openSUSE-Leap-Micro-5.4-2023-1913 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for libslirp and slirp4netns fixes the following issues: libslirp was updated to version 4.7.0+44 (current git master): * Fix vmstate regression * Align outgoing packets * Bump incoming packet alignment to 8 bytes * vmstate: only enable when building under GNU C * ncsitest: Fix build with msvc * Separate out SLIRP_PACKED to SLIRP_PACKED_BEGIN/END * ncsi: Add Mellanox Get Mac Address handler * slirp: Add out-of-band ethernet address * ncsi: Add OEM command handler * ncsi: Add basic test for Get Version ID response * ncsi: Use response header for payload length * ncsi: Pass command header to response handlers * ncsi: Add Get Version ID command * ncsi: Pass Slirp structure to response handlers * slirp: Add manufacturer's ID Release v4.7.0 * slirp: invoke client callback before creating timers * pingtest: port to timer_new_opaque * introduce timer_new_opaque callback * introduce slirp_timer_new wrapper * icmp6: make ndp_send_ra static * socket: Handle ECONNABORTED from recv * bootp: fix g_str_has_prefix warning/critical * slirp: Don't duplicate packet in tcp_reass * Rename insque/remque -> slirp_[ins|rem]que * mbuf: Use SLIRP_DEBUG to enable mbuf debugging instead of DEBUG * Replace inet_ntoa() with safer inet_ntop() * Add VMS_END marker * bootp: add support for UEFI HTTP boot * IPv6 DNS proxying support * Add missing scope_id in caching * socket: Move closesocket(so->s_aux) to sofree * socket: Check so_type instead of so_tcpcb for Unix-to-inet translation * socket: Add s_aux field to struct socket for storing auxilliary socket * socket: Initialize so_type in socreate * socket: Allocate Unix-to-TCP hostfwd port from OS by binding to port 0 * Allow to disable internal DHCP server * slirp_pollfds_fill: Explain why dividing so_snd.sb_datalen by two * CI: run integration tests with slirp4netns * socket: Check address family for Unix-to-inet accept translation * socket: Add debug args for tcpx_listen (inet and Unix sockets) * socket: Restore original definition of fhost * socket: Move <sys/un.h> include to socket.h * Support Unix sockets in hostfwd * resolv: fix IPv6 resolution on Darwin * Use the exact sockaddr size in getnameinfo call * Initialize sin6_scope_id to zero * slirp_socketpair_with_oob: Connect pair through 127.0.0.1 * resolv: fix memory leak when using libresolv * pingtest: Add a trivial ping test * icmp: Support falling back on trying a SOCK_RAW socket Update to version 4.6.1+7: * Haiku: proper path to resolv.conf for DNS server * Fix for Haiku * dhcp: Always send DHCP_OPT_LEN bytes in options Update to version 4.6.1: * Fix "DHCP broken in libslirp v4.6.0" Update to version 4.6.0: * udp: check upd_input buffer size * tftp: introduce a header structure * tftp: check tftp_input buffer size * upd6: check udp6_input buffer size * bootp: check bootp_input buffer size * bootp: limit vendor-specific area to input packet memory buffer Update to version 4.4.0: * socket: consume empty packets * slirp: check pkt_len before reading protocol header * Add DNS resolving for iOS * sosendoob: better document what urgc is used for * TCPIPHDR_DELTA: Fix potential negative value * udp, udp6, icmp, icmp6: Enable forwarding errors on Linux * icmp, icmp6: Add icmp_forward_error and icmp6_forward_error * udp, udp6, icmp: handle TTL value * ip_stripoptions use memmove slirp4netns was updated to 1.2.0: * Add slirp4netns --target-type=bess /path/to/bess.sock for supporting UML (#281) * Explicitly support DHCP (#270) * Update parson to v1.1.3 (#273) kgabis/parson@70dc239...2d7b3dd Update to version 1.1.11: * Add --macaddress option to specify the MAC address of the tap interface. * Updated the man page. Update to version 1.1.8: Update to 1.0.0: * --enable-sandbox is now out of experimental libslirp-4.7.0+44-150300.15.2.src.rpm libslirp0-4.7.0+44-150300.15.2.x86_64.rpm slirp4netns-1.2.0-150300.8.5.2.src.rpm slirp4netns-1.2.0-150300.8.5.2.x86_64.rpm libslirp0-4.7.0+44-150300.15.2.s390x.rpm slirp4netns-1.2.0-150300.8.5.2.s390x.rpm libslirp0-4.7.0+44-150300.15.2.aarch64.rpm slirp4netns-1.2.0-150300.8.5.2.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-716 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for rt-tests fixes the following issues: Version update from 2.2 to 2.4 (jsc#SLE-23995): - Add aarch64 support for oslat - Add the `--default-system` option in cyclictest This runs cyclictest without attempting any tuning. Power management is not suppressed so cyclictest measures the system as it is configured. This may result in worse realtime behaviour, but is sometimes what you are trying to measure. - Fix parsing of affinity when there is a space - Fixes in cyclicdeadline and deadline_test to prevent double mounting of cgroups - Fixes in cyclictest to address memory access violation issues for verbose with no affinity mask - hwlatdetect: Add option to specify cpumask - Increase the buf size to 2048 when parse cpuinfo - oslat: Print offending cpu number when above threshold - rt-numa: ignore runtime cpumask if '-a CPULIST' is specified - Significant clean-ups and fixes to hwlatdetect - For the complete list of changes you can consult: * 2.4: https://lore.kernel.org/linux-rt-users/20220708150017.13462-1-jkacur@redhat.com/ * 2.3: https://lore.kernel.org/linux-rt-users/20211210184649.11084-1-jkacur@redhat.com/ - Backport runtime fixes from upcomming release: * Fix threads being affined even when '-a' isn't set when using cyclictest * Remove arbitrary num of threads limits * Add error checking to connect and getsockname * Update hwlatdetect to integer division to prevent an error when calculating width, which assumes an integer rt-tests-2.4-150400.3.3.1.src.rpm rt-tests-2.4-150400.3.3.1.x86_64.rpm openSUSE-Leap-Micro-5.4-2023-658 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for cloud-netconfig fixes the following issues: - Update to version 1.7: + Overhaul policy routing setup + Support alias IPv4 ranges + Add support for NetworkManager (bsc#1204549) + Remove dependency on netconfig + Install into libexec directory + Clear stale ifcfg files for accelerated NICs (bsc#1199853) + More debug messages + Documentation update - /etc/netconfig.d/ moved to /usr/libexec/netconfig/netconfig.d/ in Tumbleweed, update path cloud-netconfig-azure-1.7-150000.25.8.1.noarch.rpm cloud-netconfig-azure-1.7-150000.25.8.1.src.rpm cloud-netconfig-ec2-1.7-150000.25.8.1.noarch.rpm cloud-netconfig-ec2-1.7-150000.25.8.1.src.rpm cloud-netconfig-gce-1.7-150000.25.8.1.noarch.rpm cloud-netconfig-gce-1.7-150000.25.8.1.src.rpm openSUSE-Leap-Micro-5.4-2023-713 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for suse-build-key fixes the following issues: This update provides multiple new 4096 RSA keys for SUSE Linux Enterprise 15, SUSE Manager 4.2/4.3, Storage 7.1, SUSE Registry) that we will switch to mid of 2023. (jsc#PED-2777) - gpg-pubkey-3fa1d6ce-63c9481c.asc: new 4096 RSA signing key for SUSE Linux Enterprise (RPM and repositories). - gpg-pubkey-d588dc46-63c939db.asc: new 4096 RSA reserve key for SUSE Linux Enterprise (RPM and repositories). - suse_ptf_key_4096.asc: new 4096 RSA signing key for PTF packages. - build-container-8fd6c337-63c94b45.asc/build-container-8fd6c337-63c94b45.pem: New RSA 4096 key for the SUSE registry registry.suse.com, installed as suse-container-key-2023.pem and suse-container-key-2023.asc - suse_ptf_containerkey_2023.asc suse_ptf_containerkey_2023.pem: New PTF container signing key for registry.suse.com/ptf/ space. suse-build-key-12.0-150000.8.31.1.noarch.rpm suse-build-key-12.0-150000.8.31.1.src.rpm openSUSE-Leap-Micro-5.4-2023-622 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for tcl fixes the following issues: - Fix string compare -length on big endian and improve string equal on little endian. (bsc#1206623) tcl-8.6.12-150300.14.9.1.src.rpm tcl-8.6.12-150300.14.9.1.x86_64.rpm tcl-8.6.12-150300.14.9.1.s390x.rpm tcl-8.6.12-150300.14.9.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-756 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for libappindicator fixes the following issues: - Provide compatibility symbol required by Slack RPM package (bsc#1207112) libappindicator3-1-12.10.1+bzr20170215-150200.3.3.1.x86_64.rpm libappindicator3-12.10.1+bzr20170215-150200.3.3.1.src.rpm typelib-1_0-AppIndicator3-0_1-12.10.1+bzr20170215-150200.3.3.1.x86_64.rpm libappindicator3-1-12.10.1+bzr20170215-150200.3.3.1.s390x.rpm typelib-1_0-AppIndicator3-0_1-12.10.1+bzr20170215-150200.3.3.1.s390x.rpm libappindicator3-1-12.10.1+bzr20170215-150200.3.3.1.aarch64.rpm typelib-1_0-AppIndicator3-0_1-12.10.1+bzr20170215-150200.3.3.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-1586 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for nfs-utils fixes the following issues: - Rename all drop-in options.conf files as 10-options.conf This makes it easier for other packages to over-ride with a drop-in with a later sequence number (bsc#1207843) - Avoid modprobe errors when sysctl is not installed (bsc#1200710 bsc#1207022 bsc#1206781) - Add "-S scope" option to rpc.nfsd to simplify fail-over cluster configuration (bsc#1203746) nfs-client-2.1.1-150100.10.32.1.x86_64.rpm nfs-kernel-server-2.1.1-150100.10.32.1.x86_64.rpm nfs-utils-2.1.1-150100.10.32.1.src.rpm nfs-client-2.1.1-150100.10.32.1.s390x.rpm nfs-kernel-server-2.1.1-150100.10.32.1.s390x.rpm nfs-client-2.1.1-150100.10.32.1.aarch64.rpm nfs-kernel-server-2.1.1-150100.10.32.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-1670 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for cpupower fixes the following issues: - Replace error with a warning if perf is unavailable (bsc#1202890) cpupower-5.14-150400.3.3.1.src.rpm cpupower-5.14-150400.3.3.1.x86_64.rpm libcpupower0-5.14-150400.3.3.1.x86_64.rpm cpupower-5.14-150400.3.3.1.s390x.rpm libcpupower0-5.14-150400.3.3.1.s390x.rpm cpupower-5.14-150400.3.3.1.aarch64.rpm libcpupower0-5.14-150400.3.3.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-714 important SUSE Updates openSUSE-Leap-Micro 5.4 This update for rpm fixes the following issues: - Fix missing python(abi) for 3.XX versions (bsc#1207294) python-rpm-4.14.3-150300.55.1.src.rpm python3-rpm-4.14.3-150300.55.1.x86_64.rpm rpm-4.14.3-150300.55.1.src.rpm rpm-4.14.3-150300.55.1.x86_64.rpm rpm-ndb-4.14.3-150300.55.1.src.rpm rpm-ndb-4.14.3-150300.55.1.x86_64.rpm python3-rpm-4.14.3-150300.55.1.s390x.rpm rpm-4.14.3-150300.55.1.s390x.rpm rpm-ndb-4.14.3-150300.55.1.s390x.rpm python3-rpm-4.14.3-150300.55.1.aarch64.rpm rpm-4.14.3-150300.55.1.aarch64.rpm rpm-ndb-4.14.3-150300.55.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-1668 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for firewalld fixes the following issues: - Fix `firewall-offline-cmd` command failing with error (bsc#1206928) firewalld-0.9.3-150400.8.9.1.noarch.rpm firewalld-0.9.3-150400.8.9.1.src.rpm python3-firewall-0.9.3-150400.8.9.1.noarch.rpm openSUSE-Leap-Micro-5.4-2023-795 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for docker fixes the following issues: Docker was updated to 20.10.23-ce. See upstream changelog at https://docs.docker.com/engine/release-notes/#201023 Docker was updated to 20.10.21-ce (bsc#1206065) See upstream changelog at https://docs.docker.com/engine/release-notes/#201021 Security issues fixed: - CVE-2022-36109: Fixed supplementary group permissions bypass (bsc#1205375) - Fix wrong After: in docker.service, fixes bsc#1188447 - Add apparmor-parser as a Recommends to make sure that most users will end up with it installed even if they are primarily running SELinux. - Allow to install container-selinux instead of apparmor-parser. - Change to using systemd-sysusers Updating docker will restart the docker service, which may stop some of your docker containers. Do you want to proceed with the update? docker-20.10.23_ce-150000.175.1.src.rpm docker-20.10.23_ce-150000.175.1.x86_64.rpm docker-20.10.23_ce-150000.175.1.s390x.rpm docker-20.10.23_ce-150000.175.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-1581 important SUSE Updates openSUSE-Leap-Micro 5.4 This update for ceph fixes the following issues: Security issues fixed: - CVE-2022-0670: Fixed user/tenant read/write access to an entire file system (bsc#1201837). - CVE-2022-3650: Fixed Python script that allowed privilege escalation from ceph to root (bsc#1204430). - CVE-2022-3854: Fixed possible DoS issue in ceph URL processing on RGW backends (bsc#1205025). Bug fixes: - osd, tools, kv: non-aggressive, on-line trimming of accumulated dups (bsc#1199183). - ceph-volume: fix fast device alloc size on mulitple device (bsc#1200262). - cephadm: update monitoring container images (bsc#1200501). - mgr/dashboard: prevent alert redirect (bsc#1200978). - mgr/volumes: Add subvolumegroup resize cmd (bsc#1201797). - monitoring/ceph-mixin: add RGW host to label info (bsc#1201976). - mgr/dashboard: enable addition of custom Prometheus alerts (bsc#1202077). - python-common: Add 'KB' to supported suffixes in SizeMatcher (bsc#1203375). - mgr/dashboard: fix rgw connect when using ssl (bsc#1205436). - ceph.spec.in: Add -DFMT_DEPRECATED_OSTREAM to CXXFLAGS (bsc#1202292). - cephfs-shell: move source to separate subdirectory (bsc#1201604). Fix in previous release: - mgr/cephadm: try to get FQDN for configuration files (bsc#1196046). - When an RBD is mapped, it is attempted to be deployed as an OSD. (bsc#1187748). - OSD marked down causes wrong backfill_toofull (bsc#1188911). - cephadm: Fix iscsi client caps (allow mgr <service status> calls) (bsc#1192838). - mgr/cephadm: fix and improve osd draining (bsc#1200317). - add iscsi and nfs to upgrade process (bsc#1206158). - mgr/mgr_module.py: CLICommand: Fix parsing of kwargs arguments (bsc#1192840). ceph-16.2.11.58+g38d6afd3b78-150400.3.6.1.src.rpm librados2-16.2.11.58+g38d6afd3b78-150400.3.6.1.x86_64.rpm librbd1-16.2.11.58+g38d6afd3b78-150400.3.6.1.x86_64.rpm librados2-16.2.11.58+g38d6afd3b78-150400.3.6.1.aarch64.rpm librbd1-16.2.11.58+g38d6afd3b78-150400.3.6.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-875 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for sg3_utils fixes the following issues: - Speed large multipath scans (bsc#1207706) libsgutils2-1_47-2-1.47+13.75d23ac-150400.3.6.1.x86_64.rpm sg3_utils-1.47+13.75d23ac-150400.3.6.1.src.rpm sg3_utils-1.47+13.75d23ac-150400.3.6.1.x86_64.rpm libsgutils2-1_47-2-1.47+13.75d23ac-150400.3.6.1.s390x.rpm sg3_utils-1.47+13.75d23ac-150400.3.6.1.s390x.rpm libsgutils2-1_47-2-1.47+13.75d23ac-150400.3.6.1.aarch64.rpm sg3_utils-1.47+13.75d23ac-150400.3.6.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-1636 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for suse-module-tools fixes the following issues: - Update to version 15.4.16: * modprobe.conf: s390x: remove softdep on fbcon (bsc#1207853) suse-module-tools-15.4.16-150400.3.8.1.src.rpm suse-module-tools-15.4.16-150400.3.8.1.x86_64.rpm suse-module-tools-15.4.16-150400.3.8.1.s390x.rpm suse-module-tools-15.4.16-150400.3.8.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-807 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for salt fixes the following issues: - Fix problem with detecting PTF packages (bsc#1208691) - Fix pkg.version_cmp on openEuler systems and a few other OS flavors - Make pkg.remove function from zypperpkg module to handle also PTF packages python3-salt-3004-150400.8.25.1.x86_64.rpm True salt-3004-150400.8.25.1.src.rpm True salt-3004-150400.8.25.1.x86_64.rpm True salt-minion-3004-150400.8.25.1.x86_64.rpm True salt-transactional-update-3004-150400.8.25.1.x86_64.rpm True python3-salt-3004-150400.8.25.1.s390x.rpm True salt-3004-150400.8.25.1.s390x.rpm True salt-minion-3004-150400.8.25.1.s390x.rpm True salt-transactional-update-3004-150400.8.25.1.s390x.rpm True python3-salt-3004-150400.8.25.1.aarch64.rpm True salt-3004-150400.8.25.1.aarch64.rpm True salt-minion-3004-150400.8.25.1.aarch64.rpm True salt-transactional-update-3004-150400.8.25.1.aarch64.rpm True openSUSE-Leap-Micro-5.4-2023-1686 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for libmicrohttpd fixes the following issues: - CVE-2023-27371: Fixed a parser bug that could be used to crash servers using the MHD_PostProcessor (bsc#1208745). libmicrohttpd-0.9.57-150000.3.3.1.src.rpm libmicrohttpd12-0.9.57-150000.3.3.1.x86_64.rpm libmicrohttpd12-0.9.57-150000.3.3.1.s390x.rpm libmicrohttpd12-0.9.57-150000.3.3.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-1718 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) glibc-2.31-150300.46.1.src.rpm glibc-2.31-150300.46.1.x86_64.rpm glibc-devel-2.31-150300.46.1.x86_64.rpm glibc-locale-2.31-150300.46.1.x86_64.rpm glibc-locale-base-2.31-150300.46.1.x86_64.rpm glibc-2.31-150300.46.1.s390x.rpm glibc-devel-2.31-150300.46.1.s390x.rpm glibc-locale-2.31-150300.46.1.s390x.rpm glibc-locale-base-2.31-150300.46.1.s390x.rpm glibc-2.31-150300.46.1.aarch64.rpm glibc-devel-2.31-150300.46.1.aarch64.rpm glibc-locale-2.31-150300.46.1.aarch64.rpm glibc-locale-base-2.31-150300.46.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-668 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for libX11 fixes the following issues: - Fixed a regression introduced with security update for CVE-2022-3555 (bsc#1204425, bsc#1208881) libX11-1.6.5-150000.3.27.1.src.rpm libX11-6-1.6.5-150000.3.27.1.x86_64.rpm libX11-data-1.6.5-150000.3.27.1.noarch.rpm libX11-xcb1-1.6.5-150000.3.27.1.x86_64.rpm libX11-6-1.6.5-150000.3.27.1.s390x.rpm libX11-xcb1-1.6.5-150000.3.27.1.s390x.rpm libX11-6-1.6.5-150000.3.27.1.aarch64.rpm libX11-xcb1-1.6.5-150000.3.27.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-868 important SUSE Updates openSUSE-Leap-Micro 5.4 This update for python3 fixes the following issues: - CVE-2023-24329: Fixed a blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters (bsc#1208471). The following non-security bug was fixed: - Eliminate unnecessary and dangerous calls to PyThread_exit_thread() (bsc#1203355). libpython3_6m1_0-3.6.15-150300.10.45.1.x86_64.rpm python3-3.6.15-150300.10.45.1.src.rpm python3-3.6.15-150300.10.45.1.x86_64.rpm python3-base-3.6.15-150300.10.45.1.x86_64.rpm python3-core-3.6.15-150300.10.45.1.src.rpm libpython3_6m1_0-3.6.15-150300.10.45.1.s390x.rpm python3-3.6.15-150300.10.45.1.s390x.rpm python3-base-3.6.15-150300.10.45.1.s390x.rpm libpython3_6m1_0-3.6.15-150300.10.45.1.aarch64.rpm python3-3.6.15-150300.10.45.1.aarch64.rpm python3-base-3.6.15-150300.10.45.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-1298 important SUSE Updates openSUSE-Leap-Micro 5.4 This update for ndctl fixes the following issues: - Fix parsing of environment variable NDCTL_TIMEOUT (bsc#1208548) libndctl6-71.1-150400.10.3.1.x86_64.rpm ndctl-71.1-150400.10.3.1.src.rpm openSUSE-Leap-Micro-5.4-2023-781 important SUSE Updates openSUSE-Leap-Micro 5.4 This update for vim fixes the following issues: - CVE-2023-0512: Fixed a divide By Zero (bsc#1207780). - CVE-2023-1175: vim: an incorrect calculation of buffer size (bsc#1208957). - CVE-2023-1170: Fixed a heap-based Buffer Overflow (bsc#1208959). - CVE-2023-1127: Fixed divide by zero in scrolldown() (bsc#1208828). Updated to version 9.0 with patch level 1386. - https://github.com/vim/vim/compare/v9.0.1234...v9.0.1386 vim-9.0.1386-150000.5.37.1.src.rpm vim-data-common-9.0.1386-150000.5.37.1.noarch.rpm vim-small-9.0.1386-150000.5.37.1.x86_64.rpm vim-small-9.0.1386-150000.5.37.1.s390x.rpm vim-small-9.0.1386-150000.5.37.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-743 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for gnutls fixes the following issues: FIPS: Establish PBKDF2 additional requirements [bsc#1209001] * Set the minimum output key length to 112 bits (FIPS 140-3 IG D.N) * Set the minimum salt length to 128 bits (SP 800-132 sec. 5.1) * Set the minimum iterations count to 1000 (SP 800-132 sec 5.2) * Set the minimum passlen of 20 characters (SP SP800-132 sec 5) * Add regression tests for the new PBKDF2 requirements. gnutls-3.7.3-150400.4.35.1.src.rpm gnutls-3.7.3-150400.4.35.1.x86_64.rpm libgnutls30-3.7.3-150400.4.35.1.x86_64.rpm libgnutls30-hmac-3.7.3-150400.4.35.1.x86_64.rpm gnutls-3.7.3-150400.4.35.1.s390x.rpm libgnutls30-3.7.3-150400.4.35.1.s390x.rpm libgnutls30-hmac-3.7.3-150400.4.35.1.s390x.rpm gnutls-3.7.3-150400.4.35.1.aarch64.rpm libgnutls30-3.7.3-150400.4.35.1.aarch64.rpm libgnutls30-hmac-3.7.3-150400.4.35.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-782 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for libgcrypt fixes the following issues: - FIPS: ECC: Transition to error-state if PCT fail [bsc#1208925] - FIPS: ECDSA: Avoid no-keytest in ECDSA keygen [bsc#1208924] - FIPS: PBKDF2: Added additional checks for the minimum key length, salt length, iteration count and passphrase length to the kdf FIPS indicator in _gcry_fips_indicator_kdf() [bsc#1208926] libgcrypt-1.9.4-150400.6.8.1.src.rpm libgcrypt20-1.9.4-150400.6.8.1.x86_64.rpm libgcrypt20-hmac-1.9.4-150400.6.8.1.x86_64.rpm libgcrypt20-1.9.4-150400.6.8.1.s390x.rpm libgcrypt20-hmac-1.9.4-150400.6.8.1.s390x.rpm libgcrypt20-1.9.4-150400.6.8.1.aarch64.rpm libgcrypt20-hmac-1.9.4-150400.6.8.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-879 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for qemu fixes the following issues: - CVE-2021-3507: Fixed heap buffer overflow in DMA read data transfers in fdc (bsc#1185000). - CVE-2020-14394: Fixed infinite loop in xhci_ring_chain_length() (bsc#1180207). qemu-6.2.0-150400.37.14.2.src.rpm qemu-6.2.0-150400.37.14.2.x86_64.rpm qemu-accel-tcg-x86-6.2.0-150400.37.14.2.x86_64.rpm qemu-audio-spice-6.2.0-150400.37.14.2.x86_64.rpm qemu-chardev-spice-6.2.0-150400.37.14.2.x86_64.rpm qemu-guest-agent-6.2.0-150400.37.14.2.x86_64.rpm qemu-hw-display-qxl-6.2.0-150400.37.14.2.x86_64.rpm qemu-hw-display-virtio-gpu-6.2.0-150400.37.14.2.x86_64.rpm qemu-hw-display-virtio-vga-6.2.0-150400.37.14.2.x86_64.rpm qemu-hw-usb-redirect-6.2.0-150400.37.14.2.x86_64.rpm qemu-ipxe-1.0.0+-150400.37.14.2.noarch.rpm qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.14.2.noarch.rpm qemu-sgabios-8-150400.37.14.2.noarch.rpm qemu-tools-6.2.0-150400.37.14.2.x86_64.rpm qemu-ui-opengl-6.2.0-150400.37.14.2.x86_64.rpm qemu-ui-spice-core-6.2.0-150400.37.14.2.x86_64.rpm qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.14.2.noarch.rpm qemu-x86-6.2.0-150400.37.14.2.x86_64.rpm qemu-6.2.0-150400.37.14.2.s390x.rpm qemu-audio-spice-6.2.0-150400.37.14.2.s390x.rpm qemu-chardev-spice-6.2.0-150400.37.14.2.s390x.rpm qemu-guest-agent-6.2.0-150400.37.14.2.s390x.rpm qemu-hw-display-qxl-6.2.0-150400.37.14.2.s390x.rpm qemu-hw-display-virtio-gpu-6.2.0-150400.37.14.2.s390x.rpm qemu-hw-display-virtio-vga-6.2.0-150400.37.14.2.s390x.rpm qemu-hw-usb-redirect-6.2.0-150400.37.14.2.s390x.rpm qemu-s390x-6.2.0-150400.37.14.2.s390x.rpm qemu-tools-6.2.0-150400.37.14.2.s390x.rpm qemu-ui-opengl-6.2.0-150400.37.14.2.s390x.rpm qemu-ui-spice-core-6.2.0-150400.37.14.2.s390x.rpm qemu-6.2.0-150400.37.14.2.aarch64.rpm qemu-arm-6.2.0-150400.37.14.2.aarch64.rpm qemu-audio-spice-6.2.0-150400.37.14.2.aarch64.rpm qemu-chardev-spice-6.2.0-150400.37.14.2.aarch64.rpm qemu-guest-agent-6.2.0-150400.37.14.2.aarch64.rpm qemu-hw-display-qxl-6.2.0-150400.37.14.2.aarch64.rpm qemu-hw-display-virtio-gpu-6.2.0-150400.37.14.2.aarch64.rpm qemu-hw-display-virtio-vga-6.2.0-150400.37.14.2.aarch64.rpm qemu-hw-usb-redirect-6.2.0-150400.37.14.2.aarch64.rpm qemu-tools-6.2.0-150400.37.14.2.aarch64.rpm qemu-ui-opengl-6.2.0-150400.37.14.2.aarch64.rpm qemu-ui-spice-core-6.2.0-150400.37.14.2.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-848 important SUSE Updates openSUSE-Leap-Micro 5.4 This update for xen fixes the following issues: - CVE-2022-42332: Fixed use-after-free in x86 shadow plus log-dirty mode (bsc#1209017). - CVE-2022-42333,CVE-2022-42334: Fixed x86/HVM pinned cache attributes mis-handling (bsc#1209018). - CVE-2022-42331: Fixed speculative vulnerability in 32bit SYSCALL path on x86 (bsc#1209019). xen-4.16.3_06-150400.4.25.1.src.rpm True xen-libs-4.16.3_06-150400.4.25.1.x86_64.rpm True openSUSE-Leap-Micro-5.4-2023-1796 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for conmon fixes the following issues: - rebuild against supported go 1.19 (bsc#1209307) - no functional changes. conmon-2.1.5-150400.3.6.1.src.rpm conmon-2.1.5-150400.3.6.1.x86_64.rpm conmon-2.1.5-150400.3.6.1.s390x.rpm conmon-2.1.5-150400.3.6.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2039 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for lshw fixes the following issues: - Update to version B.02.19.2+git.20230320 (bsc#1209531) lshw-B.02.19.2+git.20230320-150200.3.15.4.src.rpm lshw-B.02.19.2+git.20230320-150200.3.15.4.x86_64.rpm lshw-B.02.19.2+git.20230320-150200.3.15.4.s390x.rpm lshw-B.02.19.2+git.20230320-150200.3.15.4.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2060 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for glib2 fixes the following issues: - CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714). - CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713). The following non-security bug was fixed: - Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978). glib2-2.70.5-150400.3.8.1.src.rpm glib2-tools-2.70.5-150400.3.8.1.x86_64.rpm libgio-2_0-0-2.70.5-150400.3.8.1.x86_64.rpm libglib-2_0-0-2.70.5-150400.3.8.1.x86_64.rpm libgmodule-2_0-0-2.70.5-150400.3.8.1.x86_64.rpm libgobject-2_0-0-2.70.5-150400.3.8.1.x86_64.rpm glib2-tools-2.70.5-150400.3.8.1.s390x.rpm libgio-2_0-0-2.70.5-150400.3.8.1.s390x.rpm libglib-2_0-0-2.70.5-150400.3.8.1.s390x.rpm libgmodule-2_0-0-2.70.5-150400.3.8.1.s390x.rpm libgobject-2_0-0-2.70.5-150400.3.8.1.s390x.rpm glib2-tools-2.70.5-150400.3.8.1.aarch64.rpm libgio-2_0-0-2.70.5-150400.3.8.1.aarch64.rpm libglib-2_0-0-2.70.5-150400.3.8.1.aarch64.rpm libgmodule-2_0-0-2.70.5-150400.3.8.1.aarch64.rpm libgobject-2_0-0-2.70.5-150400.3.8.