openSUSE-Leap-Micro-5.5-2023-3082 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for qemu fixes the following issues: - CVE-2023-3301: Fixed incorrect cleanup of the vdpa/vhost-net structures if peer nic is present (bsc#1213414). - CVE-2023-0330: Fixed reentrancy issues in the LSI controller (bsc#1207205). - CVE-2023-2861: Fixed opening special files in 9pfs (bsc#1212968). - CVE-2023-3255: Fixed infinite loop in inflate_buffer() leads to denial of service (bsc#1213001). Bugfixes: - hw/ide/piix: properly initialize the BMIBA register (bsc#bsc#1179993) - Fixed issue where Guest did not run on XEN SLES15SP2 (bsc#1181740). qemu-7.1.0-150500.49.6.1.src.rpm qemu-7.1.0-150500.49.6.1.x86_64.rpm qemu-accel-tcg-x86-7.1.0-150500.49.6.1.x86_64.rpm qemu-audio-spice-7.1.0-150500.49.6.1.x86_64.rpm qemu-block-curl-7.1.0-150500.49.6.1.x86_64.rpm qemu-chardev-spice-7.1.0-150500.49.6.1.x86_64.rpm qemu-guest-agent-7.1.0-150500.49.6.1.x86_64.rpm qemu-hw-display-qxl-7.1.0-150500.49.6.1.x86_64.rpm qemu-hw-display-virtio-gpu-7.1.0-150500.49.6.1.x86_64.rpm qemu-hw-display-virtio-vga-7.1.0-150500.49.6.1.x86_64.rpm qemu-hw-usb-redirect-7.1.0-150500.49.6.1.x86_64.rpm qemu-ipxe-1.0.0+-150500.49.6.1.noarch.rpm qemu-seabios-1.16.0_0_gd239552-150500.49.6.1.noarch.rpm qemu-sgabios-8-150500.49.6.1.noarch.rpm qemu-tools-7.1.0-150500.49.6.1.x86_64.rpm qemu-ui-opengl-7.1.0-150500.49.6.1.x86_64.rpm qemu-ui-spice-core-7.1.0-150500.49.6.1.x86_64.rpm qemu-vgabios-1.16.0_0_gd239552-150500.49.6.1.noarch.rpm qemu-x86-7.1.0-150500.49.6.1.x86_64.rpm qemu-7.1.0-150500.49.6.1.s390x.rpm qemu-audio-spice-7.1.0-150500.49.6.1.s390x.rpm qemu-block-curl-7.1.0-150500.49.6.1.s390x.rpm qemu-chardev-spice-7.1.0-150500.49.6.1.s390x.rpm qemu-guest-agent-7.1.0-150500.49.6.1.s390x.rpm qemu-hw-display-qxl-7.1.0-150500.49.6.1.s390x.rpm qemu-hw-display-virtio-gpu-7.1.0-150500.49.6.1.s390x.rpm qemu-hw-display-virtio-vga-7.1.0-150500.49.6.1.s390x.rpm qemu-hw-usb-redirect-7.1.0-150500.49.6.1.s390x.rpm qemu-s390x-7.1.0-150500.49.6.1.s390x.rpm qemu-tools-7.1.0-150500.49.6.1.s390x.rpm qemu-ui-opengl-7.1.0-150500.49.6.1.s390x.rpm qemu-ui-spice-core-7.1.0-150500.49.6.1.s390x.rpm qemu-7.1.0-150500.49.6.1.aarch64.rpm qemu-arm-7.1.0-150500.49.6.1.aarch64.rpm qemu-audio-spice-7.1.0-150500.49.6.1.aarch64.rpm qemu-block-curl-7.1.0-150500.49.6.1.aarch64.rpm qemu-chardev-spice-7.1.0-150500.49.6.1.aarch64.rpm qemu-guest-agent-7.1.0-150500.49.6.1.aarch64.rpm qemu-hw-display-qxl-7.1.0-150500.49.6.1.aarch64.rpm qemu-hw-display-virtio-gpu-7.1.0-150500.49.6.1.aarch64.rpm qemu-hw-display-virtio-vga-7.1.0-150500.49.6.1.aarch64.rpm qemu-hw-usb-redirect-7.1.0-150500.49.6.1.aarch64.rpm qemu-tools-7.1.0-150500.49.6.1.aarch64.rpm qemu-ui-opengl-7.1.0-150500.49.6.1.aarch64.rpm qemu-ui-spice-core-7.1.0-150500.49.6.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-3850 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for evolution and its dependencies fixes the following issues: evolution: - Handle frame flattening change in WebKitGTK 2.40 (bsc#1213858) bogofilter, evolution-data-server, gcr, geocode-glib, gjs, glade, gnome-autoar, gnome-desktop, gnome-online-accounts, gsl, gspell, gtkspell3, libcanberra, libgdata, libgweather, libical, liboauth, libphonenumber, librest, libxkbcommon, mozjs78: - Deliver missing direct and indirect dependencies of evolution to SUSE Package Hub 15 SP{4,5} for aarch64, ppc64le and s390x - There are NO code changes libxkbcommon-1.3.0-150400.3.2.2.src.rpm libxkbcommon0-1.3.0-150400.3.2.2.x86_64.rpm libxkbcommon0-1.3.0-150400.3.2.2.s390x.rpm libxkbcommon0-1.3.0-150400.3.2.2.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-3817 important SUSE Updates openSUSE-Leap-Micro 5.5 This update of containerd fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). containerd-1.6.21-150000.95.1.src.rpm containerd-1.6.21-150000.95.1.x86_64.rpm containerd-1.6.21-150000.95.1.s390x.rpm containerd-1.6.21-150000.95.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-3952 important SUSE Updates openSUSE-Leap-Micro 5.5 This update of runc fixes the following issues: - Update to runc v1.1.8. Upstream changelog is available from <https://github.com/opencontainers/runc/releases/tag/v1.1.8>. - rebuild the package with the go 1.21 security release (bsc#1212475). runc-1.1.8-150000.49.1.src.rpm runc-1.1.8-150000.49.1.x86_64.rpm runc-1.1.8-150000.49.1.s390x.rpm runc-1.1.8-150000.49.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-3637 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for cloud-netconfig fixes the following issues: - Update to version 1.8: - Fix Automatic Addition of Secondary IP Addresses in Azure Using cloud-netconfig. (bsc#1214715) cloud-netconfig-azure-1.8-150000.25.11.1.noarch.rpm cloud-netconfig-azure-1.8-150000.25.11.1.src.rpm cloud-netconfig-ec2-1.8-150000.25.11.1.noarch.rpm cloud-netconfig-ec2-1.8-150000.25.11.1.src.rpm cloud-netconfig-gce-1.8-150000.25.11.1.noarch.rpm cloud-netconfig-gce-1.8-150000.25.11.1.src.rpm openSUSE-Leap-Micro-5.5-2023-3780 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for hidapi ships the missing libhidapi-raw0 library to SLE and Leap Micro 5.3 and 5.4. hidapi-0.10.1-150300.3.2.1.src.rpm libhidapi-hidraw0-0.10.1-150300.3.2.1.x86_64.rpm libhidapi-hidraw0-0.10.1-150300.3.2.1.s390x.rpm libhidapi-hidraw0-0.10.1-150300.3.2.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-3822 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for supportutils fixes the following issues: Security fixes: - CVE-2022-45154: Removed iSCSI passwords (bsc#1207598). Other Fixes: - Changes in version 3.1.26 + powerpc plugin to collect the slots and active memory (bsc#1210950) + A Cleartext Storage of Sensitive Information vulnerability CVE-2022-45154 + supportconfig: collect BPF information (pr#154) + Added additional iscsi information (pr#155) - Added run time detection (bsc#1213127) - Changes for supportutils version 3.1.25 + Removed iSCSI passwords CVE-2022-45154 (bsc#1207598) + powerpc: Collect lsslot,amsstat, and opal elogs (pr#149) + powerpc: collect invscout logs (pr#150) + powerpc: collect RMC status logs (pr#151) + Added missing nvme nbft commands (bsc#1211599) + Fixed invalid nvme commands (bsc#1211598) + Added missing podman information (PED-1703, bsc#1181477) + Removed dependency on sysfstools + Check for systool use (bsc#1210015) + Added selinux checking (bsc#1209979) + Updated SLES_VER matrix - Fixed missing status detail for apparmor (bsc#1196933) - Corrected invalid argument list in docker.txt (bsc#1206608) - Applies limit equally to sar data and text files (bsc#1207543) - Collects hwinfo hardware logs (bsc#1208928) - Collects lparnumascore logs (issue#148) - Add dependency to `numactl` on ppc64le and `s390x`, this enforces that `numactl --hardware` data is provided in supportconfigs - Changes to supportconfig.rc version 3.1.11-35 + Corrected _sanitize_file to include iscsi.conf and others (bsc#1206402) - Changes to supportconfig version 3.1.11-46.4 + Added plymouth_info - Changes to getappcore version 1.53.02 + The location of chkbin was updated earlier. This documents that change (bsc#1205533, bsc#1204942) supportutils-3.1.26-150300.7.35.21.1.noarch.rpm supportutils-3.1.26-150300.7.35.21.1.src.rpm openSUSE-Leap-Micro-5.5-2023-3666 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for libxml2 fixes the following issues: - CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768). libxml2-2-2.10.3-150500.5.8.1.x86_64.rpm libxml2-2.10.3-150500.5.8.1.src.rpm libxml2-python-2.10.3-150500.5.8.1.src.rpm libxml2-tools-2.10.3-150500.5.8.1.x86_64.rpm python3-libxml2-2.10.3-150500.5.8.1.x86_64.rpm libxml2-2-2.10.3-150500.5.8.1.s390x.rpm libxml2-tools-2.10.3-150500.5.8.1.s390x.rpm python3-libxml2-2.10.3-150500.5.8.1.s390x.rpm libxml2-2-2.10.3-150500.5.8.1.aarch64.rpm libxml2-tools-2.10.3-150500.5.8.1.aarch64.rpm python3-libxml2-2.10.3-150500.5.8.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-3707 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for cups fixes the following issues: - CVE-2023-4504: Fixed heap overflow in OpenPrinting CUPS Postscript Parsing (bsc#1215204). - CVE-2023-32360: Fixed Information leak through Cups-Get-Document operation (bsc#1214254). cups-2.2.7-150000.3.51.2.src.rpm cups-config-2.2.7-150000.3.51.2.x86_64.rpm libcups2-2.2.7-150000.3.51.2.x86_64.rpm cups-config-2.2.7-150000.3.51.2.s390x.rpm libcups2-2.2.7-150000.3.51.2.s390x.rpm cups-config-2.2.7-150000.3.51.2.aarch64.rpm libcups2-2.2.7-150000.3.51.2.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-3654 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer fixes the following issues: Update to version 1.57.0 - Release notes https://github.com/kubevirt/containerized-data-importer/releases/tag/v1.57.0 containerized-data-importer-1.57.0-150500.6.3.1.src.rpm containerized-data-importer-manifests-1.57.0-150500.6.3.1.x86_64.rpm openSUSE-Leap-Micro-5.5-2023-3655 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container fixes the following issues: kubevirt was updated to fix: - Fix leaking file descriptor - Fix volume detach on hotplug attachment pod delete - Fix leaking tickers - Run helper pod as qemu user - SCSI reservation: fix leftover mount and resource permissions - Bump client-go (fix possible panic in discovery) - Wait for new hotplug attachment pod to be ready - Adapt the storage tests to the new populators flow - Create export VM datavolumes compatible with populators - Delete VMI prior to NFS server pod in tests - Use compat cmdline options for virtiofsd - Update to version 1.0.0 Release notes https://github.com/kubevirt/kubevirt/releases/tag/v1.0.0 - Switch to qemu user (107) - Initial container for qemu-pr-helper kubevirt-1.0.0-150500.8.3.1.src.rpm kubevirt-manifests-1.0.0-150500.8.3.1.x86_64.rpm kubevirt-virtctl-1.0.0-150500.8.3.1.x86_64.rpm openSUSE-Leap-Micro-5.5-2023-3954 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in "econf_writeFile" function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in "read_file" function. (bsc#1211078) libeconf-0.5.2-150400.3.6.1.src.rpm libeconf0-0.5.2-150400.3.6.1.x86_64.rpm libeconf0-0.5.2-150400.3.6.1.s390x.rpm libeconf0-0.5.2-150400.3.6.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-3716 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for libnvme, nvme-cli fixes the following issues: - Update to version 1.4+29.ga3cf0a - Fix segfault in nvme_scan_subsystem() (bsc#1213993) - Fix segfault converting NULL to JSON string (bsc#1213762) libnvme-1.4+29.ga3cf0a-150500.4.9.1.src.rpm libnvme-mi1-1.4+29.ga3cf0a-150500.4.9.1.x86_64.rpm libnvme1-1.4+29.ga3cf0a-150500.4.9.1.x86_64.rpm nvme-cli-2.4+25.g367eb9-150500.4.9.1.src.rpm nvme-cli-2.4+25.g367eb9-150500.4.9.1.x86_64.rpm libnvme-mi1-1.4+29.ga3cf0a-150500.4.9.1.s390x.rpm libnvme1-1.4+29.ga3cf0a-150500.4.9.1.s390x.rpm nvme-cli-2.4+25.g367eb9-150500.4.9.1.s390x.rpm libnvme-mi1-1.4+29.ga3cf0a-150500.4.9.1.aarch64.rpm libnvme1-1.4+29.ga3cf0a-150500.4.9.1.aarch64.rpm nvme-cli-2.4+25.g367eb9-150500.4.9.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-3843 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for suse-build-key fixes the following issues: This update adds and runs a import-suse-build-key script. It is run after installation with libzypp based installers. (jsc#PED-2777) It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc suse-build-key-12.0-150000.8.34.1.noarch.rpm suse-build-key-12.0-150000.8.34.1.src.rpm openSUSE-Leap-Micro-5.5-2023-3663 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for perl-Bootloader fixes the following issues: - bootloader_entry script can have an optional 'force-default' argument (bsc#1215064) - skip warning about unsupported options when in compat mode perl-Bootloader-0.945-150400.3.9.1.src.rpm perl-Bootloader-0.945-150400.3.9.1.x86_64.rpm perl-Bootloader-0.945-150400.3.9.1.s390x.rpm perl-Bootloader-0.945-150400.3.9.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-3828 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for python3 fixes the following issues: - CVE-2023-40217: Fixed TLS handshake bypass on closed sockets (bsc#1214692). libpython3_6m1_0-3.6.15-150300.10.51.1.x86_64.rpm python3-3.6.15-150300.10.51.1.src.rpm python3-3.6.15-150300.10.51.1.x86_64.rpm python3-base-3.6.15-150300.10.51.1.x86_64.rpm python3-core-3.6.15-150300.10.51.1.src.rpm libpython3_6m1_0-3.6.15-150300.10.51.1.s390x.rpm python3-3.6.15-150300.10.51.1.s390x.rpm python3-base-3.6.15-150300.10.51.1.s390x.rpm libpython3_6m1_0-3.6.15-150300.10.51.1.aarch64.rpm python3-3.6.15-150300.10.51.1.aarch64.rpm python3-base-3.6.15-150300.10.51.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4052 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update ships missing babeltrace-devel to the Basesystem module to allow building gdb source rpms. (bsc#1209275) babeltrace-1.5.8-150300.3.2.1.src.rpm babeltrace-1.5.8-150300.3.2.1.x86_64.rpm babeltrace-1.5.8-150300.3.2.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-3798 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for libcontainers-common fixes the following issues: - Require libcontainers-sles-mounts for *all* SLE products, and not just SLES. (bsc#1215291) libcontainers-common-20230214-150500.4.6.1.noarch.rpm libcontainers-common-20230214-150500.4.6.1.src.rpm libcontainers-sles-mounts-20230214-150500.4.6.1.noarch.rpm openSUSE-Leap-Micro-5.5-2023-4162 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the "Development Tools" module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install "gcc13" or "gcc13-c++" or one of the other "gcc13-COMPILER" frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. gcc13-13.2.1+git7813-150000.1.3.3.src.rpm libgcc_s1-13.2.1+git7813-150000.1.3.3.x86_64.rpm libstdc++6-13.2.1+git7813-150000.1.3.3.x86_64.rpm libgcc_s1-13.2.1+git7813-150000.1.3.3.s390x.rpm libstdc++6-13.2.1+git7813-150000.1.3.3.s390x.rpm libgcc_s1-13.2.1+git7813-150000.1.3.3.aarch64.rpm libstdc++6-13.2.1+git7813-150000.1.3.3.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4194 low SUSE Updates openSUSE-Leap-Micro 5.5 This feature update for python3 packages adds the following: - First batch of python3.11 modules (jsc#PED-68) - Rename sources of python3-kubernetes, python3-cryptography and python3-cryptography-vectors to accommodate the new 3.11 versions, this 3 packages have no code changes. python3-cryptography-3.3.2-150400.20.3.src.rpm python3-cryptography-3.3.2-150400.20.3.x86_64.rpm python3-cryptography-3.3.2-150400.20.3.s390x.rpm python3-cryptography-3.3.2-150400.20.3.ppc64le.rpm python3-cryptography-3.3.2-150400.20.3.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4153 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for systemd fixes the following issues: - Fix mismatch of nss-resolve version in Package Hub (no source code changes) libsystemd0-249.16-150400.8.35.5.x86_64.rpm libudev1-249.16-150400.8.35.5.x86_64.rpm systemd-249.16-150400.8.35.5.src.rpm systemd-249.16-150400.8.35.5.x86_64.rpm systemd-container-249.16-150400.8.35.5.x86_64.rpm systemd-journal-remote-249.16-150400.8.35.5.x86_64.rpm systemd-sysvinit-249.16-150400.8.35.5.x86_64.rpm udev-249.16-150400.8.35.5.x86_64.rpm libsystemd0-249.16-150400.8.35.5.s390x.rpm libudev1-249.16-150400.8.35.5.s390x.rpm systemd-249.16-150400.8.35.5.s390x.rpm systemd-container-249.16-150400.8.35.5.s390x.rpm systemd-journal-remote-249.16-150400.8.35.5.s390x.rpm systemd-sysvinit-249.16-150400.8.35.5.s390x.rpm udev-249.16-150400.8.35.5.s390x.rpm libsystemd0-249.16-150400.8.35.5.aarch64.rpm libudev1-249.16-150400.8.35.5.aarch64.rpm systemd-249.16-150400.8.35.5.aarch64.rpm systemd-container-249.16-150400.8.35.5.aarch64.rpm systemd-journal-remote-249.16-150400.8.35.5.aarch64.rpm systemd-sysvinit-249.16-150400.8.35.5.aarch64.rpm udev-249.16-150400.8.35.5.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4154 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) aaa_base-84.87+git20180409.04c9dae-150300.10.6.2.src.rpm aaa_base-84.87+git20180409.04c9dae-150300.10.6.2.x86_64.rpm aaa_base-84.87+git20180409.04c9dae-150300.10.6.2.s390x.rpm aaa_base-84.87+git20180409.04c9dae-150300.10.6.2.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4141 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for grub2 fixes the following issues: Security fixes: - CVE-2023-4692: Fixed an out-of-bounds write at fs/ntfs.c which may lead to unsigned code execution. (bsc#1215935) - CVE-2023-4693: Fixed an out-of-bounds read at fs/ntfs.c which may lead to leak sensitive information. (bsc#1215936) Other fixes: - Fix a boot delay issue in PowerPC PXE boot (bsc#1201300) grub2-2.06-150500.29.8.1.src.rpm grub2-2.06-150500.29.8.1.x86_64.rpm grub2-i386-pc-2.06-150500.29.8.1.noarch.rpm grub2-snapper-plugin-2.06-150500.29.8.1.noarch.rpm grub2-x86_64-efi-2.06-150500.29.8.1.noarch.rpm grub2-x86_64-xen-2.06-150500.29.8.1.noarch.rpm grub2-2.06-150500.29.8.1.s390x.rpm grub2-s390x-emu-2.06-150500.29.8.1.s390x.rpm grub2-2.06-150500.29.8.1.aarch64.rpm grub2-arm64-efi-2.06-150500.29.8.1.noarch.rpm openSUSE-Leap-Micro-5.5-2023-3978 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for nfs-utils fixes the following issues: - SLE15-SP5 and earlier don't use /usr/lib/modprobe.d (bsc#1200710) - Avoid unhelpful warnings (bsc#1157881) - Fix rpc.nfsd man pages (bsc#1209859) - Cope better with duplicate entries in /etc/exports (bsc#1212594) - Allow scope to be set in sysconfig: NFSD_SCOPE nfs-client-2.1.1-150500.22.3.1.x86_64.rpm nfs-kernel-server-2.1.1-150500.22.3.1.x86_64.rpm nfs-utils-2.1.1-150500.22.3.1.src.rpm nfs-client-2.1.1-150500.22.3.1.s390x.rpm nfs-kernel-server-2.1.1-150500.22.3.1.s390x.rpm nfs-client-2.1.1-150500.22.3.1.aarch64.rpm nfs-kernel-server-2.1.1-150500.22.3.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-3971 important SUSE Updates openSUSE-Leap-Micro 5.5 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-38457: Fixed a use-after-free vulnerability in vmwgfx driver that allowed a local attacker to cause a denial of service (bsc#1203330). - CVE-2022-40133: Fixed a use-after-free vulnerability in vmwgfx driver that allowed a local attacker to cause a denial of service (bsc#1203329). - CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448). - CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927). - CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546). - CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation (bsc#1213580). - CVE-2023-37453: Fixed oversight in SuperSpeed initialization (bsc#1213123). - CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666). - CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601). - CVE-2023-40283: Fixed use-after-free in l2cap_sock_ready_cb (bsc#1214233). - CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149). - CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970). - CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work() (bsc#1213971). - CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1213968). - CVE-2023-4194: Fixed a type confusion in net tun_chr_open() (bsc#1214019). - CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214120). - CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that could allow a local attacker to crash the system due to a double-free (bsc#1214350). - CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451). - CVE-2023-4563: Fixed use-after-free in nft_verdict_dump due to a race between set GC and transaction (bsc#1214727). - CVE-2023-4569: Fixed information leak in nft_set_catchall_flush in net/netfilter/nf_tables_api.c (bsc#1214729). The following non-security bugs were fixed: - ACPI/IORT: Update SMMUv3 DeviceID support (bsc#1214305). - ACPI: processor: perflib: Avoid updating frequency QoS unnecessarily (git-fixes). - ACPI: processor: perflib: Use the "no limit" frequency QoS (git-fixes). - ACPI: x86: s2idle: Fix a logic error parsing AMD constraints table (git-fixes). - ALSA: ac97: Fix possible error value of *rac97 (git-fixes). - ALSA: hda/cs8409: Support new Dell Dolphin Variants (git-fixes). - ALSA: hda/realtek - Remodified 3k pull low procedure (git-fixes). - ALSA: hda/realtek: Add quirk for HP Victus 16-d1xxx to enable mute LED (git-fixes). - ALSA: hda/realtek: Add quirk for mute LEDs on HP ENVY x360 15-eu0xxx (git-fixes). - ALSA: hda/realtek: Add quirks for HP G11 Laptops (git-fixes). - ALSA: hda/realtek: Switch Dell Oasis models to use SPI (git-fixes). - ALSA: pcm: Fix missing fixup call in compat hw_refine ioctl (git-fixes). - ALSA: usb-audio: Add support for Mythware XA001AU capture and playback interfaces (git-fixes). - ALSA: usb-audio: Fix init call orders for UAC1 (git-fixes). - ALSA: ymfpci: Fix the missing snd_card_free() call at probe error (git-fixes). - ARM: dts: imx6dl: prtrvt, prtvt7, prti6q, prtwd2: fix USB related warnings (git-fixes). - ARM: dts: imx6sll: fixup of operating points (git-fixes). - ARM: spear: Do not use timer namespace for timer_shutdown() function (bsc#1213970). - ASoC: SOF: Intel: fix SoundWire/HDaudio mutual exclusion (git-fixes). - ASoC: amd: yc: Fix a non-functional mic on Lenovo 82SJ (git-fixes). - ASoC: lower "no backend DAIs enabled for ... Port" log severity (git-fixes). - ASoC: meson: axg-tdm-formatter: fix channel slot allocation (git-fixes). - ASoC: rt5665: add missed regulator_bulk_disable (git-fixes). - ASoC: stac9766: fix build errors with REGMAP_AC97 (git-fixes). - ASoC: tegra: Fix SFC conversion for few rates (git-fixes). - Bluetooth: Fix potential use-after-free when clear keys (git-fixes). - Bluetooth: L2CAP: Fix use-after-free (git-fixes). - Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb (git-fixes). - Bluetooth: Remove unused declaration amp_read_loc_info() (git-fixes). - Bluetooth: btusb: Add MT7922 bluetooth ID for the Asus Ally (git-fixes). - Bluetooth: btusb: Do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() (git-fixes). - CONFIG_NVME_VERBOSE_ERRORS=y gone with a82baa8083b - CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT=13 gone with 7e152d55123 - Created new preempt kernel flavor Configs are cloned from the respective $arch/default configs. All changed configs appart from CONFIG_PREEMPT->y are a result of dependencies, namely many lock/unlock primitives are no longer inlined in the preempt kernel. TREE_RCU has been also changed to PREEMPT_RCU which is the default implementation for PREEMPT kernel. - Documentation: devices.txt: Fix minors for ttyCPM* (git-fixes). - Documentation: devices.txt: Remove ttyIOC* (git-fixes). - Documentation: devices.txt: Remove ttySIOC* (git-fixes). - Drivers: hv: Do not remap addresses that are above shared_gpa_boundary (bsc#1206453). - Drivers: hv: Enable vmbus driver for nested root partition (bsc#1206453). - Drivers: hv: Explicitly request decrypted in vmap_pfn() calls (bsc#1206453). - Drivers: hv: Setup synic registers in case of nested root partition (bsc#1206453). - Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (bsc#1206453). - Drivers: hv: vmbus: Remove second mapping of VMBus monitor pages (bsc#1206453). - Drivers: hv: vmbus: Remove second way of mapping ring buffers (bsc#1206453). - Drivers: hv: vmbus: Remove the per-CPU post_msg_page (bsc#1206453). - Drop amdgpu patch causing spamming (bsc#1215523) - Drop cfg80211 lock fix patches that caused a regression (bsc#1213757) - Drop rtsx patch that caused a regression (bsc#1214397,bsc#1214428) - Enable Analog Devices Industrial Ethernet PHY driver (jsc#PED-4759) - HID: add quirk for 03f0:464a HP Elite Presenter Mouse (git-fixes). - HID: logitech-dj: Fix error handling in logi_dj_recv_switch_to_dj_mode() (git-fixes). - HID: logitech-hidpp: Add USB and Bluetooth IDs for the Logitech G915 TKL Keyboard (git-fixes). - HID: multitouch: Correct devm device reference for hidinput input_dev name (git-fixes). - HID: wacom: remove the battery when the EKR is off (git-fixes). - HWPOISON: offline support: fix spelling in Documentation/ABI/ (git-fixes). - IB/hfi1: Fix possible panic during hotplug remove (git-fixes) - IB/uverbs: Fix an potential error pointer dereference (git-fixes) - Input: exc3000 - properly stop timer on shutdown (git-fixes). - KVM: s390: fix sthyi error handling (git-fixes bsc#1214370). - Kbuild: add -Wno-shift-negative-value where -Wextra is used (bsc#1214756). - Kbuild: move to -std=gnu11 (bsc#1214756). - PCI/ASPM: Avoid link retraining race (git-fixes). - PCI/ASPM: Factor out pcie_wait_for_retrain() (git-fixes). - PCI/ASPM: Return 0 or -ETIMEDOUT from pcie_retrain_link() (git-fixes). - PCI: Mark NVIDIA T4 GPUs to avoid bus reset (git-fixes). - PCI: acpiphp: Reassign resources on bridge if necessary (git-fixes). - PCI: acpiphp: Use pci_assign_unassigned_bridge_resources() only for non-root bus (git-fixes). - PCI: hv: Enable PCI pass-thru devices in Confidential VMs (bsc#1206453). - PCI: hv: Replace retarget_msi_interrupt_params with (bsc#1206453). - PCI: meson: Remove cast between incompatible function type (git-fixes). - PCI: microchip: Correct the DED and SEC interrupt bit offsets (git-fixes). - PCI: microchip: Remove cast between incompatible function type (git-fixes). - PCI: pciehp: Use RMW accessors for changing LNKCTL (git-fixes). - PCI: rockchip: Remove writes to unused registers (git-fixes). - PCI: s390: Fix use-after-free of PCI resources with per-function hotplug (git-fixes). - PCI: tegra194: Fix possible array out of bounds access (git-fixes). - PM / devfreq: Fix leak in devfreq_dev_release() (git-fixes). - RDMA/bnxt_re: Fix error handling in probe failure path (git-fixes) - RDMA/bnxt_re: Fix max_qp count for virtual functions (git-fixes) - RDMA/efa: Fix wrong resources deallocation order (git-fixes) - RDMA/hns: Fix CQ and QP cache affinity (git-fixes) - RDMA/hns: Fix incorrect post-send with direct wqe of wr-list (git-fixes) - RDMA/hns: Fix port active speed (git-fixes) - RDMA/irdma: Prevent zero-length STAG registration (git-fixes) - RDMA/irdma: Replace one-element array with flexible-array member (git-fixes) - RDMA/mlx5: Return the firmware result upon destroying QP/RQ (git-fixes) - RDMA/qedr: Remove a duplicate assignment in irdma_query_ah() (git-fixes) - RDMA/siw: Balance the reference of cep->kref in the error path (git-fixes) - RDMA/siw: Correct wrong debug message (git-fixes) - RDMA/umem: Set iova in ODP flow (git-fixes) - README.BRANCH: Add Miroslav Franc as a SLE15-SP4 co-maintainer. - Revert "IB/isert: Fix incorrect release of isert connection" (git-fixes) - Revert "tracing: Add "(fault)" name injection to kernel probes" (git-fixes). - SMB3: Do not send lease break acknowledgment if all file handles have been closed (git-fixes). - Update patches.suse/cpufreq-intel_pstate-Fix-cpu-pstate.turbo_freq-initi.patch (git-fixes bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929). - amba: bus: fix refcount leak (git-fixes). - arm64: dts: imx8mn-var-som: add missing pull-up for onboard PHY reset pinmux (git-fixes). - arm64: dts: qcom: qrb5165-rb5: fix thermal zone conflict (git-fixes). - arm64: dts: rockchip: Disable HS400 for eMMC on ROCK Pi 4 (git-fixes). - audit: fix possible soft lockup in __audit_inode_child() (git-fixes). - backlight/bd6107: Compare against struct fb_info.device (git-fixes). - backlight/gpio_backlight: Compare against struct fb_info.device (git-fixes). - backlight/lv5207lp: Compare against struct fb_info.device (git-fixes). - batman-adv: Do not get eth header before batadv_check_management_packet (git-fixes). - batman-adv: Do not increase MTU when set by user (git-fixes). - batman-adv: Fix TT global entry leak when client roamed back (git-fixes). - batman-adv: Fix batadv_v_ogm_aggr_send memory leak (git-fixes). - batman-adv: Hold rtnl lock during MTU update via netlink (git-fixes). - batman-adv: Trigger events for auto adjusted MTU (git-fixes). - bnx2x: fix page fault following EEH recovery (bsc#1214299). - bpf: Disable preemption in bpf_event_output (git-fixes). - bpftool: Print newline before '}' for struct with padding only fields (bsc#1211220 jsc#PED-3924). - bus: mhi: host: Skip MHI reset if device is in RDDM (git-fixes). - bus: ti-sysc: Fix build warning for 64-bit build (git-fixes). - bus: ti-sysc: Fix cast to enum warning (git-fixes). - bus: ti-sysc: Flush posted write on enable before reset (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): count RX overflow errors also in case of OOM (git-fixes). - ceph: defer stopping mdsc delayed_work (bsc#1214392). - ceph: do not check for quotas on MDS stray dirs (bsc#1214238). - ceph: never send metrics if disable_send_metrics is set (bsc#1214180). - check-for-config-changes: ignore BUILTIN_RETURN_ADDRESS_STRIPS_PAC (bsc#1214380). gcc7 on SLE 15 does not support this while later gcc does. - cifs: add missing return value check for cifs_sb_tlink (bsc#1193629). - cifs: allow dumping keys for directories too (bsc#1193629). - cifs: fix mid leak during reconnection after timeout threshold (git-fixes). - cifs: if deferred close is disabled then close files immediately (git-fixes). - cifs: is_network_name_deleted should return a bool (bsc#1193629). - cifs: update internal module version number for cifs.ko (bsc#1193629). - clk: Fix slab-out-of-bounds error in devm_clk_release() (git-fixes). - clk: Fix undefined reference to `clk_rate_exclusive_{get,put}' (git-fixes). - clk: imx8mp: fix sai4 clock (git-fixes). - clk: imx: composite-8m: fix clock pauses when set_rate would be a no-op (git-fixes). - clk: imx: pll14xx: dynamically configure PLL for 393216000/361267200Hz (git-fixes). - clk: qcom: camcc-sc7180: fix async resume during probe (git-fixes). - clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock (git-fixes). - clk: qcom: gcc-sc7180: Fix up gcc_sdcc2_apps_clk_src (git-fixes). - clk: qcom: gcc-sm8250: Fix gcc_sdcc2_apps_clk_src (git-fixes). - clk: sunxi-ng: Modify mismatched function name (git-fixes). - clocksource/drivers/arm_arch_timer: Do not use timer namespace for timer_shutdown() function (bsc#1213970). - clocksource/drivers/hyper-v: Rework clocksource and sched clock setup (bsc#1206453). - clocksource/drivers/sp804: Do not use timer namespace for timer_shutdown() function (bsc#1213970). - clocksource: hyper-v: Add TSC page support for root partition (bsc#1206453). - clocksource: hyper-v: Introduce TSC PFN getter (bsc#1206453). - clocksource: hyper-v: Introduce a pointer to TSC page (bsc#1206453). - clocksource: hyper-v: Use TSC PFN getter to map vvar page (bsc#1206453). - clocksource: hyper-v: make sure Invariant-TSC is used if it is (bsc#1206453). - cpu/SMT: Allow enabling partial SMT states via sysfs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/SMT: Create topology_smt_thread_allowed() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/SMT: Move SMT prototypes into cpu_smt.h (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/SMT: Move smt/control simple exit cases earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/SMT: Remove topology_smt_supported() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/SMT: Store the current/max number of threads (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpufreq: Fix the race condition while updating the transition_task of policy (git-fixes). - cpufreq: intel_pstate: Adjust balance_performance EPP for Sapphire Rapids (bsc#1214659). - cpufreq: intel_pstate: Enable HWP IO boost for all servers (bsc#1208949 jsc#PED-6003 jsc#PED-6004). - cpufreq: intel_pstate: Fix scaling for hybrid-capable systems with disabled E-cores (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929). - cpufreq: intel_pstate: Read all MSRs on the target CPU (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929). - cpufreq: intel_pstate: hybrid: Rework HWP calibration (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929). - cpufreq: intel_pstate: hybrid: Use known scaling factor for P-cores (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929). - crypto: caam - fix unchecked return value error (git-fixes). - crypto: stm32 - Properly handle pm_runtime_get failing (git-fixes). - define more Hyper-V related constants (bsc#1206453). - dma-buf/sw_sync: Avoid recursive lock during fence signal (git-fixes). - dma-buf/sync_file: Fix docs syntax (git-fixes). - dmaengine: idxd: Modify the dependence of attribute pasid_enabled (git-fixes). - dmaengine: mcf-edma: Fix a potential un-allocated memory access (git-fixes). - dmaengine: pl330: Return DMA_PAUSED when transaction is paused (git-fixes). - dmaengine: ste_dma40: Add missing IRQ check in d40_probe (git-fixes). - docs/process/howto: Replace C89 with C11 (bsc#1214756). - docs: kernel-parameters: Refer to the correct bitmap function (git-fixes). - docs: networking: replace skb_hwtstamp_tx with skb_tstamp_tx (git-fixes). - docs: printk-formats: Fix hex printing of signed values (git-fixes). - driver core: test_async: fix an error code (git-fixes). - drivers: clk: keystone: Fix parameter judgment in _of_pll_clk_init() (git-fixes). - drivers: usb: smsusb: fix error handling code in smsusb_init_device (git-fixes). - drm/amd/display: Apply 60us prefetch for DCFCLK &lt;= 300Mhz (git-fixes). - drm/amd/display: Disable phantom OTG after enable for plane disable (git-fixes). - drm/amd/display: Do not set drr on pipe commit (git-fixes). - drm/amd/display: Enable dcn314 DPP RCO (git-fixes). - drm/amd/display: Ensure that planes are in the same order (git-fixes). - drm/amd/display: Implement workaround for writing to OTG_PIXEL_RATE_DIV register (git-fixes). - drm/amd/display: Retain phantom plane/stream if validation fails (git-fixes). - drm/amd/display: Skip DPP DTO update if root clock is gated (git-fixes). - drm/amd/display: Use update plane and stream routine for DCN32x (git-fixes). - drm/amd/display: check TG is non-null before checking if enabled (git-fixes). - drm/amd/display: check attr flag before set cursor degamma on DCN3+ (git-fixes). - drm/amd/display: disable RCO for DCN314 (git-fixes). - drm/amd/display: do not wait for mpc idle if tg is disabled (git-fixes). - drm/amd/display: fix access hdcp_workqueue assert (git-fixes). - drm/amd/display: fix the build when DRM_AMD_DC_DCN is not set (git-fixes). - drm/amd/display: limit DPIA link rate to HBR3 (git-fixes). - drm/amd/display: phase3 mst hdcp for multiple displays (git-fixes). - drm/amd/display: save restore hdcp state when display is unplugged from mst hub (git-fixes). - drm/amd/display: trigger timing sync only if TG is running (git-fixes). - drm/amd/pm/smu7: move variables to where they are used (git-fixes). - drm/amd/pm: avoid unintentional shutdown due to temperature momentary fluctuation (git-fixes). - drm/amd/pm: expose swctf threshold setting for legacy powerplay (git-fixes). - drm/amd/pm: fix variable dereferenced issue in amdgpu_device_attr_create() (git-fixes). - drm/amd/pm: fulfill powerplay peak profiling mode shader/memory clock settings (git-fixes). - drm/amd/pm: fulfill swsmu peak profiling mode shader/memory clock settings (git-fixes). - drm/amd/pm: skip the RLC stop when S0i3 suspend for SMU v13.0.4/11 (git-fixes). - drm/amd: Disable S/G for APUs when 64GB or more host memory (git-fixes). - drm/amd: flush any delayed gfxoff on suspend entry (git-fixes). - drm/amdgpu/pm: fix throttle_status for other than MP1 11.0.7 (git-fixes). - drm/amdgpu: Fix integer overflow in amdgpu_cs_pass1 (git-fixes). - drm/amdgpu: Fix potential fence use-after-free v2 (git-fixes). - drm/amdgpu: Remove unnecessary domain argument (git-fixes). - drm/amdgpu: Use RMW accessors for changing LNKCTL (git-fixes). - drm/amdgpu: add S/G display parameter (git-fixes). - drm/amdgpu: add vram reservation based on vram_usagebyfirmware_v2_2 (git-fixes). - drm/amdgpu: avoid integer overflow warning in amdgpu_device_resize_fb_bar() (git-fixes). - drm/amdgpu: fix calltrace warning in amddrm_buddy_fini (git-fixes). - drm/amdgpu: fix memory leak in mes self test (git-fixes). - drm/amdgpu: fix possible UAF in amdgpu_cs_pass1() (git-fixes). - drm/amdgpu: install stub fence into potential unused fence pointers (git-fixes). - drm/amdgpu: keep irq count in amdgpu_irq_disable_all (git-fixes). - drm/amdgpu: skip fence GFX interrupts disable/enable for S0ix (git-fixes). - drm/armada: Fix off-by-one error in armada_overlay_get_property() (git-fixes). - drm/ast: Fix DRAM init on AST2200 (git-fixes). - drm/atomic-helper: Update reference to drm_crtc_force_disable_all() (git-fixes). - drm/bridge: anx7625: Drop device lock before drm_helper_hpd_irq_event() (git-fixes). - drm/bridge: anx7625: Use common macros for DP power sequencing commands (git-fixes). - drm/bridge: anx7625: Use common macros for HDCP capabilities (git-fixes). - drm/bridge: fix -Wunused-const-variable= warning (git-fixes). - drm/bridge: tc358764: Fix debug print parameter order (git-fixes). - drm/etnaviv: fix dumping of active MMU context (git-fixes). - drm/gma500: Use drm_aperture_remove_conflicting_pci_framebuffers (git-fixes). - drm/i915/sdvo: fix panel_type initialization (git-fixes). - drm/i915: Fix premature release of request's reusable memory (git-fixes). - drm/mediatek: Fix dereference before null check (git-fixes). - drm/mediatek: Fix potential memory leak if vmap() fail (git-fixes). - drm/mediatek: Remove freeing not dynamic allocated memory (git-fixes). - drm/msm/a2xx: Call adreno_gpu_init() earlier (git-fixes). - drm/msm/dpu: fix the irq index in dpu_encoder_phys_wb_wait_for_commit_done (git-fixes). - drm/msm/mdp5: Do not leak some plane state (git-fixes). - drm/msm: Update dev core dump to not print backwards (git-fixes). - drm/mxsfb: Disable overlay plane in mxsfb_plane_overlay_atomic_disable() (git-fixes). - drm/nouveau/disp: Revert a NULL check inside nouveau_connector_get_modes (git-fixes). - drm/nouveau/disp: fix use-after-free in error handling of nouveau_connector_create (bsc#1214073). - drm/nouveau/gr: enable memory loads on helper invocation on all channels (git-fixes). - drm/nouveau/nvkm/dp: Add workaround to fix DP 1.3+ DPCD issues (git-fixes). - drm/panel: simple: Add missing connector type and pixel format for AUO T215HVN01 (git-fixes). - drm/panel: simple: Fix AUO G121EAN01 panel timings according to the docs (git-fixes). - drm/qxl: fix UAF on handle creation (git-fixes). - drm/radeon: Use RMW accessors for changing LNKCTL (git-fixes). - drm/repaper: Reduce temporary buffer size in repaper_fb_dirty() (git-fixes). - drm/rockchip: Do not spam logs in atomic check (git-fixes). - drm/shmem-helper: Reset vma->vm_ops before calling dma_buf_mmap() (git-fixes). - drm/stm: ltdc: fix late dereference check (git-fixes). - drm/tegra: dpaux: Fix incorrect return value of platform_get_irq (git-fixes). - drm/ttm: check null pointer before accessing when swapping (git-fixes). - drm/ttm: never consider pinned BOs for eviction&swap (git-fixes). - drm/vmwgfx: Fix shader stage validation (git-fixes). - drm: adv7511: Fix low refresh rate register for ADV7533/5 (git-fixes). - drm: rcar-du: remove R-Car H3 ES1.