm: Fix UAF in bcm_proc_show() (git-fixes). - cifs: add a warning when the in-flight count goes negative (bsc#1193629). - cifs: address unused variable warning (bsc#1193629). - cifs: do all necessary checks for credits within or before locking (bsc#1193629). - cifs: fix lease break oops in xfstest generic/098 (bsc#1193629). - cifs: fix max_credits implementation (bsc#1193629). - cifs: fix session state check in reconnect to avoid use-after-free issue (bsc#1193629). - cifs: fix session state check in smb2_find_smb_ses (bsc#1193629). - cifs: fix session state transition to avoid use-after-free issue (bsc#1193629). - cifs: fix sockaddr comparison in iface_cmp (bsc#1193629). - cifs: fix status checks in cifs_tree_connect (bsc#1193629). - cifs: log session id when a matching ses is not found (bsc#1193629). - cifs: new dynamic tracepoint to track ses not found errors (bsc#1193629). - cifs: prevent use-after-free by freeing the cfile later (bsc#1193629). - cifs: print all credit counters in DebugData (bsc#1193629). - cifs: print client_guid in DebugData (bsc#1193629). - cifs: print more detail when invalidate_inode_mapping fails (bsc#1193629). - cifs: print nosharesock value while dumping mount options (bsc#1193629). - clk: qcom: camcc-sc7180: Add parent dependency to all camera GDSCs (git-fixes). - clk: qcom: gcc-ipq6018: Use floor ops for sdcc clocks (git-fixes). - codel: fix kernel-doc notation warnings (git-fixes). - crypto: kpp - Add helper to set reqsize (git-fixes). - crypto: qat - Use helper to set reqsize (git-fixes). - devlink: fix kernel-doc notation warnings (git-fixes). - docs: networking: Update codeaurora references for rmnet (git-fixes). - drm/amd/display: Correct `DMUB_FW_VERSION` macro (git-fixes). - drm/amdgpu: Set vmbo destroy after pt bo is created (git-fixes). - drm/amdgpu: Validate VM ioctl flags (git-fixes). - drm/amdgpu: avoid restore process run into dead loop (git-fixes). - drm/amdgpu: fix clearing mappings for BOs that are always valid in VM (git-fixes). - drm/atomic: Allow vblank-enabled + self-refresh "disable" (git-fixes). - drm/atomic: Fix potential use-after-free in nonblocking commits (git-fixes). - drm/bridge: tc358768: Add atomic_get_input_bus_fmts() implementation (git-fixes). - drm/bridge: tc358768: fix TCLK_TRAILCNT computation (git-fixes). - drm/bridge: tc358768: fix THS_TRAILCNT computation (git-fixes). - drm/bridge: tc358768: fix THS_ZEROCNT computation (git-fixes). - drm/client: Fix memory leak in drm_client_target_cloned (git-fixes). - drm/i915/psr: Use hw.adjusted mode when calculating io/fast wake times (git-fixes). - drm/i915: Fix one wrong caching mode enum usage (git-fixes). - drm/msm/disp/dpu: get timing engine status from intf status register (git-fixes). - drm/msm/dpu: Set DPU_DATA_HCTL_EN for in INTF_SC7180_MASK (git-fixes). - drm/panel: simple: Add Powertip PH800480T013 drm_display_mode flags (git-fixes). - drm/panel: simple: Add connector_type for innolux_at043tn24 (git-fixes). - drm/ttm: Do not leak a resource on swapout move error (git-fixes). - dt-bindings: phy: brcm,brcmstb-usb-phy: Fix error in "compatible" conditional schema (git-fixes). - ext4: Fix reusing stale buffer heads from last failed mounting (bsc#1213020). - ext4: add EA_INODE checking to ext4_iget() (bsc#1213106). - ext4: add ext4_sb_block_valid() refactored out of ext4_inode_block_valid() (bsc#1213088). - ext4: add lockdep annotations for i_data_sem for ea_inode's (bsc#1213109). - ext4: add strict range checks while freeing blocks (bsc#1213089). - ext4: avoid deadlock in fs reclaim with page writeback (bsc#1213016). - ext4: bail out of ext4_xattr_ibody_get() fails for any reason (bsc#1213018). - ext4: block range must be validated before use in ext4_mb_clear_bb() (bsc#1213090). - ext4: check iomap type only if ext4_iomap_begin() does not fail (bsc#1213103). - ext4: disallow ea_inodes with extended attributes (bsc#1213108). - ext4: fail ext4_iget if special inode unallocated (bsc#1213010). - ext4: fix WARNING in ext4_update_inline_data (bsc#1213012). - ext4: fix WARNING in mb_find_extent (bsc#1213099). - ext4: fix bug_on in __es_tree_search caused by bad quota inode (bsc#1213111). - ext4: fix data races when using cached status extents (bsc#1213102). - ext4: fix deadlock when converting an inline directory in nojournal mode (bsc#1213105). - ext4: fix i_disksize exceeding i_size problem in paritally written case (bsc#1213015). - ext4: fix lockdep warning when enabling MMP (bsc#1213100). - ext4: fix task hung in ext4_xattr_delete_inode (bsc#1213096). - ext4: fix to check return value of freeze_bdev() in ext4_shutdown() (bsc#1213021). - ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline (bsc#1213098). - ext4: improve error handling from ext4_dirhash() (bsc#1213104). - ext4: improve error recovery code paths in __ext4_remount() (bsc#1213017). - ext4: move where set the MAY_INLINE_DATA flag is set (bsc#1213011). - ext4: only update i_reserved_data_blocks on successful block allocation (bsc#1213019). - ext4: refactor ext4_free_blocks() to pull out ext4_mb_clear_bb() (bsc#1213087). - ext4: refuse to create ea block when umounted (bsc#1213093). - ext4: set lockdep subclass for the ea_inode in ext4_xattr_inode_cache_find() (bsc#1213107). - ext4: turn quotas off if mount failed after enabling quotas (bsc#1213110). - ext4: update s_journal_inum if it changes after journal replay (bsc#1213094). - ext4: use ext4_fc_tl_mem in fast-commit replay path (bsc#1213092). - ext4: zero i_disksize when initializing the bootloader inode (bsc#1213013). - fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe (git-fixes). - fbdev: imxfb: warn about invalid left/right margin (git-fixes). - fuse: ioctl: translate ENOSYS in outarg (bsc#1213524). - fuse: revalidate: do not invalidate if interrupted (bsc#1213523). - hvcs: Fix hvcs port reference counting (bsc#1213134 ltc#202861). - hvcs: Get reference to tty in remove (bsc#1213134 ltc#202861). - hvcs: Synchronize hotplug remove with port free (bsc#1213134 ltc#202861). - hvcs: Use dev_groups to manage hvcs device attributes (bsc#1213134 ltc#202861). - hvcs: Use driver groups to manage driver attributes (bsc#1213134 ltc#202861). - hvcs: Use vhangup in hotplug remove (bsc#1213134 ltc#202861). - hwmon: (adm1275) Allow setting sample averaging (git-fixes). - hwmon: (pmbus/adm1275) Fix problems with temperature monitoring on ADM1272 (git-fixes). - i2c: xiic: Defer xiic_wakeup() and __xiic_start_xfer() in xiic_process() (git-fixes). - i2c: xiic: Do not try to handle more interrupt events after error (git-fixes). - inotify: Avoid reporting event with invalid wd (bsc#1213025). - jbd2: fix data missing when reusing bh which is ready to be checkpointed (bsc#1213095). - jdb2: Do not refuse invalidation of already invalidated buffers (bsc#1213014). - kABI: do not check external trampolines for signature (kabi bsc#1207894 bsc#1211243). - kabi/severities: Add VAS symbols changed due to recent fix VAS accelerators are directly tied to the architecture, there is no reason to have out-of-tree production drivers - kselftest: vDSO: Fix accumulation of uninitialized ret when CLOCK_REALTIME is undefined (git-fixes). - leds: trigger: netdev: Recheck NETDEV_LED_MODE_LINKUP on dev rename (git-fixes). - media: atomisp: gmin_platform: fix out_len in gmin_get_config_dsm_var() (git-fixes). - media: cec: i2c: ch7322: also select REGMAP (git-fixes). - media: i2c: Correct format propagation for st-mipid02 (git-fixes). - media: usb: Check az6007_read() return value (git-fixes). - media: usb: siano: Fix warning due to null work_func_t function pointer (git-fixes). - media: venus: helpers: Fix ALIGN() of non power of two (git-fixes). - media: videodev2.h: Fix struct v4l2_input tuner index comment (git-fixes). - memcg: drop kmem.limit_in_bytes (bsc#1208788, bsc#1212905). - mmc: core: disable TRIM on Kingston EMMC04G-M627 (git-fixes). - mmc: sdhci: fix DMA configure compatibility issue when 64bit DMA mode is used (git-fixes). - net: mana: Add support for vlan tagging (bsc#1212301). - net: phy: prevent stale pointer dereference in phy_init() (git-fixes). - ntb: amd: Fix error handling in amd_ntb_pci_driver_init() (git-fixes). - ntb: idt: Fix error handling in idt_pci_driver_init() (git-fixes). - ntb: intel: Fix error handling in intel_ntb_pci_driver_init() (git-fixes). - ntb: ntb_tool: Add check for devm_kcalloc (git-fixes). - ntb: ntb_transport: fix possible memory leak while device_register() fails (git-fixes). - nvme-multipath: support io stats on the mpath device (bsc#1210565). - nvme: introduce nvme_start_request (bsc#1210565). - ocfs2: Switch to security_inode_init_security() (git-fixes). - ocfs2: check new file size on fallocate call (git-fixes). - ocfs2: fix use-after-free when unmounting read-only filesystem (git-fixes). - opp: Fix use-after-free in lazy_opp_tables after probe deferral (git-fixes). - phy: Revert "phy: Remove SOC_EXYNOS4212 dep. from PHY_EXYNOS4X12_USB" (git-fixes). - phy: tegra: xusb: Clear the driver reference in usb-phy dev (git-fixes). - phy: tegra: xusb: check return value of devm_kzalloc() (git-fixes). - pie: fix kernel-doc notation warning (git-fixes). - pinctrl: amd: Detect internal GPIO0 debounce handling (git-fixes). - pinctrl: amd: Fix mistake in handling clearing pins at startup (git-fixes). - pinctrl: amd: Only use special debounce behavior for GPIO 0 (git-fixes). - powerpc/64: Only WARN if __pa()/__va() called with bad addresses (bsc#1194869). - powerpc/64s: Fix VAS mm use after free (bsc#1194869). - powerpc/book3s64/mm: Fix DirectMap stats in /proc/meminfo (bsc#1194869). - powerpc/bpf: Fix use of user_pt_regs in uapi (bsc#1194869). - powerpc/ftrace: Remove ftrace init tramp once kernel init is complete (bsc#1194869). - powerpc/interrupt: Do not read MSR from interrupt_exit_kernel_prepare() (bsc#1194869). - powerpc/mm/dax: Fix the condition when checking if altmap vmemap can cross-boundary (bsc#1150305 ltc#176097 git-fixes). - powerpc/mm: Switch obsolete dssall to .long (bsc#1194869). - powerpc/powernv/sriov: perform null check on iov before dereferencing iov (bsc#1194869). - powerpc/powernv/vas: Assign real address to rx_fifo in vas_rx_win_attr (bsc#1194869). - powerpc/prom_init: Fix kernel config grep (bsc#1194869). - powerpc/secvar: fix refcount leak in format_show() (bsc#1194869). - powerpc/xics: fix refcount leak in icp_opal_init() (bsc#1194869). - powerpc: clean vdso32 and vdso64 directories (bsc#1194869). - powerpc: define get_cycles macro for arch-override (bsc#1194869). - powerpc: update ppc_save_regs to save current r1 in pt_regs (bsc#1194869). - pwm: ab8500: Fix error code in probe() (git-fixes). - pwm: imx-tpm: force 'real_period' to be zero in suspend (git-fixes). - pwm: sysfs: Do not apply state to already disabled PWMs (git-fixes). - rpm/check-for-config-changes: ignore also RISCV_ISA_* and DYNAMIC_SIGFRAME They depend on CONFIG_TOOLCHAIN_HAS_*. - rsi: remove kernel-doc comment marker (git-fixes). - s390/ap: fix status returned by ap_aqic() (git-fixes bsc#1213259). - s390/ap: fix status returned by ap_qact() (git-fixes bsc#1213258). - s390/debug: add _ASM_S390_ prefix to header guard (git-fixes bsc#1213263). - s390/percpu: add READ_ONCE() to arch_this_cpu_to_op_simple() (git-fixes bsc#1213252). - s390: define RUNTIME_DISCARD_EXIT to fix link error with GNU ld &lt; 2.36 (git-fixes bsc#1213264). - s390: discard .interp section (git-fixes bsc#1213247). - sched/debug: fix dentry leak in update_sched_domain_debugfs (git-fixes) - sched: Fix DEBUG && !SCHEDSTATS warn (git-fixes) - security: keys: Modify mismatched function name (git-fixes). - selftests: mptcp: depend on SYN_COOKIES (git-fixes). - selftests: mptcp: sockopt: return error if wrong mark (git-fixes). - selftests: rtnetlink: remove netdevsim device after ipsec offload test (git-fixes). - selftests: tc: add 'ct' action kconfig dep (git-fixes). - selftests: tc: add ConnTrack procfs kconfig (git-fixes). - selftests: tc: set timeout to 15 minutes (git-fixes). - signal/powerpc: On swapcontext failure force SIGSEGV (bsc#1194869). - signal: Replace force_sigsegv(SIGSEGV) with force_fatal_sig(SIGSEGV) (bsc#1194869). - smb3: do not reserve too many oplock credits (bsc#1193629). - smb3: missing null check in SMB2_change_notify (bsc#1193629). - smb: client: fix broken file attrs with nodfs mounts (bsc#1193629). - smb: client: fix missed ses refcounting (git-fixes). - smb: client: fix parsing of source mount option (bsc#1193629). - smb: client: fix shared DFS root mounts with different prefixes (bsc#1193629). - smb: client: fix warning in CIFSFindFirst() (bsc#1193629). - smb: client: fix warning in CIFSFindNext() (bsc#1193629). - smb: client: fix warning in cifs_match_super() (bsc#1193629). - smb: client: fix warning in cifs_smb3_do_mount() (bsc#1193629). - smb: client: fix warning in generic_ip_connect() (bsc#1193629). - smb: client: improve DFS mount check (bsc#1193629). - smb: client: remove redundant pointer 'server' (bsc#1193629). - smb: delete an unnecessary statement (bsc#1193629). - smb: move client and server files to common directory fs/smb (bsc#1193629). - smb: remove obsolete comment (bsc#1193629). - soundwire: qcom: fix storing port config out-of-bounds (git-fixes). - spi: bcm-qspi: return error if neither hif_mspi nor mspi is available (git-fixes). - spi: bcm63xx: fix max prepend length (git-fixes). - tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation (git-fixes). - tty: serial: fsl_lpuart: add earlycon for imx8ulp platform (git-fixes). - ubi: Fix failure attaching when vid_hdr offset equals to (sub)page size (bsc#1210584). - ubi: ensure that VID header offset + VID header size &lt;= alloc, size (bsc#1210584). - udf: Avoid double brelse() in udf_rename() (bsc#1213032). - udf: Define EFSCORRUPTED error code (bsc#1213038). - udf: Detect system inodes linked into directory hierarchy (bsc#1213114). - udf: Discard preallocation before extending file with a hole (bsc#1213036). - udf: Do not bother looking for prealloc extents if i_lenExtents matches i_size (bsc#1213035). - udf: Do not bother merging very long extents (bsc#1213040). - udf: Do not update file length for failed writes to inline files (bsc#1213041). - udf: Fix error handling in udf_new_inode() (bsc#1213112). - udf: Fix extending file within last block (bsc#1213037). - udf: Fix preallocation discarding at indirect extent boundary (bsc#1213034). - udf: Preserve link count of system files (bsc#1213113). - udf: Truncate added extents on failed expansion (bsc#1213039). - wifi: airo: avoid uninitialized warning in airo_get_rate() (git-fixes). - wifi: ray_cs: Drop useless status variable in parse_addr() (git-fixes). - wifi: ray_cs: Utilize strnlen() in parse_addr() (git-fixes). - wifi: rtw89: debug: fix error code in rtw89_debug_priv_send_h2c_set() (git-fixes). - wl3501_cs: use eth_hw_addr_set() (git-fixes). - writeback: fix call of incorrect macro (bsc#1213024). - x86: Fix .brk attribute in linker script (git-fixes). - xfs: AIL needs asynchronous CIL forcing (bsc#1211811). - xfs: CIL work is serialised, not pipelined (bsc#1211811). - xfs: XLOG_STATE_IOERROR must die (bsc#1211811). - xfs: async CIL flushes need pending pushes to be made stable (bsc#1211811). - xfs: attach iclog callbacks in xlog_cil_set_ctx_write_state() (bsc#1211811). - xfs: clean up the rtbitmap fsmap backend (git-fixes). - xfs: do not deplete the reserve pool when trying to shrink the fs (git-fixes). - xfs: do not reverse order of items in bulk AIL insertion (git-fixes). - xfs: do not run shutdown callbacks on active iclogs (bsc#1211811). - xfs: drop async cache flushes from CIL commits (bsc#1211811). - xfs: factor out log write ordering from xlog_cil_push_work() (bsc#1211811). - xfs: fix getfsmap reporting past the last rt extent (git-fixes). - xfs: fix integer overflows in the fsmap rtbitmap and logdev backends (git-fixes). - xfs: fix interval filtering in multi-step fsmap queries (git-fixes). - xfs: fix logdev fsmap query result filtering (git-fixes). - xfs: fix off-by-one error when the last rt extent is in use (git-fixes). - xfs: fix uninitialized variable access (git-fixes). - xfs: make fsmap backend function key parameters const (git-fixes). - xfs: make the record pointer passed to query_range functions const (git-fixes). - xfs: move the CIL workqueue to the CIL (bsc#1211811). - xfs: move xlog_commit_record to xfs_log_cil.c (bsc#1211811). - xfs: order CIL checkpoint start records (bsc#1211811). - xfs: pass a CIL context to xlog_write() (bsc#1211811). - xfs: pass explicit mount pointer to rtalloc query functions (git-fixes). - xfs: rework xlog_state_do_callback() (bsc#1211811). - xfs: run callbacks before waking waiters in xlog_state_shutdown_callbacks (bsc#1211811). - xfs: separate out log shutdown callback processing (bsc#1211811). - xfs: wait iclog complete before tearing down AIL (bsc#1211811). - xhci: Fix TRB prefetch issue of ZHAOXIN hosts (git-fixes). - xhci: Fix resume issue of some ZHAOXIN hosts (git-fixes). - xhci: Show ZHAOXIN xHCI root hub speed correctly (git-fixes). kernel-default-5.14.21-150400.24.74.1.nosrc.rpm True kernel-default-5.14.21-150400.24.74.1.x86_64.rpm True kernel-default-base-5.14.21-150400.24.74.1.150400.24.33.3.src.rpm True kernel-default-base-5.14.21-150400.24.74.1.150400.24.33.3.x86_64.rpm True kernel-default-devel-5.14.21-150400.24.74.1.x86_64.rpm True kernel-devel-5.14.21-150400.24.74.1.noarch.rpm True kernel-macros-5.14.21-150400.24.74.1.noarch.rpm True kernel-source-5.14.21-150400.24.74.1.src.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2023-3388 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for binutils fixes the following issues: - Add `binutils-disable-dt-relr.sh` to address compatibility problems with the glibc version included in future SUSE Linux Enterprise releases (bsc#1213282, jsc#PED-1435) binutils-2.39-150100.7.43.2.src.rpm binutils-2.39-150100.7.43.2.x86_64.rpm binutils-devel-2.39-150100.7.43.2.x86_64.rpm libctf-nobfd0-2.39-150100.7.43.2.x86_64.rpm libctf0-2.39-150100.7.43.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3022 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for kernel-firmware fixes the following issues: - CVE-2023-20593: Fixed AMD ucode for ZenBleed vulnerability (bsc#1213286). kernel-firmware-20220509-150400.4.19.1.src.rpm True kernel-firmware-all-20220509-150400.4.19.1.noarch.rpm True kernel-firmware-amdgpu-20220509-150400.4.19.1.noarch.rpm True kernel-firmware-ath10k-20220509-150400.4.19.1.noarch.rpm True kernel-firmware-ath11k-20220509-150400.4.19.1.noarch.rpm True kernel-firmware-atheros-20220509-150400.4.19.1.noarch.rpm True kernel-firmware-bluetooth-20220509-150400.4.19.1.noarch.rpm True kernel-firmware-bnx2-20220509-150400.4.19.1.noarch.rpm True kernel-firmware-brcm-20220509-150400.4.19.1.noarch.rpm True kernel-firmware-chelsio-20220509-150400.4.19.1.noarch.rpm True kernel-firmware-dpaa2-20220509-150400.4.19.1.noarch.rpm True kernel-firmware-i915-20220509-150400.4.19.1.noarch.rpm True kernel-firmware-intel-20220509-150400.4.19.1.noarch.rpm True kernel-firmware-iwlwifi-20220509-150400.4.19.1.noarch.rpm True kernel-firmware-liquidio-20220509-150400.4.19.1.noarch.rpm True kernel-firmware-marvell-20220509-150400.4.19.1.noarch.rpm True kernel-firmware-media-20220509-150400.4.19.1.noarch.rpm True kernel-firmware-mediatek-20220509-150400.4.19.1.noarch.rpm True kernel-firmware-mellanox-20220509-150400.4.19.1.noarch.rpm True kernel-firmware-mwifiex-20220509-150400.4.19.1.noarch.rpm True kernel-firmware-network-20220509-150400.4.19.1.noarch.rpm True kernel-firmware-nfp-20220509-150400.4.19.1.noarch.rpm True kernel-firmware-nvidia-20220509-150400.4.19.1.noarch.rpm True kernel-firmware-platform-20220509-150400.4.19.1.noarch.rpm True kernel-firmware-prestera-20220509-150400.4.19.1.noarch.rpm True kernel-firmware-qcom-20220509-150400.4.19.1.noarch.rpm True kernel-firmware-qlogic-20220509-150400.4.19.1.noarch.rpm True kernel-firmware-radeon-20220509-150400.4.19.1.noarch.rpm True kernel-firmware-realtek-20220509-150400.4.19.1.noarch.rpm True kernel-firmware-serial-20220509-150400.4.19.1.noarch.rpm True kernel-firmware-sound-20220509-150400.4.19.1.noarch.rpm True kernel-firmware-ti-20220509-150400.4.19.1.noarch.rpm True kernel-firmware-ueagle-20220509-150400.4.19.1.noarch.rpm True kernel-firmware-usb-network-20220509-150400.4.19.1.noarch.rpm True ucode-amd-20220509-150400.4.19.1.noarch.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2023-3352 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for strongswan fixes the following issues: strongswan was updated to version 5.9.11 (jsc#PED-4589) - Removed Marvell auth-els patch that caused stability issues (bsc#1211715) - Fixed strongswan fails IPSEC IKEv2 test related to the USGv6 certification (bsc#1211711) - Version 5.9.11 changelog: https://github.com/strongswan/strongswan/releases/tag/5.9.11 strongswan-5.9.11-150400.19.14.1.src.rpm strongswan-5.9.11-150400.19.14.1.x86_64.rpm strongswan-doc-5.9.11-150400.19.14.1.noarch.rpm strongswan-hmac-5.9.11-150400.19.14.1.x86_64.rpm strongswan-ipsec-5.9.11-150400.19.14.1.x86_64.rpm strongswan-libs0-5.9.11-150400.19.14.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3231 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update ships grpc to the Basesystem module, as dependency for open-vm-tools container info plugin. (jsc#PED-4509) grpc-1.25.0-150200.3.7.1.src.rpm libgrpc++1-1.25.0-150200.3.7.1.x86_64.rpm libgrpc8-1.25.0-150200.3.7.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3287 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for java-11-openjdk fixes the following issues: Updated to jdk-11.0.20+8 (July 2023 CPU): - CVE-2023-22006: Fixed vulnerability in the network component (bsc#1213473). - CVE-2023-22036: Fixed vulnerability in the utility component (bsc#1213474). - CVE-2023-22041: Fixed vulnerability in the hotspot component (bsc#1213475). - CVE-2023-22044: Fixed vulnerability in the hotspot component (bsc#1213479). - CVE-2023-22045: Fixed vulnerability in the hotspot component (bsc#1213481). - CVE-2023-22049: Fixed vulnerability in the libraries component (bsc#1213482). - CVE-2023-25193: Fixed vulnerability in the embedded harfbuzz module (bsc#1207922). - JDK-8298676: Enhanced Look and Feel - JDK-8300285: Enhance TLS data handling - JDK-8300596: Enhance Jar Signature validation - JDK-8301998, JDK-8302084: Update HarfBuzz to 7.0.1 - JDK-8302475: Enhance HTTP client file downloading - JDK-8302483: Enhance ZIP performance - JDK-8303376: Better launching of JDI - JDK-8304468: Better array usages - JDK-8305312: Enhanced path handling - JDK-8308682: Enhance AES performance Bugfixes: - JDK-8171426: java/lang/ProcessBuilder/Basic.java failed with Stream closed - JDK-8178806: Better exception logging in crypto code - JDK-8187522: test/sun/net/ftp/FtpURLConnectionLeak.java timed out - JDK-8209167: Use CLDR's time zone mappings for Windows - JDK-8209546: Make sun/security/tools/keytool/autotest.sh to support macosx - JDK-8209880: tzdb.dat is not reproducibly built - JDK-8213531: Test javax/swing/border/TestTitledBorderLeak.java fails - JDK-8214459: NSS source should be removed - JDK-8214807: Improve handling of very old class files - JDK-8215015: [TESTBUG] remove unneeded -Xfuture option from tests - JDK-8215575: C2 crash: assert(get_instanceKlass()->is_loaded()) failed: must be at least loaded - JDK-8220093: Change to GCC 8.2 for building on Linux at Oracle - JDK-8227257: javax/swing/JFileChooser/4847375/bug4847375.java fails with AssertionError - JDK-8232853: AuthenticationFilter.Cache::remove may throw ConcurrentModificationException - JDK-8243936: NonWriteable system properties are actually writeable - JDK-8246383: NullPointerException in JceSecurity.getVerificationResult when using Entrust provider - JDK-8248701: On Windows generated modules-deps.gmk can contain backslash-r (CR) characters - JDK-8257856: Make ClassFileVersionsTest.java robust to JDK version updates - JDK-8259530: Generated docs contain MIT/GPL-licenced works without reproducing the licence - JDK-8263420: Incorrect function name in NSAccessibilityStaticText native peer implementation - JDK-8264290: Create implementation for NSAccessibilityComponentGroup protocol peer - JDK-8264304: Create implementation for NSAccessibilityToolbar protocol peer - JDK-8265486: ProblemList javax/sound/midi/Sequencer/ /Recording.java on macosx-aarch64 - JDK-8268558: [TESTBUG] Case 2 in TestP11KeyFactoryGetRSAKeySpec is skipped - JDK-8269746: C2: assert(!in->is_CFG()) failed: CFG Node with no controlling input? - JDK-8274864: Remove Amman/Cairo hacks in ZoneInfoFile - JDK-8275233: Incorrect line number reported in exception stack trace thrown from a lambda expression - JDK-8275721: Name of UTC timezone in a locale changes depending on previous code - JDK-8275735: [linux] Remove deprecated Metrics api (kernel memory limit) - JDK-8276880: Remove java/lang/RuntimeTests/exec/ExecWithDir as unnecessary - JDK-8277775: Fixup bugids in RemoveDropTargetCrashTest.java - add 4357905 - JDK-8278434: timeouts in test java/time/test/java/time/format/ /TestZoneTextPrinterParser.java - JDK-8280703: CipherCore.doFinal(...) causes potentially massive byte[] allocations during decryption - JDK-8282077: PKCS11 provider C_sign() impl should handle CKR_BUFFER_TOO_SMALL error - JDK-8282201: Consider removal of expiry check in VerifyCACerts.java test - JDK-8282467: add extra diagnostics for JDK-8268184 - JDK-8282600: SSLSocketImpl should not use user_canceled workaround when not necessary - JDK-8283059: Uninitialized warning in check_code.c with GCC 11.2 - JDK-8285497: Add system property for Java SE specification maintenance version - JDK-8286398: Address possibly lossy conversions in jdk.internal.le - JDK-8287007: [cgroups] Consistently use stringStream throughout parsing code - JDK-8287246: DSAKeyValue should check for missing params instead of relying on KeyFactory provider - JDK-8287876: The recently de-problemlisted TestTitledBorderLeak test is unstable - JDK-8287897: Augment src/jdk.internal.le/share/legal/jline.md with information on 4th party dependencies - JDK-8289301: P11Cipher should not throw out of bounds exception during padding - JDK-8289735: UTIL_LOOKUP_PROGS fails on pathes with space - JDK-8291226: Create Test Cases to cover scenarios for JDK-8278067 - JDK-8291637: HttpClient default keep alive timeout not followed if server sends invalid value - JDK-8291638: Keep-Alive timeout of 0 should close connection immediately - JDK-8292206: TestCgroupMetrics.java fails as getMemoryUsage() is lower than expected - JDK-8293232: Fix race condition in pkcs11 SessionManager - JDK-8293815: P11PSSSignature.engineUpdate should not print debug messages during normal operation - JDK-8294548: Problem list SA core file tests on macosx-x64 due to JDK-8294316 - JDK-8294906: Memory leak in PKCS11 NSS TLS server - JDK-8295974: jni_FatalError and Xcheck:jni warnings should print the native stack when there are no Java frames - JDK-8296934: Write a test to verify whether Undecorated Frame can be iconified or not - JDK-8297000: [jib] Add more friendly warning for proxy issues - JDK-8297450: ScaledTextFieldBorderTest.java fails when run with -show parameter - JDK-8298887: On the latest macOS+XCode the Robot API may report wrong colors - JDK-8299259: C2: Div/Mod nodes without zero check could be split through iv phi of loop resulting in SIGFPE - JDK-8300079: SIGSEGV in LibraryCallKit::inline_string_copy due to constant NULL src argument - JDK-8300205: Swing test bug8078268 make latch timeout configurable - JDK-8300490: Spaces in name of MacOS Code Signing Identity are not correctly handled after JDK-8293550 - JDK-8301119: Support for GB18030-2022 - JDK-8301170: perfMemory_windows.cpp add free_security_attr to early returns - JDK-8301401: Allow additional characters for GB18030-2022 support - JDK-8302151: BMPImageReader throws an exception reading BMP images - JDK-8302791: Add specific ClassLoader object to Proxy IllegalArgumentException message - JDK-8303102: jcmd: ManagementAgent.status truncates the text longer than O_BUFLEN - JDK-8303354: addCertificatesToKeystore in KeystoreImpl.m needs CFRelease call in early potential CHECK_NULL return - JDK-8303432: Bump update version for OpenJDK: jdk-11.0.20 - JDK-8303440: The "ZonedDateTime.parse" may not accept the "UTC+XX" zone id - JDK-8303465: KeyStore of type KeychainStore, provider Apple does not show all trusted certificates - JDK-8303476: Add the runtime version in the release file of a JDK image - JDK-8303482: Update LCMS to 2.15 - JDK-8303564: C2: "Bad graph detected in build_loop_late" after a CMove is wrongly split thru phi - JDK-8303576: addIdentitiesToKeystore in KeystoreImpl.m needs CFRelease call in early potential CHECK_NULL return - JDK-8303822: gtestMain should give more helpful output - JDK-8303861: Error handling step timeouts should never be blocked by OnError and others - JDK-8303937: Corrupted heap dumps due to missing retries for os::write() - JDK-8304134: jib bootstrapper fails to quote filename when checking download filetype - JDK-8304291: [AIX] Broken build after JDK-8301998 - JDK-8304295: harfbuzz build fails with GCC 7 after JDK-8301998 - JDK-8304350: Font.getStringBounds calculates wrong width for TextAttribute.TRACKING other than 0.0 - JDK-8304760: Add 2 Microsoft TLS roots - JDK-8305113: (tz) Update Timezone Data to 2023c - JDK-8305400: ISO 4217 Amendment 175 Update - JDK-8305528: [11u] Backport of JDK-8259530 breaks build with JDK10 bootstrap VM - JDK-8305682: Update the javadoc in the Character class to state support for GB 18030-2022 Implementation Level 2 - JDK-8305711: Arm: C2 always enters slowpath for monitorexit - JDK-8305721: add `make compile-commands` artifacts to .gitignore - JDK-8305975: Add TWCA Global Root CA - JDK-8306543: GHA: MSVC installation is failing - JDK-8306658: GHA: MSVC installation could be optional since it might already be pre-installed - JDK-8306664: GHA: Update MSVC version to latest stepping - JDK-8306768: CodeCache Analytics reports wrong threshold - JDK-8306976: UTIL_REQUIRE_SPECIAL warning on grep - JDK-8307134: Add GTS root CAs - JDK-8307811: [TEST] compilation of TimeoutInErrorHandlingTest fails after backport of JDK-8303861 - JDK-8308006: Missing NMT memory tagging in CMS - JDK-8308884: [17u/11u] Backout JDK-8297951 - JDK-8309476: [11u] tools/jmod/hashes/HashesOrderTest.java fails intermittently - JDK-8311465: [11u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.20 java-11-openjdk-11.0.20.0-150000.3.99.1.src.rpm java-11-openjdk-11.0.20.0-150000.3.99.1.x86_64.rpm java-11-openjdk-demo-11.0.20.0-150000.3.99.1.x86_64.rpm java-11-openjdk-devel-11.0.20.0-150000.3.99.1.x86_64.rpm java-11-openjdk-headless-11.0.20.0-150000.3.99.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3152 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for yast2-users fixes the following issues: - Allow to edit NIS master server databases (bsc#1206627) - Update to version 4.4.15 yast2-users-4.4.15-150400.3.15.1.src.rpm yast2-users-4.4.15-150400.3.15.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3397 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) - Don't pass zero length input to EVP_Cipher because s390x assembler optimized AES cannot handle zero size. (bsc#1213517) libopenssl-1_1-devel-1.1.1l-150400.7.53.1.x86_64.rpm libopenssl-1_1-devel-32bit-1.1.1l-150400.7.53.1.x86_64.rpm libopenssl1_1-1.1.1l-150400.7.53.1.x86_64.rpm libopenssl1_1-32bit-1.1.1l-150400.7.53.1.x86_64.rpm libopenssl1_1-hmac-1.1.1l-150400.7.53.1.x86_64.rpm libopenssl1_1-hmac-32bit-1.1.1l-150400.7.53.1.x86_64.rpm openssl-1_1-1.1.1l-150400.7.53.1.src.rpm openssl-1_1-1.1.1l-150400.7.53.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3274 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for man fixes the following issues: - Avoid refreshing database by inverting exit status of find command (bsc#1155879) man-2.7.6-150100.8.3.1.src.rpm man-2.7.6-150100.8.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3275 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for apparmor fixes the following issues: - Add pam_apparmor README (bsc#1213472) apparmor-3.0.4-150400.5.6.1.src.rpm apparmor-abstractions-3.0.4-150400.5.6.1.noarch.rpm apparmor-docs-3.0.4-150400.5.6.1.noarch.rpm apparmor-parser-3.0.4-150400.5.6.1.x86_64.rpm apparmor-parser-lang-3.0.4-150400.5.6.1.noarch.rpm apparmor-profiles-3.0.4-150400.5.6.1.noarch.rpm apparmor-utils-3.0.4-150400.5.6.1.noarch.rpm apparmor-utils-lang-3.0.4-150400.5.6.1.noarch.rpm libapparmor-3.0.4-150400.5.6.1.src.rpm libapparmor-devel-3.0.4-150400.5.6.1.x86_64.rpm libapparmor1-3.0.4-150400.5.6.1.x86_64.rpm libapparmor1-32bit-3.0.4-150400.5.6.1.x86_64.rpm pam_apparmor-3.0.4-150400.5.6.1.x86_64.rpm pam_apparmor-32bit-3.0.4-150400.5.6.1.x86_64.rpm python3-apparmor-3.0.4-150400.5.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3438 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for ghostscript fixes the following issues: - CVE-2023-38559: Fixed out-of-bounds read in devn_pcx_write_rle() that could result in DoS (bsc#1213637). ghostscript-9.52-150000.170.1.src.rpm ghostscript-9.52-150000.170.1.x86_64.rpm ghostscript-devel-9.52-150000.170.1.x86_64.rpm ghostscript-x11-9.52-150000.170.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3214 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for sssd fixes the following issues: - Fix sssd entering failed state under heavy load (bsc#1213283) libipa_hbac-devel-2.5.2-150400.4.14.1.x86_64.rpm libipa_hbac0-2.5.2-150400.4.14.1.x86_64.rpm libsss_certmap-devel-2.5.2-150400.4.14.1.x86_64.rpm libsss_certmap0-2.5.2-150400.4.14.1.x86_64.rpm libsss_idmap-devel-2.5.2-150400.4.14.1.x86_64.rpm libsss_idmap0-2.5.2-150400.4.14.1.x86_64.rpm libsss_nss_idmap-devel-2.5.2-150400.4.14.1.x86_64.rpm libsss_nss_idmap0-2.5.2-150400.4.14.1.x86_64.rpm libsss_simpleifp-devel-2.5.2-150400.4.14.1.x86_64.rpm libsss_simpleifp0-2.5.2-150400.4.14.1.x86_64.rpm python3-sssd-config-2.5.2-150400.4.14.1.x86_64.rpm sssd-2.5.2-150400.4.14.1.src.rpm sssd-2.5.2-150400.4.14.1.x86_64.rpm sssd-ad-2.5.2-150400.4.14.1.x86_64.rpm sssd-common-2.5.2-150400.4.14.1.x86_64.rpm sssd-common-32bit-2.5.2-150400.4.14.1.x86_64.rpm sssd-dbus-2.5.2-150400.4.14.1.x86_64.rpm sssd-ipa-2.5.2-150400.4.14.1.x86_64.rpm sssd-kcm-2.5.2-150400.4.14.1.x86_64.rpm sssd-krb5-2.5.2-150400.4.14.1.x86_64.rpm sssd-krb5-common-2.5.2-150400.4.14.1.x86_64.rpm sssd-ldap-2.5.2-150400.4.14.1.x86_64.rpm sssd-proxy-2.5.2-150400.4.14.1.x86_64.rpm sssd-tools-2.5.2-150400.4.14.1.x86_64.rpm sssd-winbind-idmap-2.5.2-150400.4.14.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3335 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for ipmitool fixes the following issues: - ipmitool duplicates the timestamp (bsc#1213390) ipmitool-1.8.18.238.gb7adc1d-150400.3.3.1.src.rpm ipmitool-1.8.18.238.gb7adc1d-150400.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3023 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for java-17-openjdk fixes the following issues: Updated to version jdk-17.0.8+7 (July 2023 CPU): - CVE-2023-22006: Fixed vulnerability in the network component (bsc#1213473). - CVE-2023-22036: Fixed vulnerability in the utility component (bsc#1213474). - CVE-2023-22041: Fixed vulnerability in the hotspot component (bsc#1213475). - CVE-2023-22044: Fixed vulnerability in the hotspot component (bsc#1213479). - CVE-2023-22045: Fixed vulnerability in the hotspot component (bsc#1213481). - CVE-2023-22049: Fixed vulnerability in the libraries component (bsc#1213482). - CVE-2023-25193: Fixed vulnerability in the embedded harfbuzz module (bsc#1207922). - JDK-8294323: Improve Shared Class Data - JDK-8296565: Enhanced archival support - JDK-8298676, JDK-8300891: Enhanced Look and Feel - JDK-8300285: Enhance TLS data handling - JDK-8300596: Enhance Jar Signature validation - JDK-8301998, JDK-8302084: Update HarfBuzz to 7.0.1 - JDK-8302475: Enhance HTTP client file downloading - JDK-8302483: Enhance ZIP performance - JDK-8303376: Better launching of JDI - JDK-8304460: Improve array usages - JDK-8304468: Better array usages - JDK-8305312: Enhanced path handling - JDK-8308682: Enhance AES performance Bugfixes: - JDK-8178806: Better exception logging in crypto code - JDK-8201516: DebugNonSafepoints generates incorrect information - JDK-8224768: Test ActalisCA.java fails - JDK-8227060: Optimize safepoint cleanup subtask order - JDK-8227257: javax/swing/JFileChooser/4847375/bug4847375.java fails with AssertionError - JDK-8238274: (sctp) JDK-7118373 is not fixed for SctpChannel - JDK-8244976: vmTestbase/nsk/jdi/Event/request/request001.java doesn' initialize eName - JDK-8245877: assert(_value != __null) failed: resolving NULL _value in JvmtiExport::post_compiled_method_load - JDK-8248001: javadoc generates invalid HTML pages whose ftp:// links are broken - JDK-8252990: Intrinsify Unsafe.storeStoreFence - JDK-8254711: Add java.security.Provider.getService JFR Event - JDK-8257856: Make ClassFileVersionsTest.java robust to JDK version updates - JDK-8261495: Shenandoah: reconsider update references memory ordering - JDK-8268288: jdk/jfr/api/consumer/streaming/ /TestOutOfProcessMigration.java fails with "Error: ShouldNotReachHere()" - JDK-8268298: jdk/jfr/api/consumer/log/TestVerbosity.java fails: unexpected log message - JDK-8268582: javadoc throws NPE with --ignore-source-errors option - JDK-8269821: Remove is-queue-active check in inner loop of write_ref_array_pre_work - JDK-8270434: JDI+UT: Unexpected event in JDI tests - JDK-8270859: Post JEP 411 refactoring: client libs with maximum covering > 10K - JDK-8270869: G1ServiceThread may not terminate - JDK-8271519: java/awt/event/SequencedEvent/ /MultipleContextsFunctionalTest.java failed with "Total [200] - Expected [400]" - JDK-8273909: vmTestbase/nsk/jdi/Event/request/request001 can still fail with "ERROR: new event is not ThreadStartEvent" - JDK-8274243: Implement fast-path for ASCII-compatible CharsetEncoders on aarch64 - JDK-8274615: Support relaxed atomic add for linux-aarch64 - JDK-8274864: Remove Amman/Cairo hacks in ZoneInfoFile - JDK-8275233: Incorrect line number reported in exception stack trace thrown from a lambda expression - JDK-8275287: Relax memory ordering constraints on updating instance class and array class counters - JDK-8275721: Name of UTC timezone in a locale changes depending on previous code - JDK-8275735: [linux] Remove deprecated Metrics api (kernel memory limit) - JDK-8276058: Some swing test fails on specific CI macos system - JDK-8277407: javax/swing/plaf/synth/SynthButtonUI/6276188/ /bug6276188.java fails to compile after JDK-8276058 - JDK-8277775: Fixup bugids in RemoveDropTargetCrashTest.java - add 4357905 - JDK-8278146: G1: Rework VM_G1Concurrent VMOp to clearly identify it as pause - JDK-8278434: timeouts in test java/time/test/java/time/ /format/TestZoneTextPrinterParser.java - JDK-8278834: Error "Cannot read field "sym" because "this.lvar[od]" is null" when compiling - JDK-8282077: PKCS11 provider C_sign() impl should handle CKR_BUFFER_TOO_SMALL error - JDK-8282201: Consider removal of expiry check in VerifyCACerts.java test - JDK-8282227: Locale information for nb is not working properly - JDK-8282704: runtime/Thread/StopAtExit.java may leak memory - JDK-8283057: Update GCC to version 11.2.0 for Oracle builds on Linux - JDK-8283062: Uninitialized warnings in libgtest with GCC 11.2 - JDK-8283520: JFR: Memory leak in dcmd_arena - JDK-8283566: G1: Improve G1BarrierSet::enqueue performance - JDK-8284331: Add sanity check for signal handler modification warning. - JDK-8285635: javax/swing/JRootPane/DefaultButtonTest.java failed with Default Button not pressed for L&F: com.sun.java.swing.plaf.motif.MotifLookAndFeel - JDK-8285987: executing shell scripts without #! fails on Alpine linux - JDK-8286191: misc tests fail due to JDK-8285987 - JDK-8286287: Reading file as UTF-16 causes Error which "shouldn't happen" - JDK-8286331: jni_GetStringUTFChars() uses wrong heap allocator - JDK-8286346: 3-parameter version of AllocateHeap should not ignore AllocFailType - JDK-8286398: Address possibly lossy conversions in jdk.internal.le - JDK-8287007: [cgroups] Consistently use stringStream throughout parsing code - JDK-8287246: DSAKeyValue should check for missing params instead of relying on KeyFactory provider - JDK-8287541: Files.writeString fails to throw IOException for charset "windows-1252" - JDK-8287854: Dangling reference in ClassVerifier::verify_class - JDK-8287876: The recently de-problemlisted TestTitledBorderLeak test is unstable - JDK-8287897: Augment src/jdk.internal.le/share/legal/jline.md with information on 4th party dependencies - JDK-8288589: Files.readString ignores encoding errors for UTF-16 - JDK-8289509: Improve test coverage for XPath Axes: descendant, descendant-or-self, following, following-sibling - JDK-8289735: UTIL_LOOKUP_PROGS fails on pathes with space - JDK-8289949: Improve test coverage for XPath: operators - JDK-8290822: C2: assert in PhaseIdealLoop::do_unroll() is subject to undefined behavior - JDK-8291226: Create Test Cases to cover scenarios for JDK-8278067 - JDK-8291637: HttpClient default keep alive timeout not followed if server sends invalid value - JDK-8291638: Keep-Alive timeout of 0 should close connection immediately - JDK-8292206: TestCgroupMetrics.java fails as getMemoryUsage() is lower than expected - JDK-8292301: [REDO v2] C2 crash when allocating array of size too large - JDK-8292407: Improve Weak CAS VarHandle/Unsafe tests resilience under spurious failures - JDK-8292713: Unsafe.allocateInstance should be intrinsified without UseUnalignedAccesses - JDK-8292755: Non-default method in interface leads to a stack overflow in JShell - JDK-8292990: Improve test coverage for XPath Axes: parent - JDK-8293295: Add type check asserts to java_lang_ref_Reference accessors - JDK-8293492: ShenandoahControlThread missing from hs-err log and thread dump - JDK-8293858: Change PKCS7 code to use default SecureRandom impl instead of SHA1PRNG - JDK-8293887: AArch64 build failure with GCC 12 due to maybe-uninitialized warning in libfdlibm k_rem_pio2.c - JDK-8294183: AArch64: Wrong macro check in SharedRuntime::generate_deopt_blob - JDK-8294281: Allow warnings to be disabled on a per-file basis - JDK-8294673: JFR: Add SecurityProviderService#threshold to TestActiveSettingEvent.java - JDK-8294717: (bf) DirectByteBuffer constructor will leak if allocating Deallocator or Cleaner fails with OOME - JDK-8294906: Memory leak in PKCS11 NSS TLS server - JDK-8295564: Norwegian Nynorsk Locale is missing formatting - JDK-8295974: jni_FatalError and Xcheck:jni warnings should print the native stack when there are no Java frames - JDK-8296084: javax/swing/JSpinner/4788637/bug4788637.java fails intermittently on a VM - JDK-8296318: use-def assert: special case undetected loops nested in infinite loops - JDK-8296343: CPVE thrown on missing content-length in OCSP response - JDK-8296412: Special case infinite loops with unmerged backedges in IdealLoopTree::check_safepts - JDK-8296545: C2 Blackholes should allow load optimizations - JDK-8296934: Write a test to verify whether Undecorated Frame can be iconified or not - JDK-8297000: [jib] Add more friendly warning for proxy issues - JDK-8297154: Improve safepoint cleanup logging - JDK-8297450: ScaledTextFieldBorderTest.java fails when run with -show parameter - JDK-8297587: Upgrade JLine to 3.22.0 - JDK-8297730: C2: Arraycopy intrinsic throws incorrect exception - JDK-8297955: LDAP CertStore should use LdapName and not String for DNs - JDK-8298488: [macos13] tools/jpackage tests failing with "Exit code: 137" on macOS - JDK-8298887: On the latest macOS+XCode the Robot API may report wrong colors - JDK-8299179: ArrayFill with store on backedge needs to reduce length by 1 - JDK-8299259: C2: Div/Mod nodes without zero check could be split through iv phi of loop resulting in SIGFPE - JDK-8299544: Improve performance of CRC32C intrinsics (non-AVX-512) for small inputs - JDK-8299570: [JVMCI] Insufficient error handling when CodeBuffer is exhausted - JDK-8299959: C2: CmpU::Value must filter overflow computation against local sub computation - JDK-8300042: Improve CPU related JFR events descriptions - JDK-8300079: SIGSEGV in LibraryCallKit::inline_string_copy due to constant NULL src argument - JDK-8300823: UB: Compile::_phase_optimize_finished is initialized too late - JDK-8300939: sun/security/provider/certpath/OCSP/ /OCSPNoContentLength.java fails due to network errors - JDK-8301050: Detect Xen Virtualization on Linux aarch64 - JDK-8301119: Support for GB18030-2022 - JDK-8301123: Enable Symbol refcounting underflow checks in PRODUCT - JDK-8301190: [vectorapi] The typeChar of LaneType is incorrect when default locale is tr - JDK-8301216: ForkJoinPool invokeAll() ignores timeout - JDK-8301338: Identical branch conditions in CompileBroker::print_heapinfo - JDK-8301491: C2: java.lang.StringUTF16::indexOfChar intrinsic called with negative character argument - JDK-8301637: ThreadLocalRandom.current().doubles().parallel() contention - JDK-8301661: Enhance os::pd_print_cpu_info on macOS and Windows - JDK-8302151: BMPImageReader throws an exception reading BMP images - JDK-8302172: [JVMCI] HotSpotResolvedJavaMethodImpl.canBeInlined must respect ForceInline - JDK-8302320: AsyncGetCallTrace obtains too few frames in sanity test - JDK-8302491: NoClassDefFoundError omits the original cause of an error - JDK-8302508: Add timestamp to the output TraceCompilerThreads - JDK-8302594: use-after-free in Node::destruct - JDK-8302595: use-after-free related to GraphKit::clone_map - JDK-8302791: Add specific ClassLoader object to Proxy IllegalArgumentException message - JDK-8302849: SurfaceManager might expose partially constructed object - JDK-8303069: Memory leak in CompilerOracle::parse_from_line - JDK-8303102: jcmd: ManagementAgent.status truncates the text longer than O_BUFLEN - JDK-8303130: Document required Accessibility permissions on macOS - JDK-8303354: addCertificatesToKeystore in KeystoreImpl.m needs CFRelease call in early potential CHECK_NULL return - JDK-8303433: Bump update version for OpenJDK: jdk-17.0.8 - JDK-8303440: The "ZonedDateTime.parse" may not accept the "UTC+XX" zone id - JDK-8303465: KeyStore of type KeychainStore, provider Apple does not show all trusted certificates - JDK-8303476: Add the runtime version in the release file of a JDK image - JDK-8303482: Update LCMS to 2.15 - JDK-8303508: Vector.lane() gets wrong value on x86 - JDK-8303511: C2: assert(get_ctrl(n) == cle_out) during unrolling - JDK-8303564: C2: "Bad graph detected in build_loop_late" after a CMove is wrongly split thru phi - JDK-8303575: adjust Xen handling on Linux aarch64 - JDK-8303576: addIdentitiesToKeystore in KeystoreImpl.m needs CFRelease call in early potential CHECK_NULL return - JDK-8303588: [JVMCI] make JVMCI source directories conform with standard layout - JDK-8303809: Dispose context in SPNEGO NegotiatorImpl - JDK-8303822: gtestMain should give more helpful output - JDK-8303861: Error handling step timeouts should never be blocked by OnError and others - JDK-8303937: Corrupted heap dumps due to missing retries for os::write() - JDK-8303949: gcc10 warning Linux ppc64le - note: the layout of aggregates containing vectors with 8-byte alignment has changed in GCC 5 - JDK-8304054: Linux: NullPointerException from FontConfiguration.getVersion in case no fonts are installed - JDK-8304063: tools/jpackage/share/AppLauncherEnvTest.java fails when checking LD_LIBRARY_PATH - JDK-8304134: jib bootstrapper fails to quote filename when checking download filetype - JDK-8304291: [AIX] Broken build after JDK-8301998 - JDK-8304295: harfbuzz build fails with GCC 7 after JDK-8301998 - JDK-8304350: Font.getStringBounds calculates wrong width for TextAttribute.TRACKING other than 0.0 - JDK-8304671: javac regression: Compilation with --release 8 fails on underscore in enum identifiers - JDK-8304683: Memory leak in WB_IsMethodCompatible - JDK-8304760: Add 2 Microsoft TLS roots - JDK-8304867: Explicitly disable dtrace for ppc builds - JDK-8304880: [PPC64] VerifyOops code in C1 doesn't work with ZGC - JDK-8305088: SIGSEGV in Method::is_method_handle_intrinsic - JDK-8305113: (tz) Update Timezone Data to 2023c - JDK-8305400: ISO 4217 Amendment 175 Update - JDK-8305403: Shenandoah evacuation workers may deadlock - JDK-8305481: gtest is_first_C_frame failing on ARM - JDK-8305690: [X86] Do not emit two REX prefixes in Assembler::prefix - JDK-8305711: Arm: C2 always enters slowpath for monitorexit - JDK-8305721: add `make compile-commands` artifacts to .gitignore - JDK-8305975: Add TWCA Global Root CA - JDK-8305993: Add handleSocketErrorWithMessage to extend nio Net.c exception message - JDK-8305994: Guarantee eventual async monitor deflation - JDK-8306072: Open source several AWT MouseInfo related tests - JDK-8306133: Open source few AWT Drag & Drop related tests - JDK-8306409: Open source AWT KeyBoardFocusManger, LightWeightComponent related tests - JDK-8306432: Open source several AWT Text Component related tests - JDK-8306466: Open source more AWT Drag & Drop related tests - JDK-8306489: Open source AWT List related tests - JDK-8306543: GHA: MSVC installation is failing - JDK-8306640: Open source several AWT TextArea related tests - JDK-8306652: Open source AWT MenuItem related tests - JDK-8306658: GHA: MSVC installation could be optional since it might already be pre-installed - JDK-8306664: GHA: Update MSVC version to latest stepping - JDK-8306681: Open source more AWT DnD related tests - JDK-8306683: Open source several clipboard and color AWT tests - JDK-8306752: Open source several container and component AWT tests - JDK-8306753: Open source several container AWT tests - JDK-8306755: Open source few Swing JComponent and AbstractButton tests - JDK-8306768: CodeCache Analytics reports wrong threshold - JDK-8306774: Make runtime/Monitor/ /GuaranteedAsyncDeflationIntervalTest.java more reliable - JDK-8306825: Monitor deflation might be accidentally disabled by zero intervals - JDK-8306850: Open source AWT Modal related tests - JDK-8306871: Open source more AWT Drag & Drop tests - JDK-8306883: Thread stacksize is reported with wrong units in os::create_thread logging - JDK-8306941: Open source several datatransfer and dnd AWT tests - JDK-8306943: Open source several dnd AWT tests - JDK-8306954: Open source five Focus related tests - JDK-8306955: Open source several JComboBox jtreg tests - JDK-8306976: UTIL_REQUIRE_SPECIAL warning on grep - JDK-8306996: Open source Swing MenuItem related tests - JDK-8307080: Open source some more JComboBox jtreg tests - JDK-8307128: Open source some drag and drop tests 4 - JDK-8307130: Open source few Swing JMenu tests - JDK-8307133: Open source some JTable jtreg tests - JDK-8307134: Add GTS root CAs - JDK-8307135: java/awt/dnd/NotReallySerializableTest/ /NotReallySerializableTest.java failed - JDK-8307331: Correctly update line maps when class redefine rewrites bytecodes - JDK-8307346: Add missing gc+phases logging for ObjectCount(AfterGC) JFR event collection code - JDK-8307347: serviceability/sa/ClhsdbDumpclass.java could leave files owned by root on macOS - JDK-8307378: Allow collectors to provide specific values for GC notifications' actions - JDK-8307381: Open Source JFrame, JIF related Swing Tests - JDK-8307425: Socket input stream read burns CPU cycles with back-to-back poll(0) calls - JDK-8307799: Newly added java/awt/dnd/MozillaDnDTest.java has invalid jtreg `@requires` clause - JDK-8308554: [17u] Fix commit of 8286191. vm.musl was not removed from ExternalEditorTest - JDK-8308880: [17u] micro bench ZoneStrings missed in backport of 8278434 - JDK-8308884: [17u/11u] Backout JDK-8297951 - JDK-8311467: [17u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 17.0.8 java-17-openjdk-17.0.8.0-150400.3.27.1.src.rpm java-17-openjdk-17.0.8.0-150400.3.27.1.x86_64.rpm java-17-openjdk-demo-17.0.8.0-150400.3.27.1.x86_64.rpm java-17-openjdk-devel-17.0.8.0-150400.3.27.1.x86_64.rpm java-17-openjdk-headless-17.0.8.0-150400.3.27.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3814 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for glibc fixes the following issues: - nscd: Fix netlink cache invalidation if epoll is used (bsc#1212910, BZ #29415) - Restore lookup of IPv4 mapped addresses in files database (bsc#1212819, BZ #25457) - elf: Remove excessive p_align check on PT_LOAD segments (bsc#1211829, BZ #28688) - elf: Properly align PT_LOAD segments (bsc#1211829, BZ #28676) - ld.so: Always use MAP_COPY to map the first segment (BZ #30452) - add GB18030-2022 charmap (jsc#PED-4908, BZ #30243) glibc-2.31-150300.58.1.src.rpm glibc-2.31-150300.58.1.x86_64.rpm glibc-devel-2.31-150300.58.1.x86_64.rpm glibc-extra-2.31-150300.58.1.x86_64.rpm glibc-i18ndata-2.31-150300.58.1.noarch.rpm glibc-info-2.31-150300.58.1.noarch.rpm glibc-lang-2.31-150300.58.1.noarch.rpm glibc-locale-2.31-150300.58.1.x86_64.rpm glibc-locale-base-2.31-150300.58.1.x86_64.rpm glibc-locale-base-32bit-2.31-150300.58.1.x86_64.rpm glibc-profile-2.31-150300.58.1.x86_64.rpm nscd-2.31-150300.58.1.x86_64.rpm glibc-32bit-2.31-150300.58.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3288 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for python-apipkg provides python3-apipkg to SUSE Linux Enterprise Micro 5.2. python-apipkg-1.4-150000.3.6.1.src.rpm python3-apipkg-1.4-150000.3.6.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3312 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for scap-security-guide fixes the following issues: - revert change to rule aide_periodic_cron_checking that broke the SLE hardening aide part that has incorrect dependencies (bsc#1213691) scap-security-guide-0.1.68-150000.1.62.1.noarch.rpm scap-security-guide-0.1.68-150000.1.62.1.src.rpm scap-security-guide-debian-0.1.68-150000.1.62.1.noarch.rpm scap-security-guide-redhat-0.1.68-150000.1.62.1.noarch.rpm scap-security-guide-ubuntu-0.1.68-150000.1.62.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3199 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libnvme, nvme-cli fixes the following issues: - Update to version 1.0+48.g64a3e9: - Add getter for subsystem iopolicy (bsc#1124564) - Avoid warning in 'list-subsys' (bsc#1212598) - Update Get Log Page code (bsc#1213618) - Fix counter while looping through uuid_list (bsc#1213644) libnvme-1.0+48.g707b7a-150400.3.24.1.src.rpm libnvme-devel-1.0+48.g707b7a-150400.3.24.1.x86_64.rpm libnvme1-1.0+48.g707b7a-150400.3.24.1.x86_64.rpm nvme-cli-2.0+47.ga43da6-150400.3.21.1.src.rpm nvme-cli-2.0+47.ga43da6-150400.3.21.1.x86_64.rpm nvme-cli-bash-completion-2.0+47.ga43da6-150400.3.21.1.x86_64.rpm nvme-cli-zsh-completion-2.0+47.ga43da6-150400.3.21.1.x86_64.rpm python3-libnvme-1.0+48.g707b7a-150400.3.24.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3611 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for sysuser-tools fixes the following issues: - Update to version 3.2 - Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240) - Add "quilt setup" friendly hint to %sysusers_requires usage - Use append so if a pre file already exists it isn't overridden - Invoke bash for bash scripts (bsc#1195391) - Remove all systemd requires not supported on SLE15 (bsc#1214140) brlapi-devel-6.4-150400.4.3.3.x86_64.rpm brltty-6.4-150400.4.3.3.src.rpm libbrlapi0_8-6.4-150400.4.3.3.x86_64.rpm libpulse-devel-15.0-150400.4.2.2.x86_64.rpm libpulse-mainloop-glib0-15.0-150400.4.2.2.x86_64.rpm libpulse0-15.0-150400.4.2.2.x86_64.rpm pulseaudio-15.0-150400.4.2.2.src.rpm python3-brlapi-6.4-150400.4.3.3.x86_64.rpm system-user-brltty-6.4-150400.4.3.3.noarch.rpm sysuser-shadow-3.2-150400.3.5.3.noarch.rpm sysuser-tools-3.2-150400.3.5.3.src.rpm system-user-pulse-15.0-150400.4.2.2.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3371 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for liblognorm fixes the following issues: - Update to liblognorm v2.0.6 (jsc#PED-4883) liblognorm-2.0.6-150000.3.3.1.src.rpm liblognorm-devel-2.0.6-150000.3.3.1.x86_64.rpm liblognorm5-2.0.6-150000.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3353 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for re2c fixes the following issues: - CVE-2018-21232: Fixed excess stack consumption due to uncontrolled recursion in find_fixed_tags (bsc#1170890). re2c-1.0.3-150000.3.3.1.src.rpm re2c-1.0.3-150000.