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-1897 important SUSE Updates openSUSE-Leap-Micro 5.4 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687). - CVE-2023-1838: Fixed an use-after-free flaw in virtio network subcomponent. This flaw could allow a local attacker to crash the system and lead to a kernel information leak problem. (bsc#1210203). - CVE-2023-0394: Fixed a null pointer dereference in the network subcomponent. This flaw could cause system crashes (bsc#1207168). - CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532). - CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547). - CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256). - CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/bluetooth/hci_conn.c (bsc#1209052). - CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1209366). - CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779). - CVE-2023-1652: Fixed use-after-free that could lead to DoS and information leak in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c (bsc#1209788). - CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635). - CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209634). - CVE-2023-1582: Fixed soft lockup in __page_mapcount (bsc#1209636). - CVE-2023-28327: Fixed DoS in in_skb in unix_diag_get_exact() (bsc#1209290). - CVE-2023-23001: Fixed misinterpretation of regulator_get return value in drivers/scsi/ufs/ufs-mediatek.c (bsc#1208829). The following non-security bugs were fixed: - ACPI: x86: utils: Add Cezanne to the list for forcing StorageD3Enable (git-fixes). - alarmtimer: Prevent starvation by small intervals and SIG_IGN (git-fixes) - ALSA: asihpi: check pao in control_message() (git-fixes). - ALSA: hda: intel-dsp-config: add MTL PCI id (git-fixes). - ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set() (git-fixes). - ALSA: hda/conexant: Partial revert of a quirk for Lenovo (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo X370SNW (git-fixes). - ALSA: hda/realtek: Add quirk for Lenovo ZhaoYang CF4620Z (git-fixes). - ALSA: hda/realtek: Add quirks for some Clevo laptops (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). - ALSA: hda/realtek: Fix support for Dell Precision 3260 (git-fixes). - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro (git-fixes). - ALSA: usb-audio: Fix recursive locking at XRUN during syncing (git-fixes). - ALSA: usb-audio: Fix regression on detection of Roland VS-100 (git-fixes). - ALSA: ymfpci: Fix BUG_ON in probe function (git-fixes). - arch: fix broken BuildID for arm64 and riscv (bsc#1209798). - ARM: dts: imx6sl: tolino-shine2hd: fix usbotg1 pinctrl (git-fixes). - ARM: dts: imx6sll: e60k02: fix usbotg1 pinctrl (git-fixes). - arm64: dts: freescale: Fix pca954x i2c-mux node names (git-fixes) - arm64: dts: imx8mm-nitrogen-r2: fix WM8960 clock name (git-fixes). - arm64: dts: imx8mn: specify #sound-dai-cells for SAI nodes (git-fixes). - arm64: dts: imx8mp-phycore-som: Remove invalid PMIC property (git-fixes) - arm64: dts: imx8mp: correct usb clocks (git-fixes) - arm64: dts: imx8mq: add mipi csi phy and csi bridge descriptions (git-fixes) - arm64: dts: imx8mq: fix mipi_csi bidirectional port numbers (git-fixes) - arm64: dts: qcom: sm8350: Mark UFS controller as cache coherent (git-fixes). - arm64/cpufeature: Fix field sign for DIT hwcap detection (git-fixes) - ASoC: codecs: tx-macro: Fix for KASAN: slab-out-of-bounds (git-fixes). - atm: idt77252: fix kmemleak when rmmod idt77252 (git-fixes). - Bluetooth: btqcomsmd: Fix command timeout after setting BD address (git-fixes). - Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work (git-fixes). - Bluetooth: L2CAP: Fix responding with wrong PDU type (git-fixes). - ca8210: fix mac_len negative array access (git-fixes). - ca8210: Fix unsigned mac_len comparison with zero in ca8210_skb_tx() (git-fixes). - can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write (git-fixes). - can: isotp: isotp_ops: fix poll() to not report false EPOLLOUT events (git-fixes). - can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access (git-fixes). - cifs: append path to open_enter trace event (bsc#1193629). - cifs: avoid race conditions with parallel reconnects (bsc#1193629). - cifs: avoid races in parallel reconnects in smb1 (bsc#1193629). - cifs: check only tcon status on tcon related functions (bsc#1193629). - cifs: do not poll server interfaces too regularly (bsc#1193629). - cifs: double lock in cifs_reconnect_tcon() (git-fixes). - cifs: dump pending mids for all channels in DebugData (bsc#1193629). - cifs: empty interface list when server does not support query interfaces (bsc#1193629). - cifs: fix dentry lookups in directory handle cache (bsc#1193629). - cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL (bsc#1193629). - cifs: fix missing unload_nls() in smb2_reconnect() (bsc#1193629). - cifs: Fix smb2_set_path_size() (git-fixes). - cifs: fix use-after-free bug in refresh_cache_worker() (bsc#1193629). - cifs: generate signkey for the channel that's reconnecting (bsc#1193629). - cifs: get rid of dead check in smb2_reconnect() (bsc#1193629). - cifs: lock chan_lock outside match_session (bsc#1193629). - cifs: Move the in_send statistic to __smb_send_rqst() (git-fixes). - cifs: prevent infinite recursion in CIFSGetDFSRefer() (bsc#1193629). - cifs: print session id while listing open files (bsc#1193629). - cifs: return DFS root session id in DebugData (bsc#1193629). - cifs: set DFS root session in cifs_get_smb_ses() (bsc#1193629). - cifs: use DFS root session instead of tcon ses (bsc#1193629). - clocksource/drivers/mediatek: Optimize systimer irq clear flow on shutdown (git-fixes). - debugfs: add debugfs_lookup_and_remove() (git-fixes). - drivers/base: Fix unsigned comparison to -1 in CPUMAP_FILE_MAX_BYTES (bsc#1208815). - drivers/base: fix userspace break from using bin_attributes for cpumap and cpulist (bsc#1208815). - drm/amd/display: Add DSC Support for Synaptics Cascaded MST Hub (git-fixes). - drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes (git-fixes). - drm/amdkfd: Fix an illegal memory access (git-fixes). - drm/bridge: lt8912b: return EPROBE_DEFER if bridge is not found (git-fixes). - drm/etnaviv: fix reference leak when mmaping imported buffer (git-fixes). - drm/i915: Do not use BAR mappings for ring buffers with LLC (git-fixes). - drm/i915: Do not use stolen memory for ring buffers with LLC (git-fixes). - drm/i915: Preserve crtc_state->inherited during state clearing (git-fixes). - drm/i915: Remove unused bits of i915_vma/active api (git-fixes). - drm/i915/active: Fix missing debug object activation (git-fixes). - drm/i915/active: Fix misuse of non-idle barriers as fence trackers (git-fixes). - drm/i915/display: clean up comments (git-fixes). - drm/i915/display: Workaround cursor left overs with PSR2 selective fetch enabled (git-fixes). - drm/i915/display/psr: Handle plane and pipe restrictions at every page flip (git-fixes). - drm/i915/display/psr: Use drm damage helpers to calculate plane damaged area (git-fixes). - drm/i915/gt: perform uc late init after probe error injection (git-fixes). - drm/i915/psr: Use calculated io and fast wake lines (git-fixes). - drm/i915/tc: Fix the ICL PHY ownership check in TC-cold state (git-fixes). - drm/panfrost: Fix the panfrost_mmu_map_fault_addr() error path (git-fixes). - dt-bindings: serial: renesas,scif: Fix 4th IRQ for 4-IRQ SCIFs (git-fixes). - efi: sysfb_efi: Fix DMI quirks not working for simpledrm (git-fixes). - fbdev: au1200fb: Fix potential divide by zero (git-fixes). - fbdev: intelfb: Fix potential divide by zero (git-fixes). - fbdev: lxfb: Fix potential divide by zero (git-fixes). - fbdev: nvidia: Fix potential divide by zero (git-fixes). - fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks (git-fixes). - fbdev: tgafb: Fix potential divide by zero (git-fixes). - firmware: arm_scmi: Fix device node validation for mailbox transport (git-fixes). - fotg210-udc: Add missing completion handler (git-fixes). - ftrace: Fix invalid address access in lookup_rec() when index is 0 (git-fixes). - ftrace: Fix issue that 'direct->addr' not restored in modify_ftrace_direct() (git-fixes). - ftrace: Mark get_lock_parent_ip() __always_inline (git-fixes). - gpio: davinci: Add irq chip flag to skip set wake (git-fixes). - gpio: GPIO_REGMAP: select REGMAP instead of depending on it (git-fixes). - HID: cp2112: Fix driver not registering GPIO IRQ chip as threaded (git-fixes). - HID: intel-ish-hid: ipc: Fix potential use-after-free in work function (git-fixes). - hwmon: fix potential sensor registration fail if of_node is missing (git-fixes). - i2c: hisi: Only use the completion interrupt to finish the transfer (git-fixes). - i2c: imx-lpi2c: check only for enabled interrupt flags (git-fixes). - i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() (git-fixes). - iio: adc: ad7791: fix IRQ flags (git-fixes). - iio: adc: ti-ads7950: Set `can_sleep` flag for GPIO chip (git-fixes). - iio: adis16480: select CONFIG_CRC32 (git-fixes). - iio: dac: cio-dac: Fix max DAC write value check for 12-bit (git-fixes). - iio: light: cm32181: Unregister second I2C client if present (git-fixes). - Input: alps - fix compatibility with -funsigned-char (bsc#1209805). - Input: focaltech - use explicitly signed char type (git-fixes). - Input: goodix - add Lenovo Yoga Book X90F to nine_bytes_report DMI table (git-fixes). - KABI FIX FOR: NFSv4: keep state manager thread active if swap is enabled (Never, kabi). - kABI workaround for xhci (git-fixes). - kABI: x86/msr: Remove .fixup usage (kabi). - kconfig: Update config changed flag before calling callback (git-fixes). - keys: Do not cache key in task struct if key is requested from kernel thread (git-fixes). - KVM: x86: fix sending PV IPI (git-fixes). - KVM: x86: fix sending PV IPI (git-fixes). - lan78xx: Add missing return code checks (git-fixes). - lan78xx: Fix exception on link speed change (git-fixes). - lan78xx: Fix memory allocation bug (git-fixes). - lan78xx: Fix partial packet errors on suspend/resume (git-fixes). - lan78xx: Fix race condition in disconnect handling (git-fixes). - lan78xx: Fix race conditions in suspend/resume handling (git-fixes). - lan78xx: Fix white space and style issues (git-fixes). - lan78xx: Remove unused pause frame queue (git-fixes). - lan78xx: Remove unused timer (git-fixes). - lan78xx: Set flow control threshold to prevent packet loss (git-fixes). - lockd: set file_lock start and end when decoding nlm4 testargs (git-fixes). - locking/rwbase: Mitigate indefinite writer starvation (bsc#1189998 (PREEMPT_RT prerequisite backports), bsc#1206552). - mm: memcg: fix swapcached stat accounting (bsc#1209804). - mm: mmap: remove newline at the end of the trace (git-fixes). - mmc: atmel-mci: fix race between stop command and start of next command (git-fixes). - mtd: rawnand: meson: fix bitmask for length in command word (git-fixes). - mtd: rawnand: meson: invalidate cache on polling ECC bit (git-fixes). - mtd: rawnand: stm32_fmc2: remove unsupported EDO mode (git-fixes). - mtd: rawnand: stm32_fmc2: use timings.mode instead of checking tRC_min (git-fixes). - mtdblock: tolerate corrected bit-flips (git-fixes). - net: asix: fix modprobe "sysfs: cannot create duplicate filename" (git-fixes). - net: mdio: thunder: Add missing fwnode_handle_put() (git-fixes). - net: phy: dp83869: fix default value for tx-/rx-internal-delay (git-fixes). - net: phy: Ensure state transitions are processed from phy_stop() (git-fixes). - net: phy: nxp-c45-tja11xx: fix MII_BASIC_CONFIG_REV bit (git-fixes). - net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails (git-fixes). - net: qcom/emac: Fix use after free bug in emac_remove due to race condition (git-fixes). - net: usb: asix: remove redundant assignment to variable reg (git-fixes). - net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990 (git-fixes). - net: usb: lan78xx: Limit packet length to skb->len (git-fixes). - net: usb: qmi_wwan: add Telit 0x1080 composition (git-fixes). - net: usb: smsc75xx: Limit packet length to skb->len (git-fixes). - net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull (git-fixes). - net: usb: smsc95xx: Limit packet length to skb->len (git-fixes). - net: usb: use eth_hw_addr_set() (git-fixes). - NFS: Fix an Oops in nfs_d_automount() (git-fixes). - NFS: fix disabling of swap (git-fixes). - NFS4trace: fix state manager flag printing (git-fixes). - NFSD: fix handling of readdir in v4root vs. mount upcall timeout (git-fixes). - NFSD: fix leaked reference count of nfsd4_ssc_umount_item (git-fixes). - NFSD: fix problems with cleanup on errors in nfsd4_copy (git-fixes). - NFSD: fix race to check ls_layouts (git-fixes). - NFSD: fix use-after-free in nfsd4_ssc_setup_dul() (git-fixes). - NFSD: Protect against filesystem freezing (git-fixes). - NFSD: shut down the NFSv4 state objects before the filecache (git-fixes). - NFSD: under NFSv4.1, fix double svc_xprt_put on rpc_create failure (git-fixes). - NFSD: zero out pointers after putting nfsd_files on COPY setup error (git-fixes). - NFSv4: Fix a credential leak in _nfs4_discover_trunking() (git-fixes). - NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn (git-fixes). - NFSv4: Fix hangs when recovering open state after a server reboot (git-fixes). - NFSv4: keep state manager thread active if swap is enabled (git-fixes). - NFSv4: provide mount option to toggle trunking discovery (git-fixes). - NFSv4: Fix initialisation of struct nfs4_label (git-fixes). - NFSv4: Fail client initialisation if state manager thread can't run (git-fixes). - nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() (git-fixes). - nilfs2: fix sysfs interface lifetime (git-fixes). - nvme-tcp: always fail a request when sending it failed (bsc#1208902). - PCI: hv: Add a per-bus mutex state_lock (bsc#1207185). - PCI: hv: fix a race condition bug in hv_pci_query_relations() (bsc#1207185). - PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1207185). - PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1207185). - PCI: hv: Use async probing to reduce boot time (bsc#1207185). - PCI/DPC: Await readiness of secondary bus after reset (git-fixes). - pinctrl: amd: Disable and mask interrupts on resume (git-fixes). - pinctrl: at91-pio4: fix domain name assignment (git-fixes). - pinctrl: ocelot: Fix alt mode for ocelot (git-fixes). - platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl (git-fixes). - platform/x86: think-lmi: add debug_cmd (bsc#1210050). - platform/x86: think-lmi: add missing type attribute (git-fixes). - platform/x86: think-lmi: Add possible_values for ThinkStation (git-fixes). - platform/x86: think-lmi: Certificate authentication support (bsc#1210050). - platform/x86: think-lmi: certificate support clean ups (bsc#1210050). - platform/x86: think-lmi: Clean up display of current_value on Thinkstation (git-fixes). - platform/x86: think-lmi: Fix memory leak when showing current settings (git-fixes). - platform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI strings (git-fixes). - platform/x86: think-lmi: Move kobject_init() call into tlmi_create_auth() (bsc#1210050). - platform/x86: think-lmi: only display possible_values if available (git-fixes). - platform/x86: think-lmi: Opcode support (bsc#1210050). - platform/x86: think-lmi: Prevent underflow in index_store() (bsc#1210050). - platform/x86: think-lmi: Simplify tlmi_analyze() error handling a bit (bsc#1210050). - platform/x86: think-lmi: use correct possible_values delimiters (git-fixes). - platform/x86: think-lmi: Use min_t() for comparison and assignment (bsc#1210050). - platform/x86: thinkpad_acpi: Accept ibm_init_struct.init() returning -ENODEV (bsc#1210050). - platform/x86: thinkpad_acpi: Add a s2idle resume quirk for a number of laptops (bsc#1210050). - platform/x86: thinkpad_acpi: Add dual fan probe (bsc#1210050). - platform/x86: thinkpad_acpi: Add dual-fan quirk for T15g (2nd gen) (bsc#1210050). - platform/x86: thinkpad_acpi: Add hotkey_notify_extended_hotkey() helper (bsc#1210050). - platform/x86: thinkpad_acpi: Add LED_RETAIN_AT_SHUTDOWN to led_class_devs (bsc#1210050). - platform/x86: thinkpad_acpi: Add lid_logo_dot to the list of safe LEDs (bsc#1210050). - platform/x86: thinkpad_acpi: Add PSC mode support (bsc#1210050). - platform/x86: thinkpad_acpi: Add quirk for ThinkPads without a fan (bsc#1210050). - platform/x86: thinkpad_acpi: clean up dytc profile convert (bsc#1210050). - platform/x86: thinkpad_acpi: Cleanup dytc_profile_available (bsc#1210050). - platform/x86: thinkpad_acpi: consistently check fan_get_status return (bsc#1210050). - platform/x86: thinkpad_acpi: Convert btusb DMI list to quirks (bsc#1210050). - platform/x86: thinkpad_acpi: Convert platform driver to use dev_groups (bsc#1210050). - platform/x86: thinkpad_acpi: Correct dual fan probe (bsc#1210050). - platform/x86: thinkpad_acpi: do not use PSC mode on Intel platforms (bsc#1210050). - platform/x86: thinkpad_acpi: Do not use test_bit on an integer (bsc#1210050). - platform/x86: thinkpad_acpi: Enable s2idle quirk for 21A1 machine type (bsc#1210050). - platform/x86: thinkpad_acpi: Explicitly set to balanced mode on startup (bsc#1210050). - platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO resource (bsc#1210050). - platform/x86: thinkpad_acpi: Fix coccinelle warnings (bsc#1210050). - platform/x86: thinkpad_acpi: Fix compiler warning about uninitialized err variable (bsc#1210050). - platform/x86: thinkpad_acpi: Fix incorrect use of platform profile on AMD platforms (bsc#1210050). - platform/x86: thinkpad_acpi: Fix max_brightness of thinklight (bsc#1210050). - platform/x86: thinkpad_acpi: Fix profile mode display in AMT mode (bsc#1210050). - platform/x86: thinkpad_acpi: Fix profile modes on Intel platforms (bsc#1210050). - platform/x86: thinkpad_acpi: Fix reporting a non present second fan on some models (bsc#1210050). - platform/x86: thinkpad_acpi: Fix the hwmon sysfs-attr showing up in the wrong place (bsc#1210050). - platform/x86: thinkpad_acpi: Fix thermal_temp_input_attr sorting (bsc#1210050). - platform/x86: thinkpad_acpi: Fix thinklight LED brightness returning 255 (bsc#1210050). - platform/x86: thinkpad_acpi: Get privacy-screen / lcdshadow ACPI handles only once (bsc#1210050). - platform/x86: thinkpad_acpi: Make *_init() functions return -ENODEV instead of 1 (bsc#1210050). - platform/x86: thinkpad_acpi: Properly indent code in tpacpi_dytc_profile_init() (bsc#1210050). - platform/x86: thinkpad_acpi: Register tpacpi_pdriver after subdriver init (bsc#1210050). - platform/x86: thinkpad_acpi: Remove "goto err_exit" from hotkey_init() (bsc#1210050). - platform/x86: thinkpad_acpi: Remove unused sensors_pdev_attrs_registered flag (bsc#1210050). - platform/x86: thinkpad_acpi: Restore missing hotkey_tablet_mode and hotkey_radio_sw sysfs-attr (bsc#1210050). - platform/x86: thinkpad_acpi: Simplify dytc_version handling (bsc#1210050). - platform/x86: thinkpad_acpi: Switch to common use of attributes (bsc#1210050). - platform/x86: thinkpad_acpi: tpacpi_attr_group contains driver attributes not device attrs (bsc#1210050). - platform/x86: thinkpad_acpi: Use backlight helper (bsc#1210050). - platform/x86: thinkpad_acpi: use strstarts() (bsc#1210050). - platform/x86: thinkpad-acpi: Add support for automatic mode transitions (bsc#1210050). - platform/x86: thinkpad-acpi: Enable AMT by default on supported systems (bsc#1210050). - platform/x86: thinkpad-acpi: profile capabilities as integer (bsc#1210050). - platform/x86/intel/pmc: Alder Lake PCH slp_s0_residency fix (git-fixes). - pNFS/filelayout: Fix coalescing test for single DS (git-fixes). - power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition (git-fixes). - powerpc: Remove linker flag from KBUILD_AFLAGS (bsc#1194869). - powerpc/64s/interrupt: Fix interrupt exit race with security mitigation switch (bsc#1194869). - powerpc/btext: add missing of_node_put (bsc#1065729). - powerpc/ioda/iommu/debugfs: Generate unique debugfs entries (bsc#1194869). - powerpc/iommu: Add missing of_node_put in iommu_init_early_dart (bsc#1194869). - powerpc/iommu: fix memory leak with using debugfs_lookup() (bsc#1194869). - powerpc/kcsan: Exclude udelay to prevent recursive instrumentation (bsc#1194869). - powerpc/kexec_file: fix implicit decl error (bsc#1194869). - powerpc/powernv: fix missing of_node_put in uv_init() (bsc#1194869). - powerpc/powernv/ioda: Skip unallocated resources when mapping to PE (bsc#1065729). - powerpc/pseries/lpar: add missing RTAS retry status handling (bsc#1109158 ltc#169177 git-fixes). - powerpc/pseries/lparcfg: add missing RTAS retry status handling (bsc#1065729). - powerpc/rtas: ensure 4KB alignment for rtas_data_buf (bsc#1065729). - powerpc/vmlinux.lds: Define RUNTIME_DISCARD_EXIT (bsc#1194869). - powerpc/vmlinux.lds: Do not discard .comment (bsc#1194869). - powerpc/vmlinux.lds: Do not discard .rela* for relocatable builds (bsc#1194869). - powerpc/xmon: Fix -Wswitch-unreachable warning in bpt_cmds (bsc#1194869). - ppc64le: HWPOISON_INJECT=m (bsc#1209572). - pwm: cros-ec: Explicitly set .polarity in .get_state() (git-fixes). - pwm: sprd: Explicitly set .polarity in .get_state() (git-fixes). - r8169: fix RTL8168H and RTL8107E rx crc error (git-fixes). - rcu: Fix rcu_torture_read ftrace event (git-fixes). - regulator: Handle deferred clk (git-fixes). - ring-buffer: Fix race while reader and writer are on the same page (git-fixes). - ring-buffer: Handle race between rb_move_tail and rb_check_pages (git-fixes). - ring-buffer: remove obsolete comment for free_buffer_page() (git-fixes). - rpm/constraints.in: increase the disk size for armv6/7 to 24GB It grows and the build fails recently on SLE15-SP4/5. - s390/boot: simplify and fix kernel memory layout setup (bsc#1209600). - s390/dasd: fix no record found for raw_track_access (bsc#1207574). - s390/vfio-ap: fix memory leak in vfio_ap device driver (git-fixes). - sbitmap: Avoid lockups when waker gets preempted (bsc#1209118). - sched/psi: Fix use-after-free in ep_remove_wait_queue() (bsc#1209799). - scsi: qla2xxx: Synchronize the IOCB count to be in order (bsc#1209292 bsc#1209684 bsc#1209556). - sctp: sctp_sock_filter(): avoid list_entry() on possibly empty list (bsc#1208602, git-fixes). - serial: 8250: ASPEED_VUART: select REGMAP instead of depending on it (git-fixes). - serial: 8250: SERIAL_8250_ASPEED_VUART should depend on ARCH_ASPEED (git-fixes). - serial: fsl_lpuart: Fix comment typo (git-fixes). - smb3: fix unusable share after force unmount failure (bsc#1193629). - smb3: lower default deferred close timeout to address perf regression (bsc#1193629). - struct dwc3: mask new member (git-fixes). - SUNRPC: ensure the matching upcall is in-flight upon downcall (git-fixes). - SUNRPC: Fix a server shutdown leak (git-fixes). - SUNRPC: Fix missing release socket in rpc_sockname() (git-fixes). - thunderbolt: Add missing UNSET_INBOUND_SBTX for retimer access (git-fixes). - thunderbolt: Call tb_check_quirks() after initializing adapters (git-fixes). - thunderbolt: Disable interrupt auto clear for rings (git-fixes). - thunderbolt: Rename shadowed variables bit to interrupt_bit and auto_clear_bit (git-fixes). - thunderbolt: Use const qualifier for `ring_interrupt_index` (git-fixes). - thunderbolt: Use scale field when allocating USB3 bandwidth (git-fixes). - timers: Prevent union confusion from unexpected (git-fixes) - trace/hwlat: Do not start per-cpu thread if it is already running (git-fixes). - trace/hwlat: Do not wipe the contents of per-cpu thread data (git-fixes). - trace/hwlat: make use of the helper function kthread_run_on_cpu() (git-fixes). - tracing: Add NULL checks for buffer in ring_buffer_free_read_page() (git-fixes). - tracing: Add trace_array_puts() to write into instance (git-fixes). - tracing: Check field value in hist_field_name() (git-fixes). - tracing: Do not let histogram values have some modifiers (git-fixes). - tracing: Fix wrong return in kprobe_event_gen_test.c (git-fixes). - tracing: Free error logs of tracing instances (git-fixes). - tracing: Have tracing_snapshot_instance_cond() write errors to the appropriate instance (git-fixes). - tracing: Make splice_read available again (git-fixes). - tracing: Make tracepoint lockdep check actually test something (git-fixes). - tracing/hwlat: Replace sched_setaffinity with set_cpus_allowed_ptr (git-fixes). - tty: serial: fsl_lpuart: avoid checking for transfer complete when UARTCTRL_SBK is asserted in lpuart32_tx_empty (git-fixes). - tty: serial: fsl_lpuart: skip waiting for transmission complete when UARTCTRL_SBK is asserted (git-fixes). - tty: serial: sh-sci: Fix Rx on RZ/G2L SCI (git-fixes). - tty: serial: sh-sci: Fix transmit end interrupt handler (git-fixes). - uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2 (git-fixes). - USB: cdns3: Fix issue with using incorrect PCI device function (git-fixes). - USB: cdnsp: changes PCI Device ID to fix conflict with CNDS3 driver (git-fixes). - USB: cdnsp: Fixes error: uninitialized symbol 'len' (git-fixes). - USB: cdnsp: Fixes issue with redundant Status Stage (git-fixes). - USB: chipdea: core: fix return -EINVAL if request role is the same with current role (git-fixes). - USB: chipidea: fix memory leak with using debugfs_lookup() (git-fixes). - USB: dwc2: fix a devres leak in hw_enable upon suspend resume (git-fixes). - USB: dwc3: Fix a typo in field name (git-fixes). - USB: dwc3: fix memory leak with using debugfs_lookup() (git-fixes). - USB: dwc3: gadget: Add 1ms delay after end transfer command without IOC (git-fixes). - USB: fix memory leak with using debugfs_lookup() (git-fixes). - USB: fotg210: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: bcm63xx_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: gr_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: lpc32xx_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: pxa25x_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: pxa27x_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: u_audio: do not let userspace block driver unbind (git-fixes). - USB: isp116x: fix memory leak with using debugfs_lookup() (git-fixes). - USB: isp1362: fix memory leak with using debugfs_lookup() (git-fixes). - USB: sl811: fix memory leak with using debugfs_lookup() (git-fixes). - USB: typec: altmodes/displayport: Fix configure initial pin assignment (git-fixes). - USB: typec: tcpm: fix warning when handle discover_identity message (git-fixes). - USB: ucsi: Fix NULL pointer deref in ucsi_connector_change() (git-fixes). - USB: ucsi: Fix ucsi->connector race (git-fixes). - USB: uhci: fix memory leak with using debugfs_lookup() (git-fixes). - USB: xhci: tegra: fix sleep in atomic call (git-fixes). - vdpa_sim: set last_used_idx as last_avail_idx in vdpasim_queue_ready (git-fixes). - wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta (git-fixes). - wifi: mac80211: fix qos on mesh interfaces (git-fixes). - wireguard: ratelimiter: use hrtimer in selftest (git-fixes) - x86: Annotate call_on_stack() (git-fixes). - x86: Annotate call_on_stack() (git-fixes). - x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments (bsc#1203200). - x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes). - x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes). - x86/fpu: Cache xfeature flags from CPUID (git-fixes). - x86/fpu: Remove unused supervisor only offsets (git-fixes). - x86/fpu: Remove unused supervisor only offsets (git-fixes). - x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes). - x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes). - x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes). - x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes). - x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes). - x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes). - x86/mce: Allow instrumentation during task work queueing (git-fixes). - x86/mce: Allow instrumentation during task work queueing (git-fixes). - x86/mce: Mark mce_end() noinstr (git-fixes). - x86/mce: Mark mce_end() noinstr (git-fixes). - x86/mce: Mark mce_panic() noinstr (git-fixes). - x86/mce: Mark mce_panic() noinstr (git-fixes). - x86/mce: Mark mce_read_aux() noinstr (git-fixes). - x86/mce: Mark mce_read_aux() noinstr (git-fixes). - x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes). - x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes). - x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes). - x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes). - x86/msr: Remove .fixup usage (git-fixes). - x86/sgx: Free backing memory after faulting the enclave page (git-fixes). - x86/sgx: Free backing memory after faulting the enclave page (git-fixes). - x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes). - x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes). - x86/uaccess: Move variable into switch case statement (git-fixes). - x86/uaccess: Move variable into switch case statement (git-fixes). - xfs: convert ptag flags to unsigned (git-fixes). - xfs: do not assert fail on perag references on teardown (git-fixes). - xfs: do not leak btree cursor when insrec fails after a split (git-fixes). - xfs: pass the correct cursor to xfs_iomap_prealloc_size (git-fixes). - xfs: remove xfs_setattr_time() declaration (git-fixes). - xfs: zero inode fork buffer at allocation (git-fixes). - xhci: also avoid the XHCI_ZERO_64B_REGS quirk with a passthrough iommu (git-fixes). - xhci: Free the command allocated for setting LPM if we return early (git-fixes). - xirc2ps_cs: Fix use after free bug in xirc2ps_detach (git-fixes). - xprtrdma: Fix regbuf data not freed in rpcrdma_req_create() (git-fixes). kernel-default-5.14.21-150400.24.60.1.nosrc.rpm True kernel-default-5.14.21-150400.24.60.1.x86_64.rpm True kernel-default-base-5.14.21-150400.24.60.1.150400.24.24.3.src.rpm True kernel-default-base-5.14.21-150400.24.60.1.150400.24.24.3.x86_64.rpm True kernel-default-5.14.21-150400.24.60.1.s390x.rpm True kernel-default-base-5.14.21-150400.24.60.1.150400.24.24.3.s390x.rpm True kernel-default-5.14.21-150400.24.60.1.aarch64.rpm True kernel-default-base-5.14.21-150400.24.60.1.150400.24.24.3.aarch64.rpm True openSUSE-Leap-Micro-5.4-2023-2245 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for libzypp, zypper fixes the following issues: - Installing local RPM packages fails if /usr/bin/find is not installed (bsc#1195633) - multicurl: propagate ssl settings stored in repo url (bsc#1127591) - MediaCurl: Fix endless loop if wrong credentials are stored in credentials.cat (bsc#1210870) - zypp.conf: Introduce 'download.connect_timeout' [60 sec.] (bsc#1208329) - Teach MediaNetwork to retry on HTTP2 errors. - Fix selecting installed patterns from picklist (bsc#1209406) - man: better explanation of --priority libsolv-0.7.24-150400.3.6.4.src.rpm True libsolv-tools-0.7.24-150400.3.6.4.x86_64.rpm True libzypp-17.31.11-150400.3.25.2.src.rpm True libzypp-17.31.11-150400.3.25.2.x86_64.rpm