* workarounds (git-fixes). - drm: xlnx: zynqmp_dpsub: Add missing check for dma_set_mask (git-fixes). - dt-bindings: clock: xlnx,versal-clk: drop select:false (git-fixes). - dt-bindings: clocks: imx8mp: make sai4 a dummy clock (git-fixes). - dt-bindings: crypto: ti,sa2ul: make power-domains conditional (git-fixes). - e1000: Fix typos in comments (jsc#PED-5738). - e1000: Remove unnecessary use of kmap_atomic() (jsc#PED-5738). - e1000: switch to napi_build_skb() (jsc#PED-5738). - e1000: switch to napi_consume_skb() (jsc#PED-5738). - exfat: fix unexpected EOF while reading dir (bsc#1214000). - exfat: release s_lock before calling dir_emit() (bsc#1214000). - exfat_iterate(): do not open-code file_inode(file) (bsc#1214000). - fbdev/ep93xx-fb: Do not assign to struct fb_info.dev (git-fixes). - fbdev: Fix sys_imageblit() for arbitrary image widths (git-fixes). - fbdev: Improve performance of sys_imageblit() (git-fixes). - fbdev: Update fbdev source file paths (git-fixes). - fbdev: fix potential OOB read in fast_imageblit() (git-fixes). - fbdev: mmp: fix value check in mmphw_probe() (git-fixes). - file: reinstate f_pos locking optimization for regular files (bsc#1213759). - firmware: arm_scmi: Drop OF node reference in the transport channel setup (git-fixes). - firmware: cs_dsp: Fix new control name check (git-fixes). - firmware: meson_sm: fix to avoid potential NULL pointer dereference (git-fixes). - firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe (git-fixes). - fprobe: Release rethook after the ftrace_ops is unregistered (git-fixes). - fprobe: add unlock to match a succeeded ftrace_test_recursion_trylock (git-fixes). - fs/sysv: Null check to prevent null-ptr-deref bug (git-fixes). - fsi: aspeed: Reset master errors after CFAM reset (git-fixes). - fsi: master-ast-cf: Add MODULE_FIRMWARE macro (git-fixes). - ftrace: Fix possible warning on checking all pages used in ftrace_process_locs() (git-fixes). - gpio: mvebu: Make use of devm_pwmchip_add (git-fixes). - gpio: mvebu: fix irq domain leak (git-fixes). - gpio: tps68470: Make tps68470_gpio_output() always set the initial value (git-fixes). - hv_netvsc: Remove second mapping of send and recv buffers (bsc#1206453). - hwmon: (pmbus/bel-pfe) Enable PMBUS_SKIP_STATUS_CHECK for pfe1100 (git-fixes). - hwmon: (tmp513) Fix the channel number in tmp51x_is_visible() (git-fixes). - hwrng: iproc-rng200 - Implement suspend and resume calls (git-fixes). - hwrng: nomadik - keep clock enabled while hwrng is registered (git-fixes). - hwrng: pic32 - use devm_clk_get_enabled (git-fixes). - i2c: Delete error messages for failed memory allocations (git-fixes). - i2c: Improve size determinations (git-fixes). - i2c: bcm-iproc: Fix bcm_iproc_i2c_isr deadlock issue (git-fixes). - i2c: designware: Correct length byte validation logic (git-fixes). - i2c: designware: Handle invalid SMBus block data response length value (git-fixes). - i2c: hisi: Only handle the interrupt of the driver's transfer (git-fixes). - i2c: nomadik: Remove a useless call in the remove function (git-fixes). - i2c: nomadik: Remove unnecessary goto label (git-fixes). - i2c: nomadik: Use devm_clk_get_enabled() (git-fixes). - i40e: Fix an NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes). - iavf: fix potential races for FDIR filters (git-fixes). - ice: Fix RDMA VSI removal during queue rebuild (git-fixes). - ice: Fix crash by keep old cfg when update TCs more than queues (git-fixes). - ice: Fix max_rate check while configuring TX rate limits (git-fixes). - ice: Fix memory management in ice_ethtool_fdir.c (git-fixes). - iio: adc: ina2xx: avoid NULL pointer dereference on OF device match (git-fixes). - iio: adc: stx104: Implement and utilize register structures (git-fixes). - iio: adc: stx104: Utilize iomap interface (git-fixes). - iio: cros_ec: Fix the allocation size for cros_ec_command (git-fixes). - intel/e1000:fix repeated words in comments (jsc#PED-5738). - intel: remove unused macros (jsc#PED-5738). - iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback (bsc#1212423). - iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback (bsc#1212423). - iommu/amd: Add PCI segment support for ivrs_ commands (git-fixes). - iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support (bsc#1212423). - iommu/amd: Do not identity map v2 capable device when snp is enabled (git-fixes). - iommu/amd: Fix compile warning in init code (git-fixes). - iommu/amd: Fix ill-formed ivrs_ioapic, ivrs_hpet and ivrs_acpihid options (git-fixes). - iommu/amd: Fix ivrs_acpihid cmdline parsing code (git-fixes). - iommu/amd: Fix pci device refcount leak in ppr_notifier() (git-fixes). - iommu/amd: use full 64-bit value in build_completion_wait() (git-fixes). - iommu/arm-smmu-v3: Make default domain type of HiSilicon PTT device to identity (git-fixes). - iommu/arm-smmu-v3: check return value after calling platform_get_resource() (git-fixes). - iommu/arm-smmu-v3: fix event handling soft lockup (git-fixes). - iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe() (git-fixes). - iommu/dart: Initialize DART_STREAMS_ENABLE (git-fixes). - iommu/dma: Fix incorrect error return on iommu deferred attach (git-fixes). - iommu/dma: Fix iova map result check bug (git-fixes). - iommu/dma: return error code from iommu_dma_map_sg() (git-fixes). - iommu/fsl_pamu: Fix resource leak in fsl_pamu_probe() (git-fixes). - iommu/io-pgtable-arm-v7s: Add a quirk to allow pgtable PA up to 35bit (git-fixes). - iommu/iova: Fix module config properly (git-fixes). - iommu/mediatek: Add error path for loop of mm_dts_parse (git-fixes). - iommu/mediatek: Add platform_device_put for recovering the device refcnt (git-fixes). - iommu/mediatek: Check return value after calling platform_get_resource() (git-fixes). - iommu/mediatek: Set dma_mask for PGTABLE_PA_35_EN (git-fixes). - iommu/mediatek: Use component_match_add (git-fixes). - iommu/mediatek: Validate number of phandles associated with "mediatek,larbs" (git-fixes). - iommu/omap: Fix buffer overflow in debugfs (git-fixes). - iommu/rockchip: fix permission bits in page table entries v2 (git-fixes). - iommu/s390: Fix duplicate domain attachments (git-fixes). - iommu/sun50i: Consider all fault sources for reset (git-fixes). - iommu/sun50i: Fix R/W permission check (git-fixes). - iommu/sun50i: Fix flush size (git-fixes). - iommu/sun50i: Fix reset release (git-fixes). - iommu/sun50i: Implement .iotlb_sync_map (git-fixes). - iommu/sun50i: Remove IOMMU_DOMAIN_IDENTITY (git-fixes). - iommu/vt-d: Add RPLS to quirk list to skip TE disabling (git-fixes). - iommu/vt-d: Check correct capability for sagaw determination (git-fixes). - iommu/vt-d: Clean up si_domain in the init_dmars() error path (git-fixes). - iommu/vt-d: Correctly calculate sagaw value of IOMMU (git-fixes). - iommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init() (git-fixes). - iommu/vt-d: Fix PCI device refcount leak in has_external_pci() (git-fixes). - iommu/vt-d: Fix kdump kernels boot failure with scalable mode (git-fixes). - iommu/vt-d: Preset Access bit for IOVA in FL non-leaf paging entries (git-fixes). - iommu/vt-d: Set SRE bit only when hardware has SRS cap (git-fixes). - ipmi:ssif: Add check for kstrdup (git-fixes). - ipmi:ssif: Fix a memory leak when scanning for an adapter (git-fixes). - ipmi_si: fix a memleak in try_smi_init() (git-fixes). - jffs2: correct logic when creating a hole in jffs2_write_begin (git-fixes). - kabi/severities: Ignore newly added SRSO mitigation functions - kabi: Allow extra bugsints (bsc#1213927). - kernel-binary: Common dependencies cleanup Common dependencies are copied to a subpackage, there is no need for copying defines or build dependencies there. - kernel-binary: Drop code for kerntypes support Kerntypes was a SUSE-specific feature dropped before SLE 12. - kunit: make kunit_test_timeout compatible with comment (git-fixes). - leds: Fix BUG_ON check for LED_COLOR_ID_MULTI that is always false (git-fixes). - leds: multicolor: Use rounded division when calculating color components (git-fixes). - leds: pwm: Fix error code in led_pwm_create_fwnode() (git-fixes). - leds: trigger: tty: Do not use LED_ON/OFF constants, use led_blink_set_oneshot instead (git-fixes). - leds: turris-omnia: Drop unnecessary mutex locking (git-fixes). - lib/test_meminit: allocate pages up to order MAX_ORDER (git-fixes). - lib/test_meminit: destroy cache in kmem_cache_alloc_bulk() test (git-fixes). - libbpf: Fix BTF-to-C converter's padding logic (bsc#1211220 jsc#PED-3924). - libbpf: Fix btf_dump's packed struct determination (bsc#1211220 jsc#PED-3924). - libbpf: Fix single-line struct definition output in btf_dump (bsc#1211220 jsc#PED-3924). - libceph: fix potential hang in ceph_osdc_notify() (bsc#1214393). - md/raid0: Factor out helper for mapping and submitting a bio (bsc#1213916). - md/raid0: Fix performance regression for large sequential writes (bsc#1213916). - media: ad5820: Drop unsupported ad5823 from i2c_ and of_device_id tables (git-fixes). - media: cx24120: Add retval check for cx24120_message_send() (git-fixes). - media: dib7000p: Fix potential division by zero (git-fixes). - media: dvb-usb: m920x: Fix a potential memory leak in m920x_i2c_xfer() (git-fixes). - media: go7007: Remove redundant if statement (git-fixes). - media: i2c: ccs: Check rules is non-NULL (git-fixes). - media: i2c: rdacm21: Fix uninitialized value (git-fixes). - media: i2c: tvp5150: check return value of devm_kasprintf() (git-fixes). - media: ov2680: Add ov2680_fill_format() helper function (git-fixes). - media: ov2680: Do not take the lock for try_fmt calls (git-fixes). - media: ov2680: Fix ov2680_bayer_order() (git-fixes). - media: ov2680: Fix ov2680_set_fmt() which == V4L2_SUBDEV_FORMAT_TRY not working (git-fixes). - media: ov2680: Fix regulators being left enabled on ov2680_power_on() errors (git-fixes). - media: ov2680: Fix vflip / hflip set functions (git-fixes). - media: ov2680: Remove VIDEO_V4L2_SUBDEV_API ifdef-s (git-fixes). - media: ov5640: Enable MIPI interface in ov5640_set_power_mipi() (git-fixes). - media: rkvdec: increase max supported height for H.264 (git-fixes). - media: v4l2-core: Fix a potential resource leak in v4l2_fwnode_parse_link() (git-fixes). - media: v4l2-mem2mem: add lock to protect parameter num_rdy (git-fixes). - media: venus: hfi_venus: Only consider sys_idle_indicator on V1 (git-fixes). - media: venus: hfi_venus: Write to VIDC_CTRL_INIT after unmasking interrupts (git-fixes). - misc: rtsx: judge ASPM Mode to set PETXCFG Reg (git-fixes). - mkspec: Allow unsupported KMPs (bsc#1214386) - mlxsw: pci: Add shutdown method in PCI driver (git-fixes). - mmc: block: Fix in_flight[issue_type] value error (git-fixes). - mmc: moxart: read scr register without changing byte order (git-fixes). - mmc: wbsd: fix double mmc_free_host() in wbsd_init() (git-fixes). - module: avoid allocation if module is already present and ready (bsc#1213921). - module: extract patient module check into helper (bsc#1213921). - module: move check_modinfo() early to early_mod_check() (bsc#1213921). - module: move early sanity checks into a helper (bsc#1213921). - mtd: rawnand: brcmnand: Fix crash during the panic_write (git-fixes). - mtd: rawnand: brcmnand: Fix mtd oobsize (git-fixes). - mtd: rawnand: brcmnand: Fix potential false time out warning (git-fixes). - mtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write (git-fixes). - mtd: rawnand: fsl_upm: Fix an off-by one test in fun_exec_op() (git-fixes). - mtd: rawnand: fsmc: handle clk prepare error in fsmc_nand_resume() (git-fixes). - mtd: rawnand: omap_elm: Fix incorrect type in assignment (git-fixes). - mtd: rawnand: rockchip: Align hwecc vs. raw page helper layouts (git-fixes). - mtd: rawnand: rockchip: fix oobfree offset and description (git-fixes). - mtd: spi-nor: Check bus width while setting QE bit (git-fixes). - mtd: spinand: toshiba: Fix ecc_get_status (git-fixes). - n_tty: Rename tail to old_tail in n_tty_read() (git-fixes). - net: hns3: fix wrong bw weight of disabled tc issue (git-fixes). - net: ieee802154: at86rf230: Stop leaking skb's (git-fixes). - net: mana: Fix MANA VF unload when hardware is unresponsive (git-fixes). - net: phy: at803x: remove set/get wol callbacks for AR8032 (git-fixes). - net: phy: broadcom: stub c45 read/write for 54810 (git-fixes). - net: phy: fix IRQ-based wake-on-lan over hibernate / power off (git-fixes). - net: stmmac: tegra: Properly allocate clock bulk data (bsc#1213733) - net: usb: lan78xx: reorder cleanup operations to avoid UAF bugs (git-fixes). - net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb (git-fixes). - netfs: Fix lockdep warning from taking sb_writers whilst holding mmap_lock (bsc#1214742). - netfs: Fix missing xas_retry() calls in xarray iteration (bsc#1213946 bsc#1214404). - netfs: Fix missing xas_retry() calls in xarray iteration (bsc#1213946). - netfs: fix parameter of cleanup() (bsc#1214743). - nfsd: Remove incorrect check in nfsd4_validate_stateid (git-fixes). - nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse (git-fixes). - nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput (git-fixes). - nvme-rdma: fix potential unbalanced freeze & unfreeze (bsc#1208902). - nvme-tcp: fix potential unbalanced freeze & unfreeze (bsc#1208902). - objtool/x86: Fix SRSO mess (git-fixes). - objtool/x86: Fixup frame-pointer vs rethunk (git-fixes). - objtool: Union instruction::{call_dest,jump_table} (git-fixes). - old-flavors: Drop 2.6 kernels. 2.6 based kernels are EOL, upgrading from them is no longer suported. - pcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db() (git-fixes). - phy/rockchip: inno-hdmi: do not power on rk3328 post pll on reg write (git-fixes). - phy/rockchip: inno-hdmi: round fractal pixclock in rk3328 recalc_rate (git-fixes). - phy/rockchip: inno-hdmi: use correct vco_div_5 macro on rk3328 (git-fixes). - phy: qcom-snps-femto-v2: keep cfg_ahb_clk enabled during runtime suspend (git-fixes). - phy: qcom-snps-femto-v2: properly enable ref clock (git-fixes). - phy: qcom-snps: Use dev_err_probe() to simplify code (git-fixes). - phy: qcom-snps: correct struct qcom_snps_hsphy kerneldoc (git-fixes). - pinctrl: amd: Mask wake bits on probe again (git-fixes). - pinctrl: amd: Revert "pinctrl: amd: disable and mask interrupts on probe" (git-fixes). - pinctrl: cherryview: fix address_space_handler() argument (git-fixes). - pinctrl: mcp23s08: check return value of devm_kasprintf() (git-fixes). - pinctrl: renesas: rza2: Add lock around pinctrl_generic{{add,remove}_group,{add,remove}_function} (git-fixes). - platform/x86: dell-sysman: Fix reference leak (git-fixes). - powerpc/64e: Fix kexec build error (bsc#1212091 ltc#199106). - powerpc/iommu: Fix iommu_table_in_use for a small default DMA window case (bsc#1212091 ltc#199106). - powerpc/iommu: Incorrect DDW Table is referenced for SR-IOV device (bsc#1212091 ltc#199106). - powerpc/iommu: TCEs are incorrectly manipulated with DLPAR add/remove of memory (bsc#1212091 ltc#199106). - powerpc/iommu: do not set failed sg dma_address to DMA_MAPPING_ERROR (bsc#1212091 ltc#199106). - powerpc/iommu: return error code from .map_sg() ops (bsc#1212091 ltc#199106). - powerpc/kernel/iommu: Add new iommu_table_in_use() helper (bsc#1212091 ltc#199106). - powerpc/kexec: Fix build failure from uninitialised variable (bsc#1212091 ltc#199106). - powerpc/mm/altmap: Fix altmap boundary check (bsc#1120059 git-fixes). - powerpc/pseries/ddw: Do not try direct mapping with persistent memory and one window (bsc#1212091 ltc#199106). - powerpc/pseries/ddw: simplify enable_ddw() (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Add ddw_list_new_entry() helper (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Add ddw_property_create() and refactor enable_ddw() (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Add iommu_pseries_alloc_table() helper (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Add of_node_put() before break (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Allow DDW windows starting at 0x00 (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Check if the default window in use before removing it (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Create huge DMA window if no MMIO32 is present (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Find existing DDW with given property name (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Make use of DDW for indirect mapping (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Print ibm,query-pe-dma-windows parameters (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Rename "direct window" to "dma window" (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Reorganize iommu_table_setparms*() with new helper (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Replace hard-coded page shift (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Update remove_dma_window() to accept property name (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Use correct vfree for it_map (bsc#1212091 ltc#199106). - powerpc/pseries: Add __init attribute to eligible functions (bsc#1212091 ltc#199106). - powerpc/pseries: Honour current SMT state when DLPAR onlining CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - powerpc/pseries: Initialise CPU hotplug callbacks earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - powerpc/rtas: block error injection when locked down (bsc#1023051). - powerpc/rtas: enture rtas_call is called with MMU enabled (bsc#1023051). - powerpc/rtas: mandate RTAS syscall filtering (bsc#1023051). - powerpc/rtas_flash: allow user copy to flash block cache objects (bsc#1194869). - powerpc/security: Fix Speculation_Store_Bypass reporting on Power10 (bsc#1188885 ltc#193722 git-fixes). - powerpc: Add HOTPLUG_SMT support (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). Update config files. - powerpc: Move DMA64_PROPNAME define to a header (bsc#1214297 ltc#197503). - powerpc: fix typos in comments (bsc#1212091 ltc#199106). - pseries/iommu/ddw: Fix kdump to work in absence of ibm,dma-window (bsc#1214297 ltc#197503). - pstore/ram: Check start of empty przs during init (git-fixes). - pwm: Add a stub for devm_pwmchip_add() (git-fixes). - pwm: meson: Simplify duplicated per-channel tracking (git-fixes). - pwm: meson: fix handling of period/duty if greater than UINT_MAX (git-fixes). - qed: Fix scheduling in a tasklet while getting stats (git-fixes). - regmap: rbtree: Use alloc_flags for memory allocations (git-fixes). - ring-buffer: Do not swap cpu_buffer during resize process (git-fixes). - ring-buffer: Fix deadloop issue on reading trace_pipe (git-fixes). - ring-buffer: Fix wrong stat of cpu_buffer->read (git-fixes). - rpm/mkspec-dtb: support for nested subdirs - rpmsg: glink: Add check for kstrdup (git-fixes). - s390/ipl: add missing secure/has_secure file to ipl type 'unknown' (bsc#1214976). - s390/purgatory: disable branch profiling (git-fixes bsc#1214372). - s390/zcrypt: fix reply buffer calculations for CCA replies (bsc#1213949). - sched/fair: Fix inaccurate tally of ttwu_move_affine (git fixes). - sched/fair: Use recent_used_cpu to test p->cpus_ptr (git fixes). - sched/psi: use kernfs polling functions for PSI trigger polling (bsc#1209799). - scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() (git-fixes). - scsi: 53c700: Check that command slot is not NULL (git-fixes). - scsi: RDMA/srp: Fix residual handling (git-fixes) - scsi: bsg: Increase number of devices (bsc#1210048). - scsi: core: Do not wait for quiesce in scsi_device_block() (bsc#1209284). - scsi: core: Do not wait for quiesce in scsi_stop_queue() (bsc#1209284). - scsi: core: Fix legacy /proc parsing buffer overflow (git-fixes). - scsi: core: Fix possible memory leak if device_add() fails (git-fixes). - scsi: core: Improve warning message in scsi_device_block() (bsc#1209284). - scsi: core: Merge scsi_internal_device_block() and device_block() (bsc#1209284). - scsi: fnic: Replace return codes in fnic_clean_pending_aborts() (git-fixes). - scsi: qedf: Fix NULL dereference in error handling (git-fixes). - scsi: qedf: Fix firmware halt over suspend and resume (git-fixes). - scsi: qedi: Fix firmware halt over suspend and resume (git-fixes). - scsi: scsi_debug: Remove dead code (git-fixes). - scsi: sg: Increase number of devices (bsc#1210048). - scsi: snic: Fix double free in snic_tgt_create() (git-fixes). - scsi: snic: Fix possible memory leak if device_add() fails (git-fixes). - scsi: storvsc: Always set no_report_opcodes (git-fixes). - scsi: storvsc: Fix handling of virtual Fibre Channel timeouts (git-fixes). - scsi: storvsc: Handle SRB status value 0x30 (git-fixes). - scsi: storvsc: Limit max_sectors for virtual Fibre Channel devices (git-fixes). - scsi: zfcp: Defer fc_rport blocking until after ADISC response (git-fixes bsc#1214371). - selftests/bpf: Test btf dump for struct with padding only fields (bsc#1211220 jsc#PED-3924). - selftests/futex: Order calls to futex_lock_pi (git-fixes). - selftests/harness: Actually report SKIP for signal tests (git-fixes). - selftests/resctrl: Close perf value read fd on errors (git-fixes). - selftests/resctrl: Do not leak buffer in fill_cache() (git-fixes). - selftests/resctrl: Unmount resctrl FS if child fails to run benchmark (git-fixes). - selftests/rseq: check if libc rseq support is registered (git-fixes). - selftests: forwarding: Add a helper to skip test when using veth pairs (git-fixes). - selftests: forwarding: Skip test when no interfaces are specified (git-fixes). - selftests: forwarding: Switch off timeout (git-fixes). - selftests: forwarding: ethtool: Skip when using veth pairs (git-fixes). - selftests: forwarding: ethtool_extended_state: Skip when using veth pairs (git-fixes). - selftests: forwarding: tc_actions: Use ncat instead of nc (git-fixes). - selftests: forwarding: tc_actions: cleanup temporary files when test is aborted (git-fixes). - selftests: forwarding: tc_flower: Relax success criterion (git-fixes). - selftests: mirror_gre_changes: Tighten up the TTL test match (git-fixes). - serial: sc16is7xx: fix broken port 0 uart init (git-fixes). - serial: sc16is7xx: fix bug when first setting GPIO direction (git-fixes). - serial: sprd: Assign sprd_port after initialized to avoid wrong access (git-fixes). - serial: sprd: Fix DMA buffer leak issue (git-fixes). - serial: tegra: handle clk prepare error in tegra_uart_hw_init() (git-fixes). - sfc: fix crash when reading stats while NIC is resetting (git-fixes). - smb3: do not set NTLMSSP_VERSION flag for negotiate not auth request (bsc#1193629). - smb: client: Fix -Wstringop-overflow issues (bsc#1193629). - smb: client: fix dfs link mount against w2k8 (bsc#1212142). - smb: client: fix null auth (git-fixes). - soc: aspeed: socinfo: Add kfree for kstrdup (git-fixes). - soundwire: bus: pm_runtime_request_resume on peripheral attachment (git-fixes). - soundwire: fix enumeration completion (git-fixes). - spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe() (git-fixes). - supported.conf: fix typos for -!optional markers - swiotlb: Remove bounce buffer remapping for Hyper-V (bsc#1206453). - target: compare and write backend driver sense handling (bsc#1177719 bsc#1213026). - target_core_rbd: fix leak and reduce kmalloc calls (bsc#1212873). - target_core_rbd: fix rbd_img_request.snap_id assignment (bsc#1212857). - target_core_rbd: remove snapshot existence validation code (bsc#1212857). - thunderbolt: Read retimer NVM authentication status prior tb_retimer_set_inbound_sbtx() (git-fixes). - timers: Add shutdown mechanism to the internal functions (bsc#1213970). - timers: Provide timer_shutdown[_sync]() (bsc#1213970). - timers: Rename del_timer() to timer_delete() (bsc#1213970). - timers: Rename del_timer_sync() to timer_delete_sync() (bsc#1213970). - timers: Replace BUG_ON()s (bsc#1213970). - timers: Silently ignore timers with a NULL function (bsc#1213970). - timers: Split [try_to_]del_timer[_sync]() to prepare for shutdown mode (bsc#1213970). - timers: Update kernel-doc for various functions (bsc#1213970). - timers: Use del_timer_sync() even on UP (bsc#1213970). - tracing/histograms: Add histograms to hist_vars if they have referenced variables (git-fixes). - tracing/histograms: Return an error if we fail to add histogram to hist_vars list (git-fixes). - tracing/probes: Fix not to count error code to total length (git-fixes). - tracing/probes: Fix to avoid double count of the string length on the array (git-fixes). - tracing/probes: Fix to record 0-length data_loc in fetch_store_string*() if fails (git-fixes). - tracing/probes: Fix to update dynamic data counter if fetcharg uses it (git-fixes). - tracing: Fix cpu buffers unavailable due to 'record_disabled' missed (git-fixes). - tracing: Fix memleak due to race between current_tracer and trace (git-fixes). - tracing: Fix memory leak of iter->temp when reading trace_pipe (git-fixes). - tracing: Fix null pointer dereference in tracing_err_log_open() (git-fixes). - tracing: Fix warning in trace_buffered_event_disable() (git-fixes). - tty: fix hang on tty device with no_room set (git-fixes). - tty: n_gsm: fix the UAF caused by race condition in gsm_cleanup_mux (git-fixes). - tty: serial: fsl_lpuart: Add i.MXRT1050 support (git-fixes). - tty: serial: fsl_lpuart: Clear the error flags by writing 1 for lpuart32 platforms (git-fixes). - tty: serial: fsl_lpuart: make rx_watermark configurable for different platforms (git-fixes). - tty: serial: fsl_lpuart: reduce RX watermark to 0 on LS1028A (git-fixes). - ubifs: Fix memleak when insert_old_idx() failed (git-fixes). - usb-storage: alauda: Fix uninit-value in alauda_check_media() (git-fixes). - usb: chipidea: imx: add missing USB PHY DPDM wakeup setting (git-fixes). - usb: chipidea: imx: do not request QoS for imx8ulp (git-fixes). - usb: chipidea: imx: improve logic if samsung,picophy-* parameter is 0 (git-fixes). - usb: common: usb-conn-gpio: Prevent bailing out if initial role is none (git-fixes). - usb: dwc3: Fix typos in gadget.c (git-fixes). - usb: dwc3: Properly handle processing of pending events (git-fixes). - usb: dwc3: meson-g12a: do post init to fix broken usb after resumption (git-fixes). - usb: gadget: Fix the memory leak in raw_gadget driver (git-fixes). - usb: gadget: f_mass_storage: Fix unused variable warning (git-fixes). - usb: gadget: u_serial: Avoid spinlock recursion in __gs_console_push (git-fixes). - usb: ohci-at91: Fix the unhandle interrupt when resume (git-fixes). - usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host() (git-fixes). - usb: quirks: add quirk for Focusrite Scarlett (git-fixes). - usb: serial: option: add Quectel EC200A module support (git-fixes). - usb: serial: option: support Quectel EM060K_128 (git-fixes). - usb: serial: simple: add Kaufmann RKS+CAN VCP (git-fixes). - usb: serial: simple: sort driver entries (git-fixes). - usb: typec: altmodes/displayport: Signal hpd when configuring pin assignment (git-fixes). - usb: typec: tcpm: Fix response to vsafe0V event (git-fixes). - usb: typec: tcpm: set initial svdm version based on pd revision (git-fixes). - usb: zaurus: Add ID for A-300/B-500/C-700 (git-fixes). - watchdog: sp5100_tco: support Hygon FCH/SCH (Server Controller Hub) (git-fixes). - wifi: ath10k: Use RMW accessors for changing LNKCTL (git-fixes). - wifi: ath11k: Use RMW accessors for changing LNKCTL (git-fixes). - wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx (git-fixes). - wifi: ath9k: protect WMI command response buffer replacement with a lock (git-fixes). - wifi: ath9k: use IS_ERR() with debugfs_create_dir() (git-fixes). - wifi: cfg80211: Fix return value in scan logic (git-fixes). - wifi: cfg80211: fix sband iftype data lookup for AP_VLAN (git-fixes). - wifi: mt76: mt7615: do not advertise 5 GHz on first phy of MT7615D (DBDC) (git-fixes). - wifi: mt76: mt7915: fix power-limits while chan_switch (git-fixes). - wifi: mt76: mt7921: do not support one stream on secondary antenna only (git-fixes). - wifi: mt76: mt7921: fix non-PSC channel scan fail (git-fixes). - wifi: mt76: testmode: add nla_policy for MT76_TM_ATTR_TX_LENGTH (git-fixes). - wifi: mwifiex: Fix OOB and integer underflow when rx packets (git-fixes). - wifi: mwifiex: Fix missed return in oob checks failed path (git-fixes). - wifi: mwifiex: avoid possible NULL skb pointer dereference (git-fixes). - wifi: mwifiex: fix error recovery in PCIE buffer descriptor management (git-fixes). - wifi: mwifiex: fix memory leak in mwifiex_histogram_read() (git-fixes). - wifi: nl80211/cfg80211: add forgotten nla_policy for BSS color attribute (git-fixes). - wifi: radiotap: fix kernel-doc notation warnings (git-fixes). - wifi: rtw89: debug: Fix error handling in rtw89_debug_priv_btc_manual_set() (git-fixes). - x86/CPU/AMD: Disable XSAVES on AMD family 0x17 (git-fixes). - x86/alternative: Make custom return thunk unconditional (git-fixes). - x86/cpu/kvm: Provide UNTRAIN_RET_VM (git-fixes). - x86/cpu: Clean up SRSO return thunk mess (git-fixes). - x86/cpu: Cleanup the untrain mess (git-fixes). - x86/cpu: Fix __x86_return_thunk symbol type (git-fixes). - x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk() (git-fixes). - x86/cpu: Rename original retbleed methods (git-fixes). - x86/cpu: Rename srso_(.