openSUSE-Leap-Micro-5.4-2023-1913 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for libslirp and slirp4netns fixes the following issues: libslirp was updated to version 4.7.0+44 (current git master): * Fix vmstate regression * Align outgoing packets * Bump incoming packet alignment to 8 bytes * vmstate: only enable when building under GNU C * ncsitest: Fix build with msvc * Separate out SLIRP_PACKED to SLIRP_PACKED_BEGIN/END * ncsi: Add Mellanox Get Mac Address handler * slirp: Add out-of-band ethernet address * ncsi: Add OEM command handler * ncsi: Add basic test for Get Version ID response * ncsi: Use response header for payload length * ncsi: Pass command header to response handlers * ncsi: Add Get Version ID command * ncsi: Pass Slirp structure to response handlers * slirp: Add manufacturer's ID Release v4.7.0 * slirp: invoke client callback before creating timers * pingtest: port to timer_new_opaque * introduce timer_new_opaque callback * introduce slirp_timer_new wrapper * icmp6: make ndp_send_ra static * socket: Handle ECONNABORTED from recv * bootp: fix g_str_has_prefix warning/critical * slirp: Don't duplicate packet in tcp_reass * Rename insque/remque -> slirp_[ins|rem]que * mbuf: Use SLIRP_DEBUG to enable mbuf debugging instead of DEBUG * Replace inet_ntoa() with safer inet_ntop() * Add VMS_END marker * bootp: add support for UEFI HTTP boot * IPv6 DNS proxying support * Add missing scope_id in caching * socket: Move closesocket(so->s_aux) to sofree * socket: Check so_type instead of so_tcpcb for Unix-to-inet translation * socket: Add s_aux field to struct socket for storing auxilliary socket * socket: Initialize so_type in socreate * socket: Allocate Unix-to-TCP hostfwd port from OS by binding to port 0 * Allow to disable internal DHCP server * slirp_pollfds_fill: Explain why dividing so_snd.sb_datalen by two * CI: run integration tests with slirp4netns * socket: Check address family for Unix-to-inet accept translation * socket: Add debug args for tcpx_listen (inet and Unix sockets) * socket: Restore original definition of fhost * socket: Move <sys/un.h> include to socket.h * Support Unix sockets in hostfwd * resolv: fix IPv6 resolution on Darwin * Use the exact sockaddr size in getnameinfo call * Initialize sin6_scope_id to zero * slirp_socketpair_with_oob: Connect pair through 127.0.0.1 * resolv: fix memory leak when using libresolv * pingtest: Add a trivial ping test * icmp: Support falling back on trying a SOCK_RAW socket Update to version 4.6.1+7: * Haiku: proper path to resolv.conf for DNS server * Fix for Haiku * dhcp: Always send DHCP_OPT_LEN bytes in options Update to version 4.6.1: * Fix "DHCP broken in libslirp v4.6.0" Update to version 4.6.0: * udp: check upd_input buffer size * tftp: introduce a header structure * tftp: check tftp_input buffer size * upd6: check udp6_input buffer size * bootp: check bootp_input buffer size * bootp: limit vendor-specific area to input packet memory buffer Update to version 4.4.0: * socket: consume empty packets * slirp: check pkt_len before reading protocol header * Add DNS resolving for iOS * sosendoob: better document what urgc is used for * TCPIPHDR_DELTA: Fix potential negative value * udp, udp6, icmp, icmp6: Enable forwarding errors on Linux * icmp, icmp6: Add icmp_forward_error and icmp6_forward_error * udp, udp6, icmp: handle TTL value * ip_stripoptions use memmove slirp4netns was updated to 1.2.0: * Add slirp4netns --target-type=bess /path/to/bess.sock for supporting UML (#281) * Explicitly support DHCP (#270) * Update parson to v1.1.3 (#273) kgabis/parson@70dc239...2d7b3dd Update to version 1.1.11: * Add --macaddress option to specify the MAC address of the tap interface. * Updated the man page. Update to version 1.1.8: Update to 1.0.0: * --enable-sandbox is now out of experimental libslirp-4.7.0+44-150300.15.2.src.rpm libslirp0-4.7.0+44-150300.15.2.x86_64.rpm slirp4netns-1.2.0-150300.8.5.2.src.rpm slirp4netns-1.2.0-150300.8.5.2.x86_64.rpm libslirp0-4.7.0+44-150300.15.2.s390x.rpm slirp4netns-1.2.0-150300.8.5.2.s390x.rpm libslirp0-4.7.0+44-150300.15.2.aarch64.rpm slirp4netns-1.2.0-150300.8.5.2.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-716 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for rt-tests fixes the following issues: Version update from 2.2 to 2.4 (jsc#SLE-23995): - Add aarch64 support for oslat - Add the `--default-system` option in cyclictest This runs cyclictest without attempting any tuning. Power management is not suppressed so cyclictest measures the system as it is configured. This may result in worse realtime behaviour, but is sometimes what you are trying to measure. - Fix parsing of affinity when there is a space - Fixes in cyclicdeadline and deadline_test to prevent double mounting of cgroups - Fixes in cyclictest to address memory access violation issues for verbose with no affinity mask - hwlatdetect: Add option to specify cpumask - Increase the buf size to 2048 when parse cpuinfo - oslat: Print offending cpu number when above threshold - rt-numa: ignore runtime cpumask if '-a CPULIST' is specified - Significant clean-ups and fixes to hwlatdetect - For the complete list of changes you can consult: * 2.4: https://lore.kernel.org/linux-rt-users/20220708150017.13462-1-jkacur@redhat.com/ * 2.3: https://lore.kernel.org/linux-rt-users/20211210184649.11084-1-jkacur@redhat.com/ - Backport runtime fixes from upcomming release: * Fix threads being affined even when '-a' isn't set when using cyclictest * Remove arbitrary num of threads limits * Add error checking to connect and getsockname * Update hwlatdetect to integer division to prevent an error when calculating width, which assumes an integer rt-tests-2.4-150400.3.3.1.src.rpm rt-tests-2.4-150400.3.3.1.x86_64.rpm openSUSE-Leap-Micro-5.4-2023-658 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for cloud-netconfig fixes the following issues: - Update to version 1.7: + Overhaul policy routing setup + Support alias IPv4 ranges + Add support for NetworkManager (bsc#1204549) + Remove dependency on netconfig + Install into libexec directory + Clear stale ifcfg files for accelerated NICs (bsc#1199853) + More debug messages + Documentation update - /etc/netconfig.d/ moved to /usr/libexec/netconfig/netconfig.d/ in Tumbleweed, update path cloud-netconfig-azure-1.7-150000.25.8.1.noarch.rpm cloud-netconfig-azure-1.7-150000.25.8.1.src.rpm cloud-netconfig-ec2-1.7-150000.25.8.1.noarch.rpm cloud-netconfig-ec2-1.7-150000.25.8.1.src.rpm cloud-netconfig-gce-1.7-150000.25.8.1.noarch.rpm cloud-netconfig-gce-1.7-150000.25.8.1.src.rpm openSUSE-Leap-Micro-5.4-2023-713 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for suse-build-key fixes the following issues: This update provides multiple new 4096 RSA keys for SUSE Linux Enterprise 15, SUSE Manager 4.2/4.3, Storage 7.1, SUSE Registry) that we will switch to mid of 2023. (jsc#PED-2777) - gpg-pubkey-3fa1d6ce-63c9481c.asc: new 4096 RSA signing key for SUSE Linux Enterprise (RPM and repositories). - gpg-pubkey-d588dc46-63c939db.asc: new 4096 RSA reserve key for SUSE Linux Enterprise (RPM and repositories). - suse_ptf_key_4096.asc: new 4096 RSA signing key for PTF packages. - build-container-8fd6c337-63c94b45.asc/build-container-8fd6c337-63c94b45.pem: New RSA 4096 key for the SUSE registry registry.suse.com, installed as suse-container-key-2023.pem and suse-container-key-2023.asc - suse_ptf_containerkey_2023.asc suse_ptf_containerkey_2023.pem: New PTF container signing key for registry.suse.com/ptf/ space. suse-build-key-12.0-150000.8.31.1.noarch.rpm suse-build-key-12.0-150000.8.31.1.src.rpm openSUSE-Leap-Micro-5.4-2023-622 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for tcl fixes the following issues: - Fix string compare -length on big endian and improve string equal on little endian. (bsc#1206623) tcl-8.6.12-150300.14.9.1.src.rpm tcl-8.6.12-150300.14.9.1.x86_64.rpm tcl-8.6.12-150300.14.9.1.s390x.rpm tcl-8.6.12-150300.14.9.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-756 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for libappindicator fixes the following issues: - Provide compatibility symbol required by Slack RPM package (bsc#1207112) libappindicator3-1-12.10.1+bzr20170215-150200.3.3.1.x86_64.rpm libappindicator3-12.10.1+bzr20170215-150200.3.3.1.src.rpm typelib-1_0-AppIndicator3-0_1-12.10.1+bzr20170215-150200.3.3.1.x86_64.rpm libappindicator3-1-12.10.1+bzr20170215-150200.3.3.1.s390x.rpm typelib-1_0-AppIndicator3-0_1-12.10.1+bzr20170215-150200.3.3.1.s390x.rpm libappindicator3-1-12.10.1+bzr20170215-150200.3.3.1.aarch64.rpm typelib-1_0-AppIndicator3-0_1-12.10.1+bzr20170215-150200.3.3.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-1586 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for nfs-utils fixes the following issues: - Rename all drop-in options.conf files as 10-options.conf This makes it easier for other packages to over-ride with a drop-in with a later sequence number (bsc#1207843) - Avoid modprobe errors when sysctl is not installed (bsc#1200710 bsc#1207022 bsc#1206781) - Add "-S scope" option to rpc.nfsd to simplify fail-over cluster configuration (bsc#1203746) nfs-client-2.1.1-150100.10.32.1.x86_64.rpm nfs-kernel-server-2.1.1-150100.10.32.1.x86_64.rpm nfs-utils-2.1.1-150100.10.32.1.src.rpm nfs-client-2.1.1-150100.10.32.1.s390x.rpm nfs-kernel-server-2.1.1-150100.10.32.1.s390x.rpm nfs-client-2.1.1-150100.10.32.1.aarch64.rpm nfs-kernel-server-2.1.1-150100.10.32.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-1670 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for cpupower fixes the following issues: - Replace error with a warning if perf is unavailable (bsc#1202890) cpupower-5.14-150400.3.3.1.src.rpm cpupower-5.14-150400.3.3.1.x86_64.rpm libcpupower0-5.14-150400.3.3.1.x86_64.rpm cpupower-5.14-150400.3.3.1.s390x.rpm libcpupower0-5.14-150400.3.3.1.s390x.rpm cpupower-5.14-150400.3.3.1.aarch64.rpm libcpupower0-5.14-150400.3.3.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-714 important SUSE Updates openSUSE-Leap-Micro 5.4 This update for rpm fixes the following issues: - Fix missing python(abi) for 3.XX versions (bsc#1207294) python-rpm-4.14.3-150300.55.1.src.rpm python3-rpm-4.14.3-150300.55.1.x86_64.rpm rpm-4.14.3-150300.55.1.src.rpm rpm-4.14.3-150300.55.1.x86_64.rpm rpm-ndb-4.14.3-150300.55.1.src.rpm rpm-ndb-4.14.3-150300.55.1.x86_64.rpm python3-rpm-4.14.3-150300.55.1.s390x.rpm rpm-4.14.3-150300.55.1.s390x.rpm rpm-ndb-4.14.3-150300.55.1.s390x.rpm python3-rpm-4.14.3-150300.55.1.aarch64.rpm rpm-4.14.3-150300.55.1.aarch64.rpm rpm-ndb-4.14.3-150300.55.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-1668 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for firewalld fixes the following issues: - Fix `firewall-offline-cmd` command failing with error (bsc#1206928) firewalld-0.9.3-150400.8.9.1.noarch.rpm firewalld-0.9.3-150400.8.9.1.src.rpm python3-firewall-0.9.3-150400.8.9.1.noarch.rpm openSUSE-Leap-Micro-5.4-2023-795 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for docker fixes the following issues: Docker was updated to 20.10.23-ce. See upstream changelog at https://docs.docker.com/engine/release-notes/#201023 Docker was updated to 20.10.21-ce (bsc#1206065) See upstream changelog at https://docs.docker.com/engine/release-notes/#201021 Security issues fixed: - CVE-2022-36109: Fixed supplementary group permissions bypass (bsc#1205375) - Fix wrong After: in docker.service, fixes bsc#1188447 - Add apparmor-parser as a Recommends to make sure that most users will end up with it installed even if they are primarily running SELinux. - Allow to install container-selinux instead of apparmor-parser. - Change to using systemd-sysusers Updating docker will restart the docker service, which may stop some of your docker containers. Do you want to proceed with the update? docker-20.10.23_ce-150000.175.1.src.rpm docker-20.10.23_ce-150000.175.1.x86_64.rpm docker-20.10.23_ce-150000.175.1.s390x.rpm docker-20.10.23_ce-150000.175.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-1581 important SUSE Updates openSUSE-Leap-Micro 5.4 This update for ceph fixes the following issues: Security issues fixed: - CVE-2022-0670: Fixed user/tenant read/write access to an entire file system (bsc#1201837). - CVE-2022-3650: Fixed Python script that allowed privilege escalation from ceph to root (bsc#1204430). - CVE-2022-3854: Fixed possible DoS issue in ceph URL processing on RGW backends (bsc#1205025). Bug fixes: - osd, tools, kv: non-aggressive, on-line trimming of accumulated dups (bsc#1199183). - ceph-volume: fix fast device alloc size on mulitple device (bsc#1200262). - cephadm: update monitoring container images (bsc#1200501). - mgr/dashboard: prevent alert redirect (bsc#1200978). - mgr/volumes: Add subvolumegroup resize cmd (bsc#1201797). - monitoring/ceph-mixin: add RGW host to label info (bsc#1201976). - mgr/dashboard: enable addition of custom Prometheus alerts (bsc#1202077). - python-common: Add 'KB' to supported suffixes in SizeMatcher (bsc#1203375). - mgr/dashboard: fix rgw connect when using ssl (bsc#1205436). - ceph.spec.in: Add -DFMT_DEPRECATED_OSTREAM to CXXFLAGS (bsc#1202292). - cephfs-shell: move source to separate subdirectory (bsc#1201604). Fix in previous release: - mgr/cephadm: try to get FQDN for configuration files (bsc#1196046). - When an RBD is mapped, it is attempted to be deployed as an OSD. (bsc#1187748). - OSD marked down causes wrong backfill_toofull (bsc#1188911). - cephadm: Fix iscsi client caps (allow mgr <service status> calls) (bsc#1192838). - mgr/cephadm: fix and improve osd draining (bsc#1200317). - add iscsi and nfs to upgrade process (bsc#1206158). - mgr/mgr_module.py: CLICommand: Fix parsing of kwargs arguments (bsc#1192840). ceph-16.2.11.58+g38d6afd3b78-150400.3.6.1.src.rpm librados2-16.2.11.58+g38d6afd3b78-150400.3.6.1.x86_64.rpm librbd1-16.2.11.58+g38d6afd3b78-150400.3.6.1.x86_64.rpm librados2-16.2.11.58+g38d6afd3b78-150400.3.6.1.aarch64.rpm librbd1-16.2.11.58+g38d6afd3b78-150400.3.6.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-875 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for sg3_utils fixes the following issues: - Speed large multipath scans (bsc#1207706) libsgutils2-1_47-2-1.47+13.75d23ac-150400.3.6.1.x86_64.rpm sg3_utils-1.47+13.75d23ac-150400.3.6.1.src.rpm sg3_utils-1.47+13.75d23ac-150400.3.6.1.x86_64.rpm libsgutils2-1_47-2-1.47+13.75d23ac-150400.3.6.1.s390x.rpm sg3_utils-1.47+13.75d23ac-150400.3.6.1.s390x.rpm libsgutils2-1_47-2-1.47+13.75d23ac-150400.3.6.1.aarch64.rpm sg3_utils-1.47+13.75d23ac-150400.3.6.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-1636 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for suse-module-tools fixes the following issues: - Update to version 15.4.16: * modprobe.conf: s390x: remove softdep on fbcon (bsc#1207853) suse-module-tools-15.4.16-150400.3.8.1.src.rpm suse-module-tools-15.4.16-150400.3.8.1.x86_64.rpm suse-module-tools-15.4.16-150400.3.8.1.s390x.rpm suse-module-tools-15.4.16-150400.3.8.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-807 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for salt fixes the following issues: - Fix problem with detecting PTF packages (bsc#1208691) - Fix pkg.version_cmp on openEuler systems and a few other OS flavors - Make pkg.remove function from zypperpkg module to handle also PTF packages python3-salt-3004-150400.8.25.1.x86_64.rpm True salt-3004-150400.8.25.1.src.rpm True salt-3004-150400.8.25.1.x86_64.rpm True salt-minion-3004-150400.8.25.1.x86_64.rpm True salt-transactional-update-3004-150400.8.25.1.x86_64.rpm True python3-salt-3004-150400.8.25.1.s390x.rpm True salt-3004-150400.8.25.1.s390x.rpm True salt-minion-3004-150400.8.25.1.s390x.rpm True salt-transactional-update-3004-150400.8.25.1.s390x.rpm True python3-salt-3004-150400.8.25.1.aarch64.rpm True salt-3004-150400.8.25.1.aarch64.rpm True salt-minion-3004-150400.8.25.1.aarch64.rpm True salt-transactional-update-3004-150400.8.25.1.aarch64.rpm True openSUSE-Leap-Micro-5.4-2023-1686 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for libmicrohttpd fixes the following issues: - CVE-2023-27371: Fixed a parser bug that could be used to crash servers using the MHD_PostProcessor (bsc#1208745). libmicrohttpd-0.9.57-150000.3.3.1.src.rpm libmicrohttpd12-0.9.57-150000.3.3.1.x86_64.rpm libmicrohttpd12-0.9.57-150000.3.3.1.s390x.rpm libmicrohttpd12-0.9.57-150000.3.3.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-1718 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) glibc-2.31-150300.46.1.src.rpm glibc-2.31-150300.46.1.x86_64.rpm glibc-devel-2.31-150300.46.1.x86_64.rpm glibc-locale-2.31-150300.46.1.x86_64.rpm glibc-locale-base-2.31-150300.46.1.x86_64.rpm glibc-2.31-150300.46.1.s390x.rpm glibc-devel-2.31-150300.46.1.s390x.rpm glibc-locale-2.31-150300.46.1.s390x.rpm glibc-locale-base-2.31-150300.46.1.s390x.rpm glibc-2.31-150300.46.1.aarch64.rpm glibc-devel-2.31-150300.46.1.aarch64.rpm glibc-locale-2.31-150300.46.1.aarch64.rpm glibc-locale-base-2.31-150300.46.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-668 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for libX11 fixes the following issues: - Fixed a regression introduced with security update for CVE-2022-3555 (bsc#1204425, bsc#1208881) libX11-1.6.5-150000.3.27.1.src.rpm libX11-6-1.6.5-150000.3.27.1.x86_64.rpm libX11-data-1.6.5-150000.3.27.1.noarch.rpm libX11-xcb1-1.6.5-150000.3.27.1.x86_64.rpm libX11-6-1.6.5-150000.3.27.1.s390x.rpm libX11-xcb1-1.6.5-150000.3.27.1.s390x.rpm libX11-6-1.6.5-150000.3.27.1.aarch64.rpm libX11-xcb1-1.6.5-150000.3.27.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-868 important SUSE Updates openSUSE-Leap-Micro 5.4 This update for python3 fixes the following issues: - CVE-2023-24329: Fixed a blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters (bsc#1208471). The following non-security bug was fixed: - Eliminate unnecessary and dangerous calls to PyThread_exit_thread() (bsc#1203355). libpython3_6m1_0-3.6.15-150300.10.45.1.x86_64.rpm python3-3.6.15-150300.10.45.1.src.rpm python3-3.6.15-150300.10.45.1.x86_64.rpm python3-base-3.6.15-150300.10.45.1.x86_64.rpm python3-core-3.6.15-150300.10.45.1.src.rpm libpython3_6m1_0-3.6.15-150300.10.45.1.s390x.rpm python3-3.6.15-150300.10.45.1.s390x.rpm python3-base-3.6.15-150300.10.45.1.s390x.rpm libpython3_6m1_0-3.6.15-150300.10.45.1.aarch64.rpm python3-3.6.15-150300.10.45.1.aarch64.rpm python3-base-3.6.15-150300.10.45.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-1298 important SUSE Updates openSUSE-Leap-Micro 5.4 This update for ndctl fixes the following issues: - Fix parsing of environment variable NDCTL_TIMEOUT (bsc#1208548) libndctl6-71.1-150400.10.3.1.x86_64.rpm ndctl-71.1-150400.10.3.1.src.rpm openSUSE-Leap-Micro-5.4-2023-781 important SUSE Updates openSUSE-Leap-Micro 5.4 This update for vim fixes the following issues: - CVE-2023-0512: Fixed a divide By Zero (bsc#1207780). - CVE-2023-1175: vim: an incorrect calculation of buffer size (bsc#1208957). - CVE-2023-1170: Fixed a heap-based Buffer Overflow (bsc#1208959). - CVE-2023-1127: Fixed divide by zero in scrolldown() (bsc#1208828). Updated to version 9.0 with patch level 1386. - https://github.com/vim/vim/compare/v9.0.1234...v9.0.1386 vim-9.0.1386-150000.5.37.1.src.rpm vim-data-common-9.0.1386-150000.5.37.1.noarch.rpm vim-small-9.0.1386-150000.5.37.1.x86_64.rpm vim-small-9.0.1386-150000.5.37.1.s390x.rpm vim-small-9.0.1386-150000.5.37.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-743 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for gnutls fixes the following issues: FIPS: Establish PBKDF2 additional requirements [bsc#1209001] * Set the minimum output key length to 112 bits (FIPS 140-3 IG D.N) * Set the minimum salt length to 128 bits (SP 800-132 sec. 5.1) * Set the minimum iterations count to 1000 (SP 800-132 sec 5.2) * Set the minimum passlen of 20 characters (SP SP800-132 sec 5) * Add regression tests for the new PBKDF2 requirements. gnutls-3.7.3-150400.4.35.1.src.rpm gnutls-3.7.3-150400.4.35.1.x86_64.rpm libgnutls30-3.7.3-150400.4.35.1.x86_64.rpm libgnutls30-hmac-3.7.3-150400.4.35.1.x86_64.rpm gnutls-3.7.3-150400.4.35.1.s390x.rpm libgnutls30-3.7.3-150400.4.35.1.s390x.rpm libgnutls30-hmac-3.7.3-150400.4.35.1.s390x.rpm gnutls-3.7.3-150400.4.35.1.aarch64.rpm libgnutls30-3.7.3-150400.4.35.1.aarch64.rpm libgnutls30-hmac-3.7.3-150400.4.35.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-782 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for libgcrypt fixes the following issues: - FIPS: ECC: Transition to error-state if PCT fail [bsc#1208925] - FIPS: ECDSA: Avoid no-keytest in ECDSA keygen [bsc#1208924] - FIPS: PBKDF2: Added additional checks for the minimum key length, salt length, iteration count and passphrase length to the kdf FIPS indicator in _gcry_fips_indicator_kdf() [bsc#1208926] libgcrypt-1.9.4-150400.6.8.1.src.rpm libgcrypt20-1.9.4-150400.6.8.1.x86_64.rpm libgcrypt20-hmac-1.9.4-150400.6.8.1.x86_64.rpm libgcrypt20-1.9.4-150400.6.8.1.s390x.rpm libgcrypt20-hmac-1.9.4-150400.6.8.1.s390x.rpm libgcrypt20-1.9.4-150400.6.8.1.aarch64.rpm libgcrypt20-hmac-1.9.4-150400.6.8.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-879 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for qemu fixes the following issues: - CVE-2021-3507: Fixed heap buffer overflow in DMA read data transfers in fdc (bsc#1185000). - CVE-2020-14394: Fixed infinite loop in xhci_ring_chain_length() (bsc#1180207). qemu-6.2.0-150400.37.14.2.src.rpm qemu-6.2.0-150400.37.14.2.x86_64.rpm qemu-accel-tcg-x86-6.2.0-150400.37.14.2.x86_64.rpm qemu-audio-spice-6.2.0-150400.37.14.2.x86_64.rpm qemu-chardev-spice-6.2.0-150400.37.14.2.x86_64.rpm qemu-guest-agent-6.2.0-150400.37.14.2.x86_64.rpm qemu-hw-display-qxl-6.2.0-150400.37.14.2.x86_64.rpm qemu-hw-display-virtio-gpu-6.2.0-150400.37.14.2.x86_64.rpm qemu-hw-display-virtio-vga-6.2.0-150400.37.14.2.x86_64.rpm qemu-hw-usb-redirect-6.2.0-150400.37.14.2.x86_64.rpm qemu-ipxe-1.0.0+-150400.37.14.2.noarch.rpm qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.14.2.noarch.rpm qemu-sgabios-8-150400.37.14.2.noarch.rpm qemu-tools-6.2.0-150400.37.14.2.x86_64.rpm qemu-ui-opengl-6.2.0-150400.37.14.2.x86_64.rpm qemu-ui-spice-core-6.2.0-150400.37.14.2.x86_64.rpm qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.14.2.noarch.rpm qemu-x86-6.2.0-150400.37.14.2.x86_64.rpm qemu-6.2.0-150400.37.14.2.s390x.rpm qemu-audio-spice-6.2.0-150400.37.14.2.s390x.rpm qemu-chardev-spice-6.2.0-150400.37.14.2.s390x.rpm qemu-guest-agent-6.2.0-150400.37.14.2.s390x.rpm qemu-hw-display-qxl-6.2.0-150400.37.14.2.s390x.rpm qemu-hw-display-virtio-gpu-6.2.0-150400.37.14.2.s390x.rpm qemu-hw-display-virtio-vga-6.2.0-150400.37.14.2.s390x.rpm qemu-hw-usb-redirect-6.2.0-150400.37.14.2.s390x.rpm qemu-s390x-6.2.0-150400.37.14.2.s390x.rpm qemu-tools-6.2.0-150400.37.14.2.s390x.rpm qemu-ui-opengl-6.2.0-150400.37.14.2.s390x.rpm qemu-ui-spice-core-6.2.0-150400.37.14.2.s390x.rpm qemu-6.2.0-150400.37.14.2.aarch64.rpm qemu-arm-6.2.0-150400.37.14.2.aarch64.rpm qemu-audio-spice-6.2.0-150400.37.14.2.aarch64.rpm qemu-chardev-spice-6.2.0-150400.37.14.2.aarch64.rpm qemu-guest-agent-6.2.0-150400.37.14.2.aarch64.rpm qemu-hw-display-qxl-6.2.0-150400.37.14.2.aarch64.rpm qemu-hw-display-virtio-gpu-6.2.0-150400.37.14.2.aarch64.rpm qemu-hw-display-virtio-vga-6.2.0-150400.37.14.2.aarch64.rpm qemu-hw-usb-redirect-6.2.0-150400.37.14.2.aarch64.rpm qemu-tools-6.2.0-150400.37.14.2.aarch64.rpm qemu-ui-opengl-6.2.0-150400.37.14.2.aarch64.rpm qemu-ui-spice-core-6.2.0-150400.37.14.2.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-848 important SUSE Updates openSUSE-Leap-Micro 5.4 This update for xen fixes the following issues: - CVE-2022-42332: Fixed use-after-free in x86 shadow plus log-dirty mode (bsc#1209017). - CVE-2022-42333,CVE-2022-42334: Fixed x86/HVM pinned cache attributes mis-handling (bsc#1209018). - CVE-2022-42331: Fixed speculative vulnerability in 32bit SYSCALL path on x86 (bsc#1209019). xen-4.16.3_06-150400.4.25.1.src.rpm True xen-libs-4.16.3_06-150400.4.25.1.x86_64.rpm True openSUSE-Leap-Micro-5.4-2023-1796 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for conmon fixes the following issues: - rebuild against supported go 1.19 (bsc#1209307) - no functional changes. conmon-2.1.5-150400.3.6.1.src.rpm conmon-2.1.5-150400.3.6.1.x86_64.rpm conmon-2.1.5-150400.3.6.1.s390x.rpm conmon-2.1.5-150400.3.6.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2039 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for lshw fixes the following issues: - Update to version B.02.19.2+git.20230320 (bsc#1209531) lshw-B.02.19.2+git.20230320-150200.3.15.4.src.rpm lshw-B.02.19.2+git.20230320-150200.3.15.4.x86_64.rpm lshw-B.02.19.2+git.20230320-150200.3.15.4.s390x.rpm lshw-B.02.19.2+git.20230320-150200.3.15.4.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2060 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for glib2 fixes the following issues: - CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714). - CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713). The following non-security bug was fixed: - Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978). glib2-2.70.5-150400.3.8.1.src.rpm glib2-tools-2.70.5-150400.3.8.1.x86_64.rpm libgio-2_0-0-2.70.5-150400.3.8.1.x86_64.rpm libglib-2_0-0-2.70.5-150400.3.8.1.x86_64.rpm libgmodule-2_0-0-2.70.5-150400.3.8.1.x86_64.rpm libgobject-2_0-0-2.70.5-150400.3.8.1.x86_64.rpm glib2-tools-2.70.5-150400.3.8.1.s390x.rpm libgio-2_0-0-2.70.5-150400.3.8.1.s390x.rpm libglib-2_0-0-2.70.5-150400.3.8.1.s390x.rpm libgmodule-2_0-0-2.70.5-150400.3.8.1.s390x.rpm libgobject-2_0-0-2.70.5-150400.3.8.1.s390x.rpm glib2-tools-2.70.5-150400.3.8.1.aarch64.rpm libgio-2_0-0-2.70.5-150400.3.8.1.aarch64.rpm libglib-2_0-0-2.70.5-150400.3.8.1.aarch64.rpm libgmodule-2_0-0-2.70.5-150400.3.8.1.aarch64.rpm libgobject-2_0-0-2.70.5-150400.3.8.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-1897 important SUSE Updates openSUSE-Leap-Micro 5.4 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687). - CVE-2023-1838: Fixed an use-after-free flaw in virtio network subcomponent. This flaw could allow a local attacker to crash the system and lead to a kernel information leak problem. (bsc#1210203). - CVE-2023-0394: Fixed a null pointer dereference in the network subcomponent. This flaw could cause system crashes (bsc#1207168). - CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532). - CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547). - CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256). - CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/bluetooth/hci_conn.c (bsc#1209052). - CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1209366). - CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779). - CVE-2023-1652: Fixed use-after-free that could lead to DoS and information leak in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c (bsc#1209788). - CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635). - CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209634). - CVE-2023-1582: Fixed soft lockup in __page_mapcount (bsc#1209636). - CVE-2023-28327: Fixed DoS in in_skb in unix_diag_get_exact() (bsc#1209290). - CVE-2023-23001: Fixed misinterpretation of regulator_get return value in drivers/scsi/ufs/ufs-mediatek.c (bsc#1208829). The following non-security bugs were fixed: - ACPI: x86: utils: Add Cezanne to the list for forcing StorageD3Enable (git-fixes). - alarmtimer: Prevent starvation by small intervals and SIG_IGN (git-fixes) - ALSA: asihpi: check pao in control_message() (git-fixes). - ALSA: hda: intel-dsp-config: add MTL PCI id (git-fixes). - ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set() (git-fixes). - ALSA: hda/conexant: Partial revert of a quirk for Lenovo (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo X370SNW (git-fixes). - ALSA: hda/realtek: Add quirk for Lenovo ZhaoYang CF4620Z (git-fixes). - ALSA: hda/realtek: Add quirks for some Clevo laptops (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). - ALSA: hda/realtek: Fix support for Dell Precision 3260 (git-fixes). - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro (git-fixes). - ALSA: usb-audio: Fix recursive locking at XRUN during syncing (git-fixes). - ALSA: usb-audio: Fix regression on detection of Roland VS-100 (git-fixes). - ALSA: ymfpci: Fix BUG_ON in probe function (git-fixes). - arch: fix broken BuildID for arm64 and riscv (bsc#1209798). - ARM: dts: imx6sl: tolino-shine2hd: fix usbotg1 pinctrl (git-fixes). - ARM: dts: imx6sll: e60k02: fix usbotg1 pinctrl (git-fixes). - arm64: dts: freescale: Fix pca954x i2c-mux node names (git-fixes) - arm64: dts: imx8mm-nitrogen-r2: fix WM8960 clock name (git-fixes). - arm64: dts: imx8mn: specify #sound-dai-cells for SAI nodes (git-fixes). - arm64: dts: imx8mp-phycore-som: Remove invalid PMIC property (git-fixes) - arm64: dts: imx8mp: correct usb clocks (git-fixes) - arm64: dts: imx8mq: add mipi csi phy and csi bridge descriptions (git-fixes) - arm64: dts: imx8mq: fix mipi_csi bidirectional port numbers (git-fixes) - arm64: dts: qcom: sm8350: Mark UFS controller as cache coherent (git-fixes). - arm64/cpufeature: Fix field sign for DIT hwcap detection (git-fixes) - ASoC: codecs: tx-macro: Fix for KASAN: slab-out-of-bounds (git-fixes). - atm: idt77252: fix kmemleak when rmmod idt77252 (git-fixes). - Bluetooth: btqcomsmd: Fix command timeout after setting BD address (git-fixes). - Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work (git-fixes). - Bluetooth: L2CAP: Fix responding with wrong PDU type (git-fixes). - ca8210: fix mac_len negative array access (git-fixes). - ca8210: Fix unsigned mac_len comparison with zero in ca8210_skb_tx() (git-fixes). - can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write (git-fixes). - can: isotp: isotp_ops: fix poll() to not report false EPOLLOUT events (git-fixes). - can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access (git-fixes). - cifs: append path to open_enter trace event (bsc#1193629). - cifs: avoid race conditions with parallel reconnects (bsc#1193629). - cifs: avoid races in parallel reconnects in smb1 (bsc#1193629). - cifs: check only tcon status on tcon related functions (bsc#1193629). - cifs: do not poll server interfaces too regularly (bsc#1193629). - cifs: double lock in cifs_reconnect_tcon() (git-fixes). - cifs: dump pending mids for all channels in DebugData (bsc#1193629). - cifs: empty interface list when server does not support query interfaces (bsc#1193629). - cifs: fix dentry lookups in directory handle cache (bsc#1193629). - cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL (bsc#1193629). - cifs: fix missing unload_nls() in smb2_reconnect() (bsc#1193629). - cifs: Fix smb2_set_path_size() (git-fixes). - cifs: fix use-after-free bug in refresh_cache_worker() (bsc#1193629). - cifs: generate signkey for the channel that's reconnecting (bsc#1193629). - cifs: get rid of dead check in smb2_reconnect() (bsc#1193629). - cifs: lock chan_lock outside match_session (bsc#1193629). - cifs: Move the in_send statistic to __smb_send_rqst() (git-fixes). - cifs: prevent infinite recursion in CIFSGetDFSRefer() (bsc#1193629). - cifs: print session id while listing open files (bsc#1193629). - cifs: return DFS root session id in DebugData (bsc#1193629). - cifs: set DFS root session in cifs_get_smb_ses() (bsc#1193629). - cifs: use DFS root session instead of tcon ses (bsc#1193629). - clocksource/drivers/mediatek: Optimize systimer irq clear flow on shutdown (git-fixes). - debugfs: add debugfs_lookup_and_remove() (git-fixes). - drivers/base: Fix unsigned comparison to -1 in CPUMAP_FILE_MAX_BYTES (bsc#1208815). - drivers/base: fix userspace break from using bin_attributes for cpumap and cpulist (bsc#1208815). - drm/amd/display: Add DSC Support for Synaptics Cascaded MST Hub (git-fixes). - drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes (git-fixes). - drm/amdkfd: Fix an illegal memory access (git-fixes). - drm/bridge: lt8912b: return EPROBE_DEFER if bridge is not found (git-fixes). - drm/etnaviv: fix reference leak when mmaping imported buffer (git-fixes). - drm/i915: Do not use BAR mappings for ring buffers with LLC (git-fixes). - drm/i915: Do not use stolen memory for ring buffers with LLC (git-fixes). - drm/i915: Preserve crtc_state->inherited during state clearing (git-fixes). - drm/i915: Remove unused bits of i915_vma/active api (git-fixes). - drm/i915/active: Fix missing debug object activation (git-fixes). - drm/i915/active: Fix misuse of non-idle barriers as fence trackers (git-fixes). - drm/i915/display: clean up comments (git-fixes). - drm/i915/display: Workaround cursor left overs with PSR2 selective fetch enabled (git-fixes). - drm/i915/display/psr: Handle plane and pipe restrictions at every page flip (git-fixes). - drm/i915/display/psr: Use drm damage helpers to calculate plane damaged area (git-fixes). - drm/i915/gt: perform uc late init after probe error injection (git-fixes). - drm/i915/psr: Use calculated io and fast wake lines (git-fixes). - drm/i915/tc: Fix the ICL PHY ownership check in TC-cold state (git-fixes). - drm/panfrost: Fix the panfrost_mmu_map_fault_addr() error path (git-fixes). - dt-bindings: serial: renesas,scif: Fix 4th IRQ for 4-IRQ SCIFs (git-fixes). - efi: sysfb_efi: Fix DMI quirks not working for simpledrm (git-fixes). - fbdev: au1200fb: Fix potential divide by zero (git-fixes). - fbdev: intelfb: Fix potential divide by zero (git-fixes). - fbdev: lxfb: Fix potential divide by zero (git-fixes). - fbdev: nvidia: Fix potential divide by zero (git-fixes). - fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks (git-fixes). - fbdev: tgafb: Fix potential divide by zero (git-fixes). - firmware: arm_scmi: Fix device node validation for mailbox transport (git-fixes). - fotg210-udc: Add missing completion handler (git-fixes). - ftrace: Fix invalid address access in lookup_rec() when index is 0 (git-fixes). - ftrace: Fix issue that 'direct->addr' not restored in modify_ftrace_direct() (git-fixes). - ftrace: Mark get_lock_parent_ip() __always_inline (git-fixes). - gpio: davinci: Add irq chip flag to skip set wake (git-fixes). - gpio: GPIO_REGMAP: select REGMAP instead of depending on it (git-fixes). - HID: cp2112: Fix driver not registering GPIO IRQ chip as threaded (git-fixes). - HID: intel-ish-hid: ipc: Fix potential use-after-free in work function (git-fixes). - hwmon: fix potential sensor registration fail if of_node is missing (git-fixes). - i2c: hisi: Only use the completion interrupt to finish the transfer (git-fixes). - i2c: imx-lpi2c: check only for enabled interrupt flags (git-fixes). - i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() (git-fixes). - iio: adc: ad7791: fix IRQ flags (git-fixes). - iio: adc: ti-ads7950: Set `can_sleep` flag for GPIO chip (git-fixes). - iio: adis16480: select CONFIG_CRC32 (git-fixes). - iio: dac: cio-dac: Fix max DAC write value check for 12-bit (git-fixes). - iio: light: cm32181: Unregister second I2C client if present (git-fixes). - Input: alps - fix compatibility with -funsigned-char (bsc#1209805). - Input: focaltech - use explicitly signed char type (git-fixes). - Input: goodix - add Lenovo Yoga Book X90F to nine_bytes_report DMI table (git-fixes). - KABI FIX FOR: NFSv4: keep state manager thread active if swap is enabled (Never, kabi). - kABI workaround for xhci (git-fixes). - kABI: x86/msr: Remove .fixup usage (kabi). - kconfig: Update config changed flag before calling callback (git-fixes). - keys: Do not cache key in task struct if key is requested from kernel thread (git-fixes). - KVM: x86: fix sending PV IPI (git-fixes). - KVM: x86: fix sending PV IPI (git-fixes). - lan78xx: Add missing return code checks (git-fixes). - lan78xx: Fix exception on link speed change (git-fixes). - lan78xx: Fix memory allocation bug (git-fixes). - lan78xx: Fix partial packet errors on suspend/resume (git-fixes). - lan78xx: Fix race condition in disconnect handling (git-fixes). - lan78xx: Fix race conditions in suspend/resume handling (git-fixes). - lan78xx: Fix white space and style issues (git-fixes). - lan78xx: Remove unused pause frame queue (git-fixes). - lan78xx: Remove unused timer (git-fixes). - lan78xx: Set flow control threshold to prevent packet loss (git-fixes). - lockd: set file_lock start and end when decoding nlm4 testargs (git-fixes). - locking/rwbase: Mitigate indefinite writer starvation (bsc#1189998 (PREEMPT_RT prerequisite backports), bsc#1206552). - mm: memcg: fix swapcached stat accounting (bsc#1209804). - mm: mmap: remove newline at the end of the trace (git-fixes). - mmc: atmel-mci: fix race between stop command and start of next command (git-fixes). - mtd: rawnand: meson: fix bitmask for length in command word (git-fixes). - mtd: rawnand: meson: invalidate cache on polling ECC bit (git-fixes). - mtd: rawnand: stm32_fmc2: remove unsupported EDO mode (git-fixes). - mtd: rawnand: stm32_fmc2: use timings.mode instead of checking tRC_min (git-fixes). - mtdblock: tolerate corrected bit-flips (git-fixes). - net: asix: fix modprobe "sysfs: cannot create duplicate filename" (git-fixes). - net: mdio: thunder: Add missing fwnode_handle_put() (git-fixes). - net: phy: dp83869: fix default value for tx-/rx-internal-delay (git-fixes). - net: phy: Ensure state transitions are processed from phy_stop() (git-fixes). - net: phy: nxp-c45-tja11xx: fix MII_BASIC_CONFIG_REV bit (git-fixes). - net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails (git-fixes). - net: qcom/emac: Fix use after free bug in emac_remove due to race condition (git-fixes). - net: usb: asix: remove redundant assignment to variable reg (git-fixes). - net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990 (git-fixes). - net: usb: lan78xx: Limit packet length to skb->len (git-fixes). - net: usb: qmi_wwan: add Telit 0x1080 composition (git-fixes). - net: usb: smsc75xx: Limit packet length to skb->len (git-fixes). - net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull (git-fixes). - net: usb: smsc95xx: Limit packet length to skb->len (git-fixes). - net: usb: use eth_hw_addr_set() (git-fixes). - NFS: Fix an Oops in nfs_d_automount() (git-fixes). - NFS: fix disabling of swap (git-fixes). - NFS4trace: fix state manager flag printing (git-fixes). - NFSD: fix handling of readdir in v4root vs. mount upcall timeout (git-fixes). - NFSD: fix leaked reference count of nfsd4_ssc_umount_item (git-fixes). - NFSD: fix problems with cleanup on errors in nfsd4_copy (git-fixes). - NFSD: fix race to check ls_layouts (git-fixes). - NFSD: fix use-after-free in nfsd4_ssc_setup_dul() (git-fixes). - NFSD: Protect against filesystem freezing (git-fixes). - NFSD: shut down the NFSv4 state objects before the filecache (git-fixes). - NFSD: under NFSv4.1, fix double svc_xprt_put on rpc_create failure (git-fixes). - NFSD: zero out pointers after putting nfsd_files on COPY setup error (git-fixes). - NFSv4: Fix a credential leak in _nfs4_discover_trunking() (git-fixes). - NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn (git-fixes). - NFSv4: Fix hangs when recovering open state after a server reboot (git-fixes). - NFSv4: keep state manager thread active if swap is enabled (git-fixes). - NFSv4: provide mount option to toggle trunking discovery (git-fixes). - NFSv4: Fix initialisation of struct nfs4_label (git-fixes). - NFSv4: Fail client initialisation if state manager thread can't run (git-fixes). - nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() (git-fixes). - nilfs2: fix sysfs interface lifetime (git-fixes). - nvme-tcp: always fail a request when sending it failed (bsc#1208902). - PCI: hv: Add a per-bus mutex state_lock (bsc#1207185). - PCI: hv: fix a race condition bug in hv_pci_query_relations() (bsc#1207185). - PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1207185). - PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1207185). - PCI: hv: Use async probing to reduce boot time (bsc#1207185). - PCI/DPC: Await readiness of secondary bus after reset (git-fixes). - pinctrl: amd: Disable and mask interrupts on resume (git-fixes). - pinctrl: at91-pio4: fix domain name assignment (git-fixes). - pinctrl: ocelot: Fix alt mode for ocelot (git-fixes). - platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl (git-fixes). - platform/x86: think-lmi: add debug_cmd (bsc#1210050). - platform/x86: think-lmi: add missing type attribute (git-fixes). - platform/x86: think-lmi: Add possible_values for ThinkStation (git-fixes). - platform/x86: think-lmi: Certificate authentication support (bsc#1210050). - platform/x86: think-lmi: certificate support clean ups (bsc#1210050). - platform/x86: think-lmi: Clean up display of current_value on Thinkstation (git-fixes). - platform/x86: think-lmi: Fix memory leak when showing current settings (git-fixes). - platform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI strings (git-fixes). - platform/x86: think-lmi: Move kobject_init() call into tlmi_create_auth() (bsc#1210050). - platform/x86: think-lmi: only display possible_values if available (git-fixes). - platform/x86: think-lmi: Opcode support (bsc#1210050). - platform/x86: think-lmi: Prevent underflow in index_store() (bsc#1210050). - platform/x86: think-lmi: Simplify tlmi_analyze() error handling a bit (bsc#1210050). - platform/x86: think-lmi: use correct possible_values delimiters (git-fixes). - platform/x86: think-lmi: Use min_t() for comparison and assignment (bsc#1210050). - platform/x86: thinkpad_acpi: Accept ibm_init_struct.init() returning -ENODEV (bsc#1210050). - platform/x86: thinkpad_acpi: Add a s2idle resume quirk for a number of laptops (bsc#1210050). - platform/x86: thinkpad_acpi: Add dual fan probe (bsc#1210050). - platform/x86: thinkpad_acpi: Add dual-fan quirk for T15g (2nd gen) (bsc#1210050). - platform/x86: thinkpad_acpi: Add hotkey_notify_extended_hotkey() helper (bsc#1210050). - platform/x86: thinkpad_acpi: Add LED_RETAIN_AT_SHUTDOWN to led_class_devs (bsc#1210050). - platform/x86: thinkpad_acpi: Add lid_logo_dot to the list of safe LEDs (bsc#1210050). - platform/x86: thinkpad_acpi: Add PSC mode support (bsc#1210050). - platform/x86: thinkpad_acpi: Add quirk for ThinkPads without a fan (bsc#1210050). - platform/x86: thinkpad_acpi: clean up dytc profile convert (bsc#1210050). - platform/x86: thinkpad_acpi: Cleanup dytc_profile_available (bsc#1210050). - platform/x86: thinkpad_acpi: consistently check fan_get_status return (bsc#1210050). - platform/x86: thinkpad_acpi: Convert btusb DMI list to quirks (bsc#1210050). - platform/x86: thinkpad_acpi: Convert platform driver to use dev_groups (bsc#1210050). - platform/x86: thinkpad_acpi: Correct dual fan probe (bsc#1210050). - platform/x86: thinkpad_acpi: do not use PSC mode on Intel platforms (bsc#1210050). - platform/x86: thinkpad_acpi: Do not use test_bit on an integer (bsc#1210050). - platform/x86: thinkpad_acpi: Enable s2idle quirk for 21A1 machine type (bsc#1210050). - platform/x86: thinkpad_acpi: Explicitly set to balanced mode on startup (bsc#1210050). - platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO resource (bsc#1210050). - platform/x86: thinkpad_acpi: Fix coccinelle warnings (bsc#1210050). - platform/x86: thinkpad_acpi: Fix compiler warning about uninitialized err variable (bsc#1210050). - platform/x86: thinkpad_acpi: Fix incorrect use of platform profile on AMD platforms (bsc#1210050). - platform/x86: thinkpad_acpi: Fix max_brightness of thinklight (bsc#1210050). - platform/x86: thinkpad_acpi: Fix profile mode display in AMT mode (bsc#1210050). - platform/x86: thinkpad_acpi: Fix profile modes on Intel platforms (bsc#1210050). - platform/x86: thinkpad_acpi: Fix reporting a non present second fan on some models (bsc#1210050). - platform/x86: thinkpad_acpi: Fix the hwmon sysfs-attr showing up in the wrong place (bsc#1210050). - platform/x86: thinkpad_acpi: Fix thermal_temp_input_attr sorting (bsc#1210050). - platform/x86: thinkpad_acpi: Fix thinklight LED brightness returning 255 (bsc#1210050). - platform/x86: thinkpad_acpi: Get privacy-screen / lcdshadow ACPI handles only once (bsc#1210050). - platform/x86: thinkpad_acpi: Make *_init() functions return -ENODEV instead of 1 (bsc#1210050). - platform/x86: thinkpad_acpi: Properly indent code in tpacpi_dytc_profile_init() (bsc#1210050). - platform/x86: thinkpad_acpi: Register tpacpi_pdriver after subdriver init (bsc#1210050). - platform/x86: thinkpad_acpi: Remove "goto err_exit" from hotkey_init() (bsc#1210050). - platform/x86: thinkpad_acpi: Remove unused sensors_pdev_attrs_registered flag (bsc#1210050). - platform/x86: thinkpad_acpi: Restore missing hotkey_tablet_mode and hotkey_radio_sw sysfs-attr (bsc#1210050). - platform/x86: thinkpad_acpi: Simplify dytc_version handling (bsc#1210050). - platform/x86: thinkpad_acpi: Switch to common use of attributes (bsc#1210050). - platform/x86: thinkpad_acpi: tpacpi_attr_group contains driver attributes not device attrs (bsc#1210050). - platform/x86: thinkpad_acpi: Use backlight helper (bsc#1210050). - platform/x86: thinkpad_acpi: use strstarts() (bsc#1210050). - platform/x86: thinkpad-acpi: Add support for automatic mode transitions (bsc#1210050). - platform/x86: thinkpad-acpi: Enable AMT by default on supported systems (bsc#1210050). - platform/x86: thinkpad-acpi: profile capabilities as integer (bsc#1210050). - platform/x86/intel/pmc: Alder Lake PCH slp_s0_residency fix (git-fixes). - pNFS/filelayout: Fix coalescing test for single DS (git-fixes). - power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition (git-fixes). - powerpc: Remove linker flag from KBUILD_AFLAGS (bsc#1194869). - powerpc/64s/interrupt: Fix interrupt exit race with security mitigation switch (bsc#1194869). - powerpc/btext: add missing of_node_put (bsc#1065729). - powerpc/ioda/iommu/debugfs: Generate unique debugfs entries (bsc#1194869). - powerpc/iommu: Add missing of_node_put in iommu_init_early_dart (bsc#1194869). - powerpc/iommu: fix memory leak with using debugfs_lookup() (bsc#1194869). - powerpc/kcsan: Exclude udelay to prevent recursive instrumentation (bsc#1194869). - powerpc/kexec_file: fix implicit decl error (bsc#1194869). - powerpc/powernv: fix missing of_node_put in uv_init() (bsc#1194869). - powerpc/powernv/ioda: Skip unallocated resources when mapping to PE (bsc#1065729). - powerpc/pseries/lpar: add missing RTAS retry status handling (bsc#1109158 ltc#169177 git-fixes). - powerpc/pseries/lparcfg: add missing RTAS retry status handling (bsc#1065729). - powerpc/rtas: ensure 4KB alignment for rtas_data_buf (bsc#1065729). - powerpc/vmlinux.lds: Define RUNTIME_DISCARD_EXIT (bsc#1194869). - powerpc/vmlinux.lds: Do not discard .comment (bsc#1194869). - powerpc/vmlinux.lds: Do not discard .rela* for relocatable builds (bsc#1194869). - powerpc/xmon: Fix -Wswitch-unreachable warning in bpt_cmds (bsc#1194869). - ppc64le: HWPOISON_INJECT=m (bsc#1209572). - pwm: cros-ec: Explicitly set .polarity in .get_state() (git-fixes). - pwm: sprd: Explicitly set .polarity in .get_state() (git-fixes). - r8169: fix RTL8168H and RTL8107E rx crc error (git-fixes). - rcu: Fix rcu_torture_read ftrace event (git-fixes). - regulator: Handle deferred clk (git-fixes). - ring-buffer: Fix race while reader and writer are on the same page (git-fixes). - ring-buffer: Handle race between rb_move_tail and rb_check_pages (git-fixes). - ring-buffer: remove obsolete comment for free_buffer_page() (git-fixes). - rpm/constraints.in: increase the disk size for armv6/7 to 24GB It grows and the build fails recently on SLE15-SP4/5. - s390/boot: simplify and fix kernel memory layout setup (bsc#1209600). - s390/dasd: fix no record found for raw_track_access (bsc#1207574). - s390/vfio-ap: fix memory leak in vfio_ap device driver (git-fixes). - sbitmap: Avoid lockups when waker gets preempted (bsc#1209118). - sched/psi: Fix use-after-free in ep_remove_wait_queue() (bsc#1209799). - scsi: qla2xxx: Synchronize the IOCB count to be in order (bsc#1209292 bsc#1209684 bsc#1209556). - sctp: sctp_sock_filter(): avoid list_entry() on possibly empty list (bsc#1208602, git-fixes). - serial: 8250: ASPEED_VUART: select REGMAP instead of depending on it (git-fixes). - serial: 8250: SERIAL_8250_ASPEED_VUART should depend on ARCH_ASPEED (git-fixes). - serial: fsl_lpuart: Fix comment typo (git-fixes). - smb3: fix unusable share after force unmount failure (bsc#1193629). - smb3: lower default deferred close timeout to address perf regression (bsc#1193629). - struct dwc3: mask new member (git-fixes). - SUNRPC: ensure the matching upcall is in-flight upon downcall (git-fixes). - SUNRPC: Fix a server shutdown leak (git-fixes). - SUNRPC: Fix missing release socket in rpc_sockname() (git-fixes). - thunderbolt: Add missing UNSET_INBOUND_SBTX for retimer access (git-fixes). - thunderbolt: Call tb_check_quirks() after initializing adapters (git-fixes). - thunderbolt: Disable interrupt auto clear for rings (git-fixes). - thunderbolt: Rename shadowed variables bit to interrupt_bit and auto_clear_bit (git-fixes). - thunderbolt: Use const qualifier for `ring_interrupt_index` (git-fixes). - thunderbolt: Use scale field when allocating USB3 bandwidth (git-fixes). - timers: Prevent union confusion from unexpected (git-fixes) - trace/hwlat: Do not start per-cpu thread if it is already running (git-fixes). - trace/hwlat: Do not wipe the contents of per-cpu thread data (git-fixes). - trace/hwlat: make use of the helper function kthread_run_on_cpu() (git-fixes). - tracing: Add NULL checks for buffer in ring_buffer_free_read_page() (git-fixes). - tracing: Add trace_array_puts() to write into instance (git-fixes). - tracing: Check field value in hist_field_name() (git-fixes). - tracing: Do not let histogram values have some modifiers (git-fixes). - tracing: Fix wrong return in kprobe_event_gen_test.c (git-fixes). - tracing: Free error logs of tracing instances (git-fixes). - tracing: Have tracing_snapshot_instance_cond() write errors to the appropriate instance (git-fixes). - tracing: Make splice_read available again (git-fixes). - tracing: Make tracepoint lockdep check actually test something (git-fixes). - tracing/hwlat: Replace sched_setaffinity with set_cpus_allowed_ptr (git-fixes). - tty: serial: fsl_lpuart: avoid checking for transfer complete when UARTCTRL_SBK is asserted in lpuart32_tx_empty (git-fixes). - tty: serial: fsl_lpuart: skip waiting for transmission complete when UARTCTRL_SBK is asserted (git-fixes). - tty: serial: sh-sci: Fix Rx on RZ/G2L SCI (git-fixes). - tty: serial: sh-sci: Fix transmit end interrupt handler (git-fixes). - uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2 (git-fixes). - USB: cdns3: Fix issue with using incorrect PCI device function (git-fixes). - USB: cdnsp: changes PCI Device ID to fix conflict with CNDS3 driver (git-fixes). - USB: cdnsp: Fixes error: uninitialized symbol 'len' (git-fixes). - USB: cdnsp: Fixes issue with redundant Status Stage (git-fixes). - USB: chipdea: core: fix return -EINVAL if request role is the same with current role (git-fixes). - USB: chipidea: fix memory leak with using debugfs_lookup() (git-fixes). - USB: dwc2: fix a devres leak in hw_enable upon suspend resume (git-fixes). - USB: dwc3: Fix a typo in field name (git-fixes). - USB: dwc3: fix memory leak with using debugfs_lookup() (git-fixes). - USB: dwc3: gadget: Add 1ms delay after end transfer command without IOC (git-fixes). - USB: fix memory leak with using debugfs_lookup() (git-fixes). - USB: fotg210: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: bcm63xx_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: gr_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: lpc32xx_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: pxa25x_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: pxa27x_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: u_audio: do not let userspace block driver unbind (git-fixes). - USB: isp116x: fix memory leak with using debugfs_lookup() (git-fixes). - USB: isp1362: fix memory leak with using debugfs_lookup() (git-fixes). - USB: sl811: fix memory leak with using debugfs_lookup() (git-fixes). - USB: typec: altmodes/displayport: Fix configure initial pin assignment (git-fixes). - USB: typec: tcpm: fix warning when handle discover_identity message (git-fixes). - USB: ucsi: Fix NULL pointer deref in ucsi_connector_change() (git-fixes). - USB: ucsi: Fix ucsi->connector race (git-fixes). - USB: uhci: fix memory leak with using debugfs_lookup() (git-fixes). - USB: xhci: tegra: fix sleep in atomic call (git-fixes). - vdpa_sim: set last_used_idx as last_avail_idx in vdpasim_queue_ready (git-fixes). - wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta (git-fixes). - wifi: mac80211: fix qos on mesh interfaces (git-fixes). - wireguard: ratelimiter: use hrtimer in selftest (git-fixes) - x86: Annotate call_on_stack() (git-fixes). - x86: Annotate call_on_stack() (git-fixes). - x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments (bsc#1203200). - x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes). - x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes). - x86/fpu: Cache xfeature flags from CPUID (git-fixes). - x86/fpu: Remove unused supervisor only offsets (git-fixes). - x86/fpu: Remove unused supervisor only offsets (git-fixes). - x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes). - x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes). - x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes). - x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes). - x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes). - x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes). - x86/mce: Allow instrumentation during task work queueing (git-fixes). - x86/mce: Allow instrumentation during task work queueing (git-fixes). - x86/mce: Mark mce_end() noinstr (git-fixes). - x86/mce: Mark mce_end() noinstr (git-fixes). - x86/mce: Mark mce_panic() noinstr (git-fixes). - x86/mce: Mark mce_panic() noinstr (git-fixes). - x86/mce: Mark mce_read_aux() noinstr (git-fixes). - x86/mce: Mark mce_read_aux() noinstr (git-fixes). - x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes). - x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes). - x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes). - x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes). - x86/msr: Remove .fixup usage (git-fixes). - x86/sgx: Free backing memory after faulting the enclave page (git-fixes). - x86/sgx: Free backing memory after faulting the enclave page (git-fixes). - x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes). - x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes). - x86/uaccess: Move variable into switch case statement (git-fixes). - x86/uaccess: Move variable into switch case statement (git-fixes). - xfs: convert ptag flags to unsigned (git-fixes). - xfs: do not assert fail on perag references on teardown (git-fixes). - xfs: do not leak btree cursor when insrec fails after a split (git-fixes). - xfs: pass the correct cursor to xfs_iomap_prealloc_size (git-fixes). - xfs: remove xfs_setattr_time() declaration (git-fixes). - xfs: zero inode fork buffer at allocation (git-fixes). - xhci: also avoid the XHCI_ZERO_64B_REGS quirk with a passthrough iommu (git-fixes). - xhci: Free the command allocated for setting LPM if we return early (git-fixes). - xirc2ps_cs: Fix use after free bug in xirc2ps_detach (git-fixes). - xprtrdma: Fix regbuf data not freed in rpcrdma_req_create() (git-fixes). kernel-default-5.14.21-150400.24.60.1.nosrc.rpm True kernel-default-5.14.21-150400.24.60.1.x86_64.rpm True kernel-default-base-5.14.21-150400.24.60.1.150400.24.24.3.src.rpm True kernel-default-base-5.14.21-150400.24.60.1.150400.24.24.3.x86_64.rpm True kernel-default-5.14.21-150400.24.60.1.s390x.rpm True kernel-default-base-5.14.21-150400.24.60.1.150400.24.24.3.s390x.rpm True kernel-default-5.14.21-150400.24.60.1.aarch64.rpm True kernel-default-base-5.14.21-150400.24.60.1.150400.24.24.3.aarch64.rpm True openSUSE-Leap-Micro-5.4-2023-2245 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for libzypp, zypper fixes the following issues: - Installing local RPM packages fails if /usr/bin/find is not installed (bsc#1195633) - multicurl: propagate ssl settings stored in repo url (bsc#1127591) - MediaCurl: Fix endless loop if wrong credentials are stored in credentials.cat (bsc#1210870) - zypp.conf: Introduce 'download.connect_timeout' [60 sec.] (bsc#1208329) - Teach MediaNetwork to retry on HTTP2 errors. - Fix selecting installed patterns from picklist (bsc#1209406) - man: better explanation of --priority libsolv-0.7.24-150400.3.6.4.src.rpm True libsolv-tools-0.7.24-150400.3.6.4.x86_64.rpm True libzypp-17.31.11-150400.3.25.2.src.rpm True libzypp-17.31.11-150400.3.25.2.x86_64.rpm True zypper-1.14.60-150400.3.21.2.src.rpm True zypper-1.14.60-150400.3.21.2.x86_64.rpm True zypper-needs-restarting-1.14.60-150400.3.21.2.noarch.rpm True libsolv-tools-0.7.24-150400.3.6.4.s390x.rpm True libzypp-17.31.11-150400.3.25.2.s390x.rpm True zypper-1.14.60-150400.3.21.2.s390x.rpm True libsolv-tools-0.7.24-150400.3.6.4.aarch64.rpm True libzypp-17.31.11-150400.3.25.2.aarch64.rpm True zypper-1.14.60-150400.3.21.2.aarch64.rpm True openSUSE-Leap-Micro-5.4-2023-1992 important SUSE Updates openSUSE-Leap-Micro 5.4 The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547). - CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256). - CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635). - CVE-2023-0394: Fixed a null pointer dereference flaw in the network subcomponent in the Linux kernel which could lead to system crash (bsc#1207168). - CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209634). - CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532). - CVE-2023-1582: Fixed soft lockup in __page_mapcount (bsc#1209636). - CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687). - CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779, bsc#1198400). - CVE-2023-1652: Fixed use-after-free that could lead to DoS and information leak in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c (bsc#1209788). - CVE-2023-1838: Fixed an use-after-free flaw in virtio network subcomponent. This flaw could allow a local attacker to crash the system and lead to a kernel information leak problem. (bsc#1210203). - CVE-2023-23001: Fixed misinterpretation of regulator_get return value in drivers/scsi/ufs/ufs-mediatek.c (bsc#1208829). - CVE-2023-28327: Fixed DoS in in_skb in unix_diag_get_exact() (bsc#1209290). - CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/bluetooth/hci_conn.c (bsc#1209052). - CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1209366). The following non-security bugs were fixed: - ACPI: x86: utils: Add Cezanne to the list for forcing StorageD3Enable (git-fixes). - ALSA: asihpi: check pao in control_message() (git-fixes). - ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set() (git-fixes). - ALSA: hda/conexant: Partial revert of a quirk for Lenovo (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo X370SNW (git-fixes). - ALSA: hda/realtek: Add quirk for Lenovo ZhaoYang CF4620Z (git-fixes). - ALSA: hda/realtek: Add quirks for some Clevo laptops (git-fixes). - ALSA: hda/realtek: Fix support for Dell Precision 3260 (git-fixes). - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). - ALSA: hda: intel-dsp-config: add MTL PCI id (git-fixes). - ALSA: usb-audio: Fix recursive locking at XRUN during syncing (git-fixes). - ALSA: usb-audio: Fix regression on detection of Roland VS-100 (git-fixes). - ALSA: ymfpci: Fix BUG_ON in probe function (git-fixes). - ARM: dts: imx6sl: tolino-shine2hd: fix usbotg1 pinctrl (git-fixes). - ARM: dts: imx6sll: e60k02: fix usbotg1 pinctrl (git-fixes). - ASoC: codecs: tx-macro: Fix for KASAN: slab-out-of-bounds (git-fixes). - Bluetooth: L2CAP: Fix responding with wrong PDU type (git-fixes). - Bluetooth: btqcomsmd: Fix command timeout after setting BD address (git-fixes). - Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work (git-fixes). - Fix error path in pci-hyperv to unlock the mutex state_lock - HID: cp2112: Fix driver not registering GPIO IRQ chip as threaded (git-fixes). - HID: intel-ish-hid: ipc: Fix potential use-after-free in work function (git-fixes). - Input: alps - fix compatibility with -funsigned-char (bsc#1209805). - Input: focaltech - use explicitly signed char type (git-fixes). - Input: goodix - add Lenovo Yoga Book X90F to nine_bytes_report DMI table (git-fixes). - KABI FIX FOR: NFSv4: keep state manager thread active if swap is enabled (Never, kabi). - KVM: x86: fix sending PV IPI (git-fixes). - NFS: Fix an Oops in nfs_d_automount() (git-fixes). - NFS: fix disabling of swap (git-fixes). - NFSD: Protect against filesystem freezing (git-fixes). - NFSD: fix leaked reference count of nfsd4_ssc_umount_item (git-fixes). - NFSD: fix problems with cleanup on errors in nfsd4_copy (git-fixes). - NFSD: fix use-after-free in nfsd4_ssc_setup_dul() (git-fixes). - NFSd: fix handling of readdir in v4root vs. mount upcall timeout (git-fixes). - NFSd: fix race to check ls_layouts (git-fixes). - NFSd: shut down the NFSv4 state objects before the filecache (git-fixes). - NFSd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure (git-fixes). - NFSd: zero out pointers after putting nfsd_files on COPY setup error (git-fixes). - NFSv4.1 provide mount option to toggle trunking discovery (git-fixes). - NFSv4.2: Fix initialisation of struct nfs4_label (git-fixes). - NFSv4.x: Fail client initialisation if state manager thread can't run (git-fixes). - NFSv4: Fix a credential leak in _nfs4_discover_trunking() (git-fixes). - NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn (git-fixes). - NFSv4: Fix hangs when recovering open state after a server reboot (git-fixes). - NFSv4: fix state manager flag printing (git-fixes). - NFSv4: keep state manager thread active if swap is enabled (git-fixes). - PCI/DPC: Await readiness of secondary bus after reset (git-fixes). - PCI: hv: Add a per-bus mutex state_lock (bsc#1207185). - PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1207185). - PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1207185). - PCI: hv: Use async probing to reduce boot time (bsc#1207185). - PCI: hv: fix a race condition bug in hv_pci_query_relations() (bsc#1207185). - SUNRPC: Fix a server shutdown leak (git-fixes). - SUNRPC: Fix missing release socket in rpc_sockname() (git-fixes). - SUNRPC: ensure the matching upcall is in-flight upon downcall (git-fixes). - USB: cdns3: Fix issue with using incorrect PCI device function (git-fixes). - USB: cdnsp: Fixes error: uninitialized symbol 'len' (git-fixes). - USB: cdnsp: Fixes issue with redundant Status Stage (git-fixes). - USB: cdnsp: changes PCI Device ID to fix conflict with CNDS3 driver (git-fixes). - USB: chipdea: core: fix return -EINVAL if request role is the same with current role (git-fixes). - USB: chipidea: fix memory leak with using debugfs_lookup() (git-fixes). - USB: dwc2: fix a devres leak in hw_enable upon suspend resume (git-fixes). - USB: dwc3: Fix a typo in field name (git-fixes). - USB: dwc3: fix memory leak with using debugfs_lookup() (git-fixes). - USB: dwc3: gadget: Add 1ms delay after end transfer command without IOC (git-fixes). - USB: fix memory leak with using debugfs_lookup() (git-fixes). - USB: fotg210: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: bcm63xx_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: gr_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: lpc32xx_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: pxa25x_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: pxa27x_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: u_audio: do not let userspace block driver unbind (git-fixes). - USB: isp116x: fix memory leak with using debugfs_lookup() (git-fixes). - USB: isp1362: fix memory leak with using debugfs_lookup() (git-fixes). - USB: sl811: fix memory leak with using debugfs_lookup() (git-fixes). - USB: typec: altmodes/displayport: Fix configure initial pin assignment (git-fixes). - USB: typec: tcpm: fix warning when handle discover_identity message (git-fixes). - USB: ucsi: Fix NULL pointer deref in ucsi_connector_change() (git-fixes). - USB: ucsi: Fix ucsi->connector race (git-fixes). - USB: uhci: fix memory leak with using debugfs_lookup() (git-fixes). - USB: xhci: tegra: fix sleep in atomic call (git-fixes). - alarmtimer: Prevent starvation by small intervals and SIG_IGN (git-fixes) - arch: fix broken BuildID for arm64 and riscv (bsc#1209798). - arm64/cpufeature: Fix field sign for DIT hwcap detection (git-fixes) - arm64: dts: freescale: Fix pca954x i2c-mux node names (git-fixes) - arm64: dts: imx8mm-nitrogen-r2: fix WM8960 clock name (git-fixes). - arm64: dts: imx8mn: specify #sound-dai-cells for SAI nodes (git-fixes). - arm64: dts: imx8mp-phycore-som: Remove invalid PMIC property (git-fixes) - arm64: dts: imx8mp: correct usb clocks (git-fixes) - arm64: dts: imx8mq: add mipi csi phy and csi bridge descriptions (git-fixes) - arm64: dts: imx8mq: fix mipi_csi bidirectional port numbers (git-fixes) - arm64: dts: qcom: sm8350: Mark UFS controller as cache coherent (git-fixes). - atm: idt77252: fix kmemleak when rmmod idt77252 (git-fixes). - ca8210: Fix unsigned mac_len comparison with zero in ca8210_skb_tx() (git-fixes). - ca8210: fix mac_len negative array access (git-fixes). - can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write (git-fixes). - can: isotp: isotp_ops: fix poll() to not report false EPOLLOUT events (git-fixes). - can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access (git-fixes). - cifs: Fix smb2_set_path_size() (git-fixes). - cifs: Move the in_send statistic to __smb_send_rqst() (git-fixes). - cifs: append path to open_enter trace event (bsc#1193629). - cifs: avoid race conditions with parallel reconnects (bsc#1193629). - cifs: avoid races in parallel reconnects in smb1 (bsc#1193629). - cifs: check only tcon status on tcon related functions (bsc#1193629). - cifs: do not poll server interfaces too regularly (bsc#1193629). - cifs: double lock in cifs_reconnect_tcon() (git-fixes). - cifs: dump pending mids for all channels in DebugData (bsc#1193629). - cifs: empty interface list when server does not support query interfaces (bsc#1193629). - cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL (bsc#1193629). - cifs: fix dentry lookups in directory handle cache (bsc#1193629). - cifs: fix missing unload_nls() in smb2_reconnect() (bsc#1193629). - cifs: fix use-after-free bug in refresh_cache_worker() (bsc#1193629). - cifs: generate signkey for the channel that's reconnecting (bsc#1193629). - cifs: get rid of dead check in smb2_reconnect() (bsc#1193629). - cifs: lock chan_lock outside match_session (bsc#1193629). - cifs: prevent infinite recursion in CIFSGetDFSRefer() (bsc#1193629). - cifs: print session id while listing open files (bsc#1193629). - cifs: return DFS root session id in DebugData (bsc#1193629). - cifs: set DFS root session in cifs_get_smb_ses() (bsc#1193629). - cifs: use DFS root session instead of tcon ses (bsc#1193629). - clocksource/drivers/mediatek: Optimize systimer irq clear flow on shutdown (git-fixes). - debugfs: add debugfs_lookup_and_remove() (git-fixes). - drivers/base: Fix unsigned comparison to -1 in CPUMAP_FILE_MAX_BYTES (bsc#1208815). - drivers/base: fix userspace break from using bin_attributes for cpumap and cpulist (bsc#1208815). - drm/amd/display: Add DSC Support for Synaptics Cascaded MST Hub (git-fixes). - drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes (git-fixes). - drm/amdkfd: Fix an illegal memory access (git-fixes). - drm/bridge: lt8912b: return EPROBE_DEFER if bridge is not found (git-fixes). - drm/etnaviv: fix reference leak when mmaping imported buffer (git-fixes). - drm/i915/active: Fix missing debug object activation (git-fixes). - drm/i915/active: Fix misuse of non-idle barriers as fence trackers (git-fixes). - drm/i915/display/psr: Handle plane and pipe restrictions at every page flip (git-fixes). - drm/i915/display/psr: Use drm damage helpers to calculate plane damaged area (git-fixes). - drm/i915/display: Workaround cursor left overs with PSR2 selective fetch enabled (git-fixes). - drm/i915/display: clean up comments (git-fixes). - drm/i915/gt: perform uc late init after probe error injection (git-fixes). - drm/i915/psr: Use calculated io and fast wake lines (git-fixes). - drm/i915/tc: Fix the ICL PHY ownership check in TC-cold state (git-fixes). - drm/i915: Do not use BAR mappings for ring buffers with LLC (git-fixes). - drm/i915: Do not use stolen memory for ring buffers with LLC (git-fixes). - drm/i915: Preserve crtc_state->inherited during state clearing (git-fixes). - drm/i915: Remove unused bits of i915_vma/active api (git-fixes). - drm/panfrost: Fix the panfrost_mmu_map_fault_addr() error path (git-fixes). - dt-bindings: serial: renesas,scif: Fix 4th IRQ for 4-IRQ SCIFs (git-fixes). - efi: sysfb_efi: Fix DMI quirks not working for simpledrm (git-fixes). - fbdev: au1200fb: Fix potential divide by zero (git-fixes). - fbdev: intelfb: Fix potential divide by zero (git-fixes). - fbdev: lxfb: Fix potential divide by zero (git-fixes). - fbdev: nvidia: Fix potential divide by zero (git-fixes). - fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks (git-fixes). - fbdev: tgafb: Fix potential divide by zero (git-fixes). - firmware: arm_scmi: Fix device node validation for mailbox transport (git-fixes). - fotg210-udc: Add missing completion handler (git-fixes). - ftrace: Fix invalid address access in lookup_rec() when index is 0 (git-fixes). - ftrace: Fix issue that 'direct->addr' not restored in modify_ftrace_direct() (git-fixes). - ftrace: Mark get_lock_parent_ip() __always_inline (git-fixes). - gpio: GPIO_REGMAP: select REGMAP instead of depending on it (git-fixes). - gpio: davinci: Add irq chip flag to skip set wake (git-fixes). - hwmon: fix potential sensor registration fail if of_node is missing (git-fixes). - i2c: hisi: Only use the completion interrupt to finish the transfer (git-fixes). - i2c: imx-lpi2c: check only for enabled interrupt flags (git-fixes). - i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() (git-fixes). - iio: adc: ad7791: fix IRQ flags (git-fixes). - iio: adc: ti-ads7950: Set `can_sleep` flag for GPIO chip (git-fixes). - iio: adis16480: select CONFIG_CRC32 (git-fixes). - iio: dac: cio-dac: Fix max DAC write value check for 12-bit (git-fixes). - iio: light: cm32181: Unregister second I2C client if present (git-fixes). - kABI workaround for xhci (git-fixes). - kABI: x86/msr: Remove .fixup usage (kabi). - kconfig: Update config changed flag before calling callback (git-fixes). - keys: Do not cache key in task struct if key is requested from kernel thread (git-fixes). - lan78xx: Add missing return code checks (git-fixes). - lan78xx: Fix exception on link speed change (git-fixes). - lan78xx: Fix memory allocation bug (git-fixes). - lan78xx: Fix partial packet errors on suspend/resume (git-fixes). - lan78xx: Fix race condition in disconnect handling (git-fixes). - lan78xx: Fix race conditions in suspend/resume handling (git-fixes). - lan78xx: Fix white space and style issues (git-fixes). - lan78xx: Remove unused pause frame queue (git-fixes). - lan78xx: Remove unused timer (git-fixes). - lan78xx: Set flow control threshold to prevent packet loss (git-fixes). - lockd: set file_lock start and end when decoding nlm4 testargs (git-fixes). - locking/rwbase: Mitigate indefinite writer starvation (bsc#1189998 (PREEMPT_RT prerequisite backports), bsc#1206552). - mm: memcg: fix swapcached stat accounting (bsc#1209804). - mm: mmap: remove newline at the end of the trace (git-fixes). - mmc: atmel-mci: fix race between stop command and start of next command (git-fixes). - mtd: rawnand: meson: fix bitmask for length in command word (git-fixes). - mtd: rawnand: meson: invalidate cache on polling ECC bit (git-fixes). - mtd: rawnand: stm32_fmc2: remove unsupported EDO mode (git-fixes). - mtd: rawnand: stm32_fmc2: use timings.mode instead of checking tRC_min (git-fixes). - mtdblock: tolerate corrected bit-flips (git-fixes). - net: asix: fix modprobe "sysfs: cannot create duplicate filename" (git-fixes). - net: mdio: thunder: Add missing fwnode_handle_put() (git-fixes). - net: phy: Ensure state transitions are processed from phy_stop() (git-fixes). - net: phy: dp83869: fix default value for tx-/rx-internal-delay (git-fixes). - net: phy: nxp-c45-tja11xx: fix MII_BASIC_CONFIG_REV bit (git-fixes). - net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails (git-fixes). - net: qcom/emac: Fix use after free bug in emac_remove due to race condition (git-fixes). - net: usb: asix: remove redundant assignment to variable reg (git-fixes). - net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990 (git-fixes). - net: usb: lan78xx: Limit packet length to skb->len (git-fixes). - net: usb: qmi_wwan: add Telit 0x1080 composition (git-fixes). - net: usb: smsc75xx: Limit packet length to skb->len (git-fixes). - net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull (git-fixes). - net: usb: smsc95xx: Limit packet length to skb->len (git-fixes). - net: usb: use eth_hw_addr_set() (git-fixes). - nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() (git-fixes). - nilfs2: fix sysfs interface lifetime (git-fixes). - nvme-tcp: always fail a request when sending it failed (bsc#1208902). - pNFS/filelayout: Fix coalescing test for single DS (git-fixes). - pinctrl: amd: Disable and mask interrupts on resume (git-fixes). - pinctrl: at91-pio4: fix domain name assignment (git-fixes). - pinctrl: ocelot: Fix alt mode for ocelot (git-fixes). - platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl (git-fixes). - platform/x86/intel/pmc: Alder Lake PCH slp_s0_residency fix (git-fixes). - platform/x86: think-lmi: Add possible_values for ThinkStation (git-fixes). - platform/x86: think-lmi: Certificate authentication support (bsc#1210050). - platform/x86: think-lmi: Clean up display of current_value on Thinkstation (git-fixes). - platform/x86: think-lmi: Fix memory leak when showing current settings (git-fixes). - platform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI strings (git-fixes). - platform/x86: think-lmi: Move kobject_init() call into tlmi_create_auth() (bsc#1210050). - platform/x86: think-lmi: Opcode support (bsc#1210050). - platform/x86: think-lmi: Prevent underflow in index_store() (bsc#1210050). - platform/x86: think-lmi: Simplify tlmi_analyze() error handling a bit (bsc#1210050). - platform/x86: think-lmi: Use min_t() for comparison and assignment (bsc#1210050). - platform/x86: think-lmi: add debug_cmd (bsc#1210050). - platform/x86: think-lmi: add missing type attribute (git-fixes). - platform/x86: think-lmi: certificate support clean ups (bsc#1210050). - platform/x86: think-lmi: only display possible_values if available (git-fixes). - platform/x86: think-lmi: use correct possible_values delimiters (git-fixes). - platform/x86: thinkpad-acpi: Add support for automatic mode transitions (bsc#1210050). - platform/x86: thinkpad-acpi: Enable AMT by default on supported systems (bsc#1210050). - platform/x86: thinkpad-acpi: profile capabilities as integer (bsc#1210050). - platform/x86: thinkpad_acpi: Accept ibm_init_struct.init() returning -ENODEV (bsc#1210050). - platform/x86: thinkpad_acpi: Add LED_RETAIN_AT_SHUTDOWN to led_class_devs (bsc#1210050). - platform/x86: thinkpad_acpi: Add PSC mode support (bsc#1210050). - platform/x86: thinkpad_acpi: Add a s2idle resume quirk for a number of laptops (bsc#1210050). - platform/x86: thinkpad_acpi: Add dual fan probe (bsc#1210050). - platform/x86: thinkpad_acpi: Add dual-fan quirk for T15g (2nd gen) (bsc#1210050). - platform/x86: thinkpad_acpi: Add hotkey_notify_extended_hotkey() helper (bsc#1210050). - platform/x86: thinkpad_acpi: Add lid_logo_dot to the list of safe LEDs (bsc#1210050). - platform/x86: thinkpad_acpi: Add quirk for ThinkPads without a fan (bsc#1210050). - platform/x86: thinkpad_acpi: Cleanup dytc_profile_available (bsc#1210050). - platform/x86: thinkpad_acpi: Convert btusb DMI list to quirks (bsc#1210050). - platform/x86: thinkpad_acpi: Convert platform driver to use dev_groups (bsc#1210050). - platform/x86: thinkpad_acpi: Correct dual fan probe (bsc#1210050). - platform/x86: thinkpad_acpi: Do not use test_bit on an integer (bsc#1210050). - platform/x86: thinkpad_acpi: Enable s2idle quirk for 21A1 machine type (bsc#1210050). - platform/x86: thinkpad_acpi: Explicitly set to balanced mode on startup (bsc#1210050). - platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO resource (bsc#1210050). - platform/x86: thinkpad_acpi: Fix coccinelle warnings (bsc#1210050). - platform/x86: thinkpad_acpi: Fix compiler warning about uninitialized err variable (bsc#1210050). - platform/x86: thinkpad_acpi: Fix incorrect use of platform profile on AMD platforms (bsc#1210050). - platform/x86: thinkpad_acpi: Fix max_brightness of thinklight (bsc#1210050). - platform/x86: thinkpad_acpi: Fix profile mode display in AMT mode (bsc#1210050). - platform/x86: thinkpad_acpi: Fix profile modes on Intel platforms (bsc#1210050). - platform/x86: thinkpad_acpi: Fix reporting a non present second fan on some models (bsc#1210050). - platform/x86: thinkpad_acpi: Fix the hwmon sysfs-attr showing up in the wrong place (bsc#1210050). - platform/x86: thinkpad_acpi: Fix thermal_temp_input_attr sorting (bsc#1210050). - platform/x86: thinkpad_acpi: Fix thinklight LED brightness returning 255 (bsc#1210050). - platform/x86: thinkpad_acpi: Get privacy-screen / lcdshadow ACPI handles only once (bsc#1210050). - platform/x86: thinkpad_acpi: Make *_init() functions return -ENODEV instead of 1 (bsc#1210050). - platform/x86: thinkpad_acpi: Properly indent code in tpacpi_dytc_profile_init() (bsc#1210050). - platform/x86: thinkpad_acpi: Register tpacpi_pdriver after subdriver init (bsc#1210050). - platform/x86: thinkpad_acpi: Remove "goto err_exit" from hotkey_init() (bsc#1210050). - platform/x86: thinkpad_acpi: Remove unused sensors_pdev_attrs_registered flag (bsc#1210050). - platform/x86: thinkpad_acpi: Restore missing hotkey_tablet_mode and hotkey_radio_sw sysfs-attr (bsc#1210050). - platform/x86: thinkpad_acpi: Simplify dytc_version handling (bsc#1210050). - platform/x86: thinkpad_acpi: Switch to common use of attributes (bsc#1210050). - platform/x86: thinkpad_acpi: Use backlight helper (bsc#1210050). - platform/x86: thinkpad_acpi: clean up dytc profile convert (bsc#1210050). - platform/x86: thinkpad_acpi: consistently check fan_get_status return (bsc#1210050). - platform/x86: thinkpad_acpi: do not use PSC mode on Intel platforms (bsc#1210050). - platform/x86: thinkpad_acpi: tpacpi_attr_group contains driver attributes not device attrs (bsc#1210050). - platform/x86: thinkpad_acpi: use strstarts() (bsc#1210050). - power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition (git-fixes). - powerpc/64s/interrupt: Fix interrupt exit race with security mitigation switch (bsc#1194869). - powerpc/btext: add missing of_node_put (bsc#1065729). - powerpc/ioda/iommu/debugfs: Generate unique debugfs entries (bsc#1194869). - powerpc/iommu: Add missing of_node_put in iommu_init_early_dart (bsc#1194869). - powerpc/iommu: fix memory leak with using debugfs_lookup() (bsc#1194869). - powerpc/kcsan: Exclude udelay to prevent recursive instrumentation (bsc#1194869). - powerpc/kexec_file: fix implicit decl error (bsc#1194869). - powerpc/powernv/ioda: Skip unallocated resources when mapping to PE (bsc#1065729). - powerpc/powernv: fix missing of_node_put in uv_init() (bsc#1194869). - powerpc/pseries/lpar: add missing RTAS retry status handling (bsc#1109158 ltc#169177 git-fixes). - powerpc/pseries/lparcfg: add missing RTAS retry status handling (bsc#1065729). - powerpc/rtas: ensure 4KB alignment for rtas_data_buf (bsc#1065729). - powerpc/vmlinux.lds: Define RUNTIME_DISCARD_EXIT (bsc#1194869). - powerpc/vmlinux.lds: Do not discard .comment (bsc#1194869). - powerpc/vmlinux.lds: Do not discard .rela* for relocatable builds (bsc#1194869). - powerpc/xmon: Fix -Wswitch-unreachable warning in bpt_cmds (bsc#1194869). - powerpc: Remove linker flag from KBUILD_AFLAGS (bsc#1194869). - ppc64le: HWPOISON_INJECT=m (bsc#1209572). - pwm: cros-ec: Explicitly set .polarity in .get_state() (git-fixes). - pwm: sprd: Explicitly set .polarity in .get_state() (git-fixes). - r8169: fix RTL8168H and RTL8107E rx crc error (git-fixes). - rcu: Fix rcu_torture_read ftrace event (git-fixes). - ring-buffer: Fix race while reader and writer are on the same page (git-fixes). - ring-buffer: Handle race between rb_move_tail and rb_check_pages (git-fixes). - ring-buffer: remove obsolete comment for free_buffer_page() (git-fixes). - s390/boot: simplify and fix kernel memory layout setup (bsc#1209600). - s390/dasd: fix no record found for raw_track_access (bsc#1207574). - s390/vfio-ap: fix memory leak in vfio_ap device driver (git-fixes). - sbitmap: Avoid lockups when waker gets preempted (bsc#1209118). - sched/psi: Fix use-after-free in ep_remove_wait_queue() (bsc#1209799). - scsi: qla2xxx: Synchronize the IOCB count to be in order (bsc#1209292 bsc#1209684 bsc#1209556). - sctp: sctp_sock_filter(): avoid list_entry() on possibly empty list (bsc#1208602, git-fixes). - serial: 8250: ASPEED_VUART: select REGMAP instead of depending on it (git-fixes). - serial: 8250: SERIAL_8250_ASPEED_VUART should depend on ARCH_ASPEED (git-fixes). - serial: fsl_lpuart: Fix comment typo (git-fixes). - smb3: fix unusable share after force unmount failure (bsc#1193629). - smb3: lower default deferred close timeout to address perf regression (bsc#1193629). - struct dwc3: mask new member (git-fixes). - thunderbolt: Add missing UNSET_INBOUND_SBTX for retimer access (git-fixes). - thunderbolt: Call tb_check_quirks() after initializing adapters (git-fixes). - thunderbolt: Disable interrupt auto clear for rings (git-fixes). - thunderbolt: Rename shadowed variables bit to interrupt_bit and auto_clear_bit (git-fixes). - thunderbolt: Use const qualifier for `ring_interrupt_index` (git-fixes). - thunderbolt: Use scale field when allocating USB3 bandwidth (git-fixes). - timers: Prevent union confusion from unexpected (git-fixes) - trace/hwlat: Do not start per-cpu thread if it is already running (git-fixes). - trace/hwlat: Do not wipe the contents of per-cpu thread data (git-fixes). - trace/hwlat: make use of the helper function kthread_run_on_cpu() (git-fixes). - tracing: Add trace_array_puts() to write into instance (git-fixes). - tracing: Fix wrong return in kprobe_event_gen_test.c (git-fixes). - tracing: Free error logs of tracing instances (git-fixes). - tracing: Have tracing_snapshot_instance_cond() write errors to the appropriate instance (git-fixes). - tty: serial: fsl_lpuart: avoid checking for transfer complete when UARTCTRL_SBK is asserted in lpuart32_tx_empty (git-fixes). - tty: serial: fsl_lpuart: skip waiting for transmission complete when UARTCTRL_SBK is asserted (git-fixes). - tty: serial: sh-sci: Fix Rx on RZ/G2L SCI (git-fixes). - tty: serial: sh-sci: Fix transmit end interrupt handler (git-fixes). - uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2 (git-fixes). - vdpa_sim: set last_used_idx as last_avail_idx in vdpasim_queue_ready (git-fixes). - wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta (git-fixes). - wifi: mac80211: fix qos on mesh interfaces (git-fixes). - wireguard: ratelimiter: use hrtimer in selftest (git-fixes) - x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes). - x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes). - x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes). - x86/fpu: Cache xfeature flags from CPUID (git-fixes). - x86/fpu: Remove unused supervisor only offsets (git-fixes). - x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes). - x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes). - x86/mce: Allow instrumentation during task work queueing (git-fixes). - x86/mce: Mark mce_end() noinstr (git-fixes). - x86/mce: Mark mce_panic() noinstr (git-fixes). - x86/mce: Mark mce_read_aux() noinstr (git-fixes). - x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes). - x86/msr: Remove .fixup usage (git-fixes). - x86/sgx: Free backing memory after faulting the enclave page (git-fixes). - x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes). - x86/uaccess: Move variable into switch case statement (git-fixes). - x86: Annotate call_on_stack() (git-fixes). - x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments (bsc#1203200). - xfs: convert ptag flags to unsigned (git-fixes). - xfs: do not assert fail on perag references on teardown (git-fixes). - xfs: do not leak btree cursor when insrec fails after a split (git-fixes). - xfs: pass the correct cursor to xfs_iomap_prealloc_size (git-fixes). - xfs: remove xfs_setattr_time() declaration (git-fixes). - xfs: zero inode fork buffer at allocation (git-fixes). - xhci: Free the command allocated for setting LPM if we return early (git-fixes). - xhci: also avoid the XHCI_ZERO_64B_REGS quirk with a passthrough iommu (git-fixes). - xirc2ps_cs: Fix use after free bug in xirc2ps_detach (git-fixes). - xprtrdma: Fix regbuf data not freed in rpcrdma_req_create() (git-fixes). kernel-rt-5.14.21-150400.15.23.1.nosrc.rpm True kernel-rt-5.14.21-150400.15.23.1.x86_64.rpm True openSUSE-Leap-Micro-5.4-2023-1994 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for avahi fixes the following issues: - CVE-2023-1981: Fixed crash in avahi-daemon (bsc#1210328). avahi-0.8-150400.7.3.1.src.rpm avahi-0.8-150400.7.3.1.x86_64.rpm libavahi-client3-0.8-150400.7.3.1.x86_64.rpm libavahi-common3-0.8-150400.7.3.1.x86_64.rpm libavahi-core7-0.8-150400.7.3.1.x86_64.rpm avahi-0.8-150400.7.3.1.s390x.rpm libavahi-client3-0.8-150400.7.3.1.s390x.rpm libavahi-common3-0.8-150400.7.3.1.s390x.rpm libavahi-core7-0.8-150400.7.3.1.s390x.rpm avahi-0.8-150400.7.3.1.aarch64.rpm libavahi-client3-0.8-150400.7.3.1.aarch64.rpm libavahi-common3-0.8-150400.7.3.1.aarch64.rpm libavahi-core7-0.8-150400.7.3.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2084 important SUSE Updates openSUSE-Leap-Micro 5.4 This update for shim fixes the following issues: - CVE-2022-28737 was missing as reference previously. - Upgrade shim-install for bsc#1210382 After closing Leap-gap project since Leap 15.3, openSUSE Leap direct uses shim from SLE. So the ca_string is 'SUSE Linux Enterprise Secure Boot CA1', not 'openSUSE Secure Boot CA1'. It causes that the update_boot=no, so all files in /boot/efi/EFI/boot are not updated. Logic was added that is using ID field in os-release for checking Leap distro and set ca_string to 'SUSE Linux Enterprise Secure Boot CA1'. Then /boot/efi/EFI/boot/* can also be updated. shim-15.7-150300.4.16.1.src.rpm shim-15.7-150300.4.16.1.x86_64.rpm shim-15.7-150300.4.16.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2046 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for openssl-ibmca fixes the following issues: Upgraded openssl-ibmca to version 2.4.0 (bsc#1210058) - Provider: Adjustments for OpenSSL versions 3.1 and 3.2 - Provider: Support RSA blinding - Provider: Constant-time fixes for RSA PKCS#1 v1.5 and OAEP padding - Provider: Support "implicit rejection" option for RSA PKCS#1 v1.5 padding - Provider: Adjustments in OpenSSL config generator and example configs - Engine: EC: Cache ICA key in EC_KEY object (performance improvement) - FIPS 140-3: Correct engine handling so only the ciphers selected in the config file are activated (bsc#1210359) openssl-ibmca-2.4.0-150400.4.8.1.s390x.rpm openssl-ibmca-2.4.0-150400.4.8.1.src.rpm openSUSE-Leap-Micro-5.4-2023-1947 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for dmidecode fixes the following issues: - CVE-2023-30630: Fixed potential privilege escalation vulnerability via file overwrite (bsc#1210418). dmidecode-3.4-150400.16.8.1.src.rpm dmidecode-3.4-150400.16.8.1.x86_64.rpm dmidecode-3.4-150400.16.8.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-1939 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for mozilla-nss fixes the following issues: - FIPS 140-3: Adjust SLI reporting for PBKDF2 parameter validation (bsc#1208999) - FIPS 140-3: Update session->lastOpWasFIPS before destroying the key after derivation in the CKM_TLS12_KEY_AND_MAC_DERIVE, CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256, CKM_TLS_KEY_AND_MAC_DERIVE and CKM_SSL3_KEY_AND_MAC_DERIVE cases. (bsc#1191546) - FIPS 140-3: more changes for pairwise consistency checks. (bsc#1207209) - Add manpages to mozilla-nss-tools (bsc#1208242) libfreebl3-3.79.4-150400.3.29.1.x86_64.rpm libfreebl3-hmac-3.79.4-150400.3.29.1.x86_64.rpm libsoftokn3-3.79.4-150400.3.29.1.x86_64.rpm libsoftokn3-hmac-3.79.4-150400.3.29.1.x86_64.rpm mozilla-nss-3.79.4-150400.3.29.1.src.rpm mozilla-nss-3.79.4-150400.3.29.1.x86_64.rpm mozilla-nss-certs-3.79.4-150400.3.29.1.x86_64.rpm mozilla-nss-tools-3.79.4-150400.3.29.1.x86_64.rpm libfreebl3-3.79.4-150400.3.29.1.s390x.rpm libfreebl3-hmac-3.79.4-150400.3.29.1.s390x.rpm libsoftokn3-3.79.4-150400.3.29.1.s390x.rpm libsoftokn3-hmac-3.79.4-150400.3.29.1.s390x.rpm mozilla-nss-3.79.4-150400.3.29.1.s390x.rpm mozilla-nss-certs-3.79.4-150400.3.29.1.s390x.rpm mozilla-nss-tools-3.79.4-150400.3.29.1.s390x.rpm libfreebl3-3.79.4-150400.3.29.1.aarch64.rpm libfreebl3-hmac-3.79.4-150400.3.29.1.aarch64.rpm libsoftokn3-3.79.4-150400.3.29.1.aarch64.rpm libsoftokn3-hmac-3.79.4-150400.3.29.1.aarch64.rpm mozilla-nss-3.79.4-150400.3.29.1.aarch64.rpm mozilla-nss-certs-3.79.4-150400.3.29.1.aarch64.rpm mozilla-nss-tools-3.79.4-150400.3.29.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2216 important SUSE Updates openSUSE-Leap-Micro 5.4 This update for python-packaging fixes the following issues: - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Add patch to fix testsuite on big-endian targets - Ignore python3.6.2 since the test doesn't support it. - update to 21.3: * Add a pp3-none-any tag * Replace the blank pyparsing 3 exclusion with a 3.0.5 exclusion * Fix a spelling mistake - update to 21.2: * Update documentation entry for 21.1. * Update pin to pyparsing to exclude 3.0.0. * PEP 656: musllinux support * Drop support for Python 2.7, Python 3.4 and Python 3.5 * Replace distutils usage with sysconfig * Add support for zip files * Use cached hash attribute to short-circuit tag equality comparisons * Specify the default value for the 'specifier' argument to 'SpecifierSet' * Proper keyword-only "warn" argument in packaging.tags * Correctly remove prerelease suffixes from ~= check * Fix type hints for 'Version.post' and 'Version.dev' * Use typing alias 'UnparsedVersion' * Improve type inference * Tighten the return typeo - Add Provides: for python*dist(packaging). (bsc#1186870) - add no-legacyversion-warning.patch to restore compatibility with 20.4 - update to 20.9: * Add support for the ``macosx_10_*_universal2`` platform tags * Introduce ``packaging.utils.parse_wheel_filename()`` and ``parse_sdist_filename()`` - update to 20.8: * Revert back to setuptools for compatibility purposes for some Linux distros * Do not insert an underscore in wheel tags when the interpreter version number is more than 2 digits * Fix flit configuration, to include LICENSE files * Make `intel` a recognized CPU architecture for the `universal` macOS platform tag * Add some missing type hints to `packaging.requirements` * Officially support Python 3.9 * Deprecate the ``LegacyVersion`` and ``LegacySpecifier`` classes * Handle ``OSError`` on non-dynamic executables when attempting to resolve the glibc version string. - update to 20.4: * Canonicalize version before comparing specifiers. * Change type hint for ``canonicalize_name`` to return ``packaging.utils.NormalizedName``. This enables the use of static typing tools (like mypy) to detect mixing of normalized and un-normalized names. python-packaging-21.3-150200.3.3.1.src.rpm python3-packaging-21.3-150200.3.3.1.noarch.rpm openSUSE-Leap-Micro-5.4-2023-2283 important SUSE Updates openSUSE-Leap-Micro 5.4 This update for cloud-regionsrv-client fixes the following issues: - Update to version 10.1.2 (bsc#1211282) + Properly handle Ipv6 when checking update server responsiveness. If not available fall back and use IPv4 information + Use systemd_ordered to allow use in a container without pulling systemd into the container as a requirement - Update to version 10.1.1 (bsc#1210020, bsc#1210021) + Clean up the system if baseproduct registraion fails to leave the system in prestine state + Log when the registercloudguest command is invoked with --clean - Update to version 10.1.0 (bsc#1207133, bsc#1208097, bsc#1208099 ) - Removes a warning about system_token entry present in the credentials file. - Adds logrotate configuration for log rotation. cloud-regionsrv-client-10.1.2-150000.6.96.1.noarch.rpm cloud-regionsrv-client-10.1.2-150000.6.96.1.src.rpm cloud-regionsrv-client-addon-azure-1.0.5-150000.6.96.1.noarch.rpm cloud-regionsrv-client-generic-config-1.0.0-150000.6.96.1.noarch.rpm cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.96.1.noarch.rpm cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.96.1.noarch.rpm cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.96.1.noarch.rpm openSUSE-Leap-Micro-5.4-2023-1967 important SUSE Updates openSUSE-Leap-Micro 5.4 This update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container fixes the following issues: - CVE-2023-26484: Limit operator secrets permission. (bsc#1209359) kubevirt is also rebuilt with a supported GO compiler (bsc#1208916) kubevirt-0.54.0-150400.3.13.1.src.rpm kubevirt-manifests-0.54.0-150400.3.13.1.x86_64.rpm kubevirt-virtctl-0.54.0-150400.3.13.1.x86_64.rpm openSUSE-Leap-Micro-5.4-2023-1966 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer fixes the following issues: - build the containerized-data-importer with a supported golang compiler (bsc#1208916) containerized-data-importer-1.51.0-150400.4.13.1.src.rpm containerized-data-importer-manifests-1.51.0-150400.4.13.1.x86_64.rpm openSUSE-Leap-Micro-5.4-2023-2192 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This release of python311, python311-pip, python311-setuptools adds the following feature: - Add Python-3.11 to SLE-15-SP4 Python Module (jsc#PED-68, jsc#PED-2634) python3-setuptools-44.1.1-150400.9.3.3.noarch.rpm python3-setuptools-44.1.1-150400.9.3.3.src.rpm openSUSE-Leap-Micro-5.4-2023-2053 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). The following non-security bug was fixed: - Remove unneeded dependency (bsc#1209918). libxml2-2-2.9.14-150400.5.16.1.x86_64.rpm libxml2-2.9.14-150400.5.16.1.src.rpm libxml2-python-2.9.14-150400.5.16.1.src.rpm libxml2-tools-2.9.14-150400.5.16.1.x86_64.rpm python3-libxml2-2.9.14-150400.5.16.1.x86_64.rpm libxml2-2-2.9.14-150400.5.16.1.s390x.rpm libxml2-tools-2.9.14-150400.5.16.1.s390x.rpm python3-libxml2-2.9.14-150400.5.16.1.s390x.rpm libxml2-2-2.9.14-150400.5.16.1.aarch64.rpm libxml2-tools-2.9.14-150400.5.16.1.aarch64.rpm python3-libxml2-2.9.14-150400.5.16.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2051 important SUSE Updates openSUSE-Leap-Micro 5.4 This update for libtpms fixes the following issues: - CVE-2023-1017: Fixed out-of-bounds write in CryptParameterDecryption (bsc#1206022). - CVE-2023-1018: Fixed out-of-bounds read in CryptParameterDecryption (bsc#1206023). libtpms-0.8.2-150300.3.9.1.src.rpm libtpms0-0.8.2-150300.3.9.1.x86_64.rpm libtpms0-0.8.2-150300.3.9.1.s390x.rpm libtpms0-0.8.2-150300.3.9.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2438 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for kernel-firmware fixes the following issues: - Add firmware for QAT 4xxx (jsc#PED-3699, bsc#1209601) - Add iwlwifi-*-72 ucode (bsc#1209681) - Update constraints for 8GB (bsc#1205811) kernel-firmware-20220509-150400.4.16.1.src.rpm True kernel-firmware-all-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-amdgpu-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-ath10k-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-ath11k-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-atheros-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-bluetooth-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-bnx2-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-brcm-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-chelsio-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-dpaa2-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-i915-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-intel-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-iwlwifi-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-liquidio-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-marvell-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-media-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-mediatek-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-mellanox-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-mwifiex-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-network-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-nfp-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-nvidia-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-platform-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-prestera-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-qcom-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-qlogic-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-radeon-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-realtek-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-serial-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-sound-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-ti-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-ueagle-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-usb-network-20220509-150400.4.16.1.noarch.rpm True ucode-amd-20220509-150400.4.16.1.noarch.rpm True openSUSE-Leap-Micro-5.4-2023-2161 important SUSE Updates openSUSE-Leap-Micro 5.4 This update for aws-cli, python-boto3, python-botocore, python-s3transfer fixes the following issues: aws-cli: - Version update from 1.23.11 to 1.27.89 (bsc#1209255, jsc#PED-3780, bsc#1204537, jsc#PED-2333) * For the detailed list of changes please consult upstream changelog: https://github.com/aws/aws-cli/blob/1.27.89/CHANGELOG.rst * Updated required dependencies python-botocore: - Version update from 1.25.11 to 1.29.89 (bsc#1209255, jsc#PED-3780, bsc#1204537, jsc#PED-2333): * For the detailed list of changes please consult https://github.com/boto/botocore/blob/develop/CHANGELOG.rst * Updated required dependencies python-boto3: - Version update from 1.22.11 to 1.26.89 (bsc#1209255, jsc#PED-3780, bsc#1204537, jsc#PED-2333): * For the detailed list of changes please consult https://github.com/boto/boto3/blob/develop/CHANGELOG.rst * Updated required dependencies - Add additional build dependency requirements to python-python-dateutil and python-jmespath to resolve build failures python-s3transfer: - Version update from 0.5.0 to 0.6.0 (bsc#1209255, jsc#PED-3780, bsc#1204537, jsc#PED-2333): * Dropped support for Python 3.6 * Added support for flexible checksum when uploading or downloading objects * Officially add Python 3.10 support - Add additional build dependency requirements to python-python-dateutil and python-jmespath to resolve build failures - Drop unused python-mock build dependency aws-cli-1.27.89-150200.30.11.1.noarch.rpm aws-cli-1.27.89-150200.30.11.1.src.rpm python-botocore-1.29.89-150200.37.14.1.src.rpm python-s3transfer-0.6.0-150200.9.7.1.src.rpm python3-botocore-1.29.89-150200.37.14.1.noarch.rpm python3-s3transfer-0.6.0-150200.9.7.1.noarch.rpm openSUSE-Leap-Micro-5.4-2023-2240 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for systemd fixes the following issues: - udev-rules: fix nvme symlink creation on namespace changes (bsc#1207410) - Optimize when hundred workers claim the same symlink with the same priority (bsc#1203141) - Add nss-resolve and systemd-network to Packagehub-Subpackages (MSC-626) libsystemd0-249.16-150400.8.28.3.x86_64.rpm libudev1-249.16-150400.8.28.3.x86_64.rpm systemd-249.16-150400.8.28.3.src.rpm systemd-249.16-150400.8.28.3.x86_64.rpm systemd-container-249.16-150400.8.28.3.x86_64.rpm systemd-journal-remote-249.16-150400.8.28.3.x86_64.rpm systemd-sysvinit-249.16-150400.8.28.3.x86_64.rpm udev-249.16-150400.8.28.3.x86_64.rpm libsystemd0-249.16-150400.8.28.3.s390x.rpm libudev1-249.16-150400.8.28.3.s390x.rpm systemd-249.16-150400.8.28.3.s390x.rpm systemd-container-249.16-150400.8.28.3.s390x.rpm systemd-journal-remote-249.16-150400.8.28.3.s390x.rpm systemd-sysvinit-249.16-150400.8.28.3.s390x.rpm udev-249.16-150400.8.28.3.s390x.rpm libsystemd0-249.16-150400.8.28.3.aarch64.rpm libudev1-249.16-150400.8.28.3.aarch64.rpm systemd-249.16-150400.8.28.3.aarch64.rpm systemd-container-249.16-150400.8.28.3.aarch64.rpm systemd-journal-remote-249.16-150400.8.28.3.aarch64.rpm systemd-sysvinit-249.16-150400.8.28.3.aarch64.rpm udev-249.16-150400.8.28.3.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2103 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for vim fixes the following issues: Updated to version 9.0 with patch level 1443, fixes the following security problems - CVE-2023-1264: Fixed NULL Pointer Dereference (bsc#1209042). - CVE-2023-1355: Fixed NULL Pointer Dereference (bsc#1209187). - CVE-2023-1127: Fixed divide by zero in scrolldown() (bsc#1208828). vim-9.0.1443-150000.5.40.1.src.rpm vim-data-common-9.0.1443-150000.5.40.1.noarch.rpm vim-small-9.0.1443-150000.5.40.1.x86_64.rpm xxd-9.0.1443-150000.5.40.1.x86_64.rpm vim-small-9.0.1443-150000.5.40.1.s390x.rpm xxd-9.0.1443-150000.5.40.1.s390x.rpm xxd-9.0.1443-150000.5.40.1.ppc64le.rpm vim-small-9.0.1443-150000.5.40.1.aarch64.rpm xxd-9.0.1443-150000.5.40.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2111 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). libncurses6-6.1-150000.5.15.1.x86_64.rpm ncurses-6.1-150000.5.15.1.src.rpm ncurses-utils-6.1-150000.5.15.1.x86_64.rpm terminfo-6.1-150000.5.15.1.x86_64.rpm terminfo-base-6.1-150000.5.15.1.x86_64.rpm libncurses6-6.1-150000.5.15.1.s390x.rpm ncurses-utils-6.1-150000.5.15.1.s390x.rpm terminfo-6.1-150000.5.15.1.s390x.rpm terminfo-base-6.1-150000.5.15.1.s390x.rpm libncurses6-6.1-150000.5.15.1.aarch64.rpm ncurses-utils-6.1-150000.5.15.1.aarch64.rpm terminfo-6.1-150000.5.15.1.aarch64.rpm terminfo-base-6.1-150000.5.15.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2131 important SUSE Updates openSUSE-Leap-Micro 5.4 This update for openssh fixes the following issues: - Remove some patches that cause invalid environment assignments (bsc#1207014). openssh-8.4p1-150300.3.18.2.src.rpm openssh-8.4p1-150300.3.18.2.x86_64.rpm openssh-clients-8.4p1-150300.3.18.2.x86_64.rpm openssh-common-8.4p1-150300.3.18.2.x86_64.rpm openssh-fips-8.4p1-150300.3.18.2.x86_64.rpm openssh-server-8.4p1-150300.3.18.2.x86_64.rpm openssh-8.4p1-150300.3.18.2.s390x.rpm openssh-clients-8.4p1-150300.3.18.2.s390x.rpm openssh-common-8.4p1-150300.3.18.2.s390x.rpm openssh-fips-8.4p1-150300.3.18.2.s390x.rpm openssh-server-8.4p1-150300.3.18.2.s390x.rpm openssh-8.4p1-150300.3.18.2.aarch64.rpm openssh-clients-8.4p1-150300.3.18.2.aarch64.rpm openssh-common-8.4p1-150300.3.18.2.aarch64.rpm openssh-fips-8.4p1-150300.3.18.2.aarch64.rpm openssh-server-8.4p1-150300.3.18.2.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2317 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for util-linux fixes the following issue: - Add upstream patch to prevent possible performance degradation of libuuid (bsc#1210164) libblkid1-2.37.2-150400.8.17.1.x86_64.rpm libfdisk1-2.37.2-150400.8.17.1.x86_64.rpm libmount1-2.37.2-150400.8.17.1.x86_64.rpm libsmartcols1-2.37.2-150400.8.17.1.x86_64.rpm libuuid1-2.37.2-150400.8.17.1.x86_64.rpm util-linux-2.37.2-150400.8.17.1.src.rpm util-linux-2.37.2-150400.8.17.1.x86_64.rpm util-linux-systemd-2.37.2-150400.8.17.1.src.rpm util-linux-systemd-2.37.2-150400.8.17.1.x86_64.rpm libblkid1-2.37.2-150400.8.17.1.s390x.rpm libfdisk1-2.37.2-150400.8.17.1.s390x.rpm libmount1-2.37.2-150400.8.17.1.s390x.rpm libsmartcols1-2.37.2-150400.8.17.1.s390x.rpm libuuid1-2.37.2-150400.8.17.1.s390x.rpm util-linux-2.37.2-150400.8.17.1.s390x.rpm util-linux-systemd-2.37.2-150400.8.17.1.s390x.rpm libblkid1-2.37.2-150400.8.17.1.aarch64.rpm libfdisk1-2.37.2-150400.8.17.1.aarch64.rpm libmount1-2.37.2-150400.8.17.1.aarch64.rpm libsmartcols1-2.37.2-150400.8.17.1.aarch64.rpm libuuid1-2.37.2-150400.8.17.1.aarch64.rpm util-linux-2.37.2-150400.8.17.1.aarch64.rpm util-linux-systemd-2.37.2-150400.8.17.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2104 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for procps fixes the following issue: - Allow - as leading character to ignore possible errors on systctl entries (bsc#1209122) libprocps7-3.3.15-150000.7.31.1.x86_64.rpm procps-3.3.15-150000.7.31.1.src.rpm procps-3.3.15-150000.7.31.1.x86_64.rpm libprocps7-3.3.15-150000.7.31.1.s390x.rpm procps-3.3.15-150000.7.31.1.s390x.rpm libprocps7-3.3.15-150000.7.31.1.aarch64.rpm procps-3.3.15-150000.7.31.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2299 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for mdadm fixes the following issues: - Fixes for mdmon to ensure it runs at the right time in the fight mount namespace, this fixes various problems with IMSM raid arrays (bsc#1205493, bsc#1205830) mdadm-4.1-150300.24.27.1.src.rpm mdadm-4.1-150300.24.27.1.x86_64.rpm mdadm-4.1-150300.24.27.1.s390x.rpm mdadm-4.1-150300.24.27.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2159 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for open-vm-tools fixes the following issues: - Update to 12.2.0 (bsc#1209128) - Build the containerinfo plugin for TW/SLES15-SP5 and newer.(jsc#PED-1344) libvmtools0-12.2.0-150300.26.1.x86_64.rpm open-vm-tools-12.2.0-150300.26.1.src.rpm open-vm-tools-12.2.0-150300.26.1.x86_64.rpm openSUSE-Leap-Micro-5.4-2023-2193 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for snapper fixes the following issues: - avoid stale btrfs qgroups on transactional systems (bsc#1210151) - wait for existing btrfs quota rescans to finish (bsc#1210150) libsnapper5-0.8.16-150300.3.3.1.x86_64.rpm snapper-0.8.16-150300.3.3.1.src.rpm snapper-0.8.16-150300.3.3.1.x86_64.rpm libsnapper5-0.8.16-150300.3.3.1.s390x.rpm snapper-0.8.16-150300.3.3.1.s390x.rpm libsnapper5-0.8.16-150300.3.3.1.aarch64.rpm snapper-0.8.16-150300.3.3.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2140 important SUSE Updates openSUSE-Leap-Micro 5.4 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-2235: A use-after-free vulnerability in the Performance Events system can be exploited to achieve local privilege escalation (bsc#1210986). - CVE-2022-2196: Fixed a regression related to KVM that allowed for speculative execution attacks (bsc#1206992). - CVE-2023-23006: Fixed NULL checking against IS_ERR in dr_domain_init_resources (bsc#1208845). - CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871). - CVE-2023-2176: A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege (bsc#1210629). - CVE-2023-0386: A flaw was found where unauthorized access to the execution of the setuid file with capabilities was found in the OverlayFS subsystem, when a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allowed a local user to escalate their privileges on the system (bsc#1209615). - CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress (bsc#1210506). - CVE-2023-1855: Fixed a use after free in xgene_hwmon_remove (bsc#1210202). - CVE-2023-30772: Fixed a race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329). - CVE-2023-2019: A flaw was found in the netdevsim device driver, more specifically within the scheduling of events. This issue results from the improper management of a reference count and may lead to a denial of service (bsc#1210454). - CVE-2023-2008: A flaw was found in the fault handler of the udmabuf device driver. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code (bsc#1210453). - CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336). - CVE-2023-1990: Fixed a use after free in ndlc_remove (bsc#1210337). The following non-security bugs were fixed: - ACPI: CPPC: Disable FIE if registers in PCC regions (bsc#1210953). - ACPI: VIOT: Initialize the correct IOMMU fwspec (git-fixes). - ACPI: resource: Add Medion S17413 to IRQ override quirk (git-fixes). - ALSA: emu10k1: do not create old pass-through playback device on Audigy (git-fixes). - ALSA: emu10k1: fix capture interrupt handler unlinking (git-fixes). - ALSA: firewire-tascam: add missing unwind goto in snd_tscm_stream_start_duplex() (git-fixes). - ALSA: hda/cirrus: Add extra 10 ms delay to allow PLL settle and lock (git-fixes). - ALSA: hda/realtek: Add quirks for Lenovo Z13/Z16 Gen2 (git-fixes). - ALSA: hda/realtek: Enable mute/micmute LEDs and speaker support for HP Laptops (git-fixes). - ALSA: hda/realtek: Remove specific patch for Dell Precision 3260 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). - ALSA: hda/realtek: fix speaker, mute/micmute LEDs not work on a HP platform (git-fixes). - ALSA: hda/sigmatel: add pin overrides for Intel DP45SG motherboard (git-fixes). - ALSA: hda/sigmatel: fix S/PDIF out on Intel D*45* motherboards (git-fixes). - ALSA: hda: cs35l41: Enable Amp High Pass Filter (git-fixes). - ALSA: hda: patch_realtek: add quirk for Asus N7601ZM (git-fixes). - ALSA: i2c/cs8427: fix iec958 mixer control deactivation (git-fixes). - ARM: 9290/1: uaccess: Fix KASAN false-positives (git-fixes). - ARM: dts: exynos: fix WM8960 clock name in Itop Elite (git-fixes). - ARM: dts: gta04: fix excess dma channel usage (git-fixes). - ARM: dts: qcom: ipq4019: Fix the PCI I/O port range (git-fixes). - ARM: dts: rockchip: fix a typo error for rk3288 spdif node (git-fixes). - ARM: dts: s5pv210: correct MIPI CSIS clock name (git-fixes). - ASN.1: Fix check for strdup() success (git-fixes). - ASoC: cs35l41: Only disable internal boost (git-fixes). - ASoC: es8316: Handle optional IRQ assignment (git-fixes). - ASoC: fsl_asrc_dma: fix potential null-ptr-deref (git-fixes). - ASoC: fsl_mqs: move of_node_put() to the correct location (git-fixes). - Bluetooth: Fix race condition in hidp_session_thread (git-fixes). - Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp} (git-fixes). - Drivers: vmbus: Check for channel allocation before looking up relids (git-fixes). - IB/mlx5: Add support for 400G_8X lane speed (git-fixes) - Input: hp_sdc_rtc - mark an unused function as __maybe_unused (git-fixes). - Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe (git-fixes). - KEYS: Add missing function documentation (git-fixes). - KEYS: Create static version of public_key_verify_signature (git-fixes). - NFS: Cleanup unused rpc_clnt variable (git-fixes). - NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL (git-fixes). - NFSD: callback request does not use correct credential for AUTH_SYS (git-fixes). - PCI/EDR: Clear Device Status after EDR error recovery (git-fixes). - PCI: dwc: Fix PORT_LINK_CONTROL update when CDM check enabled (git-fixes). - PCI: imx6: Install the fault handler only on compatible match (git-fixes). - PCI: loongson: Add more devices that need MRRS quirk (git-fixes). - PCI: loongson: Prevent LS7A MRRS increases (git-fixes). - PCI: pciehp: Fix AB-BA deadlock between reset_lock and device_lock (git-fixes). - PCI: qcom: Fix the incorrect register usage in v2.7.0 config (git-fixes). - RDMA/cma: Allow UD qp_type to join multicast only (git-fixes) - RDMA/core: Fix GID entry ref leak when create_ah fails (git-fixes) - RDMA/irdma: Add ipv4 check to irdma_find_listener() (git-fixes) - RDMA/irdma: Fix memory leak of PBLE objects (git-fixes) - RDMA/irdma: Increase iWARP CM default rexmit count (git-fixes) - Remove obsolete KMP obsoletes (bsc#1210469). - Revert "Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work" (git-fixes). - Revert "pinctrl: amd: Disable and mask interrupts on resume" (git-fixes). - USB: dwc3: fix runtime pm imbalance on probe errors (git-fixes). - USB: dwc3: fix runtime pm imbalance on unbind (git-fixes). - USB: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs (git-fixes). - USB: serial: option: add Quectel RM500U-CN modem (git-fixes). - USB: serial: option: add Telit FE990 compositions (git-fixes). - USB: serial: option: add UNISOC vendor and TOZED LT70C product (git-fixes). - amdgpu: disable powerpc support for the newer display engine (bsc#1194869). - arm64: dts: imx8mm-evk: correct pmic clock source (git-fixes). - arm64: dts: meson-g12-common: specify full DMC range (git-fixes). - arm64: dts: qcom: ipq8074-hk01: enable QMP device, not the PHY node (git-fixes). - arm64: dts: qcom: ipq8074: Fix the PCI I/O port range (git-fixes). - arm64: dts: qcom: msm8994-kitakami: drop unit address from PMI8994 regulator (git-fixes). - arm64: dts: qcom: msm8994-msft-lumia-octagon: drop unit address from PMI8994 regulator (git-fixes). - arm64: dts: qcom: msm8996: Fix the PCI I/O port range (git-fixes). - arm64: dts: qcom: msm8998: Fix stm-stimulus-base reg name (git-fixes). - arm64: dts: qcom: msm8998: Fix the PCI I/O port range (git-fixes). - arm64: dts: qcom: sc7180-trogdor-lazor: correct trackpad supply (git-fixes). - arm64: dts: qcom: sdm845: Fix the PCI I/O port range (git-fixes). - arm64: dts: qcom: sm8250: Fix the PCI I/O port range (git-fixes). - arm64: dts: renesas: r8a774c0: Remove bogus voltages from OPP table (git-fixes). - arm64: dts: renesas: r8a77990: Remove bogus voltages from OPP table (git-fixes). - arm64: dts: ti: k3-j721e-main: Remove ti,strobe-sel property (git-fixes). - bluetooth: Perform careful capability checks in hci_sock_ioctl() (git-fixes). - cgroup/cpuset: Add cpuset_can_fork() and cpuset_cancel_fork() methods - cgroup/cpuset: Make cpuset_fork() handle CLONE_INTO_CGROUP properly - cgroup/cpuset: Wake up cpuset_attach_wq tasks in cpuset_cancel_attach() (bsc#1210827). - cifs: fix negotiate context parsing (bsc#1210301). - clk: add missing of_node_put() in "assigned-clocks" property parsing (git-fixes). - clk: at91: clk-sam9x60-pll: fix return value check (git-fixes). - clk: rockchip: rk3399: allow clk_cifout to force clk_cifout_src to reparent (git-fixes). - clk: sprd: set max_register according to mapping range (git-fixes). - clocksource/drivers/davinci: Fix memory leak in davinci_timer_register when init fails (git-fixes). - cpufreq: CPPC: Fix build error without CONFIG_ACPI_CPPC_CPUFREQ_FIE (bsc#1210953). - cpufreq: CPPC: Fix performance/frequency conversion (git-fixes). - cpumask: fix incorrect cpumask scanning result checks (bsc#1210943). - crypto: caam - Clear some memory in instantiate_rng (git-fixes). - crypto: drbg - Only fail when jent is unavailable in FIPS mode (git-fixes). - crypto: sa2ul - Select CRYPTO_DES (git-fixes). - crypto: safexcel - Cleanup ring IRQ workqueues on load failure (git-fixes). - driver core: Do not require dynamic_debug for initcall_debug probe timing (git-fixes). - drivers: staging: rtl8723bs: Fix locking in _rtw_join_timeout_handler() (git-fixes). - drivers: staging: rtl8723bs: Fix locking in rtw_scan_timeout_handler() (git-fixes). - drm/amd/display/dc/dce60/Makefile: Fix previous attempt to silence known override-init warnings (git-fixes). - drm/amd/display: Fix potential null dereference (git-fixes). - drm/amdgpu: Re-enable DCN for 64-bit powerpc (bsc#1194869). - drm/armada: Fix a potential double free in an error handling path (git-fixes). - drm/bridge: adv7533: Fix adv7533_mode_valid for adv7533 and adv7535 (git-fixes). - drm/bridge: lt8912b: Fix DSI Video Mode (git-fixes). - drm/bridge: lt9611: Fix PLL being unable to lock (git-fixes). - drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var (git-fixes). - drm/i915/dsi: fix DSS CTL register offsets for TGL+ (git-fixes). - drm/i915: Fix fast wake AUX sync len (git-fixes). - drm/i915: Make intel_get_crtc_new_encoder() less oopsy (git-fixes). - drm/i915: fix race condition UAF in i915_perf_add_config_ioctl (git-fixes). - drm/lima/lima_drv: Add missing unwind goto in lima_pdev_probe() (git-fixes). - drm/msm/adreno: drop bogus pm_runtime_set_active() (git-fixes). - drm/msm/disp/dpu: check for crtc enable rather than crtc active to release shared resources (git-fixes). - drm/msm: fix NULL-deref on snapshot tear down (git-fixes). - drm/nouveau/disp: Support more modes by checking with lower bpc (git-fixes). - drm/panel: otm8009a: Set backlight parent to panel device (git-fixes). - drm/probe-helper: Cancel previous job before starting new one (git-fixes). - drm/rockchip: Drop unbalanced obj unref (git-fixes). - drm/vgem: add missing mutex_destroy (git-fixes). - drm: msm: adreno: Disable preemption on Adreno 510 (git-fixes). - drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Book X90F (git-fixes). - drm: rcar-du: Fix a NULL vs IS_ERR() bug (git-fixes). - dt-bindings: arm: fsl: Fix copy-paste error in comment (git-fixes). - dt-bindings: iio: ti,tmp117: fix documentation link (git-fixes). - dt-bindings: mailbox: qcom,apcs-kpss-global: fix SDX55 'if' match (git-fixes). - dt-bindings: nvmem: qcom,spmi-sdam: fix example 'reg' property (git-fixes). - dt-bindings: remoteproc: stm32-rproc: Typo fix (git-fixes). - dt-bindings: soc: qcom: smd-rpm: re-add missing qcom,rpm-msm8994 (git-fixes). - e1000e: Disable TSO on i219-LM card to increase speed (git-fixes). - efi: sysfb_efi: Add quirk for Lenovo Yoga Book X91F/L (git-fixes). - ext4: Fix deadlock during directory rename (bsc#1210763). - ext4: Fix possible corruption when moving a directory (bsc#1210763). - ext4: fix RENAME_WHITEOUT handling for inline directories (bsc#1210766). - ext4: fix another off-by-one fsmap error on 1k block filesystems (bsc#1210767). - ext4: fix bad checksum after online resize (bsc#1210762 bsc#1208076). - ext4: fix cgroup writeback accounting with fs-layer encryption (bsc#1210765). - ext4: fix corruption when online resizing a 1K bigalloc fs (bsc#1206891). - ext4: fix incorrect options show of original mount_opt and extend mount_opt2 (bsc#1210764). - ext4: fix possible double unlock when moving a directory (bsc#1210763). - ext4: use ext4_journal_start/stop for fast commit transactions (bsc#1210793). - fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace (git-fixes). - firmware: qcom_scm: Clear download bit during reboot (git-fixes). - firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe (git-fixes). - fpga: bridge: fix kernel-doc parameter description (git-fixes). - hwmon: (adt7475) Use device_property APIs when configuring polarity (git-fixes). - hwmon: (k10temp) Check range scale when CUR_TEMP register is read-write (git-fixes). - hwmon: (pmbus/fsp-3y) Fix functionality bitmask in FSP-3Y YM-2151E (git-fixes). - i2c: cadence: cdns_i2c_master_xfer(): Fix runtime PM leak on error path (git-fixes). - i2c: hisi: Avoid redundant interrupts (git-fixes). - i2c: imx-lpi2c: clean rx/tx buffers upon new message (git-fixes). - i2c: ocores: generate stop condition after timeout in polling mode (git-fixes). - i915/perf: Replace DRM_DEBUG with driver specific drm_dbg call (git-fixes). - ice: avoid bonding causing auxiliary plug/unplug under RTNL lock (bsc#1210158). - iio: adc: at91-sama5d2_adc: fix an error code in at91_adc_allocate_trigger() (git-fixes). - iio: light: tsl2772: fix reading proximity-diodes from device tree (git-fixes). - ipmi: fix SSIF not responding under certain cond (git-fixes). - ipmi:ssif: Add send_retries increment (git-fixes). - k-m-s: Drop Linux 2.6 support - kABI: PCI: loongson: Prevent LS7A MRRS increases (kabi). - kABI: x86/msi: Fix msi message data shadow struct (kabi). - kabi/severities: ignore KABI for NVMe target (bsc#1174777). - keys: Fix linking a duplicate key to a keyring's assoc_array (bsc#1207088). - locking/rwbase: Mitigate indefinite writer starvation. - media: av7110: prevent underflow in write_ts_to_decoder() (git-fixes). - media: dm1105: Fix use after free bug in dm1105_remove due to race condition (git-fixes). - media: max9286: Free control handler (git-fixes). - media: rc: gpio-ir-recv: Fix support for wake-up (git-fixes). - media: rkvdec: fix use after free bug in rkvdec_remove (git-fixes). - media: saa7134: fix use after free bug in saa7134_finidev due to race condition (git-fixes). - media: venus: dec: Fix handling of the start cmd (git-fixes). - memstick: fix memory leak if card device is never registered (git-fixes). - mm/filemap: fix page end in filemap_get_read_batch (bsc#1210768). - mm: page_alloc: skip regions with hugetlbfs pages when allocating 1G pages (bsc#1210034). - mm: take a page reference when removing device exclusive entries (bsc#1211025). - mmc: sdhci-of-esdhc: fix quirk to ignore command inhibit for data (git-fixes). - mmc: sdhci_am654: Set HIGH_SPEED_ENA for SDR12 and SDR25 (git-fixes). - mtd: core: fix error path for nvmem provider (git-fixes). - mtd: core: fix nvmem error reporting (git-fixes). - mtd: core: provide unique name for nvmem device, take two (git-fixes). - mtd: spi-nor: Fix a trivial typo (git-fixes). - net: phy: nxp-c45-tja11xx: add remove callback (git-fixes). - net: phy: nxp-c45-tja11xx: fix unsigned long multiplication overflow (git-fixes). - nfsd: call op_release, even when op_func returns an error (git-fixes). - nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread() (git-fixes). - nilfs2: initialize unused bytes in segment summary blocks (git-fixes). - nvme initialize core quirks before calling nvme_init_subsystem (git-fixes). - nvme-auth: uninitialized variable in nvme_auth_transform_key() (git-fixes). - nvme-fcloop: fix "inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage" (git-fixes). - nvme-hwmon: consistently ignore errors from nvme_hwmon_init (git-fixes). - nvme-hwmon: kmalloc the NVME SMART log buffer (git-fixes). - nvme-multipath: fix possible hang in live ns resize with ANA access (git-fixes). - nvme-pci: fix doorbell buffer value endianness (git-fixes). - nvme-pci: fix mempool alloc size (git-fixes). - nvme-pci: fix page size checks (git-fixes). - nvme-pci: fix timeout request state check (git-fixes). - nvme-rdma: fix possible hang caused during ctrl deletion (git-fixes). - nvme-tcp: fix possible circular locking when deleting a controller under memory pressure (git-fixes). - nvme-tcp: fix possible hang caused during ctrl deletion (git-fixes). - nvme-tcp: fix regression that causes sporadic requests to time out (git-fixes). - nvme: Fix IOC_PR_CLEAR and IOC_PR_RELEASE ioctls for nvme devices (git-fixes). - nvme: add device name to warning in uuid_show() (git-fixes). - nvme: catch -ENODEV from nvme_revalidate_zones again (git-fixes). - nvme: copy firmware_rev on each init (git-fixes). - nvme: define compat_ioctl again to unbreak 32-bit userspace (git-fixes). - nvme: fix async event trace event (git-fixes). - nvme: fix handling single range discard request (git-fixes). - nvme: fix per-namespace chardev deletion (git-fixes). - nvme: fix the NVME_CMD_EFFECTS_CSE_MASK definition (git-fixes). - nvme: fix the read-only state for zoned namespaces with unsupposed features (git-fixes). - nvme: improve the NVME_CONNECT_AUTHREQ* definitions (git-fixes). - nvme: move nvme_multi_css into nvme.h (git-fixes). - nvme: return err on nvme_init_non_mdts_limits fail (git-fixes). - nvme: send Identify with CNS 06h only to I/O controllers (bsc#1209693). - nvme: set dma alignment to dword (git-fixes). - nvme: use command_id instead of req->tag in trace_nvme_complete_rq() (git-fixes). - nvmet-auth: do not try to cancel a non-initialized work_struct (git-fixes). - nvmet-tcp: fix incomplete data digest send (git-fixes). - nvmet-tcp: fix regression in data_digest calculation (git-fixes). - nvmet: add helpers to set the result field for connect commands (git-fixes). - nvmet: avoid potential UAF in nvmet_req_complete() (git-fixes). - nvmet: do not defer passthrough commands with trivial effects to the workqueue (git-fixes). - nvmet: fix I/O Command Set specific Identify Controller (git-fixes). - nvmet: fix Identify Active Namespace ID list handling (git-fixes). - nvmet: fix Identify Controller handling (git-fixes). - nvmet: fix Identify Namespace handling (git-fixes). - nvmet: fix a memory leak (git-fixes). - nvmet: fix a memory leak in nvmet_auth_set_key (git-fixes). - nvmet: fix a use-after-free (git-fixes). - nvmet: fix invalid memory reference in nvmet_subsys_attr_qid_max_show (git-fixes). - nvmet: force reconnect when number of queue changes (git-fixes). - nvmet: looks at the passthrough controller when initializing CAP (git-fixes). - nvmet: only allocate a single slab for bvecs (git-fixes). - nvmet: use IOCB_NOWAIT only if the filesystem supports it (git-fixes). - perf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output (git fixes). - perf/core: Fix the same task check in perf_event_set_output (git fixes). - perf: Fix check before add_event_to_groups() in perf_group_detach() (git fixes). - perf: fix perf_event_context->time (git fixes). - platform/x86 (gigabyte-wmi): Add support for A320M-S2H V2 (git-fixes). - platform/x86: gigabyte-wmi: add support for X570S AORUS ELITE (git-fixes). - power: supply: cros_usbpd: reclassify "default case!" as debug (git-fixes). - power: supply: generic-adc-battery: fix unit scaling (git-fixes). - powerpc/64: Always build with 128-bit long double (bsc#1194869). - powerpc/64e: Fix amdgpu build on Book3E w/o AltiVec (bsc#1194869). - powerpc/hv-gpci: Fix hv_gpci event list (git fixes). - powerpc/papr_scm: Update the NUMA distance table for the target node (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes). - powerpc/perf/hv-24x7: add missing RTAS retry status handling (git fixes). - powerpc/pseries: Consolidate different NUMA distance update code paths (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes). - powerpc: declare unmodified attribute_group usages const (git-fixes). - regulator: core: Avoid lockdep reports when resolving supplies (git-fixes). - regulator: core: Consistently set mutex_owner when using ww_mutex_lock_slow() (git-fixes). - regulator: core: Shorten off-on-delay-us for always-on/boot-on by time since booted (git-fixes). - regulator: fan53555: Explicitly include bits header (git-fixes). - regulator: fan53555: Fix wrong TCS_SLEW_MASK (git-fixes). - regulator: stm32-pwr: fix of_iomap leak (git-fixes). - remoteproc: Harden rproc_handle_vdev() against integer overflow (git-fixes). - remoteproc: imx_rproc: Call of_node_put() on iteration error (git-fixes). - remoteproc: st: Call of_node_put() on iteration error (git-fixes). - remoteproc: stm32: Call of_node_put() on iteration error (git-fixes). - rtc: meson-vrtc: Use ktime_get_real_ts64() to get the current time (git-fixes). - rtc: omap: include header for omap_rtc_power_off_program prototype (git-fixes). - sched/fair: Fix imbalance overflow (bsc#1155798). - sched/fair: Limit sched slice duration (bsc#1189999). - sched/fair: Move calculate of avg_load to a better location (bsc#1155798). - sched/fair: Sanitize vruntime of entity being migrated (bsc#1203325). - sched/fair: sanitize vruntime of entity being placed (bsc#1203325). - sched/numa: Stop an exhastive search if an idle core is found (bsc#1189999). - sched_getaffinity: do not assume 'cpumask_size()' is fully initialized (bsc#1155798). - scsi: aic94xx: Add missing check for dma_map_single() (git-fixes). - scsi: core: Add BLIST_NO_VPD_SIZE for some VDASD (git-fixes bsc#1203039). - scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR (git-fixes). - scsi: core: Fix a procfs host directory removal regression (git-fixes). - scsi: core: Fix a source code comment (git-fixes). - scsi: core: Remove the /proc/scsi/${proc_name} directory earlier (git-fixes). - scsi: hisi_sas: Check devm_add_action() return value (git-fixes). - scsi: hisi_sas: Set a port invalid only if there are no devices attached when refreshing port id (git-fixes). - scsi: ipr: Work around fortify-string warning (git-fixes). - scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param() (git-fixes). - scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress (git-fixes). - scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress (git-fixes). - scsi: kABI workaround for fc_host_fpin_rcv (git-fixes). - scsi: libsas: Remove useless dev_list delete in sas_ex_discover_end_dev() (git-fixes). - scsi: lpfc: Avoid usage of list iterator variable after loop (git-fixes). - scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read() (git-fixes). - scsi: lpfc: Copyright updates for 14.2.0.11 patches (bsc#1210943). - scsi: lpfc: Correct used_rpi count when devloss tmo fires with no recovery (bsc#1210943). - scsi: lpfc: Defer issuing new PLOGI if received RSCN before completing REG_LOGIN (bsc#1210943). - scsi: lpfc: Drop redundant pci_enable_pcie_error_reporting() (bsc#1210943). - scsi: lpfc: Fix double word in comments (bsc#1210943). - scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup() (bsc#1210943). - scsi: lpfc: Fix lockdep warning for rx_monitor lock when unloading driver (bsc#1210943). - scsi: lpfc: Prevent lpfc_debugfs_lockstat_write() buffer overflow (bsc#1210943). - scsi: lpfc: Record LOGO state with discovery engine even if aborted (bsc#1210943). - scsi: lpfc: Reorder freeing of various DMA buffers and their list removal (bsc#1210943). - scsi: lpfc: Revise lpfc_error_lost_link() reason code evaluation logic (bsc#1210943). - scsi: lpfc: Silence an incorrect device output (bsc#1210943). - scsi: lpfc: Skip waiting for register ready bits when in unrecoverable state (bsc#1210943). - scsi: lpfc: Update lpfc version to 14.2.0.11 (bsc#1210943). - scsi: megaraid_sas: Fix crash after a double completion (git-fixes). - scsi: megaraid_sas: Update max supported LD IDs to 240 (git-fixes). - scsi: mpt3sas: Do not print sense pool info twice (git-fixes). - scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add() (git-fixes). - scsi: mpt3sas: Fix a memory leak (git-fixes). - scsi: qla2xxx: Fix memory leak in qla2x00_probe_one() (git-fixes). - scsi: qla2xxx: Perform lockless command completion in abort path (git-fixes). - scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate() (git-fixes). - scsi: scsi_transport_fc: Add an additional flag to fc_host_fpin_rcv() (bsc#1210943). - scsi: sd: Fix wrong zone_write_granularity value during revalidate (git-fixes). - scsi: ses: Do not attach if enclosure has no components (git-fixes). - scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses (git-fixes). - scsi: ses: Fix possible desc_ptr out-of-bounds accesses (git-fixes). - scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process() (git-fixes). - scsi: ses: Fix slab-out-of-bounds in ses_intf_remove() (git-fixes). - scsi: snic: Fix memory leak with using debugfs_lookup() (git-fixes). - seccomp: Move copy_seccomp() to no failure path (bsc#1210817). - selftests/kselftest/runner/run_one(): allow running non-executable files (git-fixes). - selftests: sigaltstack: fix -Wuninitialized (git-fixes). - selinux: ensure av_permissions.h is built when needed (git-fixes). - selinux: fix Makefile dependencies of flask.h (git-fixes). - serial: 8250: Add missing wakeup event reporting (git-fixes). - serial: 8250_bcm7271: Fix arbitration handling (git-fixes). - serial: 8250_exar: derive nr_ports from PCI ID for Acces I/O cards (git-fixes). - serial: exar: Add support for Sealevel 7xxxC serial cards (git-fixes). - signal handling: do not use BUG_ON() for debugging (bsc#1210439). - signal: Add SA_IMMUTABLE to ensure forced siganls do not get changed (bsc#1210816). - signal: Do not always set SA_IMMUTABLE for forced signals (bsc#1210816). - signal: HANDLER_EXIT should clear SIGNAL_UNKILLABLE (bsc#1210816). - soc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe (git-fixes). - spi: cadence-quadspi: fix suspend-resume implementations (git-fixes). - spi: fsl-spi: Fix CPM/QE mode Litte Endian (git-fixes). - spi: qup: Do not skip cleanup in remove's error path (git-fixes). - staging: iio: resolver: ads1210: fix config mode (git-fixes). - staging: rtl8192e: Fix W_DISABLE# does not work after stop/start (git-fixes). - stat: fix inconsistency between struct stat and struct compat_stat (git-fixes). - sunrpc: only free unix grouplist after RCU settles (git-fixes). - tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH (git-fixes). - tty: serial: fsl_lpuart: adjust buffer length to the intended size (git-fixes). - udf: Check consistency of Space Bitmap Descriptor (bsc#1210771). - udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (bsc#1206649). - udf: Support splicing to file (bsc#1210770). - usb: chipidea: fix missing goto in `ci_hdrc_probe` (git-fixes). - usb: chipidea: imx: avoid unnecessary probe defer (git-fixes). - usb: dwc3: gadget: Change condition for processing suspend event (git-fixes). - usb: dwc3: pci: add support for the Intel Meteor Lake-S (git-fixes). - usb: gadget: tegra-xudc: Fix crash in vbus_draw (git-fixes). - usb: gadget: udc: renesas_usb3: Fix use after free bug in renesas_usb3_remove due to race condition (git-fixes). - usb: host: xhci-rcar: remove leftover quirk handling (git-fixes). - virt/coco/sev-guest: Add throttling awareness (bsc#1209927). - virt/coco/sev-guest: Carve out the request issuing logic into a helper (bsc#1209927). - virt/coco/sev-guest: Check SEV_SNP attribute at probe time (bsc#1209927). - virt/coco/sev-guest: Convert the sw_exit_info_2 checking to a switch-case (bsc#1209927). - virt/coco/sev-guest: Do some code style cleanups (bsc#1209927). - virt/coco/sev-guest: Remove the disable_vmpck label in handle_guest_request() (bsc#1209927). - virt/coco/sev-guest: Simplify extended guest request handling (bsc#1209927). - virt/sev-guest: Return -EIO if certificate buffer is not large enough (bsc#1209927). - virtio_ring: do not update event idx on get_buf (git-fixes). - vmci_host: fix a race condition in vmci_host_poll() causing GPF (git-fixes). - vmxnet3: use gro callback when UPT is enabled (bsc#1209739). - wifi: ath5k: fix an off by one check in ath5k_eeprom_read_freq_list() (git-fixes). - wifi: ath6kl: minor fix for allocation size (git-fixes). - wifi: ath6kl: reduce WARN to dev_dbg() in callback (git-fixes). - wifi: ath9k: hif_usb: fix memory leak of remain_skbs (git-fixes). - wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (git-fixes). - wifi: brcmfmac: support CQM RSSI notification with older firmware (git-fixes). - wifi: iwlwifi: debug: fix crash in __iwl_err() (git-fixes). - wifi: iwlwifi: fix duplicate entry in iwl_dev_info_table (git-fixes). - wifi: iwlwifi: fw: fix memory leak in debugfs (git-fixes). - wifi: iwlwifi: fw: move memset before early return (git-fixes). - wifi: iwlwifi: make the loop for card preparation effective (git-fixes). - wifi: iwlwifi: mvm: check firmware response size (git-fixes). - wifi: iwlwifi: mvm: do not set CHECKSUM_COMPLETE for unsupported protocols (git-fixes). - wifi: iwlwifi: mvm: fix mvmtxq->stopped handling (git-fixes). - wifi: iwlwifi: mvm: initialize seq variable (git-fixes). - wifi: iwlwifi: trans: do not trigger d3 interrupt twice (git-fixes). - wifi: iwlwifi: yoyo: Fix possible division by zero (git-fixes). - wifi: iwlwifi: yoyo: skip dump correctly on hw error (git-fixes). - wifi: mac80211: adjust scan cancel comment/check (git-fixes). - wifi: mt76: add missing locking to protect against concurrent rx/status calls (git-fixes). - wifi: mt76: fix 6GHz high channel not be scanned (git-fixes). - wifi: mt76: handle failure of vzalloc in mt7615_coredump_work (git-fixes). - wifi: mwifiex: mark OF related data as maybe unused (git-fixes). - wifi: rt2x00: Fix memory leak when handling surveys (git-fixes). - wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_reg() (git-fixes). - wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_rfreg() (git-fixes). - wifi: rtw88: mac: Return the original error from rtw_mac_power_switch() (git-fixes). - wifi: rtw88: mac: Return the original error from rtw_pwr_seq_parser() (git-fixes). - wifi: rtw89: fix potential race condition between napi_init and napi_enable (git-fixes). - writeback, cgroup: fix null-ptr-deref write in bdi_split_work_to_wbs (bsc#1210769). - x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails (git-fixes). - x86/PCI: Add quirk for AMD XHCI controller that loses MSI-X state in D3hot (git-fixes). - x86/bug: Prevent shadowing in __WARN_FLAGS (git-fixes). - x86/bugs: Enable STIBP for IBPB mitigated RETBleed (git-fixes). - x86/entry: Avoid very early RET (git-fixes). - x86/entry: Do not call error_entry() for XENPV (git-fixes). - x86/entry: Move CLD to the start of the idtentry macro (git-fixes). - x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry() (git-fixes). - x86/entry: Switch the stack after error_entry() returns (git-fixes). - x86/fpu: Prevent FPU state corruption (git-fixes). - x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume (git-fixes). - x86/msi: Fix msi message data shadow struct (git-fixes). - x86/pci/xen: Disable PCI/MSI masking for XEN_HVM guests (git-fixes). - x86/traps: Use pt_regs directly in fixup_bad_iret() (git-fixes). - x86/tsx: Disable TSX development mode at boot (git-fixes). - x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 (git-fixes). - xhci: fix debugfs register accesses while suspended (git-fixes). kernel-default-base changed: - Do not ship on s390x (bsc#1210729) - Add exfat (bsc#1208822) - Add _diag modules for included socket types (bsc#1204042) kernel-default-5.14.21-150400.24.63.1.nosrc.rpm True kernel-default-5.14.21-150400.24.63.1.x86_64.rpm True kernel-default-base-5.14.21-150400.24.63.1.150400.24.27.1.src.rpm True kernel-default-base-5.14.21-150400.24.63.1.150400.24.27.1.x86_64.rpm True kernel-default-5.14.21-150400.24.63.1.s390x.rpm True kernel-default-5.14.21-150400.24.63.1.aarch64.rpm True kernel-default-base-5.14.21-150400.24.63.1.150400.24.27.1.aarch64.rpm True openSUSE-Leap-Micro-5.4-2023-2118 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for haproxy fixes the following issues: Update to version 2.4.22. (jsc#PED-3821): * BUG/CRITICAL: http: properly reject empty http header field names * CI: github: don't warn on deprecated openssl functions on windows * BUG/MEDIUM: stconn: Schedule a shutw on shutr if data must be sent first * DOC: proxy-protocol: fix wrong byte in provided example * DOC: config: 'http-send-name-header' option may be used in default section * DOC: config: fix option spop-check proxy compatibility * BUG/MEDIUM: cache: use the correct time reference when comparing dates * BUG/MEDIUM: stick-table: do not leave entries in end of window during purge * BUG/MINOR: ssl/crt-list: warn when a line is malformated * BUG/MEDIUM: ssl: wrong eviction from the session cache tree * BUG/MINOR: fcgi-app: prevent 'use-fcgi-app' in default section * BUG/MINOR: sink: free the forwarding task on exit * BUILD: hpack: include global.h for the trash that is needed in debug mode * BUG/MINOR: mux-h2: add missing traces on failed headers decoding * BUG/MINOR: listener: close tiny race between resume_listener() and stopping * DOC: config: fix "Address formats" chapter syntax * BUG/MINOR: mux-fcgi: Correctly set pathinfo * DOC: config: fix aliases for protocol prefixes "udp4@" and "udp6@" * DOC: config: fix wrong section number for "protocol prefixes" * BUG/MINOR: listeners: fix suspend/resume of inherited FDs * BUG/MINOR: http-ana: make set-status also update txn->status * BUG/MINOR: http-fetch: Don't block HTTP sample fetch eval in HTTP_MSG_ERROR state * BUG/MINOR: http-ana: Report SF_FINST_R flag on error waiting the request body * BUG/MINOR: promex: Don't forget to consume the request on error * BUG/MINOR: resolvers: Wait the resolution execution for a do_resolv action * BUG/MINOR: h1-htx: Remove flags about protocol upgrade on non-101 responses * CLEANUP: htx: fix a typo in an error message of http_str_to_htx * BUG/MINOR: http: Memory leak of http redirect rules' format string * REGTEST: fix the race conditions in hmac.vtc * REGTEST: fix the race conditions in digest.vtc * REGTEST: fix the race conditions in json_query.vtc * BUG/MAJOR: buf: Fix copy of wrapping output data when a buffer is realigned * BUG/MINOR: http-fetch: Only fill txn status during prefetch if not already set * BUILD: makefile: sort the features list * BUILD: makefile: build the features list dynamically * BUG/MINOR: pool/stats: Use ullong to report total pool usage in bytes in stats * BUG/MEDIUM: mux-h2: Refuse interim responses with end-stream flag set * BUG/MINOR: ssl: Fix memory leak of find_chain in ssl_sock_load_cert_chain * LICENSE: wurfl: clarify the dummy library license. * BUG/MEDIUM: resolvers: Use tick_first() to update the resolvers task timeout * REGTESTS: startup: check maxconn computation * REGTESTS: fix the race conditions in iff.vtc * BUG/MAJOR: fcgi: Fix uninitialized reserved bytes * DOC: promex: Add missing backend metrics * MINOR: promex: introduce haproxy_backend_agg_check_status * BUG/MINOR: promex: create haproxy_backend_agg_server_status * BUG/MEDIUM: mworker: fix segv in early failure of mworker mode with peers * BUG/MINOR: ssl: Fix potential overflow * BUG/MEDIUM: ssl: Verify error codes can exceed 63 * BUG/MINOR: resolvers: Don't wait periodic resolution on healthcheck failure * BUILD: peers: peers-t.h depends on stick-table-t.h * CI: github: change "ubuntu-latest" to "ubuntu-20.04" * BUG/MEDIIM: stconn: Flush output data before forwarding close to write side * BUG/MINOR: http-htx: Don't consider an URI as normalized after a set-uri action * [RELEASE] Released version 2.4.20 * Revert "CI: determine actual OpenSSL version dynamically" * Revert "CI: switch to the "latest" LibreSSL" * SCRIPTS: announce-release: add a link to the data plane API * DOC: config: clarify the -m dir and -m dom pattern matching methods * DOC: config: clarify the fact that "retries" is not just for connections * DOC: config: explain how default matching method for ACL works * DOC: config: mention that a single monitor-uri rule is supported * DOC: config: clarify the fact that SNI should not be used in HTTP scenarios * DOC: config: provide some configuration hints for "http-reuse" * Revert "BUG/MINOR: http-htx: Don't consider an URI as normalized after a set-uri action" * BUG/MINOR: mux-h1: Fix handling of 408-Request-Time-Out * BUILD: http-htx: Silent build error about a possible NULL start-line * BUG/MINOR: http-htx: Don't consider an URI as normalized after a set-uri action * BUG/MINOR: log: fix parse_log_message rfc5424 size check * BUG/MINOR: cfgparse-listen: fix ebpt_next_dup pointer dereference on proxy "from" inheritance * BUILD: listener: fix build warning on global_listener_rwlock without threads * BUG/MINOR: server/idle: at least use atomic stores when updating max_used_conns * BUILD: peers: Remove unused variables * BUG/MEDIUM: peers: messages about unkown tables not correctly ignored * BUG/MINOR: ssl: don't initialize the keylog callback when not required * BUG/MINOR: http_ana/txn: don't re-initialize txn and req var lists * BUG/MEDIUM: listener: Fix race condition when updating the global mngmt task * BUG/MINOR: pool/cli: use ullong to report total pool usage in bytes * BUG/MEDIUM: ring: fix creation of server in uninitialized ring * DOC: config: fix alphabetical ordering of global section * REG-TESTS: cache: Remove T-E header for 304-Not-Modified responses * BUG/MINOR: mux-h1: Do not send a last null chunk on body-less answers * BUG/MEDIUM: mux-fcgi: Avoid value length overflow when it doesn't fit at once * BUG/MINOR: mux-fcgi: Be sure to send empty STDING record in case of zero-copy * BUG/MINOR: resolvers: Set port before IP address when processing SRV records * BUG/MINOR: http-htx: Fix error handling during parsing http replies * BUG/MEDIUM: wdt/clock: properly handle early task hangs * CI: emit the compiler's version in the build reports * CI: switch to the "latest" LibreSSL * BUG/MINOR: ssl: ocsp structure not freed properly in case of error * BUG/MINOR: ssl: Memory leak of AUTHORITY_KEYID struct when loading issuer * CI: add monthly gcc cross compile jobs * BUG/MINOR: log: fixing bug in tcp syslog_io_handler Octet-Counting * BUG/MEDIUM: stick-table: fix a race condition when updating the expiration task * BUG/MAJOR: stick-table: don't process store-response rules for applets * DOC: management: add forgotten "show startup-logs" * BUG/MINOR: stick-table: Use server_id instead of std_t_sint in process_store_rules() * CI: SSL: temporarily stick to LibreSSL=3.5.3 * CI: SSL: use proper version generating when "latest" semantic is used * BUG/MINOR: sink: Set default connect/server timeout for implicit ring buffers * BUG/MINOR: sink: Only use backend capability for the sink proxies * BUG/MEDIUM: compression: handle rewrite errors when updating response headers * BUG/MINOR: ring: Properly parse connect timeout * BUG/MINOR: log: Preserve message facility when the log target is a ring buffer * CI: Replace the deprecated `::set-output` command by writing to $GITHUB_OUTPUT in workflow definition * CI: Replace the deprecated `::set-output` command by writing to $GITHUB_OUTPUT in matrix.py * BUG/MINOR: server: make sure "show servers state" hides private bits * BUG/MAJOR: stick-tables: do not try to index a server name for applets * DOC: configuration: missing 'if' in tcp-request content example * BUG/MINOR: backend: only enforce turn-around state when not redispatching * BUG/MINOR: smtpchk: SMTP Service check should gracefully close SMTP transaction * MINOR: smtpchk: Update expect rule to fully match replies to EHLO commands * BUG/MINOR: mux-h1: Account consumed output data on synchronous connection error * BUILD: http_fetch: silence an uninitiialized warning with gcc-4/5/6 at -Os * BUG/MINOR: http-fetch: Update method after a prefetch in smp_fetch_meth() * BUILD: h1: silence an initiialized warning with gcc-4.7 and -Os * BUG/MEDIUM: lua: handle stick table implicit arguments right. * BUG/MEDIUM: lua: Don't crash in hlua_lua2arg_check on failure * DOC: config: Fix pgsql-check documentation to make user param mandatory * BUG/MINOR: checks: update pgsql regex on auth packet * [RELEASE] Released version 2.4.19 * BUG/MEDIUM: resolvers: Remove aborted resolutions from query_ids tree * REGTESTS: 4be_1srv_smtpchk_httpchk_layer47errors: Return valid SMTP replies * BUG/MINOR: log: improper behavior when escaping log data * SCRIPTS: announce-release: update some URLs to https * BUILD: fd: fix a build warning on the DWCAS * BUG/MEDIUM: captures: free() an error capture out of the proxy lock * DOC: fix TOC in starter guide for subsection 3.3.8. Statistics * REGTESTS: ssl/log: test the log-forward with SSL * BUG/MEDIUM: sink: bad init sequence on tcp sink from a ring. * REGTESTS: log: test the log-forward feature * REGTESTS: healthcheckmail: Relax matching on the healthcheck log message * BUG/MINOR: stats: fixing stat shows disabled frontend status as 'OPEN' * MINOR: listener: small API change * BUG/MEDIUM: proxy: ensure pause_proxy() and resume_proxy() own PROXY_LOCK * CI: cirrus-ci: bump FreeBSD image to 13-1 * BUG/MINOR: signals/poller: ensure wakeup from signals * BUG/MINOR: signals/poller: set the poller timeout to 0 when there are signals * BUG/MINOR: task: always reset a new tasklet's call date * BUG/MINOR: h1: Support headers case adjustment for TCP proxies * BUILD: makefile: enable crypt(3) for NetBSD * BUG/MINOR: regex: Properly handle PCRE2 lib compiled without JIT support * BUG/MINOR: mux-fcgi: fix the "show fd" dest buffer for the subscriber * BUG/MINOR: mux-h1: fix the "show fd" dest buffer for the subscriber * BUG/MINOR: mux-h2: fix the "show fd" dest buffer for the subscriber * BUG/MEDIUM: mux-h1: always use RST to kill idle connections in pools * REGTESTS: http_request_buffer: Add a barrier to not mix up log messages * BUG/MEDIUM: mux-h1: do not refrain from signaling errors after end of input * BUG/MINOR: tcpcheck: Disable QUICKACK for default tcp-check (with no rule) * BUG/MINOR: hlua: Rely on CF_EOI to detect end of message in HTTP applets * BUG/MEDIUM: peers: Don't start resync on reload if local peer is not up-to-date * BUG/MEDIUM: peers: Don't use resync timer when local resync is in progress * BUG/MEDIUM: peers: Add connect and server timeut to peers proxy * BUG/MEDIUM: spoe: Properly update streams waiting for a ACK in async mode * DOC: configuration: do-resolve doesn't work with a port in the string * REGTESTS: Fix prometheus script to perform HTTP health-checks * BUG/MINOR: tcpcheck: Disable QUICKACK only if data should be sent after connect * BUG/MINOR: resolvers: return the correct value in resolvers_finalize_config() * BUG/MAJOR: mworker: fix infinite loop on master with no proxies. * BUG/MAJOR: log-forward: Fix log-forward proxies not fully initialized * BUG/MEDIUM: mux-h2: do not fiddle with ->dsi to indicate demux is idle * BUG/MEDIUM: http-ana: fix crash or wrong header deletion by http-restrict-req-hdr-names * BUILD: http: silence an uninitialized warning affecting gcc-5 * BUG/MEDIUM: ring: fix too lax 'size' parser * BUILD: debug: silence warning on gcc-5 * BUG/MEDIUM: task: relax one thread consistency check in task_unlink_wq() * BUG/MEDIUM: poller: use fd_delete() to release the poller pipes * BUILD: cfgparse: always defined _GNU_SOURCE for sched.h and crypt.h * BUG/MINOR: sink: fix a race condition between the writer and the reader * BUG/MINOR: ring/cli: fix a race condition between the writer and the reader * BUG/MEDIUM: proxy: Perform a custom copy for default server settings * REORG: server: Export srv_settings_cpy() function * MINOR: server: Constify source server to copy its settings * BUG/MEDIUM: dns: Properly initialize new DNS session * BUG/MINOR: peers: Use right channel flag to consider the peer as connected * BUG/MEDIUM: peers: limit reconnect attempts of the old process on reload * MINOR: peers: Use a dedicated reconnect timeout when stopping the local peer * BUG/MEDIUM: pattern: only visit equivalent nodes when skipping versions * MINOR: ebtree: add ebmb_lookup_shorter() to pursue lookups * MINOR: http-htx: Use new HTTP functions for the scheme based normalization * BUG/MEDIUM: h1: Improve authority validation for CONNCET request * MINOR: http: Add function to detect default port * MINOR: http: Add function to get port part of a host * BUG/MEDIUM: mworker: use default maxconn in wait mode * [RELEASE] Released version 2.4.18 * BUG/MINOR: sockpair: wrong return value for fd_send_uxst() * BUG/MINOR: backend: Fallback on RR algo if balance on source is impossible * BUILD: add detection for unsupported compiler models * BUG/MEDIUM: mworker: proc_self incorrectly set crashes upon reload * REGTESTS: Fix some scripts to be compatible with 2.4 and prior * BUG/MINOR: tools: fix statistical_prng_range()'s output range * BUG/MEDIUM: tools: avoid calling dlsym() in static builds (try 2) * BUILD: makefile: Fix install(1) handling for OpenBSD/NetBSD/Solaris/AIX * BUG/MEDIUM: tools: avoid calling dlsym() in static builds * MEDIUM: mworker: set the iocb of the socketpair without using fd_insert() * BUG/MEDIUM: mux-h1: Handle connection error after a synchronous send * BUG/MEDIUM: http-ana: Don't wait to have an empty buf to switch in TUNNEL state * BUG/MINOR: mux-h1: Be sure to commit htx changes in the demux buffer * REGTEESTS: filters: Fix CONNECT request in random-forwarding script * BUG/MEDIUM: http-fetch: Don't fetch the method if there is no stream * BUG/MINOR: http-htx: Fix scheme based normalization for URIs wih userinfo * BUG/MINOR: peers: fix possible NULL dereferences at config parsing * BUG/MINOR: http-act: Properly generate 103 responses when several rules are used * BUG/MINOR: http-check: Preserve headers if not redefined by an implicit rule * BUG/MINOR: peers/config: always fill the bind_conf's argument * MINOR: fd: Add BUG_ON checks on fd_insert() * CI: re-enable gcc asan builds * BUILD: Makefile: Add Lua 5.4 autodetect * BUG/MEDIUM: ssl/fd: unexpected fd close using async engine * MINOR: fd: add a new FD_DISOWN flag to prevent from closing a deleted FD * BUG/MINOR: http-fetch: Use integer value when possible in "method" sample fetch * BUG/MINOR: http-ana: Set method to HTTP_METH_OTHER when an HTTP txn is created * BUG/MINOR: ssl: Do not look for key in extra files if already in pem * MEDIUM: mux-h2: try to coalesce outgoing WINDOW_UPDATE frames * BUG/MEDIUM: ssl/cli: crash when crt inserted into a crt-list * BUG/MINOR: tcp-rules: Make action call final on read error and delay expiration * BUG/MINOR: cli/stats: add missing trailing LF after "show info json" * BUG/MINOR: server: do not enable DNS resolution on disabled proxies * BUG/MINOR: cli/stats: add missing trailing LF after JSON outputs * REGTESTS: healthcheckmail: Relax health-check failure condition * REGTESTS: healthcheckmail: Update the test to be functionnal again * BUG/MINOR: checks: Properly handle email alerts in trace messages * BUG/MINOR: trace: Test server existence for health-checks to get proxy * BUG/MEDIUM: mailers: Set the object type for check attached to an email alert * BUILD: compiler: implement unreachable for older compilers too * REGTESTS: restrict_req_hdr_names: Extend supported versions * REGTESTS: http_abortonclose: Extend supported versions * BUG/MINOR: ssl_ckch: Fix possible uninitialized value in show_cert I/O handler * BUG/MINOR: ssl_ckch: Dump cert transaction only once if show command yield * REGTESTS: http_request_buffer: Increase client timeout to wait "slow" clients * REGTESTS: abortonclose: Add a barrier to not mix up log messages * MEDIUM: http-ana: Always report rewrite failures as PRXCOND in logs * BUG/MEDIUM: ssl/crt-list: Rework 'add ssl crt-list' to handle full buffer cases * BUG/MEDIUM: ssl_ckch: Rework 'commit ssl cert' to handle full buffer cases * BUG/MINOR: ssl_ckch: Don't duplicate path when replacing a cert entry * BUG/MEDIUM: ssl_ckch: Don't delete a cert entry if it is being modified * BUG/MINOR: ssl_ckch: Free error msg if commit changes on a cert entry fails * DOC: intro: adjust the numbering of paragrams to keep the output ordered * DOC: peers: fix port number and addresses on new peers section format * DOC: peers: clarify when entry expiration date is renewed. * DOC: peers: indicate that some server settings are not usable * SCRIPTS: make publish-release try to launch make-releases-json * SCRIPTS: add make-releases-json to recreate a releases.json file in download dirs * REGTESTS: Do not use REQUIRE_VERSION for HAProxy 2.5+ (2) * BUG/MEDIUM: sample: Fix adjusting size in word converter * BUG/MEDIUM: peers: prevent unitialized multiple listeners on peers section * BUG/MEDIUM: peers: fix segfault using multiple bind on peers sections * BUG/MEDIUM: resolvers: Don't defer resolutions release in deinit function * BUG/MEDIUM: http: Properly reject non-HTTP/1.x protocols * BUG/MEDIUM: tools: Fix `inet_ntop` usage in sa2str * CI: determine actual OpenSSL version dynamically * BUILD/MINOR: cpuset fix build for FreeBSD 13.1 * BUG/MINOR: peers: fix error reporting of "bind" lines * BUG/MINOR: cfgparse: abort earlier in case of allocation error * BUG/MINOR: check: Reinit the buffer wait list at the end of a check * BUG/MEDIUM: config: Reset outline buffer size on realloc error in readcfgfile() * REGTESTS: abortonclose: Fix some race conditions * BUG/MINOR: ssl: Fix crash when no private key is found in pem * MINOR: tools: add get_exec_path implementation for solaris based systems. * BUILD: fix build warning on solaris based systems with __maybe_unused. * MEDIUM: http-ana: Add a proxy option to restrict chars in request header names * CI: determine actual LibreSSL version dynamically * [RELEASE] Released version 2.4.17 * CLEANUP: mux-h1: Fix comments and error messages for global options * BUG/MEDIUM: wdt: don't trigger the watchdog when p is unitialized * BUG/MINOR: conn_stream: do not confirm a connection from the frontend path * BUG/MINOR: server: Make SRV_STATE_LINE_MAXLEN value from 512 to 2kB (2000 bytes). * DOC: install: update gcc version requirements * BUG/MEDIUM: ssl: fix the gcc-12 broken fix :-( * BUILD: listener: shut report of possible null-deref in listener_accept() * BUILD: debug: work around gcc-12 excessive -Warray-bounds warnings * BUILD: ssl: work around bogus warning in gcc 12's -Wformat-truncation * CI: dynamically determine actual version of h2spec * DOC: fix typo "ant" for "and" in INSTALL * BUG/MINOR: map/cli: make sure patterns don't vanish under "show map"'s init * BUG/MINOR: map/cli: protect the backref list during "show map" errors * BUG/MEDIUM: cli: make "show cli sockets" really yield * BUG/MEDIUM: resolvers: make "show resolvers" properly yield * BUG/MINOR: tcp/http: release the expr of set-{src,dst}[-port] * DOC: config: Update doc for PR/PH session states to warn about rewrite failures * MINOR: mux-h2: report a trace event when failing to create a new stream * BUG/MINOR: mux-h2: mark the stream as open before processing it not after * BUG/MAJOR: dns: multi-thread concurrency issue on UDP socket * BUG/MEDIUM: mux-h1: Be able to handle trailers when C-L header was specified * BUG/MEDIUM: mux-fcgi: Be sure to never set EOM flag on an empty HTX message * SCRIPTS: announce-release: add URL of dev packages * CI: github actions: update LibreSSL to 3.5.2 * [RELEASE] Released version 2.4.16 * BUILD: opentracing: Fix OT build due to misuse of var_clear() * BUILD: proto_uxst: do not set unused flag * BUILD: sockpair: do not set unused flag * BUILD: fd: remove unused variable totlen in fd_write_frag_line() * CLEANUP: acl: Remove unused variable when releasing an acl expression * BUG/MINOR: pools: make sure to also destroy shared pools in pool_destroy_all() * BUG/MINOR: resolvers: Fix memory leak in resolvers_deinit() * BUILD: compiler: properly distinguish weak and global symbols * REGTESTS: fix the race conditions in be2dec.vtc ad field.vtc * MEDIUM: queue: use tasklet_instant_wakeup() to wake tasks * MINOR: task: add a new task_instant_wakeup() function * BUG/MINOR: rules: Fix check_capture() function to use the right rule arguments * DOC: remove my name from the config doc * BUG/MAJOR: connection: Never remove connection from idle lists outside the lock * BUG/MINOR: cache: Disable cache if applet creation fails * SCRIPTS: announce-release: add shortened links to pending issues * DOC: lua: update a few doc URLs * SCRIPTS: announce-release: update the doc's URL * BUG/MEDIUM: compression: Don't forget to update htx_sl and http_msg flags * BUG/MEDIUM: fcgi-app: Use http_msg flags to know if C-L header can be added * BUG/MEDIUM: stream: do not abort connection setup too early * BUILD: compiler: use a more portable set of asm(".weak") statements * BUILD: sched: workaround crazy and dangerous warning in Clang 14 * BUG/MEDIUM: mux-h1: Don't request more room on partial trailers * BUG/MINOR: mux-h2: use timeout http-request as a fallback for http-keep-alive * BUG/MINOR: mux-h2: do not use timeout http-keep-alive on backend side * BUILD: debug: mark the __start_mem_stats/__stop_mem_stats symbols as weak * BUG/MINOR: cache: do not display expired entries in "show cache" * BUG/MINOR: mux-h2: do not send GOAWAY if SETTINGS were not sent * CI: cirrus: switch to FreeBSD-13.0 * CI: Update to actions/cache@v3 * CI: Update to actions/checkout@v3 * DEBUG: opentracing: show return values of all functions in the debug output * CLEANUP: opentracing: added variable to store variable length * CLEANUP: opentracing: added flt_ot_smp_init() function * CLEANUP: opentracing: removed unused function flt_ot_var_get() * CLEANUP: opentracing: removed unused function flt_ot_var_unset() * DOC: opentracing: corrected comments in function descriptions * EXAMPLES: opentracing: refined shell scripts for testing filter performance * BUG/MINOR: opentracing: setting the return value in function flt_ot_var_set() * BUG/MEDIUM: http-act: Don't replace URI if path is not found or invalid * BUG/MEDIUM: http-conv: Fix url_enc() to not crush const samples * BUG/MEDIUM: mux-h1: Set outgoing message to DONE when payload length is reached * BUG/MEDIUM: promex: Be sure to never set EOM flag on an empty HTX message * BUG/MEDIUM: hlua: Don't set EOM flag on an empty HTX message in HTTP applet * BUG/MEDIUM: stats: Be sure to never set EOM flag on an empty HTX message * BUG/MINOR: fcgi-app: Don't add C-L header on response to HEAD requests * CI: github actions: update OpenSSL to 3.0.2 * BUG/MAJOR: mux_pt: always report the connection error to the conn_stream * BUG/MINOR: cli/stream: fix "shutdown session" to iterate over all threads * BUG/MINOR: samples: add missing context names for sample fetch functions * DOC: reflect H2 timeout changes * BUG/MEDIUM: mux-h2: make use of http-request and keep-alive timeouts * MEDIUM: mux-h2: slightly relax timeout management rules * BUG/MEDIUM: stream-int: do not rely on the connection error once established * BUG/MEDIUM: mux-h1: Properly detect full buffer cases during message parsing * BUG/MEDIUM: mux-fcgi: Properly handle return value of headers/trailers parsing * BUG/MINOR: tools: url2sa reads too far when no port nor path * DOC: config: Explictly add supported MQTT versions * MEDIUM: mqtt: support mqtt_is_valid and mqtt_field_value converters for MQTTv3.1 * BUG/MEDIUM: trace: avoid race condition when retrieving session from conn->owner * BUG/MEDIUM: mux-h1: only turn CO_FL_ERROR to CS_FL_ERROR with empty ibuf * CI: github actions: switch to LibreSSL-3.5.1 * BUG/MINOR: server/ssl: free the SNI sample expression * BUG/MINOR: tools: fix url2sa return value with IPv4 * [RELEASE] Released version 2.4.15 * BUILD: tree-wide: mark a few numeric constants as explicitly long long * DOC: Fix usage/examples of deprecated ACLs * BUG/MINOR: stream: make the call_rate only count the no-progress calls * BUG/MINOR: session: fix theoretical risk of memleak in session_accept_fd() * BUG/MAJOR: mux-pt: Always destroy the backend connection on detach * DEBUG: stream: Fix stream trace message to print response buffer state * DEBUG: stream: Add the missing descriptions for stream trace events * BUG/MEDIUM: mcli: Properly handle errors and timeouts during reponse processing * DEBUG: cache: Update underlying buffer when loading HTX message in cache applet * BUG/MINOR: promex: Set conn-stream/channel EOI flags at the end of request * BUG/MINOR: cache: Set conn-stream/channel EOI flags at the end of request * BUG/MINOR: stats: Set conn-stream/channel EOI flags at the end of request * BUG/MINOR: hlua: Set conn-stream/channel EOI flags at the end of request * BUG/MINOR: cli: shows correct mode in "show sess" * BUG/MINOR: add missing modes in proxy_mode_str() * BUILD: pools: fix backport of no-memory-trimming on non-linux OS * MINOR: pools: add a new global option "no-memory-trimming" * BUG/MEDIUM: pools: fix ha_free() on area in the process of being freed * BUG/MINOR: pool: always align pool_heads to 64 bytes * REGTESTS: fix the race conditions in secure_memcmp.vtc * REGTESTS: fix the race conditions in normalize_uri.vtc * BUG/MEDIUM: htx: Fix a possible null derefs in htx_xfer_blks() * CI: github actions: use cache for SSL libs * CI: github actions: use cache for OpenTracing * CI: github actions: add OpenTracing builds * CI: github actions: add the output of $CC -dM -E- * [RELEASE] Released version 2.4.14 * BUG/MEDIUM: stream: Abort processing if response buffer allocation fails * CI: github: enable pool debugging by default * REGTESTS: fix the race conditions in 40be_2srv_odd_health_checks * BUG/MINOR: proxy: preset the error message pointer to NULL in parse_new_proxy() * BUG/MAJOR: mux-h2: Be sure to always report HTX parsing error to the app layer * BUG/MEDIUM: mux-h1: Don't wake h1s if mux is blocked on lack of output buffer * BUG/MEDIUM: htx: Be sure to have a buffer to perform a raw copy of a message * BUG/MINOR: tools: url2sa reads ipv4 too far * BUG/MINOR: mailers: negotiate SMTP, not ESMTP * CI: github actions: update OpenSSL to 3.0.1 * CI: github: switch to OpenSSL 3.0.0 * CI: github actions: relax OpenSSL-3.0.0 version comparision * CI: github actions: -Wno-deprecated-declarations with OpenSSL 3.0.0 * CI: github actions: add OpenSSL-3.0.0 builds * BUILD: adopt script/build-ssl.sh for OpenSSL-3.0.0beta2 * BUILD: fix compilation for OpenSSL-3.0.0-alpha17 * CI: ssl: keep the old method for ancient OpenSSL versions * CI: ssl: do not needlessly build the OpenSSL docs * CI: ssl: enable parallel builds for OpenSSL on Linux * BUG/MAJOR: compiler: relax alignment constraints on certain structures * BUG/MEDIUM: fd: always align fdtab[] to 64 bytes * BUG/MEDIUM: resolvers: Really ignore trailing dot in domain names * BUG/MINOR: sink: Use the right field in appctx context in release callback * BUG/MINOR: mworker: fix a FD leak of a sockpair upon a failed reload * BUG/MEDIUM: mworker: close unused transferred FDs on load failure * MINOR: sock: move the unused socket cleaning code into its own function * [RELEASE] Released version 2.4.13 * BUG/MINOR: mux-h2: update the session's idle delay before creating the stream * BUG/MEDIUM: h2/hpack: fix emission of HPACK DTSU after settings change * REGTESTS: peers: leave a bit more time to peers to synchronize * BUG/MAJOR: spoe: properly detach all agents when releasing the applet * BUG/MAJOR: http/htx: prevent unbounded loop in http_manage_server_side_cookies * BUG/MEDIUM: listener: read-lock the listener during accept() * MINOR: listener: replace the listener's spinlock with an rwlock * BUG/MINOR: mworker: does not erase the pidfile upon reload * BUG/MAJOR: sched: prevent rare concurrent wakeup of multi-threaded tasks * DEBUG: pools: replace the link pointer with the caller's address on pool_free() * DEBUG: pools: let's add reverse mapping from cache heads to thread and pool * DEBUG: pools: add extra sanity checks when picking objects from a local cache * BUG/MINOR: pools: always flush pools about to be destroyed * BUG/MEDIUM: mworker: don't lose the stats socket on failed reload * DEBUG: pools: add new build option DEBUG_POOL_INTEGRITY * BUILD: debug/cli: condition test of O_ASYNC to its existence * DEBUG: cli: add a new "debug dev fd" expert command * MEDIUM: h2/hpack: emit a Dynamic Table Size Update after settings change * BUG/MEDIUM: mcli: always realign wrapping buffers before parsing them * BUG/MEDIUM: mcli: do not try to parse empty buffers * BUG/MEDIUM: cli: Never wait for more data on client shutdown * BUG/MINOR: cli: avoid O(bufsize) parsing cost on pipelined commands * MINOR: channel: add new function co_getdelim() to support multiple delimiters * MEDIUM: cli: yield between each pipelined command * BUG/MEDIUM: server: avoid changing healthcheck ctx with set server ssl * BUILD/MINOR: fix solaris build with clang. * BUG/MEDIUM: htx: Adjust length to add DATA block in an empty HTX buffer * BUG/MEDIUM: connection: properly leave stopping list on error * [RELEASE] Released version 2.4.12 * BUG/MAJOR: mux-h1: Don't decrement .curr_len for unsent data * BUG/MEDIUM: mworker: don't use _getsocks in wait mode * [RELEASE] Released version 2.4.11 * BUG/MEDIUM: http-ana: Preserve response's FLT_END analyser on L7 retry * BUG/MINOR: cli: fix _getsocks with musl libc * BUILD/MINOR: tools: solaris build fix on dladdr. * BUILD/MINOR: cpuset FreeBSD 14 build fix. * BUG/MEDIUM: ssl: free the ckch instance linked to a server * BUG/MINOR: ssl: free the fields in srv->ssl_ctx * MINOR: debug: add support for -dL to dump library names at boot * MINOR: debug: add ability to dump loaded shared libraries * MINOR: compat: detect support for dl_iterate_phdr() * BUG/MINOR: mux-h1: Fix splicing for messages with unknown length * BUG/MEDIUM: mux-h1: Fix splicing by properly detecting end of message * BUILD: makefile: add -Wno-atomic-alignment to work around clang abusive warning * MINOR: proxy: add option idle-close-on-response * REGTESTS: ssl: fix ssl_default_server.vtc * BUG/MEDIUM: ssl: initialize correctly ssl w/ default-server * DOC: fix misspelled keyword "resolve_retries" in resolvers * BUILD: ssl: unbreak the build with newer libressl * BUILD: cli: clear a maybe-unused warning on some older compilers * BUG/MINOR: pools: don't mark ourselves as harmless in DEBUG_UAF mode * BUG/MEDIUM: backend: fix possible sockaddr leak on redispatch * [RELEASE] Released version 2.4.10 * BUG/MINOR: backend: restore the SF_SRV_REUSED flag original purpose * BUG/MINOR: backend: do not set sni on connection reuse * MINOR: pools: work around possibly slow malloc_trim() during gc * BUG/MEDIUM: mworker/cli: crash when trying to access an old PID in prompt mode * DOC: config: retry-on list is space-delimited * DOC: config: Specify %Ta is only available in HTTP mode * DOC: spoe: Clarify use of the event directive in spoe-message section * BUG/MINOR: cli/server: Don't crash when a server is added with a custom id * IMPORT: slz: use the correct CRC32 instruction when running in 32-bit mode * BUILD: tree-wide: avoid warnings caused by redundant checks of obj_types * MINOR: cli: "show version" displays the current process version * CI: Github Actions: temporarily disable BoringSSL builds * BUILD: bug: Fix error when compiling with -DDEBUG_STRICT_NOCRASH * MINOR: mux-h1: Improve H1 traces by adding info about http parsers * BUG/MAJOR: segfault using multiple log forward sections. * BUG/MEDIUM: resolvers: Detach query item on response error * BUG/MINOR: server: Don't rely on last default-server to init server SSL context * BUG/MEDIUM: cli: Properly set stream analyzers to process one command at a time * BUILD/MINOR: server: fix compilation without SSL * [RELEASE] Released version 2.4.9 * BUG/MINOR: cache: Fix loop on cache entries in "show cache" * MINOR: promex: backend aggregated server check status * MINOR: server: add ws keyword * MEDIUM: server/backend: implement websocket protocol selection * MINOR: connection: add alternative mux_ops param for conn_install_mux_be * MINOR: connection: implement function to update ALPN * MINOR: stream/mux: implement websocket stream flag * BUG/MINOR: ssl: make SSL counters atomic * MINOR: shctx: add a few BUG_ON() for consistency checks * BUG/MINOR: shctx: do not look for available blocks when the first one is enough * BUG/MEDIUM: shctx: leave the block allocator when enough blocks are found * BUG/MEDIUM: cache/cli: make "show cache" thread-safe * BUG/MEDIUM: mux-h2: always process a pending shut read * BUG/MEDIUM: ssl: abort with the correct SSL error when SNI not found * CLEANUP: ssl: fix wrong #else commentary * BUG/MINOR: ssl: free correctly the sni in the backend SSL cache * BUG/MEDIUM: ssl: backend TLS resumption with sni and TLSv1.3 * BUILD: makefile: simplify detection of libatomic * BUG/MEDIUM: mux-h1: Handle delayed silent shut in h1_process() to release H1C * BUG/MINOR: stick-table/cli: Check for invalid ipv6 key * BUG/MEDIUM: connection: make cs_shutr/cs_shutw//cs_close() idempotent * BUG/MINOR: mux-h2: Fix H2_CF_DEM_SHORT_READ value * BUG/MINOR: mworker: doesn't launch the program postparser * BUG/MEDIUM: conn-stream: Don't reset CS flags on close * MINOR: mux-h1: Slightly Improve H1 traces * DOC: lua: Be explicit with the Reply object limits * Revert "BUG/MINOR: http-ana: Don't eval front after-response rules if stopped on back" * BUG/MINOR: http-ana: Apply stop to the current section for http-response rules * DOC: config: Fix typo in ssl_fc_unique_id description * BUG/MINOR: cache: properly ignore unparsable max-age in quotes * BUG/MINOR: resolvers: throw log message if trash not large enough for query * BUG/MINOR: resolvers: fix sent messages were counted twice * BUG/MEDIUM: mux-h2: reject upgrade if no RFC8441 support * MINOR: mux-h2: add trace on extended connect usage * MINOR: mux-h2: perform a full cycle shutdown+drain on close * MINOR: connection: add a new CO_FL_WANT_DRAIN flag to force drain on close haproxy-2.4.22+git0.f8e3218e2-150400.3.13.1.src.rpm haproxy-2.4.22+git0.f8e3218e2-150400.3.13.1.x86_64.rpm haproxy-2.4.22+git0.f8e3218e2-150400.3.13.1.s390x.rpm haproxy-2.4.22+git0.f8e3218e2-150400.3.13.