True zypper-1.14.60-150400.3.21.2.src.rpm True zypper-1.14.60-150400.3.21.2.x86_64.rpm True zypper-needs-restarting-1.14.60-150400.3.21.2.noarch.rpm True libsolv-tools-0.7.24-150400.3.6.4.s390x.rpm True libzypp-17.31.11-150400.3.25.2.s390x.rpm True zypper-1.14.60-150400.3.21.2.s390x.rpm True libsolv-tools-0.7.24-150400.3.6.4.aarch64.rpm True libzypp-17.31.11-150400.3.25.2.aarch64.rpm True zypper-1.14.60-150400.3.21.2.aarch64.rpm True openSUSE-Leap-Micro-5.4-2023-1992 important SUSE Updates openSUSE-Leap-Micro 5.4 The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547). - CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256). - CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635). - CVE-2023-0394: Fixed a null pointer dereference flaw in the network subcomponent in the Linux kernel which could lead to system crash (bsc#1207168). - CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209634). - CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532). - CVE-2023-1582: Fixed soft lockup in __page_mapcount (bsc#1209636). - CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687). - CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779, bsc#1198400). - CVE-2023-1652: Fixed use-after-free that could lead to DoS and information leak in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c (bsc#1209788). - CVE-2023-1838: Fixed an use-after-free flaw in virtio network subcomponent. This flaw could allow a local attacker to crash the system and lead to a kernel information leak problem. (bsc#1210203). - CVE-2023-23001: Fixed misinterpretation of regulator_get return value in drivers/scsi/ufs/ufs-mediatek.c (bsc#1208829). - CVE-2023-28327: Fixed DoS in in_skb in unix_diag_get_exact() (bsc#1209290). - CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/bluetooth/hci_conn.c (bsc#1209052). - CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1209366). The following non-security bugs were fixed: - ACPI: x86: utils: Add Cezanne to the list for forcing StorageD3Enable (git-fixes). - ALSA: asihpi: check pao in control_message() (git-fixes). - ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set() (git-fixes). - ALSA: hda/conexant: Partial revert of a quirk for Lenovo (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo X370SNW (git-fixes). - ALSA: hda/realtek: Add quirk for Lenovo ZhaoYang CF4620Z (git-fixes). - ALSA: hda/realtek: Add quirks for some Clevo laptops (git-fixes). - ALSA: hda/realtek: Fix support for Dell Precision 3260 (git-fixes). - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). - ALSA: hda: intel-dsp-config: add MTL PCI id (git-fixes). - ALSA: usb-audio: Fix recursive locking at XRUN during syncing (git-fixes). - ALSA: usb-audio: Fix regression on detection of Roland VS-100 (git-fixes). - ALSA: ymfpci: Fix BUG_ON in probe function (git-fixes). - ARM: dts: imx6sl: tolino-shine2hd: fix usbotg1 pinctrl (git-fixes). - ARM: dts: imx6sll: e60k02: fix usbotg1 pinctrl (git-fixes). - ASoC: codecs: tx-macro: Fix for KASAN: slab-out-of-bounds (git-fixes). - Bluetooth: L2CAP: Fix responding with wrong PDU type (git-fixes). - Bluetooth: btqcomsmd: Fix command timeout after setting BD address (git-fixes). - Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work (git-fixes). - Fix error path in pci-hyperv to unlock the mutex state_lock - HID: cp2112: Fix driver not registering GPIO IRQ chip as threaded (git-fixes). - HID: intel-ish-hid: ipc: Fix potential use-after-free in work function (git-fixes). - Input: alps - fix compatibility with -funsigned-char (bsc#1209805). - Input: focaltech - use explicitly signed char type (git-fixes). - Input: goodix - add Lenovo Yoga Book X90F to nine_bytes_report DMI table (git-fixes). - KABI FIX FOR: NFSv4: keep state manager thread active if swap is enabled (Never, kabi). - KVM: x86: fix sending PV IPI (git-fixes). - NFS: Fix an Oops in nfs_d_automount() (git-fixes). - NFS: fix disabling of swap (git-fixes). - NFSD: Protect against filesystem freezing (git-fixes). - NFSD: fix leaked reference count of nfsd4_ssc_umount_item (git-fixes). - NFSD: fix problems with cleanup on errors in nfsd4_copy (git-fixes). - NFSD: fix use-after-free in nfsd4_ssc_setup_dul() (git-fixes). - NFSd: fix handling of readdir in v4root vs. mount upcall timeout (git-fixes). - NFSd: fix race to check ls_layouts (git-fixes). - NFSd: shut down the NFSv4 state objects before the filecache (git-fixes). - NFSd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure (git-fixes). - NFSd: zero out pointers after putting nfsd_files on COPY setup error (git-fixes). - NFSv4.1 provide mount option to toggle trunking discovery (git-fixes). - NFSv4.2: Fix initialisation of struct nfs4_label (git-fixes). - NFSv4.x: Fail client initialisation if state manager thread can't run (git-fixes). - NFSv4: Fix a credential leak in _nfs4_discover_trunking() (git-fixes). - NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn (git-fixes). - NFSv4: Fix hangs when recovering open state after a server reboot (git-fixes). - NFSv4: fix state manager flag printing (git-fixes). - NFSv4: keep state manager thread active if swap is enabled (git-fixes). - PCI/DPC: Await readiness of secondary bus after reset (git-fixes). - PCI: hv: Add a per-bus mutex state_lock (bsc#1207185). - PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1207185). - PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1207185). - PCI: hv: Use async probing to reduce boot time (bsc#1207185). - PCI: hv: fix a race condition bug in hv_pci_query_relations() (bsc#1207185). - SUNRPC: Fix a server shutdown leak (git-fixes). - SUNRPC: Fix missing release socket in rpc_sockname() (git-fixes). - SUNRPC: ensure the matching upcall is in-flight upon downcall (git-fixes). - USB: cdns3: Fix issue with using incorrect PCI device function (git-fixes). - USB: cdnsp: Fixes error: uninitialized symbol 'len' (git-fixes). - USB: cdnsp: Fixes issue with redundant Status Stage (git-fixes). - USB: cdnsp: changes PCI Device ID to fix conflict with CNDS3 driver (git-fixes). - USB: chipdea: core: fix return -EINVAL if request role is the same with current role (git-fixes). - USB: chipidea: fix memory leak with using debugfs_lookup() (git-fixes). - USB: dwc2: fix a devres leak in hw_enable upon suspend resume (git-fixes). - USB: dwc3: Fix a typo in field name (git-fixes). - USB: dwc3: fix memory leak with using debugfs_lookup() (git-fixes). - USB: dwc3: gadget: Add 1ms delay after end transfer command without IOC (git-fixes). - USB: fix memory leak with using debugfs_lookup() (git-fixes). - USB: fotg210: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: bcm63xx_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: gr_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: lpc32xx_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: pxa25x_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: pxa27x_udc: fix memory leak with using debugfs_lookup() (git-fixes). - USB: gadget: u_audio: do not let userspace block driver unbind (git-fixes). - USB: isp116x: fix memory leak with using debugfs_lookup() (git-fixes). - USB: isp1362: fix memory leak with using debugfs_lookup() (git-fixes). - USB: sl811: fix memory leak with using debugfs_lookup() (git-fixes). - USB: typec: altmodes/displayport: Fix configure initial pin assignment (git-fixes). - USB: typec: tcpm: fix warning when handle discover_identity message (git-fixes). - USB: ucsi: Fix NULL pointer deref in ucsi_connector_change() (git-fixes). - USB: ucsi: Fix ucsi->connector race (git-fixes). - USB: uhci: fix memory leak with using debugfs_lookup() (git-fixes). - USB: xhci: tegra: fix sleep in atomic call (git-fixes). - alarmtimer: Prevent starvation by small intervals and SIG_IGN (git-fixes) - arch: fix broken BuildID for arm64 and riscv (bsc#1209798). - arm64/cpufeature: Fix field sign for DIT hwcap detection (git-fixes) - arm64: dts: freescale: Fix pca954x i2c-mux node names (git-fixes) - arm64: dts: imx8mm-nitrogen-r2: fix WM8960 clock name (git-fixes). - arm64: dts: imx8mn: specify #sound-dai-cells for SAI nodes (git-fixes). - arm64: dts: imx8mp-phycore-som: Remove invalid PMIC property (git-fixes) - arm64: dts: imx8mp: correct usb clocks (git-fixes) - arm64: dts: imx8mq: add mipi csi phy and csi bridge descriptions (git-fixes) - arm64: dts: imx8mq: fix mipi_csi bidirectional port numbers (git-fixes) - arm64: dts: qcom: sm8350: Mark UFS controller as cache coherent (git-fixes). - atm: idt77252: fix kmemleak when rmmod idt77252 (git-fixes). - ca8210: Fix unsigned mac_len comparison with zero in ca8210_skb_tx() (git-fixes). - ca8210: fix mac_len negative array access (git-fixes). - can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write (git-fixes). - can: isotp: isotp_ops: fix poll() to not report false EPOLLOUT events (git-fixes). - can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access (git-fixes). - cifs: Fix smb2_set_path_size() (git-fixes). - cifs: Move the in_send statistic to __smb_send_rqst() (git-fixes). - cifs: append path to open_enter trace event (bsc#1193629). - cifs: avoid race conditions with parallel reconnects (bsc#1193629). - cifs: avoid races in parallel reconnects in smb1 (bsc#1193629). - cifs: check only tcon status on tcon related functions (bsc#1193629). - cifs: do not poll server interfaces too regularly (bsc#1193629). - cifs: double lock in cifs_reconnect_tcon() (git-fixes). - cifs: dump pending mids for all channels in DebugData (bsc#1193629). - cifs: empty interface list when server does not support query interfaces (bsc#1193629). - cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL (bsc#1193629). - cifs: fix dentry lookups in directory handle cache (bsc#1193629). - cifs: fix missing unload_nls() in smb2_reconnect() (bsc#1193629). - cifs: fix use-after-free bug in refresh_cache_worker() (bsc#1193629). - cifs: generate signkey for the channel that's reconnecting (bsc#1193629). - cifs: get rid of dead check in smb2_reconnect() (bsc#1193629). - cifs: lock chan_lock outside match_session (bsc#1193629). - cifs: prevent infinite recursion in CIFSGetDFSRefer() (bsc#1193629). - cifs: print session id while listing open files (bsc#1193629). - cifs: return DFS root session id in DebugData (bsc#1193629). - cifs: set DFS root session in cifs_get_smb_ses() (bsc#1193629). - cifs: use DFS root session instead of tcon ses (bsc#1193629). - clocksource/drivers/mediatek: Optimize systimer irq clear flow on shutdown (git-fixes). - debugfs: add debugfs_lookup_and_remove() (git-fixes). - drivers/base: Fix unsigned comparison to -1 in CPUMAP_FILE_MAX_BYTES (bsc#1208815). - drivers/base: fix userspace break from using bin_attributes for cpumap and cpulist (bsc#1208815). - drm/amd/display: Add DSC Support for Synaptics Cascaded MST Hub (git-fixes). - drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes (git-fixes). - drm/amdkfd: Fix an illegal memory access (git-fixes). - drm/bridge: lt8912b: return EPROBE_DEFER if bridge is not found (git-fixes). - drm/etnaviv: fix reference leak when mmaping imported buffer (git-fixes). - drm/i915/active: Fix missing debug object activation (git-fixes). - drm/i915/active: Fix misuse of non-idle barriers as fence trackers (git-fixes). - drm/i915/display/psr: Handle plane and pipe restrictions at every page flip (git-fixes). - drm/i915/display/psr: Use drm damage helpers to calculate plane damaged area (git-fixes). - drm/i915/display: Workaround cursor left overs with PSR2 selective fetch enabled (git-fixes). - drm/i915/display: clean up comments (git-fixes). - drm/i915/gt: perform uc late init after probe error injection (git-fixes). - drm/i915/psr: Use calculated io and fast wake lines (git-fixes). - drm/i915/tc: Fix the ICL PHY ownership check in TC-cold state (git-fixes). - drm/i915: Do not use BAR mappings for ring buffers with LLC (git-fixes). - drm/i915: Do not use stolen memory for ring buffers with LLC (git-fixes). - drm/i915: Preserve crtc_state->inherited during state clearing (git-fixes). - drm/i915: Remove unused bits of i915_vma/active api (git-fixes). - drm/panfrost: Fix the panfrost_mmu_map_fault_addr() error path (git-fixes). - dt-bindings: serial: renesas,scif: Fix 4th IRQ for 4-IRQ SCIFs (git-fixes). - efi: sysfb_efi: Fix DMI quirks not working for simpledrm (git-fixes). - fbdev: au1200fb: Fix potential divide by zero (git-fixes). - fbdev: intelfb: Fix potential divide by zero (git-fixes). - fbdev: lxfb: Fix potential divide by zero (git-fixes). - fbdev: nvidia: Fix potential divide by zero (git-fixes). - fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks (git-fixes). - fbdev: tgafb: Fix potential divide by zero (git-fixes). - firmware: arm_scmi: Fix device node validation for mailbox transport (git-fixes). - fotg210-udc: Add missing completion handler (git-fixes). - ftrace: Fix invalid address access in lookup_rec() when index is 0 (git-fixes). - ftrace: Fix issue that 'direct->addr' not restored in modify_ftrace_direct() (git-fixes). - ftrace: Mark get_lock_parent_ip() __always_inline (git-fixes). - gpio: GPIO_REGMAP: select REGMAP instead of depending on it (git-fixes). - gpio: davinci: Add irq chip flag to skip set wake (git-fixes). - hwmon: fix potential sensor registration fail if of_node is missing (git-fixes). - i2c: hisi: Only use the completion interrupt to finish the transfer (git-fixes). - i2c: imx-lpi2c: check only for enabled interrupt flags (git-fixes). - i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() (git-fixes). - iio: adc: ad7791: fix IRQ flags (git-fixes). - iio: adc: ti-ads7950: Set `can_sleep` flag for GPIO chip (git-fixes). - iio: adis16480: select CONFIG_CRC32 (git-fixes). - iio: dac: cio-dac: Fix max DAC write value check for 12-bit (git-fixes). - iio: light: cm32181: Unregister second I2C client if present (git-fixes). - kABI workaround for xhci (git-fixes). - kABI: x86/msr: Remove .fixup usage (kabi). - kconfig: Update config changed flag before calling callback (git-fixes). - keys: Do not cache key in task struct if key is requested from kernel thread (git-fixes). - lan78xx: Add missing return code checks (git-fixes). - lan78xx: Fix exception on link speed change (git-fixes). - lan78xx: Fix memory allocation bug (git-fixes). - lan78xx: Fix partial packet errors on suspend/resume (git-fixes). - lan78xx: Fix race condition in disconnect handling (git-fixes). - lan78xx: Fix race conditions in suspend/resume handling (git-fixes). - lan78xx: Fix white space and style issues (git-fixes). - lan78xx: Remove unused pause frame queue (git-fixes). - lan78xx: Remove unused timer (git-fixes). - lan78xx: Set flow control threshold to prevent packet loss (git-fixes). - lockd: set file_lock start and end when decoding nlm4 testargs (git-fixes). - locking/rwbase: Mitigate indefinite writer starvation (bsc#1189998 (PREEMPT_RT prerequisite backports), bsc#1206552). - mm: memcg: fix swapcached stat accounting (bsc#1209804). - mm: mmap: remove newline at the end of the trace (git-fixes). - mmc: atmel-mci: fix race between stop command and start of next command (git-fixes). - mtd: rawnand: meson: fix bitmask for length in command word (git-fixes). - mtd: rawnand: meson: invalidate cache on polling ECC bit (git-fixes). - mtd: rawnand: stm32_fmc2: remove unsupported EDO mode (git-fixes). - mtd: rawnand: stm32_fmc2: use timings.mode instead of checking tRC_min (git-fixes). - mtdblock: tolerate corrected bit-flips (git-fixes). - net: asix: fix modprobe "sysfs: cannot create duplicate filename" (git-fixes). - net: mdio: thunder: Add missing fwnode_handle_put() (git-fixes). - net: phy: Ensure state transitions are processed from phy_stop() (git-fixes). - net: phy: dp83869: fix default value for tx-/rx-internal-delay (git-fixes). - net: phy: nxp-c45-tja11xx: fix MII_BASIC_CONFIG_REV bit (git-fixes). - net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails (git-fixes). - net: qcom/emac: Fix use after free bug in emac_remove due to race condition (git-fixes). - net: usb: asix: remove redundant assignment to variable reg (git-fixes). - net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990 (git-fixes). - net: usb: lan78xx: Limit packet length to skb->len (git-fixes). - net: usb: qmi_wwan: add Telit 0x1080 composition (git-fixes). - net: usb: smsc75xx: Limit packet length to skb->len (git-fixes). - net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull (git-fixes). - net: usb: smsc95xx: Limit packet length to skb->len (git-fixes). - net: usb: use eth_hw_addr_set() (git-fixes). - nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() (git-fixes). - nilfs2: fix sysfs interface lifetime (git-fixes). - nvme-tcp: always fail a request when sending it failed (bsc#1208902). - pNFS/filelayout: Fix coalescing test for single DS (git-fixes). - pinctrl: amd: Disable and mask interrupts on resume (git-fixes). - pinctrl: at91-pio4: fix domain name assignment (git-fixes). - pinctrl: ocelot: Fix alt mode for ocelot (git-fixes). - platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl (git-fixes). - platform/x86/intel/pmc: Alder Lake PCH slp_s0_residency fix (git-fixes). - platform/x86: think-lmi: Add possible_values for ThinkStation (git-fixes). - platform/x86: think-lmi: Certificate authentication support (bsc#1210050). - platform/x86: think-lmi: Clean up display of current_value on Thinkstation (git-fixes). - platform/x86: think-lmi: Fix memory leak when showing current settings (git-fixes). - platform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI strings (git-fixes). - platform/x86: think-lmi: Move kobject_init() call into tlmi_create_auth() (bsc#1210050). - platform/x86: think-lmi: Opcode support (bsc#1210050). - platform/x86: think-lmi: Prevent underflow in index_store() (bsc#1210050). - platform/x86: think-lmi: Simplify tlmi_analyze() error handling a bit (bsc#1210050). - platform/x86: think-lmi: Use min_t() for comparison and assignment (bsc#1210050). - platform/x86: think-lmi: add debug_cmd (bsc#1210050). - platform/x86: think-lmi: add missing type attribute (git-fixes). - platform/x86: think-lmi: certificate support clean ups (bsc#1210050). - platform/x86: think-lmi: only display possible_values if available (git-fixes). - platform/x86: think-lmi: use correct possible_values delimiters (git-fixes). - platform/x86: thinkpad-acpi: Add support for automatic mode transitions (bsc#1210050). - platform/x86: thinkpad-acpi: Enable AMT by default on supported systems (bsc#1210050). - platform/x86: thinkpad-acpi: profile capabilities as integer (bsc#1210050). - platform/x86: thinkpad_acpi: Accept ibm_init_struct.init() returning -ENODEV (bsc#1210050). - platform/x86: thinkpad_acpi: Add LED_RETAIN_AT_SHUTDOWN to led_class_devs (bsc#1210050). - platform/x86: thinkpad_acpi: Add PSC mode support (bsc#1210050). - platform/x86: thinkpad_acpi: Add a s2idle resume quirk for a number of laptops (bsc#1210050). - platform/x86: thinkpad_acpi: Add dual fan probe (bsc#1210050). - platform/x86: thinkpad_acpi: Add dual-fan quirk for T15g (2nd gen) (bsc#1210050). - platform/x86: thinkpad_acpi: Add hotkey_notify_extended_hotkey() helper (bsc#1210050). - platform/x86: thinkpad_acpi: Add lid_logo_dot to the list of safe LEDs (bsc#1210050). - platform/x86: thinkpad_acpi: Add quirk for ThinkPads without a fan (bsc#1210050). - platform/x86: thinkpad_acpi: Cleanup dytc_profile_available (bsc#1210050). - platform/x86: thinkpad_acpi: Convert btusb DMI list to quirks (bsc#1210050). - platform/x86: thinkpad_acpi: Convert platform driver to use dev_groups (bsc#1210050). - platform/x86: thinkpad_acpi: Correct dual fan probe (bsc#1210050). - platform/x86: thinkpad_acpi: Do not use test_bit on an integer (bsc#1210050). - platform/x86: thinkpad_acpi: Enable s2idle quirk for 21A1 machine type (bsc#1210050). - platform/x86: thinkpad_acpi: Explicitly set to balanced mode on startup (bsc#1210050). - platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO resource (bsc#1210050). - platform/x86: thinkpad_acpi: Fix coccinelle warnings (bsc#1210050). - platform/x86: thinkpad_acpi: Fix compiler warning about uninitialized err variable (bsc#1210050). - platform/x86: thinkpad_acpi: Fix incorrect use of platform profile on AMD platforms (bsc#1210050). - platform/x86: thinkpad_acpi: Fix max_brightness of thinklight (bsc#1210050). - platform/x86: thinkpad_acpi: Fix profile mode display in AMT mode (bsc#1210050). - platform/x86: thinkpad_acpi: Fix profile modes on Intel platforms (bsc#1210050). - platform/x86: thinkpad_acpi: Fix reporting a non present second fan on some models (bsc#1210050). - platform/x86: thinkpad_acpi: Fix the hwmon sysfs-attr showing up in the wrong place (bsc#1210050). - platform/x86: thinkpad_acpi: Fix thermal_temp_input_attr sorting (bsc#1210050). - platform/x86: thinkpad_acpi: Fix thinklight LED brightness returning 255 (bsc#1210050). - platform/x86: thinkpad_acpi: Get privacy-screen / lcdshadow ACPI handles only once (bsc#1210050). - platform/x86: thinkpad_acpi: Make *_init() functions return -ENODEV instead of 1 (bsc#1210050). - platform/x86: thinkpad_acpi: Properly indent code in tpacpi_dytc_profile_init() (bsc#1210050). - platform/x86: thinkpad_acpi: Register tpacpi_pdriver after subdriver init (bsc#1210050). - platform/x86: thinkpad_acpi: Remove "goto err_exit" from hotkey_init() (bsc#1210050). - platform/x86: thinkpad_acpi: Remove unused sensors_pdev_attrs_registered flag (bsc#1210050). - platform/x86: thinkpad_acpi: Restore missing hotkey_tablet_mode and hotkey_radio_sw sysfs-attr (bsc#1210050). - platform/x86: thinkpad_acpi: Simplify dytc_version handling (bsc#1210050). - platform/x86: thinkpad_acpi: Switch to common use of attributes (bsc#1210050). - platform/x86: thinkpad_acpi: Use backlight helper (bsc#1210050). - platform/x86: thinkpad_acpi: clean up dytc profile convert (bsc#1210050). - platform/x86: thinkpad_acpi: consistently check fan_get_status return (bsc#1210050). - platform/x86: thinkpad_acpi: do not use PSC mode on Intel platforms (bsc#1210050). - platform/x86: thinkpad_acpi: tpacpi_attr_group contains driver attributes not device attrs (bsc#1210050). - platform/x86: thinkpad_acpi: use strstarts() (bsc#1210050). - power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition (git-fixes). - powerpc/64s/interrupt: Fix interrupt exit race with security mitigation switch (bsc#1194869). - powerpc/btext: add missing of_node_put (bsc#1065729). - powerpc/ioda/iommu/debugfs: Generate unique debugfs entries (bsc#1194869). - powerpc/iommu: Add missing of_node_put in iommu_init_early_dart (bsc#1194869). - powerpc/iommu: fix memory leak with using debugfs_lookup() (bsc#1194869). - powerpc/kcsan: Exclude udelay to prevent recursive instrumentation (bsc#1194869). - powerpc/kexec_file: fix implicit decl error (bsc#1194869). - powerpc/powernv/ioda: Skip unallocated resources when mapping to PE (bsc#1065729). - powerpc/powernv: fix missing of_node_put in uv_init() (bsc#1194869). - powerpc/pseries/lpar: add missing RTAS retry status handling (bsc#1109158 ltc#169177 git-fixes). - powerpc/pseries/lparcfg: add missing RTAS retry status handling (bsc#1065729). - powerpc/rtas: ensure 4KB alignment for rtas_data_buf (bsc#1065729). - powerpc/vmlinux.lds: Define RUNTIME_DISCARD_EXIT (bsc#1194869). - powerpc/vmlinux.lds: Do not discard .comment (bsc#1194869). - powerpc/vmlinux.lds: Do not discard .rela* for relocatable builds (bsc#1194869). - powerpc/xmon: Fix -Wswitch-unreachable warning in bpt_cmds (bsc#1194869). - powerpc: Remove linker flag from KBUILD_AFLAGS (bsc#1194869). - ppc64le: HWPOISON_INJECT=m (bsc#1209572). - pwm: cros-ec: Explicitly set .polarity in .get_state() (git-fixes). - pwm: sprd: Explicitly set .polarity in .get_state() (git-fixes). - r8169: fix RTL8168H and RTL8107E rx crc error (git-fixes). - rcu: Fix rcu_torture_read ftrace event (git-fixes). - ring-buffer: Fix race while reader and writer are on the same page (git-fixes). - ring-buffer: Handle race between rb_move_tail and rb_check_pages (git-fixes). - ring-buffer: remove obsolete comment for free_buffer_page() (git-fixes). - s390/boot: simplify and fix kernel memory layout setup (bsc#1209600). - s390/dasd: fix no record found for raw_track_access (bsc#1207574). - s390/vfio-ap: fix memory leak in vfio_ap device driver (git-fixes). - sbitmap: Avoid lockups when waker gets preempted (bsc#1209118). - sched/psi: Fix use-after-free in ep_remove_wait_queue() (bsc#1209799). - scsi: qla2xxx: Synchronize the IOCB count to be in order (bsc#1209292 bsc#1209684 bsc#1209556). - sctp: sctp_sock_filter(): avoid list_entry() on possibly empty list (bsc#1208602, git-fixes). - serial: 8250: ASPEED_VUART: select REGMAP instead of depending on it (git-fixes). - serial: 8250: SERIAL_8250_ASPEED_VUART should depend on ARCH_ASPEED (git-fixes). - serial: fsl_lpuart: Fix comment typo (git-fixes). - smb3: fix unusable share after force unmount failure (bsc#1193629). - smb3: lower default deferred close timeout to address perf regression (bsc#1193629). - struct dwc3: mask new member (git-fixes). - thunderbolt: Add missing UNSET_INBOUND_SBTX for retimer access (git-fixes). - thunderbolt: Call tb_check_quirks() after initializing adapters (git-fixes). - thunderbolt: Disable interrupt auto clear for rings (git-fixes). - thunderbolt: Rename shadowed variables bit to interrupt_bit and auto_clear_bit (git-fixes). - thunderbolt: Use const qualifier for `ring_interrupt_index` (git-fixes). - thunderbolt: Use scale field when allocating USB3 bandwidth (git-fixes). - timers: Prevent union confusion from unexpected (git-fixes) - trace/hwlat: Do not start per-cpu thread if it is already running (git-fixes). - trace/hwlat: Do not wipe the contents of per-cpu thread data (git-fixes). - trace/hwlat: make use of the helper function kthread_run_on_cpu() (git-fixes). - tracing: Add trace_array_puts() to write into instance (git-fixes). - tracing: Fix wrong return in kprobe_event_gen_test.c (git-fixes). - tracing: Free error logs of tracing instances (git-fixes). - tracing: Have tracing_snapshot_instance_cond() write errors to the appropriate instance (git-fixes). - tty: serial: fsl_lpuart: avoid checking for transfer complete when UARTCTRL_SBK is asserted in lpuart32_tx_empty (git-fixes). - tty: serial: fsl_lpuart: skip waiting for transmission complete when UARTCTRL_SBK is asserted (git-fixes). - tty: serial: sh-sci: Fix Rx on RZ/G2L SCI (git-fixes). - tty: serial: sh-sci: Fix transmit end interrupt handler (git-fixes). - uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2 (git-fixes). - vdpa_sim: set last_used_idx as last_avail_idx in vdpasim_queue_ready (git-fixes). - wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta (git-fixes). - wifi: mac80211: fix qos on mesh interfaces (git-fixes). - wireguard: ratelimiter: use hrtimer in selftest (git-fixes) - x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes). - x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes). - x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes). - x86/fpu: Cache xfeature flags from CPUID (git-fixes). - x86/fpu: Remove unused supervisor only offsets (git-fixes). - x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes). - x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes). - x86/mce: Allow instrumentation during task work queueing (git-fixes). - x86/mce: Mark mce_end() noinstr (git-fixes). - x86/mce: Mark mce_panic() noinstr (git-fixes). - x86/mce: Mark mce_read_aux() noinstr (git-fixes). - x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes). - x86/msr: Remove .fixup usage (git-fixes). - x86/sgx: Free backing memory after faulting the enclave page (git-fixes). - x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes). - x86/uaccess: Move variable into switch case statement (git-fixes). - x86: Annotate call_on_stack() (git-fixes). - x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments (bsc#1203200). - xfs: convert ptag flags to unsigned (git-fixes). - xfs: do not assert fail on perag references on teardown (git-fixes). - xfs: do not leak btree cursor when insrec fails after a split (git-fixes). - xfs: pass the correct cursor to xfs_iomap_prealloc_size (git-fixes). - xfs: remove xfs_setattr_time() declaration (git-fixes). - xfs: zero inode fork buffer at allocation (git-fixes). - xhci: Free the command allocated for setting LPM if we return early (git-fixes). - xhci: also avoid the XHCI_ZERO_64B_REGS quirk with a passthrough iommu (git-fixes). - xirc2ps_cs: Fix use after free bug in xirc2ps_detach (git-fixes). - xprtrdma: Fix regbuf data not freed in rpcrdma_req_create() (git-fixes). kernel-rt-5.14.21-150400.15.23.1.nosrc.rpm True kernel-rt-5.14.21-150400.15.23.1.x86_64.rpm True openSUSE-Leap-Micro-5.4-2023-1994 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for avahi fixes the following issues: - CVE-2023-1981: Fixed crash in avahi-daemon (bsc#1210328). avahi-0.8-150400.7.3.1.src.rpm avahi-0.8-150400.7.3.1.x86_64.rpm libavahi-client3-0.8-150400.7.3.1.x86_64.rpm libavahi-common3-0.8-150400.7.3.1.x86_64.rpm libavahi-core7-0.8-150400.7.3.1.x86_64.rpm avahi-0.8-150400.7.3.1.s390x.rpm libavahi-client3-0.8-150400.7.3.1.s390x.rpm libavahi-common3-0.8-150400.7.3.1.s390x.rpm libavahi-core7-0.8-150400.7.3.1.s390x.rpm avahi-0.8-150400.7.3.1.aarch64.rpm libavahi-client3-0.8-150400.7.3.1.aarch64.rpm libavahi-common3-0.8-150400.7.3.1.aarch64.rpm libavahi-core7-0.8-150400.7.3.