*)_alias to srso_alias_\1 (git-fixes). - x86/hyperv: Add an interface to do nested hypercalls (bsc#1206453). - x86/hyperv: Add support for detecting nested hypervisor (bsc#1206453). - x86/hyperv: Change vTOM handling to use standard coco mechanisms (bsc#1206453). - x86/hyperv: Remove BUG_ON() for kmap_local_page() (bsc#1206453). - x86/hyperv: Reorder code to facilitate future work (bsc#1206453). - x86/hyperv: Replace kmap() with kmap_local_page() (bsc#1206453). - x86/ioremap: Add hypervisor callback for private MMIO mapping in coco (bsc#1206453). - x86/mce: Make sure logged MCEs are processed after sysfs update (git-fixes). - x86/mm: Handle decryption/re-encryption of bss_decrypted consistently (bsc#1206453). - x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG (git-fixes). - x86/retpoline,kprobes: Skip optprobe check for indirect jumps with retpolines and IBT (git-fixes). - x86/retpoline: Do not clobber RFLAGS during srso_safe_ret() (git-fixes). - x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635). - x86/speculation: Add cpu_show_gds() prototype (git-fixes). - x86/speculation: Mark all Skylake CPUs as vulnerable to GDS (git-fixes). - x86/srso: Correct the mitigation status when SMT is disabled (git-fixes). - x86/srso: Disable the mitigation on unaffected configurations (git-fixes). - x86/srso: Explain the untraining sequences a bit more (git-fixes). - x86/srso: Fix build breakage with the LLVM linker (git-fixes). - x86/srso: Fix return thunks in generated code (git-fixes). - x86/static_call: Fix __static_call_fixup() (git-fixes). - x86/tdx: Add more registers to struct tdx_hypercall_args (bsc#1206453). - x86/tdx: Do not corrupt frame-pointer in __tdx_hypercall() (bsc#1206453). - x86/tdx: Expand __tdx_hypercall() to handle more arguments (bsc#1206453). - x86/tdx: Fix typo in comment in __tdx_hypercall() (bsc#1206453). - x86/tdx: Refactor __tdx_hypercall() to allow pass down more arguments (bsc#1206453). - xfs: fix sb write verify for lazysbcount (bsc#1214661). kernel-default-5.14.21-150500.55.28.1.nosrc.rpm True kernel-default-5.14.21-150500.55.28.1.x86_64.rpm True kernel-default-base-5.14.21-150500.55.28.1.150500.6.11.2.src.rpm True kernel-default-base-5.14.21-150500.55.28.1.150500.6.11.2.x86_64.rpm True kernel-default-5.14.21-150500.55.28.1.s390x.rpm True kernel-default-5.14.21-150500.55.28.1.aarch64.rpm True kernel-default-base-5.14.21-150500.55.28.1.150500.6.11.2.aarch64.rpm True openSUSE-Leap-Micro-5.5-2023-4304 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for cloud-regionsrv-client fixes the following issues: - Update to version 10.1.3 (bsc#1214801): * Fixes an issue when it is unable to register a 'payg' instance. cloud-regionsrv-client-10.1.3-150000.6.99.1.noarch.rpm cloud-regionsrv-client-10.1.3-150000.6.99.1.src.rpm cloud-regionsrv-client-addon-azure-1.0.5-150000.6.99.1.noarch.rpm cloud-regionsrv-client-generic-config-1.0.0-150000.6.99.1.noarch.rpm cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.99.1.noarch.rpm cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.99.1.noarch.rpm cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.99.1.noarch.rpm openSUSE-Leap-Micro-5.5-2023-3951 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for python3-jmespath and python3-ply fixes the following issue: - the packages are required as dependencies for python3-salt, and were missing on aarch64 based SLE Micro flavors so far. There are no functional changes. python-jmespath-0.9.3-150000.3.5.1.src.rpm python-ply-3.10-150000.3.5.1.src.rpm python3-jmespath-0.9.3-150000.3.5.1.noarch.rpm python3-ply-3.10-150000.3.5.1.noarch.rpm openSUSE-Leap-Micro-5.5-2023-3997 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). libnghttp2-14-1.40.0-150200.9.1.x86_64.rpm nghttp2-1.40.0-150200.9.1.src.rpm libnghttp2-14-1.40.0-150200.9.1.s390x.rpm libnghttp2-14-1.40.0-150200.9.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-3988 important SUSE Updates openSUSE-Leap-Micro 5.5 The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-38457: Fixed a use-after-free vulnerability in vmwgfx driver that allowed a local attacker to cause a denial of service (bsc#1203330). - CVE-2022-40133: Fixed a use-after-free vulnerability in vmwgfx driver that allowed a local attacker to cause a denial of service (bsc#1203329). - CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995 CVE-2023-1192). - CVE-2023-1859: Fixed a use-after-free flaw in xen_9pfs_front_removet that could lead to system crash and kernel information leak (bsc#1210169). - CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448). - CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927). - CVE-2023-2177: Fixed null pointer dereference issue in the sctp network protocol that could lead to system crash or DoS (bsc#1210643). - CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546). - CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation (bsc#1213580). - CVE-2023-37453: Fixed oversight in SuperSpeed initialization (bsc#1213123). - CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666). - CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601). - CVE-2023-40283: Fixed use-after-free in l2cap_sock_ready_cb (bsc#1214233). - CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149). - CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970). - CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work() (bsc#1213971). - CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1213968). - CVE-2023-4194: Fixed a type confusion in net tun_chr_open() (bsc#1214019). - CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214120). - CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that could allow a local attacker to crash the system due to a double-free (bsc#1214350). - CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451). - CVE-2023-4563: Fixed use-after-free in nft_verdict_dump due to a race between set GC and transaction (bsc#1214727). - CVE-2023-4569: Fixed information leak in nft_set_catchall_flush in net/netfilter/nf_tables_api.c (bsc#1214729). - CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221). The following non-security bugs were fixed: - ACPI/IORT: Update SMMUv3 DeviceID support (bsc#1214305). - ACPI: processor: perflib: Avoid updating frequency QoS unnecessarily (git-fixes). - ACPI: processor: perflib: Use the "no limit" frequency QoS (git-fixes). - ACPI: x86: s2idle: Fix a logic error parsing AMD constraints table (git-fixes). - ALSA: ac97: Fix possible error value of *rac97 (git-fixes). - ALSA: hda/cirrus: Fix broken audio on hardware with two CS42L42 codecs (git-fixes). - ALSA: hda/cs8409: Support new Dell Dolphin Variants (git-fixes). - ALSA: hda/realtek - Remodified 3k pull low procedure (git-fixes). - ALSA: hda/realtek: Add quirk for HP Victus 16-d1xxx to enable mute LED (git-fixes). - ALSA: hda/realtek: Add quirk for mute LEDs on HP ENVY x360 15-eu0xxx (git-fixes). - ALSA: hda/realtek: Add quirks for HP G11 Laptops (git-fixes). - ALSA: hda/realtek: Switch Dell Oasis models to use SPI (git-fixes). - ALSA: pcm: Fix missing fixup call in compat hw_refine ioctl (git-fixes). - ALSA: usb-audio: Add support for Mythware XA001AU capture and playback interfaces (git-fixes). - ALSA: usb-audio: Fix init call orders for UAC1 (git-fixes). - ALSA: ymfpci: Fix the missing snd_card_free() call at probe error (git-fixes). - ARM: dts: imx6dl: prtrvt, prtvt7, prti6q, prtwd2: fix USB related warnings (git-fixes). - ARM: dts: imx6sll: fixup of operating points (git-fixes). - ARM: pxa: remove use of symbol_get() (git-fixes). - ARM: spear: Do not use timer namespace for timer_shutdown() function (bsc#1213970). - ASoC: SOF: Intel: fix SoundWire/HDaudio mutual exclusion (git-fixes). - ASoC: amd: yc: Fix a non-functional mic on Lenovo 82SJ (git-fixes). - ASoC: lower "no backend DAIs enabled for ... Port" log severity (git-fixes). - ASoC: meson: axg-tdm-formatter: fix channel slot allocation (git-fixes). - ASoC: rt5665: add missed regulator_bulk_disable (git-fixes). - ASoC: stac9766: fix build errors with REGMAP_AC97 (git-fixes). - ASoC: tegra: Fix SFC conversion for few rates (git-fixes). - Bluetooth: Fix potential use-after-free when clear keys (git-fixes). - Bluetooth: L2CAP: Fix use-after-free (git-fixes). - Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb (git-fixes). - Bluetooth: Remove unused declaration amp_read_loc_info() (git-fixes). - Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition (git-fixes). - Bluetooth: btusb: Add MT7922 bluetooth ID for the Asus Ally (git-fixes). - Bluetooth: btusb: Do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() (git-fixes). - CONFIG_NVME_VERBOSE_ERRORS=y gone with a82baa8083b - CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT=13 gone with 7e152d55123 - Documentation: devices.txt: Fix minors for ttyCPM* (git-fixes). - Documentation: devices.txt: Remove ttyIOC* (git-fixes). - Documentation: devices.txt: Remove ttySIOC* (git-fixes). - Drivers: hv: Do not remap addresses that are above shared_gpa_boundary (bsc#1206453). - Drivers: hv: Enable vmbus driver for nested root partition (bsc#1206453). - Drivers: hv: Explicitly request decrypted in vmap_pfn() calls (bsc#1206453). - Drivers: hv: Setup synic registers in case of nested root partition (bsc#1206453). - Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (bsc#1206453). - Drivers: hv: vmbus: Remove second mapping of VMBus monitor pages (bsc#1206453). - Drivers: hv: vmbus: Remove second way of mapping ring buffers (bsc#1206453). - Drivers: hv: vmbus: Remove the per-CPU post_msg_page (bsc#1206453). - Drop amdgpu patch causing spamming (bsc#1215523) - Drop cfg80211 lock fix patches that caused a regression (bsc#1213757) - Drop rtsx patch that caused a regression (bsc#1214397,bsc#1214428) - Enable Analog Devices Industrial Ethernet PHY driver (jsc#PED-4759) - HID: add quirk for 03f0:464a HP Elite Presenter Mouse (git-fixes). - HID: logitech-dj: Fix error handling in logi_dj_recv_switch_to_dj_mode() (git-fixes). - HID: logitech-hidpp: Add USB and Bluetooth IDs for the Logitech G915 TKL Keyboard (git-fixes). - HID: multitouch: Correct devm device reference for hidinput input_dev name (git-fixes). - HID: wacom: remove the battery when the EKR is off (git-fixes). - HWPOISON: offline support: fix spelling in Documentation/ABI/ (git-fixes). - IB/hfi1: Fix possible panic during hotplug remove (git-fixes) - IB/uverbs: Fix an potential error pointer dereference (git-fixes) - Input: exc3000 - properly stop timer on shutdown (git-fixes). - Input: tca6416-keypad - fix interrupt enable disbalance (git-fixes). - KVM: SVM: Remove a duplicate definition of VMCB_AVIC_APIC_BAR_MASK (git-fixes). - KVM: VMX: Fix header file dependency of asm/vmx.h (git-fixes). - KVM: s390: fix sthyi error handling (git-fixes bsc#1214370). - Kbuild: add -Wno-shift-negative-value where -Wextra is used (bsc#1214756). - Kbuild: move to -std=gnu11 (bsc#1214756). - PCI/ASPM: Avoid link retraining race (git-fixes). - PCI/ASPM: Factor out pcie_wait_for_retrain() (git-fixes). - PCI/ASPM: Return 0 or -ETIMEDOUT from pcie_retrain_link() (git-fixes). - PCI: Free released resource after coalescing (git-fixes). - PCI: Mark NVIDIA T4 GPUs to avoid bus reset (git-fixes). - PCI: acpiphp: Reassign resources on bridge if necessary (git-fixes). - PCI: acpiphp: Use pci_assign_unassigned_bridge_resources() only for non-root bus (git-fixes). - PCI: hv: Enable PCI pass-thru devices in Confidential VMs (bsc#1206453). - PCI: hv: Replace retarget_msi_interrupt_params with (bsc#1206453). - PCI: meson: Remove cast between incompatible function type (git-fixes). - PCI: microchip: Correct the DED and SEC interrupt bit offsets (git-fixes). - PCI: microchip: Remove cast between incompatible function type (git-fixes). - PCI: pciehp: Use RMW accessors for changing LNKCTL (git-fixes). - PCI: rockchip: Remove writes to unused registers (git-fixes). - PCI: s390: Fix use-after-free of PCI resources with per-function hotplug (git-fixes). - PCI: tegra194: Fix possible array out of bounds access (git-fixes). - PM / devfreq: Fix leak in devfreq_dev_release() (git-fixes). - RDMA/bnxt_re: Fix error handling in probe failure path (git-fixes) - RDMA/bnxt_re: Fix max_qp count for virtual functions (git-fixes) - RDMA/efa: Fix wrong resources deallocation order (git-fixes) - RDMA/hns: Fix CQ and QP cache affinity (git-fixes) - RDMA/hns: Fix incorrect post-send with direct wqe of wr-list (git-fixes) - RDMA/hns: Fix port active speed (git-fixes) - RDMA/irdma: Prevent zero-length STAG registration (git-fixes) - RDMA/irdma: Replace one-element array with flexible-array member (git-fixes) - RDMA/mlx5: Return the firmware result upon destroying QP/RQ (git-fixes) - RDMA/qedr: Remove a duplicate assignment in irdma_query_ah() (git-fixes) - RDMA/siw: Balance the reference of cep->kref in the error path (git-fixes) - RDMA/siw: Correct wrong debug message (git-fixes) - RDMA/umem: Set iova in ODP flow (git-fixes) - README.BRANCH: Add Miroslav Franc as a SLE15-SP4 co-maintainer. - Revert "IB/isert: Fix incorrect release of isert connection" (git-fixes) - Revert "PCI: Mark NVIDIA T4 GPUs to avoid bus reset" (git-fixes). - Revert "scsi: qla2xxx: Fix buffer overrun" (bsc#1214928). - Revert "tracing: Add "(fault)" name injection to kernel probes" (git-fixes). - Update patches.suse/cpufreq-intel_pstate-Fix-cpu-pstate.turbo_freq-initi.patch (git-fixes bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929). - amba: bus: fix refcount leak (git-fixes). - arm64/hyperv: Use CPUHP_AP_HYPERV_ONLINE state to fix CPU online sequencing (bsc#1206453). - arm64: csum: Fix OoB access in IP checksum code for negative lengths (git-fixes). - arm64: dts: imx8mn-var-som: add missing pull-up for onboard PHY reset pinmux (git-fixes). - arm64: dts: qcom: qrb5165-rb5: fix thermal zone conflict (git-fixes). - arm64: dts: rockchip: Disable HS400 for eMMC on ROCK Pi 4 (git-fixes). - ata: libata: disallow dev-initiated LPM transitions to unsupported states (git-fixes). - ata: pata_falcon: fix IO base selection for Q40 (git-fixes). - ata: pata_ftide010: Add missing MODULE_DESCRIPTION (git-fixes). - ata: sata_gemini: Add missing MODULE_DESCRIPTION (git-fixes). - audit: fix possible soft lockup in __audit_inode_child() (git-fixes). - backlight/bd6107: Compare against struct fb_info.device (git-fixes). - backlight/gpio_backlight: Compare against struct fb_info.device (git-fixes). - backlight/lv5207lp: Compare against struct fb_info.device (git-fixes). - backlight: gpio_backlight: Drop output GPIO direction check for initial power state (git-fixes). - batman-adv: Do not get eth header before batadv_check_management_packet (git-fixes). - batman-adv: Do not increase MTU when set by user (git-fixes). - batman-adv: Fix TT global entry leak when client roamed back (git-fixes). - batman-adv: Fix batadv_v_ogm_aggr_send memory leak (git-fixes). - batman-adv: Hold rtnl lock during MTU update via netlink (git-fixes). - batman-adv: Trigger events for auto adjusted MTU (git-fixes). - bnx2x: fix page fault following EEH recovery (bsc#1214299). - bpf: Clear the probe_addr for uprobe (git-fixes). - bpf: Disable preemption in bpf_event_output (git-fixes). - bpftool: Print newline before '}' for struct with padding only fields (bsc#1211220 jsc#PED-3924). - btrfs: do not hold CPU for too long when defragging a file (bsc#1214988). - bus: mhi: host: Skip MHI reset if device is in RDDM (git-fixes). - bus: ti-sysc: Fix build warning for 64-bit build (git-fixes). - bus: ti-sysc: Fix cast to enum warning (git-fixes). - bus: ti-sysc: Flush posted write on enable before reset (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): count RX overflow errors also in case of OOM (git-fixes). - ceph: defer stopping mdsc delayed_work (bsc#1214392). - ceph: do not check for quotas on MDS stray dirs (bsc#1214238). - ceph: never send metrics if disable_send_metrics is set (bsc#1214180). - check-for-config-changes: ignore BUILTIN_RETURN_ADDRESS_STRIPS_PAC (bsc#1214380). gcc7 on SLE 15 does not support this while later gcc does. - cifs: add missing return value check for cifs_sb_tlink (bsc#1193629). - cifs: allow dumping keys for directories too (bsc#1193629). - cifs: fix mid leak during reconnection after timeout threshold (git-fixes). - cifs: if deferred close is disabled then close files immediately (git-fixes). - cifs: is_network_name_deleted should return a bool (bsc#1193629). - cifs: update internal module version number for cifs.ko (bsc#1193629). - clk: Fix slab-out-of-bounds error in devm_clk_release() (git-fixes). - clk: Fix undefined reference to `clk_rate_exclusive_{get,put}' (git-fixes). - clk: imx8mp: fix sai4 clock (git-fixes). - clk: imx: composite-8m: fix clock pauses when set_rate would be a no-op (git-fixes). - clk: imx: pll14xx: dynamically configure PLL for 393216000/361267200Hz (git-fixes). - clk: qcom: camcc-sc7180: fix async resume during probe (git-fixes). - clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock (git-fixes). - clk: qcom: gcc-sc7180: Fix up gcc_sdcc2_apps_clk_src (git-fixes). - clk: qcom: gcc-sm8250: Fix gcc_sdcc2_apps_clk_src (git-fixes). - clk: sunxi-ng: Modify mismatched function name (git-fixes). - clocksource/drivers/arm_arch_timer: Do not use timer namespace for timer_shutdown() function (bsc#1213970). - clocksource/drivers/hyper-v: Rework clocksource and sched clock setup (bsc#1206453). - clocksource/drivers/sp804: Do not use timer namespace for timer_shutdown() function (bsc#1213970). - clocksource: hyper-v: Add TSC page support for root partition (bsc#1206453). - clocksource: hyper-v: Introduce TSC PFN getter (bsc#1206453). - clocksource: hyper-v: Introduce a pointer to TSC page (bsc#1206453). - clocksource: hyper-v: Use TSC PFN getter to map vvar page (bsc#1206453). - clocksource: hyper-v: make sure Invariant-TSC is used if it is (bsc#1206453). - cpu/SMT: Allow enabling partial SMT states via sysfs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/SMT: Create topology_smt_thread_allowed() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/SMT: Move SMT prototypes into cpu_smt.h (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/SMT: Move smt/control simple exit cases earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/SMT: Remove topology_smt_supported() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/SMT: Store the current/max number of threads (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpufreq: Fix the race condition while updating the transition_task of policy (git-fixes). - cpufreq: intel_pstate: Adjust balance_performance EPP for Sapphire Rapids (bsc#1214659). - cpufreq: intel_pstate: Enable HWP IO boost for all servers (bsc#1208949 jsc#PED-6003 jsc#PED-6004). - cpufreq: intel_pstate: Fix scaling for hybrid-capable systems with disabled E-cores (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929). - cpufreq: intel_pstate: Read all MSRs on the target CPU (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929). - cpufreq: intel_pstate: hybrid: Rework HWP calibration (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929). - cpufreq: intel_pstate: hybrid: Use known scaling factor for P-cores (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929). - crypto: caam - fix unchecked return value error (git-fixes). - crypto: stm32 - Properly handle pm_runtime_get failing (git-fixes). - define more Hyper-V related constants (bsc#1206453). - dma-buf/sw_sync: Avoid recursive lock during fence signal (git-fixes). - dma-buf/sync_file: Fix docs syntax (git-fixes). - dmaengine: idxd: Modify the dependence of attribute pasid_enabled (git-fixes). - dmaengine: mcf-edma: Fix a potential un-allocated memory access (git-fixes). - dmaengine: pl330: Return DMA_PAUSED when transaction is paused (git-fixes). - dmaengine: ste_dma40: Add missing IRQ check in d40_probe (git-fixes). - docs/process/howto: Replace C89 with C11 (bsc#1214756). - docs: kernel-parameters: Refer to the correct bitmap function (git-fixes). - docs: networking: replace skb_hwtstamp_tx with skb_tstamp_tx (git-fixes). - docs: printk-formats: Fix hex printing of signed values (git-fixes). - driver core: test_async: fix an error code (git-fixes). - drivers: clk: keystone: Fix parameter judgment in _of_pll_clk_init() (git-fixes). - drivers: usb: smsusb: fix error handling code in smsusb_init_device (git-fixes). - drm/amd/display: Add smu write msg id fail retry process (git-fixes). - drm/amd/display: Apply 60us prefetch for DCFCLK &lt;= 300Mhz (git-fixes). - drm/amd/display: Disable phantom OTG after enable for plane disable (git-fixes). - drm/amd/display: Do not set drr on pipe commit (git-fixes). - drm/amd/display: Enable dcn314 DPP RCO (git-fixes). - drm/amd/display: Ensure that planes are in the same order (git-fixes). - drm/amd/display: Implement workaround for writing to OTG_PIXEL_RATE_DIV register (git-fixes). - drm/amd/display: Remove wait while locked (git-fixes). - drm/amd/display: Retain phantom plane/stream if validation fails (git-fixes). - drm/amd/display: Skip DPP DTO update if root clock is gated (git-fixes). - drm/amd/display: Use update plane and stream routine for DCN32x (git-fixes). - drm/amd/display: check TG is non-null before checking if enabled (git-fixes). - drm/amd/display: check attr flag before set cursor degamma on DCN3+ (git-fixes). - drm/amd/display: disable RCO for DCN314 (git-fixes). - drm/amd/display: do not wait for mpc idle if tg is disabled (git-fixes). - drm/amd/display: enable cursor degamma for DCN3+ DRM legacy gamma (git-fixes). - drm/amd/display: fix access hdcp_workqueue assert (git-fixes). - drm/amd/display: fix the build when DRM_AMD_DC_DCN is not set (git-fixes). - drm/amd/display: fix the white screen issue when >= 64GB DRAM (git-fixes). - drm/amd/display: limit DPIA link rate to HBR3 (git-fixes). - drm/amd/display: phase3 mst hdcp for multiple displays (git-fixes). - drm/amd/display: prevent potential division by zero errors (git-fixes). - drm/amd/display: register edp_backlight_control() for DCN301 (git-fixes). - drm/amd/display: save restore hdcp state when display is unplugged from mst hub (git-fixes). - drm/amd/display: trigger timing sync only if TG is running (git-fixes). - drm/amd/pm/smu7: move variables to where they are used (git-fixes). - drm/amd/pm: avoid unintentional shutdown due to temperature momentary fluctuation (git-fixes). - drm/amd/pm: expose swctf threshold setting for legacy powerplay (git-fixes). - drm/amd/pm: fix variable dereferenced issue in amdgpu_device_attr_create() (git-fixes). - drm/amd/pm: fulfill powerplay peak profiling mode shader/memory clock settings (git-fixes). - drm/amd/pm: fulfill swsmu peak profiling mode shader/memory clock settings (git-fixes). - drm/amd/pm: skip the RLC stop when S0i3 suspend for SMU v13.0.4/11 (git-fixes). - drm/amd: Disable S/G for APUs when 64GB or more host memory (git-fixes). - drm/amd: flush any delayed gfxoff on suspend entry (git-fixes). - drm/amdgpu/pm: fix throttle_status for other than MP1 11.0.7 (git-fixes). - drm/amdgpu: Fix integer overflow in amdgpu_cs_pass1 (git-fixes). - drm/amdgpu: Fix potential fence use-after-free v2 (git-fixes). - drm/amdgpu: Remove unnecessary domain argument (git-fixes). - drm/amdgpu: Use RMW accessors for changing LNKCTL (git-fixes). - drm/amdgpu: add S/G display parameter (git-fixes). - drm/amdgpu: add vram reservation based on vram_usagebyfirmware_v2_2 (git-fixes). - drm/amdgpu: avoid integer overflow warning in amdgpu_device_resize_fb_bar() (git-fixes). - drm/amdgpu: fix calltrace warning in amddrm_buddy_fini (git-fixes). - drm/amdgpu: fix memory leak in mes self test (git-fixes). - drm/amdgpu: fix possible UAF in amdgpu_cs_pass1() (git-fixes). - drm/amdgpu: install stub fence into potential unused fence pointers (git-fixes). - drm/amdgpu: keep irq count in amdgpu_irq_disable_all (git-fixes). - drm/amdgpu: skip fence GFX interrupts disable/enable for S0ix (git-fixes). - drm/armada: Fix off-by-one error in armada_overlay_get_property() (git-fixes). - drm/ast: Fix DRAM init on AST2200 (git-fixes). - drm/atomic-helper: Update reference to drm_crtc_force_disable_all() (git-fixes). - drm/bridge: anx7625: Drop device lock before drm_helper_hpd_irq_event() (git-fixes). - drm/bridge: anx7625: Use common macros for DP power sequencing commands (git-fixes). - drm/bridge: anx7625: Use common macros for HDCP capabilities (git-fixes). - drm/bridge: fix -Wunused-const-variable= warning (git-fixes). - drm/bridge: tc358764: Fix debug print parameter order (git-fixes). - drm/etnaviv: fix dumping of active MMU context (git-fixes). - drm/gma500: Use drm_aperture_remove_conflicting_pci_framebuffers (git-fixes). - drm/i915/gvt: Drop unused helper intel_vgpu_reset_gtt() (git-fixes). - drm/i915/gvt: Put the page reference obtained by KVM's gfn_to_pfn() (git-fixes). - drm/i915/gvt: Verify pfn is "valid" before dereferencing "struct page" (git-fixes). - drm/i915/sdvo: fix panel_type initialization (git-fixes). - drm/i915: Fix premature release of request's reusable memory (git-fixes). - drm/i915: mark requests for GuC virtual engines to avoid use-after-free (git-fixes). - drm/mediatek: Fix dereference before null check (git-fixes). - drm/mediatek: Fix potential memory leak if vmap() fail (git-fixes). - drm/mediatek: Remove freeing not dynamic allocated memory (git-fixes). - drm/msm/a2xx: Call adreno_gpu_init() earlier (git-fixes). - drm/msm/dpu: fix the irq index in dpu_encoder_phys_wb_wait_for_commit_done (git-fixes). - drm/msm/mdp5: Do not leak some plane state (git-fixes). - drm/msm: Update dev core dump to not print backwards (git-fixes). - drm/mxsfb: Disable overlay plane in mxsfb_plane_overlay_atomic_disable() (git-fixes). - drm/nouveau/disp: Revert a NULL check inside nouveau_connector_get_modes (git-fixes). - drm/nouveau/disp: fix use-after-free in error handling of nouveau_connector_create (bsc#1214073). - drm/nouveau/gr: enable memory loads on helper invocation on all channels (git-fixes). - drm/nouveau/nvkm/dp: Add workaround to fix DP 1.3+ DPCD issues (git-fixes). - drm/panel: simple: Add missing connector type and pixel format for AUO T215HVN01 (git-fixes). - drm/panel: simple: Fix AUO G121EAN01 panel timings according to the docs (git-fixes). - drm/qxl: fix UAF on handle creation (git-fixes). - drm/radeon: Use RMW accessors for changing LNKCTL (git-fixes). - drm/repaper: Reduce temporary buffer size in repaper_fb_dirty() (git-fixes). - drm/rockchip: Do not spam logs in atomic check (git-fixes). - drm/shmem-helper: Reset vma->vm_ops before calling dma_buf_mmap() (git-fixes). - drm/stm: ltdc: fix late dereference check (git-fixes). - drm/tegra: dpaux: Fix incorrect return value of platform_get_irq (git-fixes). - drm/ttm: check null pointer before accessing when swapping (git-fixes). - drm/ttm: never consider pinned BOs for eviction&swap (git-fixes). - drm/vmwgfx: Fix shader stage validation (git-fixes). - drm: adv7511: Fix low refresh rate register for ADV7533/5 (git-fixes). - drm: gm12u320: Fix the timeout usage for usb_bulk_msg() (git-fixes). - drm: rcar-du: remove R-Car H3 ES1.* workarounds (git-fixes). - drm: xlnx: zynqmp_dpsub: Add missing check for dma_set_mask (git-fixes). - dt-bindings: clock: xlnx,versal-clk: drop select:false (git-fixes). - dt-bindings: clocks: imx8mp: make sai4 a dummy clock (git-fixes). - dt-bindings: crypto: ti,sa2ul: make power-domains conditional (git-fixes). - e1000: Fix typos in comments (jsc#PED-5738). - e1000: Remove unnecessary use of kmap_atomic() (jsc#PED-5738). - e1000: switch to napi_build_skb() (jsc#PED-5738). - e1000: switch to napi_consume_skb() (jsc#PED-5738). - exfat: fix unexpected EOF while reading dir (bsc#1214000). - exfat: release s_lock before calling dir_emit() (bsc#1214000). - exfat_iterate(): do not open-code file_inode(file) (bsc#1214000). - fbdev/ep93xx-fb: Do not assign to struct fb_info.dev (git-fixes). - fbdev: Fix sys_imageblit() for arbitrary image widths (git-fixes). - fbdev: Improve performance of sys_imageblit() (git-fixes). - fbdev: Update fbdev source file paths (git-fixes). - fbdev: fix potential OOB read in fast_imageblit() (git-fixes). - fbdev: mmp: fix value check in mmphw_probe() (git-fixes). - file: reinstate f_pos locking optimization for regular files (bsc#1213759). - firmware: arm_scmi: Drop OF node reference in the transport channel setup (git-fixes). - firmware: cs_dsp: Fix new control name check (git-fixes). - firmware: meson_sm: fix to avoid potential NULL pointer dereference (git-fixes). - firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe (git-fixes). - fprobe: Release rethook after the ftrace_ops is unregistered (git-fixes). - fprobe: add unlock to match a succeeded ftrace_test_recursion_trylock (git-fixes). - fs/sysv: Null check to prevent null-ptr-deref bug (git-fixes). - fs: do not update freeing inode i_io_list (bsc#1214813). - fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE (bsc#1214813). - fsi: aspeed: Reset master errors after CFAM reset (git-fixes). - fsi: master-ast-cf: Add MODULE_FIRMWARE macro (git-fixes). - ftrace: Fix possible warning on checking all pages used in ftrace_process_locs() (git-fixes). - gpio: mvebu: Make use of devm_pwmchip_add (git-fixes). - gpio: mvebu: fix irq domain leak (git-fixes). - gpio: tps68470: Make tps68470_gpio_output() always set the initial value (git-fixes). - hv_netvsc: Remove second mapping of send and recv buffers (bsc#1206453). - hwmon: (pmbus/bel-pfe) Enable PMBUS_SKIP_STATUS_CHECK for pfe1100 (git-fixes). - hwmon: (tmp513) Fix the channel number in tmp51x_is_visible() (git-fixes). - hwrng: iproc-rng200 - Implement suspend and resume calls (git-fixes). - hwrng: nomadik - keep clock enabled while hwrng is registered (git-fixes). - hwrng: pic32 - use devm_clk_get_enabled (git-fixes). - i2c: Delete error messages for failed memory allocations (git-fixes). - i2c: Improve size determinations (git-fixes). - i2c: aspeed: Reset the i2c controller when timeout occurs (git-fixes). - i2c: bcm-iproc: Fix bcm_iproc_i2c_isr deadlock issue (git-fixes). - i2c: designware: Correct length byte validation logic (git-fixes). - i2c: designware: Handle invalid SMBus block data response length value (git-fixes). - i2c: hisi: Only handle the interrupt of the driver's transfer (git-fixes). - i2c: nomadik: Remove a useless call in the remove function (git-fixes). - i2c: nomadik: Remove unnecessary goto label (git-fixes). - i2c: nomadik: Use devm_clk_get_enabled() (git-fixes). - i3c: master: svc: fix probe failure when no i3c device exist (git-fixes). - i40e: Fix an NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes). - iavf: fix potential races for FDIR filters (git-fixes). - ice: Fix RDMA VSI removal during queue rebuild (git-fixes). - ice: Fix crash by keep old cfg when update TCs more than queues (git-fixes). - ice: Fix max_rate check while configuring TX rate limits (git-fixes). - ice: Fix memory management in ice_ethtool_fdir.c (git-fixes). - idr: fix param name in idr_alloc_cyclic() doc (git-fixes). - iio: adc: ina2xx: avoid NULL pointer dereference on OF device match (git-fixes). - iio: adc: stx104: Implement and utilize register structures (git-fixes). - iio: adc: stx104: Utilize iomap interface (git-fixes). - iio: cros_ec: Fix the allocation size for cros_ec_command (git-fixes). - intel/e1000:fix repeated words in comments (jsc#PED-5738). - intel: remove unused macros (jsc#PED-5738). - iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback (bsc#1212423). - iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback (bsc#1212423). - iommu/amd: Add PCI segment support for ivrs_ commands (git-fixes). - iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support (bsc#1212423). - iommu/amd: Do not identity map v2 capable device when snp is enabled (git-fixes). - iommu/amd: Fix compile warning in init code (git-fixes). - iommu/amd: Fix ill-formed ivrs_ioapic, ivrs_hpet and ivrs_acpihid options (git-fixes). - iommu/amd: Fix ivrs_acpihid cmdline parsing code (git-fixes). - iommu/amd: Fix pci device refcount leak in ppr_notifier() (git-fixes). - iommu/amd: use full 64-bit value in build_completion_wait() (git-fixes). - iommu/arm-smmu-v3: Make default domain type of HiSilicon PTT device to identity (git-fixes). - iommu/arm-smmu-v3: check return value after calling platform_get_resource() (git-fixes). - iommu/arm-smmu-v3: fix event handling soft lockup (git-fixes). - iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe() (git-fixes). - iommu/dart: Initialize DART_STREAMS_ENABLE (git-fixes). - iommu/dma: Fix incorrect error return on iommu deferred attach (git-fixes). - iommu/dma: Fix iova map result check bug (git-fixes). - iommu/dma: return error code from iommu_dma_map_sg() (git-fixes). - iommu/fsl_pamu: Fix resource leak in fsl_pamu_probe() (git-fixes). - iommu/io-pgtable-arm-v7s: Add a quirk to allow pgtable PA up to 35bit (git-fixes). - iommu/iova: Fix module config properly (git-fixes). - iommu/mediatek: Add error path for loop of mm_dts_parse (git-fixes). - iommu/mediatek: Add platform_device_put for recovering the device refcnt (git-fixes). - iommu/mediatek: Check return value after calling platform_get_resource() (git-fixes). - iommu/mediatek: Set dma_mask for PGTABLE_PA_35_EN (git-fixes). - iommu/mediatek: Use component_match_add (git-fixes). - iommu/mediatek: Validate number of phandles associated with "mediatek,larbs" (git-fixes). - iommu/omap: Fix buffer overflow in debugfs (git-fixes). - iommu/rockchip: fix permission bits in page table entries v2 (git-fixes). - iommu/s390: Fix duplicate domain attachments (git-fixes). - iommu/sun50i: Consider all fault sources for reset (git-fixes). - iommu/sun50i: Fix R/W permission check (git-fixes). - iommu/sun50i: Fix flush size (git-fixes). - iommu/sun50i: Fix reset release (git-fixes). - iommu/sun50i: Implement .iotlb_sync_map (git-fixes). - iommu/sun50i: Remove IOMMU_DOMAIN_IDENTITY (git-fixes). - iommu/vt-d: Add RPLS to quirk list to skip TE disabling (git-fixes). - iommu/vt-d: Check correct capability for sagaw determination (git-fixes). - iommu/vt-d: Clean up si_domain in the init_dmars() error path (git-fixes). - iommu/vt-d: Correctly calculate sagaw value of IOMMU (git-fixes). - iommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init() (git-fixes). - iommu/vt-d: Fix PCI device refcount leak in has_external_pci() (git-fixes). - iommu/vt-d: Fix kdump kernels boot failure with scalable mode (git-fixes). - iommu/vt-d: Preset Access bit for IOVA in FL non-leaf paging entries (git-fixes). - iommu/vt-d: Set SRE bit only when hardware has SRS cap (git-fixes). - ipmi:ssif: Add check for kstrdup (git-fixes). - ipmi:ssif: Fix a memory leak when scanning for an adapter (git-fixes). - ipmi_si: fix a memleak in try_smi_init() (git-fixes). - jffs2: correct logic when creating a hole in jffs2_write_begin (git-fixes). - kabi/severities: Ignore newly added SRSO mitigation functions - kabi/severities: ignore mlx4 internal symbols - kabi: Allow extra bugsints (bsc#1213927). - kabi: hide changes in enum ipl_type and struct sclp_info (jsc#PED-2023 jsc#PED-2025). - kconfig: fix