openSUSE-Leap-Micro-5.4-2023-1913 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for libslirp and slirp4netns fixes the following issues: libslirp was updated to version 4.7.0+44 (current git master): * Fix vmstate regression * Align outgoing packets * Bump incoming packet alignment to 8 bytes * vmstate: only enable when building under GNU C * ncsitest: Fix build with msvc * Separate out SLIRP_PACKED to SLIRP_PACKED_BEGIN/END * ncsi: Add Mellanox Get Mac Address handler * slirp: Add out-of-band ethernet address * ncsi: Add OEM command handler * ncsi: Add basic test for Get Version ID response * ncsi: Use response header for payload length * ncsi: Pass command header to response handlers * ncsi: Add Get Version ID command * ncsi: Pass Slirp structure to response handlers * slirp: Add manufacturer's ID Release v4.7.0 * slirp: invoke client callback before creating timers * pingtest: port to timer_new_opaque * introduce timer_new_opaque callback * introduce slirp_timer_new wrapper * icmp6: make ndp_send_ra static * socket: Handle ECONNABORTED from recv * bootp: fix g_str_has_prefix warning/critical * slirp: Don't duplicate packet in tcp_reass * Rename insque/remque -> slirp_[ins|rem]que * mbuf: Use SLIRP_DEBUG to enable mbuf debugging instead of DEBUG * Replace inet_ntoa() with safer inet_ntop() * Add VMS_END marker * bootp: add support for UEFI HTTP boot * IPv6 DNS proxying support * Add missing scope_id in caching * socket: Move closesocket(so->s_aux) to sofree * socket: Check so_type instead of so_tcpcb for Unix-to-inet translation * socket: Add s_aux field to struct socket for storing auxilliary socket * socket: Initialize so_type in socreate * socket: Allocate Unix-to-TCP hostfwd port from OS by binding to port 0 * Allow to disable internal DHCP server * slirp_pollfds_fill: Explain why dividing so_snd.sb_datalen by two * CI: run integration tests with slirp4netns * socket: Check address family for Unix-to-inet accept translation * socket: Add debug args for tcpx_listen (inet and Unix sockets) * socket: Restore original definition of fhost * socket: Move <sys/un.h> include to socket.h * Support Unix sockets in hostfwd * resolv: fix IPv6 resolution on Darwin * Use the exact sockaddr size in getnameinfo call * Initialize sin6_scope_id to zero * slirp_socketpair_with_oob: Connect pair through 127.0.0.1 * resolv: fix memory leak when using libresolv * pingtest: Add a trivial ping test * icmp: Support falling back on trying a SOCK_RAW socket Update to version 4.6.1+7: * Haiku: proper path to resolv.conf for DNS server * Fix for Haiku * dhcp: Always send DHCP_OPT_LEN bytes in options Update to version 4.6.1: * Fix "DHCP broken in libslirp v4.6.0" Update to version 4.6.0: * udp: check upd_input buffer size * tftp: introduce a header structure * tftp: check tftp_input buffer size * upd6: check udp6_input buffer size * bootp: check bootp_input buffer size * bootp: limit vendor-specific area to input packet memory buffer Update to version 4.4.0: * socket: consume empty packets * slirp: check pkt_len before reading protocol header * Add DNS resolving for iOS * sosendoob: better document what urgc is used for * TCPIPHDR_DELTA: Fix potential negative value * udp, udp6, icmp, icmp6: Enable forwarding errors on Linux * icmp, icmp6: Add icmp_forward_error and icmp6_forward_error * udp, udp6, icmp: handle TTL value * ip_stripoptions use memmove slirp4netns was updated to 1.2.0: * Add slirp4netns --target-type=bess /path/to/bess.sock for supporting UML (#281) * Explicitly support DHCP (#270) * Update parson to v1.1.3 (#273) kgabis/parson@70dc239...2d7b3dd Update to version 1.1.11: * Add --macaddress option to specify the MAC address of the tap interface. * Updated the man page. Update to version 1.1.8: Update to 1.0.0: * --enable-sandbox is now out of experimental libslirp-4.7.0+44-150300.15.2.src.rpm libslirp0-4.7.0+44-150300.15.2.x86_64.rpm slirp4netns-1.2.0-150300.8.5.2.src.rpm slirp4netns-1.2.0-150300.8.5.2.x86_64.rpm libslirp0-4.7.0+44-150300.15.2.s390x.rpm slirp4netns-1.2.0-150300.8.5.2.s390x.rpm libslirp0-4.7.0+44-150300.15.2.aarch64.rpm slirp4netns-1.2.0-150300.8.5.2.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-716 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for rt-tests fixes the following issues: Version update from 2.2 to 2.4 (jsc#SLE-23995): - Add aarch64 support for oslat - Add the `--default-system` option in cyclictest This runs cyclictest without attempting any tuning. Power management is not suppressed so cyclictest measures the system as it is configured. This may result in worse realtime behaviour, but is sometimes what you are trying to measure. - Fix parsing of affinity when there is a space - Fixes in cyclicdeadline and deadline_test to prevent double mounting of cgroups - Fixes in cyclictest to address memory access violation issues for verbose with no affinity mask - hwlatdetect: Add option to specify cpumask - Increase the buf size to 2048 when parse cpuinfo - oslat: Print offending cpu number when above threshold - rt-numa: ignore runtime cpumask if '-a CPULIST' is specified - Significant clean-ups and fixes to hwlatdetect - For the complete list of changes you can consult: * 2.4: https://lore.kernel.org/linux-rt-users/20220708150017.13462-1-jkacur@redhat.com/ * 2.3: https://lore.kernel.org/linux-rt-users/20211210184649.11084-1-jkacur@redhat.com/ - Backport runtime fixes from upcomming release: * Fix threads being affined even when '-a' isn't set when using cyclictest * Remove arbitrary num of threads limits * Add error checking to connect and getsockname * Update hwlatdetect to integer division to prevent an error when calculating width, which assumes an integer rt-tests-2.4-150400.3.3.1.src.rpm rt-tests-2.4-150400.3.3.1.x86_64.rpm openSUSE-Leap-Micro-5.4-2023-658 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for cloud-netconfig fixes the following issues: - Update to version 1.7: + Overhaul policy routing setup + Support alias IPv4 ranges + Add support for NetworkManager (bsc#1204549) + Remove dependency on netconfig + Install into libexec directory + Clear stale ifcfg files for accelerated NICs (bsc#1199853) + More debug messages + Documentation update - /etc/netconfig.d/ moved to /usr/libexec/netconfig/netconfig.d/ in Tumbleweed, update path cloud-netconfig-azure-1.7-150000.25.8.1.noarch.rpm cloud-netconfig-azure-1.7-150000.25.8.1.src.rpm cloud-netconfig-ec2-1.7-150000.25.8.1.noarch.rpm cloud-netconfig-ec2-1.7-150000.25.8.1.src.rpm cloud-netconfig-gce-1.7-150000.25.8.1.noarch.rpm cloud-netconfig-gce-1.7-150000.25.8.1.src.rpm openSUSE-Leap-Micro-5.4-2023-713 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for suse-build-key fixes the following issues: This update provides multiple new 4096 RSA keys for SUSE Linux Enterprise 15, SUSE Manager 4.2/4.3, Storage 7.1, SUSE Registry) that we will switch to mid of 2023. (jsc#PED-2777) - gpg-pubkey-3fa1d6ce-63c9481c.asc: new 4096 RSA signing key for SUSE Linux Enterprise (RPM and repositories). - gpg-pubkey-d588dc46-63c939db.asc: new 4096 RSA reserve key for SUSE Linux Enterprise (RPM and repositories). - suse_ptf_key_4096.asc: new 4096 RSA signing key for PTF packages. - build-container-8fd6c337-63c94b45.asc/build-container-8fd6c337-63c94b45.pem: New RSA 4096 key for the SUSE registry registry.suse.com, installed as suse-container-key-2023.pem and suse-container-key-2023.asc - suse_ptf_containerkey_2023.asc suse_ptf_containerkey_2023.pem: New PTF container signing key for registry.suse.com/ptf/ space. suse-build-key-12.0-150000.8.31.1.noarch.rpm suse-build-key-12.0-150000.8.31.1.src.rpm openSUSE-Leap-Micro-5.4-2023-622 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for tcl fixes the following issues: - Fix string compare -length on big endian and improve string equal on little endian. (bsc#1206623) tcl-8.6.12-150300.14.9.1.src.rpm tcl-8.6.12-150300.14.9.1.x86_64.rpm tcl-8.6.12-150300.14.9.1.s390x.rpm tcl-8.6.12-150300.14.9.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-756 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for libappindicator fixes the following issues: - Provide compatibility symbol required by Slack RPM package (bsc#1207112) libappindicator3-1-12.10.1+bzr20170215-150200.3.3.1.x86_64.rpm libappindicator3-12.10.1+bzr20170215-150200.3.3.1.src.rpm typelib-1_0-AppIndicator3-0_1-12.10.1+bzr20170215-150200.3.3.1.x86_64.rpm libappindicator3-1-12.10.1+bzr20170215-150200.3.3.1.s390x.rpm typelib-1_0-AppIndicator3-0_1-12.10.1+bzr20170215-150200.3.3.1.s390x.rpm libappindicator3-1-12.10.1+bzr20170215-150200.3.3.1.aarch64.rpm typelib-1_0-AppIndicator3-0_1-12.10.1+bzr20170215-150200.3.3.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-1586 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for nfs-utils fixes the following issues: - Rename all drop-in options.conf files as 10-options.conf This makes it easier for other packages to over-ride with a drop-in with a later sequence number (bsc#1207843) - Avoid modprobe errors when sysctl is not installed (bsc#1200710 bsc#1207022 bsc#1206781) - Add "-S scope" option to rpc.nfsd to simplify fail-over cluster configuration (bsc#1203746) nfs-client-2.1.1-150100.10.32.1.x86_64.rpm nfs-kernel-server-2.1.1-150100.10.32.1.x86_64.rpm nfs-utils-2.1.1-150100.10.32.1.src.rpm nfs-client-2.1.1-150100.10.32.1.s390x.rpm nfs-kernel-server-2.1.1-150100.10.32.1.s390x.rpm nfs-client-2.1.1-150100.10.32.1.aarch64.rpm nfs-kernel-server-2.1.1-150100.10.32.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-1670 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for cpupower fixes the following issues: - Replace error with a warning if perf is unavailable (bsc#1202890) cpupower-5.14-150400.3.3.1.src.rpm cpupower-5.14-150400.3.3.1.x86_64.rpm libcpupower0-5.14-150400.3.3.1.x86_64.rpm cpupower-5.14-150400.3.3.1.s390x.rpm libcpupower0-5.14-150400.3.3.1.s390x.rpm cpupower-5.14-150400.3.3.1.aarch64.rpm libcpupower0-5.14-150400.3.3.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-714 important SUSE Updates openSUSE-Leap-Micro 5.4 This update for rpm fixes the following issues: - Fix missing python(abi) for 3.XX versions (bsc#1207294) python-rpm-4.14.3-150300.55.1.src.rpm python3-rpm-4.14.3-150300.55.1.x86_64.rpm rpm-4.14.3-150300.55.1.src.rpm rpm-4.14.3-150300.55.1.x86_64.rpm rpm-ndb-4.14.3-150300.55.1.src.rpm rpm-ndb-4.14.3-150300.55.1.x86_64.rpm python3-rpm-4.14.3-150300.55.1.s390x.rpm rpm-4.14.3-150300.55.1.s390x.rpm rpm-ndb-4.14.3-150300.55.1.s390x.rpm python3-rpm-4.14.3-150300.55.1.aarch64.rpm rpm-4.14.3-150300.55.1.aarch64.rpm rpm-ndb-4.14.3-150300.55.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-1668 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for firewalld fixes the following issues: - Fix `firewall-offline-cmd` command failing with error (bsc#1206928) firewalld-0.9.3-150400.8.9.1.noarch.rpm firewalld-0.9.3-150400.8.9.1.src.rpm python3-firewall-0.9.3-150400.8.9.1.noarch.rpm openSUSE-Leap-Micro-5.4-2023-795 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for docker fixes the following issues: Docker was updated to 20.10.23-ce. See upstream changelog at https://docs.docker.com/engine/release-notes/#201023 Docker was updated to 20.10.21-ce (bsc#1206065) See upstream changelog at https://docs.docker.com/engine/release-notes/#201021 Security issues fixed: - CVE-2022-36109: Fixed supplementary group permissions bypass (bsc#1205375) - Fix wrong After: in docker.service, fixes bsc#1188447 - Add apparmor-parser as a Recommends to make sure that most users will end up with it installed even if they are primarily running SELinux. - Allow to install container-selinux instead of apparmor-parser. - Change to using systemd-sysusers Updating docker will restart the docker service, which may stop some of your docker containers. Do you want to proceed with the update? docker-20.10.23_ce-150000.175.1.src.rpm docker-20.10.23_ce-150000.175.1.x86_64.rpm docker-20.10.23_ce-150000.175.1.s390x.rpm docker-20.10.23_ce-150000.175.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-1581 important SUSE Updates openSUSE-Leap-Micro 5.4 This update for ceph fixes the following issues: Security issues fixed: - CVE-2022-0670: Fixed user/tenant read/write access to an entire file system (bsc#1201837). - CVE-2022-3650: Fixed Python script that allowed privilege escalation from ceph to root (bsc#1204430). - CVE-2022-3854: Fixed possible DoS issue in ceph URL processing on RGW backends (bsc#1205025). Bug fixes: - osd, tools, kv: non-aggressive, on-line trimming of accumulated dups (bsc#1199183). - ceph-volume: fix fast device alloc size on mulitple device (bsc#1200262). - cephadm: update monitoring container images (bsc#1200501). - mgr/dashboard: prevent alert redirect (bsc#1200978). - mgr/volumes: Add subvolumegroup resize cmd (bsc#1201797). - monitoring/ceph-mixin: add RGW host to label info (bsc#1201976). - mgr/dashboard: enable addition of custom Prometheus alerts (bsc#1202077). - python-common: Add 'KB' to supported suffixes in SizeMatcher (bsc#1203375). - mgr/dashboard: fix rgw connect when using ssl (bsc#1205436). - ceph.spec.in: Add -DFMT_DEPRECATED_OSTREAM to CXXFLAGS (bsc#1202292). - cephfs-shell: move source to separate subdirectory (bsc#1201604). Fix in previous release: - mgr/cephadm: try to get FQDN for configuration files (bsc#1196046). - When an RBD is mapped, it is attempted to be deployed as an OSD. (bsc#1187748). - OSD marked down causes wrong backfill_toofull (bsc#1188911). - cephadm: Fix iscsi client caps (allow mgr <service status> calls) (bsc#1192838). - mgr/cephadm: fix and improve osd draining (bsc#1200317). - add iscsi and nfs to upgrade process (bsc#1206158). - mgr/mgr_module.py: CLICommand: Fix parsing of kwargs arguments (bsc#1192840). ceph-16.2.11.58+g38d6afd3b78-150400.3.6.1.src.rpm librados2-16.2.11.58+g38d6afd3b78-150400.3.6.1.x86_64.rpm librbd1-16.2.11.58+g38d6afd3b78-150400.3.6.1.x86_64.rpm librados2-16.2.11.58+g38d6afd3b78-150400.3.6.1.aarch64.rpm librbd1-16.2.11.58+g38d6afd3b78-150400.3.6.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-875 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for sg3_utils fixes the following issues: - Speed large multipath scans (bsc#1207706) libsgutils2-1_47-2-1.47+13.75d23ac-150400.3.6.1.x86_64.rpm sg3_utils-1.47+13.75d23ac-150400.3.6.1.src.rpm sg3_utils-1.47+13.75d23ac-150400.3.6.1.x86_64.rpm libsgutils2-1_47-2-1.47+13.75d23ac-150400.3.6.1.s390x.rpm sg3_utils-1.47+13.75d23ac-150400.3.6.1.s390x.rpm libsgutils2-1_47-2-1.47+13.75d23ac-150400.3.6.1.aarch64.rpm sg3_utils-1.47+13.75d23ac-150400.3.6.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-1636 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for suse-module-tools fixes the following issues: - Update to version 15.4.16: * modprobe.conf: s390x: remove softdep on fbcon (bsc#1207853) suse-module-tools-15.4.16-150400.3.8.1.src.rpm suse-module-tools-15.4.16-150400.3.8.1.x86_64.rpm suse-module-tools-15.4.16-150400.3.8.1.s390x.rpm suse-module-tools-15.4.16-150400.3.8.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-807 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for salt fixes the following issues: - Fix problem with detecting PTF packages (bsc#1208691) - Fix pkg.version_cmp on openEuler systems and a few other OS flavors - Make pkg.remove function from zypperpkg module to handle also PTF packages python3-salt-3004-150400.8.25.1.x86_64.rpm True salt-3004-150400.8.25.1.src.rpm True salt-3004-150400.8.25.1.x86_64.rpm True salt-minion-3004-150400.8.25.1.x86_64.rpm True salt-transactional-update-3004-150400.8.25.1.x86_64.rpm True python3-salt-3004-150400.8.25.1.s390x.rpm True salt-3004-150400.8.25.1.s390x.rpm True salt-minion-3004-150400.8.25.1.s390x.rpm True salt-transactional-update-3004-150400.8.25.1.s390x.rpm True python3-salt-3004-150400.8.25.1.aarch64.rpm True salt-3004-150400.8.25.1.aarch64.rpm True salt-minion-3004-150400.8.25.1.aarch64.rpm True salt-transactional-update-3004-150400.8.25.1.aarch64.rpm True openSUSE-Leap-Micro-5.4-2023-1686 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for libmicrohttpd fixes the following issues: - CVE-2023-27371: Fixed a parser bug that could be used to crash servers using the MHD_PostProcessor (bsc#1208745). libmicrohttpd-0.9.57-150000.3.3.1.src.rpm libmicrohttpd12-0.9.57-150000.3.3.1.x86_64.rpm libmicrohttpd12-0.9.57-150000.3.3.1.s390x.rpm libmicrohttpd12-0.9.57-150000.3.3.