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2084 important SUSE Updates openSUSE-Leap-Micro 5.4 This update for shim fixes the following issues: - CVE-2022-28737 was missing as reference previously. - Upgrade shim-install for bsc#1210382 After closing Leap-gap project since Leap 15.3, openSUSE Leap direct uses shim from SLE. So the ca_string is 'SUSE Linux Enterprise Secure Boot CA1', not 'openSUSE Secure Boot CA1'. It causes that the update_boot=no, so all files in /boot/efi/EFI/boot are not updated. Logic was added that is using ID field in os-release for checking Leap distro and set ca_string to 'SUSE Linux Enterprise Secure Boot CA1'. Then /boot/efi/EFI/boot/* can also be updated. shim-15.7-150300.4.16.1.src.rpm shim-15.7-150300.4.16.1.x86_64.rpm shim-15.7-150300.4.16.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2046 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for openssl-ibmca fixes the following issues: Upgraded openssl-ibmca to version 2.4.0 (bsc#1210058) - Provider: Adjustments for OpenSSL versions 3.1 and 3.2 - Provider: Support RSA blinding - Provider: Constant-time fixes for RSA PKCS#1 v1.5 and OAEP padding - Provider: Support "implicit rejection" option for RSA PKCS#1 v1.5 padding - Provider: Adjustments in OpenSSL config generator and example configs - Engine: EC: Cache ICA key in EC_KEY object (performance improvement) - FIPS 140-3: Correct engine handling so only the ciphers selected in the config file are activated (bsc#1210359) openssl-ibmca-2.4.0-150400.4.8.1.s390x.rpm openssl-ibmca-2.4.0-150400.4.8.1.src.rpm openSUSE-Leap-Micro-5.4-2023-1947 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for dmidecode fixes the following issues: - CVE-2023-30630: Fixed potential privilege escalation vulnerability via file overwrite (bsc#1210418). dmidecode-3.4-150400.16.8.1.src.rpm dmidecode-3.4-150400.16.8.1.x86_64.rpm dmidecode-3.4-150400.16.8.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-1939 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for mozilla-nss fixes the following issues: - FIPS 140-3: Adjust SLI reporting for PBKDF2 parameter validation (bsc#1208999) - FIPS 140-3: Update session->lastOpWasFIPS before destroying the key after derivation in the CKM_TLS12_KEY_AND_MAC_DERIVE, CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256, CKM_TLS_KEY_AND_MAC_DERIVE and CKM_SSL3_KEY_AND_MAC_DERIVE cases. (bsc#1191546) - FIPS 140-3: more changes for pairwise consistency checks. (bsc#1207209) - Add manpages to mozilla-nss-tools (bsc#1208242) libfreebl3-3.79.4-150400.3.29.1.x86_64.rpm libfreebl3-hmac-3.79.4-150400.3.29.1.x86_64.rpm libsoftokn3-3.79.4-150400.3.29.1.x86_64.rpm libsoftokn3-hmac-3.79.4-150400.3.29.1.x86_64.rpm mozilla-nss-3.79.4-150400.3.29.1.src.rpm mozilla-nss-3.79.4-150400.3.29.1.x86_64.rpm mozilla-nss-certs-3.79.4-150400.3.29.1.x86_64.rpm mozilla-nss-tools-3.79.4-150400.3.29.1.x86_64.rpm libfreebl3-3.79.4-150400.3.29.1.s390x.rpm libfreebl3-hmac-3.79.4-150400.3.29.1.s390x.rpm libsoftokn3-3.79.4-150400.3.29.1.s390x.rpm libsoftokn3-hmac-3.79.4-150400.3.29.1.s390x.rpm mozilla-nss-3.79.4-150400.3.29.1.s390x.rpm mozilla-nss-certs-3.79.4-150400.3.29.1.s390x.rpm mozilla-nss-tools-3.79.4-150400.3.29.1.s390x.rpm libfreebl3-3.79.4-150400.3.29.1.aarch64.rpm libfreebl3-hmac-3.79.4-150400.3.29.1.aarch64.rpm libsoftokn3-3.79.4-150400.3.29.1.aarch64.rpm libsoftokn3-hmac-3.79.4-150400.3.29.1.aarch64.rpm mozilla-nss-3.79.4-150400.3.29.1.aarch64.rpm mozilla-nss-certs-3.79.4-150400.3.29.1.aarch64.rpm mozilla-nss-tools-3.79.4-150400.3.29.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2216 important SUSE Updates openSUSE-Leap-Micro 5.4 This update for python-packaging fixes the following issues: - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Add patch to fix testsuite on big-endian targets - Ignore python3.6.2 since the test doesn't support it. - update to 21.3: * Add a pp3-none-any tag * Replace the blank pyparsing 3 exclusion with a 3.0.5 exclusion * Fix a spelling mistake - update to 21.2: * Update documentation entry for 21.1. * Update pin to pyparsing to exclude 3.0.0. * PEP 656: musllinux support * Drop support for Python 2.7, Python 3.4 and Python 3.5 * Replace distutils usage with sysconfig * Add support for zip files * Use cached hash attribute to short-circuit tag equality comparisons * Specify the default value for the 'specifier' argument to 'SpecifierSet' * Proper keyword-only "warn" argument in packaging.tags * Correctly remove prerelease suffixes from ~= check * Fix type hints for 'Version.post' and 'Version.dev' * Use typing alias 'UnparsedVersion' * Improve type inference * Tighten the return typeo - Add Provides: for python*dist(packaging). (bsc#1186870) - add no-legacyversion-warning.patch to restore compatibility with 20.4 - update to 20.9: * Add support for the ``macosx_10_*_universal2`` platform tags * Introduce ``packaging.utils.parse_wheel_filename()`` and ``parse_sdist_filename()`` - update to 20.8: * Revert back to setuptools for compatibility purposes for some Linux distros * Do not insert an underscore in wheel tags when the interpreter version number is more than 2 digits * Fix flit configuration, to include LICENSE files * Make `intel` a recognized CPU architecture for the `universal` macOS platform tag * Add some missing type hints to `packaging.requirements` * Officially support Python 3.9 * Deprecate the ``LegacyVersion`` and ``LegacySpecifier`` classes * Handle ``OSError`` on non-dynamic executables when attempting to resolve the glibc version string. - update to 20.4: * Canonicalize version before comparing specifiers. * Change type hint for ``canonicalize_name`` to return ``packaging.utils.NormalizedName``. This enables the use of static typing tools (like mypy) to detect mixing of normalized and un-normalized names. python-packaging-21.3-150200.3.3.1.src.rpm python3-packaging-21.3-150200.3.3.1.noarch.rpm openSUSE-Leap-Micro-5.4-2023-2283 important SUSE Updates openSUSE-Leap-Micro 5.4 This update for cloud-regionsrv-client fixes the following issues: - Update to version 10.1.2 (bsc#1211282) + Properly handle Ipv6 when checking update server responsiveness. If not available fall back and use IPv4 information + Use systemd_ordered to allow use in a container without pulling systemd into the container as a requirement - Update to version 10.1.1 (bsc#1210020, bsc#1210021) + Clean up the system if baseproduct registraion fails to leave the system in prestine state + Log when the registercloudguest command is invoked with --clean - Update to version 10.1.0 (bsc#1207133, bsc#1208097, bsc#1208099 ) - Removes a warning about system_token entry present in the credentials file. - Adds logrotate configuration for log rotation. cloud-regionsrv-client-10.1.2-150000.6.96.1.noarch.rpm cloud-regionsrv-client-10.1.2-150000.6.96.1.src.rpm cloud-regionsrv-client-addon-azure-1.0.5-150000.6.96.1.noarch.rpm cloud-regionsrv-client-generic-config-1.0.0-150000.6.96.1.noarch.rpm cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.96.1.noarch.rpm cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.96.1.noarch.rpm cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.96.1.noarch.rpm openSUSE-Leap-Micro-5.4-2023-1967 important SUSE Updates openSUSE-Leap-Micro 5.4 This update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container fixes the following issues: - CVE-2023-26484: Limit operator secrets permission. (bsc#1209359) kubevirt is also rebuilt with a supported GO compiler (bsc#1208916) kubevirt-0.54.0-150400.3.13.1.src.rpm kubevirt-manifests-0.54.0-150400.3.13.1.x86_64.rpm kubevirt-virtctl-0.54.0-150400.3.13.1.x86_64.rpm openSUSE-Leap-Micro-5.4-2023-1966 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer fixes the following issues: - build the containerized-data-importer with a supported golang compiler (bsc#1208916) containerized-data-importer-1.51.0-150400.4.13.1.src.rpm containerized-data-importer-manifests-1.51.0-150400.4.13.1.x86_64.rpm openSUSE-Leap-Micro-5.4-2023-2192 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This release of python311, python311-pip, python311-setuptools adds the following feature: - Add Python-3.11 to SLE-15-SP4 Python Module (jsc#PED-68, jsc#PED-2634) python3-setuptools-44.1.1-150400.9.3.3.noarch.rpm python3-setuptools-44.1.1-150400.9.3.3.src.rpm openSUSE-Leap-Micro-5.4-2023-2053 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). The following non-security bug was fixed: - Remove unneeded dependency (bsc#1209918). libxml2-2-2.9.14-150400.5.16.1.x86_64.rpm libxml2-2.9.14-150400.5.16.1.src.rpm libxml2-python-2.9.14-150400.5.16.1.src.rpm libxml2-tools-2.9.14-150400.5.16.1.x86_64.rpm python3-libxml2-2.9.14-150400.5.16.1.x86_64.rpm libxml2-2-2.9.14-150400.5.16.1.s390x.rpm libxml2-tools-2.9.14-150400.5.16.1.s390x.rpm python3-libxml2-2.9.14-150400.5.16.1.s390x.rpm libxml2-2-2.9.14-150400.5.16.1.aarch64.rpm libxml2-tools-2.9.14-150400.5.16.1.aarch64.rpm python3-libxml2-2.9.14-150400.5.16.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2051 important SUSE Updates openSUSE-Leap-Micro 5.4 This update for libtpms fixes the following issues: - CVE-2023-1017: Fixed out-of-bounds write in CryptParameterDecryption (bsc#1206022). - CVE-2023-1018: Fixed out-of-bounds read in CryptParameterDecryption (bsc#1206023). libtpms-0.8.2-150300.3.9.1.src.rpm libtpms0-0.8.2-150300.3.9.1.x86_64.rpm libtpms0-0.8.2-150300.3.9.1.s390x.rpm libtpms0-0.8.2-150300.3.9.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2438 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for kernel-firmware fixes the following issues: - Add firmware for QAT 4xxx (jsc#PED-3699, bsc#1209601) - Add iwlwifi-*-72 ucode (bsc#1209681) - Update constraints for 8GB (bsc#1205811) kernel-firmware-20220509-150400.4.16.1.src.rpm True kernel-firmware-all-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-amdgpu-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-ath10k-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-ath11k-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-atheros-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-bluetooth-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-bnx2-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-brcm-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-chelsio-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-dpaa2-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-i915-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-intel-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-iwlwifi-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-liquidio-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-marvell-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-media-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-mediatek-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-mellanox-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-mwifiex-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-network-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-nfp-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-nvidia-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-platform-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-prestera-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-qcom-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-qlogic-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-radeon-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-realtek-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-serial-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-sound-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-ti-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-ueagle-20220509-150400.4.16.1.noarch.rpm True kernel-firmware-usb-network-20220509-150400.4.16.1.noarch.rpm True ucode-amd-20220509-150400.4.16.1.noarch.rpm True openSUSE-Leap-Micro-5.4-2023-2161 important SUSE Updates openSUSE-Leap-Micro 5.4 This update for aws-cli, python-boto3, python-botocore, python-s3transfer fixes the following issues: aws-cli: - Version update from 1.23.11 to 1.27.89 (bsc#1209255, jsc#PED-3780, bsc#1204537, jsc#PED-2333) * For the detailed list of changes please consult upstream changelog: https://github.com/aws/aws-cli/blob/1.27.89/CHANGELOG.rst * Updated required dependencies python-botocore: - Version update from 1.25.11 to 1.29.89 (bsc#1209255, jsc#PED-3780, bsc#1204537, jsc#PED-2333): * For the detailed list of changes please consult https://github.com/boto/botocore/blob/develop/CHANGELOG.rst * Updated required dependencies python-boto3: - Version update from 1.22.11 to 1.26.89 (bsc#1209255, jsc#PED-3780, bsc#1204537, jsc#PED-2333): * For the detailed list of changes please consult https://github.com/boto/boto3/blob/develop/CHANGELOG.rst * Updated required dependencies - Add additional build dependency requirements to python-python-dateutil and python-jmespath to resolve build failures python-s3transfer: - Version update from 0.5.0 to 0.6.0 (bsc#1209255, jsc#PED-3780, bsc#1204537, jsc#PED-2333): * Dropped support for Python 3.6 * Added support for flexible checksum when uploading or downloading objects * Officially add Python 3.10 support - Add additional build dependency requirements to python-python-dateutil and python-jmespath to resolve build failures - Drop unused python-mock build dependency aws-cli-1.27.89-150200.30.11.1.noarch.rpm aws-cli-1.27.89-150200.30.11.1.src.rpm python-botocore-1.29.89-150200.37.14.1.src.rpm python-s3transfer-0.6.0-150200.9.7.1.src.rpm python3-botocore-1.29.89-150200.37.14.1.noarch.rpm python3-s3transfer-0.6.0-150200.9.7.1.noarch.rpm openSUSE-Leap-Micro-5.4-2023-2240 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for systemd fixes the following issues: - udev-rules: fix nvme symlink creation on namespace changes (bsc#1207410) - Optimize when hundred workers claim the same symlink with the same priority (bsc#1203141) - Add nss-resolve and systemd-network to Packagehub-Subpackages (MSC-626) libsystemd0-249.16-150400.8.28.3.x86_64.rpm libudev1-249.16-150400.8.28.3.x86_64.rpm systemd-249.16-150400.8.28.3.src.rpm systemd-249.16-150400.8.28.3.x86_64.rpm systemd-container-249.16-150400.8.28.3.x86_64.rpm systemd-journal-remote-249.16-150400.8.28.3.x86_64.rpm systemd-sysvinit-249.16-150400.8.28.3.x86_64.rpm udev-249.16-150400.8.28.3.x86_64.rpm libsystemd0-249.16-150400.8.28.3.s390x.rpm libudev1-249.16-150400.8.28.3.s390x.rpm systemd-249.16-150400.8.28.3.s390x.rpm systemd-container-249.16-150400.8.28.3.s390x.rpm systemd-journal-remote-249.16-150400.8.28.3.s390x.rpm systemd-sysvinit-249.16-150400.8.28.3.s390x.rpm udev-249.16-150400.8.28.3.s390x.rpm libsystemd0-249.16-150400.8.28.3.aarch64.rpm libudev1-249.16-150400.8.28.3.aarch64.rpm systemd-249.16-150400.8.28.3.aarch64.rpm systemd-container-249.16-150400.8.28.3.aarch64.rpm systemd-journal-remote-249.16-150400.8.28.3.aarch64.rpm systemd-sysvinit-249.16-150400.8.28.3.aarch64.rpm udev-249.16-150400.8.28.3.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2103 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for vim fixes the following issues: Updated to version 9.0 with patch level 1443, fixes the following security problems - CVE-2023-1264: Fixed NULL Pointer Dereference (bsc#1209042). - CVE-2023-1355: Fixed NULL Pointer Dereference (bsc#1209187). - CVE-2023-1127: Fixed divide by zero in scrolldown() (bsc#1208828). vim-9.0.1443-150000.5.40.1.src.rpm vim-data-common-9.0.1443-150000.5.40.1.noarch.rpm vim-small-9.0.1443-150000.5.40.1.x86_64.rpm xxd-9.0.1443-150000.5.40.1.x86_64.rpm vim-small-9.0.1443-150000.5.40.1.s390x.rpm xxd-9.0.1443-150000.5.40.1.s390x.rpm xxd-9.0.1443-150000.5.40.1.ppc64le.rpm vim-small-9.0.1443-150000.5.40.1.aarch64.rpm xxd-9.0.1443-150000.5.40.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2111 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). libncurses6-6.1-150000.5.15.1.x86_64.rpm ncurses-6.1-150000.5.15.1.src.rpm ncurses-utils-6.1-150000.5.15.1.x86_64.rpm terminfo-6.1-150000.5.15.1.x86_64.rpm terminfo-base-6.1-150000.5.15.1.x86_64.rpm libncurses6-6.1-150000.5.15.1.s390x.rpm ncurses-utils-6.1-150000.5.15.1.s390x.rpm terminfo-6.1-150000.5.15.1.s390x.rpm terminfo-base-6.1-150000.5.15.1.s390x.rpm libncurses6-6.1-150000.5.15.1.aarch64.rpm ncurses-utils-6.1-150000.5.15.1.aarch64.rpm terminfo-6.1-150000.5.15.1.aarch64.rpm terminfo-base-6.1-150000.5.15.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2131 important SUSE Updates openSUSE-Leap-Micro 5.4 This update for openssh fixes the following issues: - Remove some patches that cause invalid environment assignments (bsc#1207014). openssh-8.4p1-150300.3.18.2.src.rpm openssh-8.4p1-150300.3.18.2.x86_64.rpm openssh-clients-8.4p1-150300.3.18.2.x86_64.rpm openssh-common-8.4p1-150300.3.18.2.x86_64.rpm openssh-fips-8.4p1-150300.3.18.2.x86_64.rpm openssh-server-8.4p1-150300.3.18.2.x86_64.rpm openssh-8.4p1-150300.3.18.2.s390x.rpm openssh-clients-8.4p1-150300.3.18.2.s390x.rpm openssh-common-8.4p1-150300.3.18.2.s390x.rpm openssh-fips-8.4p1-150300.3.18.2.s390x.rpm openssh-server-8.4p1-150300.3.18.2.s390x.rpm openssh-8.4p1-150300.3.18.2.aarch64.rpm openssh-clients-8.4p1-150300.3.18.2.aarch64.rpm openssh-common-8.4p1-150300.3.18.2.aarch64.rpm openssh-fips-8.4p1-150300.3.18.2.aarch64.rpm openssh-server-8.4p1-150300.3.18.2.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2317 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for util-linux fixes the following issue: - Add upstream patch to prevent possible performance degradation of libuuid (bsc#1210164) libblkid1-2.37.2-150400.8.17.1.x86_64.rpm libfdisk1-2.37.2-150400.8.17.1.x86_64.rpm libmount1-2.37.2-150400.8.17.1.x86_64.rpm libsmartcols1-2.37.2-150400.8.17.1.x86_64.rpm libuuid1-2.37.2-150400.8.17.1.x86_64.rpm util-linux-2.37.2-150400.8.17.1.src.rpm util-linux-2.37.2-150400.8.17.1.x86_64.rpm util-linux-systemd-2.37.2-150400.8.17.1.src.rpm util-linux-systemd-2.37.2-150400.8.17.1.x86_64.rpm libblkid1-2.37.2-150400.8.17.1.s390x.rpm libfdisk1-2.37.2-150400.8.17.1.s390x.rpm libmount1-2.37.2-150400.8.17.1.s390x.rpm libsmartcols1-2.37.2-150400.8.17.1.s390x.rpm libuuid1-2.37.2-150400.8.17.1.s390x.rpm util-linux-2.37.2-150400.8.17.1.s390x.rpm util-linux-systemd-2.37.2-150400.8.17.1.s390x.rpm libblkid1-2.37.2-150400.8.17.1.aarch64.rpm libfdisk1-2.37.2-150400.8.17.1.aarch64.rpm libmount1-2.37.2-150400.8.17.1.aarch64.rpm libsmartcols1-2.37.2-150400.8.17.1.aarch64.rpm libuuid1-2.37.2-150400.8.17.1.aarch64.rpm util-linux-2.37.2-150400.8.17.1.aarch64.rpm util-linux-systemd-2.37.2-150400.8.17.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2104 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for procps fixes the following issue: - Allow - as leading character to ignore possible errors on systctl entries (bsc#1209122) libprocps7-3.3.15-150000.7.31.1.x86_64.rpm procps-3.3.15-150000.7.31.1.src.rpm procps-3.3.15-150000.7.31.1.x86_64.rpm libprocps7-3.3.15-150000.7.31.1.s390x.rpm procps-3.3.15-150000.7.31.1.s390x.rpm libprocps7-3.3.15-150000.7.31.1.aarch64.rpm procps-3.3.15-150000.7.31.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2299 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for mdadm fixes the following issues: - Fixes for mdmon to ensure it runs at the right time in the fight mount namespace, this fixes various problems with IMSM raid arrays (bsc#1205493, bsc#1205830) mdadm-4.1-150300.24.27.1.src.rpm mdadm-4.1-150300.24.27.1.x86_64.rpm mdadm-4.1-150300.24.27.1.s390x.rpm mdadm-4.1-150300.24.27.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2159 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for open-vm-tools fixes the following issues: - Update to 12.2.0 (bsc#1209128) - Build the containerinfo plugin for TW/SLES15-SP5 and newer.(jsc#PED-1344) libvmtools0-12.2.0-150300.26.1.x86_64.rpm open-vm-tools-12.2.0-150300.26.1.src.rpm open-vm-tools-12.2.0-150300.26.1.x86_64.rpm openSUSE-Leap-Micro-5.4-2023-2193 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for snapper fixes the following issues: - avoid stale btrfs qgroups on transactional systems (bsc#1210151) - wait for existing btrfs quota rescans to finish (bsc#1210150) libsnapper5-0.8.16-150300.3.3.1.x86_64.rpm snapper-0.8.16-150300.3.3.1.src.rpm snapper-0.8.16-150300.3.3.1.x86_64.rpm libsnapper5-0.8.16-150300.3.3.1.s390x.rpm snapper-0.8.16-150300.3.3.1.s390x.rpm libsnapper5-0.8.16-150300.3.3.1.aarch64.rpm snapper-0.8.16-150300.3.3.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2140 important SUSE Updates openSUSE-Leap-Micro 5.4 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-2235: A use-after-free vulnerability in the Performance Events system can be exploited to achieve local privilege escalation (bsc#1210986). - CVE-2022-2196: Fixed a regression related to KVM that allowed for speculative execution attacks (bsc#1206992). - CVE-2023-23006: Fixed NULL checking against IS_ERR in dr_domain_init_resources (bsc#1208845). - CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871). - CVE-2023-2176: A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege (bsc#1210629). - CVE-2023-0386: A flaw was found where unauthorized access to the execution of the setuid file with capabilities was found in the OverlayFS subsystem, when a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allowed a local user to escalate their privileges on the system (bsc#1209615). - CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress (bsc#1210506). - CVE-2023-1855: Fixed a use after free in xgene_hwmon_remove (bsc#1210202). - CVE-2023-30772: Fixed a race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329). - CVE-2023-2019: A flaw was found in the netdevsim device driver, more specifically within the scheduling of events. This issue results from the improper management of a reference count and may lead to a denial of service (bsc#1210454). - CVE-2023-2008: A flaw was found in the fault handler of the udmabuf device driver. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code (bsc#1210453). - CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336). - CVE-2023-1990: Fixed a use after free in ndlc_remove (bsc#1210337). The following non-security bugs were fixed: - ACPI: CPPC: Disable FIE if registers in PCC regions (bsc#1210953). - ACPI: VIOT: Initialize the correct IOMMU fwspec (git-fixes). - ACPI: resource: Add Medion S17413 to IRQ override quirk (git-fixes). - ALSA: emu10k1: do not create old pass-through playback device on Audigy (git-fixes). - ALSA: emu10k1: fix capture interrupt handler unlinking (git-fixes). - ALSA: firewire-tascam: add missing unwind goto in snd_tscm_stream_start_duplex() (git-fixes). - ALSA: hda/cirrus: Add extra 10 ms delay to allow PLL settle and lock (git-fixes). - ALSA: hda/realtek: Add quirks for Lenovo Z13/Z16 Gen2 (git-fixes). - ALSA: hda/realtek: Enable mute/micmute LEDs and speaker support for HP Laptops (git-fixes). - ALSA: hda/realtek: Remove specific patch for Dell Precision 3260 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). - ALSA: hda/realtek: fix speaker, mute/micmute LEDs not work on a HP platform (git-fixes). - ALSA: hda/sigmatel: add pin overrides for Intel DP45SG motherboard (git-fixes). - ALSA: hda/sigmatel: fix S/PDIF out on Intel D*45* motherboards (git-fixes). - ALSA: hda: cs35l41: Enable Amp High Pass Filter (git-fixes). - ALSA: hda: patch_realtek: add quirk for Asus N7601ZM (git-fixes). - ALSA: i2c/cs8427: fix iec958 mixer control deactivation (git-fixes). - ARM: 9290/1: uaccess: Fix KASAN false-positives (git-fixes). - ARM: dts: exynos: fix WM8960 clock name in Itop Elite (git-fixes). - ARM: dts: gta04: fix excess dma channel usage (git-fixes). - ARM: dts: qcom: ipq4019: Fix the PCI I/O port range (git-fixes). - ARM: dts: rockchip: fix a typo error for rk3288 spdif node (git-fixes). - ARM: dts: s5pv210: correct MIPI CSIS clock name (git-fixes). - ASN.1: Fix check for strdup() success (git-fixes). - ASoC: cs35l41: Only disable internal boost (git-fixes). - ASoC: es8316: Handle optional IRQ assignment (git-fixes). - ASoC: fsl_asrc_dma: fix potential null-ptr-deref (git-fixes). - ASoC: fsl_mqs: move of_node_put() to the correct location (git-fixes). - Bluetooth: Fix race condition in hidp_session_thread (git-fixes). - Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp} (git-fixes). - Drivers: vmbus: Check for channel allocation before looking up relids (git-fixes). - IB/mlx5: Add support for 400G_8X lane speed (git-fixes) - Input: hp_sdc_rtc - mark an unused function as __maybe_unused (git-fixes). - Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe (git-fixes). - KEYS: Add missing function documentation (git-fixes). - KEYS: Create static version of public_key_verify_signature (git-fixes). - NFS: Cleanup unused rpc_clnt variable (git-fixes). - NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL (git-fixes). - NFSD: callback request does not use correct credential for AUTH_SYS (git-fixes). - PCI/EDR: Clear Device Status after EDR error recovery (git-fixes). - PCI: dwc: Fix PORT_LINK_CONTROL update when CDM check enabled (git-fixes). - PCI: imx6: Install the fault handler only on compatible match (git-fixes). - PCI: loongson: Add more devices that need MRRS quirk (git-fixes). - PCI: loongson: Prevent LS7A MRRS increases (git-fixes). - PCI: pciehp: Fix AB-BA deadlock between reset_lock and device_lock (git-fixes). - PCI: qcom: Fix the incorrect register usage in v2.7.0 config (git-fixes). - RDMA/cma: Allow UD qp_type to join multicast only (git-fixes) - RDMA/core: Fix GID entry ref leak when create_ah fails (git-fixes) - RDMA/irdma: Add ipv4 check to irdma_find_listener() (git-fixes) - RDMA/irdma: Fix memory leak of PBLE objects (git-fixes) - RDMA/irdma: Increase iWARP CM default rexmit count (git-fixes) - Remove obsolete KMP obsoletes (bsc#1210469). - Revert "Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work" (git-fixes). - Revert "pinctrl: amd: Disable and mask interrupts on resume" (git-fixes). - USB: dwc3: fix runtime pm imbalance on probe errors (git-fixes). - USB: dwc3: fix runtime pm imbalance on unbind (git-fixes). - USB: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs (git-fixes). - USB: serial: option: add Quectel RM500U-CN modem (git-fixes). - USB: serial: option: add Telit FE990 compositions (git-fixes). - USB: serial: option: add UNISOC vendor and TOZED LT70C product (git-fixes). - amdgpu: disable powerpc support for the newer display engine (bsc#1194869). - arm64: dts: imx8mm-evk: correct pmic clock source (git-fixes). - arm64: dts: meson-g12-common: specify full DMC range (git-fixes). - arm64: dts: qcom: ipq8074-hk01: enable QMP device, not the PHY node (git-fixes). - arm64: dts: qcom: ipq8074: Fix the PCI I/O port range (git-fixes). - arm64: dts: qcom: msm8994-kitakami: drop unit address from PMI8994 regulator (git-fixes). - arm64: dts: qcom: msm8994-msft-lumia-octagon: drop unit address from PMI8994 regulator (git-fixes). - arm64: dts: qcom: msm8996: Fix the PCI I/O port range (git-fixes). - arm64: dts: qcom: msm8998: Fix stm-stimulus-base reg name (git-fixes). - arm64: dts: qcom: msm8998: Fix the PCI I/O port range (git-fixes). - arm64: dts: qcom: sc7180-trogdor-lazor: correct trackpad supply (git-fixes). - arm64: dts: qcom: sdm845: Fix the PCI I/O port range (git-fixes). - arm64: dts: qcom: sm8250: Fix the PCI I/O port range (git-fixes). - arm64: dts: renesas: r8a774c0: Remove bogus voltages from OPP table (git-fixes). - arm64: dts: renesas: r8a77990: Remove bogus voltages from OPP table (git-fixes). - arm64: dts: ti: k3-j721e-main: Remove ti,strobe-sel property (git-fixes). - bluetooth: Perform careful capability checks in hci_sock_ioctl() (git-fixes). - cgroup/cpuset: Add cpuset_can_fork() and cpuset_cancel_fork() methods - cgroup/cpuset: Make cpuset_fork() handle CLONE_INTO_CGROUP properly - cgroup/cpuset: Wake up cpuset_attach_wq tasks in cpuset_cancel_attach() (bsc#1210827). - cifs: fix negotiate context parsing (bsc#1210301). - clk: add missing of_node_put() in "assigned-clocks" property parsing (git-fixes). - clk: at91: clk-sam9x60-pll: fix return value check (git-fixes). - clk: rockchip: rk3399: allow clk_cifout to force clk_cifout_src to reparent (git-fixes). - clk: sprd: set max_register according to mapping range (git-fixes). - clocksource/drivers/davinci: Fix memory leak in davinci_timer_register when init fails (git-fixes). - cpufreq: CPPC: Fix build error without CONFIG_ACPI_CPPC_CPUFREQ_FIE (bsc#1210953). - cpufreq: CPPC: Fix performance/frequency conversion (git-fixes). - cpumask: fix incorrect cpumask scanning result checks (bsc#1210943). - crypto: caam - Clear some memory in instantiate_rng (git-fixes). - crypto: drbg - Only fail when jent is unavailable in FIPS mode (git-fixes). - crypto: sa2ul - Select CRYPTO_DES (git-fixes). - crypto: safexcel - Cleanup ring IRQ workqueues on load failure (git-fixes). - driver core: Do not require dynamic_debug for initcall_debug probe timing (git-fixes). - drivers: staging: rtl8723bs: Fix locking in _rtw_join_timeout_handler() (git-fixes). - drivers: staging: rtl8723bs: Fix locking in rtw_scan_timeout_handler() (git-fixes). - drm/amd/display/dc/dce60/Makefile: Fix previous attempt to silence known override-init warnings (git-fixes). - drm/amd/display: Fix potential null dereference (git-fixes). - drm/amdgpu: Re-enable DCN for 64-bit powerpc (bsc#1194869). - drm/armada: Fix a potential double free in an error handling path (git-fixes). - drm/bridge: adv7533: Fix adv7533_mode_valid for adv7533 and adv7535 (git-fixes). - drm/bridge: lt8912b: Fix DSI Video Mode (git-fixes). - drm/bridge: lt9611: Fix PLL being unable to lock (git-fixes). - drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var (git-fixes). - drm/i915/dsi: fix DSS CTL register offsets for TGL+ (git-fixes). - drm/i915: Fix fast wake AUX sync len (git-fixes). - drm/i915: Make intel_get_crtc_new_encoder() less oopsy (git-fixes). - drm/i915: fix race condition UAF in i915_perf_add_config_ioctl (git-fixes). - drm/lima/lima_drv: Add missing unwind goto in lima_pdev_probe() (git-fixes). - drm/msm/adreno: drop bogus pm_runtime_set_active() (git-fixes). - drm/msm/disp/dpu: check for crtc enable rather than crtc active to release shared resources (git-fixes). - drm/msm: fix NULL-deref on snapshot tear down (git-fixes). - drm/nouveau/disp: Support more modes by checking with lower bpc (git-fixes). - drm/panel: otm8009a: Set backlight parent to panel device (git-fixes). - drm/probe-helper: Cancel previous job before starting new one (git-fixes). - drm/rockchip: Drop unbalanced obj unref (git-fixes). - drm/vgem: add missing mutex_destroy (git-fixes). - drm: msm: adreno: Disable preemption on Adreno 510 (git-fixes). - drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Book X90F (git-fixes). - drm: rcar-du: Fix a NULL vs IS_ERR() bug (git-fixes). - dt-bindings: arm: fsl: Fix copy-paste error in comment (git-fixes). - dt-bindings: iio: ti,tmp117: fix documentation link (git-fixes). - dt-bindings: mailbox: qcom,apcs-kpss-global: fix SDX55 'if' match (git-fixes). - dt-bindings: nvmem: qcom,spmi-sdam: fix example 'reg' property (git-fixes). - dt-bindings: remoteproc: stm32-rproc: Typo fix (git-fixes). - dt-bindings: soc: qcom: smd-rpm: re-add missing qcom,rpm-msm8994 (git-fixes). - e1000e: Disable TSO on i219-LM card to increase speed (git-fixes). - efi: sysfb_efi: Add quirk for Lenovo Yoga Book X91F/L (git-fixes). - ext4: Fix deadlock during directory rename (bsc#1210763). - ext4: Fix possible corruption when moving a directory (bsc#1210763). - ext4: fix RENAME_WHITEOUT handling for inline directories (bsc#1210766). - ext4: fix another off-by-one fsmap error on 1k block filesystems (bsc#1210767). - ext4: fix bad checksum after online resize (bsc#1210762 bsc#1208076). - ext4: fix cgroup writeback accounting with fs-layer encryption (bsc#1210765). - ext4: fix corruption when online resizing a 1K bigalloc fs (bsc#1206891). - ext4: fix incorrect options show of original mount_opt and extend mount_opt2 (bsc#1210764). - ext4: fix possible double unlock when moving a directory (bsc#1210763). - ext4: use ext4_journal_start/stop for fast commit transactions (bsc#1210793). - fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace (git-fixes). - firmware: qcom_scm: Clear download bit during reboot (git-fixes). - firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe (git-fixes). - fpga: bridge: fix kernel-doc parameter description (git-fixes). - hwmon: (adt7475) Use device_property APIs when configuring polarity (git-fixes). - hwmon: (k10temp) Check range scale when CUR_TEMP register is read-write (git-fixes). - hwmon: (pmbus/fsp-3y) Fix functionality bitmask in FSP-3Y YM-2151E (git-fixes). - i2c: cadence: cdns_i2c_master_xfer(): Fix runtime PM leak on error path (git-fixes). - i2c: hisi: Avoid redundant interrupts (git-fixes). - i2c: imx-lpi2c: clean rx/tx buffers upon new message (git-fixes). - i2c: ocores: generate stop condition after timeout in polling mode (git-fixes). - i915/perf: Replace DRM_DEBUG with driver specific drm_dbg call (git-fixes). - ice: avoid bonding causing auxiliary plug/unplug under RTNL lock (bsc#1210158). - iio: adc: at91-sama5d2_adc: fix an error code in at91_adc_allocate_trigger() (git-fixes). - iio: light: tsl2772: fix reading proximity-diodes from device tree (git-fixes). - ipmi: fix SSIF not responding under certain cond (git-fixes). - ipmi:ssif: Add send_retries increment (git-fixes). - k-m-s: Drop Linux 2.6 support - kABI: PCI: loongson: Prevent LS7A MRRS increases (kabi). - kABI: x86/msi: Fix msi message data shadow struct (kabi). - kabi/severities: ignore KABI for NVMe target (bsc#1174777). - keys: Fix linking a duplicate key to a keyring's assoc_array (bsc#1207088). - locking/rwbase: Mitigate indefinite writer starvation. - media: av7110: prevent underflow in write_ts_to_decoder() (git-fixes). - media: dm1105: Fix use after free bug in dm1105_remove due to race condition (git-fixes). - media: max9286: Free control handler (git-fixes). - media: rc: gpio-ir-recv: Fix support for wake-up (git-fixes). - media: rkvdec: fix use after free bug in rkvdec_remove (git-fixes). - media: saa7134: fix use after free bug in saa7134_finidev due to race condition (git-fixes). - media: venus: dec: Fix handling of the start cmd (git-fixes). - memstick: fix memory leak if card device is never registered (git-fixes). - mm/filemap: fix page end in filemap_get_read_batch (bsc#1210768). - mm: page_alloc: skip regions with hugetlbfs pages when allocating 1G pages (bsc#1210034). - mm: take a page reference when removing device exclusive entries (bsc#1211025). - mmc: sdhci-of-esdhc: fix quirk to ignore command inhibit for data (git-fixes). - mmc: sdhci_am654: Set HIGH_SPEED_ENA for SDR12 and SDR25 (git-fixes). - mtd: core: fix error path for nvmem provider (git-fixes). - mtd: core: fix nvmem error reporting (git-fixes). - mtd: core: provide unique name for nvmem device, take two (git-fixes). - mtd: spi-nor: Fix a trivial typo (git-fixes). - net: phy: nxp-c45-tja11xx: add remove callback (git-fixes). - net: phy: nxp-c45-tja11xx: fix unsigned long multiplication overflow (git-fixes). - nfsd: call op_release, even when op_func returns an error (git-fixes). - nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread() (git-fixes). - nilfs2: initialize unused bytes in segment summary blocks (git-fixes). - nvme initialize core quirks before calling nvme_init_subsystem (git-fixes). - nvme-auth: uninitialized variable in nvme_auth_transform_key() (git-fixes). - nvme-fcloop: fix "inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage" (git-fixes). - nvme-hwmon: consistently ignore errors from nvme_hwmon_init (git-fixes). - nvme-hwmon: kmalloc the NVME SMART log buffer (git-fixes). - nvme-multipath: fix possible hang in live ns resize with ANA access (git-fixes). - nvme-pci: fix doorbell buffer value endianness (git-fixes). - nvme-pci: fix mempool alloc size (git-fixes). - nvme-pci: fix page size checks (git-fixes). - nvme-pci: fix timeout request state check (git-fixes). - nvme-rdma: fix possible hang caused during ctrl deletion (git-fixes). - nvme-tcp: fix possible circular locking when deleting a controller under memory pressure (git-fixes). - nvme-tcp: fix possible hang caused during ctrl deletion (git-fixes). - nvme-tcp: fix regression that causes sporadic requests to time out (git-fixes). - nvme: Fix IOC_PR_CLEAR and IOC_PR_RELEASE ioctls for nvme devices (git-fixes). - nvme: add device name to warning in uuid_show() (git-fixes). - nvme: catch -ENODEV from nvme_revalidate_zones again (git-fixes). - nvme: copy firmware_rev on each init (git-fixes). - nvme: define compat_ioctl again to unbreak 32-bit userspace (git-fixes). - nvme: fix async event trace event (git-fixes). - nvme: fix handling single range discard request (git-fixes). - nvme: fix per-namespace chardev deletion (git-fixes). - nvme: fix the NVME_CMD_EFFECTS_CSE_MASK definition (git-fixes). - nvme: fix the read-only state for zoned namespaces with unsupposed features (git-fixes). - nvme: improve the NVME_CONNECT_AUTHREQ* definitions (git-fixes). - nvme: move nvme_multi_css into nvme.h (git-fixes). - nvme: return err on nvme_init_non_mdts_limits fail (git-fixes). - nvme: send Identify with CNS 06h only to I/O controllers (bsc#1209693). - nvme: set dma alignment to dword (git-fixes). - nvme: use command_id instead of req->tag in trace_nvme_complete_rq() (git-fixes). - nvmet-auth: do not try to cancel a non-initialized work_struct (git-fixes). - nvmet-tcp: fix incomplete data digest send (git-fixes). - nvmet-tcp: fix regression in data_digest calculation (git-fixes). - nvmet: add helpers to set the result field for connect commands (git-fixes). - nvmet: avoid potential UAF in nvmet_req_complete() (git-fixes). - nvmet: do not defer passthrough commands with trivial effects to the workqueue (git-fixes). - nvmet: fix I/O Command Set specific Identify Controller (git-fixes). - nvmet: fix Identify Active Namespace ID list handling (git-fixes). - nvmet: fix Identify Controller handling (git-fixes). - nvmet: fix Identify Namespace handling (git-fixes). - nvmet: fix a memory leak (git-fixes). - nvmet: fix a memory leak in nvmet_auth_set_key (git-fixes). - nvmet: fix a use-after-free (git-fixes). - nvmet: fix invalid memory reference in nvmet_subsys_attr_qid_max_show (git-fixes). - nvmet: force reconnect when number of queue changes (git-fixes). - nvmet: looks at the passthrough controller when initializing CAP (git-fixes). - nvmet: only allocate a single slab for bvecs (git-fixes). - nvmet: use IOCB_NOWAIT only if the filesystem supports it (git-fixes). - perf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output (git fixes). - perf/core: Fix the same task check in perf_event_set_output (git fixes). - perf: Fix check before add_event_to_groups() in perf_group_detach() (git fixes). - perf: fix perf_event_context->time (git fixes). - platform/x86 (gigabyte-wmi): Add support for A320M-S2H V2 (git-fixes). - platform/x86: gigabyte-wmi: add support for X570S AORUS ELITE (git-fixes). - power: supply: cros_usbpd: reclassify "default case!" as debug (git-fixes). - power: supply: generic-adc-battery: fix unit scaling (git-fixes). - powerpc/64: Always build with 128-bit long double (bsc#1194869). - powerpc/64e: Fix amdgpu build on Book3E w/o AltiVec (bsc#1194869). - powerpc/hv-gpci: Fix hv_gpci event list (git fixes). - powerpc/papr_scm: Update the NUMA distance table for the target node (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes). - powerpc/perf/hv-24x7: add missing RTAS retry status handling (git fixes). - powerpc/pseries: Consolidate different NUMA distance update code paths (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes). - powerpc: declare unmodified attribute_group usages const (git-fixes). - regulator: core: Avoid lockdep reports when resolving supplies (git-fixes). - regulator: core: Consistently set mutex_owner when using ww_mutex_lock_slow() (git-fixes). - regulator: core: Shorten off-on-delay-us for always-on/boot-on by time since booted (git-fixes). - regulator: fan53555: Explicitly include bits header (git-fixes). - regulator: fan53555: Fix wrong TCS_SLEW_MASK (git-fixes). - regulator: stm32-pwr: fix of_iomap leak (git-fixes). - remoteproc: Harden rproc_handle_vdev() against integer overflow (git-fixes). - remoteproc: imx_rproc: Call of_node_put() on iteration error (git-fixes). - remoteproc: st: Call of_node_put() on iteration error (git-fixes). - remoteproc: stm32: Call of_node_put() on iteration error (git-fixes). - rtc: meson-vrtc: Use ktime_get_real_ts64() to get the current time (git-fixes). - rtc: omap: include header for omap_rtc_power_off_program prototype (git-fixes). - sched/fair: Fix imbalance overflow (bsc#1155798). - sched/fair: Limit sched slice duration (bsc#1189999). - sched/fair: Move calculate of avg_load to a better location (bsc#1155798). - sched/fair: Sanitize vruntime of entity being migrated (bsc#1203325). - sched/fair: sanitize vruntime of entity being placed (bsc#1203325). - sched/numa: Stop an exhastive search if an idle core is found (bsc#1189999). - sched_getaffinity: do not assume 'cpumask_size()' is fully initialized (bsc#1155798). - scsi: aic94xx: Add missing check for dma_map_single() (git-fixes). - scsi: core: Add BLIST_NO_VPD_SIZE for some VDASD (git-fixes bsc#1203039). - scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR (git-fixes). - scsi: core: Fix a procfs host directory removal regression (git-fixes). - scsi: core: Fix a source code comment (git-fixes). - scsi: core: Remove the /proc/scsi/${proc_name} directory earlier (git-fixes). - scsi: hisi_sas: Check devm_add_action() return value (git-fixes). - scsi: hisi_sas: Set a port invalid only if there are no devices attached when refreshing port id (git-fixes). - scsi: ipr: Work around fortify-string warning (git-fixes). - scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param() (git-fixes). - scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress (git-fixes). - scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress (git-fixes). - scsi: kABI workaround for fc_host_fpin_rcv (git-fixes). - scsi: libsas: Remove useless dev_list delete in sas_ex_discover_end_dev() (git-fixes). - scsi: lpfc: Avoid usage of list iterator variable after loop (git-fixes). - scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read() (git-fixes). - scsi: lpfc: Copyright updates for 14.2.0.11 patches (bsc#1210943). - scsi: lpfc: Correct used_rpi count when devloss tmo fires with no recovery (bsc#1210943). - scsi: lpfc: Defer issuing new PLOGI if received RSCN before completing REG_LOGIN (bsc#1210943). - scsi: lpfc: Drop redundant pci_enable_pcie_error_reporting() (bsc#1210943). - scsi: lpfc: Fix double word in comments (bsc#1210943). - scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup() (bsc#1210943). - scsi: lpfc: Fix lockdep warning for rx_monitor lock when unloading driver (bsc#1210943). - scsi: lpfc: Prevent lpfc_debugfs_lockstat_write() buffer overflow (bsc#1210943). - scsi: lpfc: Record LOGO state with discovery engine even if aborted (bsc#1210943). - scsi: lpfc: Reorder freeing of various DMA buffers and their list removal (bsc#1210943). - scsi: lpfc: Revise lpfc_error_lost_link() reason code evaluation logic (bsc#1210943). - scsi: lpfc: Silence an incorrect device output (bsc#1210943). - scsi: lpfc: Skip waiting for register ready bits when in unrecoverable state (bsc#1210943). - scsi: lpfc: Update lpfc version to 14.2.0.11 (bsc#1210943). - scsi: megaraid_sas: Fix crash after a double completion (git-fixes). - scsi: megaraid_sas: Update max supported LD IDs to 240 (git-fixes). - scsi: mpt3sas: Do not print sense pool info twice (git-fixes). - scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add() (git-fixes). - scsi: mpt3sas: Fix a memory leak (git-fixes). - scsi: qla2xxx: Fix memory leak in qla2x00_probe_one() (git-fixes). - scsi: qla2xxx: Perform lockless command completion in abort path (git-fixes). - scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate() (git-fixes). - scsi: scsi_transport_fc: Add an additional flag to fc_host_fpin_rcv() (bsc#1210943). - scsi: sd: Fix wrong zone_write_granularity value during revalidate (git-fixes). - scsi: ses: Do not attach if enclosure has no components (git-fixes). - scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses (git-fixes). - scsi: ses: Fix possible desc_ptr out-of-bounds accesses (git-fixes). - scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process() (git-fixes). - scsi: ses: Fix slab-out-of-bounds in ses_intf_remove() (git-fixes). - scsi: snic: Fix memory leak with using debugfs_lookup() (git-fixes). - seccomp: Move copy_seccomp() to no failure path (bsc#1210817). - selftests/kselftest/runner/run_one(): allow running non-executable files (git-fixes). - selftests: sigaltstack: fix -Wuninitialized (git-fixes). - selinux: ensure av_permissions.h is built when needed (git-fixes). - selinux: fix Makefile dependencies of flask.h (git-fixes). - serial: 8250: Add missing wakeup event reporting (git-fixes). - serial: 8250_bcm7271: Fix arbitration handling (git-fixes). - serial: 8250_exar: derive nr_ports from PCI ID for Acces I/O cards (git-fixes). - serial: exar: Add support for Sealevel 7xxxC serial cards (git-fixes). - signal handling: do not use BUG_ON() for debugging (bsc#1210439). - signal: Add SA_IMMUTABLE to ensure forced siganls do not get changed (bsc#1210816). - signal: Do not always set SA_IMMUTABLE for forced signals (bsc#1210816). - signal: HANDLER_EXIT should clear SIGNAL_UNKILLABLE (bsc#1210816). - soc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe (git-fixes). - spi: cadence-quadspi: fix suspend-resume implementations (git-fixes). - spi: fsl-spi: Fix CPM/QE mode Litte Endian (git-fixes). - spi: qup: Do not skip cleanup in remove's error path (git-fixes). - staging: iio: resolver: ads1210: fix config mode (git-fixes). - staging: rtl8192e: Fix W_DISABLE# does not work after stop/start (git-fixes). - stat: fix inconsistency between struct stat and struct compat_stat (git-fixes). - sunrpc: only free unix grouplist after RCU settles (git-fixes). - tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH (git-fixes). - tty: serial: fsl_lpuart: adjust buffer length to the intended size (git-fixes). - udf: Check consistency of Space Bitmap Descriptor (bsc#1210771). - udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (bsc#1206649). - udf: Support splicing to file (bsc#1210770). - usb: chipidea: fix missing goto in `ci_hdrc_probe` (git-fixes). - usb: chipidea: imx: avoid unnecessary probe defer (git-fixes). - usb: dwc3: gadget: Change condition for processing suspend event (git-fixes). - usb: dwc3: pci: add support for the Intel Meteor Lake-S (git-fixes). - usb: gadget: tegra-xudc: Fix crash in vbus_draw (git-fixes). - usb: gadget: udc: renesas_usb3: Fix use after free bug in renesas_usb3_remove due to race condition (git-fixes). - usb: host: xhci-rcar: remove leftover quirk handling (git-fixes). - virt/coco/sev-guest: Add throttling awareness (bsc#1209927). - virt/coco/sev-guest: Carve out the request issuing logic into a helper (bsc#1209927). - virt/coco/sev-guest: Check SEV_SNP attribute at probe time (bsc#1209927). - virt/coco/sev-guest: Convert the sw_exit_info_2 checking to a switch-case (bsc#1209927). - virt/coco/sev-guest: Do some code style cleanups (bsc#1209927). - virt/coco/sev-guest: Remove the disable_vmpck label in handle_guest_request() (bsc#1209927). - virt/coco/sev-guest: Simplify extended guest request handling (bsc#1209927). - virt/sev-guest: Return -EIO if certificate buffer is not large enough (bsc#1209927). - virtio_ring: do not update event idx on get_buf (git-fixes). - vmci_host: fix a race condition in vmci_host_poll() causing GPF (git-fixes). - vmxnet3: use gro callback when UPT is enabled (bsc#1209739). - wifi: ath5k: fix an off by one check in ath5k_eeprom_read_freq_list() (git-fixes). - wifi: ath6kl: minor fix for allocation size (git-fixes). - wifi: ath6kl: reduce WARN to dev_dbg() in callback (git-fixes). - wifi: ath9k: hif_usb: fix memory leak of remain_skbs (git-fixes). - wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (git-fixes). - wifi: brcmfmac: support CQM RSSI notification with older firmware (git-fixes). - wifi: iwlwifi: debug: fix crash in __iwl_err() (git-fixes). - wifi: iwlwifi: fix duplicate entry in iwl_dev_info_table (git-fixes). - wifi: iwlwifi: fw: fix memory leak in debugfs (git-fixes). - wifi: iwlwifi: fw: move memset before early return (git-fixes). - wifi: iwlwifi: make the loop for card preparation effective (git-fixes). - wifi: iwlwifi: mvm: check firmware response size (git-fixes). - wifi: iwlwifi: mvm: do not set CHECKSUM_COMPLETE for unsupported protocols (git-fixes). - wifi: iwlwifi: mvm: fix mvmtxq->stopped handling (git-fixes). - wifi: iwlwifi: mvm: initialize seq variable (git-fixes). - wifi: iwlwifi: trans: do not trigger d3 interrupt twice (git-fixes). - wifi: iwlwifi: yoyo: Fix possible division by zero (git-fixes). - wifi: iwlwifi: yoyo: skip dump correctly on hw error (git-fixes). - wifi: mac80211: adjust scan cancel comment/check (git-fixes). - wifi: mt76: add missing locking to protect against concurrent rx/status calls (git-fixes). - wifi: mt76: fix 6GHz high channel not be scanned (git-fixes). - wifi: mt76: handle failure of vzalloc in mt7615_coredump_work (git-fixes). - wifi: mwifiex: mark OF related data as maybe unused (git-fixes). - wifi: rt2x00: Fix memory leak when handling surveys (git-fixes). - wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_reg() (git-fixes). - wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_rfreg() (git-fixes). - wifi: rtw88: mac: Return the original error from rtw_mac_power_switch() (git-fixes). - wifi: rtw88: mac: Return the original error from rtw_pwr_seq_parser() (git-fixes). - wifi: rtw89: fix potential race condition between napi_init and napi_enable (git-fixes). - writeback, cgroup: fix null-ptr-deref write in bdi_split_work_to_wbs (bsc#1210769). - x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails (git-fixes). - x86/PCI: Add quirk for AMD XHCI controller that loses MSI-X state in D3hot (git-fixes). - x86/bug: Prevent shadowing in __WARN_FLAGS (git-fixes). - x86/bugs: Enable STIBP for IBPB mitigated RETBleed (git-fixes). - x86/entry: Avoid very early RET (git-fixes). - x86/entry: Do not call error_entry() for XENPV (git-fixes). - x86/entry: Move CLD to the start of the idtentry macro (git-fixes). - x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry() (git-fixes). - x86/entry: Switch the stack after error_entry() returns (git-fixes). - x86/fpu: Prevent FPU state corruption (git-fixes). - x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume (git-fixes). - x86/msi: Fix msi message data shadow struct (git-fixes). - x86/pci/xen: Disable PCI/MSI masking for XEN_HVM guests (git-fixes). - x86/traps: Use pt_regs directly in fixup_bad_iret() (git-fixes). - x86/tsx: Disable TSX development mode at boot (git-fixes). - x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 (git-fixes). - xhci: fix debugfs register accesses while suspended (git-fixes). kernel-default-base changed: - Do not ship on s390x (bsc#1210729) - Add exfat (bsc#1208822) - Add _diag modules for included socket types (bsc#1204042) kernel-default-5.14.21-150400.24.63.1.nosrc.rpm True kernel-default-5.14.21-150400.24.63.1.x86_64.rpm True kernel-default-base-5.14.21-150400.24.63.1.150400.24.27.1.src.rpm True kernel-default-base-5.14.21-150400.24.63.1.150400.24.27.1.x86_64.rpm True kernel-default-5.14.21-150400.24.63.1.s390x.rpm True kernel-default-5.14.21-150400.24.63.1.aarch64.rpm True kernel-default-base-5.14.21-150400.24.63.1.150400.24.27.1.aarch64.rpm True openSUSE-Leap-Micro-5.4-2023-2118 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for haproxy fixes the following issues: Update to version 2.4.22. (jsc#PED-3821): * BUG/CRITICAL: http: properly reject empty http header field names * CI: github: don't warn on deprecated openssl functions on windows * BUG/MEDIUM: stconn: Schedule a shutw on shutr if data must be sent first * DOC: proxy-protocol: fix wrong byte in provided example * DOC: config: 'http-send-name-header' option may be used in default section * DOC: config: fix option spop-check proxy compatibility * BUG/MEDIUM: cache: use the correct time reference when comparing dates * BUG/MEDIUM: stick-table: do not leave entries in end of window during purge * BUG/MINOR: ssl/crt-list: warn when a line is malformated * BUG/MEDIUM: ssl: wrong eviction from the session cache tree * BUG/MINOR: fcgi-app: prevent 'use-fcgi-app' in default section * BUG/MINOR: sink: free the forwarding task on exit * BUILD: hpack: include global.h for the trash that is needed in debug mode * BUG/MINOR: mux-h2: add missing traces on failed headers decoding * BUG/MINOR: listener: close tiny race between resume_listener() and stopping * DOC: config: fix "Address formats" chapter syntax * BUG/MINOR: mux-fcgi: Correctly set pathinfo * DOC: config: fix aliases for protocol prefixes "udp4@" and "udp6@" * DOC: config: fix wrong section number for "protocol prefixes" * BUG/MINOR: listeners: fix suspend/resume of inherited FDs * BUG/MINOR: http-ana: make set-status also update txn->status * BUG/MINOR: http-fetch: Don't block HTTP sample fetch eval in HTTP_MSG_ERROR state * BUG/MINOR: http-ana: Report SF_FINST_R flag on error waiting the request body * BUG/MINOR: promex: Don't forget to consume the request on error * BUG/MINOR: resolvers: Wait the resolution execution for a do_resolv action * BUG/MINOR: h1-htx: Remove flags about protocol upgrade on non-101 responses * CLEANUP: htx: fix a typo in an error message of http_str_to_htx * BUG/MINOR: http: Memory leak of http redirect rules' format string * REGTEST: fix the race conditions in hmac.vtc * REGTEST: fix the race conditions in digest.vtc * REGTEST: fix the race conditions in json_query.vtc * BUG/MAJOR: buf: Fix copy of wrapping output data when a buffer is realigned * BUG/MINOR: http-fetch: Only fill txn status during prefetch if not already set * BUILD: makefile: sort the features list * BUILD: makefile: build the features list dynamically * BUG/MINOR: pool/stats: Use ullong to report total pool usage in bytes in stats * BUG/MEDIUM: mux-h2: Refuse interim responses with end-stream flag set * BUG/MINOR: ssl: Fix memory leak of find_chain in ssl_sock_load_cert_chain * LICENSE: wurfl: clarify the dummy library license. * BUG/MEDIUM: resolvers: Use tick_first() to update the resolvers task timeout * REGTESTS: startup: check maxconn computation * REGTESTS: fix the race conditions in iff.vtc * BUG/MAJOR: fcgi: Fix uninitialized reserved bytes * DOC: promex: Add missing backend metrics * MINOR: promex: introduce haproxy_backend_agg_check_status * BUG/MINOR: promex: create haproxy_backend_agg_server_status * BUG/MEDIUM: mworker: fix segv in early failure of mworker mode with peers * BUG/MINOR: ssl: Fix potential overflow * BUG/MEDIUM: ssl: Verify error codes can exceed 63 * BUG/MINOR: resolvers: Don't wait periodic resolution on healthcheck failure * BUILD: peers: peers-t.h depends on stick-table-t.h * CI: github: change "ubuntu-latest" to "ubuntu-20.04" * BUG/MEDIIM: stconn: Flush output data before forwarding close to write side * BUG/MINOR: http-htx: Don't consider an URI as normalized after a set-uri action * [RELEASE] Released version 2.4.20 * Revert "CI: determine actual OpenSSL version dynamically" * Revert "CI: switch to the "latest" LibreSSL" * SCRIPTS: announce-release: add a link to the data plane API * DOC: config: clarify the -m dir and -m dom pattern matching methods * DOC: config: clarify the fact that "retries" is not just for connections * DOC: config: explain how default