openSUSE-Leap-Micro-5.5-2023-2811 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for libfido2, python-fido2, yubikey-manager, yubikey-manager-qt fixes the following issues: This update provides a feature update to the FIDO2 stack. Changes in libfido2: - Version 1.13.0 (2023-02-20) * New API calls: + fido_assert_empty_allow_list; + fido_cred_empty_exclude_list. * fido2-token: fix issue when listing large blobs. - Version 1.12.0 (2022-09-22) * Support for COSE_ES384. * Improved support for FIDO 2.1 authenticators. * New API calls: + es384_pk_free; + es384_pk_from_EC_KEY; + es384_pk_from_EVP_PKEY; + es384_pk_from_ptr; + es384_pk_new; + es384_pk_to_EVP_PKEY; + fido_cbor_info_certs_len; + fido_cbor_info_certs_name_ptr; + fido_cbor_info_certs_value_ptr; + fido_cbor_info_maxrpid_minpinlen; + fido_cbor_info_minpinlen; + fido_cbor_info_new_pin_required; + fido_cbor_info_rk_remaining; + fido_cbor_info_uv_attempts; + fido_cbor_info_uv_modality. * Documentation and reliability fixes. - Version 1.11.0 (2022-05-03) * Experimental PCSC support; enable with -DUSE_PCSC. * Improved OpenSSL 3.0 compatibility. * Use RFC1951 raw deflate to compress CTAP 2.1 largeBlobs. * winhello: advertise "uv" instead of "clientPin". * winhello: support hmac-secret in fido_dev_get_assert(). * New API calls: + fido_cbor_info_maxlargeblob. * Documentation and reliability fixes. * Separate build and regress targets. - Version 1.10.0 (2022-01-17) * bio: fix CTAP2 canonical CBOR encoding in fido_bio_dev_enroll_*(); gh#480. * New API calls: - fido_dev_info_set; - fido_dev_io_handle; - fido_dev_new_with_info; - fido_dev_open_with_info. * Cygwin and NetBSD build fixes. * Documentation and reliability fixes. * Support for TPM 2.0 attestation of COSE_ES256 credentials. - Version 1.9.0 (2021-10-27) * Enabled NFC support on Linux. * Support for FIDO 2.1 "minPinLength" extension. * Support for COSE_EDDSA, COSE_ES256, and COSE_RS1 attestation. * Support for TPM 2.0 attestation. * Support for device timeouts; see fido_dev_set_timeout(). * New API calls: - es256_pk_from_EVP_PKEY; - fido_cred_attstmt_len; - fido_cred_attstmt_ptr; - fido_cred_pin_minlen; - fido_cred_set_attstmt; - fido_cred_set_pin_minlen; - fido_dev_set_pin_minlen_rpid; - fido_dev_set_timeout; - rs256_pk_from_EVP_PKEY. * Reliability and portability fixes. * Better handling of HID devices without identification strings; gh#381. - Update to version 1.8.0: * Better support for FIDO 2.1 authenticators. * Support for attestation format 'none'. * New API calls: - fido_assert_set_clientdata; - fido_cbor_info_algorithm_cose; - fido_cbor_info_algorithm_count; - fido_cbor_info_algorithm_type; - fido_cbor_info_transports_len; - fido_cbor_info_transports_ptr; - fido_cred_set_clientdata; - fido_cred_set_id; - fido_credman_set_dev_rk; - fido_dev_is_winhello. * fido2-token: new -Sc option to update a resident credential. * Documentation and reliability fixes. * HID access serialisation on Linux. - Update to version 1.7.0: * hid_win: detect devices with vendor or product IDs > 0x7fff * Support for FIDO 2.1 authenticator configuration. * Support for FIDO 2.1 UV token permissions. * Support for FIDO 2.1 "credBlobs" and "largeBlobs" extensions. * New API calls * New fido_init flag to disable fido_dev_open’s U2F fallback * Experimental NFC support on Linux. - Enabled hidapi again, issues related to hidapi are fixed upstream - Update to version 1.6.0: * Documentation and reliability fixes. * New API calls: + fido_cred_authdata_raw_len; + fido_cred_authdata_raw_ptr; + fido_cred_sigcount; + fido_dev_get_uv_retry_count; + fido_dev_supports_credman. * Hardened Windows build. * Native FreeBSD and NetBSD support. * Use CTAP2 canonical CBOR when combining hmac-secret and credProtect. - Create a udev subpackage and ship the udev rule. Changes in python-fido2: - update to 0.9.3: * Don't fail device discovery when hidraw doesn't support HIDIOCGRAWUNIQ * Support the latest Windows webauthn.h API (included in Windows 11). * Add product name and serial number to HidDescriptors. * Remove the need for the uhid-freebsd dependency on FreeBSD. - Update to version 0.9.1 * Add new CTAP error codes and improve handling of unknown codes. * Client: API changes to better support extensions. * Client.make_credential now returns a AuthenticatorAttestationResponse, which holds the AttestationObject and ClientData, as well as any client extension results for the credential. * Client.get_assertion now returns an AssertionSelection object, which is used to select between multiple assertions * Renames: The CTAP1 and CTAP2 classes have been renamed to Ctap1 and Ctap2, respectively. * ClientPin: The ClientPin API has been restructured to support multiple PIN protocols, UV tokens, and token permissions. * CTAP 2.1 PRE: Several new features have been added for CTAP 2.1 * HID: The platform specific HID code has been revamped - Version 0.8.1 (released 2019-11-25) * Bugfix: WindowsClient.make_credential error when resident key requirement is unspecified. - Version 0.8.0 (released 2019-11-25) * New fido2.webauthn classes modeled after the W3C WebAuthn spec introduced. * CTAP2 send_cbor/make_credential/get_assertion and U2fClient request/authenticate timeout arguments replaced with event used to cancel a request. * Fido2Client: - make_credential/get_assertion now take WebAuthn options objects. - timeout is now provided in ms in WebAuthn options objects. Event based cancelation also available by passing an Event. * Fido2Server: - ATTESTATION, USER_VERIFICATION, and AUTHENTICATOR_ATTACHMENT enums have been replaced with fido2.webauthn classes. - RelyingParty has been replaced with PublicKeyCredentialRpEntity, and name is no longer optional. - Options returned by register_begin/authenticate_begin now omit unspecified values if they are optional, instead of filling in default values. - Fido2Server.allowed_algorithms now contains a list of PublicKeyCredentialParameters instead of algorithm identifiers. - Fido2Server.timeout is now in ms and of type int. * Support native WebAuthn API on Windows through WindowsClient. - Version 0.7.2 (released 2019-10-24) * Support for the TPM attestation format. * Allow passing custom challenges to register/authenticate in Fido2Server. * Bugfix: CTAP2 CANCEL command response handling fixed. * Bugfix: Fido2Client fix handling of empty allow_list. * Bugfix: Fix typo in CTAP2.get_assertions() causing it to fail. - Version 0.7.1 (released 2019-09-20) * Enforce canonical CBOR on Authenticator responses by default. * PCSC: Support extended APDUs. * Server: Verify that UP flag is set. * U2FFido2Server: Implement AppID exclusion extension. * U2FFido2Server: Allow custom U2F facet verification. * Bugfix: U2FFido2Server.authenticate_complete now returns the result. - Version 0.7.0 (released 2019-06-17) * Add support for NFC devices using PCSC. * Add support for the hmac-secret Authenticator extension. * Honor max credential ID length and number of credentials to Authenticator. * Add close() method to CTAP devices to explicitly release their resources. - Version 0.6.0 (released 2019-05-10) * Don't fail if CTAP2 Info contains unknown fields. * Replace cbor loads/dumps functions with encode/decode/decode_from. * Server: Add support for AuthenticatorAttachment. * Server: Add support for more key algorithms. * Client: Expose CTAP2 Info object as Fido2Client.info. Changes in yubikey-manager: - Update to version 4.0.9 (released 2022-06-17) * Dependency: Add support for python-fido2 1.x * Fix: Drop stated support for Click 6 as features from 7 are being used. - Update to version 4.0.8 (released 2022-01-31) * Bugfix: Fix error message for invalid modhex when programing a YubiOTP credential. * Bugfix: Fix issue with displaying a Steam credential when it is the only account. * Bugfix: Prevent installation of files in site-packages root. * Bugfix: Fix cleanup logic in PIV for protected management key. * Add support for token identifier when programming slot-based HOTP. * Add support for programming NDEF in text mode. * Dependency: Add support for Cryptography ⇐ 38. - version update to 4.0.7 ** Bugfix release: Fix broken naming for "YubiKey 4", and a small OATH issue with touch Steam credentials. - version 4.0.6 (released 2021-09-08) ** Improve handling of YubiKey device reboots. ** More consistently mask PIN/password input in prompts. ** Support switching mode over CCID for YubiKey Edge. ** Run pkill from PATH instead of fixed location. - version 4.0.5 (released 2021-07-16) ** Bugfix: Fix PIV feature detection for some YubiKey NEO versions. ** Bugfix: Fix argument short form for --period when adding TOTP credentials. ** Bugfix: More strict validation for some arguments, resulting in better error messages. ** Bugfix: Correctly handle TOTP credentials using period != 30 AND touch_required. ** Bugfix: Fix prompting for access code in the otp settings command (now uses "-A -"). - Update to version 4.0.3 * Add support for fido reset over NFC. * Bugfix: The --touch argument to piv change-management-key was ignored. * Bugfix: Don’t prompt for password when importing PIV key/cert if file is invalid. * Bugfix: Fix setting touch-eject/auto-eject for YubiKey 4 and NEO. * Bugfix: Detect PKCS#12 format when outer sequence uses indefinite length. * Dependency: Add support for Click 8. - Update to version 4.0.2 * Update device names * Add read_info output to the --diagnose command, and show exception types. * Bugfix: Fix read_info for YubiKey Plus. * Add support for YK5-based FIPS YubiKeys. * Bugfix: Fix OTP device enumeration on Win32. * Drop reliance on libusb and libykpersonalize. * Support the "fido" and "otp" subcommands over NFC * New "ykman --diagnose" command to aid in troubleshooting. * New "ykman apdu" command for sending raw APDUs over the smart card interface. * New "yubikit" package added for custom development and advanced scripting. * OpenPGP: Add support for KDF enabled YubiKeys. * Static password: Add support for FR, IT, UK and BEPO keyboard layouts. - Update to 3.1.1 * Add support for YubiKey 5C NFC * OpenPGP: set-touch now performs compatibility checks before prompting for PIN * OpenPGP: Improve error messages and documentation for set-touch * PIV: read-object command no longer adds a trailing newline * CLI: Hint at missing permissions when opening a device fails * Linux: Improve error handling when pcscd is not running * Windows: Improve how .DLL files are loaded, thanks to Marius Gabriel Mihai for reporting this! * Bugfix: set-touch now accepts the cached-fixed option * Bugfix: Fix crash in OtpController.prepare_upload_key() error parsing * Bugfix: Fix crash in piv info command when a certificate slot contains an invalid certificate * Library: PivController.read_certificate(slot) now wraps certificate parsing exceptions in new exception type InvalidCertificate * Library: PivController.list_certificates() now returns None for slots containing invalid certificate, instead of raising an exception - Version 3.1.0 (released 2019-08-20) * Add support for YubiKey 5Ci * OpenPGP: the info command now prints OpenPGP specification version as well * OpenPGP: Update support for attestation to match OpenPGP v3.4 * PIV: Use UTC time for self-signed certificates * OTP: Static password now supports the Norman keyboard layout - Version 3.0.0 (released 2019-06-24) * Add support for new YubiKey Preview and lightning form factor * FIDO: Support for credential management * OpenPGP: Support for OpenPGP attestation, cardholder certificates and cached touch policies * OTP: Add flag for using numeric keypad when sending digits - Version 2.1.1 (released 2019-05-28) * OTP: Add initial support for uploading Yubico OTP credentials to YubiCloud * Don’t automatically select the U2F applet on YubiKey NEO, it might be blocked by the OS * ChalResp: Always pad challenge correctly * Bugfix: Don’t crash with older versions of cryptography * Bugfix: Password was always prompted in OATH command, even if sent as argument Changes in yubikey-manager-qt: - update to 1.2.5: * Compatibility update for ykman 5.0.1. * Update to Python 3.11. * Update product images. - Update to version 1.2.4 (released 2021-10-26) * Update device names and images. * PIV: Fix import of certificate. - Update to version 1.2.3 * Improved error handling when using Security Key Series devices. * PIV: Fix generation of certificate in slot 9c. - Update to version 1.2.2 * Fix detection of YubiKey Plus * Compatibility update for yubikey-manager 4.0 * Bugfix: Device caching with multiple devices * Drop dependencies on libusb and libykpers. * Add additional product names and images - update to 1.1.5 * Add support for YubiKey 5C NFC - Update to version 1.1.4 * OTP: Add option to upload YubiOTP credential to YubiCloud * Linux: Show hint about pcscd service if opening device fails * Bugfix: Signal handling now compatible with Python 3.8 - Version 1.1.3 (released 2019-08-20) * Add suppport for YubiKey 5Ci * PIV: Use UTC time for self-signed certificates - Version 1.1.2 (released 2019-06-24) * Add support for new YubiKey Preview * PIV: The popup for the management key now have a "Use default" option * Windows: Fix issue with importing PIV certificates * Bugfix: generate static password now works correctly libfido2-1-1.13.0-150400.5.3.1.x86_64.rpm libfido2-1.13.0-150400.5.3.1.src.rpm libfido2-1-1.13.0-150400.5.3.1.s390x.rpm libfido2-1-1.13.0-150400.5.3.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2024-81 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for ceph fixes the following issues: - Fix FTBFS on gcc 13 (bsc#1201088) - Fix FTBFS on s390x (bsc#1211090) - ceph-volume: Fix regression in activate (bsc#1210243, bsc#1210314) - cephadm: Fix NFS haproxy failover if active node disappears (bsc#1209621) - cephadm: Mount host /etc/hosts for daemon containers in podman deployments (bsc#1210719) - cmake: Patch boost source to support python 3.11 (bsc#1210944) - mgr: Don't dump global config holding gil (bsc#1199880) - mgr/cephadm: Fix handling of mgr upgrades with 3 or more mgrs (bsc#1210153) - mgr/dashboard: allow to pass controls on iscsi disk create (bsc#1208820) - mgr/dashboard: Fix SSO error: 'str' object has no attribute 'decode' (bsc#1210784) ceph-16.2.13.66+g54799ee0666-150400.3.9.2.src.rpm librados2-16.2.13.66+g54799ee0666-150400.3.9.2.x86_64.rpm librbd1-16.2.13.66+g54799ee0666-150400.3.9.2.x86_64.rpm librados2-16.2.13.66+g54799ee0666-150400.3.9.2.aarch64.rpm librbd1-16.2.13.66+g54799ee0666-150400.3.9.2.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-3082 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for qemu fixes the following issues: - CVE-2023-3301: Fixed incorrect cleanup of the vdpa/vhost-net structures if peer nic is present (bsc#1213414). - CVE-2023-0330: Fixed reentrancy issues in the LSI controller (bsc#1207205). - CVE-2023-2861: Fixed opening special files in 9pfs (bsc#1212968). - CVE-2023-3255: Fixed infinite loop in inflate_buffer() leads to denial of service (bsc#1213001). Bugfixes: - hw/ide/piix: properly initialize the BMIBA register (bsc#bsc#1179993) - Fixed issue where Guest did not run on XEN SLES15SP2 (bsc#1181740). qemu-7.1.0-150500.49.6.1.src.rpm qemu-7.1.0-150500.49.6.1.x86_64.rpm qemu-accel-tcg-x86-7.1.0-150500.49.6.1.x86_64.rpm qemu-audio-spice-7.1.0-150500.49.6.1.x86_64.rpm qemu-block-curl-7.1.0-150500.49.6.1.x86_64.rpm qemu-chardev-spice-7.1.0-150500.49.6.1.x86_64.rpm qemu-guest-agent-7.1.0-150500.49.6.1.x86_64.rpm qemu-hw-display-qxl-7.1.0-150500.49.6.1.x86_64.rpm qemu-hw-display-virtio-gpu-7.1.0-150500.49.6.1.x86_64.rpm qemu-hw-display-virtio-vga-7.1.0-150500.49.6.1.x86_64.rpm qemu-hw-usb-redirect-7.1.0-150500.49.6.1.x86_64.rpm qemu-ipxe-1.0.0+-150500.49.6.1.noarch.rpm qemu-seabios-1.16.0_0_gd239552-150500.49.6.1.noarch.rpm qemu-sgabios-8-150500.49.6.1.noarch.rpm qemu-tools-7.1.0-150500.49.6.1.x86_64.rpm qemu-ui-opengl-7.1.0-150500.49.6.1.x86_64.rpm qemu-ui-spice-core-7.1.0-150500.49.6.1.x86_64.rpm qemu-vgabios-1.16.0_0_gd239552-150500.49.6.1.noarch.rpm qemu-x86-7.1.0-150500.49.6.1.x86_64.rpm qemu-7.1.0-150500.49.6.1.s390x.rpm qemu-audio-spice-7.1.0-150500.49.6.1.s390x.rpm qemu-block-curl-7.1.0-150500.49.6.1.s390x.rpm qemu-chardev-spice-7.1.0-150500.49.6.1.s390x.rpm qemu-guest-agent-7.1.0-150500.49.6.1.s390x.rpm qemu-hw-display-qxl-7.1.0-150500.49.6.1.s390x.rpm qemu-hw-display-virtio-gpu-7.1.0-150500.49.6.1.s390x.rpm qemu-hw-display-virtio-vga-7.1.0-150500.49.6.1.s390x.rpm qemu-hw-usb-redirect-7.1.0-150500.49.6.1.s390x.rpm qemu-s390x-7.1.0-150500.49.6.1.s390x.rpm qemu-tools-7.1.0-150500.49.6.1.s390x.rpm qemu-ui-opengl-7.1.0-150500.49.6.1.s390x.rpm qemu-ui-spice-core-7.1.0-150500.49.6.1.s390x.rpm qemu-7.1.0-150500.49.6.1.aarch64.rpm qemu-arm-7.1.0-150500.49.6.1.aarch64.rpm qemu-audio-spice-7.1.0-150500.49.6.1.aarch64.rpm qemu-block-curl-7.1.0-150500.49.6.1.aarch64.rpm qemu-chardev-spice-7.1.0-150500.49.6.1.aarch64.rpm qemu-guest-agent-7.1.0-150500.49.6.1.aarch64.rpm qemu-hw-display-qxl-7.1.0-150500.49.6.1.aarch64.rpm qemu-hw-display-virtio-gpu-7.1.0-150500.49.6.1.aarch64.rpm qemu-hw-display-virtio-vga-7.1.0-150500.49.6.1.aarch64.rpm qemu-hw-usb-redirect-7.1.0-150500.49.6.1.aarch64.rpm qemu-tools-7.1.0-150500.49.6.1.aarch64.rpm qemu-ui-opengl-7.1.0-150500.49.6.1.aarch64.rpm qemu-ui-spice-core-7.1.0-150500.49.6.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-3850 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for evolution and its dependencies fixes the following issues: evolution: - Handle frame flattening change in WebKitGTK 2.40 (bsc#1213858) bogofilter, evolution-data-server, gcr, geocode-glib, gjs, glade, gnome-autoar, gnome-desktop, gnome-online-accounts, gsl, gspell, gtkspell3, libcanberra, libgdata, libgweather, libical, liboauth, libphonenumber, librest, libxkbcommon, mozjs78: - Deliver missing direct and indirect dependencies of evolution to SUSE Package Hub 15 SP{4,5} for aarch64, ppc64le and s390x - There are NO code changes libxkbcommon-1.3.0-150400.3.2.2.src.rpm libxkbcommon0-1.3.0-150400.3.2.2.x86_64.rpm libxkbcommon0-1.3.0-150400.3.2.2.s390x.rpm libxkbcommon0-1.3.0-150400.3.2.2.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-3817 important SUSE Updates openSUSE-Leap-Micro 5.5 This update of containerd fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). containerd-1.6.21-150000.95.1.src.rpm containerd-1.6.21-150000.95.1.x86_64.rpm containerd-1.6.21-150000.95.1.s390x.rpm containerd-1.6.21-150000.95.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-3952 important SUSE Updates openSUSE-Leap-Micro 5.5 This update of runc fixes the following issues: - Update to runc v1.1.8. Upstream changelog is available from <https://github.com/opencontainers/runc/releases/tag/v1.1.8>. - rebuild the package with the go 1.21 security release (bsc#1212475). runc-1.1.8-150000.49.1.src.rpm runc-1.1.8-150000.49.1.x86_64.rpm runc-1.1.8-150000.49.1.s390x.rpm runc-1.1.8-150000.49.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-3637 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for cloud-netconfig fixes the following issues: - Update to version 1.8: - Fix Automatic Addition of Secondary IP Addresses in Azure Using cloud-netconfig. (bsc#1214715) cloud-netconfig-azure-1.8-150000.25.11.1.noarch.rpm cloud-netconfig-azure-1.8-150000.25.11.1.src.rpm cloud-netconfig-ec2-1.8-150000.25.11.1.noarch.rpm cloud-netconfig-ec2-1.8-150000.25.11.1.src.rpm cloud-netconfig-gce-1.8-150000.25.11.1.noarch.rpm cloud-netconfig-gce-1.8-150000.25.11.1.src.rpm openSUSE-Leap-Micro-5.5-2023-3780 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for hidapi ships the missing libhidapi-raw0 library to SLE and Leap Micro 5.3 and 5.4. hidapi-0.10.1-150300.3.2.1.src.rpm libhidapi-hidraw0-0.10.1-150300.3.2.1.x86_64.rpm libhidapi-hidraw0-0.10.1-150300.3.2.1.s390x.rpm libhidapi-hidraw0-0.10.1-150300.3.2.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-3822 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for supportutils fixes the following issues: Security fixes: - CVE-2022-45154: Removed iSCSI passwords (bsc#1207598). Other Fixes: - Changes in version 3.1.26 + powerpc plugin to collect the slots and active memory (bsc#1210950) + A Cleartext Storage of Sensitive Information vulnerability CVE-2022-45154 + supportconfig: collect BPF information (pr#154) + Added additional iscsi information (pr#155) - Added run time detection (bsc#1213127) - Changes for supportutils version 3.1.25 + Removed iSCSI passwords CVE-2022-45154 (bsc#1207598) + powerpc: Collect lsslot,amsstat, and opal elogs (pr#149) + powerpc: collect invscout logs (pr#150) + powerpc: collect RMC status logs (pr#151) + Added missing nvme nbft commands (bsc#1211599) + Fixed invalid nvme commands (bsc#1211598) + Added missing podman information (PED-1703, bsc#1181477) + Removed dependency on sysfstools + Check for systool use (bsc#1210015) + Added selinux checking (bsc#1209979) + Updated SLES_VER matrix - Fixed missing status detail for apparmor (bsc#1196933) - Corrected invalid argument list in docker.txt (bsc#1206608) - Applies limit equally to sar data and text files (bsc#1207543) - Collects hwinfo hardware logs (bsc#1208928) - Collects lparnumascore logs (issue#148) - Add dependency to `numactl` on ppc64le and `s390x`, this enforces that `numactl --hardware` data is provided in supportconfigs - Changes to supportconfig.rc version 3.1.11-35 + Corrected _sanitize_file to include iscsi.conf and others (bsc#1206402) - Changes to supportconfig version 3.1.11-46.4 + Added plymouth_info - Changes to getappcore version 1.53.02 + The location of chkbin was updated earlier. This documents that change (bsc#1205533, bsc#1204942) supportutils-3.1.26-150300.7.35.21.1.noarch.rpm supportutils-3.1.26-150300.7.35.21.1.src.rpm openSUSE-Leap-Micro-5.5-2023-3666 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for libxml2 fixes the following issues: - CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768). libxml2-2-2.10.3-150500.5.8.1.x86_64.rpm libxml2-2.10.3-150500.5.8.1.src.rpm libxml2-python-2.10.3-150500.5.8.1.src.rpm libxml2-tools-2.10.3-150500.5.8.1.x86_64.rpm python3-libxml2-2.10.3-150500.5.8.1.x86_64.rpm libxml2-2-2.10.3-150500.5.8.1.s390x.rpm libxml2-tools-2.10.3-150500.5.8.1.s390x.rpm python3-libxml2-2.10.3-150500.5.8.1.s390x.rpm libxml2-2-2.10.3-150500.5.8.1.aarch64.rpm libxml2-tools-2.10.3-150500.5.8.1.aarch64.rpm python3-libxml2-2.10.3-150500.5.8.