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3514 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libzypp, zypper fixes the following issues: - Fix occasional isue with downloading very small files (bsc#1213673) - Fix negative ZYPP_LOCK_TIMEOUT not waiting forever (bsc#1213231) - Fix OES synchronization issues when cookie file has mode 0600 (bsc#1158763) - Don't cleanup orphaned dirs if read-only mode was promised (bsc#1210740) - Revised explanation of --force-resolution in man page (bsc#1213557) - Print summary hint if policies were violated due to --force-resolution (bsc#1213557) libzypp-17.31.20-150400.3.40.1.src.rpm True libzypp-17.31.20-150400.3.40.1.x86_64.rpm True libzypp-devel-17.31.20-150400.3.40.1.x86_64.rpm True zypper-1.14.63-150400.3.29.1.src.rpm True zypper-1.14.63-150400.3.29.1.x86_64.rpm True zypper-log-1.14.63-150400.3.29.1.noarch.rpm True zypper-needs-restarting-1.14.63-150400.3.29.1.noarch.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2023-3430 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for yast2-firstboot fixes the following issues: - Adapt users client to the changes in yast2-users fixing an issue when modification NIS users is not possible. (bsc#1206627) yast2-firstboot-4.4.12-150400.3.12.1.noarch.rpm yast2-firstboot-4.4.12-150400.3.12.1.src.rpm yast2-firstboot-wsl-4.4.12-150400.3.12.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3451 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for systemd fixes the following issues: - Fix reboot and shutdown issues by getting only active MD arrays (bsc#1211576, bsc#1212434, bsc#1213575) - Decrease devlink priority for iso disks (bsc#1213185) - Do not ignore mount point paths longer than 255 characters (bsc#1208194) - Refuse hibernation if there's no possible way to resume (bsc#1186606) - Update 'korean' and 'arabic' keyboard layouts (bsc#1210702) - Drop some entries no longer needed by YaST (bsc#1194609) - The "systemd --user" instances get their own session keyring instead of the user default one (bsc#1209741) - Dynamically allocate receive buffer to handle large amount of mounts (bsc#1213873) libsystemd0-249.16-150400.8.33.1.x86_64.rpm True libsystemd0-32bit-249.16-150400.8.33.1.x86_64.rpm True libudev1-249.16-150400.8.33.1.x86_64.rpm True libudev1-32bit-249.16-150400.8.33.1.x86_64.rpm True systemd-249.16-150400.8.33.1.src.rpm True systemd-249.16-150400.8.33.1.x86_64.rpm True systemd-container-249.16-150400.8.33.1.x86_64.rpm True systemd-coredump-249.16-150400.8.33.1.x86_64.rpm True systemd-devel-249.16-150400.8.33.1.x86_64.rpm True systemd-doc-249.16-150400.8.33.1.x86_64.rpm True systemd-lang-249.16-150400.8.33.1.noarch.rpm True systemd-sysvinit-249.16-150400.8.33.1.x86_64.rpm True udev-249.16-150400.8.33.1.x86_64.rpm True systemd-32bit-249.16-150400.8.33.1.x86_64.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2023-3470 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for parted fixes the following issues: - fix null pointer dereference (bsc#1193412) - update mkpart options in manpage (bsc#1182142) libparted0-3.2-150300.21.3.1.x86_64.rpm parted-3.2-150300.21.3.1.src.rpm parted-3.2-150300.21.3.1.x86_64.rpm parted-devel-3.2-150300.21.3.1.x86_64.rpm parted-lang-3.2-150300.21.3.1.noarch.rpm libparted0-32bit-3.2-150300.21.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3386 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for xrdb fixes the following issues: - Downgrade cpp requires to recommends (bsc#1211267) xrdb-1.1.0-150000.3.7.1.src.rpm xrdb-1.1.0-150000.3.7.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3509 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for xdm fixes the following issues: - Requires cpp because it uses preprocessor directives in Xresources (bsc#1211267) xdm-1.1.11-150400.25.3.1.src.rpm xdm-1.1.11-150400.25.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3270 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for vim fixes the following issues: - Calling vim on xterm leads to missing first character of the command prompt (bsc#1211461) vim-9.0.1572-150000.5.49.1.src.rpm vim-9.0.1572-150000.5.49.1.x86_64.rpm vim-data-9.0.1572-150000.5.49.1.noarch.rpm vim-data-common-9.0.1572-150000.5.49.1.noarch.rpm vim-small-9.0.1572-150000.5.49.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3261 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for netcontrol fixes the following issues: - Fix EOF handling in xml-reader to avoid `virsh iface-*` commands hang on aarch64 (bsc#1213349) libnetcontrol-devel-0.3.2-150200.10.8.1.x86_64.rpm libnetcontrol0-0.3.2-150200.10.8.1.x86_64.rpm netcontrol-0.3.2-150200.10.8.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3245 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for keylime fixes the following issues: - CVE-2023-38200: Fixed a DoS attack against it's SSL connections. (bsc#1213310) keylime-6.3.2-150400.4.17.1.src.rpm keylime-agent-6.3.2-150400.4.17.1.noarch.rpm keylime-config-6.3.2-150400.4.17.1.noarch.rpm keylime-firewalld-6.3.2-150400.4.17.1.noarch.rpm keylime-logrotate-6.3.2-150400.4.17.1.noarch.rpm keylime-registrar-6.3.2-150400.4.17.1.noarch.rpm keylime-tpm_cert_store-6.3.2-150400.4.17.1.noarch.rpm keylime-verifier-6.3.2-150400.4.17.1.noarch.rpm python3-keylime-6.3.2-150400.4.17.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3244 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for openssl-3 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) libopenssl-3-devel-3.0.8-150400.4.34.1.x86_64.rpm libopenssl3-3.0.8-150400.4.34.1.x86_64.rpm openssl-3-3.0.8-150400.4.34.1.src.rpm openssl-3-3.0.8-150400.4.34.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3292 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for poppler fixes the following issues: - CVE-2019-16115: Fixed an uninitialized memory error in GfxUnivariateShading::setupCache. (bsc#1150039) libpoppler89-0.79.0-150200.3.14.1.x86_64.rpm poppler-0.79.0-150200.3.14.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3221 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for gstreamer-plugins-base fixes the following issues: - CVE-2023-37327: Fixed GStreamer FLAC File Parsing Integer Overflow (bsc#1213128). - CVE-2023-37328: Fixed Heap-based Buffer Overflow in GStreamer PGS (bsc#1213131). gstreamer-plugins-base-1.20.1-150400.3.3.1.src.rpm gstreamer-plugins-base-1.20.1-150400.3.3.1.x86_64.rpm gstreamer-plugins-base-devel-1.20.1-150400.3.3.1.x86_64.rpm gstreamer-plugins-base-lang-1.20.1-150400.3.3.1.noarch.rpm libgstallocators-1_0-0-1.20.1-150400.3.3.1.x86_64.rpm libgstapp-1_0-0-1.20.1-150400.3.3.1.x86_64.rpm libgstaudio-1_0-0-1.20.1-150400.3.3.1.x86_64.rpm libgstfft-1_0-0-1.20.1-150400.3.3.1.x86_64.rpm libgstgl-1_0-0-1.20.1-150400.3.3.1.x86_64.rpm libgstpbutils-1_0-0-1.20.1-150400.3.3.1.x86_64.rpm libgstriff-1_0-0-1.20.1-150400.3.3.1.x86_64.rpm libgstrtp-1_0-0-1.20.1-150400.3.3.1.x86_64.rpm libgstrtsp-1_0-0-1.20.1-150400.3.3.1.x86_64.rpm libgstsdp-1_0-0-1.20.1-150400.3.3.1.x86_64.rpm libgsttag-1_0-0-1.20.1-150400.3.3.1.x86_64.rpm libgstvideo-1_0-0-1.20.1-150400.3.3.1.x86_64.rpm typelib-1_0-GstAllocators-1_0-1.20.1-150400.3.3.1.x86_64.rpm typelib-1_0-GstApp-1_0-1.20.1-150400.3.3.1.x86_64.rpm typelib-1_0-GstAudio-1_0-1.20.1-150400.3.3.1.x86_64.rpm typelib-1_0-GstGL-1_0-1.20.1-150400.3.3.1.x86_64.rpm typelib-1_0-GstGLEGL-1_0-1.20.1-150400.3.3.1.x86_64.rpm typelib-1_0-GstGLWayland-1_0-1.20.1-150400.3.3.1.x86_64.rpm typelib-1_0-GstGLX11-1_0-1.20.1-150400.3.3.1.x86_64.rpm typelib-1_0-GstPbutils-1_0-1.20.1-150400.3.3.1.x86_64.rpm typelib-1_0-GstRtp-1_0-1.20.1-150400.3.3.1.x86_64.rpm typelib-1_0-GstRtsp-1_0-1.20.1-150400.3.3.1.x86_64.rpm typelib-1_0-GstSdp-1_0-1.20.1-150400.3.3.1.x86_64.rpm typelib-1_0-GstTag-1_0-1.20.1-150400.3.3.1.x86_64.rpm typelib-1_0-GstVideo-1_0-1.20.1-150400.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3219 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for gstreamer-plugins-good fixes the following issues: - CVE-2023-37327: Fixed GStreamer FLAC File Parsing Integer Overflow (bsc#1213128). gstreamer-plugins-good-1.20.1-150400.3.6.1.src.rpm gstreamer-plugins-good-1.20.1-150400.3.6.1.x86_64.rpm gstreamer-plugins-good-lang-1.20.1-150400.3.6.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3220 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for gstreamer-plugins-bad fixes the following issues: - CVE-2023-37329: Fixed GStreamer SRT File Parsing Heap-based Buffer Overflow (bsc#1213126). gstreamer-plugins-bad-1.20.1-150400.3.3.1.src.rpm libgstphotography-1_0-0-1.20.1-150400.3.3.1.x86_64.rpm libgstplay-1_0-0-1.20.1-150400.3.3.1.x86_64.rpm libgstplayer-1_0-0-1.20.1-150400.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3238 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for bluez fixes the following issues: - CVE-2021-41229: Fix leaking buffers stored in cstates cache. (bsc#1192760) bluez-5.62-150400.4.16.1.src.rpm bluez-5.62-150400.4.16.1.x86_64.rpm bluez-deprecated-5.62-150400.4.16.1.x86_64.rpm libbluetooth3-5.62-150400.4.16.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3234 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for qemu fixes the following issues: - CVE-2023-2861: Fixed improper access control on special files in 9pfs (bsc#1212968). - CVE-2023-3301: Fixed NULL pointer dereference in vhost_vdpa_get_vhost_net() (bsc#1213414). - CVE-2023-3255: Fixed infinite loop in inflate_buffer() leads to denial of service (bsc#1213001). qemu-6.2.0-150400.37.20.1.src.rpm qemu-tools-6.2.0-150400.37.20.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3313 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-40982: Fixed transient execution attack called "Gather Data Sampling" (bsc#1206418). - CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738). - CVE-2023-20569: Fixed side channel attack ‘Inception’ or ‘RAS Poisoning’ (bsc#1213287). - CVE-2023-21400: Fixed several memory corruptions due to improper locking in io_uring (bsc#1213272). - CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131). - CVE-2023-2166: Fixed NULL pointer dereference in can_rcv_filter (bsc#1210627). - CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780). - CVE-2023-3268: Fixed an out of bounds memory access flaw in relay_file_read_start_pos in the relayfs (bsc#1212502). - CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167). - CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213586). - CVE-2023-3611: Fixed an out-of-bounds write in net/sched sch_qfq(bsc#1213585). - CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-free (bsc#1213588). - CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo (bsc#1213812). The following non-security bugs were fixed: - afs: Fix access after dec in put functions (git-fixes). - afs: Fix afs_getattr() to refetch file status if callback break occurred (git-fixes). - afs: Fix dynamic root getattr (git-fixes). - afs: Fix fileserver probe RTT handling (git-fixes). - afs: Fix infinite loop found by xfstest generic/676 (git-fixes). - afs: Fix lost servers_outstanding count (git-fixes). - afs: Fix server->active leak in afs_put_server (git-fixes). - afs: Fix setting of mtime when creating a file/dir/symlink (git-fixes). - afs: Fix updating of i_size with dv jump from server (git-fixes). - afs: Fix vlserver probe RTT handling (git-fixes). - afs: Return -EAGAIN, not -EREMOTEIO, when a file already locked (git-fixes). - afs: Use refcount_t rather than atomic_t (git-fixes). - afs: Use the operation issue time instead of the reply time for callbacks (git-fixes). - afs: adjust ack interpretation to try and cope with nat (git-fixes). - alsa: emu10k1: roll up loops in dsp setup code for audigy (git-fixes). - alsa: hda/realtek: support asus g713pv laptop (git-fixes). - alsa: hda/relatek: enable mute led on hp 250 g8 (git-fixes). - alsa: usb-audio: add quirk for microsoft modern wireless headset (bsc#1207129). - alsa: usb-audio: update for native dsd support quirks (git-fixes). - asoc: atmel: fix the 8k sample parameter in i2sc master (git-fixes). - asoc: codecs: es8316: fix dmic config (git-fixes). - asoc: da7219: check for failure reading aad irq events (git-fixes). - asoc: da7219: flush pending aad irq when suspending (git-fixes). - asoc: fsl_sai: disable bit clock with transmitter (git-fixes). - asoc: fsl_spdif: silence output on stop (git-fixes). - asoc: rt5682-sdw: fix for jd event handling in clockstop mode0 (git-fixes). - asoc: rt711-sdca: fix for jd event handling in clockstop mode0 (git-fixes). - asoc: rt711: fix for jd event handling in clockstop mode0 (git-fixes). - asoc: wm8904: fill the cache for wm8904_adc_test_0 register (git-fixes). - ata: pata_ns87415: mark ns87560_tf_read static (git-fixes). - block, bfq: Fix division by zero error on zero wsum (bsc#1213653). - block: Fix a source code comment in include/uapi/linux/blkzoned.h (git-fixes). - can: gs_usb: gs_can_close(): add missing set of CAN state to CAN_STATE_STOPPED (git-fixes). - ceph: do not let check_caps skip sending responses for revoke msgs (bsc#1213856). - coda: Avoid partial allocation of sig_inputArgs (git-fixes). - dlm: fix missing lkb refcount handling (git-fixes). - dlm: fix plock invalid read (git-fixes). - documentation: devices.txt: reconcile serial/ucc_uart minor numers (git-fixes). - drm/amd/display: Disable MPC split by default on special asic (git-fixes). - drm/amd/display: Keep PHY active for DP displays on DCN31 (git-fixes). - drm/client: Fix memory leak in drm_client_modeset_probe (git-fixes). - drm/msm/adreno: Fix snapshot BINDLESS_DATA size (git-fixes). - drm/msm/dpu: drop enum dpu_core_perf_data_bus_id (git-fixes). - drm/msm: Fix IS_ERR_OR_NULL() vs NULL check in a5xx_submit_in_rb() (git-fixes). - drm/radeon: Fix integer overflow in radeon_cs_parser_init (git-fixes). - file: always lock position for FMODE_ATOMIC_POS (bsc#1213759). - fs: dlm: add midcomms init/start functions (git-fixes). - fs: dlm: do not set stop rx flag after node reset (git-fixes). - fs: dlm: filter user dlm messages for kernel locks (git-fixes). - fs: dlm: fix log of lowcomms vs midcomms (git-fixes). - fs: dlm: fix race between test_bit() and queue_work() (git-fixes). - fs: dlm: fix race in lowcomms (git-fixes). - fs: dlm: handle -EBUSY first in lock arg validation (git-fixes). - fs: dlm: move sending fin message into state change handling (git-fixes). - fs: dlm: retry accept() until -EAGAIN or error returns (git-fixes). - fs: dlm: return positive pid value for F_GETLK (git-fixes). - fs: dlm: start midcomms before scand (git-fixes). - fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode() (git-fixes). - fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev (git-fixes). - fs: jfs: check for read-only mounted filesystem in txbegin (git-fixes). - fs: jfs: fix null-ptr-deref read in txbegin (git-fixes). - gve: Set default duplex configuration to full (git-fixes). - gve: unify driver name usage (git-fixes). - hwmon: (k10temp) Enable AMD3255 Proc to show negative temperature (git-fixes). - hwmon: (nct7802) Fix for temp6 (PECI1) processed even if PECI1 disabled (git-fixes). - iavf: Fix out-of-bounds when setting channels on remove (git-fixes). - iavf: Fix use-after-free in free_netdev (git-fixes). - iavf: use internal state to free traffic IRQs (git-fixes). - igc: Check if hardware TX timestamping is enabled earlier (git-fixes). - igc: Enable and fix RX hash usage by netstack (git-fixes). - igc: Fix Kernel Panic during ndo_tx_timeout callback (git-fixes). - igc: Fix inserting of empty frame for launchtime (git-fixes). - igc: Fix launchtime before start of cycle (git-fixes). - igc: Fix race condition in PTP tx code (git-fixes). - igc: Handle PPS start time programming for past time values (git-fixes). - igc: Prevent garbled TX queue with XDP ZEROCOPY (git-fixes). - igc: Remove delay during TX ring configuration (git-fixes). - igc: Work around HW bug causing missing timestamps (git-fixes). - igc: set TP bit in 'supported' and 'advertising' fields of ethtool_link_ksettings (git-fixes). - input: i8042 - add clevo pcx0dx to i8042 quirk table (git-fixes). - input: iqs269a - do not poll during ati (git-fixes). - input: iqs269a - do not poll during suspend or resume (git-fixes). - jffs2: GC deadlock reading a page that is used in jffs2_write_begin() (git-fixes). - jffs2: fix memory leak in jffs2_do_fill_super (git-fixes). - jffs2: fix memory leak in jffs2_do_mount_fs (git-fixes). - jffs2: fix memory leak in jffs2_scan_medium (git-fixes). - jffs2: fix use-after-free in jffs2_clear_xattr_subsystem (git-fixes). - jffs2: reduce stack usage in jffs2_build_xattr_subsystem() (git-fixes). - jfs: jfs_dmap: Validate db_l2nbperpage while mounting (git-fixes). - kvm: arm64: do not read a hw interrupt pending state in user context (git-fixes) - kvm: arm64: warn if accessing timer pending state outside of vcpu (bsc#1213620) - kvm: do not null dereference ops->destroy (git-fixes) - kvm: downgrade two bug_ons to warn_on_once (git-fixes) - kvm: initialize debugfs_dentry when a vm is created to avoid null (git-fixes) - kvm: s390: pv: fix index value of replaced asce (git-fixes bsc#1213867). - kvm: vmx: inject #gp on encls if vcpu has paging disabled (cr0.pg==0) (git-fixes). - kvm: vmx: inject #gp, not #ud, if sgx2 encls leafs are unsupported (git-fixes). - kvm: vmx: restore vmx_vmexit alignment (git-fixes). - kvm: x86: account fastpath-only vm-exits in vcpu stats (git-fixes). - libceph: harden msgr2.1 frame segment length checks (bsc#1213857). - media: staging: atomisp: select V4L2_FWNODE (git-fixes). - net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585). - net/sched: sch_qfq: reintroduce lmax bound check for MTU (bsc#1213585). - net: ena: fix shift-out-of-bounds in exponential backoff (git-fixes). - net: mana: Batch ringing RX queue doorbell on receiving packets (bsc#1212901). - net: mana: Use the correct WQE count for ringing RQ doorbell (bsc#1212901). - net: phy: marvell10g: fix 88x3310 power up (git-fixes). - nfsd: add encoding of op_recall flag for write delegation (git-fixes). - nfsd: fix double fget() bug in __write_ports_addfd() (git-fixes). - nfsd: fix sparse warning (git-fixes). - nfsd: remove open coding of string copy (git-fixes). - nfsv4.1: always send a reclaim_complete after establishing lease (git-fixes). - nfsv4.1: freeze the session table upon receiving nfs4err_badsession (git-fixes). - nvme-pci: fix DMA direction of unmapping integrity data (git-fixes). - nvme-pci: remove nvme_queue from nvme_iod (git-fixes). - octeontx-af: fix hardware timestamp configuration (git-fixes). - octeontx2-af: Move validation of ptp pointer before its usage (git-fixes). - octeontx2-pf: Add additional check for MCAM rules (git-fixes). - phy: hisilicon: Fix an out of bounds check in hisi_inno_phy_probe() (git-fixes). - pinctrl: amd: Do not show `Invalid config param` errors (git-fixes). - pinctrl: amd: Use amd_pinconf_set() for all config options (git-fixes). - platform/x86: msi-laptop: Fix rfkill out-of-sync on MSI Wind U100 (git-fixes). - rdma/bnxt_re: fix hang during driver unload (git-fixes) - rdma/bnxt_re: prevent handling any completions after qp destroy (git-fixes) - rdma/core: update cma destination address on rdma_resolve_addr (git-fixes) - rdma/irdma: add missing read barriers (git-fixes) - rdma/irdma: fix data race on cqp completion stats (git-fixes) - rdma/irdma: fix data race on cqp request done (git-fixes) - rdma/irdma: fix op_type reporting in cqes (git-fixes) - rdma/irdma: report correct wc error (git-fixes) - rdma/mlx4: make check for invalid flags stricter (git-fixes) - rdma/mthca: fix crash when polling cq for shared qps (git-fixes) - regmap: Account for register length in SMBus I/O limits (git-fixes). - regmap: Drop initial version of maximum transfer length fixes (git-fixes). - revert "debugfs, coccinelle: check for obsolete define_simple_attribute() usage" (git-fixes). - revert "nfsv4: retry lock on old_stateid during delegation return" (git-fixes). - revert "usb: dwc3: core: enable autoretry feature in the controller" (git-fixes). - revert "usb: gadget: tegra-xudc: fix error check in tegra_xudc_powerdomain_init()" (git-fixes). - revert "usb: xhci: tegra: fix error check" (git-fixes). - revert "xhci: add quirk for host controllers that do not update endpoint dcs" (git-fixes). - rxrpc, afs: Fix selection of abort codes (git-fixes). - s390/bpf: Add expoline to tail calls (git-fixes bsc#1213870). - s390/dasd: fix hanging device after quiesce/resume (git-fixes bsc#1213810). - s390/decompressor: specify __decompress() buf len to avoid overflow (git-fixes bsc#1213863). - s390/ipl: add missing intersection check to ipl_report handling (git-fixes bsc#1213871). - s390/qeth: Fix vipa deletion (git-fixes bsc#1213713). - s390/vmem: fix empty page tables cleanup under KASAN (git-fixes bsc#1213715). - s390: introduce nospec_uses_trampoline() (git-fixes bsc#1213870). - scftorture: Count reschedule IPIs (git-fixes). - scsi: lpfc: Abort outstanding ELS cmds when mailbox timeout error is detected (bsc#1213756). - scsi: lpfc: Avoid -Wstringop-overflow warning (bsc#1213756). - scsi: lpfc: Clean up SLI-4 sysfs resource reporting (bsc#1213756). - scsi: lpfc: Copyright updates for 14.2.0.14 patches (bsc#1213756). - scsi: lpfc: Fix a possible data race in lpfc_unregister_fcf_rescan() (bsc#1213756). - scsi: lpfc: Fix incorrect big endian type assignment in bsg loopback path (bsc#1213756). - scsi: lpfc: Fix incorrect big endian type assignments in FDMI and VMID paths (bsc#1213756). - scsi: lpfc: Fix lpfc_name struct packing (bsc#1213756). - scsi: lpfc: Make fabric zone discovery more robust when handling unsolicited LOGO (bsc#1213756). - scsi: lpfc: Pull out fw diagnostic dump log message from driver's trace buffer (bsc#1213756). - scsi: lpfc: Qualify ndlp discovery state when processing RSCN (bsc#1213756). - scsi: lpfc: Refactor cpu affinity assignment paths (bsc#1213756). - scsi: lpfc: Remove extra ndlp kref decrement in FLOGI cmpl for loop topology (bsc#1213756). - scsi: lpfc: Replace all non-returning strlcpy() with strscpy() (bsc#1213756). - scsi: lpfc: Replace one-element array with flexible-array member (bsc#1213756). - scsi: lpfc: Revise ndlp kref handling for dev_loss_tmo_callbk and lpfc_drop_node (bsc#1213756). - scsi: lpfc: Set Establish Image Pair service parameter only for Target Functions (bsc#1213756). - scsi: lpfc: Simplify fcp_abort transport callback log message (bsc#1213756). - scsi: lpfc: Update lpfc version to 14.2.0.14 (bsc#1213756). - scsi: lpfc: Use struct_size() helper (bsc#1213756). - scsi: qla2xxx: Adjust IOCB resource on qpair create (bsc#1213747). - scsi: qla2xxx: Array index may go out of bound (bsc#1213747). - scsi: qla2xxx: Avoid fcport pointer dereference (bsc#1213747). - scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport() (bsc#1213747). - scsi: qla2xxx: Correct the index of array (bsc#1213747). - scsi: qla2xxx: Drop useless LIST_HEAD (bsc#1213747). - scsi: qla2xxx: Fix NULL pointer dereference in target mode (bsc#1213747). - scsi: qla2xxx: Fix TMF leak through (bsc#1213747). - scsi: qla2xxx: Fix buffer overrun (bsc#1213747). - scsi: qla2xxx: Fix command flush during TMF (bsc#1213747). - scsi: qla2xxx: Fix deletion race condition (bsc#1213747). - scsi: qla2xxx: Fix end of loop test (bsc#1213747). - scsi: qla2xxx: Fix erroneous link up failure (bsc#1213747). - scsi: qla2xxx: Fix error code in qla2x00_start_sp() (bsc#1213747). - scsi: qla2xxx: Fix potential NULL pointer dereference (bsc#1213747). - scsi: qla2xxx: Fix session hang in gnl (bsc#1213747). - scsi: qla2xxx: Limit TMF to 8 per function (bsc#1213747). - scsi: qla2xxx: Pointer may be dereferenced (bsc#1213747). - scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue (bsc#1213747). - scsi: qla2xxx: Replace one-element array with DECLARE_FLEX_ARRAY() helper (bsc#1213747). - scsi: qla2xxx: Silence a static checker warning (bsc#1213747). - scsi: qla2xxx: Turn off noisy message log (bsc#1213747). - scsi: qla2xxx: Update version to 10.02.08.400-k (bsc#1213747). - scsi: qla2xxx: Update version to 10.02.08.500-k (bsc#1213747). - scsi: qla2xxx: Use vmalloc_array() and vcalloc() (bsc#1213747). - scsi: qla2xxx: fix inconsistent TMF timeout (bsc#1213747). - serial: qcom-geni: drop bogus runtime pm state update (git-fixes). - serial: sifive: Fix sifive_serial_console_setup() section (git-fixes). - soundwire: qcom: update status correctly with mask (git-fixes). - staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext() (git-fixes). - staging: r8712: Fix memory leak in _r8712_init_xmit_priv() (git-fixes). - sunrpc: always free ctxt when freeing deferred request (git-fixes). - sunrpc: double free xprt_ctxt while still in use (git-fixes). - sunrpc: fix trace_svc_register() call site (git-fixes). - sunrpc: fix uaf in svc_tcp_listen_data_ready() (git-fixes). - sunrpc: remove dead code in svc_tcp_release_rqst() (git-fixes). - sunrpc: remove the maximum number of retries in call_bind_status (git-fixes). - svcrdma: Prevent page release when nothing was received (git-fixes). - tpm_tis: Explicitly check for error code (git-fixes). - tty: n_gsm: fix UAF in gsm_cleanup_mux (git-fixes). - ubifs: Add missing iput if do_tmpfile() failed in rename whiteout (git-fixes). - ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers (git-fixes). - ubifs: Fix 'ui->dirty' race between do_tmpfile() and writeback work (git-fixes). - ubifs: Fix AA deadlock when setting xattr for encrypted file (git-fixes). - ubifs: Fix build errors as symbol undefined (git-fixes). - ubifs: Fix deadlock in concurrent rename whiteout and inode writeback (git-fixes). - ubifs: Fix memory leak in alloc_wbufs() (git-fixes). - ubifs: Fix memory leak in do_rename (git-fixes). - ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock() (git-fixes). - ubifs: Fix to add refcount once page is set private (git-fixes). - ubifs: Fix wrong dirty space budget for dirty inode (git-fixes). - ubifs: Free memory for tmpfile name (git-fixes). - ubifs: Rectify space amount budget for mkdir/tmpfile operations (git-fixes). - ubifs: Rectify space budget for ubifs_symlink() if symlink is encrypted (git-fixes). - ubifs: Rectify space budget for ubifs_xrename() (git-fixes). - ubifs: Rename whiteout atomically (git-fixes). - ubifs: Reserve one leb for each journal head while doing budget (git-fixes). - ubifs: do_rename: Fix wrong space budget when target inode's nlink > 1 (git-fixes). - ubifs: rename_whiteout: Fix double free for whiteout_ui->data (git-fixes). - ubifs: rename_whiteout: correct old_dir size computing (git-fixes). - ubifs: setflags: Make dirtied_ino_d 8 bytes aligned (git-fixes). - ubifs: ubifs_writepage: Mark page dirty after writing inode failed (git-fixes). - usb: dwc3: do not reset device side if dwc3 was configured as host-only (git-fixes). - usb: dwc3: pci: skip BYT GPIO lookup table for hardwired phy (git-fixes). - usb: gadget: core: remove unbalanced mutex_unlock in usb_gadget_activate (git-fixes). - usb: xhci-mtk: set the dma max_seg_size (git-fixes). - vhost: support PACKED when setting-getting vring_base (git-fixes). - vhost_net: revert upend_idx only on retriable error (git-fixes). - virtio-net: Maintain reverse cleanup order (git-fixes). - virtio_net: Fix error unwinding of XDP initialization (git-fixes). - x86/PVH: obtain VGA console info in Dom0 (git-fixes). - xen/blkfront: Only check REQ_FUA for writes (git-fixes). - xen/pvcalls-back: fix double frees with pvcalls_new_active_socket() (git-fixes). kernel-default-5.14.21-150400.24.81.1.nosrc.rpm True kernel-default-5.14.21-150400.24.81.1.x86_64.rpm True kernel-default-base-5.14.21-150400.24.81.1.150400.24.35.3.src.rpm True kernel-default-base-5.14.21-150400.24.81.1.150400.24.35.3.x86_64.rpm True kernel-default-devel-5.14.21-150400.24.81.1.x86_64.rpm True kernel-devel-5.14.21-150400.24.81.1.noarch.rpm True kernel-macros-5.14.21-150400.24.81.1.noarch.rpm True kernel-source-5.14.21-150400.24.81.1.src.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2023-3477 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for cpuset fixes the following issues: - Fix documentation typos (bsc#1210468) cpuset-1.6.1-150100.3.6.1.noarch.rpm cpuset-1.6.1-150100.3.6.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3482 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for gtk4 fixes the following issues: Version update from 4.6.0 to 4.6.9 (jsc#PED-2645, jsc#PED-2423): - Changes in 4.6.9: * GtkText: Prevent unexpected notify::direction emissions * Wayland: Fix button masks * X11: Fix some ordering problems with surface destruction * Translation updates - Changes in 4.6.8: * Input: Fix problems with input method interactions that caused dead keys not to work * GtkText: Respect the no-emoji input hint fully * GtkNotebook: + Fix an infinite loop in accessibility code + Event handling fixes * GtkFileChooser: Restore ~ and .functionality * GtkTreeView: Event handling fixes * GtkTreeListModel: Prevent possible crashes with collapsed nodes * GtkGridView: Fix issues with rubberband selection * GtkEmojiChooser: Fix navigation with arrow keys when filtered * GtkPopover: + Fix problems with focus when dismissing popovers + Fix problems with focusing editable labels in popovers * GtkStackSidebar: Improve accessible presentation * Wayland: + Make gtk_launch_uri more robust + Make monitor bounds handling more robust + Prevent shrinking clients due to wrong toplevel bounds * Flatpak: Fix file DND with the FileTransfer portal - Changes in 4.6.7: * Miscellaneous memory leak fixes * GtkTreeView: + Fix a problem with DND + Fix a problem with row selection * GtkTreePopover: Support scrolling * GtkGridView: Fix issues with rubberband selection * GtkSnapshot: Make GtkSnapshot work from bindings * X11: Fix preferred action for DND * Windows: Fix DND - Changes in 4.6.6: * Fix translations in GTKs own ui files * Wayland: + Fix a problem with the activation protocol + Don't force the HighContrast icontheme * Windows: Fix a problem with builtin icons if the hicolor icontheme is not installed - Changes in 4.6.5: * GtkFileChooser: Fix pasting text into the name field. * GtkText: Remove an assertion that is sometimes hit. * Wayland: Ensure that our cursor surfaces don't violate protocol constraints. * Accssibility: Fix a problem in the accessibility tree. - Changes in 4.6.4: * GtkFileChooser: + Fix select button sensitivity in select_folder mode. + Fix some fallout from list model porting. * GtkListView, GtkColumnView: Optimize scrolling. * print-to-file: Handle nonexisting files better in the dialog. * Avoid infinite loops in size allocation. * CSS: Optimize a case of reparenting that is important in GtkListView. * GSK: Check for half-float support before using it. * Wayland: + Ignore empty preedit updates This fixes a problem with textview scrolling. + Freeze popups when hidden. This addresses a frame rate drop- - Changes in 4.6.3: * GtkOverlay: Bring back positional style classes. * GtkFileChooser: + Prevent unwanted completion popups. + Fix small problems in save mode. + Fix buildable suport of GtkFileFilter. * GtkPopover: Fix button positions in right-to-left locales. * GtkLabel: Fix small issues with link handling. * Tooltips: Don't restrict the minimum tooltip length. * Theme: + Don't use opacity for overlay scrollbars. + Fix selection text color in vertical spin buttons. * GSK: + Accept textures that are generated by webkit. + Align offscreen rendering to the pixel grid. * Accessibility: Fix a crash in startup when orca is running. * Input: + Fix display changes in GtkIMMultiContext. + Fix activating on-screen keyboards. + Always propagate hold events in GtkEventControllerScroll. * Windows: + Fix a critical warning in clipboard handling. + Report serial numbers for events. - Changes in 4.6.2: * GtkScrolledWindow: + Set scroll-to-focus on viewports + Avoid doubly triggering deceleration * GtkEntry: Stop cursor blinking on focus-out * Emoji: + Update Emoji data to CLDR 40 and Unicode 14 + Add more locales for Emoji data * GDK: + Optimize texture conversions on x86 and ARM + Use EGK_KHR_swap_buffers_with_damage if available * GSK: + Avoid clearing opaque regions + Support using a non-default framebuffer + Handle large viewports by tiling * Wayland: + Prefer xdg-activation over gtk-shell + text protocol: Fix text caret location + text protocol: Use serials to control outbound messages * Inspector: Show app ID and resource path * Demos: widget-factory: Handle F11 to toggle fullscreen * Tools: gtk-builder-tool: Allow use without display - Changes in 4.6.1: * GtkFontChooser: + Stop using PangoFc api + Fix a crash + Use new HarfBuzz api * GtkMenuButton: Update accessible description * GtkTextView: Fix intra-widget dnd * Printing: Fix an fd leak * Input: + Make sure input methods get focus-in events + Always flush events to avoid scroll event pileup + Support hold events + Update keysyms from libxkbcommon * Theme: Improve text selection legibility * Introspection: Add missing nullable annotations everywhere * Build: + Make stack noexec again + Avoid symbol leaks + Drop unneeded script data * Wayland: + Fix support for the new high-contrast setting + Avoid redundant scale changes + Fix DND hotspot handling + Don't always restore the saved size when floating gettext-its-gtk4-4.6.9-150400.3.6.2.x86_64.rpm gtk4-4.6.9-150400.3.6.2.src.rpm gtk4-branding-SLE-15.0-150400.3.2.2.noarch.rpm gtk4-branding-SLE-15.0-150400.3.2.2.src.rpm gtk4-schema-4.6.9-150400.3.6.2.noarch.rpm libgtk-4-1-4.6.9-150400.3.6.2.x86_64.rpm typelib-1_0-Gtk-4_0-4.6.9-150400.3.6.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3464 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for xscreensaver fixes the following issues: - Added fix for configuration reading (bsc#1204744) - Drop obsolete patch (bsc#1203594) xscreensaver-6.03-150400.3.6.1.src.rpm xscreensaver-6.03-150400.3.6.1.x86_64.rpm xscreensaver-data-6.03-150400.3.6.1.x86_64.rpm xscreensaver-lang-6.03-150400.3.6.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3419 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for webkit2gtk3 fixes the following issues: Update to version 2.40.5 (bsc#1213905): - CVE-2023-38133: Fixed information disclosure. - CVE-2023-38572: Fixed Same-Origin-Policy bypass. - CVE-2023-38592: Fixed arbitrary code execution. - CVE-2023-38594: Fixed arbitrary code execution. - CVE-2023-38595: Fixed arbitrary code execution. - CVE-2023-38597: Fixed arbitrary code execution. - CVE-2023-38599: Fixed sensitive user information tracking. - CVE-2023-38600: Fixed arbitrary code execution. - CVE-2023-38611: Fixed arbitrary code execution. Update to version 2.40.3 (bsc#1212863): - CVE-2023-32439: Fixed a bug where processing maliciously crafted web content may lead to arbitrary code execution. (bsc#1212863) - CVE-2023-32435: Fixed a bug where processing web content may lead to arbitrary code execution. (bsc#1212863) - CVE-2022-48503: Fixed a bug where processing web content may lead to arbitrary code execution. (bsc#1212863) libjavascriptcoregtk-4_0-18-2.40.5-150400.4.45.3.x86_64.rpm libwebkit2gtk-4_0-37-2.40.5-150400.4.45.3.x86_64.rpm typelib-1_0-JavaScriptCore-4_0-2.40.5-150400.4.45.3.x86_64.rpm typelib-1_0-WebKit2-4_0-2.40.5-150400.4.45.3.x86_64.rpm typelib-1_0-WebKit2WebExtension-4_0-2.40.5-150400.4.45.3.x86_64.rpm webkit2gtk-4_0-injected-bundles-2.40.5-150400.4.45.3.x86_64.rpm webkit2gtk3-soup2-2.40.5-150400.4.45.3.src.rpm webkit2gtk3-soup2-devel-2.40.5-150400.4.45.3.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3290 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for qatengine fixes the following issues: - CVE-2022-43507: Fixed a buffer overflow issue with SHA3. (bsc#1211296) qatengine-0.6.10-150400.3.3.1.src.rpm qatengine-0.6.10-150400.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3440 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for gawk fixes the following issues: - CVE-2023-4156: Fix a heap out of bound read by validating the index into argument list. (bsc#1214025) gawk-4.2.1-150000.3.3.1.src.rpm gawk-4.2.1-150000.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3383 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for ucode-intel fixes the following issues: - Updated to Intel CPU Microcode 20230808 release. (bsc#1214099) - CVE-2022-40982: Fixed a potential security vulnerability in some Intel® Processors which may allow information disclosure. - CVE-2023-23908: Fixed a potential security vulnerability in some 3rd Generation Intel® Xeon® Scalable processors which may allow information disclosure. - CVE-2022-41804: Fixed a potential security vulnerability in some Intel® Xeon® Processors with Intel® Software Guard Extensions (SGX) which may allow escalation of privilege. ucode-intel-20230808-150200.27.1.src.rpm True ucode-intel-20230808-150200.27.1.x86_64.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2023-3360 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for kernel-firmware fixes the following issues: - CVE-2023-20569: Fixed AMD 19h ucode to mitigate a side channel vulnerability in some of the AMD CPUs. (bsc#1213287) kernel-firmware-20220509-150400.4.22.1.src.rpm True kernel-firmware-all-20220509-150400.4.22.1.noarch.rpm True kernel-firmware-amdgpu-20220509-150400.4.22.1.noarch.rpm True kernel-firmware-ath10k-20220509-150400.4.22.1.noarch.rpm True kernel-firmware-ath11k-20220509-150400.4.22.1.noarch.rpm True kernel-firmware-atheros-20220509-150400.4.22.1.noarch.rpm True kernel-firmware-bluetooth-20220509-150400.4.22.1.noarch.rpm True kernel-firmware-bnx2-20220509-150400.4.22.1.noarch.rpm True kernel-firmware-brcm-20220509-150400.4.22.1.noarch.rpm True kernel-firmware-chelsio-20220509-150400.4.22.1.noarch.rpm True kernel-firmware-dpaa2-20220509-150400.4.22.1.noarch.rpm True kernel-firmware-i915-20220509-150400.4.22.1.noarch.rpm True kernel-firmware-intel-20220509-150400.4.22.1.noarch.rpm True kernel-firmware-iwlwifi-20220509-150400.4.22.1.noarch.rpm True kernel-firmware-liquidio-20220509-150400.4.22.1.noarch.rpm True kernel-firmware-marvell-20220509-150400.4.22.1.noarch.rpm True kernel-firmware-media-20220509-150400.4.22.1.noarch.rpm True kernel-firmware-mediatek-20220509-150400.4.22.1.noarch.rpm True kernel-firmware-mellanox-20220509-150400.4.22.1.noarch.rpm True kernel-firmware-mwifiex-20220509-150400.4.22.1.noarch.rpm True kernel-firmware-network-20220509-150400.4.22.1.noarch.rpm True kernel-firmware-nfp-20220509-150400.4.22.1.noarch.rpm True kernel-firmware-nvidia-20220509-150400.4.22.1.noarch.rpm True kernel-firmware-platform-20220509-150400.4.22.1.noarch.rpm True kernel-firmware-prestera-20220509-150400.4.22.1.noarch.rpm True kernel-firmware-qcom-20220509-150400.4.22.1.noarch.rpm True kernel-firmware-qlogic-20220509-150400.4.22.1.noarch.rpm True kernel-firmware-radeon-20220509-150400.4.22.1.noarch.rpm True kernel-firmware-realtek-20220509-150400.4.22.1.noarch.rpm True kernel-firmware-serial-20220509-150400.4.22.1.noarch.rpm True kernel-firmware-sound-20220509-150400.4.22.1.noarch.rpm True kernel-firmware-ti-20220509-150400.4.22.1.noarch.rpm True kernel-firmware-ueagle-20220509-150400.4.22.1.noarch.rpm True kernel-firmware-usb-network-20220509-150400.4.22.1.noarch.rpm True ucode-amd-20220509-150400.4.22.1.noarch.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2023-3363 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) krb5-1.19.2-150400.3.6.1.src.rpm krb5-1.19.2-150400.3.6.1.x86_64.rpm krb5-32bit-1.19.2-150400.3.6.1.x86_64.rpm krb5-client-1.19.2-150400.3.6.1.x86_64.rpm krb5-devel-1.19.2-150400.3.6.1.x86_64.rpm krb5-plugin-preauth-otp-1.19.2-150400.3.6.1.x86_64.rpm krb5-plugin-preauth-pkinit-1.19.2-150400.3.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3347 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for postgresql15 fixes the following issues: - Update to 15.4 - CVE-2023-39417: Fixed potential SQL injection for trusted extensions. (bsc#1214059) - CVE-2023-39418: Fix MERGE to enforce row security. (bsc#1214061) libpq5-15.4-150200.5.12.1.x86_64.rpm postgresql15-15.4-150200.5.12.1.src.rpm postgresql15-15.4-150200.5.12.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3348 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for postgresql15 fixes the following issues: - Update to 14.9 - CVE-2023-39417: Fixed potential SQL injection for trusted extensions. (bsc#1214059) postgresql14-14.9-150200.5.29.1.src.rpm postgresql14-14.9-150200.5.29.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3457 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for exfatprogs fixes the following issues: - Fix fsck on block devices with 4K sector sizes (bsc#1214079) exfatprogs-1.0.4-150300.3.9.1.src.rpm exfatprogs-1.0.4-150300.3.9.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3543 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for protobuf-c fixes the following issues: - Add missing Provides/Obsoletes after package merge (bsc#1214006) libprotobuf-c-devel-1.3.2-150200.3.9.1.x86_64.rpm libprotobuf-c1-1.3.2-150200.3.9.1.x86_64.rpm protobuf-c-1.3.2-150200.3.9.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3395 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for xen fixes the following issues: - CVE-2023-20569: Fixed side channel attack Inception or RAS Poisoning. (bsc#1214082, XSA-434) - CVE-2022-40982: Fixed transient execution attack called "Gather Data Sampling". (bsc#1214083, XSA-435) - CVE-2023-20593: Fixed a ZenBleed issue in "Zen 2" CPUs that could allow an attacker to potentially access sensitive information. (bsc#1213616, XSA-433) xen-4.16.5_02-150400.4.31.1.src.rpm xen-libs-4.16.5_02-150400.4.31.1.x86_64.rpm xen-tools-domU-4.16.5_02-150400.4.31.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4073 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for rpm fixes the following issue: - Enables build for all python modules (jsc#PED-68, jsc#PED-1988) python-rpm-4.14.3-150400.59.3.1.src.rpm python3-rpm-4.14.3-150400.59.3.1.x86_64.rpm rpm-32bit-4.14.3-150400.59.3.1.x86_64.rpm rpm-4.14.3-150400.59.3.1.src.rpm rpm-4.14.3-150400.59.3.1.x86_64.rpm rpm-devel-4.14.3-150400.59.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3403 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for osinfo-db fixes the following issue: - Update to database version 20230719 osinfo-db-20230719-150400.3.12.1.noarch.rpm osinfo-db-20230719-150400.3.12.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3454 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248) Added: - Atos TrustedRoot Root CA ECC G2 2020 - Atos TrustedRoot Root CA ECC TLS 2021 - Atos TrustedRoot Root CA RSA G2 2020 - Atos TrustedRoot Root CA RSA TLS 2021 - BJCA Global Root CA1 - BJCA Global Root CA2 - LAWtrust Root CA2 (4096) - Sectigo Public Email Protection Root E46 - Sectigo Public Email Protection Root R46 - Sectigo Public Server Authentication Root E46 - Sectigo Public Server Authentication Root R46 - SSL.com Client ECC Root CA 2022 - SSL.com Client RSA Root CA 2022 - SSL.com TLS ECC Root CA 2022 - SSL.com TLS RSA Root CA 2022 Removed CAs: - Chambers of Commerce Root - E-Tugra Certification Authority - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 - Hongkong Post Root CA 1 ca-certificates-mozilla-2.62-150200.30.1.noarch.rpm ca-certificates-mozilla-2.62-150200.30.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3466 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for icu fixes the following issues: - Japanese era Reiwa (bsc#1112183, bsc#1103893, fate570, fate#325570, fate#325419) icu-65.1-150200.4.8.1.src.rpm libicu-devel-65.1-150200.4.8.1.x86_64.rpm libicu-suse65_1-65.1-150200.4.8.1.x86_64.rpm libicu65_1-ledata-65.1-150200.4.8.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3472 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for procps fixes the following issues: - CVE-2023-4016: Fixed ps buffer overflow (bsc#1214290). libprocps7-3.3.15-150000.7.34.1.x86_64.rpm procps-3.3.15-150000.7.34.1.src.rpm procps-3.3.15-150000.7.34.1.x86_64.rpm procps-devel-3.3.15-150000.7.34.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3480 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for openjpeg2 fixes the following issues: - Fix openjpeg2-devel to require openjpeg as some cmake targets may fail without the base package installed (bsc#1201799) libopenjp2-7-2.3.0-150000.3.13.1.x86_64.rpm openjpeg2-2.3.0-150000.3.13.1.src.rpm openjpeg2-2.3.0-150000.3.13.1.x86_64.rpm openjpeg2-devel-2.3.0-150000.3.13.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3459 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for scap-security-guide fixes the following issues: - scap-security-guide was updated to 0.1.69 (jsc#ECO-3319) - Introduce a JSON build manifest - Introduce a script to compare ComplianceAsCode versions - Introduce CCN profiles for RHEL9 - Map rules to components - products/anolis23: supports Anolis OS 23 - Render components to HTML - Store rendered control files - Test and use rules to components mapping - Use distributed product properties scap-security-guide-0.1.69-150000.1.65.1.noarch.rpm scap-security-guide-0.1.69-150000.1.65.1.src.rpm scap-security-guide-debian-0.1.69-150000.1.65.1.noarch.rpm scap-security-guide-redhat-0.1.69-150000.1.65.1.noarch.rpm scap-security-guide-ubuntu-0.1.69-150000.1.65.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3850 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for evolution and its dependencies fixes the following issues: evolution: - Handle frame flattening change in WebKitGTK 2.40 (bsc#1213858) bogofilter, evolution-data-server, gcr, geocode-glib, gjs, glade, gnome-autoar, gnome-desktop, gnome-online-accounts, gsl, gspell, gtkspell3, libcanberra, libgdata, libgweather, libical, liboauth, libphonenumber, librest, libxkbcommon, mozjs78: - Deliver missing direct and indirect dependencies of evolution to SUSE Package Hub 15 SP{4,5} for aarch64, ppc64le and s390x - There are NO code changes libcanberra-0.30-150400.15.2.2.src.rpm libcanberra0-0.30-150400.15.2.2.x86_64.rpm libical-3.0.10-150400.3.2.4.src.rpm libical3-3.0.10-150400.3.2.4.x86_64.rpm libxkbcommon-1.3.0-150400.3.2.2.src.rpm libxkbcommon-devel-1.3.0-150400.3.2.2.x86_64.rpm libxkbcommon-x11-0-1.3.0-150400.3.2.2.x86_64.rpm libxkbcommon-x11-devel-1.3.0-150400.3.2.2.x86_64.rpm libxkbcommon0-1.3.0-150400.3.2.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3416 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for btrfsprogs fixes the following issues: - No UUID symlink in /dev/disk/by-uuid after creating a BTRFS filesystem on a partition of a mpath device (bsc#1207225) btrfsprogs-5.14-150400.5.3.1.src.rpm btrfsprogs-5.14-150400.5.3.1.x86_64.rpm btrfsprogs-udev-rules-5.14-150400.5.3.1.noarch.rpm libbtrfs-devel-5.14-150400.5.3.1.x86_64.rpm libbtrfs0-5.14-150400.5.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3955 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for vim fixes the following issues: Security fixes: - CVE-2023-4733: Fixed use-after-free in function buflist_altfpos (bsc#1215004). - CVE-2023-4734: Fixed segmentation fault in function f_fullcommand (bsc#1214925). - CVE-2023-4735: Fixed out of bounds write in ops.c (bsc#1214924). - CVE-2023-4738: Fixed heap buffer overflow in vim_regsub_both (bsc#1214922). - CVE-2023-4752: Fixed heap use-after-free in function ins_compl_get_exp (bsc#1215006). - CVE-2023-4781: Fixed heap buffer overflow in function vim_regsub_both (bsc#1215033). Other fixes: - Update to version 9.0 with patch level 1894, for the complete list of changes see https://github.com/vim/vim/compare/v9.0.1443...v9.0.1894 - Use app icons generated from vimlogo.eps in the source tarball; add higher resolution icons of sizes 128x128, 256x256, and 512x512 as png sources vim-9.0.1894-150000.5.54.1.src.rpm vim-9.0.1894-150000.5.54.1.x86_64.rpm vim-data-9.0.1894-150000.5.54.1.noarch.rpm vim-data-common-9.0.1894-150000.5.54.1.noarch.rpm vim-small-9.0.1894-150000.5.54.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3410 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for audit fixes the following issues: - Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519) - Fix rules not loaded when restarting auditd.service (bsc#1204844) audit-3.0.6-150400.4.13.1.src.rpm audit-3.0.6-150400.4.13.1.x86_64.rpm audit-audispd-plugins-3.0.6-150400.4.13.1.x86_64.rpm audit-devel-3.0.6-150400.4.13.1.x86_64.rpm audit-secondary-3.0.6-150400.4.13.1.src.rpm libaudit1-3.0.6-150400.4.13.1.x86_64.rpm libauparse0-3.0.6-150400.4.13.1.x86_64.rpm python3-audit-3.0.6-150400.4.13.1.x86_64.rpm system-group-audit-3.0.6-150400.4.13.1.x86_64.rpm libaudit1-32bit-3.0.6-150400.4.13.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3538 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for dracut fixes the following issues: - Protect against broken links pointing to themselves - Exit if resolving executable dependencies fails (bsc#1214081) dracut-055+suse.347.gdcb9bdbf-150400.3.28.1.src.rpm dracut-055+suse.347.gdcb9bdbf-150400.3.28.1.x86_64.rpm dracut-fips-055+suse.347.gdcb9bdbf-150400.3.28.1.x86_64.rpm dracut-ima-055+suse.347.gdcb9bdbf-150400.3.28.1.x86_64.rpm dracut-mkinitrd-deprecated-055+suse.347.gdcb9bdbf-150400.3.28.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3661 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). gcc12-12.3.0+git1204-150000.1.16.1.src.rpm libasan8-12.3.0+git1204-150000.1.16.1.x86_64.rpm libasan8-32bit-12.3.0+git1204-150000.1.16.1.x86_64.rpm libatomic1-12.3.0+git1204-150000.1.16.1.x86_64.rpm libatomic1-32bit-12.3.0+git1204-150000.1.16.1.x86_64.rpm libgcc_s1-12.3.0+git1204-150000.1.16.1.x86_64.rpm libgcc_s1-32bit-12.3.0+git1204-150000.1.16.1.x86_64.rpm libgfortran5-12.3.0+git1204-150000.1.16.1.x86_64.rpm libgfortran5-32bit-12.3.0+git1204-150000.1.16.1.x86_64.rpm libgomp1-12.3.0+git1204-150000.1.16.1.x86_64.rpm libgomp1-32bit-12.3.0+git1204-150000.1.16.1.x86_64.rpm libitm1-12.3.0+git1204-150000.1.16.1.x86_64.rpm libitm1-32bit-12.3.0+git1204-150000.1.16.1.x86_64.rpm liblsan0-12.3.0+git1204-150000.1.16.1.x86_64.rpm libobjc4-12.3.0+git1204-150000.1.16.1.x86_64.rpm libobjc4-32bit-12.3.0+git1204-150000.1.16.1.x86_64.rpm libquadmath0-12.3.0+git1204-150000.1.16.1.x86_64.rpm libquadmath0-32bit-12.3.0+git1204-150000.1.16.1.x86_64.rpm libstdc++6-12.3.0+git1204-150000.1.16.1.x86_64.rpm libstdc++6-32bit-12.3.0+git1204-150000.1.16.1.x86_64.rpm libstdc++6-locale-12.3.0+git1204-150000.1.16.1.x86_64.rpm libstdc++6-pp-12.3.0+git1204-150000.1.16.1.x86_64.rpm libstdc++6-pp-32bit-12.3.0+git1204-150000.1.16.1.x86_64.rpm libtsan2-12.3.0+git1204-150000.1.16.1.x86_64.rpm libubsan1-12.3.0+git1204-150000.1.16.1.x86_64.rpm libubsan1-32bit-12.3.0+git1204-150000.1.16.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3686 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for gcc7 fixes the following issues: Security issue fixed: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). Other fixes: - Fixed KASAN kernel compile. [bsc#1205145] - Fixed ICE with C++17 code as reported in [bsc#1204505] - Fixed altivec.h redefining bool in C++ which makes bool unusable (bsc#1195517): - Adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] cpp7-7.5.0+r278197-150000.4.35.1.x86_64.rpm gcc7-7.5.0+r278197-150000.4.35.1.src.rpm gcc7-7.5.0+r278197-150000.4.35.1.x86_64.rpm gcc7-c++-7.5.0+r278197-150000.4.35.1.x86_64.rpm gcc7-fortran-7.5.0+r278197-150000.4.35.1.x86_64.rpm libasan4-7.5.0+r278197-150000.4.35.1.x86_64.rpm libcilkrts5-7.5.0+r278197-150000.4.35.1.x86_64.rpm libgfortran4-32bit-7.5.0+r278197-150000.4.35.1.x86_64.rpm libgfortran4-7.5.0+r278197-150000.4.35.1.x86_64.rpm libstdc++6-devel-gcc7-7.5.0+r278197-150000.4.35.1.x86_64.rpm libubsan0-7.5.0+r278197-150000.4.35.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3456 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for clamav fixes the following issues: - Update to 0.103.9 - CVE-2023-20197: Fixed a possible denial of service vulnerability in the HFS+ file parser. (bsc#1214342) clamav-0.103.9-150000.3.47.1.src.rpm clamav-0.103.9-150000.3.47.1.x86_64.rpm clamav-devel-0.103.9-150000.3.47.1.x86_64.rpm libclamav9-0.103.9-150000.3.47.1.x86_64.rpm libfreshclam2-0.103.9-150000.3.47.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3486 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for lvm2 fixes the following issues: - blkdeactivate calls wrong mountpoint cmd (bsc#1214071) device-mapper-2.03.05_1.02.163-150400.188.1.x86_64.rpm device-mapper-devel-2.03.05_1.02.163-150400.188.1.x86_64.rpm libdevmapper-event1_03-2.03.05_1.02.163-150400.188.1.x86_64.rpm libdevmapper1_03-2.03.05_1.02.163-150400.188.1.x86_64.rpm liblvm2cmd2_03-2.03.05-150400.188.1.x86_64.rpm lvm2-2.03.05-150400.188.1.src.rpm lvm2-2.03.05-150400.188.1.x86_64.rpm lvm2-devel-2.03.05-150400.188.1.x86_64.rpm lvm2-device-mapper-2.03.05-150400.188.1.src.rpm libdevmapper1_03-32bit-2.03.05_1.02.163-150400.188.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3542 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for mdadm fixes the following issues: - Make sure initramfs is rebuilt in %posttrans (bsc#1214427) mdadm-4.1-150300.24.30.1.src.rpm mdadm-4.1-150300.24.30.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3461 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for freetype2 fixes the following issues: - CVE-2023-2004: Fixed integer overflow in tt_hvadvance_adjust (bsc#1210419). freetype2-2.10.4-150000.4.15.1.src.rpm freetype2-devel-2.10.4-150000.4.15.1.x86_64.rpm libfreetype6-2.10.4-150000.4.15.1.x86_64.rpm libfreetype6-32bit-2.10.4-150000.4.15.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3641 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for java-11-openjdk fixes the following issues: - Fix a regression where the validation would reject valid zip64 (zip with 64-bit offset extensions) java-11-openjdk-11.0.20.1-150000.3.102.1.src.rpm java-11-openjdk-11.0.20.1-150000.3.102.1.x86_64.rpm java-11-openjdk-demo-11.0.20.1-150000.3.102.1.x86_64.rpm java-11-openjdk-devel-11.0.20.1-150000.3.102.1.x86_64.rpm java-11-openjdk-headless-11.0.20.1-150000.3.102.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3649 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for java-17-openjdk fixes the following issues: - Fix a regression where the validation would reject valid zip64 (zip with 64-bit offset extensions) java-17-openjdk-17.0.8.1-150400.3.30.1.src.rpm java-17-openjdk-17.0.8.1-150400.3.30.1.x86_64.rpm java-17-openjdk-demo-17.0.8.1-150400.3.30.1.x86_64.rpm java-17-openjdk-devel-17.0.8.1-150400.3.30.1.x86_64.rpm java-17-openjdk-headless-17.0.8.1-150400.3.30.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3525 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for keylime fixes the following issues: - CVE-2023-38201: Fixed a bug to avoid leaks of the authorization tag. (bsc#1213314) keylime-6.3.2-150400.4.20.1.src.rpm keylime-agent-6.3.2-150400.4.20.1.noarch.rpm keylime-config-6.3.2-150400.4.20.1.noarch.rpm keylime-firewalld-6.3.2-150400.4.20.1.noarch.rpm keylime-logrotate-6.3.2-150400.4.20.1.noarch.rpm keylime-registrar-6.3.2-150400.4.20.1.noarch.rpm keylime-tpm_cert_store-6.3.2-150400.4.20.1.noarch.rpm keylime-verifier-6.3.2-150400.4.20.1.noarch.rpm python3-keylime-6.3.2-150400.4.20.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3555 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libssh2_org fixes the following issues: - CVE-2020-22218: Fixed a bug in _libssh2_packet_add() which allows to access out of bounds memory. (bsc#1214527) libssh2-1-1.9.0-150000.4.16.1.x86_64.rpm libssh2-devel-1.9.0-150000.4.16.1.x86_64.rpm libssh2_org-1.9.0-150000.4.16.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3778 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for wireshark fixes the following issues: - Wireshark update to v3.6.16. - CVE-2023-4512: Fixed a bug in CBOR dissector which could lead to crash. (bsc#1214561) - CVE-2023-4511: Fixed a bug in BT SDP dissector which could lead to an infinite loop. (bsc#1214560) - CVE-2023-4513: Fixed a bug in BT SDP dissector which could lead to a memory leak. (bsc#1214562) - CVE-2023-2906: Fixed a bug in CP2179 dissector which could lead to crash. (bsc#1214652) libwireshark15-3.6.16-150000.3.100.1.x86_64.rpm libwiretap12-3.6.16-150000.3.100.1.x86_64.rpm libwsutil13-3.6.16-150000.3.100.1.x86_64.rpm wireshark-3.6.16-150000.3.100.1.src.rpm wireshark-3.6.16-150000.3.100.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3523 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed fixes the following issues: Changes in nvidia-open-driver-G06-signed: - Update to version 535.104.05 Changes in kernel-firmware-nvidia-gspx-G06: - update firmware to version 535.104.05 - Obsoletes conflicting kernel-firmware-nvidia-gsp-G06 = 535.86.05 (bsc#1212724) kernel-firmware-nvidia-gspx-G06-535.104.05-150400.9.6.1.nosrc.rpm kernel-firmware-nvidia-gspx-G06-535.104.05-150400.9.6.1.x86_64.rpm nvidia-open-driver-G06-signed-535.104.05-150400.9.17.1.src.rpm nvidia-open-driver-G06-signed-kmp-default-535.104.05_k5.14.21_150400.24.81-150400.9.17.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3507 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for open-vm-tools fixes the following issues: - CVE-2023-20900: Fixed SAML token signature bypass vulnerability (bsc#1214566). This update also ships a open-vm-tools-containerinfo plugin. (jsc#PED-3421) libvmtools-devel-12.2.0-150300.33.1.x86_64.rpm libvmtools0-12.2.0-150300.33.1.x86_64.rpm open-vm-tools-12.2.0-150300.33.1.src.rpm open-vm-tools-12.2.0-150300.33.1.x86_64.rpm open-vm-tools-containerinfo-12.2.0-150300.33.1.x86_64.rpm open-vm-tools-salt-minion-12.2.0-150300.33.1.x86_64.rpm open-vm-tools-sdmp-12.2.0-150300.33.