matching method for ACL works * DOC: config: mention that a single monitor-uri rule is supported * DOC: config: clarify the fact that SNI should not be used in HTTP scenarios * DOC: config: provide some configuration hints for "http-reuse" * Revert "BUG/MINOR: http-htx: Don't consider an URI as normalized after a set-uri action" * BUG/MINOR: mux-h1: Fix handling of 408-Request-Time-Out * BUILD: http-htx: Silent build error about a possible NULL start-line * BUG/MINOR: http-htx: Don't consider an URI as normalized after a set-uri action * BUG/MINOR: log: fix parse_log_message rfc5424 size check * BUG/MINOR: cfgparse-listen: fix ebpt_next_dup pointer dereference on proxy "from" inheritance * BUILD: listener: fix build warning on global_listener_rwlock without threads * BUG/MINOR: server/idle: at least use atomic stores when updating max_used_conns * BUILD: peers: Remove unused variables * BUG/MEDIUM: peers: messages about unkown tables not correctly ignored * BUG/MINOR: ssl: don't initialize the keylog callback when not required * BUG/MINOR: http_ana/txn: don't re-initialize txn and req var lists * BUG/MEDIUM: listener: Fix race condition when updating the global mngmt task * BUG/MINOR: pool/cli: use ullong to report total pool usage in bytes * BUG/MEDIUM: ring: fix creation of server in uninitialized ring * DOC: config: fix alphabetical ordering of global section * REG-TESTS: cache: Remove T-E header for 304-Not-Modified responses * BUG/MINOR: mux-h1: Do not send a last null chunk on body-less answers * BUG/MEDIUM: mux-fcgi: Avoid value length overflow when it doesn't fit at once * BUG/MINOR: mux-fcgi: Be sure to send empty STDING record in case of zero-copy * BUG/MINOR: resolvers: Set port before IP address when processing SRV records * BUG/MINOR: http-htx: Fix error handling during parsing http replies * BUG/MEDIUM: wdt/clock: properly handle early task hangs * CI: emit the compiler's version in the build reports * CI: switch to the "latest" LibreSSL * BUG/MINOR: ssl: ocsp structure not freed properly in case of error * BUG/MINOR: ssl: Memory leak of AUTHORITY_KEYID struct when loading issuer * CI: add monthly gcc cross compile jobs * BUG/MINOR: log: fixing bug in tcp syslog_io_handler Octet-Counting * BUG/MEDIUM: stick-table: fix a race condition when updating the expiration task * BUG/MAJOR: stick-table: don't process store-response rules for applets * DOC: management: add forgotten "show startup-logs" * BUG/MINOR: stick-table: Use server_id instead of std_t_sint in process_store_rules() * CI: SSL: temporarily stick to LibreSSL=3.5.3 * CI: SSL: use proper version generating when "latest" semantic is used * BUG/MINOR: sink: Set default connect/server timeout for implicit ring buffers * BUG/MINOR: sink: Only use backend capability for the sink proxies * BUG/MEDIUM: compression: handle rewrite errors when updating response headers * BUG/MINOR: ring: Properly parse connect timeout * BUG/MINOR: log: Preserve message facility when the log target is a ring buffer * CI: Replace the deprecated `::set-output` command by writing to $GITHUB_OUTPUT in workflow definition * CI: Replace the deprecated `::set-output` command by writing to $GITHUB_OUTPUT in matrix.py * BUG/MINOR: server: make sure "show servers state" hides private bits * BUG/MAJOR: stick-tables: do not try to index a server name for applets * DOC: configuration: missing 'if' in tcp-request content example * BUG/MINOR: backend: only enforce turn-around state when not redispatching * BUG/MINOR: smtpchk: SMTP Service check should gracefully close SMTP transaction * MINOR: smtpchk: Update expect rule to fully match replies to EHLO commands * BUG/MINOR: mux-h1: Account consumed output data on synchronous connection error * BUILD: http_fetch: silence an uninitiialized warning with gcc-4/5/6 at -Os * BUG/MINOR: http-fetch: Update method after a prefetch in smp_fetch_meth() * BUILD: h1: silence an initiialized warning with gcc-4.7 and -Os * BUG/MEDIUM: lua: handle stick table implicit arguments right. * BUG/MEDIUM: lua: Don't crash in hlua_lua2arg_check on failure * DOC: config: Fix pgsql-check documentation to make user param mandatory * BUG/MINOR: checks: update pgsql regex on auth packet * [RELEASE] Released version 2.4.19 * BUG/MEDIUM: resolvers: Remove aborted resolutions from query_ids tree * REGTESTS: 4be_1srv_smtpchk_httpchk_layer47errors: Return valid SMTP replies * BUG/MINOR: log: improper behavior when escaping log data * SCRIPTS: announce-release: update some URLs to https * BUILD: fd: fix a build warning on the DWCAS * BUG/MEDIUM: captures: free() an error capture out of the proxy lock * DOC: fix TOC in starter guide for subsection 3.3.8. Statistics * REGTESTS: ssl/log: test the log-forward with SSL * BUG/MEDIUM: sink: bad init sequence on tcp sink from a ring. * REGTESTS: log: test the log-forward feature * REGTESTS: healthcheckmail: Relax matching on the healthcheck log message * BUG/MINOR: stats: fixing stat shows disabled frontend status as 'OPEN' * MINOR: listener: small API change * BUG/MEDIUM: proxy: ensure pause_proxy() and resume_proxy() own PROXY_LOCK * CI: cirrus-ci: bump FreeBSD image to 13-1 * BUG/MINOR: signals/poller: ensure wakeup from signals * BUG/MINOR: signals/poller: set the poller timeout to 0 when there are signals * BUG/MINOR: task: always reset a new tasklet's call date * BUG/MINOR: h1: Support headers case adjustment for TCP proxies * BUILD: makefile: enable crypt(3) for NetBSD * BUG/MINOR: regex: Properly handle PCRE2 lib compiled without JIT support * BUG/MINOR: mux-fcgi: fix the "show fd" dest buffer for the subscriber * BUG/MINOR: mux-h1: fix the "show fd" dest buffer for the subscriber * BUG/MINOR: mux-h2: fix the "show fd" dest buffer for the subscriber * BUG/MEDIUM: mux-h1: always use RST to kill idle connections in pools * REGTESTS: http_request_buffer: Add a barrier to not mix up log messages * BUG/MEDIUM: mux-h1: do not refrain from signaling errors after end of input * BUG/MINOR: tcpcheck: Disable QUICKACK for default tcp-check (with no rule) * BUG/MINOR: hlua: Rely on CF_EOI to detect end of message in HTTP applets * BUG/MEDIUM: peers: Don't start resync on reload if local peer is not up-to-date * BUG/MEDIUM: peers: Don't use resync timer when local resync is in progress * BUG/MEDIUM: peers: Add connect and server timeut to peers proxy * BUG/MEDIUM: spoe: Properly update streams waiting for a ACK in async mode * DOC: configuration: do-resolve doesn't work with a port in the string * REGTESTS: Fix prometheus script to perform HTTP health-checks * BUG/MINOR: tcpcheck: Disable QUICKACK only if data should be sent after connect * BUG/MINOR: resolvers: return the correct value in resolvers_finalize_config() * BUG/MAJOR: mworker: fix infinite loop on master with no proxies. * BUG/MAJOR: log-forward: Fix log-forward proxies not fully initialized * BUG/MEDIUM: mux-h2: do not fiddle with ->dsi to indicate demux is idle * BUG/MEDIUM: http-ana: fix crash or wrong header deletion by http-restrict-req-hdr-names * BUILD: http: silence an uninitialized warning affecting gcc-5 * BUG/MEDIUM: ring: fix too lax 'size' parser * BUILD: debug: silence warning on gcc-5 * BUG/MEDIUM: task: relax one thread consistency check in task_unlink_wq() * BUG/MEDIUM: poller: use fd_delete() to release the poller pipes * BUILD: cfgparse: always defined _GNU_SOURCE for sched.h and crypt.h * BUG/MINOR: sink: fix a race condition between the writer and the reader * BUG/MINOR: ring/cli: fix a race condition between the writer and the reader * BUG/MEDIUM: proxy: Perform a custom copy for default server settings * REORG: server: Export srv_settings_cpy() function * MINOR: server: Constify source server to copy its settings * BUG/MEDIUM: dns: Properly initialize new DNS session * BUG/MINOR: peers: Use right channel flag to consider the peer as connected * BUG/MEDIUM: peers: limit reconnect attempts of the old process on reload * MINOR: peers: Use a dedicated reconnect timeout when stopping the local peer * BUG/MEDIUM: pattern: only visit equivalent nodes when skipping versions * MINOR: ebtree: add ebmb_lookup_shorter() to pursue lookups * MINOR: http-htx: Use new HTTP functions for the scheme based normalization * BUG/MEDIUM: h1: Improve authority validation for CONNCET request * MINOR: http: Add function to detect default port * MINOR: http: Add function to get port part of a host * BUG/MEDIUM: mworker: use default maxconn in wait mode * [RELEASE] Released version 2.4.18 * BUG/MINOR: sockpair: wrong return value for fd_send_uxst() * BUG/MINOR: backend: Fallback on RR algo if balance on source is impossible * BUILD: add detection for unsupported compiler models * BUG/MEDIUM: mworker: proc_self incorrectly set crashes upon reload * REGTESTS: Fix some scripts to be compatible with 2.4 and prior * BUG/MINOR: tools: fix statistical_prng_range()'s output range * BUG/MEDIUM: tools: avoid calling dlsym() in static builds (try 2) * BUILD: makefile: Fix install(1) handling for OpenBSD/NetBSD/Solaris/AIX * BUG/MEDIUM: tools: avoid calling dlsym() in static builds * MEDIUM: mworker: set the iocb of the socketpair without using fd_insert() * BUG/MEDIUM: mux-h1: Handle connection error after a synchronous send * BUG/MEDIUM: http-ana: Don't wait to have an empty buf to switch in TUNNEL state * BUG/MINOR: mux-h1: Be sure to commit htx changes in the demux buffer * REGTEESTS: filters: Fix CONNECT request in random-forwarding script * BUG/MEDIUM: http-fetch: Don't fetch the method if there is no stream * BUG/MINOR: http-htx: Fix scheme based normalization for URIs wih userinfo * BUG/MINOR: peers: fix possible NULL dereferences at config parsing * BUG/MINOR: http-act: Properly generate 103 responses when several rules are used * BUG/MINOR: http-check: Preserve headers if not redefined by an implicit rule * BUG/MINOR: peers/config: always fill the bind_conf's argument * MINOR: fd: Add BUG_ON checks on fd_insert() * CI: re-enable gcc asan builds * BUILD: Makefile: Add Lua 5.4 autodetect * BUG/MEDIUM: ssl/fd: unexpected fd close using async engine * MINOR: fd: add a new FD_DISOWN flag to prevent from closing a deleted FD * BUG/MINOR: http-fetch: Use integer value when possible in "method" sample fetch * BUG/MINOR: http-ana: Set method to HTTP_METH_OTHER when an HTTP txn is created * BUG/MINOR: ssl: Do not look for key in extra files if already in pem * MEDIUM: mux-h2: try to coalesce outgoing WINDOW_UPDATE frames * BUG/MEDIUM: ssl/cli: crash when crt inserted into a crt-list * BUG/MINOR: tcp-rules: Make action call final on read error and delay expiration * BUG/MINOR: cli/stats: add missing trailing LF after "show info json" * BUG/MINOR: server: do not enable DNS resolution on disabled proxies * BUG/MINOR: cli/stats: add missing trailing LF after JSON outputs * REGTESTS: healthcheckmail: Relax health-check failure condition * REGTESTS: healthcheckmail: Update the test to be functionnal again * BUG/MINOR: checks: Properly handle email alerts in trace messages * BUG/MINOR: trace: Test server existence for health-checks to get proxy * BUG/MEDIUM: mailers: Set the object type for check attached to an email alert * BUILD: compiler: implement unreachable for older compilers too * REGTESTS: restrict_req_hdr_names: Extend supported versions * REGTESTS: http_abortonclose: Extend supported versions * BUG/MINOR: ssl_ckch: Fix possible uninitialized value in show_cert I/O handler * BUG/MINOR: ssl_ckch: Dump cert transaction only once if show command yield * REGTESTS: http_request_buffer: Increase client timeout to wait "slow" clients * REGTESTS: abortonclose: Add a barrier to not mix up log messages * MEDIUM: http-ana: Always report rewrite failures as PRXCOND in logs * BUG/MEDIUM: ssl/crt-list: Rework 'add ssl crt-list' to handle full buffer cases * BUG/MEDIUM: ssl_ckch: Rework 'commit ssl cert' to handle full buffer cases * BUG/MINOR: ssl_ckch: Don't duplicate path when replacing a cert entry * BUG/MEDIUM: ssl_ckch: Don't delete a cert entry if it is being modified * BUG/MINOR: ssl_ckch: Free error msg if commit changes on a cert entry fails * DOC: intro: adjust the numbering of paragrams to keep the output ordered * DOC: peers: fix port number and addresses on new peers section format * DOC: peers: clarify when entry expiration date is renewed. * DOC: peers: indicate that some server settings are not usable * SCRIPTS: make publish-release try to launch make-releases-json * SCRIPTS: add make-releases-json to recreate a releases.json file in download dirs * REGTESTS: Do not use REQUIRE_VERSION for HAProxy 2.5+ (2) * BUG/MEDIUM: sample: Fix adjusting size in word converter * BUG/MEDIUM: peers: prevent unitialized multiple listeners on peers section * BUG/MEDIUM: peers: fix segfault using multiple bind on peers sections * BUG/MEDIUM: resolvers: Don't defer resolutions release in deinit function * BUG/MEDIUM: http: Properly reject non-HTTP/1.x protocols * BUG/MEDIUM: tools: Fix `inet_ntop` usage in sa2str * CI: determine actual OpenSSL version dynamically * BUILD/MINOR: cpuset fix build for FreeBSD 13.1 * BUG/MINOR: peers: fix error reporting of "bind" lines * BUG/MINOR: cfgparse: abort earlier in case of allocation error * BUG/MINOR: check: Reinit the buffer wait list at the end of a check * BUG/MEDIUM: config: Reset outline buffer size on realloc error in readcfgfile() * REGTESTS: abortonclose: Fix some race conditions * BUG/MINOR: ssl: Fix crash when no private key is found in pem * MINOR: tools: add get_exec_path implementation for solaris based systems. * BUILD: fix build warning on solaris based systems with __maybe_unused. * MEDIUM: http-ana: Add a proxy option to restrict chars in request header names * CI: determine actual LibreSSL version dynamically * [RELEASE] Released version 2.4.17 * CLEANUP: mux-h1: Fix comments and error messages for global options * BUG/MEDIUM: wdt: don't trigger the watchdog when p is unitialized * BUG/MINOR: conn_stream: do not confirm a connection from the frontend path * BUG/MINOR: server: Make SRV_STATE_LINE_MAXLEN value from 512 to 2kB (2000 bytes). * DOC: install: update gcc version requirements * BUG/MEDIUM: ssl: fix the gcc-12 broken fix :-( * BUILD: listener: shut report of possible null-deref in listener_accept() * BUILD: debug: work around gcc-12 excessive -Warray-bounds warnings * BUILD: ssl: work around bogus warning in gcc 12's -Wformat-truncation * CI: dynamically determine actual version of h2spec * DOC: fix typo "ant" for "and" in INSTALL * BUG/MINOR: map/cli: make sure patterns don't vanish under "show map"'s init * BUG/MINOR: map/cli: protect the backref list during "show map" errors * BUG/MEDIUM: cli: make "show cli sockets" really yield * BUG/MEDIUM: resolvers: make "show resolvers" properly yield * BUG/MINOR: tcp/http: release the expr of set-{src,dst}[-port] * DOC: config: Update doc for PR/PH session states to warn about rewrite failures * MINOR: mux-h2: report a trace event when failing to create a new stream * BUG/MINOR: mux-h2: mark the stream as open before processing it not after * BUG/MAJOR: dns: multi-thread concurrency issue on UDP socket * BUG/MEDIUM: mux-h1: Be able to handle trailers when C-L header was specified * BUG/MEDIUM: mux-fcgi: Be sure to never set EOM flag on an empty HTX message * SCRIPTS: announce-release: add URL of dev packages * CI: github actions: update LibreSSL to 3.5.2 * [RELEASE] Released version 2.4.16 * BUILD: opentracing: Fix OT build due to misuse of var_clear() * BUILD: proto_uxst: do not set unused flag * BUILD: sockpair: do not set unused flag * BUILD: fd: remove unused variable totlen in fd_write_frag_line() * CLEANUP: acl: Remove unused variable when releasing an acl expression * BUG/MINOR: pools: make sure to also destroy shared pools in pool_destroy_all() * BUG/MINOR: resolvers: Fix memory leak in resolvers_deinit() * BUILD: compiler: properly distinguish weak and global symbols * REGTESTS: fix the race conditions in be2dec.vtc ad field.vtc * MEDIUM: queue: use tasklet_instant_wakeup() to wake tasks * MINOR: task: add a new task_instant_wakeup() function * BUG/MINOR: rules: Fix check_capture() function to use the right rule arguments * DOC: remove my name from the config doc * BUG/MAJOR: connection: Never remove connection from idle lists outside the lock * BUG/MINOR: cache: Disable cache if applet creation fails * SCRIPTS: announce-release: add shortened links to pending issues * DOC: lua: update a few doc URLs * SCRIPTS: announce-release: update the doc's URL * BUG/MEDIUM: compression: Don't forget to update htx_sl and http_msg flags * BUG/MEDIUM: fcgi-app: Use http_msg flags to know if C-L header can be added * BUG/MEDIUM: stream: do not abort connection setup too early * BUILD: compiler: use a more portable set of asm(".weak") statements * BUILD: sched: workaround crazy and dangerous warning in Clang 14 * BUG/MEDIUM: mux-h1: Don't request more room on partial trailers * BUG/MINOR: mux-h2: use timeout http-request as a fallback for http-keep-alive * BUG/MINOR: mux-h2: do not use timeout http-keep-alive on backend side * BUILD: debug: mark the __start_mem_stats/__stop_mem_stats symbols as weak * BUG/MINOR: cache: do not display expired entries in "show cache" * BUG/MINOR: mux-h2: do not send GOAWAY if SETTINGS were not sent * CI: cirrus: switch to FreeBSD-13.0 * CI: Update to actions/cache@v3 * CI: Update to actions/checkout@v3 * DEBUG: opentracing: show return values of all functions in the debug output * CLEANUP: opentracing: added variable to store variable length * CLEANUP: opentracing: added flt_ot_smp_init() function * CLEANUP: opentracing: removed unused function flt_ot_var_get() * CLEANUP: opentracing: removed unused function flt_ot_var_unset() * DOC: opentracing: corrected comments in function descriptions * EXAMPLES: opentracing: refined shell scripts for testing filter performance * BUG/MINOR: opentracing: setting the return value in function flt_ot_var_set() * BUG/MEDIUM: http-act: Don't replace URI if path is not found or invalid * BUG/MEDIUM: http-conv: Fix url_enc() to not crush const samples * BUG/MEDIUM: mux-h1: Set outgoing message to DONE when payload length is reached * BUG/MEDIUM: promex: Be sure to never set EOM flag on an empty HTX message * BUG/MEDIUM: hlua: Don't set EOM flag on an empty HTX message in HTTP applet * BUG/MEDIUM: stats: Be sure to never set EOM flag on an empty HTX message * BUG/MINOR: fcgi-app: Don't add C-L header on response to HEAD requests * CI: github actions: update OpenSSL to 3.0.2 * BUG/MAJOR: mux_pt: always report the connection error to the conn_stream * BUG/MINOR: cli/stream: fix "shutdown session" to iterate over all threads * BUG/MINOR: samples: add missing context names for sample fetch functions * DOC: reflect H2 timeout changes * BUG/MEDIUM: mux-h2: make use of http-request and keep-alive timeouts * MEDIUM: mux-h2: slightly relax timeout management rules * BUG/MEDIUM: stream-int: do not rely on the connection error once established * BUG/MEDIUM: mux-h1: Properly detect full buffer cases during message parsing * BUG/MEDIUM: mux-fcgi: Properly handle return value of headers/trailers parsing * BUG/MINOR: tools: url2sa reads too far when no port nor path * DOC: config: Explictly add supported MQTT versions * MEDIUM: mqtt: support mqtt_is_valid and mqtt_field_value converters for MQTTv3.1 * BUG/MEDIUM: trace: avoid race condition when retrieving session from conn->owner * BUG/MEDIUM: mux-h1: only turn CO_FL_ERROR to CS_FL_ERROR with empty ibuf * CI: github actions: switch to LibreSSL-3.5.1 * BUG/MINOR: server/ssl: free the SNI sample expression * BUG/MINOR: tools: fix url2sa return value with IPv4 * [RELEASE] Released version 2.4.15 * BUILD: tree-wide: mark a few numeric constants as explicitly long long * DOC: Fix usage/examples of deprecated ACLs * BUG/MINOR: stream: make the call_rate only count the no-progress calls * BUG/MINOR: session: fix theoretical risk of memleak in session_accept_fd() * BUG/MAJOR: mux-pt: Always destroy the backend connection on detach * DEBUG: stream: Fix stream trace message to print response buffer state * DEBUG: stream: Add the missing descriptions for stream trace events * BUG/MEDIUM: mcli: Properly handle errors and timeouts during reponse processing * DEBUG: cache: Update underlying buffer when loading HTX message in cache applet * BUG/MINOR: promex: Set conn-stream/channel EOI flags at the end of request * BUG/MINOR: cache: Set conn-stream/channel EOI flags at the end of request * BUG/MINOR: stats: Set conn-stream/channel EOI flags at the end of request * BUG/MINOR: hlua: Set conn-stream/channel EOI flags at the end of request * BUG/MINOR: cli: shows correct mode in "show sess" * BUG/MINOR: add missing modes in proxy_mode_str() * BUILD: pools: fix backport of no-memory-trimming on non-linux OS * MINOR: pools: add a new global option "no-memory-trimming" * BUG/MEDIUM: pools: fix ha_free() on area in the process of being freed * BUG/MINOR: pool: always align pool_heads to 64 bytes * REGTESTS: fix the race conditions in secure_memcmp.vtc * REGTESTS: fix the race conditions in normalize_uri.vtc * BUG/MEDIUM: htx: Fix a possible null derefs in htx_xfer_blks() * CI: github actions: use cache for SSL libs * CI: github actions: use cache for OpenTracing * CI: github actions: add OpenTracing builds * CI: github actions: add the output of $CC -dM -E- * [RELEASE] Released version 2.4.14 * BUG/MEDIUM: stream: Abort processing if response buffer allocation fails * CI: github: enable pool debugging by default * REGTESTS: fix the race conditions in 40be_2srv_odd_health_checks * BUG/MINOR: proxy: preset the error message pointer to NULL in parse_new_proxy() * BUG/MAJOR: mux-h2: Be sure to always report HTX parsing error to the app layer * BUG/MEDIUM: mux-h1: Don't wake h1s if mux is blocked on lack of output buffer * BUG/MEDIUM: htx: Be sure to have a buffer to perform a raw copy of a message * BUG/MINOR: tools: url2sa reads ipv4 too far * BUG/MINOR: mailers: negotiate SMTP, not ESMTP * CI: github actions: update OpenSSL to 3.0.1 * CI: github: switch to OpenSSL 3.0.0 * CI: github actions: relax OpenSSL-3.0.0 version comparision * CI: github actions: -Wno-deprecated-declarations with OpenSSL 3.0.0 * CI: github actions: add OpenSSL-3.0.0 builds * BUILD: adopt script/build-ssl.sh for OpenSSL-3.0.0beta2 * BUILD: fix compilation for OpenSSL-3.0.0-alpha17 * CI: ssl: keep the old method for ancient OpenSSL versions * CI: ssl: do not needlessly build the OpenSSL docs * CI: ssl: enable parallel builds for OpenSSL on Linux * BUG/MAJOR: compiler: relax alignment constraints on certain structures * BUG/MEDIUM: fd: always align fdtab[] to 64 bytes * BUG/MEDIUM: resolvers: Really ignore trailing dot in domain names * BUG/MINOR: sink: Use the right field in appctx context in release callback * BUG/MINOR: mworker: fix a FD leak of a sockpair upon a failed reload * BUG/MEDIUM: mworker: close unused transferred FDs on load failure * MINOR: sock: move the unused socket cleaning code into its own function * [RELEASE] Released version 2.4.13 * BUG/MINOR: mux-h2: update the session's idle delay before creating the stream * BUG/MEDIUM: h2/hpack: fix emission of HPACK DTSU after settings change * REGTESTS: peers: leave a bit more time to peers to synchronize * BUG/MAJOR: spoe: properly detach all agents when releasing the applet * BUG/MAJOR: http/htx: prevent unbounded loop in http_manage_server_side_cookies * BUG/MEDIUM: listener: read-lock the listener during accept() * MINOR: listener: replace the listener's spinlock with an rwlock * BUG/MINOR: mworker: does not erase the pidfile upon reload * BUG/MAJOR: sched: prevent rare concurrent wakeup of multi-threaded tasks * DEBUG: pools: replace the link pointer with the caller's address on pool_free() * DEBUG: pools: let's add reverse mapping from cache heads to thread and pool * DEBUG: pools: add extra sanity checks when picking objects from a local cache * BUG/MINOR: pools: always flush pools about to be destroyed * BUG/MEDIUM: mworker: don't lose the stats socket on failed reload * DEBUG: pools: add new build option DEBUG_POOL_INTEGRITY * BUILD: debug/cli: condition test of O_ASYNC to its existence * DEBUG: cli: add a new "debug dev fd" expert command * MEDIUM: h2/hpack: emit a Dynamic Table Size Update after settings change * BUG/MEDIUM: mcli: always realign wrapping buffers before parsing them * BUG/MEDIUM: mcli: do not try to parse empty buffers * BUG/MEDIUM: cli: Never wait for more data on client shutdown * BUG/MINOR: cli: avoid O(bufsize) parsing cost on pipelined commands * MINOR: channel: add new function co_getdelim() to support multiple delimiters * MEDIUM: cli: yield between each pipelined command * BUG/MEDIUM: server: avoid changing healthcheck ctx with set server ssl * BUILD/MINOR: fix solaris build with clang. * BUG/MEDIUM: htx: Adjust length to add DATA block in an empty HTX buffer * BUG/MEDIUM: connection: properly leave stopping list on error * [RELEASE] Released version 2.4.12 * BUG/MAJOR: mux-h1: Don't decrement .curr_len for unsent data * BUG/MEDIUM: mworker: don't use _getsocks in wait mode * [RELEASE] Released version 2.4.11 * BUG/MEDIUM: http-ana: Preserve response's FLT_END analyser on L7 retry * BUG/MINOR: cli: fix _getsocks with musl libc * BUILD/MINOR: tools: solaris build fix on dladdr. * BUILD/MINOR: cpuset FreeBSD 14 build fix. * BUG/MEDIUM: ssl: free the ckch instance linked to a server * BUG/MINOR: ssl: free the fields in srv->ssl_ctx * MINOR: debug: add support for -dL to dump library names at boot * MINOR: debug: add ability to dump loaded shared libraries * MINOR: compat: detect support for dl_iterate_phdr() * BUG/MINOR: mux-h1: Fix splicing for messages with unknown length * BUG/MEDIUM: mux-h1: Fix splicing by properly detecting end of message * BUILD: makefile: add -Wno-atomic-alignment to work around clang abusive warning * MINOR: proxy: add option idle-close-on-response * REGTESTS: ssl: fix ssl_default_server.vtc * BUG/MEDIUM: ssl: initialize correctly ssl w/ default-server * DOC: fix misspelled keyword "resolve_retries" in resolvers * BUILD: ssl: unbreak the build with newer libressl * BUILD: cli: clear a maybe-unused warning on some older compilers * BUG/MINOR: pools: don't mark ourselves as harmless in DEBUG_UAF mode * BUG/MEDIUM: backend: fix possible sockaddr leak on redispatch * [RELEASE] Released version 2.4.10 * BUG/MINOR: backend: restore the SF_SRV_REUSED flag original purpose * BUG/MINOR: backend: do not set sni on connection reuse * MINOR: pools: work around possibly slow malloc_trim() during gc * BUG/MEDIUM: mworker/cli: crash when trying to access an old PID in prompt mode * DOC: config: retry-on list is space-delimited * DOC: config: Specify %Ta is only available in HTTP mode * DOC: spoe: Clarify use of the event directive in spoe-message section * BUG/MINOR: cli/server: Don't crash when a server is added with a custom id * IMPORT: slz: use the correct CRC32 instruction when running in 32-bit mode * BUILD: tree-wide: avoid warnings caused by redundant checks of obj_types * MINOR: cli: "show version" displays the current process version * CI: Github Actions: temporarily disable BoringSSL builds * BUILD: bug: Fix error when compiling with -DDEBUG_STRICT_NOCRASH * MINOR: mux-h1: Improve H1 traces by adding info about http parsers * BUG/MAJOR: segfault using multiple log forward sections. * BUG/MEDIUM: resolvers: Detach query item on response error * BUG/MINOR: server: Don't rely on last default-server to init server SSL context * BUG/MEDIUM: cli: Properly set stream analyzers to process one command at a time * BUILD/MINOR: server: fix compilation without SSL * [RELEASE] Released version 2.4.9 * BUG/MINOR: cache: Fix loop on cache entries in "show cache" * MINOR: promex: backend aggregated server check status * MINOR: server: add ws keyword * MEDIUM: server/backend: implement websocket protocol selection * MINOR: connection: add alternative mux_ops param for conn_install_mux_be * MINOR: connection: implement function to update ALPN * MINOR: stream/mux: implement websocket stream flag * BUG/MINOR: ssl: make SSL counters atomic * MINOR: shctx: add a few BUG_ON() for consistency checks * BUG/MINOR: shctx: do not look for available blocks when the first one is enough * BUG/MEDIUM: shctx: leave the block allocator when enough blocks are found * BUG/MEDIUM: cache/cli: make "show cache" thread-safe * BUG/MEDIUM: mux-h2: always process a pending shut read * BUG/MEDIUM: ssl: abort with the correct SSL error when SNI not found * CLEANUP: ssl: fix wrong #else commentary * BUG/MINOR: ssl: free correctly the sni in the backend SSL cache * BUG/MEDIUM: ssl: backend TLS resumption with sni and TLSv1.3 * BUILD: makefile: simplify detection of libatomic * BUG/MEDIUM: mux-h1: Handle delayed silent shut in h1_process() to release H1C * BUG/MINOR: stick-table/cli: Check for invalid ipv6 key * BUG/MEDIUM: connection: make cs_shutr/cs_shutw//cs_close() idempotent * BUG/MINOR: mux-h2: Fix H2_CF_DEM_SHORT_READ value * BUG/MINOR: mworker: doesn't launch the program postparser * BUG/MEDIUM: conn-stream: Don't reset CS flags on close * MINOR: mux-h1: Slightly Improve H1 traces * DOC: lua: Be explicit with the Reply object limits * Revert "BUG/MINOR: http-ana: Don't eval front after-response rules if stopped on back" * BUG/MINOR: http-ana: Apply stop to the current section for http-response rules * DOC: config: Fix typo in ssl_fc_unique_id description * BUG/MINOR: cache: properly ignore unparsable max-age in quotes * BUG/MINOR: resolvers: throw log message if trash not large enough for query * BUG/MINOR: resolvers: fix sent messages were counted twice * BUG/MEDIUM: mux-h2: reject upgrade if no RFC8441 support * MINOR: mux-h2: add trace on extended connect usage * MINOR: mux-h2: perform a full cycle shutdown+drain on close * MINOR: connection: add a new CO_FL_WANT_DRAIN flag to force drain on close haproxy-2.4.22+git0.f8e3218e2-150400.3.13.1.src.rpm haproxy-2.4.22+git0.f8e3218e2-150400.3.13.1.x86_64.rpm haproxy-2.4.22+git0.f8e3218e2-150400.3.13.1.s390x.rpm haproxy-2.4.22+git0.f8e3218e2-150400.3.13.