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-3707 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for cups fixes the following issues: - CVE-2023-4504: Fixed heap overflow in OpenPrinting CUPS Postscript Parsing (bsc#1215204). - CVE-2023-32360: Fixed Information leak through Cups-Get-Document operation (bsc#1214254). cups-2.2.7-150000.3.51.2.src.rpm cups-config-2.2.7-150000.3.51.2.x86_64.rpm libcups2-2.2.7-150000.3.51.2.x86_64.rpm cups-config-2.2.7-150000.3.51.2.s390x.rpm libcups2-2.2.7-150000.3.51.2.s390x.rpm cups-config-2.2.7-150000.3.51.2.aarch64.rpm libcups2-2.2.7-150000.3.51.2.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-3654 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer fixes the following issues: Update to version 1.57.0 - Release notes https://github.com/kubevirt/containerized-data-importer/releases/tag/v1.57.0 containerized-data-importer-1.57.0-150500.6.3.1.src.rpm containerized-data-importer-manifests-1.57.0-150500.6.3.1.x86_64.rpm openSUSE-Leap-Micro-5.5-2023-3655 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container fixes the following issues: kubevirt was updated to fix: - Fix leaking file descriptor - Fix volume detach on hotplug attachment pod delete - Fix leaking tickers - Run helper pod as qemu user - SCSI reservation: fix leftover mount and resource permissions - Bump client-go (fix possible panic in discovery) - Wait for new hotplug attachment pod to be ready - Adapt the storage tests to the new populators flow - Create export VM datavolumes compatible with populators - Delete VMI prior to NFS server pod in tests - Use compat cmdline options for virtiofsd - Update to version 1.0.0 Release notes https://github.com/kubevirt/kubevirt/releases/tag/v1.0.0 - Switch to qemu user (107) - Initial container for qemu-pr-helper kubevirt-1.0.0-150500.8.3.1.src.rpm kubevirt-manifests-1.0.0-150500.8.3.1.x86_64.rpm kubevirt-virtctl-1.0.0-150500.8.3.1.x86_64.rpm openSUSE-Leap-Micro-5.5-2023-3954 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in "econf_writeFile" function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in "read_file" function. (bsc#1211078) libeconf-0.5.2-150400.3.6.1.src.rpm libeconf0-0.5.2-150400.3.6.1.x86_64.rpm libeconf0-0.5.2-150400.3.6.1.s390x.rpm libeconf0-0.5.2-150400.3.6.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-3716 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for libnvme, nvme-cli fixes the following issues: - Update to version 1.4+29.ga3cf0a - Fix segfault in nvme_scan_subsystem() (bsc#1213993) - Fix segfault converting NULL to JSON string (bsc#1213762) libnvme-1.4+29.ga3cf0a-150500.4.9.1.src.rpm libnvme-mi1-1.4+29.ga3cf0a-150500.4.9.1.x86_64.rpm libnvme1-1.4+29.ga3cf0a-150500.4.9.1.x86_64.rpm nvme-cli-2.4+25.g367eb9-150500.4.9.1.src.rpm nvme-cli-2.4+25.g367eb9-150500.4.9.1.x86_64.rpm libnvme-mi1-1.4+29.ga3cf0a-150500.4.9.1.s390x.rpm libnvme1-1.4+29.ga3cf0a-150500.4.9.1.s390x.rpm nvme-cli-2.4+25.g367eb9-150500.4.9.1.s390x.rpm libnvme-mi1-1.4+29.ga3cf0a-150500.4.9.1.aarch64.rpm libnvme1-1.4+29.ga3cf0a-150500.4.9.1.aarch64.rpm nvme-cli-2.4+25.g367eb9-150500.4.9.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-3843 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for suse-build-key fixes the following issues: This update adds and runs a import-suse-build-key script. It is run after installation with libzypp based installers. (jsc#PED-2777) It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc suse-build-key-12.0-150000.8.34.1.noarch.rpm suse-build-key-12.0-150000.8.34.1.src.rpm openSUSE-Leap-Micro-5.5-2023-3663 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for perl-Bootloader fixes the following issues: - bootloader_entry script can have an optional 'force-default' argument (bsc#1215064) - skip warning about unsupported options when in compat mode perl-Bootloader-0.945-150400.3.9.1.src.rpm perl-Bootloader-0.945-150400.3.9.1.x86_64.rpm perl-Bootloader-0.945-150400.3.9.1.s390x.rpm perl-Bootloader-0.945-150400.3.9.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-3828 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for python3 fixes the following issues: - CVE-2023-40217: Fixed TLS handshake bypass on closed sockets (bsc#1214692). libpython3_6m1_0-3.6.15-150300.10.51.1.x86_64.rpm python3-3.6.15-150300.10.51.1.src.rpm python3-3.6.15-150300.10.51.1.x86_64.rpm python3-base-3.6.15-150300.10.51.1.x86_64.rpm python3-core-3.6.15-150300.10.51.1.src.rpm libpython3_6m1_0-3.6.15-150300.10.51.1.s390x.rpm python3-3.6.15-150300.10.51.1.s390x.rpm python3-base-3.6.15-150300.10.51.1.s390x.rpm libpython3_6m1_0-3.6.15-150300.10.51.1.aarch64.rpm python3-3.6.15-150300.10.51.1.aarch64.rpm python3-base-3.6.15-150300.10.51.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4052 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update ships missing babeltrace-devel to the Basesystem module to allow building gdb source rpms. (bsc#1209275) babeltrace-1.5.8-150300.3.2.1.src.rpm babeltrace-1.5.8-150300.3.2.1.x86_64.rpm babeltrace-1.5.8-150300.3.2.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-3798 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for libcontainers-common fixes the following issues: - Require libcontainers-sles-mounts for *all* SLE products, and not just SLES. (bsc#1215291) libcontainers-common-20230214-150500.4.6.1.noarch.rpm libcontainers-common-20230214-150500.4.6.1.src.rpm libcontainers-sles-mounts-20230214-150500.4.6.1.noarch.rpm openSUSE-Leap-Micro-5.5-2023-4162 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the "Development Tools" module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install "gcc13" or "gcc13-c++" or one of the other "gcc13-COMPILER" frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. gcc13-13.2.1+git7813-150000.1.3.3.src.rpm libgcc_s1-13.2.1+git7813-150000.1.3.3.x86_64.rpm libstdc++6-13.2.1+git7813-150000.1.3.3.x86_64.rpm libgcc_s1-13.2.1+git7813-150000.1.3.3.s390x.rpm libstdc++6-13.2.1+git7813-150000.1.3.3.s390x.rpm libgcc_s1-13.2.1+git7813-150000.1.3.3.aarch64.rpm libstdc++6-13.2.1+git7813-150000.1.3.3.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4194 low SUSE Updates openSUSE-Leap-Micro 5.5 This feature update for python3 packages adds the following: - First batch of python3.11 modules (jsc#PED-68) - Rename sources of python3-kubernetes, python3-cryptography and python3-cryptography-vectors to accommodate the new 3.11 versions, this 3 packages have no code changes. python3-cryptography-3.3.2-150400.20.3.src.rpm python3-cryptography-3.3.2-150400.20.3.x86_64.rpm python3-cryptography-3.3.2-150400.20.3.s390x.rpm python3-cryptography-3.3.2-150400.20.3.ppc64le.rpm python3-cryptography-3.3.2-150400.20.3.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4153 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for systemd fixes the following issues: - Fix mismatch of nss-resolve version in Package Hub (no source code changes) libsystemd0-249.16-150400.8.35.5.x86_64.rpm libudev1-249.16-150400.8.35.5.x86_64.rpm systemd-249.16-150400.8.35.5.src.rpm systemd-249.16-150400.8.35.5.x86_64.rpm systemd-container-249.16-150400.8.35.5.x86_64.rpm systemd-journal-remote-249.16-150400.8.35.5.x86_64.rpm systemd-sysvinit-249.16-150400.8.35.5.x86_64.rpm udev-249.16-150400.8.35.5.x86_64.rpm libsystemd0-249.16-150400.8.35.5.s390x.rpm libudev1-249.16-150400.8.35.5.s390x.rpm systemd-249.16-150400.8.35.5.s390x.rpm systemd-container-249.16-150400.8.35.5.s390x.rpm systemd-journal-remote-249.16-150400.8.35.5.s390x.rpm systemd-sysvinit-249.16-150400.8.35.5.s390x.rpm udev-249.16-150400.8.35.5.s390x.rpm libsystemd0-249.16-150400.8.35.5.aarch64.rpm libudev1-249.16-150400.8.35.5.aarch64.rpm systemd-249.16-150400.8.35.5.aarch64.rpm systemd-container-249.16-150400.8.35.5.aarch64.rpm systemd-journal-remote-249.16-150400.8.35.5.aarch64.rpm systemd-sysvinit-249.16-150400.8.35.5.aarch64.rpm udev-249.16-150400.8.35.5.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4154 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) aaa_base-84.87+git20180409.04c9dae-150300.10.6.2.src.rpm aaa_base-84.87+git20180409.04c9dae-150300.10.6.2.x86_64.rpm aaa_base-84.87+git20180409.04c9dae-150300.10.6.2.s390x.rpm aaa_base-84.87+git20180409.04c9dae-150300.10.6.2.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4141 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for grub2 fixes the following issues: Security fixes: - CVE-2023-4692: Fixed an out-of-bounds write at fs/ntfs.c which may lead to unsigned code execution. (bsc#1215935) - CVE-2023-4693: Fixed an out-of-bounds read at fs/ntfs.c which may lead to leak sensitive information. (bsc#1215936) Other fixes: - Fix a boot delay issue in PowerPC PXE boot (bsc#1201300) grub2-2.06-150500.29.8.1.src.rpm grub2-2.06-150500.29.8.1.x86_64.rpm grub2-i386-pc-2.06-150500.29.8.1.noarch.rpm grub2-snapper-plugin-2.06-150500.29.8.1.noarch.rpm grub2-x86_64-efi-2.06-150500.29.8.1.noarch.rpm grub2-x86_64-xen-2.06-150500.29.8.1.noarch.rpm grub2-2.06-150500.29.8.1.s390x.rpm grub2-s390x-emu-2.06-150500.29.8.1.s390x.rpm grub2-2.06-150500.29.8.1.aarch64.rpm grub2-arm64-efi-2.06-150500.29.8.1.noarch.rpm openSUSE-Leap-Micro-5.5-2023-3978 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for nfs-utils fixes the following issues: - SLE15-SP5 and earlier don't use /usr/lib/modprobe.d (bsc#1200710) - Avoid unhelpful warnings (bsc#1157881) - Fix rpc.nfsd man pages (bsc#1209859) - Cope better with duplicate entries in /etc/exports (bsc#1212594) - Allow scope to be set in sysconfig: NFSD_SCOPE nfs-client-2.1.1-150500.22.3.1.x86_64.rpm nfs-kernel-server-2.1.1-150500.22.3.1.x86_64.rpm nfs-utils-2.1.1-150500.22.3.1.src.rpm nfs-client-2.1.1-150500.22.3.1.s390x.rpm nfs-kernel-server-2.1.1-150500.22.3.1.s390x.rpm nfs-client-2.1.1-150500.22.3.1.aarch64.rpm nfs-kernel-server-2.1.1-150500.22.3.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-3971 important SUSE Updates openSUSE-Leap-Micro 5.5 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-38457: Fixed a use-after-free vulnerability in vmwgfx driver that allowed a local attacker to cause a denial of service (bsc#1203330). - CVE-2022-40133: Fixed a use-after-free vulnerability in vmwgfx driver that allowed a local attacker to cause a denial of service (bsc#1203329). - CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448). - CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927). - CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546). - CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation (bsc#1213580). - CVE-2023-37453: Fixed oversight in SuperSpeed initialization (bsc#1213123). - CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666). - CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601). - CVE-2023-40283: Fixed use-after-free in l2cap_sock_ready_cb (bsc#1214233). - CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149). - CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970). - CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work() (bsc#1213971). - CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1213968). - CVE-2023-4194: Fixed a type confusion in net tun_chr_open() (bsc#1214019). - CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214120). - CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that could allow a local attacker to crash the system due to a double-free (bsc#1214350). - CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451). - CVE-2023-4563: Fixed use-after-free in nft_verdict_dump due to a race between set GC and transaction (bsc#1214727). - CVE-2023-4569: Fixed information leak in nft_set_catchall_flush in net/netfilter/nf_tables_api.c (bsc#1214729). The following non-security bugs were fixed: - ACPI/IORT: Update SMMUv3 DeviceID support (bsc#1214305). - ACPI: processor: perflib: Avoid updating frequency QoS unnecessarily (git-fixes). - ACPI: processor: perflib: Use the "no limit" frequency QoS (git-fixes). - ACPI: x86: s2idle: Fix a logic error parsing AMD constraints table (git-fixes). - ALSA: ac97: Fix possible error value of *rac97 (git-fixes). - ALSA: hda/cs8409: Support new Dell Dolphin Variants (git-fixes). - ALSA: hda/realtek - Remodified 3k pull low procedure (git-fixes). - ALSA: hda/realtek: Add quirk for HP Victus 16-d1xxx to enable mute LED (git-fixes). - ALSA: hda/realtek: Add quirk for mute LEDs on HP ENVY x360 15-eu0xxx (git-fixes). - ALSA: hda/realtek: Add quirks for HP G11 Laptops (git-fixes). - ALSA: hda/realtek: Switch Dell Oasis models to use SPI (git-fixes). - ALSA: pcm: Fix missing fixup call in compat hw_refine ioctl (git-fixes). - ALSA: usb-audio: Add support for Mythware XA001AU capture and playback interfaces (git-fixes). - ALSA: usb-audio: Fix init call orders for UAC1 (git-fixes). - ALSA: ymfpci: Fix the missing snd_card_free() call at probe error (git-fixes). - ARM: dts: imx6dl: prtrvt, prtvt7, prti6q, prtwd2: fix USB related warnings (git-fixes). - ARM: dts: imx6sll: fixup of operating points (git-fixes). - ARM: spear: Do not use timer namespace for timer_shutdown() function (bsc#1213970). - ASoC: SOF: Intel: fix SoundWire/HDaudio mutual exclusion (git-fixes). - ASoC: amd: yc: Fix a non-functional mic on Lenovo 82SJ (git-fixes). - ASoC: lower "no backend DAIs enabled for ... Port" log severity (git-fixes). - ASoC: meson: axg-tdm-formatter: fix channel slot allocation (git-fixes). - ASoC: rt5665: add missed regulator_bulk_disable (git-fixes). - ASoC: stac9766: fix build errors with REGMAP_AC97 (git-fixes). - ASoC: tegra: Fix SFC conversion for few rates (git-fixes). - Bluetooth: Fix potential use-after-free when clear keys (git-fixes). - Bluetooth: L2CAP: Fix use-after-free (git-fixes). - Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb (git-fixes). - Bluetooth: Remove unused declaration amp_read_loc_info() (git-fixes). - Bluetooth: btusb: Add MT7922 bluetooth ID for the Asus Ally (git-fixes). - Bluetooth: btusb: Do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() (git-fixes). - CONFIG_NVME_VERBOSE_ERRORS=y gone with a82baa8083b - CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT=13 gone with 7e152d55123 - Created new preempt kernel flavor Configs are cloned from the respective $arch/default configs. All changed configs appart from CONFIG_PREEMPT->y are a result of dependencies, namely many lock/unlock primitives are no longer inlined in the preempt kernel. TREE_RCU has been also changed to PREEMPT_RCU which is the default implementation for PREEMPT kernel. - Documentation: devices.txt: Fix minors for ttyCPM* (git-fixes). - Documentation: devices.txt: Remove ttyIOC* (git-fixes). - Documentation: devices.txt: Remove ttySIOC* (git-fixes). - Drivers: hv: Do not remap addresses that are above shared_gpa_boundary (bsc#1206453). - Drivers: hv: Enable vmbus driver for nested root partition (bsc#1206453). - Drivers: hv: Explicitly request decrypted in vmap_pfn() calls (bsc#1206453). - Drivers: hv: Setup synic registers in case of nested root partition (bsc#1206453). - Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (bsc#1206453). - Drivers: hv: vmbus: Remove second mapping of VMBus monitor pages (bsc#1206453). - Drivers: hv: vmbus: Remove second way of mapping ring buffers (bsc#1206453). - Drivers: hv: vmbus: Remove the per-CPU post_msg_page (bsc#1206453). - Drop amdgpu patch causing spamming (bsc#1215523) - Drop cfg80211 lock fix patches that caused a regression (bsc#1213757) - Drop rtsx patch that caused a regression (bsc#1214397,bsc#1214428) - Enable Analog Devices Industrial Ethernet PHY driver (jsc#PED-4759) - HID: add quirk for 03f0:464a HP Elite Presenter Mouse (git-fixes). - HID: logitech-dj: Fix error handling in logi_dj_recv_switch_to_dj_mode() (git-fixes). - HID: logitech-hidpp: Add USB and Bluetooth IDs for the Logitech G915 TKL Keyboard (git-fixes). - HID: multitouch: Correct devm device reference for hidinput input_dev name (git-fixes). - HID: wacom: remove the battery when the EKR is off (git-fixes). - HWPOISON: offline support: fix spelling in Documentation/ABI/ (git-fixes). - IB/hfi1: Fix possible panic during hotplug remove (git-fixes) - IB/uverbs: Fix an potential error pointer dereference (git-fixes) - Input: exc3000 - properly stop timer on shutdown (git-fixes). - KVM: s390: fix sthyi error handling (git-fixes bsc#1214370). - Kbuild: add -Wno-shift-negative-value where -Wextra is used (bsc#1214756). - Kbuild: move to -std=gnu11 (bsc#1214756). - PCI/ASPM: Avoid link retraining race (git-fixes). - PCI/ASPM: Factor out pcie_wait_for_retrain() (git-fixes). - PCI/ASPM: Return 0 or -ETIMEDOUT from pcie_retrain_link() (git-fixes). - PCI: Mark NVIDIA T4 GPUs to avoid bus reset (git-fixes). - PCI: acpiphp: Reassign resources on bridge if necessary (git-fixes). - PCI: acpiphp: Use pci_assign_unassigned_bridge_resources() only for non-root bus (git-fixes). - PCI: hv: Enable PCI pass-thru devices in Confidential VMs (bsc#1206453). - PCI: hv: Replace retarget_msi_interrupt_params with (bsc#1206453). - PCI: meson: Remove cast between incompatible function type (git-fixes). - PCI: microchip: Correct the DED and SEC interrupt bit offsets (git-fixes). - PCI: microchip: Remove cast between incompatible function type (git-fixes). - PCI: pciehp: Use RMW accessors for changing LNKCTL (git-fixes). - PCI: rockchip: Remove writes to unused registers (git-fixes). - PCI: s390: Fix use-after-free of PCI resources with per-function hotplug (git-fixes). - PCI: tegra194: Fix possible array out of bounds access (git-fixes). - PM / devfreq: Fix leak in devfreq_dev_release() (git-fixes). - RDMA/bnxt_re: Fix error handling in probe failure path (git-fixes) - RDMA/bnxt_re: Fix max_qp count for virtual functions (git-fixes) - RDMA/efa: Fix wrong resources deallocation order (git-fixes) - RDMA/hns: Fix CQ and QP cache affinity (git-fixes) - RDMA/hns: Fix incorrect post-send with direct wqe of wr-list (git-fixes) - RDMA/hns: Fix port active speed (git-fixes) - RDMA/irdma: Prevent zero-length STAG registration (git-fixes) - RDMA/irdma: Replace one-element array with flexible-array member (git-fixes) - RDMA/mlx5: Return the firmware result upon destroying QP/RQ (git-fixes) - RDMA/qedr: Remove a duplicate assignment in irdma_query_ah() (git-fixes) - RDMA/siw: Balance the reference of cep->kref in the error path (git-fixes) - RDMA/siw: Correct wrong debug message (git-fixes) - RDMA/umem: Set iova in ODP flow (git-fixes) - README.BRANCH: Add Miroslav Franc as a SLE15-SP4 co-maintainer. - Revert "IB/isert: Fix incorrect release of isert connection" (git-fixes) - Revert "tracing: Add "(fault)" name injection to kernel probes" (git-fixes). - SMB3: Do not send lease break acknowledgment if all file handles have been closed (git-fixes). - Update patches.suse/cpufreq-intel_pstate-Fix-cpu-pstate.turbo_freq-initi.patch (git-fixes bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929). - amba: bus: fix refcount leak (git-fixes). - arm64: dts: imx8mn-var-som: add missing pull-up for onboard PHY reset pinmux (git-fixes). - arm64: dts: qcom: qrb5165-rb5: fix thermal zone conflict (git-fixes). - arm64: dts: rockchip: Disable HS400 for eMMC on ROCK Pi 4 (git-fixes). - audit: fix possible soft lockup in __audit_inode_child() (git-fixes). - backlight/bd6107: Compare against struct fb_info.device (git-fixes). - backlight/gpio_backlight: Compare against struct fb_info.device (git-fixes). - backlight/lv5207lp: Compare against struct fb_info.device (git-fixes). - batman-adv: Do not get eth header before batadv_check_management_packet (git-fixes). - batman-adv: Do not increase MTU when set by user (git-fixes). - batman-adv: Fix TT global entry leak when client roamed back (git-fixes). - batman-adv: Fix batadv_v_ogm_aggr_send memory leak (git-fixes). - batman-adv: Hold rtnl lock during MTU update via netlink (git-fixes). - batman-adv: Trigger events for auto adjusted MTU (git-fixes). - bnx2x: fix page fault following EEH recovery (bsc#1214299). - bpf: Disable preemption in bpf_event_output (git-fixes). - bpftool: Print newline before '}' for struct with padding only fields (bsc#1211220 jsc#PED-3924). - bus: mhi: host: Skip MHI reset if device is in RDDM (git-fixes). - bus: ti-sysc: Fix build warning for 64-bit build (git-fixes). - bus: ti-sysc: Fix cast to enum warning (git-fixes). - bus: ti-sysc: Flush posted write on enable before reset (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): count RX overflow errors also in case of OOM (git-fixes). - ceph: defer stopping mdsc delayed_work (bsc#1214392). - ceph: do not check for quotas on MDS stray dirs (bsc#1214238). - ceph: never send metrics if disable_send_metrics is set (bsc#1214180). - check-for-config-changes: ignore BUILTIN_RETURN_ADDRESS_STRIPS_PAC (bsc#1214380). gcc7 on SLE 15 does not support this while later gcc does. - cifs: add missing return value check for cifs_sb_tlink (bsc#1193629). - cifs: allow dumping keys for directories too (bsc#1193629). - cifs: fix mid leak during reconnection after timeout threshold (git-fixes). - cifs: if deferred close is disabled then close files immediately (git-fixes). - cifs: is_network_name_deleted should return a bool (bsc#1193629). - cifs: update internal module version number for cifs.ko (bsc#1193629). - clk: Fix slab-out-of-bounds error in devm_clk_release() (git-fixes). - clk: Fix undefined reference to `clk_rate_exclusive_{get,put}' (git-fixes). - clk: imx8mp: fix sai4 clock (git-fixes). - clk: imx: composite-8m: fix clock pauses when set_rate would be a no-op (git-fixes). - clk: imx: pll14xx: dynamically configure PLL for 393216000/361267200Hz (git-fixes). - clk: qcom: camcc-sc7180: fix async resume during probe (git-fixes). - clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock (git-fixes). - clk: qcom: gcc-sc7180: Fix up gcc_sdcc2_apps_clk_src (git-fixes). - clk: qcom: gcc-sm8250: Fix gcc_sdcc2_apps_clk_src (git-fixes). - clk: sunxi-ng: Modify mismatched function name (git-fixes). - clocksource/drivers/arm_arch_timer: Do not use timer namespace for timer_shutdown() function (bsc#1213970). - clocksource/drivers/hyper-v: Rework clocksource and sched clock setup (bsc#1206453). - clocksource/drivers/sp804: Do not use timer namespace for timer_shutdown() function (bsc#1213970). - clocksource: hyper-v: Add TSC page support for root partition (bsc#1206453). - clocksource: hyper-v: Introduce TSC PFN getter (bsc#1206453). - clocksource: hyper-v: Introduce a pointer to TSC page (bsc#1206453). - clocksource: hyper-v: Use TSC PFN getter to map vvar page (bsc#1206453). - clocksource: hyper-v: make sure Invariant-TSC is used if it is (bsc#1206453). - cpu/SMT: Allow enabling partial SMT states via sysfs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/SMT: Create topology_smt_thread_allowed() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/SMT: Move SMT prototypes into cpu_smt.h (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/SMT: Move smt/control simple exit cases earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/SMT: Remove topology_smt_supported() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/SMT: Store the current/max number of threads (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpufreq: Fix the race condition while updating the transition_task of policy (git-fixes). - cpufreq: intel_pstate: Adjust balance_performance EPP for Sapphire Rapids (bsc#1214659). - cpufreq: intel_pstate: Enable HWP IO boost for all servers (bsc#1208949 jsc#PED-6003 jsc#PED-6004). - cpufreq: intel_pstate: Fix scaling for hybrid-capable systems with disabled E-cores (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929). - cpufreq: intel_pstate: Read all MSRs on the target CPU (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929). - cpufreq: intel_pstate: hybrid: Rework HWP calibration (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929). - cpufreq: intel_pstate: hybrid: Use known scaling factor for P-cores (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929). - crypto: caam - fix unchecked return value error (git-fixes). - crypto: stm32 - Properly handle pm_runtime_get failing (git-fixes). - define more Hyper-V related constants (bsc#1206453). - dma-buf/sw_sync: Avoid recursive lock during fence signal (git-fixes). - dma-buf/sync_file: Fix docs syntax (git-fixes). - dmaengine: idxd: Modify the dependence of attribute pasid_enabled (git-fixes). - dmaengine: mcf-edma: Fix a potential un-allocated memory access (git-fixes). - dmaengine: pl330: Return DMA_PAUSED when transaction is paused (git-fixes). - dmaengine: ste_dma40: Add missing IRQ check in d40_probe (git-fixes). - docs/process/howto: Replace C89 with C11 (bsc#1214756). - docs: kernel-parameters: Refer to the correct bitmap function (git-fixes). - docs: networking: replace skb_hwtstamp_tx with skb_tstamp_tx (git-fixes). - docs: printk-formats: Fix hex printing of signed values (git-fixes). - driver core: test_async: fix an error code (git-fixes). - drivers: clk: keystone: Fix parameter judgment in _of_pll_clk_init() (git-fixes). - drivers: usb: smsusb: fix error handling code in smsusb_init_device (git-fixes). - drm/amd/display: Apply 60us prefetch for DCFCLK &lt;= 300Mhz (git-fixes). - drm/amd/display: Disable phantom OTG after enable for plane disable (git-fixes). - drm/amd/display: Do not set drr on pipe commit (git-fixes). - drm/amd/display: Enable dcn314 DPP RCO (git-fixes). - drm/amd/display: Ensure that planes are in the same order (git-fixes). - drm/amd/display: Implement workaround for writing to OTG_PIXEL_RATE_DIV register (git-fixes). - drm/amd/display: Retain phantom plane/stream if validation fails (git-fixes). - drm/amd/display: Skip DPP DTO update if root clock is gated (git-fixes). - drm/amd/display: Use update plane and stream routine for DCN32x (git-fixes). - drm/amd/display: check TG is non-null before checking if enabled (git-fixes). - drm/amd/display: check attr flag before set cursor degamma on DCN3+ (git-fixes). - drm/amd/display: disable RCO for DCN314 (git-fixes). - drm/amd/display: do not wait for mpc idle if tg is disabled (git-fixes). - drm/amd/display: fix access hdcp_workqueue assert (git-fixes). - drm/amd/display: fix the build when DRM_AMD_DC_DCN is not set (git-fixes). - drm/amd/display: limit DPIA link rate to HBR3 (git-fixes). - drm/amd/display: phase3 mst hdcp for multiple displays (git-fixes). - drm/amd/display: save restore hdcp state when display is unplugged from mst hub (git-fixes). - drm/amd/display: trigger timing sync only if TG is running (git-fixes). - drm/amd/pm/smu7: move variables to where they are used (git-fixes). - drm/amd/pm: avoid unintentional shutdown due to temperature momentary fluctuation (git-fixes). - drm/amd/pm: expose swctf threshold setting for legacy powerplay (git-fixes). - drm/amd/pm: fix variable dereferenced issue in amdgpu_device_attr_create() (git-fixes). - drm/amd/pm: fulfill powerplay peak profiling mode shader/memory clock settings (git-fixes). - drm/amd/pm: fulfill swsmu peak profiling mode shader/memory clock settings (git-fixes). - drm/amd/pm: skip the RLC stop when S0i3 suspend for SMU v13.0.4/11 (git-fixes). - drm/amd: Disable S/G for APUs when 64GB or more host memory (git-fixes). - drm/amd: flush any delayed gfxoff on suspend entry (git-fixes). - drm/amdgpu/pm: fix throttle_status for other than MP1 11.0.7 (git-fixes). - drm/amdgpu: Fix integer overflow in amdgpu_cs_pass1 (git-fixes). - drm/amdgpu: Fix potential fence use-after-free v2 (git-fixes). - drm/amdgpu: Remove unnecessary domain argument (git-fixes). - drm/amdgpu: Use RMW accessors for changing LNKCTL (git-fixes). - drm/amdgpu: add S/G display parameter (git-fixes). - drm/amdgpu: add vram reservation based on vram_usagebyfirmware_v2_2 (git-fixes). - drm/amdgpu: avoid integer overflow warning in amdgpu_device_resize_fb_bar() (git-fixes). - drm/amdgpu: fix calltrace warning in amddrm_buddy_fini (git-fixes). - drm/amdgpu: fix memory leak in mes self test (git-fixes). - drm/amdgpu: fix possible UAF in amdgpu_cs_pass1() (git-fixes). - drm/amdgpu: install stub fence into potential unused fence pointers (git-fixes). - drm/amdgpu: keep irq count in amdgpu_irq_disable_all (git-fixes). - drm/amdgpu: skip fence GFX interrupts disable/enable for S0ix (git-fixes). - drm/armada: Fix off-by-one error in armada_overlay_get_property() (git-fixes). - drm/ast: Fix DRAM init on AST2200 (git-fixes). - drm/atomic-helper: Update reference to drm_crtc_force_disable_all() (git-fixes). - drm/bridge: anx7625: Drop device lock before drm_helper_hpd_irq_event() (git-fixes). - drm/bridge: anx7625: Use common macros for DP power sequencing commands (git-fixes). - drm/bridge: anx7625: Use common macros for HDCP capabilities (git-fixes). - drm/bridge: fix -Wunused-const-variable= warning (git-fixes). - drm/bridge: tc358764: Fix debug print parameter order (git-fixes). - drm/etnaviv: fix dumping of active MMU context (git-fixes). - drm/gma500: Use drm_aperture_remove_conflicting_pci_framebuffers (git-fixes). - drm/i915/sdvo: fix panel_type initialization (git-fixes). - drm/i915: Fix premature release of request's reusable memory (git-fixes). - drm/mediatek: Fix dereference before null check (git-fixes). - drm/mediatek: Fix potential memory leak if vmap() fail (git-fixes). - drm/mediatek: Remove freeing not dynamic allocated memory (git-fixes). - drm/msm/a2xx: Call adreno_gpu_init() earlier (git-fixes). - drm/msm/dpu: fix the irq index in dpu_encoder_phys_wb_wait_for_commit_done (git-fixes). - drm/msm/mdp5: Do not leak some plane state (git-fixes). - drm/msm: Update dev core dump to not print backwards (git-fixes). - drm/mxsfb: Disable overlay plane in mxsfb_plane_overlay_atomic_disable() (git-fixes). - drm/nouveau/disp: Revert a NULL check inside nouveau_connector_get_modes (git-fixes). - drm/nouveau/disp: fix use-after-free in error handling of nouveau_connector_create (bsc#1214073). - drm/nouveau/gr: enable memory loads on helper invocation on all channels (git-fixes). - drm/nouveau/nvkm/dp: Add workaround to fix DP 1.3+ DPCD issues (git-fixes). - drm/panel: simple: Add missing connector type and pixel format for AUO T215HVN01 (git-fixes). - drm/panel: simple: Fix AUO G121EAN01 panel timings according to the docs (git-fixes). - drm/qxl: fix UAF on handle creation (git-fixes). - drm/radeon: Use RMW accessors for changing LNKCTL (git-fixes). - drm/repaper: Reduce temporary buffer size in repaper_fb_dirty() (git-fixes). - drm/rockchip: Do not spam logs in atomic check (git-fixes). - drm/shmem-helper: Reset vma->vm_ops before calling dma_buf_mmap() (git-fixes). - drm/stm: ltdc: fix late dereference check (git-fixes). - drm/tegra: dpaux: Fix incorrect return value of platform_get_irq (git-fixes). - drm/ttm: check null pointer before accessing when swapping (git-fixes). - drm/ttm: never consider pinned BOs for eviction&swap (git-fixes). - drm/vmwgfx: Fix shader stage validation (git-fixes). - drm: adv7511: Fix low refresh rate register for ADV7533/5 (git-fixes). - drm: rcar-du: remove R-Car H3 ES1.* workarounds (git-fixes). - drm: xlnx: zynqmp_dpsub: Add missing check for dma_set_mask (git-fixes). - dt-bindings: clock: xlnx,versal-clk: drop select:false (git-fixes). - dt-bindings: clocks: imx8mp: make sai4 a dummy clock (git-fixes). - dt-bindings: crypto: ti,sa2ul: make power-domains conditional (git-fixes). - e1000: Fix typos in comments (jsc#PED-5738). - e1000: Remove unnecessary use of kmap_atomic() (jsc#PED-5738). - e1000: switch to napi_build_skb() (jsc#PED-5738). - e1000: switch to napi_consume_skb() (jsc#PED-5738). - exfat: fix unexpected EOF while reading dir (bsc#1214000). - exfat: release s_lock before calling dir_emit() (bsc#1214000). - exfat_iterate(): do not open-code file_inode(file) (bsc#1214000). - fbdev/ep93xx-fb: Do not assign to struct fb_info.dev (git-fixes). - fbdev: Fix sys_imageblit() for arbitrary image widths (git-fixes). - fbdev: Improve performance of sys_imageblit() (git-fixes). - fbdev: Update fbdev source file paths (git-fixes). - fbdev: fix potential OOB read in fast_imageblit() (git-fixes). - fbdev: mmp: fix value check in mmphw_probe() (git-fixes). - file: reinstate f_pos locking optimization for regular files (bsc#1213759). - firmware: arm_scmi: Drop OF node reference in the transport channel setup (git-fixes). - firmware: cs_dsp: Fix new control name check (git-fixes). - firmware: meson_sm: fix to avoid potential NULL pointer dereference (git-fixes). - firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe (git-fixes). - fprobe: Release rethook after the ftrace_ops is unregistered (git-fixes). - fprobe: add unlock to match a succeeded ftrace_test_recursion_trylock (git-fixes). - fs/sysv: Null check to prevent null-ptr-deref bug (git-fixes). - fsi: aspeed: Reset master errors after CFAM reset (git-fixes). - fsi: master-ast-cf: Add MODULE_FIRMWARE macro (git-fixes). - ftrace: Fix possible warning on checking all pages used in ftrace_process_locs() (git-fixes). - gpio: mvebu: Make use of devm_pwmchip_add (git-fixes). - gpio: mvebu: fix irq domain leak (git-fixes). - gpio: tps68470: Make tps68470_gpio_output() always set the initial value (git-fixes). - hv_netvsc: Remove second mapping of send and recv buffers (bsc#1206453). - hwmon: (pmbus/bel-pfe) Enable PMBUS_SKIP_STATUS_CHECK for pfe1100 (git-fixes). - hwmon: (tmp513) Fix the channel number in tmp51x_is_visible() (git-fixes). - hwrng: iproc-rng200 - Implement suspend and resume calls (git-fixes). - hwrng: nomadik - keep clock enabled while hwrng is registered (git-fixes). - hwrng: pic32 - use devm_clk_get_enabled (git-fixes). - i2c: Delete error messages for failed memory allocations (git-fixes). - i2c: Improve size determinations (git-fixes). - i2c: bcm-iproc: Fix bcm_iproc_i2c_isr deadlock issue (git-fixes). - i2c: designware: Correct length byte validation logic (git-fixes). - i2c: designware: Handle invalid SMBus block data response length value (git-fixes). - i2c: hisi: Only handle the interrupt of the driver's transfer (git-fixes). - i2c: nomadik: Remove a useless call in the remove function (git-fixes). - i2c: nomadik: Remove unnecessary goto label (git-fixes). - i2c: nomadik: Use devm_clk_get_enabled() (git-fixes). - i40e: Fix an NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes). - iavf: fix potential races for FDIR filters (git-fixes). - ice: Fix RDMA VSI removal during queue rebuild (git-fixes). - ice: Fix crash by keep old cfg when update TCs more than queues (git-fixes). - ice: Fix max_rate check while configuring TX rate limits (git-fixes). - ice: Fix memory management in ice_ethtool_fdir.c (git-fixes). - iio: adc: ina2xx: avoid NULL pointer dereference on OF device match (git-fixes). - iio: adc: stx104: Implement and utilize register structures (git-fixes). - iio: adc: stx104: Utilize iomap interface (git-fixes). - iio: cros_ec: Fix the allocation size for cros_ec_command (git-fixes). - intel/e1000:fix repeated words in comments (jsc#PED-5738). - intel: remove unused macros (jsc#PED-5738). - iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback (bsc#1212423). - iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback (bsc#1212423). - iommu/amd: Add PCI segment support for ivrs_ commands (git-fixes). - iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support (bsc#1212423). - iommu/amd: Do not identity map v2 capable device when snp is enabled (git-fixes). - iommu/amd: Fix compile warning in init code (git-fixes). - iommu/amd: Fix ill-formed ivrs_ioapic, ivrs_hpet and ivrs_acpihid options (git-fixes). - iommu/amd: Fix ivrs_acpihid cmdline parsing code (git-fixes). - iommu/amd: Fix pci device refcount leak in ppr_notifier() (git-fixes). - iommu/amd: use full 64-bit value in build_completion_wait() (git-fixes). - iommu/arm-smmu-v3: Make default domain type of HiSilicon PTT device to identity (git-fixes). - iommu/arm-smmu-v3: check return value after calling platform_get_resource() (git-fixes). - iommu/arm-smmu-v3: fix event handling soft lockup (git-fixes). - iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe() (git-fixes). - iommu/dart: Initialize DART_STREAMS_ENABLE (git-fixes). - iommu/dma: Fix incorrect error return on iommu deferred attach (git-fixes). - iommu/dma: Fix iova map result check bug (git-fixes). - iommu/dma: return error code from iommu_dma_map_sg() (git-fixes). - iommu/fsl_pamu: Fix resource leak in fsl_pamu_probe() (git-fixes). - iommu/io-pgtable-arm-v7s: Add a quirk to allow pgtable PA up to 35bit (git-fixes). - iommu/iova: Fix module config properly (git-fixes). - iommu/mediatek: Add error path for loop of mm_dts_parse (git-fixes). - iommu/mediatek: Add platform_device_put for recovering the device refcnt (git-fixes). - iommu/mediatek: Check return value after calling platform_get_resource() (git-fixes). - iommu/mediatek: Set dma_mask for PGTABLE_PA_35_EN (git-fixes). - iommu/mediatek: Use component_match_add (git-fixes). - iommu/mediatek: Validate number of phandles associated with "mediatek,larbs" (git-fixes). - iommu/omap: Fix buffer overflow in debugfs (git-fixes). - iommu/rockchip: fix permission bits in page table entries v2 (git-fixes). - iommu/s390: Fix duplicate domain attachments (git-fixes). - iommu/sun50i: Consider all fault sources for reset (git-fixes). - iommu/sun50i: Fix R/W permission check (git-fixes). - iommu/sun50i: Fix flush size (git-fixes). - iommu/sun50i: Fix reset release (git-fixes). - iommu/sun50i: Implement .iotlb_sync_map (git-fixes). - iommu/sun50i: Remove IOMMU_DOMAIN_IDENTITY (git-fixes). - iommu/vt-d: Add RPLS to quirk list to skip TE disabling (git-fixes). - iommu/vt-d: Check correct capability for sagaw determination (git-fixes). - iommu/vt-d: Clean up si_domain in the init_dmars() error path (git-fixes). - iommu/vt-d: Correctly calculate sagaw value of IOMMU (git-fixes). - iommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init() (git-fixes). - iommu/vt-d: Fix PCI device refcount leak in has_external_pci() (git-fixes). - iommu/vt-d: Fix kdump kernels boot failure with scalable mode (git-fixes). - iommu/vt-d: Preset Access bit for IOVA in FL non-leaf paging entries (git-fixes). - iommu/vt-d: Set SRE bit only when hardware has SRS cap (git-fixes). - ipmi:ssif: Add check for kstrdup (git-fixes). - ipmi:ssif: Fix a memory leak when scanning for an adapter (git-fixes). - ipmi_si: fix a memleak in try_smi_init() (git-fixes). - jffs2: correct logic when creating a hole in jffs2_write_begin (git-fixes). - kabi/severities: Ignore newly added SRSO mitigation functions - kabi: Allow extra bugsints (bsc#1213927). - kernel-binary: Common dependencies cleanup Common dependencies are copied to a subpackage, there is no need for copying defines or build dependencies there. - kernel-binary: Drop code for kerntypes support Kerntypes was a SUSE-specific feature dropped before SLE 12. - kunit: make kunit_test_timeout compatible with comment (git-fixes). - leds: Fix BUG_ON check for LED_COLOR_ID_MULTI that is always false (git-fixes). - leds: multicolor: Use rounded division when calculating color components (git-fixes). - leds: pwm: Fix error code in led_pwm_create_fwnode() (git-fixes). - leds: trigger: tty: Do not use LED_ON/OFF constants, use led_blink_set_oneshot instead (git-fixes). - leds: turris-omnia: Drop unnecessary mutex locking (git-fixes). - lib/test_meminit: allocate pages up to order MAX_ORDER (git-fixes). - lib/test_meminit: destroy cache in kmem_cache_alloc_bulk() test (git-fixes). - libbpf: Fix BTF-to-C converter's padding logic (bsc#1211220 jsc#PED-3924). - libbpf: Fix btf_dump's packed struct determination (bsc#1211220 jsc#PED-3924). - libbpf: Fix single-line struct definition output in btf_dump (bsc#1211220 jsc#PED-3924). - libceph: fix potential hang in ceph_osdc_notify() (bsc#1214393). - md/raid0: Factor out helper for mapping and submitting a bio (bsc#1213916). - md/raid0: Fix performance regression for large sequential writes (bsc#1213916). - media: ad5820: Drop unsupported ad5823 from i2c_ and of_device_id tables (git-fixes). - media: cx24120: Add retval check for cx24120_message_send() (git-fixes). - media: dib7000p: Fix potential division by zero (git-fixes). - media: dvb-usb: m920x: Fix a potential memory leak in m920x_i2c_xfer() (git-fixes). - media: go7007: Remove redundant if statement (git-fixes). - media: i2c: ccs: Check rules is non-NULL (git-fixes). - media: i2c: rdacm21: Fix uninitialized value (git-fixes). - media: i2c: tvp5150: check return value of devm_kasprintf() (git-fixes). - media: ov2680: Add ov2680_fill_format() helper function (git-fixes). - media: ov2680: Do not take the lock for try_fmt calls (git-fixes). - media: ov2680: Fix ov2680_bayer_order() (git-fixes). - media: ov2680: Fix ov2680_set_fmt() which == V4L2_SUBDEV_FORMAT_TRY not working (git-fixes). - media: ov2680: Fix regulators being left enabled on ov2680_power_on() errors (git-fixes). - media: ov2680: Fix vflip / hflip set functions (git-fixes). - media: ov2680: Remove VIDEO_V4L2_SUBDEV_API ifdef-s (git-fixes). - media: ov5640: Enable MIPI interface in ov5640_set_power_mipi() (git-fixes). - media: rkvdec: increase max supported height for H.264 (git-fixes). - media: v4l2-core: Fix a potential resource leak in v4l2_fwnode_parse_link() (git-fixes). - media: v4l2-mem2mem: add lock to protect parameter num_rdy (git-fixes). - media: venus: hfi_venus: Only consider sys_idle_indicator on V1 (git-fixes). - media: venus: hfi_venus: Write to VIDC_CTRL_INIT after unmasking interrupts (git-fixes). - misc: rtsx: judge ASPM Mode to set PETXCFG Reg (git-fixes). - mkspec: Allow unsupported KMPs (bsc#1214386) - mlxsw: pci: Add shutdown method in PCI driver (git-fixes). - mmc: block: Fix in_flight[issue_type] value error (git-fixes). - mmc: moxart: read scr register without changing byte order (git-fixes). - mmc: wbsd: fix double mmc_free_host() in wbsd_init() (git-fixes). - module: avoid allocation if module is already present and ready (bsc#1213921). - module: extract patient module check into helper (bsc#1213921). - module: move check_modinfo() early to early_mod_check() (bsc#1213921). - module: move early sanity checks into a helper (bsc#1213921). - mtd: rawnand: brcmnand: Fix crash during the panic_write (git-fixes). - mtd: rawnand: brcmnand: Fix mtd oobsize (git-fixes). - mtd: rawnand: brcmnand: Fix potential false time out warning (git-fixes). - mtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write (git-fixes). - mtd: rawnand: fsl_upm: Fix an off-by one test in fun_exec_op() (git-fixes). - mtd: rawnand: fsmc: handle clk prepare error in fsmc_nand_resume() (git-fixes). - mtd: rawnand: omap_elm: Fix incorrect type in assignment (git-fixes). - mtd: rawnand: rockchip: Align hwecc vs. raw page helper layouts (git-fixes). - mtd: rawnand: rockchip: fix oobfree offset and description (git-fixes). - mtd: spi-nor: Check bus width while setting QE bit (git-fixes). - mtd: spinand: toshiba: Fix ecc_get_status (git-fixes). - n_tty: Rename tail to old_tail in n_tty_read() (git-fixes). - net: hns3: fix wrong bw weight of disabled tc issue (git-fixes). - net: ieee802154: at86rf230: Stop leaking skb's (git-fixes). - net: mana: Fix MANA VF unload when hardware is unresponsive (git-fixes). - net: phy: at803x: remove set/get wol callbacks for AR8032 (git-fixes). - net: phy: broadcom: stub c45 read/write for 54810 (git-fixes). - net: phy: fix IRQ-based wake-on-lan over hibernate / power off (git-fixes). - net: stmmac: tegra: Properly allocate clock bulk data (bsc#1213733) - net: usb: lan78xx: reorder cleanup operations to avoid UAF bugs (git-fixes). - net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb (git-fixes). - netfs: Fix lockdep warning from taking sb_writers whilst holding mmap_lock (bsc#1214742). - netfs: Fix missing xas_retry() calls in xarray iteration (bsc#1213946 bsc#1214404). - netfs: Fix missing xas_retry() calls in xarray iteration (bsc#1213946). - netfs: fix parameter of cleanup() (bsc#1214743). - nfsd: Remove incorrect check in nfsd4_validate_stateid (git-fixes). - nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse (git-fixes). - nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput (git-fixes). - nvme-rdma: fix potential unbalanced freeze & unfreeze (bsc#1208902). - nvme-tcp: fix potential unbalanced freeze & unfreeze (bsc#1208902). - objtool/x86: Fix SRSO mess (git-fixes). - objtool/x86: Fixup frame-pointer vs rethunk (git-fixes). - objtool: Union instruction::{call_dest,jump_table} (git-fixes). - old-flavors: Drop 2.6 kernels. 