possible buffer overflow (git-fixes). - kernel-binary: Common dependencies cleanup Common dependencies are copied to a subpackage, there is no need for copying defines or build dependencies there. - kernel-binary: Drop code for kerntypes support Kerntypes was a SUSE-specific feature dropped before SLE 12. - kselftest/runner.sh: Propagate SIGTERM to runner child (git-fixes). - kunit: make kunit_test_timeout compatible with comment (git-fixes). - leds: Fix BUG_ON check for LED_COLOR_ID_MULTI that is always false (git-fixes). - leds: multicolor: Use rounded division when calculating color components (git-fixes). - leds: pwm: Fix error code in led_pwm_create_fwnode() (git-fixes). - leds: trigger: tty: Do not use LED_ON/OFF constants, use led_blink_set_oneshot instead (git-fixes). - leds: turris-omnia: Drop unnecessary mutex locking (git-fixes). - lib/test_meminit: allocate pages up to order MAX_ORDER (git-fixes). - lib/test_meminit: destroy cache in kmem_cache_alloc_bulk() test (git-fixes). - libbpf: Fix BTF-to-C converter's padding logic (bsc#1211220 jsc#PED-3924). - libbpf: Fix btf_dump's packed struct determination (bsc#1211220 jsc#PED-3924). - libbpf: Fix single-line struct definition output in btf_dump (bsc#1211220 jsc#PED-3924). - libceph: fix potential hang in ceph_osdc_notify() (bsc#1214393). - md/raid0: Factor out helper for mapping and submitting a bio (bsc#1213916). - md/raid0: Fix performance regression for large sequential writes (bsc#1213916). - media: ad5820: Drop unsupported ad5823 from i2c_ and of_device_id tables (git-fixes). - media: cx24120: Add retval check for cx24120_message_send() (git-fixes). - media: dib7000p: Fix potential division by zero (git-fixes). - media: dvb-usb: m920x: Fix a potential memory leak in m920x_i2c_xfer() (git-fixes). - media: go7007: Remove redundant if statement (git-fixes). - media: i2c: ccs: Check rules is non-NULL (git-fixes). - media: i2c: rdacm21: Fix uninitialized value (git-fixes). - media: i2c: tvp5150: check return value of devm_kasprintf() (git-fixes). - media: ov2680: Add ov2680_fill_format() helper function (git-fixes). - media: ov2680: Do not take the lock for try_fmt calls (git-fixes). - media: ov2680: Fix ov2680_bayer_order() (git-fixes). - media: ov2680: Fix ov2680_set_fmt() which == V4L2_SUBDEV_FORMAT_TRY not working (git-fixes). - media: ov2680: Fix regulators being left enabled on ov2680_power_on() errors (git-fixes). - media: ov2680: Fix vflip / hflip set functions (git-fixes). - media: ov2680: Remove VIDEO_V4L2_SUBDEV_API ifdef-s (git-fixes). - media: ov5640: Enable MIPI interface in ov5640_set_power_mipi() (git-fixes). - media: rkvdec: increase max supported height for H.264 (git-fixes). - media: v4l2-core: Fix a potential resource leak in v4l2_fwnode_parse_link() (git-fixes). - media: v4l2-mem2mem: add lock to protect parameter num_rdy (git-fixes). - media: venus: hfi_venus: Only consider sys_idle_indicator on V1 (git-fixes). - media: venus: hfi_venus: Write to VIDC_CTRL_INIT after unmasking interrupts (git-fixes). - misc: rtsx: judge ASPM Mode to set PETXCFG Reg (git-fixes). - mkspec: Allow unsupported KMPs (bsc#1214386) - mlx4: Avoid resetting MLX4_INTFF_BONDING per driver (bsc#1187236). - mlx4: Connect the ethernet part to the auxiliary bus (bsc#1187236). - mlx4: Connect the infiniband part to the auxiliary bus (bsc#1187236). - mlx4: Delete custom device management logic (bsc#1187236). - mlx4: Get rid of the mlx4_interface.activate callback (bsc#1187236). - mlx4: Get rid of the mlx4_interface.get_dev callback (bsc#1187236). - mlx4: Move the bond work to the core driver (bsc#1187236). - mlx4: Register mlx4 devices to an auxiliary virtual bus (bsc#1187236). - mlx4: Rename member mlx4_en_dev.nb to netdev_nb (bsc#1187236). - mlx4: Replace the mlx4_interface.event callback with a notifier (bsc#1187236). - mlx4: Use 'void *' as the event param of mlx4_dispatch_event() (bsc#1187236). - mlxsw: pci: Add shutdown method in PCI driver (git-fixes). - mmc: block: Fix in_flight[issue_type] value error (git-fixes). - mmc: moxart: read scr register without changing byte order (git-fixes). - mmc: wbsd: fix double mmc_free_host() in wbsd_init() (git-fixes). - module: avoid allocation if module is already present and ready (bsc#1213921). - module: extract patient module check into helper (bsc#1213921). - module: move check_modinfo() early to early_mod_check() (bsc#1213921). - module: move early sanity checks into a helper (bsc#1213921). - mtd: rawnand: brcmnand: Fix crash during the panic_write (git-fixes). - mtd: rawnand: brcmnand: Fix mtd oobsize (git-fixes). - mtd: rawnand: brcmnand: Fix potential false time out warning (git-fixes). - mtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write (git-fixes). - mtd: rawnand: fsl_upm: Fix an off-by one test in fun_exec_op() (git-fixes). - mtd: rawnand: fsmc: handle clk prepare error in fsmc_nand_resume() (git-fixes). - mtd: rawnand: omap_elm: Fix incorrect type in assignment (git-fixes). - mtd: rawnand: rockchip: Align hwecc vs. raw page helper layouts (git-fixes). - mtd: rawnand: rockchip: fix oobfree offset and description (git-fixes). - mtd: spi-nor: Check bus width while setting QE bit (git-fixes). - mtd: spinand: toshiba: Fix ecc_get_status (git-fixes). - n_tty: Rename tail to old_tail in n_tty_read() (git-fixes). - net/mlx4: Remove many unnecessary NULL values (bsc#1187236). - net: hns3: fix wrong bw weight of disabled tc issue (git-fixes). - net: ieee802154: at86rf230: Stop leaking skb's (git-fixes). - net: mana: Fix MANA VF unload when hardware is unresponsive (git-fixes). - net: phy: at803x: remove set/get wol callbacks for AR8032 (git-fixes). - net: phy: broadcom: stub c45 read/write for 54810 (git-fixes). - net: phy: fix IRQ-based wake-on-lan over hibernate / power off (git-fixes). - net: phy: micrel: Correct bit assignments for phy_device flags (git-fixes). - net: stmmac: tegra: Properly allocate clock bulk data (bsc#1213733) - net: usb: lan78xx: reorder cleanup operations to avoid UAF bugs (git-fixes). - net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb (git-fixes). - netfs: Fix lockdep warning from taking sb_writers whilst holding mmap_lock (bsc#1214742). - netfs: Fix missing xas_retry() calls in xarray iteration (bsc#1213946 bsc#1214404). - netfs: Fix missing xas_retry() calls in xarray iteration (bsc#1213946). - netfs: fix parameter of cleanup() (bsc#1214743). - nfsd: Remove incorrect check in nfsd4_validate_stateid (git-fixes). - nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse (git-fixes). - nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput (git-fixes). - ntb: Clean up tx tail index on link down (git-fixes). - ntb: Drop packets when qp link is down (git-fixes). - ntb: Fix calculation ntb_transport_tx_free_entry() (git-fixes). - nvme-rdma: fix potential unbalanced freeze & unfreeze (bsc#1208902). - nvme-tcp: fix potential unbalanced freeze & unfreeze (bsc#1208902). - objtool/x86: Fix SRSO mess (git-fixes). - objtool/x86: Fixup frame-pointer vs rethunk (git-fixes). - objtool: Union instruction::{call_dest,jump_table} (git-fixes). - old-flavors: Drop 2.6 kernels. 2.6 based kernels are EOL, upgrading from them is no longer suported. - pcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db() (git-fixes). - phy/rockchip: inno-hdmi: do not power on rk3328 post pll on reg write (git-fixes). - phy/rockchip: inno-hdmi: round fractal pixclock in rk3328 recalc_rate (git-fixes). - phy/rockchip: inno-hdmi: use correct vco_div_5 macro on rk3328 (git-fixes). - phy: qcom-snps-femto-v2: keep cfg_ahb_clk enabled during runtime suspend (git-fixes). - phy: qcom-snps-femto-v2: properly enable ref clock (git-fixes). - phy: qcom-snps: Use dev_err_probe() to simplify code (git-fixes). - phy: qcom-snps: correct struct qcom_snps_hsphy kerneldoc (git-fixes). - pinctrl: amd: Mask wake bits on probe again (git-fixes). - pinctrl: amd: Revert "pinctrl: amd: disable and mask interrupts on probe" (git-fixes). - pinctrl: cherryview: fix address_space_handler() argument (git-fixes). - pinctrl: mcp23s08: check return value of devm_kasprintf() (git-fixes). - pinctrl: renesas: rza2: Add lock around pinctrl_generic{{add,remove}_group,{add,remove}_function} (git-fixes). - platform/mellanox: mlxbf-pmc: Fix potential buffer overflows (git-fixes). - platform/mellanox: mlxbf-pmc: Fix reading of unprogrammed events (git-fixes). - platform/mellanox: mlxbf-tmfifo: Drop jumbo frames (git-fixes). - platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more descriptors (git-fixes). - platform/x86: dell-sysman: Fix reference leak (git-fixes). - powerpc/64e: Fix kexec build error (bsc#1212091 ltc#199106). - powerpc/iommu: Fix iommu_table_in_use for a small default DMA window case (bsc#1212091 ltc#199106). - powerpc/iommu: Fix notifiers being shared by PCI and VIO buses (bsc#1065729). - powerpc/iommu: Incorrect DDW Table is referenced for SR-IOV device (bsc#1212091 ltc#199106). - powerpc/iommu: TCEs are incorrectly manipulated with DLPAR add/remove of memory (bsc#1212091 ltc#199106). - powerpc/iommu: do not set failed sg dma_address to DMA_MAPPING_ERROR (bsc#1212091 ltc#199106). - powerpc/iommu: return error code from .map_sg() ops (bsc#1212091 ltc#199106). - powerpc/kernel/iommu: Add new iommu_table_in_use() helper (bsc#1212091 ltc#199106). - powerpc/kexec: Fix build failure from uninitialised variable (bsc#1212091 ltc#199106). - powerpc/mm/altmap: Fix altmap boundary check (bsc#1120059 git-fixes). - powerpc/pseries/ddw: Do not try direct mapping with persistent memory and one window (bsc#1212091 ltc#199106). - powerpc/pseries/ddw: simplify enable_ddw() (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Add ddw_list_new_entry() helper (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Add ddw_property_create() and refactor enable_ddw() (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Add iommu_pseries_alloc_table() helper (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Add of_node_put() before break (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Allow DDW windows starting at 0x00 (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Check if the default window in use before removing it (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Create huge DMA window if no MMIO32 is present (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Find existing DDW with given property name (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Make use of DDW for indirect mapping (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Print ibm,query-pe-dma-windows parameters (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Rename "direct window" to "dma window" (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Reorganize iommu_table_setparms*() with new helper (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Replace hard-coded page shift (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Update remove_dma_window() to accept property name (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Use correct vfree for it_map (bsc#1212091 ltc#199106). - powerpc/pseries: Add __init attribute to eligible functions (bsc#1212091 ltc#199106). - powerpc/pseries: Honour current SMT state when DLPAR onlining CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - powerpc/pseries: Initialise CPU hotplug callbacks earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - powerpc/rtas: block error injection when locked down (bsc#1023051). - powerpc/rtas: enture rtas_call is called with MMU enabled (bsc#1023051). - powerpc/rtas: mandate RTAS syscall filtering (bsc#1023051). - powerpc/rtas_flash: allow user copy to flash block cache objects (bsc#1194869). - powerpc/security: Fix Speculation_Store_Bypass reporting on Power10 (bsc#1188885 ltc#193722 git-fixes). - powerpc/xics: Remove unnecessary endian conversion (bsc#1065729). - powerpc: Add HOTPLUG_SMT support (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). Update config files. - powerpc: Move DMA64_PROPNAME define to a header (bsc#1214297 ltc#197503). - powerpc: fix typos in comments (bsc#1212091 ltc#199106). - pseries/iommu/ddw: Fix kdump to work in absence of ibm,dma-window (bsc#1214297 ltc#197503). - pstore/ram: Check start of empty przs during init (git-fixes). - pwm: Add a stub for devm_pwmchip_add() (git-fixes). - pwm: lpc32xx: Remove handling of PWM channels (git-fixes). - pwm: meson: Simplify duplicated per-channel tracking (git-fixes). - pwm: meson: fix handling of period/duty if greater than UINT_MAX (git-fixes). - qed: Fix scheduling in a tasklet while getting stats (git-fixes). - regmap: rbtree: Use alloc_flags for memory allocations (git-fixes). - ring-buffer: Do not swap cpu_buffer during resize process (git-fixes). - ring-buffer: Fix deadloop issue on reading trace_pipe (git-fixes). - ring-buffer: Fix wrong stat of cpu_buffer->read (git-fixes). - rpm/mkspec-dtb: support for nested subdirs. - rpmsg: glink: Add check for kstrdup (git-fixes). - rt: Add helper script to refresh RT configs based on the parent (SLE Realtime Extension). - s390/dasd: fix command reject error on ESE devices (LTC#203630 bsc#1215123 git-fixes). - s390/dasd: fix hanging device after request requeue (git-fixes LTC#203629 bsc#1215124). - s390/ipl: add DEFINE_GENERIC_LOADPARM() (jsc#PED-2023). - s390/ipl: add eckd dump support (jsc#PED-2025). - s390/ipl: add eckd support (jsc#PED-2023). - s390/ipl: add loadparm parameter to eckd ipl/reipl data (jsc#PED-2023). - s390/ipl: add missing secure/has_secure file to ipl type 'unknown' (bsc#1214976). - s390/ipl: use octal values instead of S_* macros (jsc#PED-2023). - s390/purgatory: disable branch profiling (git-fixes bsc#1214372). - s390/qeth: Do not call dev_close/dev_open (DOWN/UP) (bsc#1214873 git-fixes). - s390/zcrypt: do not leak memory if dev_set_name() fails (git-fixes bsc#1215148). - s390/zcrypt: fix reply buffer calculations for CCA replies (bsc#1213949). - sched/fair: Fix inaccurate tally of ttwu_move_affine (git fixes). - sched/fair: Use recent_used_cpu to test p->cpus_ptr (git fixes). - sched/psi: use kernfs polling functions for PSI trigger polling (bsc#1209799). - scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() (git-fixes). - scsi: 53c700: Check that command slot is not NULL (git-fixes). - scsi: RDMA/srp: Fix residual handling (git-fixes) - scsi: bsg: Increase number of devices (bsc#1210048). - scsi: core: Do not wait for quiesce in scsi_device_block() (bsc#1209284). - scsi: core: Do not wait for quiesce in scsi_stop_queue() (bsc#1209284). - scsi: core: Fix legacy /proc parsing buffer overflow (git-fixes). - scsi: core: Fix possible memory leak if device_add() fails (git-fixes). - scsi: core: Improve warning message in scsi_device_block() (bsc#1209284). - scsi: core: Merge scsi_internal_device_block() and device_block() (bsc#1209284). - scsi: fnic: Replace return codes in fnic_clean_pending_aborts() (git-fixes). - scsi: lpfc: Do not abuse UUID APIs and LPFC_COMPRESS_VMID_SIZE (git-fixes). - scsi: lpfc: Modify when a node should be put in device recovery mode during RSCN (git-fixes). - scsi: lpfc: Remove reftag check in DIF paths (git-fixes). - scsi: qedf: Fix NULL dereference in error handling (git-fixes). - scsi: qedf: Fix firmware halt over suspend and resume (git-fixes). - scsi: qedi: Fix firmware halt over suspend and resume (git-fixes). - scsi: qla2xxx: Add logs for SFP temperature monitoring (bsc#1214928). - scsi: qla2xxx: Allow 32-byte CDBs (bsc#1214928). - scsi: qla2xxx: Error code did not return to upper layer (bsc#1214928). - scsi: qla2xxx: Fix firmware resource tracking (bsc#1214928). - scsi: qla2xxx: Fix smatch warn for qla_init_iocb_limit() (bsc#1214928). - scsi: qla2xxx: Flush mailbox commands on chip reset (bsc#1214928). - scsi: qla2xxx: Move resource to allow code reuse (bsc#1214928). - scsi: qla2xxx: Remove unsupported ql2xenabledif option (bsc#1214928). - scsi: qla2xxx: Remove unused declarations (bsc#1214928). - scsi: qla2xxx: Remove unused variables in qla24xx_build_scsi_type_6_iocbs() (bsc#1214928). - scsi: qla2xxx: Update version to 10.02.09.100-k (bsc#1214928). - scsi: scsi_debug: Remove dead code (git-fixes). - scsi: sg: Increase number of devices (bsc#1210048). - scsi: snic: Fix double free in snic_tgt_create() (git-fixes). - scsi: snic: Fix possible memory leak if device_add() fails (git-fixes). - scsi: storvsc: Always set no_report_opcodes (git-fixes). - scsi: storvsc: Fix handling of virtual Fibre Channel timeouts (git-fixes). - scsi: storvsc: Handle SRB status value 0x30 (git-fixes). - scsi: storvsc: Limit max_sectors for virtual Fibre Channel devices (git-fixes). - scsi: zfcp: Defer fc_rport blocking until after ADISC response (git-fixes bsc#1214371). - selftests/bpf: Test btf dump for struct with padding only fields (bsc#1211220 jsc#PED-3924). - selftests/futex: Order calls to futex_lock_pi (git-fixes). - selftests/harness: Actually report SKIP for signal tests (git-fixes). - selftests/resctrl: Close perf value read fd on errors (git-fixes). - selftests/resctrl: Do not leak buffer in fill_cache() (git-fixes). - selftests/resctrl: Unmount resctrl FS if child fails to run benchmark (git-fixes). - selftests/rseq: check if libc rseq support is registered (git-fixes). - selftests: forwarding: Add a helper to skip test when using veth pairs (git-fixes). - selftests: forwarding: Skip test when no interfaces are specified (git-fixes). - selftests: forwarding: Switch off timeout (git-fixes). - selftests: forwarding: ethtool: Skip when using veth pairs (git-fixes). - selftests: forwarding: ethtool_extended_state: Skip when using veth pairs (git-fixes). - selftests: forwarding: tc_actions: Use ncat instead of nc (git-fixes). - selftests: forwarding: tc_actions: cleanup temporary files when test is aborted (git-fixes). - selftests: forwarding: tc_flower: Relax success criterion (git-fixes). - selftests: mirror_gre_changes: Tighten up the TTL test match (git-fixes). - selftests: tracing: Fix to unmount tracefs for recovering environment (git-fixes). - serial: sc16is7xx: fix broken port 0 uart init (git-fixes). - serial: sc16is7xx: fix bug when first setting GPIO direction (git-fixes). - serial: sprd: Assign sprd_port after initialized to avoid wrong access (git-fixes). - serial: sprd: Fix DMA buffer leak issue (git-fixes). - serial: tegra: handle clk prepare error in tegra_uart_hw_init() (git-fixes). - sfc: fix crash when reading stats while NIC is resetting (git-fixes). - smb3: Do not send lease break acknowledgment if all file handles have been closed (git-fixes). - smb3: do not set NTLMSSP_VERSION flag for negotiate not auth request (bsc#1193629). - smb: client: Fix -Wstringop-overflow issues (bsc#1193629). - smb: client: fix dfs link mount against w2k8 (bsc#1212142). - smb: client: fix null auth (git-fixes). - soc: aspeed: socinfo: Add kfree for kstrdup (git-fixes). - soundwire: bus: pm_runtime_request_resume on peripheral attachment (git-fixes). - soundwire: fix enumeration completion (git-fixes). - spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe() (git-fixes). - supported.conf: fix typos for -!optional markers - swiotlb: Remove bounce buffer remapping for Hyper-V (bsc#1206453). - target: compare and write backend driver sense handling (bsc#1177719 bsc#1213026). - target_core_rbd: fix leak and reduce kmalloc calls (bsc#1212873). - target_core_rbd: fix rbd_img_request.snap_id assignment (bsc#1212857). - target_core_rbd: remove snapshot existence validation code (bsc#1212857). - tcpm: Avoid soft reset when partner does not support get_status (git-fixes). - thunderbolt: Read retimer NVM authentication status prior tb_retimer_set_inbound_sbtx() (git-fixes). - timers: Add shutdown mechanism to the internal functions (bsc#1213970). - timers: Provide timer_shutdown[_sync]() (bsc#1213970). - timers: Rename del_timer() to timer_delete() (bsc#1213970). - timers: Rename del_timer_sync() to timer_delete_sync() (bsc#1213970). - timers: Replace BUG_ON()s (bsc#1213970). - timers: Silently ignore timers with a NULL function (bsc#1213970). - timers: Split [try_to_]del_timer[_sync]() to prepare for shutdown mode (bsc#1213970). - timers: Update kernel-doc for various functions (bsc#1213970). - timers: Use del_timer_sync() even on UP (bsc#1213970). - tracing/histograms: Add histograms to hist_vars if they have referenced variables (git-fixes). - tracing/histograms: Return an error if we fail to add histogram to hist_vars list (git-fixes). - tracing/probes: Fix not to count error code to total length (git-fixes). - tracing/probes: Fix to avoid double count of the string length on the array (git-fixes). - tracing/probes: Fix to record 0-length data_loc in fetch_store_string*() if fails (git-fixes). - tracing/probes: Fix to update dynamic data counter if fetcharg uses it (git-fixes). - tracing: Fix cpu buffers unavailable due to 'record_disabled' missed (git-fixes). - tracing: Fix memleak due to race between current_tracer and trace (git-fixes). - tracing: Fix memory leak of iter->temp when reading trace_pipe (git-fixes). - tracing: Fix null pointer dereference in tracing_err_log_open() (git-fixes). - tracing: Fix race issue between cpu buffer write and swap (git-fixes). - tracing: Fix warning in trace_buffered_event_disable() (git-fixes). - tracing: Remove extra space at the end of hwlat_detector/mode (git-fixes). - tracing: Remove unnecessary copying of tr->current_trace (git-fixes). - tty: fix hang on tty device with no_room set (git-fixes). - tty: n_gsm: fix the UAF caused by race condition in gsm_cleanup_mux (git-fixes). - tty: serial: fsl_lpuart: Add i.MXRT1050 support (git-fixes). - tty: serial: fsl_lpuart: Clear the error flags by writing 1 for lpuart32 platforms (git-fixes). - tty: serial: fsl_lpuart: make rx_watermark configurable for different platforms (git-fixes). - tty: serial: fsl_lpuart: reduce RX watermark to 0 on LS1028A (git-fixes). - ubifs: Fix memleak when insert_old_idx() failed (git-fixes). - uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix (git-fixes). - usb-storage: alauda: Fix uninit-value in alauda_check_media() (git-fixes). - usb: chipidea: imx: add missing USB PHY DPDM wakeup setting (git-fixes). - usb: chipidea: imx: do not request QoS for imx8ulp (git-fixes). - usb: chipidea: imx: improve logic if samsung,picophy-* parameter is 0 (git-fixes). - usb: common: usb-conn-gpio: Prevent bailing out if initial role is none (git-fixes). - usb: dwc3: Fix typos in gadget.c (git-fixes). - usb: dwc3: Properly handle processing of pending events (git-fixes). - usb: dwc3: meson-g12a: do post init to fix broken usb after resumption (git-fixes). - usb: gadget: Fix the memory leak in raw_gadget driver (git-fixes). - usb: gadget: f_mass_storage: Fix unused variable warning (git-fixes). - usb: gadget: u_serial: Avoid spinlock recursion in __gs_console_push (git-fixes). - usb: ohci-at91: Fix the unhandle interrupt when resume (git-fixes). - usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host() (git-fixes). - usb: quirks: add quirk for Focusrite Scarlett (git-fixes). - usb: serial: option: add FOXCONN T99W368/T99W373 product (git-fixes). - usb: serial: option: add Quectel EC200A module support (git-fixes). - usb: serial: option: add Quectel EM05G variant (0x030e) (git-fixes). - usb: serial: option: support Quectel EM060K_128 (git-fixes). - usb: serial: simple: add Kaufmann RKS+CAN VCP (git-fixes). - usb: serial: simple: sort driver entries (git-fixes). - usb: typec: altmodes/displayport: Signal hpd when configuring pin assignment (git-fixes). - usb: typec: tcpci: clear the fault status bit (git-fixes). - usb: typec: tcpci: move tcpci.h to include/linux/usb/ (git-fixes). - usb: typec: tcpm: Fix response to vsafe0V event (git-fixes). - usb: typec: tcpm: set initial svdm version based on pd revision (git-fixes). - usb: zaurus: Add ID for A-300/B-500/C-700 (git-fixes). - watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load (git-fixes). - watchdog: sp5100_tco: support Hygon FCH/SCH (Server Controller Hub) (git-fixes). - wifi: ath10k: Use RMW accessors for changing LNKCTL (git-fixes). - wifi: ath11k: Use RMW accessors for changing LNKCTL (git-fixes). - wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx (git-fixes). - wifi: ath9k: protect WMI command response buffer replacement with a lock (git-fixes). - wifi: ath9k: use IS_ERR() with debugfs_create_dir() (git-fixes). - wifi: cfg80211: Fix return value in scan logic (git-fixes). - wifi: cfg80211: fix sband iftype data lookup for AP_VLAN (git-fixes). - wifi: mt76: mt7615: do not advertise 5 GHz on first phy of MT7615D (DBDC) (git-fixes). - wifi: mt76: mt7915: fix power-limits while chan_switch (git-fixes). - wifi: mt76: mt7921: do not support one stream on secondary antenna only (git-fixes). - wifi: mt76: mt7921: fix non-PSC channel scan fail (git-fixes). - wifi: mt76: testmode: add nla_policy for MT76_TM_ATTR_TX_LENGTH (git-fixes). - wifi: mwifiex: Fix OOB and integer underflow when rx packets (git-fixes). - wifi: mwifiex: Fix missed return in oob checks failed path (git-fixes). - wifi: mwifiex: avoid possible NULL skb pointer dereference (git-fixes). - wifi: mwifiex: fix error recovery in PCIE buffer descriptor management (git-fixes). - wifi: mwifiex: fix memory leak in mwifiex_histogram_read() (git-fixes). - wifi: nl80211/cfg80211: add forgotten nla_policy for BSS color attribute (git-fixes). - wifi: radiotap: fix kernel-doc notation warnings (git-fixes). - wifi: rtw89: debug: Fix error handling in rtw89_debug_priv_btc_manual_set() (git-fixes). - word-at-a-time: use the same return type for has_zero regardless of endianness (bsc#1065729). - x86/CPU/AMD: Disable XSAVES on AMD family 0x17 (git-fixes). - x86/alternative: Fix race in try_get_desc() (git-fixes). - x86/alternative: Make custom return thunk unconditional (git-fixes). - x86/boot/e820: Fix typo in e820.c comment (git-fixes). - x86/bugs: Reset speculation control settings on init (git-fixes). - x86/cpu/kvm: Provide UNTRAIN_RET_VM (git-fixes). - x86/cpu: Add Lunar Lake M (git-fixes). - x86/cpu: Add model number for Intel Arrow Lake processor (git-fixes). - x86/cpu: Clean up SRSO return thunk mess (git-fixes). - x86/cpu: Cleanup the untrain mess (git-fixes). - x86/cpu: Fix __x86_return_thunk symbol type (git-fixes). - x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk() (git-fixes). - x86/cpu: Rename original retbleed methods (git-fixes). - x86/cpu: Rename srso_(.*)_alias to srso_alias_\1 (git-fixes). - x86/fpu: Take task_struct* in copy_sigframe_from_user_to_xstate() (git-fixes). - x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed (git-fixes). - x86/hyperv: Add an interface to do nested hypercalls (bsc#1206453). - x86/hyperv: Add hv_isolation_type_tdx() to detect TDX guests (bsc#1206453). - x86/hyperv: Add support for detecting nested hypervisor (bsc#1206453). - x86/hyperv: Change vTOM handling to use standard coco mechanisms (bsc#1206453). - x86/hyperv: Fix hyperv_pcpu_input_arg handling when CPUs go online/offline (bsc#1206453). - x86/hyperv: Remove BUG_ON() for kmap_local_page() (bsc#1206453). - x86/hyperv: Reorder code to facilitate future work (bsc#1206453). - x86/hyperv: Replace kmap() with kmap_local_page() (bsc#1206453). - x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL (git-fixes). - x86/ioapic: Do not return 0 from arch_dynirq_lower_bound() (git-fixes). - x86/ioremap: Add hypervisor callback for private MMIO mapping in coco (bsc#1206453). - x86/ioremap: Fix page aligned size calculation in __ioremap_caller() (git-fixes). - x86/mce: Make sure logged MCEs are processed after sysfs update (git-fixes). - x86/mce: Retrieve poison range from hardware (git-fixes). - x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build (git-fixes). - x86/mm: Avoid incomplete Global INVLPG flushes (git-fixes). - x86/mm: Do not shuffle CPU entry areas without KASLR (git-fixes). - x86/mm: Handle decryption/re-encryption of bss_decrypted consistently (bsc#1206453). - x86/purgatory: remove PGO flags (git-fixes). - x86/reboot: Disable virtualization in an emergency if SVM is supported (git-fixes). - x86/resctl: fix scheduler confusion with 'current' (git-fixes). - x86/resctrl: Fix task CLOSID/RMID update race (git-fixes). - x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register (git-fixes). - x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG (git-fixes). - x86/retpoline,kprobes: Skip optprobe check for indirect jumps with retpolines and IBT (git-fixes). - x86/retpoline: Do not clobber RFLAGS during srso_safe_ret() (git-fixes). - x86/rtc: Remove __init for runtime functions (git-fixes). - x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635). - x86/sgx: Reduce delay and interference of enclave release (git-fixes). - x86/speculation: Add cpu_show_gds() prototype (git-fixes). - x86/speculation: Mark all Skylake CPUs as vulnerable to GDS (git-fixes). - x86/srso: Correct the mitigation status when SMT is disabled (git-fixes). - x86/srso: Disable the mitigation on unaffected configurations (git-fixes). - x86/srso: Explain the untraining sequences a bit more (git-fixes). - x86/srso: Fix build breakage with the LLVM linker (git-fixes). - x86/srso: Fix return thunks in generated code (git-fixes). - x86/static_call: Fix __static_call_fixup() (git-fixes). - x86/tdx: Add more registers to struct tdx_hypercall_args (bsc#1206453). - x86/tdx: Do not corrupt frame-pointer in __tdx_hypercall() (bsc#1206453). - x86/tdx: Expand __tdx_hypercall() to handle more arguments (bsc#1206453). - x86/tdx: Fix typo in comment in __tdx_hypercall() (bsc#1206453). - x86/tdx: Refactor __tdx_hypercall() to allow pass down more arguments (bsc#1206453). - x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows) (git-fixes). - xfs: fix sb write verify for lazysbcount (bsc#1214661). kernel-rt-5.14.21-150500.13.18.1.nosrc.rpm True kernel-rt-5.14.21-150500.13.18.1.x86_64.rpm True openSUSE-Leap-Micro-5.5-2023-3963 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for libX11 fixes the following issues: - CVE-2023-43786: Fixed stack exhaustion from infinite recursion in PutSubImage() (bsc#1215684). - CVE-2023-43787: Fixed integer overflow in XCreateImage() leading to a heap overflow (bsc#1215685). - CVE-2023-43785: Fixed out-of-bounds memory access in _XkbReadKeySyms() (bsc#1215683). libX11-1.6.5-150000.3.33.1.src.rpm libX11-6-1.6.5-150000.3.33.1.x86_64.rpm libX11-data-1.6.5-150000.3.33.1.noarch.rpm libX11-xcb1-1.6.5-150000.3.33.1.x86_64.rpm libX11-6-1.6.5-150000.3.33.1.s390x.rpm libX11-xcb1-1.6.5-150000.3.33.1.s390x.rpm libX11-6-1.6.5-150000.3.33.1.aarch64.rpm libX11-xcb1-1.6.5-150000.3.33.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4143 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update provides rebuilds of various packages against the newer icu73 to support GB18030-2023. This set contains libreoffice, various libraries used by libreoffice and GNOME, and brltty. harfbuzz-3.4.0-150400.3.8.1.src.rpm libharfbuzz-gobject0-3.4.0-150400.3.8.1.x86_64.rpm libharfbuzz0-3.4.0-150400.3.8.1.x86_64.rpm typelib-1_0-HarfBuzz-0_0-3.4.0-150400.3.8.1.x86_64.rpm libharfbuzz-gobject0-3.4.0-150400.3.8.1.s390x.rpm libharfbuzz0-3.4.0-150400.3.8.1.s390x.rpm typelib-1_0-HarfBuzz-0_0-3.4.0-150400.3.8.1.s390x.rpm libharfbuzz-gobject0-3.4.0-150400.3.8.1.aarch64.rpm libharfbuzz0-3.4.0-150400.3.8.1.aarch64.rpm typelib-1_0-HarfBuzz-0_0-3.4.0-150400.3.8.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-3970 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for dracut fixes the following issues: - Honor nvme-cli's /etc/nvme/config.json in NVMe/TCP (bsc#1215578) dracut-055+suse.371.g5237e44a-150500.3.12.1.src.rpm dracut-055+suse.371.g5237e44a-150500.3.12.1.x86_64.rpm dracut-fips-055+suse.371.g5237e44a-150500.3.12.1.x86_64.rpm dracut-055+suse.371.g5237e44a-150500.3.12.1.s390x.rpm dracut-fips-055+suse.371.g5237e44a-150500.3.12.1.s390x.rpm dracut-055+suse.371.g5237e44a-150500.3.12.1.aarch64.rpm dracut-fips-055+suse.371.g5237e44a-150500.3.12.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-3994 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for git fixes the following issues: - Downgrade openssh dependency to recommends (bsc#1215533) git-2.35.3-150300.10.30.1.src.rpm git-2.35.3-150300.10.30.1.x86_64.rpm git-core-2.35.3-150300.10.30.1.x86_64.rpm perl-Git-2.35.3-150300.10.30.1.x86_64.rpm git-2.35.3-150300.10.30.1.s390x.rpm git-core-2.35.3-150300.10.30.1.s390x.rpm perl-Git-2.35.3-150300.10.30.1.s390x.rpm git-2.35.3-150300.10.30.1.aarch64.rpm git-core-2.35.3-150300.10.30.1.aarch64.rpm perl-Git-2.35.3-150300.10.30.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4110 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) glibc-2.31-150300.63.1.src.rpm glibc-2.31-150300.63.1.x86_64.rpm glibc-devel-2.31-150300.63.1.x86_64.rpm glibc-locale-2.31-150300.63.1.x86_64.rpm glibc-locale-base-2.31-150300.63.1.x86_64.rpm glibc-2.31-150300.63.1.s390x.rpm glibc-devel-2.31-150300.63.1.s390x.rpm glibc-locale-2.31-150300.63.1.s390x.rpm glibc-locale-base-2.31-150300.63.1.s390x.rpm glibc-2.31-150300.63.1.aarch64.rpm glibc-devel-2.31-150300.63.1.aarch64.rpm glibc-locale-2.31-150300.63.1.aarch64.rpm glibc-locale-base-2.31-150300.63.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4112 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for open-vm-tools fixes the following issue: - Ship correct open-vm-tools version to 15-SP4 (bsc#1205927) libvmtools0-12.3.0-150300.40.1.x86_64.rpm open-vm-tools-12.3.0-150300.40.1.src.rpm open-vm-tools-12.3.0-150300.40.1.x86_64.rpm openSUSE-Leap-Micro-5.5-2023-4231 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for python-kiwi fixes the following issues: - Add SECURE_BOOT no when the firmware is efi (bsc#1211102) dracut-kiwi-lib-9.24.43-150100.3.62.1.x86_64.rpm dracut-kiwi-oem-dump-9.24.43-150100.3.62.1.x86_64.rpm dracut-kiwi-oem-repart-9.24.43-150100.3.62.1.x86_64.rpm python-kiwi-9.24.43-150100.3.62.1.src.rpm dracut-kiwi-lib-9.24.43-150100.3.62.1.s390x.rpm dracut-kiwi-oem-dump-9.24.43-150100.3.62.1.s390x.rpm dracut-kiwi-oem-repart-9.24.43-150100.3.62.1.s390x.rpm dracut-kiwi-lib-9.24.43-150100.3.62.1.aarch64.rpm dracut-kiwi-oem-dump-9.24.43-150100.3.62.1.aarch64.rpm dracut-kiwi-oem-repart-9.24.43-150100.3.62.