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3635 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for flac fixes the following issues: - CVE-2020-22219: Fixed a buffer overflow in function bitwriter_grow_ which might allow a remote attacker to run arbitrary code via crafted input to the encoder. (bsc#1214615) flac-1.3.2-150000.3.14.1.src.rpm flac-devel-1.3.2-150000.3.14.1.x86_64.rpm libFLAC++6-1.3.2-150000.3.14.1.x86_64.rpm libFLAC8-1.3.2-150000.3.14.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3521 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for python-iniconfig provides python3-iniconfig to SUSE Linux Enterprise Micro 5.2. python-iniconfig-1.1.1-150000.1.11.1.src.rpm python3-iniconfig-1.1.1-150000.1.11.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3852 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libostree fixes the following issues: - Cherry-pick an upstream patch to fix corrupted files when using a large fs with 64-bit inodes (bsc#1214708) libostree-1-1-2021.6-150400.3.6.1.x86_64.rpm libostree-2021.6-150400.3.6.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3556 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for webkit2gtk3 fixes the following issues: - Provide/obsolete WebKit2GTK-%{_apiver}-lang (bsc#1214093) - Have the lang package provide libwebkit2gtk3-lang (bsc#1214093) - Adjustments of update version 2.40.5 (bsc#1213905 bsc#1213379 bsc#1213581): + Added missing CVE references: CVE-2023-32393, CVE-2023-37450 libjavascriptcoregtk-4_0-18-2.40.5-150400.4.48.1.x86_64.rpm libwebkit2gtk-4_0-37-2.40.5-150400.4.48.1.x86_64.rpm typelib-1_0-JavaScriptCore-4_0-2.40.5-150400.4.48.1.x86_64.rpm typelib-1_0-WebKit2-4_0-2.40.5-150400.4.48.1.x86_64.rpm typelib-1_0-WebKit2WebExtension-4_0-2.40.5-150400.4.48.1.x86_64.rpm webkit2gtk-4_0-injected-bundles-2.40.5-150400.4.48.1.x86_64.rpm webkit2gtk3-soup2-2.40.5-150400.4.48.1.src.rpm webkit2gtk3-soup2-devel-2.40.5-150400.4.48.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3561 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update of skopeo fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). skopeo-1.12.0-150300.11.5.1.src.rpm skopeo-1.12.0-150300.11.5.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3557 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update of rekor fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). rekor-1.2.1-150400.4.16.1.src.rpm rekor-1.2.1-150400.4.16.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3560 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update of geoipupdate fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). geoipupdate-4.2.2-150000.1.14.1.src.rpm geoipupdate-4.2.2-150000.1.14.1.x86_64.rpm geoipupdate-legacy-4.2.2-150000.1.14.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3888 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for Golang Prometheus fixes the following issues: golang-github-prometheus-alertmanager: - CVE-2023-29409: Restrict RSA keys in certificates to less than or equal to 8192 bits to avoid DoSing client/server while validating signatures for extremely large RSA keys. (bsc#1213880) There are no direct source changes. The CVE is fixed rebuilding the sources with the patched Go version. golang-github-prometheus-node_exporter: - CVE-2023-29409: Restrict RSA keys in certificates to less than or equal to 8192 bits to avoid DoSing client/server while validating signatures for extremely large RSA keys. (bsc#1213880) There are no direct source changes. The CVE is fixed rebuilding the sources with the patched Go version. golang-github-prometheus-node_exporter-1.5.0-150100.3.26.2.src.rpm golang-github-prometheus-node_exporter-1.5.0-150100.3.26.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3863 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for salt fixes the following issues: Security issues fixed: - CVE-2023-20897: Fixed DOS in minion return. (bsc#1214796, bsc#1213441) - CVE-2023-20898: Fixed Git Providers can read from the wrong environment because they get the same cache directory base name. (bsc#1214797, bsc#1193948) Bugs fixed: - Create minion_id with reproducible mtime - Fix broken tests to make them running in the testsuite - Fix detection of Salt codename by "salt_version" execution module - Fix inconsistency in reported version by egg-info metadata (bsc#1215489) - Fix regression: multiple values for keyword argument 'saltenv' (bsc#1212844) - Fix the regression of user.present state when group is unset (bsc#1212855) - Fix utf8 handling in 'pass' renderer and make it more robust - Fix zypper repositories always being reconfigured - Make sure configured user is properly set by Salt (bsc#1210994) - Prevent possible exceptions on salt.utils.user.get_group_dict (bsc#1212794) - Revert usage of long running REQ channel to prevent possible missing responses on requests and duplicated responses (bsc#1213960, bsc#1213630, bsc#1213257) python3-salt-3006.0-150400.8.44.1.x86_64.rpm True salt-3006.0-150400.8.44.1.src.rpm True salt-3006.0-150400.8.44.1.x86_64.rpm True salt-bash-completion-3006.0-150400.8.44.1.noarch.rpm True salt-doc-3006.0-150400.8.44.1.x86_64.rpm True salt-minion-3006.0-150400.8.44.1.x86_64.rpm True salt-zsh-completion-3006.0-150400.8.44.1.noarch.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2023-3563 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for icu73_2 fixes the following issues: - Update to release 73.2 * CLDR extends the support for “short” Chinese sort orders to cover some additional, required characters for Level 2. This is carried over into ICU collation. * ICU has a modified character conversion table, mapping some GB18030 characters to Unicode characters that were encoded after GB18030-2005. - fixes builds where UCHAR_TYPE is re-defined such as libqt5-qtwebengine - Update to release 73.1 * Improved Japanese and Korean short-text line breaking * Reduction of C++ memory use in date formatting - Update to release 72.1 * Support for Unicode 15, including new characters, scripts, emoji, and corresponding API constants. * Support for CLDR 42 locale data with various additions and corrections. * Shift to tzdb 2022e. Pre-1970 data for a number of timezones has been removed. - bump library packagename to libicu71 to match the version. - update to 71.1: * updates to CLDR 41 locale data with various additions and corrections. * phrase-based line breaking for Japanese. Existing line breaking methods follow standards and conventions for body text but do not work well for short Japanese text, such as in titles and headings. This new feature is optimized for these use cases. * support for Hindi written in Latin letters (hi_Latn). The CLDR data for this increasingly popular locale has been significantly revised and expanded. Note that based on user expectations, hi_Latn incorporates a large amount of English, and can also be referred to as “Hinglish”. * time zone data updated to version 2022a. Note that pre-1970 data for a number of time zones has been removed, as has been the case in the upstream tzdata release since 2021b. - ICU-21793 Fix ucptrietest golden diff [bsc#1192935] - Update to release 70.1: * Unicode 14 (new characters, scripts, emoji, and API constants) * CLDR 40 (many additions and corrections) * Fixes for measurement unit formatting * Can now be built with up to C++20 compilers - ICU-21613 Fix undefined behaviour in ComplexUnitsConverter::applyRounder - Update to release 69.1 * CLDR 39 * For Norwegian, "no" is back to being the canonical code, with "nb" treated as equivalent. This aligns handling of Norwegian with other macro language codes. * Binary prefixes in measurement units (KiB, MiB, etc.) * Time zone offsets from local time: New APIs BasicTimeZone::getOffsetFromLocal() (C++) and ucal_getTimeZoneOffsetFromLocal() - Backport ICU-21366 (bsc#1182645) - Update to release 68.2 * Fix memory problem in FormattedStringBuilder * Fix assertion when setKeywordValue w/ long value. * Fix UBSan breakage on 8bit of rbbi * fix int32_t overflow in listFormat * Fix memory handling in MemoryPool::operator=() * Fix memory leak in AliasReplacer - Add back icu.keyring, see https://unicode-org.atlassian.net/browse/ICU-21361 Update to release 68.1: * CLDR 38 * Measurement unit preferences * PluralRules selection for ranges of numbers * Locale ID canonicalization now conforms to the CLDR spec including edge cases * DateIntervalFormat supports output options such as capitalization * Measurement units are normalized in skeleton string output * Time zone data (tzdata) version 2020d - Add the provides for libicu to Make .Net core can install successfully. (bsc#1167603, bsc#1161007) Update to version 67.1: * Unicode 13 (ICU-20893, same as in ICU 66) + Total of 5930 new characters + 4 new scripts + 55 new emoji characters, plus additional new sequences + New CJK extension, first characters in plane 3: U+30000..U+3134A * CLDR 37 + New language at Modern coverage: Nigerian Pidgin + New languages at Basic coverage: Fulah (Adlam), Maithili, Manipuri, Santali, Sindhi (Devanagari), Sundanese + Region containment: EU no longer includes GB + Unicode 13 root collation data and Chinese data for collation and transliteration * DateTimePatternGenerator now obeys the "hc" preference in the locale identifier (ICU-20442) * Various other improvements for ECMA-402 conformance * Number skeletons have a new "concise" form that can be used in MessageFormat strings (ICU-20418) * Currency formatting options for formal and other currency display name variants (ICU-20854) * ListFormatter: new public API to select the style & type (ICU-12863) * ListFormatter now selects the proper “and”/“or” form for Spanish & Hebrew (ICU-21016) * Locale ID canonicalization upgraded to implement the complete CLDR spec (ICU-20834, ICU-20272) * LocaleMatcher: New option to ignore one-way matches (ICU-20936), and other tweaks to the code (ICU-20916, ICU-20917) and data (from CLDR) * acceptLanguage() reimplemented via LocaleMatcher (ICU-20700) * Data build tool: tzdbNames.res moved from the "zone_tree" category to the "zone_supplemental" category (ICU-21073) * Fixed uses of u8"literals" broken by the C++20 introduction of the incompatible char8_t type (ICU-20972), * and added a few API overloads to reduce the need for reinterpret_cast (ICU-20984). * Support for manipulating CLDR 37 unit identifiers in MeasureUnit. * Fix potential integer overflow in UnicodeString:doAppend (bsc#1166844, CVE-2020-10531). Update to version 66.1: * Unicode 13 support * Fix uses of u8"literals" broken by C++20 introduction of incompatible char8_t type. (ICU-20972) * use LocalMemory for cmd to prevent use after free (bsc#1193951 CVE-2020-21913). - Remove /usr/lib(64)/icu/current [bsc#1158955]. Update to release 65.1 (jsc#SLE-11118): * Updated to CLDR 36 locale data with many additions and corrections, and some new measurement units. * The Java LocaleMatcher API is improved, and ported to C++. icu73_2-73.2-150000.1.3.1.src.rpm libicu73_2-73.2-150000.1.3.1.x86_64.rpm libicu73_2-devel-73.2-150000.1.3.1.x86_64.rpm libicu73_2-doc-73.2-150000.1.3.1.x86_64.rpm libicu73_2-ledata-73.2-150000.1.3.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3529 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for busybox fixes the following issues: - CVE-2022-48174: Fixed stack overflow vulnerability. (bsc#1214538) busybox-1.35.0-150400.3.11.1.src.rpm busybox-1.35.0-150400.3.11.1.x86_64.rpm busybox-static-1.35.0-150400.3.11.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3780 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for hidapi ships the missing libhidapi-raw0 library to SLE and Leap Micro 5.3 and 5.4. hidapi-0.10.1-150300.3.2.1.src.rpm libhidapi-devel-0.10.1-150300.3.2.1.x86_64.rpm libhidapi-hidraw0-0.10.1-150300.3.2.1.x86_64.rpm libhidapi-libusb0-0.10.1-150300.3.2.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3953 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for mdadm fixes the following issues: - CVE-2023-28736: Fixed a buffer overflow (bsc#1214244). - CVE-2023-28938: Fixed uncontrolled resource consumption (bsc#1214245). mdadm-4.1-150300.24.33.1.src.rpm mdadm-4.1-150300.24.33.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3822 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for supportutils fixes the following issues: Security fixes: - CVE-2022-45154: Removed iSCSI passwords (bsc#1207598). Other Fixes: - Changes in version 3.1.26 + powerpc plugin to collect the slots and active memory (bsc#1210950) + A Cleartext Storage of Sensitive Information vulnerability CVE-2022-45154 + supportconfig: collect BPF information (pr#154) + Added additional iscsi information (pr#155) - Added run time detection (bsc#1213127) - Changes for supportutils version 3.1.25 + Removed iSCSI passwords CVE-2022-45154 (bsc#1207598) + powerpc: Collect lsslot,amsstat, and opal elogs (pr#149) + powerpc: collect invscout logs (pr#150) + powerpc: collect RMC status logs (pr#151) + Added missing nvme nbft commands (bsc#1211599) + Fixed invalid nvme commands (bsc#1211598) + Added missing podman information (PED-1703, bsc#1181477) + Removed dependency on sysfstools + Check for systool use (bsc#1210015) + Added selinux checking (bsc#1209979) + Updated SLES_VER matrix - Fixed missing status detail for apparmor (bsc#1196933) - Corrected invalid argument list in docker.txt (bsc#1206608) - Applies limit equally to sar data and text files (bsc#1207543) - Collects hwinfo hardware logs (bsc#1208928) - Collects lparnumascore logs (issue#148) - Add dependency to `numactl` on ppc64le and `s390x`, this enforces that `numactl --hardware` data is provided in supportconfigs - Changes to supportconfig.rc version 3.1.11-35 + Corrected _sanitize_file to include iscsi.conf and others (bsc#1206402) - Changes to supportconfig version 3.1.11-46.4 + Added plymouth_info - Changes to getappcore version 1.53.02 + The location of chkbin was updated earlier. This documents that change (bsc#1205533, bsc#1204942) supportutils-3.1.26-150300.7.35.21.1.noarch.rpm supportutils-3.1.26-150300.7.35.21.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3973 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for zypper fixes the following issues: - Fix name of the bash completion script (bsc#1215007) - Update notes about failing signature checks (bsc#1214395) - Improve the SIGINT handler to be signal safe (bsc#1214292) - Update to version 1.14.64 - Changed location of bash completion script (bsc#1213854). zypper-1.14.64-150400.3.32.1.src.rpm True zypper-1.14.64-150400.3.32.1.x86_64.rpm True zypper-log-1.14.64-150400.3.32.1.noarch.rpm True zypper-needs-restarting-1.14.64-150400.3.32.1.noarch.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2023-3683 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. NOTE: This update was retracted due to severe USB problems. The following security bugs were fixed: - CVE-2023-37453: Fixed oversight in SuperSpeed initialization (bsc#1213123). - CVE-2023-4569: Fixed information leak in nft_set_catchall_flush in net/netfilter/nf_tables_api.c (bsc#1214729). - CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work() (bsc#1213971). - CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927). - CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451). - CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601). - CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666). - CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448). - CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that could allow a local attacker to crash the system due to a double-free (bsc#1214350). - CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation (bsc#1213580). - CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149). - CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214120). - CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1213968). - CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970). - CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546). - CVE-2023-4194: Fixed a type confusion in net tun_chr_open() (bsc#1214019). The following non-security bugs were fixed: - acpi: processor: perflib: avoid updating frequency qos unnecessarily (git-fixes). - acpi: processor: perflib: use the "no limit" frequency qos (git-fixes). - acpi: x86: s2idle: fix a logic error parsing amd constraints table (git-fixes). - alsa: ac97: fix possible error value of *rac97 (git-fixes). - alsa: hda/cs8409: support new dell dolphin variants (git-fixes). - alsa: hda/realtek - remodified 3k pull low procedure (git-fixes). - alsa: hda/realtek: add quirk for hp victus 16-d1xxx to enable mute led (git-fixes). - alsa: hda/realtek: add quirk for mute leds on hp envy x360 15-eu0xxx (git-fixes). - alsa: hda/realtek: add quirks for hp g11 laptops (git-fixes). - alsa: hda/realtek: switch dell oasis models to use spi (git-fixes). - alsa: pcm: fix missing fixup call in compat hw_refine ioctl (git-fixes). - alsa: usb-audio: add support for mythware xa001au capture and playback interfaces (git-fixes). - alsa: usb-audio: fix init call orders for uac1 (git-fixes). - alsa: ymfpci: fix the missing snd_card_free() call at probe error (git-fixes). - amba: bus: fix refcount leak (git-fixes). - arm64: dts: imx8mn-var-som: add missing pull-up for onboard phy reset pinmux (git-fixes). - arm64: dts: qcom: qrb5165-rb5: fix thermal zone conflict (git-fixes). - arm64: dts: rockchip: disable hs400 for emmc on rock pi 4 (git-fixes). - arm: dts: imx6dl: prtrvt, prtvt7, prti6q, prtwd2: fix usb related warnings (git-fixes). - arm: dts: imx6sll: fixup of operating points (git-fixes). - arm: spear: do not use timer namespace for timer_shutdown() function (bsc#1213970). - asoc: lower "no backend dais enabled for ... port" log severity (git-fixes). - asoc: meson: axg-tdm-formatter: fix channel slot allocation (git-fixes). - asoc: rt5665: add missed regulator_bulk_disable (git-fixes). - asoc: sof: intel: fix soundwire/hdaudio mutual exclusion (git-fixes). - asoc: stac9766: fix build errors with regmap_ac97 (git-fixes). - asoc: tegra: fix sfc conversion for few rates (git-fixes). - audit: fix possible soft lockup in __audit_inode_child() (git-fixes). - backlight/bd6107: compare against struct fb_info.device (git-fixes). - backlight/gpio_backlight: compare against struct fb_info.device (git-fixes). - backlight/lv5207lp: compare against struct fb_info.device (git-fixes). - batman-adv: do not get eth header before batadv_check_management_packet (git-fixes). - batman-adv: do not increase mtu when set by user (git-fixes). - batman-adv: fix batadv_v_ogm_aggr_send memory leak (git-fixes). - batman-adv: fix tt global entry leak when client roamed back (git-fixes). - batman-adv: trigger events for auto adjusted mtu (git-fixes). - bluetooth: btusb: add mt7922 bluetooth id for the asus ally (git-fixes). - bluetooth: btusb: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - bluetooth: fix potential use-after-free when clear keys (git-fixes). - bluetooth: l2cap: fix use-after-free (git-fixes). - bluetooth: l2cap: fix use-after-free in l2cap_sock_ready_cb (git-fixes). - bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() (git-fixes). - bluetooth: remove unused declaration amp_read_loc_info() (git-fixes). - bnx2x: fix page fault following eeh recovery (bsc#1214299). - bpf: disable preemption in bpf_event_output (git-fixes). - bus: ti-sysc: fix build warning for 64-bit build (git-fixes). - bus: ti-sysc: fix cast to enum warning (git-fixes). - bus: ti-sysc: flush posted write on enable before reset (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): count rx overflow errors also in case of oom (git-fixes). - ceph: defer stopping mdsc delayed_work (bsc#1214392). - ceph: do not check for quotas on mds stray dirs (bsc#1214238). - ceph: never send metrics if disable_send_metrics is set (bsc#1214180). - check-for-config-changes: ignore builtin_return_address_strips_pac (bsc#1214380). gcc7 on sle 15 does not support this while later gcc does. - cifs: add missing return value check for cifs_sb_tlink (bsc#1193629). - cifs: allow dumping keys for directories too (bsc#1193629). - cifs: fix mid leak during reconnection after timeout threshold (git-fixes). - cifs: if deferred close is disabled then close files immediately (git-fixes). - cifs: is_network_name_deleted should return a bool (bsc#1193629). - cifs: update internal module version number for cifs.ko (bsc#1193629). - clk: fix slab-out-of-bounds error in devm_clk_release() (git-fixes). - clk: fix undefined reference to `clk_rate_exclusive_{get,put}' (git-fixes). - clk: imx8mp: fix sai4 clock (git-fixes). - clk: imx: composite-8m: fix clock pauses when set_rate would be a no-op (git-fixes). - clk: imx: pll14xx: dynamically configure pll for 393216000/361267200hz (git-fixes). - clk: qcom: camcc-sc7180: fix async resume during probe (git-fixes). - clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock (git-fixes). - clk: qcom: gcc-sc7180: fix up gcc_sdcc2_apps_clk_src (git-fixes). - clk: qcom: gcc-sm8250: fix gcc_sdcc2_apps_clk_src (git-fixes). - clk: sunxi-ng: modify mismatched function name (git-fixes). - clocksource/drivers/arm_arch_timer: do not use timer namespace for timer_shutdown() function (bsc#1213970). - clocksource/drivers/sp804: do not use timer namespace for timer_shutdown() function (bsc#1213970). - config_nvme_verbose_errors=y gone with a82baa8083b - config_printk_safe_log_buf_shift=13 gone with 7e152d55123 - cpu/smt: allow enabling partial smt states via sysfs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/smt: create topology_smt_thread_allowed() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/smt: move smt prototypes into cpu_smt.h (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/smt: move smt/control simple exit cases earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/smt: remove topology_smt_supported() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/smt: store the current/max number of threads (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpufreq: fix the race condition while updating the transition_task of policy (git-fixes). - cpufreq: intel_pstate: adjust balance_performance epp for sapphire rapids (bsc#1214659). - cpufreq: intel_pstate: enable hwp io boost for all servers (bsc#1208949 jsc#ped-6003 jsc#ped-6004). - cpufreq: intel_pstate: fix scaling for hybrid-capable systems with disabled e-cores (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). - cpufreq: intel_pstate: hybrid: rework hwp calibration (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). - cpufreq: intel_pstate: hybrid: use known scaling factor for p-cores (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). - cpufreq: intel_pstate: read all msrs on the target cpu (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). - created new preempt kernel flavor configs are cloned from the respective $arch/default configs. all changed configs appart from config_preempt->y are a result of dependencies, namely many lock/unlock primitives are no longer inlined in the preempt kernel. tree_rcu has been also changed to preempt_rcu which is the default implementation for preempt kernel. - crypto: caam - fix unchecked return value error (git-fixes). - crypto: stm32 - properly handle pm_runtime_get failing (git-fixes). - dma-buf/sw_sync: avoid recursive lock during fence signal (git-fixes). - dma-buf/sync_file: fix docs syntax (git-fixes). - dmaengine: idxd: modify the dependence of attribute pasid_enabled (git-fixes). - dmaengine: mcf-edma: fix a potential un-allocated memory access (git-fixes). - dmaengine: pl330: return dma_paused when transaction is paused (git-fixes). - dmaengine: ste_dma40: add missing irq check in d40_probe (git-fixes). - docs/process/howto: replace c89 with c11 (bsc#1214756). - docs: kernel-parameters: refer to the correct bitmap function (git-fixes). - docs: networking: replace skb_hwtstamp_tx with skb_tstamp_tx (git-fixes). - docs: printk-formats: fix hex printing of signed values (git-fixes). - documentation: devices.txt: fix minors for ttycpm* (git-fixes). - documentation: devices.txt: remove ttyioc* (git-fixes). - documentation: devices.txt: remove ttysioc* (git-fixes). - driver core: test_async: fix an error code (git-fixes). - drivers: clk: keystone: fix parameter judgment in _of_pll_clk_init() (git-fixes). - drivers: usb: smsusb: fix error handling code in smsusb_init_device (git-fixes). - drm/amd/display: check attr flag before set cursor degamma on dcn3+ (git-fixes). - drm/amd/display: check tg is non-null before checking if enabled (git-fixes). - drm/amd/display: do not wait for mpc idle if tg is disabled (git-fixes). - drm/amd/display: fix access hdcp_workqueue assert (git-fixes). - drm/amd/display: phase3 mst hdcp for multiple displays (git-fixes). - drm/amd/display: save restore hdcp state when display is unplugged from mst hub (git-fixes). - drm/amd/pm: fix variable dereferenced issue in amdgpu_device_attr_create() (git-fixes). - drm/amd: flush any delayed gfxoff on suspend entry (git-fixes). - drm/amdgpu: avoid integer overflow warning in amdgpu_device_resize_fb_bar() (git-fixes). - drm/amdgpu: fix potential fence use-after-free v2 (git-fixes). - drm/amdgpu: install stub fence into potential unused fence pointers (git-fixes). - drm/amdgpu: use rmw accessors for changing lnkctl (git-fixes). - drm/armada: fix off-by-one error in armada_overlay_get_property() (git-fixes). - drm/ast: fix dram init on ast2200 (git-fixes). - drm/bridge: anx7625: drop device lock before drm_helper_hpd_irq_event() (git-fixes). - drm/bridge: fix -wunused-const-variable= warning (git-fixes). - drm/bridge: tc358764: fix debug print parameter order (git-fixes). - drm/etnaviv: fix dumping of active mmu context (git-fixes). - drm/mediatek: fix dereference before null check (git-fixes). - drm/mediatek: fix potential memory leak if vmap() fail (git-fixes). - drm/msm/a2xx: call adreno_gpu_init() earlier (git-fixes). - drm/msm/mdp5: do not leak some plane state (git-fixes). - drm/nouveau/disp: revert a null check inside nouveau_connector_get_modes (git-fixes). - drm/nouveau/gr: enable memory loads on helper invocation on all channels (git-fixes). - drm/panel: simple: add missing connector type and pixel format for auo t215hvn01 (git-fixes). - drm/panel: simple: fix auo g121ean01 panel timings according to the docs (git-fixes). - drm/qxl: fix uaf on handle creation (git-fixes). - drm/radeon: use rmw accessors for changing lnkctl (git-fixes). - drm/rockchip: do not spam logs in atomic check (git-fixes). - drm/shmem-helper: reset vma->vm_ops before calling dma_buf_mmap() (git-fixes). - drm/tegra: dpaux: fix incorrect return value of platform_get_irq (git-fixes). - drm/ttm: check null pointer before accessing when swapping (git-fixes). - drm/ttm: never consider pinned bos for eviction&swap (git-fixes). - drm/vmwgfx: fix shader stage validation (git-fixes). - drm: xlnx: zynqmp_dpsub: add missing check for dma_set_mask (git-fixes). - drop cfg80211 lock fix patches that caused a regression (bsc#1213757) - drop rtsx patch that caused a regression (bsc#1214397,bsc#1214428) - dt-bindings: clock: xlnx,versal-clk: drop select:false (git-fixes). - dt-bindings: clocks: imx8mp: make sai4 a dummy clock (git-fixes). - dt-bindings: crypto: ti,sa2ul: make power-domains conditional (git-fixes). - e1000: fix typos in comments (jsc#ped-5738). - e1000: remove unnecessary use of kmap_atomic() (jsc#ped-5738). - e1000: switch to napi_build_skb() (jsc#ped-5738). - e1000: switch to napi_consume_skb() (jsc#ped-5738). - enable analog devices industrial ethernet phy driver (jsc#ped-4759) - exfat: fix unexpected eof while reading dir (bsc#1214000). - exfat: release s_lock before calling dir_emit() (bsc#1214000). - exfat_iterate(): do not open-code file_inode(file) (bsc#1214000). - fbdev/ep93xx-fb: do not assign to struct fb_info.dev (git-fixes). - fbdev: fix potential oob read in fast_imageblit() (git-fixes). - fbdev: fix sys_imageblit() for arbitrary image widths (git-fixes). - fbdev: improve performance of sys_imageblit() (git-fixes). - fbdev: mmp: fix value check in mmphw_probe() (git-fixes). - file: reinstate f_pos locking optimization for regular files (bsc#1213759). - firmware: arm_scmi: drop of node reference in the transport channel setup (git-fixes). - firmware: cs_dsp: fix new control name check (git-fixes). - firmware: meson_sm: fix to avoid potential null pointer dereference (git-fixes). - firmware: stratix10-svc: fix an null vs is_err() bug in probe (git-fixes). - fs/sysv: null check to prevent null-ptr-deref bug (git-fixes). - ftrace: fix possible warning on checking all pages used in ftrace_process_locs() (git-fixes). - gpio: mvebu: fix irq domain leak (git-fixes). - gpio: mvebu: make use of devm_pwmchip_add (git-fixes). - gpio: tps68470: make tps68470_gpio_output() always set the initial value (git-fixes). - hid: add quirk for 03f0:464a hp elite presenter mouse (git-fixes). - hid: logitech-dj: fix error handling in logi_dj_recv_switch_to_dj_mode() (git-fixes). - hid: logitech-hidpp: add usb and bluetooth ids for the logitech g915 tkl keyboard (git-fixes). - hid: multitouch: correct devm device reference for hidinput input_dev name (git-fixes). - hid: wacom: remove the battery when the ekr is off (git-fixes). - hwmon: (pmbus/bel-pfe) enable pmbus_skip_status_check for pfe1100 (git-fixes). - hwmon: (tmp513) fix the channel number in tmp51x_is_visible() (git-fixes). - hwpoison: offline support: fix spelling in documentation/abi/ (git-fixes). - hwrng: iproc-rng200 - implement suspend and resume calls (git-fixes). - hwrng: nomadik - keep clock enabled while hwrng is registered (git-fixes). - hwrng: pic32 - use devm_clk_get_enabled (git-fixes). - i2c: bcm-iproc: fix bcm_iproc_i2c_isr deadlock issue (git-fixes). - i2c: designware: correct length byte validation logic (git-fixes). - i2c: designware: handle invalid smbus block data response length value (git-fixes). - i2c: hisi: only handle the interrupt of the driver's transfer (git-fixes). - i2c: improve size determinations (git-fixes). - i2c: nomadik: remove a useless call in the remove function (git-fixes). - i2c: nomadik: remove unnecessary goto label (git-fixes). - i2c: nomadik: use devm_clk_get_enabled() (git-fixes). - i40e: fix an null vs is_err() bug for debugfs_create_dir() (git-fixes). - iavf: fix potential races for fdir filters (git-fixes). - ib/hfi1: fix possible panic during hotplug remove (git-fixes) - ib/uverbs: fix an potential error pointer dereference (git-fixes) - ice: fix max_rate check while configuring tx rate limits (git-fixes). - ice: fix memory management in ice_ethtool_fdir.c (git-fixes). - ice: fix rdma vsi removal during queue rebuild (git-fixes). - iio: adc: ina2xx: avoid null pointer dereference on of device match (git-fixes). - iio: adc: stx104: implement and utilize register structures (git-fixes). - iio: adc: stx104: utilize iomap interface (git-fixes). - iio: cros_ec: fix the allocation size for cros_ec_command (git-fixes). - input: exc3000 - properly stop timer on shutdown (git-fixes). - intel/e1000:fix repeated words in comments (jsc#ped-5738). - intel: remove unused macros (jsc#ped-5738). - iommu/amd: add pci segment support for ivrs_ commands (git-fixes). - iommu/amd: fix compile warning in init code (git-fixes). - iommu/amd: fix ill-formed ivrs_ioapic, ivrs_hpet and ivrs_acpihid options (git-fixes). - iommu/amd: fix ivrs_acpihid cmdline parsing code (git-fixes). - iommu/amd: fix pci device refcount leak in ppr_notifier() (git-fixes). - iommu/amd: use full 64-bit value in build_completion_wait() (git-fixes). - iommu/arm-smmu-v3: check return value after calling platform_get_resource() (git-fixes). - iommu/arm-smmu-v3: fix event handling soft lockup (git-fixes). - iommu/arm-smmu-v3: make default domain type of hisilicon ptt device to identity (git-fixes). - iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe() (git-fixes). - iommu/dart: initialize dart_streams_enable (git-fixes). - iommu/dma: fix incorrect error return on iommu deferred attach (git-fixes). - iommu/dma: fix iova map result check bug (git-fixes). - iommu/dma: return error code from iommu_dma_map_sg() (git-fixes). - iommu/fsl_pamu: fix resource leak in fsl_pamu_probe() (git-fixes). - iommu/io-pgtable-arm-v7s: add a quirk to allow pgtable pa up to 35bit (git-fixes). - iommu/iova: fix module config properly (git-fixes). - iommu/omap: fix buffer overflow in debugfs (git-fixes). - iommu/rockchip: fix permission bits in page table entries v2 (git-fixes). - iommu/sun50i: consider all fault sources for reset (git-fixes). - iommu/sun50i: fix flush size (git-fixes). - iommu/sun50i: fix r/w permission check (git-fixes). - iommu/sun50i: fix reset release (git-fixes). - iommu/sun50i: implement .iotlb_sync_map (git-fixes). - iommu/sun50i: remove iommu_domain_identity (git-fixes). - iommu/vt-d: add rpls to quirk list to skip te disabling (git-fixes). - iommu/vt-d: check correct capability for sagaw determination (git-fixes). - iommu/vt-d: clean up si_domain in the init_dmars() error path (git-fixes). - iommu/vt-d: correctly calculate sagaw value of iommu (git-fixes). - iommu/vt-d: fix kdump kernels boot failure with scalable mode (git-fixes). - iommu/vt-d: fix pci device refcount leak in dmar_dev_scope_init() (git-fixes). - iommu/vt-d: fix pci device refcount leak in has_external_pci() (git-fixes). - iommu/vt-d: preset access bit for iova in fl non-leaf paging entries (git-fixes). - iommu/vt-d: set sre bit only when hardware has srs cap (git-fixes). - ipmi:ssif: add check for kstrdup (git-fixes). - ipmi:ssif: fix a memory leak when scanning for an adapter (git-fixes). - ipmi_si: fix a memleak in try_smi_init() (git-fixes). - jffs2: correct logic when creating a hole in jffs2_write_begin (git-fixes). - kabi/severities: ignore newly added srso mitigation functions - kabi: allow extra bugsints (bsc#1213927). - kbuild: add -wno-shift-negative-value where -wextra is used (bsc#1214756). - kbuild: move to -std=gnu11 (bsc#1214756). - kernel-binary: common dependencies cleanup common dependencies are copied to a subpackage, there is no need for copying defines or build dependencies there. - kernel-binary: drop code for kerntypes support kerntypes was a suse-specific feature dropped before sle 12. - kunit: make kunit_test_timeout compatible with comment (git-fixes). - kvm: s390: fix sthyi error handling (git-fixes bsc#1214370). - leds: fix bug_on check for led_color_id_multi that is always false (git-fixes). - leds: multicolor: use rounded division when calculating color components (git-fixes). - leds: pwm: fix error code in led_pwm_create_fwnode() (git-fixes). - leds: trigger: tty: do not use led_on/off constants, use led_blink_set_oneshot instead (git-fixes). - leds: turris-omnia: drop unnecessary mutex locking (git-fixes). - lib/test_meminit: allocate pages up to order max_order (git-fixes). - lib/test_meminit: destroy cache in kmem_cache_alloc_bulk() test (git-fixes). - libceph: fix potential hang in ceph_osdc_notify() (bsc#1214393). - md/raid0: factor out helper for mapping and submitting a bio (bsc#1213916). - md/raid0: fix performance regression for large sequential writes (bsc#1213916). - media: ad5820: drop unsupported ad5823 from i2c_ and of_device_id tables (git-fixes). - media: cx24120: add retval check for cx24120_message_send() (git-fixes). - media: dib7000p: fix potential division by zero (git-fixes). - media: dvb-usb: m920x: fix a potential memory leak in m920x_i2c_xfer() (git-fixes). - media: go7007: remove redundant if statement (git-fixes). - media: i2c: ccs: check rules is non-null (git-fixes). - media: i2c: rdacm21: fix uninitialized value (git-fixes). - media: i2c: tvp5150: check return value of devm_kasprintf() (git-fixes). - media: ov2680: add ov2680_fill_format() helper function (git-fixes). - media: ov2680: do not take the lock for try_fmt calls (git-fixes). - media: ov2680: fix ov2680_bayer_order() (git-fixes). - media: ov2680: fix ov2680_set_fmt() which == v4l2_subdev_format_try not working (git-fixes). - media: ov2680: fix regulators being left enabled on ov2680_power_on() errors (git-fixes). - media: ov2680: fix vflip / hflip set functions (git-fixes). - media: ov2680: remove video_v4l2_subdev_api ifdef-s (git-fixes). - media: ov5640: enable mipi interface in ov5640_set_power_mipi() (git-fixes). - media: rkvdec: increase max supported height for h.264 (git-fixes). - media: v4l2-core: fix a potential resource leak in v4l2_fwnode_parse_link() (git-fixes). - media: v4l2-mem2mem: add lock to protect parameter num_rdy (git-fixes). - media: venus: hfi_venus: only consider sys_idle_indicator on v1 (git-fixes). - media: venus: hfi_venus: write to vidc_ctrl_init after unmasking interrupts (git-fixes). - misc: rtsx: judge aspm mode to set petxcfg reg (git-fixes). - mkspec: allow unsupported kmps (bsc#1214386) - mlxsw: pci: add shutdown method in pci driver (git-fixes). - mmc: block: fix in_flight[issue_type] value error (git-fixes). - mmc: moxart: read scr register without changing byte order (git-fixes). - mmc: wbsd: fix double mmc_free_host() in wbsd_init() (git-fixes). - module: avoid allocation if module is already present and ready (bsc#1213921). - module: extract patient module check into helper (bsc#1213921). - module: move check_modinfo() early to early_mod_check() (bsc#1213921). - module: move early sanity checks into a helper (bsc#1213921). - move upstreamed hid patch into sorted section - move upstreamed powerpc patches into sorted section - mtd: rawnand: brcmnand: fix crash during the panic_write (git-fixes). - mtd: rawnand: brcmnand: fix mtd oobsize (git-fixes). - mtd: rawnand: brcmnand: fix potential false time out warning (git-fixes). - mtd: rawnand: brcmnand: fix potential out-of-bounds access in oob write (git-fixes). - mtd: rawnand: fsl_upm: fix an off-by one test in fun_exec_op() (git-fixes). - mtd: rawnand: fsmc: handle clk prepare error in fsmc_nand_resume() (git-fixes). - mtd: rawnand: omap_elm: fix incorrect type in assignment (git-fixes). - mtd: rawnand: rockchip: align hwecc vs. raw page helper layouts (git-fixes). - mtd: rawnand: rockchip: fix oobfree offset and description (git-fixes). - mtd: spi-nor: check bus width while setting qe bit (git-fixes). - mtd: spinand: toshiba: fix ecc_get_status (git-fixes). - n_tty: rename tail to old_tail in n_tty_read() (git-fixes). - net: hns3: fix wrong bw weight of disabled tc issue (git-fixes). - net: ieee802154: at86rf230: stop leaking skb's (git-fixes). - net: mana: fix mana vf unload when hardware is unresponsive (git-fixes). - net: phy: at803x: remove set/get wol callbacks for ar8032 (git-fixes). - net: phy: broadcom: stub c45 read/write for 54810 (git-fixes). - net: phy: fix irq-based wake-on-lan over hibernate / power off (git-fixes). - net: usb: lan78xx: reorder cleanup operations to avoid uaf bugs (git-fixes). - net: usbnet: fix warning in usbnet_start_xmit/usb_submit_urb (git-fixes). - netfs: fix lockdep warning from taking sb_writers whilst holding mmap_lock (bsc#1214742). - netfs: fix missing xas_retry() calls in xarray iteration (bsc#1213946). - netfs: fix parameter of cleanup() (bsc#1214743). - nfsd: remove incorrect check in nfsd4_validate_stateid (git-fixes). - nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput (git-fixes). - nilfs2: fix warning in mark_buffer_dirty due to discarded buffer reuse (git-fixes). - nvme-rdma: fix potential unbalanced freeze & unfreeze (bsc#1208902). - nvme-tcp: fix potential unbalanced freeze & unfreeze (bsc#1208902). - objtool/x86: fix srso mess (git-fixes). - objtool/x86: fixup frame-pointer vs rethunk (git-fixes). - objtool: union instruction::{call_dest,jump_table} (git-fixes). - old-flavors: drop 2.6 kernels. 2.6 based kernels are eol, upgrading from them is no longer suported. - pci/aspm: avoid link retraining race (git-fixes). - pci/aspm: factor out pcie_wait_for_retrain() (git-fixes). - pci/aspm: return 0 or -etimedout from pcie_retrain_link() (git-fixes). - pci: acpiphp: reassign resources on bridge if necessary (git-fixes). - pci: acpiphp: use pci_assign_unassigned_bridge_resources() only for non-root bus (git-fixes). - pci: mark nvidia t4 gpus to avoid bus reset (git-fixes). - pci: meson: remove cast between incompatible function type (git-fixes). - pci: microchip: correct the ded and sec interrupt bit offsets (git-fixes). - pci: microchip: remove cast between incompatible function type (git-fixes). - pci: pciehp: use rmw accessors for changing lnkctl (git-fixes). - pci: rockchip: remove writes to unused registers (git-fixes). - pci: s390: fix use-after-free of pci resources with per-function hotplug (git-fixes). - pci: tegra194: fix possible array out of bounds access (git-fixes). - pcmcia: rsrc_nonstatic: fix memory leak in nonstatic_release_resource_db() (git-fixes). - phy/rockchip: inno-hdmi: do not power on rk3328 post pll on reg write (git-fixes). - phy/rockchip: inno-hdmi: round fractal pixclock in rk3328 recalc_rate (git-fixes). - phy/rockchip: inno-hdmi: use correct vco_div_5 macro on rk3328 (git-fixes). - phy: qcom-snps-femto-v2: keep cfg_ahb_clk enabled during runtime suspend (git-fixes). - phy: qcom-snps-femto-v2: properly enable ref clock (git-fixes). - phy: qcom-snps: correct struct qcom_snps_hsphy kerneldoc (git-fixes). - phy: qcom-snps: use dev_err_probe() to simplify code (git-fixes). - pinctrl: cherryview: fix address_space_handler() argument (git-fixes). - pinctrl: mcp23s08: check return value of devm_kasprintf() (git-fixes). - pinctrl: renesas: rza2: add lock around pinctrl_generic{{add,remove}_group,{add,remove}_function} (git-fixes). - platform/x86: dell-sysman: fix reference leak (git-fixes). - pm / devfreq: fix leak in devfreq_dev_release() (git-fixes). - powerpc/64e: fix kexec build error (bsc#1212091 ltc#199106). - powerpc/iommu: do not set failed sg dma_address to dma_mapping_error (bsc#1212091 ltc#199106). - powerpc/iommu: fix iommu_table_in_use for a small default dma window case (bsc#1212091 ltc#199106). - powerpc/iommu: incorrect ddw table is referenced for sr-iov device (bsc#1212091 ltc#199106). - powerpc/iommu: return error code from .map_sg() ops (bsc#1212091 ltc#199106). - powerpc/iommu: tces are incorrectly manipulated with dlpar add/remove of memory (bsc#1212091 ltc#199106). - powerpc/kernel/iommu: add new iommu_table_in_use() helper (bsc#1212091 ltc#199106). - powerpc/kexec: fix build failure from uninitialised variable (bsc#1212091 ltc#199106). - powerpc/mm/altmap: fix altmap boundary check (bsc#1120059 git-fixes). - powerpc/pseries/ddw: do not try direct mapping with persistent memory and one window (bsc#1212091 ltc#199106). - powerpc/pseries/ddw: simplify enable_ddw() (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: add ddw_list_new_entry() helper (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: add ddw_property_create() and refactor enable_ddw() (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: add iommu_pseries_alloc_table() helper (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: add of_node_put() before break (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: allow ddw windows starting at 0x00 (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: check if the default window in use before removing it (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: create huge dma window if no mmio32 is present (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: find existing ddw with given property name (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: make use of ddw for indirect mapping (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: print ibm,query-pe-dma-windows parameters (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: rename "direct window" to "dma window" (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: reorganize iommu_table_setparms*() with new helper (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: replace hard-coded page shift (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: update remove_dma_window() to accept property name (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: use correct vfree for it_map (bsc#1212091 ltc#199106). - powerpc/pseries: add __init attribute to eligible functions (bsc#1212091 ltc#199106). - powerpc/pseries: honour current smt state when dlpar onlining cpus (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - powerpc/pseries: initialise cpu hotplug callbacks earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - powerpc/rtas: block error injection when locked down (bsc#1023051). - powerpc/rtas: enture rtas_call is called with mmu enabled (bsc#1023051). - powerpc/rtas_flash: allow user copy to flash block cache objects (bsc#1194869). - powerpc/security: fix speculation_store_bypass reporting on power10 (bsc#1188885 ltc#193722 git-fixes). - powerpc: add hotplug_smt support (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). update config files. - powerpc: fix typos in comments (bsc#1212091 ltc#199106). - powerpc: move dma64_propname define to a header (bsc#1214297 ltc#197503). - pseries/iommu/ddw: fix kdump to work in absence of ibm,dma-window (bsc#1214297 ltc#197503). - pstore/ram: check start of empty przs during init (git-fixes). - pwm: add a stub for devm_pwmchip_add() (git-fixes). - pwm: meson: fix handling of period/duty if greater than uint_max (git-fixes). - pwm: meson: simplify duplicated per-channel tracking (git-fixes). - qed: fix scheduling in a tasklet while getting stats (git-fixes). - rdma/bnxt_re: fix error handling in probe failure path (git-fixes) - rdma/bnxt_re: fix max_qp count for virtual functions (git-fixes) - rdma/efa: fix wrong resources deallocation order (git-fixes) - rdma/hns: fix cq and qp cache affinity (git-fixes) - rdma/hns: fix incorrect post-send with direct wqe of wr-list (git-fixes) - rdma/hns: fix port active speed (git-fixes) - rdma/irdma: prevent zero-length stag registration (git-fixes) - rdma/irdma: replace one-element array with flexible-array member (git-fixes) - rdma/mlx5: return the firmware result upon destroying qp/rq (git-fixes) - rdma/qedr: remove a duplicate assignment in irdma_query_ah() (git-fixes) - rdma/siw: balance the reference of cep->kref in the error path (git-fixes) - rdma/siw: correct wrong debug message (git-fixes) - rdma/umem: set iova in odp flow (git-fixes) - readme.branch: add miroslav franc as a sle15-sp4 co-maintainer. - regmap: rbtree: use alloc_flags for memory allocations (git-fixes). - revert "ib/isert: fix incorrect release of isert connection" (git-fixes) - revert "tracing: add "(fault)" name injection to kernel probes" (git-fixes). - ring-buffer: do not swap cpu_buffer during resize process (git-fixes). - ring-buffer: fix deadloop issue on reading trace_pipe (git-fixes). - ring-buffer: fix wrong stat of cpu_buffer->read (git-fixes). - rpmsg: glink: add check for kstrdup (git-fixes). - s390/purgatory: disable branch profiling (git-fixes bsc#1214372). - sched/fair: fix inaccurate tally of ttwu_move_affine (git fixes). - sched/fair: use recent_used_cpu to test p->cpus_ptr (git fixes). - sched/psi: use kernfs polling functions for psi trigger polling (bsc#1209799). - scsi: bsg: increase number of devices (bsc#1210048). - scsi: core: do not wait for quiesce in scsi_device_block() (bsc#1209284). - scsi: core: do not wait for quiesce in scsi_stop_queue() (bsc#1209284). - scsi: core: improve warning message in scsi_device_block() (bsc#1209284). - scsi: core: merge scsi_internal_device_block() and device_block() (bsc#1209284). - scsi: rdma/srp: fix residual handling (git-fixes) - scsi: sg: increase number of devices (bsc#1210048). - scsi: storvsc: always set no_report_opcodes (git-fixes). - scsi: storvsc: fix handling of virtual fibre channel timeouts (git-fixes). - scsi: storvsc: handle srb status value 0x30 (git-fixes). - scsi: storvsc: limit max_sectors for virtual fibre channel devices (git-fixes). - scsi: zfcp: defer fc_rport blocking until after adisc response (git-fixes bsc#1214371). - selftests/futex: order calls to futex_lock_pi (git-fixes). - selftests/harness: actually report skip for signal tests (git-fixes). - selftests/resctrl: close perf value read fd on errors (git-fixes). - selftests/resctrl: do not leak buffer in fill_cache() (git-fixes). - selftests/resctrl: unmount resctrl fs if child fails to run benchmark (git-fixes). - selftests/rseq: check if libc rseq support is registered (git-fixes). - selftests: forwarding: add a helper to skip test when using veth pairs (git-fixes). - selftests: forwarding: ethtool: skip when using veth pairs (git-fixes). - selftests: forwarding: ethtool_extended_state: skip when using veth pairs (git-fixes). - selftests: forwarding: skip test when no interfaces are specified (git-fixes). - selftests: forwarding: switch off timeout (git-fixes). - selftests: forwarding: tc_actions: cleanup temporary files when test is aborted (git-fixes). - selftests: forwarding: tc_actions: use ncat instead of nc (git-fixes). - selftests: forwarding: tc_flower: relax success criterion (git-fixes). - selftests: mirror_gre_changes: tighten up the ttl test match (git-fixes). - serial: sc16is7xx: fix broken port 0 uart init (git-fixes). - serial: sc16is7xx: fix bug when first setting gpio direction (git-fixes). - serial: sprd: assign sprd_port after initialized to avoid wrong access (git-fixes). - serial: sprd: fix dma buffer leak issue (git-fixes). - serial: tegra: handle clk prepare error in tegra_uart_hw_init() (git-fixes). - sfc: fix crash when reading stats while nic is resetting (git-fixes). - smb3: do not send lease break acknowledgment if all file handles have been closed (git-fixes). - smb3: do not set ntlmssp_version flag for negotiate not auth request (bsc#1193629). - smb: client: fix -wstringop-overflow issues (bsc#1193629). - smb: client: fix dfs link mount against w2k8 (bsc#1212142). - smb: client: fix null auth (git-fixes). - soc: aspeed: socinfo: add kfree for kstrdup (git-fixes). - soundwire: bus: pm_runtime_request_resume on peripheral attachment (git-fixes). - soundwire: fix enumeration completion (git-fixes). - spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe() (git-fixes). - supported.conf: fix typos for -!optional markers - target: compare and write backend driver sense handling (bsc#1177719 bsc#1213026). - target_core_rbd: fix leak and reduce kmalloc calls (bsc#1212873). - target_core_rbd: fix rbd_img_request.snap_id assignment (bsc#1212857). - target_core_rbd: remove snapshot existence validation code (bsc#1212857). - thunderbolt: read retimer nvm authentication status prior tb_retimer_set_inbound_sbtx() (git-fixes). - timers: add shutdown mechanism to the internal functions (bsc#1213970). - timers: provide timer_shutdown[_sync]() (bsc#1213970). - timers: rename del_timer() to timer_delete() (bsc#1213970). - timers: rename del_timer_sync() to timer_delete_sync() (bsc#1213970). - timers: replace bug_on()s (bsc#1213970). - timers: silently ignore timers with a null function (bsc#1213970). - timers: split [try_to_]del_timer[_sync]() to prepare for shutdown mode (bsc#1213970). - timers: update kernel-doc for various functions (bsc#1213970). - timers: use del_timer_sync() even on up (bsc#1213970). - tracing/histograms: add histograms to hist_vars if they have referenced variables (git-fixes). - tracing/histograms: return an error if we fail to add histogram to hist_vars list (git-fixes). - tracing/probes: fix not to count error code to total length (git-fixes). - tracing/probes: fix to avoid double count of the string length on the array (git-fixes). - tracing/probes: fix to record 0-length data_loc in fetch_store_string*() if fails (git-fixes). - tracing: fix cpu buffers unavailable due to 'record_disabled' missed (git-fixes). - tracing: fix memleak due to race between current_tracer and trace (git-fixes). - tracing: fix memory leak of iter->temp when reading trace_pipe (git-fixes). - tracing: fix null pointer dereference in tracing_err_log_open() (git-fixes). - tracing: fix warning in trace_buffered_event_disable() (git-fixes). - tty: fix hang on tty device with no_room set (git-fixes). - tty: n_gsm: fix the uaf caused by race condition in gsm_cleanup_mux (git-fixes). - tty: serial: fsl_lpuart: add i.mxrt1050 support (git-fixes). - tty: serial: fsl_lpuart: clear the error flags by writing 1 for lpuart32 platforms (git-fixes). - tty: serial: fsl_lpuart: make rx_watermark configurable for different platforms (git-fixes). - tty: serial: fsl_lpuart: reduce rx watermark to 0 on ls1028a (git-fixes). - ubifs: fix memleak when insert_old_idx() failed (git-fixes). - update cpufreq-intel_pstate-fix-cpu-pstate.turbo_freq-initi (git-fixes bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). - usb-storage: alauda: fix uninit-value in alauda_check_media() (git-fixes). - usb: chipidea: imx: add missing usb phy dpdm wakeup setting (git-fixes). - usb: chipidea: imx: do not request qos for imx8ulp (git-fixes). - usb: chipidea: imx: improve logic if samsung,picophy-* parameter is 0 (git-fixes). - usb: common: usb-conn-gpio: prevent bailing out if initial role is none (git-fixes). - usb: dwc3: fix typos in gadget.c (git-fixes). - usb: dwc3: meson-g12a: do post init to fix broken usb after resumption (git-fixes). - usb: dwc3: properly handle processing of pending events (git-fixes). - usb: gadget: f_mass_storage: fix unused variable warning (git-fixes). - usb: gadget: fix the memory leak in raw_gadget driver (git-fixes). - usb: gadget: u_serial: avoid spinlock recursion in __gs_console_push (git-fixes). - usb: ohci-at91: fix the unhandle interrupt when resume (git-fixes). - usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host() (git-fixes). - usb: quirks: add quirk for focusrite scarlett (git-fixes). - usb: serial: option: add quectel ec200a module support (git-fixes). - usb: serial: option: support quectel em060k_128 (git-fixes). - usb: serial: simple: add kaufmann rks+can vcp (git-fixes). - usb: serial: simple: sort driver entries (git-fixes). - usb: typec: altmodes/displayport: signal hpd when configuring pin assignment (git-fixes). - usb: typec: tcpm: fix response to vsafe0v event (git-fixes). - usb: typec: tcpm: set initial svdm version based on pd revision (git-fixes). - usb: zaurus: add id for a-300/b-500/c-700 (git-fixes). - watchdog: sp5100_tco: support hygon fch/sch (server controller hub) (git-fixes). - wifi: ath10k: use rmw accessors for changing lnkctl (git-fixes). - wifi: ath11k: use rmw accessors for changing lnkctl (git-fixes). - wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx (git-fixes). - wifi: ath9k: protect wmi command response buffer replacement with a lock (git-fixes). - wifi: ath9k: use is_err() with debugfs_create_dir() (git-fixes). - wifi: cfg80211: fix return value in scan logic (git-fixes). - wifi: cfg80211: fix sband iftype data lookup for ap_vlan (git-fixes). - wifi: mt76: mt7615: do not advertise 5 ghz on first phy of mt7615d (dbdc) (git-fixes). - wifi: mt76: mt7915: fix power-limits while chan_switch (git-fixes). - wifi: mt76: mt7921: do not support one stream on secondary antenna only (git-fixes). - wifi: mt76: testmode: add nla_policy for mt76_tm_attr_tx_length (git-fixes). - wifi: mwifiex: avoid possible null skb pointer dereference (git-fixes). - wifi: mwifiex: fix error recovery in pcie buffer descriptor management (git-fixes). - wifi: mwifiex: fix memory leak in mwifiex_histogram_read() (git-fixes). - wifi: mwifiex: fix missed return in oob checks failed path (git-fixes). - wifi: mwifiex: fix oob and integer underflow when rx packets (git-fixes). - wifi: nl80211/cfg80211: add forgotten nla_policy for bss color attribute (git-fixes). - wifi: radiotap: fix kernel-doc notation warnings (git-fixes). - wifi: rtw89: debug: fix error handling in rtw89_debug_priv_btc_manual_set() (git-fixes). - x86/alternative: make custom return thunk unconditional (git-fixes). - x86/cpu/amd: disable xsaves on amd family 0x17 (git-fixes). - x86/cpu/kvm: provide untrain_ret_vm (git-fixes). - x86/cpu: clean up srso return thunk mess (git-fixes). - x86/cpu: cleanup the untrain mess (git-fixes). - x86/cpu: fix __x86_return_thunk symbol type (git-fixes). - x86/cpu: fix up srso_safe_ret() and __x86_return_thunk() (git-fixes). - x86/cpu: rename original retbleed methods (git-fixes). - x86/cpu: rename srso_(.