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-1718 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) glibc-2.31-150300.46.1.src.rpm glibc-2.31-150300.46.1.x86_64.rpm glibc-devel-2.31-150300.46.1.x86_64.rpm glibc-locale-2.31-150300.46.1.x86_64.rpm glibc-locale-base-2.31-150300.46.1.x86_64.rpm glibc-2.31-150300.46.1.s390x.rpm glibc-devel-2.31-150300.46.1.s390x.rpm glibc-locale-2.31-150300.46.1.s390x.rpm glibc-locale-base-2.31-150300.46.1.s390x.rpm glibc-2.31-150300.46.1.aarch64.rpm glibc-devel-2.31-150300.46.1.aarch64.rpm glibc-locale-2.31-150300.46.1.aarch64.rpm glibc-locale-base-2.31-150300.46.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-668 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for libX11 fixes the following issues: - Fixed a regression introduced with security update for CVE-2022-3555 (bsc#1204425, bsc#1208881) libX11-1.6.5-150000.3.27.1.src.rpm libX11-6-1.6.5-150000.3.27.1.x86_64.rpm libX11-data-1.6.5-150000.3.27.1.noarch.rpm libX11-xcb1-1.6.5-150000.3.27.1.x86_64.rpm libX11-6-1.6.5-150000.3.27.1.s390x.rpm libX11-xcb1-1.6.5-150000.3.27.1.s390x.rpm libX11-6-1.6.5-150000.3.27.1.aarch64.rpm libX11-xcb1-1.6.5-150000.3.27.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-868 important SUSE Updates openSUSE-Leap-Micro 5.4 This update for python3 fixes the following issues: - CVE-2023-24329: Fixed a blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters (bsc#1208471). The following non-security bug was fixed: - Eliminate unnecessary and dangerous calls to PyThread_exit_thread() (bsc#1203355). libpython3_6m1_0-3.6.15-150300.10.45.1.x86_64.rpm python3-3.6.15-150300.10.45.1.src.rpm python3-3.6.15-150300.10.45.1.x86_64.rpm python3-base-3.6.15-150300.10.45.1.x86_64.rpm python3-core-3.6.15-150300.10.45.1.src.rpm libpython3_6m1_0-3.6.15-150300.10.45.1.s390x.rpm python3-3.6.15-150300.10.45.1.s390x.rpm python3-base-3.6.15-150300.10.45.1.s390x.rpm libpython3_6m1_0-3.6.15-150300.10.45.1.aarch64.rpm python3-3.6.15-150300.10.45.1.aarch64.rpm python3-base-3.6.15-150300.10.45.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-1298 important SUSE Updates openSUSE-Leap-Micro 5.4 This update for ndctl fixes the following issues: - Fix parsing of environment variable NDCTL_TIMEOUT (bsc#1208548) libndctl6-71.1-150400.10.3.1.x86_64.rpm ndctl-71.1-150400.10.3.1.src.rpm openSUSE-Leap-Micro-5.4-2023-781 important SUSE Updates openSUSE-Leap-Micro 5.4 This update for vim fixes the following issues: - CVE-2023-0512: Fixed a divide By Zero (bsc#1207780). - CVE-2023-1175: vim: an incorrect calculation of buffer size (bsc#1208957). - CVE-2023-1170: Fixed a heap-based Buffer Overflow (bsc#1208959). - CVE-2023-1127: Fixed divide by zero in scrolldown() (bsc#1208828). Updated to version 9.0 with patch level 1386. - https://github.com/vim/vim/compare/v9.0.1234...v9.0.1386 vim-9.0.1386-150000.5.37.1.src.rpm vim-data-common-9.0.1386-150000.5.37.1.noarch.rpm vim-small-9.0.1386-150000.5.37.1.x86_64.rpm vim-small-9.0.1386-150000.5.37.1.s390x.rpm vim-small-9.0.1386-150000.5.37.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-743 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for gnutls fixes the following issues: FIPS: Establish PBKDF2 additional requirements [bsc#1209001] * Set the minimum output key length to 112 bits (FIPS 140-3 IG D.N) * Set the minimum salt length to 128 bits (SP 800-132 sec. 5.1) * Set the minimum iterations count to 1000 (SP 800-132 sec 5.2) * Set the minimum passlen of 20 characters (SP SP800-132 sec 5) * Add regression tests for the new PBKDF2 requirements. gnutls-3.7.3-150400.4.35.1.src.rpm gnutls-3.7.3-150400.4.35.1.x86_64.rpm libgnutls30-3.7.3-150400.4.35.1.x86_64.rpm libgnutls30-hmac-3.7.3-150400.4.35.1.x86_64.rpm gnutls-3.7.3-150400.4.35.1.s390x.rpm libgnutls30-3.7.3-150400.4.35.1.s390x.rpm libgnutls30-hmac-3.7.3-150400.4.35.1.s390x.rpm gnutls-3.7.3-150400.4.35.1.aarch64.rpm libgnutls30-3.7.3-150400.4.35.1.aarch64.rpm libgnutls30-hmac-3.7.3-150400.4.35.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-782 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for libgcrypt fixes the following issues: - FIPS: ECC: Transition to error-state if PCT fail [bsc#1208925] - FIPS: ECDSA: Avoid no-keytest in ECDSA keygen [bsc#1208924] - FIPS: PBKDF2: Added additional checks for the minimum key length, salt length, iteration count and passphrase length to the kdf FIPS indicator in _gcry_fips_indicator_kdf() [bsc#1208926] libgcrypt-1.9.4-150400.6.8.1.src.rpm libgcrypt20-1.9.4-150400.6.8.1.x86_64.rpm libgcrypt20-hmac-1.9.4-150400.6.8.1.x86_64.rpm libgcrypt20-1.9.4-150400.6.8.1.s390x.rpm libgcrypt20-hmac-1.9.4-150400.6.8.1.s390x.rpm libgcrypt20-1.9.4-150400.6.8.1.aarch64.rpm libgcrypt20-hmac-1.9.4-150400.6.8.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-879 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for qemu fixes the following issues: - CVE-2021-3507: Fixed heap buffer overflow in DMA read data transfers in fdc (bsc#1185000). - CVE-2020-14394: Fixed infinite loop in xhci_ring_chain_length() (bsc#1180207). qemu-6.2.0-150400.37.14.2.src.rpm qemu-6.2.0-150400.37.14.2.x86_64.rpm qemu-accel-tcg-x86-6.2.0-150400.37.14.2.x86_64.rpm qemu-audio-spice-6.2.0-150400.37.14.2.x86_64.rpm qemu-chardev-spice-6.2.0-150400.37.14.2.x86_64.rpm qemu-guest-agent-6.2.0-150400.37.14.2.x86_64.rpm qemu-hw-display-qxl-6.2.0-150400.37.14.2.x86_64.rpm qemu-hw-display-virtio-gpu-6.2.0-150400.37.14.2.x86_64.rpm qemu-hw-display-virtio-vga-6.2.0-150400.37.14.2.x86_64.rpm qemu-hw-usb-redirect-6.2.0-150400.37.14.2.x86_64.rpm qemu-ipxe-1.0.0+-150400.37.14.2.noarch.rpm qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.14.2.noarch.rpm qemu-sgabios-8-150400.37.14.2.noarch.rpm qemu-tools-6.2.0-150400.37.14.2.x86_64.rpm qemu-ui-opengl-6.2.0-150400.37.14.2.x86_64.rpm qemu-ui-spice-core-6.2.0-150400.37.14.2.x86_64.rpm qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.14.2.noarch.rpm qemu-x86-6.2.0-150400.37.14.2.x86_64.rpm qemu-6.2.0-150400.37.14.2.s390x.rpm qemu-audio-spice-6.2.0-150400.37.14.2.s390x.rpm qemu-chardev-spice-6.2.0-150400.37.14.2.s390x.rpm qemu-guest-agent-6.2.0-150400.37.14.2.s390x.rpm qemu-hw-display-qxl-6.2.0-150400.37.14.2.s390x.rpm qemu-hw-display-virtio-gpu-6.2.0-150400.37.14.2.s390x.rpm qemu-hw-display-virtio-vga-6.2.0-150400.37.14.2.s390x.rpm qemu-hw-usb-redirect-6.2.0-150400.37.14.2.s390x.rpm qemu-s390x-6.2.0-150400.37.14.2.s390x.rpm qemu-tools-6.2.0-150400.37.14.2.s390x.rpm qemu-ui-opengl-6.2.0-150400.37.14.2.s390x.rpm qemu-ui-spice-core-6.2.0-150400.37.14.2.s390x.rpm qemu-6.2.0-150400.37.14.2.aarch64.rpm qemu-arm-6.2.0-150400.37.14.2.aarch64.rpm qemu-audio-spice-6.2.0-150400.37.14.2.aarch64.rpm qemu-chardev-spice-6.2.0-150400.37.14.2.aarch64.rpm qemu-guest-agent-6.2.0-150400.37.14.2.aarch64.rpm qemu-hw-display-qxl-6.2.0-150400.37.14.2.aarch64.rpm qemu-hw-display-virtio-gpu-6.2.0-150400.37.14.2.aarch64.rpm qemu-hw-display-virtio-vga-6.2.0-150400.37.14.2.aarch64.rpm qemu-hw-usb-redirect-6.2.0-150400.37.14.2.aarch64.rpm qemu-tools-6.2.0-150400.37.14.2.aarch64.rpm qemu-ui-opengl-6.2.0-150400.37.14.2.aarch64.rpm qemu-ui-spice-core-6.2.0-150400.37.14.2.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-848 important SUSE Updates openSUSE-Leap-Micro 5.4 This update for xen fixes the following issues: - CVE-2022-42332: Fixed use-after-free in x86 shadow plus log-dirty mode (bsc#1209017). - CVE-2022-42333,CVE-2022-42334: Fixed x86/HVM pinned cache attributes mis-handling (bsc#1209018). - CVE-2022-42331: Fixed speculative vulnerability in 32bit SYSCALL path on x86 (bsc#1209019). xen-4.16.3_06-150400.4.25.1.src.rpm True xen-libs-4.16.3_06-150400.4.25.1.x86_64.rpm True openSUSE-Leap-Micro-5.4-2023-1796 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for conmon fixes the following issues: - rebuild against supported go 1.19 (bsc#1209307) - no functional changes. conmon-2.1.5-150400.3.6.1.src.rpm conmon-2.1.5-150400.3.6.1.x86_64.rpm conmon-2.1.5-150400.3.6.1.s390x.rpm conmon-2.1.5-150400.3.6.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2039 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for lshw fixes the following issues: - Update to version B.02.19.2+git.20230320 (bsc#1209531) lshw-B.02.19.2+git.20230320-150200.3.15.4.src.rpm lshw-B.02.19.2+git.20230320-150200.3.15.4.x86_64.rpm lshw-B.02.19.2+git.20230320-150200.3.15.4.s390x.rpm lshw-B.02.19.2+git.20230320-150200.3.15.4.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2060 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for glib2 fixes the following issues: - CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714). - CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713). The following non-security bug was fixed: - Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978). glib2-2.70.5-150400.3.8.1.src.rpm glib2-tools-2.70.5-150400.3.8.1.x86_64.rpm libgio-2_0-0-2.70.5-150400.3.8.1.x86_64.rpm libglib-2_0-0-2.70.5-150400.3.8.1.x86_64.rpm libgmodule-2_0-0-2.70.5-150400.3.8.1.x86_64.rpm libgobject-2_0-0-2.70.5-150400.3.8.1.x86_64.rpm glib2-tools-2.70.5-150400.3.8.1.s390x.rpm libgio-2_0-0-2.70.5-150400.3.8.1.s390x.rpm libglib-2_0-0-2.70.5-150400.3.8.1.s390x.rpm libgmodule-2_0-0-2.70.5-150400.3.8.1.s390x.rpm libgobject-2_0-0-2.70.5-150400.3.8.1.s390x.rpm glib2-tools-2.70.5-150400.3.8.1.aarch64.rpm libgio-2_0-0-2.70.5-150400.3.8.1.aarch64.rpm libglib-2_0-0-2.70.5-150400.3.8.1.aarch64.rpm libgmodule-2_0-0-2.70.5-150400.3.8.1.aarch64.rpm libgobject-2_0-0-2.70.5-150400.3.8.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-1897 important SUSE Updates openSUSE-Leap-Micro 5.4 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687). - CVE-2023-1838: Fixed an use-after-free flaw in virtio network subcomponent. This flaw could allow a local attacker to crash the system and lead to a kernel information leak problem. (bsc#1210203). - CVE-2023-0394: Fixed a null pointer dereference in the network subcomponent. This flaw could cause system crashes (bsc#1207168). - CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532). - CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547). - CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256). - CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/bluetooth/hci_conn.c (bsc#1209052). - CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1209366). - CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779). - CVE-2023-1652: Fixed use-after-free that could lead to DoS and information leak in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c (bsc#1209788). - CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635). - CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209634). - CVE-2023-1582: Fixed soft lockup in __page_mapcount (bsc#1209636). - CVE-2023-28327: Fixed DoS in in_skb in unix_diag_get_exact() (bsc#1209290). - CVE-2023-23001: Fixed misinterpretation of regulator_get return value in drivers/scsi/ufs/ufs-mediatek.c (bsc#1208829). The following non-security bugs were fixed: - ACPI: x86: utils: Add Cezanne to the list for forcing StorageD3Enable (git-fixes). - alarmtimer: Prevent starvation by small intervals and SIG_IGN (git-fixes) - ALSA: asihpi: check pao in control_message() (git-fixes). - ALSA: hda: intel-dsp-config: add MTL PCI id (git-fixes). - ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set() (git-fixes). - ALSA: hda/conexant: Partial revert of a quirk for Lenovo (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo X370SNW (git-fixes). - ALSA: hda/realtek: Add quirk for Lenovo ZhaoYang CF4620Z (git-fixes). - ALSA: hda/realtek: Add quirks for some Clevo laptops (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). - ALSA: hda/realtek: Fix support for Dell Precision 3260 (git-fixes). - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro (git-fixes). - ALSA: usb-audio: Fix recursive locking at XRUN during syncing (git-fixes). - ALSA: usb-audio: Fix regression on detection of Roland VS-100 (git-fixes). - ALSA: ymfpci: Fix BUG_ON in probe function (git-fixes). - arch: fix broken BuildID for arm64 and riscv (bsc#1209798). - ARM: dts: imx6sl: tolino-shine2hd: fix usbotg1 pinctrl (git-fixes). - ARM: dts: imx6sll: e60k02: fix usbotg1 pinctrl (git-fixes). - arm64: dts: freescale: Fix pca954x i2c-mux node names (git-fixes) - arm64: dts: imx8mm-nitrogen-r2: fix WM8960 clock name (git-fixes). - arm64: dts: imx8mn: specify #sound-dai-cells for SAI nodes (git-fixes). - arm64: dts: imx8mp-phycore-som: Remove invalid PMIC property (git-fixes) - arm64: dts: imx8mp: correct usb clocks (git-fixes) - arm64: dts: imx8mq: add mipi csi phy and csi bridge descriptions (git-fixes) - arm64: dts: imx8mq: fix mipi_csi bidirectional port numbers (git-fixes) - arm64: dts: qcom: sm8350: Mark UFS controller as cache coherent (git-fixes). - arm64/cpufeature: Fix field sign for DIT hwcap detection (git-fixes) - ASoC: codecs: tx-macro: Fix for KASAN: slab-out-of-bounds (git-fixes). - atm: idt77252: fix kmemleak when rmmod idt77252 (git-fixes). - Bluetooth: btqcomsmd: Fix command timeout after setting BD address (git-fixes). - Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work (git-fixes). - Bluetooth: L2CAP: Fix responding with wrong PDU type (git-fixes). - ca8210: fix mac_len negative array access (git-fixes). - ca8210: Fix unsigned mac_len comparison with zero in ca8210_skb_tx() (git-fixes). - can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write (git-fixes). - can: isotp: isotp_ops: fix poll() to not report false EPOLLOUT events (git-fixes). - can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access (git-fixes). - cifs: append path to open_enter trace event (bsc#1193629). - cifs: avoid race conditions with parallel reconnects (bsc#1193629). - cifs: avoid races in parallel reconnects in smb1 (bsc#1193629). - cifs: check only tcon status on tcon related functions (bsc#1193629). - cifs: do not poll server interfaces too regularly (bsc#1193629). - cifs: double lock in cifs_reconnect_tcon() (git-fixes). - cifs: dump pending mids for all channels in DebugData (bsc#1193629). - cifs: empty interface list when server does not support query interfaces (bsc#1193629). - cifs: fix dentry lookups in directory handle cache (bsc#1193629). - cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL (bsc#1193629). - cifs: fix missing unload_nls() in smb2_reconnect() (bsc#1193629). - cifs: Fix smb2_set_path_size() (git-fixes). - cifs: fix use-after-free bug in refresh_cache_worker() (bsc#1193629). - cifs: generate signkey for the channel that's reconnecting (bsc#1193629). - cifs: get rid of dead check in smb2_reconnect() (bsc#1193629). - cifs: lock chan_lock outside match_session (bsc#1193629). - cifs: Move the in_send statistic to __smb_send_rqst() (git-fixes). - cifs: prevent infinite recursion in CIFSGetDFSRefer() (bsc#1193629). - cifs: print session id while listing open files (bsc#1193629). - cifs: return DFS root session id in DebugData (bsc#1193629). - cifs: set DFS root session in cifs_get_smb_ses() (bsc#1193629). - cifs: use DFS root session instead of tcon ses (bsc#1193629). - clocksource/drivers/mediatek: Optimize systimer irq clear flow on shutdown (git-fixes). - debugfs: add debugfs_lookup_and_remove() (git-fixes). - drivers/base: Fix unsigned