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4088 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for libguestfs fixes the following issues: - Unable to determine guest architecture (bsc#1215543, bsc#1215461) - Non-functional network due to missing sysconfig-netconfig (bsc#1215586) - Cannot find any suitable libguestfs supermin (bsc#1212972, bsc#1215664) libguestfs-1.48.6-150500.3.8.1.src.rpm libguestfs0-1.48.6-150500.3.8.1.x86_64.rpm libguestfs0-1.48.6-150500.3.8.1.s390x.rpm libguestfs0-1.48.6-150500.3.8.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4003 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for apparmor fixes the following issues: - Handle pam-config errors in pam_apparmor %post and %postun scripts (bsc#1215596) apparmor-3.0.4-150500.11.9.1.src.rpm apparmor-parser-3.0.4-150500.11.9.1.x86_64.rpm libapparmor-3.0.4-150500.11.9.1.src.rpm libapparmor1-3.0.4-150500.11.9.1.x86_64.rpm pam_apparmor-3.0.4-150500.11.9.1.x86_64.rpm apparmor-parser-3.0.4-150500.11.9.1.s390x.rpm libapparmor1-3.0.4-150500.11.9.1.s390x.rpm pam_apparmor-3.0.4-150500.11.9.1.s390x.rpm apparmor-parser-3.0.4-150500.11.9.1.aarch64.rpm libapparmor1-3.0.4-150500.11.9.1.aarch64.rpm pam_apparmor-3.0.4-150500.11.9.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4138 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for systemd-rpm-macros fixes the following issues: - Switch to `systemd-hwdb` tool when updating the HW database. It's been introduced in systemd v219 and replaces the deprecated command `udevadm hwdb`. systemd-rpm-macros-14-150000.7.36.1.noarch.rpm systemd-rpm-macros-14-150000.7.36.1.src.rpm openSUSE-Leap-Micro-5.5-2023-4177 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for sssd fixes the following issues: - LDAP password policy: return failure if there are no grace logins left (bsc#1214434) libsss_certmap0-2.5.2-150500.10.6.1.x86_64.rpm libsss_idmap0-2.5.2-150500.10.6.1.x86_64.rpm libsss_nss_idmap0-2.5.2-150500.10.6.1.x86_64.rpm sssd-2.5.2-150500.10.6.1.src.rpm sssd-2.5.2-150500.10.6.1.x86_64.rpm sssd-common-2.5.2-150500.10.6.1.x86_64.rpm sssd-krb5-common-2.5.2-150500.10.6.1.x86_64.rpm sssd-ldap-2.5.2-150500.10.6.1.x86_64.rpm libsss_certmap0-2.5.2-150500.10.6.1.s390x.rpm libsss_idmap0-2.5.2-150500.10.6.1.s390x.rpm libsss_nss_idmap0-2.5.2-150500.10.6.1.s390x.rpm sssd-2.5.2-150500.10.6.1.s390x.rpm sssd-common-2.5.2-150500.10.6.1.s390x.rpm sssd-krb5-common-2.5.2-150500.10.6.1.s390x.rpm sssd-ldap-2.5.2-150500.10.6.1.s390x.rpm libsss_certmap0-2.5.2-150500.10.6.1.aarch64.rpm libsss_idmap0-2.5.2-150500.10.6.1.aarch64.rpm libsss_nss_idmap0-2.5.2-150500.10.6.1.aarch64.rpm sssd-2.5.2-150500.10.6.1.aarch64.rpm sssd-common-2.5.2-150500.10.6.1.aarch64.rpm sssd-krb5-common-2.5.2-150500.10.6.1.aarch64.rpm sssd-ldap-2.5.2-150500.10.6.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4453 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for libjansson ships the missing 32bit library to the Basesystem module of 15 SP5. libjansson-2.14-150000.3.5.1.src.rpm libjansson4-2.14-150000.3.5.1.x86_64.rpm libjansson4-2.14-150000.3.5.1.s390x.rpm libjansson4-2.14-150000.3.5.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4044 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) curl-8.0.1-150400.5.32.1.src.rpm curl-8.0.1-150400.5.32.1.x86_64.rpm libcurl4-8.0.1-150400.5.32.1.x86_64.rpm curl-8.0.1-150400.5.32.1.s390x.rpm libcurl4-8.0.1-150400.5.32.1.s390x.rpm curl-8.0.1-150400.5.32.1.aarch64.rpm libcurl4-8.0.1-150400.5.32.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4022 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for conmon fixes the following issues: conmon is rebuild with go1.21 to capture current stability, bug and security fixes. (bsc#1215806) conmon-2.1.7-150500.9.6.1.src.rpm conmon-2.1.7-150500.9.6.1.x86_64.rpm conmon-2.1.7-150500.9.6.1.s390x.rpm conmon-2.1.7-150500.9.6.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4450 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for crypto-policies fixes the following issues: - Enable setting the kernel FIPS mode with the fips-mode-setup and fips-finish-install commands (jsc#PED-5041) - Adapt fips-mode-setup to use the pbl command from the perl-Bootloader package instead of grubby and add a note for transactional systems - Ship the man pages for fips-mode-setup and fips-finish-install - Make the supported versions change in the update-crypto-policies(8) man page persistent (bsc#1209998) crypto-policies-20210917.c9d86d1-150400.3.6.1.noarch.rpm crypto-policies-20210917.c9d86d1-150400.3.6.1.src.rpm openSUSE-Leap-Micro-5.5-2023-4046 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for samba fixes the following issues: - CVE-2023-4091: Fixed a bug where a client can truncate file with read-only permissions. (bsc#1215904) - CVE-2023-42669: Fixed a bug in "rpcecho" development server which allows Denial of Service via sleep() call on AD DC. (bsc#1215905) - CVE-2023-42670: Fixed the procedure number which was out of range when starting Active Directory Users and Computers. (bsc#1215906) - CVE-2023-3961: Fixed an unsanitized client pipe name passed to local_np_connect(). (bsc#1215907) - CVE-2023-4154: Fixed a bug in dirsync which allows SYSTEM access with only "GUID_DRS_GET_CHANGES" right. (bsc#1215908) samba-4.17.9+git.421.abde31ca5c2-150500.3.11.1.src.rpm samba-client-libs-4.17.9+git.421.abde31ca5c2-150500.3.11.1.x86_64.rpm samba-client-libs-4.17.9+git.421.abde31ca5c2-150500.3.11.1.s390x.rpm samba-client-libs-4.17.9+git.421.abde31ca5c2-150500.3.11.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4071 important SUSE Updates openSUSE-Leap-Micro 5.5 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-39194: Fixed a flaw in the processing of state filters which could allow a local attackers to disclose sensitive information. (bsc#1215861) - CVE-2023-39193: Fixed a flaw in the processing of state filters which could allow a local attackers to disclose sensitive information. (bsc#1215860) - CVE-2023-39192: Fixed a flaw in the u32_match_it function which could allow a local attackers to disclose sensitive information. (bsc#1215858) - CVE-2023-42754: Fixed a null pointer dereference in ipv4_link_failure which could lead an authenticated attacker to trigger a DoS. (bsc#1215467) - CVE-2023-5345: fixed an use-after-free vulnerability in the fs/smb/client component which could be exploited to achieve local privilege escalation. (bsc#1215899) - CVE-2023-4155: Fixed a flaw in KVM AMD Secure Encrypted Virtualization (SEV). An attacker can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages. (bsc#1214022) - CVE-2023-4389: Fixed a reference counting issue in the Btrfs filesystem that could be exploited in order to leak internal kernel information or crash the system (bsc#1214351). - CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges (bsc#1215150). - CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95% (bsc#1212703). - CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio (bsc#1215275). - CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117). - CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115). - CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs which could be exploited to crash the system (bsc#1210169). - CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221). - CVE-2023-2177: Fixed a null pointer dereference issue in the sctp network protocol which could allow a user to crash the system (bsc#1210643). - CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995). The following non-security bugs were fixed: - ALSA: hda/cirrus: Fix broken audio on hardware with two CS42L42 codecs (git-fixes). - ALSA: hda/realtek: Splitting the UX3402 into two separate models (git-fixes). - ARM: pxa: remove use of symbol_get() (git-fixes). - arm64: csum: Fix OoB access in IP checksum code for negative lengths (git-fixes). - arm64: module-plts: inline linux/moduleloader.h (git-fixes) - arm64: module: Use module_init_layout_section() to spot init sections (git-fixes) - arm64: sdei: abort running SDEI handlers during crash (git-fixes) - arm64: tegra: Update AHUB clock parent and rate (git-fixes) - arm64/fpsimd: Only provide the length to cpufeature for xCR registers (git-fixes) - arm64/hyperv: Use CPUHP_AP_HYPERV_ONLINE state to fix CPU online sequencing (bsc#1206453). - ASoC: amd: yc: Fix non-functional mic on Lenovo 82QF and 82UG (git-fixes). - ASoC: hdaudio.c: Add missing check for devm_kstrdup (git-fixes). - ASoC: imx-audmix: Fix return error with devm_clk_get() (git-fixes). - ASoC: meson: spdifin: start hw on dai probe (git-fixes). - ASoC: rt5640: Fix IRQ not being free-ed for HDA jack detect mode (git-fixes). - ASoC: rt5640: Fix sleep in atomic context (git-fixes). - ASoC: rt5640: Revert "Fix sleep in atomic context" (git-fixes). - ASoC: soc-utils: Export snd_soc_dai_is_dummy() symbol (git-fixes). - ASoC: SOF: core: Only call sof_ops_free() on remove if the probe was successful (git-fixes). - ASoC: tegra: Fix redundant PLLA and PLLA_OUT0 updates (git-fixes). - ata: libata: disallow dev-initiated LPM transitions to unsupported states (git-fixes). - ata: pata_falcon: fix IO base selection for Q40 (git-fixes). - ata: pata_ftide010: Add missing MODULE_DESCRIPTION (git-fixes). - ata: sata_gemini: Add missing MODULE_DESCRIPTION (git-fixes). - backlight: gpio_backlight: Drop output GPIO direction check for initial power state (git-fixes). - blk-iocost: fix divide by 0 error in calc_lcoefs() (bsc#1214986). - blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost (bsc#1214992). - block/mq-deadline: use correct way to throttling write requests (bsc#1214993). - Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition (git-fixes). - bnx2x: new flag for track HW resource allocation (bsc#1202845 bsc#1215322). - bpf: Clear the probe_addr for uprobe (git-fixes). - btrfs: do not hold CPU for too long when defragging a file (bsc#1214988). - clocksource: hyper-v: Mark hyperv tsc page unencrypted in sev-snp enlightened guest (bsc#1206453). - drivers: hv: Mark percpu hvcall input arg page unencrypted in SEV-SNP enlightened guest (bsc#1206453). - Drivers: hv: vmbus: Bring the post_msg_page back for TDX VMs with the paravisor (bsc#1206453). - Drivers: hv: vmbus: Support >64 VPs for a fully enlightened TDX/SNP VM (bsc#1206453). - Drivers: hv: vmbus: Support fully enlightened TDX guests (bsc#1206453). - drm: gm12u320: Fix the timeout usage for usb_bulk_msg() (git-fixes). - drm/amd/display: Add smu write msg id fail retry process (git-fixes). - drm/amd/display: enable cursor degamma for DCN3+ DRM legacy gamma (git-fixes). - drm/amd/display: fix the white screen issue when >= 64GB DRAM (git-fixes). - drm/amd/display: prevent potential division by zero errors (git-fixes). - drm/amd/display: register edp_backlight_control() for DCN301 (git-fixes). - drm/amd/display: Remove wait while locked (git-fixes). - drm/ast: Add BMC virtual connector (bsc#1152472) Backporting changes: * rename ast_device to ast_private - drm/ast: report connection status on Display Port. (bsc#1152472) Backporting changes: * rename ast_device to ast_private * context changes - drm/display: Do not assume dual mode adaptors support i2c sub-addressing (bsc#1213808). - drm/i915: mark requests for GuC virtual engines to avoid use-after-free (git-fixes). - drm/i915/gvt: Drop unused helper intel_vgpu_reset_gtt() (git-fixes). - drm/i915/gvt: Put the page reference obtained by KVM's gfn_to_pfn() (git-fixes). - drm/i915/gvt: Verify pfn is "valid" before dereferencing "struct page" (git-fixes). - drm/meson: fix memory leak on ->hpd_notify callback (git-fixes). - drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling (git-fixes). - drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb() (git-fixes). - ext4: avoid potential data overflow in next_linear_group (bsc#1214951). - ext4: correct inline offset when handling xattrs in inode body (bsc#1214950). - ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} (bsc#1214954). - ext4: fix wrong unit use in ext4_mb_clear_bb (bsc#1214943). - ext4: fix wrong unit use in ext4_mb_new_blocks (bsc#1214944). - ext4: get block from bh in ext4_free_blocks for fast commit replay (bsc#1214942). - ext4: reflect error codes from ext4_multi_mount_protect() to its callers (bsc#1214941). - ext4: Remove ext4 locking of moved directory (bsc#1214957). - ext4: set goal start correctly in ext4_mb_normalize_request (bsc#1214940). - fs: do not update freeing inode i_io_list (bsc#1214813). - fs: Establish locking order for unrelated directories (bsc#1214958). - fs: Lock moved directories (bsc#1214959). - fs: lockd: avoid possible wrong NULL parameter (git-fixes). - fs: no need to check source (bsc#1215752). - fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE (bsc#1214813). - fuse: nlookup missing decrement in fuse_direntplus_link (bsc#1215581). - gve: Add AF_XDP zero-copy support for GQI-QPL format (bsc#1214479). - gve: Add XDP DROP and TX support for GQI-QPL format (bsc#1214479). - gve: Add XDP REDIRECT support for GQI-QPL format (bsc#1214479). - gve: Changes to add new TX queues (bsc#1214479). - gve: Control path for DQO-QPL (bsc#1214479). - gve: fix frag_list chaining (bsc#1214479). - gve: Fix gve interrupt names (bsc#1214479). - gve: RX path for DQO-QPL (bsc#1214479). - gve: trivial spell fix Recive to Receive (bsc#1214479). - gve: Tx path for DQO-QPL (bsc#1214479). - gve: Unify duplicate GQ min pkt desc size constants (bsc#1214479). - gve: use vmalloc_array and vcalloc (bsc#1214479). - gve: XDP support GQI-QPL: helper function changes (bsc#1214479). - hwrng: virtio - add an internal buffer (git-fixes). - hwrng: virtio - always add a pending request (git-fixes). - hwrng: virtio - do not wait on cleanup (git-fixes). - hwrng: virtio - do not waste entropy (git-fixes). - hwrng: virtio - Fix race on data_avail and actual data (git-fixes). - i2c: aspeed: Reset the i2c controller when timeout occurs (git-fixes). - i3c: master: svc: fix probe failure when no i3c device exist (git-fixes). - i915/pmu: Move execlist stats initialization to execlist specific setup (git-fixes). - idr: fix param name in idr_alloc_cyclic() doc (git-fixes). - Input: tca6416-keypad - fix interrupt enable disbalance (git-fixes). - iommu/virtio: Detach domain on endpoint release (git-fixes). - iommu/virtio: Return size mapped for a detached domain (git-fixes). - jbd2: check 'jh->b_transaction' before removing it from checkpoint (bsc#1214953). - jbd2: correct the end of the journal recovery scan range (bsc#1214955). - jbd2: fix a race when checking checkpoint buffer busy (bsc#1214949). - jbd2: fix checkpoint cleanup performance regression (bsc#1214952). - jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint (bsc#1214948). - jbd2: recheck chechpointing non-dirty buffer (bsc#1214945). - jbd2: remove journal_clean_one_cp_list() (bsc#1214947). - jbd2: remove t_checkpoint_io_list (bsc#1214946). - jbd2: restore t_checkpoint_io_list to maintain kABI (bsc#1214946). - kabi: hide changes in enum ipl_type and struct sclp_info (jsc#PED-2023 jsc#PED-2025). - kabi/severities: ignore mlx4 internal symbols - kconfig: fix possible buffer overflow (git-fixes). - kernel-binary: Move build-time definitions together Move source list and build architecture to buildrequires to aid in future reorganization of the spec template. - kernel-binary: python3 is needed for build At least scripts/bpf_helpers_doc.py requires python3 since Linux 4.18 Other simimlar scripts may exist. - kselftest/runner.sh: Propagate SIGTERM to runner child (git-fixes). - KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes (git-fixes bsc#1215915). - KVM: s390: interrupt: use READ_ONCE() before cmpxchg() (git-fixes bsc#1215896). - KVM: s390: pv: fix external interruption loop not always detected (git-fixes bsc#1215916). - KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (git-fixes bsc#1215894). - KVM: s390: vsie: fix the length of APCB bitmap (git-fixes bsc#1215895). - KVM: s390/diag: fix racy access of physical cpu number in diag 9c handler (git-fixes bsc#1215911). - KVM: SVM: Remove a duplicate definition of VMCB_AVIC_APIC_BAR_MASK (git-fixes). - KVM: VMX: Fix header file dependency of asm/vmx.h (git-fixes). - KVM: x86: Fix KVM_CAP_SYNC_REGS's sync_regs() TOCTOU issues (git-fixes). - KVM: x86/mmu: Include mmu.h in spte.h (git-fixes). - loop: Fix use-after-free issues (bsc#1214991). - loop: loop_set_status_from_info() check before assignment (bsc#1214990). - mlx4: Avoid resetting MLX4_INTFF_BONDING per driver (bsc#1187236). - mlx4: Connect the ethernet part to the auxiliary bus (bsc#1187236). - mlx4: Connect the infiniband part to the auxiliary bus (bsc#1187236). - mlx4: Delete custom device management logic (bsc#1187236). - mlx4: Get rid of the mlx4_interface.activate callback (bsc#1187236). - mlx4: Get rid of the mlx4_interface.get_dev callback (bsc#1187236). - mlx4: Move the bond work to the core driver (bsc#1187236). - mlx4: Register mlx4 devices to an auxiliary virtual bus (bsc#1187236). - mlx4: Rename member mlx4_en_dev.nb to netdev_nb (bsc#1187236). - mlx4: Replace the mlx4_interface.event callback with a notifier (bsc#1187236). - mlx4: Use 'void *' as the event param of mlx4_dispatch_event() (bsc#1187236). - module: Expose module_init_layout_section() (git-fixes) - net: do not allow gso_size to be set to GSO_BY_FRAGS (git-fixes). - net: mana: Add page pool for RX buffers (bsc#1214040). - net: mana: Configure hwc timeout from hardware (bsc#1214037). - net: phy: micrel: Correct bit assignments for phy_device flags (git-fixes). - net: usb: qmi_wwan: add Quectel EM05GV2 (git-fixes). - net/mlx4: Remove many unnecessary NULL values (bsc#1187236). - NFS: Guard against READDIR loop when entry names exceed MAXNAMELEN (git-fixes). - NFS/blocklayout: Use the passed in gfp flags (git-fixes). - NFS/pNFS: Report EINVAL errors from connect() to the server (git-fixes). - NFSD: da_addr_body field missing in some GETDEVICEINFO replies (git-fixes). - NFSD: fix change_info in NFSv4 RENAME replies (git-fixes). - NFSD: Fix race to FREE_STATEID and cl_revoked (git-fixes). - NFSv4: Fix dropped lock for racing OPEN and delegation return (git-fixes). - NFSv4: fix out path in __nfs4_get_acl_uncached (git-fixes). - NFSv4.2: fix error handling in nfs42_proc_getxattr (git-fixes). - NFSv4.2: fix handling of COPY ERR_OFFLOAD_NO_REQ (git-fixes). - NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info (git-fixes). - ntb: Clean up tx tail index on link down (git-fixes). - ntb: Drop packets when qp link is down (git-fixes). - ntb: Fix calculation ntb_transport_tx_free_entry() (git-fixes). - nvme-auth: use chap->s2 to indicate bidirectional authentication (bsc#1214543). - nvme-tcp: add recovery_delay to sysfs (bsc#1201284). - nvme-tcp: delay error recovery until the next KATO interval (bsc#1201284). - nvme-tcp: Do not terminate commands when in RESETTING (bsc#1201284). - nvme-tcp: make 'err_work' a delayed work (bsc#1201284). - PCI: Free released resource after coalescing (git-fixes). - platform/mellanox: mlxbf-pmc: Fix potential buffer overflows (git-fixes). - platform/mellanox: mlxbf-pmc: Fix reading of unprogrammed events (git-fixes). - platform/mellanox: mlxbf-tmfifo: Drop jumbo frames (git-fixes). - platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more descriptors (git-fixes). - platform/x86: intel_scu_ipc: Check status after timeout in busy_loop() (git-fixes). - platform/x86: intel_scu_ipc: Check status upon timeout in ipc_wait_for_interrupt() (git-fixes). - platform/x86: intel_scu_ipc: Do not override scu in intel_scu_ipc_dev_simple_command() (git-fixes). - platform/x86: intel_scu_ipc: Fail IPC send if still busy (git-fixes). - pNFS: Fix assignment of xprtdata.cred (git-fixes). - powerpc/fadump: make is_kdump_kernel() return false when fadump is active (bsc#1212639 ltc#202582). - powerpc/iommu: Fix notifiers being shared by PCI and VIO buses (bsc#1065729). - powerpc/xics: Remove unnecessary endian conversion (bsc#1065729). - printk: ringbuffer: Fix truncating buffer size min_t cast (bsc#1215875). - pwm: lpc32xx: Remove handling of PWM channels (git-fixes). - quota: add new helper dquot_active() (bsc#1214998). - quota: factor out dquot_write_dquot() (bsc#1214995). - quota: fix dqput() to follow the guarantees dquot_srcu should provide (bsc#1214963). - quota: fix warning in dqgrab() (bsc#1214962). - quota: Properly disable quotas when add_dquot_ref() fails (bsc#1214961). - quota: rename dquot_active() to inode_quota_active() (bsc#1214997). - RDMA/siw: Fabricate a GID on tun and loopback devices (git-fixes) - s390/dasd: fix command reject error on ESE devices (LTC#203630 bsc#1215123 git-fixes). - s390/dasd: fix hanging device after request requeue (git-fixes LTC#203629 bsc#1215124). - s390/ipl: add DEFINE_GENERIC_LOADPARM() (jsc#PED-2023). - s390/ipl: add eckd dump support (jsc#PED-2025). - s390/ipl: add eckd support (jsc#PED-2023). - s390/ipl: add loadparm parameter to eckd ipl/reipl data (jsc#PED-2023). - s390/ipl: use octal values instead of S_* macros (jsc#PED-2023). - s390/qeth: Do not call dev_close/dev_open (DOWN/UP) (bsc#1214873 git-fixes). - s390/zcrypt: do not leak memory if dev_set_name() fails (git-fixes bsc#1215148). - scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() (git-fixes). - scsi: 53c700: Check that command slot is not NULL (git-fixes). - scsi: core: Fix legacy /proc parsing buffer overflow (git-fixes). - scsi: core: Fix possible memory leak if device_add() fails (git-fixes). - scsi: fnic: Replace return codes in fnic_clean_pending_aborts() (git-fixes). - scsi: lpfc: Do not abuse UUID APIs and LPFC_COMPRESS_VMID_SIZE (git-fixes). - scsi: lpfc: Early return after marking final NLP_DROPPED flag in dev_loss_tmo (git-fixes). - scsi: lpfc: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git-fixes). - scsi: lpfc: Modify when a node should be put in device recovery mode during RSCN (git-fixes). - scsi: lpfc: Prevent use-after-free during rmmod with mapped NVMe rports (git-fixes). - scsi: lpfc: Remove reftag check in DIF paths (git-fixes). - scsi: qedf: Add synchronization between I/O completions and abort (bsc#1210658). - scsi: qedf: Fix firmware halt over suspend and resume (git-fixes). - scsi: qedf: Fix NULL dereference in error handling (git-fixes). - scsi: qedi: Fix firmware halt over suspend and resume (git-fixes). - scsi: qla2xxx: Add logs for SFP temperature monitoring (bsc#1214928). - scsi: qla2xxx: Allow 32-byte CDBs (bsc#1214928). - scsi: qla2xxx: Error code did not return to upper layer (bsc#1214928). - scsi: qla2xxx: Fix firmware resource tracking (bsc#1214928). - scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes). - scsi: qla2xxx: Fix smatch warn for qla_init_iocb_limit() (bsc#1214928). - scsi: qla2xxx: Flush mailbox commands on chip reset (bsc#1214928). - scsi: qla2xxx: Move resource to allow code reuse (bsc#1214928). - scsi: qla2xxx: Remove unsupported ql2xenabledif option (bsc#1214928). - scsi: qla2xxx: Remove unused declarations (bsc#1214928). - scsi: qla2xxx: Remove unused variables in qla24xx_build_scsi_type_6_iocbs() (bsc#1214928). - scsi: qla2xxx: Update version to 10.02.09.100-k (bsc#1214928). - scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() (git-fixes). - scsi: scsi_debug: Remove dead code (git-fixes). - scsi: snic: Fix double free in snic_tgt_create() (git-fixes). - scsi: snic: Fix possible memory leak if device_add() fails (git-fixes). - scsi: storvsc: Handle additional SRB status values (git-fixes). - scsi: zfcp: Fix a double put in zfcp_port_enqueue() (git-fixes bsc#1215941). - selftests: mlxsw: Fix test failure on Spectrum-4 (jsc#PED-1549). - selftests: tracing: Fix to unmount tracefs for recovering environment (git-fixes). - spi: Add TPM HW flow flag (bsc#1213534) - spi: tegra210-quad: Enable TPM wait polling (bsc#1213534) - spi: tegra210-quad: set half duplex flag (bsc#1213534) - SUNRPC: Mark the cred for revalidation if the server rejects it (git-fixes). - tcpm: Avoid soft reset when partner does not support get_status (git-fixes). - tpm_tis_spi: Add hardware wait polling (bsc#1213534) - tracing: Fix race issue between cpu buffer write and swap (git-fixes). - tracing: Remove extra space at the end of hwlat_detector/mode (git-fixes). - tracing: Remove unnecessary copying of tr->current_trace (git-fixes). - uapi: stddef.h: Fix __DECLARE_FLEX_ARRAY for C++ (git-fixes). - udf: Fix extension of the last extent in the file (bsc#1214964). - udf: Fix file corruption when appending just after end of preallocated extent (bsc#1214965). - udf: Fix off-by-one error when discarding preallocation (bsc#1214966). - udf: Fix uninitialized array access for some pathnames (bsc#1214967). - Update metadata - uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix (git-fixes). - usb: ehci: add workaround for chipidea PORTSC.PEC bug (git-fixes). - usb: ehci: move new member has_ci_pec_bug into hole (git-fixes). - usb: serial: option: add FOXCONN T99W368/T99W373 product (git-fixes). - usb: serial: option: add Quectel EM05G variant (0x030e) (git-fixes). - usb: typec: tcpci: clear the fault status bit (git-fixes). - usb: typec: tcpci: move tcpci.h to include/linux/usb/ (git-fixes). - vhost_vdpa: fix the crash in unmap a large memory (git-fixes). - vhost-scsi: unbreak any layout for response (git-fixes). - vhost: allow batching hint without size (git-fixes). - vhost: allow batching hint without size (git-fixes). - vhost: fix hung thread due to erroneous iotlb entries (git-fixes). - vhost: handle error while adding split ranges to iotlb (git-fixes). - virtio_net: add checking sq is full inside xdp xmit (git-fixes). - virtio_net: Fix probe failed when modprobe virtio_net (git-fixes). - virtio_net: reorder some funcs (git-fixes). - virtio_net: separate the logic of checking whether sq is full (git-fixes). - virtio_ring: fix avail_wrap_counter in virtqueue_add_packed (git-fixes). - virtio-blk: set req->state to MQ_RQ_COMPLETE after polling I/O is finished (git-fixes). - virtio-mmio: do not break lifecycle of vm_dev (git-fixes). - virtio-net: fix race between set queues and probe (git-fixes). - virtio-net: set queues after driver_ok (git-fixes). - virtio-rng: make device ready before making request (git-fixes). - virtio: acknowledge all features before access (git-fixes). - vmcore: remove dependency with is_kdump_kernel() for exporting vmcore (bsc#1212639 ltc#202582). - watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load (git-fixes). - word-at-a-time: use the same return type for has_zero regardless of endianness (bsc#1065729). - x86/alternative: Fix race in try_get_desc() (git-fixes). - x86/boot/e820: Fix typo in e820.c comment (git-fixes). - x86/bugs: Reset speculation control settings on init (git-fixes). - x86/coco: Allow CPU online/offline for a TDX VM with the paravisor on Hyper-V (bsc#1206453). - x86/coco: Export cc_vendor (bsc#1206453). - x86/cpu: Add Lunar Lake M (git-fixes). - x86/cpu: Add model number for Intel Arrow Lake processor (git-fixes). - x86/fpu: Take task_struct* in copy_sigframe_from_user_to_xstate() (git-fixes). - x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed (git-fixes). - x86/hyperv: Add hv_isolation_type_tdx() to detect TDX guests (bsc#1206453). - x86/hyperv: Add hv_write_efer() for a TDX VM with the paravisor (bsc#1206453). - x86/hyperv: Add hyperv-specific handling for VMMCALL under SEV-ES (bsc#1206453). - x86/hyperv: Add missing 'inline' to hv_snp_boot_ap() stub (bsc#1206453). - x86/hyperv: Add sev-snp enlightened guest static key (bsc#1206453) - x86/hyperv: Add smp support for SEV-SNP guest (bsc#1206453). - x86/hyperv: Add VTL specific structs and hypercalls (bsc#1206453). - x86/hyperv: Fix hyperv_pcpu_input_arg handling when CPUs go online/offline (bsc#1206453). - x86/hyperv: Fix serial console interrupts for fully enlightened TDX guests (bsc#1206453). - x86/hyperv: Fix undefined reference to isolation_type_en_snp without CONFIG_HYPERV (bsc#1206453). - x86/hyperv: Introduce a global variable hyperv_paravisor_present (bsc#1206453). - x86/hyperv: Mark hv_ghcb_terminate() as noreturn (bsc#1206453). - x86/hyperv: Mark Hyper-V vp assist page unencrypted in SEV-SNP enlightened guest (bsc#1206453). - x86/hyperv: Move the code in ivm.c around to avoid unnecessary ifdef's (bsc#1206453). - x86/hyperv: Remove hv_isolation_type_en_snp (bsc#1206453). - x86/hyperv: Set Virtual Trust Level in VMBus init message (bsc#1206453). - x86/hyperv: Support hypercalls for fully enlightened TDX guests (bsc#1206453). - x86/hyperv: Use TDX GHCI to access some MSRs in a TDX VM with the paravisor (bsc#1206453). - x86/hyperv: Use vmmcall to implement Hyper-V hypercall in sev-snp enlightened guest (bsc#1206453). - x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL (git-fixes). - x86/ioapic: Do not return 0 from arch_dynirq_lower_bound() (git-fixes). - x86/ioremap: Fix page aligned size calculation in __ioremap_caller() (git-fixes). - x86/mce: Retrieve poison range from hardware (git-fixes). - x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build (git-fixes). - x86/mm: Avoid incomplete Global INVLPG flushes (git-fixes). - x86/mm: Do not shuffle CPU entry areas without KASLR (git-fixes). - x86/purgatory: remove PGO flags (git-fixes). - x86/PVH: avoid 32-bit build warning when obtaining VGA console info (git-fixes). - x86/reboot: Disable virtualization in an emergency if SVM is supported (git-fixes). - x86/resctl: fix scheduler confusion with 'current' (git-fixes). - x86/resctrl: Fix task CLOSID/RMID update race (git-fixes). - x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register (git-fixes). - x86/rtc: Remove __init for runtime functions (git-fixes). - x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635). - x86/sgx: Reduce delay and interference of enclave release (git-fixes). - x86/srso: Do not probe microcode in a guest (git-fixes). - x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes). - x86/srso: Fix srso_show_state() side effect (git-fixes). - x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes). - x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows) (git-fixes). - xen: remove a confusing comment on auto-translated guest I/O (git-fixes). - xprtrdma: Remap Receive buffers after a reconnect (git-fixes). kernel-default-5.14.21-150500.55.31.1.nosrc.rpm True kernel-default-5.14.21-150500.55.31.1.x86_64.rpm True kernel-default-base-5.14.21-150500.55.31.1.150500.6.13.1.src.rpm True kernel-default-base-5.14.21-150500.55.31.1.150500.6.13.1.x86_64.rpm True kernel-default-5.14.21-150500.55.31.1.s390x.rpm True kernel-default-5.14.21-150500.55.31.1.aarch64.rpm True kernel-default-base-5.14.21-150500.55.31.1.150500.6.13.1.aarch64.rpm True openSUSE-Leap-Micro-5.5-2023-4108 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for python-urllib3 fixes the following issues: - CVE-2023-43804: Fixed a potential cookie leak via HTTP redirect if the user manually set the corresponding header (bsc#1215968). python-urllib3-1.25.10-150300.4.6.1.src.rpm python3-urllib3-1.25.10-150300.4.6.1.noarch.rpm openSUSE-Leap-Micro-5.5-2023-4035 important SUSE Updates openSUSE-Leap-Micro 5.5 The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-39194: Fixed an out of bounds read in the XFRM subsystem (bsc#1215861). - CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860). - CVE-2023-39192: Fixed an out of bounds read in the netfilter (bsc#1215858). - CVE-2023-42754: Fixed a NULL pointer dereference in the IPv4 stack that could lead to denial of service (bsc#1215467). - CVE-2023-4389: Fixed a reference counting issue in the Btrfs filesystem that could be exploited in order to leak internal kernel information or crash the system (bsc#1214351). - CVE-2023-5345: fixed an use-after-free vulnerability in the fs/smb/client component which could be exploited to achieve local privilege escalation. (bsc#1215899) - CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges (bsc#1215150). - CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95% (bsc#1212703). - CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio (bsc#1215275). - CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117). - CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115). - CVE-2023-4155: Fixed a flaw in KVM AMD Secure Encrypted Virtualization (SEV). An attacker can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages. (bsc#1214022) The following non-security bugs were fixed: - ALSA: hda/realtek: Splitting the UX3402 into two separate models (git-fixes). - arm64: module-plts: inline linux/moduleloader.h (git-fixes) - arm64: module: Use module_init_layout_section() to spot init sections (git-fixes) - arm64: sdei: abort running SDEI handlers during crash (git-fixes) - arm64: tegra: Update AHUB clock parent and rate (git-fixes) - arm64/fpsimd: Only provide the length to cpufeature for xCR registers (git-fixes) - ASoC: amd: yc: Fix non-functional mic on Lenovo 82QF and 82UG (git-fixes). - ASoC: hdaudio.c: Add missing check for devm_kstrdup (git-fixes). - ASoC: imx-audmix: Fix return error with devm_clk_get() (git-fixes). - ASoC: meson: spdifin: start hw on dai probe (git-fixes). - ASoC: rt5640: Fix IRQ not being free-ed for HDA jack detect mode (git-fixes). - ASoC: rt5640: Fix sleep in atomic context (git-fixes). - ASoC: rt5640: Revert "Fix sleep in atomic context" (git-fixes). - ASoC: soc-utils: Export snd_soc_dai_is_dummy() symbol (git-fixes). - ASoC: SOF: core: Only call sof_ops_free() on remove if the probe was successful (git-fixes). - ASoC: tegra: Fix redundant PLLA and PLLA_OUT0 updates (git-fixes). - blk-iocost: fix divide by 0 error in calc_lcoefs() (bsc#1214986). - blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost (bsc#1214992). - block/mq-deadline: use correct way to throttling write requests (bsc#1214993). - bnx2x: new flag for track HW resource allocation (bsc#1202845 bsc#1215322). - clocksource: hyper-v: Mark hyperv tsc page unencrypted in sev-snp enlightened guest (bsc#1206453). - drivers: hv: Mark percpu hvcall input arg page unencrypted in SEV-SNP enlightened guest (bsc#1206453). - Drivers: hv: vmbus: Bring the post_msg_page back for TDX VMs with the paravisor (bsc#1206453). - Drivers: hv: vmbus: Support >64 VPs for a fully enlightened TDX/SNP VM (bsc#1206453). - Drivers: hv: vmbus: Support fully enlightened TDX guests (bsc#1206453). - drm/ast: Add BMC virtual connector (bsc#1152472) Backporting changes: * rename ast_device to ast_private - drm/ast: report connection status on Display Port. (bsc#1152472) Backporting changes: * rename ast_device to ast_private * context changes - drm/display: Do not assume dual mode adaptors support i2c sub-addressing (bsc#1213808). - drm/meson: fix memory leak on ->hpd_notify callback (git-fixes). - drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling (git-fixes). - drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb() (git-fixes). - ext4: avoid potential data overflow in next_linear_group (bsc#1214951). - ext4: correct inline offset when handling xattrs in inode body (bsc#1214950). - ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} (bsc#1214954). - ext4: fix wrong unit use in ext4_mb_clear_bb (bsc#1214943). - ext4: fix wrong unit use in ext4_mb_new_blocks (bsc#1214944). - ext4: get block from bh in ext4_free_blocks for fast commit replay (bsc#1214942). - ext4: reflect error codes from ext4_multi_mount_protect() to its callers (bsc#1214941). - ext4: Remove ext4 locking of moved directory (bsc#1214957). - ext4: set goal start correctly in ext4_mb_normalize_request (bsc#1214940). - fs: Establish locking order for unrelated directories (bsc#1214958). - fs: Lock moved directories (bsc#1214959). - fs: lockd: avoid possible wrong NULL parameter (git-fixes). - fs: no need to check source (bsc#1215752). - fuse: nlookup missing decrement in fuse_direntplus_link (bsc#1215581). - gve: Add AF_XDP zero-copy support for GQI-QPL format (bsc#1214479). - gve: Add XDP DROP and TX support for GQI-QPL format (bsc#1214479). - gve: Add XDP REDIRECT support for GQI-QPL format (bsc#1214479). - gve: Changes to add new TX queues (bsc#1214479). - gve: Control path for DQO-QPL (bsc#1214479). - gve: fix frag_list chaining (bsc#1214479). - gve: Fix gve interrupt names (bsc#1214479). - gve: RX path for DQO-QPL (bsc#1214479). - gve: trivial spell fix Recive to Receive (bsc#1214479). - gve: Tx path for DQO-QPL (bsc#1214479). - gve: Unify duplicate GQ min pkt desc size constants (bsc#1214479). - gve: use vmalloc_array and vcalloc (bsc#1214479). - gve: XDP support GQI-QPL: helper function changes (bsc#1214479). - hwrng: virtio - add an internal buffer (git-fixes). - hwrng: virtio - always add a pending request (git-fixes). - hwrng: virtio - do not wait on cleanup (git-fixes). - hwrng: virtio - do not waste entropy (git-fixes). - hwrng: virtio - Fix race on data_avail and actual data (git-fixes). - i915/pmu: Move execlist stats initialization to execlist specific setup (git-fixes). - iommu/virtio: Detach domain on endpoint release (git-fixes). - iommu/virtio: Return size mapped for a detached domain (git-fixes). - jbd2: check 'jh->b_transaction' before removing it from checkpoint (bsc#1214953). - jbd2: correct the end of the journal recovery scan range (bsc#1214955). - jbd2: fix a race when checking checkpoint buffer busy (bsc#1214949). - jbd2: fix checkpoint cleanup performance regression (bsc#1214952). - jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint (bsc#1214948). - jbd2: recheck chechpointing non-dirty buffer (bsc#1214945). - jbd2: remove journal_clean_one_cp_list() (bsc#1214947). - jbd2: remove t_checkpoint_io_list (bsc#1214946). - jbd2: restore t_checkpoint_io_list to maintain kABI (bsc#1214946). - kernel-binary: Move build-time definitions together Move source list and build architecture to buildrequires to aid in future reorganization of the spec template. - kernel-binary: python3 is needed for build At least scripts/bpf_helpers_doc.py requires python3 since Linux 4.18 Other simimlar scripts may exist. - KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes (git-fixes bsc#1215915). - KVM: s390: interrupt: use READ_ONCE() before cmpxchg() (git-fixes bsc#1215896). - KVM: s390: pv: fix external interruption loop not always detected (git-fixes bsc#1215916). - KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (git-fixes bsc#1215894). - KVM: s390: vsie: fix the length of APCB bitmap (git-fixes bsc#1215895). - KVM: s390/diag: fix racy access of physical cpu number in diag 9c handler (git-fixes bsc#1215911). - KVM: x86: Fix KVM_CAP_SYNC_REGS's sync_regs() TOCTOU issues (git-fixes). - KVM: x86/mmu: Include mmu.h in spte.h (git-fixes). - loop: Fix use-after-free issues (bsc#1214991). - loop: loop_set_status_from_info() check before assignment (bsc#1214990). - module: Expose module_init_layout_section() (git-fixes) - net: do not allow gso_size to be set to GSO_BY_FRAGS (git-fixes). - net: mana: Add page pool for RX buffers (bsc#1214040). - net: mana: Configure hwc timeout from hardware (bsc#1214037). - net: usb: qmi_wwan: add Quectel EM05GV2 (git-fixes). - NFS: Guard against READDIR loop when entry names exceed MAXNAMELEN (git-fixes). - nfs/blocklayout: Use the passed in gfp flags (git-fixes). - NFS/pNFS: Report EINVAL errors from connect() to the server (git-fixes). - NFSD: da_addr_body field missing in some GETDEVICEINFO replies (git-fixes). - nfsd: fix change_info in NFSv4 RENAME replies (git-fixes). - nfsd: Fix race to FREE_STATEID and cl_revoked (git-fixes). - NFSv4: Fix dropped lock for racing OPEN and delegation return (git-fixes). - NFSv4: fix out path in __nfs4_get_acl_uncached (git-fixes). - NFSv4.2: fix error handling in nfs42_proc_getxattr (git-fixes). - NFSv4.2: fix handling of COPY ERR_OFFLOAD_NO_REQ (git-fixes). - NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info (git-fixes). - nvme-auth: use chap->s2 to indicate bidirectional authentication (bsc#1214543). - nvme-tcp: add recovery_delay to sysfs (bsc#1201284). - nvme-tcp: delay error recovery until the next KATO interval (bsc#1201284). - nvme-tcp: Do not terminate commands when in RESETTING (bsc#1201284). - nvme-tcp: make 'err_work' a delayed work (bsc#1201284). - platform/x86: intel_scu_ipc: Check status after timeout in busy_loop() (git-fixes). - platform/x86: intel_scu_ipc: Check status upon timeout in ipc_wait_for_interrupt() (git-fixes). - platform/x86: intel_scu_ipc: Do not override scu in intel_scu_ipc_dev_simple_command() (git-fixes). - platform/x86: intel_scu_ipc: Fail IPC send if still busy (git-fixes). - pNFS: Fix assignment of xprtdata.cred (git-fixes). - powerpc/fadump: make is_kdump_kernel() return false when fadump is active (bsc#1212639 ltc#202582). - printk: ringbuffer: Fix truncating buffer size min_t cast (bsc#1215875). - quota: add new helper dquot_active() (bsc#1214998). - quota: factor out dquot_write_dquot() (bsc#1214995). - quota: fix dqput() to follow the guarantees dquot_srcu should provide (bsc#1214963). - quota: fix warning in dqgrab() (bsc#1214962). - quota: Properly disable quotas when add_dquot_ref() fails (bsc#1214961). - quota: rename dquot_active() to inode_quota_active() (bsc#1214997). - RDMA/siw: Fabricate a GID on tun and loopback devices (git-fixes) - scsi: lpfc: Early return after marking final NLP_DROPPED flag in dev_loss_tmo (git-fixes). - scsi: lpfc: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git-fixes). - scsi: lpfc: Prevent use-after-free during rmmod with mapped NVMe rports (git-fixes). - scsi: qedf: Add synchronization between I/O completions and abort (bsc#1210658). - scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes). - scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() (git-fixes). - scsi: storvsc: Handle additional SRB status values (git-fixes). - scsi: zfcp: Fix a double put in zfcp_port_enqueue() (git-fixes bsc#1215941). - selftests: mlxsw: Fix test failure on Spectrum-4 (jsc#PED-1549). - spi: Add TPM HW flow flag (bsc#1213534) - spi: tegra210-quad: Enable TPM wait polling (bsc#1213534) - spi: tegra210-quad: set half duplex flag (bsc#1213534) - SUNRPC: Mark the cred for revalidation if the server rejects it (git-fixes). - tpm_tis_spi: Add hardware wait polling (bsc#1213534) - uapi: stddef.h: Fix __DECLARE_FLEX_ARRAY for C++ (git-fixes). - udf: Fix extension of the last extent in the file (bsc#1214964). - udf: Fix file corruption when appending just after end of preallocated extent (bsc#1214965). - udf: Fix off-by-one error when discarding preallocation (bsc#1214966). - udf: Fix uninitialized array access for some pathnames (bsc#1214967). - Update metadata - usb: ehci: add workaround for chipidea PORTSC.PEC bug (git-fixes). - usb: ehci: move new member has_ci_pec_bug into hole (git-fixes). - vhost_vdpa: fix the crash in unmap a large memory (git-fixes). - vhost-scsi: unbreak any layout for response (git-fixes). - vhost: allow batching hint without size (git-fixes). - vhost: allow batching hint without size (git-fixes). - vhost: fix hung thread due to erroneous iotlb entries (git-fixes). - vhost: handle error while adding split ranges to iotlb (git-fixes). - virtio_net: add checking sq is full inside xdp xmit (git-fixes). - virtio_net: Fix probe failed when modprobe virtio_net (git-fixes). - virtio_net: reorder some funcs (git-fixes). - virtio_net: separate the logic of checking whether sq is full (git-fixes). - virtio_ring: fix avail_wrap_counter in virtqueue_add_packed (git-fixes). - virtio-blk: set req->state to MQ_RQ_COMPLETE after polling I/O is finished (git-fixes). - virtio-mmio: do not break lifecycle of vm_dev (git-fixes). - virtio-net: fix race between set queues and probe (git-fixes). - virtio-net: set queues after driver_ok (git-fixes). - virtio-rng: make device ready before making request (git-fixes). - virtio: acknowledge all features before access (git-fixes). - vmcore: remove dependency with is_kdump_kernel() for exporting vmcore (bsc#1212639 ltc#202582). - x86/coco: Allow CPU online/offline for a TDX VM with the paravisor on Hyper-V (bsc#1206453). - x86/coco: Export cc_vendor (bsc#1206453). - x86/hyperv: Add hv_write_efer() for a TDX VM with the paravisor (bsc#1206453). - x86/hyperv: Add hyperv-specific handling for VMMCALL under SEV-ES (bsc#1206453). - x86/hyperv: Add missing 'inline' to hv_snp_boot_ap() stub (bsc#1206453). - x86/hyperv: Add sev-snp enlightened guest static key (bsc#1206453) - x86/hyperv: Add smp support for SEV-SNP guest (bsc#1206453). - x86/hyperv: Add VTL specific structs and hypercalls (bsc#1206453). - x86/hyperv: Fix serial console interrupts for fully enlightened TDX guests (bsc#1206453). - x86/hyperv: Fix undefined reference to isolation_type_en_snp without CONFIG_HYPERV (bsc#1206453). - x86/hyperv: Introduce a global variable hyperv_paravisor_present (bsc#1206453). - x86/hyperv: Mark hv_ghcb_terminate() as noreturn (bsc#1206453). - x86/hyperv: Mark Hyper-V vp assist page unencrypted in SEV-SNP enlightened guest (bsc#1206453). - x86/hyperv: Move the code in ivm.c around to avoid unnecessary ifdef's (bsc#1206453). - x86/hyperv: Remove hv_isolation_type_en_snp (bsc#1206453). - x86/hyperv: Set Virtual Trust Level in VMBus init message (bsc#1206453). - x86/hyperv: Support hypercalls for fully enlightened TDX guests (bsc#1206453). - x86/hyperv: Use TDX GHCI to access some MSRs in a TDX VM with the paravisor (bsc#1206453). - x86/hyperv: Use vmmcall to implement Hyper-V hypercall in sev-snp enlightened guest (bsc#1206453). - x86/PVH: avoid 32-bit build warning when obtaining VGA console info (git-fixes). - x86/srso: Do not probe microcode in a guest (git-fixes). - x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes). - x86/srso: Fix srso_show_state() side effect (git-fixes). - x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes). - xen: remove a confusing comment on auto-translated guest I/O (git-fixes). - xprtrdma: Remap Receive buffers after a reconnect (git-fixes). kernel-rt-5.14.21-150500.13.21.1.nosrc.rpm True kernel-rt-5.14.21-150500.13.21.1.x86_64.rpm True openSUSE-Leap-Micro-5.5-2023-4054 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for xen fixes the following issues: - CVE-2023-34323: A transaction conflict can crash C Xenstored (XSA-440, bsc#1215744) - CVE-2023-34326: Missing IOMMU TLB flushing (XSA-442, bsc#1215746) - CVE-2023-34325: Multiple vulnerabilities in libfsimage disk handling (XSA-443, bsc#1215747) - CVE-2023-34327: Debug Mask handling (XSA-444, bsc#1215748) - CVE-2023-34328: Debug Mask handling (XSA-444, bsc#1215748) xen-4.17.2_06-150500.3.12.1.src.rpm xen-libs-4.17.2_06-150500.3.12.1.x86_64.rpm openSUSE-Leap-Micro-5.5-2023-4076 important SUSE Updates openSUSE-Leap-Micro 5.5 This update of cni fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). cni-1.1.2-150500.3.2.1.src.rpm cni-1.1.2-150500.3.2.1.x86_64.rpm cni-1.1.2-150500.3.2.1.s390x.rpm cni-1.1.2-150500.3.2.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4075 important SUSE Updates openSUSE-Leap-Micro 5.5 This update of cni-plugins fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). cni-plugins-1.1.1-150500.3.2.1.src.rpm cni-plugins-1.1.1-150500.3.2.1.x86_64.rpm cni-plugins-1.1.1-150500.3.2.1.s390x.rpm cni-plugins-1.1.1-150500.3.2.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4089 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for opensc fixes the following issues: - CVE-2023-40660: Fixed a PIN bypass that could be triggered when cards tracked their own login state (bsc#1215762). - CVE-2023-40661: Fixed several memory safety issues that could happen during the card enrollment process using pkcs15-init (bsc#1215761). opensc-0.22.0-150400.3.6.1.src.rpm opensc-0.22.0-150400.3.6.1.x86_64.rpm opensc-0.22.0-150400.3.6.1.s390x.rpm opensc-0.22.0-150400.3.6.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4105 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for openssl-1_1 fixes the following issues: - Displays "fips" in the version string (bsc#1215215) libopenssl-1_1-devel-1.1.1l-150500.17.19.1.x86_64.rpm libopenssl1_1-1.1.1l-150500.17.19.1.x86_64.rpm libopenssl1_1-hmac-1.1.1l-150500.17.19.1.x86_64.rpm openssl-1_1-1.1.1l-150500.17.19.1.src.rpm openssl-1_1-1.1.1l-150500.17.19.1.x86_64.rpm libopenssl-1_1-devel-1.1.1l-150500.17.19.1.s390x.rpm libopenssl1_1-1.1.1l-150500.17.19.1.s390x.rpm libopenssl1_1-hmac-1.1.1l-150500.17.19.1.s390x.rpm openssl-1_1-1.1.1l-150500.17.19.1.s390x.rpm libopenssl-1_1-devel-1.1.1l-150500.17.19.1.aarch64.rpm libopenssl1_1-1.1.1l-150500.17.19.1.aarch64.rpm libopenssl1_1-hmac-1.1.1l-150500.17.19.1.aarch64.rpm openssl-1_1-1.1.1l-150500.17.19.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4388 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for salt fixes the following issues: Security issues fixed: - CVE-2023-34049: arbitrary code execution via symlink attack (bsc#1215157) Bugs fixed: - Fix optimization_order opt to prevent testsuite fails - Improve salt.utils.json.find_json to avoid fails (bsc#1213293) - Use salt-call from salt bundle with transactional_update - Only call native_str on curl_debug message in tornado when needed - Implement the calling for batch async from the salt CLI - Fix calculation of SLS context vars when trailing dots on targetted sls/state (bsc#1213518) - Rename salt-tests to python3-salt-testsuite - Allow all primitive grain types for autosign_grains (bsc#1214477) python-simplejson-3.17.2-150300.3.4.1.src.rpm True python3-simplejson-3.17.2-150300.3.4.1.x86_64.rpm True python3-simplejson-3.17.2-150300.3.4.1.s390x.rpm True python3-simplejson-3.17.2-150300.3.4.1.aarch64.rpm True openSUSE-Leap-Micro-5.5-2023-4386 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for salt fixes the following issues: Security issues fixed: - CVE-2023-34049: arbitrary code execution via symlink attack (bsc#1215157) Bugs fixed: - Fix optimization_order opt to prevent testsuite fails - Improve salt.utils.json.find_json to avoid fails (bsc#1213293) - Use salt-call from salt bundle with transactional_update - Only call native_str on curl_debug message in tornado when needed - Implement the calling for batch async from the salt CLI - Fix calculation of SLS context vars when trailing dots on targetted sls/state (bsc#1213518) - Rename salt-tests to python3-salt-testsuite - Allow all primitive grain types for autosign_grains (bsc#1214477) python3-salt-3006.0-150500.4.24.2.x86_64.rpm True salt-3006.0-150500.4.24.2.src.rpm True salt-3006.0-150500.4.24.2.x86_64.rpm True salt-minion-3006.0-150500.4.24.2.x86_64.rpm True salt-transactional-update-3006.0-150500.4.24.2.x86_64.rpm True python3-salt-3006.0-150500.4.24.2.s390x.rpm True salt-3006.0-150500.4.24.2.s390x.rpm True salt-minion-3006.0-150500.4.24.2.s390x.rpm True salt-transactional-update-3006.0-150500.4.24.2.s390x.rpm True python3-salt-3006.0-150500.4.24.2.aarch64.rpm True salt-3006.0-150500.4.24.2.aarch64.rpm True salt-minion-3006.0-150500.4.24.2.aarch64.rpm True salt-transactional-update-3006.0-150500.4.24.2.aarch64.rpm True openSUSE-Leap-Micro-5.5-2023-4139 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for containerd, runc fixes the following issues: runc was updated to v1.1.9. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.9 containerd was updated to containerd v1.7.7 for Docker v24.0.6-ce. Upstream release notes: - https://github.com/containerd/containerd/releases/tag/v1.7.7 - https://github.com/containerd/containerd/releases/tag/v1.7.6 bsc#1215323 - Add `Provides: cri-runtime` to use containerd as container runtime in Factory Kubernetes packages containerd-1.7.7-150000.100.1.src.rpm containerd-1.7.7-150000.100.1.x86_64.rpm runc-1.1.9-150000.52.2.src.rpm runc-1.1.9-150000.52.2.x86_64.rpm containerd-1.7.7-150000.100.1.s390x.rpm runc-1.1.9-150000.52.2.s390x.rpm containerd-1.7.7-150000.100.1.aarch64.rpm runc-1.1.9-150000.52.2.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4538 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for screen fixes the following issue: - screen is shipped to SUSE Linux Enterprise Micro 5.3, 5.4 and 5.5. screen-4.6.2-150000.5.5.1.src.rpm screen-4.6.2-150000.5.5.1.x86_64.rpm screen-4.6.2-150000.5.5.1.s390x.rpm screen-4.6.2-150000.5.5.1.ppc64le.rpm screen-4.6.2-150000.5.5.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4268 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for pciutils fixes the following issues: - Buffer overflow error that would cause lspci to crash on systems with complex topologies (bsc#1215265) libpci3-3.5.6-150300.13.6.1.x86_64.rpm pciutils-3.5.6-150300.13.6.1.src.rpm pciutils-3.5.6-150300.13.6.1.x86_64.rpm libpci3-3.5.6-150300.13.6.1.s390x.rpm pciutils-3.5.6-150300.13.6.1.s390x.rpm libpci3-3.5.6-150300.13.6.1.aarch64.rpm pciutils-3.5.6-150300.13.6.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4136 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for suse-module-tools fixes the following issues: - Update to version 15.5.3: - CVE-2023-1829: Blacklisted the Linux kernel tcindex classifier module (bsc#1210335). - CVE-2023-23559: Blacklisted the Linux kernel RNDIS modules (bsc#1205767, jsc#PED-5731). suse-module-tools-15.5.3-150500.3.6.1.src.rpm suse-module-tools-15.5.3-150500.3.6.1.x86_64.rpm suse-module-tools-15.5.3-150500.3.6.1.s390x.rpm suse-module-tools-15.5.3-150500.3.6.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4192 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for libssh2_org fixes the following issues: - Upgrade to version 1.11.0 in SLE-15: [jsc#PED-7040] Update to 1.11.0: * Enhancements and bugfixes - Adds support for encrypt-then-mac (ETM) MACs - Adds support for AES-GCM crypto protocols - Adds support for sk-ecdsa-sha2-nistp256 and sk-ssh-ed25519 keys - Adds support for RSA certificate authentication - Adds FIDO support with *_sk() functions - Adds RSA-SHA2 key upgrading to OpenSSL, WinCNG, mbedTLS, OS400 backends - Adds Agent Forwarding and libssh2_agent_sign() - Adds support for Channel Signal message libssh2_channel_signal_ex() - Adds support to get the user auth banner message libssh2_userauth_banner() - Adds LIBSSH2_NO_{MD5, HMAC_RIPEMD, DSA, RSA, RSA_SHA1, ECDSA, ED25519, AES_CBC, AES_CTR, BLOWFISH, RC4, CAST, 3DES} options - Adds direct stream UNIX sockets with libssh2_channel_direct_streamlocal_ex() - Adds wolfSSL support to CMake file - Adds mbedTLS 3.x support - Adds LibreSSL 3.5 support - Adds support for CMake "unity" builds - Adds CMake support for building shared and static libs in a single pass - Adds symbol hiding support to CMake - Adds support for libssh2.rc for all build tools - Adds .zip, .tar.xz and .tar.bz2 release tarballs - Enables ed25519 key support for LibreSSL 3.7.0 or higher - Improves OpenSSL 1.1 and 3 compatibility - Now requires OpenSSL 1.0.2 or newer - Now requires CMake 3.1 or newer - SFTP: Adds libssh2_sftp_open_ex_r() and libssh2_sftp_open_r() extended APIs - SFTP: No longer has a packet limit when reading a directory - SFTP: now parses attribute extensions if they exist - SFTP: no longer will busy loop if SFTP fails to initialize - SFTP: now clear various errors as expected - SFTP: no longer skips files if the line buffer is too small - SCP: add option to not quote paths - SCP: Enables 64-bit offset support unconditionally - Now skips leading \r and \n characters in banner_receive() - Enables secure memory zeroing with all build tools on all platforms - No longer logs SSH_MSG_REQUEST_FAILURE packets from keepalive - Speed up base64 encoding by 7x - Assert if there is an attempt to write a value that is too large - WinCNG: fix memory leak in _libssh2_dh_secret() - Added protection against possible null pointer dereferences - Agent now handles overly large comment lengths - Now ensure KEX replies don't include extra bytes - Fixed possible buffer overflow when receiving SSH_MSG_USERAUTH_BANNER - Fixed possible buffer overflow in keyboard interactive code path - Fixed overlapping memcpy() - Fixed Windows UWP builds - Fixed DLL import name - Renamed local RANDOM_PADDING macro to avoid unexpected define on Windows - Support for building with gcc versions older than 8 - Improvements to CMake, Makefile, NMakefile, GNUmakefile, autoreconf files - Restores ANSI C89 compliance - Enabled new compiler warnings and fixed/silenced them - Improved error messages - Now uses CIFuzz - Numerous minor code improvements - Improvements to CI builds - Improvements to unit tests - Improvements to doc files - Improvements to example files - Removed "old gex" build option - Removed no-encryption/no-mac builds - Removed support for NetWare and Watcom wmake build files - Bump to version 1.10.0 * Enhancements and bugfixes: * support ECDSA certificate authentication * fix detailed _libssh2_error being overwritten by generic errors * unified error handling * fix _libssh2_random() silently discarding errors * don't error if using keys without RSA * avoid OpenSSL latent error in FIPS mode * fix EVP_Cipher interface change in openssl 3 * fix potential overwrite of buffer when reading stdout of command * use string_buf in ecdh_sha2_nistp() to avoid attempting to parse malformed data * correct a typo which may lead to stack overflow * fix random big number generation to match openssl * added key exchange group16-sha512 and group18-sha512. * add support for an OSS Fuzzer fuzzing target * adds support for ECDSA for both key exchange and host key algorithms * clean up curve25519 code * update the min, preferred and max DH group values based on RFC 8270. * changed type of LIBSSH2_FX_* constants to unsigned long * added diffie-hellman-group14-sha256 kex * fix for use of uninitialized aes_ctr_cipher.key_len when using HAVE_OPAQUE_STRUCTS, regression * fixes memory leaks and use after free AES EVP_CIPHER contexts when using OpenSSL 1.0.x. * fixes crash with delayed compression option using Bitvise server. * adds support for PKIX key reading * use new API to parse data in packet_x11_open() for better bounds checking. * double the static buffer size when reading and writing known hosts * improved bounds checking in packet_queue_listener * improve message parsing (CVE-2019-17498) * improve bounds checking in kex_agree_methods() * adding SSH agent forwarding. * fix agent forwarding message, updated example. * added integration test code and cmake target. Added example to cmake list. * don't call `libssh2_crypto_exit()` until `_libssh2_initialized` count is down to zero. * add an EWOULDBLOCK check for better portability * fix off by one error when loading public keys with no id * fix use-after-free crash on reinitialization of openssl backend * preserve error info from agent_list_identities() * make sure the error code is set in _libssh2_channel_open() * fixed misspellings * fix potential typecast error for `_libssh2_ecdsa_key_get_curve_type` * rename _libssh2_ecdsa_key_get_curve_type to _libssh2_ecdsa_get_curve_type libssh2-1-1.11.0-150000.4.19.1.x86_64.rpm libssh2_org-1.11.0-150000.4.19.1.src.rpm libssh2-1-1.11.0-150000.4.19.1.s390x.rpm libssh2-1-1.11.0-150000.4.19.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4200 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) libnghttp2-14-1.40.0-150200.12.1.x86_64.rpm nghttp2-1.40.0-150200.12.1.src.rpm libnghttp2-14-1.40.0-150200.12.1.s390x.rpm libnghttp2-14-1.40.0-150200.12.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4225 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for zchunk fixes the following issues: - CVE-2023-46228: Fixed a handle overflow errors in malformed zchunk files. (bsc#1216268) libzck1-1.1.16-150400.3.7.1.x86_64.rpm zchunk-1.1.16-150400.3.7.1.src.rpm libzck1-1.1.16-150400.3.7.1.s390x.rpm libzck1-1.1.16-150400.3.7.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4215 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). libz1-1.2.13-150500.4.3.1.x86_64.rpm zlib-1.2.13-150500.4.3.1.src.rpm zlib-devel-1.2.13-150500.4.3.1.x86_64.rpm libz1-1.2.13-150500.4.3.1.s390x.rpm zlib-devel-1.2.13-150500.4.3.1.s390x.rpm libz1-1.2.13-150500.4.3.1.aarch64.rpm zlib-devel-1.2.13-150500.4.3.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4310 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir libtirpc-1.3.4-150300.3.20.1.src.rpm libtirpc-netconfig-1.3.4-150300.3.20.1.x86_64.rpm libtirpc3-1.3.4-150300.3.20.1.x86_64.rpm libtirpc-netconfig-1.3.4-150300.3.20.1.s390x.rpm libtirpc3-1.3.4-150300.3.20.1.s390x.rpm libtirpc-netconfig-1.3.4-150300.3.20.1.aarch64.rpm libtirpc3-1.3.4-150300.3.20.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4227 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for open-vm-tools fixes the following issues: - CVE-2023-34058: Fixed a SAML token signature bypass issue (bsc#1216432). - CVE-2023-34059: Fixed a privilege escalation issue through vmware-user-suid-wrapper (bsc#1216433). libvmtools0-12.3.0-150300.43.1.x86_64.rpm open-vm-tools-12.3.0-150300.43.1.src.rpm open-vm-tools-12.3.0-150300.43.1.x86_64.rpm openSUSE-Leap-Micro-5.5-2023-4583 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for python-psutil, python-requests fixes the following issues: - update python-psutil to 5.9.1 (bsc#1199282, bsc#1184753, jsc#SLE-24629, jsc#PM-3243, gh#giampaolo/psutil#2043) - Fix tests: setuptools changed the builddir library path and does not find the module from it. Use the installed platlib instead and exclude psutil.tests only later. - remove the dependency on net-tools, since it conflicts with busybox-hostnmame which is default on MicroOS - Update python-requests to 2.25.1 (bsc#1176785, bsc#1170175, jsc#ECO-3105, jsc#PM-2352, jsc#PED-7192) - Fixed bug with unintended Authorization header stripping for redirects using default ports (bsc#1111622). python-psutil-5.9.1-150300.3.6.1.src.rpm python-requests-2.25.1-150300.3.6.1.src.rpm python3-psutil-5.9.1-150300.3.6.1.x86_64.rpm python3-requests-2.25.1-150300.3.6.1.noarch.rpm python3-psutil-5.9.1-150300.3.6.1.s390x.rpm python3-psutil-5.9.1-150300.3.6.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4534 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for libzypp, zypper fixes the following issues: - Preliminary disable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091) - Fix comment typo on zypp.conf (bsc#1215979) - Attempt to delay %transfiletrigger(postun|in) execution if rpm supports it (bsc#1041742) - Make sure the old target is deleted before a new one is created (bsc#1203760) - Return 104 also if info suggests near matches - Rephrase upgrade message for openSUSE Tumbleweed (bsc#1212422) - commit: Insert a headline to separate output of different rpm scripts (bsc#1041742) libzypp-17.31.22-150400.3.43.1.src.rpm True libzypp-17.31.22-150400.3.43.1.x86_64.rpm True zypper-1.14.66-150400.3.35.1.src.rpm True zypper-1.14.66-150400.3.35.1.x86_64.rpm True zypper-needs-restarting-1.14.66-150400.3.35.1.noarch.rpm True libzypp-17.31.22-150400.3.43.1.s390x.rpm True zypper-1.14.66-150400.3.35.1.s390x.rpm True libzypp-17.31.22-150400.3.43.1.aarch64.rpm True zypper-1.14.66-150400.3.35.1.aarch64.rpm True openSUSE-Leap-Micro-5.5-2023-4467 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for python-urllib3 fixes the following issues: - CVE-2023-45803: Fix a request body leak that could occur when receiving a 303 HTTP response (bsc#1216377). python-urllib3-1.25.10-150300.4.9.1.src.rpm python3-urllib3-1.25.10-150300.4.9.1.noarch.rpm openSUSE-Leap-Micro-5.5-2023-4503 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for avahi fixes the following issues: - CVE-2023-38470: Ensure each label is at least one byte long (bsc#1215947). - CVE-2023-38473: Fixed a reachable assertion when parsing a host name (bsc#1216419). avahi-0.8-150400.7.10.1.src.rpm avahi-0.8-150400.7.10.1.x86_64.rpm libavahi-client3-0.8-150400.7.10.1.x86_64.rpm libavahi-common3-0.8-150400.7.10.1.x86_64.rpm libavahi-core7-0.8-150400.7.10.1.x86_64.rpm avahi-0.8-150400.7.10.1.s390x.rpm libavahi-client3-0.8-150400.7.10.1.s390x.rpm libavahi-common3-0.8-150400.7.10.1.s390x.rpm libavahi-core7-0.8-150400.7.10.1.s390x.rpm avahi-0.8-150400.7.10.1.aarch64.rpm libavahi-client3-0.8-150400.7.10.1.aarch64.rpm libavahi-common3-0.8-150400.7.10.1.aarch64.rpm libavahi-core7-0.8-150400.7.10.