2.6 based kernels are EOL, upgrading from them is no longer suported. - pcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db() (git-fixes). - phy/rockchip: inno-hdmi: do not power on rk3328 post pll on reg write (git-fixes). - phy/rockchip: inno-hdmi: round fractal pixclock in rk3328 recalc_rate (git-fixes). - phy/rockchip: inno-hdmi: use correct vco_div_5 macro on rk3328 (git-fixes). - phy: qcom-snps-femto-v2: keep cfg_ahb_clk enabled during runtime suspend (git-fixes). - phy: qcom-snps-femto-v2: properly enable ref clock (git-fixes). - phy: qcom-snps: Use dev_err_probe() to simplify code (git-fixes). - phy: qcom-snps: correct struct qcom_snps_hsphy kerneldoc (git-fixes). - pinctrl: amd: Mask wake bits on probe again (git-fixes). - pinctrl: amd: Revert "pinctrl: amd: disable and mask interrupts on probe" (git-fixes). - pinctrl: cherryview: fix address_space_handler() argument (git-fixes). - pinctrl: mcp23s08: check return value of devm_kasprintf() (git-fixes). - pinctrl: renesas: rza2: Add lock around pinctrl_generic{{add,remove}_group,{add,remove}_function} (git-fixes). - platform/x86: dell-sysman: Fix reference leak (git-fixes). - powerpc/64e: Fix kexec build error (bsc#1212091 ltc#199106). - powerpc/iommu: Fix iommu_table_in_use for a small default DMA window case (bsc#1212091 ltc#199106). - powerpc/iommu: Incorrect DDW Table is referenced for SR-IOV device (bsc#1212091 ltc#199106). - powerpc/iommu: TCEs are incorrectly manipulated with DLPAR add/remove of memory (bsc#1212091 ltc#199106). - powerpc/iommu: do not set failed sg dma_address to DMA_MAPPING_ERROR (bsc#1212091 ltc#199106). - powerpc/iommu: return error code from .map_sg() ops (bsc#1212091 ltc#199106). - powerpc/kernel/iommu: Add new iommu_table_in_use() helper (bsc#1212091 ltc#199106). - powerpc/kexec: Fix build failure from uninitialised variable (bsc#1212091 ltc#199106). - powerpc/mm/altmap: Fix altmap boundary check (bsc#1120059 git-fixes). - powerpc/pseries/ddw: Do not try direct mapping with persistent memory and one window (bsc#1212091 ltc#199106). - powerpc/pseries/ddw: simplify enable_ddw() (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Add ddw_list_new_entry() helper (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Add ddw_property_create() and refactor enable_ddw() (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Add iommu_pseries_alloc_table() helper (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Add of_node_put() before break (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Allow DDW windows starting at 0x00 (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Check if the default window in use before removing it (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Create huge DMA window if no MMIO32 is present (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Find existing DDW with given property name (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Make use of DDW for indirect mapping (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Print ibm,query-pe-dma-windows parameters (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Rename "direct window" to "dma window" (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Reorganize iommu_table_setparms*() with new helper (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Replace hard-coded page shift (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Update remove_dma_window() to accept property name (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Use correct vfree for it_map (bsc#1212091 ltc#199106). - powerpc/pseries: Add __init attribute to eligible functions (bsc#1212091 ltc#199106). - powerpc/pseries: Honour current SMT state when DLPAR onlining CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - powerpc/pseries: Initialise CPU hotplug callbacks earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - powerpc/rtas: block error injection when locked down (bsc#1023051). - powerpc/rtas: enture rtas_call is called with MMU enabled (bsc#1023051). - powerpc/rtas: mandate RTAS syscall filtering (bsc#1023051). - powerpc/rtas_flash: allow user copy to flash block cache objects (bsc#1194869). - powerpc/security: Fix Speculation_Store_Bypass reporting on Power10 (bsc#1188885 ltc#193722 git-fixes). - powerpc: Add HOTPLUG_SMT support (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). Update config files. - powerpc: Move DMA64_PROPNAME define to a header (bsc#1214297 ltc#197503). - powerpc: fix typos in comments (bsc#1212091 ltc#199106). - pseries/iommu/ddw: Fix kdump to work in absence of ibm,dma-window (bsc#1214297 ltc#197503). - pstore/ram: Check start of empty przs during init (git-fixes). - pwm: Add a stub for devm_pwmchip_add() (git-fixes). - pwm: meson: Simplify duplicated per-channel tracking (git-fixes). - pwm: meson: fix handling of period/duty if greater than UINT_MAX (git-fixes). - qed: Fix scheduling in a tasklet while getting stats (git-fixes). - regmap: rbtree: Use alloc_flags for memory allocations (git-fixes). - ring-buffer: Do not swap cpu_buffer during resize process (git-fixes). - ring-buffer: Fix deadloop issue on reading trace_pipe (git-fixes). - ring-buffer: Fix wrong stat of cpu_buffer->read (git-fixes). - rpm/mkspec-dtb: support for nested subdirs - rpmsg: glink: Add check for kstrdup (git-fixes). - s390/ipl: add missing secure/has_secure file to ipl type 'unknown' (bsc#1214976). - s390/purgatory: disable branch profiling (git-fixes bsc#1214372). - s390/zcrypt: fix reply buffer calculations for CCA replies (bsc#1213949). - sched/fair: Fix inaccurate tally of ttwu_move_affine (git fixes). - sched/fair: Use recent_used_cpu to test p->cpus_ptr (git fixes). - sched/psi: use kernfs polling functions for PSI trigger polling (bsc#1209799). - scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() (git-fixes). - scsi: 53c700: Check that command slot is not NULL (git-fixes). - scsi: RDMA/srp: Fix residual handling (git-fixes) - scsi: bsg: Increase number of devices (bsc#1210048). - scsi: core: Do not wait for quiesce in scsi_device_block() (bsc#1209284). - scsi: core: Do not wait for quiesce in scsi_stop_queue() (bsc#1209284). - scsi: core: Fix legacy /proc parsing buffer overflow (git-fixes). - scsi: core: Fix possible memory leak if device_add() fails (git-fixes). - scsi: core: Improve warning message in scsi_device_block() (bsc#1209284). - scsi: core: Merge scsi_internal_device_block() and device_block() (bsc#1209284). - scsi: fnic: Replace return codes in fnic_clean_pending_aborts() (git-fixes). - scsi: qedf: Fix NULL dereference in error handling (git-fixes). - scsi: qedf: Fix firmware halt over suspend and resume (git-fixes). - scsi: qedi: Fix firmware halt over suspend and resume (git-fixes). - scsi: scsi_debug: Remove dead code (git-fixes). - scsi: sg: Increase number of devices (bsc#1210048). - scsi: snic: Fix double free in snic_tgt_create() (git-fixes). - scsi: snic: Fix possible memory leak if device_add() fails (git-fixes). - scsi: storvsc: Always set no_report_opcodes (git-fixes). - scsi: storvsc: Fix handling of virtual Fibre Channel timeouts (git-fixes). - scsi: storvsc: Handle SRB status value 0x30 (git-fixes). - scsi: storvsc: Limit max_sectors for virtual Fibre Channel devices (git-fixes). - scsi: zfcp: Defer fc_rport blocking until after ADISC response (git-fixes bsc#1214371). - selftests/bpf: Test btf dump for struct with padding only fields (bsc#1211220 jsc#PED-3924). - selftests/futex: Order calls to futex_lock_pi (git-fixes). - selftests/harness: Actually report SKIP for signal tests (git-fixes). - selftests/resctrl: Close perf value read fd on errors (git-fixes). - selftests/resctrl: Do not leak buffer in fill_cache() (git-fixes). - selftests/resctrl: Unmount resctrl FS if child fails to run benchmark (git-fixes). - selftests/rseq: check if libc rseq support is registered (git-fixes). - selftests: forwarding: Add a helper to skip test when using veth pairs (git-fixes). - selftests: forwarding: Skip test when no interfaces are specified (git-fixes). - selftests: forwarding: Switch off timeout (git-fixes). - selftests: forwarding: ethtool: Skip when using veth pairs (git-fixes). - selftests: forwarding: ethtool_extended_state: Skip when using veth pairs (git-fixes). - selftests: forwarding: tc_actions: Use ncat instead of nc (git-fixes). - selftests: forwarding: tc_actions: cleanup temporary files when test is aborted (git-fixes). - selftests: forwarding: tc_flower: Relax success criterion (git-fixes). - selftests: mirror_gre_changes: Tighten up the TTL test match (git-fixes). - serial: sc16is7xx: fix broken port 0 uart init (git-fixes). - serial: sc16is7xx: fix bug when first setting GPIO direction (git-fixes). - serial: sprd: Assign sprd_port after initialized to avoid wrong access (git-fixes). - serial: sprd: Fix DMA buffer leak issue (git-fixes). - serial: tegra: handle clk prepare error in tegra_uart_hw_init() (git-fixes). - sfc: fix crash when reading stats while NIC is resetting (git-fixes). - smb3: do not set NTLMSSP_VERSION flag for negotiate not auth request (bsc#1193629). - smb: client: Fix -Wstringop-overflow issues (bsc#1193629). - smb: client: fix dfs link mount against w2k8 (bsc#1212142). - smb: client: fix null auth (git-fixes). - soc: aspeed: socinfo: Add kfree for kstrdup (git-fixes). - soundwire: bus: pm_runtime_request_resume on peripheral attachment (git-fixes). - soundwire: fix enumeration completion (git-fixes). - spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe() (git-fixes). - supported.conf: fix typos for -!optional markers - swiotlb: Remove bounce buffer remapping for Hyper-V (bsc#1206453). - target: compare and write backend driver sense handling (bsc#1177719 bsc#1213026). - target_core_rbd: fix leak and reduce kmalloc calls (bsc#1212873). - target_core_rbd: fix rbd_img_request.snap_id assignment (bsc#1212857). - target_core_rbd: remove snapshot existence validation code (bsc#1212857). - thunderbolt: Read retimer NVM authentication status prior tb_retimer_set_inbound_sbtx() (git-fixes). - timers: Add shutdown mechanism to the internal functions (bsc#1213970). - timers: Provide timer_shutdown[_sync]() (bsc#1213970). - timers: Rename del_timer() to timer_delete() (bsc#1213970). - timers: Rename del_timer_sync() to timer_delete_sync() (bsc#1213970). - timers: Replace BUG_ON()s (bsc#1213970). - timers: Silently ignore timers with a NULL function (bsc#1213970). - timers: Split [try_to_]del_timer[_sync]() to prepare for shutdown mode (bsc#1213970). - timers: Update kernel-doc for various functions (bsc#1213970). - timers: Use del_timer_sync() even on UP (bsc#1213970). - tracing/histograms: Add histograms to hist_vars if they have referenced variables (git-fixes). - tracing/histograms: Return an error if we fail to add histogram to hist_vars list (git-fixes). - tracing/probes: Fix not to count error code to total length (git-fixes). - tracing/probes: Fix to avoid double count of the string length on the array (git-fixes). - tracing/probes: Fix to record 0-length data_loc in fetch_store_string*() if fails (git-fixes). - tracing/probes: Fix to update dynamic data counter if fetcharg uses it (git-fixes). - tracing: Fix cpu buffers unavailable due to 'record_disabled' missed (git-fixes). - tracing: Fix memleak due to race between current_tracer and trace (git-fixes). - tracing: Fix memory leak of iter->temp when reading trace_pipe (git-fixes). - tracing: Fix null pointer dereference in tracing_err_log_open() (git-fixes). - tracing: Fix warning in trace_buffered_event_disable() (git-fixes). - tty: fix hang on tty device with no_room set (git-fixes). - tty: n_gsm: fix the UAF caused by race condition in gsm_cleanup_mux (git-fixes). - tty: serial: fsl_lpuart: Add i.MXRT1050 support (git-fixes). - tty: serial: fsl_lpuart: Clear the error flags by writing 1 for lpuart32 platforms (git-fixes). - tty: serial: fsl_lpuart: make rx_watermark configurable for different platforms (git-fixes). - tty: serial: fsl_lpuart: reduce RX watermark to 0 on LS1028A (git-fixes). - ubifs: Fix memleak when insert_old_idx() failed (git-fixes). - usb-storage: alauda: Fix uninit-value in alauda_check_media() (git-fixes). - usb: chipidea: imx: add missing USB PHY DPDM wakeup setting (git-fixes). - usb: chipidea: imx: do not request QoS for imx8ulp (git-fixes). - usb: chipidea: imx: improve logic if samsung,picophy-* parameter is 0 (git-fixes). - usb: common: usb-conn-gpio: Prevent bailing out if initial role is none (git-fixes). - usb: dwc3: Fix typos in gadget.c (git-fixes). - usb: dwc3: Properly handle processing of pending events (git-fixes). - usb: dwc3: meson-g12a: do post init to fix broken usb after resumption (git-fixes). - usb: gadget: Fix the memory leak in raw_gadget driver (git-fixes). - usb: gadget: f_mass_storage: Fix unused variable warning (git-fixes). - usb: gadget: u_serial: Avoid spinlock recursion in __gs_console_push (git-fixes). - usb: ohci-at91: Fix the unhandle interrupt when resume (git-fixes). - usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host() (git-fixes). - usb: quirks: add quirk for Focusrite Scarlett (git-fixes). - usb: serial: option: add Quectel EC200A module support (git-fixes). - usb: serial: option: support Quectel EM060K_128 (git-fixes). - usb: serial: simple: add Kaufmann RKS+CAN VCP (git-fixes). - usb: serial: simple: sort driver entries (git-fixes). - usb: typec: altmodes/displayport: Signal hpd when configuring pin assignment (git-fixes). - usb: typec: tcpm: Fix response to vsafe0V event (git-fixes). - usb: typec: tcpm: set initial svdm version based on pd revision (git-fixes). - usb: zaurus: Add ID for A-300/B-500/C-700 (git-fixes). - watchdog: sp5100_tco: support Hygon FCH/SCH (Server Controller Hub) (git-fixes). - wifi: ath10k: Use RMW accessors for changing LNKCTL (git-fixes). - wifi: ath11k: Use RMW accessors for changing LNKCTL (git-fixes). - wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx (git-fixes). - wifi: ath9k: protect WMI command response buffer replacement with a lock (git-fixes). - wifi: ath9k: use IS_ERR() with debugfs_create_dir() (git-fixes). - wifi: cfg80211: Fix return value in scan logic (git-fixes). - wifi: cfg80211: fix sband iftype data lookup for AP_VLAN (git-fixes). - wifi: mt76: mt7615: do not advertise 5 GHz on first phy of MT7615D (DBDC) (git-fixes). - wifi: mt76: mt7915: fix power-limits while chan_switch (git-fixes). - wifi: mt76: mt7921: do not support one stream on secondary antenna only (git-fixes). - wifi: mt76: mt7921: fix non-PSC channel scan fail (git-fixes). - wifi: mt76: testmode: add nla_policy for MT76_TM_ATTR_TX_LENGTH (git-fixes). - wifi: mwifiex: Fix OOB and integer underflow when rx packets (git-fixes). - wifi: mwifiex: Fix missed return in oob checks failed path (git-fixes). - wifi: mwifiex: avoid possible NULL skb pointer dereference (git-fixes). - wifi: mwifiex: fix error recovery in PCIE buffer descriptor management (git-fixes). - wifi: mwifiex: fix memory leak in mwifiex_histogram_read() (git-fixes). - wifi: nl80211/cfg80211: add forgotten nla_policy for BSS color attribute (git-fixes). - wifi: radiotap: fix kernel-doc notation warnings (git-fixes). - wifi: rtw89: debug: Fix error handling in rtw89_debug_priv_btc_manual_set() (git-fixes). - x86/CPU/AMD: Disable XSAVES on AMD family 0x17 (git-fixes). - x86/alternative: Make custom return thunk unconditional (git-fixes). - x86/cpu/kvm: Provide UNTRAIN_RET_VM (git-fixes). - x86/cpu: Clean up SRSO return thunk mess (git-fixes). - x86/cpu: Cleanup the untrain mess (git-fixes). - x86/cpu: Fix __x86_return_thunk symbol type (git-fixes). - x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk() (git-fixes). - x86/cpu: Rename original retbleed methods (git-fixes). - x86/cpu: Rename srso_(.*)_alias to srso_alias_\1 (git-fixes). - x86/hyperv: Add an interface to do nested hypercalls (bsc#1206453). - x86/hyperv: Add support for detecting nested hypervisor (bsc#1206453). - x86/hyperv: Change vTOM handling to use standard coco mechanisms (bsc#1206453). - x86/hyperv: Remove BUG_ON() for kmap_local_page() (bsc#1206453). - x86/hyperv: Reorder code to facilitate future work (bsc#1206453). - x86/hyperv: Replace kmap() with kmap_local_page() (bsc#1206453). - x86/ioremap: Add hypervisor callback for private MMIO mapping in coco (bsc#1206453). - x86/mce: Make sure logged MCEs are processed after sysfs update (git-fixes). - x86/mm: Handle decryption/re-encryption of bss_decrypted consistently (bsc#1206453). - x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG (git-fixes). - x86/retpoline,kprobes: Skip optprobe check for indirect jumps with retpolines and IBT (git-fixes). - x86/retpoline: Do not clobber RFLAGS during srso_safe_ret() (git-fixes). - x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635). - x86/speculation: Add cpu_show_gds() prototype (git-fixes). - x86/speculation: Mark all Skylake CPUs as vulnerable to GDS (git-fixes). - x86/srso: Correct the mitigation status when SMT is disabled (git-fixes). - x86/srso: Disable the mitigation on unaffected configurations (git-fixes). - x86/srso: Explain the untraining sequences a bit more (git-fixes). - x86/srso: Fix build breakage with the LLVM linker (git-fixes). - x86/srso: Fix return thunks in generated code (git-fixes). - x86/static_call: Fix __static_call_fixup() (git-fixes). - x86/tdx: Add more registers to struct tdx_hypercall_args (bsc#1206453). - x86/tdx: Do not corrupt frame-pointer in __tdx_hypercall() (bsc#1206453). - x86/tdx: Expand __tdx_hypercall() to handle more arguments (bsc#1206453). - x86/tdx: Fix typo in comment in __tdx_hypercall() (bsc#1206453). - x86/tdx: Refactor __tdx_hypercall() to allow pass down more arguments (bsc#1206453). - xfs: fix sb write verify for lazysbcount (bsc#1214661). kernel-default-5.14.21-150500.55.28.1.nosrc.rpm True kernel-default-5.14.21-150500.55.28.1.x86_64.rpm True kernel-default-base-5.14.21-150500.55.28.1.150500.6.11.2.src.rpm True kernel-default-base-5.14.21-150500.55.28.1.150500.6.11.2.x86_64.rpm True kernel-default-5.14.21-150500.55.28.1.s390x.rpm True kernel-default-5.14.21-150500.55.28.1.aarch64.rpm True kernel-default-base-5.14.21-150500.55.28.1.150500.6.11.2.aarch64.rpm True openSUSE-Leap-Micro-5.5-2023-4304 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for cloud-regionsrv-client fixes the following issues: - Update to version 10.1.3 (bsc#1214801): * Fixes an issue when it is unable to register a 'payg' instance. cloud-regionsrv-client-10.1.3-150000.6.99.1.noarch.rpm cloud-regionsrv-client-10.1.3-150000.6.99.1.src.rpm cloud-regionsrv-client-addon-azure-1.0.5-150000.6.99.1.noarch.rpm cloud-regionsrv-client-generic-config-1.0.0-150000.6.99.1.noarch.rpm cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.99.1.noarch.rpm cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.99.1.noarch.rpm cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.99.1.noarch.rpm openSUSE-Leap-Micro-5.5-2023-3951 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for python3-jmespath and python3-ply fixes the following issue: - the packages are required as dependencies for python3-salt, and were missing on aarch64 based SLE Micro flavors so far. There are no functional changes. python-jmespath-0.9.3-150000.3.5.1.src.rpm python-ply-3.10-150000.3.5.1.src.rpm python3-jmespath-0.9.3-150000.3.5.1.noarch.rpm python3-ply-3.10-150000.3.5.1.noarch.rpm openSUSE-Leap-Micro-5.5-2023-3997 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). libnghttp2-14-1.40.0-150200.9.1.x86_64.rpm nghttp2-1.40.0-150200.9.1.src.rpm libnghttp2-14-1.40.0-150200.9.1.s390x.rpm libnghttp2-14-1.40.0-150200.9.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-3988 important SUSE Updates openSUSE-Leap-Micro 5.5 The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-38457: Fixed a use-after-free vulnerability in vmwgfx driver that allowed a local attacker to cause a denial of service (bsc#1203330). - CVE-2022-40133: Fixed a use-after-free vulnerability in vmwgfx driver that allowed a local attacker to cause a denial of service (bsc#1203329). - CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995 CVE-2023-1192). - CVE-2023-1859: Fixed a use-after-free flaw in xen_9pfs_front_removet that could lead to system crash and kernel information leak (bsc#1210169). - CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448). - CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927). - CVE-2023-2177: Fixed null pointer dereference issue in the sctp network protocol that could lead to system crash or DoS (bsc#1210643). - CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546). - CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation (bsc#1213580). - CVE-2023-37453: Fixed oversight in SuperSpeed initialization (bsc#1213123). - CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666). - CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601). - CVE-2023-40283: Fixed use-after-free in l2cap_sock_ready_cb (bsc#1214233). - CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149). - CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970). - CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work() (bsc#1213971). - CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1213968). - CVE-2023-4194: Fixed a type confusion in net tun_chr_open() (bsc#1214019). - CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214120). - CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that could allow a local attacker to crash the system due to a double-free (bsc#1214350). - CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451). - CVE-2023-4563: Fixed use-after-free in nft_verdict_dump due to a race between set GC and transaction (bsc#1214727). - CVE-2023-4569: Fixed information leak in nft_set_catchall_flush in net/netfilter/nf_tables_api.c (bsc#1214729). - CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221). The following non-security bugs were fixed: - ACPI/IORT: Update SMMUv3 DeviceID support (bsc#1214305). - ACPI: processor: perflib: Avoid updating frequency QoS unnecessarily (git-fixes). - ACPI: processor: perflib: Use the "no limit" frequency QoS (git-fixes). - ACPI: x86: s2idle: Fix a logic error parsing AMD constraints table (git-fixes). - ALSA: ac97: Fix possible error value of *rac97 (git-fixes). - ALSA: hda/cirrus: Fix broken audio on hardware with two CS42L42 codecs (git-fixes). - ALSA: hda/cs8409: Support new Dell Dolphin Variants (git-fixes). - ALSA: hda/realtek - Remodified 3k pull low procedure (git-fixes). - ALSA: hda/realtek: Add quirk for HP Victus 16-d1xxx to enable mute LED (git-fixes). - ALSA: hda/realtek: Add quirk for mute LEDs on HP ENVY x360 15-eu0xxx (git-fixes). - ALSA: hda/realtek: Add quirks for HP G11 Laptops (git-fixes). - ALSA: hda/realtek: Switch Dell Oasis models to use SPI (git-fixes). - ALSA: pcm: Fix missing fixup call in compat hw_refine ioctl (git-fixes). - ALSA: usb-audio: Add support for Mythware XA001AU capture and playback interfaces (git-fixes). - ALSA: usb-audio: Fix init call orders for UAC1 (git-fixes). - ALSA: ymfpci: Fix the missing snd_card_free() call at probe error (git-fixes). - ARM: dts: imx6dl: prtrvt, prtvt7, prti6q, prtwd2: fix USB related warnings (git-fixes). - ARM: dts: imx6sll: fixup of operating points (git-fixes). - ARM: pxa: remove use of symbol_get() (git-fixes). - ARM: spear: Do not use timer namespace for timer_shutdown() function (bsc#1213970). - ASoC: SOF: Intel: fix SoundWire/HDaudio mutual exclusion (git-fixes). - ASoC: amd: yc: Fix a non-functional mic on Lenovo 82SJ (git-fixes). - ASoC: lower "no backend DAIs enabled for ... Port" log severity (git-fixes). - ASoC: meson: axg-tdm-formatter: fix channel slot allocation (git-fixes). - ASoC: rt5665: add missed regulator_bulk_disable (git-fixes). - ASoC: stac9766: fix build errors with REGMAP_AC97 (git-fixes). - ASoC: tegra: Fix SFC conversion for few rates (git-fixes). - Bluetooth: Fix potential use-after-free when clear keys (git-fixes). - Bluetooth: L2CAP: Fix use-after-free (git-fixes). - Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb (git-fixes). - Bluetooth: Remove unused declaration amp_read_loc_info() (git-fixes). - Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition (git-fixes). - Bluetooth: btusb: Add MT7922 bluetooth ID for the Asus Ally (git-fixes). - Bluetooth: btusb: Do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() (git-fixes). - CONFIG_NVME_VERBOSE_ERRORS=y gone with a82baa8083b - CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT=13 gone with 7e152d55123 - Documentation: devices.txt: Fix minors for ttyCPM* (git-fixes). - Documentation: devices.txt: Remove ttyIOC* (git-fixes). - Documentation: devices.txt: Remove ttySIOC* (git-fixes). - Drivers: hv: Do not remap addresses that are above shared_gpa_boundary (bsc#1206453). - Drivers: hv: Enable vmbus driver for nested root partition (bsc#1206453). - Drivers: hv: Explicitly request decrypted in vmap_pfn() calls (bsc#1206453). - Drivers: hv: Setup synic registers in case of nested root partition (bsc#1206453). - Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (bsc#1206453). - Drivers: hv: vmbus: Remove second mapping of VMBus monitor pages (bsc#1206453). - Drivers: hv: vmbus: Remove second way of mapping ring buffers (bsc#1206453). - Drivers: hv: vmbus: Remove the per-CPU post_msg_page (bsc#1206453). - Drop amdgpu patch causing spamming (bsc#1215523) - Drop cfg80211 lock fix patches that caused a regression (bsc#1213757) - Drop rtsx patch that caused a regression (bsc#1214397,bsc#1214428) - Enable Analog Devices Industrial Ethernet PHY driver (jsc#PED-4759) - HID: add quirk for 03f0:464a HP Elite Presenter Mouse (git-fixes). - HID: logitech-dj: Fix error handling in logi_dj_recv_switch_to_dj_mode() (git-fixes). - HID: logitech-hidpp: Add USB and Bluetooth IDs for the Logitech G915 TKL Keyboard (git-fixes). - HID: multitouch: Correct devm device reference for hidinput input_dev name (git-fixes). - HID: wacom: remove the battery when the EKR is off (git-fixes). - HWPOISON: offline support: fix spelling in Documentation/ABI/ (git-fixes). - IB/hfi1: Fix possible panic during hotplug remove (git-fixes) - IB/uverbs: Fix an potential error pointer dereference (git-fixes) - Input: exc3000 - properly stop timer on shutdown (git-fixes). - Input: tca6416-keypad - fix interrupt enable disbalance (git-fixes). - KVM: SVM: Remove a duplicate definition of VMCB_AVIC_APIC_BAR_MASK (git-fixes). - KVM: VMX: Fix header file dependency of asm/vmx.h (git-fixes). - KVM: s390: fix sthyi error handling (git-fixes bsc#1214370). - Kbuild: add -Wno-shift-negative-value where -Wextra is used (bsc#1214756). - Kbuild: move to -std=gnu11 (bsc#1214756). - PCI/ASPM: Avoid link retraining race (git-fixes). - PCI/ASPM: Factor out pcie_wait_for_retrain() (git-fixes). - PCI/ASPM: Return 0 or -ETIMEDOUT from pcie_retrain_link() (git-fixes). - PCI: Free released resource after coalescing (git-fixes). - PCI: Mark NVIDIA T4 GPUs to avoid bus reset (git-fixes). - PCI: acpiphp: Reassign resources on bridge if necessary (git-fixes). - PCI: acpiphp: Use pci_assign_unassigned_bridge_resources() only for non-root bus (git-fixes). - PCI: hv: Enable PCI pass-thru devices in Confidential VMs (bsc#1206453). - PCI: hv: Replace retarget_msi_interrupt_params with (bsc#1206453). - PCI: meson: Remove cast between incompatible function type (git-fixes). - PCI: microchip: Correct the DED and SEC interrupt bit offsets (git-fixes). - PCI: microchip: Remove cast between incompatible function type (git-fixes). - PCI: pciehp: Use RMW accessors for changing LNKCTL (git-fixes). - PCI: rockchip: Remove writes to unused registers (git-fixes). - PCI: s390: Fix use-after-free of PCI resources with per-function hotplug (git-fixes). - PCI: tegra194: Fix possible array out of bounds access (git-fixes). - PM / devfreq: Fix leak in devfreq_dev_release() (git-fixes). - RDMA/bnxt_re: Fix error handling in probe failure path (git-fixes) - RDMA/bnxt_re: Fix max_qp count for virtual functions (git-fixes) - RDMA/efa: Fix wrong resources deallocation order (git-fixes) - RDMA/hns: Fix CQ and QP cache affinity (git-fixes) - RDMA/hns: Fix incorrect post-send with direct wqe of wr-list (git-fixes) - RDMA/hns: Fix port active speed (git-fixes) - RDMA/irdma: Prevent zero-length STAG registration (git-fixes) - RDMA/irdma: Replace one-element array with flexible-array member (git-fixes) - RDMA/mlx5: Return the firmware result upon destroying QP/RQ (git-fixes) - RDMA/qedr: Remove a duplicate assignment in irdma_query_ah() (git-fixes) - RDMA/siw: Balance the reference of cep->kref in the error path (git-fixes) - RDMA/siw: Correct wrong debug message (git-fixes) - RDMA/umem: Set iova in ODP flow (git-fixes) - README.BRANCH: Add Miroslav Franc as a SLE15-SP4 co-maintainer. - Revert "IB/isert: Fix incorrect release of isert connection" (git-fixes) - Revert "PCI: Mark NVIDIA T4 GPUs to avoid bus reset" (git-fixes). - Revert "scsi: qla2xxx: Fix buffer overrun" (bsc#1214928). - Revert "tracing: Add "(fault)" name injection to kernel probes" (git-fixes). - Update patches.suse/cpufreq-intel_pstate-Fix-cpu-pstate.turbo_freq-initi.patch (git-fixes bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929). - amba: bus: fix refcount leak (git-fixes). - arm64/hyperv: Use CPUHP_AP_HYPERV_ONLINE state to fix CPU online sequencing (bsc#1206453). - arm64: csum: Fix OoB access in IP checksum code for negative lengths (git-fixes). - arm64: dts: imx8mn-var-som: add missing pull-up for onboard PHY reset pinmux (git-fixes). - arm64: dts: qcom: qrb5165-rb5: fix thermal zone conflict (git-fixes). - arm64: dts: rockchip: Disable HS400 for eMMC on ROCK Pi 4 (git-fixes). - ata: libata: disallow dev-initiated LPM transitions to unsupported states (git-fixes). - ata: pata_falcon: fix IO base selection for Q40 (git-fixes). - ata: pata_ftide010: Add missing MODULE_DESCRIPTION (git-fixes). - ata: sata_gemini: Add missing MODULE_DESCRIPTION (git-fixes). - audit: fix possible soft lockup in __audit_inode_child() (git-fixes). - backlight/bd6107: Compare against struct fb_info.device (git-fixes). - backlight/gpio_backlight: Compare against struct fb_info.device (git-fixes). - backlight/lv5207lp: Compare against struct fb_info.device (git-fixes). - backlight: gpio_backlight: Drop output GPIO direction check for initial power state (git-fixes). - batman-adv: Do not get eth header before batadv_check_management_packet (git-fixes). - batman-adv: Do not increase MTU when set by user (git-fixes). - batman-adv: Fix TT global entry leak when client roamed back (git-fixes). - batman-adv: Fix batadv_v_ogm_aggr_send memory leak (git-fixes). - batman-adv: Hold rtnl lock during MTU update via netlink (git-fixes). - batman-adv: Trigger events for auto adjusted MTU (git-fixes). - bnx2x: fix page fault following EEH recovery (bsc#1214299). - bpf: Clear the probe_addr for uprobe (git-fixes). - bpf: Disable preemption in bpf_event_output (git-fixes). - bpftool: Print newline before '}' for struct with padding only fields (bsc#1211220 jsc#PED-3924). - btrfs: do not hold CPU for too long when defragging a file (bsc#1214988). - bus: mhi: host: Skip MHI reset if device is in RDDM (git-fixes). - bus: ti-sysc: Fix build warning for 64-bit build (git-fixes). - bus: ti-sysc: Fix cast to enum warning (git-fixes). - bus: ti-sysc: Flush posted write on enable before reset (git-fixes). - can: gs_usb: gs_usb_receive_bulk_callback(): count RX overflow errors also in case of OOM (git-fixes). - ceph: defer stopping mdsc delayed_work (bsc#1214392). - ceph: do not check for quotas on MDS stray dirs (bsc#1214238). - ceph: never send metrics if disable_send_metrics is set (bsc#1214180). - check-for-config-changes: ignore BUILTIN_RETURN_ADDRESS_STRIPS_PAC (bsc#1214380). gcc7 on SLE 15 does not support this while later gcc does. - cifs: add missing return value check for cifs_sb_tlink (bsc#1193629). - cifs: allow dumping keys for directories too (bsc#1193629). - cifs: fix mid leak during reconnection after timeout threshold (git-fixes). - cifs: if deferred close is disabled then close files immediately (git-fixes). - cifs: is_network_name_deleted should return a bool (bsc#1193629). - cifs: update internal module version number for cifs.ko (bsc#1193629). - clk: Fix slab-out-of-bounds error in devm_clk_release() (git-fixes). - clk: Fix undefined reference to `clk_rate_exclusive_{get,put}' (git-fixes). - clk: imx8mp: fix sai4 clock (git-fixes). - clk: imx: composite-8m: fix clock pauses when set_rate would be a no-op (git-fixes). - clk: imx: pll14xx: dynamically configure PLL for 393216000/361267200Hz (git-fixes). - clk: qcom: camcc-sc7180: fix async resume during probe (git-fixes). - clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock (git-fixes). - clk: qcom: gcc-sc7180: Fix up gcc_sdcc2_apps_clk_src (git-fixes). - clk: qcom: gcc-sm8250: Fix gcc_sdcc2_apps_clk_src (git-fixes). - clk: sunxi-ng: Modify mismatched function name (git-fixes). - clocksource/drivers/arm_arch_timer: Do not use timer namespace for timer_shutdown() function (bsc#1213970). - clocksource/drivers/hyper-v: Rework clocksource and sched clock setup (bsc#1206453). - clocksource/drivers/sp804: Do not use timer namespace for timer_shutdown() function (bsc#1213970). - clocksource: hyper-v: Add TSC page support for root partition (bsc#1206453). - clocksource: hyper-v: Introduce TSC PFN getter (bsc#1206453). - clocksource: hyper-v: Introduce a pointer to TSC page (bsc#1206453). - clocksource: hyper-v: Use TSC PFN getter to map vvar page (bsc#1206453). - clocksource: hyper-v: make sure Invariant-TSC is used if it is (bsc#1206453). - cpu/SMT: Allow enabling partial SMT states via sysfs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/SMT: Create topology_smt_thread_allowed() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/SMT: Move SMT prototypes into cpu_smt.h (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/SMT: Move smt/control simple exit cases earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/SMT: Remove topology_smt_supported() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpu/SMT: Store the current/max number of threads (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - cpufreq: Fix the race condition while updating the transition_task of policy (git-fixes). - cpufreq: intel_pstate: Adjust balance_performance EPP for Sapphire Rapids (bsc#1214659). - cpufreq: intel_pstate: Enable HWP IO boost for all servers (bsc#1208949 jsc#PED-6003 jsc#PED-6004). - cpufreq: intel_pstate: Fix scaling for hybrid-capable systems with disabled E-cores (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929). - cpufreq: intel_pstate: Read all MSRs on the target CPU (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929). - cpufreq: intel_pstate: hybrid: Rework HWP calibration (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929). - cpufreq: intel_pstate: hybrid: Use known scaling factor for P-cores (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929). - crypto: caam - fix unchecked return value error (git-fixes). - crypto: stm32 - Properly handle pm_runtime_get failing (git-fixes). - define more Hyper-V related constants (bsc#1206453). - dma-buf/sw_sync: Avoid recursive lock during fence signal (git-fixes). - dma-buf/sync_file: Fix docs syntax (git-fixes). - dmaengine: idxd: Modify the dependence of attribute pasid_enabled (git-fixes). - dmaengine: mcf-edma: Fix a potential un-allocated memory access (git-fixes). - dmaengine: pl330: Return DMA_PAUSED when transaction is paused (git-fixes). - dmaengine: ste_dma40: Add missing IRQ check in d40_probe (git-fixes). - docs/process/howto: Replace C89 with C11 (bsc#1214756). - docs: kernel-parameters: Refer to the correct bitmap function (git-fixes). - docs: networking: replace skb_hwtstamp_tx with skb_tstamp_tx (git-fixes). - docs: printk-formats: Fix hex printing of signed values (git-fixes). - driver core: test_async: fix an error code (git-fixes). - drivers: clk: keystone: Fix parameter judgment in _of_pll_clk_init() (git-fixes). - drivers: usb: smsusb: fix error handling code in smsusb_init_device (git-fixes). - drm/amd/display: Add smu write msg id fail retry process (git-fixes). - drm/amd/display: Apply 60us prefetch for DCFCLK &lt;= 300Mhz (git-fixes). - drm/amd/display: Disable phantom OTG after enable for plane disable (git-fixes). - drm/amd/display: Do not set drr on pipe commit (git-fixes). - drm/amd/display: Enable dcn314 DPP RCO (git-fixes). - drm/amd/display: Ensure that planes are in the same order (git-fixes). - drm/amd/display: Implement workaround for writing to OTG_PIXEL_RATE_DIV register (git-fixes). - drm/amd/display: Remove wait while locked (git-fixes). - drm/amd/display: Retain phantom plane/stream if validation fails (git-fixes). - drm/amd/display: Skip DPP DTO update if root clock is gated (git-fixes). - drm/amd/display: Use update plane and stream routine for DCN32x (git-fixes). - drm/amd/display: check TG is non-null before checking if enabled (git-fixes). - drm/amd/display: check attr flag before set cursor degamma on DCN3+ (git-fixes). - drm/amd/display: disable RCO for DCN314 (git-fixes). - drm/amd/display: do not wait for mpc idle if tg is disabled (git-fixes). - drm/amd/display: enable cursor degamma for DCN3+ DRM legacy gamma (git-fixes). - drm/amd/display: fix access hdcp_workqueue assert (git-fixes). - drm/amd/display: fix the build when DRM_AMD_DC_DCN is not set (git-fixes). - drm/amd/display: fix the white screen issue when >= 64GB DRAM (git-fixes). - drm/amd/display: limit DPIA link rate to HBR3 (git-fixes). - drm/amd/display: phase3 mst hdcp for multiple displays (git-fixes). - drm/amd/display: prevent potential division by zero errors (git-fixes). - drm/amd/display: register edp_backlight_control() for DCN301 (git-fixes). - drm/amd/display: save restore hdcp state when display is unplugged from mst hub (git-fixes). - drm/amd/display: trigger timing sync only if TG is running (git-fixes). - drm/amd/pm/smu7: move variables to where they are used (git-fixes). - drm/amd/pm: avoid unintentional shutdown due to temperature momentary fluctuation (git-fixes). - drm/amd/pm: expose swctf threshold setting for legacy powerplay (git-fixes). - drm/amd/pm: fix variable dereferenced issue in amdgpu_device_attr_create() (git-fixes). - drm/amd/pm: fulfill powerplay peak profiling mode shader/memory clock settings (git-fixes). - drm/amd/pm: fulfill swsmu peak profiling mode shader/memory clock settings (git-fixes). - drm/amd/pm: skip the RLC stop when S0i3 suspend for SMU v13.0.4/11 (git-fixes). - drm/amd: Disable S/G for APUs when 64GB or more host memory (git-fixes). - drm/amd: flush any delayed gfxoff on suspend entry (git-fixes). - drm/amdgpu/pm: fix throttle_status for other than MP1 11.0.7 (git-fixes). - drm/amdgpu: Fix integer overflow in amdgpu_cs_pass1 (git-fixes). - drm/amdgpu: Fix potential fence use-after-free v2 (git-fixes). - drm/amdgpu: Remove unnecessary domain argument (git-fixes). - drm/amdgpu: Use RMW accessors for changing LNKCTL (git-fixes). - drm/amdgpu: add S/G display parameter (git-fixes). - drm/amdgpu: add vram reservation based on vram_usagebyfirmware_v2_2 (git-fixes). - drm/amdgpu: avoid integer overflow warning in amdgpu_device_resize_fb_bar() (git-fixes). - drm/amdgpu: fix calltrace warning in amddrm_buddy_fini (git-fixes). - drm/amdgpu: fix memory leak in mes self test (git-fixes). - drm/amdgpu: fix possible UAF in amdgpu_cs_pass1() (git-fixes). - drm/amdgpu: install stub fence into potential unused fence pointers (git-fixes). - drm/amdgpu: keep irq count in amdgpu_irq_disable_all (git-fixes). - drm/amdgpu: skip fence GFX interrupts disable/enable for S0ix (git-fixes). - drm/armada: Fix off-by-one error in armada_overlay_get_property() (git-fixes). - drm/ast: Fix DRAM init on AST2200 (git-fixes). - drm/atomic-helper: Update reference to drm_crtc_force_disable_all() (git-fixes). - drm/bridge: anx7625: Drop device lock before drm_helper_hpd_irq_event() (git-fixes). - drm/bridge: anx7625: Use common macros for DP power sequencing commands (git-fixes). - drm/bridge: anx7625: Use common macros for HDCP capabilities (git-fixes). - drm/bridge: fix -Wunused-const-variable= warning (git-fixes). - drm/bridge: tc358764: Fix debug print parameter order (git-fixes). - drm/etnaviv: fix dumping of active MMU context (git-fixes). - drm/gma500: Use drm_aperture_remove_conflicting_pci_framebuffers (git-fixes). - drm/i915/gvt: Drop unused helper intel_vgpu_reset_gtt() (git-fixes). - drm/i915/gvt: Put the page reference obtained by KVM's gfn_to_pfn() (git-fixes). - drm/i915/gvt: Verify pfn is "valid" before dereferencing "struct page" (git-fixes). - drm/i915/sdvo: fix panel_type initialization (git-fixes). - drm/i915: Fix premature release of request's reusable memory (git-fixes). - drm/i915: mark requests for GuC virtual engines to avoid use-after-free (git-fixes). - drm/mediatek: Fix dereference before null check (git-fixes). - drm/mediatek: Fix potential memory leak if vmap() fail (git-fixes). - drm/mediatek: Remove freeing not dynamic allocated memory (git-fixes). - drm/msm/a2xx: Call adreno_gpu_init() earlier (git-fixes). - drm/msm/dpu: fix the irq index in dpu_encoder_phys_wb_wait_for_commit_done (git-fixes). - drm/msm/mdp5: Do not leak some plane state (git-fixes). - drm/msm: Update dev core dump to not print backwards (git-fixes). - drm/mxsfb: Disable overlay plane in mxsfb_plane_overlay_atomic_disable() (git-fixes). - drm/nouveau/disp: Revert a NULL check inside nouveau_connector_get_modes (git-fixes). - drm/nouveau/disp: fix use-after-free in error handling of nouveau_connector_create (bsc#1214073). - drm/nouveau/gr: enable memory loads on helper invocation on all channels (git-fixes). - drm/nouveau/nvkm/dp: Add workaround to fix DP 1.3+ DPCD issues (git-fixes). - drm/panel: simple: Add missing connector type and pixel format for AUO T215HVN01 (git-fixes). - drm/panel: simple: Fix AUO G121EAN01 panel timings according to the docs (git-fixes). - drm/qxl: fix UAF on handle creation (git-fixes). - drm/radeon: Use RMW accessors for changing LNKCTL (git-fixes). - drm/repaper: Reduce temporary buffer size in repaper_fb_dirty() (git-fixes). - drm/rockchip: Do not spam logs in atomic check (git-fixes). - drm/shmem-helper: Reset vma->vm_ops before calling dma_buf_mmap() (git-fixes). - drm/stm: ltdc: fix late dereference check (git-fixes). - drm/tegra: dpaux: Fix incorrect return value of platform_get_irq (git-fixes). - drm/ttm: check null pointer before accessing when swapping (git-fixes). - drm/ttm: never consider pinned BOs for eviction&swap (git-fixes). - drm/vmwgfx: Fix shader stage validation (git-fixes). - drm: adv7511: Fix low refresh rate register for ADV7533/5 (git-fixes). - drm: gm12u320: Fix the timeout usage for usb_bulk_msg() (git-fixes). - drm: rcar-du: remove R-Car H3 ES1.