comparison to -1 in CPUMAP_FILE_MAX_BYTES (bsc#1208815). - drivers/base: fix userspace break from using bin_attributes for cpumap and cpulist (bsc#1208815). - drm/amd/display: Add DSC Support for Synaptics Cascaded MST Hub (git-fixes). - drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes (git-fixes). - drm/amdkfd: Fix an illegal memory access (git-fixes). - drm/bridge: lt8912b: return EPROBE_DEFER if bridge is not found (git-fixes). - drm/etnaviv: fix reference leak when mmaping imported buffer (git-fixes). - drm/i915: Do not use BAR mappings for ring buffers with LLC (git-fixes). - drm/i915: Do not use stolen memory for ring buffers with LLC (git-fixes). - drm/i915: Preserve crtc_state->inherited during state clearing (git-fixes). - drm/i915: Remove unused bits of i915_vma/active api (git-fixes). - drm/i915/active: Fix missing debug object activation (git-fixes). - drm/i915/active: Fix misuse of non-idle barriers as fence trackers (git-fixes). - drm/i915/display: clean up comments (git-fixes). - drm/i915/display: Workaround cursor left overs with PSR2 selective fetch enabled (git-fixes). - drm/i915/display/psr: Handle plane and pipe restrictions at every page flip (git-fixes). - drm/i915/display/psr: Use drm damage helpers to calculate plane damaged area (git-fixes). - drm/i915/gt: perform uc late init after probe error injection (git-fixes). - drm/i915/psr: Use calculated io and fast wake lines (git-fixes). - drm/i915/tc: Fix the ICL PHY ownership check in TC-cold state (git-fixes). - drm/panfrost: Fix the panfrost_mmu_map_fault_addr() error path (git-fixes). - dt-bindings: serial: renesas,scif: Fix 4th IRQ for 4-IRQ SCIFs (git-fixes). - efi: sysfb_efi: Fix DMI quirks not working for simpledrm (git-fixes). - fbdev: au1200fb: Fix potential divide by zero (git-fixes). - fbdev: intelfb: Fix potential divide by zero (git-fixes). - fbdev: lxfb: Fix potential divide by zero (git-fixes). - fbdev: nvidia: Fix potential divide by zero (git-fixes). - fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks (git-fixes). - fbdev: tgafb: Fix potential divide by zero (git-fixes). - firmware: arm_scmi: Fix device node validation for mailbox transport (git-fixes). - fotg210-udc: Add missing completion handler (git-fixes). - ftrace: Fix invalid address access in lookup_rec() when index is 0 (git-fixes). - ftrace: Fix issue that 'direct->addr' not restored in modify_ftrace_direct() (git-fixes). - ftrace: Mark get_lock_parent_ip() __always_inline (git-fixes). - gpio: davinci: Add irq chip flag to skip set wake (git-fixes). - gpio: GPIO_REGMAP: select REGMAP instead of depending on it (git-fixes). - HID: cp2112: Fix driver not registering GPIO IRQ chip as threaded (git-fixes). - HID: intel-ish-hid: ipc: Fix potential use-after-free in work function (git-fixes). - hwmon: fix potential sensor registration fail if of_node is missing (git-fixes). - i2c: hisi: Only use the completion interrupt to finish the transfer (git-fixes). - i2c: imx-lpi2c: check only for enabled interrupt flags (git-fixes). - i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() (git-fixes). - iio: adc: ad7791: fix IRQ flags (git-fixes). - iio: adc: ti-ads7950: Set `can_sleep` flag for GPIO chip (git-fixes). - iio: adis16480: select CONFIG_CRC32 (git-fixes). - iio: dac: cio-dac: Fix max DAC write value check for 12-bit (git-fixes). - iio: light: cm32181: Unregister second I2C client if present (git-fixes). - Input: alps - fix compatibility with -funsigned-char (bsc#1209805). - Input: focaltech - use explicitly signed char type (git-fixes). - Input: goodix - add Lenovo Yoga Book X90F to nine_bytes_report DMI table (git-fixes). - KABI FIX FOR: NFSv4: keep state manager thread active if swap is enabled (Never, kabi). - kABI workaround for xhci (git-fixes). - kABI: x86/msr: Remove .fixup usage (kabi). - kconfig: Update config changed flag before calling callback (git-fixes). - keys: Do not cache key in task struct if key is requested from kernel thread (git-fixes). - KVM: x86: fix sending PV IPI (git-fixes). - KVM: x86: fix sending PV IPI (git-fixes). - lan78xx: Add missing return code checks (git-fixes). - lan78xx: Fix exception on link speed change (git-fixes). - lan78xx: Fix memory allocation bug (git-fixes). - lan78xx: Fix partial packet errors on suspend/resume (git-fixes). - lan78xx: Fix race condition in disconnect handling (git-fixes). - lan78xx: Fix race conditions in suspend/resume handling (git-fixes). - lan78xx: Fix white space and style issues (git-fixes). - lan78xx: Remove unused pause frame queue (git-fixes). - lan78xx: Remove unused timer (git-fixes). - lan78xx: Set flow control threshold to prevent packet loss (git-fixes). - lockd: set file_lock start and end when decoding nlm4 testargs (git-fixes). - locking/rwbase: Mitigate indefinite writer starvation (bsc#1189998 (PREEMPT_RT prerequisite backports), bsc#1206552). - mm: memcg: fix swapcached stat accounting (bsc#1209804). - mm: mmap: remove newline at the end of the trace (git-fixes). - mmc: atmel-mci: fix race between stop command and start of next command (git-fixes). - mtd: rawnand: meson: fix bitmask for length in command word (git-fixes). - mtd: rawnand: meson: invalidate cache on polling ECC bit (git-fixes). - mtd: rawnand: stm32_fmc2: remove unsupported EDO mode (git-fixes). - mtd: rawnand: stm32_fmc2: use timings.mode instead of checking tRC_min (git-fixes). - mtdblock: tolerate corrected bit-flips (git-fixes). - net: asix: fix modprobe "sysfs: cannot create duplicate filename" (git-fixes). - net: mdio: thunder: Add missing fwnode_handle_put() (git-fixes). - net: phy: dp83869: fix default value for tx-/rx-internal-delay (git-fixes). - net: phy: Ensure state transitions are processed from phy_stop() (git-fixes). - net: phy: nxp-c45-tja11xx: fix MII_BASIC_CONFIG_REV bit (git-fixes). - net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails (git-fixes). - net: qcom/emac: Fix use after free bug in emac_remove due to race condition (git-fixes). - net: usb: asix: remove redundant assignment to variable reg (git-fixes). - net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990 (git-fixes). - net: usb: lan78xx: Limit packet length to skb->len (git-fixes). - net: usb: qmi_wwan: add Telit 0x1080 composition (git-fixes). - net: usb: smsc75xx: Limit packet length to skb->len (git-fixes). - net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull (git-fixes). - net: usb: smsc95xx: Limit packet length to skb->len (git-fixes). - net: usb: use eth_hw_addr_set() (git-fixes). - NFS: Fix an Oops in nfs_d_automount() (git-fixes). - NFS: fix disabling of swap (git-fixes). - NFS4trace: fix state manager flag printing (git-fixes). - NFSD: fix handling of readdir in v4root vs. mount upcall timeout (git-fixes). - NFSD: fix leaked reference count of nfsd4_ssc_umount_item (git-fixes). - NFSD: fix problems with cleanup on errors in nfsd4_copy (git-fixes). - NFSD: fix race to check ls_layouts (git-fixes). - NFSD: fix use-after-free in nfsd4_ssc_setup_dul() (git-fixes). - NFSD: Protect against filesystem freezing (git-fixes). - NFSD: shut down the NFSv4 state objects before the filecache (git-fixes). - NFSD: under NFSv4.1, fix double svc_xprt_put on rpc_create failure (git-fixes). - NFSD: zero out pointers after putting nfsd_files on COPY setup error (git-fixes). - NFSv4: Fix a credential leak in _nfs4_discover_trunking() (git-fixes). - NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn (git-fixes). - NFSv4: Fix hangs when recovering open state after a server reboot (git-fixes). - NFSv4: keep state manager thread active if swap is enabled (git-fixes). - NFSv4: provide mount option to toggle trunking discovery (git-fixes). - NFSv4: Fix initialisation of struct nfs4_label (git-fixes). - NFSv4: Fail client initialisation if state manager thread can't run (git-fixes). - nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() (git-fixes). - nilfs2: fix sysfs interface lifetime (git-fixes). - nvme-tcp: always fail a request when sending it failed (bsc#1208902). - PCI: hv: Add a per-bus mutex state_lock (bsc#1207185). - PCI: hv: fix a race condition bug in hv_pci_query_relations() (bsc#1207185). - PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1207185). - PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1207185). - PCI: hv: Use async probing to reduce boot time (bsc#1207185). - PCI/DPC: Await readiness of secondary bus after reset (git-fixes). - pinctrl: amd: Disable and mask interrupts on resume (git-fixes). - pinctrl: at91-pio4: fix domain name assignment (git-fixes). - pinctrl: ocelot: Fix alt mode for ocelot (git-fixes). - platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl (git-fixes). - platform/x86: think-lmi: add debug_cmd (bsc#1210050). - platform/x86: think-lmi: add missing type attribute (git-fixes). - platform/x86: think-lmi: Add possible_values for ThinkStation (git-fixes). - platform/x86: think-lmi: Certificate authentication support (bsc#1210050). - platform/x86: think-lmi: certificate support clean ups (bsc#1210050). - platform/x86: think-lmi: Clean up display of current_value on Thinkstation (git-fixes). - platform/x86: think-lmi: Fix memory leak when showing current settings (git-fixes). - platform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI strings (git-fixes). - platform/x86: think-lmi: Move kobject_init() call into tlmi_create_auth() (bsc#1210050). - platform/x86: think-lmi: only display possible_values if available (git-fixes). - platform/x86: think-lmi: Opcode support (bsc#1210050). - platform/x86: think-lmi: Prevent underflow in index_store() (bsc#1210050). - platform/x86: think-lmi: Simplify tlmi_analyze() error handling a bit (bsc#1210050). - platform/x86: think-lmi: use correct possible_values delimiters (git-fixes). - platform/x86: think-lmi: Use min_t() for comparison and assignment (bsc#1210050). - platform/x86: thinkpad_acpi: Accept ibm_init_struct.init() returning -ENODEV (bsc#1210050). - platform/x86: thinkpad_acpi: Add a s2idle resume quirk for a number of laptops (bsc#1210050). - platform/x86: thinkpad_acpi: Add dual fan probe (bsc#1210050). - platform/x86: thinkpad_acpi: Add dual-fan quirk for T15g (2nd gen) (bsc#1210050). - platform/x86: thinkpad_acpi: Add hotkey_notify_extended_hotkey() helper (bsc#1210050). - platform/x86: thinkpad_acpi: Add LED_RETAIN_AT_SHUTDOWN to led_class_devs (bsc#1210050). - platform/x86: thinkpad_acpi: Add lid_logo_dot to the list of safe LEDs (bsc#1210050). - platform/x86: thinkpad_acpi: Add PSC mode support (bsc#1210050). - platform/x86: thinkpad_acpi: Add quirk for ThinkPads without a fan (bsc#1210050). - platform/x86: thinkpad_acpi: clean up dytc profile convert (bsc#1210050). - platform/x86: thinkpad_acpi: Cleanup dytc_profile_available (bsc#1210050). - platform/x86: thinkpad_acpi: consistently check fan_get_status return (bsc#1210050). - platform/x86: thinkpad_acpi: Convert btusb DMI list to quirks (bsc#1210050). - platform/x86: thinkpad_acpi: Convert platform driver to use dev_groups (bsc#1210050). - platform/x86: thinkpad_acpi: Correct dual fan probe (bsc#1210050). - platform/x86: thinkpad_acpi: do not use PSC mode on Intel platforms (bsc#1210050). - platform/x86: thinkpad_acpi: Do not use test_bit on an integer (bsc#1210050). - platform/x86: thinkpad_acpi: Enable s2idle quirk for 21A1 machine type (bsc#1210050). - platform/x86: thinkpad_acpi: Explicitly set to balanced mode on startup (bsc#1210050). - platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO resource (bsc#1210050). - platform/x86: thinkpad_acpi: Fix coccinelle warnings (bsc#1210050). - platform/x86: thinkpad_acpi: Fix compiler warning about uninitialized err variable (bsc#1210050). - platform/x86: thinkpad_acpi: Fix incorrect use of platform profile on AMD platforms (bsc#1210050). - platform/x86: thinkpad_acpi: Fix max_brightness of thinklight (bsc#1210050). - platform/x86: thinkpad_acpi: Fix profile mode display in AMT mode (bsc#1210050). - platform/x86: thinkpad_acpi: Fix profile modes on Intel platforms (bsc#1210050). - platform/x86: thinkpad_acpi: Fix reporting a non present second fan on some models (bsc#1210050). - platform/x86: thinkpad_acpi: Fix the hwmon sysfs-attr showing up in the wrong place (bsc#1210050). - platform/x86: thinkpad_acpi: Fix thermal_temp_input_attr sorting (bsc#1210050). - platform/x86: thinkpad_acpi: Fix thinklight LED brightness returning 255 (bsc#1210050). - platform/x86: thinkpad_acpi: Get privacy-screen / lcdshadow ACPI handles only once (bsc#1210050). - platform/x86: thinkpad_acpi: Make *_init() functions return -ENODEV instead of 1 (bsc#1210050). - platform/x86: thinkpad_acpi: Properly indent code in tpacpi_dytc_profile_init() (bsc#1210050). - platform/x86: thinkpad_acpi: Register tpacpi_pdriver after subdriver init (bsc#1210050). - platform/x86: thinkpad_acpi: Remove "goto err_exit" from hotkey_init() (bsc#1210050). - platform/x86: thinkpad_acpi: Remove unused sensors_pdev_attrs_registered flag (bsc#1210050). - platform/x86: thinkpad_acpi: Restore missing hotkey_tablet_mode and hotkey_radio_sw sysfs-attr (bsc#1210050). - platform/x86: thinkpad_acpi: Simplify dytc_version handling (bsc#1210050). - platform/x86: thinkpad_acpi: Switch to common use of attributes (bsc#1210050). - platform/x86: thinkpad_acpi: tpacpi_attr_group contains driver attributes not device attrs (bsc#1210050). - platform/x86: thinkpad_acpi: Use backlight helper (bsc#1210050). - platform/x86: thinkpad_acpi: use strstarts() (bsc#1210050). - platform/x86: thinkpad-acpi: Add support for automatic mode transitions (bsc#1210050). - platform/x86: thinkpad-acpi: Enable AMT by default on supported systems (bsc#1210050). - platform/x86: thinkpad-acpi: profile capabilities as integer (bsc#1210050). - platform/x86/intel/pmc: Alder Lake PCH slp_s0_residency fix (git-fixes). - pNFS/filelayout: Fix coalescing test for single DS (git-fixes). - power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition (git-fixes). - powerpc: Remove linker flag from KBUILD_AFLAGS (bsc#1194869). - powerpc/64s/interrupt: Fix interrupt exit race with security mitigation switch (bsc#1194869). - powerpc/btext: add missing of_node_put (bsc#1065729). - powerpc/ioda/iommu/debugfs: Generate unique debugfs entries (bsc#1194869). - powerpc/iommu: Add missing of_node_put in iommu_init_early_dart (bsc#1194869). - powerpc/iommu: fix memory leak with using debugfs_lookup() (bsc#1194869). - powerpc/kcsan: Exclude udelay to prevent recursive instrumentation (bsc#1194869). - powerpc/kexec_file: fix implicit decl error (bsc#1194869). - powerpc/powernv: fix missing of_node_put in uv_init() (bsc#1194869). - powerpc/powernv/ioda: Skip unallocated resources when mapping to PE (bsc#1065729). - powerpc/pseries/lpar: add missing RTAS retry status handling (bsc#1109158 ltc#169177 git-fixes). - powerpc/pseries/lparcfg: add missing RTAS retry status handling (bsc#1065729). - powerpc/rtas: ensure 4KB alignment for rtas_data_buf (bsc#1065729). - powerpc/vmlinux.lds: Define RUNTIME_DISCARD_EXIT (bsc#1194869). - powerpc/vmlinux.lds: Do not discard .comment (bsc#1194869). - powerpc/vmlinux.lds: Do not discard .rela* for relocatable builds (bsc#1194869). - powerpc/xmon: Fix -Wswitch-unreachable warning in bpt_cmds (bsc#1194869). - ppc64le: HWPOISON_INJECT=m (bsc#1209572). - pwm: cros-ec: Explicitly set .polarity in .get_state() (git-fixes). - pwm: sprd: Explicitly set .polarity in .get_state() (git-fixes). - r8169: fix RTL8168H and RTL8107E rx crc error (git-fixes). - rcu: Fix rcu_torture_read ftrace event (git-fixes). - regulator: Handle deferred clk (git-fixes). - ring-buffer: Fix race while reader and writer are on the same page (git-fixes). - ring-buffer: Handle race between rb_move_tail and rb_check_pages (git-fixes). - ring-buffer: remove obsolete comment for