*)_alias to srso_alias_\1 (git-fixes). - x86/mce: make sure logged mces are processed after sysfs update (git-fixes). - x86/retpoline,kprobes: fix position of thunk sections with config_lto_clang (git-fixes). - x86/retpoline,kprobes: skip optprobe check for indirect jumps with retpolines and ibt (git-fixes). - x86/retpoline: do not clobber rflags during srso_safe_ret() (git-fixes). - x86/speculation: add cpu_show_gds() prototype (git-fixes). - x86/speculation: mark all skylake cpus as vulnerable to gds (git-fixes). - x86/srso: correct the mitigation status when smt is disabled (git-fixes). - x86/srso: disable the mitigation on unaffected configurations (git-fixes). - x86/srso: explain the untraining sequences a bit more (git-fixes). - x86/srso: fix build breakage with the llvm linker (git-fixes). - x86/srso: fix return thunks in generated code (git-fixes). - x86/static_call: fix __static_call_fixup() (git-fixes). - xfs: fix sb write verify for lazysbcount (bsc#1214661). kernel-default-5.14.21-150400.24.84.1.nosrc.rpm True kernel-default-5.14.21-150400.24.84.1.x86_64.rpm True kernel-default-base-5.14.21-150400.24.84.1.150400.24.37.1.src.rpm True kernel-default-base-5.14.21-150400.24.84.1.150400.24.37.1.x86_64.rpm True kernel-default-devel-5.14.21-150400.24.84.1.x86_64.rpm True kernel-devel-5.14.21-150400.24.84.1.noarch.rpm True kernel-macros-5.14.21-150400.24.84.1.noarch.rpm True kernel-source-5.14.21-150400.24.84.1.src.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2023-3823 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for curl fixes the following issues: - CVE-2023-38039: Fixed possible DoS when receiving too large HTTP header. (bsc#1215026) curl-8.0.1-150400.5.29.1.src.rpm curl-8.0.1-150400.5.29.1.x86_64.rpm libcurl-devel-8.0.1-150400.5.29.1.x86_64.rpm libcurl4-32bit-8.0.1-150400.5.29.1.x86_64.rpm libcurl4-8.0.1-150400.5.29.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3699 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libxml2 fixes the following issues: - CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768). libxml2-2-2.9.14-150400.5.22.1.x86_64.rpm libxml2-2.9.14-150400.5.22.1.src.rpm libxml2-devel-2.9.14-150400.5.22.1.x86_64.rpm libxml2-python-2.9.14-150400.5.22.1.src.rpm libxml2-tools-2.9.14-150400.5.22.1.x86_64.rpm python3-libxml2-2.9.14-150400.5.22.1.x86_64.rpm libxml2-2-32bit-2.9.14-150400.5.22.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3707 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for cups fixes the following issues: - CVE-2023-4504: Fixed heap overflow in OpenPrinting CUPS Postscript Parsing (bsc#1215204). - CVE-2023-32360: Fixed Information leak through Cups-Get-Document operation (bsc#1214254). cups-2.2.7-150000.3.51.2.src.rpm cups-2.2.7-150000.3.51.2.x86_64.rpm cups-client-2.2.7-150000.3.51.2.x86_64.rpm cups-config-2.2.7-150000.3.51.2.x86_64.rpm cups-devel-2.2.7-150000.3.51.2.x86_64.rpm libcups2-2.2.7-150000.3.51.2.x86_64.rpm libcups2-32bit-2.2.7-150000.3.51.2.x86_64.rpm libcupscgi1-2.2.7-150000.3.51.2.x86_64.rpm libcupsimage2-2.2.7-150000.3.51.2.x86_64.rpm libcupsmime1-2.2.7-150000.3.51.2.x86_64.rpm libcupsppdc1-2.2.7-150000.3.51.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3856 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for apparmor fixes the following issues: - Update zgrep profile to allow egrep helper use (bsc#1214458) apparmor-3.0.4-150400.5.9.1.src.rpm apparmor-abstractions-3.0.4-150400.5.9.1.noarch.rpm apparmor-docs-3.0.4-150400.5.9.1.noarch.rpm apparmor-parser-3.0.4-150400.5.9.1.x86_64.rpm apparmor-parser-lang-3.0.4-150400.5.9.1.noarch.rpm apparmor-profiles-3.0.4-150400.5.9.1.noarch.rpm apparmor-utils-3.0.4-150400.5.9.1.noarch.rpm apparmor-utils-lang-3.0.4-150400.5.9.1.noarch.rpm libapparmor-3.0.4-150400.5.9.1.src.rpm libapparmor-devel-3.0.4-150400.5.9.1.x86_64.rpm libapparmor1-3.0.4-150400.5.9.1.x86_64.rpm libapparmor1-32bit-3.0.4-150400.5.9.1.x86_64.rpm pam_apparmor-3.0.4-150400.5.9.1.x86_64.rpm pam_apparmor-32bit-3.0.4-150400.5.9.1.x86_64.rpm python3-apparmor-3.0.4-150400.5.9.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4195 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for mariadb-connector-c fixes the following issues: - Update to release 3.1.21: * https://mariadb.com/kb/en/mariadb-connector-c-3-1-21-release-notes/ * https://mariadb.com/kb/en/mariadb-connector-c-3-1-20-release-notes/ * https://mariadb.com/kb/en/mariadb-connector-c-3-1-19-release-notes/ * https://mariadb.com/kb/en/mariadb-connectorc-3-1-18-release-notes/ * https://mariadb.com/kb/en/mariadb-connector-c-3117-release-notes/ * https://mariadb.com/kb/en/mariadb-connector-c-3116-release-notes/ * https://mariadb.com/kb/en/mariadb-connector-c-3115-release-notes/ * https://mariadb.com/kb/en/mariadb-connector-c-3114-release-notes/ libmariadb3-3.1.21-150000.3.33.3.x86_64.rpm libmariadbprivate-3.1.21-150000.3.33.3.x86_64.rpm mariadb-connector-c-3.1.21-150000.3.33.3.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3954 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in "econf_writeFile" function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in "read_file" function. (bsc#1211078) libeconf-0.5.2-150400.3.6.1.src.rpm libeconf0-0.5.2-150400.3.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3855 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for nvme-cli fixes the following issues: - Update to version 2.0+48.gbd004e - Fix segfault converting NULL to JSON string (bsc#1213762) nvme-cli-2.0+48.gbd004e-150400.3.24.1.src.rpm nvme-cli-2.0+48.gbd004e-150400.3.24.1.x86_64.rpm nvme-cli-bash-completion-2.0+48.gbd004e-150400.3.24.1.x86_64.rpm nvme-cli-zsh-completion-2.0+48.gbd004e-150400.3.24.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3843 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for suse-build-key fixes the following issues: This update adds and runs a import-suse-build-key script. It is run after installation with libzypp based installers. (jsc#PED-2777) It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc suse-build-key-12.0-150000.8.34.1.noarch.rpm suse-build-key-12.0-150000.8.34.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4024 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). login_defs-4.8.1-150400.10.12.1.noarch.rpm shadow-4.8.1-150400.10.12.1.src.rpm shadow-4.8.1-150400.10.12.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3663 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for perl-Bootloader fixes the following issues: - bootloader_entry script can have an optional 'force-default' argument (bsc#1215064) - skip warning about unsupported options when in compat mode perl-Bootloader-0.945-150400.3.9.1.src.rpm perl-Bootloader-0.945-150400.3.9.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3825 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for binutils fixes the following issues: Update to version 2.41 [jsc#PED-5778]: * The MIPS port now supports the Sony Interactive Entertainment Allegrex processor, used with the PlayStation Portable, which implements the MIPS II ISA along with a single-precision FPU and a few implementation-specific integer instructions. * Objdump's --private option can now be used on PE format files to display the fields in the file header and section headers. * New versioned release of libsframe: libsframe.so.1. This release introduces versioned symbols with version node name LIBSFRAME_1.0. This release also updates the ABI in an incompatible way: this includes removal of sframe_get_funcdesc_with_addr API, change in the behavior of sframe_fre_get_ra_offset and sframe_fre_get_fp_offset APIs. * SFrame Version 2 is now the default (and only) format version supported by gas, ld, readelf and objdump. * Add command-line option, --strip-section-headers, to objcopy and strip to remove ELF section header from ELF file. * The RISC-V port now supports the following new standard extensions: - Zicond (conditional zero instructions) - Zfa (additional floating-point instructions) - Zvbb, Zvbc, Zvkg, Zvkned, Zvknh[ab], Zvksed, Zvksh, Zvkn, Zvknc, Zvkng, Zvks, Zvksc, Zvkg, Zvkt (vector crypto instructions) * The RISC-V port now supports the following vendor-defined extensions: - XVentanaCondOps * Add support for Intel FRED, LKGS and AMX-COMPLEX instructions. * A new .insn directive is recognized by x86 gas. * Add SME2 support to the AArch64 port. * The linker now accepts a command line option of --remap-inputs <PATTERN>=<FILE> to relace any input file that matches <PATTERN> with <FILE>. In addition the option --remap-inputs-file=<FILE> can be used to specify a file containing any number of these remapping directives. * The linker command line option --print-map-locals can be used to include local symbols in a linker map. (ELF targets only). * For most ELF based targets, if the --enable-linker-version option is used then the version of the linker will be inserted as a string into the .comment section. * The linker script syntax has a new command for output sections: ASCIZ "string" This will insert a zero-terminated string at the current location. * Add command-line option, -z nosectionheader, to omit ELF section header. - Contains fixes for these non-CVEs (not security bugs per upstreams SECURITY.md): * bsc#1209642 aka CVE-2023-1579 aka PR29988 * bsc#1210297 aka CVE-2023-1972 aka PR30285 * bsc#1210733 aka CVE-2023-2222 aka PR29936 * bsc#1213458 aka CVE-2021-32256 aka PR105039 (gcc) * bsc#1214565 aka CVE-2020-19726 aka PR26240 * bsc#1214567 aka CVE-2022-35206 aka PR29290 * bsc#1214579 aka CVE-2022-35205 aka PR29289 * bsc#1214580 aka CVE-2022-44840 aka PR29732 * bsc#1214604 aka CVE-2022-45703 aka PR29799 * bsc#1214611 aka CVE-2022-48065 aka PR29925 * bsc#1214619 aka CVE-2022-48064 aka PR29922 * bsc#1214620 aka CVE-2022-48063 aka PR29924 * bsc#1214623 aka CVE-2022-47696 aka PR29677 * bsc#1214624 aka CVE-2022-47695 aka PR29846 * bsc#1214625 aka CVE-2022-47673 aka PR29876 - This only existed only for a very short while in SLE-15, as the main variant in devel:gcc subsumed this in binutils-revert-rela.diff. Hence: - Document fixed CVEs: * bsc#1208037 aka CVE-2023-25588 aka PR29677 * bsc#1208038 aka CVE-2023-25587 aka PR29846 * bsc#1208040 aka CVE-2023-25585 aka PR29892 * bsc#1208409 aka CVE-2023-0687 aka PR29444 - Enable bpf-none cross target and add bpf-none to the multitarget set of supported targets. - Disable packed-relative-relocs for old codestreams. They generate buggy relocations when binutils-revert-rela.diff is active. [bsc#1206556] - Disable ZSTD debug section compress by default. - Enable zstd compression algorithm (instead of zlib) for debug info sections by default. - Pack libgprofng only for supported platforms. - Move libgprofng-related libraries to the proper locations (packages). - Add --without=bootstrap for skipping of bootstrap (faster testing of the package). - Remove broken arm32-avoid-copyreloc.patch to fix [gcc#108515] Update to version 2.40: * Objdump has a new command line option --show-all-symbols which will make it display all symbols that match a given address when disassembling. (Normally only the first symbol that matches an address is shown). * Add --enable-colored-disassembly configure time option to enable colored disassembly output by default, if the output device is a terminal. Note, this configure option is disabled by default. * DCO signed contributions are now accepted. * objcopy --decompress-debug-sections now supports zstd compressed debug sections. The new option --compress-debug-sections=zstd compresses debug sections with zstd. * addr2line and objdump --dwarf now support zstd compressed debug sections. * The dlltool program now accepts --deterministic-libraries and --non-deterministic-libraries as command line options to control whether or not it generates deterministic output libraries. If neither of these options are used the default is whatever was set when the binutils were configured. * readelf and objdump now have a newly added option --sframe which dumps the SFrame section. * Add support for Intel RAO-INT instructions. * Add support for Intel AVX-NE-CONVERT instructions. * Add support for Intel MSRLIST instructions. * Add support for Intel WRMSRNS instructions. * Add support for Intel CMPccXADD instructions. * Add support for Intel AVX-VNNI-INT8 instructions. * Add support for Intel AVX-IFMA instructions. * Add support for Intel PREFETCHI instructions. * Add support for Intel AMX-FP16 instructions. * gas now supports --compress-debug-sections=zstd to compress debug sections with zstd. * Add --enable-default-compressed-debug-sections-algorithm={zlib,zstd} that selects the default compression algorithm for --enable-compressed-debug-sections. * Add support for various T-Head extensions (XTheadBa, XTheadBb, XTheadBs, XTheadCmo, XTheadCondMov, XTheadFMemIdx, XTheadFmv, XTheadInt, XTheadMemIdx, XTheadMemPair, XTheadMac, and XTheadSync) from version 2.0 of the T-Head ISA manual, which are implemented in the Allwinner D1. * Add support for the RISC-V Zawrs extension, version 1.0-rc4. * Add support for Cortex-X1C for Arm. * New command line option --gsframe to generate SFrame unwind information on x86_64 and aarch64 targets. * The linker has a new command line option to suppress the generation of any warning or error messages. This can be useful when there is a need to create a known non-working binary. The option is -w or --no-warnings. * ld now supports zstd compressed debug sections. The new option --compress-debug-sections=zstd compresses debug sections with zstd. * Add --enable-default-compressed-debug-sections-algorithm={zlib,zstd} that selects the default compression algorithm for --enable-compressed-debug-sections. * Remove support for -z bndplt (MPX prefix instructions). - Includes fixes for these CVEs: * bsc#1206080 aka CVE-2022-4285 aka PR29699 - Enable by default: --enable-colored-disassembly. - fix build on x86_64_vX platforms binutils-2.41-150100.7.46.1.src.rpm binutils-2.41-150100.7.46.1.x86_64.rpm binutils-devel-2.41-150100.7.46.1.x86_64.rpm libctf-nobfd0-2.41-150100.7.46.1.x86_64.rpm libctf0-2.41-150100.7.46.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3826 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for mutt fixes the following issues: - CVE-2023-4874: Fixed NULL pointer dereference when composing an email (bsc#1215189). - CVE-2023-4875: Fixed NULL pointer dereference when receiving an email (bsc#1215191). mutt-1.10.1-150000.3.26.1.src.rpm mutt-1.10.1-150000.3.26.1.x86_64.rpm mutt-doc-1.10.1-150000.3.26.1.noarch.rpm mutt-lang-1.10.1-150000.3.26.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3944 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libqb fixes the following issues: - CVE-2023-39976: Fixed potential bufferoverflow with long log messages (bsc#1214066). libqb-2.0.4+20211112.a2691b9-150400.4.3.1.src.rpm libqb-devel-2.0.4+20211112.a2691b9-150400.4.3.1.x86_64.rpm libqb100-2.0.4+20211112.a2691b9-150400.4.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3828 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for python3 fixes the following issues: - CVE-2023-40217: Fixed TLS handshake bypass on closed sockets (bsc#1214692). libpython3_6m1_0-3.6.15-150300.10.51.1.x86_64.rpm python3-3.6.15-150300.10.51.1.src.rpm python3-3.6.15-150300.10.51.1.x86_64.rpm python3-base-3.6.15-150300.10.51.1.x86_64.rpm python3-core-3.6.15-150300.10.51.1.src.rpm python3-curses-3.6.15-150300.10.51.1.x86_64.rpm python3-dbm-3.6.15-150300.10.51.1.x86_64.rpm python3-devel-3.6.15-150300.10.51.1.x86_64.rpm python3-idle-3.6.15-150300.10.51.1.x86_64.rpm python3-tk-3.6.15-150300.10.51.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4052 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update ships missing babeltrace-devel to the Basesystem module to allow building gdb source rpms. (bsc#1209275) babeltrace-1.5.8-150300.3.2.1.src.rpm babeltrace-1.5.8-150300.3.2.1.x86_64.rpm babeltrace-devel-1.5.8-150300.3.2.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3753 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for webkit2gtk3 fixes the following issues: - Expand lang sub-package in spec file unconditionally to handle previous name change from WebKit2GTK-lang to WebKitGTK-lang. This change affected the automatic generated Requires tag on WebKit2GTK-%{_apiver}, then getting out of sync of what's being required and what's being provided. Now, any sub-package that was providing WebKit2GTK-%{_apiver} will provide WebKitGTK-%{_apiver} instead (bsc#1214835, bsc#1214640, bsc#1214093). - Require libwaylandclient0 >= 1.20. 15.4 originally had 1.19.0, but webkitgtk uses a function added in 1.20.0, so we need to ensure that the wayland update is pulled in (bsc#1215072). - Update to version 2.40.5 (bsc#1213905 bsc#1213379 bsc#1213581 bsc#1215230): CVE-2023-38594, CVE-2023-38595, CVE-2023-38597, CVE-2023-38599, CVE-2023-38600, CVE-2023-38611, CVE-2023-40397, CVE-2023-37450, CVE-2023-28198, CVE-2023-32370 libjavascriptcoregtk-4_0-18-2.40.5-150400.4.51.1.x86_64.rpm libwebkit2gtk-4_0-37-2.40.5-150400.4.51.1.x86_64.rpm typelib-1_0-JavaScriptCore-4_0-2.40.5-150400.4.51.1.x86_64.rpm typelib-1_0-WebKit2-4_0-2.40.5-150400.4.51.1.x86_64.rpm typelib-1_0-WebKit2WebExtension-4_0-2.40.5-150400.4.51.1.x86_64.rpm webkit2gtk-4_0-injected-bundles-2.40.5-150400.4.51.1.x86_64.rpm webkit2gtk3-soup2-2.40.5-150400.4.51.1.src.rpm webkit2gtk3-soup2-devel-2.40.5-150400.4.51.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3634 critical SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libwebp fixes the following issues: - CVE-2023-4863: Fixed heap buffer overflow (bsc#1215231). libwebp-1.0.3-150200.3.10.1.src.rpm libwebp-devel-1.0.3-150200.3.10.1.x86_64.rpm libwebp7-1.0.3-150200.3.10.1.x86_64.rpm libwebpdecoder3-1.0.3-150200.3.10.1.x86_64.rpm libwebpdemux2-1.0.3-150200.3.10.1.x86_64.rpm libwebpmux3-1.0.3-150200.3.10.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3736 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libcontainers-common fixes the following issues: - Require libcontainers-sles-mounts for *all* SUSE Linux Enterprise products, and not just SUSE Linux Enterprise Server. (bsc#1215291) libcontainers-common-20230214-150400.3.11.1.noarch.rpm libcontainers-common-20230214-150400.3.11.1.src.rpm libcontainers-sles-mounts-20230214-150400.3.11.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4162 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the "Development Tools" module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install "gcc13" or "gcc13-c++" or one of the other "gcc13-COMPILER" frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. gcc13-13.2.1+git7813-150000.1.3.3.src.rpm libasan8-13.2.1+git7813-150000.1.3.3.x86_64.rpm libasan8-32bit-13.2.1+git7813-150000.1.3.3.x86_64.rpm libatomic1-13.2.1+git7813-150000.1.3.3.x86_64.rpm libatomic1-32bit-13.2.1+git7813-150000.1.3.3.x86_64.rpm libgcc_s1-13.2.1+git7813-150000.1.3.3.x86_64.rpm libgcc_s1-32bit-13.2.1+git7813-150000.1.3.3.x86_64.rpm libgfortran5-13.2.1+git7813-150000.1.3.3.x86_64.rpm libgfortran5-32bit-13.2.1+git7813-150000.1.3.3.x86_64.rpm libgomp1-13.2.1+git7813-150000.1.3.3.x86_64.rpm libgomp1-32bit-13.2.1+git7813-150000.1.3.3.x86_64.rpm libhwasan0-13.2.1+git7813-150000.1.3.3.x86_64.rpm libitm1-13.2.1+git7813-150000.1.3.3.x86_64.rpm libitm1-32bit-13.2.1+git7813-150000.1.3.3.x86_64.rpm liblsan0-13.2.1+git7813-150000.1.3.3.x86_64.rpm libobjc4-13.2.1+git7813-150000.1.3.3.x86_64.rpm libobjc4-32bit-13.2.1+git7813-150000.1.3.3.x86_64.rpm libquadmath0-13.2.1+git7813-150000.1.3.3.x86_64.rpm libquadmath0-32bit-13.2.1+git7813-150000.1.3.3.x86_64.rpm libstdc++6-13.2.1+git7813-150000.1.3.3.x86_64.rpm libstdc++6-32bit-13.2.1+git7813-150000.1.3.3.x86_64.rpm libstdc++6-locale-13.2.1+git7813-150000.1.3.3.x86_64.rpm libstdc++6-pp-13.2.1+git7813-150000.1.3.3.x86_64.rpm libstdc++6-pp-32bit-13.2.1+git7813-150000.1.3.3.x86_64.rpm libtsan2-13.2.1+git7813-150000.1.3.3.x86_64.rpm libubsan1-13.2.1+git7813-150000.1.3.3.x86_64.rpm libubsan1-32bit-13.2.1+git7813-150000.1.3.3.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4194 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This feature update for python3 packages adds the following: - First batch of python3.11 modules (jsc#PED-68) - Rename sources of python3-kubernetes, python3-cryptography and python3-cryptography-vectors to accommodate the new 3.11 versions, this 3 packages have no code changes. python3-cryptography-3.3.2-150400.20.3.src.rpm python3-cryptography-3.3.2-150400.20.3.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4010 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for mlocate fixes the following issues: - Set umask 0022 before running /usr/bin/updatedb to avoid permission denied error (bsc#1209409) - Remove ProtectKernelModules from systemd unit to make it visible for locate (bsc#1207884) mlocate-0.26-150400.16.6.1.src.rpm mlocate-0.26-150400.16.6.1.x86_64.rpm mlocate-lang-0.26-150400.16.6.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4148 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for nethogs fixes the following issues: - clarify the units in use (bytes and multiples), both in output and in documentation (bsc#1214585) nethogs-0.8.5-150000.3.3.1.src.rpm nethogs-0.8.5-150000.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4153 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for systemd fixes the following issues: - Fix mismatch of nss-resolve version in Package Hub (no source code changes) libsystemd0-249.16-150400.8.35.5.x86_64.rpm libsystemd0-32bit-249.16-150400.8.35.5.x86_64.rpm libudev1-249.16-150400.8.35.5.x86_64.rpm libudev1-32bit-249.16-150400.8.35.5.x86_64.rpm systemd-249.16-150400.8.35.5.src.rpm systemd-249.16-150400.8.35.5.x86_64.rpm systemd-container-249.16-150400.8.35.5.x86_64.rpm systemd-coredump-249.16-150400.8.35.5.x86_64.rpm systemd-devel-249.16-150400.8.35.5.x86_64.rpm systemd-doc-249.16-150400.8.35.5.x86_64.rpm systemd-lang-249.16-150400.8.35.5.noarch.rpm systemd-sysvinit-249.16-150400.8.35.5.x86_64.rpm udev-249.16-150400.8.35.5.x86_64.rpm systemd-32bit-249.16-150400.8.35.5.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3984 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for ghostscript fixes the following issues: - CVE-2023-43115: Fixed remote code execution via crafted PostScript documents in gdevijs.c (bsc#1215466). ghostscript-9.52-150000.173.2.src.rpm ghostscript-9.52-150000.173.2.x86_64.rpm ghostscript-devel-9.52-150000.173.2.x86_64.rpm ghostscript-x11-9.52-150000.173.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3737 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for bind fixes the following issues: Update to release 9.16.44: - CVE-2023-3341: Fixed stack exhaustion flaw in control channel code may cause named to terminate unexpectedly (bsc#1215472). bind-9.16.44-150400.5.37.2.src.rpm bind-utils-9.16.44-150400.5.37.2.x86_64.rpm python3-bind-9.16.44-150400.5.37.2.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3998 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for poppler fixes the following issues: - CVE-2020-23804: Fixed uncontrolled recursion in pdfinfo and pdftops (bsc#1215422). - CVE-2020-36024: Fixed NULL Pointer Deference in `FoFiType1C:convertToType1` (bsc#1214257). - CVE-2022-37050: Fixed denial-of-service via savePageAs in PDFDoc.c (bsc#1214622). - CVE-2022-37051: Fixed abort in main() in pdfunite.cc (bsc#1214621). - CVE-2022-38349: Fixed reachable assertion in Object.h that will lead to denial of service (bsc#1214618). libpoppler89-0.79.0-150200.3.21.2.x86_64.rpm poppler-0.79.0-150200.3.21.2.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3945 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for postfix fixes the following issues: Security fixes: - CVE-2023-32182: Fixed config_postfix SUSE specific script using potentially bad /tmp file (bsc#1211196). Other fixes: - postfix: config.postfix causes too tight permission on main.cf (bsc#1215372). postfix-3.5.9-150300.5.12.2.src.rpm postfix-3.5.9-150300.5.12.2.x86_64.rpm postfix-devel-3.5.9-150300.5.12.2.x86_64.rpm postfix-doc-3.5.9-150300.5.12.2.noarch.rpm postfix-ldap-3.5.9-150300.5.12.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4154 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) aaa_base-84.87+git20180409.04c9dae-150300.10.6.2.src.rpm aaa_base-84.87+git20180409.04c9dae-150300.10.6.2.x86_64.rpm aaa_base-extras-84.87+git20180409.04c9dae-150300.10.6.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3830 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for xrdp fixes the following issues: - CVE-2023-40184: Fixed restriction bypass via improper session handling (bsc#1214805). libpainter0-0.9.13.1-150200.4.24.1.x86_64.rpm librfxencode0-0.9.13.1-150200.4.24.1.x86_64.rpm xrdp-0.9.13.1-150200.4.24.1.src.rpm xrdp-0.9.13.1-150200.4.24.1.x86_64.rpm xrdp-devel-0.9.13.1-150200.4.24.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3832 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for xen fixes the following issues: - CVE-2023-20588: Fixed AMD CPU transitional execution leak via division by zero (XSA-439) (bsc#1215474). - CVE-2023-34322: Fixed top-level shadow reference dropped too early for 64-bit PV guests (XSA-438) (bsc#1215145). xen-4.16.5_04-150400.4.34.1.src.rpm True xen-libs-4.16.5_04-150400.4.34.1.x86_64.rpm True xen-tools-domU-4.16.5_04-150400.4.34.1.x86_64.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2023-4111 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for lame fixes the following issues: - Add a pkg-config file for libmp3lame lame-3.100-150000.3.5.1.src.rpm libmp3lame0-3.100-150000.3.5.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4140 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for grub2 fixes the following issues: Security fixes: - CVE-2023-4692: Fixed an out-of-bounds write at fs/ntfs.c which may lead to unsigned code execution. (bsc#1215935) - CVE-2023-4693: Fixed an out-of-bounds read at fs/ntfs.c which may lead to leak sensitive information. (bsc#1215936) Other fixes: - Fix a boot delay issue in PowerPC PXE boot (bsc#1201300) grub2-2.06-150400.11.38.1.src.rpm grub2-2.06-150400.11.38.1.x86_64.rpm grub2-i386-pc-2.06-150400.11.38.1.noarch.rpm grub2-snapper-plugin-2.06-150400.11.38.1.noarch.rpm grub2-systemd-sleep-plugin-2.06-150400.11.38.1.noarch.rpm grub2-x86_64-efi-2.06-150400.11.38.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3986 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for suse-module-tools fixes the following issues: - Update to version 15.4.17: * cert-script: warn only once about non-writable efivarfs * cert-script: skip cert handling if efivarfs is not writable (bsc#1213428, bsc#1201066) suse-module-tools-15.4.17-150400.3.11.1.src.rpm suse-module-tools-15.4.17-150400.3.11.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3835 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for open-vm-tools fixes the following issues: Update to 12.3.0 (build 22234872) (bsc#1214850) - There are no new features in the open-vm-tools 12.3.0 release. This is primarily a maintenance release that addresses a few critical problems, including: - This release integrates CVE-2023-20900 without the need for a patch. For more information on this vulnerability and its impact on VMware products, see https://www.vmware.com/security/advisories/VMSA-2023-0019.html. - A tools.conf configuration setting is available to temporaily direct Linux quiesced snaphots to restore pre open-vm-tools 12.2.0 behavior of ignoring file systems already frozen. - Building of the VMware Guest Authentication Service (VGAuth) using "xml-security-c" and "xerces-c" is being deprecated. - A number of Coverity reported issues have been addressed. - A number of GitHub issues and pull requests have been handled. Please see the Resolves Issues section of the Release Notes. - For issues resolved in this release, see the Resolved Issues section of the Release Notes. - For complete details, see: https://github.com/vmware/open-vm-tools/releases/tag/stable-12.3.0 - Release Notes are available at https://github.com/vmware/open-vm-tools/blob/stable-12.3.0/ReleaseNotes.md - The granular changes that have gone into the 12.3.0 release are in the ChangeLog at https://github.com/vmware/open-vm-tools/blob/stable-12.3.0/open-vm-tools/ChangeLog - Fix (bsc#1205927) - hv_vmbus module is loaded unnecessarily in VMware guests - jsc#PED-1344 - reinable building containerinfo plugin for SLES 15 SP4. libvmtools-devel-12.3.0-150300.37.1.x86_64.rpm libvmtools0-12.3.0-150300.37.1.x86_64.rpm open-vm-tools-12.3.0-150300.37.1.src.rpm open-vm-tools-12.3.0-150300.37.1.x86_64.rpm open-vm-tools-containerinfo-12.3.0-150300.37.1.x86_64.rpm open-vm-tools-salt-minion-12.3.0-150300.37.1.x86_64.rpm open-vm-tools-sdmp-12.3.0-150300.37.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3947 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for poppler fixes the following issues: - CVE-2022-37050: Fixed denial-of-service via savePageAs in PDFDoc.c (bsc#1214622). - CVE-2022-37051: Fixed abort in main() in pdfunite.cc (bsc#1214621). - CVE-2022-38349: Fixed reachable assertion in Object.h that will lead to denial of service (bsc#1214618). libpoppler-cpp0-22.01.0-150400.3.11.2.x86_64.rpm libpoppler-devel-22.01.0-150400.3.11.2.x86_64.rpm libpoppler-glib-devel-22.01.0-150400.3.11.2.x86_64.rpm libpoppler-glib8-22.01.0-150400.3.11.2.x86_64.rpm libpoppler117-22.01.0-150400.3.11.2.x86_64.rpm poppler-22.01.0-150400.3.11.2.src.rpm poppler-tools-22.01.0-150400.3.11.2.x86_64.rpm typelib-1_0-Poppler-0_18-22.01.0-150400.3.11.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3969 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448). - CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927). - CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546). - CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation (bsc#1213580). - CVE-2023-37453: Fixed oversight in SuperSpeed initialization (bsc#1213123). - CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666). - CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601). - CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149). - CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970). - CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work() (bsc#1213971). - CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1213968). - CVE-2023-4194: Fixed a type confusion in net tun_chr_open() (bsc#1214019). - CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214120). - CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that could allow a local attacker to crash the system due to a double-free (bsc#1214350). - CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451). - CVE-2023-4569: Fixed information leak in nft_set_catchall_flush in net/netfilter/nf_tables_api.c (bsc#1214729). The following non-security bugs were fixed: - Drop amdgpu patch causing spamming (bsc#1215523) - acpi: processor: perflib: avoid updating frequency qos unnecessarily (git-fixes). - acpi: processor: perflib: use the "no limit" frequency qos (git-fixes). - acpi: x86: s2idle: fix a logic error parsing amd constraints table (git-fixes). - alsa: ac97: fix possible error value of *rac97 (git-fixes). - alsa: hda/cs8409: support new dell dolphin variants (git-fixes). - alsa: hda/realtek - remodified 3k pull low procedure (git-fixes). - alsa: hda/realtek: add quirk for hp victus 16-d1xxx to enable mute led (git-fixes). - alsa: hda/realtek: add quirk for mute leds on hp envy x360 15-eu0xxx (git-fixes). - alsa: hda/realtek: add quirks for hp g11 laptops (git-fixes). - alsa: hda/realtek: switch dell oasis models to use spi (git-fixes). - alsa: pcm: fix missing fixup call in compat hw_refine ioctl (git-fixes). - alsa: usb-audio: add support for mythware xa001au capture and playback interfaces (git-fixes). - alsa: usb-audio: fix init call orders for uac1 (git-fixes). - alsa: ymfpci: fix the missing snd_card_free() call at probe error (git-fixes). - amba: bus: fix refcount leak (git-fixes). - arm64: dts: imx8mn-var-som: add missing pull-up for onboard phy reset pinmux (git-fixes). - arm64: dts: qcom: qrb5165-rb5: fix thermal zone conflict (git-fixes). - arm64: dts: rockchip: disable hs400 for emmc on rock pi 4 (git-fixes). - arm: dts: imx6dl: prtrvt, prtvt7, prti6q, prtwd2: fix usb related warnings (git-fixes). - arm: dts: imx6sll: fixup of operating points (git-fixes). - arm: spear: do not use timer namespace for timer_shutdown() function (bsc#1213970). - asoc: lower "no backend dais enabled for ... port" log severity (git-fixes). - asoc: meson: axg-tdm-formatter: fix channel slot allocation (git-fixes). - asoc: rt5665: add missed regulator_bulk_disable (git-fixes). - asoc: sof: intel: fix soundwire/hdaudio mutual exclusion (git-fixes). - asoc: stac9766: fix build errors with regmap_ac97 (git-fixes). - asoc: tegra: fix sfc conversion for few rates (git-fixes). - audit: fix possible soft lockup in __audit_inode_child() (git-fixes). - backlight/bd6107: compare against struct fb_info.device (git-fixes). - backlight/gpio_backlight: compare against struct fb_info.device (git-fixes). - backlight/lv5207lp: compare against struct fb_info.device (git-fixes). - batman-adv: do not get eth header before batadv_check_management_packet (git-fixes). - batman-adv: do not increase mtu when set by user (git-fixes). - batman-adv: fix batadv_v_ogm_aggr_send memory leak (git-fixes). - batman-adv: fix tt global entry leak when client roamed back (git-fixes). - batman-adv: trigger events for auto adjusted mtu (git-fixes). - bluetooth: btusb: add mt7922 bluetooth id for the asus ally (git-fixes). - bluetooth: btusb: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - bluetooth: fix potential use-after-free when clear keys (git-fixes). - bluetooth: l2cap: fix use-after-free (git-fixes). - bluetooth: l2cap: fix use-after-free in l2cap_sock_ready_cb (git-fixes). - bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() (git-fixes). - bluetooth: remove unused declaration amp_read_loc_info() (git-fixes). - bnx2x: fix page fault following eeh recovery (bsc#1214299). - bpf: disable preemption in bpf_event_output (git-fixes). - bus: ti-sysc: fix build warning for 64-bit build (git-fixes). - bus: ti-sysc: fix cast to enum warning (git-fixes). - bus: ti-sysc: flush posted write on enable before reset (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): count rx overflow errors also in case of oom (git-fixes). - ceph: defer stopping mdsc delayed_work (bsc#1214392). - ceph: do not check for quotas on mds stray dirs (bsc#1214238). - ceph: never send metrics if disable_send_metrics is set (bsc#1214180). - check-for-config-changes: ignore builtin_return_address_strips_pac (bsc#1214380). gcc7 on sle 15 does not support this while later gcc does. - cifs: add missing return value check for cifs_sb_tlink (bsc#1193629). - cifs: allow dumping keys for directories too (bsc#1193629). - cifs: fix mid leak during reconnection after timeout threshold (git-fixes). - cifs: if deferred close is disabled then close files immediately (git-fixes). - cifs: is_network_name_deleted should return a bool (bsc#1193629). - cifs: update internal module version number for cifs.ko (bsc#1193629). - clk: fix slab-out-of-bounds error in devm_clk_release() (git-fixes). - clk: fix undefined reference to `clk_rate_exclusive_{get,put}' (git-fixes). - clk: imx8mp: fix sai4 clock (git-fixes). - clk: imx: composite-8m: fix clock pauses when set_rate would be a no-op (git-fixes). - clk: imx: pll14xx: dynamically configure pll for 393216000/361267200hz (git-fixes). - clk: qcom: camcc-sc7180: fix async resume during probe (git-fixes). - clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock (git-fixes). - clk: qcom: gcc-sc7180: fix up gcc_sdcc2_apps_clk_src (git-fixes). - clk: qcom: gcc-sm8250: fix gcc_sdcc2_apps_clk_src (git-fixes). - clk: sunxi-ng: modify mismatched function name (git-fixes). - clocksource/drivers/arm_arch_timer: do not use timer namespace for timer_shutdown() function (bsc#1213970). - clocksource/drivers/sp804: do not use timer namespace for timer_shutdown() function (bsc#1213970). - config_nvme_verbose_errors=y gone with a82baa8083b - config_printk_safe_log_buf_shift=13 gone with 7e152d55123 - cpu/smt: allow enabling partial smt states via sysfs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/smt: create topology_smt_thread_allowed() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/smt: move smt prototypes into cpu_smt.h (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/smt: move smt/control simple exit cases earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/smt: remove topology_smt_supported() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/smt: store the current/max number of threads (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpufreq: fix the race condition while updating the transition_task of policy (git-fixes). - cpufreq: intel_pstate: adjust balance_performance epp for sapphire rapids (bsc#1214659). - cpufreq: intel_pstate: enable hwp io boost for all servers (bsc#1208949 jsc#ped-6003 jsc#ped-6004). - cpufreq: intel_pstate: fix scaling for hybrid-capable systems with disabled e-cores (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). - cpufreq: intel_pstate: hybrid: rework hwp calibration (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). - cpufreq: intel_pstate: hybrid: use known scaling factor for p-cores (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). - cpufreq: intel_pstate: read all msrs on the target cpu (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). - created new preempt kernel flavor configs are cloned from the respective $arch/default configs. all changed configs appart from config_preempt->y are a result of dependencies, namely many lock/unlock primitives are no longer inlined in the preempt kernel. tree_rcu has been also changed to preempt_rcu which is the default implementation for preempt kernel. - crypto: caam - fix unchecked return value error (git-fixes). - crypto: stm32 - properly handle pm_runtime_get failing (git-fixes). - dma-buf/sw_sync: avoid recursive lock during fence signal (git-fixes). - dma-buf/sync_file: fix docs syntax (git-fixes). - dmaengine: idxd: modify the dependence of attribute pasid_enabled (git-fixes). - dmaengine: mcf-edma: fix a potential un-allocated memory access (git-fixes). - dmaengine: pl330: return dma_paused when transaction is paused (git-fixes). - dmaengine: ste_dma40: add missing irq check in d40_probe (git-fixes). - docs/process/howto: replace c89 with c11 (bsc#1214756). - docs: kernel-parameters: refer to the correct bitmap function (git-fixes). - docs: networking: replace skb_hwtstamp_tx with skb_tstamp_tx (git-fixes). - docs: printk-formats: fix hex printing of signed values (git-fixes). - documentation: devices.txt: fix minors for ttycpm* (git-fixes). - documentation: devices.txt: remove ttyioc* (git-fixes). - documentation: devices.txt: remove ttysioc* (git-fixes). - driver core: test_async: fix an error code (git-fixes). - drivers: clk: keystone: fix parameter judgment in _of_pll_clk_init() (git-fixes). - drivers: usb: smsusb: fix error handling code in smsusb_init_device (git-fixes). - drm/amd/display: check attr flag before set cursor degamma on dcn3+ (git-fixes). - drm/amd/display: check tg is non-null before checking if enabled (git-fixes). - drm/amd/display: do not wait for mpc idle if tg is disabled (git-fixes). - drm/amd/display: fix access hdcp_workqueue assert (git-fixes). - drm/amd/display: phase3 mst hdcp for multiple displays (git-fixes). - drm/amd/display: save restore hdcp state when display is unplugged from mst hub (git-fixes). - drm/amd/pm: fix variable dereferenced issue in amdgpu_device_attr_create() (git-fixes). - drm/amd: flush any delayed gfxoff on suspend entry (git-fixes). - drm/amdgpu: avoid integer overflow warning in amdgpu_device_resize_fb_bar() (git-fixes). - drm/amdgpu: fix potential fence use-after-free v2 (git-fixes). - drm/amdgpu: install stub fence into potential unused fence pointers (git-fixes). - drm/amdgpu: use rmw accessors for changing lnkctl (git-fixes). - drm/armada: fix off-by-one error in armada_overlay_get_property() (git-fixes). - drm/ast: fix dram init on ast2200 (git-fixes). - drm/bridge: anx7625: drop device lock before drm_helper_hpd_irq_event() (git-fixes). - drm/bridge: fix -wunused-const-variable= warning (git-fixes). - drm/bridge: tc358764: fix debug print parameter order (git-fixes). - drm/etnaviv: fix dumping of active mmu context (git-fixes). - drm/mediatek: fix dereference before null check (git-fixes). - drm/mediatek: fix potential memory leak if vmap() fail (git-fixes). - drm/msm/a2xx: call adreno_gpu_init() earlier (git-fixes). - drm/msm/mdp5: do not leak some plane state (git-fixes). - drm/nouveau/disp: revert a null check inside nouveau_connector_get_modes (git-fixes). - drm/nouveau/gr: enable memory loads on helper invocation on all channels (git-fixes). - drm/panel: simple: add missing connector type and pixel format for auo t215hvn01 (git-fixes). - drm/panel: simple: fix auo g121ean01 panel timings according to the docs (git-fixes). - drm/qxl: fix uaf on handle creation (git-fixes). - drm/radeon: use rmw accessors for changing lnkctl (git-fixes). - drm/rockchip: do not spam logs in atomic check (git-fixes). - drm/shmem-helper: reset vma->vm_ops before calling dma_buf_mmap() (git-fixes). - drm/tegra: dpaux: fix incorrect return value of platform_get_irq (git-fixes). - drm/ttm: check null pointer before accessing when swapping (git-fixes). - drm/ttm: never consider pinned bos for eviction&swap (git-fixes). - drm/vmwgfx: fix shader stage validation (git-fixes). - drm: xlnx: zynqmp_dpsub: add missing check for dma_set_mask (git-fixes). - drop cfg80211 lock fix patches that caused a regression (bsc#1213757) - drop rtsx patch that caused a regression (bsc#1214397,bsc#1214428) - dt-bindings: clock: xlnx,versal-clk: drop select:false (git-fixes). - dt-bindings: clocks: imx8mp: make sai4 a dummy clock (git-fixes). - dt-bindings: crypto: ti,sa2ul: make power-domains conditional (git-fixes). - e1000: fix typos in comments (jsc#ped-5738). - e1000: remove unnecessary use of kmap_atomic() (jsc#ped-5738). - e1000: switch to napi_build_skb() (jsc#ped-5738). - e1000: switch to napi_consume_skb() (jsc#ped-5738). - enable analog devices industrial ethernet phy driver (jsc#ped-4759) - exfat: fix unexpected eof while reading dir (bsc#1214000). - exfat: release s_lock before calling dir_emit() (bsc#1214000). - exfat_iterate(): do not open-code file_inode(file) (bsc#1214000). - fbdev/ep93xx-fb: do not assign to struct fb_info.dev (git-fixes). - fbdev: fix potential oob read in fast_imageblit() (git-fixes). - fbdev: fix sys_imageblit() for arbitrary image widths (git-fixes). - fbdev: improve performance of sys_imageblit() (git-fixes). - fbdev: mmp: fix value check in mmphw_probe() (git-fixes). - file: reinstate f_pos locking optimization for regular files (bsc#1213759). - firmware: arm_scmi: drop of node reference in the transport channel setup (git-fixes). - firmware: cs_dsp: fix new control name check (git-fixes). - firmware: meson_sm: fix to avoid potential null pointer dereference (git-fixes). - firmware: stratix10-svc: fix an null vs is_err() bug in probe (git-fixes). - fs/sysv: null check to prevent null-ptr-deref bug (git-fixes). - ftrace: fix possible warning on checking all pages used in ftrace_process_locs() (git-fixes). - gpio: mvebu: fix irq domain leak (git-fixes). - gpio: mvebu: make use of devm_pwmchip_add (git-fixes). - gpio: tps68470: make tps68470_gpio_output() always set the initial value (git-fixes). - hid: add quirk for 03f0:464a hp elite presenter mouse (git-fixes). - hid: logitech-dj: fix error handling in logi_dj_recv_switch_to_dj_mode() (git-fixes). - hid: logitech-hidpp: add usb and bluetooth ids for the logitech g915 tkl keyboard (git-fixes). - hid: multitouch: correct devm device reference for hidinput input_dev name (git-fixes). - hid: wacom: remove the battery when the ekr is off (git-fixes). - hwmon: (pmbus/bel-pfe) enable pmbus_skip_status_check for pfe1100 (git-fixes). - hwmon: (tmp513) fix the channel number in tmp51x_is_visible() (git-fixes). - hwpoison: offline support: fix spelling in documentation/abi/ (git-fixes). - hwrng: iproc-rng200 - implement suspend and resume calls (git-fixes). - hwrng: nomadik - keep clock enabled while hwrng is registered (git-fixes). - hwrng: pic32 - use devm_clk_get_enabled (git-fixes). - i2c: bcm-iproc: fix bcm_iproc_i2c_isr deadlock issue (git-fixes). - i2c: designware: correct length byte validation logic (git-fixes). - i2c: designware: handle invalid smbus block data response length value (git-fixes). - i2c: hisi: only handle the interrupt of the driver's transfer (git-fixes). - i2c: improve size determinations (git-fixes). - i2c: nomadik: remove a useless call in the remove function (git-fixes). - i2c: nomadik: remove unnecessary goto label (git-fixes). - i2c: nomadik: use devm_clk_get_enabled() (git-fixes). - i40e: fix an null vs is_err() bug for debugfs_create_dir() (git-fixes). - iavf: fix potential races for fdir filters (git-fixes). - ib/hfi1: fix possible panic during hotplug remove (git-fixes) - ib/uverbs: fix an potential error pointer dereference (git-fixes) - ice: fix max_rate check while configuring tx rate limits (git-fixes). - ice: fix memory management in ice_ethtool_fdir.c (git-fixes). - ice: fix rdma vsi removal during queue rebuild (git-fixes). - iio: adc: ina2xx: avoid null pointer dereference on of device match (git-fixes). - iio: adc: stx104: implement and utilize register structures (git-fixes). - iio: adc: stx104: utilize iomap interface (git-fixes). - iio: cros_ec: fix the allocation size for cros_ec_command (git-fixes). - input: exc3000 - properly stop timer on shutdown (git-fixes). - intel/e1000:fix repeated words in comments (jsc#ped-5738). - intel: remove unused macros (jsc#ped-5738). - iommu/amd: add pci segment support for ivrs_ commands (git-fixes). - iommu/amd: fix compile warning in init code (git-fixes). - iommu/amd: fix ill-formed ivrs_ioapic, ivrs_hpet and ivrs_acpihid options (git-fixes). - iommu/amd: fix ivrs_acpihid cmdline parsing code (git-fixes). - iommu/amd: fix pci device refcount leak in ppr_notifier() (git-fixes). - iommu/amd: use full 64-bit value in build_completion_wait() (git-fixes). - iommu/arm-smmu-v3: check return value after calling platform_get_resource() (git-fixes). - iommu/arm-smmu-v3: fix event handling soft lockup (git-fixes). - iommu/arm-smmu-v3: make default domain type of hisilicon ptt device to identity (git-fixes). - iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe() (git-fixes). - iommu/dart: initialize dart_streams_enable (git-fixes). - iommu/dma: fix incorrect error return on iommu deferred attach (git-fixes). - iommu/dma: fix iova map result check bug (git-fixes). - iommu/dma: return error code from iommu_dma_map_sg() (git-fixes). - iommu/fsl_pamu: fix resource leak in fsl_pamu_probe() (git-fixes). - iommu/io-pgtable-arm-v7s: add a quirk to allow pgtable pa up to 35bit (git-fixes). - iommu/iova: fix module config properly (git-fixes). - iommu/omap: fix buffer overflow in debugfs (git-fixes). - iommu/rockchip: fix permission bits in page table entries v2 (git-fixes). - iommu/sun50i: consider all fault sources for reset (git-fixes). - iommu/sun50i: fix flush size (git-fixes). - iommu/sun50i: fix r/w permission check (git-fixes). - iommu/sun50i: fix reset release (git-fixes). - iommu/sun50i: implement .iotlb_sync_map (git-fixes). - iommu/sun50i: remove iommu_domain_identity (git-fixes). - iommu/vt-d: add rpls to quirk list to skip te disabling (git-fixes). - iommu/vt-d: check correct capability for sagaw determination (git-fixes). - iommu/vt-d: clean up si_domain in the init_dmars() error path (git-fixes). - iommu/vt-d: correctly calculate sagaw value of iommu (git-fixes). - iommu/vt-d: fix kdump kernels boot failure with scalable mode (git-fixes). - iommu/vt-d: fix pci device refcount leak in dmar_dev_scope_init() (git-fixes). - iommu/vt-d: fix pci device refcount leak in has_external_pci() (git-fixes). - iommu/vt-d: preset access bit for iova in fl non-leaf paging entries (git-fixes). - iommu/vt-d: set sre bit only when hardware has srs cap (git-fixes). - ipmi:ssif: add check for kstrdup (git-fixes). - ipmi:ssif: fix a memory leak when scanning for an adapter (git-fixes). - ipmi_si: fix a memleak in try_smi_init() (git-fixes). - jffs2: correct logic when creating a hole in jffs2_write_begin (git-fixes). - kabi/severities: ignore newly added srso mitigation functions - kabi: allow extra bugsints (bsc#1213927). - kbuild: add -wno-shift-negative-value where -wextra is used (bsc#1214756). - kbuild: move to -std=gnu11 (bsc#1214756). - kernel-binary: common dependencies cleanup common dependencies are copied to a subpackage, there is no need for copying defines or build dependencies there. - kernel-binary: drop code for kerntypes support kerntypes was a suse-specific feature dropped before sle 12. - kunit: make kunit_test_timeout compatible with comment (git-fixes). - kvm: s390: fix sthyi error handling (git-fixes bsc#1214370). - leds: fix bug_on check for led_color_id_multi that is always false (git-fixes). - leds: multicolor: use rounded division when calculating color components (git-fixes). - leds: pwm: fix error code in led_pwm_create_fwnode() (git-fixes). - leds: trigger: tty: do not use led_on/off constants, use led_blink_set_oneshot instead (git-fixes). - leds: turris-omnia: drop unnecessary mutex locking (git-fixes). - lib/test_meminit: allocate pages up to order max_order (git-fixes). - lib/test_meminit: destroy cache in kmem_cache_alloc_bulk() test (git-fixes). - libceph: fix potential hang in ceph_osdc_notify() (bsc#1214393). - md/raid0: factor out helper for mapping and submitting a bio (bsc#1213916). - md/raid0: fix performance regression for large sequential writes (bsc#1213916). - media: ad5820: drop unsupported ad5823 from i2c_ and of_device_id tables (git-fixes). - media: cx24120: add retval check for cx24120_message_send() (git-fixes). - media: dib7000p: fix potential division by zero (git-fixes). - media: dvb-usb: m920x: fix a potential memory leak in m920x_i2c_xfer() (git-fixes). - media: go7007: remove redundant if statement (git-fixes). - media: i2c: ccs: check rules is non-null (git-fixes). - media: i2c: rdacm21: fix uninitialized value (git-fixes). - media: i2c: tvp5150: check return value of devm_kasprintf() (git-fixes). - media: ov2680: add ov2680_fill_format() helper function (git-fixes). - media: ov2680: do not take the lock for try_fmt calls (git-fixes). - media: ov2680: fix ov2680_bayer_order() (git-fixes). - media: ov2680: fix ov2680_set_fmt() which == v4l2_subdev_format_try not working (git-fixes). - media: ov2680: fix regulators being left enabled on ov2680_power_on() errors (git-fixes). - media: ov2680: fix vflip / hflip set functions (git-fixes). - media: ov2680: remove video_v4l2_subdev_api ifdef-s (git-fixes). - media: ov5640: enable mipi interface in ov5640_set_power_mipi() (git-fixes). - media: rkvdec: increase max supported height for h.264 (git-fixes). - media: v4l2-core: fix a potential resource leak in v4l2_fwnode_parse_link() (git-fixes). - media: v4l2-mem2mem: add lock to protect parameter num_rdy (git-fixes). - media: venus: hfi_venus: only consider sys_idle_indicator on v1 (git-fixes). - media: venus: hfi_venus: write to vidc_ctrl_init after unmasking interrupts (git-fixes). - misc: rtsx: judge aspm mode to set petxcfg reg (git-fixes). - mkspec: allow unsupported kmps (bsc#1214386) - mlxsw: pci: add shutdown method in pci driver (git-fixes). - mmc: block: fix in_flight[issue_type] value error (git-fixes). - mmc: moxart: read scr register without changing byte order (git-fixes). - mmc: wbsd: fix double mmc_free_host() in wbsd_init() (git-fixes). - module: avoid allocation if module is already present and ready (bsc#1213921). - module: extract patient module check into helper (bsc#1213921). - module: move check_modinfo() early to early_mod_check() (bsc#1213921). - module: move early sanity checks into a helper (bsc#1213921). - move upstreamed hid patch into sorted section - move upstreamed powerpc patches into sorted section - mtd: rawnand: brcmnand: fix crash during the panic_write (git-fixes). - mtd: rawnand: brcmnand: fix mtd oobsize (git-fixes). - mtd: rawnand: brcmnand: fix potential false time out warning (git-fixes). - mtd: rawnand: brcmnand: fix potential out-of-bounds access in oob write (git-fixes). - mtd: rawnand: fsl_upm: fix an off-by one test in fun_exec_op() (git-fixes). - mtd: rawnand: fsmc: handle clk prepare error in fsmc_nand_resume() (git-fixes). - mtd: rawnand: omap_elm: fix incorrect type in assignment (git-fixes). - mtd: rawnand: rockchip: align hwecc vs. raw page helper layouts (git-fixes). - mtd: rawnand: rockchip: fix oobfree offset and description (git-fixes). - mtd: spi-nor: check bus width while setting qe bit (git-fixes). - mtd: spinand: toshiba: fix ecc_get_status (git-fixes). - n_tty: rename tail to old_tail in n_tty_read() (git-fixes). - net: hns3: fix wrong bw weight of disabled tc issue (git-fixes). - net: ieee802154: at86rf230: stop leaking skb's (git-fixes). - net: mana: fix mana vf unload when hardware is unresponsive (git-fixes). - net: phy: at803x: remove set/get wol callbacks for ar8032 (git-fixes). - net: phy: broadcom: stub c45 read/write for 54810 (git-fixes). - net: phy: fix irq-based wake-on-lan over hibernate / power off (git-fixes). - net: usb: lan78xx: reorder cleanup operations to avoid uaf bugs (git-fixes). - net: usbnet: fix warning in usbnet_start_xmit/usb_submit_urb (git-fixes). - netfs: fix lockdep warning from taking sb_writers whilst holding mmap_lock (bsc#1214742). - netfs: fix missing xas_retry() calls in xarray iteration (bsc#1213946). - netfs: fix parameter of cleanup() (bsc#1214743). - nfsd: remove incorrect check in nfsd4_validate_stateid (git-fixes). - nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput (git-fixes). - nilfs2: fix warning in mark_buffer_dirty due to discarded buffer reuse (git-fixes). - nvme-rdma: fix potential unbalanced freeze & unfreeze (bsc#1208902). - nvme-tcp: fix potential unbalanced freeze & unfreeze (bsc#1208902). - objtool/x86: fix srso mess (git-fixes). - objtool/x86: fixup frame-pointer vs rethunk (git-fixes). - objtool: union instruction::{call_dest,jump_table} (git-fixes). - old-flavors: drop 2.6 kernels. 