* workarounds (git-fixes). - drm: xlnx: zynqmp_dpsub: Add missing check for dma_set_mask (git-fixes). - dt-bindings: clock: xlnx,versal-clk: drop select:false (git-fixes). - dt-bindings: clocks: imx8mp: make sai4 a dummy clock (git-fixes). - dt-bindings: crypto: ti,sa2ul: make power-domains conditional (git-fixes). - e1000: Fix typos in comments (jsc#PED-5738). - e1000: Remove unnecessary use of kmap_atomic() (jsc#PED-5738). - e1000: switch to napi_build_skb() (jsc#PED-5738). - e1000: switch to napi_consume_skb() (jsc#PED-5738). - exfat: fix unexpected EOF while reading dir (bsc#1214000). - exfat: release s_lock before calling dir_emit() (bsc#1214000). - exfat_iterate(): do not open-code file_inode(file) (bsc#1214000). - fbdev/ep93xx-fb: Do not assign to struct fb_info.dev (git-fixes). - fbdev: Fix sys_imageblit() for arbitrary image widths (git-fixes). - fbdev: Improve performance of sys_imageblit() (git-fixes). - fbdev: Update fbdev source file paths (git-fixes). - fbdev: fix potential OOB read in fast_imageblit() (git-fixes). - fbdev: mmp: fix value check in mmphw_probe() (git-fixes). - file: reinstate f_pos locking optimization for regular files (bsc#1213759). - firmware: arm_scmi: Drop OF node reference in the transport channel setup (git-fixes). - firmware: cs_dsp: Fix new control name check (git-fixes). - firmware: meson_sm: fix to avoid potential NULL pointer dereference (git-fixes). - firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe (git-fixes). - fprobe: Release rethook after the ftrace_ops is unregistered (git-fixes). - fprobe: add unlock to match a succeeded ftrace_test_recursion_trylock (git-fixes). - fs/sysv: Null check to prevent null-ptr-deref bug (git-fixes). - fs: do not update freeing inode i_io_list (bsc#1214813). - fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE (bsc#1214813). - fsi: aspeed: Reset master errors after CFAM reset (git-fixes). - fsi: master-ast-cf: Add MODULE_FIRMWARE macro (git-fixes). - ftrace: Fix possible warning on checking all pages used in ftrace_process_locs() (git-fixes). - gpio: mvebu: Make use of devm_pwmchip_add (git-fixes). - gpio: mvebu: fix irq domain leak (git-fixes). - gpio: tps68470: Make tps68470_gpio_output() always set the initial value (git-fixes). - hv_netvsc: Remove second mapping of send and recv buffers (bsc#1206453). - hwmon: (pmbus/bel-pfe) Enable PMBUS_SKIP_STATUS_CHECK for pfe1100 (git-fixes). - hwmon: (tmp513) Fix the channel number in tmp51x_is_visible() (git-fixes). - hwrng: iproc-rng200 - Implement suspend and resume calls (git-fixes). - hwrng: nomadik - keep clock enabled while hwrng is registered (git-fixes). - hwrng: pic32 - use devm_clk_get_enabled (git-fixes). - i2c: Delete error messages for failed memory allocations (git-fixes). - i2c: Improve size determinations (git-fixes). - i2c: aspeed: Reset the i2c controller when timeout occurs (git-fixes). - i2c: bcm-iproc: Fix bcm_iproc_i2c_isr deadlock issue (git-fixes). - i2c: designware: Correct length byte validation logic (git-fixes). - i2c: designware: Handle invalid SMBus block data response length value (git-fixes). - i2c: hisi: Only handle the interrupt of the driver's transfer (git-fixes). - i2c: nomadik: Remove a useless call in the remove function (git-fixes). - i2c: nomadik: Remove unnecessary goto label (git-fixes). - i2c: nomadik: Use devm_clk_get_enabled() (git-fixes). - i3c: master: svc: fix probe failure when no i3c device exist (git-fixes). - i40e: Fix an NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes). - iavf: fix potential races for FDIR filters (git-fixes). - ice: Fix RDMA VSI removal during queue rebuild (git-fixes). - ice: Fix crash by keep old cfg when update TCs more than queues (git-fixes). - ice: Fix max_rate check while configuring TX rate limits (git-fixes). - ice: Fix memory management in ice_ethtool_fdir.c (git-fixes). - idr: fix param name in idr_alloc_cyclic() doc (git-fixes). - iio: adc: ina2xx: avoid NULL pointer dereference on OF device match (git-fixes). - iio: adc: stx104: Implement and utilize register structures (git-fixes). - iio: adc: stx104: Utilize iomap interface (git-fixes). - iio: cros_ec: Fix the allocation size for cros_ec_command (git-fixes). - intel/e1000:fix repeated words in comments (jsc#PED-5738). - intel: remove unused macros (jsc#PED-5738). - iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback (bsc#1212423). - iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback (bsc#1212423). - iommu/amd: Add PCI segment support for ivrs_ commands (git-fixes). - iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support (bsc#1212423). - iommu/amd: Do not identity map v2 capable device when snp is enabled (git-fixes). - iommu/amd: Fix compile warning in init code (git-fixes). - iommu/amd: Fix ill-formed ivrs_ioapic, ivrs_hpet and ivrs_acpihid options (git-fixes). - iommu/amd: Fix ivrs_acpihid cmdline parsing code (git-fixes). - iommu/amd: Fix pci device refcount leak in ppr_notifier() (git-fixes). - iommu/amd: use full 64-bit value in build_completion_wait() (git-fixes). - iommu/arm-smmu-v3: Make default domain type of HiSilicon PTT device to identity (git-fixes). - iommu/arm-smmu-v3: check return value after calling platform_get_resource() (git-fixes). - iommu/arm-smmu-v3: fix event handling soft lockup (git-fixes). - iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe() (git-fixes). - iommu/dart: Initialize DART_STREAMS_ENABLE (git-fixes). - iommu/dma: Fix incorrect error return on iommu deferred attach (git-fixes). - iommu/dma: Fix iova map result check bug (git-fixes). - iommu/dma: return error code from iommu_dma_map_sg() (git-fixes). - iommu/fsl_pamu: Fix resource leak in fsl_pamu_probe() (git-fixes). - iommu/io-pgtable-arm-v7s: Add a quirk to allow pgtable PA up to 35bit (git-fixes). - iommu/iova: Fix module config properly (git-fixes). - iommu/mediatek: Add error path for loop of mm_dts_parse (git-fixes). - iommu/mediatek: Add platform_device_put for recovering the device refcnt (git-fixes). - iommu/mediatek: Check return value after calling platform_get_resource() (git-fixes). - iommu/mediatek: Set dma_mask for PGTABLE_PA_35_EN (git-fixes). - iommu/mediatek: Use component_match_add (git-fixes). - iommu/mediatek: Validate number of phandles associated with "mediatek,larbs" (git-fixes). - iommu/omap: Fix buffer overflow in debugfs (git-fixes). - iommu/rockchip: fix permission bits in page table entries v2 (git-fixes). - iommu/s390: Fix duplicate domain attachments (git-fixes). - iommu/sun50i: Consider all fault sources for reset (git-fixes). - iommu/sun50i: Fix R/W permission check (git-fixes). - iommu/sun50i: Fix flush size (git-fixes). - iommu/sun50i: Fix reset release (git-fixes). - iommu/sun50i: Implement .iotlb_sync_map (git-fixes). - iommu/sun50i: Remove IOMMU_DOMAIN_IDENTITY (git-fixes). - iommu/vt-d: Add RPLS to quirk list to skip TE disabling (git-fixes). - iommu/vt-d: Check correct capability for sagaw determination (git-fixes). - iommu/vt-d: Clean up si_domain in the init_dmars() error path (git-fixes). - iommu/vt-d: Correctly calculate sagaw value of IOMMU (git-fixes). - iommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init() (git-fixes). - iommu/vt-d: Fix PCI device refcount leak in has_external_pci() (git-fixes). - iommu/vt-d: Fix kdump kernels boot failure with scalable mode (git-fixes). - iommu/vt-d: Preset Access bit for IOVA in FL non-leaf paging entries (git-fixes). - iommu/vt-d: Set SRE bit only when hardware has SRS cap (git-fixes). - ipmi:ssif: Add check for kstrdup (git-fixes). - ipmi:ssif: Fix a memory leak when scanning for an adapter (git-fixes). - ipmi_si: fix a memleak in try_smi_init() (git-fixes). - jffs2: correct logic when creating a hole in jffs2_write_begin (git-fixes). - kabi/severities: Ignore newly added SRSO mitigation functions - kabi/severities: ignore mlx4 internal symbols - kabi: Allow extra bugsints (bsc#1213927). - kabi: hide changes in enum ipl_type and struct sclp_info (jsc#PED-2023 jsc#PED-2025). - kconfig: fix possible buffer overflow (git-fixes). - kernel-binary: Common dependencies cleanup Common dependencies are copied to a subpackage, there is no need for copying defines or build dependencies there. - kernel-binary: Drop code for kerntypes support Kerntypes was a SUSE-specific feature dropped before SLE 12. - kselftest/runner.sh: Propagate SIGTERM to runner child (git-fixes). - kunit: make kunit_test_timeout compatible with comment (git-fixes). - leds: Fix BUG_ON check for LED_COLOR_ID_MULTI that is always false (git-fixes). - leds: multicolor: Use rounded division when calculating color components (git-fixes). - leds: pwm: Fix error code in led_pwm_create_fwnode() (git-fixes). - leds: trigger: tty: Do not use LED_ON/OFF constants, use led_blink_set_oneshot instead (git-fixes). - leds: turris-omnia: Drop unnecessary mutex locking (git-fixes). - lib/test_meminit: allocate pages up to order MAX_ORDER (git-fixes). - lib/test_meminit: destroy cache in kmem_cache_alloc_bulk() test (git-fixes). - libbpf: Fix BTF-to-C converter's padding logic (bsc#1211220 jsc#PED-3924). - libbpf: Fix btf_dump's packed struct determination (bsc#1211220 jsc#PED-3924). - libbpf: Fix single-line struct definition output in btf_dump (bsc#1211220 jsc#PED-3924). - libceph: fix potential hang in ceph_osdc_notify() (bsc#1214393). - md/raid0: Factor out helper for mapping and submitting a bio (bsc#1213916). - md/raid0: Fix performance regression for large sequential writes (bsc#1213916). - media: ad5820: Drop unsupported ad5823 from i2c_ and of_device_id tables (git-fixes). - media: cx24120: Add retval check for cx24120_message_send() (git-fixes). - media: dib7000p: Fix potential division by zero (git-fixes). - media: dvb-usb: m920x: Fix a potential memory leak in m920x_i2c_xfer() (git-fixes). - media: go7007: Remove redundant if statement (git-fixes). - media: i2c: ccs: Check rules is non-NULL (git-fixes). - media: i2c: rdacm21: Fix uninitialized value (git-fixes). - media: i2c: tvp5150: check return value of devm_kasprintf() (git-fixes). - media: ov2680: Add ov2680_fill_format() helper function (git-fixes). - media: ov2680: Do not take the lock for try_fmt calls (git-fixes). - media: ov2680: Fix ov2680_bayer_order() (git-fixes). - media: ov2680: Fix ov2680_set_fmt() which == V4L2_SUBDEV_FORMAT_TRY not working (git-fixes). - media: ov2680: Fix regulators being left enabled on ov2680_power_on() errors (git-fixes). - media: ov2680: Fix vflip / hflip set functions (git-fixes). - media: ov2680: Remove VIDEO_V4L2_SUBDEV_API ifdef-s (git-fixes). - media: ov5640: Enable MIPI interface in ov5640_set_power_mipi() (git-fixes). - media: rkvdec: increase max supported height for H.264 (git-fixes). - media: v4l2-core: Fix a potential resource leak in v4l2_fwnode_parse_link() (git-fixes). - media: v4l2-mem2mem: add lock to protect parameter num_rdy (git-fixes). - media: venus: hfi_venus: Only consider sys_idle_indicator on V1 (git-fixes). - media: venus: hfi_venus: Write to VIDC_CTRL_INIT after unmasking interrupts (git-fixes). - misc: rtsx: judge ASPM Mode to set PETXCFG Reg (git-fixes). - mkspec: Allow unsupported KMPs (bsc#1214386) - mlx4: Avoid resetting MLX4_INTFF_BONDING per driver (bsc#1187236). - mlx4: Connect the ethernet part to the auxiliary bus (bsc#1187236). - mlx4: Connect the infiniband part to the auxiliary bus (bsc#1187236). - mlx4: Delete custom device management logic (bsc#1187236). - mlx4: Get rid of the mlx4_interface.activate callback (bsc#1187236). - mlx4: Get rid of the mlx4_interface.get_dev callback (bsc#1187236). - mlx4: Move the bond work to the core driver (bsc#1187236). - mlx4: Register mlx4 devices to an auxiliary virtual bus (bsc#1187236). - mlx4: Rename member mlx4_en_dev.nb to netdev_nb (bsc#1187236). - mlx4: Replace the mlx4_interface.event callback with a notifier (bsc#1187236). - mlx4: Use 'void *' as the event param of mlx4_dispatch_event() (bsc#1187236). - mlxsw: pci: Add shutdown method in PCI driver (git-fixes). - mmc: block: Fix in_flight[issue_type] value error (git-fixes). - mmc: moxart: read scr register without changing byte order (git-fixes). - mmc: wbsd: fix double mmc_free_host() in wbsd_init() (git-fixes). - module: avoid allocation if module is already present and ready (bsc#1213921). - module: extract patient module check into helper (bsc#1213921). - module: move check_modinfo() early to early_mod_check() (bsc#1213921). - module: move early sanity checks into a helper (bsc#1213921). - mtd: rawnand: brcmnand: Fix crash during the panic_write (git-fixes). - mtd: rawnand: brcmnand: Fix mtd oobsize (git-fixes). - mtd: rawnand: brcmnand: Fix potential false time out warning (git-fixes). - mtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write (git-fixes). - mtd: rawnand: fsl_upm: Fix an off-by one test in fun_exec_op() (git-fixes). - mtd: rawnand: fsmc: handle clk prepare error in fsmc_nand_resume() (git-fixes). - mtd: rawnand: omap_elm: Fix incorrect type in assignment (git-fixes). - mtd: rawnand: rockchip: Align hwecc vs. raw page helper layouts (git-fixes). - mtd: rawnand: rockchip: fix oobfree offset and description (git-fixes). - mtd: spi-nor: Check bus width while setting QE bit (git-fixes). - mtd: spinand: toshiba: Fix ecc_get_status (git-fixes). - n_tty: Rename tail to old_tail in n_tty_read() (git-fixes). - net/mlx4: Remove many unnecessary NULL values (bsc#1187236). - net: hns3: fix wrong bw weight of disabled tc issue (git-fixes). - net: ieee802154: at86rf230: Stop leaking skb's (git-fixes). - net: mana: Fix MANA VF unload when hardware is unresponsive (git-fixes). - net: phy: at803x: remove set/get wol callbacks for AR8032 (git-fixes). - net: phy: broadcom: stub c45 read/write for 54810 (git-fixes). - net: phy: fix IRQ-based wake-on-lan over hibernate / power off (git-fixes). - net: phy: micrel: Correct bit assignments for phy_device flags (git-fixes). - net: stmmac: tegra: Properly allocate clock bulk data (bsc#1213733) - net: usb: lan78xx: reorder cleanup operations to avoid UAF bugs (git-fixes). - net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb (git-fixes). - netfs: Fix lockdep warning from taking sb_writers whilst holding mmap_lock (bsc#1214742). - netfs: Fix missing xas_retry() calls in xarray iteration (bsc#1213946 bsc#1214404). - netfs: Fix missing xas_retry() calls in xarray iteration (bsc#1213946). - netfs: fix parameter of cleanup() (bsc#1214743). - nfsd: Remove incorrect check in nfsd4_validate_stateid (git-fixes). - nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse (git-fixes). - nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput (git-fixes). - ntb: Clean up tx tail index on link down (git-fixes). - ntb: Drop packets when qp link is down (git-fixes). - ntb: Fix calculation ntb_transport_tx_free_entry() (git-fixes). - nvme-rdma: fix potential unbalanced freeze & unfreeze (bsc#1208902). - nvme-tcp: fix potential unbalanced freeze & unfreeze (bsc#1208902). - objtool/x86: Fix SRSO mess (git-fixes). - objtool/x86: Fixup frame-pointer vs rethunk (git-fixes). - objtool: Union instruction::{call_dest,jump_table} (git-fixes). - old-flavors: Drop 2.6 kernels. 2.6 based kernels are EOL, upgrading from them is no longer suported. - pcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db() (git-fixes). - phy/rockchip: inno-hdmi: do not power on rk3328 post pll on reg write (git-fixes). - phy/rockchip: inno-hdmi: round fractal pixclock in rk3328 recalc_rate (git-fixes). - phy/rockchip: inno-hdmi: use correct vco_div_5 macro on rk3328 (git-fixes). - phy: qcom-snps-femto-v2: keep cfg_ahb_clk enabled during runtime suspend (git-fixes). - phy: qcom-snps-femto-v2: properly enable ref clock (git-fixes). - phy: qcom-snps: Use dev_err_probe() to simplify code (git-fixes). - phy: qcom-snps: correct struct qcom_snps_hsphy kerneldoc (git-fixes). - pinctrl: amd: Mask wake bits on probe again (git-fixes). - pinctrl: amd: Revert "pinctrl: amd: disable and mask interrupts on probe" (git-fixes). - pinctrl: cherryview: fix address_space_handler() argument (git-fixes). - pinctrl: mcp23s08: check return value of devm_kasprintf() (git-fixes). - pinctrl: renesas: rza2: Add lock around pinctrl_generic{{add,remove}_group,{add,remove}_function} (git-fixes). - platform/mellanox: mlxbf-pmc: Fix potential buffer overflows (git-fixes). - platform/mellanox: mlxbf-pmc: Fix reading of unprogrammed events (git-fixes). - platform/mellanox: mlxbf-tmfifo: Drop jumbo frames (git-fixes). - platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more descriptors (git-fixes). - platform/x86: dell-sysman: Fix reference leak (git-fixes). - powerpc/64e: Fix kexec build error (bsc#1212091 ltc#199106). - powerpc/iommu: Fix iommu_table_in_use for a small default DMA window case (bsc#1212091 ltc#199106). - powerpc/iommu: Fix notifiers being shared by PCI and VIO buses (bsc#1065729). - powerpc/iommu: Incorrect DDW Table is referenced for SR-IOV device (bsc#1212091 ltc#199106). - powerpc/iommu: TCEs are incorrectly manipulated with DLPAR add/remove of memory (bsc#1212091 ltc#199106). - powerpc/iommu: do not set failed sg dma_address to DMA_MAPPING_ERROR (bsc#1212091 ltc#199106). - powerpc/iommu: return error code from .map_sg() ops (bsc#1212091 ltc#199106). - powerpc/kernel/iommu: Add new iommu_table_in_use() helper (bsc#1212091 ltc#199106). - powerpc/kexec: Fix build failure from uninitialised variable (bsc#1212091 ltc#199106). - powerpc/mm/altmap: Fix altmap boundary check (bsc#1120059 git-fixes). - powerpc/pseries/ddw: Do not try direct mapping with persistent memory and one window (bsc#1212091 ltc#199106). - powerpc/pseries/ddw: simplify enable_ddw() (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Add ddw_list_new_entry() helper (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Add ddw_property_create() and refactor enable_ddw() (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Add iommu_pseries_alloc_table() helper (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Add of_node_put() before break (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Allow DDW windows starting at 0x00 (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Check if the default window in use before removing it (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Create huge DMA window if no MMIO32 is present (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Find existing DDW with given property name (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Make use of DDW for indirect mapping (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Print ibm,query-pe-dma-windows parameters (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Rename "direct window" to "dma window" (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Reorganize iommu_table_setparms*() with new helper (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Replace hard-coded page shift (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Update remove_dma_window() to accept property name (bsc#1212091 ltc#199106). - powerpc/pseries/iommu: Use correct vfree for it_map (bsc#1212091 ltc#199106). - powerpc/pseries: Add __init attribute to eligible functions (bsc#1212091 ltc#199106). - powerpc/pseries: Honour current SMT state when DLPAR onlining CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - powerpc/pseries: Initialise CPU hotplug callbacks earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). - powerpc/rtas: block error injection when locked down (bsc#1023051). - powerpc/rtas: enture rtas_call is called with MMU enabled (bsc#1023051). - powerpc/rtas: mandate RTAS syscall filtering (bsc#1023051). - powerpc/rtas_flash: allow user copy to flash block cache objects (bsc#1194869). - powerpc/security: Fix Speculation_Store_Bypass reporting on Power10 (bsc#1188885 ltc#193722 git-fixes). - powerpc/xics: Remove unnecessary endian conversion (bsc#1065729). - powerpc: Add HOTPLUG_SMT support (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). Update config files. - powerpc: Move DMA64_PROPNAME define to a header (bsc#1214297 ltc#197503). - powerpc: fix typos in comments (bsc#1212091 ltc#199106). - pseries/iommu/ddw: Fix kdump to work in absence of ibm,dma-window (bsc#1214297 ltc#197503). - pstore/ram: Check start of empty przs during init (git-fixes). - pwm: Add a stub for devm_pwmchip_add() (git-fixes). - pwm: lpc32xx: Remove handling of PWM channels (git-fixes). - pwm: meson: Simplify duplicated per-channel tracking (git-fixes). - pwm: meson: fix handling of period/duty if greater than UINT_MAX (git-fixes). - qed: Fix scheduling in a tasklet while getting stats (git-fixes). - regmap: rbtree: Use alloc_flags for memory allocations (git-fixes). - ring-buffer: Do not swap cpu_buffer during resize process (git-fixes). - ring-buffer: Fix deadloop issue on reading trace_pipe (git-fixes). - ring-buffer: Fix wrong stat of cpu_buffer->read (git-fixes). - rpm/mkspec-dtb: support for nested subdirs. - rpmsg: glink: Add check for kstrdup (git-fixes). - rt: Add helper script to refresh RT configs based on the parent (SLE Realtime Extension). - s390/dasd: fix command reject error on ESE devices (LTC#203630 bsc#1215123 git-fixes). - s390/dasd: fix hanging device after request requeue (git-fixes LTC#203629 bsc#1215124). - s390/ipl: add DEFINE_GENERIC_LOADPARM() (jsc#PED-2023). - s390/ipl: add eckd dump support (jsc#PED-2025). - s390/ipl: add eckd support (jsc#PED-2023). - s390/ipl: add loadparm parameter to eckd ipl/reipl data (jsc#PED-2023). - s390/ipl: add missing secure/has_secure file to ipl type 'unknown' (bsc#1214976). - s390/ipl: use octal values instead of S_* macros (jsc#PED-2023). - s390/purgatory: disable branch profiling (git-fixes bsc#1214372). - s390/qeth: Do not call dev_close/dev_open (DOWN/UP) (bsc#1214873 git-fixes). - s390/zcrypt: do not leak memory if dev_set_name() fails (git-fixes bsc#1215148). - s390/zcrypt: fix reply buffer calculations for CCA replies (bsc#1213949). - sched/fair: Fix inaccurate tally of ttwu_move_affine (git fixes). - sched/fair: Use recent_used_cpu to test p->cpus_ptr (git fixes). - sched/psi: use kernfs polling functions for PSI trigger polling (bsc#1209799). - scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() (git-fixes). - scsi: 53c700: Check that command slot is not NULL (git-fixes). - scsi: RDMA/srp: Fix residual handling (git-fixes) - scsi: bsg: Increase number of devices (bsc#1210048). - scsi: core: Do not wait for quiesce in scsi_device_block() (bsc#1209284). - scsi: core: Do not wait for quiesce in scsi_stop_queue() (bsc#1209284). - scsi: core: Fix legacy /proc parsing buffer overflow (git-fixes). - scsi: core: Fix possible memory leak if device_add() fails (git-fixes). - scsi: core: Improve warning message in scsi_device_block() (bsc#1209284). - scsi: core: Merge scsi_internal_device_block() and device_block() (bsc#1209284). - scsi: fnic: Replace return codes in fnic_clean_pending_aborts() (git-fixes). - scsi: lpfc: Do not abuse UUID APIs and LPFC_COMPRESS_VMID_SIZE (git-fixes). - scsi: lpfc: Modify when a node should be put in device recovery mode during RSCN (git-fixes). - scsi: lpfc: Remove reftag check in DIF paths (git-fixes). - scsi: qedf: Fix NULL dereference in error handling (git-fixes). - scsi: qedf: Fix firmware halt over suspend and resume (git-fixes). - scsi: qedi: Fix firmware halt over suspend and resume (git-fixes). - scsi: qla2xxx: Add logs for SFP temperature monitoring (bsc#1214928). - scsi: qla2xxx: Allow 32-byte CDBs (bsc#1214928). - scsi: qla2xxx: Error code did not return to upper layer (bsc#1214928). - scsi: qla2xxx: Fix firmware resource tracking (bsc#1214928). - scsi: qla2xxx: Fix smatch warn for qla_init_iocb_limit() (bsc#1214928). - scsi: qla2xxx: Flush mailbox commands on chip reset (bsc#1214928). - scsi: qla2xxx: Move resource to allow code reuse (bsc#1214928). - scsi: qla2xxx: Remove unsupported ql2xenabledif option (bsc#1214928). - scsi: qla2xxx: Remove unused declarations (bsc#1214928). - scsi: qla2xxx: Remove unused variables in qla24xx_build_scsi_type_6_iocbs() (bsc#1214928). - scsi: qla2xxx: Update version to 10.02.09.100-k (bsc#1214928). - scsi: scsi_debug: Remove dead code (git-fixes). - scsi: sg: Increase number of devices (bsc#1210048). - scsi: snic: Fix double free in snic_tgt_create() (git-fixes). - scsi: snic: Fix possible memory leak if device_add() fails (git-fixes). - scsi: storvsc: Always set no_report_opcodes (git-fixes). - scsi: storvsc: Fix handling of virtual Fibre Channel timeouts (git-fixes). - scsi: storvsc: Handle SRB status value 0x30 (git-fixes). - scsi: storvsc: Limit max_sectors for virtual Fibre Channel devices (git-fixes). - scsi: zfcp: Defer fc_rport blocking until after ADISC response (git-fixes bsc#1214371). - selftests/bpf: Test btf dump for struct with padding only fields (bsc#1211220 jsc#PED-3924). - selftests/futex: Order calls to futex_lock_pi (git-fixes). - selftests/harness: Actually report SKIP for signal tests (git-fixes). - selftests/resctrl: Close perf value read fd on errors (git-fixes). - selftests/resctrl: Do not leak buffer in fill_cache() (git-fixes). - selftests/resctrl: Unmount resctrl FS if child fails to run benchmark (git-fixes). - selftests/rseq: check if libc rseq support is registered (git-fixes). - selftests: forwarding: Add a helper to skip test when using veth pairs (git-fixes). - selftests: forwarding: Skip test when no interfaces are specified (git-fixes). - selftests: forwarding: Switch off timeout (git-fixes). - selftests: forwarding: ethtool: Skip when using veth pairs (git-fixes). - selftests: forwarding: ethtool_extended_state: Skip when using veth pairs (git-fixes). - selftests: forwarding: tc_actions: Use ncat instead of nc (git-fixes). - selftests: forwarding: tc_actions: cleanup temporary files when test is aborted (git-fixes). - selftests: forwarding: tc_flower: Relax success criterion (git-fixes). - selftests: mirror_gre_changes: Tighten up the TTL test match (git-fixes). - selftests: tracing: Fix to unmount tracefs for recovering environment (git-fixes). - serial: sc16is7xx: fix broken port 0 uart init (git-fixes). - serial: sc16is7xx: fix bug when first setting GPIO direction (git-fixes). - serial: sprd: Assign sprd_port after initialized to avoid wrong access (git-fixes). - serial: sprd: Fix DMA buffer leak issue (git-fixes). - serial: tegra: handle clk prepare error in tegra_uart_hw_init() (git-fixes). - sfc: fix crash when reading stats while NIC is resetting (git-fixes). - smb3: Do not send lease break acknowledgment if all file handles have been closed (git-fixes). - smb3: do not set NTLMSSP_VERSION flag for negotiate not auth request (bsc#1193629). - smb: client: Fix -Wstringop-overflow issues (bsc#1193629). - smb: client: fix dfs link mount against w2k8 (bsc#1212142). - smb: client: fix null auth (git-fixes). - soc: aspeed: socinfo: Add kfree for kstrdup (git-fixes). - soundwire: bus: pm_runtime_request_resume on peripheral attachment (git-fixes). - soundwire: fix enumeration completion (git-fixes). - spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe() (git-fixes). - supported.conf: fix typos for -!optional markers - swiotlb: Remove bounce buffer remapping for Hyper-V (bsc#1206453). - target: compare and write backend driver sense handling (bsc#1177719 bsc#1213026). - target_core_rbd: fix leak and reduce kmalloc calls (bsc#1212873). - target_core_rbd: fix rbd_img_request.snap_id assignment (bsc#1212857). - target_core_rbd: remove snapshot existence validation code (bsc#1212857). - tcpm: Avoid soft reset when partner does not support get_status (git-fixes). - thunderbolt: Read retimer NVM authentication status prior tb_retimer_set_inbound_sbtx() (git-fixes). - timers: Add shutdown mechanism to the internal functions (bsc#1213970). - timers: Provide timer_shutdown[_sync]() (bsc#1213970). - timers: Rename del_timer() to timer_delete() (bsc#1213970). - timers: Rename del_timer_sync() to timer_delete_sync() (bsc#1213970). - timers: Replace BUG_ON()s (bsc#1213970). - timers: Silently ignore timers with a NULL function (bsc#1213970). - timers: Split [try_to_]del_timer[_sync]() to prepare for shutdown mode (bsc#1213970). - timers: Update kernel-doc for various functions (bsc#1213970). - timers: Use del_timer_sync() even on UP (bsc#1213970). - tracing/histograms: Add histograms to hist_vars if they have referenced variables (git-fixes). - tracing/histograms: Return an error if we fail to add histogram to hist_vars list (git-fixes). - tracing/probes: Fix not to count error code to total length (git-fixes). - tracing/probes: Fix to avoid double count of the string length on the array (git-fixes). - tracing/probes: Fix to record 0-length data_loc in fetch_store_string*() if fails (git-fixes). - tracing/probes: Fix to update dynamic data counter if fetcharg uses it (git-fixes). - tracing: Fix cpu buffers unavailable due to 'record_disabled' missed (git-fixes). - tracing: Fix memleak due to race between current_tracer and trace (git-fixes). - tracing: Fix memory leak of iter->temp when reading trace_pipe (git-fixes). - tracing: Fix null pointer dereference in tracing_err_log_open() (git-fixes). - tracing: Fix race issue between cpu buffer write and swap (git-fixes). - tracing: Fix warning in trace_buffered_event_disable() (git-fixes). - tracing: Remove extra space at the end of hwlat_detector/mode (git-fixes). - tracing: Remove unnecessary copying of tr->current_trace (git-fixes). - tty: fix hang on tty device with no_room set (git-fixes). - tty: n_gsm: fix the UAF caused by race condition in gsm_cleanup_mux (git-fixes). - tty: serial: fsl_lpuart: Add i.MXRT1050 support (git-fixes). - tty: serial: fsl_lpuart: Clear the error flags by writing 1 for lpuart32 platforms (git-fixes). - tty: serial: fsl_lpuart: make rx_watermark configurable for different platforms (git-fixes). - tty: serial: fsl_lpuart: reduce RX watermark to 0 on LS1028A (git-fixes). - ubifs: Fix memleak when insert_old_idx() failed (git-fixes). - uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix (git-fixes). - usb-storage: alauda: Fix uninit-value in alauda_check_media() (git-fixes). - usb: chipidea: imx: add missing USB PHY DPDM wakeup setting (git-fixes). - usb: chipidea: imx: do not request QoS for imx8ulp (git-fixes). - usb: chipidea: imx: improve logic if samsung,picophy-* parameter is 0 (git-fixes). - usb: common: usb-conn-gpio: Prevent bailing out if initial role is none (git-fixes). - usb: dwc3: Fix typos in gadget.c (git-fixes). - usb: dwc3: Properly handle processing of pending events (git-fixes). - usb: dwc3: meson-g12a: do post init to fix broken usb after resumption (git-fixes). - usb: gadget: Fix the memory leak in raw_gadget driver (git-fixes). - usb: gadget: f_mass_storage: Fix unused variable warning (git-fixes). - usb: gadget: u_serial: Avoid spinlock recursion in __gs_console_push (git-fixes). - usb: ohci-at91: Fix the unhandle interrupt when resume (git-fixes). - usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host() (git-fixes). - usb: quirks: add quirk for Focusrite Scarlett (git-fixes). - usb: serial: option: add FOXCONN T99W368/T99W373 product (git-fixes). - usb: serial: option: add Quectel EC200A module support (git-fixes). - usb: serial: option: add Quectel EM05G variant (0x030e) (git-fixes). - usb: serial: option: support Quectel EM060K_128 (git-fixes). - usb: serial: simple: add Kaufmann RKS+CAN VCP (git-fixes). - usb: serial: simple: sort driver entries (git-fixes). - usb: typec: altmodes/displayport: Signal hpd when configuring pin assignment (git-fixes). - usb: typec: tcpci: clear the fault status bit (git-fixes). - usb: typec: tcpci: move tcpci.h to include/linux/usb/ (git-fixes). - usb: typec: tcpm: Fix response to vsafe0V event (git-fixes). - usb: typec: tcpm: set initial svdm version based on pd revision (git-fixes). - usb: zaurus: Add ID for A-300/B-500/C-700 (git-fixes). - watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load (git-fixes). - watchdog: sp5100_tco: support Hygon FCH/SCH (Server Controller Hub) (git-fixes). - wifi: ath10k: Use RMW accessors for changing LNKCTL (git-fixes). - wifi: ath11k: Use RMW accessors for changing LNKCTL (git-fixes). - wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx (git-fixes). - wifi: ath9k: protect WMI command response buffer replacement with a lock (git-fixes). - wifi: ath9k: use IS_ERR() with debugfs_create_dir() (git-fixes). - wifi: cfg80211: Fix return value in scan logic (git-fixes). - wifi: cfg80211: fix sband iftype data lookup for AP_VLAN (git-fixes). - wifi: mt76: mt7615: do not advertise 5 GHz on first phy of MT7615D (DBDC) (git-fixes). - wifi: mt76: mt7915: fix power-limits while chan_switch (git-fixes). - wifi: mt76: mt7921: do not support one stream on secondary antenna only (git-fixes). - wifi: mt76: mt7921: fix non-PSC channel scan fail (git-fixes). - wifi: mt76: testmode: add nla_policy for MT76_TM_ATTR_TX_LENGTH (git-fixes). - wifi: mwifiex: Fix OOB and integer underflow when rx packets (git-fixes). - wifi: mwifiex: Fix missed return in oob checks failed path (git-fixes). - wifi: mwifiex: avoid possible NULL skb pointer dereference (git-fixes). - wifi: mwifiex: fix error recovery in PCIE buffer descriptor management (git-fixes). - wifi: mwifiex: fix memory leak in mwifiex_histogram_read() (git-fixes). - wifi: nl80211/cfg80211: add forgotten nla_policy for BSS color attribute (git-fixes). - wifi: radiotap: fix kernel-doc notation warnings (git-fixes). - wifi: rtw89: debug: Fix error handling in rtw89_debug_priv_btc_manual_set() (git-fixes). - word-at-a-time: use the same return type for has_zero regardless of endianness (bsc#1065729). - x86/CPU/AMD: Disable XSAVES on AMD family 0x17 (git-fixes). - x86/alternative: Fix race in try_get_desc() (git-fixes). - x86/alternative: Make custom return thunk unconditional (git-fixes). - x86/boot/e820: Fix typo in e820.c comment (git-fixes). - x86/bugs: Reset speculation control settings on init (git-fixes). - x86/cpu/kvm: Provide UNTRAIN_RET_VM (git-fixes). - x86/cpu: Add Lunar Lake M (git-fixes). - x86/cpu: Add model number for Intel Arrow Lake processor (git-fixes). - x86/cpu: Clean up SRSO return thunk mess (git-fixes). - x86/cpu: Cleanup the untrain mess (git-fixes). - x86/cpu: Fix __x86_return_thunk symbol type (git-fixes). - x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk() (git-fixes). - x86/cpu: Rename original retbleed methods (git-fixes). - x86/cpu: Rename srso_(.*)_alias to srso_alias_\1 (git-fixes). - x86/fpu: Take task_struct* in copy_sigframe_from_user_to_xstate() (git-fixes). - x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed (git-fixes). - x86/hyperv: Add an interface to do nested hypercalls (bsc#1206453). - x86/hyperv: Add hv_isolation_type_tdx() to detect TDX guests (bsc#1206453). - x86/hyperv: Add support for detecting nested hypervisor (bsc#1206453). - x86/hyperv: Change vTOM handling to use standard coco mechanisms (bsc#1206453). - x86/hyperv: Fix hyperv_pcpu_input_arg handling when CPUs go online/offline (bsc#1206453). - x86/hyperv: Remove BUG_ON() for kmap_local_page() (bsc#1206453). - x86/hyperv: Reorder code to facilitate future work (bsc#1206453). - x86/hyperv: Replace kmap() with kmap_local_page() (bsc#1206453). - x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL (git-fixes). - x86/ioapic: Do not return 0 from arch_dynirq_lower_bound() (git-fixes). - x86/ioremap: Add hypervisor callback for private MMIO mapping in coco (bsc#1206453). - x86/ioremap: Fix page aligned size calculation in __ioremap_caller() (git-fixes). - x86/mce: Make sure logged MCEs are processed after sysfs update (git-fixes). - x86/mce: Retrieve poison range from hardware (git-fixes). - x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build (git-fixes). - x86/mm: Avoid incomplete Global INVLPG flushes (git-fixes). - x86/mm: Do not shuffle CPU entry areas without KASLR (git-fixes). - x86/mm: Handle decryption/re-encryption of bss_decrypted consistently (bsc#1206453). - x86/purgatory: remove PGO flags (git-fixes). - x86/reboot: Disable virtualization in an emergency if SVM is supported (git-fixes). - x86/resctl: fix scheduler confusion with 'current' (git-fixes). - x86/resctrl: Fix task CLOSID/RMID update race (git-fixes). - x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register (git-fixes). - x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG (git-fixes). - x86/retpoline,kprobes: Skip optprobe check for indirect jumps with retpolines and IBT (git-fixes). - x86/retpoline: Do not clobber RFLAGS during srso_safe_ret() (git-fixes). - x86/rtc: Remove __init for runtime functions (git-fixes). - x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635). - x86/sgx: Reduce delay and interference of enclave release (git-fixes). - x86/speculation: Add cpu_show_gds() prototype (git-fixes). - x86/speculation: Mark all Skylake CPUs as vulnerable to GDS (git-fixes). - x86/srso: Correct the mitigation status when SMT is disabled (git-fixes). - x86/srso: Disable the mitigation on unaffected configurations (git-fixes). - x86/srso: Explain the untraining sequences a bit more (git-fixes). - x86/srso: Fix build breakage with the LLVM linker (git-fixes). - x86/srso: Fix return thunks in generated code (git-fixes). - x86/static_call: Fix __static_call_fixup() (git-fixes). - x86/tdx: Add more registers to struct tdx_hypercall_args (bsc#1206453). - x86/tdx: Do not corrupt frame-pointer in __tdx_hypercall() (bsc#1206453). - x86/tdx: Expand __tdx_hypercall() to handle more arguments (bsc#1206453). - x86/tdx: Fix typo in comment in __tdx_hypercall() (bsc#1206453). - x86/tdx: Refactor __tdx_hypercall() to allow pass down more arguments (bsc#1206453). - x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows) (git-fixes). - xfs: fix sb write verify for lazysbcount (bsc#1214661). kernel-rt-5.14.21-150500.13.18.1.nosrc.rpm True kernel-rt-5.14.21-150500.13.18.1.x86_64.rpm True openSUSE-Leap-Micro-5.5-2023-3963 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for libX11 fixes the following issues: - CVE-2023-43786: Fixed stack exhaustion from infinite recursion in PutSubImage() (bsc#1215684). - CVE-2023-43787: Fixed integer overflow in XCreateImage() leading to a heap overflow (bsc#1215685). - CVE-2023-43785: Fixed out-of-bounds memory access in _XkbReadKeySyms() (bsc#1215683). libX11-1.6.5-150000.3.33.1.src.rpm libX11-6-1.6.5-150000.3.33.1.x86_64.rpm libX11-data-1.6.5-150000.3.33.1.noarch.rpm libX11-xcb1-1.6.5-150000.3.33.1.x86_64.rpm libX11-6-1.6.5-150000.3.33.1.s390x.rpm libX11-xcb1-1.6.5-150000.3.33.1.s390x.rpm libX11-6-1.6.5-150000.3.33.1.aarch64.rpm libX11-xcb1-1.6.5-150000.3.33.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4143 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update provides rebuilds of various packages against the newer icu73 to support GB18030-2023. This set contains libreoffice, various libraries used by libreoffice and GNOME, and brltty. harfbuzz-3.4.0-150400.3.8.1.src.rpm libharfbuzz-gobject0-3.4.0-150400.3.8.1.x86_64.rpm libharfbuzz0-3.4.0-150400.3.8.1.x86_64.rpm typelib-1_0-HarfBuzz-0_0-3.4.0-150400.3.8.1.x86_64.rpm libharfbuzz-gobject0-3.4.0-150400.3.8.1.s390x.rpm libharfbuzz0-3.4.0-150400.3.8.1.s390x.rpm typelib-1_0-HarfBuzz-0_0-3.4.0-150400.3.8.1.s390x.rpm libharfbuzz-gobject0-3.4.0-150400.3.8.1.aarch64.rpm libharfbuzz0-3.4.0-150400.3.8.1.aarch64.rpm typelib-1_0-HarfBuzz-0_0-3.4.0-150400.3.8.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-3970 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for dracut fixes the following issues: - Honor nvme-cli's /etc/nvme/config.json in NVMe/TCP (bsc#1215578) dracut-055+suse.371.g5237e44a-150500.3.12.1.src.rpm dracut-055+suse.371.g5237e44a-150500.3.12.1.x86_64.rpm dracut-fips-055+suse.371.g5237e44a-150500.3.12.1.x86_64.rpm dracut-055+suse.371.g5237e44a-150500.3.12.1.s390x.rpm dracut-fips-055+suse.371.g5237e44a-150500.3.12.1.s390x.rpm dracut-055+suse.371.g5237e44a-150500.3.12.1.aarch64.rpm dracut-fips-055+suse.371.g5237e44a-150500.3.12.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-3994 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for git fixes the following issues: - Downgrade openssh dependency to recommends (bsc#1215533) git-2.35.3-150300.10.30.1.src.rpm git-2.35.3-150300.10.30.1.x86_64.rpm git-core-2.35.3-150300.10.30.1.x86_64.rpm perl-Git-2.35.3-150300.10.30.1.x86_64.rpm git-2.35.3-150300.10.30.1.s390x.rpm git-core-2.35.3-150300.10.30.1.s390x.rpm perl-Git-2.35.3-150300.10.30.1.s390x.rpm git-2.35.3-150300.10.30.1.aarch64.rpm git-core-2.35.3-150300.10.30.1.aarch64.rpm perl-Git-2.35.3-150300.10.30.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4110 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) glibc-2.31-150300.63.1.src.rpm glibc-2.31-150300.63.1.x86_64.rpm glibc-devel-2.31-150300.63.1.x86_64.rpm glibc-locale-2.31-150300.63.1.x86_64.rpm glibc-locale-base-2.31-150300.63.1.x86_64.rpm glibc-2.31-150300.63.1.s390x.rpm glibc-devel-2.31-150300.63.1.s390x.rpm glibc-locale-2.31-150300.63.1.s390x.rpm glibc-locale-base-2.31-150300.63.1.s390x.rpm glibc-2.31-150300.63.1.aarch64.rpm glibc-devel-2.31-150300.63.1.aarch64.rpm glibc-locale-2.31-150300.63.1.aarch64.rpm glibc-locale-base-2.31-150300.63.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4112 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for open-vm-tools fixes the following issue: - Ship correct open-vm-tools version to 15-SP4 (bsc#1205927) libvmtools0-12.3.0-150300.40.1.x86_64.rpm open-vm-tools-12.3.0-150300.40.1.src.rpm open-vm-tools-12.3.0-150300.40.1.x86_64.rpm openSUSE-Leap-Micro-5.5-2023-4231 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for python-kiwi fixes the following issues: - Add SECURE_BOOT no when the firmware is efi (bsc#1211102) dracut-kiwi-lib-9.24.43-150100.3.62.1.x86_64.rpm dracut-kiwi-oem-dump-9.24.43-150100.3.62.1.x86_64.rpm dracut-kiwi-oem-repart-9.24.43-150100.3.62.1.x86_64.rpm python-kiwi-9.24.43-150100.3.62.1.src.rpm dracut-kiwi-lib-9.24.43-150100.3.62.1.s390x.rpm dracut-kiwi-oem-dump-9.24.43-150100.3.62.1.s390x.rpm dracut-kiwi-oem-repart-9.24.43-150100.3.62.1.s390x.rpm dracut-kiwi-lib-9.24.43-150100.3.62.1.aarch64.rpm dracut-kiwi-oem-dump-9.24.43-150100.3.62.1.aarch64.rpm dracut-kiwi-oem-repart-9.24.43-150100.3.62.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4088 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for libguestfs fixes the following issues: - Unable to determine guest architecture (bsc#1215543, bsc#1215461) - Non-functional network due to missing sysconfig-netconfig (bsc#1215586) - Cannot find any suitable libguestfs supermin (bsc#1212972, bsc#1215664) libguestfs-1.48.6-150500.3.8.1.src.rpm libguestfs0-1.48.6-150500.3.8.1.x86_64.rpm libguestfs0-1.48.6-150500.3.8.1.s390x.rpm libguestfs0-1.48.6-150500.3.8.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4003 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for apparmor fixes the following issues: - Handle pam-config errors in pam_apparmor %post and %postun scripts (bsc#1215596) apparmor-3.0.4-150500.11.9.1.src.rpm apparmor-parser-3.0.4-150500.11.9.1.x86_64.rpm libapparmor-3.0.4-150500.11.9.1.src.rpm libapparmor1-3.0.4-150500.11.9.1.x86_64.rpm pam_apparmor-3.0.4-150500.11.9.1.x86_64.rpm apparmor-parser-3.0.4-150500.11.9.1.s390x.rpm libapparmor1-3.0.4-150500.11.9.1.s390x.rpm pam_apparmor-3.0.4-150500.11.9.1.s390x.rpm apparmor-parser-3.0.4-150500.11.9.1.aarch64.rpm libapparmor1-3.0.4-150500.11.9.1.aarch64.rpm pam_apparmor-3.0.4-150500.11.9.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4138 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for systemd-rpm-macros fixes the following issues: - Switch to `systemd-hwdb` tool when updating the HW database. It's been introduced in systemd v219 and replaces the deprecated command `udevadm hwdb`. systemd-rpm-macros-14-150000.7.36.1.noarch.rpm systemd-rpm-macros-14-150000.7.36.1.src.rpm openSUSE-Leap-Micro-5.5-2023-4177 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for sssd fixes the following issues: - LDAP password policy: return failure if there are no grace logins left (bsc#1214434) libsss_certmap0-2.5.2-150500.10.6.1.x86_64.rpm libsss_idmap0-2.5.2-150500.10.6.1.x86_64.rpm libsss_nss_idmap0-2.5.2-150500.10.6.1.x86_64.rpm sssd-2.5.2-150500.10.6.1.src.rpm sssd-2.5.2-150500.10.6.1.x86_64.rpm sssd-common-2.5.2-150500.10.6.1.x86_64.rpm sssd-krb5-common-2.5.2-150500.10.6.1.x86_64.rpm sssd-ldap-2.5.2-150500.10.6.1.x86_64.rpm libsss_certmap0-2.5.2-150500.10.6.1.s390x.rpm libsss_idmap0-2.5.2-150500.10.6.1.s390x.rpm libsss_nss_idmap0-2.5.2-150500.10.6.1.s390x.rpm sssd-2.5.2-150500.10.6.1.s390x.rpm sssd-common-2.5.2-150500.10.6.1.s390x.rpm sssd-krb5-common-2.5.2-150500.10.6.1.s390x.rpm sssd-ldap-2.5.2-150500.10.6.1.s390x.rpm libsss_certmap0-2.5.2-150500.10.6.1.aarch64.rpm libsss_idmap0-2.5.2-150500.10.6.1.aarch64.rpm libsss_nss_idmap0-2.5.2-150500.10.6.1.aarch64.rpm sssd-2.5.2-150500.10.6.1.aarch64.rpm sssd-common-2.5.2-150500.10.6.1.aarch64.rpm sssd-krb5-common-2.5.2-150500.10.6.1.aarch64.rpm sssd-ldap-2.5.2-150500.10.6.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4453 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for libjansson ships the missing 32bit library to the Basesystem module of 15 SP5. libjansson-2.14-150000.3.5.1.src.rpm libjansson4-2.14-150000.3.5.1.x86_64.rpm libjansson4-2.14-150000.3.5.1.s390x.rpm libjansson4-2.14-150000.3.5.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4044 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) curl-8.0.1-150400.5.32.1.src.rpm curl-8.0.1-150400.5.32.1.x86_64.rpm libcurl4-8.0.1-150400.5.32.1.x86_64.rpm curl-8.0.1-150400.5.32.1.s390x.rpm libcurl4-8.0.1-150400.5.32.1.s390x.rpm curl-8.0.1-150400.5.32.1.aarch64.rpm libcurl4-8.0.1-150400.5.32.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4022 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for conmon fixes the following issues: conmon is rebuild with go1.21 to capture current stability, bug and security fixes. (bsc#1215806) conmon-2.1.7-150500.9.6.1.src.rpm conmon-2.1.7-150500.9.6.1.x86_64.rpm conmon-2.1.7-150500.9.6.1.s390x.rpm conmon-2.1.7-150500.9.6.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4450 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for crypto-policies fixes the following issues: - Enable setting the kernel FIPS mode with the fips-mode-setup and fips-finish-install commands (jsc#PED-5041) - Adapt fips-mode-setup to use the pbl command from the perl-Bootloader package instead of grubby and add a note for transactional systems - Ship the man pages for fips-mode-setup and fips-finish-install - Make the supported versions change in the update-crypto-policies(8) man page persistent (bsc#1209998) crypto-policies-20210917.c9d86d1-150400.3.6.1.noarch.rpm crypto-policies-20210917.c9d86d1-150400.3.6.1.src.rpm openSUSE-Leap-Micro-5.5-2023-4046 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for samba fixes the following issues: - CVE-2023-4091: Fixed a bug where a client can truncate file with read-only permissions. (bsc#1215904) - CVE-2023-42669: Fixed a bug in "rpcecho" development server which allows Denial of Service via sleep() call on AD DC. (bsc#1215905) - CVE-2023-42670: Fixed the procedure number which was out of range when starting Active Directory Users and Computers. (bsc#1215906) - CVE-2023-3961: Fixed an unsanitized client pipe name passed to local_np_connect(). (bsc#1215907) - CVE-2023-4154: Fixed a bug in dirsync which allows SYSTEM access with only "GUID_DRS_GET_CHANGES" right. (bsc#1215908) samba-4.17.9+git.421.abde31ca5c2-150500.3.11.1.src.rpm samba-client-libs-4.17.9+git.421.abde31ca5c2-150500.3.11.1.x86_64.rpm samba-client-libs-4.17.9+git.421.abde31ca5c2-150500.3.11.1.s390x.rpm samba-client-libs-4.17.9+git.421.abde31ca5c2-150500.3.11.