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4375 important SUSE Updates openSUSE-Leap-Micro 5.5 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215095) - CVE-2023-46813: Fixed a local privilege escalation with user-space programs that have access to MMIO regions (bsc#1212649). - CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize) that could cause a local DoS. (bsc#1210778) - CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860). - CVE-2023-5178: Fixed an use-after-free and a double-free flaw that could allow a malicious user to execute a remote code execution. (bsc#1215768) - CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215518) - CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745). - CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046) - CVE-2023-39191: Fixed a lack of validation of dynamic pointers within user-supplied eBPF programs that may have allowed an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code. (bsc#1215863) The following non-security bugs were fixed: - 9p: virtio: make sure 'offs' is initialized in zc_request (git-fixes). - ACPI: irq: Fix incorrect return value in acpi_register_gsi() (git-fixes). - ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA (git-fixes). - ALSA: hda/realtek - ALC287 I2S speaker platform support (git-fixes). - ALSA: hda/realtek - ALC287 merge RTK codec with CS CS35L41 AMP (git-fixes). - ALSA: hda/realtek - Fixed ASUS platform headset Mic issue (git-fixes). - ALSA: hda/realtek - Fixed two speaker platform (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS ROG GU603ZV (git-fixes). - ALSA: hda/realtek: Change model for Intel RVP board (git-fixes). - ALSA: hda/relatek: Enable Mute LED on HP Laptop 15s-fq5xxx (git-fixes). - ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre M70q (git-fixes). - ALSA: hda: intel-dsp-cfg: add LunarLake support (git-fixes). - ALSA: hda: intel-sdw-acpi: Use u8 type for link index (git-fixes). - ALSA: usb-audio: Fix microphone sound on Nexigo webcam (git-fixes). - ALSA: usb-audio: Fix microphone sound on Opencomm2 Headset (git-fixes). - ASoC: amd: yc: Fix non-functional mic on Lenovo 82YM (git-fixes). - ASoC: codecs: wcd938x-sdw: fix runtime PM imbalance on probe errors (git-fixes). - ASoC: codecs: wcd938x-sdw: fix use after free on driver unbind (git-fixes). - ASoC: codecs: wcd938x: drop bogus bind error handling (git-fixes). - ASoC: codecs: wcd938x: fix unbind tear down order (git-fixes). - ASoC: fsl: imx-pcm-rpmsg: Add SNDRV_PCM_INFO_BATCH flag (git-fixes). - ASoC: imx-rpmsg: Set ignore_pmdown_time for dai_link (git-fixes). - ASoC: pxa: fix a memory leak in probe() (git-fixes). - Bluetooth: Avoid redundant authentication (git-fixes). - Bluetooth: Fix a refcnt underflow problem for hci_conn (git-fixes). - Bluetooth: ISO: Fix handling of listen for unicast (git-fixes). - Bluetooth: Reject connection with the device which has same BD_ADDR (git-fixes). - Bluetooth: avoid memcmp() out of bounds warning (git-fixes). - Bluetooth: btusb: add shutdown function for QCA6174 (git-fixes). - Bluetooth: hci_codec: Fix leaking content of local_codecs (git-fixes). - Bluetooth: hci_event: Fix coding style (git-fixes). - Bluetooth: hci_event: Fix using memcmp when comparing keys (git-fixes). - Bluetooth: hci_event: Ignore NULL link key (git-fixes). - Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name (git-fixes). - Bluetooth: hci_sock: fix slab oob read in create_monitor_event (git-fixes). - Bluetooth: vhci: Fix race when opening vhci device (git-fixes). - Documentation: qat: change kernel version (PED-6401). - Documentation: qat: rewrite description (PED-6401). - Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (git-fixes). - Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs (git-fixes). - HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event (git-fixes). - HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit (git-fixes). - HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect (git-fixes). - HID: multitouch: Add required quirk for Synaptics 0xcd7e device (git-fixes). - HID: sony: Fix a potential memory leak in sony_probe() (git-fixes). - HID: sony: remove duplicate NULL check before calling usb_free_urb() (git-fixes). - IB/mlx4: Fix the size of a buffer in add_port_entries() (git-fixes) - Input: goodix - ensure int GPIO is in input for gpio_count == 1 && gpio_int_idx == 0 case (git-fixes). - Input: powermate - fix use-after-free in powermate_config_complete (git-fixes). - Input: psmouse - fix fast_reconnect function for PS/2 mode (git-fixes). - Input: xpad - add PXN V900 support (git-fixes). - KVM: SVM: Do not kill SEV guest if SMAP erratum triggers in usermode (git-fixes). - KVM: SVM: INTERCEPT_RDTSCP is never intercepted anyway (git-fixes). - KVM: s390: fix gisa destroy operation might lead to cpu stalls (git-fixes bsc#1216512). - KVM: x86/mmu: Reconstruct shadow page root if the guest PDPTEs is changed (git-fixes). - KVM: x86: Fix clang -Wimplicit-fallthrough in do_host_cpuid() (git-fixes). - KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (bsc#1213772). - KVM: x86: Propagate the AMD Automatic IBRS feature to the guest (bsc#1213772). - KVM: x86: add support for CPUID leaf 0x80000021 (bsc#1213772). - KVM: x86: synthesize CPUID leaf 0x80000021h if useful (bsc#1213772). - KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes). - NFS: Fix O_DIRECT locking issues (bsc#1211162). - NFS: Fix a few more clear_bit() instances that need release semantics (bsc#1211162). - NFS: Fix a potential data corruption (bsc#1211162). - NFS: Fix a use after free in nfs_direct_join_group() (bsc#1211162). - NFS: Fix error handling for O_DIRECT write scheduling (bsc#1211162). - NFS: More O_DIRECT accounting fixes for error paths (bsc#1211162). - NFS: More fixes for nfs_direct_write_reschedule_io() (bsc#1211162). - NFS: Use the correct commit info in nfs_join_page_group() (bsc#1211162). - NFS: only issue commit in DIO codepath if we have uncommitted data (bsc#1211162). - NFSD: Never call nfsd_file_gc() in foreground paths (bsc#1215545). - RDMA/cma: Fix truncation compilation warning in make_cma_ports (git-fixes) - RDMA/cma: Initialize ib_sa_multicast structure to 0 when join (git-fixes) - RDMA/core: Require admin capabilities to set system parameters (git-fixes) - RDMA/cxgb4: Check skb value for failure to allocate (git-fixes) - RDMA/mlx5: Fix NULL string error (git-fixes) - RDMA/mlx5: Fix mutex unlocking on error flow for steering anchor creation (git-fixes) - RDMA/siw: Fix connection failure handling (git-fixes) - RDMA/srp: Do not call scsi_done() from srp_abort() (git-fixes) - RDMA/uverbs: Fix typo of sizeof argument (git-fixes) - arm64/smmu: use TLBI ASID when invalidating entire range (bsc#1215921) - ata: libata-core: Do not register PM operations for SAS ports (git-fixes). - ata: libata-core: Fix ata_port_request_pm() locking (git-fixes). - ata: libata-core: Fix port and device removal (git-fixes). - ata: libata-sata: increase PMP SRST timeout to 10s (git-fixes). - ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES (git-fixes). - blk-cgroup: Fix NULL deref caused by blkg_policy_data being installed before init (bsc#1216062). - blk-cgroup: support to track if policy is online (bsc#1216062). - bonding: Fix extraction of ports from the packet headers (bsc#1214754). - bonding: Return pointer to data after pull on skb (bsc#1214754). - bonding: do not assume skb mac_header is set (bsc#1214754). - bpf: Add copy_map_value_long to copy to remote percpu memory (git-fixes). - bpf: Add missing btf_put to register_btf_id_dtor_kfuncs (git-fixes). - bpf: Add override check to kprobe multi link attach (git-fixes). - bpf: Add zero_map_value to zero map value with special fields (git-fixes). - bpf: Cleanup check_refcount_ok (git-fixes). - bpf: Fix max stack depth check for async callbacks (git-fixes). - bpf: Fix offset calculation error in __copy_map_value and zero_map_value (git-fixes). - bpf: Fix ref_obj_id for dynptr data slices in verifier (git-fixes). - bpf: Fix resetting logic for unreferenced kptrs (git-fixes). - bpf: Fix subprog idx logic in check_max_stack_depth (git-fixes). - bpf: Gate dynptr API behind CAP_BPF (git-fixes). - bpf: Prevent decl_tag from being referenced in func_proto arg (git-fixes). - bpf: Repeat check_max_stack_depth for async callbacks (git-fixes). - bpf: Tighten ptr_to_btf_id checks (git-fixes). - bpf: fix precision propagation verbose logging (git-fixes). - bpf: prevent decl_tag from being referenced in func_proto (git-fixes). - bpf: propagate precision across all frames, not just the last one (git-fixes). - bpf: propagate precision in ALU/ALU64 operations (git-fixes). - bpf: propagate precision in ALU/ALU64 operations (git-fixes). - btf: Export bpf_dynptr definition (git-fixes). - btrfs: do not start transaction for scrub if the fs is mounted read-only (bsc#1214874). - bus: ti-sysc: Fix missing AM35xx SoC matching (git-fixes). - bus: ti-sysc: Use fsleep() instead of usleep_range() in sysc_reset() (git-fixes). - ceph: add base64 endcoding routines for encrypted names (jsc#SES-1880). - ceph: add encryption support to writepage and writepages (jsc#SES-1880). - ceph: add fscrypt ioctls and ceph.fscrypt.auth vxattr (jsc#SES-1880). - ceph: add helpers for converting names for userland presentation (jsc#SES-1880). - ceph: add infrastructure for file encryption and decryption (jsc#SES-1880). - ceph: add new mount option to enable sparse reads (jsc#SES-1880). - ceph: add object version support for sync read (jsc#SES-1880). - ceph: add read/modify/write to ceph_sync_write (jsc#SES-1880). - ceph: add some fscrypt guardrails (jsc#SES-1880). - ceph: add support for encrypted snapshot names (jsc#SES-1880). - ceph: add support to readdir for encrypted names (jsc#SES-1880). - ceph: add truncate size handling support for fscrypt (jsc#SES-1880). - ceph: align data in pages in ceph_sync_write (jsc#SES-1880). - ceph: allow encrypting a directory while not having Ax caps (jsc#SES-1880). - ceph: create symlinks with encrypted and base64-encoded targets (jsc#SES-1880). - ceph: decode alternate_name in lease info (jsc#SES-1880). - ceph: do not use special DIO path for encrypted inodes (jsc#SES-1880). - ceph: drop messages from MDS when unmounting (jsc#SES-1880). - ceph: encode encrypted name in ceph_mdsc_build_path and dentry release (jsc#SES-1880). - ceph: fix incorrect revoked caps assert in ceph_fill_file_size() (bsc#1216322). - ceph: fix type promotion bug on 32bit systems (bsc#1216324). - ceph: fix updating i_truncate_pagecache_size for fscrypt (jsc#SES-1880). - ceph: fscrypt_auth handling for ceph (jsc#SES-1880). - ceph: handle fscrypt fields in cap messages from MDS (jsc#SES-1880). - ceph: implement -o test_dummy_encryption mount option (jsc#SES-1880). - ceph: invalidate pages when doing direct/sync writes (jsc#SES-1880). - ceph: make ceph_fill_trace and ceph_get_name decrypt names (jsc#SES-1880). - ceph: make ceph_msdc_build_path use ref-walk (jsc#SES-1880). - ceph: make d_revalidate call fscrypt revalidator for encrypted dentries (jsc#SES-1880). - ceph: make ioctl cmds more readable in debug log (jsc#SES-1880). - ceph: make num_fwd and num_retry to __u32 (jsc#SES-1880). - ceph: mark directory as non-complete after loading key (jsc#SES-1880). - ceph: pass the request to parse_reply_info_readdir() (jsc#SES-1880). - ceph: plumb in decryption during reads (jsc#SES-1880). - ceph: preallocate inode for ops that may create one (jsc#SES-1880). - ceph: prevent snapshot creation in encrypted locked directories (jsc#SES-1880). - ceph: remove unnecessary check for NULL in parse_longname() (bsc#1216333). - ceph: send alternate_name in MClientRequest (jsc#SES-1880). - ceph: set DCACHE_NOKEY_NAME flag in ceph_lookup/atomic_open() (jsc#SES-1880). - ceph: size handling in MClientRequest, cap updates and inode traces (jsc#SES-1880). - ceph: switch ceph_lookup/atomic_open() to use new fscrypt helper (jsc#SES-1880). - ceph: use osd_req_op_extent_osd_iter for netfs reads (jsc#SES-1880). - ceph: voluntarily drop Xx caps for requests those touch parent mtime (jsc#SES-1880). - ceph: wait for OSD requests' callbacks to finish when unmounting (jsc#SES-1880). - cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem (bsc#1215955). - cgroup: Remove duplicates in cgroup v1 tasks file (bsc#1211307). - clk: tegra: fix error return case for recalc_rate (git-fixes). - counter: microchip-tcb-capture: Fix the use of internal GCLK logic (git-fixes). - crypto: qat - Include algapi.h for low-level Crypto API (PED-6401). - crypto: qat - Remove unused function declarations (PED-6401). - crypto: qat - add fw_counters debugfs file (PED-6401). - crypto: qat - add heartbeat counters check (PED-6401). - crypto: qat - add heartbeat feature (PED-6401). - crypto: qat - add internal timer for qat 4xxx (PED-6401). - crypto: qat - add measure clock frequency (PED-6401). - crypto: qat - add missing function declaration in adf_dbgfs.h (PED-6401). - crypto: qat - add qat_zlib_deflate (PED-6401). - crypto: qat - add support for 402xx devices (PED-6401). - crypto: qat - change value of default idle filter (PED-6401). - crypto: qat - delay sysfs initialization (PED-6401). - crypto: qat - do not export adf_init_admin_pm() (PED-6401). - crypto: qat - drop log level of msg in get_instance_node() (PED-6401). - crypto: qat - drop obsolete heartbeat interface (PED-6401). - crypto: qat - drop redundant adf_enable_aer() (PED-6401). - crypto: qat - expose pm_idle_enabled through sysfs (PED-6401). - crypto: qat - extend buffer list logic interface (PED-6401). - crypto: qat - extend configuration for 4xxx (PED-6401). - crypto: qat - fix apply custom thread-service mapping for dc service (PED-6401). - crypto: qat - fix concurrency issue when device state changes (PED-6401). - crypto: qat - fix crypto capability detection for 4xxx (PED-6401). - crypto: qat - fix spelling mistakes from 'bufer' to 'buffer' (PED-6401). - crypto: qat - make fw images name constant (PED-6401). - crypto: qat - make state machine functions static (PED-6401). - crypto: qat - move dbgfs init to separate file (PED-6401). - crypto: qat - move returns to default case (PED-6401). - crypto: qat - refactor device restart logic (PED-6401). - crypto: qat - refactor fw config logic for 4xxx (PED-6401). - crypto: qat - remove ADF_STATUS_PF_RUNNING flag from probe (PED-6401). - crypto: qat - replace state machine calls (PED-6401). - crypto: qat - replace the if statement with min() (PED-6401). - crypto: qat - set deprecated capabilities as reserved (PED-6401). - crypto: qat - unmap buffer before free for DH (PED-6401). - crypto: qat - unmap buffers before free for RSA (PED-6401). - crypto: qat - update slice mask for 4xxx devices (PED-6401). - crypto: qat - use kfree_sensitive instead of memset/kfree() (PED-6401). - dmaengine: idxd: use spin_lock_irqsave before wait_event_lock_irq (git-fixes). - dmaengine: mediatek: Fix deadlock caused by synchronize_irq() (git-fixes). - dmaengine: stm32-mdma: abort resume if no ongoing transfer (git-fixes). - drm/amd/display: Do not check registers, if using AUX BL control (git-fixes). - drm/amd/display: Do not set dpms_off for seamless boot (git-fixes). - drm/amd/pm: add unique_id for gc 11.0.3 (git-fixes). - drm/amd: Fix detection of _PR3 on the PCIe root port (git-fixes). - drm/amdgpu/nbio4.3: set proper rmmio_remap.reg_offset for SR-IOV (git-fixes). - drm/amdgpu/soc21: do not remap HDP registers for SR-IOV (git-fixes). - drm/amdgpu: Handle null atom context in VBIOS info ioctl (git-fixes). - drm/amdgpu: add missing NULL check (git-fixes). - drm/amdkfd: Flush TLB after unmapping for GFX v9.4.3 (git-fixes). - drm/amdkfd: Insert missing TLB flush on GFX10 and later (git-fixes). - drm/amdkfd: Use gpu_offset for user queue's wptr (git-fixes). - drm/atomic-helper: relax unregistered connector check (git-fixes). - drm/bridge: ti-sn65dsi83: Do not generate HFP/HBP/HSA and EOT packet (git-fixes). - drm/i915/gt: Fix reservation address in ggtt_reserve_guc_top (git-fixes). - drm/i915/pmu: Check if pmu is closed before stopping event (git-fixes). - drm/i915: Retry gtt fault when out of fence registers (git-fixes). - drm/mediatek: Correctly free sg_table in gem prime vmap (git-fixes). - drm/msm/dp: do not reinitialize phy unless retry during link training (git-fixes). - drm/msm/dpu: change _dpu_plane_calc_bw() to use u64 to avoid overflow (git-fixes). - drm/msm/dsi: fix irq_of_parse_and_map() error checking (git-fixes). - drm/msm/dsi: skip the wait for video mode done if not applicable (git-fixes). - drm/vmwgfx: fix typo of sizeof argument (git-fixes). - drm: panel-orientation-quirks: Add quirk for One Mix 2S (git-fixes). - firmware/imx-dsp: Fix use_after_free in imx_dsp_setup_channels() (git-fixes). - firmware: arm_ffa: Do not set the memory region attributes for MEM_LEND (git-fixes). - firmware: imx-dsp: Fix an error handling path in imx_dsp_setup_channels() (git-fixes). - fix x86/mm: print the encryption features in hyperv is disabled - fprobe: Ensure running fprobe_exit_handler() finished before calling rethook_free() (git-fixes). - fscrypt: new helper function - fscrypt_prepare_lookup_partial() (jsc#SES-1880). - gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config() (git-fixes). - gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip (git-fixes). - gpio: pxa: disable pinctrl calls for MMP_GPIO (git-fixes). - gpio: tb10x: Fix an error handling path in tb10x_gpio_probe() (git-fixes). - gpio: timberdale: Fix potential deadlock on &tgpio->lock (git-fixes). - gpio: vf610: set value before the direction to avoid a glitch (git-fixes). - gve: Do not fully free QPL pages on prefill errors (git-fixes). - i2c: aspeed: Fix i2c bus hang in slave read (git-fixes). - i2c: i801: unregister tco_pdev in i801_probe() error path (git-fixes). - i2c: mux: Avoid potential false error message in i2c_mux_add_adapter (git-fixes). - i2c: mux: demux-pinctrl: check the return value of devm_kstrdup() (git-fixes). - i2c: mux: gpio: Add missing fwnode_handle_put() (git-fixes). - i2c: mux: gpio: Replace custom acpi_get_local_address() (git-fixes). - i2c: muxes: i2c-demux-pinctrl: Use of_get_i2c_adapter_by_node() (git-fixes). - i2c: muxes: i2c-mux-gpmux: Use of_get_i2c_adapter_by_node() (git-fixes). - i2c: muxes: i2c-mux-pinctrl: Use of_get_i2c_adapter_by_node() (git-fixes). - i2c: npcm7xx: Fix callback completion ordering (git-fixes). - i2c: stm32f7: Fix PEC handling in case of SMBUS transfers (git-fixes). - ieee802154: ca8210: Fix a potential UAF in ca8210_probe (git-fixes). - iio: adc: xilinx-xadc: Correct temperature offset/scale for UltraScale (git-fixes). - iio: adc: xilinx-xadc: Do not clobber preset voltage/temperature thresholds (git-fixes). - iio: exynos-adc: request second interupt only when touchscreen mode is used (git-fixes). - iio: pressure: bmp280: Fix NULL pointer exception (git-fixes). - iio: pressure: dps310: Adjust Timeout Settings (git-fixes). - iio: pressure: ms5611: ms5611_prom_is_valid false negative bug (git-fixes). - intel x86 platform vsec kABI workaround (bsc#1216202). - io_uring/fs: remove sqe->rw_flags checking from LINKAT (git-fixes). - io_uring/rw: defer fsnotify calls to task context (git-fixes). - io_uring/rw: ensure kiocb_end_write() is always called (git-fixes). - io_uring/rw: remove leftover debug statement (git-fixes). - io_uring: Replace 0-length array with flexible array (git-fixes). - io_uring: ensure REQ_F_ISREG is set async offload (git-fixes). - io_uring: fix fdinfo sqe offsets calculation (git-fixes). - io_uring: fix memory leak when removing provided buffers (git-fixes). - iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback (bsc#1212423). - iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback (bsc#1212423). - iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support (bsc#1212423). - iommu/arm-smmu-v3: Fix soft lockup triggered by (bsc#1215921) - kABI: fix bpf Tighten-ptr_to_btf_id checks (git-fixes). - kabi: blkcg_policy_data fix KABI (bsc#1216062). - kabi: workaround for enum nft_trans_phase (bsc#1215104). - kprobes: Prohibit probing on CFI preamble symbol (git-fixes). - leds: Drop BUG_ON check for LED_COLOR_ID_MULTI (git-fixes). - libceph: add CEPH_OSD_OP_ASSERT_VER support (jsc#SES-1880). - libceph: add new iov_iter-based ceph_msg_data_type and ceph_osd_data_type (jsc#SES-1880). - libceph: add sparse read support to OSD client (jsc#SES-1880). - libceph: add sparse read support to msgr1 (jsc#SES-1880). - libceph: add spinlock around osd->o_requests (jsc#SES-1880). - libceph: allow ceph_osdc_new_request to accept a multi-op read (jsc#SES-1880). - libceph: define struct ceph_sparse_extent and add some helpers (jsc#SES-1880). - libceph: new sparse_read op, support sparse reads on msgr2 crc codepath (jsc#SES-1880). - libceph: support sparse reads on msgr2 secure codepath (jsc#SES-1880). - libceph: use kernel_connect() (bsc#1216323). - misc: fastrpc: Clean buffers on remote invocation failures (git-fixes). - mm, memcg: reconsider kmem.limit_in_bytes deprecation (bsc#1208788 bsc#1213705). - mmc: core: Capture correct oemid-bits for eMMC cards (git-fixes). - mmc: core: sdio: hold retuning if sdio in 1-bit mode (git-fixes). - mmc: mtk-sd: Use readl_poll_timeout_atomic in msdc_reset_hw (git-fixes). - mtd: physmap-core: Restore map_rom fallback (git-fixes). - mtd: rawnand: arasan: Ensure program page operations are successful (git-fixes). - mtd: rawnand: marvell: Ensure program page operations are successful (git-fixes). - mtd: rawnand: pl353: Ensure program page operations are successful (git-fixes). - mtd: rawnand: qcom: Unmap the right resource upon probe failure (git-fixes). - mtd: spinand: micron: correct bitmask for ecc status (git-fixes). - net/sched: fix netdevice reference leaks in attach_default_qdiscs() (git-fixes). - net: ieee802154: adf7242: Fix some potential buffer overflow in adf7242_stats_show() (git-fixes). - net: mana: Fix TX CQE error handling (bsc#1215986). - net: mana: Fix oversized sge0 for GSO packets (bsc#1215986). - net: nfc: llcp: Add lock when modifying device list (git-fixes). - net: rfkill: gpio: prevent value glitch during probe (git-fixes). - net: sched: add barrier to fix packet stuck problem for lockless qdisc (bsc#1216345). - net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (bsc#1216345). - net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read (git-fixes). - net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git-fixes). - net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git-fixes). - net: usb: smsc95xx: Fix an error code in smsc95xx_reset() (git-fixes). - net: usb: smsc95xx: Fix uninit-value access in smsc95xx_read_reg (git-fixes). - net: use sk_is_tcp() in more places (git-fixes). - netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain (git-fixes). - netfilter: nf_tables: unbind non-anonymous set if rule construction fails (git-fixes). - nfc: nci: assert requested protocol is valid (git-fixes). - nfc: nci: fix possible NULL pointer dereference in send_acknowledge() (git-fixes). - nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() (git-fixes). - nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() (bsc#1214842). - phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins (git-fixes). - phy: mapphone-mdm6600: Fix runtime PM for remove (git-fixes). - phy: mapphone-mdm6600: Fix runtime disable on probe (git-fixes). - pinctrl: avoid unsafe code pattern in find_pinctrl() (git-fixes). - pinctrl: renesas: rzn1: Enable missing PINMUX (git-fixes). - platform/surface: platform_profile: Propagate error if profile registration fails (git-fixes). - platform/x86/intel/pmt: Ignore uninitialized entries (bsc#1216202). - platform/x86/intel/pmt: telemetry: Fix fixed region handling (bsc#1216202). - platform/x86/intel/vsec: Rework early hardware code (bsc#1216202). - platform/x86/intel: Fix 'rmmod pmt_telemetry' panic (bsc#1216202). - platform/x86/intel: Fix pmt_crashlog array reference (bsc#1216202). - platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e (git-fixes). - platform/x86: asus-wmi: Map 0x2a code, Ignore 0x2b and 0x2c events (git-fixes). - platform/x86: think-lmi: Fix reference leak (git-fixes). - platform/x86: touchscreen_dmi: Add info for the Positivo C4128B (git-fixes). - power: supply: ucs1002: fix error code in ucs1002_get_property() (git-fixes). - quota: Fix slow quotaoff (bsc#1216621). - r8152: Cancel hw_phy_work if we have an error in probe (git-fixes). - r8152: Increase USB control msg timeout to 5000ms as per spec (git-fixes). - r8152: Release firmware if we have an error in probe (git-fixes). - r8152: Run the unload routine if we have errors during probe (git-fixes). - r8152: check budget for r8152_poll() (git-fixes). - regmap: fix NULL deref on lookup (git-fixes). - regmap: rbtree: Fix wrong register marked as in-cache when creating new node (git-fixes). - ring-buffer: Avoid softlockup in ring_buffer_resize() (git-fixes). - ring-buffer: Do not attempt to read past "commit" (git-fixes). - ring-buffer: Fix bytes info in per_cpu buffer stats (git-fixes). - ring-buffer: Update "shortest_full" in polling (git-fixes). - s390/cio: fix a memleak in css_alloc_subchannel (git-fixes bsc#1216510). - s390/pci: fix iommu bitmap allocation (git-fixes bsc#1216511). - s390: add z16 elf platform (git-fixes LTC#203789 bsc#1215956 LTC#203788 bsc#1215957). - sched/cpuset: Bring back cpuset_mutex (bsc#1215955). - sched/deadline,rt: Remove unused parameter from pick_next_[rt|dl]_entity() (git fixes (sched)). - sched/rt: Fix live lock between select_fallback_rq() and RT push (git fixes (sched)). - sched/rt: Fix sysctl_sched_rr_timeslice intial value (git fixes (sched)). - scsi: be2iscsi: Add length check when parsing nlattrs (git-fixes). - scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock (git-fixes). - scsi: iscsi: Add length check for nlattr payload (git-fixes). - scsi: iscsi: Add strlen() check in iscsi_if_set{_host}_param() (git-fixes). - scsi: iscsi_tcp: restrict to TCP sockets (git-fixes). - scsi: mpi3mr: Propagate sense data for admin queue SCSI I/O (git-fixes). - scsi: mpt3sas: Perform additional retries if doorbell read returns 0 (git-fixes). - scsi: pm8001: Setup IRQs on resume (git-fixes). - scsi: qedf: Do not touch __user pointer in qedf_dbg_debug_cmd_read() directly (git-fixes). - scsi: qedf: Do not touch __user pointer in qedf_dbg_fp_int_cmd_read() directly (git-fixes). - scsi: qedf: Do not touch __user pointer in qedf_dbg_stop_io_on_error_cmd_read() directly (git-fixes). - scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock (git-fixes). - scsi: qla4xxx: Add length check when parsing nlattrs (git-fixes). - selftests/bpf: Add more tests for check_max_stack_depth bug (git-fixes). - selftests/bpf: Add reproducer for decl_tag in func_proto argument (git-fixes). - selftests/bpf: Add reproducer for decl_tag in func_proto return type (git-fixes). - selftests/bpf: Add selftest for check_stack_max_depth bug (git-fixes). - selftests/bpf: Clean up sys_nanosleep uses (git-fixes). - serial: 8250_port: Check IRQ data before use (git-fixes). - soc: imx8m: Enable OCOTP clock for imx8mm before reading registers (git-fixes). - spi: nxp-fspi: reset the FLSHxCR1 registers (git-fixes). - spi: stm32: add a delay before SPI disable (git-fixes). - spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain (git-fixes). - spi: sun6i: reduce DMA RX transfer width to single byte (git-fixes). - thunderbolt: Check that lane 1 is in CL0 before enabling lane bonding (git-fixes). - thunderbolt: Restart XDomain discovery handshake after failure (git-fixes). - thunderbolt: Workaround an IOMMU fault on certain systems with Intel Maple Ridge (git-fixes). - tracing: Have current_trace inc the trace array ref count (git-fixes). - tracing: Have event inject files inc the trace array ref count (git-fixes). - tracing: Have option files inc the trace array ref count (git-fixes). - tracing: Have tracing_max_latency inc the trace array ref count (git-fixes). - tracing: Increase trace array ref count on enable and filter files (git-fixes). - tracing: Make trace_marker{,_raw} stream-like (git-fixes). - treewide: Spelling fix in comment (git-fixes). - usb: cdnsp: Fixes issue with dequeuing not queued requests (git-fixes). - usb: dwc3: Soft reset phy on probe for host (git-fixes). - usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call (git-fixes). - usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes). - usb: hub: Guard against accesses to uninitialized BOS descriptors (git-fixes). - usb: musb: Get the musb_qh poniter after musb_giveback (git-fixes). - usb: musb: Modify the "HWVers" register address (git-fixes). - usb: serial: option: add Fibocom to DELL custom modem FM101R-GL (git-fixes). - usb: serial: option: add Telit LE910C4-WWX 0x1035 composition (git-fixes). - usb: serial: option: add entry for Sierra EM9191 with new firmware (git-fixes). - usb: typec: altmodes/displayport: Signal hpd low when exiting mode (git-fixes). - usb: typec: ucsi: Clear EVENT_PENDING bit if ucsi_send_command fails (git-fixes). - usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer (git-fixes). - vmbus_testing: fix wrong python syntax for integer value comparison (git-fixes). - vringh: do not use vringh_kiov_advance() in vringh_iov_xfer() (git-fixes). - watchdog: iTCO_wdt: No need to stop the timer in probe (git-fixes). - watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running (git-fixes). - wifi: cfg80211: Fix 6GHz scan configuration (git-fixes). - wifi: cfg80211: avoid leaking stack data into trace (git-fixes). - wifi: iwlwifi: Ensure ack flag is properly cleared (git-fixes). - wifi: iwlwifi: dbg_ini: fix structure packing (git-fixes). - wifi: iwlwifi: mvm: Fix a memory corruption issue (git-fixes). - wifi: mac80211: allow transmitting EAPOL frames with tainted key (git-fixes). - wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling (git-fixes). - wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet (git-fixes). - wifi: mwifiex: Fix tlv_buf_left calculation (git-fixes). - wifi: mwifiex: Sanity check tlv_len and tlv_bitmap_len (git-fixes). - x86/cpu, kvm: Add the NO_NESTED_DATA_BP feature (bsc#1213772). - x86/cpu, kvm: Add the Null Selector Clears Base feature (bsc#1213772). - x86/cpu, kvm: Add the SMM_CTL MSR not present feature (bsc#1213772). - x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (bsc#1213772). - x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled (bsc#1213772). - x86/cpu: Support AMD Automatic IBRS (bsc#1213772). - x86/mm: Print the encryption features correctly when a paravisor is present (bsc#1206453). - x86/platform/uv: Use alternate source for socket to node data (bsc#1215696). - x86/sev: Check IOBM for IOIO exceptions from user-space (bsc#1212649). - x86/sev: Check for user-space IOIO pointing to kernel space (bsc#1212649). - x86/sev: Disable MMIO emulation from user mode (bsc#1212649). - x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635). - xen-netback: use default TX queue size for vifs (git-fixes). - xhci: Keep interrupt disabled in initialization until host is running (git-fixes). kernel-default-5.14.21-150500.55.36.1.nosrc.rpm True kernel-default-5.14.21-150500.55.36.1.x86_64.rpm True kernel-default-base-5.14.21-150500.55.36.1.150500.6.15.3.src.rpm True kernel-default-base-5.14.21-150500.55.36.1.150500.6.15.3.x86_64.rpm True kernel-default-5.14.21-150500.55.36.1.s390x.rpm True kernel-default-5.14.21-150500.55.36.1.aarch64.rpm True kernel-default-base-5.14.21-150500.55.36.1.150500.6.15.3.aarch64.rpm True openSUSE-Leap-Micro-5.5-2023-4525 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for samba fixes the following issues: - Update to samba 4.17.12 - Some filenames can cause assert to fail in openat_pathref_fsp_nosymlink - reply_sesssetup_and_X() can dereference uninitialized tmp pointer - Missing return in reply_exit_done() - TREE_CONNECT without SETUP causes smbd to use uninitialized pointer - Improve GetNChanges to address synchronization tool looping during the initial user sync phase - Samba replication logs show (null) DN - Renaming results in NT_STATUS_SHARING_VIOLATION if previously attempted to remove the destination - Spotlight results return wrong date in result list - Delays at reconnect with smb2_validate_sequence_number: bad message_id 2 - samba-tool ntacl get segfault if aio_pthread appended - DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED can't be parsed - File doesn't show when user doesn't have permission if aio_pthread is loaded - net ads lookup with unspecified realm fails - Regression DFS not working with widelinks = true (bsc#1213607); - ctdb_killtcp fails to work with --enable-pcap and libpcap 1.9.1 - mdssvc: Do an early talloc_free() in _mdssvc_open() - Windows client join fails if a second container CN=System exists somewhere - Fix crossing automounter mount points (bsc#1215212) samba-4.17.12+git.427.2619dc0bed-150500.3.14.1.src.rpm samba-client-libs-4.17.12+git.427.2619dc0bed-150500.3.14.1.x86_64.rpm samba-client-libs-4.17.12+git.427.2619dc0bed-150500.3.14.1.s390x.rpm samba-client-libs-4.17.12+git.427.2619dc0bed-150500.3.14.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4440 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for ucode-intel fixes the following issues: - Updated to Intel CPU Microcode 20231114 pre-release (labeled 20231113). (bsc#1215278) - CVE-2023-23583: Fixed potential CPU deadlocks or privilege escalation. (bsc#1215278) ucode-intel-20231113-150200.32.1.src.rpm ucode-intel-20231113-150200.32.1.x86_64.rpm openSUSE-Leap-Micro-5.5-2023-4370 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for tiff fixes the following issues: - CVE-2023-38289: Fixed a NULL pointer dereference in raw2tiff (bsc#1213589). - CVE-2023-38288: Fixed an integer overflow in raw2tiff (bsc#1213590). - CVE-2023-3576: Fixed a memory leak in tiffcrop (bsc#1213273). - CVE-2020-18768: Fixed an out of bounds read in tiffcp (bsc#1214574). - CVE-2023-26966: Fixed an out of bounds read when transforming a little-endian file to a big-endian output (bsc#1212881) - CVE-2023-3618: Fixed a NULL pointer dereference while encoding FAX3 files (bsc#1213274). - CVE-2023-2908: Fixed an undefined behavior issue when doing pointer arithmetic on a NULL pointer (bsc#1212888). - CVE-2023-3316: Fixed a NULL pointer dereference while opening a file in an inaccessible path (bsc#1212535). - CVE-2023-25433: Fixed a buffer overflow in tiffcrop (bsc#1212883). libtiff5-4.0.9-150000.45.32.1.x86_64.rpm tiff-4.0.9-150000.45.32.1.src.rpm libtiff5-4.0.9-150000.45.32.1.s390x.rpm libtiff5-4.0.9-150000.45.32.