free_buffer_page() (git-fixes). - rpm/constraints.in: increase the disk size for armv6/7 to 24GB It grows and the build fails recently on SLE15-SP4/5. - s390/boot: simplify and fix kernel memory layout setup (bsc#1209600). - s390/dasd: fix no record found for raw_track_access (bsc#1207574). - s390/vfio-ap: fix memory leak in vfio_ap device driver (git-fixes). - sbitmap: Avoid lockups when waker gets preempted (bsc#1209118). - sched/psi: Fix use-after-free in ep_remove_wait_queue() (bsc#1209799). - scsi: qla2xxx: Synchronize the IOCB count to be in order (bsc#1209292 bsc#1209684 bsc#1209556). - sctp: sctp_sock_filter(): avoid list_entry() on possibly empty list (bsc#1208602, git-fixes). - serial: 8250: ASPEED_VUART: select REGMAP instead of depending on it (git-fixes). - serial: 8250: SERIAL_8250_ASPEED_VUART should depend on ARCH_ASPEED (git-fixes). - serial: fsl_lpuart: Fix comment typo (git-fixes). - smb3: fix unusable share after force unmount failure (bsc#1193629). - smb3: lower default deferred close timeout to address perf regression (bsc#1193629). - struct dwc3: mask new member (git-fixes). - SUNRPC: ensure the matching upcall is in-flight upon downcall (git-fixes). - SUNRPC: Fix a server shutdown leak (git-fixes). - SUNRPC: Fix missing release socket in rpc_sockname() (git-fixes). - thunderbolt: Add missing UNSET_INBOUND_SBTX for retimer access (git-fixes). - thunderbolt: Call tb_check_quirks() after initializing adapters (git-fixes). - thunderbolt: Disable interrupt auto clear for rings (git-fixes). - thunderbolt: Rename shadowed variables bit to interrupt_bit and auto_clear_bit (git-fixes). - thunderbolt: Use const qualifier for `ring_interrupt_index` (git-fixes). - thunderbolt: Use scale field when allocating USB3 bandwidth (git-fixes). - timers: Prevent union confusion from unexpected (git-fixes) - trace/hwlat: Do not start per-cpu thread if it is already running (git-fixes). - trace/hwlat: Do not wipe the contents of per-cpu thread data (git-fixes). - trace/hwlat: make use of the helper function kthread_run_on_cpu() (git-fixes). - tracing: Add NULL checks for buffer in ring_buffer_free_read_page() (git-fixes). - tracing: Add trace_array_puts() to write into instance (git-fixes). - tracing: Check field value in hist_field_name() (git-fixes). - tracing: Do not let histogram values have some modifiers (git-fixes). - tracing: Fix wrong return in kprobe_event_gen_test.c (git-fixes). - tracing: Free error logs of tracing instances (git-fixes). - tracing: Have tracing_snapshot_instance_cond() write errors to the appropriate instance (git-fixes). - tracing: Make splice_read available again (git-fixes). - tracing: Make tracepoint lockdep check actually test something (git-fixes). - tracing/hwlat: Replace sched_setaffinity with set_cpus_allowed_ptr (git-fixes). - tty: serial: fsl_lpuart: avoid checking for transfer complete when UARTCTRL_SBK is asserted in lpuart32_tx_empty (git-fixes). - tty: serial: fsl_lpuart: skip waiting for transmission complete when UARTCTRL_SBK is asserted (git-fixes). - tty: serial: sh-sci: Fix Rx on RZ/G2L SCI (git-fixes). - tty: serial: sh-sci: Fix transmit end interrupt handler (git-fixes). - uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2 (git-fixes). - USB: cdns3: Fix issue with using incorrect PCI device function (git-fixes). - USB: cdnsp: changes PCI Device ID to fix conflict with CNDS3 driver (git-fixes). - USB: cdnsp: Fixes error: uninitialized symbol 'len' (git-fixes). - USB: cdnsp: Fixes issue with redundant Status Stage (git-fixes). - USB: chipdea: core: fix return -EINVAL if request role is the same with current role (git-fixes). - USB: chipidea: fix memory leak with using debugfs_lookup() (git-fixes). - USB: dwc2: fix a devres leak in hw_enable upon suspend resume (git-fixes). - USB: dwc3: Fix a typo in field name (git-fixes). - USB: dwc3: fix memory leak with using debugfs_lookup() (git-fixes). - USB: dwc3: gadget: Add 1ms delay after end transfer command without IOC (git-fixes). - USB: fix memory leak with using debugfs_lookup() (git-fixes). - USB: fotg210: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: bcm63xx_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: gr_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: lpc32xx_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: pxa25x_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: pxa27x_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: u_audio: do not let userspace block driver unbind (git-fixes). - USB: isp116x: fix memory leak with using debugfs_lookup() (git-fixes). - USB: isp1362: fix memory leak with using debugfs_lookup() (git-fixes). - USB: sl811: fix memory leak with using debugfs_lookup() (git-fixes). - USB: typec: altmodes/displayport: Fix configure initial pin assignment (git-fixes). - USB: typec: tcpm: fix warning when handle discover_identity message (git-fixes). - USB: ucsi: Fix NULL pointer deref in ucsi_connector_change() (git-fixes). - USB: ucsi: Fix ucsi->connector race (git-fixes). - USB: uhci: fix memory leak with using debugfs_lookup() (git-fixes). - USB: xhci: tegra: fix sleep in atomic call (git-fixes). - vdpa_sim: set last_used_idx as last_avail_idx in vdpasim_queue_ready (git-fixes). - wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta (git-fixes). - wifi: mac80211: fix qos on mesh interfaces (git-fixes). - wireguard: ratelimiter: use hrtimer in selftest (git-fixes) - x86: Annotate call_on_stack() (git-fixes). - x86: Annotate call_on_stack() (git-fixes). - x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments (bsc#1203200). - x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes). - x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes). - x86/fpu: Cache xfeature flags from CPUID (git-fixes). - x86/fpu: Remove unused supervisor only offsets (git-fixes). - x86/fpu: Remove unused supervisor only offsets (git-fixes). - x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes). - x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes). - x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes). - x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes). - x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes). - x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes). - x86/mce: Allow instrumentation during task work queueing (git-fixes). - x86/mce: Allow instrumentation during task work queueing (git-fixes). - x86/mce: Mark mce_end() noinstr (git-fixes). - x86/mce: Mark mce_end() noinstr (git-fixes). - x86/mce: Mark mce_panic() noinstr (git-fixes). - x86/mce: Mark mce_panic() noinstr (git-fixes). - x86/mce: Mark mce_read_aux() noinstr (git-fixes). - x86/mce: Mark mce_read_aux() noinstr (git-fixes). - x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes). - x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes). - x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes). - x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes). - x86/msr: Remove .fixup usage (git-fixes). - x86/sgx: Free backing memory after faulting the enclave page (git-fixes). - x86/sgx: Free backing memory after faulting the enclave page (git-fixes). - x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes). - x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes). - x86/uaccess: Move variable into switch case statement (git-fixes). - x86/uaccess: Move variable into switch case statement (git-fixes). - xfs: convert ptag flags to unsigned (git-fixes). - xfs: do not assert fail on perag references on teardown (git-fixes). - xfs: do not leak btree cursor when insrec fails after a split (git-fixes). - xfs: pass the correct cursor to xfs_iomap_prealloc_size (git-fixes). - xfs: remove xfs_setattr_time() declaration (git-fixes). - xfs: zero inode fork buffer at allocation (git-fixes). - xhci: also avoid the XHCI_ZERO_64B_REGS quirk with a passthrough iommu (git-fixes). - xhci: Free the command allocated for setting LPM if we return early (git-fixes). - xirc2ps_cs: Fix use after free bug in xirc2ps_detach (git-fixes). - xprtrdma: Fix regbuf data not freed in rpcrdma_req_create() (git-fixes). kernel-default-5.14.21-150400.24.60.1.nosrc.rpm True kernel-default-5.14.21-150400.24.60.1.x86_64.rpm True kernel-default-base-5.14.21-150400.24.60.1.150400.24.24.3.src.rpm True kernel-default-base-5.14.21-150400.24.60.1.150400.24.24.3.x86_64.rpm True kernel-default-5.14.21-150400.24.60.1.s390x.rpm True kernel-default-base-5.14.21-150400.24.60.1.150400.24.24.3.s390x.rpm True kernel-default-5.14.21-150400.24.60.1.aarch64.rpm True kernel-default-base-5.14.21-150400.24.60.1.150400.24.24.3.aarch64.rpm True openSUSE-Leap-Micro-5.4-2023-1992 important SUSE Updates openSUSE-Leap-Micro 5.4 The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547). - CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256). - CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635). - CVE-2023-0394: Fixed a null pointer dereference flaw in the network subcomponent in the Linux kernel which could lead to system crash (bsc#1207168). - CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209634). - CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532). - CVE-2023-1582: Fixed soft lockup in __page_mapcount (bsc#1209636). - CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687). - CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779, bsc#1198400). - CVE-2023-1652: Fixed use-after-free that could lead to DoS and information leak in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c (bsc#1209788). - CVE-2023-1838: Fixed an use-after-free flaw in virtio network subcomponent. This flaw could allow a local attacker to crash the system and lead to a kernel information leak problem. (bsc#1210203). - CVE-2023-23001: Fixed misinterpretation of regulator_get return value in drivers/scsi/ufs/ufs-mediatek.c (bsc#1208829). - CVE-2023-28327: Fixed DoS in in_skb in unix_diag_get_exact() (bsc#1209290). - CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/bluetooth/hci_conn.c (bsc#1209052). - CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1209366). The following non-security bugs were fixed: - ACPI: x86: utils: Add Cezanne to the list for forcing StorageD3Enable (git-fixes). - ALSA: asihpi: check pao in control_message() (git-fixes). - ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set() (git-fixes). - ALSA: hda/conexant: Partial revert of a quirk for Lenovo (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo X370SNW (git-fixes). - ALSA: hda/realtek: Add quirk for Lenovo ZhaoYang CF4620Z (git-fixes). - ALSA: hda/realtek: Add quirks for some Clevo laptops (git-fixes). - ALSA: hda/realtek: Fix support for Dell Precision 3260 (git-fixes). - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). - ALSA: hda: intel-dsp-config: add MTL PCI id (git-fixes). - ALSA: usb-audio: Fix recursive locking at XRUN during syncing (git-fixes). - ALSA: usb-audio: Fix regression on detection of Roland VS-100 (git-fixes). - ALSA: ymfpci: Fix BUG_ON in probe function (git-fixes). - ARM: dts: imx6sl: tolino-shine2hd: fix usbotg1 pinctrl (git-fixes). - ARM: dts: imx6sll: e60k02: fix usbotg1 pinctrl (git-fixes). - ASoC: codecs: tx-macro: Fix for KASAN: slab-out-of-bounds (git-fixes). - Bluetooth: L2CAP: Fix responding with wrong PDU type (git-fixes). - Bluetooth: btqcomsmd: Fix command timeout after setting BD address (git-fixes). - Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work (git-fixes). - Fix error path in pci-hyperv to unlock the mutex state_lock - HID: cp2112: Fix driver not registering GPIO IRQ chip as threaded (git-fixes). - HID: intel-ish-hid: ipc: Fix potential use-after-free in work function (git-fixes). - Input: alps - fix compatibility with -funsigned-char (bsc#1209805). - Input: focaltech - use explicitly signed char type (git-fixes). - Input: goodix - add Lenovo Yoga Book X90F to nine_bytes_report DMI table (git-fixes). - KABI FIX FOR: NFSv4: keep state manager thread active if swap is enabled (Never, kabi). - KVM: x86: fix sending PV IPI (git-fixes). - NFS: Fix an Oops in nfs_d_automount() (git-fixes). - NFS: fix disabling of swap (git-fixes). - NFSD: Protect against filesystem freezing (git-fixes). - NFSD: fix leaked reference count of nfsd4_ssc_umount_item (git-fixes). - NFSD: fix problems with cleanup on errors in nfsd4_copy (git-fixes). - NFSD: fix use-after-free in nfsd4_ssc_setup_dul() (git-fixes). - NFSd: fix handling of readdir in v4root vs. mount upcall timeout (git-fixes). - NFSd: fix race to check ls_layouts (git-fixes). - NFSd: shut down the NFSv4 state objects before the filecache (git-fixes). - NFSd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure (git-fixes). - NFSd: zero out pointers after putting nfsd_files on COPY setup error (git-fixes). - NFSv4.1 provide mount option to toggle trunking discovery (git-fixes). - NFSv4.2: Fix initialisation of struct nfs4_label (git-fixes). - NFSv4.x: Fail client initialisation if state manager thread can't run (git-fixes). - NFSv4: Fix a credential leak in _nfs4_discover_trunking() (git-fixes). - NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn (git-fixes). - NFSv4: Fix hangs when recovering open state after a server reboot (git-fixes). - NFSv4: fix state manager flag printing (git-fixes). - NFSv4: keep state manager thread active if swap is enabled (git-fixes). - PCI/DPC: Await readiness of secondary bus after reset (git-fixes). - PCI: hv: Add a per-bus mutex state_lock (bsc#1207185). - PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1207185). - PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1207185). - PCI: hv: Use async probing to reduce boot time (bsc#1207185). - PCI: hv: fix a race condition bug in hv_pci_query_relations() (bsc#1207185). - SUNRPC: Fix a server shutdown leak (git-fixes). - SUNRPC: Fix missing release socket in rpc_sockname() (git-fixes). - SUNRPC: ensure the matching upcall is in-flight upon downcall (git-fixes). - USB: cdns3: Fix issue with using incorrect PCI device function (git-fixes). - USB: cdnsp: Fixes error: uninitialized symbol 'len' (git-fixes). - USB: cdnsp: Fixes issue with redundant Status Stage (git-fixes). - USB: cdnsp: changes PCI Device ID to fix conflict with CNDS3 driver (git-fixes). - USB: chipdea: core: fix return -EINVAL if request role is the same with current role (git-fixes). - USB: chipidea: fix memory leak with using debugfs_lookup() (git-fixes). - USB: dwc2: fix a devres leak in hw_enable upon suspend resume (git-fixes). - USB: dwc3: Fix a typo in field name (git-fixes). - USB: dwc3: fix memory leak with using debugfs_lookup() (git-fixes). - USB: dwc3: gadget: Add 1ms delay after end transfer command without IOC (git-fixes). - USB: fix memory leak with using debugfs_lookup() (git-fixes). - USB: fotg210: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: bcm63xx_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: gr_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: lpc32xx_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: pxa25x_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: pxa27x_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: u_audio: do not let userspace block driver unbind (git-fixes). - USB: isp116x: fix memory leak with using debugfs_lookup() (git-fixes). - USB: isp1362: fix memory leak with using debugfs_lookup() (git-fixes). - USB: sl811: fix memory leak with using debugfs_lookup() (git-fixes). - USB: typec: altmodes/displayport: Fix configure initial pin assignment (git-fixes). - USB: typec: tcpm: fix warning when handle discover_identity message (git-fixes). - USB: ucsi: Fix NULL pointer deref in ucsi_connector_change() (git-fixes). - USB: ucsi: Fix ucsi->connector race (git-fixes). - USB: uhci: fix memory leak with using debugfs_lookup() (git-fixes). - USB: xhci: tegra: fix sleep in atomic call (git-fixes). - alarmtimer: Prevent