2.6 based kernels are eol, upgrading from them is no longer suported. - pci/aspm: avoid link retraining race (git-fixes). - pci/aspm: factor out pcie_wait_for_retrain() (git-fixes). - pci/aspm: return 0 or -etimedout from pcie_retrain_link() (git-fixes). - pci: acpiphp: reassign resources on bridge if necessary (git-fixes). - pci: acpiphp: use pci_assign_unassigned_bridge_resources() only for non-root bus (git-fixes). - pci: mark nvidia t4 gpus to avoid bus reset (git-fixes). - pci: meson: remove cast between incompatible function type (git-fixes). - pci: microchip: correct the ded and sec interrupt bit offsets (git-fixes). - pci: microchip: remove cast between incompatible function type (git-fixes). - pci: pciehp: use rmw accessors for changing lnkctl (git-fixes). - pci: rockchip: remove writes to unused registers (git-fixes). - pci: s390: fix use-after-free of pci resources with per-function hotplug (git-fixes). - pci: tegra194: fix possible array out of bounds access (git-fixes). - pcmcia: rsrc_nonstatic: fix memory leak in nonstatic_release_resource_db() (git-fixes). - phy/rockchip: inno-hdmi: do not power on rk3328 post pll on reg write (git-fixes). - phy/rockchip: inno-hdmi: round fractal pixclock in rk3328 recalc_rate (git-fixes). - phy/rockchip: inno-hdmi: use correct vco_div_5 macro on rk3328 (git-fixes). - phy: qcom-snps-femto-v2: keep cfg_ahb_clk enabled during runtime suspend (git-fixes). - phy: qcom-snps-femto-v2: properly enable ref clock (git-fixes). - phy: qcom-snps: correct struct qcom_snps_hsphy kerneldoc (git-fixes). - phy: qcom-snps: use dev_err_probe() to simplify code (git-fixes). - pinctrl: cherryview: fix address_space_handler() argument (git-fixes). - pinctrl: mcp23s08: check return value of devm_kasprintf() (git-fixes). - pinctrl: renesas: rza2: add lock around pinctrl_generic{{add,remove}_group,{add,remove}_function} (git-fixes). - platform/x86: dell-sysman: fix reference leak (git-fixes). - pm / devfreq: fix leak in devfreq_dev_release() (git-fixes). - powerpc/64e: fix kexec build error (bsc#1212091 ltc#199106). - powerpc/iommu: do not set failed sg dma_address to dma_mapping_error (bsc#1212091 ltc#199106). - powerpc/iommu: fix iommu_table_in_use for a small default dma window case (bsc#1212091 ltc#199106). - powerpc/iommu: incorrect ddw table is referenced for sr-iov device (bsc#1212091 ltc#199106). - powerpc/iommu: return error code from .map_sg() ops (bsc#1212091 ltc#199106). - powerpc/iommu: tces are incorrectly manipulated with dlpar add/remove of memory (bsc#1212091 ltc#199106). - powerpc/kernel/iommu: add new iommu_table_in_use() helper (bsc#1212091 ltc#199106). - powerpc/kexec: fix build failure from uninitialised variable (bsc#1212091 ltc#199106). - powerpc/mm/altmap: fix altmap boundary check (bsc#1120059 git-fixes). - powerpc/pseries/ddw: do not try direct mapping with persistent memory and one window (bsc#1212091 ltc#199106). - powerpc/pseries/ddw: simplify enable_ddw() (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: add ddw_list_new_entry() helper (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: add ddw_property_create() and refactor enable_ddw() (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: add iommu_pseries_alloc_table() helper (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: add of_node_put() before break (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: allow ddw windows starting at 0x00 (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: check if the default window in use before removing it (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: create huge dma window if no mmio32 is present (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: find existing ddw with given property name (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: make use of ddw for indirect mapping (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: print ibm,query-pe-dma-windows parameters (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: rename "direct window" to "dma window" (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: reorganize iommu_table_setparms*() with new helper (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: replace hard-coded page shift (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: update remove_dma_window() to accept property name (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: use correct vfree for it_map (bsc#1212091 ltc#199106). - powerpc/pseries: add __init attribute to eligible functions (bsc#1212091 ltc#199106). - powerpc/pseries: honour current smt state when dlpar onlining cpus (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - powerpc/pseries: initialise cpu hotplug callbacks earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - powerpc/rtas: block error injection when locked down (bsc#1023051). - powerpc/rtas: enture rtas_call is called with mmu enabled (bsc#1023051). - powerpc/rtas_flash: allow user copy to flash block cache objects (bsc#1194869). - powerpc/security: fix speculation_store_bypass reporting on power10 (bsc#1188885 ltc#193722 git-fixes). - powerpc: add hotplug_smt support (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). update config files. - powerpc: fix typos in comments (bsc#1212091 ltc#199106). - powerpc: move dma64_propname define to a header (bsc#1214297 ltc#197503). - pseries/iommu/ddw: fix kdump to work in absence of ibm,dma-window (bsc#1214297 ltc#197503). - pstore/ram: check start of empty przs during init (git-fixes). - pwm: add a stub for devm_pwmchip_add() (git-fixes). - pwm: meson: fix handling of period/duty if greater than uint_max (git-fixes). - pwm: meson: simplify duplicated per-channel tracking (git-fixes). - qed: fix scheduling in a tasklet while getting stats (git-fixes). - rdma/bnxt_re: fix error handling in probe failure path (git-fixes) - rdma/bnxt_re: fix max_qp count for virtual functions (git-fixes) - rdma/efa: fix wrong resources deallocation order (git-fixes) - rdma/hns: fix cq and qp cache affinity (git-fixes) - rdma/hns: fix incorrect post-send with direct wqe of wr-list (git-fixes) - rdma/hns: fix port active speed (git-fixes) - rdma/irdma: prevent zero-length stag registration (git-fixes) - rdma/irdma: replace one-element array with flexible-array member (git-fixes) - rdma/mlx5: return the firmware result upon destroying qp/rq (git-fixes) - rdma/qedr: remove a duplicate assignment in irdma_query_ah() (git-fixes) - rdma/siw: balance the reference of cep->kref in the error path (git-fixes) - rdma/siw: correct wrong debug message (git-fixes) - rdma/umem: set iova in odp flow (git-fixes) - readme.branch: add miroslav franc as a sle15-sp4 co-maintainer. - regmap: rbtree: use alloc_flags for memory allocations (git-fixes). - revert "ib/isert: fix incorrect release of isert connection" (git-fixes) - revert "tracing: add "(fault)" name injection to kernel probes" (git-fixes). - ring-buffer: do not swap cpu_buffer during resize process (git-fixes). - ring-buffer: fix deadloop issue on reading trace_pipe (git-fixes). - ring-buffer: fix wrong stat of cpu_buffer->read (git-fixes). - rpmsg: glink: add check for kstrdup (git-fixes). - s390/purgatory: disable branch profiling (git-fixes bsc#1214372). - sched/fair: fix inaccurate tally of ttwu_move_affine (git fixes). - sched/fair: use recent_used_cpu to test p->cpus_ptr (git fixes). - sched/psi: use kernfs polling functions for psi trigger polling (bsc#1209799). - scsi: bsg: increase number of devices (bsc#1210048). - scsi: core: do not wait for quiesce in scsi_device_block() (bsc#1209284). - scsi: core: do not wait for quiesce in scsi_stop_queue() (bsc#1209284). - scsi: core: improve warning message in scsi_device_block() (bsc#1209284). - scsi: core: merge scsi_internal_device_block() and device_block() (bsc#1209284). - scsi: rdma/srp: fix residual handling (git-fixes) - scsi: sg: increase number of devices (bsc#1210048). - scsi: storvsc: always set no_report_opcodes (git-fixes). - scsi: storvsc: fix handling of virtual fibre channel timeouts (git-fixes). - scsi: storvsc: handle srb status value 0x30 (git-fixes). - scsi: storvsc: limit max_sectors for virtual fibre channel devices (git-fixes). - scsi: zfcp: defer fc_rport blocking until after adisc response (git-fixes bsc#1214371). - selftests/futex: order calls to futex_lock_pi (git-fixes). - selftests/harness: actually report skip for signal tests (git-fixes). - selftests/resctrl: close perf value read fd on errors (git-fixes). - selftests/resctrl: do not leak buffer in fill_cache() (git-fixes). - selftests/resctrl: unmount resctrl fs if child fails to run benchmark (git-fixes). - selftests/rseq: check if libc rseq support is registered (git-fixes). - selftests: forwarding: add a helper to skip test when using veth pairs (git-fixes). - selftests: forwarding: ethtool: skip when using veth pairs (git-fixes). - selftests: forwarding: ethtool_extended_state: skip when using veth pairs (git-fixes). - selftests: forwarding: skip test when no interfaces are specified (git-fixes). - selftests: forwarding: switch off timeout (git-fixes). - selftests: forwarding: tc_actions: cleanup temporary files when test is aborted (git-fixes). - selftests: forwarding: tc_actions: use ncat instead of nc (git-fixes). - selftests: forwarding: tc_flower: relax success criterion (git-fixes). - selftests: mirror_gre_changes: tighten up the ttl test match (git-fixes). - serial: sc16is7xx: fix broken port 0 uart init (git-fixes). - serial: sc16is7xx: fix bug when first setting gpio direction (git-fixes). - serial: sprd: assign sprd_port after initialized to avoid wrong access (git-fixes). - serial: sprd: fix dma buffer leak issue (git-fixes). - serial: tegra: handle clk prepare error in tegra_uart_hw_init() (git-fixes). - sfc: fix crash when reading stats while nic is resetting (git-fixes). - smb3: do not send lease break acknowledgment if all file handles have been closed (git-fixes). - smb3: do not set ntlmssp_version flag for negotiate not auth request (bsc#1193629). - smb: client: fix -wstringop-overflow issues (bsc#1193629). - smb: client: fix dfs link mount against w2k8 (bsc#1212142). - smb: client: fix null auth (git-fixes). - soc: aspeed: socinfo: add kfree for kstrdup (git-fixes). - soundwire: bus: pm_runtime_request_resume on peripheral attachment (git-fixes). - soundwire: fix enumeration completion (git-fixes). - spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe() (git-fixes). - supported.conf: fix typos for -!optional markers - target: compare and write backend driver sense handling (bsc#1177719 bsc#1213026). - target_core_rbd: fix leak and reduce kmalloc calls (bsc#1212873). - target_core_rbd: fix rbd_img_request.snap_id assignment (bsc#1212857). - target_core_rbd: remove snapshot existence validation code (bsc#1212857). - thunderbolt: read retimer nvm authentication status prior tb_retimer_set_inbound_sbtx() (git-fixes). - timers: add shutdown mechanism to the internal functions (bsc#1213970). - timers: provide timer_shutdown[_sync]() (bsc#1213970). - timers: rename del_timer() to timer_delete() (bsc#1213970). - timers: rename del_timer_sync() to timer_delete_sync() (bsc#1213970). - timers: replace bug_on()s (bsc#1213970). - timers: silently ignore timers with a null function (bsc#1213970). - timers: split [try_to_]del_timer[_sync]() to prepare for shutdown mode (bsc#1213970). - timers: update kernel-doc for various functions (bsc#1213970). - timers: use del_timer_sync() even on up (bsc#1213970). - tracing/histograms: add histograms to hist_vars if they have referenced variables (git-fixes). - tracing/histograms: return an error if we fail to add histogram to hist_vars list (git-fixes). - tracing/probes: fix not to count error code to total length (git-fixes). - tracing/probes: fix to avoid double count of the string length on the array (git-fixes). - tracing/probes: fix to record 0-length data_loc in fetch_store_string*() if fails (git-fixes). - tracing: fix cpu buffers unavailable due to 'record_disabled' missed (git-fixes). - tracing: fix memleak due to race between current_tracer and trace (git-fixes). - tracing: fix memory leak of iter->temp when reading trace_pipe (git-fixes). - tracing: fix null pointer dereference in tracing_err_log_open() (git-fixes). - tracing: fix warning in trace_buffered_event_disable() (git-fixes). - tty: fix hang on tty device with no_room set (git-fixes). - tty: n_gsm: fix the uaf caused by race condition in gsm_cleanup_mux (git-fixes). - tty: serial: fsl_lpuart: add i.mxrt1050 support (git-fixes). - tty: serial: fsl_lpuart: clear the error flags by writing 1 for lpuart32 platforms (git-fixes). - tty: serial: fsl_lpuart: make rx_watermark configurable for different platforms (git-fixes). - tty: serial: fsl_lpuart: reduce rx watermark to 0 on ls1028a (git-fixes). - ubifs: fix memleak when insert_old_idx() failed (git-fixes). - update cpufreq-intel_pstate-fix-cpu-pstate.turbo_freq-initi (git-fixes bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929). - usb-storage: alauda: fix uninit-value in alauda_check_media() (git-fixes). - usb: chipidea: imx: add missing usb phy dpdm wakeup setting (git-fixes). - usb: chipidea: imx: do not request qos for imx8ulp (git-fixes). - usb: chipidea: imx: improve logic if samsung,picophy-* parameter is 0 (git-fixes). - usb: common: usb-conn-gpio: prevent bailing out if initial role is none (git-fixes). - usb: dwc3: fix typos in gadget.c (git-fixes). - usb: dwc3: meson-g12a: do post init to fix broken usb after resumption (git-fixes). - usb: dwc3: properly handle processing of pending events (git-fixes). - usb: gadget: f_mass_storage: fix unused variable warning (git-fixes). - usb: gadget: fix the memory leak in raw_gadget driver (git-fixes). - usb: gadget: u_serial: avoid spinlock recursion in __gs_console_push (git-fixes). - usb: ohci-at91: fix the unhandle interrupt when resume (git-fixes). - usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host() (git-fixes). - usb: quirks: add quirk for focusrite scarlett (git-fixes). - usb: serial: option: add quectel ec200a module support (git-fixes). - usb: serial: option: support quectel em060k_128 (git-fixes). - usb: serial: simple: add kaufmann rks+can vcp (git-fixes). - usb: serial: simple: sort driver entries (git-fixes). - usb: typec: altmodes/displayport: signal hpd when configuring pin assignment (git-fixes). - usb: typec: tcpm: fix response to vsafe0v event (git-fixes). - usb: typec: tcpm: set initial svdm version based on pd revision (git-fixes). - usb: zaurus: add id for a-300/b-500/c-700 (git-fixes). - watchdog: sp5100_tco: support hygon fch/sch (server controller hub) (git-fixes). - wifi: ath10k: use rmw accessors for changing lnkctl (git-fixes). - wifi: ath11k: use rmw accessors for changing lnkctl (git-fixes). - wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx (git-fixes). - wifi: ath9k: protect wmi command response buffer replacement with a lock (git-fixes). - wifi: ath9k: use is_err() with debugfs_create_dir() (git-fixes). - wifi: cfg80211: fix return value in scan logic (git-fixes). - wifi: cfg80211: fix sband iftype data lookup for ap_vlan (git-fixes). - wifi: mt76: mt7615: do not advertise 5 ghz on first phy of mt7615d (dbdc) (git-fixes). - wifi: mt76: mt7915: fix power-limits while chan_switch (git-fixes). - wifi: mt76: mt7921: do not support one stream on secondary antenna only (git-fixes). - wifi: mt76: testmode: add nla_policy for mt76_tm_attr_tx_length (git-fixes). - wifi: mwifiex: avoid possible null skb pointer dereference (git-fixes). - wifi: mwifiex: fix error recovery in pcie buffer descriptor management (git-fixes). - wifi: mwifiex: fix memory leak in mwifiex_histogram_read() (git-fixes). - wifi: mwifiex: fix missed return in oob checks failed path (git-fixes). - wifi: mwifiex: fix oob and integer underflow when rx packets (git-fixes). - wifi: nl80211/cfg80211: add forgotten nla_policy for bss color attribute (git-fixes). - wifi: radiotap: fix kernel-doc notation warnings (git-fixes). - wifi: rtw89: debug: fix error handling in rtw89_debug_priv_btc_manual_set() (git-fixes). - x86/alternative: make custom return thunk unconditional (git-fixes). - x86/cpu/amd: disable xsaves on amd family 0x17 (git-fixes). - x86/cpu/kvm: provide untrain_ret_vm (git-fixes). - x86/cpu: clean up srso return thunk mess (git-fixes). - x86/cpu: cleanup the untrain mess (git-fixes). - x86/cpu: fix __x86_return_thunk symbol type (git-fixes). - x86/cpu: fix up srso_safe_ret() and __x86_return_thunk() (git-fixes). - x86/cpu: rename original retbleed methods (git-fixes). - x86/cpu: rename srso_(.*)_alias to srso_alias_\1 (git-fixes). - x86/mce: make sure logged mces are processed after sysfs update (git-fixes). - x86/retpoline,kprobes: fix position of thunk sections with config_lto_clang (git-fixes). - x86/retpoline,kprobes: skip optprobe check for indirect jumps with retpolines and ibt (git-fixes). - x86/retpoline: do not clobber rflags during srso_safe_ret() (git-fixes). - x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635). - x86/speculation: add cpu_show_gds() prototype (git-fixes). - x86/speculation: mark all skylake cpus as vulnerable to gds (git-fixes). - x86/srso: correct the mitigation status when smt is disabled (git-fixes). - x86/srso: disable the mitigation on unaffected configurations (git-fixes). - x86/srso: explain the untraining sequences a bit more (git-fixes). - x86/srso: fix build breakage with the llvm linker (git-fixes). - x86/srso: fix return thunks in generated code (git-fixes). - x86/static_call: fix __static_call_fixup() (git-fixes). - xfs: fix sb write verify for lazysbcount (bsc#1214661). kernel-default-5.14.21-150400.24.88.1.nosrc.rpm True kernel-default-5.14.21-150400.24.88.1.x86_64.rpm True kernel-default-base-5.14.21-150400.24.88.1.150400.24.40.1.src.rpm True kernel-default-base-5.14.21-150400.24.88.1.150400.24.40.1.x86_64.rpm True kernel-default-devel-5.14.21-150400.24.88.1.x86_64.rpm True kernel-devel-5.14.21-150400.24.88.1.noarch.rpm True kernel-macros-5.14.21-150400.24.88.1.noarch.rpm True kernel-source-5.14.21-150400.24.88.1.src.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2023-4721 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for installation-images fixes the following issues: - cifs kernel modules have a new location (bsc#1214329) installation-images-SLES-16.57.27-150400.3.14.2.src.rpm tftpboot-installation-SLE-15-SP4-aarch64-16.57.27-150400.3.14.2.noarch.rpm tftpboot-installation-SLE-15-SP4-ppc64le-16.57.27-150400.3.14.2.noarch.rpm tftpboot-installation-SLE-15-SP4-s390x-16.57.27-150400.3.14.2.noarch.rpm tftpboot-installation-SLE-15-SP4-x86_64-16.57.27-150400.3.14.2.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4342 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed fixes the following issues: Changes in nvidia-open-driver-G06-signed: - Update to version 535.113.01 - post install scripts: * add/remove nosimplefb=1 kernel option in order to fix Linux console also on sle15-sp6/Leap 15.6 kernel, which will come with simpledrm support - Add a devel package so other modules can be built against this one. [jira#PED-4964] - disabled build of nvidia-peermem module; it's no longer needed and never worked anyway (it was only a stub) [boo#1211892] - preamble: added conflict to nvidia-gfxG05-kmp to prevent users from accidently installing conflicting proprietary kernelspace drivers from CUDA repository Changes in kernel-firmware-nvidia-gspx-G06: - update firmware to version 535.113.01 kernel-firmware-nvidia-gspx-G06-535.113.01-150400.9.9.1.nosrc.rpm kernel-firmware-nvidia-gspx-G06-535.113.01-150400.9.9.1.x86_64.rpm nvidia-open-driver-G06-signed-535.113.01-150400.9.24.1.src.rpm nvidia-open-driver-G06-signed-default-devel-535.113.01-150400.9.24.1.x86_64.rpm nvidia-open-driver-G06-signed-kmp-default-535.113.01_k5.14.21_150400.24.92-150400.9.24.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4197 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for tracker fixes the following issues: - use pkgconfig(icu-i18n) to use the current libicu (jsc#PED-6193) libtracker-sparql-3_0-0-3.2.1-150400.3.3.1.x86_64.rpm tracker-3.2.1-150400.3.3.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4552 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libteam fixes the following issues: - Document ARP Ping link_watch.vlanid option in teamd.conf man page (bsc#1215527) libteam-1.27-150000.4.12.1.src.rpm libteam-devel-1.27-150000.4.12.1.x86_64.rpm libteam5-1.27-150000.4.12.1.x86_64.rpm libteamdctl0-1.27-150000.4.12.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3951 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for python3-jmespath and python3-ply fixes the following issue: - the packages are required as dependencies for python3-salt, and were missing on aarch64 based SLE Micro flavors so far. There are no functional changes. python-jmespath-0.9.3-150000.3.5.1.src.rpm python-ply-3.10-150000.3.5.1.src.rpm python3-jmespath-0.9.3-150000.3.5.1.noarch.rpm python3-ply-3.10-150000.3.5.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3997 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). libnghttp2-14-1.40.0-150200.9.1.x86_64.rpm libnghttp2-14-32bit-1.40.0-150200.9.1.x86_64.rpm libnghttp2-devel-1.40.0-150200.9.1.x86_64.rpm libnghttp2_asio-devel-1.40.0-150200.9.1.x86_64.rpm libnghttp2_asio1-1.40.0-150200.9.1.x86_64.rpm nghttp2-1.40.0-150200.9.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4617 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for javapackages-tools fixes the following issues: - Add requirement for `python-xml` as it is needed by some scripts - Ensure reproducibility of built binaries - Minor bug fixes javapackages-filesystem-6.2.0-150200.3.12.1.x86_64.rpm javapackages-tools-6.2.0-150200.3.12.1.src.rpm javapackages-tools-6.2.0-150200.3.12.1.x86_64.rpm javapackages-tools-extras-6.2.0-150200.3.12.1.src.rpm python3-javapackages-6.2.0-150200.3.12.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3963 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libX11 fixes the following issues: - CVE-2023-43786: Fixed stack exhaustion from infinite recursion in PutSubImage() (bsc#1215684). - CVE-2023-43787: Fixed integer overflow in XCreateImage() leading to a heap overflow (bsc#1215685). - CVE-2023-43785: Fixed out-of-bounds memory access in _XkbReadKeySyms() (bsc#1215683). libX11-1.6.5-150000.3.33.1.src.rpm libX11-6-1.6.5-150000.3.33.1.x86_64.rpm libX11-data-1.6.5-150000.3.33.1.noarch.rpm libX11-devel-1.6.5-150000.3.33.1.x86_64.rpm libX11-xcb1-1.6.5-150000.3.33.1.x86_64.rpm libX11-xcb1-32bit-1.6.5-150000.3.33.1.x86_64.rpm libX11-6-32bit-1.6.5-150000.3.33.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4143 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update provides rebuilds of various packages against the newer icu73 to support GB18030-2023. This set contains libreoffice, various libraries used by libreoffice and GNOME, and brltty. brlapi-devel-6.4-150400.4.5.1.x86_64.rpm brltty-6.4-150400.4.5.1.src.rpm harfbuzz-3.4.0-150400.3.8.1.src.rpm harfbuzz-devel-3.4.0-150400.3.8.1.x86_64.rpm libbrlapi0_8-6.4-150400.4.5.1.x86_64.rpm libharfbuzz-gobject0-3.4.0-150400.3.8.1.x86_64.rpm libharfbuzz-icu0-3.4.0-150400.3.8.1.x86_64.rpm libharfbuzz-subset0-3.4.0-150400.3.8.1.x86_64.rpm libharfbuzz0-3.4.0-150400.3.8.1.x86_64.rpm libvte-2_91-0-0.66.2-150400.3.2.1.x86_64.rpm python3-brlapi-6.4-150400.4.5.1.x86_64.rpm system-user-brltty-6.4-150400.4.5.1.noarch.rpm typelib-1_0-HarfBuzz-0_0-3.4.0-150400.3.8.1.x86_64.rpm typelib-1_0-Vte-2.91-0.66.2-150400.3.2.1.x86_64.rpm vte-0.66.2-150400.3.2.1.src.rpm libharfbuzz0-32bit-3.4.0-150400.3.8.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3994 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for git fixes the following issues: - Downgrade openssh dependency to recommends (bsc#1215533) git-2.35.3-150300.10.30.1.src.rpm git-core-2.35.3-150300.10.30.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4110 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) glibc-2.31-150300.63.1.src.rpm glibc-2.31-150300.63.1.x86_64.rpm glibc-devel-2.31-150300.63.1.x86_64.rpm glibc-extra-2.31-150300.63.1.x86_64.rpm glibc-i18ndata-2.31-150300.63.1.noarch.rpm glibc-info-2.31-150300.63.1.noarch.rpm glibc-lang-2.31-150300.63.1.noarch.rpm glibc-locale-2.31-150300.63.1.x86_64.rpm glibc-locale-base-2.31-150300.63.1.x86_64.rpm glibc-locale-base-32bit-2.31-150300.63.1.x86_64.rpm glibc-profile-2.31-150300.63.1.x86_64.rpm nscd-2.31-150300.63.1.x86_64.rpm glibc-32bit-2.31-150300.63.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3946 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libvpx fixes the following issues: - CVE-2023-5217: Fixed a heap buffer overflow (bsc#1215778). libvpx-1.11.0-150400.3.3.1.src.rpm libvpx-devel-1.11.0-150400.3.3.1.x86_64.rpm libvpx7-1.11.0-150400.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4091 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for python-gevent fixes the following issues: - CVE-2023-41419: Fixed a http request smuggling (bsc#1215469). python-gevent-1.2.2-150000.5.3.1.src.rpm python3-gevent-1.2.2-150000.5.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-3965 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libXpm fixes the following issues: - CVE-2023-43788: Fixed an out of bounds read when creating an image (bsc#1215686). - CVE-2023-43789: Fixed an out of bounds read when parsing an XPM file with a corrupted colormap (bsc#1215687). libXpm-3.5.12-150000.3.10.1.src.rpm libXpm-devel-3.5.12-150000.3.10.1.x86_64.rpm libXpm4-3.5.12-150000.3.10.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4112 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for open-vm-tools fixes the following issue: - Ship correct open-vm-tools version to 15-SP4 (bsc#1205927) libvmtools-devel-12.3.0-150300.40.1.x86_64.rpm libvmtools0-12.3.0-150300.40.1.x86_64.rpm open-vm-tools-12.3.0-150300.40.1.src.rpm open-vm-tools-12.3.0-150300.40.1.x86_64.rpm open-vm-tools-containerinfo-12.3.0-150300.40.1.x86_64.rpm open-vm-tools-salt-minion-12.3.0-150300.40.1.x86_64.rpm open-vm-tools-sdmp-12.3.0-150300.40.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4138 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for systemd-rpm-macros fixes the following issues: - Switch to `systemd-hwdb` tool when updating the HW database. It's been introduced in systemd v219 and replaces the deprecated command `udevadm hwdb`. systemd-rpm-macros-14-150000.7.36.1.noarch.rpm systemd-rpm-macros-14-150000.7.36.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4178 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for sssd fixes the following issues: - LDAP password policy: return failure if there are no grace logins left (bsc#1214434) libipa_hbac-devel-2.5.2-150400.4.17.1.x86_64.rpm libipa_hbac0-2.5.2-150400.4.17.1.x86_64.rpm libsss_certmap-devel-2.5.2-150400.4.17.1.x86_64.rpm libsss_certmap0-2.5.2-150400.4.17.1.x86_64.rpm libsss_idmap-devel-2.5.2-150400.4.17.1.x86_64.rpm libsss_idmap0-2.5.2-150400.4.17.1.x86_64.rpm libsss_nss_idmap-devel-2.5.2-150400.4.17.1.x86_64.rpm libsss_nss_idmap0-2.5.2-150400.4.17.1.x86_64.rpm libsss_simpleifp-devel-2.5.2-150400.4.17.1.x86_64.rpm libsss_simpleifp0-2.5.2-150400.4.17.1.x86_64.rpm python3-sssd-config-2.5.2-150400.4.17.1.x86_64.rpm sssd-2.5.2-150400.4.17.1.src.rpm sssd-2.5.2-150400.4.17.1.x86_64.rpm sssd-ad-2.5.2-150400.4.17.1.x86_64.rpm sssd-common-2.5.2-150400.4.17.1.x86_64.rpm sssd-common-32bit-2.5.2-150400.4.17.1.x86_64.rpm sssd-dbus-2.5.2-150400.4.17.1.x86_64.rpm sssd-ipa-2.5.2-150400.4.17.1.x86_64.rpm sssd-kcm-2.5.2-150400.4.17.1.x86_64.rpm sssd-krb5-2.5.2-150400.4.17.1.x86_64.rpm sssd-krb5-common-2.5.2-150400.4.17.1.x86_64.rpm sssd-ldap-2.5.2-150400.4.17.1.x86_64.rpm sssd-proxy-2.5.2-150400.4.17.1.x86_64.rpm sssd-tools-2.5.2-150400.4.17.1.x86_64.rpm sssd-winbind-idmap-2.5.2-150400.4.17.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4453 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libjansson ships the missing 32bit library to the Basesystem module of 15 SP5. libjansson-2.14-150000.3.5.1.src.rpm libjansson-devel-2.14-150000.3.5.1.x86_64.rpm libjansson4-2.14-150000.3.5.1.x86_64.rpm libjansson4-32bit-2.14-150000.3.5.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4044 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) curl-8.0.1-150400.5.32.1.src.rpm curl-8.0.1-150400.5.32.1.x86_64.rpm libcurl-devel-8.0.1-150400.5.32.1.x86_64.rpm libcurl4-32bit-8.0.1-150400.5.32.1.x86_64.rpm libcurl4-8.0.1-150400.5.32.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4450 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for crypto-policies fixes the following issues: - Enable setting the kernel FIPS mode with the fips-mode-setup and fips-finish-install commands (jsc#PED-5041) - Adapt fips-mode-setup to use the pbl command from the perl-Bootloader package instead of grubby and add a note for transactional systems - Ship the man pages for fips-mode-setup and fips-finish-install - Make the supported versions change in the update-crypto-policies(8) man page persistent (bsc#1209998) crypto-policies-20210917.c9d86d1-150400.3.6.1.noarch.rpm crypto-policies-20210917.c9d86d1-150400.3.6.1.src.rpm crypto-policies-scripts-20210917.c9d86d1-150400.3.6.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4072 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-4563: Fixed an use-after-free flaw in the nftables sub-component. This vulnerability could allow a local attacker to crash the system or lead to a kernel information leak problem. (bsc#1214727) - CVE-2023-39194: Fixed a flaw in the processing of state filters which could allow a local attackers to disclose sensitive information. (bsc#1215861) - CVE-2023-39193: Fixed a flaw in the processing of state filters which could allow a local attackers to disclose sensitive information. (bsc#1215860) - CVE-2023-39192: Fixed a flaw in the u32_match_it function which could allow a local attackers to disclose sensitive information. (bsc#1215858) - CVE-2023-42754: Fixed a null pointer dereference in ipv4_link_failure which could lead an authenticated attacker to trigger a DoS. (bsc#1215467) - CVE-2023-5345: fixed an use-after-free vulnerability in the fs/smb/client component which could be exploited to achieve local privilege escalation. (bsc#1215899) - CVE-2023-4155: Fixed a flaw in KVM AMD Secure Encrypted Virtualization (SEV). An attacker can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages. (bsc#1214022) - CVE-2023-4389: Fixed a reference counting issue in the Btrfs filesystem that could be exploited in order to leak internal kernel information or crash the system (bsc#1214351). - CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges (bsc#1215150). - CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95% (bsc#1212703). - CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio (bsc#1215275). - CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117). - CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115). - CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs which could be exploited to crash the system (bsc#1210169). - CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221). - CVE-2023-2177: Fixed a null pointer dereference issue in the sctp network protocol which could allow a user to crash the system (bsc#1210643). - CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995). The following non-security bugs were fixed: - ALSA: hda/cirrus: Fix broken audio on hardware with two CS42L42 codecs (git-fixes). - ALSA: hda/realtek: Splitting the UX3402 into two separate models (git-fixes). - ARM: pxa: remove use of symbol_get() (git-fixes). - arm64: csum: Fix OoB access in IP checksum code for negative lengths (git-fixes). - arm64: module-plts: inline linux/moduleloader.h (git-fixes) - arm64: module: Use module_init_layout_section() to spot init sections (git-fixes) - arm64: sdei: abort running SDEI handlers during crash (git-fixes) - arm64: tegra: Update AHUB clock parent and rate (git-fixes) - arm64/fpsimd: Only provide the length to cpufeature for xCR registers (git-fixes) - ASoC: imx-audmix: Fix return error with devm_clk_get() (git-fixes). - ASoC: meson: spdifin: start hw on dai probe (git-fixes). - ASoC: soc-utils: Export snd_soc_dai_is_dummy() symbol (git-fixes). - ASoC: tegra: Fix redundant PLLA and PLLA_OUT0 updates (git-fixes). - ata: libata: disallow dev-initiated LPM transitions to unsupported states (git-fixes). - ata: pata_falcon: fix IO base selection for Q40 (git-fixes). - ata: pata_ftide010: Add missing MODULE_DESCRIPTION (git-fixes). - ata: sata_gemini: Add missing MODULE_DESCRIPTION (git-fixes). - backlight: gpio_backlight: Drop output GPIO direction check for initial power state (git-fixes). - blk-iocost: fix divide by 0 error in calc_lcoefs() (bsc#1214986). - blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost (bsc#1214992). - block/mq-deadline: use correct way to throttling write requests (bsc#1214993). - Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition (git-fixes). - bnx2x: new flag for track HW resource allocation (bsc#1202845 bsc#1215322). - bpf: Clear the probe_addr for uprobe (git-fixes). - btrfs: do not hold CPU for too long when defragging a file (bsc#1214988). - drm: gm12u320: Fix the timeout usage for usb_bulk_msg() (git-fixes). - drm/amd/display: fix the white screen issue when >= 64GB DRAM (git-fixes). - drm/amd/display: prevent potential division by zero errors (git-fixes). - drm/display: Do not assume dual mode adaptors support i2c sub-addressing (bsc#1213808). - drm/i915: mark requests for GuC virtual engines to avoid use-after-free (git-fixes). - drm/i915/gvt: Drop unused helper intel_vgpu_reset_gtt() (git-fixes). - drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling (git-fixes). - drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb() (git-fixes). - ext4: avoid potential data overflow in next_linear_group (bsc#1214951). - ext4: correct inline offset when handling xattrs in inode body (bsc#1214950). - ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} (bsc#1214954). - ext4: fix wrong unit use in ext4_mb_clear_bb (bsc#1214943). - ext4: fix wrong unit use in ext4_mb_new_blocks (bsc#1214944). - ext4: get block from bh in ext4_free_blocks for fast commit replay (bsc#1214942). - ext4: reflect error codes from ext4_multi_mount_protect() to its callers (bsc#1214941). - ext4: Remove ext4 locking of moved directory (bsc#1214957). - ext4: set goal start correctly in ext4_mb_normalize_request (bsc#1214940). - fs: do not update freeing inode i_io_list (bsc#1214813). - fs: Establish locking order for unrelated directories (bsc#1214958). - fs: Lock moved directories (bsc#1214959). - fs: lockd: avoid possible wrong NULL parameter (git-fixes). - fs: no need to check source (bsc#1215752). - fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE (bsc#1214813). - fuse: nlookup missing decrement in fuse_direntplus_link (bsc#1215581). - gve: Add AF_XDP zero-copy support for GQI-QPL format (bsc#1214479). - gve: Add XDP DROP and TX support for GQI-QPL format (bsc#1214479). - gve: Add XDP REDIRECT support for GQI-QPL format (bsc#1214479). - gve: Changes to add new TX queues (bsc#1214479). - gve: Control path for DQO-QPL (bsc#1214479). - gve: fix frag_list chaining (bsc#1214479). - gve: Fix gve interrupt names (bsc#1214479). - gve: RX path for DQO-QPL (bsc#1214479). - gve: trivial spell fix Recive to Receive (bsc#1214479). - gve: Tx path for DQO-QPL (bsc#1214479). - gve: Unify duplicate GQ min pkt desc size constants (bsc#1214479). - gve: use vmalloc_array and vcalloc (bsc#1214479). - gve: XDP support GQI-QPL: helper function changes (bsc#1214479). - hwrng: virtio - add an internal buffer (git-fixes). - hwrng: virtio - always add a pending request (git-fixes). - hwrng: virtio - do not wait on cleanup (git-fixes). - hwrng: virtio - do not waste entropy (git-fixes). - hwrng: virtio - Fix race on data_avail and actual data (git-fixes). - i2c: aspeed: Reset the i2c controller when timeout occurs (git-fixes). - i3c: master: svc: fix probe failure when no i3c device exist (git-fixes). - idr: fix param name in idr_alloc_cyclic() doc (git-fixes). - Input: tca6416-keypad - fix interrupt enable disbalance (git-fixes). - iommu/virtio: Detach domain on endpoint release (git-fixes). - jbd2: check 'jh->b_transaction' before removing it from checkpoint (bsc#1214953). - jbd2: correct the end of the journal recovery scan range (bsc#1214955). - jbd2: fix a race when checking checkpoint buffer busy (bsc#1214949). - jbd2: fix checkpoint cleanup performance regression (bsc#1214952). - jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint (bsc#1214948). - jbd2: recheck chechpointing non-dirty buffer (bsc#1214945). - jbd2: remove journal_clean_one_cp_list() (bsc#1214947). - jbd2: remove t_checkpoint_io_list (bsc#1214946). - jbd2: restore t_checkpoint_io_list to maintain kABI (bsc#1214946). - kabi/severities: ignore mlx4 internal symbols - kconfig: fix possible buffer overflow (git-fixes). - kernel-binary: Move build-time definitions together Move source list and build architecture to buildrequires to aid in future reorganization of the spec template. - kernel-binary: python3 is needed for build At least scripts/bpf_helpers_doc.py requires python3 since Linux 4.18 Other simimlar scripts may exist. - kselftest/runner.sh: Propagate SIGTERM to runner child (git-fixes). - KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes (git-fixes bsc#1215915). - KVM: s390: interrupt: use READ_ONCE() before cmpxchg() (git-fixes bsc#1215896). - KVM: s390: pv: fix external interruption loop not always detected (git-fixes bsc#1215916). - KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (git-fixes bsc#1215894). - KVM: s390: vsie: fix the length of APCB bitmap (git-fixes bsc#1215895). - KVM: s390/diag: fix racy access of physical cpu number in diag 9c handler (git-fixes bsc#1215911). - KVM: SVM: Remove a duplicate definition of VMCB_AVIC_APIC_BAR_MASK (git-fixes). - KVM: VMX: Fix header file dependency of asm/vmx.h (git-fixes). - KVM: x86: Fix KVM_CAP_SYNC_REGS's sync_regs() TOCTOU issues (git-fixes). - KVM: x86/mmu: Include mmu.h in spte.h (git-fixes). - loop: Fix use-after-free issues (bsc#1214991). - loop: loop_set_status_from_info() check before assignment (bsc#1214990). - mlx4: Avoid resetting MLX4_INTFF_BONDING per driver (bsc#1187236). - mlx4: Connect the ethernet part to the auxiliary bus (bsc#1187236). - mlx4: Connect the infiniband part to the auxiliary bus (bsc#1187236). - mlx4: Delete custom device management logic (bsc#1187236). - mlx4: Get rid of the mlx4_interface.activate callback (bsc#1187236). - mlx4: Get rid of the mlx4_interface.get_dev callback (bsc#1187236). - mlx4: Move the bond work to the core driver (bsc#1187236). - mlx4: Register mlx4 devices to an auxiliary virtual bus (bsc#1187236). - mlx4: Rename member mlx4_en_dev.nb to netdev_nb (bsc#1187236). - mlx4: Replace the mlx4_interface.event callback with a notifier (bsc#1187236). - mlx4: Use 'void *' as the event param of mlx4_dispatch_event() (bsc#1187236). - module: Expose module_init_layout_section() (git-fixes) - net: do not allow gso_size to be set to GSO_BY_FRAGS (git-fixes). - net: mana: Add page pool for RX buffers (bsc#1214040). - net: mana: Configure hwc timeout from hardware (bsc#1214037). - net: phy: micrel: Correct bit assignments for phy_device flags (git-fixes). - net: usb: qmi_wwan: add Quectel EM05GV2 (git-fixes). - net/mlx4: Remove many unnecessary NULL values (bsc#1187236). - NFS: Guard against READDIR loop when entry names exceed MAXNAMELEN (git-fixes). - NFS/blocklayout: Use the passed in gfp flags (git-fixes). - NFS/pNFS: Fix assignment of xprtdata.cred (git-fixes). - NFS/pNFS: Report EINVAL errors from connect() to the server (git-fixes). - NFSD: da_addr_body field missing in some GETDEVICEINFO replies (git-fixes). - NFSD: fix change_info in NFSv4 RENAME replies (git-fixes). - NFSD: Fix race to FREE_STATEID and cl_revoked (git-fixes). - NFSv4: Fix dropped lock for racing OPEN and delegation return (git-fixes). - NFSv4: fix out path in __nfs4_get_acl_uncached (git-fixes). - NFSv4.2: fix error handling in nfs42_proc_getxattr (git-fixes). - NFSv4.2: fix handling of COPY ERR_OFFLOAD_NO_REQ (git-fixes). - NFSv4/pNFS: minor fix for cleanup path in nfs4_get_device_info (git-fixes). - ntb: Clean up tx tail index on link down (git-fixes). - ntb: Drop packets when qp link is down (git-fixes). - ntb: Fix calculation ntb_transport_tx_free_entry() (git-fixes). - nvme-auth: use chap->s2 to indicate bidirectional authentication (bsc#1214543). - nvme-tcp: add recovery_delay to sysfs (bsc#1201284). - nvme-tcp: delay error recovery until the next KATO interval (bsc#1201284). - nvme-tcp: Do not terminate commands when in RESETTING (bsc#1201284). - nvme-tcp: make 'err_work' a delayed work (bsc#1201284). - PCI: Free released resource after coalescing (git-fixes). - platform/mellanox: mlxbf-pmc: Fix potential buffer overflows (git-fixes). - platform/mellanox: mlxbf-pmc: Fix reading of unprogrammed events (git-fixes). - platform/mellanox: mlxbf-tmfifo: Drop jumbo frames (git-fixes). - platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more descriptors (git-fixes). - platform/x86: intel_scu_ipc: Check status after timeout in busy_loop() (git-fixes). - platform/x86: intel_scu_ipc: Check status upon timeout in ipc_wait_for_interrupt() (git-fixes). - platform/x86: intel_scu_ipc: Do not override scu in intel_scu_ipc_dev_simple_command() (git-fixes). - platform/x86: intel_scu_ipc: Fail IPC send if still busy (git-fixes). - powerpc/fadump: make is_kdump_kernel() return false when fadump is active (bsc#1212639 ltc#202582). - powerpc/iommu: Fix notifiers being shared by PCI and VIO buses (bsc#1065729). - powerpc/rtas: mandate RTAS syscall filtering (bsc#1023051). - powerpc/xics: Remove unnecessary endian conversion (bsc#1065729). - printk: ringbuffer: Fix truncating buffer size min_t cast (bsc#1215875). - pwm: lpc32xx: Remove handling of PWM channels (git-fixes). - quota: add new helper dquot_active() (bsc#1214998). - quota: factor out dquot_write_dquot() (bsc#1214995). - quota: fix dqput() to follow the guarantees dquot_srcu should provide (bsc#1214963). - quota: fix warning in dqgrab() (bsc#1214962). - quota: Properly disable quotas when add_dquot_ref() fails (bsc#1214961). - quota: rename dquot_active() to inode_quota_active() (bsc#1214997). - s390/qeth: Do not call dev_close/dev_open (DOWN/UP) (bsc#1214873 git-fixes). - s390/zcrypt: do not leak memory if dev_set_name() fails (git-fixes bsc#1215148). - scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() (git-fixes). - scsi: 53c700: Check that command slot is not NULL (git-fixes). - scsi: core: Fix legacy /proc parsing buffer overflow (git-fixes). - scsi: core: Fix possible memory leak if device_add() fails (git-fixes). - scsi: fnic: Replace return codes in fnic_clean_pending_aborts() (git-fixes). - scsi: lpfc: Do not abuse UUID APIs and LPFC_COMPRESS_VMID_SIZE (git-fixes). - scsi: lpfc: Early return after marking final NLP_DROPPED flag in dev_loss_tmo (git-fixes). - scsi: lpfc: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git-fixes). - scsi: lpfc: Modify when a node should be put in device recovery mode during RSCN (git-fixes). - scsi: lpfc: Prevent use-after-free during rmmod with mapped NVMe rports (git-fixes). - scsi: lpfc: Remove reftag check in DIF paths (git-fixes). - scsi: qedf: Add synchronization between I/O completions and abort (bsc#1210658). - scsi: qedf: Fix firmware halt over suspend and resume (git-fixes). - scsi: qedf: Fix NULL dereference in error handling (git-fixes). - scsi: qedi: Fix firmware halt over suspend and resume (git-fixes). - scsi: qla2xxx: Add logs for SFP temperature monitoring (bsc#1214928). - scsi: qla2xxx: Allow 32-byte CDBs (bsc#1214928). - scsi: qla2xxx: Error code did not return to upper layer (bsc#1214928). - scsi: qla2xxx: Fix firmware resource tracking (bsc#1214928). - scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes). - scsi: qla2xxx: Fix smatch warn for qla_init_iocb_limit() (bsc#1214928). - scsi: qla2xxx: Flush mailbox commands on chip reset (bsc#1214928). - scsi: qla2xxx: Move resource to allow code reuse (bsc#1214928). - scsi: qla2xxx: Remove unsupported ql2xenabledif option (bsc#1214928). - scsi: qla2xxx: Remove unused declarations (bsc#1214928). - scsi: qla2xxx: Remove unused variables in qla24xx_build_scsi_type_6_iocbs() (bsc#1214928). - scsi: qla2xxx: Update version to 10.02.09.100-k (bsc#1214928). - scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() (git-fixes). - scsi: scsi_debug: Remove dead code (git-fixes). - scsi: snic: Fix double free in snic_tgt_create() (git-fixes). - scsi: snic: Fix possible memory leak if device_add() fails (git-fixes). - scsi: storvsc: Handle additional SRB status values (git-fixes). - scsi: zfcp: Fix a double put in zfcp_port_enqueue() (git-fixes bsc#1215941). - selftests: tracing: Fix to unmount tracefs for recovering environment (git-fixes). - SUNRPC: Mark the cred for revalidation if the server rejects it (git-fixes). - tcpm: Avoid soft reset when partner does not support get_status (git-fixes). - tracing: Fix race issue between cpu buffer write and swap (git-fixes). - tracing: Remove extra space at the end of hwlat_detector/mode (git-fixes). - tracing: Remove unnecessary copying of tr->current_trace (git-fixes). - uapi: stddef.h: Fix __DECLARE_FLEX_ARRAY for C++ (git-fixes). - udf: Fix extension of the last extent in the file (bsc#1214964). - udf: Fix file corruption when appending just after end of preallocated extent (bsc#1214965). - udf: Fix off-by-one error when discarding preallocation (bsc#1214966). - udf: Fix uninitialized array access for some pathnames (bsc#1214967). - uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix (git-fixes). - usb: ehci: add workaround for chipidea PORTSC.PEC bug (git-fixes). - usb: ehci: move new member has_ci_pec_bug into hole (git-fixes). - usb: serial: option: add FOXCONN T99W368/T99W373 product (git-fixes). - usb: serial: option: add Quectel EM05G variant (0x030e) (git-fixes). - usb: typec: tcpci: clear the fault status bit (git-fixes). - usb: typec: tcpci: move tcpci.h to include/linux/usb/ (git-fixes). - vhost_vdpa: fix the crash in unmap a large memory (git-fixes). - vhost-scsi: unbreak any layout for response (git-fixes). - vhost: allow batching hint without size (git-fixes). - vhost: fix hung thread due to erroneous iotlb entries (git-fixes). - vhost: handle error while adding split ranges to iotlb (git-fixes). - virtio_net: add checking sq is full inside xdp xmit (git-fixes). - virtio_net: Fix probe failed when modprobe virtio_net (git-fixes). - virtio_net: reorder some funcs (git-fixes). - virtio_net: separate the logic of checking whether sq is full (git-fixes). - virtio_ring: fix avail_wrap_counter in virtqueue_add_packed (git-fixes). - virtio-mmio: do not break lifecycle of vm_dev (git-fixes). - virtio-net: fix race between set queues and probe (git-fixes). - virtio-net: set queues after driver_ok (git-fixes). - virtio-rng: make device ready before making request (git-fixes). - virtio: acknowledge all features before access (git-fixes). - vmcore: remove dependency with is_kdump_kernel() for exporting vmcore (bsc#1212639 ltc#202582). - watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load (git-fixes). - word-at-a-time: use the same return type for has_zero regardless of endianness (bsc#1065729). - x86/alternative: Fix race in try_get_desc() (git-fixes). - x86/boot/e820: Fix typo in e820.c comment (git-fixes). - x86/bugs: Reset speculation control settings on init (git-fixes). - x86/cpu: Add Lunar Lake M (git-fixes). - x86/cpu: Add model number for Intel Arrow Lake processor (git-fixes). - x86/fpu: Take task_struct* in copy_sigframe_from_user_to_xstate() (git-fixes). - x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed (git-fixes). - x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL (git-fixes). - x86/ioapic: Do not return 0 from arch_dynirq_lower_bound() (git-fixes). - x86/ioremap: Fix page aligned size calculation in __ioremap_caller() (git-fixes). - x86/mce: Retrieve poison range from hardware (git-fixes). - x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build (git-fixes). - x86/mm: Avoid incomplete Global INVLPG flushes (git-fixes). - x86/mm: Do not shuffle CPU entry areas without KASLR (git-fixes). - x86/purgatory: remove PGO flags (git-fixes). - x86/PVH: avoid 32-bit build warning when obtaining VGA console info (git-fixes). - x86/reboot: Disable virtualization in an emergency if SVM is supported (git-fixes). - x86/resctl: fix scheduler confusion with 'current' (git-fixes). - x86/resctrl: Fix task CLOSID/RMID update race (git-fixes). - x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register (git-fixes). - x86/rtc: Remove __init for runtime functions (git-fixes). - x86/sgx: Reduce delay and interference of enclave release (git-fixes). - x86/srso: Do not probe microcode in a guest (git-fixes). - x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes). - x86/srso: Fix srso_show_state() side effect (git-fixes). - x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes). - x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows) (git-fixes). - xen: remove a confusing comment on auto-translated guest I/O (git-fixes). - xprtrdma: Remap Receive buffers after a reconnect (git-fixes). kernel-default-5.14.21-150400.24.92.1.nosrc.rpm True kernel-default-5.14.21-150400.24.92.1.x86_64.rpm True kernel-default-base-5.14.21-150400.24.92.1.150400.24.42.1.src.rpm True kernel-default-base-5.14.21-150400.24.92.1.150400.24.42.1.x86_64.rpm True kernel-default-devel-5.14.21-150400.24.92.1.x86_64.rpm True kernel-devel-5.14.21-150400.24.92.1.noarch.rpm True kernel-macros-5.14.21-150400.24.92.1.noarch.rpm True kernel-source-5.14.21-150400.24.92.1.src.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2023-4059 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for samba fixes the following issues: - CVE-2023-4091: Fixed a bug where a client can truncate file with read-only permissions. (bsc#1215904) - CVE-2023-42669: Fixed a bug in "rpcecho" development server which allows Denial of Service via sleep() call on AD DC. (bso#1215905) - CVE-2023-4154: Fixed a bug in dirsync which allows SYSTEM access with only "GUID_DRS_GET_CHANGES" right. (bsc#1215908) libsamba-policy-devel-4.15.13+git.691.3d3cea0641-150400.3.31.1.x86_64.rpm libsamba-policy-python3-devel-4.15.13+git.691.3d3cea0641-150400.3.31.1.x86_64.rpm libsamba-policy0-python3-4.15.13+git.691.3d3cea0641-150400.3.31.1.x86_64.rpm samba-4.15.13+git.691.3d3cea0641-150400.3.31.1.src.rpm samba-4.15.13+git.691.3d3cea0641-150400.3.31.1.x86_64.rpm samba-ad-dc-libs-32bit-4.15.13+git.691.3d3cea0641-150400.3.31.1.x86_64.rpm samba-ad-dc-libs-4.15.13+git.691.3d3cea0641-150400.3.31.1.x86_64.rpm samba-ceph-4.15.13+git.691.3d3cea0641-150400.3.31.1.x86_64.rpm samba-client-32bit-4.15.13+git.691.3d3cea0641-150400.3.31.1.x86_64.rpm samba-client-4.15.13+git.691.3d3cea0641-150400.3.31.1.x86_64.rpm samba-client-libs-4.15.13+git.691.3d3cea0641-150400.3.31.1.x86_64.rpm samba-devel-32bit-4.15.13+git.691.3d3cea0641-150400.3.31.1.x86_64.rpm samba-devel-4.15.13+git.691.3d3cea0641-150400.3.31.1.x86_64.rpm samba-dsdb-modules-4.15.13+git.691.3d3cea0641-150400.3.31.1.x86_64.rpm samba-gpupdate-4.15.13+git.691.3d3cea0641-150400.3.31.1.x86_64.rpm samba-ldb-ldap-4.15.13+git.691.3d3cea0641-150400.3.31.1.x86_64.rpm samba-libs-4.15.13+git.691.3d3cea0641-150400.3.31.1.x86_64.rpm samba-libs-python3-4.15.13+git.691.3d3cea0641-150400.3.31.1.x86_64.rpm samba-python3-4.15.13+git.691.3d3cea0641-150400.3.31.1.x86_64.rpm samba-tool-4.15.13+git.691.3d3cea0641-150400.3.31.1.x86_64.rpm samba-winbind-4.15.13+git.691.3d3cea0641-150400.3.31.1.x86_64.rpm samba-winbind-libs-32bit-4.15.13+git.691.3d3cea0641-150400.3.31.1.x86_64.rpm samba-winbind-libs-4.15.13+git.691.3d3cea0641-150400.3.31.1.x86_64.rpm samba-client-libs-32bit-4.15.13+git.691.3d3cea0641-150400.3.31.1.x86_64.rpm samba-libs-32bit-4.15.13+git.691.3d3cea0641-150400.3.31.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4502 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This feature update for python3 packages adds the following: - Second batch of new python-3.11 packages (jsc#PED-68) Updates to previosly released python 3.11 packages: - python-urllib3 to 2.0.7 - python-Sphinx to 7.2.6 - python-pytest to 7.4.2 - python-hypothesis to 6.82.7 - python-sphinxcontrib-serializinghtml to 1.1.9 libzopfli-devel-1.0.3-150400.9.3.2.x86_64.rpm libzopfli1-1.0.3-150400.9.3.2.x86_64.rpm libzopfli1-32bit-1.0.3-150400.9.3.2.x86_64.rpm libzopflipng1-1.0.3-150400.9.3.2.x86_64.rpm libzopflipng1-32bit-1.0.3-150400.9.3.2.x86_64.rpm xclip-0.13-150400.9.3.1.src.rpm xclip-0.13-150400.9.3.1.x86_64.rpm xsel-1.2.0-150400.9.3.1.src.rpm xsel-1.2.0-150400.9.3.1.x86_64.rpm zopfli-1.0.3-150400.9.3.2.src.rpm zopfli-1.0.3-150400.9.3.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4602 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for suseconnect-ng fixes the following issues: - Update to version 1.4.0~git0.b0f7c25bfdfa - Added EULA display for addons (bsc#1170267) - Fix zypper argument for auto-agreeing licenses (bsc#1214781) - Enable building on SLE12 SP5 (jsc#PED-3179) - Fixed `provides` to work with yast2-registration on SLE15 SP4 (bsc#1212799) - Improve error message if product set more than once libsuseconnect-1.4.0~git0.b0f7c25bfdfa-150400.3.16.1.x86_64.rpm suseconnect-ng-1.4.0~git0.b0f7c25bfdfa-150400.3.16.1.src.rpm suseconnect-ng-1.4.0~git0.b0f7c25bfdfa-150400.3.16.1.x86_64.rpm suseconnect-ruby-bindings-1.4.0~git0.b0f7c25bfdfa-150400.3.16.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4056 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for qemu fixes the following issues: - CVE-2023-3180: Fixed a buffer overflow in the virtio-crypto device (bsc#1213925). - CVE-2021-3750: Fixed a DMA reentrancy in the USB EHCI device that could lead to use-after-free (bsc#1190011). - CVE-2021-3638: Fixed a buffer overflow in the ati-vga device (bsc#1188609). - CVE-2023-3354: Fixed an issue when performing a TLS handshake that could lead to remote denial of service via VNC connection (bsc#1212850). - CVE-2023-0330: Fixed a DMA reentrancy issue in the lsi53c895a device that could lead to a stack overflow (bsc#1207205). Non-security fixes: - Fixed a potential build issue in the librm subcomponent (bsc#1215311). - Fixed a potential crash during VM migration (bsc#1213663). - Fixed potential issues during installation on a Xen host (bsc#1179993, bsc#1181740). qemu-6.2.0-150400.37.23.1.src.rpm qemu-tools-6.2.0-150400.37.23.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4108 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for python-urllib3 fixes the following issues: - CVE-2023-43804: Fixed a potential cookie leak via HTTP redirect if the user manually set the corresponding header (bsc#1215968). python-urllib3-1.25.10-150300.4.6.1.src.rpm python3-urllib3-1.25.10-150300.4.6.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4083 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for wireshark fixes the following issues: Updated to version 3.6.17: - CVE-2023-5371: Fixed a memory leak issue in the RTPS dissector (bsc#1215959). libwireshark15-3.6.17-150000.3.103.1.x86_64.rpm libwiretap12-3.6.17-150000.3.103.1.x86_64.rpm libwsutil13-3.6.17-150000.3.103.1.x86_64.rpm wireshark-3.6.17-150000.3.103.1.src.rpm wireshark-3.6.17-150000.3.103.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2024-98 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for gegl and its dependencies fixes the following issues: gegl: - Allow building against a newer libraw (0.21) (jsc#PED-6351) celt, fdk-aac-free, ffmpeg-4, ilmbase, ldacBT, lensfun, libass, libbluray, libbs2b, libcdio-paranoia, libcdio, libdc1394, libgsm, libmfx, libopenmpt, libraw1394, libraw, libspiro, libva, libvdpau, lilv, metis, openexr, pipewire, pulseaudio, rtkit, SDL2, serd, sord, sratom, suitesparse, webrtc-audio-processing, wireplumber: - Deliver missing direct and indirect dependencies of gegl to SUSE Package Hub 15 SP{4,5} for aarch64, ppc64le, s390x and x86_64 - There are NO code changes libpulse-devel-15.0-150400.4.4.1.x86_64.rpm libpulse-mainloop-glib0-15.0-150400.4.4.1.x86_64.rpm libpulse0-15.0-150400.4.4.1.x86_64.rpm pulseaudio-15.0-150400.4.4.1.src.rpm system-user-pulse-15.0-150400.4.4.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4055 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for xen fixes the following issues: - CVE-2023-34323: A transaction conflict can crash C Xenstored (XSA-440, bsc#1215744) - CVE-2023-34326: Missing IOMMU TLB flushing (XSA-442, bsc#1215746) - CVE-2023-34325: Multiple vulnerabilities in libfsimage disk handling (XSA-443, bsc#1215747) - CVE-2023-34327: Debug Mask handling (XSA-444, bsc#1215748) - CVE-2023-34328: Debug Mask handling (XSA-444, bsc#1215748) xen-4.16.5_06-150400.4.37.1.src.rpm xen-libs-4.16.5_06-150400.4.37.1.x86_64.rpm xen-tools-domU-4.16.5_06-150400.4.37.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4460 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for rsyslog fixes the following issue: - fix rsyslog crash in imrelp (bsc#1210286) rsyslog-8.2306.0-150400.5.21.1.src.rpm rsyslog-8.2306.0-150400.5.21.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4686 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for yast2-auth-client fixes the following issues: - Fix failure to join the domain if krb5.conf has a line with white space only (bsc#1215297) - Update to version 4.4.5 yast2-auth-client-4.4.5-150400.3.10.1.noarch.rpm yast2-auth-client-4.4.5-150400.3.10.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4089 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for opensc fixes the following issues: - CVE-2023-40660: Fixed a PIN bypass that could be triggered when cards tracked their own login state (bsc#1215762). - CVE-2023-40661: Fixed several memory safety issues that could happen during the card enrollment process using pkcs15-init (bsc#1215761). opensc-0.22.0-150400.3.6.1.src.rpm opensc-0.22.0-150400.3.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4122 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for openssl-1_1 fixes the following issues: - Displays "fips" in the version string (bsc#1215215) libopenssl-1_1-devel-1.1.1l-150400.7.57.1.x86_64.rpm libopenssl-1_1-devel-32bit-1.1.1l-150400.7.57.1.x86_64.rpm libopenssl1_1-1.1.1l-150400.7.57.1.x86_64.rpm libopenssl1_1-32bit-1.1.1l-150400.7.57.1.x86_64.rpm libopenssl1_1-hmac-1.1.1l-150400.7.57.1.x86_64.rpm libopenssl1_1-hmac-32bit-1.1.1l-150400.7.57.1.x86_64.rpm openssl-1_1-1.1.1l-150400.7.57.1.src.rpm openssl-1_1-1.1.1l-150400.7.57.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4388 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for salt fixes the following issues: Security issues fixed: - CVE-2023-34049: arbitrary code execution via symlink attack (bsc#1215157) Bugs fixed: - Fix optimization_order opt to prevent testsuite fails - Improve salt.utils.json.find_json to avoid fails (bsc#1213293) - Use salt-call from salt bundle with transactional_update - Only call native_str on curl_debug message in tornado when needed - Implement the calling for batch async from the salt CLI - Fix calculation of SLS context vars when trailing dots on targetted sls/state (bsc#1213518) - Rename salt-tests to python3-salt-testsuite - Allow all primitive grain types for autosign_grains (bsc#1214477) python-simplejson-3.17.2-150300.3.4.1.src.rpm True python3-simplejson-3.17.2-150300.3.4.1.x86_64.