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2234 important SUSE Updates openSUSE-Leap-Micro 5.4 This update for ovmf fixes the following issues: - CVE-2021-38578: Fixed potential underflow in SmmEntryPointwhen computing BufferSize (bsc#1196741). - CVE-2019-14560: Fixed potential secure boot bypass caused by improper check of GetEfiGlobalVariable2() return value (bsc#1174246). - revert a patch to fix xen boot problems (bsc#1205613) ovmf-202202-150400.5.10.1.src.rpm qemu-ovmf-x86_64-202202-150400.5.10.1.noarch.rpm qemu-uefi-aarch64-202202-150400.5.10.1.noarch.rpm openSUSE-Leap-Micro-5.4-2023-2133 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) libz1-1.2.11-150000.3.42.1.x86_64.rpm zlib-1.2.11-150000.3.42.1.src.rpm zlib-devel-1.2.11-150000.3.42.1.x86_64.rpm libz1-1.2.11-150000.3.42.1.s390x.rpm zlib-devel-1.2.11-150000.3.42.1.s390x.rpm libz1-1.2.11-150000.3.42.1.aarch64.rpm zlib-devel-1.2.11-150000.3.42.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2341 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for libsigc++2 fixes the following issues: - Remove executable permission for file (bsc#1209094, bsc#1209140) libsigc++2-2.10.7-150400.3.3.1.src.rpm libsigc-2_0-0-2.10.7-150400.3.3.1.x86_64.rpm libsigc-2_0-0-2.10.7-150400.3.3.1.s390x.rpm libsigc-2_0-0-2.10.7-150400.3.3.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2224 important SUSE Updates openSUSE-Leap-Micro 5.4 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). curl-8.0.1-150400.5.23.1.src.rpm curl-8.0.1-150400.5.23.1.x86_64.rpm libcurl4-8.0.1-150400.5.23.1.x86_64.rpm curl-8.0.1-150400.5.23.1.s390x.rpm libcurl4-8.0.1-150400.5.23.1.s390x.rpm curl-8.0.1-150400.5.23.1.aarch64.rpm libcurl4-8.0.1-150400.5.23.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2231 important SUSE Updates openSUSE-Leap-Micro 5.4 The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-2235: A use-after-free vulnerability in the Performance Events system can be exploited to achieve local privilege escalation (bsc#1210986). - CVE-2022-2196: Fixed a regression related to KVM that allowed for speculative execution attacks (bsc#1206992). - CVE-2023-23006: Fixed NULL checking against IS_ERR in dr_domain_init_resources (bsc#1208845). - CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871). - CVE-2023-2176: A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege (bsc#1210629). - CVE-2023-0386: A flaw was found where unauthorized access to the execution of the setuid file with capabilities was found in the OverlayFS subsystem, when a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allowed a local user to escalate their privileges on the system (bsc#1209615). - CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress (bsc#1210506). - CVE-2023-1855: Fixed a use after free in xgene_hwmon_remove (bsc#1210202). - CVE-2023-30772: Fixed a race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329). - CVE-2023-2019: A flaw was found in the netdevsim device driver, more specifically within the scheduling of events. This issue results from the improper management of a reference count and may lead to a denial of service (bsc#1210454). - CVE-2023-2008: A flaw was found in the fault handler of the udmabuf device driver. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code (bsc#1210453). - CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336). - CVE-2023-1990: Fixed a use after free in ndlc_remove (bsc#1210337). The following non-security bugs were fixed: - ACPI: CPPC: Disable FIE if registers in PCC regions (bsc#1210953). - ACPI: VIOT: Initialize the correct IOMMU fwspec (git-fixes). - ACPI: resource: Add Medion S17413 to IRQ override quirk (git-fixes). - ALSA: emu10k1: do not create old pass-through playback device on Audigy (git-fixes). - ALSA: emu10k1: fix capture interrupt handler unlinking (git-fixes). - ALSA: firewire-tascam: add missing unwind goto in snd_tscm_stream_start_duplex() (git-fixes). - ALSA: hda/cirrus: Add extra 10 ms delay to allow PLL settle and lock (git-fixes). - ALSA: hda/realtek: Add quirks for Lenovo Z13/Z16 Gen2 (git-fixes). - ALSA: hda/realtek: Enable mute/micmute LEDs and speaker support for HP Laptops (git-fixes). - ALSA: hda/realtek: Remove specific patch for Dell Precision 3260 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). - ALSA: hda/realtek: fix speaker, mute/micmute LEDs not work on a HP platform (git-fixes). - ALSA: hda/sigmatel: add pin overrides for Intel DP45SG motherboard (git-fixes). - ALSA: hda/sigmatel: fix S/PDIF out on Intel D*45* motherboards (git-fixes). - ALSA: hda: cs35l41: Enable Amp High Pass Filter (git-fixes). - ALSA: hda: patch_realtek: add quirk for Asus N7601ZM (git-fixes). - ALSA: i2c/cs8427: fix iec958 mixer control deactivation (git-fixes). - ARM: 9290/1: uaccess: Fix KASAN false-positives (git-fixes). - ARM: dts: exynos: fix WM8960 clock name in Itop Elite (git-fixes). - ARM: dts: gta04: fix excess dma channel usage (git-fixes). - ARM: dts: qcom: ipq4019: Fix the PCI I/O port range (git-fixes). - ARM: dts: rockchip: fix a typo error for rk3288 spdif node (git-fixes). - ARM: dts: s5pv210: correct MIPI CSIS clock name (git-fixes). - ASN.1: Fix check for strdup() success (git-fixes). - ASoC: cs35l41: Only disable internal boost (git-fixes). - ASoC: es8316: Handle optional IRQ assignment (git-fixes). - ASoC: fsl_asrc_dma: fix potential null-ptr-deref (git-fixes). - ASoC: fsl_mqs: move of_node_put() to the correct location (git-fixes). - Add 42a11bf5c543 cgroup/cpuset: Make cpuset_fork() handle CLONE_INTO_CGROUP properly - Add eee878537941 cgroup/cpuset: Add cpuset_can_fork() and cpuset_cancel_fork() methods - Bluetooth: Fix race condition in hidp_session_thread (git-fixes). - Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp} (git-fixes). - Drivers: vmbus: Check for channel allocation before looking up relids (git-fixes). - IB/mlx5: Add support for 400G_8X lane speed (git-fixes) - Input: hp_sdc_rtc - mark an unused function as __maybe_unused (git-fixes). - Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe (git-fixes). - KEYS: Add missing function documentation (git-fixes). - KEYS: Create static version of public_key_verify_signature (git-fixes). - NFS: Cleanup unused rpc_clnt variable (git-fixes). - NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL (git-fixes). - NFSD: callback request does not use correct credential for AUTH_SYS (git-fixes). - PCI/EDR: Clear Device Status after EDR error recovery (git-fixes). - PCI: dwc: Fix PORT_LINK_CONTROL update when CDM check enabled (git-fixes). - PCI: imx6: Install the fault handler only on compatible match (git-fixes). - PCI: loongson: Add more devices that need MRRS quirk (git-fixes). - PCI: loongson: Prevent LS7A MRRS increases (git-fixes). - PCI: pciehp: Fix AB-BA deadlock between reset_lock and device_lock (git-fixes). - PCI: qcom: Fix the incorrect register usage in v2.7.0 config (git-fixes). - RDMA/cma: Allow UD qp_type to join multicast only (git-fixes) - RDMA/core: Fix GID entry ref leak when create_ah fails (git-fixes) - RDMA/irdma: Add ipv4 check to irdma_find_listener() (git-fixes) - RDMA/irdma: Fix memory leak of PBLE objects (git-fixes) - RDMA/irdma: Increase iWARP CM default rexmit count (git-fixes) - Remove obsolete KMP obsoletes (bsc#1210469). - Revert "Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work" (git-fixes). - Revert "pinctrl: amd: Disable and mask interrupts on resume" (git-fixes). - USB: dwc3: fix runtime pm imbalance on probe errors (git-fixes). - USB: dwc3: fix runtime pm imbalance on unbind (git-fixes). - USB: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs (git-fixes). - USB: serial: option: add Quectel RM500U-CN modem (git-fixes). - USB: serial: option: add Telit FE990 compositions (git-fixes). - USB: serial: option: add UNISOC vendor and TOZED LT70C product (git-fixes). - amdgpu: disable powerpc support for the newer display engine (bsc#1194869). - arm64: dts: imx8mm-evk: correct pmic clock source (git-fixes). - arm64: dts: meson-g12-common: specify full DMC range (git-fixes). - arm64: dts: qcom: ipq8074-hk01: enable QMP device, not the PHY node (git-fixes). - arm64: dts: qcom: ipq8074: Fix the PCI I/O port range (git-fixes). - arm64: dts: qcom: msm8994-kitakami: drop unit address from PMI8994 regulator (git-fixes). - arm64: dts: qcom: msm8994-msft-lumia-octagon: drop unit address from PMI8994 regulator (git-fixes). - arm64: dts: qcom: msm8996: Fix the PCI I/O port range (git-fixes). - arm64: dts: qcom: msm8998: Fix stm-stimulus-base reg name (git-fixes). - arm64: dts: qcom: msm8998: Fix the PCI I/O port range (git-fixes). - arm64: dts: qcom: sc7180-trogdor-lazor: correct trackpad supply (git-fixes). - arm64: dts: qcom: sdm845: Fix the PCI I/O port range (git-fixes). - arm64: dts: qcom: sm8250: Fix the PCI I/O port range (git-fixes). - arm64: dts: renesas: r8a774c0: Remove bogus voltages from OPP table (git-fixes). - arm64: dts: renesas: r8a77990: Remove bogus voltages from OPP table (git-fixes). - arm64: dts: ti: k3-j721e-main: Remove ti,strobe-sel property (git-fixes). - arm64: enable jump-label jump-label was disabled on arm64 by a backport error. - bluetooth: Perform careful capability checks in hci_sock_ioctl() (git-fixes). - cgroup/cpuset: Wake up cpuset_attach_wq tasks in cpuset_cancel_attach() (bsc#1210827). - cifs: fix negotiate context parsing (bsc#1210301). - clk: add missing of_node_put() in "assigned-clocks" property parsing (git-fixes). - clk: at91: clk-sam9x60-pll: fix return value check (git-fixes). - clk: rockchip: rk3399: allow clk_cifout to force clk_cifout_src to reparent (git-fixes). - clk: sprd: set max_register according to mapping range (git-fixes). - clocksource/drivers/davinci: Fix memory leak in davinci_timer_register when init fails (git-fixes). - config: arm64: enable ERRATUM_843419 Config option was incorrectly replaced by the rt-refresh-configs script - cpufreq: CPPC: Fix build error without CONFIG_ACPI_CPPC_CPUFREQ_FIE (bsc#1210953). - cpufreq: CPPC: Fix performance/frequency conversion (git-fixes). - cpumask: fix incorrect cpumask scanning result checks (bsc#1210943). - crypto: caam - Clear some memory in instantiate_rng (git-fixes). - crypto: drbg - Only fail when jent is unavailable in FIPS mode (git-fixes). - crypto: sa2ul - Select CRYPTO_DES (git-fixes). - crypto: safexcel - Cleanup ring IRQ workqueues on load failure (git-fixes). - driver core: Do not require dynamic_debug for initcall_debug probe timing (git-fixes). - drivers: staging: rtl8723bs: Fix locking in _rtw_join_timeout_handler() (git-fixes). - drivers: staging: rtl8723bs: Fix locking in rtw_scan_timeout_handler() (git-fixes). - drm/amd/display/dc/dce60/Makefile: Fix previous attempt to silence known override-init warnings (git-fixes). - drm/amd/display: Fix potential null dereference (git-fixes). - drm/amdgpu: Re-enable DCN for 64-bit powerpc (bsc#1194869). - drm/armada: Fix a potential double free in an error handling path (git-fixes). - drm/bridge: adv7533: Fix adv7533_mode_valid for adv7533 and adv7535 (git-fixes). - drm/bridge: lt8912b: Fix DSI Video Mode (git-fixes). - drm/bridge: lt9611: Fix PLL being unable to lock (git-fixes). - drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var (git-fixes). - drm/i915/dsi: fix DSS CTL register offsets for TGL+ (git-fixes). - drm/i915: Fix fast wake AUX sync len (git-fixes). - drm/i915: Make intel_get_crtc_new_encoder() less oopsy (git-fixes). - drm/i915: fix race condition UAF in i915_perf_add_config_ioctl (git-fixes). - drm/lima/lima_drv: Add missing unwind goto in lima_pdev_probe() (git-fixes). - drm/msm/adreno: drop bogus pm_runtime_set_active() (git-fixes). - drm/msm/disp/dpu: check for crtc enable rather than crtc active to release shared resources (git-fixes). - drm/msm: fix NULL-deref on snapshot tear down (git-fixes). - drm/nouveau/disp: Support more modes by checking with lower bpc (git-fixes). - drm/panel: otm8009a: Set backlight parent to panel device (git-fixes). - drm/probe-helper: Cancel previous job before starting new one (git-fixes). - drm/rockchip: Drop unbalanced obj unref (git-fixes). - drm/vgem: add missing mutex_destroy (git-fixes). - drm: msm: adreno: Disable preemption on Adreno 510 (git-fixes). - drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Book X90F (git-fixes). - drm: rcar-du: Fix a NULL vs IS_ERR() bug (git-fixes). - dt-bindings: arm: fsl: Fix copy-paste error in comment (git-fixes). - dt-bindings: iio: ti,tmp117: fix documentation link (git-fixes). - dt-bindings: mailbox: qcom,apcs-kpss-global: fix SDX55 'if' match (git-fixes). - dt-bindings: nvmem: qcom,spmi-sdam: fix example 'reg' property (git-fixes). - dt-bindings: remoteproc: stm32-rproc: Typo fix (git-fixes). - dt-bindings: soc: qcom: smd-rpm: re-add missing qcom,rpm-msm8994 (git-fixes). - e1000e: Disable TSO on i219-LM card to increase speed (git-fixes). - efi: sysfb_efi: Add quirk for Lenovo Yoga Book X91F/L (git-fixes). - ext4: Fix deadlock during directory rename (bsc#1210763). - ext4: Fix possible corruption when moving a directory (bsc#1210763). - ext4: fix RENAME_WHITEOUT handling for inline directories (bsc#1210766). - ext4: fix another off-by-one fsmap error on 1k block filesystems (bsc#1210767). - ext4: fix bad checksum after online resize (bsc#1210762 bsc#1208076). - ext4: fix cgroup writeback accounting with fs-layer encryption (bsc#1210765). - ext4: fix corruption when online resizing a 1K bigalloc fs (bsc#1206891). - ext4: fix incorrect options show of original mount_opt and extend mount_opt2 (bsc#1210764). - ext4: fix possible double unlock when moving a directory (bsc#1210763). - ext4: use ext4_journal_start/stop for fast commit transactions (bsc#1210793). - fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace (git-fixes). - firmware: qcom_scm: Clear download bit during reboot (git-fixes). - firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe (git-fixes). - fpga: bridge: fix kernel-doc parameter description (git-fixes). - hwmon: (adt7475) Use device_property APIs when configuring polarity (git-fixes). - hwmon: (k10temp) Check range scale when CUR_TEMP register is read-write (git-fixes). - hwmon: (pmbus/fsp-3y) Fix functionality bitmask in FSP-3Y YM-2151E (git-fixes). - i2c: cadence: cdns_i2c_master_xfer(): Fix runtime PM leak on error path (git-fixes). - i2c: hisi: Avoid redundant interrupts (git-fixes). - i2c: imx-lpi2c: clean rx/tx buffers upon new message (git-fixes). - i2c: ocores: generate stop condition after timeout in polling mode (git-fixes). - i915/perf: Replace DRM_DEBUG with driver specific drm_dbg call (git-fixes). - ice: avoid bonding causing auxiliary plug/unplug under RTNL lock (bsc#1210158). - iio: adc: at91-sama5d2_adc: fix an error code in at91_adc_allocate_trigger() (git-fixes). - iio: light: tsl2772: fix reading proximity-diodes from device tree (git-fixes). - ipmi: fix SSIF not responding under certain cond (git-fixes). - ipmi:ssif: Add send_retries increment (git-fixes). - k-m-s: Drop Linux 2.6 support - kABI: PCI: loongson: Prevent LS7A MRRS increases (kabi). - kABI: x86/msi: Fix msi message data shadow struct (kabi). - kabi/severities: ignore KABI for NVMe target (bsc#1174777) The target code is only for testing and there are no external users. - keys: Fix linking a duplicate key to a keyring's assoc_array (bsc#1207088). - locking/rwbase: Mitigate indefinite writer starvation. - media: av7110: prevent underflow in write_ts_to_decoder() (git-fixes). - media: dm1105: Fix use after free bug in dm1105_remove due to race condition (git-fixes). - media: max9286: Free control handler (git-fixes). - media: rc: gpio-ir-recv: Fix support for wake-up (git-fixes). - media: rkvdec: fix use after free bug in rkvdec_remove (git-fixes). - media: saa7134: fix use after free bug in saa7134_finidev due to race condition (git-fixes). - media: venus: dec: Fix handling of the start cmd (git-fixes). - memstick: fix memory leak if card device is never registered (git-fixes). - mm/filemap: fix page end in filemap_get_read_batch (bsc#1210768). - mm: page_alloc: skip regions with hugetlbfs pages when allocating 1G pages (bsc#1210034). - mm: take a page reference when removing device exclusive entries (bsc#1211025). - mmc: sdhci-of-esdhc: fix quirk to ignore command inhibit for data (git-fixes). - mmc: sdhci_am654: Set HIGH_SPEED_ENA for SDR12 and SDR25 (git-fixes). - mtd: core: fix error path for nvmem provider (git-fixes). - mtd: core: fix nvmem error reporting (git-fixes). - mtd: core: provide unique name for nvmem device, take two (git-fixes). - mtd: spi-nor: Fix a trivial typo (git-fixes). - net: phy: nxp-c45-tja11xx: add remove callback (git-fixes). - net: phy: nxp-c45-tja11xx: fix unsigned long multiplication overflow (git-fixes). - nfsd: call op_release, even when op_func returns an error (git-fixes). - nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread() (git-fixes). - nilfs2: initialize unused bytes in segment summary blocks (git-fixes). - nvme initialize core quirks before calling nvme_init_subsystem (git-fixes). - nvme-auth: uninitialized variable in nvme_auth_transform_key() (git-fixes). - nvme-fcloop: fix "inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage" (git-fixes). - nvme-hwmon: consistently ignore errors from nvme_hwmon_init (git-fixes). - nvme-hwmon: kmalloc the NVME SMART log buffer (git-fixes). - nvme-multipath: fix possible hang in live ns resize with ANA access (git-fixes). - nvme-pci: fix doorbell buffer value endianness (git-fixes). - nvme-pci: fix mempool alloc size (git-fixes). - nvme-pci: fix page size checks (git-fixes). - nvme-pci: fix timeout request state check (git-fixes). - nvme-rdma: fix possible hang caused during ctrl deletion (git-fixes). - nvme-tcp: fix possible circular locking when deleting a controller under memory pressure (git-fixes). - nvme-tcp: fix possible hang caused during ctrl deletion (git-fixes). - nvme-tcp: fix regression that causes sporadic requests to time out (git-fixes). - nvme: Fix IOC_PR_CLEAR and IOC_PR_RELEASE ioctls for nvme devices (git-fixes). - nvme: add device name to warning in uuid_show() (git-fixes). - nvme: catch -ENODEV from nvme_revalidate_zones again (git-fixes). - nvme: copy firmware_rev on each init (git-fixes). - nvme: define compat_ioctl again to unbreak 32-bit userspace (git-fixes). - nvme: fix async event trace event (git-fixes). - nvme: fix handling single range discard request (git-fixes). - nvme: fix per-namespace chardev deletion (git-fixes). - nvme: fix the NVME_CMD_EFFECTS_CSE_MASK definition (git-fixes). - nvme: fix the read-only state for zoned namespaces with unsupposed features (git-fixes). - nvme: improve the NVME_CONNECT_AUTHREQ* definitions (git-fixes). - nvme: move nvme_multi_css into nvme.h (git-fixes). - nvme: return err on nvme_init_non_mdts_limits fail (git-fixes). - nvme: send Identify with CNS 06h only to I/O controllers (bsc#1209693). - nvme: set dma alignment to dword (git-fixes). - nvme: use command_id instead of req->tag in trace_nvme_complete_rq() (git-fixes). - nvmet-auth: do not try to cancel a non-initialized work_struct (git-fixes). - nvmet-tcp: fix incomplete data digest send (git-fixes). - nvmet-tcp: fix regression in data_digest calculation (git-fixes). - nvmet: add helpers to set the result field for connect commands (git-fixes). - nvmet: avoid potential UAF in nvmet_req_complete() (git-fixes). - nvmet: do not defer passthrough commands with trivial effects to the workqueue (git-fixes). - nvmet: fix I/O Command Set specific Identify Controller (git-fixes). - nvmet: fix Identify Active Namespace ID list handling (git-fixes). - nvmet: fix Identify Controller handling (git-fixes). - nvmet: fix Identify Namespace handling (git-fixes). - nvmet: fix a memory leak (git-fixes). - nvmet: fix a memory leak in nvmet_auth_set_key (git-fixes). - nvmet: fix a use-after-free (git-fixes). - nvmet: fix invalid memory reference in nvmet_subsys_attr_qid_max_show (git-fixes). - nvmet: force reconnect when number of queue changes (git-fixes). - nvmet: looks at the passthrough controller when initializing CAP (git-fixes). - nvmet: only allocate a single slab for bvecs (git-fixes). - nvmet: use IOCB_NOWAIT only if the filesystem supports it (git-fixes). - perf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output (git fixes). - perf/core: Fix the same task check in perf_event_set_output (git fixes). - perf: Fix check before add_event_to_groups() in perf_group_detach() (git fixes). - perf: fix perf_event_context->time (git fixes). - platform/x86 (gigabyte-wmi): Add support for A320M-S2H V2 (git-fixes). - platform/x86: gigabyte-wmi: add support for X570S AORUS ELITE (git-fixes). - power: supply: cros_usbpd: reclassify "default case!" as debug (git-fixes). - power: supply: generic-adc-battery: fix unit scaling (git-fixes). - powerpc/64: Always build with 128-bit long double (bsc#1194869). - powerpc/64e: Fix amdgpu build on Book3E w/o AltiVec (bsc#1194869). - powerpc/hv-gpci: Fix hv_gpci event list (git fixes). - powerpc/papr_scm: Update the NUMA distance table for the target node (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes). - powerpc/perf/hv-24x7: add missing RTAS retry status handling (git fixes). - powerpc/pseries: Consolidate different NUMA distance update code paths (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes). - powerpc: declare unmodified attribute_group usages const (git-fixes). - regulator: core: Avoid lockdep reports when resolving supplies (git-fixes). - regulator: core: Consistently set mutex_owner when using ww_mutex_lock_slow() (git-fixes). - regulator: core: Shorten off-on-delay-us for always-on/boot-on by time since booted (git-fixes). - regulator: fan53555: Explicitly include bits header (git-fixes). - regulator: fan53555: Fix wrong TCS_SLEW_MASK (git-fixes). - regulator: stm32-pwr: fix of_iomap leak (git-fixes). - remoteproc: Harden rproc_handle_vdev() against integer overflow (git-fixes). - remoteproc: imx_rproc: Call of_node_put() on iteration error (git-fixes). - remoteproc: st: Call of_node_put() on iteration error (git-fixes). - remoteproc: stm32: Call of_node_put() on iteration error (git-fixes). - rtc: meson-vrtc: Use ktime_get_real_ts64() to get the current time (git-fixes). - rtc: omap: include header for omap_rtc_power_off_program prototype (git-fixes). - sched/fair: Fix imbalance overflow (bsc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: Limit sched slice duration (bsc#1189999 (Scheduler functional and performance backports)). - sched/fair: Move calculate of avg_load to a better location (bsc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: Sanitize vruntime of entity being migrated (bsc#1203325). - sched/fair: sanitize vruntime of entity being placed (bsc#1203325). - sched/numa: Stop an exhastive search if an idle core is found (bsc#1189999 (Scheduler functional and performance backports)). - sched_getaffinity: do not assume 'cpumask_size()' is fully initialized (bsc#1155798 (CPU scheduler functional and performance backports)). - scsi: aic94xx: Add missing check for dma_map_single() (git-fixes). - scsi: core: Add BLIST_NO_VPD_SIZE for some VDASD (git-fixes bsc#1203039) (renamed now that it's upstgream) - scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR (git-fixes). - scsi: core: Fix a procfs host directory removal regression (git-fixes). - scsi: core: Fix a source code comment (git-fixes). - scsi: core: Remove the /proc/scsi/${proc_name} directory earlier (git-fixes). - scsi: hisi_sas: Check devm_add_action() return value (git-fixes). - scsi: hisi_sas: Set a port invalid only if there are no devices attached when refreshing port id (git-fixes). - scsi: ipr: Work around fortify-string warning (git-fixes). - scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param() (git-fixes). - scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress (git-fixes). - scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress (git-fixes). - scsi: kABI workaround for fc_host_fpin_rcv (git-fixes). - scsi: libsas: Remove useless dev_list delete in sas_ex_discover_end_dev() (git-fixes). - scsi: lpfc: Avoid usage of list iterator variable after loop (git-fixes). - scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read() (git-fixes). - scsi: lpfc: Copyright updates for 14.2.0.11 patches (bsc#1210943). - scsi: lpfc: Correct used_rpi count when devloss tmo fires with no recovery (bsc#1210943). - scsi: lpfc: Defer issuing new PLOGI if received RSCN before completing REG_LOGIN (bsc#1210943). - scsi: lpfc: Drop redundant pci_enable_pcie_error_reporting() (bsc#1210943). - scsi: lpfc: Fix double word in comments (bsc#1210943). - scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup() (bsc#1210943). - scsi: lpfc: Fix lockdep warning for rx_monitor lock when unloading driver (bsc#1210943). - scsi: lpfc: Prevent lpfc_debugfs_lockstat_write() buffer overflow (bsc#1210943). - scsi: lpfc: Record LOGO state with discovery engine even if aborted (bsc#1210943). - scsi: lpfc: Reorder freeing of various DMA buffers and their list removal (bsc#1210943). - scsi: lpfc: Revise lpfc_error_lost_link() reason code evaluation logic (bsc#1210943). - scsi: lpfc: Silence an incorrect device output (bsc#1210943). - scsi: lpfc: Skip waiting for register ready bits when in unrecoverable state (bsc#1210943). - scsi: lpfc: Update lpfc version to 14.2.0.11 (bsc#1210943). - scsi: megaraid_sas: Fix crash after a double completion (git-fixes). - scsi: megaraid_sas: Update max supported LD IDs to 240 (git-fixes). - scsi: mpt3sas: Do not print sense pool info twice (git-fixes). - scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add() (git-fixes). - scsi: mpt3sas: Fix a memory leak (git-fixes). - scsi: qla2xxx: Fix memory leak in qla2x00_probe_one() (git-fixes). - scsi: qla2xxx: Perform lockless command completion in abort path (git-fixes). - scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate() (git-fixes). - scsi: scsi_transport_fc: Add an additional flag to fc_host_fpin_rcv() (bsc#1210943). - scsi: sd: Fix wrong zone_write_granularity value during revalidate (git-fixes). - scsi: ses: Do not attach if enclosure has no components (git-fixes). - scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses (git-fixes). - scsi: ses: Fix possible desc_ptr out-of-bounds accesses (git-fixes). - scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process() (git-fixes). - scsi: ses: Fix slab-out-of-bounds in ses_intf_remove() (git-fixes). - scsi: snic: Fix memory leak with using debugfs_lookup() (git-fixes). - seccomp: Move copy_seccomp() to no failure path (bsc#1210817). - selftests/kselftest/runner/run_one(): allow running non-executable files (git-fixes). - selftests: sigaltstack: fix -Wuninitialized (git-fixes). - selinux: ensure av_permissions.h is built when needed (git-fixes). - selinux: fix Makefile dependencies of flask.h (git-fixes). - serial: 8250: Add missing wakeup event reporting (git-fixes). - serial: 8250_bcm7271: Fix arbitration handling (git-fixes). - serial: 8250_exar: derive nr_ports from PCI ID for Acces I/O cards (git-fixes). - serial: exar: Add support for Sealevel 7xxxC serial cards (git-fixes). - signal handling: do not use BUG_ON() for debugging (bsc#1210439). - signal: Add SA_IMMUTABLE to ensure forced siganls do not get changed (bsc#1210816). - signal: Do not always set SA_IMMUTABLE for forced signals (bsc#1210816). - signal: HANDLER_EXIT should clear SIGNAL_UNKILLABLE (bsc#1210816). - soc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe (git-fixes). - spi: cadence-quadspi: fix suspend-resume implementations (git-fixes). - spi: fsl-spi: Fix CPM/QE mode Litte Endian (git-fixes). - spi: qup: Do not skip cleanup in remove's error path (git-fixes). - staging: iio: resolver: ads1210: fix config mode (git-fixes). - staging: rtl8192e: Fix W_DISABLE# does not work after stop/start (git-fixes). - stat: fix inconsistency between struct stat and struct compat_stat (git-fixes). - sunrpc: only free unix grouplist after RCU settles (git-fixes). - supported.conf: declaring usb_f_ncm supported as requested in (jsc#PED-3750) Support for the legacy functionality g_ncm is still under discussion (see jsc-PED#3200) For maintainance see (jsc#PED-3759) - supported.conf: support u_ether and libcomposite (jsc-PED#3750) This is necessary for g_ncm (for maintainance see jsc-PED#3759) - tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH (git-fixes). - tty: serial: fsl_lpuart: adjust buffer length to the intended size (git-fixes). - udf: Check consistency of Space Bitmap Descriptor (bsc#1210771). - udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (bsc#1206649). - udf: Support splicing to file (bsc#1210770). - usb: chipidea: fix missing goto in `ci_hdrc_probe` (git-fixes). - usb: chipidea: imx: avoid unnecessary probe defer (git-fixes). - usb: dwc3: gadget: Change condition for processing suspend event (git-fixes). - usb: dwc3: pci: add support for the Intel Meteor Lake-S (git-fixes). - usb: gadget: tegra-xudc: Fix crash in vbus_draw (git-fixes). - usb: gadget: udc: renesas_usb3: Fix use after free bug in renesas_usb3_remove due to race condition (git-fixes). - usb: host: xhci-rcar: remove leftover quirk handling (git-fixes). - virt/coco/sev-guest: Add throttling awareness (bsc#1209927). - virt/coco/sev-guest: Carve out the request issuing logic into a helper (bsc#1209927). - virt/coco/sev-guest: Check SEV_SNP attribute at probe time (bsc#1209927). - virt/coco/sev-guest: Convert the sw_exit_info_2 checking to a switch-case (bsc#1209927). - virt/coco/sev-guest: Do some code style cleanups (bsc#1209927). - virt/coco/sev-guest: Remove the disable_vmpck label in handle_guest_request() (bsc#1209927). - virt/coco/sev-guest: Simplify extended guest request handling (bsc#1209927). - virt/sev-guest: Return -EIO if certificate buffer is not large enough (bsc#1209927). - virtio_ring: do not update event idx on get_buf (git-fixes). - vmci_host: fix a race condition in vmci_host_poll() causing GPF (git-fixes). - vmxnet3: use gro callback when UPT is enabled (bsc#1209739). - wifi: ath5k: fix an off by one check in ath5k_eeprom_read_freq_list() (git-fixes). - wifi: ath6kl: minor fix for allocation size (git-fixes). - wifi: ath6kl: reduce WARN to dev_dbg() in callback (git-fixes). - wifi: ath9k: hif_usb: fix memory leak of remain_skbs (git-fixes). - wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (git-fixes). - wifi: brcmfmac: support CQM RSSI notification with older firmware (git-fixes). - wifi: iwlwifi: debug: fix crash in __iwl_err() (git-fixes). - wifi: iwlwifi: fix duplicate entry in iwl_dev_info_table (git-fixes). - wifi: iwlwifi: fw: fix memory leak in debugfs (git-fixes). - wifi: iwlwifi: fw: move memset before early return (git-fixes). - wifi: iwlwifi: make the loop for card preparation effective (git-fixes). - wifi: iwlwifi: mvm: check firmware response size (git-fixes). - wifi: iwlwifi: mvm: do not set CHECKSUM_COMPLETE for unsupported protocols (git-fixes). - wifi: iwlwifi: mvm: fix mvmtxq->stopped handling (git-fixes). - wifi: iwlwifi: mvm: initialize seq variable (git-fixes). - wifi: iwlwifi: trans: do not trigger d3 interrupt twice (git-fixes). - wifi: iwlwifi: yoyo: Fix possible division by zero (git-fixes). - wifi: iwlwifi: yoyo: skip dump correctly on hw error (git-fixes). - wifi: mac80211: adjust scan cancel comment/check (git-fixes). - wifi: mt76: add missing locking to protect against concurrent rx/status calls (git-fixes). - wifi: mt76: fix 6GHz high channel not be scanned (git-fixes). - wifi: mt76: handle failure of vzalloc in mt7615_coredump_work (git-fixes). - wifi: mwifiex: mark OF related data as maybe unused (git-fixes). - wifi: rt2x00: Fix memory leak when handling surveys (git-fixes). - wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_reg() (git-fixes). - wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_rfreg() (git-fixes). - wifi: rtw88: mac: Return the original error from rtw_mac_power_switch() (git-fixes). - wifi: rtw88: mac: Return the original error from rtw_pwr_seq_parser() (git-fixes). - wifi: rtw89: fix potential race condition between napi_init and napi_enable (git-fixes). - writeback, cgroup: fix null-ptr-deref write in bdi_split_work_to_wbs (bsc#1210769). - x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails (git-fixes). - x86/PCI: Add quirk for AMD XHCI controller that loses MSI-X state in D3hot (git-fixes). - x86/bug: Prevent shadowing in __WARN_FLAGS (git-fixes). - x86/bugs: Enable STIBP for IBPB mitigated RETBleed (git-fixes). - x86/entry: Avoid very early RET (git-fixes). - x86/entry: Do not call error_entry() for XENPV (git-fixes). - x86/entry: Move CLD to the start of the idtentry macro (git-fixes). - x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry() (git-fixes). - x86/entry: Switch the stack after error_entry() returns (git-fixes). - x86/fpu: Prevent FPU state corruption (git-fixes). - x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume (git-fixes). - x86/msi: Fix msi message data shadow struct (git-fixes). - x86/pci/xen: Disable PCI/MSI masking for XEN_HVM guests (git-fixes). - x86/traps: Use pt_regs directly in fixup_bad_iret() (git-fixes). - x86/tsx: Disable TSX development mode at boot (git-fixes). - x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 (git-fixes). - xhci: fix debugfs register accesses while suspended (git-fixes). kernel-rt-5.14.21-150400.15.28.2.nosrc.rpm True kernel-rt-5.14.21-150400.15.28.2.x86_64.rpm True openSUSE-Leap-Micro-5.4-2023-2254 important SUSE Updates openSUSE-Leap-Micro 5.4 This update for containerd fixes the following issues: - Rebuild containerd with a current version of go to catch up on bugfixes and security fixes (bsc#1210298) containerd-1.6.19-150000.90.3.src.rpm containerd-1.6.19-150000.90.3.x86_64.rpm containerd-1.6.19-150000.90.3.s390x.rpm containerd-1.6.19-150000.90.3.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2325 important SUSE Updates openSUSE-Leap-Micro 5.4 This update of cni fixes the following issues: - rebuild the package with the go 1.19 security release (bsc#1200441). cni-0.7.1-150100.3.10.1.src.rpm cni-0.7.1-150100.3.10.1.x86_64.rpm cni-0.7.1-150100.3.10.1.s390x.rpm cni-0.7.1-150100.3.10.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2324 important SUSE Updates openSUSE-Leap-Micro 5.4 This update of cni-plugins fixes the following issues: - rebuild the package with the go 1.19 security release (bsc#1200441). cni-plugins-0.8.6-150100.3.13.1.src.rpm cni-plugins-0.8.6-150100.3.13.1.x86_64.rpm cni-plugins-0.8.6-150100.3.13.1.s390x.rpm cni-plugins-0.8.6-150100.3.13.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2157 important SUSE Updates openSUSE-Leap-Micro 5.4 This update of conmon fixes the following issues: - rebuild the package with the go 19.9 secure release (bsc#1200441). conmon-2.1.5-150400.3.8.1.src.rpm conmon-2.1.5-150400.3.8.1.x86_64.rpm conmon-2.1.5-150400.3.8.1.s390x.rpm conmon-2.1.5-150400.3.8.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2139 important SUSE Updates openSUSE-Leap-Micro 5.4 This update of ignition fixes the following issues: - rebuild the package with the go 19.9 secure release (bsc#1200441). ignition-2.15.0-150400.4.2.1.src.rpm ignition-2.15.0-150400.4.2.1.x86_64.rpm ignition-dracut-grub2-2.15.0-150400.4.2.1.x86_64.rpm ignition-2.15.0-150400.4.2.1.s390x.rpm ignition-dracut-grub2-2.15.0-150400.4.2.1.s390x.rpm ignition-2.15.0-150400.4.2.1.aarch64.rpm ignition-dracut-grub2-2.15.0-150400.4.2.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2256 important SUSE Updates openSUSE-Leap-Micro 5.4 This update of runc fixes the following issues: - rebuild the package with the go 19.9 secure release (bsc#1200441). runc-1.1.5-150000.43.1.src.rpm runc-1.1.5-150000.43.1.x86_64.rpm runc-1.1.5-150000.43.1.s390x.rpm runc-1.1.5-150000.43.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2761 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for libjansson fixes the following issues: - Update to 2.14 (bsc#1201817): * New Features: + Add `json_object_getn`, `json_object_setn`, `json_object_deln`, and the corresponding `nocheck` functions. + Add jansson_version_str() and jansson_version_cmp() for runtime version checking + Add json_object_update_new(), json_object_update_existing_new() and json_object_update_missing_new() functions + Add json_object_update_recursive() + Add `json_pack()` format specifiers s*, o* and O* for values that can be omitted if null + Add `json_error_code()` to retrieve numeric error codes + Enable thread safety for `json_dump()` on all systems. Enable thread safe `json_decref()` and `json_incref()` for modern compilers + Add `json_sprintf()` and `json_vsprintf()` * Fixes: + Handle `sprintf` corner cases. + Add infinite loop check in json_deep_copy() + Enhance JANSSON_ATTRS macro to support earlier C standard(C89) + Update version detection for sphinx-build + Fix error message in `json_pack()` for NULL object + Avoid invalid memory read in `json_pack()` + Call va_end after va_copy in `json_vsprintf()` + Improve handling of formats with '?' and '*' in `json_pack()` + Remove inappropriate `jsonp_free()` which caused segmentation fault in error handling + Fix incorrect report of success from `json_dump_file()` when an error is returned by `fclose()` + Make json_equal() const-correct + Fix incomplete stealing of references by `json_pack()` - Use GitHub as source URLs: Release hasn't been uploaded to digip.org. - Add check section. libjansson-2.14-150000.3.3.1.src.rpm libjansson4-2.14-150000.3.3.1.x86_64.rpm libjansson4-2.14-150000.3.3.1.s390x.rpm libjansson4-2.14-150000.3.3.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2585 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for salt and python-pyzmq fixes the following issues: salt: - Update to Salt release version 3006.0 (jsc#PED-4361) * See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html - Add missing patch after rebase to fix collections Mapping issues - Add python3-looseversion as new dependency for salt - Add python3-packaging as new dependency for salt - Allow entrypoint compatibility for "importlib-metadata>=5.0.0" (bsc#1207071) - Avoid conflicts with Salt dependencies versions (bsc#1211612) - Avoid failures due transactional_update module not available in Salt 3006.0 (bsc#1211754) - Create new salt-tests subpackage containing Salt tests - Drop conflictive patch dicarded from upstream - Fix package build with old setuptools versions - Fix SLS rendering error when Jinja macros are used - Fix version detection and avoid building and testing failures - Prevent deadlocks in salt-ssh executions - Require python3-jmespath runtime dependency (bsc#1209233) - Make master_tops compatible with Salt 3000 and older minions (bsc#1212516, bsc#1212517) python-pyzmq: - Update python-pyzmq to version 17.1.2 in LTSS products (bsc#1186945) python-pyzmq-17.1.2-150000.3.5.2.src.rpm True python3-pyzmq-17.1.2-150000.3.5.2.x86_64.rpm True python3-pyzmq-17.1.2-150000.3.5.2.s390x.rpm True python3-pyzmq-17.1.2-150000.3.5.2.aarch64.rpm True openSUSE-Leap-Micro-5.4-2023-2571 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for salt fixes the following issues: salt: - Update to Salt release version 3006.0 (jsc#PED-4361) * See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html - Add missing patch after rebase to fix collections Mapping issues - Add python3-looseversion as new dependency for salt - Add python3-packaging as new dependency for salt - Allow entrypoint compatibility for "importlib-metadata>=5.0.0" (bsc#1207071) - Avoid conflicts with Salt dependencies versions (bsc#1211612) - Avoid failures due transactional_update module not available in Salt 3006.0 (bsc#1211754) - Create new salt-tests subpackage containing Salt tests - Drop conflictive patch dicarded from upstream - Fix package build with old setuptools versions - Fix SLS rendering error when Jinja macros are used - Fix version detection and avoid building and testing failures - Prevent deadlocks in salt-ssh executions - Require python3-jmespath runtime dependency (bsc#1209233) - Make master_tops compatible with Salt 3000 and older minions (bsc#1212516, bsc#1212517) python-jmespath: - Deliver python3-jmespath to SUSE Linux Enterprise Micro on s390x architecture as it is now required by Salt (no source changes) python-ply: - Deliver python3-ply to SUSE Linux Enterprise Micro on s390x architecture as it is a requirement for python-jmespath (no source changes) python-jmespath-0.9.3-150000.3.3.4.src.rpm True python-ply-3.10-150000.3.3.4.src.rpm True python-simplejson-3.17.2-150300.3.2.3.src.rpm True python3-jmespath-0.9.3-150000.3.3.4.noarch.rpm True python3-ply-3.10-150000.3.3.4.noarch.rpm True python3-salt-3006.0-150400.8.34.2.x86_64.rpm True python3-simplejson-3.17.2-150300.3.2.3.x86_64.rpm True salt-3006.0-150400.8.34.2.src.rpm True salt-3006.0-150400.8.34.2.x86_64.rpm True salt-minion-3006.0-150400.8.34.2.x86_64.rpm True salt-transactional-update-3006.0-150400.8.34.2.x86_64.rpm True python3-salt-3006.0-150400.8.34.2.s390x.rpm True python3-simplejson-3.17.2-150300.3.2.3.s390x.rpm True salt-3006.0-150400.8.34.2.s390x.rpm True salt-minion-3006.0-150400.8.34.2.s390x.rpm True salt-transactional-update-3006.0-150400.8.34.2.s390x.rpm True python3-salt-3006.0-150400.8.34.2.aarch64.rpm True python3-simplejson-3.17.2-150300.3.2.3.aarch64.rpm True salt-3006.0-150400.8.34.2.aarch64.rpm True salt-minion-3006.0-150400.8.34.2.aarch64.rpm True salt-transactional-update-3006.0-150400.8.34.2.aarch64.rpm True openSUSE-Leap-Micro-5.4-2023-2214 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container fixes the following issues: - Always render block devices in hp-volume- pod template - Detect ServiceMonitor and PrometheusRule CRDs - TSC frequencies: add 250PPM tolerance (bsc#1210906) - Follow the recommended semantics for the device plugin registration process (https://github.com/kubernetes/kubernetes/issues/112395) kubevirt-0.54.0-150400.3.16.1.src.rpm kubevirt-manifests-0.54.0-150400.3.16.1.x86_64.rpm kubevirt-virtctl-0.54.0-150400.3.16.1.x86_64.rpm openSUSE-Leap-Micro-5.4-2023-2236 critical SUSE Updates openSUSE-Leap-Micro 5.4 This update for python-looseversion fixes the following issues: - Provide python-looseversion version 1.0.2 as new Salt 3006 dependency. (jsc#PED-4360) python-looseversion-1.0.2-150100.3.3.1.src.rpm python3-looseversion-1.0.2-150100.3.3.1.noarch.rpm openSUSE-Leap-Micro-5.4-2023-2237 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for vim fixes the following issues: * Make xxd conflict with the previous vim packages to avoid a file conflict during migration (bsc#1211144) vim-9.0.1443-150000.5.43.1.src.rpm vim-data-common-9.0.1443-150000.5.43.1.noarch.rpm vim-small-9.0.1443-150000.5.43.1.x86_64.rpm xxd-9.0.1443-150000.5.43.1.x86_64.rpm vim-small-9.0.1443-150000.5.43.1.s390x.rpm xxd-9.0.1443-150000.5.43.1.s390x.rpm xxd-9.0.1443-150000.5.43.1.ppc64le.rpm vim-small-9.0.1443-150000.5.43.1.aarch64.rpm xxd-9.0.1443-150000.5.43.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2262 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for nftables fixes the following issue: - A crash in nftables if layer2 reject rules are processed (bsc#1210773). libnftables1-0.9.8-150300.3.6.1.x86_64.rpm nftables-0.9.8-150300.3.6.1.src.rpm nftables-0.9.8-150300.3.6.1.x86_64.rpm python3-nftables-0.9.8-150300.3.6.1.x86_64.rpm libnftables1-0.9.8-150300.3.6.1.s390x.rpm nftables-0.9.8-150300.3.6.1.s390x.rpm python3-nftables-0.9.8-150300.3.6.1.s390x.rpm libnftables1-0.9.8-150300.3.6.1.aarch64.rpm nftables-0.9.8-150300.3.6.1.aarch64.rpm python3-nftables-0.9.8-150300.3.6.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2235 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for selinux-policy fixes the following issue: - Prevent labeling of overlayfs mountpoint. selinux-policy-20221019-150400.4.3.1.noarch.rpm selinux-policy-20221019-150400.4.3.1.src.rpm selinux-policy-devel-20221019-150400.4.3.1.noarch.rpm selinux-policy-targeted-20221019-150400.4.3.1.noarch.rpm openSUSE-Leap-Micro-5.4-2023-2279 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for dracut fixes the following issues: - Update to version 055+suse.342.g2e6dce8e: fips=1 and separate /boot break s390x (bsc#1204478): * fix(fips): move fips-boot script to pre-pivot * fix(fips): only unmount /boot if it was mounted by the fips module * feat(fips): add progress messages * fix(fips): do not blindly remove /boot * fix(network-legacy): handle do_dhcp calls without arguments (bsc#1210640) dracut-055+suse.342.g2e6dce8e-150400.3.22.1.src.rpm dracut-055+suse.342.g2e6dce8e-150400.3.22.1.x86_64.rpm dracut-fips-055+suse.342.g2e6dce8e-150400.3.22.1.x86_64.rpm dracut-mkinitrd-deprecated-055+suse.342.g2e6dce8e-150400.3.22.1.x86_64.rpm dracut-055+suse.342.g2e6dce8e-150400.3.22.1.s390x.rpm dracut-fips-055+suse.342.g2e6dce8e-150400.3.22.1.s390x.rpm dracut-mkinitrd-deprecated-055+suse.342.g2e6dce8e-150400.3.22.1.s390x.rpm dracut-055+suse.342.g2e6dce8e-150400.3.22.1.aarch64.rpm dracut-fips-055+suse.342.g2e6dce8e-150400.3.22.1.aarch64.rpm dracut-mkinitrd-deprecated-055+suse.342.g2e6dce8e-150400.3.22.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2243 important SUSE Updates openSUSE-Leap-Micro 5.4 This update for ucode-intel fixes the following issues: - Updated to Intel CPU Microcode 20230512 release. (bsc#1211382). - New platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ADL-N | A0 | 06-be-00/01 | | 00000010 | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E | AZB | A0 | 06-9a-04/40 | | 00000004 | Intel(R) Atom(R) C1100 | AZB | R0 | 06-9a-04/40 | | 00000004 | Intel(R) Atom(R) C1100 - Updated Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ADL | L0 | 06-9a-03/80 | 00000429 | 0000042a | Core Gen12 | ADL | L0 | 06-9a-04/80 | 00000429 | 0000042a | Core Gen12 | AML-Y22 | H0 | 06-8e-09/10 | | 000000f2 | Core Gen8 Mobile | AML-Y42 | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen10 Mobile | CFL-H | R0 | 06-9e-0d/22 | 000000f4 | 000000f8 | Core Gen9 Mobile | CFL-H/S | P0 | 06-9e-0c/22 | 000000f0 | 000000f2 | Core Gen9 | CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000f0 | 000000f2 | Core Gen8 Desktop, Mobile, Xeon E | CFL-S | B0 | 06-9e-0b/02 | 000000f0 | 000000f2 | Core Gen8 | CFL-U43e | D0 | 06-8e-0a/c0 | 000000f0 | 000000f2 | Core Gen8 Mobile | CLX-SP | B0 | 06-55-06/bf | 04003303 | 04003501 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05003303 | 05003501 | Xeon Scalable Gen2 | CML-H | R1 | 06-a5-02/20 | 000000f4 | 000000f6 | Core Gen10 Mobile | CML-S102 | Q0 | 06-a5-05/22 | 000000f4 | 000000f6 | Core Gen10 | CML-S62 | G1 | 06-a5-03/22 | 000000f4 | 000000f6 | Core Gen10 | CML-U62 V1 | A0 | 06-a6-00/80 | 000000f4 | 000000f6 | Core Gen10 Mobile | CML-U62 V2 | K1 | 06-a6-01/80 | 000000f4 | 000000f6 | Core Gen10 Mobile | CML-Y42 | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen10 Mobile | CPX-SP | A1 | 06-55-0b/bf | 07002503 | 07002601 | Xeon Scalable Gen3 | ICL-D | B0 | 06-6c-01/10 | 01000211 | 01000230 | Xeon D-17xx, D-27xx | ICL-U/Y | D1 | 06-7e-05/80 | 000000b8 | 000000ba | Core Gen10 Mobile | ICX-SP | D0 | 06-6a-06/87 | 0d000389 | 0d000390 | Xeon Scalable Gen3 | KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000f0 | 000000f2 | Core Gen7; Xeon E3 v6 | KBL-U/Y | H0 | 06-8e-09/c0 | | 000000f2 | Core Gen7 Mobile | LKF | B2/B3 | 06-8a-01/10 | 00000032 | 00000033 | Core w/Hybrid Technology | RKL-S | B0 | 06-a7-01/02 | 00000057 | 00000058 | Core Gen11 | RPL-H 6+8 | J0 | 06-ba-02/07 | 0000410e | 00004112 | Core Gen13 | RPL-P 6+8 | J0 | 06-ba-02/07 | 0000410e | 00004112 | Core Gen13 | RPL-S | S0 | 06-b7-01/32 | 00000112 | 00000113 | Core Gen13 | RPL-U 2+8 | Q0 | 06-ba-03/07 | 0000410e | 00004112 | Core Gen13 | SKX-D | H0 | 06-55-04/b7 | | 02006f05 | Xeon D-21xx | SKX-SP | B1 | 06-55-03/97 | 01000161 | 01000171 | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | | 02006f05 | Xeon Scalable | SPR-HBM | B3 | 06-8f-08/10 | 2c000170 | 2c0001d1 | Xeon Max | SPR-SP | E0 | 06-8f-04/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | E2 | 06-8f-05/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | E3 | 06-8f-06/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | E4 | 06-8f-07/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | E5 | 06-8f-08/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | S2 | 06-8f-07/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | S3 | 06-8f-08/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | TGL | B1 | 06-8c-01/80 | 000000a6 | 000000aa | Core Gen11 Mobile | TGL-H | R0 | 06-8d-01/c2 | 00000042 | 00000044 | Core Gen11 Mobile | TGL-R | C0 | 06-8c-02/c2 | 00000028 | 0000002a | Core Gen11 Mobile | WHL-U | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen8 Mobile | WHL-U | W0 | 06-8e-0b/d0 | | 000000f2 | Core Gen8 Mobile ucode-intel-20230512-150200.24.1.src.rpm True ucode-intel-20230512-150200.24.1.x86_64.rpm True openSUSE-Leap-Micro-5.4-2023-2276 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for grub2 fixes the following issues: - grub2-once: Fix 'sh: terminal_output: command not found' error (bsc#1204563) - Fix PowerVS deployment fails to boot with 90 cores (bsc#1208581) grub2-2.06-150400.11.33.1.src.rpm grub2-2.06-150400.11.33.1.x86_64.rpm grub2-i386-pc-2.06-150400.11.33.1.noarch.rpm grub2-snapper-plugin-2.06-150400.11.33.1.noarch.rpm grub2-x86_64-efi-2.06-150400.11.33.1.noarch.rpm grub2-x86_64-xen-2.06-150400.11.33.1.noarch.rpm grub2-2.06-150400.11.33.1.s390x.rpm grub2-s390x-emu-2.06-150400.11.33.1.s390x.rpm grub2-2.06-150400.11.33.1.aarch64.rpm grub2-arm64-efi-2.06-150400.11.33.1.noarch.rpm openSUSE-Leap-Micro-5.4-2023-2307 low SUSE Updates openSUSE-Leap-Micro 5.4 This update for kbd fixes the following issue: - Add 'ara' vc keymap, 'ara' is slightly better than 'arabic' as it matches the name of its X11 layout counterpart. (bsc#1210702) kbd-2.4.0-150400.5.6.1.src.rpm kbd-2.4.0-150400.5.6.1.x86_64.rpm kbd-legacy-2.4.0-150400.5.6.1.noarch.rpm kbd-2.4.0-150400.5.6.1.s390x.rpm kbd-2.4.0-150400.5.6.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2786 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for openssl-ibmca fixes the following issues: - Updated BuildRequires for libica-devel and libica-tools to >= 4.0.0 - Added dependency on libica4 (bsc#1209038) openssl-ibmca-2.4.0-150400.4.11.1.s390x.rpm openssl-ibmca-2.4.0-150400.4.11.1.src.rpm openSUSE-Leap-Micro-5.4-2023-2649 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for hwdata fixes the following issues: - update to 0.371: hwdata-0.371-150000.3.62.1.noarch.rpm hwdata-0.371-150000.3.62.1.src.rpm openSUSE-Leap-Micro-5.4-2023-2482 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for systemd-rpm-macros fixes the following issues: - Adjust functions so they are disabled when called from a chroot (bsc#1211272) systemd-rpm-macros-13-150000.7.33.1.noarch.rpm systemd-rpm-macros-13-150000.7.33.1.src.rpm openSUSE-Leap-Micro-5.4-2023-2510 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for drbd-utils fixes the following issues: - Improve compatibility with Pacemaker 2.1 (bsc#1209783) drbd-utils-9.19.0-150400.3.17.1.src.rpm drbd-utils-9.19.0-150400.3.17.1.x86_64.rpm drbd-utils-9.19.0-150400.3.17.1.s390x.rpm drbd-utils-9.19.0-150400.3.17.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2333 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) libz1-1.2.11-150000.3.45.1.x86_64.rpm zlib-1.2.11-150000.3.45.1.src.rpm zlib-devel-1.2.11-150000.3.45.1.x86_64.rpm libz1-1.2.11-150000.3.45.1.s390x.rpm zlib-devel-1.2.11-150000.3.45.1.s390x.rpm libz1-1.2.11-150000.3.45.1.aarch64.rpm zlib-devel-1.2.11-150000.3.45.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2625 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 gcc12-12.3.0+git1204-150000.1.10.1.src.rpm libgcc_s1-12.3.0+git1204-150000.1.10.1.x86_64.rpm libstdc++6-12.3.0+git1204-150000.1.10.1.x86_64.rpm libgcc_s1-12.3.0+git1204-150000.1.10.1.s390x.rpm libstdc++6-12.3.0+git1204-150000.1.10.1.s390x.rpm libgcc_s1-12.3.0+git1204-150000.1.10.1.aarch64.rpm libstdc++6-12.3.0+git1204-150000.1.10.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2366 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for xen fixes the following issues: - Added debug-info to xen-syms (bsc#1209237) - Update to Xen 4.16.4 bug fix release (bsc#1027519) - Added upstream bug fixes (bsc#1027519) - Fix host-assisted kexec/kdump for HVM domUs (bsc#1209245) - Drop patches contained in new tarball and switch to upstream backports for some patches xen-4.16.4_02-150400.4.28.1.src.rpm xen-libs-4.16.4_02-150400.4.28.1.x86_64.rpm openSUSE-Leap-Micro-5.4-2023-2313 important SUSE Updates openSUSE-Leap-Micro 5.4 This update for c-ares fixes the following issues: Update to version 1.19.1: - CVE-2023-32067: 0-byte UDP payload causes Denial of Service (bsc#1211604) - CVE-2023-31147: Insufficient randomness in generation of DNS query IDs (bsc#1211605) - CVE-2023-31130: Buffer Underwrite in ares_inet_net_pton() (bsc#1211606) - CVE-2023-31124: AutoTools does not set CARES_RANDOM_FILE during cross compilation (bsc#1211607) - Fix uninitialized memory warning in test - ares_getaddrinfo() should allow a port of 0 - Fix memory leak in ares_send() on error - Fix comment style in ares_data.h - Fix typo in ares_init_options.3 - Sync ax_pthread.m4 with upstream - Sync ax_cxx_compile_stdcxx_11.m4 with upstream to fix uclibc support c-ares-1.19.1-150000.3.23.1.src.rpm libcares2-1.19.1-150000.3.23.1.x86_64.rpm libcares2-1.19.1-150000.3.23.1.s390x.rpm libcares2-1.19.1-150000.3.23.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2658 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for containerd, docker, runc fixes the following issues: - Update to containerd v1.6.21 (bsc#1211578) - Update to Docker 23.0.6-ce (bsc#1211578) - Update to runc v1.1.7 - Require a minimum Go version explicitly (bsc#1210298) - Re-unify packaging for SLE-12 and SLE-15 - Fix build on SLE-12 by switching back to libbtrfs-devel headers - Allow man pages to be built without internet access in OBS - Add apparmor-parser as a Recommends to make sure that most users will end up with it installed even if they are primarily running SELinux - Fix syntax of boolean dependency - Allow to install container-selinux instead of apparmor-parser - Change to using systemd-sysusers - Update runc.keyring to upstream version - Fix the inability to use `/dev/null` when inside a container (bsc#1207004) Updating docker will restart the docker service, which may stop some of your docker containers. Do you want to proceed with the update? containerd-1.6.21-150000.93.1.src.rpm containerd-1.6.21-150000.93.1.x86_64.rpm docker-23.0.6_ce-150000.178.1.src.rpm docker-23.0.6_ce-150000.178.1.x86_64.rpm runc-1.1.7-150000.46.1.src.rpm runc-1.1.7-150000.46.1.x86_64.rpm containerd-1.6.21-150000.93.1.s390x.rpm docker-23.0.6_ce-150000.178.1.s390x.rpm runc-1.1.7-150000.46.1.s390x.rpm containerd-1.6.21-150000.93.1.aarch64.rpm docker-23.0.6_ce-150000.178.1.aarch64.rpm runc-1.1.7-150000.46.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2347 important SUSE Updates openSUSE-Leap-Micro 5.4 This update for cups fixes the following issues: - CVE-2023-32324: Fixed a buffer overflow in format_log_line() which could cause a denial-of-service (bsc#1211643). cups-2.2.7-150000.3.43.1.src.rpm cups-config-2.2.7-150000.3.43.1.x86_64.rpm libcups2-2.2.7-150000.3.43.1.x86_64.rpm cups-config-2.2.7-150000.3.43.1.s390x.rpm libcups2-2.2.7-150000.3.43.1.s390x.rpm cups-config-2.2.7-150000.3.43.1.aarch64.rpm libcups2-2.2.7-150000.3.43.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2334 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for tiff fixes the following issues: Fixed multiple out of bounds read/write security issues: CVE-2023-0795 (bsc#1208226), CVE-2023-0796 (bsc#1208227), CVE-2023-0797 (bsc#1208228), CVE-2023-0798 (bsc#1208229), CVE-2023-0799 (bsc#1208230), CVE-2023-0800 (bsc#1208231), CVE-2023-0801 (bsc#1208232), CVE-2023-0802 (bsc#1208233), CVE-2023-0803 (bsc#1208234), CVE-2023-0804 (bsc#1208236). libtiff5-4.0.9-150000.45.28.1.x86_64.rpm tiff-4.0.9-150000.45.28.1.src.rpm libtiff5-4.0.9-150000.45.28.1.s390x.rpm libtiff5-4.0.9-150000.45.28.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2305 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for selinux-policy fixes the following issues: - Fix entropy daemon failing to start (bsc#1211045) selinux-policy-20230511+git3.b78f5aff-150400.4.6.1.noarch.rpm selinux-policy-20230511+git3.b78f5aff-150400.4.6.1.src.rpm selinux-policy-devel-20230511+git3.b78f5aff-150400.4.6.1.noarch.rpm selinux-policy-targeted-20230511+git3.b78f5aff-150400.4.6.1.noarch.rpm openSUSE-Leap-Micro-5.4-2023-2311 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for s390-tools fixes the following issues: - Fix error during evaluation of ziomon data for disk type SCSI devices without block dev (bsc#1211318) libekmfweb1-2.19.0-150400.7.21.1.s390x.rpm libkmipclient1-2.19.0-150400.7.21.1.s390x.rpm s390-tools-2.19.0-150400.7.21.1.s390x.rpm s390-tools-2.19.0-150400.7.21.1.src.rpm openSUSE-Leap-Micro-5.4-2023-2342 important SUSE Updates openSUSE-Leap-Micro 5.4 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). libopenssl-1_1-devel-1.1.1l-150400.7.37.1.x86_64.rpm libopenssl1_1-1.1.1l-150400.7.37.1.x86_64.rpm libopenssl1_1-hmac-1.1.1l-150400.7.37.1.x86_64.rpm openssl-1_1-1.1.1l-150400.7.37.1.src.rpm openssl-1_1-1.1.1l-150400.7.37.1.x86_64.rpm libopenssl-1_1-devel-1.1.1l-150400.7.37.1.s390x.rpm libopenssl1_1-1.1.1l-150400.7.37.1.s390x.rpm libopenssl1_1-hmac-1.1.1l-150400.7.37.1.s390x.rpm openssl-1_1-1.1.1l-150400.7.37.1.s390x.rpm libopenssl-1_1-devel-1.1.1l-150400.7.37.1.aarch64.rpm libopenssl1_1-1.1.1l-150400.7.37.1.aarch64.rpm libopenssl1_1-hmac-1.1.1l-150400.7.37.1.aarch64.rpm openssl-1_1-1.1.1l-150400.7.37.