starvation by small intervals and SIG_IGN (git-fixes) - arch: fix broken BuildID for arm64 and riscv (bsc#1209798). - arm64/cpufeature: Fix field sign for DIT hwcap detection (git-fixes) - arm64: dts: freescale: Fix pca954x i2c-mux node names (git-fixes) - arm64: dts: imx8mm-nitrogen-r2: fix WM8960 clock name (git-fixes). - arm64: dts: imx8mn: specify #sound-dai-cells for SAI nodes (git-fixes). - arm64: dts: imx8mp-phycore-som: Remove invalid PMIC property (git-fixes) - arm64: dts: imx8mp: correct usb clocks (git-fixes) - arm64: dts: imx8mq: add mipi csi phy and csi bridge descriptions (git-fixes) - arm64: dts: imx8mq: fix mipi_csi bidirectional port numbers (git-fixes) - arm64: dts: qcom: sm8350: Mark UFS controller as cache coherent (git-fixes). - atm: idt77252: fix kmemleak when rmmod idt77252 (git-fixes). - ca8210: Fix unsigned mac_len comparison with zero in ca8210_skb_tx() (git-fixes). - ca8210: fix mac_len negative array access (git-fixes). - can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write (git-fixes). - can: isotp: isotp_ops: fix poll() to not report false EPOLLOUT events (git-fixes). - can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access (git-fixes). - cifs: Fix smb2_set_path_size() (git-fixes). - cifs: Move the in_send statistic to __smb_send_rqst() (git-fixes). - cifs: append path to open_enter trace event (bsc#1193629). - cifs: avoid race conditions with parallel reconnects (bsc#1193629). - cifs: avoid races in parallel reconnects in smb1 (bsc#1193629). - cifs: check only tcon status on tcon related functions (bsc#1193629). - cifs: do not poll server interfaces too regularly (bsc#1193629). - cifs: double lock in cifs_reconnect_tcon() (git-fixes). - cifs: dump pending mids for all channels in DebugData (bsc#1193629). - cifs: empty interface list when server does not support query interfaces (bsc#1193629). - cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL (bsc#1193629). - cifs: fix dentry lookups in directory handle cache (bsc#1193629). - cifs: fix missing unload_nls() in smb2_reconnect() (bsc#1193629). - cifs: fix use-after-free bug in refresh_cache_worker() (bsc#1193629). - cifs: generate signkey for the channel that's reconnecting (bsc#1193629). - cifs: get rid of dead check in smb2_reconnect() (bsc#1193629). - cifs: lock chan_lock outside match_session (bsc#1193629). - cifs: prevent infinite recursion in CIFSGetDFSRefer() (bsc#1193629). - cifs: print session id while listing open files (bsc#1193629). - cifs: return DFS root session id in DebugData (bsc#1193629). - cifs: set DFS root session in cifs_get_smb_ses() (bsc#1193629). - cifs: use DFS root session instead of tcon ses (bsc#1193629). - clocksource/drivers/mediatek: Optimize systimer irq clear flow on shutdown (git-fixes). - debugfs: add debugfs_lookup_and_remove() (git-fixes). - drivers/base: Fix unsigned comparison to -1 in CPUMAP_FILE_MAX_BYTES (bsc#1208815). - drivers/base: fix userspace break from using bin_attributes for cpumap and cpulist (bsc#1208815). - drm/amd/display: Add DSC Support for Synaptics Cascaded MST Hub (git-fixes). - drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes (git-fixes). - drm/amdkfd: Fix an illegal memory access (git-fixes). - drm/bridge: lt8912b: return EPROBE_DEFER if bridge is not found (git-fixes). - drm/etnaviv: fix reference leak when mmaping imported buffer (git-fixes). - drm/i915/active: Fix missing debug object activation (git-fixes). - drm/i915/active: Fix misuse of non-idle barriers as fence trackers (git-fixes). - drm/i915/display/psr: Handle plane and pipe restrictions at every page flip (git-fixes). - drm/i915/display/psr: Use drm damage helpers to calculate plane damaged area (git-fixes). - drm/i915/display: Workaround cursor left overs with PSR2 selective fetch enabled (git-fixes). - drm/i915/display: clean up comments (git-fixes). - drm/i915/gt: perform uc late init after probe error injection (git-fixes). - drm/i915/psr: Use calculated io and fast wake lines (git-fixes). - drm/i915/tc: Fix the ICL PHY ownership check in TC-cold state (git-fixes). - drm/i915: Do not use BAR mappings for ring buffers with LLC (git-fixes). - drm/i915: Do not use stolen memory for ring buffers with LLC (git-fixes). - drm/i915: Preserve crtc_state->inherited during state clearing (git-fixes). - drm/i915: Remove unused bits of i915_vma/active api (git-fixes). - drm/panfrost: Fix the panfrost_mmu_map_fault_addr() error path (git-fixes). - dt-bindings: serial: renesas,scif: Fix 4th IRQ for 4-IRQ SCIFs (git-fixes). - efi: sysfb_efi: Fix DMI quirks not working for simpledrm (git-fixes). - fbdev: au1200fb: Fix potential divide by zero (git-fixes). - fbdev: intelfb: Fix potential divide by zero (git-fixes). - fbdev: lxfb: Fix potential divide by zero (git-fixes). - fbdev: nvidia: Fix potential divide by zero (git-fixes). - fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks (git-fixes). - fbdev: tgafb: Fix potential divide by zero (git-fixes). - firmware: arm_scmi: Fix device node validation for mailbox transport (git-fixes). - fotg210-udc: Add missing completion handler (git-fixes). - ftrace: Fix invalid address access in lookup_rec() when index is 0 (git-fixes). - ftrace: Fix issue that 'direct->addr' not restored in modify_ftrace_direct() (git-fixes). - ftrace: Mark get_lock_parent_ip() __always_inline (git-fixes). - gpio: GPIO_REGMAP: select REGMAP instead of depending on it (git-fixes). - gpio: davinci: Add irq chip flag to skip set wake (git-fixes). - hwmon: fix potential sensor registration fail if of_node is missing (git-fixes). - i2c: hisi: Only use the completion interrupt to finish the transfer (git-fixes). - i2c: imx-lpi2c: check only for enabled interrupt flags (git-fixes). - i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() (git-fixes). - iio: adc: ad7791: fix IRQ flags (git-fixes). - iio: adc: ti-ads7950: Set `can_sleep` flag for GPIO chip (git-fixes). - iio: adis16480: select CONFIG_CRC32 (git-fixes). - iio: dac: cio-dac: Fix max DAC write value check for 12-bit (git-fixes). - iio: light: cm32181: Unregister second I2C client if present (git-fixes). - kABI workaround for xhci (git-fixes). - kABI: x86/msr: Remove .fixup usage (kabi). - kconfig: Update config changed flag before calling callback (git-fixes). - keys: Do not cache key in task struct if key is requested from kernel thread (git-fixes). - lan78xx: Add missing return code checks (git-fixes). - lan78xx: Fix exception on link speed change (git-fixes). - lan78xx: Fix memory allocation bug (git-fixes). - lan78xx: Fix partial packet errors on suspend/resume (git-fixes). - lan78xx: Fix race condition in disconnect handling (git-fixes). - lan78xx: Fix race conditions in suspend/resume handling (git-fixes). - lan78xx: Fix white space and style issues (git-fixes). - lan78xx: Remove unused pause frame queue (git-fixes). - lan78xx: Remove unused timer (git-fixes). - lan78xx: Set flow control threshold to prevent packet loss (git-fixes). - lockd: set file_lock start and end when decoding nlm4 testargs (git-fixes). - locking/rwbase: Mitigate indefinite writer starvation (bsc#1189998 (PREEMPT_RT prerequisite backports), bsc#1206552). - mm: memcg: fix swapcached stat accounting (bsc#1209804). - mm: mmap: remove newline at the end of the trace (git-fixes). - mmc: atmel-mci: fix race between stop command and start of next command (git-fixes). - mtd: rawnand: meson: fix bitmask for length in command word (git-fixes). - mtd: rawnand: meson: invalidate cache on polling ECC bit (git-fixes). - mtd: rawnand: stm32_fmc2: remove unsupported EDO mode (git-fixes). - mtd: rawnand: stm32_fmc2: use timings.mode instead of checking tRC_min (git-fixes). - mtdblock: tolerate corrected bit-flips (git-fixes). - net: asix: fix modprobe "sysfs: cannot create duplicate filename" (git-fixes). - net: mdio: thunder: Add missing fwnode_handle_put() (git-fixes). - net: phy: Ensure state transitions are processed from phy_stop() (git-fixes). - net: phy: dp83869: fix default value for tx-/rx-internal-delay (git-fixes). - net: phy: nxp-c45-tja11xx: fix MII_BASIC_CONFIG_REV bit (git-fixes). - net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails (git-fixes). - net: qcom/emac: Fix use after free bug in emac_remove due to race condition (git-fixes). - net: usb: asix: remove redundant assignment to variable reg (git-fixes). - net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990 (git-fixes). - net: usb: lan78xx: Limit packet length to skb->len (git-fixes). - net: usb: qmi_wwan: add Telit 0x1080 composition (git-fixes). - net: usb: smsc75xx: Limit packet length to skb->len (git-fixes). - net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull (git-fixes). - net: usb: smsc95xx: Limit packet length to skb->len (git-fixes). - net: usb: use eth_hw_addr_set() (git-fixes). - nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() (git-fixes). - nilfs2: fix sysfs interface lifetime (git-fixes). - nvme-tcp: always fail a request when sending it failed (bsc#1208902). - pNFS/filelayout: Fix coalescing test for single DS (git-fixes). - pinctrl: amd: Disable and mask interrupts on resume (git-fixes). - pinctrl: at91-pio4: fix domain name assignment (git-fixes). - pinctrl: ocelot: Fix alt mode for ocelot (git-fixes). - platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl (git-fixes). - platform/x86/intel/pmc: Alder Lake PCH slp_s0_residency fix (git-fixes). - platform/x86: think-lmi: Add possible_values for ThinkStation (git-fixes). - platform/x86: think-lmi: Certificate authentication support (bsc#1210050). - platform/x86: think-lmi: Clean up display of current_value on Thinkstation (git-fixes). - platform/x86: think-lmi: Fix memory leak when showing current settings (git-fixes). - platform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI strings (git-fixes). - platform/x86: think-lmi: Move kobject_init() call into tlmi_create_auth() (bsc#1210050). - platform/x86: think-lmi: Opcode support (bsc#1210050). - platform/x86: think-lmi: Prevent underflow in index_store() (bsc#1210050). - platform/x86: think-lmi: Simplify tlmi_analyze() error handling a bit (bsc#1210050). - platform/x86: think-lmi: Use min_t() for comparison and assignment (bsc#1210050). - platform/x86: think-lmi: add debug_cmd (bsc#1210050). - platform/x86: think-lmi: add missing type attribute (git-fixes). - platform/x86: think-lmi: certificate support clean ups (bsc#1210050). - platform/x86: think-lmi: only display possible_values if available (git-fixes). - platform/x86: think-lmi: use correct possible_values delimiters (git-fixes). - platform/x86: thinkpad-acpi: Add support for automatic mode transitions (bsc#1210050). - platform/x86: thinkpad-acpi: Enable AMT by default on supported systems (bsc#1210050). - platform/x86: thinkpad-acpi: profile capabilities as integer (bsc#1210050). - platform/x86: thinkpad_acpi: Accept ibm_init_struct.init() returning -ENODEV (bsc#1210050). - platform/x86: thinkpad_acpi: Add LED_RETAIN_AT_SHUTDOWN to led_class_devs (bsc#1210050). - platform/x86: thinkpad_acpi: Add PSC mode support (bsc#1210050). - platform/x86: thinkpad_acpi: Add a s2idle resume quirk for a number of laptops (bsc#1210050). - platform/x86: thinkpad_acpi: Add dual fan probe (bsc#1210050). - platform/x86: thinkpad_acpi: Add dual-fan quirk for T15g (2nd gen) (bsc#1210050). - platform/x86: thinkpad_acpi: Add hotkey_notify_extended_hotkey() helper (bsc#1210050). - platform/x86: thinkpad_acpi: Add lid_logo_dot to the list of safe LEDs (bsc#1210050). - platform/x86: thinkpad_acpi: Add quirk for ThinkPads without a fan (bsc#1210050). - platform/x86: thinkpad_acpi: Cleanup dytc_profile_available (bsc#1210050). - platform/x86: thinkpad_acpi: Convert btusb DMI list to quirks (bsc#1210050). - platform/x86: thinkpad_acpi: Convert platform driver to use dev_groups (bsc#1210050). - platform/x86: thinkpad_acpi: Correct dual fan probe (bsc#1210050). - platform/x86: thinkpad_acpi: Do not use test_bit on an integer (bsc#1210050). - platform/x86: thinkpad_acpi: Enable s2idle quirk for 21A1 machine type (bsc#1210050). - platform/x86: thinkpad_acpi: Explicitly set to balanced mode on startup (bsc#1210050). - platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO resource (bsc#1210050). - platform/x86: thinkpad_acpi: Fix coccinelle warnings (bsc#1210050). - platform/x86: thinkpad_acpi: Fix compiler warning about uninitialized err variable (bsc#1210050). - platform/x86: thinkpad_acpi: Fix incorrect use of platform profile on AMD platforms (bsc#1210050). - platform/x86: thinkpad_acpi: Fix max_brightness of thinklight (bsc#1210050). - platform/x86: thinkpad_acpi: Fix profile mode display in AMT mode (bsc#1210050). - platform/x86: thinkpad_acpi: Fix profile modes on Intel platforms (bsc#1210050). - platform/x86: thinkpad_acpi: Fix reporting a non present second fan on some models (bsc#1210050). - platform/x86: thinkpad_acpi: Fix the hwmon sysfs-attr showing up in the wrong place (bsc#1210050). - platform/x86: thinkpad_acpi: Fix thermal_temp_input_attr sorting (bsc#1210050). - platform/x86: thinkpad_acpi: Fix thinklight LED brightness returning 255 (bsc#1210050). - platform/x86: thinkpad_acpi: Get privacy-screen / lcdshadow ACPI handles only once (bsc#1210050). - platform/x86: thinkpad_acpi: Make *_init() functions return -ENODEV instead of 1 (bsc#1210050). - platform/x86: thinkpad_acpi: Properly indent code in tpacpi_dytc_profile_init() (bsc#1210050). - platform/x86: thinkpad_acpi: Register tpacpi_pdriver after subdriver init (bsc#1210050). - platform/x86: thinkpad_acpi: Remove "goto err_exit" from hotkey_init() (bsc#1210050). - platform/x86: thinkpad_acpi: Remove unused sensors_pdev_attrs_registered flag (bsc#1210050). - platform/x86: thinkpad_acpi: Restore missing hotkey_tablet_mode and hotkey_radio_sw sysfs-attr (bsc#1210050). - platform/x86: thinkpad_acpi: Simplify dytc_version handling (bsc#1210050). - platform/x86: thinkpad_acpi: Switch to common use of attributes (bsc#1210050). - platform/x86: thinkpad_acpi: Use backlight helper (bsc#1210050). - platform/x86: thinkpad_acpi: clean up dytc profile convert (bsc#1210050). - platform/x86: thinkpad_acpi: consistently check fan_get_status return (bsc#1210050). - platform/x86: thinkpad_acpi: do not use PSC mode on Intel platforms (bsc#1210050). - platform/x86: thinkpad_acpi: tpacpi_attr_group contains driver attributes not device attrs (bsc#1210050). - platform/x86: thinkpad_acpi: use strstarts() (bsc#1210050). - power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition (git-fixes). - powerpc/64s/interrupt: Fix interrupt exit race with security mitigation switch (bsc#1194869). - powerpc/btext: add missing of_node_put (bsc#1065729). - powerpc/ioda/iommu/debugfs: Generate unique debugfs entries (bsc#1194869). - powerpc/iommu: Add missing of_node_put in iommu_init_early_dart (bsc#1194869). - powerpc/iommu: fix memory leak with using debugfs_lookup() (bsc#1194869). - powerpc/kcsan: Exclude udelay to prevent recursive instrumentation (bsc#1194869). - powerpc/kexec_file: fix implicit decl error (bsc#1194869). - powerpc/powernv/ioda: Skip unallocated resources when mapping to PE (bsc#1065729). - powerpc/powernv: fix missing of_node_put in uv_init() (bsc#1194869). - powerpc/pseries/lpar: add missing RTAS retry status handling (bsc#1109158 ltc#169177 git-fixes). - powerpc/pseries/lparcfg: add missing RTAS retry status handling (bsc#1065729). - powerpc/rtas: ensure 4KB alignment for rtas_data_buf (bsc#1065729). - powerpc/vmlinux.lds: Define RUNTIME_DISCARD_EXIT (bsc#1194869). - powerpc/vmlinux.lds: Do not discard .comment (bsc#1194869). - powerpc/vmlinux.lds: Do not discard .rela* for relocatable builds (bsc#1194869). - powerpc/xmon: Fix -Wswitch-unreachable warning in bpt_cmds (bsc#1194869). - powerpc: Remove linker flag from KBUILD_AFLAGS (bsc#1194869). - ppc64le: HWPOISON_INJECT=m (bsc#1209572). - pwm: cros-ec: Explicitly set .polarity in .get_state() (git-fixes). - pwm: sprd: Explicitly set .polarity in .get_state() (git-fixes). - r8169: fix RTL8168H and RTL8107E rx crc error (git-fixes). - rcu: Fix rcu_torture_read ftrace event (git-fixes). - ring-buffer: Fix race while reader and writer are on the same page (git-fixes). - ring-buffer: Handle race between rb_move_tail and rb_check_pages (git-fixes). - ring-buffer: remove obsolete comment for free_buffer_page() (git-fixes). - s390/boot: simplify and fix kernel memory layout setup (bsc#1209600). - s390/dasd: fix no record found for raw_track_access (bsc#1207574). - s390/vfio-ap: fix memory leak in vfio_ap device driver (git-fixes). - sbitmap: Avoid lockups when waker gets preempted (bsc#1209118). - sched/psi: Fix use-after-free in ep_remove_wait_queue() (bsc#1209799). - scsi: qla2xxx: Synchronize the IOCB count to be in order (bsc#1209292 bsc#1209684 bsc#1209556). - sctp: sctp_sock_filter(): avoid list_entry() on possibly empty list (bsc#1208602, git-fixes). - serial: 8250: ASPEED_VUART: select REGMAP instead of depending on it (git-fixes). - serial: 8250: SERIAL_8250_ASPEED_VUART should depend on ARCH_ASPEED (git-fixes). - serial: fsl_lpuart: Fix comment typo (git-fixes). - smb3: fix unusable share after force unmount failure (bsc#1193629). - smb3: lower default deferred close timeout to address perf regression (bsc#1193629). - struct dwc3: mask new member (git-fixes). - thunderbolt: Add missing UNSET_INBOUND_SBTX for retimer access (git-fixes). - thunderbolt: Call tb_check_quirks() after initializing adapters (git-fixes). - thunderbolt: Disable interrupt auto clear for rings (git-fixes). - thunderbolt: Rename shadowed variables bit to interrupt_bit and auto_clear_bit (git-fixes). - thunderbolt: Use const qualifier for `ring_interrupt_index` (git-fixes). - thunderbolt: Use scale field when allocating USB3 bandwidth (git-fixes). - timers: Prevent union confusion from unexpected (git-fixes) - trace/hwlat: Do not start per-cpu thread if it is already running (git-fixes). - trace/hwlat: Do not wipe the contents of per-cpu thread data (git-fixes). - trace/hwlat: make use of the helper function kthread_run_on_cpu() (git-fixes). - tracing: Add trace_array_puts() to write into instance (git-fixes). - tracing: Fix wrong return in kprobe_event_gen_test.c (git-fixes). - tracing: Free error logs of tracing instances (git-fixes). - tracing: Have tracing_snapshot_instance_cond() write errors to the appropriate instance (git-fixes). - tty: serial: fsl_lpuart: avoid checking for transfer complete when UARTCTRL_SBK is asserted in lpuart32_tx_empty (git-fixes). - tty: serial: fsl_lpuart: skip waiting for transmission complete when UARTCTRL_SBK is asserted (git-fixes). - tty: serial: sh-sci: Fix Rx on RZ/G2L SCI (git-fixes). - tty: serial: sh-sci: Fix transmit end interrupt handler (git-fixes). - uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2 (git-fixes). - vdpa_sim: set last_used_idx as last_avail_idx in vdpasim_queue_ready (git-fixes). - wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta (git-fixes). - wifi: mac80211: fix qos on mesh interfaces (git-fixes). - wireguard: ratelimiter: use hrtimer in selftest (git-fixes) - x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes). - x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes). - x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes). - x86/fpu: Cache xfeature flags from CPUID (git-fixes). - x86/fpu: Remove unused supervisor only offsets (git-fixes). - x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes). - x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes). - x86/mce: Allow instrumentation during task work queueing (git-fixes). - x86/mce: Mark mce_end() noinstr (git-fixes). - x86/mce: Mark mce_panic() noinstr (git-fixes). - x86/mce: Mark mce_read_aux() noinstr (git-fixes). - x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes). - x86/msr: Remove .fixup usage (git-fixes). - x86/sgx: Free backing memory after faulting the enclave page (git-fixes). - x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes). - x86/uaccess: Move variable into switch case statement (git-fixes). - x86: Annotate call_on_stack() (git-fixes). - x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments (bsc#1203200). - xfs: convert ptag flags to unsigned (git-fixes). - xfs: do not assert fail on perag references on teardown (git-fixes). - xfs: do not leak btree cursor when insrec fails after a split (git-fixes). - xfs: pass the correct cursor to xfs_iomap_prealloc_size (git-fixes). - xfs: remove xfs_setattr_time() declaration (git-fixes). - xfs: zero inode fork buffer at allocation (git-fixes). - xhci: Free the command allocated for setting LPM if we return early (git-fixes). - xhci: also avoid the XHCI_ZERO_64B_REGS quirk with a passthrough iommu (git-fixes). - xirc2ps_cs: Fix use after free bug in xirc2ps_detach (git-fixes). - xprtrdma: Fix regbuf data not freed in rpcrdma_req_create() (git-fixes). kernel-rt-5.14.21-150400.15.23.1.nosrc.rpm True kernel-rt-5.14.21-150400.15.23.1.x86_64.rpm True openSUSE-Leap-Micro-5.4-2023-1994 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for avahi fixes the following issues: - CVE-2023-1981: Fixed crash in avahi-daemon (bsc#1210328). avahi-0.8-150400.7.3.1.src.rpm avahi-0.8-150400.7.3.1.x86_64.rpm libavahi-client3-0.8-150400.7.3.1.x86_64.rpm libavahi-common3-0.8-150400.7.3.1.x86_64.rpm libavahi-core7-0.8-150400.7.3.1.x86_64.rpm avahi-0.8-150400.7.3.1.s390x.rpm libavahi-client3-0.8-150400.7.3.1.s390x.rpm libavahi-common3-0.8-150400.7.3.1.s390x.rpm libavahi-core7-0.8-150400.7.3.1.s390x.rpm avahi-0.8-150400.7.3.1.aarch64.rpm libavahi-client3-0.8-150400.7.3.1.aarch64.rpm libavahi-common3-0.8-150400.7.3.1.aarch64.rpm libavahi-core7-0.8-150400.7.3.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2084 important SUSE Updates openSUSE-Leap-Micro 5.4 This update for shim fixes the following issues: - CVE-2022-28737 was missing as reference previously. - Upgrade shim-install for bsc#1210382 After closing Leap-gap project since Leap 15.3, openSUSE Leap direct uses shim from SLE. So the ca_string is 'SUSE Linux Enterprise Secure Boot CA1', not 'openSUSE Secure Boot CA1'. It causes that the update_boot=no, so all files in /boot/efi/EFI/boot are not updated. Logic was added that is using ID field in os-release for checking Leap distro and set ca_string to 'SUSE Linux Enterprise Secure Boot CA1'. Then /boot/efi/EFI/boot/* can also be updated. shim-15.7-150300.4.16.1.src.rpm shim-15.7-150300.4.16.1.x86_64.rpm shim-15.7-150300.4.16.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2046 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for openssl-ibmca fixes the following issues: Upgraded openssl-ibmca to version 2.4.0 (bsc#1210058) - Provider: Adjustments for OpenSSL versions 3.1 and 3.2 - Provider: Support RSA blinding - Provider: Constant-time fixes for RSA PKCS#1 v1.5 and OAEP padding - Provider: Support "implicit rejection" option for RSA PKCS#1 v1.5 padding - Provider: Adjustments in OpenSSL config generator and example configs - Engine: EC: Cache ICA key in EC_KEY object (performance improvement) - FIPS 140-3: Correct engine handling so only the ciphers selected in the config file are activated (bsc#1210359) openssl-ibmca-2.4.0-150400.4.8.1.s390x.rpm openssl-ibmca-2.4.0-150400.4.8.1.src.rpm openSUSE-Leap-Micro-5.4-2023-1947 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for dmidecode fixes the following issues: - CVE-2023-30630: Fixed potential privilege escalation vulnerability via file overwrite (bsc#1210418). dmidecode-3.4-150400.16.8.1.src.rpm dmidecode-3.4-150400.16.8.1.x86_64.rpm dmidecode-3.4-150400.16.8.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-1939 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for mozilla-nss fixes the following issues: - FIPS 140-3: Adjust SLI reporting for PBKDF2 parameter validation (bsc#1208999) - FIPS 140-3: Update session->lastOpWasFIPS before destroying the key after derivation in the CKM_TLS12_KEY_AND_MAC_DERIVE, CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256, CKM_TLS_KEY_AND_MAC_DERIVE and CKM_SSL3_KEY_AND_MAC_DERIVE cases. (bsc#1191546) - FIPS 140-3: more changes for pairwise consistency checks. (bsc#1207209) - Add manpages to mozilla-nss-tools (bsc#1208242) libfreebl3-3.79.4-150400.3.29.1.x86_64.rpm libfreebl3-hmac-3.79.4-150400.3.29.1.x86_64.rpm libsoftokn3-3.79.4-150400.3.29.1.x86_64.rpm libsoftokn3-hmac-3.79.4-150400.3.29.1.x86_64.rpm mozilla-nss-3.79.4-150400.3.29.1.src.rpm mozilla-nss-3.79.4-150400.3.29.1.x86_64.rpm mozilla-nss-certs-3.79.4-150400.3.29.1.x86_64.rpm mozilla-nss-tools-3.79.4-150400.3.29.1.x86_64.rpm libfreebl3-3.79.4-150400.3.29.1.s390x.rpm libfreebl3-hmac-3.79.4-150400.3.29.1.s390x.rpm libsoftokn3-3.79.4-150400.3.29.1.s390x.rpm libsoftokn3-hmac-3.79.4-150400.3.29.1.s390x.rpm mozilla-nss-3.79.4-150400.3.29.1.s390x.rpm mozilla-nss-certs-3.79.4-150400.3.29.1.s390x.rpm mozilla-nss-tools-3.79.4-150400.3.29.1.s390x.rpm libfreebl3-3.79.4-150400.3.29.1.aarch64.rpm libfreebl3-hmac-3.79.4-150400.3.29.1.aarch64.rpm libsoftokn3-3.79.4-150400.3.29.1.aarch64.rpm libsoftokn3-hmac-3.79.4-150400.3.29.1.aarch64.rpm mozilla-nss-3.79.4-150400.3.29.1.aarch64.rpm mozilla-nss-certs-3.79.4-150400.3.29.1.aarch64.rpm mozilla-nss-tools-3.79.4-150400.3.29.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-1967 important SUSE Updates openSUSE-Leap-Micro 5.4 This update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container fixes the following issues: - CVE-2023-26484: Limit operator secrets permission. (bsc#1209359) kubevirt is also rebuilt with a supported GO compiler (bsc#1208916) kubevirt-0.54.0-150400.3.13.1.src.rpm kubevirt-manifests-0.54.0-150400.3.13.1.x86_64.rpm kubevirt-virtctl-0.54.0-150400.3.13.1.x86_64.rpm openSUSE-Leap-Micro-5.4-2023-1966 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer fixes the following issues: - build the containerized-data-importer with a supported golang compiler (bsc#1208916) containerized-data-importer-1.51.0-150400.4.13.1.src.rpm containerized-data-importer-manifests-1.51.0-150400.4.13.1.x86_64.rpm openSUSE-Leap-Micro-5.4-2023-2053 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). The following non-security bug was fixed: - Remove unneeded dependency (bsc#1209918). libxml2-2-2.9.14-150400.5.16.1.x86_64.rpm libxml2-2.9.14-150400.5.16.1.src.rpm libxml2-python-2.9.14-150400.5.16.1.src.rpm libxml2-tools-2.9.14-150400.5.16.1.x86_64.rpm python3-libxml2-2.9.14-150400.5.16.1.x86_64.rpm libxml2-2-2.9.14-150400.5.16.1.s390x.rpm libxml2-tools-2.9.14-150400.5.16.1.s390x.rpm python3-libxml2-2.9.14-150400.5.16.1.s390x.rpm libxml2-2-2.9.14-150400.5.16.1.aarch64.rpm libxml2-tools-2.9.14-150400.5.16.1.aarch64.rpm python3-libxml2-2.9.14-150400.5.16.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2051 important SUSE Updates openSUSE-Leap-Micro 5.4 This update for libtpms fixes the following issues: - CVE-2023-1017: Fixed out-of-bounds write in CryptParameterDecryption (bsc#1206022). - CVE-2023-1018: Fixed out-of-bounds read in CryptParameterDecryption (bsc#1206023). libtpms-0.8.2-150300.3.9.1.src.rpm libtpms0-0.8.2-150300.3.9.1.x86_64.rpm libtpms0-0.8.2-150300.3.9.1.s390x.rpm libtpms0-0.8.2-150300.3.9.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2103 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for vim fixes the following issues: Updated to version 9.0 with patch level 1443, fixes the following security problems - CVE-2023-1264: Fixed NULL Pointer Dereference (bsc#1209042). - CVE-2023-1355: Fixed NULL Pointer Dereference (bsc#1209187). - CVE-2023-1127: Fixed divide by zero in scrolldown() (bsc#1208828). vim-9.0.1443-150000.5.40.1.src.rpm vim-data-common-9.0.1443-150000.5.40.1.noarch.rpm vim-small-9.0.1443-150000.5.40.1.x86_64.rpm xxd-9.0.1443-150000.5.40.1.x86_64.rpm vim-small-9.0.1443-150000.5.40.1.s390x.rpm xxd-9.0.1443-150000.5.40.1.s390x.rpm xxd-9.0.1443-150000.5.40.1.ppc64le.rpm vim-small-9.0.1443-150000.5.40.1.aarch64.rpm xxd-9.0.1443-150000.5.40.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2111 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). libncurses6-6.1-150000.5.15.1.x86_64.rpm ncurses-6.1-150000.5.15.1.src.rpm ncurses-utils-6.1-150000.5.15.1.x86_64.rpm terminfo-6.1-150000.5.15.1.x86_64.rpm terminfo-base-6.1-150000.5.15.1.x86_64.rpm libncurses6-6.1-150000.5.15.1.s390x.rpm ncurses-utils-6.1-150000.5.15.1.s390x.rpm terminfo-6.1-150000.5.15.1.s390x.rpm terminfo-base-6.1-150000.5.15.1.s390x.rpm libncurses6-6.1-150000.5.15.1.aarch64.rpm ncurses-utils-6.1-150000.5.15.1.aarch64.rpm terminfo-6.1-150000.5.15.1.aarch64.rpm terminfo-base-6.1-150000.5.15.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2104 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for procps fixes the following issue: - Allow - as leading character to ignore possible errors on systctl entries (bsc#1209122) libprocps7-3.3.15-150000.7.31.1.x86_64.rpm procps-3.3.15-150000.7.31.1.src.rpm procps-3.3.15-150000.7.31.1.x86_64.rpm libprocps7-3.3.15-150000.7.31.1.s390x.rpm procps-3.3.15-150000.7.31.1.s390x.rpm libprocps7-3.3.15-150000.7.31.1.aarch64.rpm procps-3.3.15-150000.7.31.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2118 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for haproxy fixes the following issues: Update to version 2.4.22. (jsc#PED-3821): * BUG/CRITICAL: http: properly reject empty http header field names * CI: github: don't warn on deprecated openssl functions on windows * BUG/MEDIUM: stconn: Schedule a shutw on shutr if data must be sent first * DOC: proxy-protocol: fix wrong byte in provided example * DOC: config: 'http-send-name-header' option may be used in default section * DOC: config: fix option spop-check proxy compatibility * BUG/MEDIUM: cache: use the correct time reference when comparing dates * BUG/MEDIUM: stick-table: do not leave entries in end of window during purge * BUG/MINOR: ssl/crt-list: warn when a line is malformated * BUG/MEDIUM: ssl: wrong eviction from the session cache tree * BUG/MINOR: fcgi-app: prevent 'use-fcgi-app' in default section * BUG/MINOR: sink: free the forwarding task on exit * BUILD: hpack: include global.h for the trash that is needed in debug mode * BUG/MINOR: mux-h2: add missing traces on failed headers decoding * BUG/MINOR: listener: close tiny race between resume_listener() and stopping * DOC: config: fix "Address formats" chapter syntax * BUG/MINOR: mux-fcgi: Correctly set pathinfo * DOC: config: fix aliases for protocol prefixes "udp4@" and "udp6@" * DOC: config: fix wrong section number for "protocol prefixes" * BUG/MINOR: listeners: fix suspend/resume of inherited FDs * BUG/MINOR: http-ana: make set-status also update txn->status * BUG/MINOR: http-fetch: Don't block HTTP sample fetch eval in HTTP_MSG_ERROR state * BUG/MINOR: http-ana: Report SF_FINST_R flag on error waiting the request body * BUG/MINOR: promex: Don't forget to consume the request on error * BUG/MINOR: resolvers: Wait the resolution execution for a do_resolv action * BUG/MINOR: h1-htx: Remove flags about protocol upgrade on non-101 responses * CLEANUP: htx: fix a typo in an error message of http_str_to_htx * BUG/MINOR: http: Memory leak of http redirect rules' format string * REGTEST: fix the race conditions in hmac.vtc * REGTEST: fix the race conditions in digest.vtc * REGTEST: fix the race conditions in json_query.vtc * BUG/MAJOR: buf: Fix copy of wrapping output data when a buffer is realigned * BUG/MINOR: http-fetch: Only fill txn status during prefetch if not already set * BUILD: makefile: sort the features list * BUILD: makefile: build the features list dynamically * BUG/MINOR: pool/stats: Use ullong to report total pool usage in bytes