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2023-4387 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for salt fixes the following issues: Security issues fixed: - CVE-2023-34049: arbitrary code execution via symlink attack (bsc#1215157) Bugs fixed: - Fix optimization_order opt to prevent testsuite fails - Improve salt.utils.json.find_json to avoid fails (bsc#1213293) - Use salt-call from salt bundle with transactional_update - Only call native_str on curl_debug message in tornado when needed - Implement the calling for batch async from the salt CLI - Fix calculation of SLS context vars when trailing dots on targetted sls/state (bsc#1213518) - Rename salt-tests to python3-salt-testsuite - Allow all primitive grain types for autosign_grains (bsc#1214477) python3-salt-3006.0-150400.8.49.2.x86_64.rpm True salt-3006.0-150400.8.49.2.src.rpm True salt-3006.0-150400.8.49.2.x86_64.rpm True salt-bash-completion-3006.0-150400.8.49.2.noarch.rpm True salt-doc-3006.0-150400.8.49.2.x86_64.rpm True salt-minion-3006.0-150400.8.49.2.x86_64.rpm True salt-zsh-completion-3006.0-150400.8.49.2.noarch.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2023-4294 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for webkit2gtk3 ships missing Lang packages to SUSE Linux Enterprise 15 SP4 and SP5. Security fixes: - CVE-2023-41993: Fixed an issue where processing malicious web content could have lead to arbitrary code execution (bsc#1215661). - CVE-2023-39928: Fixed a use-after-free that could be exploited to execute arbitrary code when visiting a malicious webpage (bsc#1215868). - CVE-2023-41074: Fixed an issue where processing malicious web content could have lead to arbitrary code execution (bsc#1215870). Other fixes: - Fixed missing package dependencies (bsc#1215072). WebKitGTK-4.0-lang-2.42.1-150400.4.57.2.noarch.rpm libjavascriptcoregtk-4_0-18-2.42.1-150400.4.57.2.x86_64.rpm libwebkit2gtk-4_0-37-2.42.1-150400.4.57.2.x86_64.rpm typelib-1_0-JavaScriptCore-4_0-2.42.1-150400.4.57.2.x86_64.rpm typelib-1_0-WebKit2-4_0-2.42.1-150400.4.57.2.x86_64.rpm typelib-1_0-WebKit2WebExtension-4_0-2.42.1-150400.4.57.2.x86_64.rpm webkit2gtk-4_0-injected-bundles-2.42.1-150400.4.57.2.x86_64.rpm webkit2gtk3-soup2-2.42.1-150400.4.57.2.src.rpm webkit2gtk3-soup2-devel-2.42.1-150400.4.57.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4538 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for screen fixes the following issue: - screen is shipped to SUSE Linux Enterprise Micro 5.3, 5.4 and 5.5. screen-4.6.2-150000.5.5.1.src.rpm screen-4.6.2-150000.5.5.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4684 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for yast2-storage-ng fixes the following issues: - Add new MdLevel value for linear RAIDs to fix error prompt when launching Yast2 partitioner (bsc#1215022) - Update to version 4.4.46 yast2-storage-ng-4.4.46-150400.3.19.1.src.rpm yast2-storage-ng-4.4.46-150400.3.19.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4292 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for xorg-x11-server fixes the following issues: - CVE-2023-5574: Fixed a privilege escalation issue that could be triggered via the Damage extension protocol (bsc#1216261). - CVE-2023-5380: Fixed a memory safety issue that could be triggered when using multiple protocol screens (bsc#1216133). - CVE-2023-5367: Fixed a memory safety issue in both the XI2 and RandR protocols (bsc#1216135). xorg-x11-server-1.20.3-150400.38.29.1.src.rpm xorg-x11-server-1.20.3-150400.38.29.1.x86_64.rpm xorg-x11-server-extra-1.20.3-150400.38.29.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4268 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for pciutils fixes the following issues: - Buffer overflow error that would cause lspci to crash on systems with complex topologies (bsc#1215265) libpci3-3.5.6-150300.13.6.1.x86_64.rpm pciutils-3.5.6-150300.13.6.1.src.rpm pciutils-3.5.6-150300.13.6.1.x86_64.rpm pciutils-devel-3.5.6-150300.13.6.1.x86_64.rpm libpci3-32bit-3.5.6-150300.13.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4135 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for suse-module-tools fixes the following issues: - Updated to version 15.4.18: - CVE-2023-1829: Blacklisted the Linux kernel tcindex classifier module (bsc#1210335). - CVE-2023-23559: Blacklisted the Linux kernel RNDIS modules (bsc#1205767, jsc#PED-5731). suse-module-tools-15.4.18-150400.3.14.1.src.rpm suse-module-tools-15.4.18-150400.3.14.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4192 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libssh2_org fixes the following issues: - Upgrade to version 1.11.0 in SLE-15: [jsc#PED-7040] Update to 1.11.0: * Enhancements and bugfixes - Adds support for encrypt-then-mac (ETM) MACs - Adds support for AES-GCM crypto protocols - Adds support for sk-ecdsa-sha2-nistp256 and sk-ssh-ed25519 keys - Adds support for RSA certificate authentication - Adds FIDO support with *_sk() functions - Adds RSA-SHA2 key upgrading to OpenSSL, WinCNG, mbedTLS, OS400 backends - Adds Agent Forwarding and libssh2_agent_sign() - Adds support for Channel Signal message libssh2_channel_signal_ex() - Adds support to get the user auth banner message libssh2_userauth_banner() - Adds LIBSSH2_NO_{MD5, HMAC_RIPEMD, DSA, RSA, RSA_SHA1, ECDSA, ED25519, AES_CBC, AES_CTR, BLOWFISH, RC4, CAST, 3DES} options - Adds direct stream UNIX sockets with libssh2_channel_direct_streamlocal_ex() - Adds wolfSSL support to CMake file - Adds mbedTLS 3.x support - Adds LibreSSL 3.5 support - Adds support for CMake "unity" builds - Adds CMake support for building shared and static libs in a single pass - Adds symbol hiding support to CMake - Adds support for libssh2.rc for all build tools - Adds .zip, .tar.xz and .tar.bz2 release tarballs - Enables ed25519 key support for LibreSSL 3.7.0 or higher - Improves OpenSSL 1.1 and 3 compatibility - Now requires OpenSSL 1.0.2 or newer - Now requires CMake 3.1 or newer - SFTP: Adds libssh2_sftp_open_ex_r() and libssh2_sftp_open_r() extended APIs - SFTP: No longer has a packet limit when reading a directory - SFTP: now parses attribute extensions if they exist - SFTP: no longer will busy loop if SFTP fails to initialize - SFTP: now clear various errors as expected - SFTP: no longer skips files if the line buffer is too small - SCP: add option to not quote paths - SCP: Enables 64-bit offset support unconditionally - Now skips leading \r and \n characters in banner_receive() - Enables secure memory zeroing with all build tools on all platforms - No longer logs SSH_MSG_REQUEST_FAILURE packets from keepalive - Speed up base64 encoding by 7x - Assert if there is an attempt to write a value that is too large - WinCNG: fix memory leak in _libssh2_dh_secret() - Added protection against possible null pointer dereferences - Agent now handles overly large comment lengths - Now ensure KEX replies don't include extra bytes - Fixed possible buffer overflow when receiving SSH_MSG_USERAUTH_BANNER - Fixed possible buffer overflow in keyboard interactive code path - Fixed overlapping memcpy() - Fixed Windows UWP builds - Fixed DLL import name - Renamed local RANDOM_PADDING macro to avoid unexpected define on Windows - Support for building with gcc versions older than 8 - Improvements to CMake, Makefile, NMakefile, GNUmakefile, autoreconf files - Restores ANSI C89 compliance - Enabled new compiler warnings and fixed/silenced them - Improved error messages - Now uses CIFuzz - Numerous minor code improvements - Improvements to CI builds - Improvements to unit tests - Improvements to doc files - Improvements to example files - Removed "old gex" build option - Removed no-encryption/no-mac builds - Removed support for NetWare and Watcom wmake build files - Bump to version 1.10.0 * Enhancements and bugfixes: * support ECDSA certificate authentication * fix detailed _libssh2_error being overwritten by generic errors * unified error handling * fix _libssh2_random() silently discarding errors * don't error if using keys without RSA * avoid OpenSSL latent error in FIPS mode * fix EVP_Cipher interface change in openssl 3 * fix potential overwrite of buffer when reading stdout of command * use string_buf in ecdh_sha2_nistp() to avoid attempting to parse malformed data * correct a typo which may lead to stack overflow * fix random big number generation to match openssl * added key exchange group16-sha512 and group18-sha512. * add support for an OSS Fuzzer fuzzing target * adds support for ECDSA for both key exchange and host key algorithms * clean up curve25519 code * update the min, preferred and max DH group values based on RFC 8270. * changed type of LIBSSH2_FX_* constants to unsigned long * added diffie-hellman-group14-sha256 kex * fix for use of uninitialized aes_ctr_cipher.key_len when using HAVE_OPAQUE_STRUCTS, regression * fixes memory leaks and use after free AES EVP_CIPHER contexts when using OpenSSL 1.0.x. * fixes crash with delayed compression option using Bitvise server. * adds support for PKIX key reading * use new API to parse data in packet_x11_open() for better bounds checking. * double the static buffer size when reading and writing known hosts * improved bounds checking in packet_queue_listener * improve message parsing (CVE-2019-17498) * improve bounds checking in kex_agree_methods() * adding SSH agent forwarding. * fix agent forwarding message, updated example. * added integration test code and cmake target. Added example to cmake list. * don't call `libssh2_crypto_exit()` until `_libssh2_initialized` count is down to zero. * add an EWOULDBLOCK check for better portability * fix off by one error when loading public keys with no id * fix use-after-free crash on reinitialization of openssl backend * preserve error info from agent_list_identities() * make sure the error code is set in _libssh2_channel_open() * fixed misspellings * fix potential typecast error for `_libssh2_ecdsa_key_get_curve_type` * rename _libssh2_ecdsa_key_get_curve_type to _libssh2_ecdsa_get_curve_type libssh2-1-1.11.0-150000.4.19.1.x86_64.rpm libssh2-devel-1.11.0-150000.4.19.1.x86_64.rpm libssh2_org-1.11.0-150000.4.19.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4189 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for openssl-3 fixes the following issues: - CVE-2023-5363: Incorrect cipher key and IV length processing. (bsc#1216163) - CVE-2023-3817: Add test of DH_check() with q = p + 1. (bsc#1213853) libopenssl-3-devel-3.0.8-150400.4.37.1.x86_64.rpm libopenssl3-3.0.8-150400.4.37.1.x86_64.rpm openssl-3-3.0.8-150400.4.37.1.src.rpm openssl-3-3.0.8-150400.4.37.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4897 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for openslp bumps the version number to ensure a clean upgrade path from SLE-12 to SLE-15. This is a no-change rebuild of the packages already available in SLE-15. openslp-2.0.0-150000.6.17.1.src.rpm openslp-2.0.0-150000.6.17.1.x86_64.rpm openslp-devel-2.0.0-150000.6.17.1.x86_64.rpm openslp-32bit-2.0.0-150000.6.17.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4711 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for wireless-regdb fixes the following issues: - Update all regulatory rules(v.20230901) for various countries (bsc#1029961) wireless-regdb-20230901-150000.3.17.1.noarch.rpm wireless-regdb-20230901-150000.3.17.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4198 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for java-11-openjdk fixes the following issues: - Upgraded to JDK 11.0.21+9 (October 2023 CPU): - CVE-2023-22081: Fixed a partial denial of service issue that could be triggered via HTTPS (bsc#1216374). Please visit the Oracle Release Notes page for the full changelog: https://www.oracle.com/java/technologies/javase/11all-relnotes.html java-11-openjdk-11.0.21.0-150000.3.107.1.src.rpm java-11-openjdk-11.0.21.0-150000.3.107.1.x86_64.rpm java-11-openjdk-demo-11.0.21.0-150000.3.107.1.x86_64.rpm java-11-openjdk-devel-11.0.21.0-150000.3.107.1.x86_64.rpm java-11-openjdk-headless-11.0.21.0-150000.3.107.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4539 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for unar fixes the following issue: - use pkgconfig(icu-uc) for current libicu unar-1.10.7-150200.3.3.2.src.rpm unar-1.10.7-150200.3.3.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4200 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) libnghttp2-14-1.40.0-150200.12.1.x86_64.rpm libnghttp2-14-32bit-1.40.0-150200.12.1.x86_64.rpm libnghttp2-devel-1.40.0-150200.12.1.x86_64.rpm libnghttp2_asio-devel-1.40.0-150200.12.1.x86_64.rpm libnghttp2_asio1-1.40.0-150200.12.1.x86_64.rpm nghttp2-1.40.0-150200.12.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4225 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for zchunk fixes the following issues: - CVE-2023-46228: Fixed a handle overflow errors in malformed zchunk files. (bsc#1216268) libzck-devel-1.1.16-150400.3.7.1.x86_64.rpm libzck1-1.1.16-150400.3.7.1.x86_64.rpm zchunk-1.1.16-150400.3.7.1.src.rpm zchunk-1.1.16-150400.3.7.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4217 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). libminizip1-1.2.11-150000.3.48.1.x86_64.rpm libz1-1.2.11-150000.3.48.1.x86_64.rpm libz1-32bit-1.2.11-150000.3.48.1.x86_64.rpm minizip-devel-1.2.11-150000.3.48.1.x86_64.rpm zlib-1.2.11-150000.3.48.1.src.rpm zlib-devel-1.2.11-150000.3.48.1.x86_64.rpm zlib-devel-static-1.2.11-150000.3.48.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4289 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for java-17-openjdk fixes the following issues: - Updated to JDK 17.0.9+9 (October 2023 CPU): - CVE-2023-22081: Fixed a partial denial of service issue that could be triggered via HTTPS (bsc#1216374). - CVE-2023-22025: Fixed a memory corruption issue in applications using AVX-512 (bsc#1216339). Please visit the Oracle Release Notes page for the full changelog: https://www.oracle.com/java/technologies/javase/17all-relnotes.html java-17-openjdk-17.0.9.0-150400.3.33.1.src.rpm java-17-openjdk-17.0.9.0-150400.3.33.1.x86_64.rpm java-17-openjdk-demo-17.0.9.0-150400.3.33.1.x86_64.rpm java-17-openjdk-devel-17.0.9.0-150400.3.33.1.x86_64.rpm java-17-openjdk-headless-17.0.9.0-150400.3.33.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4176 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for ruby2.5 fixes the following issues: - CVE-2023-28755: Fixed a ReDoS vulnerability in URI. (bsc#1209891) - CVE-2023-28756: Fixed an expensive regexp in the RFC2822 time parser. (bsc#1209967) - CVE-2021-41817: Fixed a Regular Expression Denial of Service Vulnerability of Date Parsing Methods. (bsc#1193035) - CVE-2021-33621: Fixed a HTTP response splitting vulnerability in CGI gem. (bsc#1205726) libruby2_5-2_5-2.5.9-150000.4.29.1.x86_64.rpm ruby2.5-2.5.9-150000.4.29.1.src.rpm ruby2.5-2.5.9-150000.4.29.1.x86_64.rpm ruby2.5-devel-2.5.9-150000.4.29.1.x86_64.rpm ruby2.5-devel-extra-2.5.9-150000.4.29.1.x86_64.rpm ruby2.5-stdlib-2.5.9-150000.4.29.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4890 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for python-websocket-client fixes the following issues: - Re-enable Python 3.6 to fix pip3 install (bsc#1215314) python-websocket-client-1.3.2-150100.6.10.5.src.rpm python3-websocket-client-1.3.2-150100.6.10.5.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4937 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for sg3_utils fixes the following issues: - Update to version 1.47+15.b6898b8 - L3-Question: rescan-scsi-bus.sh resize not detected (bsc#1215720). - Packman Discord package upgrade lockout defeat inoperative (bsc#1216355). - sg3_utils package doesn't rebuild initrd (bsc#1215772). - rescan-scsi-bus.sh: improve cleanup on exit (gh#doug-gilbert/sg3_utils#44) libsgutils-devel-1.47+15.b6898b8-150400.3.11.1.x86_64.rpm libsgutils2-1_47-2-1.47+15.b6898b8-150400.3.11.1.x86_64.rpm sg3_utils-1.47+15.b6898b8-150400.3.11.1.src.rpm sg3_utils-1.47+15.b6898b8-150400.3.11.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4310 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir libtirpc-1.3.4-150300.3.20.1.src.rpm libtirpc-devel-1.3.4-150300.3.20.1.x86_64.rpm libtirpc-netconfig-1.3.4-150300.3.20.1.x86_64.rpm libtirpc3-1.3.4-150300.3.20.1.x86_64.rpm libtirpc3-32bit-1.3.4-150300.3.20.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4227 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for open-vm-tools fixes the following issues: - CVE-2023-34058: Fixed a SAML token signature bypass issue (bsc#1216432). - CVE-2023-34059: Fixed a privilege escalation issue through vmware-user-suid-wrapper (bsc#1216433). libvmtools-devel-12.3.0-150300.43.1.x86_64.rpm libvmtools0-12.3.0-150300.43.1.x86_64.rpm open-vm-tools-12.3.0-150300.43.1.src.rpm open-vm-tools-12.3.0-150300.43.1.x86_64.rpm open-vm-tools-containerinfo-12.3.0-150300.43.1.x86_64.rpm open-vm-tools-salt-minion-12.3.0-150300.43.1.x86_64.rpm open-vm-tools-sdmp-12.3.0-150300.43.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4562 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for poppler fixes the following issues: - CVE-2019-9545: Fixed an uncontrolled recursion issue that could cause a crash (bsc#1128114). - CVE-2022-37052: Fixed a crash that could be triggered when opening a crafted file (bsc#1214726). - CVE-2020-36023: Fixed a stack bugger overflow in FoFiType1C:cvtGlyph (bsc#1214256). libpoppler89-0.79.0-150200.3.26.1.x86_64.rpm poppler-0.79.0-150200.3.26.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4363 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for poppler fixes the following issues: - CVE-2022-37052: Fixed a crash that could be triggered when opening a crafted file (bsc#1214726). - CVE-2023-34872: Fixed a remote denial-of-service in Outline.cc (bsc#1213888). libpoppler-cpp0-22.01.0-150400.3.16.1.x86_64.rpm libpoppler-devel-22.01.0-150400.3.16.1.x86_64.rpm libpoppler-glib-devel-22.01.0-150400.3.16.1.x86_64.rpm libpoppler-glib8-22.01.0-150400.3.16.1.x86_64.rpm libpoppler117-22.01.0-150400.3.16.1.x86_64.rpm poppler-22.01.0-150400.3.16.1.src.rpm poppler-tools-22.01.0-150400.3.16.1.x86_64.rpm typelib-1_0-Poppler-0_18-22.01.0-150400.3.16.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4583 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for python-psutil, python-requests fixes the following issues: - update python-psutil to 5.9.1 (bsc#1199282, bsc#1184753, jsc#SLE-24629, jsc#PM-3243, gh#giampaolo/psutil#2043) - Fix tests: setuptools changed the builddir library path and does not find the module from it. Use the installed platlib instead and exclude psutil.tests only later. - remove the dependency on net-tools, since it conflicts with busybox-hostnmame which is default on MicroOS - Update python-requests to 2.25.1 (bsc#1176785, bsc#1170175, jsc#ECO-3105, jsc#PM-2352, jsc#PED-7192) - Fixed bug with unintended Authorization header stripping for redirects using default ports (bsc#1111622). python-psutil-5.9.1-150300.3.6.1.src.rpm python-requests-2.25.1-150300.3.6.1.src.rpm python3-psutil-5.9.1-150300.3.6.1.x86_64.rpm python3-requests-2.25.1-150300.3.6.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4438 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for xterm fixes the following issues: - CVE-2023-40359: Fixed reporting characterset names in ReGiS graphics mode. (bsc#1214282) xterm-330-150200.11.12.1.src.rpm xterm-330-150200.11.12.1.x86_64.rpm xterm-bin-330-150200.11.12.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4716 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for git fixes the following issues: - Add rule for /etc/gitconfig in gitweb.cgi apparmor profile (bsc#1216501). - gitweb.cgi AppArmor profile - make the profile a named profile - add local/include to make custom additions easier git-2.35.3-150300.10.33.1.src.rpm git-core-2.35.3-150300.10.33.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4330 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libsndfile fixes the following issues: - CVE-2022-33065: Fixed an integer overflow that could cause memory safety issues when reading a MAT4 file (bsc#1213451). libsndfile-1.0.28-150000.5.20.1.src.rpm libsndfile-devel-1.0.28-150000.5.20.1.x86_64.rpm libsndfile1-1.0.28-150000.5.20.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4534 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libzypp, zypper fixes the following issues: - Preliminary disable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091) - Fix comment typo on zypp.conf (bsc#1215979) - Attempt to delay %transfiletrigger(postun|in) execution if rpm supports it (bsc#1041742) - Make sure the old target is deleted before a new one is created (bsc#1203760) - Return 104 also if info suggests near matches - Rephrase upgrade message for openSUSE Tumbleweed (bsc#1212422) - commit: Insert a headline to separate output of different rpm scripts (bsc#1041742) libzypp-17.31.22-150400.3.43.1.src.rpm True libzypp-17.31.22-150400.3.43.1.x86_64.rpm True libzypp-devel-17.31.22-150400.3.43.1.x86_64.rpm True zypper-1.14.66-150400.3.35.1.src.rpm True zypper-1.14.66-150400.3.35.1.x86_64.rpm True zypper-log-1.14.66-150400.3.35.1.noarch.rpm True zypper-needs-restarting-1.14.66-150400.3.35.1.noarch.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2023-4531 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for perl-DateTime-TimeZone fixes the following issues: - updated to 2.60 (jsc#PED-6726, bsc#1204923, bsc#1113554, bsc#1104700) full changelog at https://metacpan.org/release/DROLSKY/DateTime-TimeZone-2.60/changes perl-DateTime-TimeZone-2.60-150000.3.3.1.noarch.rpm perl-DateTime-TimeZone-2.60-150000.3.3.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4649 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for openssl-3 fixes the following issues: - CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). Bug fixes: - The default /etc/ssl/openssl3.cnf file will include any configuration files that other packages might place into /etc/ssl/engines3.d/ and /etc/ssl/engdef3.d/. - Create the two new necessary directores for the above. [bsc#1194187, bsc#1207472] libopenssl-3-devel-3.0.8-150400.4.42.1.x86_64.rpm libopenssl3-3.0.8-150400.4.42.1.x86_64.rpm openssl-3-3.0.8-150400.4.42.1.src.rpm openssl-3-3.0.8-150400.4.42.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2024-106 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for postgresql, postgresql15, postgresql16 fixes the following issues: This update ships postgresql 16. Security issues fixed: * CVE-2023-5868: Fix handling of unknown-type arguments in DISTINCT "any" aggregate functions. This error led to a text-type value being interpreted as an unknown-type value (that is, a zero-terminated string) at runtime. This could result in disclosure of server memory following the text value. (bsc#1216962) * CVE-2023-5869: Detect integer overflow while computing new array dimensions. When assigning new elements to array subscripts that are outside the current array bounds, an undetected integer overflow could occur in edge cases. Memory stomps that are potentially exploitable for arbitrary code execution are possible, and so is disclosure of server memory. (bsc#1216961) * CVE-2023-5870: Prevent the pg_signal_backend role from signalling background workers and autovacuum processes. The documentation says that pg_signal_backend cannot issue signals to superuser-owned processes. It was able to signal these background processes, though, because they advertise a role OID of zero. Treat that as indicating superuser ownership. The security implications of cancelling one of these process types are fairly small so far as the core code goes (we'll just start another one), but extensions might add background workers that are more vulnerable. Also ensure that the is_superuser parameter is set correctly in such processes. No specific security consequences are known for that oversight, but it might be significant for some extensions. (bsc#1216960) Changes in postgresql16: - Upgrade to 16.1: * https://www.postgresql.org/about/news/2715 * https://www.postgresql.org/docs/16/release-16.html * https://www.postgresql.org/docs/16/release-16-1.html - Overhaul postgresql-README.SUSE and move it from the binary package to the noarch wrapper package. - Change the unix domain socket location from /var/run to /run. Changes in postgresql15: - Update to 15.5 https://www.postgresql.org/docs/15/release-15-5.html - The libs and mini package are now provided by postgresql16. - Overhaul postgresql-README.SUSE and move it from the binary package to the noarch wrapper package. - Change the unix domain socket location from /var/run to /run. Changes in postgresql: - Interlock version and release of all noarch packages except for the postgresql-docs. - bsc#1122892: Add a sysconfig variable for initdb. - Overhaul postgresql-README.SUSE and move it from the binary package to the noarch wrapper package. - bsc#1179231: Add an explanation for the /tmp -> /run/postgresql move and permission change. - Add postgresql-README as a separate source file. - bsc#1209208: Drop hard dependency on systemd - bsc#1206796: Refine the distinction of where to use sysusers and use bcond to have the expression only in one place. libpq5-16.1-150200.5.7.1.x86_64.rpm libpq5-32bit-16.1-150200.5.7.1.x86_64.rpm postgresql-16-150400.4.9.2.noarch.rpm postgresql-16-150400.4.9.2.src.rpm postgresql15-15.5-150200.5.19.1.src.rpm postgresql15-15.5-150200.5.19.1.x86_64.rpm postgresql16-16.1-150200.5.7.1.src.rpm postgresql16-16.1-150200.5.7.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4467 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for python-urllib3 fixes the following issues: - CVE-2023-45803: Fix a request body leak that could occur when receiving a 303 HTTP response (bsc#1216377). python-urllib3-1.25.10-150300.4.9.1.src.rpm python3-urllib3-1.25.10-150300.4.9.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4479 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for postgresql14 fixes the following issues: Security issues fixed: * CVE-2023-5868: Fix handling of unknown-type arguments in DISTINCT "any" aggregate functions. This error led to a text-type value being interpreted as an unknown-type value (that is, a zero-terminated string) at runtime. This could result in disclosure of server memory following the text value. (bsc#1216962) * CVE-2023-5869: Detect integer overflow while computing new array dimensions. When assigning new elements to array subscripts that are outside the current array bounds, an undetected integer overflow could occur in edge cases. Memory stomps that are potentially exploitable for arbitrary code execution are possible, and so is disclosure of server memory. (bsc#1216961) * CVE-2023-5870: Prevent the pg_signal_backend role from signalling background workers and autovacuum processes. The documentation says that pg_signal_backend cannot issue signals to superuser-owned processes. It was able to signal these background processes, though, because they advertise a role OID of zero. Treat that as indicating superuser ownership. The security implications of cancelling one of these process types are fairly small so far as the core code goes (we'll just start another one), but extensions might add background workers that are more vulnerable. Also ensure that the is_superuser parameter is set correctly in such processes. No specific security consequences are known for that oversight, but it might be significant for some extensions. (bsc#1216960) - update to 14.10: https://www.postgresql.org/docs/14/release-14-10.html - Overhaul postgresql-README.SUSE and move it from the binary package to the noarch wrapper package. - Change the unix domain socket location from /var/run to /run. postgresql14-14.10-150200.5.36.1.src.rpm postgresql14-14.10-150200.5.36.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4644 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for psmisc fixes the following issues: - Fix version number when building the package psmisc-23.0-150000.6.25.1.src.rpm psmisc-23.0-150000.6.25.1.x86_64.rpm psmisc-lang-23.0-150000.6.25.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4600 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for desktop-file-utils fixes the following issues: - Add support for the Desktop entry specification version 1.5 (bsc#1216357) desktop-file-utils-0.26-150400.3.3.1.src.rpm desktop-file-utils-0.26-150400.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4378 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215518) - CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745). - CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046) - CVE-2023-5178: Fixed an UAF in queue intialization setup. (bsc#1215768) - CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize) that could cause a local DoS. (bsc#1210778) - CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860). - CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215095) The following non-security bugs were fixed: - 9p: virtio: make sure 'offs' is initialized in zc_request (git-fixes). - ACPI: irq: Fix incorrect return value in acpi_register_gsi() (git-fixes). - ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA (git-fixes). - ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre M70q (git-fixes). - ALSA: hda/realtek: Change model for Intel RVP board (git-fixes). - ALSA: usb-audio: Fix microphone sound on Opencomm2 Headset (git-fixes). - ASoC: codecs: wcd938x-sdw: fix runtime PM imbalance on probe errors (git-fixes). - ASoC: codecs: wcd938x-sdw: fix use after free on driver unbind (git-fixes). - ASoC: codecs: wcd938x: drop bogus bind error handling (git-fixes). - ASoC: codecs: wcd938x: fix unbind tear down order (git-fixes). - ASoC: fsl: imx-pcm-rpmsg: Add SNDRV_PCM_INFO_BATCH flag (git-fixes). - ASoC: imx-rpmsg: Set ignore_pmdown_time for dai_link (git-fixes). - ASoC: pxa: fix a memory leak in probe() (git-fixes). - ata: libata-core: Do not register PM operations for SAS ports (git-fixes). - ata: libata-core: Fix ata_port_request_pm() locking (git-fixes). - ata: libata-core: Fix port and device removal (git-fixes). - ata: libata-sata: increase PMP SRST timeout to 10s (git-fixes). - ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES (git-fixes). - blk-cgroup: Fix NULL deref caused by blkg_policy_data being installed before init (bsc#1216062). - blk-cgroup: support to track if policy is online (bsc#1216062). - Bluetooth: avoid memcmp() out of bounds warning (git-fixes). - Bluetooth: Avoid redundant authentication (git-fixes). - Bluetooth: btusb: add shutdown function for QCA6174 (git-fixes). - Bluetooth: Fix a refcnt underflow problem for hci_conn (git-fixes). - Bluetooth: hci_event: Fix coding style (git-fixes). - Bluetooth: hci_event: Fix using memcmp when comparing keys (git-fixes). - Bluetooth: hci_event: Ignore NULL link key (git-fixes). - Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name (git-fixes). - Bluetooth: hci_sock: fix slab oob read in create_monitor_event (git-fixes). - Bluetooth: Reject connection with the device which has same BD_ADDR (git-fixes). - Bluetooth: vhci: Fix race when opening vhci device (git-fixes). - bpf: propagate precision in ALU/ALU64 operations (git-fixes). - bus: ti-sysc: Fix missing AM35xx SoC matching (git-fixes). - bus: ti-sysc: Use fsleep() instead of usleep_range() in sysc_reset() (git-fixes). - cgroup: Remove duplicates in cgroup v1 tasks file (bsc#1211307). - cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem (bsc#1215955). - clk: tegra: fix error return case for recalc_rate (git-fixes). - counter: microchip-tcb-capture: Fix the use of internal GCLK logic (git-fixes). - crypto: qat - add fw_counters debugfs file (PED-6401). - crypto: qat - add heartbeat counters check (PED-6401). - crypto: qat - add heartbeat feature (PED-6401). - crypto: qat - add internal timer for qat 4xxx (PED-6401). - crypto: qat - add measure clock frequency (PED-6401). - crypto: qat - add missing function declaration in adf_dbgfs.h (PED-6401). - crypto: qat - add qat_zlib_deflate (PED-6401). - crypto: qat - add support for 402xx devices (PED-6401). - crypto: qat - change value of default idle filter (PED-6401). - crypto: qat - delay sysfs initialization (PED-6401). - crypto: qat - do not export adf_init_admin_pm() (PED-6401). - crypto: qat - drop log level of msg in get_instance_node() (PED-6401). - crypto: qat - drop obsolete heartbeat interface (PED-6401). - crypto: qat - drop redundant adf_enable_aer() (PED-6401). - crypto: qat - expose pm_idle_enabled through sysfs (PED-6401). - crypto: qat - extend buffer list logic interface (PED-6401). - crypto: qat - extend configuration for 4xxx (PED-6401). - crypto: qat - fix apply custom thread-service mapping for dc service (PED-6401). - crypto: qat - fix concurrency issue when device state changes (PED-6401). - crypto: qat - fix crypto capability detection for 4xxx (PED-6401). - crypto: qat - fix spelling mistakes from 'bufer' to 'buffer' (PED-6401). - crypto: qat - Include algapi.h for low-level Crypto API (PED-6401). - crypto: qat - make fw images name constant (PED-6401). - crypto: qat - make state machine functions static (PED-6401). - crypto: qat - move dbgfs init to separate file (PED-6401). - crypto: qat - move returns to default case (PED-6401). - crypto: qat - refactor device restart logic (PED-6401). - crypto: qat - refactor fw config logic for 4xxx (PED-6401). - crypto: qat - remove ADF_STATUS_PF_RUNNING flag from probe (PED-6401). - crypto: qat - Remove unused function declarations (PED-6401). - crypto: qat - replace state machine calls (PED-6401). - crypto: qat - replace the if statement with min() (PED-6401). - crypto: qat - set deprecated capabilities as reserved (PED-6401). - crypto: qat - unmap buffer before free for DH (PED-6401). - crypto: qat - unmap buffers before free for RSA (PED-6401). - crypto: qat - update slice mask for 4xxx devices (PED-6401). - crypto: qat - use kfree_sensitive instead of memset/kfree() (PED-6401). - dmaengine: idxd: use spin_lock_irqsave before wait_event_lock_irq (git-fixes). - dmaengine: mediatek: Fix deadlock caused by synchronize_irq() (git-fixes). - dmaengine: stm32-mdma: abort resume if no ongoing transfer (git-fixes). - Documentation: qat: change kernel version (PED-6401). - Documentation: qat: rewrite description (PED-6401). - Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (git-fixes). - Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs (git-fixes). - drm: panel-orientation-quirks: Add quirk for One Mix 2S (git-fixes). - drm/amd/display: Do not check registers, if using AUX BL control (git-fixes). - drm/amd/display: Do not set dpms_off for seamless boot (git-fixes). - drm/amdgpu: add missing NULL check (git-fixes). - drm/amdgpu: Handle null atom context in VBIOS info ioctl (git-fixes). - drm/i915: Retry gtt fault when out of fence registers (git-fixes). - drm/msm/dp: do not reinitialize phy unless retry during link training (git-fixes). - drm/msm/dpu: change _dpu_plane_calc_bw() to use u64 to avoid overflow (git-fixes). - drm/msm/dsi: fix irq_of_parse_and_map() error checking (git-fixes). - drm/msm/dsi: skip the wait for video mode done if not applicable (git-fixes). - drm/vmwgfx: fix typo of sizeof argument (git-fixes). - firmware: arm_ffa: Do not set the memory region attributes for MEM_LEND (git-fixes). - firmware: imx-dsp: Fix an error handling path in imx_dsp_setup_channels() (git-fixes). - gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config() (git-fixes). - gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip (git-fixes). - gpio: pxa: disable pinctrl calls for MMP_GPIO (git-fixes). - gpio: tb10x: Fix an error handling path in tb10x_gpio_probe() (git-fixes). - gpio: timberdale: Fix potential deadlock on &tgpio->lock (git-fixes). - gpio: vf610: set value before the direction to avoid a glitch (git-fixes). - gve: Do not fully free QPL pages on prefill errors (git-fixes). - HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event (git-fixes). - HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit (git-fixes). - HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect (git-fixes). - HID: multitouch: Add required quirk for Synaptics 0xcd7e device (git-fixes). - HID: sony: Fix a potential memory leak in sony_probe() (git-fixes). - HID: sony: remove duplicate NULL check before calling usb_free_urb() (git-fixes). - i2c: i801: unregister tco_pdev in i801_probe() error path (git-fixes). - i2c: mux: Avoid potential false error message in i2c_mux_add_adapter (git-fixes). - i2c: mux: demux-pinctrl: check the return value of devm_kstrdup() (git-fixes). - i2c: mux: gpio: Add missing fwnode_handle_put() (git-fixes). - i2c: mux: gpio: Replace custom acpi_get_local_address() (git-fixes). - i2c: npcm7xx: Fix callback completion ordering (git-fixes). - IB/mlx4: Fix the size of a buffer in add_port_entries() (git-fixes) - ieee802154: ca8210: Fix a potential UAF in ca8210_probe (git-fixes). - iio: pressure: bmp280: Fix NULL pointer exception (git-fixes). - iio: pressure: dps310: Adjust Timeout Settings (git-fixes). - iio: pressure: ms5611: ms5611_prom_is_valid false negative bug (git-fixes). - Input: goodix - ensure int GPIO is in input for gpio_count == 1 && gpio_int_idx == 0 case (git-fixes). - Input: powermate - fix use-after-free in powermate_config_complete (git-fixes). - Input: psmouse - fix fast_reconnect function for PS/2 mode (git-fixes). - Input: xpad - add PXN V900 support (git-fixes). - iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support (bsc#1212423). - iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback (bsc#1212423). - iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback (bsc#1212423). - kabi: blkcg_policy_data fix KABI (bsc#1216062). - kabi: workaround for enum nft_trans_phase (bsc#1215104). - kprobes: Prohibit probing on CFI preamble symbol (git-fixes). - KVM: s390: fix gisa destroy operation might lead to cpu stalls (git-fixes bsc#1216512). - KVM: SVM: Do not kill SEV guest if SMAP erratum triggers in usermode (git-fixes). - KVM: x86: add support for CPUID leaf 0x80000021 (bsc#1213772). - KVM: x86: Fix clang -Wimplicit-fallthrough in do_host_cpuid() (git-fixes). - KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (bsc#1213772). - KVM: x86: Propagate the AMD Automatic IBRS feature to the guest (bsc#1213772). - KVM: x86: synthesize CPUID leaf 0x80000021h if useful (bsc#1213772). - KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes). - KVM: x86/mmu: Reconstruct shadow page root if the guest PDPTEs is changed (git-fixes). - leds: Drop BUG_ON check for LED_COLOR_ID_MULTI (git-fixes). - mm, memcg: reconsider kmem.limit_in_bytes deprecation (bsc#1208788 bsc#1213705). - mmc: core: Capture correct oemid-bits for eMMC cards (git-fixes). - mmc: core: sdio: hold retuning if sdio in 1-bit mode (git-fixes). - mmc: mtk-sd: Use readl_poll_timeout_atomic in msdc_reset_hw (git-fixes). - mtd: physmap-core: Restore map_rom fallback (git-fixes). - mtd: rawnand: arasan: Ensure program page operations are successful (git-fixes). - mtd: rawnand: marvell: Ensure program page operations are successful (git-fixes). - mtd: rawnand: pl353: Ensure program page operations are successful (git-fixes). - mtd: rawnand: qcom: Unmap the right resource upon probe failure (git-fixes). - mtd: spinand: micron: correct bitmask for ecc status (git-fixes). - net: mana: Fix oversized sge0 for GSO packets (bsc#1215986). - net: mana: Fix TX CQE error handling (bsc#1215986). - net: nfc: llcp: Add lock when modifying device list (git-fixes). - net: rfkill: gpio: prevent value glitch during probe (git-fixes). - net: sched: add barrier to fix packet stuck problem for lockless qdisc (bsc#1216345). - net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (bsc#1216345). - net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read (git-fixes). - net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git-fixes). - net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git-fixes). - net: usb: smsc95xx: Fix an error code in smsc95xx_reset() (git-fixes). - net/sched: fix netdevice reference leaks in attach_default_qdiscs() (git-fixes). - netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain (git-fixes). - netfilter: nf_tables: unbind non-anonymous set if rule construction fails (git-fixes). - nfc: nci: assert requested protocol is valid (git-fixes). - nfc: nci: fix possible NULL pointer dereference in send_acknowledge() (git-fixes). - nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() (git-fixes). - nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() (bsc#1214842). - phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins (git-fixes). - phy: mapphone-mdm6600: Fix runtime disable on probe (git-fixes). - phy: mapphone-mdm6600: Fix runtime PM for remove (git-fixes). - pinctrl: avoid unsafe code pattern in find_pinctrl() (git-fixes). - pinctrl: renesas: rzn1: Enable missing PINMUX (git-fixes). - platform/surface: platform_profile: Propagate error if profile registration fails (git-fixes). - platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e (git-fixes). - platform/x86: asus-wmi: Map 0x2a code, Ignore 0x2b and 0x2c events (git-fixes). - platform/x86: think-lmi: Fix reference leak (git-fixes). - platform/x86: touchscreen_dmi: Add info for the Positivo C4128B (git-fixes). - power: supply: ucs1002: fix error code in ucs1002_get_property() (git-fixes). - r8152: check budget for r8152_poll() (git-fixes). - RDMA/cma: Fix truncation compilation warning in make_cma_ports (git-fixes) - RDMA/cma: Initialize ib_sa_multicast structure to 0 when join (git-fixes) - RDMA/core: Require admin capabilities to set system parameters (git-fixes) - RDMA/cxgb4: Check skb value for failure to allocate (git-fixes) - RDMA/mlx5: Fix NULL string error (git-fixes) - RDMA/siw: Fix connection failure handling (git-fixes) - RDMA/srp: Do not call scsi_done() from srp_abort() (git-fixes) - RDMA/uverbs: Fix typo of sizeof argument (git-fixes) - regmap: fix NULL deref on lookup (git-fixes). - regmap: rbtree: Fix wrong register marked as in-cache when creating new node (git-fixes). - ring-buffer: Avoid softlockup in ring_buffer_resize() (git-fixes). - ring-buffer: Do not attempt to read past "commit" (git-fixes). - ring-buffer: Fix bytes info in per_cpu buffer stats (git-fixes). - ring-buffer: Update "shortest_full" in polling (git-fixes). - s390: add z16 elf platform (git-fixes LTC#203789 bsc#1215956 LTC#203788 bsc#1215957). - s390/cio: fix a memleak in css_alloc_subchannel (git-fixes bsc#1216510). - s390/pci: fix iommu bitmap allocation (git-fixes bsc#1216511). - sched/cpuset: Bring back cpuset_mutex (bsc#1215955). - sched/deadline,rt: Remove unused parameter from pick_next_[rt|dl]_entity() (git fixes (sched)). - sched/rt: Fix live lock between select_fallback_rq() and RT push (git fixes (sched)). - sched/rt: Fix sysctl_sched_rr_timeslice intial value (git fixes (sched)). - serial: 8250_port: Check IRQ data before use (git-fixes). - soc: imx8m: Enable OCOTP clock for imx8mm before reading registers (git-fixes). - spi: nxp-fspi: reset the FLSHxCR1 registers (git-fixes). - spi: stm32: add a delay before SPI disable (git-fixes). - spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain (git-fixes). - spi: sun6i: reduce DMA RX transfer width to single byte (git-fixes). - thunderbolt: Check that lane 1 is in CL0 before enabling lane bonding (git-fixes). - thunderbolt: Workaround an IOMMU fault on certain systems with Intel Maple Ridge (git-fixes). - tracing: Have current_trace inc the trace array ref count (git-fixes). - tracing: Have event inject files inc the trace array ref count (git-fixes). - tracing: Have option files inc the trace array ref count (git-fixes). - tracing: Have tracing_max_latency inc the trace array ref count (git-fixes). - tracing: Increase trace array ref count on enable and filter files (git-fixes). - tracing: Make trace_marker{,_raw} stream-like (git-fixes). - usb: cdnsp: Fixes issue with dequeuing not queued requests (git-fixes). - usb: dwc3: Soft reset phy on probe for host (git-fixes). - usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call (git-fixes). - usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes). - usb: musb: Get the musb_qh poniter after musb_giveback (git-fixes). - usb: musb: Modify the "HWVers" register address (git-fixes). - usb: serial: option: add entry for Sierra EM9191 with new firmware (git-fixes). - usb: serial: option: add Fibocom to DELL custom modem FM101R-GL (git-fixes). - usb: serial: option: add Telit LE910C4-WWX 0x1035 composition (git-fixes). - usb: typec: altmodes/displayport: Signal hpd low when exiting mode (git-fixes). - usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer (git-fixes). - vmbus_testing: fix wrong python syntax for integer value comparison (git-fixes). - vringh: do not use vringh_kiov_advance() in vringh_iov_xfer() (git-fixes). - watchdog: iTCO_wdt: No need to stop the timer in probe (git-fixes). - watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running (git-fixes). - wifi: cfg80211: avoid leaking stack data into trace (git-fixes). - wifi: cfg80211: Fix 6GHz scan configuration (git-fixes). - wifi: iwlwifi: dbg_ini: fix structure packing (git-fixes). - wifi: iwlwifi: Ensure ack flag is properly cleared (git-fixes). - wifi: iwlwifi: mvm: Fix a memory corruption issue (git-fixes). - wifi: mac80211: allow transmitting EAPOL frames with tainted key (git-fixes). - wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling (git-fixes). - wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet (git-fixes). - wifi: mwifiex: Fix tlv_buf_left calculation (git-fixes). - wifi: mwifiex: Sanity check tlv_len and tlv_bitmap_len (git-fixes). - x86/cpu, kvm: Add the NO_NESTED_DATA_BP feature (bsc#1213772). - x86/cpu, kvm: Add the Null Selector Clears Base feature (bsc#1213772). - x86/cpu, kvm: Add the SMM_CTL MSR not present feature (bsc#1213772). - x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (bsc#1213772). - x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled (bsc#1213772). - x86/cpu: Support AMD Automatic IBRS (bsc#1213772). - x86/sev: Check for user-space IOIO pointing to kernel space (bsc#1212649). - x86/sev: Check IOBM for IOIO exceptions from user-space (bsc#1212649). - x86/sev: Disable MMIO emulation from user mode (bsc#1212649). - xen-netback: use default TX queue size for vifs (git-fixes). kernel-default-5.14.21-150400.24.97.1.nosrc.rpm True kernel-default-5.14.21-150400.24.97.1.x86_64.rpm True kernel-default-base-5.14.21-150400.24.97.1.150400.24.44.2.src.rpm True kernel-default-base-5.14.21-150400.24.97.1.150400.24.44.2.x86_64.rpm True kernel-default-devel-5.14.21-150400.24.97.1.x86_64.rpm True kernel-devel-5.14.21-150400.24.97.1.noarch.rpm True kernel-macros-5.14.21-150400.24.97.1.noarch.rpm True kernel-source-5.14.21-150400.24.97.1.src.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2023-4555 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libstorage-ng fixes the following issues: - Add support for MD RAID type LINEAR (bsc#1215022) libstorage-ng-4.4.94-150400.3.3.1.src.rpm libstorage-ng-devel-4.4.94-150400.3.3.1.x86_64.rpm libstorage-ng-lang-4.4.94-150400.3.3.1.noarch.rpm libstorage-ng-ruby-4.4.94-150400.3.3.1.x86_64.rpm libstorage-ng1-4.4.94-150400.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4503 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for avahi fixes the following issues: - CVE-2023-38470: Ensure each label is at least one byte long (bsc#1215947). - CVE-2023-38473: Fixed a reachable assertion when parsing a host name (bsc#1216419). avahi-0.8-150400.7.10.1.src.rpm avahi-0.8-150400.7.10.1.x86_64.rpm avahi-compat-howl-devel-0.8-150400.7.10.1.x86_64.rpm avahi-compat-mDNSResponder-devel-0.8-150400.7.10.1.x86_64.rpm avahi-glib2-0.8-150400.7.10.1.src.rpm avahi-lang-0.8-150400.7.10.1.noarch.rpm avahi-utils-0.8-150400.7.10.1.x86_64.rpm libavahi-client3-0.8-150400.7.10.1.x86_64.rpm libavahi-client3-32bit-0.8-150400.7.10.1.x86_64.rpm libavahi-common3-0.8-150400.7.10.1.x86_64.rpm libavahi-core7-0.8-150400.7.10.1.x86_64.rpm libavahi-devel-0.8-150400.7.10.1.x86_64.rpm libavahi-glib-devel-0.8-150400.7.10.1.x86_64.rpm libavahi-glib1-0.8-150400.7.10.1.x86_64.rpm libavahi-gobject0-0.8-150400.7.10.1.x86_64.rpm libavahi-libevent1-0.8-150400.7.10.1.x86_64.rpm libavahi-ui-gtk3-0-0.8-150400.7.10.1.x86_64.rpm libdns_sd-0.8-150400.7.10.1.x86_64.rpm libhowl0-0.8-150400.7.10.1.x86_64.rpm typelib-1_0-Avahi-0_6-0.8-150400.7.10.1.x86_64.rpm libavahi-common3-32bit-0.8-150400.7.10.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4415 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for clamav fixes the following issues: - Updated to version 0.103.11: - CVE-2023-40477: Updated libclamunrar dependency to version 6.2.12 (bsc#1216625). clamav-0.103.11-150000.3.50.1.src.rpm clamav-0.103.11-150000.3.50.1.x86_64.rpm clamav-devel-0.103.11-150000.3.50.1.x86_64.rpm libclamav9-0.103.11-150000.3.50.1.x86_64.rpm libfreshclam2-0.103.11-150000.3.50.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4591 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for squashfs fixes the following issues: - CVE-2015-4645,CVE-2015-4646: Multiple buffer overflows fixed in squashfs-tools (bsc#935380) - CVE-2021-40153: Fixed an issue where an attacker might have been able to write a file outside of destination (bsc#1189936) - CVE-2021-41072: Fixed an issue where an attacker might have been able to write a file outside the destination directory via a symlink (bsc#1190531). update to 4.6.1: * Race condition which can cause corruption of the "fragment table" fixed. This is a regression introduced in August 2022, and it has been seen when tailend packing is used (-tailends option). * Fix build failure when the tools are being built without extended attribute (XATTRs) support. * Fix XATTR error message when an unrecognised prefix is found * Fix incorrect free of pointer when an unrecognised XATTR prefix is found. * Major improvements in extended attribute handling, pseudo file handling, and miscellaneous new options and improvements * Extended attribute handling improved in Mksquashfs and Sqfstar * New Pseudo file xattr definition to add extended attributes to files. * New xattrs-add Action to add extended attributes to files * Extended attribute handling improved in Unsquashfs * Other major improvements * Unsquashfs can now output Pseudo files to standard out. * Mksquashfs can now input Pseudo files from standard in. * Squashfs filesystems can now be converted (different block size compression etc) without unpacking to an intermediate filesystem or mounting, by piping the output of Unsquashfs to Mksquashfs. * Pseudo files are now supported by Sqfstar. * "Non-anchored" excludes are now supported by Unsquashfs. update to 4.5.1 (bsc#1190531, CVE-2021-41072): * This release adds Manpages for Mksquashfs(1), Unsquashfs(1), Sqfstar(1) and Sqfscat(1). * The -help text output from the utilities has been improved and extended as well (but the Manpages are now more comprehensive). * CVE-2021-41072 which is a writing outside of destination exploit, has been fixed. * The number of hard-links in the filesystem is now also displayed by Mksquashfs in the output summary. * The number of hard-links written by Unsquashfs is now also displayed in the output summary. * Unsquashfs will now write to a pre-existing destination directory, rather than aborting. * Unsquashfs now allows "." to used as the destination, to extract to the current directory. * The Unsquashfs progress bar now tracks empty files and hardlinks, in addition to data blocks. * -no-hardlinks option has been implemented for Sqfstar. * More sanity checking for "corrupted" filesystems, including checks for multiply linked directories and directory loops. * Options that may cause filesystems to be unmountable have been moved into a new "experts" category in the Mksquashfs help text (and Manpage). * Maximum cpiostyle filename limited to PATH_MAX. This prevents attempts to overflow the stack, or cause system calls to fail with a too long pathname. * Don't always use "max open file limit" when calculating length of queues, as a very large file limit can cause Unsquashfs to abort. Instead use the smaller of max open file limit and cache size. * Fix Mksquashfs silently ignoring Pseudo file definitions when appending. * Don't abort if no XATTR support has been built in, and there's XATTRs in the filesystem. This is a regression introduced in 2019 in Version 4.4. * Fix duplicate check when the last file block is sparse. update to 4.5: * Mksquashfs now supports "Actions". * New sqfstar command which will create a Squashfs image from a tar archive. * Tar style handling of source pathnames in Mksquashfs. * Cpio style handling of source pathnames in Mksquashfs. * New option to throttle the amount of CPU and I/O. * Mksquashfs now allows no source directory to be specified. * New Pseudo file "R" definition which allows a Regular file o be created with data stored within the Pseudo file. * Symbolic links are now followed in extract files * Unsquashfs now supports "exclude" files. * Max depth traversal option added. * Unsquashfs can now output a "Pseudo file" representing the input Squashfs filesystem. * New -one-file-system option in Mksquashfs. * New -no-hardlinks option in Mksquashfs. * Exit code in Unsquashfs changed to distinguish between non-fatal errors (exit 2), and fatal errors (exit 1). * Xattr id count added in Unsquashfs "-stat" output. * Unsquashfs "write outside directory" exploit fixed. * Error handling in Unsquashfs writer thread fixed. * Fix failure to truncate destination if appending aborted. * Prevent Mksquashfs reading the destination file. squashfs-4.6.1-150300.3.3.1.src.rpm squashfs-4.6.1-150300.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4633 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for scap-security-guide fixes the following issues: scap-security-guide was updated to 0.1.70 (jsc#ECO-3319) - Add openembedded distro support - Remove DRAFT wording for OpenShift STIG - Remove test-function-check_playbook_file_removed_and_added test - scap-security-guide: Add Poky support Also various SUSE profile bug fixes have been applied. scap-security-guide-0.1.70-150000.1.69.1.noarch.rpm scap-security-guide-0.1.70-150000.1.69.1.src.rpm scap-security-guide-debian-0.1.70-150000.1.69.1.noarch.rpm scap-security-guide-redhat-0.1.70-150000.1.69.1.noarch.rpm scap-security-guide-ubuntu-0.1.70-150000.1.69.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4430 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for apache2 fixes the following issues: - CVE-2023-31122: Fixed an out of bounds read in mod_macro (bsc#1216424). Non-security fixes: - Fixed the content type handling in mod_proxy_http2 (bsc#1214357). - Fixed a floating point exception crash (bsc#1207399). apache2-2.4.51-150400.6.14.1.src.rpm apache2-2.4.51-150400.6.14.1.x86_64.rpm apache2-prefork-2.4.51-150400.6.14.1.x86_64.rpm apache2-utils-2.4.51-150400.6.14.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4440 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for ucode-intel fixes the following issues: - Updated to Intel CPU Microcode 20231114 pre-release (labeled 20231113). (bsc#1215278) - CVE-2023-23583: Fixed potential CPU deadlocks or privilege escalation. (bsc#1215278) ucode-intel-20231113-150200.32.1.src.rpm ucode-intel-20231113-150200.32.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4439 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for w3m fixes the following issues: - Update to version 0.5.3+git20230121 - CVE-2023-38252: Fixed an out-of-bounds write in function Strnew_size that allows attackers to cause a denial of service via a crafted HTML file. (bsc#1213324) - CVE-2023-38253: Fixed an out-of-bounds write in function growbuf_to_Str that allows attackers to cause a denial of service via a crafted HTML file. (bsc#1213323) w3m-0.5.3+git20230121-150000.3.6.1.src.rpm w3m-0.5.3+git20230121-150000.3.