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2234 important SUSE Updates openSUSE-Leap-Micro 5.4 This update for ovmf fixes the following issues: - CVE-2021-38578: Fixed potential underflow in SmmEntryPointwhen computing BufferSize (bsc#1196741). - CVE-2019-14560: Fixed potential secure boot bypass caused by improper check of GetEfiGlobalVariable2() return value (bsc#1174246). - revert a patch to fix xen boot problems (bsc#1205613) ovmf-202202-150400.5.10.1.src.rpm qemu-ovmf-x86_64-202202-150400.5.10.1.noarch.rpm qemu-uefi-aarch64-202202-150400.5.10.1.noarch.rpm openSUSE-Leap-Micro-5.4-2023-2133 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) libz1-1.2.11-150000.3.42.1.x86_64.rpm zlib-1.2.11-150000.3.42.1.src.rpm zlib-devel-1.2.11-150000.3.42.1.x86_64.rpm libz1-1.2.11-150000.3.42.1.s390x.rpm zlib-devel-1.2.11-150000.3.42.1.s390x.rpm libz1-1.2.11-150000.3.42.1.aarch64.rpm zlib-devel-1.2.11-150000.3.42.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2341 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for libsigc++2 fixes the following issues: - Remove executable permission for file (bsc#1209094, bsc#1209140) libsigc++2-2.10.7-150400.3.3.1.src.rpm libsigc-2_0-0-2.10.7-150400.3.3.1.x86_64.rpm libsigc-2_0-0-2.10.7-150400.3.3.1.s390x.rpm libsigc-2_0-0-2.10.7-150400.3.3.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2224 important SUSE Updates openSUSE-Leap-Micro 5.4 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). curl-8.0.1-150400.5.23.1.src.rpm curl-8.0.1-150400.5.23.1.x86_64.rpm libcurl4-8.0.1-150400.5.23.1.x86_64.rpm curl-8.0.1-150400.5.23.1.s390x.rpm libcurl4-8.0.1-150400.5.23.1.s390x.rpm curl-8.0.1-150400.5.23.1.aarch64.rpm libcurl4-8.0.1-150400.5.23.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2231 important SUSE Updates openSUSE-Leap-Micro 5.4 The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-2235: A use-after-free vulnerability in the Performance Events system can be exploited to achieve local privilege escalation (bsc#1210986). - CVE-2022-2196: Fixed a regression related to KVM that allowed for speculative execution attacks (bsc#1206992). - CVE-2023-23006: Fixed NULL checking against IS_ERR in dr_domain_init_resources (bsc#1208845). - CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871). - CVE-2023-2176: A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege (bsc#1210629). - CVE-2023-0386: A flaw was found where unauthorized access to the execution of the setuid file with capabilities was found in the OverlayFS subsystem, when a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allowed a local user to escalate their privileges on the system (bsc#1209615). - CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress (bsc#1210506). - CVE-2023-1855: Fixed a use after free in xgene_hwmon_remove (bsc#1210202). - CVE-2023-30772: Fixed a race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329). - CVE-2023-2019: A flaw was found in the netdevsim device driver, more specifically within the scheduling of events. This issue results from the improper management of a reference count and may lead to a denial of service (bsc#1210454). - CVE-2023-2008: A flaw was found in the fault handler of the udmabuf device driver. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code (bsc#1210453). - CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336). - CVE-2023-1990: Fixed a use after free in ndlc_remove (bsc#1210337). The following non-security bugs were fixed: - ACPI: CPPC: Disable FIE if registers in PCC regions (bsc#1210953). - ACPI: VIOT: Initialize the correct IOMMU fwspec (git-fixes). - ACPI: resource: Add Medion S17413 to IRQ override quirk (git-fixes). - ALSA: emu10k1: do not create old pass-through playback device on Audigy (git-fixes). - ALSA: emu10k1: fix capture interrupt handler unlinking (git-fixes). - ALSA: firewire-tascam: add missing unwind goto in snd_tscm_stream_start_duplex() (git-fixes). - ALSA: hda/cirrus: Add extra 10 ms delay to allow PLL settle and lock (git-fixes). - ALSA: hda/realtek: Add quirks for Lenovo Z13/Z16 Gen2 (git-fixes). - ALSA: hda/realtek: Enable mute/micmute LEDs and speaker support for HP Laptops (git-fixes). - ALSA: hda/realtek: Remove specific patch for Dell Precision 3260 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). - ALSA: hda/realtek: fix speaker, mute/micmute LEDs not work on a HP platform (git-fixes). - ALSA: hda/sigmatel: add pin overrides for Intel DP45SG motherboard (git-fixes). - ALSA: hda/sigmatel: fix S/PDIF out on Intel D*45* motherboards (git-fixes). - ALSA: hda: cs35l41: Enable Amp High Pass Filter (git-fixes). - ALSA: hda: patch_realtek: add quirk for Asus N7601ZM (git-fixes). - ALSA: i2c/cs8427: fix iec958 mixer control deactivation (git-fixes). - ARM: 9290/1: uaccess: Fix KASAN false-positives (git-fixes). - ARM: dts: exynos: fix WM8960 clock name in Itop Elite (git-fixes). - ARM: dts: gta04: fix excess dma channel usage (git-fixes). - ARM: dts: qcom: ipq4019: Fix the PCI I/O port range (git-fixes). - ARM: dts: rockchip: fix a typo error for rk3288 spdif node (git-fixes). - ARM: dts: s5pv210: correct MIPI CSIS clock name (git-fixes). - ASN.1: Fix check for strdup() success (git-fixes). - ASoC: cs35l41: Only disable internal boost (git-fixes). - ASoC: es8316: Handle optional IRQ assignment (git-fixes). - ASoC: fsl_asrc_dma: fix potential null-ptr-deref (git-fixes). - ASoC: fsl_mqs: move of_node_put() to the correct location (git-fixes). - Add 42a11bf5c543 cgroup/cpuset: Make cpuset_fork() handle CLONE_INTO_CGROUP properly - Add eee878537941 cgroup/cpuset: Add cpuset_can_fork() and cpuset_cancel_fork() methods - Bluetooth: Fix race condition in hidp_session_thread (git-fixes). - Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp} (git-fixes). - Drivers: vmbus: Check for channel allocation before looking up relids (git-fixes). - IB/mlx5: Add support for 400G_8X lane speed (git-fixes) - Input: hp_sdc_rtc - mark an unused function as __maybe_unused (git-fixes). - Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe (git-fixes). - KEYS: Add missing function documentation (git-fixes). - KEYS: Create static version of public_key_verify_signature (git-fixes). - NFS: Cleanup unused rpc_clnt variable (git-fixes). - NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL (git-fixes). - NFSD: callback request does not use correct credential for AUTH_SYS (git-fixes). - PCI/EDR: Clear Device Status after EDR error recovery (git-fixes). - PCI: dwc: Fix PORT_LINK_CONTROL update when CDM check enabled (git-fixes). - PCI: imx6: Install the fault handler only on compatible match (git-fixes). - PCI: loongson: Add more devices that need MRRS quirk (git-fixes). - PCI: loongson: Prevent LS7A MRRS increases (git-fixes). - PCI: pciehp: Fix AB-BA deadlock between reset_lock and device_lock (git-fixes). - PCI: qcom: Fix the incorrect register usage in v2.7.0 config (git-fixes). - RDMA/cma: Allow UD qp_type to join multicast only (git-fixes) - RDMA/core: Fix GID entry ref leak when create_ah fails (git-fixes) - RDMA/irdma: Add ipv4 check to irdma_find_listener() (git-fixes) - RDMA/irdma: Fix memory leak of PBLE objects (git-fixes) - RDMA/irdma: Increase iWARP CM default rexmit count (git-fixes) - Remove obsolete KMP obsoletes (bsc#1210469). - Revert "Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work" (git-fixes). - Revert "pinctrl: amd: Disable and mask interrupts on resume" (git-fixes). - USB: dwc3: fix runtime pm imbalance on probe errors (git-fixes). - USB: dwc3: fix runtime pm imbalance on unbind (git-fixes). - USB: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs (git-fixes). - USB: serial: option: add Quectel RM500U-CN modem (git-fixes). - USB: serial: option: add Telit FE990 compositions (git-fixes). - USB: serial: option: add UNISOC vendor and TOZED LT70C product (git-fixes). - amdgpu: disable powerpc support for the newer display engine (bsc#1194869). - arm64: dts: imx8mm-evk: correct pmic clock source (git-fixes). - arm64: dts: meson-g12-common: specify full DMC range (git-fixes). - arm64: dts: qcom: ipq8074-hk01: enable QMP device, not the PHY node (git-fixes). - arm64: dts: qcom: ipq8074: Fix the PCI I/O port range (git-fixes). - arm64: dts: qcom: msm8994-kitakami: drop unit address from PMI8994 regulator (git-fixes). - arm64: dts: qcom: msm8994-msft-lumia-octagon: drop unit address from PMI8994 regulator (git-fixes). - arm64: dts: qcom: msm8996: Fix the PCI I/O port range (git-fixes). - arm64: dts: qcom: msm8998: Fix stm-stimulus-base reg name (git-fixes). - arm64: dts: qcom: msm8998: Fix the PCI I/O port range (git-fixes). - arm64: dts: qcom: sc7180-trogdor-lazor: correct trackpad supply (git-fixes). - arm64: dts: qcom: sdm845: Fix the PCI I/O port range (git-fixes). - arm64: dts: qcom: sm8250: Fix the PCI I/O port range (git-fixes). - arm64: dts: renesas: r8a774c0: Remove bogus voltages from OPP table (git-fixes). - arm64: dts: renesas: r8a77990: Remove bogus voltages from OPP table (git-fixes). - arm64: dts: ti: k3-j721e-main: Remove ti,strobe-sel property (git-fixes). - arm64: enable jump-label jump-label was disabled on arm64 by a backport error. - bluetooth: Perform careful capability checks in hci_sock_ioctl() (git-fixes). - cgroup/cpuset: Wake up cpuset_attach_wq tasks in cpuset_cancel_attach() (bsc#1210827). - cifs: fix negotiate context parsing (bsc#1210301). - clk: add missing of_node_put() in "assigned-clocks" property parsing (git-fixes). - clk: at91: clk-sam9x60-pll: fix return value check (git-fixes). - clk: rockchip: rk3399: allow clk_cifout to force clk_cifout_src to reparent (git-fixes). - clk: sprd: set max_register according to mapping range (git-fixes). - clocksource/drivers/davinci: Fix memory leak in davinci_timer_register when init fails (git-fixes). - config: arm64: enable ERRATUM_843419 Config option was incorrectly replaced by the rt-refresh-configs script - cpufreq: CPPC: Fix build error without CONFIG_ACPI_CPPC_CPUFREQ_FIE (bsc#1210953). - cpufreq: CPPC: Fix performance/frequency conversion (git-fixes). - cpumask: fix incorrect cpumask scanning result checks (bsc#1210943). - crypto: caam - Clear some memory in instantiate_rng (git-fixes). - crypto: drbg - Only fail when jent is unavailable in FIPS mode (git-fixes). - crypto: sa2ul - Select CRYPTO_DES (git-fixes). - crypto: safexcel - Cleanup ring IRQ workqueues on load failure (git-fixes). - driver core: Do not require dynamic_debug for initcall_debug probe timing (git-fixes). - drivers: staging: rtl8723bs: Fix locking in _rtw_join_timeout_handler() (git-fixes). - drivers: staging: rtl8723bs: Fix locking in rtw_scan_timeout_handler() (git-fixes). - drm/amd/display/dc/dce60/Makefile: Fix previous attempt to silence known override-init warnings (git-fixes). - drm/amd/display: Fix potential null dereference (git-fixes). - drm/amdgpu: Re-enable DCN for 64-bit powerpc (bsc#1194869). - drm/armada: Fix a potential double free in an error handling path (git-fixes). - drm/bridge: adv7533: Fix adv7533_mode_valid for adv7533 and adv7535 (git-fixes). - drm/bridge: lt8912b: Fix DSI Video Mode (git-fixes). - drm/bridge: lt9611: Fix PLL being unable to lock (git-fixes). - drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var (git-fixes). - drm/i915/dsi: fix DSS CTL register offsets for TGL+ (git-fixes). - drm/i915: Fix fast wake AUX sync len (git-fixes). - drm/i915: Make intel_get_crtc_new_encoder() less oopsy (git-fixes). - drm/i915: fix race condition UAF in i915_perf_add_config_ioctl (git-fixes). - drm/lima/lima_drv: Add missing unwind goto in lima_pdev_probe() (git-fixes). - drm/msm/adreno: drop bogus pm_runtime_set_active() (git-fixes). - drm/msm/disp/dpu: check for crtc enable rather than crtc active to release shared resources (git-fixes). - drm/msm: fix NULL-deref on snapshot tear down (git-fixes). - drm/nouveau/disp: Support more modes by checking with lower bpc (git-fixes). - drm/panel: otm8009a: Set backlight parent to panel device (git-fixes). - drm/probe-helper: Cancel previous job before starting new one (git-fixes). - drm/rockchip: Drop unbalanced obj unref (git-fixes). - drm/vgem: add missing mutex_destroy (git-fixes). - drm: msm: adreno: Disable preemption on Adreno 510 (git-fixes). - drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Book X90F (git-fixes). - drm: rcar-du: Fix a NULL vs IS_ERR() bug (git-fixes). - dt-bindings: arm: fsl: Fix copy-paste error in comment (git-fixes). - dt-bindings: iio: ti,tmp117: fix documentation link (git-fixes). - dt-bindings: mailbox: qcom,apcs-kpss-global: fix SDX55 'if' match (git-fixes). - dt-bindings: nvmem: qcom,spmi-sdam: fix example 'reg' property (git-fixes). - dt-bindings: remoteproc: stm32-rproc: Typo fix (git-fixes). - dt-bindings: soc: qcom: smd-rpm: re-add missing qcom,rpm-msm8994 (git-fixes). - e1000e: Disable TSO on i219-LM card to increase speed (git-fixes). - efi: sysfb_efi: Add quirk for Lenovo Yoga Book X91F/L (git-fixes). - ext4: Fix deadlock during directory rename (bsc#1210763). - ext4: Fix possible corruption when moving a directory (bsc#1210763). - ext4: fix RENAME_WHITEOUT handling for inline directories (bsc#1210766). - ext4: fix another off-by-one fsmap error on 1k block filesystems (bsc#1210767). - ext4: fix bad checksum after online resize (bsc#1210762 bsc#1208076). - ext4: fix cgroup writeback accounting with fs-layer encryption (bsc#1210765). - ext4: fix corruption when online resizing a 1K bigalloc fs (bsc#1206891). - ext4: fix incorrect options show of original mount_opt and extend mount_opt2 (bsc#1210764). - ext4: fix possible double unlock when moving a directory (bsc#1210763). - ext4: use ext4_journal_start/stop for fast commit transactions (bsc#1210793). - fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace (git-fixes). - firmware: qcom_scm: Clear download bit during reboot (git-fixes). - firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe (git-fixes). - fpga: bridge: fix kernel-doc parameter description (git-fixes). - hwmon: (adt7475) Use device_property APIs when configuring polarity (git-fixes). - hwmon: (k10temp) Check range scale when CUR_TEMP register is read-write (git-fixes). - hwmon: (pmbus/fsp-3y) Fix functionality bitmask in FSP-3Y YM-2151E (git-fixes). - i2c: cadence: cdns_i2c_master_xfer(): Fix runtime PM leak on error path (git-fixes). - i2c: hisi: Avoid redundant interrupts (git-fixes). - i2c: imx-lpi2c: clean rx/tx buffers upon new message (git-fixes). - i2c: ocores: generate stop condition after timeout in polling mode (git-fixes). - i915/perf: Replace DRM_DEBUG with driver specific drm_dbg call (git-fixes). - ice: avoid bonding causing auxiliary plug/unplug under RTNL lock (bsc#1210158). - iio: adc: at91-sama5d2_adc: fix an error code in at91_adc_allocate_trigger() (git-fixes). - iio: light: tsl2772: fix reading proximity-diodes from device tree (git-fixes). - ipmi: fix SSIF not responding under certain cond (git-fixes). - ipmi:ssif: Add send_retries increment (git-fixes). - k-m-s: Drop Linux 2.6 support - kABI: PCI: loongson: Prevent LS7A MRRS increases (kabi). - kABI: x86/msi: Fix msi message data shadow struct (kabi). - kabi/severities: ignore KABI for NVMe target (bsc#1174777) The target code is only for testing and there are no external users. - keys: Fix linking a duplicate key to a keyring's assoc_array (bsc#1207088). - locking/rwbase: Mitigate indefinite writer starvation. - media: av7110: prevent underflow in write_ts_to_decoder() (git-fixes). - media: dm1105: Fix use after free bug in dm1105_remove due to race condition (git-fixes). - media: max9286: Free control handler (git-fixes). - media: rc: gpio-ir-recv: Fix support for wake-up (git-fixes). - media: rkvdec: fix use after free bug in rkvdec_remove (git-fixes). - media: saa7134: fix use after free bug in saa7134_finidev due to race condition (git-fixes). - media: venus: dec: Fix handling of the start cmd (git-fixes). - memstick: fix memory leak if card device is never registered (git-fixes). - mm/filemap: fix page end in filemap_get_read_batch (bsc#1210768). - mm: page_alloc: skip regions with hugetlbfs pages when allocating 1G pages (bsc#1210034). - mm: take a page reference when removing device exclusive entries (bsc#1211025). - mmc: sdhci-of-esdhc: fix quirk to ignore command inhibit for data (git-fixes). - mmc: sdhci_am654: Set HIGH_SPEED_ENA for SDR12 and SDR25 (git-fixes). - mtd: core: fix error path for nvmem provider (git-fixes). - mtd: core: fix nvmem error reporting (git-fixes). - mtd: core: provide unique name for nvmem device, take two (git-fixes). - mtd: spi-nor: Fix a trivial typo (git-fixes). - net: phy: nxp-c45-tja11xx: add remove callback (git-fixes). - net: phy: nxp-c45-tja11xx: fix unsigned long multiplication overflow (git-fixes). - nfsd: call op_release, even when op_func returns an error (git-fixes). - nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread() (git-fixes). - nilfs2: initialize unused bytes in segment summary blocks (git-fixes). - nvme initialize core quirks before calling nvme_init_subsystem (git-fixes). - nvme-auth: uninitialized variable in nvme_auth_transform_key() (git-fixes). - nvme-fcloop: fix "inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage" (git-fixes). - nvme-hwmon: consistently ignore errors from nvme_hwmon_init (git-fixes). - nvme-hwmon: kmalloc the NVME SMART log buffer (git-fixes). - nvme-multipath: fix possible hang in live ns resize with ANA access (git-fixes). - nvme-pci: fix doorbell buffer value endianness (git-fixes). - nvme-pci: fix mempool alloc size (git-fixes). - nvme-pci: fix page size checks (git-fixes). - nvme-pci: fix timeout request state check (git-fixes). - nvme-rdma: fix possible hang caused during ctrl deletion (git-fixes). - nvme-tcp: fix possible circular locking when deleting a controller under memory pressure (git-fixes). - nvme-tcp: fix possible hang caused during ctrl deletion (git-fixes). - nvme-tcp: fix regression that causes sporadic requests to time out (git-fixes). - nvme: Fix IOC_PR_CLEAR and IOC_PR_RELEASE ioctls for nvme devices (git-fixes). - nvme: add device name to warning in uuid_show() (git-fixes). - nvme: catch -ENODEV from nvme_revalidate_zones again (git-fixes). - nvme: copy firmware_rev on each init (git-fixes). - nvme: define compat_ioctl again to unbreak 32-bit userspace (git-fixes). - nvme: fix async event trace event (git-fixes). - nvme: fix handling single range discard request (git-fixes). - nvme: fix per-namespace chardev deletion (git-fixes). - nvme: fix the NVME_CMD_EFFECTS_CSE_MASK definition (git-fixes). - nvme: fix the read-only state for zoned namespaces with unsupposed features (git-fixes). - nvme: improve the NVME_CONNECT_AUTHREQ* definitions (git-fixes). - nvme: move nvme_multi_css into nvme.h (git-fixes). - nvme: return err on nvme_init_non_mdts_limits fail (git-fixes). - nvme: send Identify with CNS 06h only to I/O controllers (bsc#1209693). - nvme: set dma alignment to dword (git-fixes). - nvme: use command_id instead of req->tag in trace_nvme_complete_rq() (git-fixes). - nvmet-auth: do not try to cancel a non-initialized work_struct (git-fixes). - nvmet-tcp: fix incomplete data digest send (git-fixes). - nvmet-tcp: fix regression in data_digest calculation (git-fixes). - nvmet: add helpers to set the result field for connect commands (git-fixes). - nvmet: avoid potential UAF in nvmet_req_complete() (git-fixes). - nvmet: do not defer passthrough commands with trivial effects to the workqueue (git-fixes). - nvmet: fix I/O Command Set specific Identify Controller (git-fixes). - nvmet: fix Identify Active Namespace ID list handling (git-fixes). - nvmet: fix Identify Controller handling (git-fixes). - nvmet: fix Identify Namespace handling (git-fixes). - nvmet: fix a memory leak (git-fixes). - nvmet: fix a memory leak in nvmet_auth_set_key (git-fixes). - nvmet: fix a use-after-free (git-fixes). - nvmet: fix invalid memory reference in nvmet_subsys_attr_qid_max_show (git-fixes). - nvmet: force reconnect when number of queue changes (git-fixes). - nvmet: looks at the passthrough controller when initializing CAP (git-fixes). - nvmet: only allocate a single slab for bvecs (git-fixes). - nvmet: use IOCB_NOWAIT only if the filesystem supports it (git-fixes). - perf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output (git fixes). - perf/core: Fix the same task check in perf_event_set_output (git fixes). - perf: Fix check before add_event_to_groups() in perf_group_detach() (git fixes). - perf: fix perf_event_context->time (git fixes). - platform/x86 (gigabyte-wmi): Add support for A320M-S2H V2 (git-fixes). - platform/x86: gigabyte-wmi: add support for X570S AORUS ELITE (git-fixes). - power: supply: cros_usbpd: reclassify "default case!" as debug (git-fixes). - power: supply: generic-adc-battery: fix unit scaling (git-fixes). - powerpc/64: Always build with 128-bit long double (bsc#1194869). - powerpc/64e: Fix amdgpu build on Book3E w/o AltiVec (bsc#1194869). - powerpc/hv-gpci: Fix hv_gpci event list (git fixes). - powerpc/papr_scm: Update the NUMA distance table for the target node (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes). - powerpc/perf/hv-24x7: add missing RTAS retry status handling (git fixes). - powerpc/pseries: Consolidate different NUMA distance update code paths (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes). - powerpc: declare unmodified attribute_group usages const (git-fixes). - regulator: core: Avoid lockdep reports when resolving supplies (git-fixes). - regulator: core: Consistently set mutex_owner when using ww_mutex_lock_slow() (git-fixes). - regulator: core: Shorten off-on-delay-us for always-on/boot-on by time since booted (git-fixes). - regulator: fan53555: Explicitly include bits header (git-fixes). - regulator: fan53555: Fix wrong TCS_SLEW_MASK (git-fixes). - regulator: stm32-pwr: fix of_iomap leak (git-fixes). - remoteproc: Harden rproc_handle_vdev() against integer overflow (git-fixes). - remoteproc: imx_rproc: Call of_node_put() on iteration error (git-fixes). - remoteproc: st: Call of_node_put() on iteration error (git-fixes). - remoteproc: stm32: Call of_node_put() on iteration error (git-fixes). - rtc: meson-vrtc: Use ktime_get_real_ts64() to get the current time (git-fixes). - rtc: omap: include header for omap_rtc_power_off_program prototype (git-fixes). - sched/fair: Fix imbalance overflow (bsc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: Limit sched slice duration (bsc#1189999 (Scheduler functional and performance backports)). - sched/fair: Move calculate of avg_load to a better location (bsc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: Sanitize vruntime of entity being migrated (bsc#1203325). - sched/fair: sanitize vruntime of entity being placed (bsc#1203325). - sched/numa: Stop an exhastive search if an idle core is found (bsc#1189999 (Scheduler functional and performance backports)). - sched_getaffinity: do not assume 'cpumask_size()' is fully initialized (bsc#1155798 (CPU scheduler functional and performance backports)). - scsi: aic94xx: Add missing check for dma_map_single() (git-fixes). - scsi: core: Add BLIST_NO_VPD_SIZE for some VDASD (git-fixes bsc#1203039) (renamed now that it's upstgream) - scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR (git-fixes). - scsi: core: Fix a procfs host directory removal regression (git-fixes). - scsi: core: Fix a source code comment (git-fixes). - scsi: core: Remove the /proc/scsi/${proc_name} directory earlier (git-fixes). - scsi: hisi_sas: Check devm_add_action() return value (git-fixes). - scsi: hisi_sas: Set a port invalid only if there are no devices attached when refreshing port id (git-fixes). - scsi: ipr: Work around fortify-string warning (git-fixes). - scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param() (git-fixes). - scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress (git-fixes). - scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress (git-fixes). - scsi: kABI workaround for fc_host_fpin_rcv (git-fixes). - scsi: libsas: Remove useless dev_list delete in sas_ex_discover_end_dev() (git-fixes). - scsi: lpfc: Avoid usage of list iterator variable after loop (git-fixes). - scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read() (git-fixes). - scsi: lpfc: Copyright updates for 14.2.0.11 patches (bsc#1210943). - scsi: lpfc: Correct used_rpi count when devloss tmo fires with no recovery (bsc#1210943). - scsi: lpfc: Defer issuing new PLOGI if received RSCN before completing REG_LOGIN (bsc#1210943). - scsi: lpfc: Drop redundant pci_enable_pcie_error_reporting() (bsc#1210943). - scsi: lpfc: Fix double word in comments (bsc#1210943). - scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup() (bsc#1210943). - scsi: lpfc: Fix lockdep warning for rx_monitor lock when unloading driver (bsc#1210943). - scsi: lpfc: Prevent lpfc_debugfs_lockstat_write() buffer overflow (bsc#1210943). - scsi: lpfc: Record LOGO state with discovery engine even if aborted (bsc#1210943). - scsi: lpfc: Reorder freeing of various DMA buffers and their list removal (bsc#1210943). - scsi: lpfc: Revise lpfc_error_lost_link() reason code evaluation logic (bsc#1210943). - scsi: lpfc: Silence an incorrect device output (bsc#1210943). - scsi: lpfc: Skip waiting for register ready bits when in unrecoverable state (bsc#1210943). - scsi: lpfc: Update lpfc version to 14.2.0.11 (bsc#1210943). - scsi: megaraid_sas: Fix crash after a double completion (git-fixes). - scsi: megaraid_sas: Update max supported LD IDs to 240 (git-fixes). - scsi: mpt3sas: Do not print sense pool info twice (git-fixes). - scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add() (git-fixes). - scsi: mpt3sas: Fix a memory leak (git-fixes). - scsi: qla2xxx: Fix memory leak in qla2x00_probe_one() (git-fixes). - scsi: qla2xxx: Perform lockless command completion in abort path (git-fixes). - scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate() (git-fixes). - scsi: scsi_transport_fc: Add an additional flag to fc_host_fpin_rcv() (bsc#1210943). - scsi: sd: Fix wrong zone_write_granularity value during revalidate (git-fixes). - scsi: ses: Do not attach if enclosure has no components (git-fixes). - scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses (git-fixes). - scsi: ses: Fix possible desc_ptr out-of-bounds accesses (git-fixes). - scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process() (git-fixes). - scsi: ses: Fix slab-out-of-bounds in ses_intf_remove() (git-fixes). - scsi: snic: Fix memory leak with using debugfs_lookup() (git-fixes). - seccomp: Move copy_seccomp() to no failure path (bsc#1210817). - selftests/kselftest/runner/run_one(): allow running non-executable