in stats * BUG/MEDIUM: mux-h2: Refuse interim responses with end-stream flag set * BUG/MINOR: ssl: Fix memory leak of find_chain in ssl_sock_load_cert_chain * LICENSE: wurfl: clarify the dummy library license. * BUG/MEDIUM: resolvers: Use tick_first() to update the resolvers task timeout * REGTESTS: startup: check maxconn computation * REGTESTS: fix the race conditions in iff.vtc * BUG/MAJOR: fcgi: Fix uninitialized reserved bytes * DOC: promex: Add missing backend metrics * MINOR: promex: introduce haproxy_backend_agg_check_status * BUG/MINOR: promex: create haproxy_backend_agg_server_status * BUG/MEDIUM: mworker: fix segv in early failure of mworker mode with peers * BUG/MINOR: ssl: Fix potential overflow * BUG/MEDIUM: ssl: Verify error codes can exceed 63 * BUG/MINOR: resolvers: Don't wait periodic resolution on healthcheck failure * BUILD: peers: peers-t.h depends on stick-table-t.h * CI: github: change "ubuntu-latest" to "ubuntu-20.04" * BUG/MEDIIM: stconn: Flush output data before forwarding close to write side * BUG/MINOR: http-htx: Don't consider an URI as normalized after a set-uri action * [RELEASE] Released version 2.4.20 * Revert "CI: determine actual OpenSSL version dynamically" * Revert "CI: switch to the "latest" LibreSSL" * SCRIPTS: announce-release: add a link to the data plane API * DOC: config: clarify the -m dir and -m dom pattern matching methods * DOC: config: clarify the fact that "retries" is not just for connections * DOC: config: explain how default matching method for ACL works * DOC: config: mention that a single monitor-uri rule is supported * DOC: config: clarify the fact that SNI should not be used in HTTP scenarios * DOC: config: provide some configuration hints for "http-reuse" * Revert "BUG/MINOR: http-htx: Don't consider an URI as normalized after a set-uri action" * BUG/MINOR: mux-h1: Fix handling of 408-Request-Time-Out * BUILD: http-htx: Silent build error about a possible NULL start-line * BUG/MINOR: http-htx: Don't consider an URI as normalized after a set-uri action * BUG/MINOR: log: fix parse_log_message rfc5424 size check * BUG/MINOR: cfgparse-listen: fix ebpt_next_dup pointer dereference on proxy "from" inheritance * BUILD: listener: fix build warning on global_listener_rwlock without threads * BUG/MINOR: server/idle: at least use atomic stores when updating max_used_conns * BUILD: peers: Remove unused variables * BUG/MEDIUM: peers: messages about unkown tables not correctly ignored * BUG/MINOR: ssl: don't initialize the keylog callback when not required * BUG/MINOR: http_ana/txn: don't re-initialize txn and req var lists * BUG/MEDIUM: listener: Fix race condition when updating the global mngmt task * BUG/MINOR: pool/cli: use ullong to report total pool usage in bytes * BUG/MEDIUM: ring: fix creation of server in uninitialized ring * DOC: config: fix alphabetical ordering of global section * REG-TESTS: cache: Remove T-E header for 304-Not-Modified responses * BUG/MINOR: mux-h1: Do not send a last null chunk on body-less answers * BUG/MEDIUM: mux-fcgi: Avoid value length overflow when it doesn't fit at once * BUG/MINOR: mux-fcgi: Be sure to send empty STDING record in case of zero-copy * BUG/MINOR: resolvers: Set port before IP address when processing SRV records * BUG/MINOR: http-htx: Fix error handling during parsing http replies * BUG/MEDIUM: wdt/clock: properly handle early task hangs * CI: emit the compiler's version in the build reports * CI: switch to the "latest" LibreSSL * BUG/MINOR: ssl: ocsp structure not freed properly in case of error * BUG/MINOR: ssl: Memory leak of AUTHORITY_KEYID struct when loading issuer * CI: add monthly gcc cross compile jobs * BUG/MINOR: log: fixing bug in tcp syslog_io_handler Octet-Counting * BUG/MEDIUM: stick-table: fix a race condition when updating the expiration task * BUG/MAJOR: stick-table: don't process store-response rules for applets * DOC: management: add forgotten "show startup-logs" * BUG/MINOR: stick-table: Use server_id instead of std_t_sint in process_store_rules() * CI: SSL: temporarily stick to LibreSSL=3.5.3 * CI: SSL: use proper version generating when "latest" semantic is used * BUG/MINOR: sink: Set default connect/server timeout for implicit ring buffers * BUG/MINOR: sink: Only use backend capability for the sink proxies * BUG/MEDIUM: compression: handle rewrite errors when updating response headers * BUG/MINOR: ring: Properly parse connect timeout * BUG/MINOR: log: Preserve message facility when the log target is a ring buffer * CI: Replace the deprecated `::set-output` command by writing to $GITHUB_OUTPUT in workflow definition * CI: Replace the deprecated `::set-output` command by writing to $GITHUB_OUTPUT in matrix.py * BUG/MINOR: server: make sure "show servers state" hides private bits * BUG/MAJOR: stick-tables: do not try to index a server name for applets * DOC: configuration: missing 'if' in tcp-request content example * BUG/MINOR: backend: only enforce turn-around state when not redispatching * BUG/MINOR: smtpchk: SMTP Service check should gracefully close SMTP transaction * MINOR: smtpchk: Update expect rule to fully match replies to EHLO commands * BUG/MINOR: mux-h1: Account consumed output data on synchronous connection error * BUILD: http_fetch: silence an uninitiialized warning with gcc-4/5/6 at -Os * BUG/MINOR: http-fetch: Update method after a prefetch in smp_fetch_meth() * BUILD: h1: silence an initiialized warning with gcc-4.7 and -Os * BUG/MEDIUM: lua: handle stick table implicit arguments right. * BUG/MEDIUM: lua: Don't crash in hlua_lua2arg_check on failure * DOC: config: Fix pgsql-check documentation to make user param mandatory * BUG/MINOR: checks: update pgsql regex on auth packet * [RELEASE] Released version 2.4.19 * BUG/MEDIUM: resolvers: Remove aborted resolutions from query_ids tree * REGTESTS: 4be_1srv_smtpchk_httpchk_layer47errors: Return valid SMTP replies * BUG/MINOR: log: improper behavior when escaping log data * SCRIPTS: announce-release: update some URLs to https * BUILD: fd: fix a build warning on the DWCAS * BUG/MEDIUM: captures: free() an error capture out of the proxy lock * DOC: fix TOC in starter guide for subsection 3.3.8. Statistics * REGTESTS: ssl/log: test the log-forward with SSL * BUG/MEDIUM: sink: bad init sequence on tcp sink from a ring. * REGTESTS: log: test the log-forward feature * REGTESTS: healthcheckmail: Relax matching on the healthcheck log message * BUG/MINOR: stats: fixing stat shows disabled frontend status as 'OPEN' * MINOR: listener: small API change * BUG/MEDIUM: proxy: ensure pause_proxy() and resume_proxy() own PROXY_LOCK * CI: cirrus-ci: bump FreeBSD image to 13-1 * BUG/MINOR: signals/poller: ensure wakeup from signals * BUG/MINOR: signals/poller: set the poller timeout to 0 when there are signals * BUG/MINOR: task: always reset a new tasklet's call date * BUG/MINOR: h1: Support headers case adjustment for TCP proxies * BUILD: makefile: enable crypt(3) for NetBSD * BUG/MINOR: regex: Properly handle PCRE2 lib compiled without JIT support * BUG/MINOR: mux-fcgi: fix the "show fd" dest buffer for the subscriber * BUG/MINOR: mux-h1: fix the "show fd" dest buffer for the subscriber * BUG/MINOR: mux-h2: fix the "show fd" dest buffer for the subscriber * BUG/MEDIUM: mux-h1: always use RST to kill idle connections in pools * REGTESTS: http_request_buffer: Add a barrier to not mix up log messages * BUG/MEDIUM: mux-h1: do not refrain from signaling errors after end of input * BUG/MINOR: tcpcheck: Disable QUICKACK for default tcp-check (with no rule) * BUG/MINOR: hlua: Rely on CF_EOI to detect end of message in HTTP applets * BUG/MEDIUM: peers: Don't start resync on reload if local peer is not up-to-date * BUG/MEDIUM: peers: Don't use resync timer when local resync is in progress * BUG/MEDIUM: peers: Add connect and server timeut to peers proxy * BUG/MEDIUM: spoe: Properly update streams waiting for a ACK in async mode * DOC: configuration: do-resolve doesn't work with a port in the string * REGTESTS: Fix prometheus script to perform HTTP health-checks * BUG/MINOR: tcpcheck: Disable QUICKACK only if data should be sent after connect * BUG/MINOR: resolvers: return the correct value in resolvers_finalize_config() * BUG/MAJOR: mworker: fix infinite loop on master with no proxies. * BUG/MAJOR: log-forward: Fix log-forward proxies not fully initialized * BUG/MEDIUM: mux-h2: do not fiddle with ->dsi to indicate demux is idle * BUG/MEDIUM: http-ana: fix crash or wrong header deletion by http-restrict-req-hdr-names * BUILD: http: silence an uninitialized warning affecting gcc-5 * BUG/MEDIUM: ring: fix too lax 'size' parser * BUILD: debug: silence warning on gcc-5 * BUG/MEDIUM: task: relax one thread consistency check in task_unlink_wq() * BUG/MEDIUM: poller: use fd_delete() to release the poller pipes * BUILD: cfgparse: always defined _GNU_SOURCE for sched.h and crypt.h * BUG/MINOR: sink: fix a race condition between the writer and the reader * BUG/MINOR: ring/cli: fix a race condition between the writer and the reader * BUG/MEDIUM: proxy: Perform a custom copy for default server settings * REORG: server: Export srv_settings_cpy() function * MINOR: server: Constify source server to copy its settings * BUG/MEDIUM: dns: Properly initialize new DNS session * BUG/MINOR: peers: Use right channel flag to consider the peer as connected * BUG/MEDIUM: peers: limit reconnect attempts of the old process on reload * MINOR: peers: Use a dedicated reconnect timeout when stopping the local peer * BUG/MEDIUM: pattern: only visit equivalent nodes when skipping versions * MINOR: ebtree: add ebmb_lookup_shorter() to pursue lookups * MINOR: http-htx: Use new HTTP functions for the scheme based normalization * BUG/MEDIUM: h1: Improve authority validation for CONNCET request * MINOR: http: Add function to detect default port * MINOR: http: Add function to get port part of a host * BUG/MEDIUM: mworker: use default maxconn in wait mode * [RELEASE] Released version 2.4.18 * BUG/MINOR: sockpair: wrong return value for fd_send_uxst() * BUG/MINOR: backend: Fallback on RR algo if balance on source is impossible * BUILD: add detection for unsupported compiler models * BUG/MEDIUM: mworker: proc_self incorrectly set crashes upon reload * REGTESTS: Fix some scripts to be compatible with 2.4 and prior * BUG/MINOR: tools: fix statistical_prng_range()'s output range * BUG/MEDIUM: tools: avoid calling dlsym() in static builds (try 2) * BUILD: makefile: Fix install(1) handling for OpenBSD/NetBSD/Solaris/AIX * BUG/MEDIUM: tools: avoid calling dlsym() in static builds * MEDIUM: mworker: set the iocb of the socketpair without using fd_insert() * BUG/MEDIUM: mux-h1: Handle connection error after a synchronous send * BUG/MEDIUM: http-ana: Don't wait to have an empty buf to switch in TUNNEL state * BUG/MINOR: mux-h1: Be sure to commit htx changes in the demux buffer * REGTEESTS: filters: Fix CONNECT request in random-forwarding script * BUG/MEDIUM: http-fetch: Don't fetch the method if there is no stream * BUG/MINOR: http-htx: Fix scheme based normalization for URIs wih userinfo * BUG/MINOR: peers: fix possible NULL dereferences at config parsing * BUG/MINOR: http-act: Properly generate 103 responses when several rules are used * BUG/MINOR: http-check: Preserve headers if not redefined by an implicit rule * BUG/MINOR: peers/config: always fill the bind_conf's argument * MINOR: fd: Add BUG_ON checks on fd_insert() * CI: re-enable gcc asan builds * BUILD: Makefile: Add Lua 5.4 autodetect * BUG/MEDIUM: ssl/fd: unexpected fd close using async engine * MINOR: fd: add a new FD_DISOWN flag to prevent from closing a deleted FD * BUG/MINOR: http-fetch: Use integer value when possible in "method" sample fetch * BUG/MINOR: http-ana: Set method to HTTP_METH_OTHER when an HTTP txn is created * BUG/MINOR: ssl: Do not look for key in extra files if already in pem * MEDIUM: mux-h2: try to coalesce outgoing WINDOW_UPDATE frames * BUG/MEDIUM: ssl/cli: crash when crt inserted into a crt-list * BUG/MINOR: tcp-rules: Make action call final on read error and delay expiration * BUG/MINOR: cli/stats: add missing trailing LF after "show info json" * BUG/MINOR: server: do not enable DNS resolution on disabled proxies * BUG/MINOR: cli/stats: add missing trailing LF after JSON outputs * REGTESTS: healthcheckmail: Relax health-check failure condition * REGTESTS: healthcheckmail: Update the test to be functionnal again * BUG/MINOR: checks: Properly handle email alerts in trace messages * BUG/MINOR: trace: Test server existence for health-checks to get proxy * BUG/MEDIUM: mailers: Set the object type for check attached to an email alert * BUILD: compiler: implement unreachable for older compilers too * REGTESTS: restrict_req_hdr_names: Extend supported versions * REGTESTS: http_abortonclose: Extend supported versions * BUG/MINOR: ssl_ckch: Fix possible uninitialized value in show_cert I/O handler * BUG/MINOR: ssl_ckch: Dump cert transaction only once if show command yield * REGTESTS: http_request_buffer: Increase client timeout to wait "slow" clients * REGTESTS: abortonclose: Add a barrier to not mix up log messages * MEDIUM: http-ana: Always report rewrite failures as PRXCOND in logs * BUG/MEDIUM: ssl/crt-list: Rework 'add ssl crt-list' to handle full buffer cases * BUG/MEDIUM: ssl_ckch: Rework 'commit ssl cert' to handle full buffer cases * BUG/MINOR: ssl_ckch: Don't duplicate path when replacing a cert entry * BUG/MEDIUM: ssl_ckch: Don't delete a cert entry if it is being modified * BUG/MINOR: ssl_ckch: Free error msg if commit changes on a cert entry fails * DOC: intro: adjust the numbering of paragrams to keep the output ordered * DOC: peers: fix port number and addresses on new peers section format * DOC: peers: clarify when entry expiration date is renewed. * DOC: peers: indicate that some server settings are not usable * SCRIPTS: make publish-release try to launch make-releases-json * SCRIPTS: add make-releases-json to recreate a releases.json file in download dirs * REGTESTS: Do not use REQUIRE_VERSION for HAProxy 2.5+ (2) * BUG/MEDIUM: sample: Fix adjusting size in word converter * BUG/MEDIUM: peers: prevent unitialized multiple listeners on peers section * BUG/MEDIUM: peers: fix segfault using multiple bind on peers sections * BUG/MEDIUM: resolvers: Don't defer resolutions release in deinit function * BUG/MEDIUM: http: Properly reject non-HTTP/1.x protocols * BUG/MEDIUM: tools: Fix `inet_ntop` usage in sa2str * CI: determine actual OpenSSL version dynamically * BUILD/MINOR: cpuset fix build for FreeBSD 13.1 * BUG/MINOR: peers: fix error reporting of "bind" lines * BUG/MINOR: cfgparse: abort earlier in case of allocation error * BUG/MINOR: check: Reinit the buffer wait list at the end of a check * BUG/MEDIUM: config: Reset outline buffer size on realloc error in readcfgfile() * REGTESTS: abortonclose: Fix some race conditions * BUG/MINOR: ssl: Fix crash when no private key is found in pem * MINOR: tools: add get_exec_path implementation for solaris based systems. * BUILD: fix build warning on solaris based systems with __maybe_unused. * MEDIUM: http-ana: Add a proxy option to restrict chars in request header names * CI: determine actual LibreSSL version dynamically * [RELEASE] Released version 2.4.17 * CLEANUP: mux-h1: Fix comments and error messages for global options * BUG/MEDIUM: wdt: don't trigger the watchdog when p is unitialized * BUG/MINOR: conn_stream: do not confirm a connection from the frontend path * BUG/MINOR: server: Make SRV_STATE_LINE_MAXLEN value from 512 to 2kB (2000 bytes). * DOC: install: update gcc version requirements * BUG/MEDIUM: ssl: fix the gcc-12 broken fix :-( * BUILD: listener: shut report of possible null-deref in listener_accept() * BUILD: debug: work around gcc-12 excessive -Warray-bounds warnings * BUILD: ssl: work around bogus warning in gcc 12's -Wformat-truncation * CI: dynamically determine actual version of h2spec * DOC: fix typo "ant" for "and" in INSTALL * BUG/MINOR: map/cli: make sure patterns don't vanish under "show map"'s init * BUG/MINOR: map/cli: protect the backref list during "show map" errors * BUG/MEDIUM: cli: make "show cli sockets" really yield * BUG/MEDIUM: resolvers: make "show resolvers" properly yield * BUG/MINOR: tcp/http: release the expr of set-{src,dst}[-port] * DOC: config: Update doc for PR/PH session states to warn about rewrite failures * MINOR: mux-h2: report a trace event when failing to create a new stream * BUG/MINOR: mux-h2: mark the stream as open before processing it not after * BUG/MAJOR: dns: multi-thread concurrency issue on UDP socket * BUG/MEDIUM: mux-h1: Be able to handle trailers when C-L header was specified * BUG/MEDIUM: mux-fcgi: Be sure to never set EOM flag on an empty HTX message * SCRIPTS: announce-release: add URL of dev packages * CI: github actions: update LibreSSL to 3.5.2 * [RELEASE] Released version 2.4.16 * BUILD: opentracing: Fix OT build due to misuse of var_clear() * BUILD: proto_uxst: do not set unused flag * BUILD: sockpair: do not set unused flag * BUILD: fd: remove unused variable totlen in fd_write_frag_line() * CLEANUP: acl: Remove unused variable when releasing an acl expression * BUG/MINOR: pools: make sure to also destroy shared pools in pool_destroy_all() * BUG/MINOR: resolvers: Fix memory leak in resolvers_deinit() * BUILD: compiler: properly distinguish weak and global symbols * REGTESTS: fix the race conditions in be2dec.vtc ad field.vtc * MEDIUM: queue: use tasklet_instant_wakeup() to wake tasks * MINOR: task: add a new task_instant_wakeup() function * BUG/MINOR: rules: Fix check_capture() function to use the right rule arguments * DOC: remove my name from the config doc * BUG/MAJOR: connection: Never remove connection from idle lists outside the lock * BUG/MINOR: cache: Disable cache if applet creation fails * SCRIPTS: announce-release: add shortened links to pending issues * DOC: lua: update a few doc URLs * SCRIPTS: announce-release: update the doc's URL * BUG/MEDIUM: compression: Don't forget to update htx_sl and http_msg flags * BUG/MEDIUM: fcgi-app: Use http_msg flags to know if C-L header can be added * BUG/MEDIUM: stream: do not abort connection setup too early * BUILD: compiler: use a more portable set of asm(".weak") statements * BUILD: sched: workaround crazy and dangerous warning in Clang 14 * BUG/MEDIUM: mux-h1: Don't request more room on partial trailers * BUG/MINOR: mux-h2: use timeout http-request as a fallback for http-keep-alive * BUG/MINOR: mux-h2: do not use timeout http-keep-alive on backend side * BUILD: debug: mark the __start_mem_stats/__stop_mem_stats symbols as weak * BUG/MINOR: cache: do not display expired entries in "show cache" * BUG/MINOR: mux-h2: do not send GOAWAY if SETTINGS were not sent * CI: cirrus: switch to FreeBSD-13.0 * CI: Update to actions/cache@v3 * CI: Update to actions/checkout@v3 * DEBUG: opentracing: show return values of all functions in the debug output * CLEANUP: opentracing: added variable to store variable length * CLEANUP: opentracing: added flt_ot_smp_init() function * CLEANUP: opentracing: removed unused function flt_ot_var_get() * CLEANUP: opentracing: removed unused function flt_ot_var_unset() * DOC: opentracing: corrected comments in function descriptions * EXAMPLES: opentracing: refined shell scripts for testing filter performance * BUG/MINOR: opentracing: setting the return value in function flt_ot_var_set() * BUG/MEDIUM: http-act: Don't replace URI if path is not found or invalid * BUG/MEDIUM: http-conv: Fix url_enc() to not crush const samples * BUG/MEDIUM: mux-h1: Set outgoing message to DONE when payload length is reached * BUG/MEDIUM: promex: Be sure to never set EOM flag on an empty HTX message * BUG/MEDIUM: hlua: Don't set EOM flag on an empty HTX message in HTTP applet * BUG/MEDIUM: stats: Be sure to never set EOM flag on an empty HTX message * BUG/MINOR: fcgi-app: Don't add C-L header on response to HEAD requests * CI: github actions: update OpenSSL to 3.0.2 * BUG/MAJOR: mux_pt: always report the connection error to the conn_stream * BUG/MINOR: cli/stream: fix "shutdown session" to iterate over all threads * BUG/MINOR: samples: add missing context names for sample fetch functions * DOC: reflect H2 timeout changes * BUG/MEDIUM: mux-h2: make use of http-request and keep-alive timeouts * MEDIUM: mux-h2: slightly relax timeout management rules * BUG/MEDIUM: stream-int: do not rely on the connection error once established * BUG/MEDIUM: mux-h1: Properly detect full buffer cases during message parsing * BUG/MEDIUM: mux-fcgi: Properly handle return value of headers/trailers parsing * BUG/MINOR: tools: url2sa reads too far when no port nor path * DOC: config: Explictly add supported MQTT versions * MEDIUM: mqtt: support mqtt_is_valid and mqtt_field_value converters for MQTTv3.1 * BUG/MEDIUM: trace: avoid race condition when retrieving session from conn->owner * BUG/MEDIUM: mux-h1: only turn CO_FL_ERROR to CS_FL_ERROR with empty ibuf * CI: github actions: switch to LibreSSL-3.5.1 * BUG/MINOR: server/ssl: free the SNI sample expression * BUG/MINOR: tools: fix url2sa return value with IPv4 * [RELEASE] Released version 2.4.15 * BUILD: tree-wide: mark a few numeric constants as explicitly long long * DOC: Fix usage/examples of deprecated ACLs * BUG/MINOR: stream: make the call_rate only count the no-progress calls * BUG/MINOR: session: fix theoretical risk of memleak in session_accept_fd() * BUG/MAJOR: mux-pt: Always destroy the backend connection on detach * DEBUG: stream: Fix stream trace message to print response buffer state * DEBUG: stream: Add the missing descriptions for stream trace events * BUG/MEDIUM: mcli: Properly handle errors and timeouts during reponse processing * DEBUG: cache: Update underlying buffer when loading HTX message in cache applet * BUG/MINOR: promex: Set conn-stream/channel EOI flags at the end of request * BUG/MINOR: cache: Set conn-stream/channel EOI flags at the end of request * BUG/MINOR: stats: Set conn-stream/channel EOI flags at the end of request * BUG/MINOR: hlua: Set conn-stream/channel EOI flags at the end of request * BUG/MINOR: cli: shows correct mode in "show sess" * BUG/MINOR: add missing modes in proxy_mode_str() * BUILD: pools: fix backport of no-memory-trimming on non-linux OS * MINOR: pools: add a new global option "no-memory-trimming" * BUG/MEDIUM: pools: fix ha_free() on area in the process of being freed * BUG/MINOR: pool: always align pool_heads to 64 bytes * REGTESTS: fix the race conditions in secure_memcmp.vtc * REGTESTS: fix the race conditions in normalize_uri.vtc * BUG/MEDIUM: htx: Fix a possible null derefs in htx_xfer_blks() * CI: github actions: use cache for SSL libs * CI: github actions: use cache for OpenTracing * CI: github actions: add OpenTracing builds * CI: github actions: add the output of $CC -dM -E- * [RELEASE] Released version 2.4.14 * BUG/MEDIUM: stream: Abort processing if response buffer allocation fails * CI: github: enable pool debugging by default * REGTESTS: fix the race conditions in 40be_2srv_odd_health_checks * BUG/MINOR: proxy: preset the error message pointer to NULL in parse_new_proxy() * BUG/MAJOR: mux-h2: Be sure to always report HTX parsing error to the app layer * BUG/MEDIUM: mux-h1: Don't wake h1s if mux is blocked on lack of output buffer * BUG/MEDIUM: htx: Be sure to have a buffer to perform a raw copy of a message * BUG/MINOR: tools: url2sa reads ipv4 too far * BUG/MINOR: mailers: negotiate SMTP, not ESMTP * CI: github actions: update OpenSSL to 3.0.1 * CI: github: switch to OpenSSL 3.0.0 * CI: github actions: relax OpenSSL-3.0.0 version comparision * CI: github actions: -Wno-deprecated-declarations with OpenSSL 3.0.0 * CI: github actions: add OpenSSL-3.0.0 builds * BUILD: adopt script/build-ssl.sh for OpenSSL-3.0.0beta2 * BUILD: fix compilation for OpenSSL-3.0.0-alpha17 * CI: ssl: keep the old method for ancient OpenSSL versions * CI: ssl: do not needlessly build the OpenSSL docs * CI: ssl: enable parallel builds for OpenSSL on Linux * BUG/MAJOR: compiler: relax alignment constraints on certain structures * BUG/MEDIUM: fd: always align fdtab[] to 64 bytes * BUG/MEDIUM: resolvers: Really ignore trailing dot in domain names * BUG/MINOR: sink: Use the right field in appctx context in release callback * BUG/MINOR: mworker: fix a FD leak of a sockpair upon a failed reload * BUG/MEDIUM: mworker: close unused transferred FDs on load failure * MINOR: sock: move the unused socket cleaning code into its own function * [RELEASE] Released version 2.4.13 * BUG/MINOR: mux-h2: update the session's idle delay before creating the stream * BUG/MEDIUM: h2/hpack: fix emission of HPACK DTSU after settings change * REGTESTS: peers: leave a bit more time to peers to synchronize * BUG/MAJOR: spoe: properly detach all agents when releasing the applet * BUG/MAJOR: http/htx: prevent unbounded loop in http_manage_server_side_cookies * BUG/MEDIUM: listener: read-lock the listener during accept() * MINOR: listener: replace the listener's spinlock with an rwlock * BUG/MINOR: mworker: does not erase the pidfile upon reload * BUG/MAJOR: sched: prevent rare concurrent wakeup of multi-threaded tasks * DEBUG: pools: replace the link pointer with the caller's address on pool_free() * DEBUG: pools: let's add reverse mapping from cache heads to thread and pool * DEBUG: pools: add extra sanity checks when picking objects from a local cache * BUG/MINOR: pools: always flush pools about to be destroyed * BUG/MEDIUM: mworker: don't lose the stats socket on failed reload * DEBUG: pools: add new build option DEBUG_POOL_INTEGRITY * BUILD: debug/cli: condition test of O_ASYNC to its existence * DEBUG: cli: add a new "debug dev fd" expert command * MEDIUM: h2/hpack: emit a Dynamic Table Size Update after settings change * BUG/MEDIUM: mcli: always realign wrapping buffers before parsing them * BUG/MEDIUM: mcli: do not try to parse empty buffers * BUG/MEDIUM: cli: Never wait for more data on client shutdown * BUG/MINOR: cli: avoid O(bufsize) parsing cost on pipelined commands * MINOR: channel: add new function co_getdelim() to support multiple delimiters * MEDIUM: cli: yield between each pipelined command * BUG/MEDIUM: server: avoid changing healthcheck ctx with set server ssl * BUILD/MINOR: fix solaris build with clang. * BUG/MEDIUM: htx: Adjust length to add DATA block in an empty HTX buffer * BUG/MEDIUM: connection: properly leave stopping list on error * [RELEASE] Released version 2.4.12 * BUG/MAJOR: mux-h1: Don't decrement .curr_len for unsent data * BUG/MEDIUM: mworker: don't use _getsocks in wait mode * [RELEASE] Released version 2.4.11 * BUG/MEDIUM: http-ana: Preserve response's FLT_END analyser on L7 retry * BUG/MINOR: cli: fix _getsocks with musl libc * BUILD/MINOR: tools: solaris build fix on dladdr. * BUILD/MINOR: cpuset FreeBSD 14 build fix. * BUG/MEDIUM: ssl: free the ckch instance linked to a server * BUG/MINOR: ssl: free the fields in srv->ssl_ctx * MINOR: debug: add support for -dL to dump library names at boot * MINOR: debug: add ability to dump loaded shared libraries * MINOR: compat: detect support for dl_iterate_phdr() * BUG/MINOR: mux-h1: Fix splicing for messages with unknown length * BUG/MEDIUM: mux-h1: Fix splicing by properly detecting end of message * BUILD: makefile: add -Wno-atomic-alignment to work around clang abusive warning * MINOR: proxy: add option idle-close-on-response * REGTESTS: ssl: fix ssl_default_server.vtc * BUG/MEDIUM: ssl: initialize correctly ssl w/ default-server * DOC: fix misspelled keyword "resolve_retries" in resolvers * BUILD: ssl: unbreak the build with newer libressl * BUILD: cli: clear a maybe-unused warning on some older compilers * BUG/MINOR: pools: don't mark ourselves as harmless in DEBUG_UAF mode * BUG/MEDIUM: backend: fix possible sockaddr leak on redispatch * [RELEASE] Released version 2.4.10 * BUG/MINOR: backend: restore the SF_SRV_REUSED flag original purpose * BUG/MINOR: backend: do not set sni on connection reuse * MINOR: pools: work around possibly slow malloc_trim() during gc * BUG/MEDIUM: mworker/cli: crash when trying to access an old PID in prompt mode * DOC: config: retry-on list is space-delimited * DOC: config: Specify %Ta is only available in HTTP mode * DOC: spoe: Clarify use of the event directive in spoe-message section * BUG/MINOR: cli/server: Don't crash when a server is added with a custom id * IMPORT: slz: use the correct CRC32 instruction when running in 32-bit mode * BUILD: tree-wide: avoid warnings caused by redundant checks of obj_types * MINOR: cli: "show version" displays the current process version * CI: Github Actions: temporarily disable BoringSSL builds * BUILD: bug: Fix error when compiling with -DDEBUG_STRICT_NOCRASH * MINOR: mux-h1: Improve H1 traces by adding info about http parsers * BUG/MAJOR: segfault using multiple log forward sections. * BUG/MEDIUM: resolvers: Detach query item on response error * BUG/MINOR: server: Don't rely on last default-server to init server SSL context * BUG/MEDIUM: cli: Properly set stream analyzers to process one command at a time * BUILD/MINOR: server: fix compilation without SSL * [RELEASE] Released version 2.4.9 * BUG/MINOR: cache: Fix loop on cache entries in "show cache" * MINOR: promex: backend aggregated server check status * MINOR: server: add ws keyword * MEDIUM: server/backend: implement websocket protocol selection * MINOR: connection: add alternative mux_ops param for conn_install_mux_be * MINOR: connection: implement function to update ALPN * MINOR: stream/mux: implement websocket stream flag * BUG/MINOR: ssl: make SSL counters atomic * MINOR: shctx: add a few BUG_ON() for consistency checks * BUG/MINOR: shctx: do not look for available blocks when the first one is enough * BUG/MEDIUM: shctx: leave the block allocator when enough blocks are found * BUG/MEDIUM: cache/cli: make "show cache" thread-safe * BUG/MEDIUM: mux-h2: always process a pending shut read * BUG/MEDIUM: ssl: abort with the correct SSL error when SNI not found * CLEANUP: ssl: fix wrong #else commentary * BUG/MINOR: ssl: free correctly the sni in the backend SSL cache * BUG/MEDIUM: ssl: backend TLS resumption with sni and TLSv1.3 * BUILD: makefile: simplify detection of libatomic * BUG/MEDIUM: mux-h1: Handle delayed silent shut in h1_process() to release H1C * BUG/MINOR: stick-table/cli: Check for invalid ipv6 key * BUG/MEDIUM: connection: make cs_shutr/cs_shutw//cs_close() idempotent * BUG/MINOR: mux-h2: Fix H2_CF_DEM_SHORT_READ value * BUG/MINOR: mworker: doesn't launch the program postparser * BUG/MEDIUM: conn-stream: Don't reset CS flags on close * MINOR: mux-h1: Slightly Improve H1 traces * DOC: lua: Be explicit with the Reply object limits * Revert "BUG/MINOR: http-ana: Don't eval front after-response rules if stopped on back" * BUG/MINOR: http-ana: Apply stop to the current section for http-response rules * DOC: config: Fix typo in ssl_fc_unique_id description * BUG/MINOR: cache: properly ignore unparsable max-age in quotes * BUG/MINOR: resolvers: throw log message if trash not large enough for query * BUG/MINOR: resolvers: fix sent messages were counted twice * BUG/MEDIUM: mux-h2: reject upgrade if no RFC8441 support * MINOR: mux-h2: add trace on extended connect usage * MINOR: mux-h2: perform a full cycle shutdown+drain on close * MINOR: connection: add a new CO_FL_WANT_DRAIN flag to force drain on close haproxy-2.4.22+git0.f8e3218e2-150400.3.13.1.src.rpm haproxy-2.4.22+git0.f8e3218e2-150400.3.13.1.x86_64.rpm haproxy-2.4.22+git0.f8e3218e2-150400.3.13.1.s390x.rpm haproxy-2.4.22+git0.f8e3218e2-150400.3.13.1.aarch64.rpm