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4370 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for tiff fixes the following issues: - CVE-2023-38289: Fixed a NULL pointer dereference in raw2tiff (bsc#1213589). - CVE-2023-38288: Fixed an integer overflow in raw2tiff (bsc#1213590). - CVE-2023-3576: Fixed a memory leak in tiffcrop (bsc#1213273). - CVE-2020-18768: Fixed an out of bounds read in tiffcp (bsc#1214574). - CVE-2023-26966: Fixed an out of bounds read when transforming a little-endian file to a big-endian output (bsc#1212881) - CVE-2023-3618: Fixed a NULL pointer dereference while encoding FAX3 files (bsc#1213274). - CVE-2023-2908: Fixed an undefined behavior issue when doing pointer arithmetic on a NULL pointer (bsc#1212888). - CVE-2023-3316: Fixed a NULL pointer dereference while opening a file in an inaccessible path (bsc#1212535). - CVE-2023-25433: Fixed a buffer overflow in tiffcrop (bsc#1212883). libtiff-devel-4.0.9-150000.45.32.1.x86_64.rpm libtiff5-32bit-4.0.9-150000.45.32.1.x86_64.rpm libtiff5-4.0.9-150000.45.32.1.x86_64.rpm tiff-4.0.9-150000.45.32.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4446 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for open-vm-tools fixes the following issues: - Update to 12.3.5 (bsc#1216670) libvmtools-devel-12.3.5-150300.46.1.x86_64.rpm libvmtools0-12.3.5-150300.46.1.x86_64.rpm open-vm-tools-12.3.5-150300.46.1.src.rpm open-vm-tools-12.3.5-150300.46.1.x86_64.rpm open-vm-tools-containerinfo-12.3.5-150300.46.1.x86_64.rpm open-vm-tools-salt-minion-12.3.5-150300.46.1.x86_64.rpm open-vm-tools-sdmp-12.3.5-150300.46.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4360 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for gstreamer-plugins-bad fixes the following issues: - CVE-2023-40474: Fixed a remote code execution issue due to improper parsing of H265 encoded video files (bsc#1215793). gstreamer-plugins-bad-1.20.1-150400.3.6.1.src.rpm libgstphotography-1_0-0-1.20.1-150400.3.6.1.x86_64.rpm libgstplay-1_0-0-1.20.1-150400.3.6.1.x86_64.rpm libgstplayer-1_0-0-1.20.1-150400.3.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4429 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed fixes the following issues: Security issues fixed: - CVE-2023-31022: Fixed NULL ptr deref in kernel module layer Changes in kernel-firmware-nvidia-gspx-G06: - update firmware to version 535.129.03 Changes in nvidia-open-driver-G06-signed: - Update to version 535.129.03 kernel-firmware-nvidia-gspx-G06-535.129.03-150400.9.12.1.nosrc.rpm kernel-firmware-nvidia-gspx-G06-535.129.03-150400.9.12.1.x86_64.rpm nvidia-open-driver-G06-signed-535.129.03-150400.9.27.1.src.rpm nvidia-open-driver-G06-signed-default-devel-535.129.03-150400.9.27.1.x86_64.rpm nvidia-open-driver-G06-signed-kmp-default-535.129.03_k5.14.21_150400.24.92-150400.9.27.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4474 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for webkit2gtk3 fixes the following issues: - Rendering of e-mails in Evolution is blank when using the proprietary NVIDIA driver (bsc#1216778) WebKitGTK-4.0-lang-2.42.1-150400.4.60.1.noarch.rpm libjavascriptcoregtk-4_0-18-2.42.1-150400.4.60.1.x86_64.rpm libwebkit2gtk-4_0-37-2.42.1-150400.4.60.1.x86_64.rpm typelib-1_0-JavaScriptCore-4_0-2.42.1-150400.4.60.1.x86_64.rpm typelib-1_0-WebKit2-4_0-2.42.1-150400.4.60.1.x86_64.rpm typelib-1_0-WebKit2WebExtension-4_0-2.42.1-150400.4.60.1.x86_64.rpm webkit2gtk-4_0-injected-bundles-2.42.1-150400.4.60.1.x86_64.rpm webkit2gtk3-soup2-2.42.1-150400.4.60.1.src.rpm webkit2gtk3-soup2-devel-2.42.1-150400.4.60.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4477 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for grub2 fixes the following issues: - Fix failure to identify recent ext4 filesystem (bsc#1216010) - Fix reading files from btrfs with "implicit" holes - Fix fadump not working with 1GB/2GB/4GB LMB[P10] (bsc#1216253) - Fix detection of encrypted disk's uuid in powerpc (bsc#1216075) grub2-2.06-150400.11.41.1.src.rpm grub2-2.06-150400.11.41.1.x86_64.rpm grub2-i386-pc-2.06-150400.11.41.1.noarch.rpm grub2-snapper-plugin-2.06-150400.11.41.1.noarch.rpm grub2-systemd-sleep-plugin-2.06-150400.11.41.1.noarch.rpm grub2-x86_64-efi-2.06-150400.11.41.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4449 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for exfatprogs fixes the following issues: - CVE-2023-45897: Fixed out-of-bound memory issues in fsck (bsc#1216701). exfatprogs-1.0.4-150300.3.12.1.src.rpm exfatprogs-1.0.4-150300.3.12.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4585 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for google-noto-serif-cjk-fonts fixes the following issues: This update delivers the current sets of fonts: - Google Noto Serif CJK Fonts version 2.001. - Google Noto Fonts 20220607 google-noto-fonts-20220607-150200.11.3.3.src.rpm google-noto-sans-cjk-fonts-20201202.2.004-150200.10.7.1.noarch.rpm google-noto-sans-cjk-fonts-20201202.2.004-150200.10.7.1.src.rpm google-noto-sans-jp-black-fonts-20201202.2.004-150200.10.7.1.noarch.rpm google-noto-sans-jp-bold-fonts-20201202.2.004-150200.10.7.1.noarch.rpm google-noto-sans-jp-demilight-fonts-20201202.2.004-150200.10.7.1.noarch.rpm google-noto-sans-jp-fonts-20201202.2.004-150200.10.7.1.noarch.rpm google-noto-sans-jp-fonts-full-20201202.2.004-150200.10.7.1.noarch.rpm google-noto-sans-jp-light-fonts-20201202.2.004-150200.10.7.1.noarch.rpm google-noto-sans-jp-medium-fonts-20201202.2.004-150200.10.7.1.noarch.rpm google-noto-sans-jp-mono-fonts-20201202.2.004-150200.10.7.1.noarch.rpm google-noto-sans-jp-regular-fonts-20201202.2.004-150200.10.7.1.noarch.rpm google-noto-sans-jp-thin-fonts-20201202.2.004-150200.10.7.1.noarch.rpm google-noto-sans-kr-black-fonts-20201202.2.004-150200.10.7.1.noarch.rpm google-noto-sans-kr-bold-fonts-20201202.2.004-150200.10.7.1.noarch.rpm google-noto-sans-kr-demilight-fonts-20201202.2.004-150200.10.7.1.noarch.rpm google-noto-sans-kr-fonts-20201202.2.004-150200.10.7.1.noarch.rpm google-noto-sans-kr-fonts-full-20201202.2.004-150200.10.7.1.noarch.rpm google-noto-sans-kr-light-fonts-20201202.2.004-150200.10.7.1.noarch.rpm google-noto-sans-kr-medium-fonts-20201202.2.004-150200.10.7.1.noarch.rpm google-noto-sans-kr-mono-fonts-20201202.2.004-150200.10.7.1.noarch.rpm google-noto-sans-kr-regular-fonts-20201202.2.004-150200.10.7.1.noarch.rpm google-noto-sans-kr-thin-fonts-20201202.2.004-150200.10.7.1.noarch.rpm google-noto-sans-sc-black-fonts-20201202.2.004-150200.10.7.1.noarch.rpm google-noto-sans-sc-bold-fonts-20201202.2.004-150200.10.7.1.noarch.rpm google-noto-sans-sc-demilight-fonts-20201202.2.004-150200.10.7.1.noarch.rpm google-noto-sans-sc-fonts-20201202.2.004-150200.10.7.1.noarch.rpm google-noto-sans-sc-fonts-full-20201202.2.004-150200.10.7.1.noarch.rpm google-noto-sans-sc-light-fonts-20201202.2.004-150200.10.7.1.noarch.rpm google-noto-sans-sc-medium-fonts-20201202.2.004-150200.10.7.1.noarch.rpm google-noto-sans-sc-mono-fonts-20201202.2.004-150200.10.7.1.noarch.rpm google-noto-sans-sc-regular-fonts-20201202.2.004-150200.10.7.1.noarch.rpm google-noto-sans-sc-thin-fonts-20201202.2.004-150200.10.7.1.noarch.rpm google-noto-sans-tc-black-fonts-20201202.2.004-150200.10.7.1.noarch.rpm google-noto-sans-tc-bold-fonts-20201202.2.004-150200.10.7.1.noarch.rpm google-noto-sans-tc-demilight-fonts-20201202.2.004-150200.10.7.1.noarch.rpm google-noto-sans-tc-fonts-20201202.2.004-150200.10.7.1.noarch.rpm google-noto-sans-tc-fonts-full-20201202.2.004-150200.10.7.1.noarch.rpm google-noto-sans-tc-light-fonts-20201202.2.004-150200.10.7.1.noarch.rpm google-noto-sans-tc-medium-fonts-20201202.2.004-150200.10.7.1.noarch.rpm google-noto-sans-tc-mono-fonts-20201202.2.004-150200.10.7.1.noarch.rpm google-noto-sans-tc-regular-fonts-20201202.2.004-150200.10.7.1.noarch.rpm google-noto-sans-tc-thin-fonts-20201202.2.004-150200.10.7.1.noarch.rpm google-noto-serif-cjk-fonts-20201202.2.001-150200.3.4.1.src.rpm google-noto-serif-jp-black-fonts-20201202.2.001-150200.3.4.1.noarch.rpm google-noto-serif-jp-bold-fonts-20201202.2.001-150200.3.4.1.noarch.rpm google-noto-serif-jp-extralight-fonts-20201202.2.001-150200.3.4.1.noarch.rpm google-noto-serif-jp-fonts-20201202.2.001-150200.3.4.1.noarch.rpm google-noto-serif-jp-fonts-full-20201202.2.001-150200.3.4.1.noarch.rpm google-noto-serif-jp-light-fonts-20201202.2.001-150200.3.4.1.noarch.rpm google-noto-serif-jp-medium-fonts-20201202.2.001-150200.3.4.1.noarch.rpm google-noto-serif-jp-regular-fonts-20201202.2.001-150200.3.4.1.noarch.rpm google-noto-serif-jp-semibold-fonts-20201202.2.001-150200.3.4.1.noarch.rpm google-noto-serif-kr-black-fonts-20201202.2.001-150200.3.4.1.noarch.rpm google-noto-serif-kr-bold-fonts-20201202.2.001-150200.3.4.1.noarch.rpm google-noto-serif-kr-extralight-fonts-20201202.2.001-150200.3.4.1.noarch.rpm google-noto-serif-kr-fonts-20201202.2.001-150200.3.4.1.noarch.rpm google-noto-serif-kr-fonts-full-20201202.2.001-150200.3.4.1.noarch.rpm google-noto-serif-kr-light-fonts-20201202.2.001-150200.3.4.1.noarch.rpm google-noto-serif-kr-medium-fonts-20201202.2.001-150200.3.4.1.noarch.rpm google-noto-serif-kr-regular-fonts-20201202.2.001-150200.3.4.1.noarch.rpm google-noto-serif-kr-semibold-fonts-20201202.2.001-150200.3.4.1.noarch.rpm google-noto-serif-sc-black-fonts-20201202.2.001-150200.3.4.1.noarch.rpm google-noto-serif-sc-bold-fonts-20201202.2.001-150200.3.4.1.noarch.rpm google-noto-serif-sc-extralight-fonts-20201202.2.001-150200.3.4.1.noarch.rpm google-noto-serif-sc-fonts-20201202.2.001-150200.3.4.1.noarch.rpm google-noto-serif-sc-fonts-full-20201202.2.001-150200.3.4.1.noarch.rpm google-noto-serif-sc-light-fonts-20201202.2.001-150200.3.4.1.noarch.rpm google-noto-serif-sc-medium-fonts-20201202.2.001-150200.3.4.1.noarch.rpm google-noto-serif-sc-regular-fonts-20201202.2.001-150200.3.4.1.noarch.rpm google-noto-serif-sc-semibold-fonts-20201202.2.001-150200.3.4.1.noarch.rpm google-noto-serif-tc-black-fonts-20201202.2.001-150200.3.4.1.noarch.rpm google-noto-serif-tc-bold-fonts-20201202.2.001-150200.3.4.1.noarch.rpm google-noto-serif-tc-extralight-fonts-20201202.2.001-150200.3.4.1.noarch.rpm google-noto-serif-tc-fonts-20201202.2.001-150200.3.4.1.noarch.rpm google-noto-serif-tc-fonts-full-20201202.2.001-150200.3.4.1.noarch.rpm google-noto-serif-tc-light-fonts-20201202.2.001-150200.3.4.1.noarch.rpm google-noto-serif-tc-medium-fonts-20201202.2.001-150200.3.4.1.noarch.rpm google-noto-serif-tc-regular-fonts-20201202.2.001-150200.3.4.1.noarch.rpm google-noto-serif-tc-semibold-fonts-20201202.2.001-150200.3.4.1.noarch.rpm noto-arimo-fonts-20220607-150200.11.3.3.noarch.rpm noto-cousine-fonts-20220607-150200.11.3.3.noarch.rpm noto-fonts-20220607-150200.11.3.3.noarch.rpm noto-kufiarabic-fonts-20220607-150200.11.3.3.noarch.rpm noto-loopedlao-fonts-20220607-150200.11.3.3.noarch.rpm noto-loopedlao-ui-fonts-20220607-150200.11.3.3.noarch.rpm noto-loopedthai-fonts-20220607-150200.11.3.3.noarch.rpm noto-loopedthai-ui-fonts-20220607-150200.11.3.3.noarch.rpm noto-music-fonts-20220607-150200.11.3.3.noarch.rpm noto-naskharabic-fonts-20220607-150200.11.3.3.noarch.rpm noto-naskharabic-ui-fonts-20220607-150200.11.3.3.noarch.rpm noto-nastaliqurdu-fonts-20220607-150200.11.3.3.noarch.rpm noto-rashihebrew-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-adlam-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-adlamunjoined-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-anatolianhieroglyphs-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-arabic-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-arabic-ui-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-armenian-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-avestan-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-balinese-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-bamum-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-bassavah-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-batak-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-bengali-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-bengali-ui-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-bhaiksuki-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-brahmi-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-buginese-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-buhid-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-canadianaboriginal-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-carian-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-caucasianalbanian-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-chakma-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-cham-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-cherokee-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-chorasmian-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-coptic-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-cuneiform-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-cypriot-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-cyprominoan-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-deseret-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-devanagari-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-devanagari-ui-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-duployan-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-egyptianhieroglyphs-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-elbasan-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-elymaic-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-ethiopic-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-georgian-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-glagolitic-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-gothic-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-grantha-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-gujarati-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-gujarati-ui-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-gunjalagondi-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-gurmukhi-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-gurmukhi-ui-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-hanifirohingya-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-hanunoo-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-hatran-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-hebrew-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-hebrewdroid-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-hebrewnew-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-imperialaramaic-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-indicsiyaqnumbers-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-inscriptionalpahlavi-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-inscriptionalparthian-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-javanese-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-kaithi-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-kannada-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-kannada-ui-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-kayahli-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-kharoshthi-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-khmer-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-khmer-ui-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-khojki-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-khudawadi-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-lao-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-lao-ui-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-lepcha-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-limbu-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-lineara-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-linearb-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-lisu-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-lycian-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-lydian-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-mahajani-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-malayalam-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-malayalam-ui-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-mandaic-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-manichaean-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-marchen-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-masaramgondi-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-math-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-mayannumerals-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-medefaidrin-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-meeteimayek-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-mendekikakui-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-meroitic-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-miao-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-modi-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-mongolian-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-mono-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-mro-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-multani-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-myanmar-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-myanmar-ui-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-nabataean-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-nandinagari-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-newa-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-newtailue-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-nko-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-nushu-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-ogham-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-olchiki-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-oldhungarian-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-olditalic-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-oldnortharabian-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-oldpermic-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-oldpersian-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-oldsogdian-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-oldsoutharabian-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-oldturkic-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-oriya-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-oriya-ui-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-osage-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-osmanya-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-pahawhhmong-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-palmyrene-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-paucinhau-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-phagspa-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-phoenician-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-psalterpahlavi-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-rejang-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-runic-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-samaritan-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-saurashtra-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-sharada-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-shavian-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-siddham-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-signwriting-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-sinhala-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-sinhala-ui-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-sogdian-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-sorasompeng-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-soyombo-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-sundanese-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-sylotinagri-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-symbols-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-symbols2-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-syriac-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-tagalog-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-tagbanwa-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-taile-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-taitham-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-taiviet-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-takri-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-tamil-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-tamil-ui-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-tamilsupplement-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-tangsa-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-telugu-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-telugu-ui-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-thaana-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-thai-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-thai-ui-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-tifinagh-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-tifinaghadrar-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-tifinaghagrawimazighen-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-tifinaghahaggar-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-tifinaghair-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-tifinaghapt-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-tifinaghazawagh-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-tifinaghghat-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-tifinaghhawad-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-tifinaghrhissaixa-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-tifinaghsil-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-tifinaghtawellemmet-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-tirhuta-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-ugaritic-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-vai-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-vithkuqi-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-wancho-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-warangciti-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-yi-fonts-20220607-150200.11.3.3.noarch.rpm noto-sans-zanabazarsquare-fonts-20220607-150200.11.3.3.noarch.rpm noto-serif-ahom-fonts-20220607-150200.11.3.3.noarch.rpm noto-serif-armenian-fonts-20220607-150200.11.3.3.noarch.rpm noto-serif-balinese-fonts-20220607-150200.11.3.3.noarch.rpm noto-serif-bengali-fonts-20220607-150200.11.3.3.noarch.rpm noto-serif-devanagari-fonts-20220607-150200.11.3.3.noarch.rpm noto-serif-display-fonts-20220607-150200.11.3.3.noarch.rpm noto-serif-divesakuru-fonts-20220607-150200.11.3.3.noarch.rpm noto-serif-dogra-fonts-20220607-150200.11.3.3.noarch.rpm noto-serif-ethiopic-fonts-20220607-150200.11.3.3.noarch.rpm noto-serif-fonts-20220607-150200.11.3.3.noarch.rpm noto-serif-georgian-fonts-20220607-150200.11.3.3.noarch.rpm noto-serif-grantha-fonts-20220607-150200.11.3.3.noarch.rpm noto-serif-gujarati-fonts-20220607-150200.11.3.3.noarch.rpm noto-serif-gurmukhi-fonts-20220607-150200.11.3.3.noarch.rpm noto-serif-hebrew-fonts-20220607-150200.11.3.3.noarch.rpm noto-serif-kannada-fonts-20220607-150200.11.3.3.noarch.rpm noto-serif-khmer-fonts-20220607-150200.11.3.3.noarch.rpm noto-serif-khojki-fonts-20220607-150200.11.3.3.noarch.rpm noto-serif-lao-fonts-20220607-150200.11.3.3.noarch.rpm noto-serif-makasar-fonts-20220607-150200.11.3.3.noarch.rpm noto-serif-malayalam-fonts-20220607-150200.11.3.3.noarch.rpm noto-serif-myanmar-fonts-20220607-150200.11.3.3.noarch.rpm noto-serif-nyiakengpuachuehmong-fonts-20220607-150200.11.3.3.noarch.rpm noto-serif-olduyghur-fonts-20220607-150200.11.3.3.noarch.rpm noto-serif-oriya-fonts-20220607-150200.11.3.3.noarch.rpm noto-serif-sinhala-fonts-20220607-150200.11.3.3.noarch.rpm noto-serif-tamil-fonts-20220607-150200.11.3.3.noarch.rpm noto-serif-tamilslanted-fonts-20220607-150200.11.3.3.noarch.rpm noto-serif-tangut-fonts-20220607-150200.11.3.3.noarch.rpm noto-serif-telugu-fonts-20220607-150200.11.3.3.noarch.rpm noto-serif-thai-fonts-20220607-150200.11.3.3.noarch.rpm noto-serif-tibetan-fonts-20220607-150200.11.3.3.noarch.rpm noto-serif-toto-fonts-20220607-150200.11.3.3.noarch.rpm noto-serif-vithkuqi-fonts-20220607-150200.11.3.3.noarch.rpm noto-serif-yezidi-fonts-20220607-150200.11.3.3.noarch.rpm noto-tinos-fonts-20220607-150200.11.3.3.noarch.rpm noto-traditionalnushu-fonts-20220607-150200.11.3.3.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4458 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the "Development Tools" module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install "gcc13" or "gcc13-c++" or one of the other "gcc13-COMPILER" frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. gcc13-13.2.1+git7813-150000.1.6.1.src.rpm libasan8-13.2.1+git7813-150000.1.6.1.x86_64.rpm libasan8-32bit-13.2.1+git7813-150000.1.6.1.x86_64.rpm libatomic1-13.2.1+git7813-150000.1.6.1.x86_64.rpm libatomic1-32bit-13.2.1+git7813-150000.1.6.1.x86_64.rpm libgcc_s1-13.2.1+git7813-150000.1.6.1.x86_64.rpm libgcc_s1-32bit-13.2.1+git7813-150000.1.6.1.x86_64.rpm libgfortran5-13.2.1+git7813-150000.1.6.1.x86_64.rpm libgfortran5-32bit-13.2.1+git7813-150000.1.6.1.x86_64.rpm libgomp1-13.2.1+git7813-150000.1.6.1.x86_64.rpm libgomp1-32bit-13.2.1+git7813-150000.1.6.1.x86_64.rpm libhwasan0-13.2.1+git7813-150000.1.6.1.x86_64.rpm libitm1-13.2.1+git7813-150000.1.6.1.x86_64.rpm libitm1-32bit-13.2.1+git7813-150000.1.6.1.x86_64.rpm liblsan0-13.2.1+git7813-150000.1.6.1.x86_64.rpm libobjc4-13.2.1+git7813-150000.1.6.1.x86_64.rpm libobjc4-32bit-13.2.1+git7813-150000.1.6.1.x86_64.rpm libquadmath0-13.2.1+git7813-150000.1.6.1.x86_64.rpm libquadmath0-32bit-13.2.1+git7813-150000.1.6.1.x86_64.rpm libstdc++6-13.2.1+git7813-150000.1.6.1.x86_64.rpm libstdc++6-32bit-13.2.1+git7813-150000.1.6.1.x86_64.rpm libstdc++6-locale-13.2.1+git7813-150000.1.6.1.x86_64.rpm libstdc++6-pp-13.2.1+git7813-150000.1.6.1.x86_64.rpm libstdc++6-pp-32bit-13.2.1+git7813-150000.1.6.1.x86_64.rpm libtsan2-13.2.1+git7813-150000.1.6.1.x86_64.rpm libubsan1-13.2.1+git7813-150000.1.6.1.x86_64.rpm libubsan1-32bit-13.2.1+git7813-150000.1.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4476 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for xen fixes the following issues: - CVE-2023-20588: AMD CPU transitional execution leak via division by zero (XSA-439) (bsc#1215474). - CVE-2023-34322: top-level shadow reference dropped too early for 64-bit PV guests (XSA-438) (bsc#1215145). - CVE-2023-34325: Multiple vulnerabilities in libfsimage disk handling (XSA-443) (bsc#1215747). - CVE-2023-34326: x86/AMD: missing IOMMU TLB flushing (XSA-442) (bsc#1215746). - CVE-2023-34327,CVE-2023-34328: x86/AMD: Debug Mask handling (XSA-444) (bsc#1215748). - CVE-2023-46835: x86/AMD: mismatch in IOMMU quarantine page table levels (XSA-445) (bsc#1216654). - CVE-2023-46836: x86: BTC/SRSO fixes not fully effective (XSA-446) (bsc#1216807). - Upstream bug fixes (bsc#1027519) xen-4.16.5_08-150400.4.40.1.src.rpm True xen-libs-4.16.5_08-150400.4.40.1.x86_64.rpm True xen-tools-domU-4.16.5_08-150400.4.40.1.x86_64.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2023-4870 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for cosign fixes the following issues: Updated to 2.2.1 (jsc#SLE-23879) - Enhancements: * CVE-2023-46737: Possible endless data attack from attacker-controlled registry (bsc#1216933) * feat: Support basic auth and bearer auth login to registry (#3310) * add support for ignoring certificates with pkcs11 (#3334) * Support ReplaceOp in Signatures (#3315) * feat: added ability to get image digest back via triangulate (#3255) * feat: add `--only` flag in `cosign copy` to copy sign, att & sbom (#3247) * feat: add support attaching a Rekor bundle to a container (#3246) * feat: add support outputting rekor response on signing (#3248) * feat: improve dockerfile verify subcommand (#3264) * Add guard flag for experimental OCI 1.1 verify. (#3272) * Deprecate SBOM attachments (#3256) * feat: dedent line in cosign copy doc (#3244) * feat: add platform flag to cosign copy command (#3234) * Add SLSA 1.0 attestation support to cosign. Closes #2860 (#3219) * attest: pass OCI remote opts to att resolver. (#3225) - Bug Fixes: * Merge pull request from GHSA-vfp6-jrw2-99g9 * fix: allow cosign download sbom when image is absent (#3245) * ci: add a OCI registry test for referrers support (#3253) * Fix ReplaceSignatures (#3292) * Stop using deprecated in_toto.ProvenanceStatement (#3243) * Fixes #3236, disable SCT checking for a cosign verification when using .. (#3237) * fix: update error in `SignedEntity` to be more descriptive (#3233) * Fail timestamp verification if no root is provided (#3224) - Documentation: * Add some docs about verifying in an air-gapped environment (#3321) * Update CONTRIBUTING.md (#3268) * docs: improves the Contribution guidelines (#3257) * Remove security policy (#3230) - Others: * Set go to min 1.21 and update dependencies (#3327) * Update contact for code of conduct (#3266) * Update .ko.yaml (#3240) Updated to 2.2.0 (jsc#SLE-23879) - Enhancements * switch to uploading DSSE types to rekor instead of intoto (#3113) * add 'cosign sign' command-line parameters for mTLS (#3052) * improve error messages around bundle != payload hash (#3146) * make VerifyImageAttestation function public (#3156) * Switch to cryptoutils function for SANS (#3185) * Handle HTTP_1_1_REQUIRED errors in github provider (#3172) - Bug Fixes * Fix nondeterminsitic timestamps (#3121) - Documentation * doc: Add example of sign-blob with key in env var (#3152) * add deprecation notice for cosign-releases GCS bucket (#3148) * update doc links (#3186) Updated to 2.1.1 (jsc#SLE-23879) - Bug Fixes * wait for the workers become available again to continue the execution (#3084) * fix help text when in a container (#3082) Updated to 2.1.0 (jsc#SLE-23879) - Breaking Change: The predicate is now a required flag in the attest commands, set via the --type flag. - Enhancements * Verify sigs and attestations in parallel (#3066) * Deep inspect attestations when filtering download (#3031) * refactor bundle validation code, add support for DSSE rekor type (#3016) * Allow overriding remote options (#3049) * feat: adds no cert found on sig exit code (#3038) * Make predicate a required flag in attest commands (#3033) * Added support for attaching Time stamp authority Response in attach command (#3001) * Add sign --sign-container-identity CLI (#2984) * Feature: Allow cosign to sign digests before they are uploaded. (#2959) * accepts attachment-tag-prefix for cosign copy (#3014) * Feature: adds '--allow-insecure-registry' for cosign load (#3000) * download attestation: support --platform flag (#2980) * Cleanup: Add Digest to the SignedEntity interface. (#2960) * verify command: support keyless verification using only a provided certificate chain with non-fulcio roots (#2845) * verify: use workers to limit the paralellism when verifying images with --max-workers flag (#3069) - Bug Fixes * Fix pkg/cosign/errors (#3050) * Fix: update doc to refer to github-actions oidc provider (#3040) * Fix: prefer GitHub OIDC provider if enabled (#3044) * Fix --sig-only in cosign copy (#3074) - Documentation * Fix links to sigstore/docs in markdown files (#3064) Update to 2.0.2 (jsc#SLE-23879) - Enhancements * Update sigstore/sigstore to v1.6.2 to pick up TUF CDN change (#2891) * feat: Make cosign copy faster (#2901) * remove sget (#2885) * Require a payload to be provided with a signature (#2785) - Bug Fixes * cmd: Change error message from KeyParseError to PubKeyParseError for verify-blob. (#2876) * Use SOURCE_DATE_EPOCH for OCI CreatedAt times (#2878) - Documentation * Remove experimental warning from Fulcio flags (#2923) * add missing oidc provider (#2922) * Add zot as a supported registry (#2920) * deprecates kms_support docs (#2900) * chore(docs) deprecate note for usage docs (#2906) * adds note of deprecation for examples.md docs (#2899) cosign-2.2.1-150400.3.14.1.src.rpm cosign-2.2.1-150400.3.14.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4881 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for ipmitool fixes the following issues: - Fix unsupported LAN parameter lookup error (bsc#1216556) ipmitool-1.8.18.238.gb7adc1d-150400.3.6.1.src.rpm ipmitool-1.8.18.238.gb7adc1d-150400.3.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4705 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for dracut fixes the following issues: - Update to version 055+suse.351.g30f0cda6 - Fix network device naming in udev-rules (bsc#1192986) dracut-055+suse.351.g30f0cda6-150400.3.31.1.src.rpm dracut-055+suse.351.g30f0cda6-150400.3.31.1.x86_64.rpm dracut-fips-055+suse.351.g30f0cda6-150400.3.31.1.x86_64.rpm dracut-ima-055+suse.351.g30f0cda6-150400.3.31.1.x86_64.rpm dracut-mkinitrd-deprecated-055+suse.351.g30f0cda6-150400.3.31.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4537 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libxml2 fixes the following issues: - CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). libxml2-2-2.9.14-150400.5.25.1.x86_64.rpm libxml2-2.9.14-150400.5.25.1.src.rpm libxml2-devel-2.9.14-150400.5.25.1.x86_64.rpm libxml2-python-2.9.14-150400.5.25.1.src.rpm libxml2-tools-2.9.14-150400.5.25.1.x86_64.rpm python3-libxml2-2.9.14-150400.5.25.1.x86_64.rpm libxml2-2-32bit-2.9.14-150400.5.25.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4494 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for cmake fixes the following issues: - Packages fail to build when there's a folder called "CMakeLists.txt" (bsc#1217009) cmake-3.20.4-150400.4.3.1.src.rpm cmake-3.20.4-150400.4.3.1.x86_64.rpm cmake-full-3.20.4-150400.4.3.1.src.rpm cmake-full-3.20.4-150400.4.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4723 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) libtirpc-1.3.4-150300.3.23.1.src.rpm libtirpc-devel-1.3.4-150300.3.23.1.x86_64.rpm libtirpc-netconfig-1.3.4-150300.3.23.1.x86_64.rpm libtirpc3-1.3.4-150300.3.23.1.x86_64.rpm libtirpc3-32bit-1.3.4-150300.3.23.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2024-87 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for pesign fixes the following issue: - Create pesign-systemd subpackage to remove systemd dependency (jsc#PED-7256) pesign-0.112-150000.4.18.1.src.rpm pesign-0.112-150000.4.18.1.x86_64.rpm pesign-systemd-0.112-150000.4.18.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4620 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libhugetlbfs fixes the following issue: - Add patch for upstream issue (bsc#1216576, bsc#1213639) libhugetlbfs-2.20-150000.3.8.1.src.rpm libhugetlbfs-2.20-150000.3.8.1.x86_64.rpm libhugetlbfs-devel-2.20-150000.3.8.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4514 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for strongswan fixes the following issues: - CVE-2023-41913: Fixed a bug in charon-tkm related to handling DH public values that can lead to remote code execution (bsc#1216901). strongswan-5.9.11-150400.19.17.2.src.rpm strongswan-5.9.11-150400.19.17.2.x86_64.rpm strongswan-doc-5.9.11-150400.19.17.2.noarch.rpm strongswan-hmac-5.9.11-150400.19.17.2.x86_64.rpm strongswan-ipsec-5.9.11-150400.19.17.2.x86_64.rpm strongswan-libs0-5.9.11-150400.19.17.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4517 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for python3-setuptools fixes the following issues: - CVE-2022-40897: Fixed Regular Expression Denial of Service (ReDoS) in package_index.py (bsc#1206667). python3-setuptools-44.1.1-150400.9.6.1.noarch.rpm python3-setuptools-44.1.1-150400.9.6.1.src.rpm python3-setuptools-test-44.1.1-150400.9.6.1.noarch.rpm python3-setuptools-test-44.1.1-150400.9.6.1.src.rpm python3-setuptools-wheel-44.1.1-150400.9.6.1.noarch.rpm python3-setuptools-wheel-44.1.1-150400.9.6.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4641 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed fixes the following issues: Changes in kernel-firmware-nvidia-gspx-G06: - update firmware to version 545.29.02 Changes in nvidia-open-driver-G06-signed: - Update to 545.29.02 - added fbdev=1 option for nvidia-drm module, which gives us a proper framebuffer console now ... - nosimplefb kernel option no longer needed with usage of nvidia-drm's fbdev=1 option - nvidia's NVreg_OpenRmEnableUnsupportedGpus=1 option no longer needed; GeForce and Workstation GPUs now officially supported - support added for H100/H800 GPUs (Hopper) - no longer try to overwrite NVreg_OpenRMEnableSupporteGpus driver option setting; apparently it's ignored by the driver (boo#1215981) comment#26) - use different modprobe.d config file to resolve conflict with older driver package (boo#1217370); overwrite NVreg_OpenRMEnableSupporteGpus driver option setting (disable it), since letting it enabled is supposed to break booting (boo#1215981) kernel-firmware-nvidia-gspx-G06-545.29.02-150400.9.15.1.nosrc.rpm kernel-firmware-nvidia-gspx-G06-545.29.02-150400.9.15.1.x86_64.rpm nvidia-open-driver-G06-signed-545.29.02-150400.9.32.1.src.rpm nvidia-open-driver-G06-signed-default-devel-545.29.02-150400.9.32.1.x86_64.rpm nvidia-open-driver-G06-signed-kmp-default-545.29.02_k5.14.21_150400.24.97-150400.9.32.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4524 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for openssl-1_1 fixes the following issues: - CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). libopenssl-1_1-devel-1.1.1l-150400.7.60.2.x86_64.rpm libopenssl-1_1-devel-32bit-1.1.1l-150400.7.60.2.x86_64.rpm libopenssl1_1-1.1.1l-150400.7.60.2.x86_64.rpm libopenssl1_1-32bit-1.1.1l-150400.7.60.2.x86_64.rpm libopenssl1_1-hmac-1.1.1l-150400.7.60.2.x86_64.rpm libopenssl1_1-hmac-32bit-1.1.1l-150400.7.60.2.x86_64.rpm openssl-1_1-1.1.1l-150400.7.60.2.src.rpm openssl-1_1-1.1.1l-150400.7.60.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4500 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for ucode-intel fixes the following issues: - Updated to Intel CPU Microcode 20231114 release. (bsc#1215278) - CVE-2023-23583: Fixed potential CPU deadlocks or privilege escalation. (bsc#1215278) ucode-intel-20231114-150200.35.1.src.rpm ucode-intel-20231114-150200.35.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4627 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for man-pages ships them to SUSE Linux Enterprise Micro 5.3, 5.4 and 5.5. man-pages-4.16-150300.13.5.1.noarch.rpm man-pages-4.16-150300.13.5.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4672 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for suse-build-key fixes the following issues: This update runs a import-suse-build-key script. The previous libzypp-post-script based installation is replaced with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777). - suse-build-key-import.service - suse-build-key-import.timer It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. After successful import the timer is disabled. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc suse-build-key-12.0-150000.8.37.1.noarch.rpm suse-build-key-12.0-150000.8.37.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4586 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for xerces-c fixes the following issues: - CVE-2023-37536: Fixed an integer overflow that could have led to a out-of-bounds memory accesses (bsc#1216156). libxerces-c-3_2-3.2.3-150300.3.3.2.x86_64.rpm libxerces-c-devel-3.2.3-150300.3.3.2.x86_64.rpm xerces-c-3.2.3-150300.3.3.2.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4710 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for hplip fixes the following issues: - Fixed insecure /tmp file paths inside hppsfilter booklet printing (bsc#1214399) hplip-3.21.10-150400.3.11.1.src.rpm hplip-devel-3.21.10-150400.3.11.1.x86_64.rpm hplip-hpijs-3.21.10-150400.3.11.1.x86_64.rpm hplip-sane-3.21.10-150400.3.11.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4575 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for gstreamer-plugins-bad fixes the following issues: - CVE-2023-40474: Fixed integer overflow causing out of bounds writes when handling invalid uncompressed video (bsc#1215796). - CVE-2023-40476: Fixed possible overflow using max_sub_layers_minus1 (bsc#1215793). gstreamer-plugins-bad-1.20.1-150400.3.9.1.src.rpm libgstphotography-1_0-0-1.20.1-150400.3.9.1.x86_64.rpm libgstplay-1_0-0-1.20.1-150400.3.9.1.x86_64.rpm libgstplayer-1_0-0-1.20.1-150400.3.9.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4619 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for sqlite3 fixes the following issues: - CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660). libsqlite3-0-3.44.0-150000.3.23.1.x86_64.rpm sqlite3-3.44.0-150000.3.23.1.src.rpm sqlite3-3.44.0-150000.3.23.1.x86_64.rpm sqlite3-devel-3.44.0-150000.3.23.1.x86_64.rpm sqlite3-tcl-3.44.0-150000.3.23.1.x86_64.rpm libsqlite3-0-32bit-3.44.0-150000.3.23.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4577 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for xrdp fixes the following issues: - CVE-2023-42822: Fixed unchecked access to font glyph info (bsc#1215803). libpainter0-0.9.13.1-150200.4.27.1.x86_64.rpm librfxencode0-0.9.13.1-150200.4.27.1.x86_64.rpm xrdp-0.9.13.1-150200.4.27.1.src.rpm xrdp-0.9.13.1-150200.4.27.1.x86_64.rpm xrdp-devel-0.9.13.1-150200.4.27.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4561 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for webkit2gtk3 fixes the following issues: Update to version 2.42.2 (bsc#1217210): - CVE-2023-41983: Processing web content may lead to a denial-of-service. - CVE-2023-42852: Processing web content may lead to arbitrary code execution. Already previously fixed: - CVE-2022-32919: Visiting a website that frames malicious content may lead to UI spoofing (fixed already in 2.38.4). - CVE-2022-32933: A website may be able to track the websites a user visited in private browsing mode (fixed already in 2.38.0). - CVE-2022-46705: Visiting a malicious website may lead to address bar spoofing (fixed already in 2.38.4). - CVE-2022-46725: Visiting a malicious website may lead to address bar spoofing (fixed already in 2.38.4). - CVE-2023-32359: A user’s password may be read aloud by a text-to-speech accessibility feature (fixed already in 2.42.0). WebKitGTK-4.0-lang-2.42.2-150400.4.64.2.noarch.rpm libjavascriptcoregtk-4_0-18-2.42.2-150400.4.64.2.x86_64.rpm libwebkit2gtk-4_0-37-2.42.2-150400.4.64.2.x86_64.rpm typelib-1_0-JavaScriptCore-4_0-2.42.2-150400.4.64.2.x86_64.rpm typelib-1_0-WebKit2-4_0-2.42.2-150400.4.64.2.x86_64.rpm typelib-1_0-WebKit2WebExtension-4_0-2.42.2-150400.4.64.2.x86_64.rpm webkit2gtk-4_0-injected-bundles-2.42.2-150400.4.64.2.x86_64.rpm webkit2gtk3-soup2-2.42.2-150400.4.64.2.src.rpm webkit2gtk3-soup2-devel-2.42.2-150400.4.64.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4587 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for vim fixes the following issues: - CVE-2023-5344: Heap-based Buffer Overflow in vim prior to 9.0.1969 (bsc#1215940) - CVE-2023-5441: segfault in exmode when redrawing (bsc#1216001) - CVE-2023-5535: use-after-free from buf_contents_changed() (bsc#1216167) - CVE-2023-46246: Integer Overflow in :history command (bsc#1216696) vim-9.0.2103-150000.5.57.1.src.rpm vim-9.0.2103-150000.5.57.1.x86_64.rpm vim-data-9.0.2103-150000.5.57.1.noarch.rpm vim-data-common-9.0.2103-150000.5.57.1.noarch.rpm vim-small-9.0.2103-150000.5.57.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4976 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for mariadb-connector-c fixes the following issue: - Update to release 3.1.22: libmariadb3-3.1.22-150000.3.36.1.x86_64.rpm libmariadbprivate-3.1.22-150000.3.36.1.x86_64.rpm mariadb-connector-c-3.1.22-150000.3.36.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4938 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for wireshark fixes the following issues: Update to 3.6.19: - CVE-2023-6175: NetScreen file parser crash (bsc#1217272). libwireshark15-3.6.19-150000.3.106.1.x86_64.rpm libwiretap12-3.6.19-150000.3.106.1.x86_64.rpm libwsutil13-3.6.19-150000.3.106.1.x86_64.rpm wireshark-3.6.19-150000.3.106.1.src.rpm wireshark-3.6.19-150000.3.106.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4699 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for gpg2 fixes the following issues: - `dirmngr-client --validate` is broken for DER-encoded files (bsc#1217212) dirmngr-2.2.27-150300.3.8.1.x86_64.rpm gpg2-2.2.27-150300.3.8.1.src.rpm gpg2-2.2.27-150300.3.8.1.x86_64.rpm gpg2-lang-2.2.27-150300.3.8.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4913 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for xscreensaver fixes the following issues: - Hide the nagging message about available update (bsc#1206345, bsc#1217318) xscreensaver-6.03-150400.3.9.1.src.rpm xscreensaver-6.03-150400.3.9.1.x86_64.rpm xscreensaver-data-6.03-150400.3.9.1.x86_64.rpm xscreensaver-lang-6.03-150400.3.9.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4970 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for icu73_2 fixes the following issue: - ships 32bit icu library on SLES 15 SP3 to complement the ICU 69 32bit libraries. icu73_2-73.2-150000.1.7.1.src.rpm libicu73_2-73.2-150000.1.7.1.x86_64.rpm libicu73_2-devel-73.2-150000.1.7.1.x86_64.rpm libicu73_2-doc-73.2-150000.1.7.1.x86_64.rpm libicu73_2-ledata-73.2-150000.1.7.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4615 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update of icu fixes the following issue: - missing 32bit libraries in SLES 15 SP3 were added, required by xerces-c 32bit. icu-65.1-150200.4.10.1.src.rpm libicu-devel-65.1-150200.4.10.1.x86_64.rpm libicu-suse65_1-65.1-150200.4.10.1.x86_64.rpm libicu65_1-ledata-65.1-150200.4.10.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4623 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for traceroute fixes the following issues: - CVE-2023-46316: wrapper scripts do not properly parse command lines (bsc#1216591). traceroute-2.0.21-150000.3.3.1.src.rpm traceroute-2.0.21-150000.3.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4681 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for qemu fixes the following issues: - Fix migration issues by disabling transfer of acpi_index (bsc#1216985) - Fix qemu crash on starting dirty log twice with stopped VM (bsc#1214367) - Fix incorrect calls of log_global_start/stop (bsc#1214367) qemu-6.2.0-150400.37.26.1.src.rpm qemu-tools-6.2.0-150400.37.26.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4843 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for python3-cryptography fixes the following issues: - CVE-2023-49083: Fixed a NULL pointer dereference when loading certificates from a PKCS#7 bundle (bsc#1217592). python3-cryptography-3.3.2-150400.23.1.src.rpm python3-cryptography-3.3.2-150400.23.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4659 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). - CVE-2023-46219: HSTS long file name clears contents (bsc#1217574). curl-8.0.1-150400.5.36.1.src.rpm curl-8.0.1-150400.5.36.1.x86_64.rpm libcurl-devel-8.0.1-150400.5.36.1.x86_64.rpm libcurl4-32bit-8.0.1-150400.5.36.1.x86_64.rpm libcurl4-8.0.1-150400.5.36.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4950 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libqt5-qtbase fixes the following issues: - CVE-2023-37369: Fixed buffer overflow in QXmlStreamReader (bsc#1214327). - libq5-qtbase was rebuild against icu 73. jsc#PED-6193 libQt5Concurrent-devel-5.15.2+kde294-150400.6.10.1.x86_64.rpm libQt5Concurrent5-5.15.2+kde294-150400.6.10.1.x86_64.rpm libQt5Core-devel-5.15.2+kde294-150400.6.10.1.x86_64.rpm libQt5Core-private-headers-devel-5.15.2+kde294-150400.6.10.1.noarch.rpm libQt5Core5-5.15.2+kde294-150400.6.10.1.x86_64.rpm libQt5DBus-devel-5.15.2+kde294-150400.6.10.1.x86_64.rpm libQt5DBus-private-headers-devel-5.15.2+kde294-150400.6.10.1.noarch.rpm libQt5DBus5-5.15.2+kde294-150400.6.10.1.x86_64.rpm libQt5Gui-devel-5.15.2+kde294-150400.6.10.1.x86_64.rpm libQt5Gui-private-headers-devel-5.15.2+kde294-150400.6.10.1.noarch.rpm libQt5Gui5-5.15.2+kde294-150400.6.10.1.x86_64.rpm libQt5KmsSupport-devel-static-5.15.2+kde294-150400.6.10.1.x86_64.rpm libQt5KmsSupport-private-headers-devel-5.15.2+kde294-150400.6.10.1.noarch.rpm libQt5Network-devel-5.15.2+kde294-150400.6.10.1.x86_64.rpm libQt5Network-private-headers-devel-5.15.2+kde294-150400.6.10.1.noarch.rpm libQt5Network5-5.15.2+kde294-150400.6.10.1.x86_64.rpm libQt5OpenGL-devel-5.15.2+kde294-150400.6.10.1.x86_64.rpm libQt5OpenGL-private-headers-devel-5.15.2+kde294-150400.6.10.1.noarch.rpm libQt5OpenGL5-5.15.2+kde294-150400.6.10.1.x86_64.rpm libQt5PlatformHeaders-devel-5.15.2+kde294-150400.6.10.1.x86_64.rpm libQt5PlatformSupport-devel-static-5.15.2+kde294-150400.6.10.1.x86_64.rpm libQt5PlatformSupport-private-headers-devel-5.15.2+kde294-150400.6.10.1.noarch.rpm libQt5PrintSupport-devel-5.15.2+kde294-150400.6.10.1.x86_64.rpm libQt5PrintSupport-private-headers-devel-5.15.2+kde294-150400.6.10.1.noarch.rpm libQt5PrintSupport5-5.15.2+kde294-150400.6.10.1.x86_64.rpm libQt5Sql-devel-5.15.2+kde294-150400.6.10.1.x86_64.rpm libQt5Sql-private-headers-devel-5.15.2+kde294-150400.6.10.1.noarch.rpm libQt5Sql5-5.15.2+kde294-150400.6.10.1.x86_64.rpm libQt5Sql5-sqlite-5.15.2+kde294-150400.6.10.1.x86_64.rpm libQt5Test-devel-5.15.2+kde294-150400.6.10.1.x86_64.rpm libQt5Test-private-headers-devel-5.15.2+kde294-150400.6.10.1.noarch.rpm libQt5Test5-5.15.2+kde294-150400.6.10.1.x86_64.rpm libQt5Widgets-devel-5.15.2+kde294-150400.6.10.1.x86_64.rpm libQt5Widgets-private-headers-devel-5.15.2+kde294-150400.6.10.1.noarch.rpm libQt5Widgets5-5.15.2+kde294-150400.6.10.1.x86_64.rpm libQt5Xml-devel-5.15.2+kde294-150400.6.10.1.x86_64.rpm libQt5Xml5-5.15.2+kde294-150400.6.10.1.x86_64.rpm libqt5-qtbase-5.15.2+kde294-150400.6.10.1.src.rpm libqt5-qtbase-common-devel-5.15.2+kde294-150400.6.10.1.x86_64.rpm libqt5-qtbase-devel-5.15.2+kde294-150400.6.10.1.x86_64.rpm libqt5-qtbase-private-headers-devel-5.15.2+kde294-150400.6.10.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4664 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for kernel-firmware fixes the following issues: Update AMD ucode to 20231030 (bsc#1215831): - CVE-2022-23820: Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution. - CVE-2021-46774: Insufficient input validation in ABL may enable a privileged attacker to perform arbitrary DRAM writes, potentially resulting in code execution and privilege escalation. - CVE-2023-20533: Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker using DMA to read/write from/to invalid DRAM address potentially resulting in denial-of-service. 0 CVE-2023-20519: A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest's migration agent resulting in a potential loss of guest integrity. - CVE-2023-20566: Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity. - CVE-2023-20521: TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service. - CVE-2021-46766: Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality. - CVE-2022-23830: SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory integrity. - CVE-2023-20526: Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality. - CVE-2021-26345: Failure to validate the value in APCB may allow an attacker with physical access to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service. - CVE-2023-20592: Issue with INVD instruction aka CacheWarpAttack (bsc#1215823). kernel-firmware-20220509-150400.4.25.1.src.rpm True kernel-firmware-all-20220509-150400.4.25.1.noarch.rpm True kernel-firmware-amdgpu-20220509-150400.4.25.1.noarch.rpm True kernel-firmware-ath10k-20220509-150400.4.25.1.noarch.rpm True kernel-firmware-ath11k-20220509-150400.4.25.1.noarch.rpm True kernel-firmware-atheros-20220509-150400.4.25.1.noarch.rpm True kernel-firmware-bluetooth-20220509-150400.4.25.1.noarch.rpm True kernel-firmware-bnx2-20220509-150400.4.25.1.noarch.rpm True kernel-firmware-brcm-20220509-150400.4.25.1.noarch.rpm True kernel-firmware-chelsio-20220509-150400.4.25.1.noarch.rpm True kernel-firmware-dpaa2-20220509-150400.4.25.1.noarch.rpm True kernel-firmware-i915-20220509-150400.4.25.1.noarch.rpm True kernel-firmware-intel-20220509-150400.4.25.1.noarch.rpm True kernel-firmware-iwlwifi-20220509-150400.4.25.1.noarch.rpm True kernel-firmware-liquidio-20220509-150400.4.25.1.noarch.rpm True kernel-firmware-marvell-20220509-150400.4.25.1.noarch.rpm True kernel-firmware-media-20220509-150400.4.25.1.noarch.rpm True kernel-firmware-mediatek-20220509-150400.4.25.1.noarch.rpm True kernel-firmware-mellanox-20220509-150400.4.25.1.noarch.rpm True kernel-firmware-mwifiex-20220509-150400.4.25.1.noarch.rpm True kernel-firmware-network-20220509-150400.4.25.1.noarch.rpm True kernel-firmware-nfp-20220509-150400.4.25.1.noarch.rpm True kernel-firmware-nvidia-20220509-150400.4.25.1.noarch.rpm True kernel-firmware-platform-20220509-150400.4.25.1.noarch.rpm True kernel-firmware-prestera-20220509-150400.4.25.1.noarch.rpm True kernel-firmware-qcom-20220509-150400.4.25.1.noarch.rpm True kernel-firmware-qlogic-20220509-150400.4.25.1.noarch.rpm True kernel-firmware-radeon-20220509-150400.4.25.1.noarch.rpm True kernel-firmware-realtek-20220509-150400.4.25.1.noarch.rpm True kernel-firmware-serial-20220509-150400.4.25.1.noarch.rpm True kernel-firmware-sound-20220509-150400.4.25.1.noarch.rpm True kernel-firmware-ti-20220509-150400.4.25.1.noarch.rpm True kernel-firmware-ueagle-20220509-150400.4.25.1.noarch.rpm True kernel-firmware-usb-network-20220509-150400.4.25.1.noarch.rpm True ucode-amd-20220509-150400.4.25.1.noarch.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2023-4983 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for gnutls fixes the following issues: - CVE-2023-5981: Fixed timing side-channel inside RSA-PSK key exchange (bsc#1217277). gnutls-3.7.3-150400.4.38.1.src.rpm gnutls-3.7.3-150400.4.38.1.x86_64.rpm libgnutls-devel-3.7.3-150400.4.38.1.x86_64.rpm libgnutls30-3.7.3-150400.4.38.1.x86_64.rpm libgnutls30-32bit-3.7.3-150400.4.38.1.x86_64.rpm libgnutls30-hmac-3.7.3-150400.4.38.1.x86_64.rpm libgnutls30-hmac-32bit-3.7.3-150400.4.38.1.x86_64.rpm libgnutlsxx-devel-3.7.3-150400.4.38.1.x86_64.rpm libgnutlsxx28-3.7.3-150400.4.38.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2024-97 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for Java fixes the following issues: apache-commons-daemon was updated from version 1.3.2 to 1.3.4: - Version 1.3.4: * Procrun: Configured stack size now applies to the main thread when running in JVM mode. Fixes DAEMON-451. * Procrun: If the specified log directory does not exist, attempt to create any missing parent directories, as well as the specified directory, when the service starts. Fixes DAEMON-452. * Procrun: Allow Windows service dependencies to be managed by Procrun or by 'sc config ...'. Fixes DAEMON-458. * jsvc: Fix DaemonController.reload() only working the first time it is called. Fixes DAEMON-459. Thanks to Klaus Malorny. * jsvc: Remove incorrent definition 'supported_os' which defined in psupport.m4 file to fix jsvc build error on riscv64. - Version 1.3.3: * Procrun: ensure all child processes are cleaned up if the service does not stop cleanly. * Procrun: Fix creation of duplicate ACL entries on some Windows platforms. * Updates: - Bump actions/cache from 3.0.8 to 3.0.11. - Bump actions/checkout from 3.0.2 to 3.1.0. - Bump actions/setup-java from 3.5.1 to 3.6.0. - Bump spotbugs-maven-plugin from 4.7.2.0 to 4.7.3.0. aqute-bnd was updated from version 5.2.0 to 6.3.1: - For the full list of changes please consult the following: * https://github.com/bndtools/bnd/wiki/Changes-in-6.3.1 * https://github.com/bndtools/bnd/wiki/Changes-in-6.3.0 * https://github.com/bndtools/bnd/wiki/Changes-in-6.2.0 * https://github.com/bndtools/bnd/wiki/Changes-in-6.1.0 * https://github.com/bndtools/bnd/wiki/Changes-in-6.0.0 * https://github.com/bndtools/bnd/wiki/Changes-in-5.3.0 tomcat-jakartaee-migration: - New package implementation of tomcat-jakartaee-migration at version 1.0.7 libtcnative-1-0 was updated from version 1.2.22 to 1.2.38: - Changes of version 1.2.22 to 1.2.38: * Align default pass phrase prompt with HTTPd. * Fix memory leak in SNI processing. * Update the recommended minimum version of OpenSSL to 1.1.1v. * Update the recommended minimum version of APR to 1.7.4. * Document the TLS rengotiation behaviour. * Add HOWTO-RELEASE.txt that describes the release process. * Refactor library initialization so it is compatible with Tomcat 10.1.x onwards where a number of Java classes have been removed. * Map the OpenSSL 3.x FIPS behaviour to the OpenSSL 1.x API to allow clients to determine if the FIPS provider is being used when Tomcat Native is compiled against OpenSSL 3.x. * Fix crash when attempting to read TLS session ID after a handshake failure. * Enable download_deps.sh to be called from any directory. * Fix release script so it works with the current git layout. * Correct previous fix that enabled building to continue with OpenSSL 3.x. * Remove remaining reference to pkg-config which is no longer included in the Tomcat Native distribution. * Additional changes required to provided support for using OpenSSL Engines that use proprietary key formats. * Correct handling of WINVER in make file to use correct constant for Windows 7. Add constants for Windows 8, Windows 8.1 and Windows 10. Rename WINNT to WIN2k as it is used for Windows 2000 upwards, not Windows NT upwards. * Add a patch for APR that fixes an issue where some Windows systems in some configurations would only listen on IPv6 addresses on dual stack systems even though configured to listen on both IPv6 and IPv4 addresses. * Correct a regression in the fix for 65181 that prevented an error message from being displayed if an invalid key file was provided and no OpenSSL Engine was configured. * Improve support for using OpenSSL Engines that use proprietary key formats. * Enable building to continue against OpenSSL 3.x and 1.1.1. * Incomplete name mangling fix for C++ compilers in tcn_api.h. * Improve OS-specific header include for native thread id. * Disable keylog callback support for LibreSSL. * Add support for SSLContext.addChainCertificateRaw() with LibreSSL 2.9.1 and up. * Add support for HP-UX's _lwp_self() in our ssl_thread_id(void). * Remove default option passed for rpath to linker on HP-UX. * Add an option to allow the OCSP responder check to be bypassed. Note that if OCSP is enabled, a missing responder is now treated as an error. * Fix compilation with LibreSSL. * libtcnative does not compile with OpenSSL < 1.1.0 and APR w/o threading support. * Correct configure message for OpenSSL libdir. * Clean up install target. * configure output for OpenSSL wrong/incomplete sometimes. * Drop obsolete build time workarounds for HP-UX. * Add support for FreeBSD's pthread_getthreadid_np() in our ssl_thread_id(void). * Introduce tcn_get_thread_id(void) to reduce code duplication. * Fix linking against OpenSSL in non-standard locations on FreeBSD. libtcnative-1-0-1.2.38-150100.3.9.2.src.rpm libtcnative-1-0-1.2.38-150100.3.9.2.