files (git-fixes). - selftests: sigaltstack: fix -Wuninitialized (git-fixes). - selinux: ensure av_permissions.h is built when needed (git-fixes). - selinux: fix Makefile dependencies of flask.h (git-fixes). - serial: 8250: Add missing wakeup event reporting (git-fixes). - serial: 8250_bcm7271: Fix arbitration handling (git-fixes). - serial: 8250_exar: derive nr_ports from PCI ID for Acces I/O cards (git-fixes). - serial: exar: Add support for Sealevel 7xxxC serial cards (git-fixes). - signal handling: do not use BUG_ON() for debugging (bsc#1210439). - signal: Add SA_IMMUTABLE to ensure forced siganls do not get changed (bsc#1210816). - signal: Do not always set SA_IMMUTABLE for forced signals (bsc#1210816). - signal: HANDLER_EXIT should clear SIGNAL_UNKILLABLE (bsc#1210816). - soc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe (git-fixes). - spi: cadence-quadspi: fix suspend-resume implementations (git-fixes). - spi: fsl-spi: Fix CPM/QE mode Litte Endian (git-fixes). - spi: qup: Do not skip cleanup in remove's error path (git-fixes). - staging: iio: resolver: ads1210: fix config mode (git-fixes). - staging: rtl8192e: Fix W_DISABLE# does not work after stop/start (git-fixes). - stat: fix inconsistency between struct stat and struct compat_stat (git-fixes). - sunrpc: only free unix grouplist after RCU settles (git-fixes). - supported.conf: declaring usb_f_ncm supported as requested in (jsc#PED-3750) Support for the legacy functionality g_ncm is still under discussion (see jsc-PED#3200) For maintainance see (jsc#PED-3759) - supported.conf: support u_ether and libcomposite (jsc-PED#3750) This is necessary for g_ncm (for maintainance see jsc-PED#3759) - tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH (git-fixes). - tty: serial: fsl_lpuart: adjust buffer length to the intended size (git-fixes). - udf: Check consistency of Space Bitmap Descriptor (bsc#1210771). - udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (bsc#1206649). - udf: Support splicing to file (bsc#1210770). - usb: chipidea: fix missing goto in `ci_hdrc_probe` (git-fixes). - usb: chipidea: imx: avoid unnecessary probe defer (git-fixes). - usb: dwc3: gadget: Change condition for processing suspend event (git-fixes). - usb: dwc3: pci: add support for the Intel Meteor Lake-S (git-fixes). - usb: gadget: tegra-xudc: Fix crash in vbus_draw (git-fixes). - usb: gadget: udc: renesas_usb3: Fix use after free bug in renesas_usb3_remove due to race condition (git-fixes). - usb: host: xhci-rcar: remove leftover quirk handling (git-fixes). - virt/coco/sev-guest: Add throttling awareness (bsc#1209927). - virt/coco/sev-guest: Carve out the request issuing logic into a helper (bsc#1209927). - virt/coco/sev-guest: Check SEV_SNP attribute at probe time (bsc#1209927). - virt/coco/sev-guest: Convert the sw_exit_info_2 checking to a switch-case (bsc#1209927). - virt/coco/sev-guest: Do some code style cleanups (bsc#1209927). - virt/coco/sev-guest: Remove the disable_vmpck label in handle_guest_request() (bsc#1209927). - virt/coco/sev-guest: Simplify extended guest request handling (bsc#1209927). - virt/sev-guest: Return -EIO if certificate buffer is not large enough (bsc#1209927). - virtio_ring: do not update event idx on get_buf (git-fixes). - vmci_host: fix a race condition in vmci_host_poll() causing GPF (git-fixes). - vmxnet3: use gro callback when UPT is enabled (bsc#1209739). - wifi: ath5k: fix an off by one check in ath5k_eeprom_read_freq_list() (git-fixes). - wifi: ath6kl: minor fix for allocation size (git-fixes). - wifi: ath6kl: reduce WARN to dev_dbg() in callback (git-fixes). - wifi: ath9k: hif_usb: fix memory leak of remain_skbs (git-fixes). - wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (git-fixes). - wifi: brcmfmac: support CQM RSSI notification with older firmware (git-fixes). - wifi: iwlwifi: debug: fix crash in __iwl_err() (git-fixes). - wifi: iwlwifi: fix duplicate entry in iwl_dev_info_table (git-fixes). - wifi: iwlwifi: fw: fix memory leak in debugfs (git-fixes). - wifi: iwlwifi: fw: move memset before early return (git-fixes). - wifi: iwlwifi: make the loop for card preparation effective (git-fixes). - wifi: iwlwifi: mvm: check firmware response size (git-fixes). - wifi: iwlwifi: mvm: do not set CHECKSUM_COMPLETE for unsupported protocols (git-fixes). - wifi: iwlwifi: mvm: fix mvmtxq->stopped handling (git-fixes). - wifi: iwlwifi: mvm: initialize seq variable (git-fixes). - wifi: iwlwifi: trans: do not trigger d3 interrupt twice (git-fixes). - wifi: iwlwifi: yoyo: Fix possible division by zero (git-fixes). - wifi: iwlwifi: yoyo: skip dump correctly on hw error (git-fixes). - wifi: mac80211: adjust scan cancel comment/check (git-fixes). - wifi: mt76: add missing locking to protect against concurrent rx/status calls (git-fixes). - wifi: mt76: fix 6GHz high channel not be scanned (git-fixes). - wifi: mt76: handle failure of vzalloc in mt7615_coredump_work (git-fixes). - wifi: mwifiex: mark OF related data as maybe unused (git-fixes). - wifi: rt2x00: Fix memory leak when handling surveys (git-fixes). - wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_reg() (git-fixes). - wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_rfreg() (git-fixes). - wifi: rtw88: mac: Return the original error from rtw_mac_power_switch() (git-fixes). - wifi: rtw88: mac: Return the original error from rtw_pwr_seq_parser() (git-fixes). - wifi: rtw89: fix potential race condition between napi_init and napi_enable (git-fixes). - writeback, cgroup: fix null-ptr-deref write in bdi_split_work_to_wbs (bsc#1210769). - x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails (git-fixes). - x86/PCI: Add quirk for AMD XHCI controller that loses MSI-X state in D3hot (git-fixes). - x86/bug: Prevent shadowing in __WARN_FLAGS (git-fixes). - x86/bugs: Enable STIBP for IBPB mitigated RETBleed (git-fixes). - x86/entry: Avoid very early RET (git-fixes). - x86/entry: Do not call error_entry() for XENPV (git-fixes). - x86/entry: Move CLD to the start of the idtentry macro (git-fixes). - x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry() (git-fixes). - x86/entry: Switch the stack after error_entry() returns (git-fixes). - x86/fpu: Prevent FPU state corruption (git-fixes). - x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume (git-fixes). - x86/msi: Fix msi message data shadow struct (git-fixes). - x86/pci/xen: Disable PCI/MSI masking for XEN_HVM guests (git-fixes). - x86/traps: Use pt_regs directly in fixup_bad_iret() (git-fixes). - x86/tsx: Disable TSX development mode at boot (git-fixes). - x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 (git-fixes). - xhci: fix debugfs register accesses while suspended (git-fixes). kernel-rt-5.14.21-150400.15.28.2.nosrc.rpm True kernel-rt-5.14.21-150400.15.28.2.x86_64.rpm True openSUSE-Leap-Micro-5.4-2023-2254 important SUSE Updates openSUSE-Leap-Micro 5.4 This update for containerd fixes the following issues: - Rebuild containerd with a current version of go to catch up on bugfixes and security fixes (bsc#1210298) containerd-1.6.19-150000.90.3.src.rpm containerd-1.6.19-150000.90.3.x86_64.rpm containerd-1.6.19-150000.90.3.s390x.rpm containerd-1.6.19-150000.90.3.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2325 important SUSE Updates openSUSE-Leap-Micro 5.4 This update of cni fixes the following issues: - rebuild the package with the go 1.19 security release (bsc#1200441). cni-0.7.1-150100.3.10.1.src.rpm cni-0.7.1-150100.3.10.1.x86_64.rpm cni-0.7.1-150100.3.10.1.s390x.rpm cni-0.7.1-150100.3.10.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2324 important SUSE Updates openSUSE-Leap-Micro 5.4 This update of cni-plugins fixes the following issues: - rebuild the package with the go 1.19 security release (bsc#1200441). cni-plugins-0.8.6-150100.3.13.1.src.rpm cni-plugins-0.8.6-150100.3.13.1.x86_64.rpm cni-plugins-0.8.6-150100.3.13.1.s390x.rpm cni-plugins-0.8.6-150100.3.13.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2157 important SUSE Updates openSUSE-Leap-Micro 5.4 This update of conmon fixes the following issues: - rebuild the package with the go 19.9 secure release (bsc#1200441). conmon-2.1.5-150400.3.8.1.src.rpm conmon-2.1.5-150400.3.8.1.x86_64.rpm conmon-2.1.5-150400.3.8.1.s390x.rpm conmon-2.1.5-150400.3.8.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2139 important SUSE Updates openSUSE-Leap-Micro 5.4 This update of ignition fixes the following issues: - rebuild the package with the go 19.9 secure release (bsc#1200441). ignition-2.15.0-150400.4.2.1.src.rpm ignition-2.15.0-150400.4.2.1.x86_64.rpm ignition-dracut-grub2-2.15.0-150400.4.2.1.x86_64.rpm ignition-2.15.0-150400.4.2.1.s390x.rpm ignition-dracut-grub2-2.15.0-150400.4.2.1.s390x.rpm ignition-2.15.0-150400.4.2.1.aarch64.rpm ignition-dracut-grub2-2.15.0-150400.4.2.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2256 important SUSE Updates openSUSE-Leap-Micro 5.4 This update of runc fixes the following issues: - rebuild the package with the go 19.9 secure release (bsc#1200441). runc-1.1.5-150000.43.1.src.rpm runc-1.1.5-150000.43.1.x86_64.rpm runc-1.1.5-150000.43.1.s390x.rpm runc-1.1.5-150000.43.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2214 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container fixes the following issues: - Always render block devices in hp-volume- pod template - Detect ServiceMonitor and PrometheusRule CRDs - TSC frequencies: add 250PPM tolerance (bsc#1210906) - Follow the recommended semantics for the device plugin registration process (https://github.com/kubernetes/kubernetes/issues/112395) kubevirt-0.54.0-150400.3.16.1.src.rpm kubevirt-manifests-0.54.0-150400.3.16.1.x86_64.rpm kubevirt-virtctl-0.54.0-150400.3.16.1.x86_64.rpm openSUSE-Leap-Micro-5.4-2023-2236 critical SUSE Updates openSUSE-Leap-Micro 5.4 This update for python-looseversion fixes the following issues: - Provide python-looseversion version 1.0.2 as new Salt 3006 dependency. (jsc#PED-4360) python-looseversion-1.0.2-150100.3.3.1.src.rpm python3-looseversion-1.0.2-150100.3.3.1.noarch.rpm openSUSE-Leap-Micro-5.4-2023-2237 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for vim fixes the following issues: * Make xxd conflict with the previous vim packages to avoid a file conflict during migration (bsc#1211144) vim-9.0.1443-150000.5.43.1.src.rpm vim-data-common-9.0.1443-150000.5.43.1.noarch.rpm vim-small-9.0.1443-150000.5.43.1.x86_64.rpm xxd-9.0.1443-150000.5.43.1.x86_64.rpm vim-small-9.0.1443-150000.5.43.1.s390x.rpm xxd-9.0.1443-150000.5.43.1.s390x.rpm xxd-9.0.1443-150000.5.43.1.ppc64le.rpm vim-small-9.0.1443-150000.5.43.1.aarch64.rpm xxd-9.0.1443-150000.5.43.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2262 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for nftables fixes the following issue: - A crash in nftables if layer2 reject rules are processed (bsc#1210773). libnftables1-0.9.8-150300.3.6.1.x86_64.rpm nftables-0.9.8-150300.3.6.1.src.rpm nftables-0.9.8-150300.3.6.1.x86_64.rpm python3-nftables-0.9.8-150300.3.6.1.x86_64.rpm libnftables1-0.9.8-150300.3.6.1.s390x.rpm nftables-0.9.8-150300.3.6.1.s390x.rpm python3-nftables-0.9.8-150300.3.6.1.s390x.rpm libnftables1-0.9.8-150300.3.6.1.aarch64.rpm nftables-0.9.8-150300.3.6.1.aarch64.rpm python3-nftables-0.9.8-150300.3.6.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2235 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for selinux-policy fixes the following issue: - Prevent labeling of overlayfs mountpoint. selinux-policy-20221019-150400.4.3.1.noarch.rpm selinux-policy-20221019-150400.4.3.1.src.rpm selinux-policy-devel-20221019-150400.4.3.1.noarch.rpm selinux-policy-targeted-20221019-150400.4.3.1.noarch.rpm openSUSE-Leap-Micro-5.4-2023-2279 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for dracut fixes the following issues: - Update to version 055+suse.342.g2e6dce8e: fips=1 and separate /boot break s390x (bsc#1204478): * fix(fips): move fips-boot script to pre-pivot * fix(fips): only unmount /boot if it was mounted by the fips module * feat(fips): add progress messages * fix(fips): do not blindly remove /boot * fix(network-legacy): handle do_dhcp calls without arguments (bsc#1210640) dracut-055+suse.342.g2e6dce8e-150400.3.22.1.src.rpm dracut-055+suse.342.g2e6dce8e-150400.3.22.1.x86_64.rpm dracut-fips-055+suse.342.g2e6dce8e-150400.3.22.1.x86_64.rpm dracut-mkinitrd-deprecated-055+suse.342.g2e6dce8e-150400.3.22.1.x86_64.rpm dracut-055+suse.342.g2e6dce8e-150400.3.22.1.s390x.rpm dracut-fips-055+suse.342.g2e6dce8e-150400.3.22.1.s390x.rpm dracut-mkinitrd-deprecated-055+suse.342.g2e6dce8e-150400.3.22.1.s390x.rpm dracut-055+suse.342.g2e6dce8e-150400.3.22.1.aarch64.rpm dracut-fips-055+suse.342.g2e6dce8e-150400.3.22.1.aarch64.rpm dracut-mkinitrd-deprecated-055+suse.342.g2e6dce8e-150400.3.22.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2243 important SUSE Updates openSUSE-Leap-Micro 5.4 This update for ucode-intel fixes the following issues: - Updated to Intel CPU Microcode 20230512 release. (bsc#1211382). - New platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ADL-N | A0 | 06-be-00/01 | | 00000010 | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E | AZB | A0 | 06-9a-04/40 | | 00000004 | Intel(R) Atom(R) C1100 | AZB | R0 | 06-9a-04/40 | | 00000004 | Intel(R) Atom(R) C1100 - Updated Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ADL | L0 | 06-9a-03/80 | 00000429 | 0000042a | Core Gen12 | ADL | L0 | 06-9a-04/80 | 00000429 | 0000042a | Core Gen12 | AML-Y22 | H0 | 06-8e-09/10 | | 000000f2 | Core Gen8 Mobile | AML-Y42 | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen10 Mobile | CFL-H | R0 | 06-9e-0d/22 | 000000f4 | 000000f8 | Core Gen9 Mobile | CFL-H/S | P0 | 06-9e-0c/22 | 000000f0 | 000000f2 | Core Gen9 | CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000f0 | 000000f2 | Core Gen8 Desktop, Mobile, Xeon E | CFL-S | B0 | 06-9e-0b/02 | 000000f0 | 000000f2 | Core Gen8 | CFL-U43e | D0 | 06-8e-0a/c0 | 000000f0 | 000000f2 | Core Gen8 Mobile | CLX-SP | B0 | 06-55-06/bf | 04003303 | 04003501 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05003303 | 05003501 | Xeon Scalable Gen2 | CML-H | R1 | 06-a5-02/20 | 000000f4 | 000000f6 | Core Gen10 Mobile | CML-S102 | Q0 | 06-a5-05/22 | 000000f4 | 000000f6 | Core Gen10 | CML-S62 | G1 | 06-a5-03/22 | 000000f4 | 000000f6 | Core Gen10 | CML-U62 V1 | A0 | 06-a6-00/80 | 000000f4 | 000000f6 | Core Gen10 Mobile | CML-U62 V2 | K1 | 06-a6-01/80 | 000000f4 | 000000f6 | Core Gen10 Mobile | CML-Y42 | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen10 Mobile | CPX-SP | A1 | 06-55-0b/bf | 07002503 | 07002601 | Xeon Scalable Gen3 | ICL-D | B0 | 06-6c-01/10 | 01000211 | 01000230 | Xeon D-17xx, D-27xx | ICL-U/Y | D1 | 06-7e-05/80 | 000000b8 | 000000ba | Core Gen10 Mobile | ICX-SP | D0 | 06-6a-06/87 | 0d000389 | 0d000390 | Xeon Scalable Gen3 | KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000f0 | 000000f2 | Core Gen7; Xeon E3 v6 | KBL-U/Y | H0 | 06-8e-09/c0 | | 000000f2 | Core Gen7 Mobile | LKF | B2/B3 | 06-8a-01/10 | 00000032 | 00000033 | Core w/Hybrid Technology | RKL-S | B0 | 06-a7-01/02 | 00000057 | 00000058 | Core Gen11 | RPL-H 6+8 | J0 | 06-ba-02/07 | 0000410e | 00004112 | Core Gen13 | RPL-P 6+8 | J0 | 06-ba-02/07 | 0000410e | 00004112 | Core Gen13 | RPL-S | S0 | 06-b7-01/32 | 00000112 | 00000113 | Core Gen13 | RPL-U 2+8 | Q0 | 06-ba-03/07 | 0000410e | 00004112 | Core Gen13 | SKX-D | H0 | 06-55-04/b7 | | 02006f05 | Xeon D-21xx | SKX-SP | B1 | 06-55-03/97 | 01000161 | 01000171 | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | | 02006f05 | Xeon Scalable | SPR-HBM | B3 | 06-8f-08/10 | 2c000170 | 2c0001d1 | Xeon Max | SPR-SP | E0 | 06-8f-04/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | E2 | 06-8f-05/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | E3 | 06-8f-06/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | E4 | 06-8f-07/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | E5 | 06-8f-08/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | S2 | 06-8f-07/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | SPR-SP | S3 | 06-8f-08/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4 | TGL | B1 | 06-8c-01/80 | 000000a6 | 000000aa | Core Gen11 Mobile | TGL-H | R0 | 06-8d-01/c2 | 00000042 | 00000044 | Core Gen11 Mobile | TGL-R | C0 | 06-8c-02/c2 | 00000028 | 0000002a | Core Gen11 Mobile | WHL-U | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen8 Mobile | WHL-U | W0 | 06-8e-0b/d0 | | 000000f2 | Core Gen8 Mobile ucode-intel-20230512-150200.24.1.src.rpm True ucode-intel-20230512-150200.24.1.x86_64.rpm True openSUSE-Leap-Micro-5.4-2023-2276 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for grub2 fixes the following issues: - grub2-once: Fix 'sh: terminal_output: command not found' error (bsc#1204563) - Fix PowerVS deployment fails to boot with 90 cores (bsc#1208581) grub2-2.06-150400.11.33.1.src.rpm grub2-2.06-150400.11.33.1.x86_64.rpm grub2-i386-pc-2.06-150400.11.33.1.noarch.rpm grub2-snapper-plugin-2.06-150400.11.33.1.noarch.rpm grub2-x86_64-efi-2.06-150400.11.33.1.noarch.rpm grub2-x86_64-xen-2.06-150400.11.33.1.noarch.rpm grub2-2.06-150400.11.33.1.s390x.rpm grub2-s390x-emu-2.06-150400.11.33.1.s390x.rpm grub2-2.06-150400.11.33.1.aarch64.rpm grub2-arm64-efi-2.06-150400.11.33.1.noarch.rpm openSUSE-Leap-Micro-5.4-2023-2307 low SUSE Updates openSUSE-Leap-Micro 5.4 This update for kbd fixes the following issue: - Add 'ara' vc keymap, 'ara' is slightly better than 'arabic' as it matches the name of its X11 layout counterpart. (bsc#1210702) kbd-2.4.0-150400.5.6.1.src.rpm kbd-2.4.0-150400.5.6.1.x86_64.rpm kbd-legacy-2.4.0-150400.5.6.1.noarch.rpm kbd-2.4.0-150400.5.6.1.s390x.rpm kbd-2.4.0-150400.5.6.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2482 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for systemd-rpm-macros fixes the following issues: - Adjust functions so they are disabled when called from a chroot (bsc#1211272) systemd-rpm-macros-13-150000.7.33.1.noarch.rpm systemd-rpm-macros-13-150000.7.33.1.src.rpm openSUSE-Leap-Micro-5.4-2023-2333 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) libz1-1.2.11-150000.3.45.1.x86_64.rpm zlib-1.2.11-150000.3.45.1.src.rpm zlib-devel-1.2.11-150000.3.45.1.x86_64.rpm libz1-1.2.11-150000.3.45.1.s390x.rpm zlib-devel-1.2.11-150000.3.45.1.s390x.rpm libz1-1.2.11-150000.3.45.1.aarch64.rpm zlib-devel-1.2.11-150000.3.45.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2366 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for xen fixes the following issues: - Added debug-info to xen-syms (bsc#1209237) - Update to Xen 4.16.4 bug fix release (bsc#1027519) - Added upstream bug fixes (bsc#1027519) - Fix host-assisted kexec/kdump for HVM domUs (bsc#1209245) - Drop patches contained in new tarball and switch to upstream backports for some patches xen-4.16.4_02-150400.4.28.1.src.rpm xen-libs-4.16.4_02-150400.4.28.1.x86_64.rpm openSUSE-Leap-Micro-5.4-2023-2313 important SUSE Updates openSUSE-Leap-Micro 5.4 This update for c-ares fixes the following issues: Update to version 1.19.1: - CVE-2023-32067: 0-byte UDP payload causes Denial of Service (bsc#1211604) - CVE-2023-31147: Insufficient randomness in generation of DNS query IDs (bsc#1211605) - CVE-2023-31130: Buffer Underwrite in ares_inet_net_pton() (bsc#1211606) - CVE-2023-31124: AutoTools does not set CARES_RANDOM_FILE during cross compilation (bsc#1211607) - Fix uninitialized memory warning in test - ares_getaddrinfo() should allow a port of 0 - Fix memory leak in ares_send() on error - Fix comment style in ares_data.h - Fix typo in ares_init_options.3 - Sync ax_pthread.m4 with upstream - Sync ax_cxx_compile_stdcxx_11.m4 with upstream to fix uclibc support c-ares-1.19.1-150000.3.23.1.src.rpm libcares2-1.19.1-150000.3.23.1.x86_64.rpm libcares2-1.19.1-150000.3.23.1.s390x.rpm libcares2-1.19.1-150000.3.23.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2347 important SUSE Updates openSUSE-Leap-Micro 5.4 This update for cups fixes the following issues: - CVE-2023-32324: Fixed a buffer overflow in format_log_line() which could cause a denial-of-service (bsc#1211643). cups-2.2.7-150000.3.43.1.src.rpm cups-config-2.2.7-150000.3.43.1.x86_64.rpm libcups2-2.2.7-150000.3.43.1.x86_64.rpm cups-config-2.2.7-150000.3.43.1.s390x.rpm libcups2-2.2.7-150000.3.43.1.s390x.rpm cups-config-2.2.7-150000.3.43.1.aarch64.rpm libcups2-2.2.7-150000.3.43.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2334 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for tiff fixes the following issues: Fixed multiple out of bounds read/write security issues: CVE-2023-0795 (bsc#1208226), CVE-2023-0796 (bsc#1208227), CVE-2023-0797 (bsc#1208228), CVE-2023-0798 (bsc#1208229), CVE-2023-0799 (bsc#1208230), CVE-2023-0800 (bsc#1208231), CVE-2023-0801 (bsc#1208232), CVE-2023-0802 (bsc#1208233), CVE-2023-0803 (bsc#1208234), CVE-2023-0804 (bsc#1208236). libtiff5-4.0.9-150000.45.28.1.x86_64.rpm tiff-4.0.9-150000.45.28.1.src.rpm libtiff5-4.0.9-150000.45.28.1.s390x.rpm libtiff5-4.0.9-150000.45.28.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2305 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for selinux-policy fixes the following issues: - Fix entropy daemon failing to start (bsc#1211045) selinux-policy-20230511+git3.b78f5aff-150400.4.6.1.noarch.rpm selinux-policy-20230511+git3.b78f5aff-150400.4.6.1.src.rpm selinux-policy-devel-20230511+git3.b78f5aff-150400.4.6.1.noarch.rpm selinux-policy-targeted-20230511+git3.b78f5aff-150400.4.6.1.noarch.rpm openSUSE-Leap-Micro-5.4-2023-2311 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for s390-tools fixes the following issues: - Fix error during evaluation of ziomon data for disk type SCSI devices without block dev (bsc#1211318) libekmfweb1-2.19.0-150400.7.21.1.s390x.rpm libkmipclient1-2.19.0-150400.7.21.1.s390x.rpm s390-tools-2.19.0-150400.7.21.1.s390x.rpm s390-tools-2.19.0-150400.7.21.1.src.rpm openSUSE-Leap-Micro-5.4-2023-2342 important SUSE Updates openSUSE-Leap-Micro 5.4 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). libopenssl-1_1-devel-1.1.1l-150400.7.37.1.x86_64.rpm libopenssl1_1-1.1.1l-150400.7.37.1.x86_64.rpm libopenssl1_1-hmac-1.1.1l-150400.7.37.1.x86_64.rpm openssl-1_1-1.1.1l-150400.7.37.1.src.rpm openssl-1_1-1.1.1l-150400.7.37.1.x86_64.rpm libopenssl-1_1-devel-1.1.1l-150400.7.37.1.s390x.rpm libopenssl1_1-1.1.1l-150400.7.37.1.s390x.rpm libopenssl1_1-hmac-1.1.1l-150400.7.37.1.s390x.rpm openssl-1_1-1.1.1l-150400.7.37.1.s390x.rpm libopenssl-1_1-devel-1.1.1l-150400.7.37.1.aarch64.rpm libopenssl1_1-1.1.1l-150400.7.37.1.aarch64.rpm libopenssl1_1-hmac-1.1.1l-150400.7.37.1.aarch64.rpm openssl-1_1-1.1.1l-150400.7.37.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2363 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for libnvme, nvme-cli fixes the following issues: - Fix GC in Python binding (bsc#1209905 bsc#1209131) - Fix crash when printing json output for supported log pages (bsc#1209550) - Add coverity reported fixes (bsc#1209669) - Update host_traddr when using config.json file (bsc#1210089) - Fix compiler warning (git-fixes) - Fix condition in autoconnect service (bsc#1210105) - Set version-tag so that version are correctly reported libnvme-1.0+32.gb30ab4c96c2d-150400.3.21.1.src.rpm libnvme1-1.0+32.gb30ab4c96c2d-150400.3.21.1.x86_64.rpm nvme-cli-2.0+40.gd857ed9befd6-150400.3.18.1.src.rpm nvme-cli-2.0+40.gd857ed9befd6-150400.3.18.1.x86_64.rpm libnvme1-1.0+32.gb30ab4c96c2d-150400.3.21.1.s390x.rpm nvme-cli-2.0+40.gd857ed9befd6-150400.3.18.1.s390x.rpm libnvme1-1.0+32.gb30ab4c96c2d-150400.3.21.1.aarch64.rpm nvme-cli-2.0+40.gd857ed9befd6-150400.3.18.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2484 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). libldap-2_4-2-2.4.46-150200.14.14.1.x86_64.rpm libldap-data-2.4.46-150200.14.14.1.noarch.rpm openldap2-2.4.46-150200.14.14.1.src.rpm libldap-2_4-2-2.4.46-150200.14.14.1.s390x.rpm libldap-2_4-2-2.4.46-150200.14.14.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2356 moderate SUSE Updates openSUSE-Leap-Micro 5.4 This update for libvirt fixes the following issues: - CVE-2023-2700: Fixed a memory leak that could be triggered by repeatedly querying an SR-IOV PCI device's capabilities (bsc#1211390). Non-security fixes: - Fixed a potential crash during driver cleanup (bsc#1209861). - Added Apparmor support for SUSE edk2 firmware paths (boo#1208567). - Fixed lxc container initialization with systemd and hybrid groups (boo#1183247). - Added the option to specify the virtual CPU address size in bits for qemu (bsc#1199583). libvirt-8.0.0-150400.7.6.1.src.rpm libvirt-client-8.0.0-150400.7.6.1.x86_64.rpm libvirt-daemon-8.0.0-150400.7.6.1.x86_64.rpm libvirt-daemon-driver-interface-8.0.0-150400.7.6.1.x86_64.rpm libvirt-daemon-driver-network-8.0.0-150400.7.6.1.x86_64.rpm libvirt-daemon-driver-nodedev-8.0.0-150400.7.6.1.x86_64.rpm libvirt-daemon-driver-nwfilter-8.0.0-150400.7.6.1.x86_64.rpm libvirt-daemon-driver-qemu-8.0.0-150400.7.6.1.x86_64.rpm libvirt-daemon-driver-secret-8.0.0-150400.7.6.1.x86_64.rpm libvirt-daemon-driver-storage-8.0.0-150400.7.6.1.x86_64.rpm libvirt-daemon-driver-storage-core-8.0.0-150400.7.6.1.x86_64.rpm libvirt-daemon-driver-storage-disk-8.0.0-150400.7.6.1.x86_64.rpm libvirt-daemon-driver-storage-iscsi-8.0.0-150400.7.6.1.x86_64.rpm libvirt-daemon-driver-storage-iscsi-direct-8.0.0-150400.7.6.1.x86_64.rpm libvirt-daemon-driver-storage-logical-8.0.0-150400.7.6.1.x86_64.rpm libvirt-daemon-driver-storage-mpath-8.0.0-150400.7.6.1.x86_64.rpm libvirt-daemon-driver-storage-rbd-8.0.0-150400.7.6.1.x86_64.rpm libvirt-daemon-driver-storage-scsi-8.0.0-150400.7.6.1.x86_64.rpm libvirt-daemon-qemu-8.0.0-150400.7.6.1.x86_64.rpm libvirt-libs-8.0.0-150400.7.6.1.x86_64.rpm libvirt-client-8.0.0-150400.7.6.1.s390x.rpm libvirt-daemon-8.0.0-150400.7.6.1.s390x.rpm libvirt-daemon-driver-interface-8.0.0-150400.7.6.1.s390x.rpm libvirt-daemon-driver-network-8.0.0-150400.7.6.1.s390x.rpm libvirt-daemon-driver-nodedev-8.0.0-150400.7.6.1.s390x.rpm libvirt-daemon-driver-nwfilter-8.0.0-150400.7.6.1.s390x.rpm libvirt-daemon-driver-qemu-8.0.0-150400.7.6.1.s390x.rpm libvirt-daemon-driver-secret-8.0.0-150400.7.6.1.s390x.rpm libvirt-daemon-driver-storage-8.0.0-150400.7.6.1.s390x.rpm libvirt-daemon-driver-storage-core-8.0.0-150400.7.6.1.s390x.rpm libvirt-daemon-driver-storage-disk-8.0.0-150400.7.6.1.s390x.rpm libvirt-daemon-driver-storage-iscsi-8.0.0-150400.7.6.1.s390x.rpm libvirt-daemon-driver-storage-iscsi-direct-8.0.0-150400.7.6.1.s390x.rpm libvirt-daemon-driver-storage-logical-8.0.0-150400.7.6.1.s390x.rpm libvirt-daemon-driver-storage-mpath-8.0.0-150400.7.6.1.s390x.rpm libvirt-daemon-driver-storage-scsi-8.0.0-150400.7.6.1.s390x.rpm libvirt-daemon-qemu-8.0.0-150400.7.6.1.s390x.rpm libvirt-libs-8.0.0-150400.7.6.1.s390x.rpm libvirt-client-8.0.0-150400.7.6.1.aarch64.rpm libvirt-daemon-8.0.0-150400.7.6.1.aarch64.rpm libvirt-daemon-driver-interface-8.0.0-150400.7.6.1.aarch64.rpm libvirt-daemon-driver-network-8.0.0-150400.7.6.1.aarch64.rpm libvirt-daemon-driver-nodedev-8.0.0-150400.7.6.1.aarch64.rpm libvirt-daemon-driver-nwfilter-8.0.0-150400.7.6.1.aarch64.rpm libvirt-daemon-driver-qemu-8.0.0-150400.7.6.1.aarch64.rpm libvirt-daemon-driver-secret-8.0.0-150400.7.6.1.aarch64.rpm libvirt-daemon-driver-storage-8.0.0-150400.7.6.1.aarch64.rpm libvirt-daemon-driver-storage-core-8.0.0-150400.7.6.1.aarch64.rpm libvirt-daemon-driver-storage-disk-8.0.0-150400.7.6.1.aarch64.rpm libvirt-daemon-driver-storage-iscsi-8.0.0-150400.7.6.1.aarch64.rpm libvirt-daemon-driver-storage-iscsi-direct-8.0.0-150400.7.6.1.aarch64.rpm libvirt-daemon-driver-storage-logical-8.0.0-150400.7.6.1.aarch64.rpm libvirt-daemon-driver-storage-mpath-8.0.0-150400.7.6.1.aarch64.rpm libvirt-daemon-driver-storage-rbd-8.0.0-150400.7.6.1.aarch64.rpm libvirt-daemon-driver-storage-scsi-8.0.0-150400.7.6.1.aarch64.rpm libvirt-daemon-qemu-8.0.0-150400.7.6.1.aarch64.rpm libvirt-libs-8.0.0-150400.7.6.1.aarch64.rpm openSUSE-Leap-Micro-5.4-2023-2495 important SUSE Updates openSUSE-Leap-Micro 5.4 This update for libzypp fixes the following issues: - Fix "Curl error 92" when synchronizing SUSE Manager repositories. [bsc#1212187] - Do not unconditionally release a medium if provideFile failed. [bsc#1211661] libzypp-17.31.13-150400.3.30.1.src.rpm True libzypp-17.31.13-150400.3.30.1.x86_64.rpm True libzypp-17.31.13-150400.3.30.1.s390x.rpm True libzypp-17.31.13-150400.3.30.1.aarch64.rpm True