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2363 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for libnvme, nvme-cli fixes the following issues: - Fix GC in Python binding (bsc#1209905 bsc#1209131) - Fix crash when printing json output for supported log pages (bsc#1209550) - Add coverity reported fixes (bsc#1209669) - Update host_traddr when using config.json file (bsc#1210089) - Fix compiler warning (git-fixes) - Fix condition in autoconnect service (bsc#1210105) - Set version-tag so that version are correctly reported libnvme-1.0+32.gb30ab4c96c2d-150400.3.21.1.src.rpm libnvme1-1.0+32.gb30ab4c96c2d-150400.3.21.1.x86_64.rpm nvme-cli-2.0+40.gd857ed9befd6-150400.3.18.1.src.rpm nvme-cli-2.0+40.gd857ed9befd6-150400.3.18.1.x86_64.rpm libnvme1-1.0+32.gb30ab4c96c2d-150400.3.21.1.s390x.rpm nvme-cli-2.0+40.gd857ed9befd6-150400.3.18.1.s390x.rpm libnvme1-1.0+32.gb30ab4c96c2d-150400.3.21.1.aarch64.rpm nvme-cli-2.0+40.gd857ed9befd6-150400.3.18.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2657 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for libcontainers-common fixes the following issues: - New subpackage libcontainers-sles-mounts which adds SLE-specific mounts on SLE systems (bsc#1211124) - Own /etc/containers/systemd and /usr/share/containers/systemd for podman quadlet - Remove container-storage-driver.sh to default to the overlay driver instead of btrfs libcontainers-common-20230214-150400.3.8.1.noarch.rpm libcontainers-common-20230214-150400.3.8.1.src.rpm openSUSE-Leap-Micro-5.4-2023-2484 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). libldap-2_4-2-2.4.46-150200.14.14.1.x86_64.rpm libldap-data-2.4.46-150200.14.14.1.noarch.rpm openldap2-2.4.46-150200.14.14.1.src.rpm libldap-2_4-2-2.4.46-150200.14.14.1.s390x.rpm libldap-2_4-2-2.4.46-150200.14.14.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2356 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for libvirt fixes the following issues: - CVE-2023-2700: Fixed a memory leak that could be triggered by repeatedly querying an SR-IOV PCI device's capabilities (bsc#1211390). Non-security fixes: - Fixed a potential crash during driver cleanup (bsc#1209861). - Added Apparmor support for SUSE edk2 firmware paths (boo#1208567). - Fixed lxc container initialization with systemd and hybrid groups (boo#1183247). - Added the option to specify the virtual CPU address size in bits for qemu (bsc#1199583). libvirt-8.0.0-150400.7.6.1.src.rpm libvirt-client-8.0.0-150400.7.6.1.x86_64.rpm libvirt-daemon-8.0.0-150400.7.6.1.x86_64.rpm libvirt-daemon-driver-interface-8.0.0-150400.7.6.1.x86_64.rpm libvirt-daemon-driver-network-8.0.0-150400.7.6.1.x86_64.rpm libvirt-daemon-driver-nodedev-8.0.0-150400.7.6.1.x86_64.rpm libvirt-daemon-driver-nwfilter-8.0.0-150400.7.6.1.x86_64.rpm libvirt-daemon-driver-qemu-8.0.0-150400.7.6.1.x86_64.rpm libvirt-daemon-driver-secret-8.0.0-150400.7.6.1.x86_64.rpm libvirt-daemon-driver-storage-8.0.0-150400.7.6.1.x86_64.rpm libvirt-daemon-driver-storage-core-8.0.0-150400.7.6.1.x86_64.rpm libvirt-daemon-driver-storage-disk-8.0.0-150400.7.6.1.x86_64.rpm libvirt-daemon-driver-storage-iscsi-8.0.0-150400.7.6.1.x86_64.rpm libvirt-daemon-driver-storage-iscsi-direct-8.0.0-150400.7.6.1.x86_64.rpm libvirt-daemon-driver-storage-logical-8.0.0-150400.7.6.1.x86_64.rpm libvirt-daemon-driver-storage-mpath-8.0.0-150400.7.6.1.x86_64.rpm libvirt-daemon-driver-storage-rbd-8.0.0-150400.7.6.1.x86_64.rpm libvirt-daemon-driver-storage-scsi-8.0.0-150400.7.6.1.x86_64.rpm libvirt-daemon-qemu-8.0.0-150400.7.6.1.x86_64.rpm libvirt-libs-8.0.0-150400.7.6.1.x86_64.rpm libvirt-client-8.0.0-150400.7.6.1.s390x.rpm libvirt-daemon-8.0.0-150400.7.6.1.s390x.rpm libvirt-daemon-driver-interface-8.0.0-150400.7.6.1.s390x.rpm libvirt-daemon-driver-network-8.0.0-150400.7.6.1.s390x.rpm libvirt-daemon-driver-nodedev-8.0.0-150400.7.6.1.s390x.rpm libvirt-daemon-driver-nwfilter-8.0.0-150400.7.6.1.s390x.rpm libvirt-daemon-driver-qemu-8.0.0-150400.7.6.1.s390x.rpm libvirt-daemon-driver-secret-8.0.0-150400.7.6.1.s390x.rpm libvirt-daemon-driver-storage-8.0.0-150400.7.6.1.s390x.rpm libvirt-daemon-driver-storage-core-8.0.0-150400.7.6.1.s390x.rpm libvirt-daemon-driver-storage-disk-8.0.0-150400.7.6.1.s390x.rpm libvirt-daemon-driver-storage-iscsi-8.0.0-150400.7.6.1.s390x.rpm libvirt-daemon-driver-storage-iscsi-direct-8.0.0-150400.7.6.1.s390x.rpm libvirt-daemon-driver-storage-logical-8.0.0-150400.7.6.1.s390x.rpm libvirt-daemon-driver-storage-mpath-8.0.0-150400.7.6.1.s390x.rpm libvirt-daemon-driver-storage-scsi-8.0.0-150400.7.6.1.s390x.rpm libvirt-daemon-qemu-8.0.0-150400.7.6.1.s390x.rpm libvirt-libs-8.0.0-150400.7.6.1.s390x.rpm libvirt-client-8.0.0-150400.7.6.1.aarch64.rpm libvirt-daemon-8.0.0-150400.7.6.1.aarch64.rpm libvirt-daemon-driver-interface-8.0.0-150400.7.6.1.aarch64.rpm libvirt-daemon-driver-network-8.0.0-150400.7.6.1.aarch64.rpm libvirt-daemon-driver-nodedev-8.0.0-150400.7.6.1.aarch64.rpm libvirt-daemon-driver-nwfilter-8.0.0-150400.7.6.1.aarch64.rpm libvirt-daemon-driver-qemu-8.0.0-150400.7.6.1.aarch64.rpm libvirt-daemon-driver-secret-8.0.0-150400.7.6.1.aarch64.rpm libvirt-daemon-driver-storage-8.0.0-150400.7.6.1.aarch64.rpm libvirt-daemon-driver-storage-core-8.0.0-150400.7.6.1.aarch64.rpm libvirt-daemon-driver-storage-disk-8.0.0-150400.7.6.1.aarch64.rpm libvirt-daemon-driver-storage-iscsi-8.0.0-150400.7.6.1.aarch64.rpm libvirt-daemon-driver-storage-iscsi-direct-8.0.0-150400.7.6.1.aarch64.rpm libvirt-daemon-driver-storage-logical-8.0.0-150400.7.6.1.aarch64.rpm libvirt-daemon-driver-storage-mpath-8.0.0-150400.7.6.1.aarch64.rpm libvirt-daemon-driver-storage-rbd-8.0.0-150400.7.6.1.aarch64.rpm libvirt-daemon-driver-storage-scsi-8.0.0-150400.7.6.1.aarch64.rpm libvirt-daemon-qemu-8.0.0-150400.7.6.1.aarch64.rpm libvirt-libs-8.0.0-150400.7.6.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2648 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for openssl-1_1 fixes the following issues: - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - Update further expiring certificates that affect the testsuite (bsc#1201627). libopenssl-1_1-devel-1.1.1l-150400.7.42.1.x86_64.rpm libopenssl1_1-1.1.1l-150400.7.42.1.x86_64.rpm libopenssl1_1-hmac-1.1.1l-150400.7.42.1.x86_64.rpm openssl-1_1-1.1.1l-150400.7.42.1.src.rpm openssl-1_1-1.1.1l-150400.7.42.1.x86_64.rpm libopenssl-1_1-devel-1.1.1l-150400.7.42.1.s390x.rpm libopenssl1_1-1.1.1l-150400.7.42.1.s390x.rpm libopenssl1_1-hmac-1.1.1l-150400.7.42.1.s390x.rpm openssl-1_1-1.1.1l-150400.7.42.1.s390x.rpm libopenssl-1_1-devel-1.1.1l-150400.7.42.1.aarch64.rpm libopenssl1_1-1.1.1l-150400.7.42.1.aarch64.rpm libopenssl1_1-hmac-1.1.1l-150400.7.42.1.aarch64.rpm openssl-1_1-1.1.1l-150400.7.42.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2516 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for opensc fixes the following issues: - CVE-2023-2977: Fixed out of bounds read in pkcs15 cardos_have_verifyrc_package() (bsc#1211894). opensc-0.22.0-150400.3.3.1.src.rpm opensc-0.22.0-150400.3.3.1.x86_64.rpm opensc-0.22.0-150400.3.3.1.s390x.rpm opensc-0.22.0-150400.3.3.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2517 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for python3 fixes the following issues: - CVE-2007-4559: Fixed filter for tarfile.extractall (bsc#1203750). - Fixed unittest.mock.patch.dict returns function when applied to coroutines (bsc#1211158). libpython3_6m1_0-3.6.15-150300.10.48.1.x86_64.rpm python3-3.6.15-150300.10.48.1.src.rpm python3-3.6.15-150300.10.48.1.x86_64.rpm python3-base-3.6.15-150300.10.48.1.x86_64.rpm python3-core-3.6.15-150300.10.48.1.src.rpm libpython3_6m1_0-3.6.15-150300.10.48.1.s390x.rpm python3-3.6.15-150300.10.48.1.s390x.rpm python3-base-3.6.15-150300.10.48.1.s390x.rpm libpython3_6m1_0-3.6.15-150300.10.48.1.aarch64.rpm python3-3.6.15-150300.10.48.1.aarch64.rpm python3-base-3.6.15-150300.10.48.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2519 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for supportutils fixes the following issues: - Added missed sanitation check on crash.txt (bsc#1203818) - Added check to _sanitize_file - Using variable for replement text in _sanitize_file supportutils-3.1.21-150300.7.35.18.1.noarch.rpm supportutils-3.1.21-150300.7.35.18.1.src.rpm openSUSE-Leap-Micro-5.4-2023-2811 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for libfido2, python-fido2, yubikey-manager, yubikey-manager-qt fixes the following issues: This update provides a feature update to the FIDO2 stack. Changes in libfido2: - Version 1.13.0 (2023-02-20) * New API calls: + fido_assert_empty_allow_list; + fido_cred_empty_exclude_list. * fido2-token: fix issue when listing large blobs. - Version 1.12.0 (2022-09-22) * Support for COSE_ES384. * Improved support for FIDO 2.1 authenticators. * New API calls: + es384_pk_free; + es384_pk_from_EC_KEY; + es384_pk_from_EVP_PKEY; + es384_pk_from_ptr; + es384_pk_new; + es384_pk_to_EVP_PKEY; + fido_cbor_info_certs_len; + fido_cbor_info_certs_name_ptr; + fido_cbor_info_certs_value_ptr; + fido_cbor_info_maxrpid_minpinlen; + fido_cbor_info_minpinlen; + fido_cbor_info_new_pin_required; + fido_cbor_info_rk_remaining; + fido_cbor_info_uv_attempts; + fido_cbor_info_uv_modality. * Documentation and reliability fixes. - Version 1.11.0 (2022-05-03) * Experimental PCSC support; enable with -DUSE_PCSC. * Improved OpenSSL 3.0 compatibility. * Use RFC1951 raw deflate to compress CTAP 2.1 largeBlobs. * winhello: advertise "uv" instead of "clientPin". * winhello: support hmac-secret in fido_dev_get_assert(). * New API calls: + fido_cbor_info_maxlargeblob. * Documentation and reliability fixes. * Separate build and regress targets. - Version 1.10.0 (2022-01-17) * bio: fix CTAP2 canonical CBOR encoding in fido_bio_dev_enroll_*(); gh#480. * New API calls: - fido_dev_info_set; - fido_dev_io_handle; - fido_dev_new_with_info; - fido_dev_open_with_info. * Cygwin and NetBSD build fixes. * Documentation and reliability fixes. * Support for TPM 2.0 attestation of COSE_ES256 credentials. - Version 1.9.0 (2021-10-27) * Enabled NFC support on Linux. * Support for FIDO 2.1 "minPinLength" extension. * Support for COSE_EDDSA, COSE_ES256, and COSE_RS1 attestation. * Support for TPM 2.0 attestation. * Support for device timeouts; see fido_dev_set_timeout(). * New API calls: - es256_pk_from_EVP_PKEY; - fido_cred_attstmt_len; - fido_cred_attstmt_ptr; - fido_cred_pin_minlen; - fido_cred_set_attstmt; - fido_cred_set_pin_minlen; - fido_dev_set_pin_minlen_rpid; - fido_dev_set_timeout; - rs256_pk_from_EVP_PKEY. * Reliability and portability fixes. * Better handling of HID devices without identification strings; gh#381. - Update to version 1.8.0: * Better support for FIDO 2.1 authenticators. * Support for attestation format 'none'. * New API calls: - fido_assert_set_clientdata; - fido_cbor_info_algorithm_cose; - fido_cbor_info_algorithm_count; - fido_cbor_info_algorithm_type; - fido_cbor_info_transports_len; - fido_cbor_info_transports_ptr; - fido_cred_set_clientdata; - fido_cred_set_id; - fido_credman_set_dev_rk; - fido_dev_is_winhello. * fido2-token: new -Sc option to update a resident credential. * Documentation and reliability fixes. * HID access serialisation on Linux. - Update to version 1.7.0: * hid_win: detect devices with vendor or product IDs > 0x7fff * Support for FIDO 2.1 authenticator configuration. * Support for FIDO 2.1 UV token permissions. * Support for FIDO 2.1 "credBlobs" and "largeBlobs" extensions. * New API calls * New fido_init flag to disable fido_dev_open’s U2F fallback * Experimental NFC support on Linux. - Enabled hidapi again, issues related to hidapi are fixed upstream - Update to version 1.6.0: * Documentation and reliability fixes. * New API calls: + fido_cred_authdata_raw_len; + fido_cred_authdata_raw_ptr; + fido_cred_sigcount; + fido_dev_get_uv_retry_count; + fido_dev_supports_credman. * Hardened Windows build. * Native FreeBSD and NetBSD support. * Use CTAP2 canonical CBOR when combining hmac-secret and credProtect. - Create a udev subpackage and ship the udev rule. Changes in python-fido2: - update to 0.9.3: * Don't fail device discovery when hidraw doesn't support HIDIOCGRAWUNIQ * Support the latest Windows webauthn.h API (included in Windows 11). * Add product name and serial number to HidDescriptors. * Remove the need for the uhid-freebsd dependency on FreeBSD. - Update to version 0.9.1 * Add new CTAP error codes and improve handling of unknown codes. * Client: API changes to better support extensions. * Client.make_credential now returns a AuthenticatorAttestationResponse, which holds the AttestationObject and ClientData, as well as any client extension results for the credential. * Client.get_assertion now returns an AssertionSelection object, which is used to select between multiple assertions * Renames: The CTAP1 and CTAP2 classes have been renamed to Ctap1 and Ctap2, respectively. * ClientPin: The ClientPin API has been restructured to support multiple PIN protocols, UV tokens, and token permissions. * CTAP 2.1 PRE: Several new features have been added for CTAP 2.1 * HID: The platform specific HID code has been revamped - Version 0.8.1 (released 2019-11-25) * Bugfix: WindowsClient.make_credential error when resident key requirement is unspecified. - Version 0.8.0 (released 2019-11-25) * New fido2.webauthn classes modeled after the W3C WebAuthn spec introduced. * CTAP2 send_cbor/make_credential/get_assertion and U2fClient request/authenticate timeout arguments replaced with event used to cancel a request. * Fido2Client: - make_credential/get_assertion now take WebAuthn options objects. - timeout is now provided in ms in WebAuthn options objects. Event based cancelation also available by passing an Event. * Fido2Server: - ATTESTATION, USER_VERIFICATION, and AUTHENTICATOR_ATTACHMENT enums have been replaced with fido2.webauthn classes. - RelyingParty has been replaced with PublicKeyCredentialRpEntity, and name is no longer optional. - Options returned by register_begin/authenticate_begin now omit unspecified values if they are optional, instead of filling in default values. - Fido2Server.allowed_algorithms now contains a list of PublicKeyCredentialParameters instead of algorithm identifiers. - Fido2Server.timeout is now in ms and of type int. * Support native WebAuthn API on Windows through WindowsClient. - Version 0.7.2 (released 2019-10-24) * Support for the TPM attestation format. * Allow passing custom challenges to register/authenticate in Fido2Server. * Bugfix: CTAP2 CANCEL command response handling fixed. * Bugfix: Fido2Client fix handling of empty allow_list. * Bugfix: Fix typo in CTAP2.get_assertions() causing it to fail. - Version 0.7.1 (released 2019-09-20) * Enforce canonical CBOR on Authenticator responses by default. * PCSC: Support extended APDUs. * Server: Verify that UP flag is set. * U2FFido2Server: Implement AppID exclusion extension. * U2FFido2Server: Allow custom U2F facet verification. * Bugfix: U2FFido2Server.authenticate_complete now returns the result. - Version 0.7.0 (released 2019-06-17) * Add support for NFC devices using PCSC. * Add support for the hmac-secret Authenticator extension. * Honor max credential ID length and number of credentials to Authenticator. * Add close() method to CTAP devices to explicitly release their resources. - Version 0.6.0 (released 2019-05-10) * Don't fail if CTAP2 Info contains unknown fields. * Replace cbor loads/dumps functions with encode/decode/decode_from. * Server: Add support for AuthenticatorAttachment. * Server: Add support for more key algorithms. * Client: Expose CTAP2 Info object as Fido2Client.info. Changes in yubikey-manager: - Update to version 4.0.9 (released 2022-06-17) * Dependency: Add support for python-fido2 1.x * Fix: Drop stated support for Click 6 as features from 7 are being used. - Update to version 4.0.8 (released 2022-01-31) * Bugfix: Fix error message for invalid modhex when programing a YubiOTP credential. * Bugfix: Fix issue with displaying a Steam credential when it is the only account. * Bugfix: Prevent installation of files in site-packages root. * Bugfix: Fix cleanup logic in PIV for protected management key. * Add support for token identifier when programming slot-based HOTP. * Add support for programming NDEF in text mode. * Dependency: Add support for Cryptography ⇐ 38. - version update to 4.0.7 ** Bugfix release: Fix broken naming for "YubiKey 4", and a small OATH issue with touch Steam credentials. - version 4.0.6 (released 2021-09-08) ** Improve handling of YubiKey device reboots. ** More consistently mask PIN/password input in prompts. ** Support switching mode over CCID for YubiKey Edge. ** Run pkill from PATH instead of fixed location. - version 4.0.5 (released 2021-07-16) ** Bugfix: Fix PIV feature detection for some YubiKey NEO versions. ** Bugfix: Fix argument short form for --period when adding TOTP credentials. ** Bugfix: More strict validation for some arguments, resulting in better error messages. ** Bugfix: Correctly handle TOTP credentials using period != 30 AND touch_required. ** Bugfix: Fix prompting for access code in the otp settings command (now uses "-A -"). - Update to version 4.0.3 * Add support for fido reset over NFC. * Bugfix: The --touch argument to piv change-management-key was ignored. * Bugfix: Don’t prompt for password when importing PIV key/cert if file is invalid. * Bugfix: Fix setting touch-eject/auto-eject for YubiKey 4 and NEO. * Bugfix: Detect PKCS#12 format when outer sequence uses indefinite length. * Dependency: Add support for Click 8. - Update to version 4.0.2 * Update device names * Add read_info output to the --diagnose command, and show exception types. * Bugfix: Fix read_info for YubiKey Plus. * Add support for YK5-based FIPS YubiKeys. * Bugfix: Fix OTP device enumeration on Win32. * Drop reliance on libusb and libykpersonalize. * Support the "fido" and "otp" subcommands over NFC * New "ykman --diagnose" command to aid in troubleshooting. * New "ykman apdu" command for sending raw APDUs over the smart card interface. * New "yubikit" package added for custom development and advanced scripting. * OpenPGP: Add support for KDF enabled YubiKeys. * Static password: Add support for FR, IT, UK and BEPO keyboard layouts. - Update to 3.1.1 * Add support for YubiKey 5C NFC * OpenPGP: set-touch now performs compatibility checks before prompting for PIN * OpenPGP: Improve error messages and documentation for set-touch * PIV: read-object command no longer adds a trailing newline * CLI: Hint at missing permissions when opening a device fails * Linux: Improve error handling when pcscd is not running * Windows: Improve how .DLL files are loaded, thanks to Marius Gabriel Mihai for reporting this! * Bugfix: set-touch now accepts the cached-fixed option * Bugfix: Fix crash in OtpController.prepare_upload_key() error parsing * Bugfix: Fix crash in piv info command when a certificate slot contains an invalid certificate * Library: PivController.read_certificate(slot) now wraps certificate parsing exceptions in new exception type InvalidCertificate * Library: PivController.list_certificates() now returns None for slots containing invalid certificate, instead of raising an exception - Version 3.1.0 (released 2019-08-20) * Add support for YubiKey 5Ci * OpenPGP: the info command now prints OpenPGP specification version as well * OpenPGP: Update support for attestation to match OpenPGP v3.4 * PIV: Use UTC time for self-signed certificates * OTP: Static password now supports the Norman keyboard layout - Version 3.0.0 (released 2019-06-24) * Add support for new YubiKey Preview and lightning form factor * FIDO: Support for credential management * OpenPGP: Support for OpenPGP attestation, cardholder certificates and cached touch policies * OTP: Add flag for using numeric keypad when sending digits - Version 2.1.1 (released 2019-05-28) * OTP: Add initial support for uploading Yubico OTP credentials to YubiCloud * Don’t automatically select the U2F applet on YubiKey NEO, it might be blocked by the OS * ChalResp: Always pad challenge correctly * Bugfix: Don’t crash with older versions of cryptography * Bugfix: Password was always prompted in OATH command, even if sent as argument Changes in yubikey-manager-qt: - update to 1.2.5: * Compatibility update for ykman 5.0.1. * Update to Python 3.11. * Update product images. - Update to version 1.2.4 (released 2021-10-26) * Update device names and images. * PIV: Fix import of certificate. - Update to version 1.2.3 * Improved error handling when using Security Key Series devices. * PIV: Fix generation of certificate in slot 9c. - Update to version 1.2.2 * Fix detection of YubiKey Plus * Compatibility update for yubikey-manager 4.0 * Bugfix: Device caching with multiple devices * Drop dependencies on libusb and libykpers. * Add additional product names and images - update to 1.1.5 * Add support for YubiKey 5C NFC - Update to version 1.1.4 * OTP: Add option to upload YubiOTP credential to YubiCloud * Linux: Show hint about pcscd service if opening device fails * Bugfix: Signal handling now compatible with Python 3.8 - Version 1.1.3 (released 2019-08-20) * Add suppport for YubiKey 5Ci * PIV: Use UTC time for self-signed certificates - Version 1.1.2 (released 2019-06-24) * Add support for new YubiKey Preview * PIV: The popup for the management key now have a "Use default" option * Windows: Fix issue with importing PIV certificates * Bugfix: generate static password now works correctly libfido2-1-1.13.0-150400.5.3.1.x86_64.rpm libfido2-1.13.0-150400.5.3.1.src.rpm libfido2-udev-1.13.0-150400.5.3.1.noarch.rpm libfido2-1-1.13.0-150400.5.3.1.s390x.rpm libfido2-1-1.13.0-150400.5.3.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2742 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for yast2-pkg-bindings fixes the following issues: libzypp was updated to version 17.31.14 (22): - Curl: trim all custom headers (bsc#1212187) HTTP/2 RFC 9113 forbids fields ending with a space. So we make sure all custom headers are trimmed. This also includes headers returned by URL-Resolver plugins. - build: honor libproxy.pc's includedir (bsc#1212222) zypper was updated to version 1.14.61: - targetos: Add an error note if XPath:/product/register/target is not defined in /etc/products.d/baseproduct (bsc#1211261) - targetos: Update help and man page (bsc#1211261) yast2-pkg-bindings, autoyast: - Added a new option for rebuilding the RPM database (--rebuilddb) (bsc#1209565) - Selected products are not installed after resetting the package manager internally (bsc#1202234) yast2-update: - Rebuild the RPM database during upgrade (--rebuilddb) (bsc#1209565) libprotobuf-lite20-3.9.2-150200.4.21.1.x86_64.rpm True protobuf-3.9.2-150200.4.21.1.src.rpm True libprotobuf-lite20-3.9.2-150200.4.21.1.s390x.rpm True libprotobuf-lite20-3.9.2-150200.4.21.1.aarch64.rpm True openSUSE-Leap-Micro-5.4-2023-2640 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for vim fixes the following issues: - CVE-2023-2426: Fixed out-of-range pointer offset (bsc#1210996). - CVE-2023-2609: Fixed NULL pointer dereference (bsc#1211256). - CVE-2023-2610: Fixed integer overflow or wraparound (bsc#1211257). vim-9.0.1572-150000.5.46.1.src.rpm vim-data-common-9.0.1572-150000.5.46.1.noarch.rpm vim-small-9.0.1572-150000.5.46.1.x86_64.rpm vim-small-9.0.1572-150000.5.46.1.s390x.rpm vim-small-9.0.1572-150000.5.46.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2653 important SUSE Updates openSUSE-Leap-Micro 5.4 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-28410: Fixed improper restriction of operations within the bounds of a memory buffer in some Intel(R) i915 Graphics drivers that may have allowed an authenticated user to potentially enable escalation of privilege via local access (bsc#1211263). - CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131). - CVE-2023-1382: Fixed denial of service in tipc_conn_close (bsc#1209288). - CVE-2023-3006: Fixed a known cache speculation vulnerability, known as Branch History Injection (BHI) or Spectre-BHB, for the new hw AmpereOne (bsc#1211855). - CVE-2023-2269: Fixed a denial-of-service problem due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c (bsc#1210806). - CVE-2023-1079: Fixed a use-after-free problem that could have been triggered in asus_kbd_backlight_set when plugging/disconnecting a malicious USB device (bsc#1208604). - CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647). - CVE-2023-33288: Fixed a use-after-free in bq24190_remove in drivers/power/supply/bq24190_charger.c (bsc#1211590). - CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760). - CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758). - CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762). - CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803). - CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756). - CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb-core/dvb_frontend.c (bsc#1210783). - CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210533). - CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940). - CVE-2023-30456: Fixed an issue in arch/x86/kvm/vmx/nested.c with nVMX on x86_64 lacks consistency checks for CR0 and CR4 (bsc#1210294). - CVE-2022-4269: Fixed a flaw was found inside the Traffic Control (TC) subsystem (bsc#1206024). - CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests (bsc#1211043). - CVE-2023-1380: Fixed a slab-out-of-bound read problem in brcmf_get_assoc_ies() (bsc#1209287). - CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem (bsc#1211105). - CVE-2023-2483: Fixed a use after free bug in emac_remove caused by a race condition (bsc#1211037). - CVE-2023-2124: Fixed an out-of-bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498). The following non-security bugs were fixed: - 3c589_cs: Fix an error handling path in tc589_probe() (git-fixes). - ACPI: EC: Fix oops when removing custom query handlers (git-fixes). - ACPI: bus: Ensure that notify handlers are not running after removal (git-fixes). - ACPI: processor: Fix evaluating _PDC method when running as Xen dom0 (git-fixes). - ACPI: tables: Add support for NBFT (bsc#1195921). - ACPICA: ACPICA: check null return of ACPI_ALLOCATE_ZEROED in acpi_db_display_objects (git-fixes). - ACPICA: Avoid undefined behavior: applying zero offset to null pointer (git-fixes). - ALSA: caiaq: input: Add error handling for unsupported input methods in `snd_usb_caiaq_input_init` (git-fixes). - ALSA: cs46xx: mark snd_cs46xx_download_image as static (git-fixes). - ALSA: firewire-digi00x: prevent potential use after free (git-fixes). - ALSA: hda/ca0132: add quirk for EVGA X299 DARK (git-fixes). - ALSA: hda/realtek: Add a quirk for HP EliteDesk 805 (git-fixes). - ALSA: hda/realtek: Add quirk for 2nd ASUS GU603 (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS UM3402YAR using CS35L41 (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo L140AU (git-fixes). - ALSA: hda/realtek: Add quirk for HP EliteBook G10 laptops (git-fixes). - ALSA: hda/realtek: Add quirk for ThinkPad P1 Gen 6 (git-fixes). - ALSA: hda/realtek: Apply HP B&O top speaker profile to Pavilion 15 (git-fixes). - ALSA: hda/realtek: Enable headset onLenovo M70/M90 (git-fixes). - ALSA: hda/realtek: Fix mute and micmute LEDs for an HP laptop (git-fixes). - ALSA: hda/realtek: Fix mute and micmute LEDs for yet another HP laptop (git-fixes). - ALSA: hda/realtek: support HP Pavilion Aero 13-be0xxx Mute LED (git-fixes). - ALSA: hda: Add NVIDIA codec IDs a3 through a7 to patch table (git-fixes). - ALSA: hda: Fix Oops by 9.1 surround channel names (git-fixes). - ALSA: usb-audio: Add a sample rate workaround for Line6 Pod Go (git-fixes). - ALSA: usb-audio: Add quirk for Pioneer DDJ-800 (git-fixes). - ARM64: dts: Add DTS files for bcmbca SoC BCM6858 (git-fixes). - ARM: 9296/1: HP Jornada 7XX: fix kernel-doc warnings (git-fixes). - ARM: dts: qcom: ipq8064: Fix the PCI I/O port range (git-fixes). - ARM: dts: qcom: ipq8064: reduce pci IO size to 64K (git-fixes). - ASOC: Intel: sof_sdw: add quirk for Intel 'Rooks County' NUC M15 (git-fixes). - ASoC: Intel: Skylake: Fix declaration of enum skl_ch_cfg (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Acer Iconia One 7 B1-750 (git-fixes). - ASoC: fsl_micfil: Fix error handler with pm_runtime_enable (git-fixes). - ASoC: lpass: Fix for KASAN use_after_free out of bounds (git-fixes). - ASoC: rt5682: Disable jack detection interrupt during suspend (git-fixes). - ASoC: soc-pcm: fix hw->formats cleared by soc_pcm_hw_init() for dpcm (git-fixes). - Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp (git-fixes). - Bluetooth: btintel: Add LE States quirk support (git-fixes). - Bluetooth: hci_bcm: Fall back to getting bdaddr from EFI if not set (git-fixes). - HID: logitech-hidpp: Do not use the USB serial for USB devices (git-fixes). - HID: logitech-hidpp: Reconcile USB and Unifying serials (git-fixes). - HID: microsoft: Add rumble support to latest xbox controllers (bsc#1211280). - HID: wacom: Add new Intuos Pro Small (PTH-460) device IDs (git-fixes). - HID: wacom: Force pen out of prox if no events have been received in a while (git-fixes). - HID: wacom: Set a default resolution for older tablets (git-fixes). - HID: wacom: add three styli to wacom_intuos_get_tool_type (git-fixes). - HID: wacom: avoid integer overflow in wacom_intuos_inout() (git-fixes). - HID: wacom: generic: Set battery quirk only when we see battery data (git-fixes). - IB/hfi1: Fix SDMA mmu_rb_node not being evicted in LRU order (git-fixes) - IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests (git-fixes) - IB/hifi1: add a null check of kzalloc_node in hfi1_ipoib_txreq_init (git-fixes) - Input: xpad - add constants for GIP interface numbers (git-fixes). - KEYS: asymmetric: Copy sig and digest in public_key_verify_signature() (git-fixes). - KVM: Destroy target device if coalesced MMIO unregistration fails (git-fixes) - KVM: Disallow user memslot with size that exceeds "unsigned long" (git-fixes) - KVM: Do not create VM debugfs files outside of the VM directory (git-fixes) - KVM: Do not set Accessed/Dirty bits for ZERO_PAGE (git-fixes) - KVM: LAPIC: Enable timer posted-interrupt only when mwait/hlt is advertised (git-fixes). - KVM: Prevent module exit until all VMs are freed (git-fixes) - KVM: SVM: Do not rewrite guest ICR on AVIC IPI virtualization failure (git-fixes). - KVM: SVM: Fix benign "bool vs. int" comparison in svm_set_cr0() (git-fixes). - KVM: SVM: Require logical ID to be power-of-2 for AVIC entry (git-fixes). - KVM: SVM: Skip WRMSR fastpath on VM-Exit if next RIP isn't valid (git-fixes). - KVM: SVM: hyper-v: placate modpost section mismatch error (git-fixes). - KVM: VMX: Introduce vmx_msr_bitmap_l01_changed() helper (git-fixes). - KVM: VMX: Resume guest immediately when injecting #GP on ECREATE (git-fixes). - KVM: VMX: Set vmcs.PENDING_DBG.BS on #DB in STI/MOVSS blocking shadow (git-fixes). - KVM: VMX: Use is_64_bit_mode() to check 64-bit mode in SGX handler (git-fixes). - KVM: X86: Fix tlb flush for tdp in kvm_invalidate_pcid() (git-fixes). - KVM: arm64: Do not arm a hrtimer for an already pending timer (git-fixes) - KVM: arm64: Do not return from void function (git-fixes) - KVM: arm64: Fix PAR_TO_HPFAR() to work independently of PA_BITS. (git-fixes) - KVM: arm64: Fix S1PTW handling on RO memslots (git-fixes) - KVM: arm64: Fix bad dereference on MTE-enabled systems (git-fixes) - KVM: arm64: Fix buffer overflow in kvm_arm_set_fw_reg() (git-fixes) - KVM: arm64: Fix kvm init failure when mode!=vhe and VA_BITS=52. (git-fixes) - KVM: arm64: Free hypervisor allocations if vector slot init fails (git-fixes) - KVM: arm64: GICv4.1: Fix race with doorbell on VPE (git-fixes) - KVM: arm64: Limit length in kvm_vm_ioctl_mte_copy_tags() to INT_MAX (git-fixes) - KVM: arm64: PMU: Restore the guest's EL0 event counting after (git-fixes) - KVM: arm64: Reject 32bit user PSTATE on asymmetric systems (git-fixes) - KVM: arm64: Stop handle_exit() from handling HVC twice when an SError (git-fixes) - KVM: arm64: Treat PMCR_EL1.LC as RES1 on asymmetric systems (git-fixes) - KVM: arm64: nvhe: Eliminate kernel-doc warnings (git-fixes) - KVM: arm64: vgic: Fix exit condition in scan_its_table() (git-fixes) - KVM: nVMX: Also filter MSR_IA32_VMX_TRUE_PINBASED_CTLS when eVMCS (git-fixes). - KVM: nVMX: Do not use Enlightened MSR Bitmap for L3 (git-fixes). - KVM: nVMX: Document that ignoring memory failures for VMCLEAR is deliberate (git-fixes). - KVM: nVMX: Emulate NOPs in L2, and PAUSE if it's not intercepted (git-fixes). - KVM: nVMX: Inject #GP, not #UD, if "generic" VMXON CR0/CR4 check fails (git-fixes). - KVM: nVMX: Prioritize TSS T-flag #DBs over Monitor Trap Flag (git-fixes). - KVM: nVMX: Properly expose ENABLE_USR_WAIT_PAUSE control to L1 (git-fixes). - KVM: nVMX: Treat General Detect #DB (DR7.GD=1) as fault-like (git-fixes). - KVM: nVMX: eVMCS: Filter out VM_EXIT_SAVE_VMX_PREEMPTION_TIMER (git-fixes). - KVM: x86/emulator: Emulate RDPID only if it is enabled in guest (git-fixes). - KVM: x86/mmu: avoid NULL-pointer dereference on page freeing bugs (git-fixes). - KVM: x86/pmu: Ignore pmu->global_ctrl check if vPMU does not support global_ctrl (git-fixes). - KVM: x86/svm: add __GFP_ACCOUNT to __sev_dbg_{en,de}crypt_user() (git-fixes). - KVM: x86/vmx: Do not skip segment attributes if unusable bit is set (git-fixes). - KVM: x86/xen: Fix memory leak in kvm_xen_write_hypercall_page() (git-fixes). - KVM: x86: Copy filter arg outside kvm_vm_ioctl_set_msr_filter() (git-fixes). - KVM: x86: Do not change ICR on write to APIC_SELF_IPI (git-fixes). - KVM: x86: Fail emulation during EMULTYPE_SKIP on any exception (git-fixes). - KVM: x86: Inject #GP if WRMSR sets reserved bits in APIC Self-IPI (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.8000001FH (git-fixes). - KVM: x86: Mask off unsupported and unknown bits of IA32_ARCH_CAPABILITIES (git-fixes). - KVM: x86: Protect the unused bits in MSR exiting flags (git-fixes). - KVM: x86: Remove a redundant guest cpuid check in kvm_set_cr4() (git-fixes). - KVM: x86: Report deprecated x87 features in supported CPUID (git-fixes). - KVM: x86: do not set st->preempted when going back to user space (git-fixes). - KVM: x86: fix typo in __try_cmpxchg_user causing non-atomicness (git-fixes). - KVM: x86: ioapic: Fix level-triggered EOI and userspace I/OAPIC reconfigure race (git-fixes). - PCI/ASPM: Remove pcie_aspm_pm_state_change() (git-fixes). - PM: hibernate: Do not get block device exclusively in test_resume mode (git-fixes). - PM: hibernate: Turn snapshot_test into global variable (git-fixes). - PM: hibernate: fix load_image_and_restore() error path (git-fixes). - RDMA/bnxt_re: Fix a possible memory leak (git-fixes) - RDMA/bnxt_re: Fix return value of bnxt_re_process_raw_qp_pkt_rx (git-fixes) - RDMA/bnxt_re: Fix the page_size used during the MR creation (git-fixes) - RDMA/cm: Trace icm_send_rej event before the cm state is reset (git-fixes) - RDMA/core: Fix multiple -Warray-bounds warnings (git-fixes) - RDMA/efa: Fix unsupported page sizes in device (git-fixes) - RDMA/hns: Fix base address table allocation (git-fixes) - RDMA/hns: Fix timeout attr in query qp for HIP08 (git-fixes) - RDMA/hns: Modify the value of long message loopback slice (git-fixes) - RDMA/irdma: Add SW mechanism to generate completions on error (jsc#SLE-18383). - RDMA/irdma: Do not generate SW completions for NOPs (jsc#SLE-18383). - RDMA/irdma: Fix Local Invalidate fencing (git-fixes) - RDMA/irdma: Fix RQ completion opcode (jsc#SLE-18383). - RDMA/irdma: Fix drain SQ hang with no completion (jsc#SLE-18383). - RDMA/irdma: Fix inline for multiple SGE's (jsc#SLE-18383). - RDMA/irdma: Prevent QP use after free (git-fixes) - RDMA/irdma: Remove enum irdma_status_code (jsc#SLE-18383). - RDMA/irdma: Remove excess error variables (jsc#SLE-18383). - RDMA/mana: Remove redefinition of basic u64 type (bsc#1210741 jsc#PED-4022). - RDMA/mana: hide new rdma_driver_ids (bsc#1210741 jsc#PED-4022). - RDMA/mana_ib: Add a driver for Microsoft Azure Network Adapter (bsc#1210741 jsc#PED-4022). - RDMA/mana_ib: Prevent array underflow in mana_ib_create_qp_raw() (bsc#1210741 jsc#PED-4022). - RDMA/mlx4: Prevent shift wrapping in set_user_sq_size() (jsc#SLE-19255). - RDMA/mlx5: Fix flow counter query via DEVX (git-fixes) - RDMA/mlx5: Use correct device num_ports when modify DC (git-fixes) - RDMA/rxe: Remove tasklet call from rxe_cq.c (git-fixes) - RDMA/siw: Fix potential page_array out of range access (git-fixes) - RDMA/siw: Remove namespace check from siw_netdev_event() (git-fixes) - RDMA/srpt: Add a check for valid 'mad_agent' pointer (git-fixes) - Revert "KVM: set owner of cpu and vm file operations" (git-fixes) - SMB3.1.1: add new tree connect ShareFlags (bsc#1193629). - SMB3: Add missing locks to protect deferred close file list (git-fixes). - SMB3: Close all deferred handles of inode in case of handle lease break (bsc#1193629). - SMB3: Close deferred file handles in case of handle lease break (bsc#1193629). - SMB3: drop reference to cfile before sending oplock break (bsc#1193629). - SMB3: force unmount was failing to close deferred close files (bsc#1193629). - SUNRPC: fix breakage caused by introduction of rq_xprt_ctxt (bsc#1210775). - USB / dwc3: Fix a checkpatch warning in core.c (git-fixes). - USB: UHCI: adjust zhaoxin UHCI controllers OverCurrent bit value (git-fixes). - USB: core: Add routines for endpoint checks in old drivers (git-fixes). - USB: sisusbvga: Add endpoint checks (git-fixes). - USB: usbtmc: Fix direction for 0-length ioctl control messages (git-fixes). - apparmor: add a kernel label to use on kernel objects (bsc#1211113). - arm64: dts: Add DTS files for bcmbca SoC BCM4912 (git-fixes). - arm64: dts: Add DTS files for bcmbca SoC BCM63158 (git-fixes). - arm64: dts: Add base DTS file for bcmbca device Asus GT-AX6000 (git-fixes). - arm64: dts: broadcom: bcm4908: add DT for Netgear RAXE500 (git-fixes). - arm64: dts: qcom: msm8996: Add missing DWC3 quirks (git-fixes). - arm64: errata: add detection for AMEVCNTR01 incrementing incorrectly (git-fixes) Enable workaround and fix kABI breakage. - arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes) - arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes). - asm-generic/io.h: suppress endianness warnings for readq() and writeq() (git-fixes). - ata: libata-scsi: Use correct device no in ata_find_dev() (git-fixes). - ata: pata_octeon_cf: drop kernel-doc notation (git-fixes). - block: add a bdev_max_zone_append_sectors helper (git-fixes). - bluetooth: Add cmd validity checks at the start of hci_sock_ioctl() (git-fixes). - bnxt: Do not read past the end of test names (jsc#SLE-18978). - bnxt: prevent skb UAF after handing over to PTP worker (jsc#SLE-18978). - bnxt_en: Add missing 200G link speed reporting (jsc#SLE-18978). - bnxt_en: Avoid order-5 memory allocation for TPA data (jsc#SLE-18978). - bnxt_en: Do not initialize PTP on older P3/P4 chips (jsc#SLE-18978). - bnxt_en: Fix mqprio and XDP ring checking logic (jsc#SLE-18978). - bnxt_en: Fix reporting of test result in ethtool selftest (jsc#SLE-18978). - bnxt_en: Fix typo in PCI id to device description string mapping (jsc#SLE-18978). - bnxt_en: fix NQ resource accounting during vf creation on 57500 chips (jsc#SLE-18978). - bnxt_en: set missing reload flag in devlink features (jsc#SLE-18978). - can: isotp: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes). - can: j1939: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes). - can: kvaser_pciefd: Call request_irq() before enabling interrupts (git-fixes). - can: kvaser_pciefd: Clear listen-only bit if not explicitly requested (git-fixes). - can: kvaser_pciefd: Disable interrupts in probe error path (git-fixes). - can: kvaser_pciefd: Do not send EFLUSH command on TFD interrupt (git-fixes). - can: kvaser_pciefd: Empty SRB buffer in probe (git-fixes). - can: kvaser_pciefd: Set CAN_STATE_STOPPED in kvaser_pciefd_stop() (git-fixes). - can: kvaser_usb: Add struct kvaser_usb_busparams (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: Get capabilities from device (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: Handle CMD_ERROR_EVENT (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: Rename {leaf,usbcan}_cmd_error_event to {leaf,usbcan}_cmd_can_error_event (git-fixes). - can: kvaser_usb_leaf: Fix overread with an invalid command (git-fixes). - cassini: Fix a memory leak in the error handling path of cas_init_one() (git-fixes). - ceph: force updating the msg pointer in non-split case (bsc#1211804). - cgroup.c: add helper __cset_cgroup_from_root to cleanup duplicated codes (bsc#1203906). - cgroup: Homogenize cgroup_get_from_id() return value (bsc#1205650). - cgroup: Honor caller's cgroup NS when resolving path (bsc#1205650). - cgroup: Make cgroup_get_from_id() prettier (bsc#1205650). - cgroup: Reorganize css_set_lock and kernfs path processing (bsc#1205650). - cgroup: cgroup: Honor caller's cgroup NS when resolving cgroup id (bsc#1205650). - cgroup: reduce dependency on cgroup_mutex (bsc#1205650). - cifs: Avoid a cast in add_lease_context() (bsc#1193629). - cifs: Simplify SMB2_open_init() (bsc#1193629). - cifs: Simplify SMB2_open_init() (bsc#1193629). - cifs: Simplify SMB2_open_init() (bsc#1193629). - cifs: avoid dup prefix path in dfs_get_automount_devname() (git-fixes). - cifs: avoid potential races when handling multiple dfs tcons (bsc#1208758). - cifs: fix pcchunk length type in smb2_copychunk_range (bsc#1193629). - cifs: fix potential race when tree connecting ipc (bsc#1208758). - cifs: fix potential use-after-free bugs in TCP_Server_Info::hostname (bsc#1208758). - cifs: fix sharing of DFS connections (bsc#1208758). - cifs: fix smb1 mount regression (bsc#1193629). - cifs: mapchars mount option ignored (bsc#1193629). - cifs: missing lock when updating session status (bsc#1193629). - cifs: print smb3_fs_context::source when mounting (bsc#1193629). - cifs: protect access of TCP_Server_Info::{origin,leaf}_fullpath (bsc#1208758). - cifs: protect session status check in smb2_reconnect() (bsc#1208758). - cifs: release leases for deferred close handles when freezing (bsc#1193629). - cifs: update internal module version number for cifs.ko (bsc#1193629). - clk: qcom: gcc-sm8350: fix PCIe PIPE clocks handling (git-fixes). - clk: qcom: regmap: add PHY clock source implementation (git-fixes). - clk: tegra20: fix gcc-7 constant overflow warning (git-fixes). - configfs: fix possible memory leak in configfs_create_dir() (git-fixes). - crypto: acomp - define max size for destination (jsc#PED-3692) - crypto: drivers - move from strlcpy with unused retval to (jsc#PED-3692) - crypto: qat - Fix unsigned function returning negative (jsc#PED-3692) - crypto: qat - Removes the x86 dependency on the QAT drivers (jsc#PED-3692) - crypto: qat - abstract PFVF messages with struct pfvf_message (jsc#PED-3692) - crypto: qat - abstract PFVF receive logic (jsc#PED-3692) - crypto: qat - abstract PFVF send function (jsc#PED-3692) - crypto: qat - add PFVF support to enable the reset of ring (jsc#PED-3692) - crypto: qat - add PFVF support to the GEN4 host driver (jsc#PED-3692) - crypto: qat - add VF and PF wrappers to common send function (jsc#PED-3692) - crypto: qat - add backlog mechanism (jsc#PED-3692) - crypto: qat - add check for invalid PFVF protocol version 0 (jsc#PED-3692) - crypto: qat - add check to validate firmware images (jsc#PED-3692) - crypto: qat - add limit to linked list parsing (jsc#PED-3692) - crypto: qat - add misc workqueue (jsc#PED-3692) - crypto: qat - add missing restarting event notification in (jsc#PED-3692) - crypto: qat - add param check for DH (jsc#PED-3692) - crypto: qat - add param check for RSA (jsc#PED-3692) - crypto: qat - add pfvf_ops (jsc#PED-3692) - crypto: qat - add resubmit logic for decompression (jsc#PED-3692) - crypto: qat - add support for 401xx devices (jsc#PED-3692) - crypto: qat - add support for compression for 4xxx (jsc#PED-3692) - crypto: qat - add the adf_get_pmisc_base() helper function (jsc#PED-3692) - crypto: qat - allow detection of dc capabilities for 4xxx (jsc#PED-3692) - crypto: qat - change PFVF ACK behaviour (jsc#PED-3692) - crypto: qat - change behaviour of (jsc#PED-3692) - crypto: qat - change bufferlist logic interface (jsc#PED-3692) - crypto: qat - config VFs based on ring-to-svc mapping (jsc#PED-3692) - crypto: qat - differentiate between pf2vf and vf2pf offset (jsc#PED-3692) - crypto: qat - disable AER if an error occurs in probe (jsc#PED-3692) - crypto: qat - do not handle PFVF sources for qat_4xxx (jsc#PED-3692) - crypto: qat - do not rely on min version (jsc#PED-3692) - crypto: qat - enable deflate for QAT GEN4 (jsc#PED-3692) - crypto: qat - enable power management for QAT GEN4 (jsc#PED-3692) - crypto: qat - exchange device capabilities over PFVF (jsc#PED-3692) - crypto: qat - exchange ring-to-service mappings over PFVF (jsc#PED-3692) - crypto: qat - expose deflate through acomp api for QAT GEN2 (jsc#PED-3692) - crypto: qat - expose device config through sysfs for 4xxx (jsc#PED-3692) - crypto: qat - expose device state through sysfs for 4xxx (jsc#PED-3692) - crypto: qat - extend buffer list interface (jsc#PED-3692) - crypto: qat - extend crypto capability detection for 4xxx (jsc#PED-3692) - crypto: qat - extract send and wait from (jsc#PED-3692) - crypto: qat - fix DMA transfer direction (jsc#PED-3692) - crypto: qat - fix ETR sources enabled by default on GEN2 (jsc#PED-3692) - crypto: qat - fix VF IDs in PFVF log messages (jsc#PED-3692) - crypto: qat - fix a signedness bug in get_service_enabled() (jsc#PED-3692) - crypto: qat - fix a typo in a comment (jsc#PED-3692) - crypto: qat - fix access to PFVF interrupt registers for GEN4 (jsc#PED-3692) - crypto: qat - fix definition of ring reset results (jsc#PED-3692) - crypto: qat - fix error return code in adf_probe (jsc#PED-3692) - crypto: qat - fix handling of VF to PF interrupts (jsc#PED-3692) - crypto: qat - fix initialization of pfvf cap_msg structures (jsc#PED-3692) - crypto: qat - fix initialization of pfvf rts_map_msg (jsc#PED-3692) - crypto: qat - fix off-by-one error in PFVF debug print (jsc#PED-3692) - crypto: qat - fix wording and formatting in code comment (jsc#PED-3692) - crypto: qat - flush vf workqueue at driver removal (jsc#PED-3692) - crypto: qat - free irq in case of failure (jsc#PED-3692) - crypto: qat - free irqs only if allocated (jsc#PED-3692) - crypto: qat - generalize crypto request buffers (jsc#PED-3692) - crypto: qat - get compression extended capabilities (jsc#PED-3692) - crypto: qat - handle retries due to collisions in (jsc#PED-3692) - crypto: qat - honor CRYPTO_TFM_REQ_MAY_SLEEP flag (jsc#PED-3692) - crypto: qat - improve logging of PFVF messages (jsc#PED-3692) - crypto: qat - improve the ACK timings in PFVF send (jsc#PED-3692) - crypto: qat - introduce support for PFVF block messages (jsc#PED-3692) - crypto: qat - leverage bitfield.h utils for PFVF messages (jsc#PED-3692) - crypto: qat - leverage read_poll_timeout in PFVF send (jsc#PED-3692) - crypto: qat - leverage the GEN2 VF mask definiton (jsc#PED-3692) - crypto: qat - make PFVF message construction direction (jsc#PED-3692) - crypto: qat - make PFVF send and receive direction agnostic (jsc#PED-3692) - crypto: qat - move VF message handler to adf_vf2pf_msg.c (jsc#PED-3692) - crypto: qat - move and rename GEN4 error register definitions (jsc#PED-3692) - crypto: qat - move interrupt code out of the PFVF handler (jsc#PED-3692) - crypto: qat - move pfvf collision detection values (jsc#PED-3692) - crypto: qat - move vf2pf interrupt helpers (jsc#PED-3692) - crypto: qat - pass the PF2VF responses back to the callers (jsc#PED-3692) - crypto: qat - prevent spurious MSI interrupt in VF (jsc#PED-3692) - crypto: qat - re-enable interrupts for legacy PFVF messages (jsc#PED-3692) - crypto: qat - re-enable registration of algorithms (jsc#PED-3692) - crypto: qat - refactor PF top half for PFVF (jsc#PED-3692) - crypto: qat - refactor pfvf version request messages (jsc#PED-3692) - crypto: qat - refactor submission logic (jsc#PED-3692) - crypto: qat - relocate PFVF PF related logic (jsc#PED-3692) - crypto: qat - relocate PFVF VF related logic (jsc#PED-3692) - crypto: qat - relocate PFVF disabled function (jsc#PED-3692) - crypto: qat - relocate and rename adf_sriov_prepare_restart() (jsc#PED-3692) - crypto: qat - relocate backlog related structures (jsc#PED-3692) - crypto: qat - relocate bufferlist logic (jsc#PED-3692) - crypto: qat - relocate qat_algs_alloc_flags() (jsc#PED-3692) - crypto: qat - remove duplicated logic across GEN2 drivers (jsc#PED-3692) - crypto: qat - remove empty sriov_configure() (jsc#PED-3692) - crypto: qat - remove line wrapping for pfvf_ops functions (jsc#PED-3692) - crypto: qat - remove the unnecessary get_vintmsk_offset() (jsc#PED-3692) - crypto: qat - remove unmatched CPU affinity to cluster IRQ (jsc#PED-3692) - crypto: qat - remove unnecessary tests to detect PFVF support (jsc#PED-3692) - crypto: qat - remove unneeded assignment (jsc#PED-3692) - crypto: qat - remove unneeded braces (jsc#PED-3692) - crypto: qat - remove unneeded packed attribute (jsc#PED-3692) - crypto: qat - remove unused PFVF stubs (jsc#PED-3692) - crypto: qat - rename and relocate GEN2 config function (jsc#PED-3692) - crypto: qat - rename bufferlist functions (jsc#PED-3692) - crypto: qat - rename pfvf collision constants (jsc#PED-3692) - crypto: qat - reorganize PFVF code (jsc#PED-3692) - crypto: qat - reorganize PFVF protocol definitions (jsc#PED-3692) - crypto: qat - replace deprecated MSI API (jsc#PED-3692) - crypto: qat - replace disable_vf2pf_interrupts() (jsc#PED-3692) - crypto: qat - replace get_current_node() with numa_node_id() (jsc#PED-3692) - crypto: qat - rework the VF2PF interrupt handling logic (jsc#PED-3692) - crypto: qat - set CIPHER capability for QAT GEN2 (jsc#PED-3692) - crypto: qat - set COMPRESSION capability for DH895XCC (jsc#PED-3692) - crypto: qat - set COMPRESSION capability for QAT GEN2 (jsc#PED-3692) - crypto: qat - set DMA mask to 48 bits for Gen2 (jsc#PED-3692) - crypto: qat - set PFVF_MSGORIGIN just before sending (jsc#PED-3692) - crypto: qat - share adf_enable_pf2vf_comms() from (jsc#PED-3692) - crypto: qat - simplify adf_enable_aer() (jsc#PED-3692) - crypto: qat - simplify code and axe the use of a deprecated (jsc#PED-3692) - crypto: qat - split PFVF message decoding from handling (jsc#PED-3692) - crypto: qat - stop using iommu_present() (jsc#PED-3692) - crypto: qat - store the PFVF protocol version of the (jsc#PED-3692) - crypto: qat - store the ring-to-service mapping (jsc#PED-3692) - crypto: qat - support fast ACKs in the PFVF protocol (jsc#PED-3692) - crypto: qat - support the reset of ring pairs on PF (jsc#PED-3692) - crypto: qat - test PFVF registers for spurious interrupts on (jsc#PED-3692) - crypto: qat - use enums for PFVF protocol codes (jsc#PED-3692) - crypto: qat - use hweight for bit counting (jsc#PED-3692) - crypto: qat - use pre-allocated buffers in datapath (jsc#PED-3692) - crypto: qat - use reference to structure in dma_map_single() (jsc#PED-3692) - crypto: qat - use u32 variables in all GEN4 pfvf_ops (jsc#PED-3692) - crypto: sun8i-ss - Fix a test in sun8i_ss_setup_ivs() (git-fixes). - cxgb4: fix missing unlock on ETHOFLD desc collect fail path (jsc#SLE-18992). - debugfs: fix error when writing negative value to atomic_t debugfs file (git-fixes). - dma: gpi: remove spurious unlock in gpi_ch_init (git-fixes). - dmaengine: at_xdmac: do not enable all cyclic channels (git-fixes). - dmaengine: dw-edma: Fix to change for continuous transfer (git-fixes). - dmaengine: dw-edma: Fix to enable to issue dma request on DMA processing (git-fixes). - dmaengine: idxd: Do not enable user type Work Queue without Shared Virtual Addressing (git-fixes). - dmaengine: idxd: Only call idxd_enable_system_pasid() if succeeded in enabling SVA feature (git-fixes). - dmaengine: idxd: Separate user and kernel pasid enabling (git-fixes). - dmaengine: mv_xor_v2: Fix an error code (git-fixes). - do not reuse connection if share marked as isolated (bsc#1193629). - docs: networking: fix x25-iface.rst heading & index order (git-fixes). - drivers: base: component: fix memory leak with using debugfs_lookup() (git-fixes). - drivers: base: dd: fix memory leak with using debugfs_lookup() (git-fixes). - drm-hyperv: Add a bug reference to two existing changes (bsc#1211281). - drm/amd/display: Fix hang when skipping modeset (git-fixes). - drm/amd/display: Use DC_LOG_DC in the trasform pixel function (git-fixes). - drm/amd/display: fix flickering caused by S/G mode (git-fixes). - drm/amd: Fix an out of bounds error in BIOS parser (git-fixes). - drm/amdgpu/gfx: disable gfx9 cp_ecc_error_irq only when enabling legacy gfx ras (git-fixes). - drm/amdgpu: Fix vram recover does not work after whole GPU reset (v2) (git-fixes). - drm/amdgpu: add a missing lock for AMDGPU_SCHED (git-fixes). - drm/amdgpu: disable sdma ecc irq only when sdma RAS is enabled in suspend (git-fixes). - drm/displayid: add displayid_get_header() and check bounds better (git-fixes). - drm/exynos: fix g2d_open/close helper function definitions (git-fixes). - drm/i915/dg2: Add HDMI pixel clock frequencies 267.30 and 319.89 MHz (git-fixes). - drm/i915/dg2: Add additional HDMI pixel clock frequencies (git-fixes). - drm/i915/dg2: Support 4k@30 on HDMI (git-fixes). - drm/i915/dp: prevent potential div-by-zero (git-fixes). - drm/mipi-dsi: Set the fwnode for mipi_dsi_device (git-fixes). - drm/msm/dp: Clean up handling of DP AUX interrupts (git-fixes). - drm/msm/dp: unregister audio driver during unbind (git-fixes). - drm/msm/dpu: Add INTF_5 interrupts (git-fixes). - drm/msm/dpu: Move non-MDP_TOP INTF_INTR offsets out of hwio header (git-fixes). - drm/msm/dpu: Remove duplicate register defines from INTF (git-fixes). - drm/sched: Remove redundant check (git-fixes). - drm/tegra: Avoid potential 32-bit integer overflow (git-fixes). - drm/ttm/pool: Fix ttm_pool_alloc error path (git-fixes). - drm/ttm: optimize pool allocations a bit v2 (git-fixes). - dt-binding: cdns,usb3: Fix cdns,on-chip-buff-size type (git-fixes). - dt-bindings: ata: ahci-ceva: Cover all 4 iommus entries (git-fixes). - dt-bindings: ata: ahci-ceva: convert to yaml (git-fixes). - dt-bindings: iio: adc: renesas,rcar-gyroadc: Fix adi,ad7476 compatible value (git-fixes). - dt-bindings: usb: snps,dwc3: Fix "snps,hsphy_interface" type (git-fixes). - f2fs: Fix f2fs_truncate_partial_nodes ftrace event (git-fixes). - fbdev: arcfb: Fix error handling in arcfb_probe() (git-fixes). - fbdev: ep93xx-fb: Add missing clk_disable_unprepare in ep93xxfb_probe() (git-fixes). - fbdev: stifb: Fall back to cfb_fillrect() on 32-bit HCRX cards (git-fixes). - fbdev: udlfb: Fix endpoint check (git-fixes). - firmware: arm_ffa: Check if ffa_driver remove is present before executing (git-fixes). - firmware: arm_ffa: Set reserved/MBZ fields to zero in the memory descriptors (git-fixes). - fuse: always revalidate rename target dentry (bsc#1211808). - fuse: fix attr version comparison in fuse_read_update_size() (bsc#1211807). - futex: Resend potentially swallowed owner death notification (git-fixes). - google/gve:fix repeated words in comments (bsc#1211519). - gpio: mockup: Fix mode of debugfs files (git-fixes). - gve: Adding a new AdminQ command to verify driver (bsc#1211519). - gve: Cache link_speed value from device (git-fixes). - gve: Fix error return code in gve_prefill_rx_pages() (bsc#1211519). - gve: Fix spelling mistake "droping" -> "dropping" (bsc#1211519). - gve: Handle alternate miss completions (bsc#1211519). - gve: Reduce alloc and copy costs in the GQ rx path (bsc#1211519). - gve: Remove the code of clearing PBA bit (git-fixes). - gve: Secure enough bytes in the first TX desc for all TCP pkts (git-fixes). - gve: enhance no queue page list detection (bsc#1211519). - i2c: omap: Fix standard mode false ACK readings (git-fixes). - i2c: tegra: Fix PEC support for SMBUS block read (git-fixes). - i40e: Add checking for null for nlmsg_find_attr() (jsc#SLE-18378). - i40e: Fix ADQ rate limiting for PF (jsc#SLE-18378). - i40e: Fix DMA mappings leak (jsc#SLE-18378). - i40e: Fix VF hang when reset is triggered on another VF (jsc#SLE-18378). - i40e: Fix VF set max MTU size (jsc#SLE-18378). - i40e: Fix VF's MAC Address change on VM (jsc#SLE-18378). - i40e: Fix adding ADQ filter to TC0 (jsc#SLE-18378). - i40e: Fix calculating the number of queue pairs (jsc#SLE-18378). - i40e: Fix erroneous adapter reinitialization during recovery process (jsc#SLE-18378). - i40e: Fix ethtool rx-flow-hash setting for X722 (jsc#SLE-18378). - i40e: Fix flow-type by setting GL_HASH_INSET registers (jsc#SLE-18378). - i40e: Fix for VF MAC address 0 (jsc#SLE-18378). - i40e: Fix incorrect address type for IPv6 flow rules (jsc#SLE-18378). - i40e: Fix interface init with MSI interrupts (no MSI-X) (jsc#SLE-18378). - i40e: Fix kernel crash during module removal (jsc#SLE-18378). - i40e: Fix kernel crash during reboot when adapter is in recovery mode (jsc#SLE-18378). - i40e: Fix set max_tx_rate when it is lower than 1 Mbps (jsc#SLE-18378). - i40e: Fix the inability to attach XDP program on downed interface (jsc#SLE-18378). - i40e: Refactor tc mqprio checks (jsc#SLE-18378). - i40e: add double of VLAN header when computing the max MTU (jsc#SLE-18378). - i40e: fix accessing vsi->active_filters without holding lock (jsc#SLE-18378). - i40e: fix flow director packet filter programming (jsc#SLE-18378). - i40e: fix