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4446 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for open-vm-tools fixes the following issues: - Update to 12.3.5 (bsc#1216670) libvmtools0-12.3.5-150300.46.1.x86_64.rpm open-vm-tools-12.3.5-150300.46.1.src.rpm open-vm-tools-12.3.5-150300.46.1.x86_64.rpm openSUSE-Leap-Micro-5.5-2023-4343 important SUSE Updates openSUSE-Leap-Micro 5.5 The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize) that could cause a local DoS. (bsc#1210778) - CVE-2023-45862: Fixed an issue in the ENE UB6250 reader driver whwere an object could potentially extend beyond the end of an allocation causing. (bsc#1216051) - CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860). - CVE-2023-5178: Fixed an UAF in queue intialization setup. (bsc#1215768) - CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215518) - CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745). - CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046) - CVE-2023-39191: Fixed a lack of validation of dynamic pointers within user-supplied eBPF programs that may have allowed an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code. (bsc#1215863) - CVE-2023-2860: Fixed an out-of-bounds read vulnerability in the processing of seg6 attributes. This flaw allowed a privileged local user to disclose sensitive information. (bsc#1211592) The following non-security bugs were fixed: - 9p: virtio: make sure 'offs' is initialized in zc_request (git-fixes). - ACPI: irq: Fix incorrect return value in acpi_register_gsi() (git-fixes). - ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA (git-fixes). - ALSA: hda/realtek - ALC287 I2S speaker platform support (git-fixes). - ALSA: hda/realtek - ALC287 merge RTK codec with CS CS35L41 AMP (git-fixes). - ALSA: hda/realtek - Fixed ASUS platform headset Mic issue (git-fixes). - ALSA: hda/realtek - Fixed two speaker platform (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS ROG GU603ZV (git-fixes). - ALSA: hda/realtek: Change model for Intel RVP board (git-fixes). - ALSA: hda/relatek: Enable Mute LED on HP Laptop 15s-fq5xxx (git-fixes). - ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre M70q (git-fixes). - ALSA: hda: intel-dsp-cfg: add LunarLake support (git-fixes). - ALSA: hda: intel-sdw-acpi: Use u8 type for link index (git-fixes). - ALSA: usb-audio: Fix microphone sound on Nexigo webcam (git-fixes). - ALSA: usb-audio: Fix microphone sound on Opencomm2 Headset (git-fixes). - ASoC: amd: yc: Fix non-functional mic on Lenovo 82YM (git-fixes). - ASoC: codecs: wcd938x-sdw: fix runtime PM imbalance on probe errors (git-fixes). - ASoC: codecs: wcd938x-sdw: fix use after free on driver unbind (git-fixes). - ASoC: codecs: wcd938x: drop bogus bind error handling (git-fixes). - ASoC: codecs: wcd938x: fix unbind tear down order (git-fixes). - ASoC: fsl: imx-pcm-rpmsg: Add SNDRV_PCM_INFO_BATCH flag (git-fixes). - ASoC: imx-rpmsg: Set ignore_pmdown_time for dai_link (git-fixes). - ASoC: pxa: fix a memory leak in probe() (git-fixes). - Bluetooth: Avoid redundant authentication (git-fixes). - Bluetooth: Fix a refcnt underflow problem for hci_conn (git-fixes). - Bluetooth: ISO: Fix handling of listen for unicast (git-fixes). - Bluetooth: Reject connection with the device which has same BD_ADDR (git-fixes). - Bluetooth: avoid memcmp() out of bounds warning (git-fixes). - Bluetooth: btusb: add shutdown function for QCA6174 (git-fixes). - Bluetooth: hci_codec: Fix leaking content of local_codecs (git-fixes). - Bluetooth: hci_event: Fix coding style (git-fixes). - Bluetooth: hci_event: Fix using memcmp when comparing keys (git-fixes). - Bluetooth: hci_event: Ignore NULL link key (git-fixes). - Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name (git-fixes). - Bluetooth: hci_sock: fix slab oob read in create_monitor_event (git-fixes). - Bluetooth: vhci: Fix race when opening vhci device (git-fixes). - Documentation: qat: change kernel version (PED-6401). - Documentation: qat: rewrite description (PED-6401). - Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (git-fixes). - Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs (git-fixes). - Fix metadata references - HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event (git-fixes). - HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit (git-fixes). - HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect (git-fixes). - HID: multitouch: Add required quirk for Synaptics 0xcd7e device (git-fixes). - HID: sony: Fix a potential memory leak in sony_probe() (git-fixes). - HID: sony: remove duplicate NULL check before calling usb_free_urb() (git-fixes). - IB/mlx4: Fix the size of a buffer in add_port_entries() (git-fixes) - Input: goodix - ensure int GPIO is in input for gpio_count == 1 && gpio_int_idx == 0 case (git-fixes). - Input: powermate - fix use-after-free in powermate_config_complete (git-fixes). - Input: psmouse - fix fast_reconnect function for PS/2 mode (git-fixes). - Input: xpad - add PXN V900 support (git-fixes). - KVM: SVM: Do not kill SEV guest if SMAP erratum triggers in usermode (git-fixes). - KVM: SVM: INTERCEPT_RDTSCP is never intercepted anyway (git-fixes). - KVM: s390: fix gisa destroy operation might lead to cpu stalls (git-fixes bsc#1216512). - KVM: x86/mmu: Reconstruct shadow page root if the guest PDPTEs is changed (git-fixes). - KVM: x86: Fix clang -Wimplicit-fallthrough in do_host_cpuid() (git-fixes). - KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (bsc#1213772). - KVM: x86: Propagate the AMD Automatic IBRS feature to the guest (bsc#1213772). - KVM: x86: add support for CPUID leaf 0x80000021 (bsc#1213772). - KVM: x86: synthesize CPUID leaf 0x80000021h if useful (bsc#1213772). - KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes). - NFS: Fix O_DIRECT locking issues (bsc#1211162). - NFS: Fix a few more clear_bit() instances that need release semantics (bsc#1211162). - NFS: Fix a potential data corruption (bsc#1211162). - NFS: Fix a use after free in nfs_direct_join_group() (bsc#1211162). - NFS: Fix error handling for O_DIRECT write scheduling (bsc#1211162). - NFS: More O_DIRECT accounting fixes for error paths (bsc#1211162). - NFS: More fixes for nfs_direct_write_reschedule_io() (bsc#1211162). - NFS: Use the correct commit info in nfs_join_page_group() (bsc#1211162). - NFSD: Never call nfsd_file_gc() in foreground paths (bsc#1215545). - RDMA/cma: Fix truncation compilation warning in make_cma_ports (git-fixes) - RDMA/cma: Initialize ib_sa_multicast structure to 0 when join (git-fixes) - RDMA/core: Require admin capabilities to set system parameters (git-fixes) - RDMA/cxgb4: Check skb value for failure to allocate (git-fixes) - RDMA/mlx5: Fix NULL string error (git-fixes) - RDMA/mlx5: Fix mutex unlocking on error flow for steering anchor creation (git-fixes) - RDMA/siw: Fix connection failure handling (git-fixes) - RDMA/srp: Do not call scsi_done() from srp_abort() (git-fixes) - RDMA/uverbs: Fix typo of sizeof argument (git-fixes) - Revert "pinctrl: avoid unsafe code pattern in find_pinctrl()" (git-fixes). - Revert "tty: n_gsm: fix UAF in gsm_cleanup_mux" (git-fixes). - USB: serial: option: add Fibocom to DELL custom modem FM101R-GL (git-fixes). - USB: serial: option: add Telit LE910C4-WWX 0x1035 composition (git-fixes). - USB: serial: option: add entry for Sierra EM9191 with new firmware (git-fixes). - arm64/smmu: use TLBI ASID when invalidating entire range (bsc#1215921) - ata: libata-core: Do not register PM operations for SAS ports (git-fixes). - ata: libata-core: Fix ata_port_request_pm() locking (git-fixes). - ata: libata-core: Fix port and device removal (git-fixes). - ata: libata-sata: increase PMP SRST timeout to 10s (git-fixes). - ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES (git-fixes). - blk-cgroup: Fix NULL deref caused by blkg_policy_data being installed before init (bsc#1216062). - blk-cgroup: support to track if policy is online (bsc#1216062). - bonding: Fix extraction of ports from the packet headers (bsc#1214754). - bonding: Return pointer to data after pull on skb (bsc#1214754). - bonding: do not assume skb mac_header is set (bsc#1214754). - bpf: Add copy_map_value_long to copy to remote percpu memory (git-fixes). - bpf: Add missing btf_put to register_btf_id_dtor_kfuncs (git-fixes). - bpf: Add override check to kprobe multi link attach (git-fixes). - bpf: Add zero_map_value to zero map value with special fields (git-fixes). - bpf: Cleanup check_refcount_ok (git-fixes). - bpf: Fix max stack depth check for async callbacks (git-fixes). - bpf: Fix offset calculation error in __copy_map_value and zero_map_value (git-fixes). - bpf: Fix ref_obj_id for dynptr data slices in verifier (git-fixes). - bpf: Fix resetting logic for unreferenced kptrs (git-fixes). - bpf: Fix subprog idx logic in check_max_stack_depth (git-fixes). - bpf: Gate dynptr API behind CAP_BPF (git-fixes). - bpf: Prevent decl_tag from being referenced in func_proto arg (git-fixes). - bpf: Repeat check_max_stack_depth for async callbacks (git-fixes). - bpf: Tighten ptr_to_btf_id checks (git-fixes). - bpf: fix precision propagation verbose logging (git-fixes). - bpf: prevent decl_tag from being referenced in func_proto (git-fixes). - bpf: propagate precision across all frames, not just the last one (git-fixes). - bpf: propagate precision in ALU/ALU64 operations (git-fixes). - btf: Export bpf_dynptr definition (git-fixes). - btrfs: do not start transaction for scrub if the fs is mounted read-only (bsc#1214874). - bus: ti-sysc: Fix missing AM35xx SoC matching (git-fixes). - bus: ti-sysc: Use fsleep() instead of usleep_range() in sysc_reset() (git-fixes). - ceph: add base64 endcoding routines for encrypted names (jsc#SES-1880). - ceph: add encryption support to writepage and writepages (jsc#SES-1880). - ceph: add fscrypt ioctls and ceph.fscrypt.auth vxattr (jsc#SES-1880). - ceph: add helpers for converting names for userland presentation (jsc#SES-1880). - ceph: add infrastructure for file encryption and decryption (jsc#SES-1880). - ceph: add new mount option to enable sparse reads (jsc#SES-1880). - ceph: add object version support for sync read (jsc#SES-1880). - ceph: add read/modify/write to ceph_sync_write (jsc#SES-1880). - ceph: add some fscrypt guardrails (jsc#SES-1880). - ceph: add support for encrypted snapshot names (jsc#SES-1880). - ceph: add support to readdir for encrypted names (jsc#SES-1880). - ceph: add truncate size handling support for fscrypt (jsc#SES-1880). - ceph: align data in pages in ceph_sync_write (jsc#SES-1880). - ceph: allow encrypting a directory while not having Ax caps (jsc#SES-1880). - ceph: create symlinks with encrypted and base64-encoded targets (jsc#SES-1880). - ceph: decode alternate_name in lease info (jsc#SES-1880). - ceph: do not use special DIO path for encrypted inodes (jsc#SES-1880). - ceph: drop messages from MDS when unmounting (jsc#SES-1880). - ceph: encode encrypted name in ceph_mdsc_build_path and dentry release (jsc#SES-1880). - ceph: fix incorrect revoked caps assert in ceph_fill_file_size() (bsc#1216322). - ceph: fix type promotion bug on 32bit systems (bsc#1216324). - ceph: fix updating i_truncate_pagecache_size for fscrypt (jsc#SES-1880). - ceph: fscrypt_auth handling for ceph (jsc#SES-1880). - ceph: handle fscrypt fields in cap messages from MDS (jsc#SES-1880). - ceph: implement -o test_dummy_encryption mount option (jsc#SES-1880). - ceph: invalidate pages when doing direct/sync writes (jsc#SES-1880). - ceph: make ceph_fill_trace and ceph_get_name decrypt names (jsc#SES-1880). - ceph: make ceph_msdc_build_path use ref-walk (jsc#SES-1880). - ceph: make d_revalidate call fscrypt revalidator for encrypted dentries (jsc#SES-1880). - ceph: make ioctl cmds more readable in debug log (jsc#SES-1880). - ceph: make num_fwd and num_retry to __u32 (jsc#SES-1880). - ceph: mark directory as non-complete after loading key (jsc#SES-1880). - ceph: pass the request to parse_reply_info_readdir() (jsc#SES-1880). - ceph: plumb in decryption during reads (jsc#SES-1880). - ceph: preallocate inode for ops that may create one (jsc#SES-1880). - ceph: prevent snapshot creation in encrypted locked directories (jsc#SES-1880). - ceph: remove unnecessary check for NULL in parse_longname() (bsc#1216333). - ceph: send alternate_name in MClientRequest (jsc#SES-1880). - ceph: set DCACHE_NOKEY_NAME flag in ceph_lookup/atomic_open() (jsc#SES-1880). - ceph: size handling in MClientRequest, cap updates and inode traces (jsc#SES-1880). - ceph: switch ceph_lookup/atomic_open() to use new fscrypt helper (jsc#SES-1880). - ceph: use osd_req_op_extent_osd_iter for netfs reads (jsc#SES-1880). - ceph: voluntarily drop Xx caps for requests those touch parent mtime (jsc#SES-1880). - ceph: wait for OSD requests' callbacks to finish when unmounting (jsc#SES-1880). - cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem (bsc#1215955). - cgroup: Remove duplicates in cgroup v1 tasks file (bsc#1211307). - clk: tegra: fix error return case for recalc_rate (git-fixes). - counter: microchip-tcb-capture: Fix the use of internal GCLK logic (git-fixes). - crypto: qat - Include algapi.h for low-level Crypto API (PED-6401). - crypto: qat - Remove unused function declarations (PED-6401). - crypto: qat - add fw_counters debugfs file (PED-6401). - crypto: qat - add heartbeat counters check (PED-6401). - crypto: qat - add heartbeat feature (PED-6401). - crypto: qat - add internal timer for qat 4xxx (PED-6401). - crypto: qat - add measure clock frequency (PED-6401). - crypto: qat - add missing function declaration in adf_dbgfs.h (PED-6401). - crypto: qat - add qat_zlib_deflate (PED-6401). - crypto: qat - add support for 402xx devices (PED-6401). - crypto: qat - change value of default idle filter (PED-6401). - crypto: qat - delay sysfs initialization (PED-6401). - crypto: qat - do not export adf_init_admin_pm() (PED-6401). - crypto: qat - drop log level of msg in get_instance_node() (PED-6401). - crypto: qat - drop obsolete heartbeat interface (PED-6401). - crypto: qat - drop redundant adf_enable_aer() (PED-6401). - crypto: qat - expose pm_idle_enabled through sysfs (PED-6401). - crypto: qat - extend buffer list logic interface (PED-6401). - crypto: qat - extend configuration for 4xxx (PED-6401). - crypto: qat - fix apply custom thread-service mapping for dc service (PED-6401). - crypto: qat - fix concurrency issue when device state changes (PED-6401). - crypto: qat - fix crypto capability detection for 4xxx (PED-6401). - crypto: qat - fix spelling mistakes from 'bufer' to 'buffer' (PED-6401). - crypto: qat - make fw images name constant (PED-6401). - crypto: qat - make state machine functions static (PED-6401). - crypto: qat - move dbgfs init to separate file (PED-6401). - crypto: qat - move returns to default case (PED-6401). - crypto: qat - refactor device restart logic (PED-6401). - crypto: qat - refactor fw config logic for 4xxx (PED-6401). - crypto: qat - remove ADF_STATUS_PF_RUNNING flag from probe (PED-6401). - crypto: qat - replace state machine calls (PED-6401). - crypto: qat - replace the if statement with min() (PED-6401). - crypto: qat - set deprecated capabilities as reserved (PED-6401). - crypto: qat - unmap buffer before free for DH (PED-6401). - crypto: qat - unmap buffers before free for RSA (PED-6401). - crypto: qat - update slice mask for 4xxx devices (PED-6401). - crypto: qat - use kfree_sensitive instead of memset/kfree() (PED-6401). - dmaengine: idxd: use spin_lock_irqsave before wait_event_lock_irq (git-fixes). - dmaengine: mediatek: Fix deadlock caused by synchronize_irq() (git-fixes). - dmaengine: stm32-mdma: abort resume if no ongoing transfer (git-fixes). - drm/amd/display: Do not check registers, if using AUX BL control (git-fixes). - drm/amd/display: Do not set dpms_off for seamless boot (git-fixes). - drm/amd/pm: add unique_id for gc 11.0.3 (git-fixes). - drm/amd: Fix detection of _PR3 on the PCIe root port (git-fixes). - drm/amdgpu/nbio4.3: set proper rmmio_remap.reg_offset for SR-IOV (git-fixes). - drm/amdgpu/soc21: do not remap HDP registers for SR-IOV (git-fixes). - drm/amdgpu: Handle null atom context in VBIOS info ioctl (git-fixes). - drm/amdgpu: add missing NULL check (git-fixes). - drm/amdkfd: Flush TLB after unmapping for GFX v9.4.3 (git-fixes). - drm/amdkfd: Insert missing TLB flush on GFX10 and later (git-fixes). - drm/amdkfd: Use gpu_offset for user queue's wptr (git-fixes). - drm/atomic-helper: relax unregistered connector check (git-fixes). - drm/bridge: ti-sn65dsi83: Do not generate HFP/HBP/HSA and EOT packet (git-fixes). - drm/i915/gt: Fix reservation address in ggtt_reserve_guc_top (git-fixes). - drm/i915: Retry gtt fault when out of fence registers (git-fixes). - drm/mediatek: Correctly free sg_table in gem prime vmap (git-fixes). - drm/msm/dp: do not reinitialize phy unless retry during link training (git-fixes). - drm/msm/dpu: change _dpu_plane_calc_bw() to use u64 to avoid overflow (git-fixes). - drm/msm/dsi: fix irq_of_parse_and_map() error checking (git-fixes). - drm/msm/dsi: skip the wait for video mode done if not applicable (git-fixes). - drm/vmwgfx: fix typo of sizeof argument (git-fixes). - drm: panel-orientation-quirks: Add quirk for One Mix 2S (git-fixes). - firmware: arm_ffa: Do not set the memory region attributes for MEM_LEND (git-fixes). - firmware: imx-dsp: Fix an error handling path in imx_dsp_setup_channels() (git-fixes). - fprobe: Ensure running fprobe_exit_handler() finished before calling rethook_free() (git-fixes). - fscrypt: new helper function - fscrypt_prepare_lookup_partial() (jsc#SES-1880). - gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config() (git-fixes). - gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip (git-fixes). - gpio: pxa: disable pinctrl calls for MMP_GPIO (git-fixes). - gpio: tb10x: Fix an error handling path in tb10x_gpio_probe() (git-fixes). - gpio: timberdale: Fix potential deadlock on &tgpio->lock (git-fixes). - gpio: vf610: set value before the direction to avoid a glitch (git-fixes). - gve: Do not fully free QPL pages on prefill errors (git-fixes). - i2c: i801: unregister tco_pdev in i801_probe() error path (git-fixes). - i2c: mux: Avoid potential false error message in i2c_mux_add_adapter (git-fixes). - i2c: mux: demux-pinctrl: check the return value of devm_kstrdup() (git-fixes). - i2c: mux: gpio: Add missing fwnode_handle_put() (git-fixes). - i2c: mux: gpio: Replace custom acpi_get_local_address() (git-fixes). - i2c: npcm7xx: Fix callback completion ordering (git-fixes). - ieee802154: ca8210: Fix a potential UAF in ca8210_probe (git-fixes). - iio: pressure: bmp280: Fix NULL pointer exception (git-fixes). - iio: pressure: dps310: Adjust Timeout Settings (git-fixes). - iio: pressure: ms5611: ms5611_prom_is_valid false negative bug (git-fixes). - intel x86 platform vsec kABI workaround (bsc#1216202). - io_uring/fs: remove sqe->rw_flags checking from LINKAT (git-fixes). - io_uring/rw: defer fsnotify calls to task context (git-fixes). - io_uring/rw: ensure kiocb_end_write() is always called (git-fixes). - io_uring/rw: remove leftover debug statement (git-fixes). - io_uring: Replace 0-length array with flexible array (git-fixes). - io_uring: ensure REQ_F_ISREG is set async offload (git-fixes). - io_uring: fix fdinfo sqe offsets calculation (git-fixes). - io_uring: fix memory leak when removing provided buffers (git-fixes). - iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback (bsc#1212423). - iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback (bsc#1212423). - iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support (bsc#1212423). - iommu/arm-smmu-v3: Fix soft lockup triggered by (bsc#1215921) - kABI: fix bpf Tighten-ptr_to_btf_id checks (git-fixes). - kabi: blkcg_policy_data fix KABI (bsc#1216062). - kabi: workaround for enum nft_trans_phase (bsc#1215104). - kprobes: Prohibit probing on CFI preamble symbol (git-fixes). - leds: Drop BUG_ON check for LED_COLOR_ID_MULTI (git-fixes). - libceph: add CEPH_OSD_OP_ASSERT_VER support (jsc#SES-1880). - libceph: add new iov_iter-based ceph_msg_data_type and ceph_osd_data_type (jsc#SES-1880). - libceph: add sparse read support to OSD client (jsc#SES-1880). - libceph: add sparse read support to msgr1 (jsc#SES-1880). - libceph: add spinlock around osd->o_requests (jsc#SES-1880). - libceph: allow ceph_osdc_new_request to accept a multi-op read (jsc#SES-1880). - libceph: define struct ceph_sparse_extent and add some helpers (jsc#SES-1880). - libceph: new sparse_read op, support sparse reads on msgr2 crc codepath (jsc#SES-1880). - libceph: support sparse reads on msgr2 secure codepath (jsc#SES-1880). - libceph: use kernel_connect() (bsc#1216323). - mm, memcg: reconsider kmem.limit_in_bytes deprecation (bsc#1208788 bsc#1213705). - mmc: core: Capture correct oemid-bits for eMMC cards (git-fixes). - mmc: core: sdio: hold retuning if sdio in 1-bit mode (git-fixes). - mmc: mtk-sd: Use readl_poll_timeout_atomic in msdc_reset_hw (git-fixes). - mtd: physmap-core: Restore map_rom fallback (git-fixes). - mtd: rawnand: arasan: Ensure program page operations are successful (git-fixes). - mtd: rawnand: marvell: Ensure program page operations are successful (git-fixes). - mtd: rawnand: pl353: Ensure program page operations are successful (git-fixes). - mtd: rawnand: qcom: Unmap the right resource upon probe failure (git-fixes). - mtd: spinand: micron: correct bitmask for ecc status (git-fixes). - net/sched: fix netdevice reference leaks in attach_default_qdiscs() (git-fixes). - net: mana: Fix TX CQE error handling (bsc#1215986). - net: mana: Fix oversized sge0 for GSO packets (bsc#1215986). - net: nfc: llcp: Add lock when modifying device list (git-fixes). - net: rfkill: gpio: prevent value glitch during probe (git-fixes). - net: sched: add barrier to fix packet stuck problem for lockless qdisc (bsc#1216345). - net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (bsc#1216345). - net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read (git-fixes). - net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git-fixes). - net: usb: smsc95xx: Fix an error code in smsc95xx_reset() (git-fixes). - net: use sk_is_tcp() in more places (git-fixes). - netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain (git-fixes). - netfilter: nf_tables: unbind non-anonymous set if rule construction fails (git-fixes). - nfc: nci: assert requested protocol is valid (git-fixes). - nfc: nci: fix possible NULL pointer dereference in send_acknowledge() (git-fixes). - nfs: only issue commit in DIO codepath if we have uncommitted data (bsc#1211162). - nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() (git-fixes). - nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() (bsc#1214842). - phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins (git-fixes). - phy: mapphone-mdm6600: Fix runtime PM for remove (git-fixes). - phy: mapphone-mdm6600: Fix runtime disable on probe (git-fixes). - pinctrl: avoid unsafe code pattern in find_pinctrl() (git-fixes). - pinctrl: renesas: rzn1: Enable missing PINMUX (git-fixes). - platform/surface: platform_profile: Propagate error if profile registration fails (git-fixes). - platform/x86/intel/pmt: Ignore uninitialized entries (bsc#1216202). - platform/x86/intel/pmt: telemetry: Fix fixed region handling (bsc#1216202). - platform/x86/intel/vsec: Rework early hardware code (bsc#1216202). - platform/x86/intel: Fix 'rmmod pmt_telemetry' panic (bsc#1216202). - platform/x86/intel: Fix pmt_crashlog array reference (bsc#1216202). - platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e (git-fixes). - platform/x86: asus-wmi: Map 0x2a code, Ignore 0x2b and 0x2c events (git-fixes). - platform/x86: think-lmi: Fix reference leak (git-fixes). - platform/x86: touchscreen_dmi: Add info for the Positivo C4128B (git-fixes). - power: supply: ucs1002: fix error code in ucs1002_get_property() (git-fixes). - r8152: check budget for r8152_poll() (git-fixes). - regmap: fix NULL deref on lookup (git-fixes). - regmap: rbtree: Fix wrong register marked as in-cache when creating new node (git-fixes). - remove unnecessary WARN_ON_ONCE() (bsc#1214823). - ring-buffer: Avoid softlockup in ring_buffer_resize() (git-fixes). - ring-buffer: Do not attempt to read past "commit" (git-fixes). - ring-buffer: Fix bytes info in per_cpu buffer stats (git-fixes). - ring-buffer: Update "shortest_full" in polling (git-fixes). - s390/cio: fix a memleak in css_alloc_subchannel (git-fixes bsc#1216510). - s390/pci: fix iommu bitmap allocation (git-fixes bsc#1216511). - s390: add z16 elf platform (git-fixes LTC#203789 bsc#1215956 LTC#203788 bsc#1215957). - sched/cpuset: Bring back cpuset_mutex (bsc#1215955). - sched/deadline,rt: Remove unused parameter from pick_next_[rt|dl]_entity() (git fixes (sched)). - sched/rt: Fix live lock between select_fallback_rq() and RT push (git fixes (sched)). - sched/rt: Fix sysctl_sched_rr_timeslice intial value (git fixes (sched)). - scsi: be2iscsi: Add length check when parsing nlattrs (git-fixes). - scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock (git-fixes). - scsi: iscsi: Add length check for nlattr payload (git-fixes). - scsi: iscsi: Add strlen() check in iscsi_if_set{_host}_param() (git-fixes). - scsi: iscsi_tcp: restrict to TCP sockets (git-fixes). - scsi: mpi3mr: Propagate sense data for admin queue SCSI I/O (git-fixes). - scsi: mpt3sas: Perform additional retries if doorbell read returns 0 (git-fixes). - scsi: pm8001: Setup IRQs on resume (git-fixes). - scsi: qedf: Do not touch __user pointer in qedf_dbg_debug_cmd_read() directly (git-fixes). - scsi: qedf: Do not touch __user pointer in qedf_dbg_fp_int_cmd_read() directly (git-fixes). - scsi: qedf: Do not touch __user pointer in qedf_dbg_stop_io_on_error_cmd_read() directly (git-fixes). - scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock (git-fixes). - scsi: qla4xxx: Add length check when parsing nlattrs (git-fixes). - selftests/bpf: Add more tests for check_max_stack_depth bug (git-fixes). - selftests/bpf: Add reproducer for decl_tag in func_proto argument (git-fixes). - selftests/bpf: Add reproducer for decl_tag in func_proto return type (git-fixes). - selftests/bpf: Add selftest for check_stack_max_depth bug (git-fixes). - selftests/bpf: Clean up sys_nanosleep uses (git-fixes). - serial: 8250_port: Check IRQ data before use (git-fixes). - soc: imx8m: Enable OCOTP clock for imx8mm before reading registers (git-fixes). - spi: nxp-fspi: reset the FLSHxCR1 registers (git-fixes). - spi: stm32: add a delay before SPI disable (git-fixes). - spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain (git-fixes). - spi: sun6i: reduce DMA RX transfer width to single byte (git-fixes). - thunderbolt: Check that lane 1 is in CL0 before enabling lane bonding (git-fixes). - thunderbolt: Restart XDomain discovery handshake after failure (git-fixes). - thunderbolt: Workaround an IOMMU fault on certain systems with Intel Maple Ridge (git-fixes). - tracing: Have current_trace inc the trace array ref count (git-fixes). - tracing: Have event inject files inc the trace array ref count (git-fixes). - tracing: Have option files inc the trace array ref count (git-fixes). - tracing: Have tracing_max_latency inc the trace array ref count (git-fixes). - tracing: Increase trace array ref count on enable and filter files (git-fixes). - tracing: Make trace_marker{,_raw} stream-like (git-fixes). - usb: cdnsp: Fixes issue with dequeuing not queued requests (git-fixes). - usb: dwc3: Soft reset phy on probe for host (git-fixes). - usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call (git-fixes). - usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes). - usb: hub: Guard against accesses to uninitialized BOS descriptors (git-fixes). - usb: musb: Get the musb_qh poniter after musb_giveback (git-fixes). - usb: musb: Modify the "HWVers" register address (git-fixes). - usb: typec: altmodes/displayport: Signal hpd low when exiting mode (git-fixes). - usb: typec: ucsi: Clear EVENT_PENDING bit if ucsi_send_command fails (git-fixes). - usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer (git-fixes). - vmbus_testing: fix wrong python syntax for integer value comparison (git-fixes). - vringh: do not use vringh_kiov_advance() in vringh_iov_xfer() (git-fixes). - watchdog: iTCO_wdt: No need to stop the timer in probe (git-fixes). - watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running (git-fixes). - wifi: cfg80211: Fix 6GHz scan configuration (git-fixes). - wifi: cfg80211: avoid leaking stack data into trace (git-fixes). - wifi: iwlwifi: Ensure ack flag is properly cleared (git-fixes). - wifi: iwlwifi: dbg_ini: fix structure packing (git-fixes). - wifi: iwlwifi: mvm: Fix a memory corruption issue (git-fixes). - wifi: mac80211: allow transmitting EAPOL frames with tainted key (git-fixes). - wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling (git-fixes). - wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet (git-fixes). - wifi: mwifiex: Fix tlv_buf_left calculation (git-fixes). - wifi: mwifiex: Sanity check tlv_len and tlv_bitmap_len (git-fixes). - x86/cpu, kvm: Add the NO_NESTED_DATA_BP feature (bsc#1213772). - x86/cpu, kvm: Add the Null Selector Clears Base feature (bsc#1213772). - x86/cpu, kvm: Add the SMM_CTL MSR not present feature (bsc#1213772). - x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (bsc#1213772). - x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled (bsc#1213772). - x86/cpu: Support AMD Automatic IBRS (bsc#1213772). - x86/mm: Print the encryption features correctly when a paravisor is present (bsc#1206453). - x86/platform/uv: Use alternate source for socket to node data (bsc#1215696). - x86/sev: Check IOBM for IOIO exceptions from user-space (bsc#1212649). - x86/sev: Check for user-space IOIO pointing to kernel space (bsc#1212649). - x86/sev: Disable MMIO emulation from user mode (bsc#1212649). - xen-netback: use default TX queue size for vifs (git-fixes). - xhci: Keep interrupt disabled in initialization until host is running (git-fixes). kernel-rt-5.14.21-150500.13.24.1.nosrc.rpm True kernel-rt-5.14.21-150500.13.24.1.x86_64.rpm True openSUSE-Leap-Micro-5.5-2023-4478 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for grub2 fixes the following issues: - Fix failure to identify recent ext4 filesystem (bsc#1216010) - Fix reading files from btrfs with "implicit" holes - Fix fadump not working with 1GB/2GB/4GB LMB[P10] (bsc#1216253) - Fix detection of encrypted disk's uuid in powerpc (bsc#1216075) grub2-2.06-150500.29.11.1.src.rpm grub2-2.06-150500.29.11.1.x86_64.rpm grub2-i386-pc-2.06-150500.29.11.1.noarch.rpm grub2-snapper-plugin-2.06-150500.29.11.1.noarch.rpm grub2-x86_64-efi-2.06-150500.29.11.1.noarch.rpm grub2-x86_64-xen-2.06-150500.29.11.1.noarch.rpm grub2-2.06-150500.29.11.1.s390x.rpm grub2-s390x-emu-2.06-150500.29.11.1.s390x.rpm grub2-2.06-150500.29.11.1.aarch64.rpm grub2-arm64-efi-2.06-150500.29.11.1.noarch.rpm openSUSE-Leap-Micro-5.5-2023-4427 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed fixes the following issues: Security issue fixed: - CVE-2023-31022: Fixed NULL ptr deref in kernel module layer Changes in kernel-firmware-nvidia-gspx-G06: - update firmware to version 535.129.03 - update firmware to version 535.113.01 Changes in nvidia-open-driver-G06-signed: - Update to version 535.129.03 - Add a devel package so other modules can be built against this one. [jira#PED-4964] - disabled build of nvidia-peermem module; it's no longer needed and never worked anyway (it was only a stub) [bsc#1211892] - preamble: added conflict to nvidia-gfxG05-kmp to prevent users from accidently installing conflicting proprietary kernelspace drivers from CUDA repository - Update to version 535.113.01 - kmp-post.sh/kmp-postun.sh: * add/remove nosimplefb=1 kernel option in order to fix Linux console also on sle15-sp6/Leap 15.6 kernel, which will come with simpledrm support kernel-firmware-nvidia-gspx-G06-535.129.03-150500.11.9.1.nosrc.rpm kernel-firmware-nvidia-gspx-G06-535.129.03-150500.11.9.1.x86_64.rpm nvidia-open-driver-G06-signed-535.129.03-150500.3.13.1.src.rpm nvidia-open-driver-G06-signed-kmp-default-535.129.03_k5.14.21_150500.55.31-150500.3.13.1.x86_64.rpm kernel-firmware-nvidia-gspx-G06-535.129.03-150500.11.9.1.aarch64.rpm nvidia-open-driver-G06-signed-kmp-default-535.129.03_k5.14.21_150500.55.31-150500.3.13.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4456 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for selinux-policy fixes the following issues: - Update to version 20230511+git9.1b35a6ab - Allow keepalived to manage its tmp files (bsc#1216060) selinux-policy-20230511+git9.1b35a6ab-150500.3.3.1.noarch.rpm selinux-policy-20230511+git9.1b35a6ab-150500.3.3.1.src.rpm selinux-policy-devel-20230511+git9.1b35a6ab-150500.3.3.1.noarch.rpm selinux-policy-targeted-20230511+git9.1b35a6ab-150500.3.3.1.noarch.rpm openSUSE-Leap-Micro-5.5-2023-4457 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for nvme-cli fixes the following issues: - Update to version 2.4+31.gf7ec09: * NetApp udev rule updates (bsc#1215994) * Connection reuse issue when multiple Host NQNs are used for the same host (bsc#1213768) nvme-cli-2.4+31.gf7ec09-150500.4.12.1.src.rpm nvme-cli-2.4+31.gf7ec09-150500.4.12.1.x86_64.rpm nvme-cli-2.4+31.gf7ec09-150500.4.12.1.s390x.rpm nvme-cli-2.4+31.gf7ec09-150500.4.12.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4458 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the "Development Tools" module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install "gcc13" or "gcc13-c++" or one of the other "gcc13-COMPILER" frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. gcc13-13.2.1+git7813-150000.1.6.1.src.rpm libgcc_s1-13.2.1+git7813-150000.1.6.1.x86_64.rpm libstdc++6-13.2.1+git7813-150000.1.6.1.x86_64.rpm libgcc_s1-13.2.1+git7813-150000.1.6.1.s390x.rpm libstdc++6-13.2.1+git7813-150000.1.6.1.s390x.rpm libgcc_s1-13.2.1+git7813-150000.1.6.1.aarch64.rpm libstdc++6-13.2.1+git7813-150000.1.6.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4475 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for xen fixes the following issues: - CVE-2023-20588: AMD CPU transitional execution leak via division by zero (XSA-439) (bsc#1215474). - CVE-2023-34322: top-level shadow reference dropped too early for 64-bit PV guests (XSA-438) (bsc#1215145). - CVE-2023-34325: Multiple vulnerabilities in libfsimage disk handling (XSA-443) (bsc#1215747). - CVE-2023-34326: x86/AMD: missing IOMMU TLB flushing (XSA-442) (bsc#1215746). - CVE-2023-34327,CVE-2023-34328: x86/AMD: Debug Mask handling (XSA-444) (bsc#1215748). - CVE-2023-46835: x86/AMD: mismatch in IOMMU quarantine page table levels (XSA-445) (bsc#1216654). - CVE-2023-46836: x86: BTC/SRSO fixes not fully effective (XSA-446) (bsc#1216807). - Upstream bug fixes (bsc#1027519) xen-4.17.2_08-150500.3.15.1.src.rpm True xen-libs-4.17.2_08-150500.3.15.1.x86_64.rpm True openSUSE-Leap-Micro-5.5-2023-4504 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for libxml2 fixes the following issues: - CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). libxml2-2-2.10.3-150500.5.11.1.x86_64.rpm libxml2-2.10.3-150500.5.11.1.src.rpm libxml2-python-2.10.3-150500.5.11.1.src.rpm libxml2-tools-2.10.3-150500.5.11.1.x86_64.rpm python3-libxml2-2.10.3-150500.5.11.1.x86_64.rpm libxml2-2-2.10.3-150500.5.11.1.s390x.rpm libxml2-tools-2.10.3-150500.5.11.1.s390x.rpm python3-libxml2-2.10.3-150500.5.11.1.s390x.rpm libxml2-2-2.10.3-150500.5.11.1.aarch64.rpm libxml2-tools-2.10.3-150500.5.11.1.aarch64.rpm python3-libxml2-2.10.3-150500.5.11.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4517 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for python3-setuptools fixes the following issues: - CVE-2022-40897: Fixed Regular Expression Denial of Service (ReDoS) in package_index.py (bsc#1206667). python3-setuptools-44.1.1-150400.9.6.1.noarch.rpm python3-setuptools-44.1.1-150400.9.6.1.src.rpm openSUSE-Leap-Micro-5.5-2023-4518 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for openssl-1_1 fixes the following issues: - CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). libopenssl-1_1-devel-1.1.1l-150500.17.22.1.x86_64.rpm libopenssl1_1-1.1.1l-150500.17.22.1.x86_64.rpm libopenssl1_1-hmac-1.1.1l-150500.17.22.1.x86_64.rpm openssl-1_1-1.1.1l-150500.17.22.1.src.rpm openssl-1_1-1.1.1l-150500.17.22.1.x86_64.rpm libopenssl-1_1-devel-1.1.1l-150500.17.22.1.s390x.rpm libopenssl1_1-1.1.1l-150500.17.22.1.s390x.rpm libopenssl1_1-hmac-1.1.1l-150500.17.22.1.s390x.rpm openssl-1_1-1.1.1l-150500.17.22.1.s390x.rpm libopenssl-1_1-devel-1.1.1l-150500.17.22.1.aarch64.rpm libopenssl1_1-1.1.1l-150500.17.22.1.aarch64.rpm libopenssl1_1-hmac-1.1.1l-150500.17.22.1.aarch64.rpm openssl-1_1-1.1.1l-150500.17.22.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4500 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for ucode-intel fixes the following issues: - Updated to Intel CPU Microcode 20231114 release. (bsc#1215278) - CVE-2023-23583: Fixed potential CPU deadlocks or privilege escalation. (bsc#1215278) ucode-intel-20231114-150200.35.1.src.rpm ucode-intel-20231114-150200.35.1.x86_64.rpm openSUSE-Leap-Micro-5.5-2023-4550 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for fdo-client fixes the following issues: - Removed build key via utils/keys_gen.sh. (bsc#1216293) fdo-client-1.0.0+git20210816.baa09b5-150500.3.3.1.src.rpm fdo-client-1.0.0+git20210816.baa09b5-150500.3.3.1.x86_64.rpm fdo-client-devel-1.0.0+git20210816.baa09b5-150500.3.3.1.x86_64.rpm fdo-client-1.0.0+git20210816.baa09b5-150500.3.3.1.s390x.rpm fdo-client-devel-1.0.0+git20210816.baa09b5-150500.3.3.1.s390x.rpm fdo-client-1.0.0+git20210816.baa09b5-150500.3.3.1.aarch64.rpm fdo-client-devel-1.0.0+git20210816.baa09b5-150500.3.3.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4557 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for vim fixes the following issues: Updated to version 9.0 with patch level 2103, fixes the following security problems * CVE-2023-5344: vim: Heap-based Buffer Overflow in vim prior to 9.0.1969 (bsc#1215940) * CVE-2023-5441: vim: segfault in exmode when redrawing (bsc#1216001) * CVE-2023-5535: vim: use-after-free from buf_contents_changed() (bsc#1216167) * CVE-2023-46246: vim: Integer Overflow in :history command (bsc#1216696) * CVE-2023-4738: vim: heap-buffer-overflow in vim_regsub_both (bsc#1214922) * CVE-2023-4735: vim: OOB Write ops.c (bsc#1214924) * CVE-2023-4734: vim: segmentation fault in function f_fullcommand (bsc#1214925) * CVE-2023-4733: vim: use-after-free in function buflist_altfpos (bsc#1215004) * CVE-2023-4752: vim: Heap Use After Free in function ins_compl_get_exp (bsc#1215006) * CVE-2023-4781: vim: heap-buffer-overflow in function vim_regsub_both (bsc#1215033) vim-9.0.2103-150500.20.6.1.src.rpm vim-data-common-9.0.2103-150500.20.6.1.noarch.rpm vim-small-9.0.2103-150500.20.6.1.x86_64.rpm vim-small-9.0.2103-150500.20.6.1.s390x.rpm vim-small-9.0.2103-150500.20.6.1.aarch64.rpm