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4902 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for openssh fixes the following issues: - CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity (bsc#1217950). the following non-security bug was fixed: - Fix the 'no route to host' error when connecting via ProxyJump openssh-8.4p1-150300.3.27.1.src.rpm openssh-8.4p1-150300.3.27.1.x86_64.rpm openssh-clients-8.4p1-150300.3.27.1.x86_64.rpm openssh-common-8.4p1-150300.3.27.1.x86_64.rpm openssh-fips-8.4p1-150300.3.27.1.x86_64.rpm openssh-helpers-8.4p1-150300.3.27.1.x86_64.rpm openssh-server-8.4p1-150300.3.27.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4671 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update of man fixes the following problem: - The "man" commands is delivered to SUSE Linux Enterprise Micro to allow browsing man pages. groff-1.22.4-150400.5.2.1.src.rpm groff-1.22.4-150400.5.2.1.x86_64.rpm groff-full-1.22.4-150400.5.2.2.src.rpm groff-full-1.22.4-150400.5.2.2.x86_64.rpm gxditview-1.22.4-150400.5.2.2.x86_64.rpm libpipeline-1.4.1-150000.3.2.1.src.rpm libpipeline-devel-1.4.1-150000.3.2.1.x86_64.rpm libpipeline1-1.4.1-150000.3.2.1.x86_64.rpm man-2.7.6-150100.8.5.1.src.rpm man-2.7.6-150100.8.5.1.x86_64.rpm system-group-hardware-20170617-150400.24.2.1.noarch.rpm system-group-kvm-20170617-150400.24.2.1.noarch.rpm system-group-wheel-20170617-150400.24.2.1.noarch.rpm system-user-bin-20170617-150400.24.2.1.noarch.rpm system-user-daemon-20170617-150400.24.2.1.noarch.rpm system-user-games-20170617-150400.24.2.1.noarch.rpm system-user-lp-20170617-150400.24.2.1.noarch.rpm system-user-mail-20170617-150400.24.2.1.noarch.rpm system-user-man-20170617-150400.24.2.1.noarch.rpm system-user-news-20170617-150400.24.2.1.noarch.rpm system-user-nobody-20170617-150400.24.2.1.noarch.rpm system-user-tftp-20170617-150400.24.2.1.noarch.rpm system-user-tss-20170617-150400.24.2.1.noarch.rpm system-user-uucp-20170617-150400.24.2.1.noarch.rpm system-user-wwwrun-20170617-150400.24.2.1.noarch.rpm system-users-20170617-150400.24.2.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2024-21 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for net-snmp fixes the following issues: Update to net-snmp-5.9.4 (bsc#1214364). - libsnmp: - Remove the SNMP_SWIPE_MEM() macro Remove this macro since it is not used in the Net-SNMP code base. - DISPLAY-HINT fixes - Miscellanious improvements to the transports - Handle multiple oldEngineID configuration lines - fixes for DNS names longer than 63 characters - agent: - Added a ignoremount configuration option for the HOST-MIB - disallow SETs with a NULL varbind - fix the --enable-minimalist build - apps: - snmpset: allow SET with NULL varbind for testing - snmptrapd: improved MySQL logging code - general: - configure: Remove -Wno-deprecated as it is no longer needed - miscellanious ther bug fixes, build fixes and cleanups - Re-add support for hostname netgroups that was removed accidentally and previously added with FATE#316305 (bsc#1207697). '@hostgroup' can be specified for multiple hosts - Hardening systemd services setting "ProtectHome=true" caused home directory size and allocation to be listed incorrectly (bsc#1206044). libsnmp40-5.9.4-150300.15.11.1.x86_64.rpm net-snmp-5.9.4-150300.15.11.1.src.rpm net-snmp-5.9.4-150300.15.11.1.x86_64.rpm net-snmp-devel-5.9.4-150300.15.11.1.x86_64.rpm perl-SNMP-5.9.4-150300.15.11.1.x86_64.rpm snmp-mibs-5.9.4-150300.15.11.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2024-50 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for python-instance-billing-flavor-check fixes the following issues: - Run the command as sudo only (bsc#1217696, bsc#1217695) - Handle exception for Python 3.4 python-cssselect-1.0.3-150000.3.5.1.src.rpm python-lxml-4.7.1-150200.3.12.1.src.rpm python3-cssselect-1.0.3-150000.3.5.1.noarch.rpm python3-lxml-4.7.1-150200.3.12.1.x86_64.rpm python3-lxml-devel-4.7.1-150200.3.12.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4901 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for avahi fixes the following issues: - CVE-2023-38472: Fixed reachable assertion in avahi_rdata_parse (bsc#1216853). avahi-0.8-150400.7.13.1.src.rpm avahi-0.8-150400.7.13.1.x86_64.rpm avahi-compat-howl-devel-0.8-150400.7.13.1.x86_64.rpm avahi-compat-mDNSResponder-devel-0.8-150400.7.13.1.x86_64.rpm avahi-glib2-0.8-150400.7.13.1.src.rpm avahi-lang-0.8-150400.7.13.1.noarch.rpm avahi-utils-0.8-150400.7.13.1.x86_64.rpm libavahi-client3-0.8-150400.7.13.1.x86_64.rpm libavahi-client3-32bit-0.8-150400.7.13.1.x86_64.rpm libavahi-common3-0.8-150400.7.13.1.x86_64.rpm libavahi-core7-0.8-150400.7.13.1.x86_64.rpm libavahi-devel-0.8-150400.7.13.1.x86_64.rpm libavahi-glib-devel-0.8-150400.7.13.1.x86_64.rpm libavahi-glib1-0.8-150400.7.13.1.x86_64.rpm libavahi-gobject0-0.8-150400.7.13.1.x86_64.rpm libavahi-libevent1-0.8-150400.7.13.1.x86_64.rpm libavahi-ui-gtk3-0-0.8-150400.7.13.1.x86_64.rpm libdns_sd-0.8-150400.7.13.1.x86_64.rpm libhowl0-0.8-150400.7.13.1.x86_64.rpm typelib-1_0-Avahi-0_6-0.8-150400.7.13.1.x86_64.rpm libavahi-common3-32bit-0.8-150400.7.13.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4791 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for xorg-x11-server fixes the following issues: - CVE-2023-6377: Fixed out-of-bounds memory write in XKB button actions (bsc#1217765). - CVE-2023-6478: Fixed out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty (bsc#1217766). xorg-x11-server-1.20.3-150400.38.32.1.src.rpm xorg-x11-server-1.20.3-150400.38.32.1.x86_64.rpm xorg-x11-server-extra-1.20.3-150400.38.32.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4810 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-6176: Fixed a denial of service in the cryptographic algorithm scatterwalk functionality (bsc#1217332). - CVE-2023-2006: Fixed a race condition in the RxRPC network protocol (bsc#1210447). - CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet() (bsc#1216976). - CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which could be exploited to achieve local privilege escalation (bsc#1215420). - CVE-2023-6039: Fixed a use-after-free in lan78xx_disconnect in drivers/net/usb/lan78xx.c (bsc#1217068). - CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path() (bsc#1216058). - CVE-2023-5158: Fixed a denial of service in vringh_kiov_advance() in drivers/vhost/vringh.c in the host side of a virtio ring (bsc#1215710). - CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may not be adequate for frames larger than the MTU (bsc#1216259). - CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216584). - CVE-2023-39198: Fixed a race condition leading to use-after-free in qxl_mode_dumb_create() (bsc#1216965). - CVE-2023-25775: Fixed improper access control in the Intel Ethernet Controller RDMA driver (bsc#1216959). - CVE-2023-46862: Fixed a NULL pointer dereference in io_uring_show_fdinfo() (bsc#1216693). The following non-security bugs were fixed: - ACPI: FPDT: properly handle invalid FPDT subtables (git-fixes). - ACPI: resource: Do IRQ override on TongFang GMxXGxx (git-fixes). - ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CVA (git-fixes). - ACPI: sysfs: Fix create_pnp_modalias() and create_of_modalias() (git-fixes). - ALSA: hda/realtek - Add Dell ALC295 to pin fall back table (git-fixes). - ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC (git-fixes). - ALSA: hda/realtek: Add quirks for HP Laptops (git-fixes). - ALSA: hda/realtek: Enable Mute LED on HP 255 G10 (git-fixes). - ALSA: hda/realtek: Enable Mute LED on HP 255 G8 (git-fixes). - ALSA: hda: Disable power-save on KONTRON SinglePC (bsc#1217140). - ALSA: hda: Fix possible null-ptr-deref when assigning a stream (git-fixes). - ALSA: hda: cs35l41: Fix unbalanced pm_runtime_get() (git-fixes). - ALSA: hda: cs35l41: Undo runtime PM changes at driver exit time (git-fixes). - ALSA: hda: intel-dsp-config: Fix JSL Chromebook quirk detection (git-fixes). - ALSA: info: Fix potential deadlock at disconnection (git-fixes). - ARM: 9321/1: memset: cast the constant byte to unsigned char (git-fixes). - ASoC: Intel: Skylake: Fix mem leak when parsing UUIDs fails (git-fixes). - ASoC: ams-delta.c: use component after check (git-fixes). - ASoC: codecs: wsa-macro: fix uninitialized stack variables with name prefix (git-fixes). - ASoC: cs35l41: Undo runtime PM changes at driver exit time (git-fixes). - ASoC: cs35l41: Verify PM runtime resume errors in IRQ handler (git-fixes). - ASoC: fsl: Fix PM disable depth imbalance in fsl_easrc_probe (git-fixes). - ASoC: fsl: mpc5200_dma.c: Fix warning of Function parameter or member not described (git-fixes). - ASoC: hdmi-codec: register hpd callback on component probe (git-fixes). - ASoC: rt5650: fix the wrong result of key button (git-fixes). - ASoC: simple-card: fixup asoc_simple_probe() error handling (git-fixes). - ASoC: ti: omap-mcbsp: Fix runtime PM underflow warnings (git-fixes). - Bluetooth: btusb: Add 0bda:b85b for Fn-Link RTL8852BE (git-fixes). - Bluetooth: btusb: Add RTW8852BE device 13d3:3570 to device tables (git-fixes). - Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0cb8:0xc559 (git-fixes). - Bluetooth: btusb: Add date->evt_skb is NULL check (git-fixes). - Drivers: hv: vmbus: Remove unused extern declaration vmbus_ontimer() (git-fixes). - HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W (git-fixes). - HID: hyperv: Replace one-element array with flexible-array member (git-fixes). - HID: hyperv: avoid struct memcpy overrun warning (git-fixes). - HID: hyperv: remove unused struct synthhid_msg (git-fixes). - HID: lenovo: Detect quirk-free fw on cptkbd and stop applying workaround (git-fixes). - HID: logitech-hidpp: Do not restart IO, instead defer hid_connect() only (git-fixes). - HID: logitech-hidpp: Move get_wireless_feature_index() check to hidpp_connect_event() (git-fixes). - HID: logitech-hidpp: Remove HIDPP_QUIRK_NO_HIDINPUT quirk (git-fixes). - HID: logitech-hidpp: Revert "Do not restart communication if not necessary" (git-fixes). - Input: synaptics-rmi4 - fix use after free in rmi_unregister_function() (git-fixes). - Input: synaptics-rmi4 - handle reset delay when using SMBus trsnsport (git-fixes). - Input: xpad - add VID for Turtle Beach controllers (git-fixes). - PCI/ASPM: Fix L1 substate handling in aspm_attr_store_common() (git-fixes). - PCI/sysfs: Protect driver's D3cold preference from user space (git-fixes). - PCI: Disable ATS for specific Intel IPU E2000 devices (bsc#1215458). - PCI: Extract ATS disabling to a helper function (bsc#1215458). - PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD device (git-fixes). - PCI: Use FIELD_GET() in Sapphire RX 5600 XT Pulse quirk (git-fixes). - PCI: Use FIELD_GET() to extract Link Width (git-fixes). - PCI: exynos: Do not discard .remove() callback (git-fixes). - PCI: keystone: Do not discard .probe() callback (git-fixes). - PCI: keystone: Do not discard .remove() callback (git-fixes). - PCI: tegra194: Use FIELD_GET()/FIELD_PREP() with Link Width fields (git-fixes). - PM / devfreq: rockchip-dfi: Make pmu regmap mandatory (git-fixes). - PM: hibernate: Use __get_safe_page() rather than touching the list (git-fixes). - USB: dwc2: write HCINT with INTMASK applied (bsc#1214286). - USB: dwc3: qcom: fix ACPI platform device leak (git-fixes). - USB: dwc3: qcom: fix resource leaks on probe deferral (git-fixes). - USB: dwc3: qcom: fix software node leak on probe errors (git-fixes). - USB: dwc3: qcom: fix wakeup after probe deferral (git-fixes). - USB: serial: option: add Fibocom L7xx modules (git-fixes). - USB: serial: option: add Luat Air72*U series products (git-fixes). - USB: serial: option: do not claim interface 4 for ZTE MF290 (git-fixes). - USB: serial: option: fix FM101R-GL defines (git-fixes). - USB: usbip: fix stub_dev hub disconnect (git-fixes). - arm/xen: fix xen_vcpu_info allocation alignment (git-fixes). - arm64: Add Cortex-A520 CPU part definition (git-fixes) - arm64: allow kprobes on EL0 handlers (git-fixes) - arm64: armv8_deprecated move emulation functions (git-fixes) - arm64: armv8_deprecated: fix unused-function error (git-fixes) - arm64: armv8_deprecated: fold ops into insn_emulation (git-fixes) - arm64: armv8_deprecated: move aarch32 helper earlier (git-fixes) - arm64: armv8_deprecated: rework deprected instruction handling (git-fixes) - arm64: consistently pass ESR_ELx to die() (git-fixes) - arm64: die(): pass 'err' as long (git-fixes) - arm64: factor insn read out of call_undef_hook() (git-fixes) - arm64: factor out EL1 SSBS emulation hook (git-fixes) - arm64: report EL1 UNDEFs better (git-fixes) - arm64: rework BTI exception handling (git-fixes) - arm64: rework EL0 MRS emulation (git-fixes) - arm64: rework FPAC exception handling (git-fixes) - arm64: split EL0/EL1 UNDEF handlers (git-fixes) - ata: pata_isapnp: Add missing error check for devm_ioport_map() (git-fixes). - atl1c: Work around the DMA RX overflow issue (git-fixes). - atm: iphase: Do PCI error checks on own line (git-fixes). - blk-mq: Do not clear driver tags own mapping (bsc#1217366). - blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping() (bsc#1217366). - bluetooth: Add device 0bda:887b to device tables (git-fixes). - bluetooth: Add device 13d3:3571 to device tables (git-fixes). - can: dev: can_put_echo_skb(): do not crash kernel if can_priv::echo_skb is accessed out of bounds (git-fixes). - can: dev: can_restart(): do not crash kernel if carrier is OK (git-fixes). - can: dev: can_restart(): fix race condition between controller restart and netif_carrier_on() (git-fixes). - can: isotp: add local echo tx processing for consecutive frames (git-fixes). - can: isotp: fix race between isotp_sendsmg() and isotp_release() (git-fixes). - can: isotp: fix tx state handling for echo tx processing (git-fixes). - can: isotp: handle wait_event_interruptible() return values (git-fixes). - can: isotp: isotp_bind(): return -EINVAL on incorrect CAN ID formatting (git-fixes). - can: isotp: isotp_sendmsg(): fix TX state detection and wait behavior (git-fixes). - can: isotp: remove re-binding of bound socket (git-fixes). - can: isotp: sanitize CAN ID checks in isotp_bind() (git-fixes). - can: isotp: set max PDU size to 64 kByte (git-fixes). - can: isotp: split tx timer into transmission and timeout (git-fixes). - can: sja1000: Fix comment (git-fixes). - clk: Sanitize possible_parent_show to Handle Return Value of of_clk_get_parent_name (git-fixes). - clk: imx: Select MXC_CLK for CLK_IMX8QXP (git-fixes). - clk: imx: imx8mq: correct error handling path (git-fixes). - clk: imx: imx8qxp: Fix elcdif_pll clock (git-fixes). - clk: keystone: pll: fix a couple NULL vs IS_ERR() checks (git-fixes). - clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data (git-fixes). - clk: mediatek: clk-mt6765: Add check for mtk_alloc_clk_data (git-fixes). - clk: mediatek: clk-mt6779: Add check for mtk_alloc_clk_data (git-fixes). - clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data (git-fixes). - clk: mediatek: clk-mt7629-eth: Add check for mtk_alloc_clk_data (git-fixes). - clk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data (git-fixes). - clk: npcm7xx: Fix incorrect kfree (git-fixes). - clk: qcom: clk-rcg2: Fix clock rate overflow for high parent frequencies (git-fixes). - clk: qcom: config IPQ_APSS_6018 should depend on QCOM_SMEM (git-fixes). - clk: qcom: gcc-sm8150: Fix gcc_sdcc2_apps_clk_src (git-fixes). - clk: qcom: ipq6018: drop the CLK_SET_RATE_PARENT flag from PLL clocks (git-fixes). - clk: qcom: mmcc-msm8998: Do not check halt bit on some branch clks (git-fixes). - clk: qcom: mmcc-msm8998: Fix the SMMU GDSC (git-fixes). - clk: scmi: Free scmi_clk allocated when the clocks with invalid info are skipped (git-fixes). - clk: ti: Add ti_dt_clk_name() helper to use clock-output-names (git-fixes). - clk: ti: Update component clocks to use ti_dt_clk_name() (git-fixes). - clk: ti: Update pll and clockdomain clocks to use ti_dt_clk_name() (git-fixes). - clk: ti: change ti_clk_register[_omap_hw]() API (git-fixes). - clk: ti: fix double free in of_ti_divider_clk_setup() (git-fixes). - crypto: caam/jr - fix Chacha20 + Poly1305 self test failure (git-fixes). - crypto: caam/qi2 - fix Chacha20 + Poly1305 self test failure (git-fixes). - crypto: hisilicon/hpre - Fix a erroneous check after snprintf() (git-fixes). - dmaengine: pxa_dma: Remove an erroneous BUG_ON() in pxad_free_desc() (git-fixes). - dmaengine: ste_dma40: Fix PM disable depth imbalance in d40_probe (git-fixes). - dmaengine: stm32-mdma: correct desc prep when channel running (git-fixes). - dmaengine: ti: edma: handle irq_of_parse_and_map() errors (git-fixes). - docs: net: move the probe and open/close sections of driver.rst up (bsc#1215458). - docs: net: reformat driver.rst from a list to sections (bsc#1215458). - docs: net: use C syntax highlight in driver.rst (bsc#1215458). - drm/amd/display: Avoid NULL dereference of timing generator (git-fixes). - drm/amd/display: Change the DMCUB mailbox memory location from FB to inbox (git-fixes). - drm/amd/display: remove useless check in should_enable_fbc() (git-fixes). - drm/amd/display: use full update for clip size increase of large plane source (git-fixes). - drm/amd/pm: Handle non-terminated overdrive commands (git-fixes). - drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga (git-fixes). - drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 (git-fixes). - drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL (git-fixes). - drm/amdgpu: Fix potential null pointer derefernce (git-fixes). - drm/amdgpu: do not use ATRM for external devices (git-fixes). - drm/amdgpu: fix error handling in amdgpu_bo_list_get() (git-fixes). - drm/amdgpu: fix software pci_unplug on some chips (git-fixes). - drm/amdkfd: Fix a race condition of vram buffer unref in svm code (git-fixes). - drm/amdkfd: Fix shift out-of-bounds issue (git-fixes). - drm/amdkfd: fix some race conditions in vram buffer alloc/free of svm code (git-fixes). - drm/bridge: Fix kernel-doc typo in desc of output_bus_cfg in drm_bridge_state (git-fixes). - drm/bridge: lt8912b: Add missing drm_bridge_attach call (git-fixes). - drm/bridge: lt8912b: Fix bridge_detach (git-fixes). - drm/bridge: lt8912b: Fix crash on bridge detach (git-fixes). - drm/bridge: lt8912b: Manually disable HPD only if it was enabled (git-fixes). - drm/bridge: lt8912b: Register and attach our DSI device at probe (git-fixes). - drm/bridge: lt8912b: Switch to devm MIPI-DSI helpers (git-fixes). - drm/bridge: lt9611uxc: Register and attach our DSI device at probe (git-fixes). - drm/bridge: lt9611uxc: Switch to devm MIPI-DSI helpers (git-fixes). - drm/bridge: lt9611uxc: fix the race in the error path (git-fixes). - drm/bridge: tc358768: Disable non-continuous clock mode (git-fixes). - drm/bridge: tc358768: Fix bit updates (git-fixes). - drm/bridge: tc358768: Fix use of uninitialized variable (git-fixes). - drm/gud: Use size_add() in call to struct_size() (git-fixes). - drm/i915/pmu: Check if pmu is closed before stopping event (git-fixes). - drm/i915: Fix potential spectre vulnerability (git-fixes). - drm/komeda: drop all currently held locks if deadlock happens (git-fixes). - drm/mediatek: Fix iommu fault by swapping FBs after updating plane state (git-fixes). - drm/mediatek: Fix iommu fault during crtc enabling (git-fixes). - drm/mipi-dsi: Create devm device attachment (git-fixes). - drm/mipi-dsi: Create devm device registration (git-fixes). - drm/msm/dp: skip validity check for DP CTS EDID checksum (git-fixes). - drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference (git-fixes). - drm/panel: fix a possible null pointer dereference (git-fixes). - drm/panel: simple: Fix Innolux G101ICE-L01 bus flags (git-fixes). - drm/panel: simple: Fix Innolux G101ICE-L01 timings (git-fixes). - drm/panel: st7703: Pick different reset sequence (git-fixes). - drm/qxl: prevent memory leak (git-fixes). - drm/radeon: possible buffer overflow (git-fixes). - drm/rockchip: Fix type promotion bug in rockchip_gem_iommu_map() (git-fixes). - drm/rockchip: cdn-dp: Fix some error handling paths in cdn_dp_probe() (git-fixes). - drm/rockchip: vop: Fix call to crtc reset helper (git-fixes). - drm/rockchip: vop: Fix color for RGB888/BGR888 format on VOP full (git-fixes). - drm/rockchip: vop: Fix reset of state in duplicate state crtc funcs (git-fixes). - drm/syncobj: fix DRM_SYNCOBJ_WAIT_FLAGS_WAIT_AVAILABLE (git-fixes). - drm/vc4: fix typo (git-fixes). - drm: vmwgfx_surface.c: copy user-array safely (git-fixes). - dt-bindings: usb: hcd: add missing phy name to example (git-fixes). - dt-bindings: usb: qcom,dwc3: fix example wakeup interrupt types (git-fixes). - fbdev: fsl-diu-fb: mark wr_reg_wa() static (git-fixes). - fbdev: imsttfb: Fix error path of imsttfb_probe() (git-fixes). - fbdev: imsttfb: Release framebuffer and dealloc cmap on error path (git-fixes). - fbdev: imsttfb: fix a resource leak in probe (git-fixes). - fbdev: imsttfb: fix double free in probe() (git-fixes). - fbdev: omapfb: Drop unused remove function (git-fixes). - firewire: core: fix possible memory leak in create_units() (git-fixes). - firmware/imx-dsp: Fix use_after_free in imx_dsp_setup_channels() (git-fixes). - gpio: mockup: fix kerneldoc (git-fixes). - gpio: mockup: remove unused field (git-fixes). - hid: cp2112: Fix duplicate workqueue initialization (git-fixes). - hv: simplify sysctl registration (git-fixes). - hv_netvsc: Fix race of register_netdevice_notifier and VF register (git-fixes). - hv_netvsc: Mark VF as slave before exposing it to user-mode (git-fixes). - hv_netvsc: fix netvsc_send_completion to avoid multiple message length checks (git-fixes). - hv_netvsc: fix race of netvsc and VF register_netdevice (git-fixes). - hwmon: (coretemp) Fix potentially truncated sysfs attribute name (git-fixes). - i2c: aspeed: Fix i2c bus hang in slave read (git-fixes). - i2c: core: Run atomic i2c xfer when !preemptible (git-fixes). - i2c: designware: Disable TX_EMPTY irq while waiting for block length byte (git-fixes). - i2c: dev: copy userspace array safely (git-fixes). - i2c: i801: fix potential race in i801_block_transaction_byte_by_byte (git-fixes). - i2c: iproc: handle invalid slave state (git-fixes). - i2c: muxes: i2c-demux-pinctrl: Use of_get_i2c_adapter_by_node() (git-fixes). - i2c: muxes: i2c-mux-gpmux: Use of_get_i2c_adapter_by_node() (git-fixes). - i2c: muxes: i2c-mux-pinctrl: Use of_get_i2c_adapter_by_node() (git-fixes). - i2c: stm32f7: Fix PEC handling in case of SMBUS transfers (git-fixes). - i2c: sun6i-p2wi: Prevent potential division by zero (git-fixes). - i3c: Fix potential refcount leak in i3c_master_register_new_i3c_devs (git-fixes). - i3c: master: cdns: Fix reading status register (git-fixes). - i3c: master: mipi-i3c-hci: Fix a kernel panic for accessing DAT_data (git-fixes). - i3c: master: svc: fix SDA keep low when polling IBIWON timeout happen (git-fixes). - i3c: master: svc: fix check wrong status register in irq handler (git-fixes). - i3c: master: svc: fix ibi may not return mandatory data byte (git-fixes). - i3c: master: svc: fix race condition in ibi work thread (git-fixes). - i3c: master: svc: fix wrong data return when IBI happen during start frame (git-fixes). - i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler (git-fixes). - i915/perf: Fix NULL deref bugs with drm_dbg() calls (git-fixes). - idpf: add RX splitq napi poll support (bsc#1215458). - idpf: add SRIOV support and other ndo_ops (bsc#1215458). - idpf: add TX splitq napi poll support (bsc#1215458). - idpf: add controlq init and reset checks (bsc#1215458). - idpf: add core init and interrupt request (bsc#1215458). - idpf: add create vport and netdev configuration (bsc#1215458). - idpf: add ethtool callbacks (bsc#1215458). - idpf: add module register and probe functionality (bsc#1215458). - idpf: add ptypes and MAC filter support (bsc#1215458). - idpf: add singleq start_xmit and napi poll (bsc#1215458). - idpf: add splitq start_xmit (bsc#1215458). - idpf: cancel mailbox work in error path (bsc#1215458). - idpf: configure resources for RX queues (bsc#1215458). - idpf: configure resources for TX queues (bsc#1215458). - idpf: fix potential use-after-free in idpf_tso() (bsc#1215458). - idpf: initialize interrupts and enable vport (bsc#1215458). - idpf: set scheduling mode for completion queue (bsc#1215458). - iio: adc: xilinx-xadc: Correct temperature offset/scale for UltraScale (git-fixes). - iio: adc: xilinx-xadc: Do not clobber preset voltage/temperature thresholds (git-fixes). - iio: exynos-adc: request second interupt only when touchscreen mode is used (git-fixes). - irqchip/stm32-exti: add missing DT IRQ flag translation (git-fixes). - leds: pwm: Do not disable the PWM when the LED should be off (git-fixes). - leds: trigger: ledtrig-cpu:: Fix 'output may be truncated' issue for 'cpu' (git-fixes). - leds: turris-omnia: Do not use SMBUS calls (git-fixes). - lsm: fix default return value for inode_getsecctx (git-fixes). - lsm: fix default return value for vm_enough_memory (git-fixes). - media: bttv: fix use after free error due to btv->timeout timer (git-fixes). - media: ccs: Correctly initialise try compose rectangle (git-fixes). - media: ccs: Fix driver quirk struct documentation (git-fixes). - media: cedrus: Fix clock/reset sequence (git-fixes). - media: cobalt: Use FIELD_GET() to extract Link Width (git-fixes). - media: gspca: cpia1: shift-out-of-bounds in set_flicker (git-fixes). - media: i2c: max9286: Fix some redundant of_node_put() calls (git-fixes). - media: imon: fix access to invalid resource for the second interface (git-fixes). - media: lirc: drop trailing space from scancode transmit (git-fixes). - media: qcom: camss: Fix VFE-17x vfe_disable_output() (git-fixes). - media: qcom: camss: Fix missing vfe_lite clocks check (git-fixes). - media: qcom: camss: Fix pm_domain_on sequence in probe (git-fixes). - media: qcom: camss: Fix vfe_get() error jump (git-fixes). - media: sharp: fix sharp encoding (git-fixes). - media: siano: Drop unnecessary error check for debugfs_create_dir/file() (git-fixes). - media: venus: hfi: add checks to handle capabilities from firmware (git-fixes). - media: venus: hfi: add checks to perform sanity on queue pointers (git-fixes). - media: venus: hfi: fix the check to handle session buffer requirement (git-fixes). - media: venus: hfi_parser: Add check to keep the number of codecs within range (git-fixes). - media: vidtv: mux: Add check and kfree for kstrdup (git-fixes). - media: vidtv: psi: Add check for kstrdup (git-fixes). - media: vivid: avoid integer overflow (git-fixes). - mfd: arizona-spi: Set pdata.hpdet_channel for ACPI enumerated devs (git-fixes). - mfd: core: Ensure disabled devices are skipped without aborting (git-fixes). - mfd: dln2: Fix double put in dln2_probe (git-fixes). - misc: fastrpc: Clean buffers on remote invocation failures (git-fixes). - misc: pci_endpoint_test: Add Device ID for R-Car S4-8 PCIe controller (git-fixes). - mm/hmm: fault non-owner device private entries (bsc#1216844, jsc#PED-7237, git-fixes). - mmc: block: Be sure to wait while busy in CQE error recovery (git-fixes). - mmc: block: Do not lose cache flush during CQE error recovery (git-fixes). - mmc: block: Retry commands in CQE error recovery (git-fixes). - mmc: cqhci: Fix task clearing in CQE error recovery (git-fixes). - mmc: cqhci: Increase recovery halt timeout (git-fixes). - mmc: cqhci: Warn of halt or task clear failure (git-fixes). - mmc: meson-gx: Remove setting of CMD_CFG_ERROR (git-fixes). - mmc: sdhci-pci-gli: A workaround to allow GL9750 to enter ASPM L1.2 (git-fixes). - mmc: sdhci-pci-gli: GL9750: Mask the replay timer timeout of AER (git-fixes). - mmc: sdhci_am654: fix start loop index for TAP value parsing (git-fixes). - mmc: vub300: fix an error code (git-fixes). - modpost: fix tee MODULE_DEVICE_TABLE built on big-endian host (git-fixes). - mt76: dma: use kzalloc instead of devm_kzalloc for txwi (git-fixes). - mtd: cfi_cmdset_0001: Byte swap OTP info (git-fixes). - mtd: rawnand: arasan: Include ECC syndrome along with in-band data while checking for ECC failure (git-fixes). - net-memcg: Fix scope of sockmem pressure indicators (bsc#1216759). - net: Avoid address overwrite in kernel_connect (bsc#1216861). - net: add macro netif_subqueue_completed_wake (bsc#1215458). - net: fix use-after-free in tw_timer_handler (bsc#1217195). - net: ieee802154: adf7242: Fix some potential buffer overflow in adf7242_stats_show() (git-fixes). - net: mana: Fix return type of mana_start_xmit() (git-fixes). - net: piggy back on the memory barrier in bql when waking queues (bsc#1215458). - net: provide macros for commonly copied lockless queue stop/wake code (bsc#1215458). - net: usb: ax88179_178a: fix failed operations during ax88179_reset (git-fixes). - net: usb: smsc95xx: Fix uninit-value access in smsc95xx_read_reg (git-fixes). - nvme: update firmware version after commit (bsc#1215292). - pcmcia: cs: fix possible hung task and memory leak pccardd() (git-fixes). - pcmcia: ds: fix possible name leak in error path in pcmcia_device_add() (git-fixes). - pcmcia: ds: fix refcount leak in pcmcia_device_add() (git-fixes). - pinctrl: avoid reload of p state in list iteration (git-fixes). - platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e (git-fixes). - platform/x86: wmi: Fix opening of char device (git-fixes). - platform/x86: wmi: Fix probe failure when failing to register WMI devices (git-fixes). - platform/x86: wmi: remove unnecessary initializations (git-fixes). - powerpc: Do not clobber f0/vs0 during fp|altivec register save (bsc#1217780). - pwm: Fix double shift bug (git-fixes). - pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume (git-fixes). - pwm: sti: Reduce number of allocations and drop usage of chip_data (git-fixes). - r8152: Cancel hw_phy_work if we have an error in probe (git-fixes). - r8152: Check for unplug in r8153b_ups_en() / r8153c_ups_en() (git-fixes). - r8152: Check for unplug in rtl_phy_patch_request() (git-fixes). - r8152: Increase USB control msg timeout to 5000ms as per spec (git-fixes). - r8152: Release firmware if we have an error in probe (git-fixes). - r8152: Run the unload routine if we have errors during probe (git-fixes). - regmap: Ensure range selector registers are updated after cache sync (git-fixes). - regmap: debugfs: Fix a erroneous check after snprintf() (git-fixes). - regmap: prevent noinc writes from clobbering cache (git-fixes). - s390/ap: fix AP bus crash on early config change callback invocation (git-fixes bsc#1217687). - s390/cio: unregister device when the only path is gone (git-fixes bsc#1217609). - s390/cmma: fix detection of DAT pages (LTC#203997 bsc#1217086). - s390/cmma: fix handling of swapper_pg_dir and invalid_pg_dir (LTC#203997 bsc#1217086). - s390/cmma: fix initial kernel address space page table walk (LTC#203997 bsc#1217086). - s390/crashdump: fix TOD programmable field size (git-fixes bsc#1217205). - s390/dasd: fix hanging device after request requeue (git-fixes LTC#203629 bsc#1215124). - s390/dasd: protect device queue against concurrent access (git-fixes bsc#1217515). - s390/dasd: use correct number of retries for ERP requests (git-fixes bsc#1217598). - s390/ipl: add missing secure/has_secure file to ipl type 'unknown' (bsc#1214976 git-fixes). - s390/mm: add missing arch_set_page_dat() call to gmap allocations (LTC#203997 bsc#1217086). - s390/mm: add missing arch_set_page_dat() call to vmem_crst_alloc() (LTC#203997 bsc#1217086). - s390/pkey: fix/harmonize internal keyblob headers (git-fixes bsc#1217200). - s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling (git-fixes bsc#1217599). - sbsa_gwdt: Calculate timeout with 64-bit math (git-fixes). - scsi: lpfc: Copyright updates for 14.2.0.16 patches (bsc#1217731). - scsi: lpfc: Correct maximum PCI function value for RAS fw logging (bsc#1217731). - scsi: lpfc: Eliminate unnecessary relocking in lpfc_check_nlp_post_devloss() (bsc#1217731). - scsi: lpfc: Enhance driver logging for selected discovery events (bsc#1217731). - scsi: lpfc: Fix list_entry null check warning in lpfc_cmpl_els_plogi() (bsc#1217731). - scsi: lpfc: Fix possible file string name overflow when updating firmware (bsc#1217731). - scsi: lpfc: Introduce LOG_NODE_VERBOSE messaging flag (bsc#1217124). - scsi: lpfc: Refactor and clean up mailbox command memory free (bsc#1217731). - scsi: lpfc: Reject received PRLIs with only initiator fcn role for NPIV ports (bsc#1217124). - scsi: lpfc: Remove unnecessary zero return code assignment in lpfc_sli4_hba_setup (bsc#1217124). - scsi: lpfc: Return early in lpfc_poll_eratt() when the driver is unloading (bsc#1217731). - scsi: lpfc: Treat IOERR_SLI_DOWN I/O completion status the same as pci offline (bsc#1217124). - scsi: lpfc: Update lpfc version to 14.2.0.15 (bsc#1217124). - scsi: lpfc: Update lpfc version to 14.2.0.16 (bsc#1217731). - scsi: lpfc: Validate ELS LS_ACC completion payload (bsc#1217124). - scsi: qla2xxx: Fix double free of dsd_list during driver load (git-fixes). - scsi: qla2xxx: Use FIELD_GET() to extract PCIe capability fields (git-fixes). - selftests/efivarfs: create-read: fix a resource leak (git-fixes). - selftests/pidfd: Fix ksft print formats (git-fixes). - selftests/resctrl: Ensure the benchmark commands fits to its array (git-fixes). - selftests/resctrl: Reduce failures due to outliers in MBA/MBM tests (git-fixes). - selftests/resctrl: Remove duplicate feature check from CMT test (git-fixes). - seq_buf: fix a misleading comment (git-fixes). - serial: exar: Revert "serial: exar: Add support for Sealevel 7xxxC serial cards" (git-fixes). - serial: meson: Use platform_get_irq() to get the interrupt (git-fixes). - soc: qcom: llcc: Handle a second device without data corruption (git-fixes). - spi: nxp-fspi: use the correct ioremap function (git-fixes). - spi: spi-zynq-qspi: add spi-mem to driver kconfig dependencies (git-fixes). - spi: tegra: Fix missing IRQ check in tegra_slink_probe() (git-fixes). - staging: media: ipu3: remove ftrace-like logging (git-fixes). - string.h: add array-wrappers for (v)memdup_user() (git-fixes). - supported.conf: marked idpf supported - thermal: core: prevent potential string overflow (git-fixes). - treewide: Spelling fix in comment (git-fixes). - tty/sysrq: replace smp_processor_id() with get_cpu() (git-fixes). - tty: 8250: Add Brainboxes Oxford Semiconductor-based quirks (git-fixes). - tty: 8250: Add support for Brainboxes UP cards (git-fixes). - tty: 8250: Add support for Intashield IS-100 (git-fixes). - tty: 8250: Add support for Intashield IX cards (git-fixes). - tty: 8250: Add support for additional Brainboxes PX cards (git-fixes). - tty: 8250: Add support for additional Brainboxes UC cards (git-fixes). - tty: 8250: Fix port count of PX-257 (git-fixes). - tty: 8250: Fix up PX-803/PX-857 (git-fixes). - tty: 8250: Remove UC-257 and UC-431 (git-fixes). - tty: Fix uninit-value access in ppp_sync_receive() (git-fixes). - tty: n_gsm: fix race condition in status line change on dead connections (git-fixes). - tty: serial: meson: fix hard LOCKUP on crtscts mode (git-fixes). - tty: tty_jobctrl: fix pid memleak in disassociate_ctty() (git-fixes). - tty: vcc: Add check for kstrdup() in vcc_probe() (git-fixes). - usb: cdnsp: Fix deadlock issue during using NCM gadget (git-fixes). - usb: chipidea: Fix DMA overwrite for Tegra (git-fixes). - usb: chipidea: Simplify Tegra DMA alignment code (git-fixes). - usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency (git-fixes). - usb: dwc3: Fix default mode initialization (git-fixes). - usb: dwc3: set the dma max_seg_size (git-fixes). - usb: gadget: f_ncm: Always set current gadget in ncm_bind() (git-fixes). - usb: raw-gadget: properly handle interrupted requests (git-fixes). - usb: storage: set 1.50 as the lower bcdDevice for older "Super Top" compatibility (git-fixes). - usb: typec: tcpm: Fix NULL pointer dereference in tcpm_pd_svdm() (git-fixes). - usb: typec: tcpm: Skip hard reset when in error recovery (git-fixes). - virtchnl: add virtchnl version 2 ops (bsc#1215458). - wifi: ath10k: Do not touch the CE interrupt registers after power up (git-fixes). - wifi: ath10k: fix clang-specific fortify warning (git-fixes). - wifi: ath11k: debugfs: fix to work with multiple PCI devices (git-fixes). - wifi: ath11k: fix dfs radar event locking (git-fixes). - wifi: ath11k: fix htt pktlog locking (git-fixes). - wifi: ath11k: fix temperature event locking (git-fixes). - wifi: ath9k: fix clang-specific fortify warnings (git-fixes). - wifi: iwlwifi: Use FW rate for non-data frames (git-fixes). - wifi: iwlwifi: call napi_synchronize() before freeing rx/tx queues (git-fixes). - wifi: iwlwifi: empty overflow queue during flush (git-fixes). - wifi: iwlwifi: honor the enable_ini value (git-fixes). - wifi: iwlwifi: pcie: synchronize IRQs before NAPI (git-fixes). - wifi: mac80211: do not return unset power in ieee80211_get_tx_power() (git-fixes). - wifi: mac80211: fix # of MSDU in A-MSDU calculation (git-fixes). - wifi: mt76: mt7603: rework/fix rx pse hang check (git-fixes). - wifi: rtlwifi: fix EDCA limit set by BT coexistence (git-fixes). - wifi: rtw88: debug: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git-fixes). - x86/alternative: Add a __alt_reloc_selftest() prototype (git-fixes). - x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs (git-fixes). - x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4 (git-fixes). - x86/hyperv: Add HV_EXPOSE_INVARIANT_TSC define (git-fixes). - x86/hyperv: Improve code for referencing hyperv_pcpu_input_arg (git-fixes). - x86/hyperv: Make hv_get_nmi_reason public (git-fixes). - x86/hyperv: fix a warning in mshyperv.h (git-fixes). - x86/sev: Do not try to parse for the CC blob on non-AMD hardware (git-fixes). - x86/sev: Fix calculation of end address based on number of pages (git-fixes). - x86/sev: Use the GHCB protocol when available for SNP CPUID requests (git-fixes). - x86: Move gds_ucode_mitigated() declaration to header (git-fixes). - xfs: add attr state machine tracepoints (git-fixes). - xfs: can't use kmem_zalloc() for attribute buffers (bsc#1216909). - xfs: constify btree function parameters that are not modified (git-fixes). - xfs: convert AGF log flags to unsigned (git-fixes). - xfs: convert AGI log flags to unsigned (git-fixes). - xfs: convert attr type flags to unsigned (git-fixes). - xfs: convert bmap extent type flags to unsigned (git-fixes). - xfs: convert bmapi flags to unsigned (git-fixes). - xfs: convert btree buffer log flags to unsigned (git-fixes). - xfs: convert buffer flags to unsigned (git-fixes). - xfs: convert buffer log item flags to unsigned (git-fixes). - xfs: convert da btree operations flags to unsigned (git-fixes). - xfs: convert dquot flags to unsigned (git-fixes). - xfs: convert inode lock flags to unsigned (git-fixes). - xfs: convert log item tracepoint flags to unsigned (git-fixes). - xfs: convert log ticket and iclog flags to unsigned (git-fixes). - xfs: convert quota options flags to unsigned (git-fixes). - xfs: convert scrub type flags to unsigned (git-fixes). - xfs: disambiguate units for ftrace fields tagged "blkno", "block", or "bno" (git-fixes). - xfs: disambiguate units for ftrace fields tagged "count" (git-fixes). - xfs: disambiguate units for ftrace fields tagged "len" (git-fixes). - xfs: disambiguate units for ftrace fields tagged "offset" (git-fixes). - xfs: make the key parameters to all btree key comparison functions const (git-fixes). - xfs: make the key parameters to all btree query range functions const (git-fixes). - xfs: make the keys and records passed to btree inorder functions const (git-fixes). - xfs: make the pointer passed to btree set_root functions const (git-fixes). - xfs: make the start pointer passed to btree alloc_block functions const (git-fixes). - xfs: make the start pointer passed to btree update_lastrec functions const (git-fixes). - xfs: mark the record passed into btree init_key functions as const (git-fixes). - xfs: mark the record passed into xchk_btree functions as const (git-fixes). - xfs: remove xfs_btree_cur_t typedef (git-fixes). - xfs: rename i_disk_size fields in ftrace output (git-fixes). - xfs: resolve fork names in trace output (git-fixes). - xfs: standardize AG block number formatting in ftrace output (git-fixes). - xfs: standardize AG number formatting in ftrace output (git-fixes). - xfs: standardize daddr formatting in ftrace output (git-fixes). - xfs: standardize inode generation formatting in ftrace output (git-fixes). - xfs: standardize inode number formatting in ftrace output (git-fixes). - xfs: standardize remaining xfs_buf length tracepoints (git-fixes). - xfs: standardize rmap owner number formatting in ftrace output (git-fixes). - xhci: Enable RPM on controllers that support low-power states (git-fixes). - xhci: Loosen RPM as default policy to cover for AMD xHC 1.1 (git-fixes). kernel-default-5.14.21-150400.24.100.2.nosrc.rpm True kernel-default-5.14.21-150400.24.100.2.x86_64.rpm True kernel-default-base-5.14.21-150400.24.100.2.150400.24.46.2.src.rpm True kernel-default-base-5.14.21-150400.24.100.2.150400.24.46.2.x86_64.rpm True kernel-default-devel-5.14.21-150400.24.100.2.x86_64.rpm True kernel-devel-5.14.21-150400.24.100.2.noarch.rpm True kernel-macros-5.14.21-150400.24.100.2.noarch.rpm True kernel-source-5.14.21-150400.24.100.2.src.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2024-17 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for gnustep-base fixes the following issues: - Build against ICU 73. gnustep-base-1.25.1-150200.9.3.1.src.rpm libgnustep-base1_25-1.25.1-150200.9.3.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2024-11 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for procps fixes the following issues: - Update procps to 3.3.17 (jsc#PED-3244 jsc#PED-6369) - For support up to 2048 CPU as well (bsc#1185417) - Allow `-´ as leading character to ignore possible errors on systctl entries (bsc#1209122) - Get the first CPU summary correct (bsc#1121753) - Enable pidof for SLE-15 as this is provided by sysvinit-tools - Use a check on syscall __NR_pidfd_open to decide if the pwait tool and its manual page will be build - Do not truncate output of w with option -n - Prefer logind over utmp (jsc#PED-3144) - Don't install translated man pages for non-installed binaries (uptime, kill). - Fix directory for Ukrainian man pages translations. - Move localized man pages to lang package. - Update to procps-ng-3.3.17 * library: Incremented to 8:3:0 (no removals or additions, internal changes only) * all: properly handle utf8 cmdline translations * kill: Pass int to signalled process * pgrep: Pass int to signalled process * pgrep: Check sanity of SG_ARG_MAX * pgrep: Add older than selection * pidof: Quiet mode * pidof: show worker threads * ps.1: Mention stime alias * ps: check also match on truncated 16 char comm names * ps: Add exe output option * ps: A lot more sorting available * pwait: New command waits for a process * sysctl: Match systemd directory order * sysctl: Document directory order * top: ensure config file backward compatibility * top: add command line 'e' for symmetry with 'E' * top: add '4' toggle for two abreast cpu display * top: add '!' toggle for combining multiple cpus * top: fix potential SEGV involving -p switch * vmstat: Wide mode gives wider proc columns * watch: Add environment variable for interval * watch: Add no linewrap option * watch: Support more colors * free,uptime,slabtop: complain about extra ops - Package translations in procps-lang. - Fix pgrep: cannot allocate 4611686018427387903 bytes when ulimit -s is unlimited. - Enable pidof by default - Update to procps-ng-3.3.16 * library: Increment to 8:2:0 No removals or functions Internal changes only, so revision is incremented. Previous version should have been 8:1:0 not 8:0:1 * docs: Use correct symbols for -h option in free.1 * docs: ps.1 now warns about command name length * docs: install translated man pages * pgrep: Match on runstate * snice: Fix matching on pid * top: can now exploit 256-color terminals * top: preserves 'other filters' in configuration file * top: can now collapse/expand forest view children * top: parent %CPU time includes collapsed children * top: improve xterm support for vim navigation keys * top: avoid segmentation fault at program termination * "ps -C" does not allow anymore an argument longer than 15 characters (bsc#1158830) libprocps8-3.3.17-150000.7.37.1.x86_64.rpm procps-3.3.17-150000.7.37.1.src.rpm procps-3.3.17-150000.7.37.1.x86_64.rpm procps-devel-3.3.17-150000.7.37.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2024-201 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for ecj fixes the following issues: - Upgradeded ecj to eclipse version 4.23, to be compatible with Java 17 tomcat webapps (jsc#PED-2979) - Use the bundled javax17api.jar stubs, but don't distribute them ecj-4.23-150200.3.9.1.noarch.rpm ecj-4.23-150200.3.9.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4880 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for xen fixes the following issues: - Upstream bug fixes (bsc#1027519) xen-4.16.5_10-150400.4.43.1.src.rpm True xen-libs-4.16.5_10-150400.4.43.1.x86_64.rpm True xen-tools-domU-4.16.5_10-150400.4.43.1.x86_64.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2023-4722 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for scap-security-guide fixes the following issues: - switch buggy journald plugindir remediation to write into journald.conf (bsc#1217832) scap-security-guide-0.1.70-150000.1.72.1.noarch.rpm scap-security-guide-0.1.70-150000.1.72.1.src.rpm scap-security-guide-debian-0.1.70-150000.1.72.1.noarch.rpm scap-security-guide-redhat-0.1.70-150000.1.72.1.noarch.rpm scap-security-guide-ubuntu-0.1.70-150000.1.72.1.noarch.rpm SUSE-SLE-Module-Basesystem-15-SP4-2024-10 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for polkit fixes the following issues: - Change permissions for rules folders (bsc#1209282) libpolkit0-0.116-150200.3.12.1.x86_64.rpm polkit-0.116-150200.3.12.1.src.rpm polkit-0.116-150200.3.12.1.x86_64.rpm polkit-devel-0.116-150200.3.12.1.x86_64.rpm typelib-1_0-Polkit-1_0-0.116-150200.3.12.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4828 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for webkit2gtk3 fixes the following issues: Update to version 2.42.3 (bsc#1217844): - Fix flickering while playing videos with DMA-BUF sink. - Fix color picker being triggered in the inspector when typing "tan". - Do not special case the "sans" font family name. - Fix build failure with libxml2 version 2.12.0 due to an API change. - Fix several crashes and rendering issues. - Security fixes: CVE-2023-42916, CVE-2023-42917. WebKitGTK-4.0-lang-2.42.3-150400.4.67.1.noarch.rpm libjavascriptcoregtk-4_0-18-2.42.3-150400.4.67.1.x86_64.rpm libwebkit2gtk-4_0-37-2.42.3-150400.4.67.1.x86_64.rpm typelib-1_0-JavaScriptCore-4_0-2.42.3-150400.4.67.1.x86_64.rpm typelib-1_0-WebKit2-4_0-2.42.3-150400.4.67.1.x86_64.rpm typelib-1_0-WebKit2WebExtension-4_0-2.42.3-150400.4.67.1.x86_64.rpm webkit2gtk-4_0-injected-bundles-2.42.3-150400.4.67.1.x86_64.rpm webkit2gtk3-soup2-2.42.3-150400.4.67.1.src.rpm webkit2gtk3-soup2-devel-2.42.3-150400.4.67.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4869 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for tiff fixes the following issues: - CVE-2023-2731: Fix null pointer deference in LZWDecode() (bsc#1211478). - CVE-2023-1916: Fix out-of-bounds read in extractImageSection() (bsc#1210231). - CVE-2023-26965: Fix heap-based use after free in loadImage() (bsc#1212398). - CVE-2022-40090: Fix infinite loop in TIFFReadDirectory() (bsc#1214680). libtiff-devel-4.0.9-150000.45.35.1.x86_64.rpm libtiff5-32bit-4.0.9-150000.45.35.1.x86_64.rpm libtiff5-4.0.9-150000.45.35.1.x86_64.rpm tiff-4.0.9-150000.45.35.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2024-16 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for biosdevname fixes the following issues: Update to version 0.7.3.7.g495ab76 (bsc#1217455): * Add SMBIOS 3.x support * Read DMI entries from /sys/firmware/dmi/tables/DMI * Add buffer read helper using read explicitly * man: fix all_ethN indentation * Netronome biosdevname support (#8) * Prevent infinite recursion in dmidecode.c::smbios_setslot by (#7) * Add support for ExaNIC network cards (#5) biosdevname-0.7.3.7.g495ab76-150000.5.6.1.src.rpm biosdevname-0.7.3.7.g495ab76-150000.5.6.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4823 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for xrdp fixes the following issues: - Fix an issue where the login screen did not show any text in some cases (bsc#1217759) libpainter0-0.9.13.1-150200.4.30.1.x86_64.rpm librfxencode0-0.9.13.1-150200.4.30.1.x86_64.rpm xrdp-0.9.13.1-150200.4.30.1.src.rpm xrdp-0.9.13.1-150200.4.30.1.x86_64.rpm xrdp-devel-0.9.13.1-150200.4.30.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4916 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for lvm2 fixes the following issues: - Fixed error creating linux volume on SAN device lvmlockd (bsc#1215229) device-mapper-2.03.05_1.02.163-150400.191.1.x86_64.rpm device-mapper-devel-2.03.05_1.02.163-150400.191.1.x86_64.rpm libdevmapper-event1_03-2.03.05_1.02.163-150400.191.1.x86_64.rpm libdevmapper1_03-2.03.05_1.02.163-150400.191.1.x86_64.rpm liblvm2cmd2_03-2.03.05-150400.191.1.x86_64.rpm lvm2-2.03.05-150400.191.1.src.rpm lvm2-2.03.05-150400.191.1.x86_64.rpm lvm2-devel-2.03.05-150400.191.1.x86_64.rpm lvm2-device-mapper-2.03.05-150400.191.1.src.rpm libdevmapper1_03-32bit-2.03.05_1.02.163-150400.191.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4920 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for ghostscript fixes the following issues: - CVE-2023-46751: Fixed dangling pointer in gdev_prn_open_printer_seekable() (bsc#1217871). ghostscript-9.52-150000.177.1.src.rpm ghostscript-9.52-150000.177.1.x86_64.rpm ghostscript-devel-9.52-150000.177.1.x86_64.rpm ghostscript-x11-9.52-150000.177.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2024-62 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libxcrypt fixes the following issues: - fix variable name for datamember [bsc#1215496] - added patches fix https://github.com/besser82/libxcrypt/commit/b212d601549a0fc84cbbcaf21b931f903787d7e2 libcrypt1-4.4.15-150300.4.7.1.x86_64.rpm libxcrypt-4.4.15-150300.4.7.1.src.rpm libxcrypt-devel-4.4.15-150300.4.7.1.x86_64.rpm libcrypt1-32bit-4.4.15-150300.4.7.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4962 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. curl-8.0.1-150400.5.41.1.src.rpm True curl-8.0.1-150400.5.41.1.x86_64.rpm True libcurl-devel-8.0.1-150400.5.41.1.x86_64.rpm True libcurl4-32bit-8.0.1-150400.5.41.1.x86_64.rpm True libcurl4-8.0.1-150400.5.41.1.x86_64.rpm True SUSE-SLE-Module-Basesystem-15-SP4-2023-4891 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) libncurses6-6.1-150000.5.20.1.x86_64.rpm ncurses-6.1-150000.5.20.1.src.rpm ncurses-devel-6.1-150000.5.20.1.x86_64.rpm ncurses-utils-6.1-150000.5.20.1.x86_64.rpm tack-6.1-150000.5.20.1.x86_64.rpm terminfo-6.1-150000.5.20.1.x86_64.rpm terminfo-base-6.1-150000.5.20.1.x86_64.rpm terminfo-iterm-6.1-150000.5.20.1.x86_64.rpm terminfo-screen-6.1-150000.5.20.1.x86_64.rpm libncurses6-32bit-6.1-150000.5.20.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4875 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for gstreamer-plugins-bad fixes the following issues: - CVE-2023-44429: Fixed GStreamer AV1 Codec Parsing Heap-based Buffer Overflow (bsc#1217211). gstreamer-plugins-bad-1.20.1-150400.3.12.1.src.rpm libgstphotography-1_0-0-1.20.1-150400.3.12.1.x86_64.rpm libgstplay-1_0-0-1.20.1-150400.3.12.1.x86_64.rpm libgstplayer-1_0-0-1.20.1-150400.3.12.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2024-70 low SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for tar fixes the following issues: - CVE-2023-39804: Fixed extension attributes in PAX archives incorrect hanling (bsc#1217969). tar-1.34-150000.3.34.1.src.rpm tar-1.34-150000.3.34.1.x86_64.rpm tar-lang-1.34-150000.3.34.1.noarch.rpm tar-rmt-1.34-150000.3.34.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2023-4949 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for xorg-x11-server fixes the following issues: - CVE-2023-6377: Fixed out-of-bounds memory write in XKB button actions (bsc#1217765). xorg-x11-server-1.20.3-150400.38.35.1.src.rpm xorg-x11-server-1.20.3-150400.38.35.1.x86_64.rpm xorg-x11-server-extra-1.20.3-150400.38.35.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2024-5 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for gstreamer-plugins-bad fixes the following issues: - CVE-2023-44446: Fixed GStreamer MXF File Parsing Use-After-Free (bsc#1217213). - CVE-2023-40475: Fixed GStreamer MXF File Parsing Integer Overflow (bsc#1215792). gstreamer-plugins-bad-1.20.1-150400.3.15.1.src.rpm libgstphotography-1_0-0-1.20.1-150400.3.15.1.x86_64.rpm libgstplay-1_0-0-1.20.1-150400.3.15.1.x86_64.rpm libgstplayer-1_0-0-1.20.1-150400.3.15.1.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2024-6 moderate SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for libssh2_org fixes the following issues: - CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity (Terrapin Attack) (bsc#1218127). libssh2-1-1.11.0-150000.4.22.1.x86_64.rpm libssh2-devel-1.11.0-150000.4.22.1.x86_64.rpm libssh2_org-1.11.0-150000.4.22.1.src.rpm SUSE-SLE-Module-Basesystem-15-SP4-2024-4 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for webkit2gtk3 fixes the following issues: - CVE-2023-42890: Fixed processing malicious web content may lead to arbitrary code execution (bsc#1218033). - CVE-2023-42883: Fixed processing a malicious image may lead to a denial-of-service (bsc#1218032). - CVE-2023-41074: Fixed use-after-free in the MediaRecorder API of the WebKit GStreamer-based ports (bsc#1215870). - CVE-2023-40451, CVE-2023-41074: Update to version 2.42.4 (bsc#1218032, bsc#1215868). WebKitGTK-4.0-lang-2.42.4-150400.4.70.3.noarch.rpm libjavascriptcoregtk-4_0-18-2.42.4-150400.4.70.3.x86_64.rpm libwebkit2gtk-4_0-37-2.42.4-150400.4.70.3.x86_64.rpm typelib-1_0-JavaScriptCore-4_0-2.42.4-150400.4.70.3.x86_64.rpm typelib-1_0-WebKit2-4_0-2.42.4-150400.4.70.3.x86_64.rpm typelib-1_0-WebKit2WebExtension-4_0-2.42.4-150400.4.70.3.x86_64.rpm webkit2gtk-4_0-injected-bundles-2.42.4-150400.4.70.3.x86_64.rpm webkit2gtk3-soup2-2.42.4-150400.4.70.3.src.rpm webkit2gtk3-soup2-devel-2.42.4-150400.4.70.3.x86_64.rpm SUSE-SLE-Module-Basesystem-15-SP4-2024-12 important SUSE Updates SLE-Module-Basesystem 15-SP4 x86 64 This update for postfix fixes the following issues: - CVE-2023-51764: Fixed SMTP smuggling attack (bsc#1218304). postfix-3.5.9-150300.5.15.1.src.rpm postfix-3.5.9-150300.5.15.1.x86_64.rpm postfix-devel-3.5.9-150300.5.15.1.x86_64.rpm postfix-doc-3.5.9-150300.5.15.1.noarch.rpm postfix-ldap-3.5.9-150300.5.15.1.x86_64.rpm