i40e_setup_misc_vector() error handling (jsc#SLE-18378). - i40e: fix registers dump after run ethtool adapter self test (jsc#SLE-18378). - iavf/iavf_main: actually log ->src mask when talking about it (jsc#SLE-18385). - iavf: Detach device during reset task (jsc#SLE-18385). - iavf: Disallow changing rx/tx-frames and rx/tx-frames-irq (jsc#SLE-18385). - iavf: Do not restart Tx queues after reset task failure (jsc#SLE-18385). - iavf: Fix 'tc qdisc show' listing too many queues (jsc#SLE-18385). - iavf: Fix a crash during reset task (jsc#SLE-18385). - iavf: Fix bad page state (jsc#SLE-18385). - iavf: Fix cached head and tail value for iavf_get_tx_pending (jsc#SLE-18385). - iavf: Fix error handling in iavf_init_module() (jsc#SLE-18385). - iavf: Fix max_rate limiting (jsc#SLE-18385). - iavf: Fix race condition between iavf_shutdown and iavf_remove (jsc#SLE-18385). - iavf: Fix set max MTU size with port VLAN and jumbo frames (jsc#SLE-18385). - iavf: fix hang on reboot with ice (jsc#SLE-18385). - iavf: fix inverted Rx hash condition leading to disabled hash (jsc#SLE-18385). - iavf: fix non-tunneled IPv6 UDP packet type and hashing (jsc#SLE-18385). - ice: Fix interrupt moderation settings getting cleared (jsc#SLE-18375). - ice: Set txq_teid to ICE_INVAL_TEID on ring creation (jsc#SLE-18375). - igb: Add lock to avoid data race (jsc#SLE-18379). - igb: Enable SR-IOV after reinit (jsc#SLE-18379). - igb: Initialize mailbox message for VF reset (jsc#SLE-18379). - igb: conditionalize I2C bit banging on external thermal sensor support (jsc#SLE-18379). - igb: revert rtnl_lock() that causes deadlock (jsc#SLE-18379). - igbvf: Regard vf reset nack as success (jsc#SLE-18379). - igc: Add checking for basetime less than zero (jsc#SLE-18377). - igc: Add ndo_tx_timeout support (jsc#SLE-18377). - igc: Enhance Qbv scheduling by using first flag bit (jsc#SLE-18377). - igc: Fix PPS delta between two synchronized end-points (jsc#SLE-18377). - igc: Lift TAPRIO schedule restriction (jsc#SLE-18377). - igc: Reinstate IGC_REMOVED logic and implement it properly (jsc#SLE-18377). - igc: Set Qbv start_time and end_time to end_time if not being configured in GCL (jsc#SLE-18377). - igc: Use strict cycles for Qbv scheduling (jsc#SLE-18377). - igc: allow BaseTime 0 enrollment for Qbv (jsc#SLE-18377). - igc: fix the validation logic for taprio's gate list (jsc#SLE-18377). - igc: read before write to SRRCTL register (jsc#SLE-18377). - igc: recalculate Qbv end_time by considering cycle time (jsc#SLE-18377). - igc: return an error if the mac type is unknown in igc_ptp_systim_to_hwtstamp() (jsc#SLE-18377). - iio: accel: st_accel: Fix invalid mount_matrix on devices without ACPI _ONT method (git-fixes). - iio: adc: ad7192: Change "shorted" channels to differential (git-fixes). - iio: adc: ad_sigma_delta: Fix IRQ issue by setting IRQ_DISABLE_UNLAZY flag (git-fixes). - iio: adc: mxs-lradc: fix the order of two cleanup operations (git-fixes). - iio: adc: palmas_gpadc: fix NULL dereference on rmmod (git-fixes). - iio: dac: mcp4725: Fix i2c_master_send() return value handling (git-fixes). - iio: imu: inv_icm42600: fix timestamp reset (git-fixes). - iio: light: vcnl4035: fixed chip ID check (git-fixes). - intel/igbvf: free irq on the error path in igbvf_request_msix() (jsc#SLE-18379). - ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592). - iwlwifi: cfg: Add missing MODULE_FIRMWARE() for *.pnvm (bsc#1207553). - ixgbe: Allow flow hash to be set via ethtool (jsc#SLE-18384). - ixgbe: Enable setting RSS table to default values (jsc#SLE-18384). - ixgbe: Fix panic during XDP_TX with > 64 CPUs (jsc#SLE-18384). - ixgbe: add double of VLAN header when computing the max MTU (jsc#SLE-18384). - ixgbe: allow to increase MTU to 3K with XDP enabled (jsc#SLE-18384). - ixgbe: fix pci device refcount leak (jsc#SLE-18384). - ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter (jsc#SLE-18384). - kABI workaround for btbcm.c (git-fixes). - kABI workaround for mt76_poll_msec() (git-fixes). - kABI: Fix kABI after backport Emulate RDPID only if it is enabled in guest (git-fixes) - kabi/severities: added Microsoft mana symbold (bsc#1210551) - kernel-binary: install expoline.o (boo#1210791 bsc#1211089) - kernel-source: Remove unused macro variant_symbols - kernel-spec-macros: Fix up obsolete_rebuilds_subpackage to generate obsoletes correctly (boo#1172073 bsc#1191731). - kvm: x86: Disable KVM_HC_CLOCK_PAIRING if tsc is in always catchup mode (git-fixes). - leds: Fix reference to led_set_brightness() in doc (git-fixes). - leds: TI_LMU_COMMON: select REGMAP instead of depending on it (git-fixes). - leds: tca6507: Fix error handling of using fwnode_property_read_string (git-fixes). - libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value (git-fixes). - locking/rwsem: Add __always_inline annotation to __down_read_common() and inlined callers (git-fixes). - mailbox: zynqmp: Fix IPI isr handling (git-fixes). - mailbox: zynqmp: Fix typo in IPI documentation (git-fixes). - mce: fix set_mce_nospec to always unmap the whole page (git-fixes). - media: cx23885: Fix a null-ptr-deref bug in buffer_prepare() and buffer_finish() (git-fixes). - media: netup_unidvb: fix use-after-free at del_timer() (git-fixes). - media: pci: tw68: Fix null-ptr-deref bug in buf prepare and finish (git-fixes). - media: radio-shark: Add endpoint checks (git-fixes). - media: rcar_fdp1: Fix the correct variable assignments (git-fixes). - media: rcar_fdp1: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - memstick: r592: Fix UAF bug in r592_remove due to race condition (bsc#1211449). - mfd: dln2: Fix memory leak in dln2_probe() (git-fixes). - mfd: tqmx86: Correct board names for TQMxE39x (git-fixes). - mfd: tqmx86: Do not access I2C_DETECT register through io_base (git-fixes). - misc: fastrpc: reject new invocations during device removal (git-fixes). - misc: fastrpc: return -EPIPE to invocations on device removal (git-fixes). - mmc: sdhci-esdhc-imx: make "no-mmc-hs400" works (git-fixes). - mmc: vub300: fix invalid response handling (git-fixes). - mt76: mt7915: fix incorrect testmode ipg on band 1 caused by wmm_idx (git-fixes). - mtd: rawnand: ingenic: fix empty stub helper definitions (git-fixes). - mtd: rawnand: marvell: do not set the NAND frequency select (git-fixes). - mtd: rawnand: marvell: ensure timing values are written (git-fixes). - net/iucv: Fix size of interrupt data (bsc#1211465 git-fixes). - net: accept UFOv6 packages in virtio_net_hdr_to_skb (git-fixes). - net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize (git-fixes). - net: mana: Add new MANA VF performance counters for easier troubleshooting (bsc#1209982). - net: mana: Add support for auxiliary device (bsc#1210741 jsc#PED-4022). - net: mana: Add support for jumbo frame (bsc#1210551). - net: mana: Check if netdev/napi_alloc_frag returns single page (bsc#1210551). - net: mana: Define and process GDMA response code GDMA_STATUS_MORE_ENTRIES (bsc#1210741 jsc#PED-4022). - net: mana: Define data structures for allocating doorbell page from GDMA (bsc#1210741 jsc#PED-4022). - net: mana: Define data structures for protection domain and memory registration (bsc#1210741 jsc#PED-4022). - net: mana: Define max values for SGL entries (bsc#1210741 jsc#PED-4022). - net: mana: Enable RX path to handle various MTU sizes (bsc#1210551). - net: mana: Export Work Queue functions for use by RDMA driver (bsc#1210741 jsc#PED-4022). - net: mana: Fix perf regression: remove rx_cqes, tx_cqes counters (git-fixes). - net: mana: Handle vport sharing between devices (bsc#1210741 jsc#PED-4022). - net: mana: Move header files to a common location (bsc#1210741 jsc#PED-4022). - net: mana: Record port number in netdev (bsc#1210741 jsc#PED-4022). - net: mana: Record the physical address for doorbell page region (bsc#1210741 jsc#PED-4022). - net: mana: Refactor RX buffer allocation code to prepare for various MTU (bsc#1210551). - net: mana: Rename mana_refill_rxoob and remove some empty lines (bsc#1210551). - net: mana: Set the DMA device max segment size (bsc#1210741 jsc#PED-4022). - net: mana: Use napi_build_skb in RX path (bsc#1210551). - net: mdio: mvusb: Fix an error handling path in mvusb_mdio_probe() (git-fixes). - net: mellanox: mlxbf_gige: Fix skb_panic splat under memory pressure (bsc#1211564). - net: phy: dp83867: add w/a for packet errors seen with short cables (git-fixes). - net: qrtr: correct types of trace event parameters (git-fixes). - net: skip virtio_net_hdr_set_proto if protocol already set (git-fixes). - net: tun: avoid disabling NAPI twice (git-fixes). - net: tun: fix bugs for oversize packet when napi frags enabled (git-fixes). - net: tun: stop NAPI when detaching queues (git-fixes). - net: tun: unlink NAPI from device on destruction (git-fixes). - net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818 (git-fixes). - net: virtio_net_hdr_to_skb: count transport header in UFO (git-fixes). - nilfs2: do not write dirty data after degenerating to read-only (git-fixes). - nilfs2: fix infinite loop in nilfs_mdt_get_block() (git-fixes). - nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode() (git-fixes). - nvme-fc: fix a missing queue put in nvmet_fc_ls_create_association (git-fixes). - nvme-multipath: fix hang when disk goes live over reconnect (git-fixes). - nvme-pci: add quirks for Samsung X5 SSDs (git-fixes). - nvme-pci: add the IGNORE_DEV_SUBNQN quirk for Intel P4500/P4600 SSDs (git-fixes). - nvme-pci: avoid the deepest sleep state on ZHITAI TiPro5000 SSDs (git-fixes). - nvme-pci: avoid the deepest sleep state on ZHITAI TiPro7000 SSDs (git-fixes). - nvme-pci: clear the prp2 field when not used (git-fixes). - nvme-pci: disable write zeroes on various Kingston SSD (git-fixes). - nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags (git-fixes). - nvme-pci: mark Lexar NM760 as IGNORE_DEV_SUBNQN (git-fixes). - nvme-pci: set min_align_mask before calculating max_hw_sectors (git-fixes). - nvme-tcp: fix a possible UAF when failing to allocate an io queue (git-fixes). - nvme-tcp: fix bogus request completion when failing to send AER (git-fixes). - nvme-tcp: lockdep: annotate in-kernel sockets (git-fixes). - nvme: add a bogus subsystem NQN quirk for Micron MTFDKBA2T0TFH (git-fixes). - nvme: also return I/O command effects from nvme_command_effects (git-fixes). - nvme: check for duplicate identifiers earlier (git-fixes). - nvme: cleanup __nvme_check_ids (git-fixes). - nvme: fix discard support without oncs (git-fixes). - nvme: fix interpretation of DMRSL (git-fixes). - nvme: fix multipath crash caused by flush request when blktrace is enabled (git-fixes). - nvme: fix passthrough csi check (git-fixes). - nvme: generalize the nvme_multi_css check in nvme_scan_ns (git-fixes). - nvme: move the Samsung X5 quirk entry to the core quirks (git-fixes). - nvme: rename nvme_validate_or_alloc_ns to nvme_scan_ns (git-fixes). - nvme: set non-mdts limits in nvme_scan_work (git-fixes). - nvmet-tcp: add bounds check on Transfer Tag (git-fixes). - nvmet-tcp: fix lockdep complaint on nvmet_tcp_wq flush during queue teardown (git-fixes). - nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change() (git-fixes). - nvmet: fix mar and mor off-by-one errors (git-fixes). - nvmet: fix memory leak in nvmet_subsys_attr_model_store_locked (git-fixes). - nvmet: fix workqueue MEM_RECLAIM flushing dependency (git-fixes). - nvmet: move the call to nvmet_ns_changed out of nvmet_ns_revalidate (git-fixes). - nvmet: use NVME_CMD_EFFECTS_CSUPP instead of open coding it (git-fixes). - phy: st: miphy28lp: use _poll_timeout functions for waits (git-fixes). - phy: tegra: xusb: Add missing tegra_xusb_port_unregister for usb2_port and ulpi_port (git-fixes). - pinctrl: qcom: lpass-lpi: set output value before enabling output (git-fixes). - pinctrl: renesas: r8a779a0: Remove incorrect AVB[01] pinmux configuration (git-fixes). - platform/x86: hp-wmi: Support touchpad on/off (git-fixes). - platform/x86: thinkpad_acpi: Fix platform profiles on T490 (git-fixes). - platform/x86: touchscreen_dmi: Add info for the Dexp Ursus KX210i (git-fixes). - platform/x86: touchscreen_dmi: Add upside-down quirk for GDIX1002 ts on the Juno Tablet (git-fixes). - power: supply: bq24190_charger: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes). - power: supply: bq27xxx: Add cache parameter to bq27xxx_battery_current_and_status() (git-fixes). - power: supply: bq27xxx: After charger plug in/out wait 0.5s for things to stabilize (git-fixes). - power: supply: bq27xxx: Ensure power_supply_changed() is called on current sign changes (git-fixes). - power: supply: bq27xxx: Fix I2C IRQ race on remove (git-fixes). - power: supply: bq27xxx: Fix poll_interval handling and races on remove (git-fixes). - power: supply: bq27xxx: expose battery data when CI=1 (git-fixes). - power: supply: leds: Fix blink to LED on transition (git-fixes). - power: supply: sbs-charger: Fix INHIBITED bit for Status reg (git-fixes). - powerpc/iommu: DMA address offset is incorrectly calculated with 2MB TCEs (jsc#SLE-19556 git-fixes). - powerpc/rtas: use memmove for potentially overlapping buffer copy (bsc#1065729). - powerpc: Do not try to copy PPR for task with NULL pt_regs (bsc#1065729). - pstore: Revert pmsg_lock back to a normal mutex (git-fixes). - purgatory: fix disabling debug info (git-fixes). - pwm: meson: Fix axg ao mux parents (git-fixes). - pwm: meson: Fix g12a ao clk81 name (git-fixes). - qed/qed_dev: guard against a possible division by zero (jsc#SLE-19001). - qed/qed_mng_tlv: correctly zero out ->min instead of ->hour (jsc#SLE-19001). - qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info (jsc#SLE-19001). - qed: allow sleep in qed_mcp_trace_dump() (jsc#SLE-19001). - qede: execute xdp_do_flush() before napi_complete_done() (jsc#SLE-19001). - r8152: fix flow control issue of RTL8156A (git-fixes). - r8152: fix the poor throughput for 2.5G devices (git-fixes). - r8152: move setting r8153b_rx_agg_chg_indicate() (git-fixes). - regmap: cache: Return error in cache sync operations for REGCACHE_NONE (git-fixes). - regulator: mt6359: add read check for PMIC MT6359 (git-fixes). - regulator: pca9450: Fix BUCK2 enable_mask (git-fixes). - remoteproc: stm32_rproc: Add mutex protection for workqueue (git-fixes). - ring-buffer: Ensure proper resetting of atomic variables in ring_buffer_reset_online_cpus (git-fixes). - ring-buffer: Fix kernel-doc (git-fixes). - ring-buffer: Sync IRQ works before buffer destruction (git-fixes). - rpm/constraints.in: Increase disk size constraint for riscv64 to 52GB - rtmutex: Ensure that the top waiter is always woken up (git-fixes). - s390/ap: fix crash on older machines based on QCI info missing (bsc#1210947) - s390/ctcm: Fix return type of ctc{mp,}m_tx() (git-fixes bsc#1211686). - s390/dasd: fix hanging blockdevice after request requeue (git-fixes bsc#1211687). - s390/extmem: return correct segment type in __segment_load() (bsc#1210450 git-fixes). - s390/kprobes: fix current_kprobe never cleared after kprobes reenter (git-fixes bsc#1211688). - s390/kprobes: fix irq mask clobbering on kprobe reenter from post_handler (git-fixes bsc#1211689). - s390/lcs: Fix return type of lcs_start_xmit() (git-fixes bsc#1211690). - s390/mem_detect: fix detect_memory() error handling (git-fixes bsc#1211691). - s390/netiucv: Fix return type of netiucv_tx() (git-fixes bsc#1211692). - s390/qdio: fix do_sqbs() inline assembly constraint (git-fixes bsc#1211693). - s390/qeth: fix use-after-free in hsci (bsc#1210449 git-fixes). - s390/uaccess: add missing earlyclobber annotations to __clear_user() (bsc#1209856 git-fixes). - s390/vdso: remove -nostdlib compiler flag (git-fixes bsc#1211714). - s390x: Fixed hard lockups while running stress-ng and LPAR hangs (bsc#1195655 ltc#195733). - scsi: core: Improve scsi_vpd_inquiry() checks (git-fixes). - scsi: hisi_sas: Handle NCQ error when IPTT is valid (git-fixes). - scsi: libsas: Add sas_ata_device_link_abort() (git-fixes). - scsi: libsas: Grab the ATA port lock in sas_ata_device_link_abort() (git-fixes). - scsi: lpfc: Add new RCQE status for handling DMA failures (bsc#1211847). - scsi: lpfc: Fix double free in lpfc_cmpl_els_logo_acc() caused by lpfc_nlp_not_used() (bsc#1211847). - scsi: lpfc: Fix verbose logging for SCSI commands issued to SES devices (bsc#1211847). - scsi: lpfc: Match lock ordering of lpfc_cmd->buf_lock and hbalock for abort paths (bsc#1211847). - scsi: lpfc: Replace blk_irq_poll intr handler with threaded IRQ (bsc#1211847). - scsi: lpfc: Update congestion warning notification period (bsc#1211847). - scsi: lpfc: Update lpfc version to 14.2.0.12 (bsc#1211847). - scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS (git-fixes). - scsi: megaraid_sas: Fix fw_crash_buffer_show() (git-fixes). - scsi: qedi: Fix use after free bug in qedi_remove() (git-fixes). - scsi: qla2xxx: Drop redundant pci_enable_pcie_error_reporting() (bsc#1211960). - scsi: qla2xxx: Fix hang in task management (bsc#1211960). - scsi: qla2xxx: Fix mem access after free (bsc#1211960). - scsi: qla2xxx: Fix task management cmd fail due to unavailable resource (bsc#1211960). - scsi: qla2xxx: Fix task management cmd failure (bsc#1211960). - scsi: qla2xxx: Multi-que support for TMF (bsc#1211960). - scsi: qla2xxx: Refer directly to the qla2xxx_driver_template (bsc#1211960). - scsi: qla2xxx: Remove default fabric ops callouts (bsc#1211960). - scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy() (bsc#1211960). - scsi: qla2xxx: Update version to 10.02.08.300-k (bsc#1211960). - scsi: qla2xxx: Wait for io return on terminate rport (bsc#1211960). - scsi: ses: Handle enclosure with just a primary component gracefully (git-fixes). - scsi: storvsc: Do not pass unused PFNs to Hyper-V host (git-fixes). - selftests mount: Fix mount_setattr_test builds failed (git-fixes). - selftests/resctrl: Allow ->setup() to return errors (git-fixes). - selftests/resctrl: Check for return value after write_schemata() (git-fixes). - selftests/resctrl: Extend CPU vendor detection (git-fixes). - selftests/resctrl: Move ->setup() call outside of test specific branches (git-fixes). - selftests/resctrl: Return NULL if malloc_and_init_memory() did not alloc mem (git-fixes). - selftests/sgx: Add "test_encl.elf" to TEST_FILES (git-fixes). - selftests: mptcp: connect: skip if MPTCP is not supported (git-fixes). - selftests: mptcp: pm nl: skip if MPTCP is not supported (git-fixes). - selftests: mptcp: sockopt: skip if MPTCP is not supported (git-fixes). - selftests: seg6: disable DAD on IPv6 router cfg for srv6_end_dt4_l3vpn_test (git-fixes). - selftests: srv6: make srv6_end_dt46_l3vpn_test more robust (git-fixes). - selftests: xsk: Disable IPv6 on VETH1 (git-fixes). - selftets: seg6: disable rp_filter by default in srv6_end_dt4_l3vpn_test (git-fixes). - selinux: do not use make's grouped targets feature yet (git-fixes). - serial: 8250: Reinit port->pm on port specific driver unbind (git-fixes). - serial: 8250_bcm7271: balance clk_enable calls (git-fixes). - serial: 8250_bcm7271: fix leak in `brcmuart_probe` (git-fixes). - serial: 8250_exar: Add support for USR298x PCI Modems (git-fixes). - serial: 8250_tegra: Fix an error handling path in tegra_uart_probe() (git-fixes). - serial: Add support for Advantech PCI-1611U card (git-fixes). - serial: arc_uart: fix of_iomap leak in `arc_serial_probe` (git-fixes). - serial: qcom-geni: fix enabling deactivated interrupt (git-fixes). - serial: stm32: re-introduce an irq flag condition in usart_receive_chars (git-fixes). - sfc: Change VF mac via PF as first preference if available (git-fixes). - sfc: Fix module EEPROM reporting for QSFP modules (git-fixes). - sfc: Fix use-after-free due to selftest_work (git-fixes). - sfc: correctly advertise tunneled IPv6 segmentation (git-fixes). - sfc: ef10: do not overwrite offload features at NIC reset (git-fixes). - sfc: fix TX channel offset when using legacy interrupts (git-fixes). - sfc: fix considering that all channels have TX queues (git-fixes). - sfc: fix null pointer dereference in efx_hard_start_xmit (git-fixes). - sfc: fix wrong tx channel offset with efx_separate_tx_channels (git-fixes). - sfc: include vport_id in filter spec hash and equal() (git-fixes). - smb3: display debug information better for encryption (bsc#1193629). - smb3: fix problem remounting a share after shutdown (bsc#1193629). - smb3: improve parallel reads of large files (bsc#1193629). - smb3: make query_on_disk_id open context consistent and move to common code (bsc#1193629). - smb3: move some common open context structs to smbfs_common (bsc#1193629). - soundwire: qcom: correct setting ignore bit on v1.5.1 (git-fixes). - soundwire: qcom: gracefully handle too many ports in DT (git-fixes). - spi: spi-imx: fix MX51_ECSPI_* macros when cs > 3 (git-fixes). - spi: spi-imx: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes). - staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE (git-fixes). - struct ci_hdrc: hide new member at end (git-fixes). - supported.conf: mark mana_ib supported - swiotlb: relocate PageHighMem test away from rmem_swiotlb_setup (git-fixes). - thunderbolt: Clear registers properly when auto clear isn't in use (bsc#1210165). - thunderbolt: Mask ring interrupt on Intel hardware as well (bsc#1210165). - tools/virtio: compile with -pthread (git-fixes). - tools/virtio: fix the vringh test for virtio ring changes (git-fixes). - tools/virtio: fix virtio_test execution (git-fixes). - tools/virtio: initialize spinlocks in vring_test.c (git-fixes). - tpm, tpm_tis: Claim locality before writing TPM_INT_ENABLE register (git-fixes). - tpm, tpm_tis: Disable interrupts if tpm_tis_probe_irq() failed (git-fixes). - tpm/tpm_tis: Disable interrupts for more Lenovo devices (git-fixes). - tracing: Fix permissions for the buffer_percent file (git-fixes). - tty: serial: fsl_lpuart: use UARTCTRL_TXINV to send break instead of UARTCTRL_SBK (git-fixes). - usb-storage: fix deadlock when a scsi command timeouts more than once (git-fixes). - usb: chipidea: core: fix possible concurrent when switch role (git-fixes). - usb: dwc3: Align DWC3_EP_* flag macros (git-fixes). - usb: dwc3: Fix a repeated word checkpatch warning (git-fixes). - usb: dwc3: Fix ep0 handling when getting reset while doing control transfer (git-fixes). - usb: dwc3: debugfs: Resume dwc3 before accessing registers (git-fixes). - usb: dwc3: drd: use helper to get role-switch-default-mode (git-fixes). - usb: dwc3: ep0: Do not prepare beyond Setup stage (git-fixes). - usb: dwc3: gadget: Delay issuing End Transfer (git-fixes). - usb: dwc3: gadget: Execute gadget stop after halting the controller (git-fixes). - usb: dwc3: gadget: Improve dwc3_gadget_suspend() and dwc3_gadget_resume() (git-fixes). - usb: dwc3: gadget: Only End Transfer for ep0 data phase (git-fixes). - usb: dwc3: gadget: Stall and restart EP0 if host is unresponsive (git-fixes). - usb: dwc3: remove a possible unnecessary 'out of memory' message (git-fixes). - usb: gadget: f_fs: Add unbind event before functionfs_unbind (git-fixes). - usb: gadget: u_ether: Fix host MAC address case (git-fixes). - usb: mtu3: fix kernel panic at qmu transfer done irq handler (git-fixes). - usb: typec: altmodes/displayport: fix pin_assignment_show (git-fixes). - usb: typec: tcpm: fix multiple times discover svids error (git-fixes). - usb: usbfs: Enforce page requirements for mmap (git-fixes). - usb: usbfs: Use consistent mmap functions (git-fixes). - usrmerge: Remove usrmerge compatibility symlink in buildroot (boo#1211796). - vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF (git-fixes). - vdpa: fix use-after-free on vp_vdpa_remove (git-fixes). - vhost/net: Clear the pending messages when the backend is removed (git-fixes). - virtio-net: Keep stop() to follow mirror sequence of open() (git-fixes). - virtio-net: execute xdp_do_flush() before napi_complete_done() (git-fixes). - virtio_net: bugfix overflow inside xdp_linearize_page() (git-fixes). - virtio_net: split free_unused_bufs() (git-fixes). - virtio_net: suppress cpu stall when free_unused_bufs (git-fixes). - watchdog: dw_wdt: Fix the error handling path of dw_wdt_drv_probe() (git-fixes). - watchdog: sp5100_tco: Immediately trigger upon starting (git-fixes). - wifi: ath11k: Fix SKB corruption in REO destination ring (git-fixes). - wifi: ath: Silence memcpy run-time false positive warning (git-fixes). - wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex (git-fixes). - wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace (git-fixes). - wifi: iwlwifi: fix OEM's name in the ppag approved list (git-fixes). - wifi: iwlwifi: fw: fix DBGI dump (git-fixes). - wifi: iwlwifi: mvm: do not trust firmware n_channels (git-fixes). - wifi: iwlwifi: mvm: fix OEM's name in the tas approved list (git-fixes). - wifi: iwlwifi: mvm: fix cancel_delayed_work_sync() deadlock (git-fixes). - wifi: iwlwifi: pcie: Fix integer overflow in iwl_write_to_user_buf (git-fixes). - wifi: iwlwifi: pcie: fix possible NULL pointer dereference (git-fixes). - wifi: mac80211: fix min center freq offset tracing (git-fixes). - wifi: mt76: add flexible polling wait-interval support (git-fixes). - wifi: mt76: mt7921e: Set memory space enable in PCI_COMMAND if unset (git-fixes). - wifi: mt76: mt7921e: fix probe timeout after reboot (git-fixes). - wifi: mt76: mt7921e: improve reliability of dma reset (git-fixes). - wifi: rtl8xxxu: RTL8192EU always needs full init (git-fixes). - workqueue: Fix hung time report of worker pools (bsc#1211044). - workqueue: Interrupted create_worker() is not a repeated event (bsc#1211044). - workqueue: Print backtraces from CPUs with hung CPU bound workqueues (bsc#1211044). - workqueue: Warn when a new worker could not be created (bsc#1211044). - workqueue: Warn when a rescuer could not be created (bsc#1211044). - x86, sched: Fix undefined reference to init_freq_invariance_cppc() build error (git-fixes). - x86/MCE/AMD: Use an u64 for bank_map (git-fixes). - x86/alternative: Make debug-alternative selective (bsc#1206578). - x86/alternative: Report missing return thunk details (git-fixes). - x86/alternative: Support relocations in alternatives (bsc#1206578). - x86/amd: Use IBPB for firmware calls (git-fixes). - x86/boot: Skip realmode init code when running as Xen PV guest (git-fixes). - x86/bugs: Add "unknown" reporting for MMIO Stale Data (git-fixes). - x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available (git-fixes). - x86/bugs: Warn when "ibrs" mitigation is selected on Enhanced IBRS parts (git-fixes). - x86/crash: Disable virt in core NMI crash handler to avoid double shootdown (git-fixes). - x86/delay: Fix the wrong asm constraint in delay_loop() (git-fixes). - x86/entry: Build thunk_$(BITS) only if CONFIG_PREEMPTION=y (git-fixes). - x86/fault: Cast an argument to the proper address space in prefetch() (git-fixes). - x86/fpu/xsave: Initialize offset/size cache early (bsc#1211205). - x86/fpu: Fix copy_xstate_to_uabi() to copy init states correctly (git-fixes). - x86/fpu: Fix the init_fpstate size check with the actual size (git-fixes). - x86/fpu: Use _Alignof to avoid undefined behavior in TYPE_ALIGN (git-fixes). - x86/hyperv: Block root partition functionality in a Confidential VM (git-fixes). - x86/lib/memmove: Decouple ERMS from FSRM (bsc#1206578). - x86/mce: relocate set{clear}_mce_nospec() functions (git-fixes). This is a preparation for the next patch - x86/microcode/AMD: Add a @cpu parameter to the reloading functions (git-fixes). - x86/microcode/AMD: Fix mixed steppings support (git-fixes). - x86/microcode/AMD: Track patch allocation size explicitly (git-fixes). - x86/microcode: Add a parameter to microcode_check() to store CPU capabilities (git-fixes). - x86/microcode: Add explicit CPU vendor dependency (git-fixes). - x86/microcode: Adjust late loading result reporting message (git-fixes). - x86/microcode: Rip out the OLD_INTERFACE (git-fixes). - x86/mm: Cleanup the control_va_addr_alignment() __setup handler (git-fixes). - x86/mm: Use proper mask when setting PUD mapping (git-fixes). - x86/nospec: Unwreck the RSB stuffing (git-fixes). - x86/numa: Use cpumask_available instead of hardcoded NULL check (git-fixes). - x86/pat: Fix x86_has_pat_wp() (git-fixes). - x86/pm: Add enumeration check before spec MSRs save/restore setup (git-fixes). - x86/reboot: Disable SVM, not just VMX, when stopping CPUs (git-fixes). - x86/resctrl: Fix min_cbm_bits for AMD (git-fixes). - x86/sev: Add SEV-SNP guest feature negotiation support (git-fixes). - x86/signal: Fix the value returned by strict_sas_size() (git-fixes). - x86/speculation/mmio: Print SMT warning (git-fixes). - x86/speculation: Identify processors vulnerable to SMT RSB predictions (git-fixes). - x86/static_call: Serialize __static_call_fixup() properly (git-fixes). - x86/syscall: Include asm/ptrace.h in syscall_wrapper header (git-fixes). - x86/topology: Fix duplicated core ID within a package (git-fixes). - x86/topology: Fix multiple packages shown on a single-package system (git-fixes). - x86/tsx: Add a feature bit for TSX control MSR support (git-fixes). - x86: Fix return value of __setup handlers (git-fixes). - x86: drop bogus "cc" clobber from __try_cmpxchg_user_asm() (git-fixes). - xen/netback: do not do grant copy across page boundary (git-fixes). - xen/netback: use same error messages for same errors (git-fixes). - xhci-pci: Only run d3cold avoidance quirk for s2idle (git-fixes). - xhci: Fix incorrect tracking of free space on transfer rings (git-fixes). kernel-default-5.14.21-150400.24.66.1.nosrc.rpm True kernel-default-5.14.21-150400.24.66.1.x86_64.rpm True kernel-default-base-5.14.21-150400.24.66.1.150400.24.29.1.src.rpm True kernel-default-base-5.14.21-150400.24.66.1.150400.24.29.1.x86_64.rpm True kernel-default-5.14.21-150400.24.66.1.s390x.rpm True kernel-default-5.14.21-150400.24.66.1.aarch64.rpm True kernel-default-base-5.14.21-150400.24.66.1.150400.24.29.1.aarch64.rpm True openSUSE-Leap-Micro-5.4-2023-2495 important SUSE Updates openSUSE-Leap-Micro 5.4 This update for libzypp fixes the following issues: - Fix "Curl error 92" when synchronizing SUSE Manager repositories. [bsc#1212187] - Do not unconditionally release a medium if provideFile failed. [bsc#1211661] libzypp-17.31.13-150400.3.30.1.src.rpm True libzypp-17.31.13-150400.3.30.1.x86_64.rpm True libzypp-17.31.13-150400.3.30.1.s390x.rpm True libzypp-17.31.13-150400.3.30.1.aarch64.rpm True openSUSE-Leap-Micro-5.4-2023-2547 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for qemu fixes the following issues: - vCPU stalls in Qemu with NFS storage (bsc#1211000) qemu-6.2.0-150400.37.17.1.src.rpm qemu-6.2.0-150400.37.17.1.x86_64.rpm qemu-accel-tcg-x86-6.2.0-150400.37.17.1.x86_64.rpm qemu-audio-spice-6.2.0-150400.37.17.1.x86_64.rpm qemu-chardev-spice-6.2.0-150400.37.17.1.x86_64.rpm qemu-guest-agent-6.2.0-150400.37.17.1.x86_64.rpm qemu-hw-display-qxl-6.2.0-150400.37.17.1.x86_64.rpm qemu-hw-display-virtio-gpu-6.2.0-150400.37.17.1.x86_64.rpm qemu-hw-display-virtio-vga-6.2.0-150400.37.17.1.x86_64.rpm qemu-hw-usb-redirect-6.2.0-150400.37.17.1.x86_64.rpm qemu-ipxe-1.0.0+-150400.37.17.1.noarch.rpm qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.17.1.noarch.rpm qemu-sgabios-8-150400.37.17.1.noarch.rpm qemu-tools-6.2.0-150400.37.17.1.x86_64.rpm qemu-ui-opengl-6.2.0-150400.37.17.1.x86_64.rpm qemu-ui-spice-core-6.2.0-150400.37.17.1.x86_64.rpm qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.17.1.noarch.rpm qemu-x86-6.2.0-150400.37.17.1.x86_64.rpm qemu-6.2.0-150400.37.17.1.s390x.rpm qemu-audio-spice-6.2.0-150400.37.17.1.s390x.rpm qemu-chardev-spice-6.2.0-150400.37.17.1.s390x.rpm qemu-guest-agent-6.2.0-150400.37.17.1.s390x.rpm qemu-hw-display-qxl-6.2.0-150400.37.17.1.s390x.rpm qemu-hw-display-virtio-gpu-6.2.0-150400.37.17.1.s390x.rpm qemu-hw-display-virtio-vga-6.2.0-150400.37.17.1.s390x.rpm qemu-hw-usb-redirect-6.2.0-150400.37.17.1.s390x.rpm qemu-s390x-6.2.0-150400.37.17.1.s390x.rpm qemu-tools-6.2.0-150400.37.17.1.s390x.rpm qemu-ui-opengl-6.2.0-150400.37.17.1.s390x.rpm qemu-ui-spice-core-6.2.0-150400.37.17.1.s390x.rpm qemu-6.2.0-150400.37.17.1.aarch64.rpm qemu-arm-6.2.0-150400.37.17.1.aarch64.rpm qemu-audio-spice-6.2.0-150400.37.17.1.aarch64.rpm qemu-chardev-spice-6.2.0-150400.37.17.1.aarch64.rpm qemu-guest-agent-6.2.0-150400.37.17.1.aarch64.rpm qemu-hw-display-qxl-6.2.0-150400.37.17.1.aarch64.rpm qemu-hw-display-virtio-gpu-6.2.0-150400.37.17.1.aarch64.rpm qemu-hw-display-virtio-vga-6.2.0-150400.37.17.1.aarch64.rpm qemu-hw-usb-redirect-6.2.0-150400.37.17.1.aarch64.rpm qemu-tools-6.2.0-150400.37.17.1.aarch64.rpm qemu-ui-opengl-6.2.0-150400.37.17.1.aarch64.rpm qemu-ui-spice-core-6.2.0-150400.37.17.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2782 important SUSE Updates openSUSE-Leap-Micro 5.4 The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-35828: Fixed a use-after-free flaw inside renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c (bsc#1212513). - CVE-2023-35823: Fixed a use-after-free in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c (bsc#1212494). - CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212504). - CVE-2023-33288: Fixed a use-after-free in bq24190_remove in drivers/power/supply/bq24190_charger.c (bsc#1211590). - CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests (bsc#1211043). - CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154). - CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940). - CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129). - CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb-core/dvb_frontend.c (bsc#1210783). - CVE-2023-30456: Fixed an issue in arch/x86/kvm/vmx/nested.c with nVMX on x86_64 lacks consistency checks for CR0 and CR4 (bsc#1210294). - CVE-2023-3006: Fixed a known cache speculation vulnerability, known as Branch History Injection (BHI) or Spectre-BHB, for the new hw AmpereOne (bsc#1211855). - CVE-2023-28410: Fixed improper restriction of operations within the bounds of a memory buffer in some Intel(R) i915 Graphics drivers that may have allowed an authenticated user to potentially enable escalation of privilege via local access (bsc#1211263). - CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem (bsc#1211105). - CVE-2023-2483: Fixed a use after free bug in emac_remove due caused by a race condition (bsc#1211037). - CVE-2023-2269: Fixed a denial-of-service problem due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c (bsc#1210806). - CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647). - CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131). - CVE-2023-2124: Fixed an out-of-bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498). - CVE-2023-21102: Fixed possible bypass of shadow stack protection in __efi_rt_asm_wrapper of efi-rt-wrapper.S (bsc#1212155). - CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210533). - CVE-2023-1382: Fixed denial of service in tipc_conn_close (bsc#1209288). - CVE-2023-1380: Fixed a slab-out-of-bound read problem in brcmf_get_assoc_ies() (bsc#1209287). - CVE-2023-1249: Fixed a use-after-free flaw inside the core dump subsystem, that could have been used to crash the system (bsc#1209039). - CVE-2023-1079: Fixed a use-after-free problem that could have been triggered in asus_kbd_backlight_set when plugging/disconnecting a malicious USB device (bsc#1208604). - CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600). - CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803). - CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762). - CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760). - CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758). - CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756). - CVE-2022-4269: Fixed a flaw was found inside the Traffic Control (TC) subsystem (bsc#1206024). The following non-security bugs were fixed: - 3c589_cs: Fix an error handling path in tc589_probe() (git-fixes). - ACPI: EC: Fix oops when removing custom query handlers (git-fixes). - ACPI: bus: Ensure that notify handlers are not running after removal (git-fixes). - ACPI: processor: Fix evaluating _PDC method when running as Xen dom0 (git-fixes). - ACPI: sleep: Avoid breaking S3 wakeup due to might_sleep() (git-fixes). - ACPI: tables: Add support for NBFT (bsc#1195921). - ACPICA: ACPICA: check null return of ACPI_ALLOCATE_ZEROED in acpi_db_display_objects (git-fixes). - ACPICA: Avoid undefined behavior: applying zero offset to null pointer (git-fixes). - ALSA: caiaq: input: Add error handling for unsupported input methods in `snd_usb_caiaq_input_init` (git-fixes). - ALSA: cs46xx: mark snd_cs46xx_download_image as static (git-fixes). - ALSA: firewire-digi00x: prevent potential use after free (git-fixes). - ALSA: hda/ca0132: add quirk for EVGA X299 DARK (git-fixes). - ALSA: hda/realtek: Add Lenovo P3 Tower platform (git-fixes). - ALSA: hda/realtek: Add a quirk for Compaq N14JP6 (git-fixes). - ALSA: hda/realtek: Add a quirk for HP EliteDesk 805 (git-fixes). - ALSA: hda/realtek: Add a quirk for HP Slim Desktop S01 (git-fixes). - ALSA: hda/realtek: Add quirk for 2nd ASUS GU603 (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS UM3402YAR using CS35L41 (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo L140AU (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NS50AU (git-fixes). - ALSA: hda/realtek: Add quirk for HP EliteBook G10 laptops (git-fixes). - ALSA: hda/realtek: Add quirk for ThinkPad P1 Gen 6 (git-fixes). - ALSA: hda/realtek: Add quirks for Asus ROG 2024 laptops using CS35L41 (git-fixes). - ALSA: hda/realtek: Apply HP B&O top speaker profile to Pavilion 15 (git-fixes). - ALSA: hda/realtek: Enable 4 amplifiers instead of 2 on a HP platform (git-fixes). - ALSA: hda/realtek: Enable headset onLenovo M70/M90 (git-fixes). - ALSA: hda/realtek: Fix mute and micmute LEDs for an HP laptop (git-fixes). - ALSA: hda/realtek: Fix mute and micmute LEDs for yet another HP laptop (git-fixes). - ALSA: hda/realtek: support HP Pavilion Aero 13-be0xxx Mute LED (git-fixes). - ALSA: hda: Add NVIDIA codec IDs a3 through a7 to patch table (git-fixes). - ALSA: hda: Fix Oops by 9.1 surround channel names (git-fixes). - ALSA: hda: Fix unhandled register update during auto-suspend period (git-fixes). - ALSA: hda: Glenfly: add HD Audio PCI IDs and HDMI Codec Vendor IDs (git-fixes). - ALSA: oss: avoid missing-prototype warnings (git-fixes). - ALSA: usb-audio: Add a sample rate workaround for Line6 Pod Go (git-fixes). - ALSA: usb-audio: Add quirk flag for HEM devices to enable native DSD playback (git-fixes). - ALSA: usb-audio: Add quirk for Pioneer DDJ-800 (git-fixes). - ALSA: usb-audio: Fix broken resume due to UAC3 power state (git-fixes). - ARM64: dts: Add DTS files for bcmbca SoC BCM6858 (git-fixes). - ARM: 9295/1: unwind:fix unwind abort for uleb128 case (git-fixes) - ARM: 9296/1: HP Jornada 7XX: fix kernel-doc warnings (git-fixes). - ARM: cpu: Switch to arch_cpu_finalize_init() (bsc#1212448). - ARM: dts: qcom: ipq8064: Fix the PCI I/O port range (git-fixes). - ARM: dts: qcom: ipq8064: reduce pci IO size to 64K (git-fixes). - ARM: dts: vexpress: add missing cache properties (git-fixes). - ASOC: Intel: sof_sdw: add quirk for Intel 'Rooks County' NUC M15 (git-fixes). - ASoC: Intel: Skylake: Fix declaration of enum skl_ch_cfg (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Acer Iconia One 7 B1-750 (git-fixes). - ASoC: codecs: wsa881x: do not set can_multi_write flag (git-fixes). - ASoC: dwc: limit the number of overrun messages (git-fixes). - ASoC: dwc: move DMA init to snd_soc_dai_driver probe() (git-fixes). - ASoC: fsl_micfil: Fix error handler with pm_runtime_enable (git-fixes). - ASoC: lpass: Fix for KASAN use_after_free out of bounds (git-fixes). - ASoC: rt5682: Disable jack detection interrupt during suspend (git-fixes). - ASoC: soc-pcm: fix hw->formats cleared by soc_pcm_hw_init() for dpcm (git-fixes). - ASoC: soc-pcm: test if a BE can be prepared (git-fixes). - ASoC: ssm2602: Add workaround for playback distortions (git-fixes). - Add a bug reference to two existing drm-hyperv changes (bsc#1211281). - Also include kernel-docs build requirements for ALP - Avoid unsuported tar parameter on SLE12 - Bluetooth: Fix l2cap_disconnect_req deadlock (git-fixes). - Bluetooth: Fix use-after-free in hci_remove_ltk/hci_remove_irk (git-fixes). - Bluetooth: L2CAP: Add missing checks for invalid DCID (git-fixes). - Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp (git-fixes). - Bluetooth: btintel: Add LE States quirk support (git-fixes). - Bluetooth: hci_bcm: Fall back to getting bdaddr from EFI if not set (git-fixes). - Bluetooth: hci_qca: fix debugfs registration (git-fixes). - Documentation/filesystems: ramfs-rootfs-initramfs: use :Author: (git-fixes). - Documentation/filesystems: sharedsubtree: add section headings (git-fixes). - HID: google: add jewel USB id (git-fixes). - HID: logitech-hidpp: Do not use the USB serial for USB devices (git-fixes). - HID: logitech-hidpp: Reconcile USB and Unifying serials (git-fixes). - HID: microsoft: Add rumble support to latest xbox controllers (bsc#1211280). - HID: wacom: Add new Intuos Pro Small (PTH-460) device IDs (git-fixes). - HID: wacom: Force pen out of prox if no events have been received in a while (git-fixes). - HID: wacom: Set a default resolution for older tablets (git-fixes). - HID: wacom: add three styli to wacom_intuos_get_tool_type (git-fixes). - HID: wacom: avoid integer overflow in wacom_intuos_inout() (git-fixes). - HID: wacom: generic: Set battery quirk only when we see battery data (git-fixes). - IB/hfi1: Fix SDMA mmu_rb_node not being evicted in LRU order (git-fixes) - IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests (git-fixes) - IB/hifi1: add a null check of kzalloc_node in hfi1_ipoib_txreq_init (git-fixes) - IB/rdmavt: add missing locks in rvt_ruc_loopback (git-fixes) - Input: fix open count when closing inhibited device (git-fixes). - Input: psmouse - fix OOB access in Elantech protocol (git-fixes). - Input: xpad - add constants for GIP interface numbers (git-fixes). - Input: xpad - delete a Razer DeathAdder mouse VID/PID entry (git-fixes). - KEYS: asymmetric: Copy sig and digest in public_key_verify_signature() (git-fixes). - KVM: Destroy target device if coalesced MMIO unregistration fails (git-fixes) - KVM: Disallow user memslot with size that exceeds "unsigned long" (git-fixes) - KVM: Do not create VM debugfs files outside of the VM directory (git-fixes) - KVM: Do not set Accessed/Dirty bits for ZERO_PAGE (git-fixes) - KVM: LAPIC: Enable timer posted-interrupt only when mwait/hlt is advertised (git-fixes). - KVM: Prevent module exit until all VMs are freed (git-fixes) - KVM: SVM: Do not rewrite guest ICR on AVIC IPI virtualization failure (git-fixes). - KVM: SVM: Fix benign "bool vs. int" comparison in svm_set_cr0() (git-fixes). - KVM: SVM: Fix potential overflow in SEV's send|receive_update_data() (git-fixes). - KVM: SVM: Require logical ID to be power-of-2 for AVIC entry (git-fixes). - KVM: SVM: Skip WRMSR fastpath on VM-Exit if next RIP isn't valid (git-fixes). - KVM: SVM: hyper-v: placate modpost section mismatch error (git-fixes). - KVM: VMX: Introduce vmx_msr_bitmap_l01_changed() helper (git-fixes). - KVM: VMX: Resume guest immediately when injecting #GP on ECREATE (git-fixes). - KVM: VMX: Set vmcs.PENDING_DBG.BS on #DB in STI/MOVSS blocking shadow (git-fixes). - KVM: VMX: Use is_64_bit_mode() to check 64-bit mode in SGX handler (git-fixes). - KVM: X86: Fix tlb flush for tdp in kvm_invalidate_pcid() (git-fixes). - KVM: arm64: Do not arm a hrtimer for an already pending timer (git-fixes) - KVM: arm64: Do not hypercall before EL2 init (git-fixes) - KVM: arm64: Do not return from void function (git-fixes) - KVM: arm64: Fix PAR_TO_HPFAR() to work independently of PA_BITS. (git-fixes) - KVM: arm64: Fix S1PTW handling on RO memslots (git-fixes) - KVM: arm64: Fix bad dereference on MTE-enabled systems (git-fixes) - KVM: arm64: Fix buffer overflow in kvm_arm_set_fw_reg() (git-fixes) - KVM: arm64: Fix kvm init failure when mode!=vhe and VA_BITS=52. (git-fixes) - KVM: arm64: Free hypervisor allocations if vector slot init fails (git-fixes) - KVM: arm64: GICv4.1: Fix race with doorbell on VPE (git-fixes) - KVM: arm64: Limit length in kvm_vm_ioctl_mte_copy_tags() to INT_MAX (git-fixes) - KVM: arm64: PMU: Restore the guest's EL0 event counting after (git-fixes) - KVM: arm64: Propagate errors from __pkvm_prot_finalize hypercall (git-fixes) - KVM: arm64: Reject 32bit user PSTATE on asymmetric systems (git-fixes) - KVM: arm64: Save PSTATE early on exit (git-fixes) - KVM: arm64: Stop handle_exit() from handling HVC twice when an SError (git-fixes) - KVM: arm64: Treat PMCR_EL1.LC as RES1 on asymmetric systems (git-fixes) - KVM: arm64: nvhe: Eliminate kernel-doc warnings (git-fixes) - KVM: arm64: vgic: Fix exit condition in scan_its_table() (git-fixes) - KVM: arm64: vgic: Read HW interrupt pending state from the HW (git-fixes) - KVM: nVMX: Also filter MSR_IA32_VMX_TRUE_PINBASED_CTLS when eVMCS (git-fixes). - KVM: nVMX: Do not use Enlightened MSR Bitmap for L3 (git-fixes). - KVM: nVMX: Document that ignoring memory failures for VMCLEAR is deliberate (git-fixes). - KVM: nVMX: Emulate NOPs in L2, and PAUSE if it's not intercepted (git-fixes). - KVM: nVMX: Inject #GP, not #UD, if "generic" VMXON CR0/CR4 check fails (git-fixes). - KVM: nVMX: Prioritize TSS T-flag #DBs over Monitor Trap Flag (git-fixes). - KVM: nVMX: Properly expose ENABLE_USR_WAIT_PAUSE control to L1 (git-fixes). - KVM: nVMX: Treat General Detect #DB (DR7.GD=1) as fault-like (git-fixes). - KVM: nVMX: eVMCS: Filter out VM_EXIT_SAVE_VMX_PREEMPTION_TIMER (git-fixes). - KVM: x86/emulator: Emulate RDPID only if it is enabled in guest (git-fixes). - KVM: x86/mmu: avoid NULL-pointer dereference on page freeing bugs (git-fixes). - KVM: x86/pmu: Ignore pmu->global_ctrl check if vPMU does not support global_ctrl (git-fixes). - KVM: x86/svm: add __GFP_ACCOUNT to __sev_dbg_{en,de}crypt_user() (git-fixes). - KVM: x86/vmx: Do not skip segment attributes if unusable bit is set (git-fixes). - KVM: x86/xen: Fix memory leak in kvm_xen_write_hypercall_page() (git-fixes). - KVM: x86: Copy filter arg outside kvm_vm_ioctl_set_msr_filter() (git-fixes). - KVM: x86: Do not change ICR on write to APIC_SELF_IPI (git-fixes). - KVM: x86: Fail emulation during EMULTYPE_SKIP on any exception (git-fixes). - KVM: x86: Inject #GP if WRMSR sets reserved bits in APIC Self-IPI (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.8000001FH (git-fixes). - KVM: x86: Mask off unsupported and unknown bits of IA32_ARCH_CAPABILITIES (git-fixes). - KVM: x86: Protect the unused bits in MSR exiting flags (git-fixes). - KVM: x86: Remove a redundant guest cpuid check in kvm_set_cr4() (git-fixes). - KVM: x86: Report deprecated x87 features in supported CPUID (git-fixes). - KVM: x86: do not set st->preempted when going back to user space (git-fixes). - KVM: x86: fix typo in __try_cmpxchg_user causing non-atomicness (git-fixes). - KVM: x86: ioapic: Fix level-triggered EOI and userspace I/OAPIC reconfigure race (git-fixes). - PCI/ASPM: Remove pcie_aspm_pm_state_change() (git-fixes). - PM: hibernate: Do not get block device exclusively in test_resume mode (git-fixes). - PM: hibernate: Turn snapshot_test into global variable (git-fixes). - PM: hibernate: fix load_image_and_restore() error path (git-fixes). - RDMA/bnxt_re: Fix a possible memory leak (git-fixes) - RDMA/bnxt_re: Fix return value of bnxt_re_process_raw_qp_pkt_rx (git-fixes) - RDMA/bnxt_re: Fix the page_size used during the MR creation (git-fixes) - RDMA/cm: Trace icm_send_rej event before the cm state is reset (git-fixes) - RDMA/core: Fix multiple -Warray-bounds warnings (git-fixes) - RDMA/efa: Fix unsupported page sizes in device (git-fixes) - RDMA/hns: Fix base address table allocation (git-fixes) - RDMA/hns: Fix timeout attr in query qp for HIP08 (git-fixes) - RDMA/hns: Modify the value of long message loopback slice (git-fixes) - RDMA/irdma: Add SW mechanism to generate completions on error (jsc#SLE-18383). - RDMA/irdma: Do not generate SW completions for NOPs (jsc#SLE-18383). - RDMA/irdma: Fix Local Invalidate fencing (git-fixes) - RDMA/irdma: Fix RQ completion opcode (jsc#SLE-18383). - RDMA/irdma: Fix drain SQ hang with no completion (jsc#SLE-18383). - RDMA/irdma: Fix inline for multiple SGE's (jsc#SLE-18383). - RDMA/irdma: Prevent QP use after free (git-fixes) - RDMA/irdma: Remove enum irdma_status_code (jsc#SLE-18383). - RDMA/irdma: Remove excess error variables (jsc#SLE-18383). - RDMA/mana: Remove redefinition of basic u64 type (bsc#1210741 jsc#PED-4022). - RDMA/mana: hide new rdma_driver_ids (bsc#1210741 jsc#PED-4022). - RDMA/mana_ib: Add a driver for Microsoft Azure Network Adapter (bsc#1210741 jsc#PED-4022). - RDMA/mana_ib: Fix a bug when the PF indicates more entries for registering memory on first packet (bsc#1210741 jsc#PED-4022). - RDMA/mana_ib: Prevent array underflow in mana_ib_create_qp_raw() (bsc#1210741 jsc#PED-4022). - RDMA/mlx4: Prevent shift wrapping in set_user_sq_size() (jsc#SLE-19255). - RDMA/mlx5: Fix flow counter query via DEVX (git-fixes) - RDMA/mlx5: Use correct device num_ports when modify DC (git-fixes) - RDMA/rdmavt: Delete unnecessary NULL check (git-fixes) - RDMA/rtrs-clt: Replace list_next_or_null_rr_rcu with an inline function (git-fixes) - RDMA/rtrs-srv: Pass the correct number of entries for dma mapped SGL (git-fixes) - RDMA/rxe: Fix the error "trying to register non-static key in rxe_cleanup_task" (git-fixes) - RDMA/rxe: Remove tasklet call from rxe_cq.c (git-fixes) - RDMA/siw: Fix potential page_array out of range access (git-fixes) - RDMA/siw: Remove namespace check from siw_netdev_event() (git-fixes) - RDMA/srpt: Add a check for valid 'mad_agent' pointer (git-fixes) - Remove orphaned CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT (bsc#1189998 git-fixes). - Revert "KVM: set owner of cpu and vm file operations" (git-fixes) - SMB3.1.1: add new tree connect ShareFlags (bsc#1193629). - SMB3: Add missing locks to protect deferred close file list (git-fixes). - SMB3: Close all deferred handles of inode in case of handle lease break (bsc#1193629). - SMB3: Close deferred file handles in case of handle lease break (bsc#1193629). - SMB3: drop reference to cfile before sending oplock break (bsc#1193629). - SMB3: force unmount was failing to close deferred close files (bsc#1193629). - SUNRPC: Clean up svc_deferred_class trace events (git-fixes). - SUNRPC: fix breakage caused by introduction of rq_xprt_ctxt (bsc#1210775). - Squashfs: fix handling and sanity checking of xattr_ids count (git-fixes). - Trim obsolete KMP list. SLE11 is out of support, we do not need to handle upgrading from SLE11 SP1. - USB / dwc3: Fix a checkpatch warning in core.c (git-fixes). - USB: UHCI: adjust zhaoxin UHCI controllers OverCurrent bit value (git-fixes). - USB: core: Add routines for endpoint checks in old drivers (git-fixes). - USB: dwc3: fix use-after-free on core driver unbind (git-fixes). - USB: dwc3: qcom: fix NULL-deref on suspend (git-fixes). - USB: serial: option: add Quectel EM061KGL series (git-fixes). - USB: sisusbvga: Add endpoint checks (git-fixes). - USB: usbtmc: Fix direction for 0-length ioctl control messages (git-fixes). - affs: initialize fsdata in affs_truncate() (git-fixes). - apparmor: add a kernel label to use on kernel objects (bsc#1211113). - arm64: Always load shadow stack pointer directly from the task struct (git-fixes) - arm64: Stash shadow stack pointer in the task struct on interrupt (git-fixes) - arm64: dts: Add DTS files for bcmbca SoC BCM4912 (git-fixes). - arm64: dts: Add DTS files for bcmbca SoC BCM63158 (git-fixes). - arm64: dts: Add base DTS file for bcmbca device Asus GT-AX6000 (git-fixes). - arm64: dts: broadcom: bcm4908: add DT for Netgear RAXE500 (git-fixes). - arm64: dts: imx8-ss-dma: assign default clock rate for lpuarts (git-fixes). - arm64: dts: imx8mn-beacon: Fix SPI CS pinmux (git-fixes). - arm64: dts: imx8qm-mek: correct GPIOs for USDHC2 CD and WP signals (git-fixes). - arm64: dts: qcom: msm8996: Add missing DWC3 quirks (git-fixes). - arm64: dts: qcom: sc7180-lite: Fix SDRAM freq for misidentified sc7180-lite boards (git-fixes). - arm64: errata: add detection for AMEVCNTR01 incrementing incorrectly (git-fixes). - arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes) - arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes). - asm-generic/io.h: suppress endianness warnings for readq() and writeq() (git-fixes). - ata: libata-scsi: Use correct device no in ata_find_dev() (git-fixes). - ata: pata_octeon_cf: drop kernel-doc notation (git-fixes). - ath6kl: Use struct_group() to avoid size-mismatched casting (git-fixes). - batman-adv: Broken sync while rescheduling delayed work (git-fixes). - block: add a bdev_max_zone_append_sectors helper (git-fixes). - bluetooth: Add cmd validity checks at the start of hci_sock_ioctl() (git-fixes). - bnxt: Do not read past the end of test names (jsc#SLE-18978). - bnxt: prevent skb UAF after handing over to PTP worker (jsc#SLE-18978). - bnxt_en: Add missing 200G link speed reporting (jsc#SLE-18978). - bnxt_en: Avoid order-5 memory allocation for TPA data (jsc#SLE-18978). - bnxt_en: Do not initialize PTP on older P3/P4 chips (jsc#SLE-18978). - bnxt_en: Do not issue AP reset during ethtool's reset operation (git-fixes). - bnxt_en: Fix mqprio and XDP ring checking logic (jsc#SLE-18978). - bnxt_en: Fix reporting of test result in ethtool selftest (jsc#SLE-18978). - bnxt_en: Fix typo in PCI id to device description string mapping (jsc#SLE-18978). - bnxt_en: Implement .set_port / .unset_port UDP tunnel callbacks (git-fixes). - bnxt_en: Query default VLAN before VNIC setup on a VF (git-fixes). - bnxt_en: Skip firmware fatal error recovery if chip is not accessible (git-fixes). - bnxt_en: fix NQ resource accounting during vf creation on 57500 chips (jsc#SLE-18978). - bnxt_en: set missing reload flag in devlink features (jsc#SLE-18978). - bpf, arm64: Call build_prologue() first in first JIT pass (git-fixes) - bpf, arm64: Clear prog->jited_len along prog->jited (git-fixes) - bpf, arm64: Feed byte-offset into bpf line info (git-fixes) - bpf, arm64: Use emit_addr_mov_i64() for BPF_PSEUDO_FUNC (git-fixes) - bpf: Add extra path pointer check to d_path helper (git-fixes). - bpf: Fix UAF in task local storage (bsc#1212564). - can: isotp: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes). - can: j1939: avoid possible use-after-free when j1939_can_rx_register fails (git-fixes). - can: j1939: change j1939_netdev_lock type to mutex (git-fixes). - can: j1939: j1939_sk_send_loop_abort(): improved error queue handling in J1939 Socket (git-fixes). - can: j1939: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes). - can: kvaser_pciefd: Call request_irq() before enabling interrupts (git-fixes). - can: kvaser_pciefd: Clear listen-only bit if not explicitly requested (git-fixes). - can: kvaser_pciefd: Disable interrupts in probe error path (git-fixes). - can: kvaser_pciefd: Do not send EFLUSH command on TFD interrupt (git-fixes). - can: kvaser_pciefd: Empty SRB buffer in probe (git-fixes). - can: kvaser_pciefd: Set CAN_STATE_STOPPED in kvaser_pciefd_stop() (git-fixes). - can: kvaser_usb: Add struct kvaser_usb_busparams (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: Get capabilities from device (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: Handle CMD_ERROR_EVENT (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: Rename {leaf,usbcan}_cmd_error_event to {leaf,usbcan}_cmd_can_error_event (git-fixes). - can: kvaser_usb_leaf: Fix overread with an invalid command (git-fixes). - cassini: Fix a memory leak in the error handling path of cas_init_one() (git-fixes). - ceph: fix use-after-free bug for inodes when flushing capsnaps (bsc#1212540). - ceph: force updating the msg pointer in non-split case (bsc#1211804). - cgroup.c: add helper __cset_cgroup_from_root to cleanup duplicated codes (bsc#1203906). - cgroup: Homogenize cgroup_get_from_id() return value (bsc#1205650). - cgroup: Honor caller's cgroup NS when resolving path (bsc#1205650). - cgroup: Make cgroup_get_from_id() prettier (bsc#1205650). - cgroup: Reorganize css_set_lock and kernfs path processing (bsc#1205650). - cgroup: Use cgroup_attach_{lock,unlock}() from cgroup_attach_task_all() (bsc#1212563). - cgroup: always put cset in cgroup_css_set_put_fork (bsc#1212561). - cgroup: cgroup: Honor caller's cgroup NS when resolving cgroup id (bsc#1205650). - cgroup: fix missing cpus_read_{lock,unlock}() in cgroup_transfer_tasks() (bsc#1212563). - cgroup: reduce dependency on cgroup_mutex (bsc#1205650). - cifs: Avoid a cast in add_lease_context() (bsc#1193629). - cifs: Simplify SMB2_open_init() (bsc#1193629). - cifs: Simplify SMB2_open_init() (bsc#1193629). - cifs: Simplify SMB2_open_init() (bsc#1193629). - cifs: avoid dup prefix path in dfs_get_automount_devname() (git-fixes). - cifs: avoid potential races when handling multiple dfs tcons (bsc#1208758). - cifs: fix pcchunk length type in smb2_copychunk_range (bsc#1193629). - cifs: fix potential race when tree connecting ipc (bsc#1208758). - cifs: fix potential use-after-free bugs in TCP_Server_Info::hostname (bsc#1208758). - cifs: fix sharing of DFS connections (bsc#1208758). - cifs: fix smb1 mount regression (bsc#1193629). - cifs: mapchars mount option ignored (bsc#1193629). - cifs: missing lock when updating session status (bsc#1193629). - cifs: print smb3_fs_context::source when mounting (bsc#1193629). - cifs: protect access of TCP_Server_Info::{origin,leaf}_fullpath (bsc#1208758). - cifs: protect session status check in smb2_reconnect() (bsc#1208758). - cifs: release leases for deferred close handles when freezing (bsc#1193629). - cifs: sanitize paths in cifs_update_super_prepath (git-fixes). - cifs: update internal module version number for cifs.ko (bsc#1193629). - clk: qcom: gcc-sm8350: fix PCIe PIPE clocks handling (git-fixes). - clk: qcom: regmap: add PHY clock source implementation (git-fixes). - clk: tegra20: fix gcc-7 constant overflow warning (git-fixes). - configfs: fix possible memory leak in configfs_create_dir() (git-fixes). - crypto: acomp - define max size for destination (jsc#PED-3692) - crypto: drivers - move from strlcpy with unused retval to (jsc#PED-3692) - crypto: qat - Fix unsigned function returning negative (jsc#PED-3692) - crypto: qat - Removes the x86 dependency on the QAT drivers (jsc#PED-3692) - crypto: qat - abstract PFVF messages with struct pfvf_message (jsc#PED-3692) - crypto: qat - abstract PFVF receive logic (jsc#PED-3692) - crypto: qat - abstract PFVF send function (jsc#PED-3692) - crypto: qat - add PFVF support to enable the reset of ring (jsc#PED-3692) - crypto: qat - add PFVF support to the GEN4 host driver (jsc#PED-3692) - crypto: qat - add VF and PF wrappers to common send function (jsc#PED-3692) - crypto: qat - add backlog mechanism (jsc#PED-3692) - crypto: qat - add check for invalid PFVF protocol version 0 (jsc#PED-3692) - crypto: qat - add check to validate firmware images (jsc#PED-3692) - crypto: qat - add limit to linked list parsing (jsc#PED-3692) - crypto: qat - add misc workqueue (jsc#PED-3692) - crypto: qat - add missing restarting event notification in (jsc#PED-3692) - crypto: qat - add param check for DH (jsc#PED-3692) - crypto: qat - add param check for RSA (jsc#PED-3692) - crypto: qat - add pfvf_ops (jsc#PED-3692) - crypto: qat - add resubmit logic for decompression (jsc#PED-3692) - crypto: qat - add support for 401xx devices (jsc#PED-3692) - crypto: qat - add support for compression for 4xxx (jsc#PED-3692) - crypto: qat - add the adf_get_pmisc_base() helper function (jsc#PED-3692) - crypto: qat - allow detection of dc capabilities for 4xxx (jsc#PED-3692) - crypto: qat - change PFVF ACK behaviour (jsc#PED-3692) - crypto: qat - change behaviour of (jsc#PED-3692) - crypto: qat - change bufferlist logic interface (jsc#PED-3692) - crypto: qat - config VFs based on ring-to-svc mapping (jsc#PED-3692) - crypto: qat - differentiate between pf2vf and vf2pf offset (jsc#PED-3692) - crypto: qat - disable AER if an error occurs in probe (jsc#PED-3692) - crypto: qat - do not handle PFVF sources for qat_4xxx (jsc#PED-3692) - crypto: qat - do not rely on min version (jsc#PED-3692) - crypto: qat - enable deflate for QAT GEN4 (jsc#PED-3692) - crypto: qat - enable power management for QAT GEN4 (jsc#PED-3692) - crypto: qat - exchange device capabilities over PFVF (jsc#PED-3692) - crypto: qat - exchange ring-to-service mappings over PFVF (jsc#PED-3692) - crypto: qat - expose deflate through acomp api for QAT GEN2 (jsc#PED-3692) - crypto: qat - expose device config through sysfs for 4xxx (jsc#PED-3692) - crypto: qat - expose device state through sysfs for 4xxx (jsc#PED-3692) - crypto: qat - extend buffer list interface (jsc#PED-3692) - crypto: qat - extend crypto capability detection for 4xxx (jsc#PED-3692) - crypto: qat - extract send and wait from (jsc#PED-3692) - crypto: qat - fix DMA transfer direction (jsc#PED-3692) - crypto: qat - fix ETR sources enabled by default on GEN2 (jsc#PED-3692) - crypto: qat - fix VF IDs in PFVF log messages (jsc#PED-3692) - crypto: qat - fix a signedness bug in get_service_enabled() (jsc#PED-3692) - crypto: qat - fix a typo in a comment (jsc#PED-3692) - crypto: qat - fix access to PFVF interrupt registers for GEN4 (jsc#PED-3692) - crypto: qat - fix definition of ring reset results (jsc#PED-3692) - crypto: qat - fix error return code in adf_probe (jsc#PED-3692) - crypto: qat - fix handling of VF to PF interrupts (jsc#PED-3692) - crypto: qat - fix initialization of pfvf cap_msg structures (jsc#PED-3692) - crypto: qat - fix initialization of pfvf rts_map_msg (jsc#PED-3692) - crypto: qat - fix off-by-one error in PFVF debug print (jsc#PED-3692) - crypto: qat - fix wording and formatting in code comment (jsc#PED-3692) - crypto: qat - flush vf workqueue at driver removal (jsc#PED-3692) - crypto: qat - free irq in case of failure (jsc#PED-3692) - crypto: qat - free irqs only if allocated (jsc#PED-3692) - crypto: qat - generalize crypto request buffers (jsc#PED-3692) - crypto: qat - get compression extended capabilities (jsc#PED-3692) - crypto: qat - handle retries due to collisions in (jsc#PED-3692) - crypto: qat - honor CRYPTO_TFM_REQ_MAY_SLEEP flag (jsc#PED-3692) - crypto: qat - improve logging of PFVF messages (jsc#PED-3692) - crypto: qat - improve the ACK timings in PFVF send (jsc#PED-3692) - crypto: qat - introduce support for PFVF block messages (jsc#PED-3692) - crypto: qat - leverage bitfield.h utils for PFVF messages (jsc#PED-3692) - crypto: qat - leverage read_poll_timeout in PFVF send (jsc#PED-3692) - crypto: qat - leverage the GEN2 VF mask definiton (jsc#PED-3692) - crypto: qat - make PFVF message construction direction (jsc#PED-3692) - crypto: qat - make PFVF send and receive direction agnostic (jsc#PED-3692) - crypto: qat - move VF message handler to adf_vf2pf_msg.c (jsc#PED-3692) - crypto: qat - move and rename GEN4 error register definitions (jsc#PED-3692) - crypto: qat - move interrupt code out of the PFVF handler (jsc#PED-3692) - crypto: qat - move pfvf collision detection values (jsc#PED-3692) - crypto: qat - move vf2pf interrupt helpers (jsc#PED-3692) - crypto: qat - pass the PF2VF responses back to the callers (jsc#PED-3692) - crypto: qat - prevent spurious MSI interrupt in VF (jsc#PED-3692) - crypto: qat - re-enable interrupts for legacy PFVF messages (jsc#PED-3692) - crypto: qat - re-enable registration of algorithms (jsc#PED-3692) - crypto: qat - refactor PF top half for PFVF (jsc#PED-3692) - crypto: qat - refactor pfvf version request messages (jsc#PED-3692) - crypto: qat - refactor submission logic (jsc#PED-3692) - crypto: qat - relocate PFVF PF related logic (jsc#PED-3692) - crypto: qat - relocate PFVF VF related logic (jsc#PED-3692) - crypto: qat - relocate PFVF disabled function (jsc#PED-3692) - crypto: qat - relocate and rename adf_sriov_prepare_restart() (jsc#PED-3692) - crypto: qat - relocate backlog related structures (jsc#PED-3692) - crypto: qat - relocate bufferlist logic (jsc#PED-3692) - crypto: qat - relocate qat_algs_alloc_flags() (jsc#PED-3692) - crypto: qat - remove duplicated logic across GEN2 drivers (jsc#PED-3692) - crypto: qat - remove empty sriov_configure() (jsc#PED-3692) - crypto: qat - remove line wrapping for pfvf_ops functions (jsc#PED-3692) - crypto: qat - remove the unnecessary get_vintmsk_offset() (jsc#PED-3692) - crypto: qat - remove unmatched CPU affinity to cluster IRQ (jsc#PED-3692) - crypto: qat - remove unnecessary tests to detect PFVF support (jsc#PED-3692) - crypto: qat - remove unneeded assignment (jsc#PED-3692) - crypto: qat - remove unneeded braces (jsc#PED-3692) - crypto: qat - remove unneeded packed attribute (jsc#PED-3692) - crypto: qat - remove unused PFVF stubs (jsc#PED-3692) - crypto: qat - rename and relocate GEN2 config function (jsc#PED-3692) - crypto: qat - rename bufferlist functions (jsc#PED-3692) - crypto: qat - rename pfvf collision constants (jsc#PED-3692) - crypto: qat - reorganize PFVF code (jsc#PED-3692) - crypto: qat - reorganize PFVF protocol definitions (jsc#PED-3692) - crypto: qat - replace deprecated MSI API (jsc#PED-3692) - crypto: qat - replace disable_vf2pf_interrupts() (jsc#PED-3692) - crypto: qat - replace get_current_node() with numa_node_id() (jsc#PED-3692) - crypto: qat - rework the VF2PF interrupt handling logic (jsc#PED-3692) - crypto: qat - set CIPHER capability for QAT GEN2 (jsc#PED-3692) - crypto: qat - set COMPRESSION capability for DH895XCC (jsc#PED-3692) - crypto: qat - set COMPRESSION capability for QAT GEN2 (jsc#PED-3692) - crypto: qat - set DMA mask to 48 bits for Gen2 (jsc#PED-3692) - crypto: qat - set PFVF_MSGORIGIN just before sending (jsc#PED-3692) - crypto: qat - share adf_enable_pf2vf_comms() from (jsc#PED-3692) - crypto: qat - simplify adf_enable_aer() (jsc#PED-3692) - crypto: qat - simplify code and axe the use of a deprecated (jsc#PED-3692) - crypto: qat - split PFVF message decoding from handling (jsc#PED-3692) - crypto: qat - stop using iommu_present() (jsc#PED-3692) - crypto: qat - store the PFVF protocol version of the (jsc#PED-3692) - crypto: qat - store the ring-to-service mapping (jsc#PED-3692) - crypto: qat - support fast ACKs in the PFVF protocol (jsc#PED-3692) - crypto: qat - support the reset of ring pairs on PF (jsc#PED-3692) - crypto: qat - test PFVF registers for spurious interrupts on (jsc#PED-3692) - crypto: qat - use enums for PFVF protocol codes (jsc#PED-3692) - crypto: qat - use hweight for bit counting (jsc#PED-3692) - crypto: qat - use pre-allocated buffers in datapath (jsc#PED-3692) - crypto: qat - use reference to structure in dma_map_single() (jsc#PED-3692) - crypto: qat - use u32 variables in all GEN4 pfvf_ops (jsc#PED-3692) - crypto: sun8i-ss - Fix a test in sun8i_ss_setup_ivs() (git-fixes). - cxgb4: fix missing unlock on ETHOFLD desc collect fail path (jsc#SLE-18992). - debugfs: fix error when writing negative value to atomic_t debugfs file (git-fixes). - dma: gpi: remove spurious unlock in gpi_ch_init (git-fixes). - dmaengine: at_xdmac: Move the free desc to the tail of the desc list (git-fixes). - dmaengine: at_xdmac: do not enable all cyclic channels (git-fixes). - dmaengine: at_xdmac: fix potential Oops in at_xdmac_prep_interleaved() (git-fixes). - dmaengine: dw-edma: Fix to change for continuous transfer (git-fixes). - dmaengine: dw-edma: Fix to enable to issue dma request on DMA processing (git-fixes). - dmaengine: idxd: Do not enable user type Work Queue without Shared Virtual Addressing (git-fixes). - dmaengine: idxd: Only call idxd_enable_system_pasid() if succeeded in enabling SVA feature (git-fixes). - dmaengine: idxd: Separate user and kernel pasid enabling (git-fixes). - dmaengine: mv_xor_v2: Fix an error code (git-fixes). - dmaengine: pl330: rename _start to prevent build error (git-fixes). - do not reuse connection if share marked as isolated (bsc#1193629). - docs: networking: fix x25-iface.rst heading & index order (git-fixes). - drivers: base: component: fix memory leak with using debugfs_lookup() (git-fixes). - drivers: base: dd: fix memory leak with using debugfs_lookup() (git-fixes). - drm/amd/display: Fix hang when skipping modeset (git-fixes). - drm/amd/display: Use DC_LOG_DC in the trasform pixel function (git-fixes). - drm/amd/display: edp do not add non-edid timings (git-fixes). - drm/amd/display: fix flickering caused by S/G mode (git-fixes). - drm/amd/pm: Fix power context allocation in SMU13 (git-fixes). - drm/amd/pm: reverse mclk and fclk clocks levels for renoir (git-fixes). - drm/amd/pm: reverse mclk and fclk clocks levels for vangogh (git-fixes). - drm/amd/pm: reverse mclk and fclk clocks levels for yellow carp (git-fixes). - drm/amd: Fix an out of bounds error in BIOS parser (git-fixes). - drm/amdgpu/gfx: disable gfx9 cp_ecc_error_irq only when enabling legacy gfx ras (git-fixes). - drm/amdgpu: Fix vram recover does not work after whole GPU reset (v2) (git-fixes). - drm/amdgpu: Use the default reset when loading or reloading the driver (git-fixes). - drm/amdgpu: add a missing lock for AMDGPU_SCHED (git-fixes). - drm/amdgpu: disable sdma ecc irq only when sdma RAS is enabled in suspend (git-fixes). - drm/amdgpu: fix xclk freq on CHIP_STONEY (git-fixes). - drm/amdgpu: release gpu full access after "amdgpu_device_ip_late_init" (git-fixes). - drm/amdgpu: skip disabling fence driver src_irqs when device is unplugged (git-fixes). - drm/amdgpu: update drm_display_info correctly when the edid is read (git-fixes). - drm/ast: Fix ARM compatibility (git-fixes). - drm/displayid: add displayid_get_header() and check bounds better (git-fixes). - drm/exynos: fix g2d_open/close helper function definitions (git-fixes). - drm/i915/dg2: Add HDMI pixel clock frequencies 267.30 and 319.89 MHz (git-fixes). - drm/i915/dg2: Add additional HDMI pixel clock frequencies (git-fixes). - drm/i915/dg2: Support 4k@30 on HDMI (git-fixes). - drm/i915/dp: prevent potential div-by-zero (git-fixes). - drm/i915/gt: Use the correct error value when kernel_context() fails (git-fixes). - drm/i915/selftests: Add some missing error propagation (git-fixes). - drm/i915/selftests: Increase timeout for live_parallel_switch (git-fixes). - drm/i915/selftests: Stop using kthread_stop() (git-fixes). - drm/i915: Explain the magic numbers for AUX SYNC/precharge length (git-fixes). - drm/i915: Use 18 fast wake AUX sync len (git-fixes). - drm/mipi-dsi: Set the fwnode for mipi_dsi_device (git-fixes). - drm/msm/dp: Clean up handling of DP AUX interrupts (git-fixes). - drm/msm/dp: unregister audio driver during unbind (git-fixes). - drm/msm/dpu: Add INTF_5 interrupts (git-fixes). - drm/msm/dpu: Move non-MDP_TOP INTF_INTR offsets out of hwio header (git-fixes). - drm/msm/dpu: Remove duplicate register defines from INTF (git-fixes). - drm/msm: Be more shouty if per-process pgtables are not working (git-fixes). - drm/msm: Set max segment size earlier (git-fixes). - drm/nouveau/dp: check for NULL nv_connector->native_mode (git-fixes). - drm/nouveau: add nv_encoder pointer check for NULL (git-fixes). - drm/nouveau: do not detect DSM for non-NVIDIA device (git-fixes). - drm/sched: Remove redundant check (git-fixes). - drm/tegra: Avoid potential 32-bit integer overflow (git-fixes). - drm/ttm/pool: Fix ttm_pool_alloc error path (git-fixes). - drm/ttm: optimize pool allocations a bit v2 (git-fixes). - drm:amd:amdgpu: Fix missing buffer object unlock in failure path (git-fixes). - dt-binding: cdns,usb3: Fix cdns,on-chip-buff-size type (git-fixes). - dt-bindings: ata: ahci-ceva: Cover all 4 iommus entries (git-fixes). - dt-bindings: ata: ahci-ceva: convert to yaml (git-fixes). - dt-bindings: i3c: silvaco,i3c-master: fix missing schema restriction (git-fixes). - dt-bindings: iio: adc: renesas,rcar-gyroadc: Fix adi,ad7476 compatible value (git-fixes). - dt-bindings: usb: snps,dwc3: Fix "snps,hsphy_interface" type (git-fixes). - eeprom: at24: also select REGMAP (git-fixes). - ext4: unconditionally enable the i_version counter (bsc#1211299). - f2fs: Fix f2fs_truncate_partial_nodes ftrace event (git-fixes). - fbcon: Fix null-ptr-deref in soft_cursor (git-fixes). - fbdev: Prevent possible use-after-free in fb_release() (bsc#1152472). - fbdev: arcfb: Fix error handling in arcfb_probe() (git-fixes). - fbdev: ep93xx-fb: Add missing clk_disable_unprepare in ep93xxfb_probe() (git-fixes). - fbdev: fbcon: Destroy mutex on freeing struct fb_info (bsc#1152489) - fbdev: imsttfb: Fix use after free bug in imsttfb_probe (git-fixes bsc#1211387). - fbdev: modedb: Add 1920x1080 at 60 Hz video mode (git-fixes). - fbdev: stifb: Fall back to cfb_fillrect() on 32-bit HCRX cards (git-fixes). - fbdev: stifb: Fix info entry in sti_struct on error path (git-fixes). - fbdev: udlfb: Fix endpoint check (git-fixes). - firmware: arm_ffa: Check if ffa_driver remove is present before executing (git-fixes). - firmware: arm_ffa: Set handle field to zero in memory descriptor (git-fixes). - firmware: arm_ffa: Set reserved/MBZ fields to zero in the memory descriptors (git-fixes). - fs/jfs: fix shift exponent db_agl2size negative (git-fixes). - fs: hfsplus: fix UAF issue in hfsplus_put_super (git-fixes). - fs: jfs: fix possible NULL pointer dereference in dbFree() (git-fixes). - fs: jfs: fix shift-out-of-bounds in dbAllocAG (git-fixes). - fs: jfs: fix shift-out-of-bounds in dbDiscardAG (git-fixes). - fs: sysv: Fix sysv_nblocks() returns wrong value (git-fixes). - fuse: always revalidate rename target dentry (bsc#1211808). - fuse: fix attr version comparison in fuse_read_update_size() (bsc#1211807). - futex: Resend potentially swallowed owner death notification (git-fixes). - google/gve:fix repeated words in comments (bsc#1211519). - gpio: mockup: Fix mode of debugfs files (git-fixes). - gve: Adding a new AdminQ command to verify driver (bsc#1211519). - gve: Cache link_speed value from device (git-fixes). - gve: Fix error return code in gve_prefill_rx_pages() (bsc#1211519). - gve: Fix spelling mistake "droping" -> "dropping" (bsc#1211519). - gve: Handle alternate miss completions (bsc#1211519). - gve: Reduce alloc and copy costs in the GQ rx path (bsc#1211519). - gve: Remove the code of clearing PBA bit (git-fixes). - gve: Secure enough bytes in the first TX desc for all TCP pkts (git-fixes). - gve: enhance no queue page list detection (bsc#1211519). - hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling (git-fixes). - hfs/hfsplus: use WARN_ON for sanity check (git-fixes). - hfs: Fix OOB Write in hfs_asc2mac (git-fixes). - hfs: fix OOB Read in __hfs_brec_find (git-fixes). - hfs: fix missing hfs_bnode_get() in __hfs_bnode_create (git-fixes). - hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount (git-fixes). - i2c: mv64xxx: Fix reading invalid status value in atomic mode (git-fixes). - i2c: omap: Fix standard mode false ACK readings (git-fixes). - i2c: sprd: Delete i2c adapter in .remove's error path (git-fixes). - i2c: tegra: Fix PEC support for SMBUS block read (git-fixes). - i40e: Add checking for null for nlmsg_find_attr() (jsc#SLE-18378). - i40e: Fix ADQ rate limiting for PF (jsc#SLE-18378). - i40e: Fix DMA mappings leak (jsc#SLE-18378). - i40e: Fix VF hang when reset is triggered on another VF (jsc#SLE-18378). - i40e: Fix VF set max MTU size (jsc#SLE-18378). - i40e: Fix VF's MAC Address change on VM (jsc#SLE-18378). - i40e: Fix adding ADQ filter to TC0 (jsc#SLE-18378). - i40e: Fix calculating the number of queue pairs (jsc#SLE-18378). - i40e: Fix erroneous adapter reinitialization during recovery process (jsc#SLE-18378). - i40e: Fix ethtool rx-flow-hash setting for X722 (jsc#SLE-18378). - i40e: Fix flow-type by setting GL_HASH_INSET registers (jsc#SLE-18378). - i40e: Fix for VF MAC address 0 (jsc#SLE-18378). - i40e: Fix incorrect address type for IPv6 flow rules (jsc#SLE-18378). - i40e: Fix interface init with MSI interrupts (no MSI-X) (jsc#SLE-18378). - i40e: Fix kernel crash during module removal (jsc#SLE-18378). - i40e: Fix kernel crash during reboot when adapter is in recovery mode (jsc#SLE-18378). - i40e: Fix set max_tx_rate when it is lower than 1 Mbps (jsc#SLE-18378). - i40e: Fix the inability to attach XDP program on downed interface (jsc#SLE-18378). - i40e: Refactor tc mqprio checks (jsc#SLE-18378). - i40e: add double of VLAN header when computing the max MTU (jsc#SLE-18378). - i40e: fix accessing vsi->active_filters without holding lock (jsc#SLE-18378). - i40e: fix flow director packet filter programming (jsc#SLE-18378). - i40e: fix i40e_setup_misc_vector() error handling (jsc#SLE-18378). - i40e: fix registers dump after run ethtool adapter self test (jsc#SLE-18378). - iavf/iavf_main: actually log ->src mask when talking about it (jsc#SLE-18385). - iavf: Detach device during reset task (jsc#SLE-18385). - iavf: Disallow changing rx/tx-frames and rx/tx-frames-irq (jsc#SLE-18385). - iavf: Do not restart Tx queues after reset task failure (jsc#SLE-18385). - iavf: Fix 'tc qdisc show' listing too many queues (jsc#SLE-18385). - iavf: Fix a crash during reset task (jsc#SLE-18385). - iavf: Fix bad page state (jsc#SLE-18385). - iavf: Fix cached head and tail value for iavf_get_tx_pending (jsc#SLE-18385). - iavf: Fix error handling in iavf_init_module() (jsc#SLE-18385). - iavf: Fix max_rate limiting (jsc#SLE-18385). - iavf: Fix race condition between iavf_shutdown and iavf_remove (jsc#SLE-18385). - iavf: Fix set max MTU size with port VLAN and jumbo frames (jsc#SLE-18385). - iavf: fix hang on reboot with ice (jsc#SLE-18385). - iavf: fix inverted Rx hash condition leading to disabled hash (jsc#SLE-18385). - iavf: fix non-tunneled IPv6 UDP packet type and hashing (jsc#SLE-18385). - iavf: remove mask from iavf_irq_enable_queues() (git-fixes). - ice: Fix interrupt moderation settings getting cleared (jsc#SLE-18375). - ice: Set txq_teid to ICE_INVAL_TEID on ring creation (jsc#SLE-18375). - igb: Add lock to avoid data race (jsc#SLE-18379). - igb: Enable SR-IOV after reinit (jsc#SLE-18379). - igb: Initialize mailbox message for VF reset (jsc#SLE-18379). - igb: conditionalize I2C bit banging on external thermal sensor support (jsc#SLE-18379). - igb: fix bit_shift to be in [1..8] range (git-fixes). - igb: fix nvm.ops.read() error handling (git-fixes). - igb: revert rtnl_lock() that causes deadlock (jsc#SLE-18379). - igbvf: Regard vf reset nack as success (jsc#SLE-18379). - igc: Add checking for basetime less than zero (jsc#SLE-18377). - igc: Add ndo_tx_timeout support (jsc#SLE-18377). - igc: Clean the TX buffer and TX descriptor ring (git-fixes). - igc: Enhance Qbv scheduling by using first flag bit (jsc#SLE-18377). - igc: Fix PPS delta between two synchronized end-points (jsc#SLE-18377). - igc: Fix possible system crash when loading module (git-fixes). - igc: Lift TAPRIO schedule restriction (jsc#SLE-18377). - igc: Reinstate IGC_REMOVED logic and implement it properly (jsc#SLE-18377). - igc: Set Qbv start_time and end_time to end_time if not being configured in GCL (jsc#SLE-18377). - igc: Use strict cycles for Qbv scheduling (jsc#SLE-18377). - igc: allow BaseTime 0 enrollment for Qbv (jsc#SLE-18377). - igc: fix the validation logic for taprio's gate list (jsc#SLE-18377). - igc: read before write to SRRCTL register (jsc#SLE-18377). - igc: recalculate Qbv end_time by considering cycle time (jsc#SLE-18377). - igc: return an error if the mac type is unknown in igc_ptp_systim_to_hwtstamp() (jsc#SLE-18377). - iio: accel: st_accel: Fix invalid mount_matrix on devices without ACPI _ONT method (git-fixes). - iio: adc: ad7192: Change "shorted" channels to differential (git-fixes). - iio: adc: ad_sigma_delta: Fix IRQ issue by setting IRQ_DISABLE_UNLAZY flag (git-fixes). - iio: adc: mxs-lradc: fix the order of two cleanup operations (git-fixes). - iio: adc: palmas_gpadc: fix NULL dereference on rmmod (git-fixes). - iio: dac: mcp4725: Fix i2c_master_send() return value handling (git-fixes). - iio: imu: inv_icm42600: fix timestamp reset (git-fixes). - iio: light: vcnl4035: fixed chip ID check (git-fixes). - init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init() (bsc#1212448). - init: Invoke arch_cpu_finalize_init() earlier (bsc#1212448). - init: Provide arch_cpu_finalize_init() (bsc#1212448). - init: Remove check_bugs() leftovers (bsc#1212448). - intel/igbvf: free irq on the error path in igbvf_request_msix() (jsc#SLE-18379). - ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592). - iwlwifi: cfg: Add missing MODULE_FIRMWARE() for *.pnvm (bsc#1207553). - ixgbe: Allow flow hash to be set via ethtool (jsc#SLE-18384). - ixgbe: Enable setting RSS table to default values (jsc#SLE-18384). - ixgbe: Fix panic during XDP_TX with > 64 CPUs (jsc#SLE-18384). - ixgbe: add double of VLAN header when computing the max MTU (jsc#SLE-18384). - ixgbe: allow to increase MTU to 3K with XDP enabled (jsc#SLE-18384). - ixgbe: fix pci device refcount leak (jsc#SLE-18384). - ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter (jsc#SLE-18384). - jfs: Fix fortify moan in symlink (git-fixes). - kABI workaround for btbcm.c (git-fixes). - kABI workaround for mt76_poll_msec() (git-fixes). - kABI: Fix kABI after backport Emulate RDPID only if it is enabled in guest (git-fixes) - kABI: Fixed broken 3rd party dirvers issue (bsc#1208050 bsc#1211414). - kabi/severities: added Microsoft mana symbold (bsc#1210551) - kernel-binary: install expoline.o (boo#1210791 bsc#1211089) - kernel-docs: Add buildrequires on python3-base when using python3 The python3 binary is provided by python3-base. - kernel-docs: Add missing top level chapter numbers on SLE12 SP5 (bsc#1212158). - kernel-source: Remove unused macro variant_symbols - kernel-spec-macros: Fix up obsolete_rebuilds_subpackage to generate obsoletes correctly (boo#1172073 bsc#1191731). - kprobe: reverse kp->flags when arm_kprobe failed (git-fixes). - kprobes: Fix check for probe enabled in kill_kprobe() (git-fixes). - kprobes: Fix to handle forcibly unoptimized kprobes on freeing_list (git-fixes). - kprobes: Forbid probing on trampoline and BPF code areas (git-fixes). - kprobes: Prohibit probes in gate area (git-fixes). - kprobes: Skip clearing aggrprobe's post_handler in kprobe-on-ftrace case (git-fixes). - kprobes: do not call disarm_kprobe() for disabled kprobes (git-fixes). - kvm: x86: Disable KVM_HC_CLOCK_PAIRING if tsc is in always catchup mode (git-fixes). - leds: Fix reference to led_set_brightness() in doc (git-fixes). - leds: TI_LMU_COMMON: select REGMAP instead of depending on it (git-fixes). - leds: tca6507: Fix error handling of using fwnode_property_read_string (git-fixes). - libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value (git-fixes). - locking/rwsem: Add __always_inline annotation to __down_read_common() and inlined callers (git-fixes). - lpfc: Account for fabric domain ctlr device loss recovery (bsc#1211346, bsc#1211852). - lpfc: Change firmware upgrade logging to KERN_NOTICE instead of TRACE_EVENT (bsc#1211852). - lpfc: Clean up SLI-4 CQE status handling (bsc#1211852). - lpfc: Clear NLP_IN_DEV_LOSS flag if already in rediscovery (bsc#1211852). - lpfc: Copyright updates for 14.2.0.13 patches (bsc#1211852). - lpfc: Enhance congestion statistics collection (bsc#1211852). - lpfc: Fix use-after-free rport memory access in lpfc_register_remote_port (bsc#1211852, bsc#1208410, bsc#1211346). - lpfc: Revise NPIV ELS unsol rcv cmpl logic to drop ndlp based on nlp_state (bsc#1211852). - lpfc: Update lpfc version to 14.2.0.13 (bsc#1211852). - mailbox: mailbox-test: Fix potential double-free in mbox_test_message_write() (git-fixes). - mailbox: mailbox-test: fix a locking issue in mbox_test_message_write() (git-fixes). - mailbox: zynqmp: Fix IPI isr handling (git-fixes). - mailbox: zynqmp: Fix typo in IPI documentation (git-fixes). - mce: fix set_mce_nospec to always unmap the whole page (git-fixes). - media: cx23885: Fix a null-ptr-deref bug in buffer_prepare() and buffer_finish() (git-fixes). - media: dvb-usb-v2: ce6230: fix null-ptr-deref in ce6230_i2c_master_xfer() (git-fixes). - media: dvb-usb-v2: ec168: fix null-ptr-deref in ec168_i2c_xfer() (git-fixes). - media: dvb-usb-v2: rtl28xxu: fix null-ptr-deref in rtl28xxu_i2c_xfer (git-fixes). - media: dvb-usb: az6027: fix three null-ptr-deref in az6027_i2c_xfer() (git-fixes). - media: dvb-usb: digitv: fix null-ptr-deref in digitv_i2c_xfer() (git-fixes). - media: dvb-usb: dw2102: fix uninit-value in su3000_read_mac_address (git-fixes). - media: dvb_ca_en50221: fix a size write bug (git-fixes). - media: dvb_demux: fix a bug for the continuity counter (git-fixes). - media: mn88443x: fix !CONFIG_OF error by drop of_match_ptr from ID table (git-fixes). - media: netup_unidvb: fix irq init by register it at the end of probe (git-fixes). - media: netup_unidvb: fix use-after-free at del_timer() (git-fixes). - media: pci: tw68: Fix null-ptr-deref bug in buf prepare and finish (git-fixes). - media: radio-shark: Add endpoint checks (git-fixes). - media: rcar_fdp1: Fix the correct variable assignments (git-fixes). - media: rcar_fdp1: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - memstick: r592: Fix UAF bug in r592_remove due to race condition (bsc#1211449). - mfd: dln2: Fix memory leak in dln2_probe() (git-fixes). - mfd: tqmx86: Correct board names for TQMxE39x (git-fixes). - mfd: tqmx86: Do not access I2C_DETECT register through io_base (git-fixes). - misc: fastrpc: reject new invocations during device removal (git-fixes). - misc: fastrpc: return -EPIPE to invocations on device removal (git-fixes). - mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next() (git-fixes). - mm/vmalloc: do not output a spurious warning when huge vmalloc() fails (bsc#1211410). - mm: vmalloc: avoid warn_alloc noise caused by fatal signal (bsc#1211410). - mmc: sdhci-esdhc-imx: make "no-mmc-hs400" works (git-fixes). - mmc: vub300: fix invalid response handling (git-fixes). - mt76: mt7915: fix incorrect testmode ipg on band 1 caused by wmm_idx (git-fixes). - mtd: rawnand: ingenic: fix empty stub helper definitions (git-fixes). - mtd: rawnand: marvell: do not set the NAND frequency select (git-fixes). - mtd: rawnand: marvell: ensure timing values are written (git-fixes). - net/iucv: Fix size of interrupt data (bsc#1211465 git-fixes). - net/net_failover: fix txq exceeding warning (git-fixes). - net/sched: fix initialization order when updating chain 0 head (git-fixes). - net/sched: flower: fix possible OOB write in fl_set_geneve_opt() (git-fixes). - net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit platforms (git-fixes). - net: accept UFOv6 packages in virtio_net_hdr_to_skb (git-fixes). - net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize (git-fixes). - net: ena: Account for the number of processed bytes in XDP (git-fixes). - net: ena: Do not register memory info on XDP exchange (git-fixes). - net: ena: Fix rx_copybreak value update (git-fixes). - net: ena: Fix toeplitz initial hash value (git-fixes). - net: ena: Set default value for RX interrupt moderation (git-fixes). - net: ena: Update NUMA TPH hint register upon NUMA node update (git-fixes). - net: ena: Use bitmask to indicate packet redirection (git-fixes). - net: hns3: add interrupts re-initialization while doing VF FLR (git-fixes). - net: hns3: fix output information incomplete for dumping tx queue info with debugfs (git-fixes). - net: hns3: fix reset delay time to avoid configuration timeout (git-fixes). - net: hns3: fix sending pfc frames after reset issue (git-fixes). - net: hns3: fix tm port shapping of fibre port is incorrect after driver initialization (git-fixes). - net: mana: Add new MANA VF performance counters for easier troubleshooting (bsc#1209982). - net: mana: Add support for auxiliary device (bsc#1210741 jsc#PED-4022). - net: mana: Add support for jumbo frame (bsc#1210551). - net: mana: Check if netdev/napi_alloc_frag returns single page (bsc#1210551). - net: mana: Define and process GDMA response code GDMA_STATUS_MORE_ENTRIES (bsc#1210741 jsc#PED-4022). - net: mana: Define data structures for allocating doorbell page from GDMA (bsc#1210741 jsc#PED-4022). - net: mana: Define data structures for protection domain and memory registration (bsc#1210741 jsc#PED-4022). - net: mana: Define max values for SGL entries (bsc#1210741 jsc#PED-4022). - net: mana: Enable RX path to handle various MTU sizes (bsc#1210551). - net: mana: Export Work Queue functions for use by RDMA driver (bsc#1210741 jsc#PED-4022). - net: mana: Fix perf regression: remove rx_cqes, tx_cqes counters (git-fixes). - net: mana: Handle vport sharing between devices (bsc#1210741 jsc#PED-4022). - net: mana: Move header files to a common location (bsc#1210741 jsc#PED-4022). - net: mana: Record port number in netdev (bsc#1210741 jsc#PED-4022). - net: mana: Record the physical address for doorbell page region (bsc#1210741 jsc#PED-4022). - net: mana: Refactor RX buffer allocation code to prepare for various MTU (bsc#1210551). - net: mana: Rename mana_refill_rxoob and remove some empty lines (bsc#1210551). - net: mana: Set the DMA device max segment size (bsc#1210741 jsc#PED-4022). - net: mana: Use napi_build_skb in RX path (bsc#1210551). - net: mdio: mvusb: Fix an error handling path in mvusb_mdio_probe() (git-fixes). - net: mellanox: mlxbf_gige: Fix skb_panic splat under memory pressure (bsc#1211564). - net: phy: dp83867: add w/a for packet errors seen with short cables (git-fixes). - net: qrtr: correct types of trace event parameters (git-fixes). - net: sched: fix possible refcount leak in tc_chain_tmplt_add() (git-fixes). - net: skip virtio_net_hdr_set_proto if protocol already set (git-fixes). - net: tun: avoid disabling NAPI twice (git-fixes). - net: tun: fix bugs for oversize packet when napi frags enabled (git-fixes). - net: tun: stop NAPI when detaching queues (git-fixes). - net: tun: unlink NAPI from device on destruction (git-fixes). - net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818 (git-fixes). - net: usb: qmi_wwan: add support for Compal RXM-G1 (git-fixes). - net: virtio_net_hdr_to_skb: count transport header in UFO (git-fixes). - nfp: only report pause frame configuration for physical device (git-fixes). - nilfs2: do not write dirty data after degenerating to read-only (git-fixes). - nilfs2: fix incomplete buffer cleanup in nilfs_btnode_abort_change_key() (git-fixes). - nilfs2: fix infinite loop in nilfs_mdt_get_block() (git-fixes). - nilfs2: fix possible out-of-bounds segment allocation in resize ioctl (git-fixes). - nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode() (git-fixes). - nouveau: fix client work fence deletion race (git-fixes). - nvme-fc: fix a missing queue put in nvmet_fc_ls_create_association (git-fixes). - nvme-multipath: fix hang when disk goes live over reconnect (git-fixes). - nvme-pci: add quirks for Samsung X5 SSDs (git-fixes). - nvme-pci: add the IGNORE_DEV_SUBNQN quirk for Intel P4500/P4600 SSDs (git-fixes). - nvme-pci: avoid the deepest sleep state on ZHITAI TiPro5000 SSDs (git-fixes). - nvme-pci: avoid the deepest sleep state on ZHITAI TiPro7000 SSDs (git-fixes). - nvme-pci: clear the prp2 field when not used (git-fixes). - nvme-pci: disable write zeroes on various Kingston SSD (git-fixes). - nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags (git-fixes). - nvme-pci: mark Lexar NM760 as IGNORE_DEV_SUBNQN (git-fixes). - nvme-pci: set min_align_mask before calculating max_hw_sectors (git-fixes). - nvme-tcp: fix a possible UAF when failing to allocate an io queue (git-fixes). - nvme-tcp: fix bogus request completion when failing to send AER (git-fixes). - nvme-tcp: lockdep: annotate in-kernel sockets (git-fixes). - nvme: add a bogus subsystem NQN quirk for Micron MTFDKBA2T0TFH (git-fixes). - nvme: also return I/O command effects from nvme_command_effects (git-fixes). - nvme: check for duplicate identifiers earlier (git-fixes). - nvme: cleanup __nvme_check_ids (git-fixes). - nvme: fix discard support without oncs (git-fixes). - nvme: fix interpretation of DMRSL (git-fixes). - nvme: fix multipath crash caused by flush request when blktrace is enabled (git-fixes). - nvme: fix passthrough csi check (git-fixes). - nvme: generalize the nvme_multi_css check in nvme_scan_ns (git-fixes). - nvme: move the Samsung X5 quirk entry to the core quirks (git-fixes). - nvme: rename nvme_validate_or_alloc_ns to nvme_scan_ns (git-fixes). - nvme: set non-mdts limits in nvme_scan_work (git-fixes). - nvmet-tcp: add bounds check on Transfer Tag (git-fixes). - nvmet-tcp: fix lockdep complaint on nvmet_tcp_wq flush during queue teardown (git-fixes). - nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change() (git-fixes). - nvmet: fix mar and mor off-by-one errors (git-fixes). - nvmet: fix memory leak in nvmet_subsys_attr_model_store_locked (git-fixes). - nvmet: fix workqueue MEM_RECLAIM flushing dependency (git-fixes). - nvmet: move the call to nvmet_ns_changed out of nvmet_ns_revalidate (git-fixes). - nvmet: use NVME_CMD_EFFECTS_CSUPP instead of open coding it (git-fixes). - octeontx2-pf: Avoid use of GFP_KERNEL in atomic context (git-fixes). - octeontx2-pf: Fix resource leakage in VF driver unbind (git-fixes). - octeontx2-pf: Fix the use of GFP_KERNEL in atomic context on rt (git-fixes). - octeontx2-pf: Recalculate UDP checksum for ptp 1-step sync packet (git-fixes). - phy: st: miphy28lp: use _poll_timeout functions for waits (git-fixes). - phy: tegra: xusb: Add missing tegra_xusb_port_unregister for usb2_port and ulpi_port (git-fixes). - pinctrl: meson-axg: add missing GPIOA_18 gpio group (git-fixes). - pinctrl: qcom: lpass-lpi: set output value before enabling output (git-fixes). - pinctrl: renesas: r8a779a0: Remove incorrect AVB[01] pinmux configuration (git-fixes). - platform/surface: aggregator: Allow completion work-items to be executed in parallel (git-fixes). - platform/x86: asus-wmi: Ignore WMI events with codes 0x7B, 0xC0 (git-fixes). - platform/x86: hp-wmi: Support touchpad on/off (git-fixes). - platform/x86: intel_scu_pcidrv: Add back PCI ID for Medfield (git-fixes). - platform/x86: thinkpad_acpi: Fix platform profiles on T490 (git-fixes). - platform/x86: touchscreen_dmi: Add info for the Dexp Ursus KX210i (git-fixes). - platform/x86: touchscreen_dmi: Add upside-down quirk for GDIX1002 ts on the Juno Tablet (git-fixes). - power: supply: Fix logic checking if system is running from battery (git-fixes). - power: supply: Ratelimit no data debug output (git-fixes). - power: supply: ab8500: Fix external_power_changed race (git-fixes). - power: supply: bq24190_charger: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes). - power: supply: bq27xxx: Add cache parameter to bq27xxx_battery_current_and_status() (git-fixes). - power: supply: bq27xxx: After charger plug in/out wait 0.5s for things to stabilize (git-fixes). - power: supply: bq27xxx: Ensure power_supply_changed() is called on current sign changes (git-fixes). - power: supply: bq27xxx: Fix I2C IRQ race on remove (git-fixes). - power: supply: bq27xxx: Fix bq27xxx_battery_update() race condition (git-fixes). - power: supply: bq27xxx: Fix poll_interval handling and races on remove (git-fixes). - power: supply: bq27xxx: Move bq27xxx_battery_update() down (git-fixes). - power: supply: bq27xxx: Use mod_delayed_work() instead of cancel() + schedule() (git-fixes). - power: supply: bq27xxx: expose battery data when CI=1 (git-fixes). - power: supply: leds: Fix blink to LED on transition (git-fixes). - power: supply: sbs-charger: Fix INHIBITED bit for Status reg (git-fixes). - power: supply: sc27xx: Fix external_power_changed race (git-fixes). - powerpc/64s/radix: Fix soft dirty tracking (bsc#1065729). - powerpc/64s: Make POWER10 and later use pause_short in cpu_relax loops (bsc#1209367 ltc#195662). - powerpc/iommu: DMA address offset is incorrectly calculated with 2MB TCEs (jsc#SLE-19556 git-fixes). - powerpc/purgatory: remove PGO flags (bsc#1194869). - powerpc/rtas: use memmove for potentially overlapping buffer copy (bsc#1065729). - powerpc: Do not try to copy PPR for task with NULL pt_regs (bsc#1065729). - powerpc: Redefine HMT_xxx macros as empty on PPC32 (bsc#1209367 ltc#195662). - powerpc: add ISA v3.0 / v3.1 wait opcode macro (bsc#1209367 ltc#195662). - pstore: Revert pmsg_lock back to a normal mutex (git-fixes). - purgatory: fix disabling debug info (git-fixes). - pwm: meson: Fix axg ao mux parents (git-fixes). - pwm: meson: Fix g12a ao clk81 name (git-fixes). - qed/qed_dev: guard against a possible division by zero (jsc#SLE-19001). - qed/qed_mng_tlv: correctly zero out ->min instead of ->hour (jsc#SLE-19001). - qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info (jsc#SLE-19001). - qed/qede: Fix scheduling while atomic (git-fixes). - qed: allow sleep in qed_mcp_trace_dump() (jsc#SLE-19001). - qede: execute xdp_do_flush() before napi_complete_done() (jsc#SLE-19001). - r8152: fix flow control issue of RTL8156A (git-fixes). - r8152: fix the poor throughput for 2.5G devices (git-fixes). - r8152: move setting r8153b_rx_agg_chg_indicate() (git-fixes). - rcu: Fix missing TICK_DEP_MASK_RCU_EXP dependency check (git-fixes). - regmap: Account for register length when chunking (git-fixes). - regmap: cache: Return error in cache sync operations for REGCACHE_NONE (git-fixes). - regmap: spi-avmm: Fix regmap_bus max_raw_write (git-fixes). - regulator: Fix error checking for debugfs_create_dir (git-fixes). - regulator: mt6359: add read check for PMIC MT6359 (git-fixes). - regulator: pca9450: Fix BUCK2 enable_mask (git-fixes). - regulator: pca9450: Fix LDO3OUT and LDO4OUT MASK (git-fixes). - reiserfs: Add missing calls to reiserfs_security_free() (git-fixes). - reiserfs: Add security prefix to xattr name in reiserfs_security_write() (git-fixes). - remoteproc: stm32_rproc: Add mutex protection for workqueue (git-fixes). - revert "squashfs: harden sanity check in squashfs_read_xattr_id_table" (git-fixes). - ring-buffer: Ensure proper resetting of atomic variables in ring_buffer_reset_online_cpus (git-fixes). - ring-buffer: Fix kernel-doc (git-fixes). - ring-buffer: Sync IRQ works before buffer destruction (git-fixes). - rpm/constraints.in: Increase disk size constraint for riscv64 to 52GB - rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm - rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435) - rpm/kernel-source.spec.in: Add patches.drm for moved DRM patches - rtmutex: Ensure that the top waiter is always woken up (git-fixes). - s390/ap: fix crash on older machines based on QCI info missing (bsc#1210947) - s390/ctcm: Fix return type of ctc{mp,}m_tx() (git-fixes bsc#1211686). - s390/dasd: Use correct lock while counting channel queue length (git-fixes bsc#1212592). - s390/dasd: fix hanging blockdevice after request requeue (git-fixes bsc#1211687). - s390/extmem: return correct segment type in __segment_load() (bsc#1210450 git-fixes). - s390/kprobes: fix current_kprobe never cleared after kprobes reenter (git-fixes bsc#1211688). - s390/kprobes: fix irq mask clobbering on kprobe reenter from post_handler (git-fixes bsc#1211689). - s390/lcs: Fix return type of lcs_start_xmit() (git-fixes bsc#1211690). - s390/mem_detect: fix detect_memory() error handling (git-fixes bsc#1211691). - s390/netiucv: Fix return type of netiucv_tx() (git-fixes bsc#1211692). - s390/qdio: fix do_sqbs() inline assembly constraint (git-fixes bsc#1211693). - s390/qeth: fix use-after-free in hsci (bsc#1210449 git-fixes). - s390/uaccess: add missing earlyclobber annotations to __clear_user() (bsc#1209856 git-fixes). - s390/vdso: remove -nostdlib compiler flag (git-fixes bsc#1211714). - s390: Hard lockups are observed while running stress-ng and LPAR hangs (bsc#1195655 ltc#195733). - scsi: core: Decrease scsi_device's iorequest_cnt if dispatch failed (git-fixes). - scsi: core: Improve scsi_vpd_inquiry() checks (git-fixes). - scsi: hisi_sas: Handle NCQ error when IPTT is valid (git-fixes). - scsi: libsas: Add sas_ata_device_link_abort() (git-fixes). - scsi: libsas: Grab the ATA port lock in sas_ata_device_link_abort() (git-fixes). - scsi: lpfc: Add new RCQE status for handling DMA failures (bsc#1211847). - scsi: lpfc: Fix double free in lpfc_cmpl_els_logo_acc() caused by lpfc_nlp_not_used() (bsc#1211847). - scsi: lpfc: Fix verbose logging for SCSI commands issued to SES devices (bsc#1211847). - scsi: lpfc: Match lock ordering of lpfc_cmd->buf_lock and hbalock for abort paths (bsc#1211847). - scsi: lpfc: Replace blk_irq_poll intr handler with threaded IRQ (bsc#1211847). - scsi: lpfc: Update congestion warning notification period (bsc#1211847). - scsi: lpfc: Update lpfc version to 14.2.0.12 (bsc#1211847). - scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS (git-fixes). - scsi: megaraid_sas: Fix fw_crash_buffer_show() (git-fixes). - scsi: qedi: Fix use after free bug in qedi_remove() (git-fixes). - scsi: qla2xxx: Drop redundant pci_enable_pcie_error_reporting() (bsc#1211960). - scsi: qla2xxx: Fix hang in task management (bsc#1211960). - scsi: qla2xxx: Fix mem access after free (bsc#1211960). - scsi: qla2xxx: Fix task management cmd fail due to unavailable resource (bsc#1211960). - scsi: qla2xxx: Fix task management cmd failure (bsc#1211960). - scsi: qla2xxx: Multi-que support for TMF (bsc#1211960). - scsi: qla2xxx: Refer directly to the qla2xxx_driver_template (bsc#1211960). - scsi: qla2xxx: Remove default fabric ops callouts (bsc#1211960). - scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy() (bsc#1211960). - scsi: qla2xxx: Update version to 10.02.08.300-k (bsc#1211960). - scsi: qla2xxx: Wait for io return on terminate rport (bsc#1211960). - scsi: ses: Handle enclosure with just a primary component gracefully (git-fixes). - scsi: stex: Fix gcc 13 warnings (git-fixes). - scsi: storvsc: Do not pass unused PFNs to Hyper-V host (git-fixes). - selftests mount: Fix mount_setattr_test builds failed (git-fixes). - selftests/ptp: Fix timestamp printf format for PTP_SYS_OFFSET (git-fixes). - selftests/resctrl: Allow ->setup() to return errors (git-fixes). - selftests/resctrl: Check for return value after write_schemata() (git-fixes). - selftests/resctrl: Extend CPU vendor detection (git-fixes). - selftests/resctrl: Move ->setup() call outside of test specific branches (git-fixes). - selftests/resctrl: Return NULL if malloc_and_init_memory() did not alloc mem (git-fixes). - selftests/sgx: Add "test_encl.elf" to TEST_FILES (git-fixes). - selftests: mptcp: connect: skip if MPTCP is not supported (git-fixes). - selftests: mptcp: pm nl: skip if MPTCP is not supported (git-fixes). - selftests: mptcp: sockopt: skip if MPTCP is not supported (git-fixes). - selftests: seg6: disable DAD on IPv6 router cfg for srv6_end_dt4_l3vpn_test (git-fixes). - selftests: srv6: make srv6_end_dt46_l3vpn_test more robust (git-fixes). - selftests: xsk: Disable IPv6 on VETH1 (git-fixes). - selftets: seg6: disable rp_filter by default in srv6_end_dt4_l3vpn_test (git-fixes). - selinux: do not use make's grouped targets feature yet (git-fixes). - serial: 8250: Reinit port->pm on port specific driver unbind (git-fixes). - serial: 8250_bcm7271: balance clk_enable calls (git-fixes). - serial: 8250_bcm7271: fix leak in `brcmuart_probe` (git-fixes). - serial: 8250_exar: Add support for USR298x PCI Modems (git-fixes). - serial: 8250_tegra: Fix an error handling path in tegra_uart_probe() (git-fixes). - serial: Add support for Advantech PCI-1611U card (git-fixes). - serial: arc_uart: fix of_iomap leak in `arc_serial_probe` (git-fixes). - serial: lantiq: add missing interrupt ack (git-fixes). - serial: qcom-geni: fix enabling deactivated interrupt (git-fixes). - serial: stm32: re-introduce an irq flag condition in usart_receive_chars (git-fixes). - sfc: Change VF mac via PF as first preference if available (git-fixes). - sfc: Fix module EEPROM reporting for QSFP modules (git-fixes). - sfc: Fix use-after-free due to selftest_work (git-fixes). - sfc: correctly advertise tunneled IPv6 segmentation (git-fixes). - sfc: disable RXFCS and RXALL features by default (git-fixes). - sfc: ef10: do not overwrite offload features at NIC reset (git-fixes). - sfc: fix TX channel offset when using legacy interrupts (git-fixes). - sfc: fix considering that all channels have TX queues (git-fixes). - sfc: fix null pointer dereference in efx_hard_start_xmit (git-fixes). - sfc: fix wrong tx channel offset with efx_separate_tx_channels (git-fixes). - sfc: include vport_id in filter spec hash and equal() (git-fixes). - smb3: display debug information better for encryption (bsc#1193629). - smb3: fix problem remounting a share after shutdown (bsc#1193629). - smb3: improve parallel reads of large files (bsc#1193629). - smb3: make query_on_disk_id open context consistent and move to common code (bsc#1193629). - smb3: move some common open context structs to smbfs_common (bsc#1193629). - soundwire: qcom: correct setting ignore bit on v1.5.1 (git-fixes). - soundwire: qcom: gracefully handle too many ports in DT (git-fixes). - spi: fsl-dspi: avoid SCK glitches with continuous transfers (git-fixes). - spi: qup: Request DMA before enabling clocks (git-fixes). - spi: spi-imx: fix MX51_ECSPI_* macros when cs > 3 (git-fixes). - spi: spi-imx: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes). - spi: tegra210-quad: Fix combined sequence (bsc#1212584) - spi: tegra210-quad: Fix iterator outside loop (git-fixes). - spi: tegra210-quad: Multi-cs support (bsc#1212584) - squashfs: harden sanity check in squashfs_read_xattr_id_table (git-fixes). - staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE (git-fixes). - struct ci_hdrc: hide new member at end (git-fixes). - supported.conf: Move bt878 and bttv modules to kernel-*-extra (jsc#PED-3931) - supported.conf: mark mana_ib supported - swiotlb: relocate PageHighMem test away from rmem_swiotlb_setup (git-fixes). - test_firmware: Use kstrtobool() instead of strtobool() (git-fixes). - test_firmware: fix the memory leak of the allocated firmware buffer (git-fixes). - test_firmware: prevent race conditions by a correct implementation of locking (git-fixes). - thunderbolt: Clear registers properly when auto clear isn't in use (bsc#1210165). - thunderbolt: Mask ring interrupt on Intel hardware as well (bsc#1210165). - thunderbolt: dma_test: Use correct value for absent rings when creating paths (git-fixes). - tls: Skip tls_append_frag on zero copy size (git-fixes). - tools/virtio: compile with -pthread (git-fixes). - tools/virtio: fix the vringh test for virtio ring changes (git-fixes). - tools/virtio: fix virtio_test execution (git-fixes). - tools/virtio: initialize spinlocks in vring_test.c (git-fixes). - tools: bpftool: Remove invalid \' json escape (git-fixes). - tpm, tpm_tis: Claim locality before writing TPM_INT_ENABLE register (git-fixes). - tpm, tpm_tis: Disable interrupts if tpm_tis_probe_irq() failed (git-fixes). - tpm, tpm_tis: Request threaded interrupt handler (git-fixes). - tpm/tpm_tis: Disable interrupts for more Lenovo devices (git-fixes). - tracing/histograms: Allow variables to have some modifiers (git-fixes). - tracing/probe: trace_probe_primary_from_call(): checked list_first_entry (git-fixes). - tracing: Fix permissions for the buffer_percent file (git-fixes). - tracing: Have event format check not flag %p* on __get_dynamic_array() (git-fixes, bsc#1212350). - tracing: Introduce helpers to safely handle dynamic-sized sockaddrs (git-fixes). - tracing: Update print fmt check to handle new __get_sockaddr() macro (git-fixes, bsc#1212350). - tty: serial: fsl_lpuart: use UARTCTRL_TXINV to send break instead of UARTCTRL_SBK (git-fixes). - usb-storage: fix deadlock when a scsi command timeouts more than once (git-fixes). - usb: cdns3: fix NCM gadget RX speed 20x slow than expection at iMX8QM (git-fixes). - usb: chipidea: core: fix possible concurrent when switch role (git-fixes). - usb: dwc3: Align DWC3_EP_* flag macros (git-fixes). - usb: dwc3: Fix a repeated word checkpatch warning (git-fixes). - usb: dwc3: Fix ep0 handling when getting reset while doing control transfer (git-fixes). - usb: dwc3: debugfs: Resume dwc3 before accessing registers (git-fixes). - usb: dwc3: drd: use helper to get role-switch-default-mode (git-fixes). - usb: dwc3: ep0: Do not prepare beyond Setup stage (git-fixes). - usb: dwc3: gadget: Delay issuing End Transfer (git-fixes). - usb: dwc3: gadget: Execute gadget stop after halting the controller (git-fixes). - usb: dwc3: gadget: Improve dwc3_gadget_suspend() and dwc3_gadget_resume() (git-fixes). - usb: dwc3: gadget: Only End Transfer for ep0 data phase (git-fixes). - usb: dwc3: gadget: Reset num TRBs before giving back the request (git-fixes). - usb: dwc3: gadget: Stall and restart EP0 if host is unresponsive (git-fixes). - usb: dwc3: remove a possible unnecessary 'out of memory' message (git-fixes). - usb: gadget: f_fs: Add unbind event before functionfs_unbind (git-fixes). - usb: gadget: u_ether: Fix host MAC address case (git-fixes). - usb: mtu3: fix kernel panic at qmu transfer done irq handler (git-fixes). - usb: typec: altmodes/displayport: fix pin_assignment_show (git-fixes). - usb: typec: tcpm: fix multiple times discover svids error (git-fixes). - usb: typec: ucsi: Fix command cancellation (git-fixes). - usb: usbfs: Enforce page requirements for mmap (git-fixes). - usb: usbfs: Use consistent mmap functions (git-fixes). - usrmerge: Compatibility with earlier rpm (boo#1211796) - vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF (git-fixes). - vdpa: fix use-after-free on vp_vdpa_remove (git-fixes). - vhost/net: Clear the pending messages when the backend is removed (git-fixes). - virtio-net: Keep stop() to follow mirror sequence of open() (git-fixes). - virtio-net: execute xdp_do_flush() before napi_complete_done() (git-fixes). - virtio_net: bugfix overflow inside xdp_linearize_page() (git-fixes). - virtio_net: split free_unused_bufs() (git-fixes). - virtio_net: suppress cpu stall when free_unused_bufs (git-fixes). - watchdog: dw_wdt: Fix the error handling path of dw_wdt_drv_probe() (git-fixes). - watchdog: menz069_wdt: fix watchdog initialisation (git-fixes). - watchdog: sp5100_tco: Immediately trigger upon starting (git-fixes). - wifi: ath11k: Fix SKB corruption in REO destination ring (git-fixes). - wifi: ath: Silence memcpy run-time false positive warning (git-fixes). - wifi: b43: fix incorrect __packed annotation (git-fixes). - wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex (git-fixes). - wifi: cfg80211: fix locking in regulatory disconnect (git-fixes). - wifi: cfg80211: fix locking in sched scan stop work (git-fixes). - wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace (git-fixes). - wifi: iwlwifi: fix OEM's name in the ppag approved list (git-fixes). - wifi: iwlwifi: fw: fix DBGI dump (git-fixes). - wifi: iwlwifi: mvm: do not trust firmware n_channels (git-fixes). - wifi: iwlwifi: mvm: fix OEM's name in the tas approved list (git-fixes). - wifi: iwlwifi: mvm: fix cancel_delayed_work_sync() deadlock (git-fixes). - wifi: iwlwifi: pcie: Fix integer overflow in iwl_write_to_user_buf (git-fixes). - wifi: iwlwifi: pcie: fix possible NULL pointer dereference (git-fixes). - wifi: mac80211: fix min center freq offset tracing (git-fixes). - wifi: mac80211: simplify chanctx allocation (git-fixes). - wifi: mt76: add flexible polling wait-interval support (git-fixes). - wifi: mt76: mt7615: fix possible race in mt7615_mac_sta_poll (git-fixes). - wifi: mt76: mt7921e: Set memory space enable in PCI_COMMAND if unset (git-fixes). - wifi: mt76: mt7921e: fix probe timeout after reboot (git-fixes). - wifi: mt76: mt7921e: improve reliability of dma reset (git-fixes). - wifi: rtl8xxxu: RTL8192EU always needs full init (git-fixes). - wifi: rtl8xxxu: fix authentication timeout due to incorrect RCR value (git-fixes). - workqueue: Fix hung time report of worker pools (bsc#1211044). - workqueue: Interrupted create_worker() is not a repeated event (bsc#1211044). - workqueue: Print backtraces from CPUs with hung CPU bound workqueues (bsc#1211044). - workqueue: Warn when a new worker could not be created (bsc#1211044). - workqueue: Warn when a rescuer could not be created (bsc#1211044). - x86, sched: Fix undefined reference to init_freq_invariance_cppc() build error (git-fixes). - x86/MCE/AMD: Use an u64 for bank_map (git-fixes). - x86/alternative: Make debug-alternative selective (bsc#1206578). - x86/alternative: Report missing return thunk details (git-fixes). - x86/alternative: Support relocations in alternatives (bsc#1206578). - x86/amd: Use IBPB for firmware calls (git-fixes). - x86/boot: Skip realmode init code when running as Xen PV guest (git-fixes). - x86/bugs: Add "unknown" reporting for MMIO Stale Data (git-fixes). - x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available (git-fixes). - x86/bugs: Warn when "ibrs" mitigation is selected on Enhanced IBRS parts (git-fixes). - x86/cpu: Switch to arch_cpu_finalize_init() (bsc#1212448). - x86/crash: Disable virt in core NMI crash handler to avoid double shootdown (git-fixes). - x86/delay: Fix the wrong asm constraint in delay_loop() (git-fixes). - x86/entry: Build thunk_$(BITS) only if CONFIG_PREEMPTION=y (git-fixes). - x86/fault: Cast an argument to the proper address space in prefetch() (git-fixes). - x86/fpu/xsave: Initialize offset/size cache early (bsc#1211205). - x86/fpu: Fix copy_xstate_to_uabi() to copy init states correctly (git-fixes). - x86/fpu: Fix the init_fpstate size check with the actual size (git-fixes). - x86/fpu: Mark init functions __init (bsc#1212448). - x86/fpu: Move FPU initialization into arch_cpu_finalize_init() (bsc#1212448). - x86/fpu: Remove cpuinfo argument from init functions (bsc#1212448). - x86/fpu: Use _Alignof to avoid undefined behavior in TYPE_ALIGN (git-fixes). - x86/hyperv: Block root partition functionality in a Confidential VM (git-fixes). - x86/init: Initialize signal frame size late (bsc#1212448). - x86/kprobes: Fix __recover_optprobed_insn check optimizing logic (git-fixes). - x86/lib/memmove: Decouple ERMS from FSRM (bsc#1206578). - x86/mce: relocate set{clear}_mce_nospec() functions (git-fixes). This is a preparation for the next patch - x86/microcode/AMD: Add a @cpu parameter to the reloading functions (git-fixes). - x86/microcode/AMD: Fix mixed steppings support (git-fixes). - x86/microcode/AMD: Track patch allocation size explicitly (git-fixes). - x86/microcode: Add a parameter to microcode_check() to store CPU capabilities (git-fixes). - x86/microcode: Add explicit CPU vendor dependency (git-fixes). - x86/microcode: Adjust late loading result reporting message (git-fixes). - x86/microcode: Check CPU capabilities after late microcode update correctly (git-fixes). - x86/microcode: Rip out the OLD_INTERFACE (git-fixes). - x86/mm: Cleanup the control_va_addr_alignment() __setup handler (git-fixes). - x86/mm: Use proper mask when setting PUD mapping (git-fixes). - x86/mm: fix poking_init() for Xen PV guests (git-fixes). - x86/nospec: Unwreck the RSB stuffing (git-fixes). - x86/numa: Use cpumask_available instead of hardcoded NULL check (git-fixes). - x86/pat: Fix x86_has_pat_wp() (git-fixes). - x86/pm: Add enumeration check before spec MSRs save/restore setup (git-fixes). - x86/reboot: Disable SVM, not just VMX, when stopping CPUs (git-fixes). - x86/resctrl: Fix min_cbm_bits for AMD (git-fixes). - x86/sev: Add SEV-SNP guest feature negotiation support (git-fixes). - x86/signal: Fix the value returned by strict_sas_size() (git-fixes). - x86/speculation/mmio: Print SMT warning (git-fixes). - x86/speculation: Identify processors vulnerable to SMT RSB predictions (git-fixes). - x86/static_call: Serialize __static_call_fixup() properly (git-fixes). - x86/syscall: Include asm/ptrace.h in syscall_wrapper header (git-fixes). - x86/topology: Fix duplicated core ID within a package (git-fixes). - x86/topology: Fix multiple packages shown on a single-package system (git-fixes). - x86/tsx: Add a feature bit for TSX control MSR support (git-fixes). - x86: Fix return value of __setup handlers (git-fixes). - x86: drop bogus "cc" clobber from __try_cmpxchg_user_asm() (git-fixes). - xen/netback: do not do grant copy across page boundary (git-fixes). - xen/netback: use same error messages for same errors (git-fixes). - xfs: fix rm_offset flag handling in rmap keys (git-fixes). - xfs: set bnobt/cntbt numrecs correctly when formatting new AGs (git-fixes). - xhci-pci: Only run d3cold avoidance quirk for s2idle (git-fixes). - xhci: Fix incorrect tracking of free space on transfer rings (git-fixes). kernel-rt-5.14.21-150400.15.37.2.nosrc.rpm True kernel-rt-5.14.21-150400.15.37.2.x86_64.rpm True openSUSE-Leap-Micro-5.4-2023-2632 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for suseconnect-ng fixes the following issues: - Update to version 1.1.0~git2.f42b4b2a060e: - Keep keepalive timer states when replacing SUSEConnect (bsc#1211588) suseconnect-ng-1.1.0~git2.f42b4b2a060e-150400.3.13.1.src.rpm suseconnect-ng-1.1.0~git2.f42b4b2a060e-150400.3.13.1.x86_64.rpm suseconnect-ng-1.1.0~git2.f42b4b2a060e-150400.3.13.1.s390x.rpm suseconnect-ng-1.1.0~git2.f42b4b2a060e-150400.3.13.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2604 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for open-vm-tools fixes the following issues: - CVE-2023-20867: Fixed authentication bypass vulnerability in the vgauth module (bsc#1212143). Bug fixes: - Fixed build problem with grpc 1.54 (bsc#1210695). libvmtools0-12.2.0-150300.29.1.x86_64.rpm open-vm-tools-12.2.0-150300.29.1.src.rpm open-vm-tools-12.2.0-150300.29.1.x86_64.rpm openSUSE-Leap-Micro-5.4-2023-2614 important SUSE Updates openSUSE-Leap-Micro 5.4 This update for libX11 fixes the following issues: - CVE-2023-3138: Fixed buffer overflows in InitExt.c (bsc#1212102). libX11-1.6.5-150000.3.30.1.src.rpm libX11-6-1.6.5-150000.3.30.1.x86_64.rpm libX11-data-1.6.5-150000.3.30.1.noarch.rpm libX11-xcb1-1.6.5-150000.3.30.1.x86_64.rpm libX11-6-1.6.5-150000.3.30.1.s390x.rpm libX11-xcb1-1.6.5-150000.3.30.1.s390x.rpm libX11-6-1.6.5-150000.3.30.1.aarch64.rpm libX11-xcb1-1.6.5-150000.3.30.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2616 important SUSE Updates openSUSE-Leap-Micro 5.4 This update for cups fixes the following issues: - CVE-2023-34241: Fixed a use-after-free problem in cupsdAcceptClient() (bsc#1212230). cups-2.2.7-150000.3.46.1.src.rpm cups-config-2.2.7-150000.3.46.1.x86_64.rpm libcups2-2.2.7-150000.3.46.1.x86_64.rpm cups-config-2.2.7-150000.3.46.1.s390x.rpm libcups2-2.2.7-150000.3.46.1.s390x.rpm cups-config-2.2.7-150000.3.46.1.aarch64.rpm libcups2-2.2.7-150000.3.46.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2605 important SUSE Updates openSUSE-Leap-Micro 5.4 This update for bluez fixes the following issues: - CVE-2023-27349: Fixed crash while handling unsupported events (bsc#1210398). bluez-5.62-150400.4.13.1.src.rpm libbluetooth3-5.62-150400.4.13.1.x86_64.rpm libbluetooth3-5.62-150400.4.13.1.s390x.rpm libbluetooth3-5.62-150400.4.13.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2527 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for NetworkManager fixes the following issues: - Create /etc/NetworkManager/conf.d by default, allowing easy override for NetworkManager.conf file with drop-in - Move default config file to /usr/lib/NetworkManager/NetworkManager.conf, as part of main package - Ensure /usr/lib/NetworkManager/conf.d is part of the package NetworkManager-1.38.2-150400.3.3.1.src.rpm NetworkManager-1.38.2-150400.3.3.1.x86_64.rpm NetworkManager-bluetooth-1.38.2-150400.3.3.1.x86_64.rpm NetworkManager-cloud-setup-1.38.2-150400.3.3.1.x86_64.rpm NetworkManager-pppoe-1.38.2-150400.3.3.1.x86_64.rpm NetworkManager-tui-1.38.2-150400.3.3.1.x86_64.rpm NetworkManager-wwan-1.38.2-150400.3.3.1.x86_64.rpm libnm0-1.38.2-150400.3.3.1.x86_64.rpm typelib-1_0-NM-1_0-1.38.2-150400.3.3.1.x86_64.rpm NetworkManager-1.38.2-150400.3.3.1.s390x.rpm NetworkManager-bluetooth-1.38.2-150400.3.3.1.s390x.rpm NetworkManager-cloud-setup-1.38.2-150400.3.3.1.s390x.rpm NetworkManager-pppoe-1.38.2-150400.3.3.1.s390x.rpm NetworkManager-tui-1.38.2-150400.3.3.1.s390x.rpm NetworkManager-wwan-1.38.2-150400.3.3.1.s390x.rpm libnm0-1.38.2-150400.3.3.1.s390x.rpm typelib-1_0-NM-1_0-1.38.2-150400.3.3.1.s390x.rpm NetworkManager-1.38.2-150400.3.3.1.aarch64.rpm NetworkManager-bluetooth-1.38.2-150400.3.3.1.aarch64.rpm NetworkManager-cloud-setup-1.38.2-150400.3.3.1.aarch64.rpm NetworkManager-pppoe-1.38.2-150400.3.3.1.aarch64.rpm NetworkManager-tui-1.38.2-150400.3.3.1.aarch64.rpm NetworkManager-wwan-1.38.2-150400.3.3.1.aarch64.rpm libnm0-1.38.2-150400.3.3.1.aarch64.rpm typelib-1_0-NM-1_0-1.38.2-150400.3.3.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2550 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for autoyast2, libsolv, libyui, libzypp, yast2-pkg-bindings ships the update stack to the INSTALLER self-update channel. yast2-pkg-bindings: - Added a new option for rebuilding the RPM database (--rebuilddb) (bsc#1209565) autoyast2: - Selected products are not installed after resetting the package manager internally (bsc#1202234) libyui: - Prevent buffer overflow when drawing very wide labels in ncurses (bsc#1211354) - Fixed loading icons from an absolute path (bsc#1210591) - Fix for main window stacking order to avoid unintentional transparency (bsc#1199020, bsc#1191112) - Force messages from .ui file through our translation mechanism (bsc#1198097) libsolv-0.7.24-150400.3.8.1.src.rpm True libsolv-tools-0.7.24-150400.3.8.1.x86_64.rpm True libzck1-1.1.16-150400.3.4.1.x86_64.rpm True libzypp-17.31.13-150400.3.32.1.src.rpm True libzypp-17.31.13-150400.3.32.1.x86_64.rpm True zchunk-1.1.16-150400.3.4.1.src.rpm True libsolv-tools-0.7.24-150400.3.8.1.s390x.rpm True libzck1-1.1.16-150400.3.4.1.s390x.rpm True libzypp-17.31.13-150400.3.32.1.s390x.rpm True libsolv-tools-0.7.24-150400.3.8.1.aarch64.rpm True libzck1-1.1.16-150400.3.4.1.aarch64.rpm True libzypp-17.31.13-150400.3.32.1.aarch64.rpm True openSUSE-Leap-Micro-5.4-2023-2556 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for microos-tools fixes the following issues: - Update to version 2.18 - Add TMPDIR to tukit binddirs for Salt (bsc#1211356, bsc#1205011) - 98selinux-microos: Add chroot as dependency - Fix spelling error in warning microos-tools-2.18-150400.3.3.1.src.rpm microos-tools-2.18-150400.3.3.1.x86_64.rpm microos-tools-2.18-150400.3.3.1.s390x.rpm microos-tools-2.18-150400.3.3.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2645 important SUSE Updates openSUSE-Leap-Micro 5.4 This update for snapper fixes the following issues: - improved responsiveness of snapperd when a btrfs quota rescan is running (see bsc#1211459) libsnapper5-0.8.16-150300.3.6.1.x86_64.rpm snapper-0.8.16-150300.3.6.1.src.rpm snapper-0.8.16-150300.3.6.1.x86_64.rpm libsnapper5-0.8.16-150300.3.6.1.s390x.rpm snapper-0.8.16-150300.3.6.1.s390x.rpm libsnapper5-0.8.16-150300.3.6.1.aarch64.rpm snapper-0.8.16-150300.3.6.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2772 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for libzypp, zypper fixes the following issues: libzypp was updated to version 17.31.14 (22): - Curl: trim all custom headers (bsc#1212187) HTTP/2 RFC 9113 forbids fields ending with a space. So we make sure all custom headers are trimmed. This also includes headers returned by URL-Resolver plugins. - build: honor libproxy.pc's includedir (bsc#1212222) zypper was updated to version 1.14.61: - targetos: Add an error note if XPath:/product/register/target is not defined in /etc/products.d/baseproduct (bsc#1211261) - targetos: Update help and man page (bsc#1211261) libzypp-17.31.14-150400.3.35.1.src.rpm True libzypp-17.31.14-150400.3.35.1.x86_64.rpm True zypper-1.14.61-150400.3.24.1.src.rpm True zypper-1.14.61-150400.3.24.1.x86_64.rpm True zypper-needs-restarting-1.14.61-150400.3.24.1.noarch.rpm True libzypp-17.31.14-150400.3.35.1.s390x.rpm True zypper-1.14.61-150400.3.24.1.s390x.rpm True libzypp-17.31.14-150400.3.35.1.aarch64.rpm True zypper-1.14.61-150400.3.24.1.aarch64.rpm True openSUSE-Leap-Micro-5.4-2023-2767 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for dracut fixes the following issues: - Update to version 055+suse.344.g3d5cd8fb - Continue parsing if ldd prints "cannot execute binary file" (bsc#1212662) dracut-055+suse.344.g3d5cd8fb-150400.3.25.1.src.rpm dracut-055+suse.344.g3d5cd8fb-150400.3.25.1.x86_64.rpm dracut-fips-055+suse.344.g3d5cd8fb-150400.3.25.1.x86_64.rpm dracut-mkinitrd-deprecated-055+suse.344.g3d5cd8fb-150400.3.25.1.x86_64.rpm dracut-055+suse.344.g3d5cd8fb-150400.3.25.1.s390x.rpm dracut-fips-055+suse.344.g3d5cd8fb-150400.3.25.1.s390x.rpm dracut-mkinitrd-deprecated-055+suse.344.g3d5cd8fb-150400.3.25.1.s390x.rpm dracut-055+suse.344.g3d5cd8fb-150400.3.25.1.aarch64.rpm dracut-fips-055+suse.344.g3d5cd8fb-150400.3.25.1.aarch64.rpm dracut-mkinitrd-deprecated-055+suse.344.g3d5cd8fb-150400.3.25.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2765 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for libcap fixes the following issues: - CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). libcap-2.63-150400.3.3.1.src.rpm libcap2-2.63-150400.3.3.1.x86_64.rpm libcap2-2.63-150400.3.3.1.s390x.rpm libcap2-2.63-150400.3.3.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2800 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for openssl-1_1 fixes the following issues: - Check the OCSP RESPONSE in openssl s_client command and terminate connection if a revoked certificate is found. [bsc#1212623] libopenssl-1_1-devel-1.1.1l-150400.7.45.1.x86_64.rpm libopenssl1_1-1.1.1l-150400.7.45.1.x86_64.rpm libopenssl1_1-hmac-1.1.1l-150400.7.45.1.x86_64.rpm openssl-1_1-1.1.1l-150400.7.45.1.src.rpm openssl-1_1-1.1.1l-150400.7.45.1.x86_64.rpm libopenssl-1_1-devel-1.1.1l-150400.7.45.1.s390x.rpm libopenssl1_1-1.1.1l-150400.7.45.1.s390x.rpm libopenssl1_1-hmac-1.1.1l-150400.7.45.1.s390x.rpm openssl-1_1-1.1.1l-150400.7.45.1.s390x.rpm libopenssl-1_1-devel-1.1.1l-150400.7.45.1.aarch64.rpm libopenssl1_1-1.1.1l-150400.7.45.1.aarch64.rpm libopenssl1_1-hmac-1.1.1l-150400.7.45.1.aarch64.rpm openssl-1_1-1.1.1l-150400.7.45.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2788 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nspr was updated to version 4.35 * fixes for building with clang * use the number of online processors for the PR_GetNumberOfProcessors() API on some platforms * fix build on mips+musl libc * Add support for the LoongArch 64-bit architecture mozilla-nss was update to NSS 3.90: * clang-format lib/freebl/stubs.c * Add a constant time select function * Updating an old dbm with lots of certs with keys to sql results in a database that is slow to access. * output early build errors by default * Update the technical constraints for KamuSM * Add BJCA Global Root CA1 and CA2 root certificates * Enable default UBSan Checks * Add explicit handling of zero length records * Tidy up DTLS ACK Error Handling Path * Refactor zero length record tests * Fix compiler warning via correct assert * run linux tests on nss-t/t-linux-xlarge-gcp * In FIPS mode, nss should reject RSASSA-PSS salt lengths larger than the output size of the hash function used, or provide an indicator * Fix reading raw negative numbers * Repairing unreachable code in clang built with gyp * Integrate Vale Curve25519 * Removing unused flags for Hacl* * Adding a better error message * Update HACL* till 51a72a953a4ee6f91e63b2816ae5c4e62edf35d6 * Fall back to the softokn when writing certificate trust * FIPS-104-3 requires we restart post programmatically * cmd/ecperf: fix dangling pointer warning on gcc 13 * Update ACVP dockerfile for compatibility with debian package changes * Add a CI task for tracking ECCKiila code status, update whitespace in ECCKiila files * Removed deprecated sprintf function and replaced with snprintf * fix rst warnings in nss doc * Fix incorrect pygment style * Change GYP directive to apply across platforms * Add libsmime3 abi-check exception for NSS_CMSSignerInfo_GetDigestAlgTag - Merge the libfreebl3-hmac and libsoftokn3-hmac packages into the respective libraries. (bsc#1185116) update to NSS 3.89.1 * Update the technical constraints for KamuSM. * Add BJCA Global Root CA1 and CA2 root certificates. update to NSS 3.89 * revert freebl/softoken RSA_MIN_MODULUS_BITS increase * PR_STATIC_ASSERT is cursed * Need to add policy control to keys lengths for signatures * Fix unreachable code warning in fuzz builds * Fix various compiler warnings in NSS * Enable various compiler warnings for clang builds * set PORT error after sftk_HMACCmp failure * Need to add policy control to keys lengths for signatures * remove data length assertion in sec_PKCS7Decrypt * Make high tag number assertion failure an error * CKM_SHA384_KEY_DERIVATION correction maximum key length from 284 to 384 * Tolerate certificate_authorities xtn in ClientHello * Fix build failure on Windows * migrate Win 2012 tasks to Azure * fix title length in doc * Add interop tests for HRR and PSK to GREASE suite * Add presence/absence tests for TLS GREASE * Correct addition of GREASE value to ALPN xtn * CH extension permutation * TLS GREASE (RFC8701) * improve handling of unknown PKCS#12 safe bag types * use a different treeherder symbol for each docker image build task * remove nested table in rst doc * Export NSS_CMSSignerInfo_GetDigestAlgTag * build failure while implicitly casting SECStatus to PRUInt32 update to NSS 3.88.1 * improve handling of unknown PKCS#12 safe bag types update to NSS 3.88 * remove nested table in rst doc * Export NSS_CMSSignerInfo_GetDigestAlgTag. * build failure while implicitly casting SECStatus to PRUInt32 * Add check for ClientHello SID max length * Added EarlyData ALPN test support to BoGo shim * ECH client - Discard resumption TLS < 1.3 Session(IDs|Tickets) if ECH configs are setup * On HRR skip PSK incompatible with negotiated ciphersuites hash algorithm * ECH client: Send ech_required alert on server negotiating TLS 1.2. Fixed misleading Gtest, enabled corresponding BoGo test * Added Bogo ECH rejection test support * Added ECH 0Rtt support to BoGo shim * RSA OAEP Wycheproof JSON * RSA decrypt Wycheproof JSON * ECDSA Wycheproof JSON * ECDH Wycheproof JSON * PKCS#1v1.5 wycheproof json * Use X25519 wycheproof json * Move scripts to python3 * Properly link FuzzingEngine for oss-fuzz. * Extending RSA-PSS bltest test coverage (Adding SHA-256 and SHA-384) * NSS needs to move off of DSA for integrity checks * Add initial testing with ACVP vector sets using acvp-rust * Don't clone libFuzzer, rely on clang instead update to NSS 3.87 * NULL password encoding incorrect * Fix rng stub signature for fuzzing builds * Updating the compiler parsing for build * Modification of supported compilers * tstclnt crashes when accessing gnutls server without a user cert in the database. * Add configuration option to enable source-based coverage sanitizer * Update ECCKiila generated files. * Add support for the LoongArch 64-bit architecture * add checks for zero-length RSA modulus to avoid memory errors and failed assertions later * Additional zero-length RSA modulus checks update to NSS 3.86 * conscious language removal in NSS * Set nssckbi version number to 2.60 * Set CKA_NSS_SERVER_DISTRUST_AFTER and CKA_NSS_EMAIL_DISTRUST_AFTER for 3 TrustCor Root Certificates * Remove Staat der Nederlanden EV Root CA from NSS * Remove EC-ACC root cert from NSS * Remove SwissSign Platinum CA - G2 from NSS * Remove Network Solutions Certificate Authority * compress docker image artifact with zstd * Migrate nss from AWS to GCP * Enable static builds in the CI * Removing SAW docker from the NSS build system * Initialising variables in the rsa blinding code * Implementation of the double-signing of the message for ECDSA * Adding exponent blinding for RSA. update to NSS 3.85 * Modification of the primes.c and dhe-params.c in order to have better looking tables * Update zlib in NSS to 1.2.13 * Skip building modutil and shlibsign when building in Firefox * Mark _nss_version_c unused on clang-cl * bmo#1795668 - Remove redundant variable definitions in lowhashtest * Add note about python executable to build instructions. update to NSS 3.84 * Bump minimum NSPR version to 4.35 * Add a flag to disable building libnssckbi. update to NSS 3.83 * Remove set-but-unused variables from SEC_PKCS12DecoderValidateBags * Set nssckbi version number to 2.58 * Add two SECOM root certificates to NSS * Add two DigitalSign root certificates to NSS * Remove Camerfirma Global Chambersign Root from NSS * Added bug reference and description to disabled UnsolicitedServerNameAck bogo ECH test * Removed skipping of ECH on equality of private and public server name * Added comment and bug reference to ECHRandomHRRExtension bogo test * Added Bogo shim client HRR test support. Fixed overwriting of CHInner.random on HRR * Added check for server only sending ECH extension with retry configs in EncryptedExtensions and if not accepting ECH. Changed config setting behavior to skip configs with unsupported mandatory extensions instead of failing * Added ECH client support to BoGo shim. Changed CHInner creation to skip TLS 1.2 only extensions to comply with BoGo * Added ECH server support to BoGo shim. Fixed NSS ECH server accept_confirmation bugs * Update BoGo tests to recent BoringSSL version * Bump minimum NSPR version to 4.34.1 update to NSS 3.82 * check for null template in sec_asn1{d,e}_push_state * QuickDER: Forbid NULL tags with non-zero length * Initialize local variables in TlsConnectTestBase::ConnectAndCheckCipherSuite * Cast the result of GetProcAddress * pk11wrap: Tighten certificate lookup based on PKCS #11 URI. update to NSS 3.81 * Enable aarch64 hardware crypto support on OpenBSD * make NSS_SecureMemcmp 0/1 valued * Add no_application_protocol alert handler and test client error code is set * Gracefully handle null nickname in CERT_GetCertNicknameWithValidity * required for Firefox 104 - raised NSPR requirement to 4.34.1 - changing some Requires from (pre) to generic as (pre) is not sufficient (bsc#1202118) update to NSS 3.80 * Fix SEC_ERROR_ALGORITHM_MISMATCH entry in SECerrs.h. * Add support for asynchronous client auth hooks. * nss-policy-check: make unknown keyword check optional. * GatherBuffer: Reduced plaintext buffer allocations by allocating it on initialization. Replaced redundant code with assert. Debug builds: Added buffer freeing/allocation for each record. * Mark 3.79 as an ESR release. * Bump nssckbi version number for June. * Remove Hellenic Academic 2011 Root. * Add E-Tugra Roots. * Add Certainly Roots. * Add DigitCert Roots. * Protect SFTKSlot needLogin with slotLock. * Compare signature and signatureAlgorithm fields in legacy certificate verifier. * Uninitialized value in cert_VerifyCertChainOld. * Unchecked return code in sec_DecodeSigAlg. * Uninitialized value in cert_ComputeCertType. * Avoid data race on primary password change. * Replace ppc64 dcbzl intrinisic. * Allow LDFLAGS override in makefile builds. mozilla-nspr-4.35-150000.3.29.1.src.rpm mozilla-nspr-4.35-150000.3.29.1.x86_64.rpm mozilla-nspr-4.35-150000.3.29.1.s390x.rpm mozilla-nspr-4.35-150000.3.29.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2803 important SUSE Updates openSUSE-Leap-Micro 5.4 The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335). - CVE-2023-3389: Fixed a use-after-free vulnerability in the io_uring subsystem (bsc#1212838). - CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842). - CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c (bsc#1212051). - CVE-2023-3212: Fixed a NULL pointer dereference flaw in the gfs2 file system (bsc#1212265). - CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated Sensor Hub (ISH) driver (bsc#1212606). - CVE-2023-3357: Fixed a NULL pointer dereference flaw in the AMD Sensor Fusion Hub driver (bsc#1212605). The following non-security bugs were fixed: - Get module prefix from kmod (bsc#1212835). - Revert "mtd: rawnand: arasan: Prevent an unsupported configuration" (git-fixes). - Revert "net: phy: dp83867: perform soft reset and retain established link" (git-fixes). - alsa: ac97: Fix possible NULL dereference in snd_ac97_mixer (git-fixes). - alsa: hda/realtek: Add "Intel Reference board" and "NUC 13" SSID in the ALC256 (git-fixes). - alsa: hda/realtek: Add quirk for ASUS ROG G634Z (git-fixes). - alsa: hda/realtek: Add quirk for ASUS ROG GV601V (git-fixes). - alsa: hda/realtek: Add quirks for ASUS GU604V and GU603V (git-fixes). - alsa: hda/realtek: Add quirks for ROG ALLY CS35l41 audio (git-fixes). - alsa: hda/realtek: Enable mute/micmute LEDs and limit mic boost on EliteBook (git-fixes). - amdgpu: validate offset_in_bo of drm_amdgpu_gem_va (git-fixes). - arm64: Add missing Set/Way CMO encodings (git-fixes). - arm64: dts: Move BCM4908 dts to bcmbca folder (git-fixes) - arm64: dts: broadcom: bcmbca: bcm4908: fix NAND interrupt name (git-fixes) - arm64: dts: broadcom: bcmbca: bcm4908: fix procmon nodename (git-fixes) - arm64: dts: imx8mn-var-som: fix PHY detection bug by adding deassert (git-fixes) - arm: dts: Fix erroneous ADS touchscreen polarities (git-fixes). - asoc: es8316: Do not set rate constraints for unsupported MCLKs (git-fixes). - asoc: es8316: Increment max value for ALC Capture Target Volume control (git-fixes). - asoc: imx-audmix: check return value of devm_kasprintf() (git-fixes). - asoc: mediatek: mt8173: Fix irq error path (git-fixes). - asoc: nau8824: Add quirk to active-high jack-detect (git-fixes). - asoc: simple-card: Add missing of_node_put() in case of error (git-fixes). - bus: fsl-mc: fsl-mc-allocator: Drop a write-only variable (git-fixes). - bus: ti-sysc: Fix dispc quirk masking bool variables (git-fixes). - can: isotp: isotp_sendmsg(): fix return error fix on TX path (git-fixes). - can: kvaser_pciefd: Remove handler for unused KVASER_PCIEFD_PACK_TYPE_EFRAME_ACK (git-fixes). - can: kvaser_pciefd: Remove useless write to interrupt register (git-fixes). - can: length: fix bitstuffing count (git-fixes). - can: length: fix description of the RRS field (git-fixes). - can: length: make header self contained (git-fixes). - clk: Fix memory leak in devm_clk_notifier_register() (git-fixes). - clk: cdce925: check return value of kasprintf() (git-fixes). - clk: imx: clk-imx8mn: fix memory leak in imx8mn_clocks_probe (git-fixes). - clk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe() (git-fixes). - clk: imx: scu: use _safe list iterator to avoid a use after free (git-fixes). - clk: keystone: sci-clk: check return value of kasprintf() (git-fixes). - clk: samsung: Add Exynos4212 compatible to CLKOUT driver (git-fixes). - clk: si5341: check return value of {devm_}kasprintf() (git-fixes). - clk: si5341: free unused memory on probe failure (git-fixes). - clk: si5341: return error if one synth clock registration fails (git-fixes). - clk: tegra: tegra124-emc: Fix potential memory leak (git-fixes). - clk: ti: clkctrl: check return value of kasprintf() (git-fixes). - clk: vc5: check memory returned by kasprintf() (git-fixes). - clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe (git-fixes). - crypto: marvell/cesa - Fix type mismatch warning (git-fixes). - crypto: nx - fix build warnings when DEBUG_FS is not enabled (git-fixes). - drivers: meson: secure-pwrc: always enable DMA domain (git-fixes). - drm/amd/display: Add logging for display MALL refresh setting (git-fixes). - drm/amd/display: Add minimal pipe split transition state (git-fixes). - drm/amd/display: Add wrapper to call planes and stream update (git-fixes). - drm/amd/display: Explicitly specify update type per plane info change (git-fixes). - drm/amd/display: Fix artifacting on eDP panels when engaging freesync video mode (git-fixes). - drm/amd/display: Use dc_update_planes_and_stream (git-fixes). - drm/amd/display: drop redundant memset() in get_available_dsc_slices() (git-fixes). - drm/amd/display: fix the system hang while disable PSR (git-fixes). - drm/amdkfd: Fix potential deallocation of previously deallocated memory (git-fixes). - drm/bridge: tc358768: always enable HS video mode (git-fixes). - drm/bridge: tc358768: fix PLL parameters computation (git-fixes). - drm/bridge: tc358768: fix PLL target frequency (git-fixes). - drm/bridge: tc358768: fix TCLK_ZEROCNT computation (git-fixes). - drm/bridge: tc358768: fix TXTAGOCNT computation (git-fixes). - drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl (git-fixes). - drm/exynos: vidi: fix a wrong error return (git-fixes). - drm/i915/gvt: remove unused variable gma_bottom in command parser (git-fixes). - drm/msm/adreno: fix sparse warnings in a6xx code (git-fixes). - drm/msm/dp: Free resources after unregistering them (git-fixes). - drm/msm/dpu: correct MERGE_3D length (git-fixes). - drm/msm/dpu: do not enable color-management if DSPPs are not available (git-fixes). - drm/msm/dsi: do not allow enabling 14nm VCO with unprogrammed rate (git-fixes). - drm/panel: sharp-ls043t1le01: adjust mode settings (git-fixes). - drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H (git-fixes). - drm/radeon: fix possible division-by-zero errors (git-fixes). - drm/radeon: fix race condition UAF in radeon_gem_set_domain_ioctl (git-fixes). - drm/rockchip: vop: Leave vblank enabled in self-refresh (git-fixes). - drm/vram-helper: fix function names in vram helper doc (git-fixes). - drm: sun4i_tcon: use devm_clk_get_enabled in `sun4i_tcon_init_clocks` (git-fixes). - elf: correct note name comment (git-fixes). - extcon: Fix kernel doc of property capability fields to avoid warnings (git-fixes). - extcon: Fix kernel doc of property fields to avoid warnings (git-fixes). - extcon: usbc-tusb320: Add USB TYPE-C support (git-fixes). - extcon: usbc-tusb320: Call the Type-C IRQ handler only if a port is registered (git-fixes). - extcon: usbc-tusb320: Unregister typec port on driver removal (git-fixes). - extcon: usbc-tusb320: Update state on probe even if no IRQ pending (git-fixes). - fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe() (git-fixes). - firmware: stratix10-svc: Fix a potential resource leak in svc_create_memory_pool() (git-fixes). - hid: logitech-hidpp: add HIDPP_QUIRK_DELAYED_INIT for the T651 (git-fixes). - hid: wacom: Add error check to wacom_parse_and_register() (git-fixes). - hwmon: (gsc-hwmon) fix fan pwm temperature scaling (git-fixes). - hwrng: imx-rngc - fix the timeout for init and self check (git-fixes). - hwrng: st - keep clock enabled while hwrng is registered (git-fixes). - i2c: imx-lpi2c: fix type char overflow issue when calculating the clock cycle (git-fixes). - i2c: qup: Add missing unwind goto in qup_i2c_probe() (git-fixes). - ib/hfi1: Fix wrong mmu_node used for user SDMA packet after invalidate (git-fixes) - ib/isert: Fix dead lock in ib_isert (git-fixes) - ib/isert: Fix incorrect release of isert connection (git-fixes) - ib/isert: Fix possible list corruption in CMA handler (git-fixes) - ib/uverbs: Fix to consider event queue closing also upon non-blocking mode (git-fixes) - ibmvnic: Do not reset dql stats on NON_FATAL err (bsc#1212603 ltc#202604). - ice, xsk: Diversify return values from xsk_wakeup call paths (git-fixes). - ice: Do not double unplug aux on peer initiated reset (git-fixes). - ice: Do not use WQ_MEM_RECLAIM flag for workqueue (git-fixes). - ice: Fix DSCP PFC TLV creation (git-fixes). - ice: Fix XDP memory leak when NIC is brought up and down (git-fixes). - ice: Fix ice_xdp_xmit() when XDP TX queue number is not sufficient (git-fixes). - ice: Fix memory corruption in VF driver (git-fixes). - ice: Ignore EEXIST when setting promisc mode (git-fixes). - ice: Prevent set_channel from changing queues while RDMA active (git-fixes). - ice: Reset FDIR counter in FDIR init stage (git-fixes). - ice: add profile conflict check for AVF FDIR (git-fixes). - ice: block LAN in case of VF to VF offload (git-fixes). - ice: config netdev tc before setting queues number (git-fixes). - ice: copy last block omitted in ice_get_module_eeprom() (git-fixes). - ice: ethtool: Prohibit improper channel config for DCB (git-fixes). - ice: ethtool: advertise 1000M speeds properly (git-fixes). - ice: fix invalid check for empty list in ice_sched_assoc_vsi_to_agg() (git-fixes). - ice: fix wrong fallback logic for FDIR (git-fixes). - ice: handle E822 generic device ID in PLDM header (git-fixes). - ice: switch: fix potential memleak in ice_add_adv_recipe() (git-fixes). - ice: use bitmap_free instead of devm_kfree (git-fixes). - ice: xsk: use Rx ring's XDP ring when picking NAPI context (git-fixes). - ieee802154: hwsim: Fix possible memory leaks (git-fixes). - ifcvf/vDPA: fix misuse virtio-net device config size for blk dev (jsc#SLE-19253). - iio: accel: fxls8962af: errata bug only applicable for FXLS8962AF (git-fixes). - iio: accel: fxls8962af: fixup buffer scan element type (git-fixes). - iio: adc: ad7192: Fix internal/external clock selection (git-fixes). - iio: adc: ad7192: Fix null ad7192_state pointer access (git-fixes). - input: adxl34x - do not hardcode interrupt trigger type (git-fixes). - input: drv260x - fix typo in register value define (git-fixes). - input: drv260x - remove unused .reg_defaults (git-fixes). - input: drv260x - sleep between polling GO bit (git-fixes). - input: soc_button_array - add invalid acpi_index DMI quirk handling (git-fixes). - integrity: Fix possible multiple allocation in integrity_inode_get() (git-fixes). - irqchip/clps711x: Remove unused clps711x_intc_init() function (git-fixes). - irqchip/ftintc010: Mark all function static (git-fixes). - irqchip/jcore-aic: Fix missing allocation of IRQ descriptors (git-fixes). - kernel-docs: Use python3 together with python3-Sphinx (bsc#1212741). - mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0 (git-fixes). - media: cec: core: do not set last_initiator if tx in progress (git-fixes). - memory: brcmstb_dpfe: fix testing array offset after use (git-fixes). - meson saradc: fix clock divider mask length (git-fixes). - mfd: intel-lpss: Add missing check for platform_get_resource (git-fixes). - mfd: pm8008: Fix module autoloading (git-fixes). - mfd: rt5033: Drop rt5033-battery sub-device (git-fixes). - mfd: stmfx: Fix error path in stmfx_chip_init (git-fixes). - mfd: stmfx: Nullify stmfx->vdd in case of error (git-fixes). - mfd: stmpe: Only disable the regulators if they are enabled (git-fixes). - misc: fastrpc: Create fastrpc scalar with correct buffer count (git-fixes). - misc: pci_endpoint_test: Free IRQs before removing the device (git-fixes). - misc: pci_endpoint_test: Re-init completion for every test (git-fixes). - mlx5: do not use RT_TOS for IPv6 flowlabel (jsc#SLE-19253). - mmc: bcm2835: fix deferred probing (git-fixes). - mmc: meson-gx: remove redundant mmc_request_done() call from irq context (git-fixes). - mmc: mmci: Set PROBE_PREFER_ASYNCHRONOUS (git-fixes). - mmc: mmci: stm32: fix max busy timeout calculation (git-fixes). - mmc: mtk-sd: fix deferred probing (git-fixes). - mmc: mvsdio: fix deferred probing (git-fixes). - mmc: omap: fix deferred probing (git-fixes). - mmc: omap_hsmmc: fix deferred probing (git-fixes). - mmc: owl: fix deferred probing (git-fixes). - mmc: sdhci-acpi: fix deferred probing (git-fixes). - mmc: sdhci-msm: Disable broken 64-bit DMA on MSM8916 (git-fixes). - mmc: sdhci-spear: fix deferred probing (git-fixes). - mmc: sh_mmcif: fix deferred probing (git-fixes). - mmc: sunxi: fix deferred probing (git-fixes). - mmc: usdhi60rol0: fix deferred probing (git-fixes). - mtd: rawnand: meson: fix unaligned DMA buffers handling (git-fixes). - net/mlx5: Add forgotten cleanup calls into mlx5_init_once() error path (jsc#SLE-19253). - net/mlx5: Allow async trigger completion execution on single CPU systems (jsc#SLE-19253). - net/mlx5: Allow future addition of IPsec object modifiers (jsc#SLE-19253). - net/mlx5: Avoid false positive lockdep warning by adding lock_class_key (jsc#SLE-19253). - net/mlx5: Avoid recovery in probe flows (jsc#SLE-19253). - net/mlx5: Bridge, fix ageing of peer FDB entries (jsc#SLE-19253). - net/mlx5: Bridge, verify LAG state when adding bond to bridge (jsc#SLE-19253). - net/mlx5: DR, Check force-loopback RC QP capability independently from RoCE (jsc#SLE-19253). - net/mlx5: DR, Fix crc32 calculation to work on big-endian (BE) CPUs (jsc#SLE-19253). - net/mlx5: DR, Fix missing flow_source when creating multi-destination FW table (jsc#SLE-19253). - net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device (jsc#SLE-19253). - net/mlx5: Do not advertise IPsec netdev support for non-IPsec device (jsc#SLE-19253). - net/mlx5: Do not use already freed action pointer (jsc#SLE-19253). - net/mlx5: E-Switch, Fix an Oops in error handling code (jsc#SLE-19253). - net/mlx5: E-Switch, properly handle ingress tagged packets on VST (jsc#SLE-19253). - net/mlx5: E-switch, Create per vport table based on devlink encap mode (jsc#SLE-19253). - net/mlx5: E-switch, Do not destroy indirect table in split rule (jsc#SLE-19253). - net/mlx5: E-switch, Fix missing set of split_count when forward to ovs internal port (jsc#SLE-19253). - net/mlx5: E-switch, Fix setting of reserved fields on MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253). - net/mlx5: Enhance debug print in page allocation failure (jsc#SLE-19253). - net/mlx5: Fix FW tracer timestamp calculation (jsc#SLE-19253). - net/mlx5: Fix RoCE setting at HCA level (jsc#SLE-19253). - net/mlx5: Fix crash during sync firmware reset (jsc#SLE-19253). - net/mlx5: Fix error message when failing to allocate device memory (jsc#SLE-19253). - net/mlx5: Fix handling of entry refcount when command is not issued to FW (jsc#SLE-19253). - net/mlx5: Fix possible use-after-free in async command interface (jsc#SLE-19253). - net/mlx5: Fix ptp max frequency adjustment range (jsc#SLE-19253). - net/mlx5: Fix steering rules cleanup (jsc#SLE-19253). - net/mlx5: Fix uninitialized variable bug in outlen_write() (jsc#SLE-19253). - net/mlx5: Geneve, Fix handling of Geneve object id as error code (jsc#SLE-19253). - net/mlx5: Initialize flow steering during driver probe (jsc#SLE-19253). - net/mlx5: Read embedded cpu after init bit cleared (jsc#SLE-19253). - net/mlx5: Read the TC mapping of all priorities on ETS query (jsc#SLE-19253). - net/mlx5: Rearm the FW tracer after each tracer event (jsc#SLE-19253). - net/mlx5: SF, Drain health before removing device (jsc#SLE-19253). - net/mlx5: SF: Fix probing active SFs during driver probe phase (jsc#SLE-19253). - net/mlx5: Serialize module cleanup with reload and remove (jsc#SLE-19253). - net/mlx5: Wait for firmware to enable CRS before pci_restore_state (jsc#SLE-19253). - net/mlx5: add IFC bits for bypassing port select flow table (git-fixes) - net/mlx5: check attr pointer validity before dereferencing it (jsc#SLE-19253). - net/mlx5: correct ECE offset in query qp output (jsc#SLE-19253). - net/mlx5: fix missing mutex_unlock in mlx5_fw_fatal_reporter_err_work() (jsc#SLE-19253). - net/mlx5: fs, fail conflicting actions (jsc#SLE-19253). - net/mlx5: fw_tracer, Clear load bit when freeing string DBs buffers (jsc#SLE-19253). - net/mlx5: fw_tracer, Fix event handling (jsc#SLE-19253). - net/mlx5: fw_tracer, Zero consumer index when reloading the tracer (jsc#SLE-19253). - net/mlx5e: Always clear dest encap in neigh-update-del (jsc#SLE-19253). - net/mlx5e: Avoid false lock dependency warning on tc_ht even more (jsc#SLE-19253). - net/mlx5e: Block entering switchdev mode with ns inconsistency (jsc#SLE-19253). - net/mlx5e: Do not attach netdev profile while handling internal error (jsc#SLE-19253). - net/mlx5e: Do not increment ESN when updating IPsec ESN state (jsc#SLE-19253). - net/mlx5e: Do not support encap rules with gbp option (jsc#SLE-19253). - net/mlx5e: E-Switch, Fix comparing termination table instance (jsc#SLE-19253). - net/mlx5e: Extend SKB room check to include PTP-SQ (jsc#SLE-19253). - net/mlx5e: Fix MPLSoUDP encap to use MPLS action information (jsc#SLE-19253). - net/mlx5e: Fix SQ wake logic in ptp napi_poll context (jsc#SLE-19253). - net/mlx5e: Fix capability check for updating vnic env counters (jsc#SLE-19253). - net/mlx5e: Fix error handling in mlx5e_refresh_tirs (jsc#SLE-19253). - net/mlx5e: Fix hw mtu initializing at XDP SQ allocation (jsc#SLE-19253). - net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS (jsc#SLE-19253). - net/mlx5e: Fix use-after-free when reverting termination table (jsc#SLE-19253). - net/mlx5e: Fix wrong application of the LRO state (jsc#SLE-19253). - net/mlx5e: Fix wrong tc flag used when set hw-tc-offload off (jsc#SLE-19253). - net/mlx5e: IPoIB, Do not allow CQE compression to be turned on by default (jsc#SLE-19253). - net/mlx5e: IPoIB, Show unknown speed instead of error (jsc#SLE-19253). - net/mlx5e: Modify slow path rules to go to slow fdb (jsc#SLE-19253). - net/mlx5e: QoS, Fix wrongfully setting parent_element_id on MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253). - net/mlx5e: Set uplink rep as NETNS_LOCAL (jsc#SLE-19253). - net/mlx5e: TC, Fix ct_clear overwriting ct action metadata (jsc#SLE-19253). - net/mlx5e: Update rx ring hw mtu upon each rx-fcs flag change (jsc#SLE-19253). - net/mlx5e: Verify flow_source cap before using it (jsc#SLE-19253). - net/mlx5e: do as little as possible in napi poll when budget is 0 (jsc#SLE-19253). - net/mlx5e: kTLS, Fix build time constant test in RX (jsc#SLE-19253). - net/mlx5e: kTLS, Fix build time constant test in TX (jsc#SLE-19253). - net: mlx5: eliminate anonymous module_init & module_exit (jsc#SLE-19253). - nfcsim.c: Fix error checking for debugfs_create_dir (git-fixes). - nilfs2: fix buffer corruption due to concurrent device reads (git-fixes). - nvme-core: fix dev_pm_qos memleak (git-fixes). - nvme-core: fix memory leak in dhchap_ctrl_secret (git-fixes). - nvme-core: fix memory leak in dhchap_secret_store (git-fixes). - nvme-pci: add quirk for missing secondary temperature thresholds (git-fixes). - nvme: double KA polling frequency to avoid KATO with TBKAS on (git-fixes). - ocfs2: fix defrag path triggering jbd2 ASSERT (git-fixes). - ocfs2: fix freeing uninitialized resource on ocfs2_dlm_shutdown (git-fixes). - ocfs2: fix non-auto defrag path not working issue (git-fixes). - pci/aspm: Disable ASPM on MFD function removal to avoid use-after-free (git-fixes). - pci: Add pci_clear_master() stub for non-CONFIG_PCI (git-fixes). - pci: Release resource invalidated by coalescing (git-fixes). - pci: cadence: Fix Gen2 Link Retraining process (git-fixes). - pci: endpoint: Add missing documentation about the MSI/MSI-X range (git-fixes). - pci: ftpci100: Release the clock resources (git-fixes). - pci: pciehp: Cancel bringup sequence if card is not present (git-fixes). - pci: qcom: Disable write access to read only registers for IP v2.3.3 (git-fixes). - pci: rockchip: Add poll and timeout to wait for PHY PLLs to be locked (git-fixes). - pci: rockchip: Assert PCI Configuration Enable bit after probe (git-fixes). - pci: rockchip: Fix legacy IRQ generation for RK3399 PCIe endpoint core (git-fixes). - pci: rockchip: Set address alignment for endpoint mode (git-fixes). - pci: rockchip: Use u32 variable to access 32-bit registers (git-fixes). - pci: rockchip: Write PCI Device ID to correct register (git-fixes). - pci: vmd: Reset VMD config register between soft reboots (git-fixes). - pinctrl: at91-pio4: check return value of devm_kasprintf() (git-fixes). - pinctrl: cherryview: Return correct value if pin in push-pull mode (git-fixes). - pinctrl: microchip-sgpio: check return value of devm_kasprintf() (git-fixes). - platform/x86: think-lmi: Correct NVME password handling (git-fixes). - platform/x86: think-lmi: Correct System password interface (git-fixes). - platform/x86: think-lmi: mutex protection around multiple WMI calls (git-fixes). - platform/x86: thinkpad_acpi: Fix lkp-tests warnings for platform profiles (git-fixes). - pm: domains: fix integer overflow issues in genpd_parse_state() (git-fixes). - powerpc/64s/radix: Fix exit lazy tlb mm switch with irqs enabled (bsc#1194869). - powerpc/iommu: Limit number of TCEs to 512 for H_STUFF_TCE hcall (bsc#1194869 bsc#1212701). - powerpc/set_memory: Avoid spinlock recursion in change_page_attr() (bsc#1194869). - pstore/ram: Add check for kstrdup (git-fixes). - radeon: avoid double free in ci_dpm_init() (git-fixes). - rdma/bnxt_re: Avoid calling wake_up threads from spin_lock context (git-fixes) - rdma/bnxt_re: Disable/kill tasklet only if it is enabled (git-fixes) - rdma/bnxt_re: Fix to remove an unnecessary log (git-fixes) - rdma/bnxt_re: Fix to remove unnecessary return labels (git-fixes) - rdma/bnxt_re: Remove a redundant check inside bnxt_re_update_gid (git-fixes) - rdma/bnxt_re: Remove unnecessary checks (git-fixes) - rdma/bnxt_re: Return directly without goto jumps (git-fixes) - rdma/bnxt_re: Use unique names while registering interrupts (git-fixes) - rdma/bnxt_re: wraparound mbox producer index (git-fixes) - rdma/cma: Always set static rate to 0 for RoCE (git-fixes) - rdma/hns: Fix hns_roce_table_get return value (git-fixes) - rdma/irdma: avoid fortify-string warning in irdma_clr_wqes (git-fixes) - rdma/mlx5: Do not set tx affinity when lag is in hash mode (git-fixes) - rdma/mlx5: Fix affinity assignment (git-fixes) - rdma/mlx5: Initiate dropless RQ for RAW Ethernet functions (git-fixes) - rdma/mlx5: Rely on RoCE fw cap instead of devlink when setting profile (jsc#SLE-19253). - rdma/rtrs: Fix rxe_dealloc_pd warning (git-fixes) - rdma/rtrs: Fix the last iu->buf leak in err path (git-fixes) - rdma/rxe: Fix packet length checks (git-fixes) - rdma/rxe: Fix ref count error in check_rkey() (git-fixes) - rdma/rxe: Fix rxe_cq_post (git-fixes) - rdma/rxe: Fix the use-before-initialization error of resp_pkts (git-fixes) - rdma/rxe: Remove dangling declaration of rxe_cq_disable() (git-fixes) - rdma/rxe: Remove the unused variable obj (git-fixes) - rdma/rxe: Removed unused name from rxe_task struct (git-fixes) - rdma/uverbs: Restrict usage of privileged QKEYs (git-fixes) - rdma/vmw_pvrdma: Remove unnecessary check on wr->opcode (git-fixes) - regulator: core: Fix more error checking for debugfs_create_dir() (git-fixes). - regulator: core: Streamline debugfs operations (git-fixes). - regulator: helper: Document ramp_delay parameter of regulator_set_ramp_delay_regmap() (git-fixes). - rpm/check-for-config-changes: ignore also PAHOLE_HAS_* We now also have options like CONFIG_PAHOLE_HAS_LANG_EXCLUDE. - rtc: st-lpc: Release some resources in st_rtc_probe() in case of error (git-fixes). - s390/gmap: voluntarily schedule during key setting (git-fixes bsc#1212892). - s390/pkey: zeroize key blobs (git-fixes bsc#1212619). - serial: 8250: lock port for UART_IER access in omap8250_irq() (git-fixes). - serial: 8250: lock port for stop_rx() in omap8250_irq() (git-fixes). - serial: 8250: omap: Fix freeing of resources on failed register (git-fixes). - serial: 8250_omap: Use force_suspend and resume for system suspend (git-fixes). - serial: atmel: do not enable IRQs prematurely (git-fixes). - signal/s390: Use force_sigsegv in default_trap_handler (git-fixes bsc#1212861). - soc/fsl/qe: fix usb.c build errors (git-fixes). - soc: samsung: exynos-pmu: Re-introduce Exynos4212 support (git-fixes). - soundwire: dmi-quirks: add new mapping for HP Spectre x360 (git-fixes). - spi: dw: Round of n_bytes to power of 2 (git-fixes). - spi: lpspi: disable lpspi module irq in DMA mode (git-fixes). - spi: spi-geni-qcom: Correct CS_TOGGLE bit in SPI_TRANS_CFG (git-fixes). - test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation (git-fixes). - thermal/drivers/sun8i: Fix some error handling paths in sun8i_ths_probe() (git-fixes). - tracing/timer: Add missing hrtimer modes to decode_hrtimer_mode() (git-fixes). - tty: serial: imx: fix rs485 rx after tx (git-fixes). - tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error (git-fixes). - tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk (git-fixes). - usb: dwc3-meson-g12a: Fix an error handling path in dwc3_meson_g12a_probe() (git-fixes). - usb: dwc3: gadget: Propagate core init errors to UDC during pullup (git-fixes). - usb: dwc3: qcom: Fix an error handling path in dwc3_qcom_probe() (git-fixes). - usb: dwc3: qcom: Fix potential memory leak (git-fixes). - usb: dwc3: qcom: Release the correct resources in dwc3_qcom_remove() (git-fixes). - usb: gadget: u_serial: Add null pointer check in gserial_suspend (git-fixes). - usb: gadget: udc: fix NULL dereference in remove() (git-fixes). - usb: hide unused usbfs_notify_suspend/resume functions (git-fixes). - usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe() (git-fixes). - usb: xhci: Remove unused udev from xhci_log_ctx trace event (git-fixes). - usrmerge: Adjust module path in the kernel sources (bsc#1212835). - vdpa/mlx5: Directly assign memory key (jsc#SLE-19253). - vdpa/mlx5: Do not clear mr struct on destroy MR (jsc#SLE-19253). - vdpa/mlx5: Fix wrong configuration of virtio_version_1_0 (jsc#SLE-19253). - vdpa: Fix error logic in vdpa_nl_cmd_dev_get_doit (jsc#SLE-19253). - vhost_vdpa: support PACKED when setting-getting vring_base (jsc#SLE-19253). - w1: fix loop in w1_fini() (git-fixes). - w1: w1_therm: fix locking behavior in convert_t (git-fixes). - wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key() (git-fixes). - wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx (git-fixes). - wifi: ath9k: convert msecs to jiffies where needed (git-fixes). - wifi: ath9k: do not allow to overwrite ENDPOINT0 attributes (git-fixes). - wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation (git-fixes). - wifi: atmel: Fix an error handling path in atmel_probe() (git-fixes). - wifi: cfg80211: rewrite merging of inherited elements (git-fixes). - wifi: iwlwifi: mvm: indicate HW decrypt for beacon protection (git-fixes). - wifi: iwlwifi: pcie: fix NULL pointer dereference in iwl_pcie_irq_rx_msix_handler() (git-fixes). - wifi: iwlwifi: pull from TXQs with softirqs disabled (git-fixes). - wifi: mwifiex: Fix the size of a memory allocation in mwifiex_ret_802_11_scan() (git-fixes). - wifi: orinoco: Fix an error handling path in orinoco_cs_probe() (git-fixes). - wifi: orinoco: Fix an error handling path in spectrum_cs_probe() (git-fixes). - wifi: rsi: Do not configure WoWlan in shutdown hook if not enabled (git-fixes). - wifi: rsi: Do not set MMC_PM_KEEP_POWER in shutdown (git-fixes). - wifi: wilc1000: fix for absent RSN capabilities WFA testcase (git-fixes). - writeback: fix dereferencing NULL mapping->host on writeback_page_template (git-fixes). - x86/build: Avoid relocation information in final vmlinux (bsc#1187829). - x86/kprobes: Fix arch_check_optimized_kprobe check within optimized_kprobe range (git-fixes). - x86/mm: Fix RESERVE_BRK() for older binutils (git-fixes). - x86/mm: Fix use of uninitialized buffer in sme_enable() (git-fixes). - x86/sgx: Fix race between reclaimer and page fault handler (git-fixes). - x86/sgx: Mark PCMD page as dirty when modifying contents (git-fixes). - x86/xen: fix secondary processor fpu initialization (bsc#1212869). kernel-rt-5.14.21-150400.15.40.1.nosrc.rpm True kernel-rt-5.14.21-150400.15.40.1.x86_64.rpm True openSUSE-Leap-Micro-5.4-2023-2814 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for mozilla-nss fixes the following issues: mozilla-nss was updated to NSS 3.90: * Add a constant time select function * Updating an old dbm with lots of certs with keys to sql results in a database that is slow to access. * output early build errors by default * Update the technical constraints for KamuSM * Add BJCA Global Root CA1 and CA2 root certificates * Enable default UBSan Checks * Add explicit handling of zero length records * Tidy up DTLS ACK Error Handling Path * Refactor zero length record tests * Fix compiler warning via correct assert * run linux tests on nss-t/t-linux-xlarge-gcp * In FIPS mode, nss should reject RSASSA-PSS salt lengths larger than the output size of the hash function used, or provide an indicator * Fix reading raw negative numbers * Repairing unreachable code in clang built with gyp * Integrate Vale Curve25519 * Removing unused flags for Hacl* * Adding a better error message * Update HACL* till 51a72a953a4ee6f91e63b2816ae5c4e62edf35d6 * Fall back to the softokn when writing certificate trust * FIPS-104-3 requires we restart post programmatically * cmd/ecperf: fix dangling pointer warning on gcc 13 * Update ACVP dockerfile for compatibility with debian package changes * Add a CI task for tracking ECCKiila code status, update whitespace in ECCKiila files * Removed deprecated sprintf function and replaced with snprintf * fix rst warnings in nss doc * Fix incorrect pygment style * Change GYP directive to apply across platforms * Add libsmime3 abi-check exception for NSS_CMSSignerInfo_GetDigestAlgTag - Merge the libfreebl3-hmac and libsoftokn3-hmac packages into the respective libraries. (bsc#1185116) update to NSS 3.89.1 * Update the technical constraints for KamuSM. * Add BJCA Global Root CA1 and CA2 root certificates. update to NSS 3.89 * revert freebl/softoken RSA_MIN_MODULUS_BITS increase * PR_STATIC_ASSERT is cursed * Need to add policy control to keys lengths for signatures * Fix unreachable code warning in fuzz builds * Fix various compiler warnings in NSS * Enable various compiler warnings for clang builds * set PORT error after sftk_HMACCmp failure * Need to add policy control to keys lengths for signatures * remove data length assertion in sec_PKCS7Decrypt * Make high tag number assertion failure an error * CKM_SHA384_KEY_DERIVATION correction maximum key length from 284 to 384 * Tolerate certificate_authorities xtn in ClientHello * Fix build failure on Windows * migrate Win 2012 tasks to Azure * fix title length in doc * Add interop tests for HRR and PSK to GREASE suite * Add presence/absence tests for TLS GREASE * Correct addition of GREASE value to ALPN xtn * CH extension permutation * TLS GREASE (RFC8701) * improve handling of unknown PKCS#12 safe bag types * use a different treeherder symbol for each docker image build task * remove nested table in rst doc * Export NSS_CMSSignerInfo_GetDigestAlgTag * build failure while implicitly casting SECStatus to PRUInt32 update to NSS 3.88.1 * improve handling of unknown PKCS#12 safe bag types update to NSS 3.88 * remove nested table in rst doc * Export NSS_CMSSignerInfo_GetDigestAlgTag. * build failure while implicitly casting SECStatus to PRUInt32 * Add check for ClientHello SID max length * Added EarlyData ALPN test support to BoGo shim * ECH client - Discard resumption TLS < 1.3 Session(IDs|Tickets) if ECH configs are setup * On HRR skip PSK incompatible with negotiated ciphersuites hash algorithm * ECH client: Send ech_required alert on server negotiating TLS 1.2. Fixed misleading Gtest, enabled corresponding BoGo test * Added Bogo ECH rejection test support * Added ECH 0Rtt support to BoGo shim * RSA OAEP Wycheproof JSON * RSA decrypt Wycheproof JSON * ECDSA Wycheproof JSON * ECDH Wycheproof JSON * PKCS#1v1.5 wycheproof json * Use X25519 wycheproof json * Move scripts to python3 * Properly link FuzzingEngine for oss-fuzz. * Extending RSA-PSS bltest test coverage (Adding SHA-256 and SHA-384) * NSS needs to move off of DSA for integrity checks * Add initial testing with ACVP vector sets using acvp-rust * Don't clone libFuzzer, rely on clang instead update to NSS 3.87 * NULL password encoding incorrect * Fix rng stub signature for fuzzing builds * Updating the compiler parsing for build * Modification of supported compilers * tstclnt crashes when accessing gnutls server without a user cert in the database. * Add configuration option to enable source-based coverage sanitizer * Update ECCKiila generated files. * Add support for the LoongArch 64-bit architecture * add checks for zero-length RSA modulus to avoid memory errors and failed assertions later * Additional zero-length RSA modulus checks update to NSS 3.86 * conscious language removal in NSS * Set nssckbi version number to 2.60 * Set CKA_NSS_SERVER_DISTRUST_AFTER and CKA_NSS_EMAIL_DISTRUST_AFTER for 3 TrustCor Root Certificates * Remove Staat der Nederlanden EV Root CA from NSS * Remove EC-ACC root cert from NSS * Remove SwissSign Platinum CA - G2 from NSS * Remove Network Solutions Certificate Authority * compress docker image artifact with zstd * Migrate nss from AWS to GCP * Enable static builds in the CI * Removing SAW docker from the NSS build system * Initialising variables in the rsa blinding code * Implementation of the double-signing of the message for ECDSA * Adding exponent blinding for RSA. update to NSS 3.85 * Modification of the primes.c and dhe-params.c in order to have better looking tables * Update zlib in NSS to 1.2.13 * Skip building modutil and shlibsign when building in Firefox * Use __STDC_VERSION__ rather than __STDC__ as a guard * Remove redundant variable definitions in lowhashtest * Add note about python executable to build instructions. update to NSS 3.84 * Bump minimum NSPR version to 4.35 * Add a flag to disable building libnssckbi. update to NSS 3.83 * Remove set-but-unused variables from SEC_PKCS12DecoderValidateBags * Set nssckbi version number to 2.58 * Add two SECOM root certificates to NSS * Add two DigitalSign root certificates to NSS * Remove Camerfirma Global Chambersign Root from NSS * Added bug reference and description to disabled UnsolicitedServerNameAck bogo ECH test * Removed skipping of ECH on equality of private and public server name * Added comment and bug reference to ECHRandomHRRExtension bogo test * Added Bogo shim client HRR test support. Fixed overwriting of CHInner.random on HRR * Added check for server only sending ECH extension with retry configs in EncryptedExtensions and if not accepting ECH. Changed config setting behavior to skip configs with unsupported mandatory extensions instead of failing * Added ECH client support to BoGo shim. Changed CHInner creation to skip TLS 1.2 only extensions to comply with BoGo * Added ECH server support to BoGo shim. Fixed NSS ECH server accept_confirmation bugs * Update BoGo tests to recent BoringSSL version * Bump minimum NSPR version to 4.34.1 update to NSS 3.82 * check for null template in sec_asn1{d,e}_push_state * QuickDER: Forbid NULL tags with non-zero length * Initialize local variables in TlsConnectTestBase::ConnectAndCheckCipherSuite * Cast the result of GetProcAddress * pk11wrap: Tighten certificate lookup based on PKCS #11 URI. update to NSS 3.81 * Enable aarch64 hardware crypto support on OpenBSD * make NSS_SecureMemcmp 0/1 valued * Add no_application_protocol alert handler and test client error code is set * Gracefully handle null nickname in CERT_GetCertNicknameWithValidity * required for Firefox 104 - raised NSPR requirement to 4.34.1 - changing some Requires from (pre) to generic as (pre) is not sufficient (bsc#1202118) update to NSS 3.80 * Fix SEC_ERROR_ALGORITHM_MISMATCH entry in SECerrs.h. * Add support for asynchronous client auth hooks. * nss-policy-check: make unknown keyword check optional. * GatherBuffer: Reduced plaintext buffer allocations by allocating it on initialization. Replaced redundant code with assert. Debug builds: Added buffer freeing/allocation for each record. * Mark 3.79 as an ESR release. * Bump nssckbi version number for June. * Remove Hellenic Academic 2011 Root. * Add E-Tugra Roots. * Add Certainly Roots. * Add DigitCert Roots. * Protect SFTKSlot needLogin with slotLock. * Compare signature and signatureAlgorithm fields in legacy certificate verifier. * Uninitialized value in cert_VerifyCertChainOld. * Unchecked return code in sec_DecodeSigAlg. * Uninitialized value in cert_ComputeCertType. * Avoid data race on primary password change. * Replace ppc64 dcbzl intrinisic. * Allow LDFLAGS override in makefile builds. libfreebl3-3.90-150400.3.32.1.x86_64.rpm libsoftokn3-3.90-150400.3.32.1.x86_64.rpm mozilla-nss-3.90-150400.3.32.1.src.rpm mozilla-nss-3.90-150400.3.32.1.x86_64.rpm mozilla-nss-certs-3.90-150400.3.32.1.x86_64.rpm mozilla-nss-tools-3.90-150400.3.32.1.x86_64.rpm libfreebl3-3.90-150400.3.32.1.s390x.rpm libsoftokn3-3.90-150400.3.32.1.s390x.rpm mozilla-nss-3.90-150400.3.32.1.s390x.rpm mozilla-nss-certs-3.90-150400.3.32.1.s390x.rpm mozilla-nss-tools-3.90-150400.3.32.1.s390x.rpm libfreebl3-3.90-150400.3.32.1.aarch64.rpm libsoftokn3-3.90-150400.3.32.1.aarch64.rpm mozilla-nss-3.90-150400.3.32.1.aarch64.rpm mozilla-nss-certs-3.90-150400.3.32.1.aarch64.rpm mozilla-nss-tools-3.90-150400.3.32.1.aarch64.rpm