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4071 important SUSE Updates openSUSE-Leap-Micro 5.5 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-39194: Fixed a flaw in the processing of state filters which could allow a local attackers to disclose sensitive information. (bsc#1215861) - CVE-2023-39193: Fixed a flaw in the processing of state filters which could allow a local attackers to disclose sensitive information. (bsc#1215860) - CVE-2023-39192: Fixed a flaw in the u32_match_it function which could allow a local attackers to disclose sensitive information. (bsc#1215858) - CVE-2023-42754: Fixed a null pointer dereference in ipv4_link_failure which could lead an authenticated attacker to trigger a DoS. (bsc#1215467) - CVE-2023-5345: fixed an use-after-free vulnerability in the fs/smb/client component which could be exploited to achieve local privilege escalation. (bsc#1215899) - CVE-2023-4155: Fixed a flaw in KVM AMD Secure Encrypted Virtualization (SEV). An attacker can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages. (bsc#1214022) - CVE-2023-4389: Fixed a reference counting issue in the Btrfs filesystem that could be exploited in order to leak internal kernel information or crash the system (bsc#1214351). - CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges (bsc#1215150). - CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95% (bsc#1212703). - CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio (bsc#1215275). - CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117). - CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115). - CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs which could be exploited to crash the system (bsc#1210169). - CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221). - CVE-2023-2177: Fixed a null pointer dereference issue in the sctp network protocol which could allow a user to crash the system (bsc#1210643). - CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995). The following non-security bugs were fixed: - ALSA: hda/cirrus: Fix broken audio on hardware with two CS42L42 codecs (git-fixes). - ALSA: hda/realtek: Splitting the UX3402 into two separate models (git-fixes). - ARM: pxa: remove use of symbol_get() (git-fixes). - arm64: csum: Fix OoB access in IP checksum code for negative lengths (git-fixes). - arm64: module-plts: inline linux/moduleloader.h (git-fixes) - arm64: module: Use module_init_layout_section() to spot init sections (git-fixes) - arm64: sdei: abort running SDEI handlers during crash (git-fixes) - arm64: tegra: Update AHUB clock parent and rate (git-fixes) - arm64/fpsimd: Only provide the length to cpufeature for xCR registers (git-fixes) - arm64/hyperv: Use CPUHP_AP_HYPERV_ONLINE state to fix CPU online sequencing (bsc#1206453). - ASoC: amd: yc: Fix non-functional mic on Lenovo 82QF and 82UG (git-fixes). - ASoC: hdaudio.c: Add missing check for devm_kstrdup (git-fixes). - ASoC: imx-audmix: Fix return error with devm_clk_get() (git-fixes). - ASoC: meson: spdifin: start hw on dai probe (git-fixes). - ASoC: rt5640: Fix IRQ not being free-ed for HDA jack detect mode (git-fixes). - ASoC: rt5640: Fix sleep in atomic context (git-fixes). - ASoC: rt5640: Revert "Fix sleep in atomic context" (git-fixes). - ASoC: soc-utils: Export snd_soc_dai_is_dummy() symbol (git-fixes). - ASoC: SOF: core: Only call sof_ops_free() on remove if the probe was successful (git-fixes). - ASoC: tegra: Fix redundant PLLA and PLLA_OUT0 updates (git-fixes). - ata: libata: disallow dev-initiated LPM transitions to unsupported states (git-fixes). - ata: pata_falcon: fix IO base selection for Q40 (git-fixes). - ata: pata_ftide010: Add missing MODULE_DESCRIPTION (git-fixes). - ata: sata_gemini: Add missing MODULE_DESCRIPTION (git-fixes). - backlight: gpio_backlight: Drop output GPIO direction check for initial power state (git-fixes). - blk-iocost: fix divide by 0 error in calc_lcoefs() (bsc#1214986). - blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost (bsc#1214992). - block/mq-deadline: use correct way to throttling write requests (bsc#1214993). - Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition (git-fixes). - bnx2x: new flag for track HW resource allocation (bsc#1202845 bsc#1215322). - bpf: Clear the probe_addr for uprobe (git-fixes). - btrfs: do not hold CPU for too long when defragging a file (bsc#1214988). - clocksource: hyper-v: Mark hyperv tsc page unencrypted in sev-snp enlightened guest (bsc#1206453). - drivers: hv: Mark percpu hvcall input arg page unencrypted in SEV-SNP enlightened guest (bsc#1206453). - Drivers: hv: vmbus: Bring the post_msg_page back for TDX VMs with the paravisor (bsc#1206453). - Drivers: hv: vmbus: Support >64 VPs for a fully enlightened TDX/SNP VM (bsc#1206453). - Drivers: hv: vmbus: Support fully enlightened TDX guests (bsc#1206453). - drm: gm12u320: Fix the timeout usage for usb_bulk_msg() (git-fixes). - drm/amd/display: Add smu write msg id fail retry process (git-fixes). - drm/amd/display: enable cursor degamma for DCN3+ DRM legacy gamma (git-fixes). - drm/amd/display: fix the white screen issue when >= 64GB DRAM (git-fixes). - drm/amd/display: prevent potential division by zero errors (git-fixes). - drm/amd/display: register edp_backlight_control() for DCN301 (git-fixes). - drm/amd/display: Remove wait while locked (git-fixes). - drm/ast: Add BMC virtual connector (bsc#1152472) Backporting changes: * rename ast_device to ast_private - drm/ast: report connection status on Display Port. (bsc#1152472) Backporting changes: * rename ast_device to ast_private * context changes - drm/display: Do not assume dual mode adaptors support i2c sub-addressing (bsc#1213808). - drm/i915: mark requests for GuC virtual engines to avoid use-after-free (git-fixes). - drm/i915/gvt: Drop unused helper intel_vgpu_reset_gtt() (git-fixes). - drm/i915/gvt: Put the page reference obtained by KVM's gfn_to_pfn() (git-fixes). - drm/i915/gvt: Verify pfn is "valid" before dereferencing "struct page" (git-fixes). - drm/meson: fix memory leak on ->hpd_notify callback (git-fixes). - drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling (git-fixes). - drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb() (git-fixes). - ext4: avoid potential data overflow in next_linear_group (bsc#1214951). - ext4: correct inline offset when handling xattrs in inode body (bsc#1214950). - ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} (bsc#1214954). - ext4: fix wrong unit use in ext4_mb_clear_bb (bsc#1214943). - ext4: fix wrong unit use in ext4_mb_new_blocks (bsc#1214944). - ext4: get block from bh in ext4_free_blocks for fast commit replay (bsc#1214942). - ext4: reflect error codes from ext4_multi_mount_protect() to its callers (bsc#1214941). - ext4: Remove ext4 locking of moved directory (bsc#1214957). - ext4: set goal start correctly in ext4_mb_normalize_request (bsc#1214940). - fs: do not update freeing inode i_io_list (bsc#1214813). - fs: Establish locking order for unrelated directories (bsc#1214958). - fs: Lock moved directories (bsc#1214959). - fs: lockd: avoid possible wrong NULL parameter (git-fixes). - fs: no need to check source (bsc#1215752). - fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE (bsc#1214813). - fuse: nlookup missing decrement in fuse_direntplus_link (bsc#1215581). - gve: Add AF_XDP zero-copy support for GQI-QPL format (bsc#1214479). - gve: Add XDP DROP and TX support for GQI-QPL format (bsc#1214479). - gve: Add XDP REDIRECT support for GQI-QPL format (bsc#1214479). - gve: Changes to add new TX queues (bsc#1214479). - gve: Control path for DQO-QPL (bsc#1214479). - gve: fix frag_list chaining (bsc#1214479). - gve: Fix gve interrupt names (bsc#1214479). - gve: RX path for DQO-QPL (bsc#1214479). - gve: trivial spell fix Recive to Receive (bsc#1214479). - gve: Tx path for DQO-QPL (bsc#1214479). - gve: Unify duplicate GQ min pkt desc size constants (bsc#1214479). - gve: use vmalloc_array and vcalloc (bsc#1214479). - gve: XDP support GQI-QPL: helper function changes (bsc#1214479). - hwrng: virtio - add an internal buffer (git-fixes). - hwrng: virtio - always add a pending request (git-fixes). - hwrng: virtio - do not wait on cleanup (git-fixes). - hwrng: virtio - do not waste entropy (git-fixes). - hwrng: virtio - Fix race on data_avail and actual data (git-fixes). - i2c: aspeed: Reset the i2c controller when timeout occurs (git-fixes). - i3c: master: svc: fix probe failure when no i3c device exist (git-fixes). - i915/pmu: Move execlist stats initialization to execlist specific setup (git-fixes). - idr: fix param name in idr_alloc_cyclic() doc (git-fixes). - Input: tca6416-keypad - fix interrupt enable disbalance (git-fixes). - iommu/virtio: Detach domain on endpoint release (git-fixes). - iommu/virtio: Return size mapped for a detached domain (git-fixes). - jbd2: check 'jh->b_transaction' before removing it from checkpoint (bsc#1214953). - jbd2: correct the end of the journal recovery scan range (bsc#1214955). - jbd2: fix a race when checking checkpoint buffer busy (bsc#1214949). - jbd2: fix checkpoint cleanup performance regression (bsc#1214952). - jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint (bsc#1214948). - jbd2: recheck chechpointing non-dirty buffer (bsc#1214945). - jbd2: remove journal_clean_one_cp_list() (bsc#1214947). - jbd2: remove t_checkpoint_io_list (bsc#1214946). - jbd2: restore t_checkpoint_io_list to maintain kABI (bsc#1214946). - kabi: hide changes in enum ipl_type and struct sclp_info (jsc#PED-2023 jsc#PED-2025). - kabi/severities: ignore mlx4 internal symbols - kconfig: fix possible buffer overflow (git-fixes). - kernel-binary: Move build-time definitions together Move source list and build architecture to buildrequires to aid in future reorganization of the spec template. - kernel-binary: python3 is needed for build At least scripts/bpf_helpers_doc.py requires python3 since Linux 4.18 Other simimlar scripts may exist. - kselftest/runner.sh: Propagate SIGTERM to runner child (git-fixes). - KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes (git-fixes bsc#1215915). - KVM: s390: interrupt: use READ_ONCE() before cmpxchg() (git-fixes bsc#1215896). - KVM: s390: pv: fix external interruption loop not always detected (git-fixes bsc#1215916). - KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (git-fixes bsc#1215894). - KVM: s390: vsie: fix the length of APCB bitmap (git-fixes bsc#1215895). - KVM: s390/diag: fix racy access of physical cpu number in diag 9c handler (git-fixes bsc#1215911). - KVM: SVM: Remove a duplicate definition of VMCB_AVIC_APIC_BAR_MASK (git-fixes). - KVM: VMX: Fix header file dependency of asm/vmx.h (git-fixes). - KVM: x86: Fix KVM_CAP_SYNC_REGS's sync_regs() TOCTOU issues (git-fixes). - KVM: x86/mmu: Include mmu.h in spte.h (git-fixes). - loop: Fix use-after-free issues (bsc#1214991). - loop: loop_set_status_from_info() check before assignment (bsc#1214990). - mlx4: Avoid resetting MLX4_INTFF_BONDING per driver (bsc#1187236). - mlx4: Connect the ethernet part to the auxiliary bus (bsc#1187236). - mlx4: Connect the infiniband part to the auxiliary bus (bsc#1187236). - mlx4: Delete custom device management logic (bsc#1187236). - mlx4: Get rid of the mlx4_interface.activate callback (bsc#1187236). - mlx4: Get rid of the mlx4_interface.get_dev callback (bsc#1187236). - mlx4: Move the bond work to the core driver (bsc#1187236). - mlx4: Register mlx4 devices to an auxiliary virtual bus (bsc#1187236). - mlx4: Rename member mlx4_en_dev.nb to netdev_nb (bsc#1187236). - mlx4: Replace the mlx4_interface.event callback with a notifier (bsc#1187236). - mlx4: Use 'void *' as the event param of mlx4_dispatch_event() (bsc#1187236). - module: Expose module_init_layout_section() (git-fixes) - net: do not allow gso_size to be set to GSO_BY_FRAGS (git-fixes). - net: mana: Add page pool for RX buffers (bsc#1214040). - net: mana: Configure hwc timeout from hardware (bsc#1214037). - net: phy: micrel: Correct bit assignments for phy_device flags (git-fixes). - net: usb: qmi_wwan: add Quectel EM05GV2 (git-fixes). - net/mlx4: Remove many unnecessary NULL values (bsc#1187236). - NFS: Guard against READDIR loop when entry names exceed MAXNAMELEN (git-fixes). - NFS/blocklayout: Use the passed in gfp flags (git-fixes). - NFS/pNFS: Report EINVAL errors from connect() to the server (git-fixes). - NFSD: da_addr_body field missing in some GETDEVICEINFO replies (git-fixes). - NFSD: fix change_info in NFSv4 RENAME replies (git-fixes). - NFSD: Fix race to FREE_STATEID and cl_revoked (git-fixes). - NFSv4: Fix dropped lock for racing OPEN and delegation return (git-fixes). - NFSv4: fix out path in __nfs4_get_acl_uncached (git-fixes). - NFSv4.2: fix error handling in nfs42_proc_getxattr (git-fixes). - NFSv4.2: fix handling of COPY ERR_OFFLOAD_NO_REQ (git-fixes). - NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info (git-fixes). - ntb: Clean up tx tail index on link down (git-fixes). - ntb: Drop packets when qp link is down (git-fixes). - ntb: Fix calculation ntb_transport_tx_free_entry() (git-fixes). - nvme-auth: use chap->s2 to indicate bidirectional authentication (bsc#1214543). - nvme-tcp: add recovery_delay to sysfs (bsc#1201284). - nvme-tcp: delay error recovery until the next KATO interval (bsc#1201284). - nvme-tcp: Do not terminate commands when in RESETTING (bsc#1201284). - nvme-tcp: make 'err_work' a delayed work (bsc#1201284). - PCI: Free released resource after coalescing (git-fixes). - platform/mellanox: mlxbf-pmc: Fix potential buffer overflows (git-fixes). - platform/mellanox: mlxbf-pmc: Fix reading of unprogrammed events (git-fixes). - platform/mellanox: mlxbf-tmfifo: Drop jumbo frames (git-fixes). - platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more descriptors (git-fixes). - platform/x86: intel_scu_ipc: Check status after timeout in busy_loop() (git-fixes). - platform/x86: intel_scu_ipc: Check status upon timeout in ipc_wait_for_interrupt() (git-fixes). - platform/x86: intel_scu_ipc: Do not override scu in intel_scu_ipc_dev_simple_command() (git-fixes). - platform/x86: intel_scu_ipc: Fail IPC send if still busy (git-fixes). - pNFS: Fix assignment of xprtdata.cred (git-fixes). - powerpc/fadump: make is_kdump_kernel() return false when fadump is active (bsc#1212639 ltc#202582). - powerpc/iommu: Fix notifiers being shared by PCI and VIO buses (bsc#1065729). - powerpc/xics: Remove unnecessary endian conversion (bsc#1065729). - printk: ringbuffer: Fix truncating buffer size min_t cast (bsc#1215875). - pwm: lpc32xx: Remove handling of PWM channels (git-fixes). - quota: add new helper dquot_active() (bsc#1214998). - quota: factor out dquot_write_dquot() (bsc#1214995). - quota: fix dqput() to follow the guarantees dquot_srcu should provide (bsc#1214963). - quota: fix warning in dqgrab() (bsc#1214962). - quota: Properly disable quotas when add_dquot_ref() fails (bsc#1214961). - quota: rename dquot_active() to inode_quota_active() (bsc#1214997). - RDMA/siw: Fabricate a GID on tun and loopback devices (git-fixes) - s390/dasd: fix command reject error on ESE devices (LTC#203630 bsc#1215123 git-fixes). - s390/dasd: fix hanging device after request requeue (git-fixes LTC#203629 bsc#1215124). - s390/ipl: add DEFINE_GENERIC_LOADPARM() (jsc#PED-2023). - s390/ipl: add eckd dump support (jsc#PED-2025). - s390/ipl: add eckd support (jsc#PED-2023). - s390/ipl: add loadparm parameter to eckd ipl/reipl data (jsc#PED-2023). - s390/ipl: use octal values instead of S_* macros (jsc#PED-2023). - s390/qeth: Do not call dev_close/dev_open (DOWN/UP) (bsc#1214873 git-fixes). - s390/zcrypt: do not leak memory if dev_set_name() fails (git-fixes bsc#1215148). - scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() (git-fixes). - scsi: 53c700: Check that command slot is not NULL (git-fixes). - scsi: core: Fix legacy /proc parsing buffer overflow (git-fixes). - scsi: core: Fix possible memory leak if device_add() fails (git-fixes). - scsi: fnic: Replace return codes in fnic_clean_pending_aborts() (git-fixes). - scsi: lpfc: Do not abuse UUID APIs and LPFC_COMPRESS_VMID_SIZE (git-fixes). - scsi: lpfc: Early return after marking final NLP_DROPPED flag in dev_loss_tmo (git-fixes). - scsi: lpfc: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git-fixes). - scsi: lpfc: Modify when a node should be put in device recovery mode during RSCN (git-fixes). - scsi: lpfc: Prevent use-after-free during rmmod with mapped NVMe rports (git-fixes). - scsi: lpfc: Remove reftag check in DIF paths (git-fixes). - scsi: qedf: Add synchronization between I/O completions and abort (bsc#1210658). - scsi: qedf: Fix firmware halt over suspend and resume (git-fixes). - scsi: qedf: Fix NULL dereference in error handling (git-fixes). - scsi: qedi: Fix firmware halt over suspend and resume (git-fixes). - scsi: qla2xxx: Add logs for SFP temperature monitoring (bsc#1214928). - scsi: qla2xxx: Allow 32-byte CDBs (bsc#1214928). - scsi: qla2xxx: Error code did not return to upper layer (bsc#1214928). - scsi: qla2xxx: Fix firmware resource tracking (bsc#1214928). - scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes). - scsi: qla2xxx: Fix smatch warn for qla_init_iocb_limit() (bsc#1214928). - scsi: qla2xxx: Flush mailbox commands on chip reset (bsc#1214928). - scsi: qla2xxx: Move resource to allow code reuse (bsc#1214928). - scsi: qla2xxx: Remove unsupported ql2xenabledif option (bsc#1214928). - scsi: qla2xxx: Remove unused declarations (bsc#1214928). - scsi: qla2xxx: Remove unused variables in qla24xx_build_scsi_type_6_iocbs() (bsc#1214928). - scsi: qla2xxx: Update version to 10.02.09.100-k (bsc#1214928). - scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() (git-fixes). - scsi: scsi_debug: Remove dead code (git-fixes). - scsi: snic: Fix double free in snic_tgt_create() (git-fixes). - scsi: snic: Fix possible memory leak if device_add() fails (git-fixes). - scsi: storvsc: Handle additional SRB status values (git-fixes). - scsi: zfcp: Fix a double put in zfcp_port_enqueue() (git-fixes bsc#1215941). - selftests: mlxsw: Fix test failure on Spectrum-4 (jsc#PED-1549). - selftests: tracing: Fix to unmount tracefs for recovering environment (git-fixes). - spi: Add TPM HW flow flag (bsc#1213534) - spi: tegra210-quad: Enable TPM wait polling (bsc#1213534) - spi: tegra210-quad: set half duplex flag (bsc#1213534) - SUNRPC: Mark the cred for revalidation if the server rejects it (git-fixes). - tcpm: Avoid soft reset when partner does not support get_status (git-fixes). - tpm_tis_spi: Add hardware wait polling (bsc#1213534) - tracing: Fix race issue between cpu buffer write and swap (git-fixes). - tracing: Remove extra space at the end of hwlat_detector/mode (git-fixes). - tracing: Remove unnecessary copying of tr->current_trace (git-fixes). - uapi: stddef.h: Fix __DECLARE_FLEX_ARRAY for C++ (git-fixes). - udf: Fix extension of the last extent in the file (bsc#1214964). - udf: Fix file corruption when appending just after end of preallocated extent (bsc#1214965). - udf: Fix off-by-one error when discarding preallocation (bsc#1214966). - udf: Fix uninitialized array access for some pathnames (bsc#1214967). - Update metadata - uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix (git-fixes). - usb: ehci: add workaround for chipidea PORTSC.PEC bug (git-fixes). - usb: ehci: move new member has_ci_pec_bug into hole (git-fixes). - usb: serial: option: add FOXCONN T99W368/T99W373 product (git-fixes). - usb: serial: option: add Quectel EM05G variant (0x030e) (git-fixes). - usb: typec: tcpci: clear the fault status bit (git-fixes). - usb: typec: tcpci: move tcpci.h to include/linux/usb/ (git-fixes). - vhost_vdpa: fix the crash in unmap a large memory (git-fixes). - vhost-scsi: unbreak any layout for response (git-fixes). - vhost: allow batching hint without size (git-fixes). - vhost: allow batching hint without size (git-fixes). - vhost: fix hung thread due to erroneous iotlb entries (git-fixes). - vhost: handle error while adding split ranges to iotlb (git-fixes). - virtio_net: add checking sq is full inside xdp xmit (git-fixes). - virtio_net: Fix probe failed when modprobe virtio_net (git-fixes). - virtio_net: reorder some funcs (git-fixes). - virtio_net: separate the logic of checking whether sq is full (git-fixes). - virtio_ring: fix avail_wrap_counter in virtqueue_add_packed (git-fixes). - virtio-blk: set req->state to MQ_RQ_COMPLETE after polling I/O is finished (git-fixes). - virtio-mmio: do not break lifecycle of vm_dev (git-fixes). - virtio-net: fix race between set queues and probe (git-fixes). - virtio-net: set queues after driver_ok (git-fixes). - virtio-rng: make device ready before making request (git-fixes). - virtio: acknowledge all features before access (git-fixes). - vmcore: remove dependency with is_kdump_kernel() for exporting vmcore (bsc#1212639 ltc#202582). - watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load (git-fixes). - word-at-a-time: use the same return type for has_zero regardless of endianness (bsc#1065729). - x86/alternative: Fix race in try_get_desc() (git-fixes). - x86/boot/e820: Fix typo in e820.c comment (git-fixes). - x86/bugs: Reset speculation control settings on init (git-fixes). - x86/coco: Allow CPU online/offline for a TDX VM with the paravisor on Hyper-V (bsc#1206453). - x86/coco: Export cc_vendor (bsc#1206453). - x86/cpu: Add Lunar Lake M (git-fixes). - x86/cpu: Add model number for Intel Arrow Lake processor (git-fixes). - x86/fpu: Take task_struct* in copy_sigframe_from_user_to_xstate() (git-fixes). - x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed (git-fixes). - x86/hyperv: Add hv_isolation_type_tdx() to detect TDX guests (bsc#1206453). - x86/hyperv: Add hv_write_efer() for a TDX VM with the paravisor (bsc#1206453). - x86/hyperv: Add hyperv-specific handling for VMMCALL under SEV-ES (bsc#1206453). - x86/hyperv: Add missing 'inline' to hv_snp_boot_ap() stub (bsc#1206453). - x86/hyperv: Add sev-snp enlightened guest static key (bsc#1206453) - x86/hyperv: Add smp support for SEV-SNP guest (bsc#1206453). - x86/hyperv: Add VTL specific structs and hypercalls (bsc#1206453). - x86/hyperv: Fix hyperv_pcpu_input_arg handling when CPUs go online/offline (bsc#1206453). - x86/hyperv: Fix serial console interrupts for fully enlightened TDX guests (bsc#1206453). - x86/hyperv: Fix undefined reference to isolation_type_en_snp without CONFIG_HYPERV (bsc#1206453). - x86/hyperv: Introduce a global variable hyperv_paravisor_present (bsc#1206453). - x86/hyperv: Mark hv_ghcb_terminate() as noreturn (bsc#1206453). - x86/hyperv: Mark Hyper-V vp assist page unencrypted in SEV-SNP enlightened guest (bsc#1206453). - x86/hyperv: Move the code in ivm.c around to avoid unnecessary ifdef's (bsc#1206453). - x86/hyperv: Remove hv_isolation_type_en_snp (bsc#1206453). - x86/hyperv: Set Virtual Trust Level in VMBus init message (bsc#1206453). - x86/hyperv: Support hypercalls for fully enlightened TDX guests (bsc#1206453). - x86/hyperv: Use TDX GHCI to access some MSRs in a TDX VM with the paravisor (bsc#1206453). - x86/hyperv: Use vmmcall to implement Hyper-V hypercall in sev-snp enlightened guest (bsc#1206453). - x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL (git-fixes). - x86/ioapic: Do not return 0 from arch_dynirq_lower_bound() (git-fixes). - x86/ioremap: Fix page aligned size calculation in __ioremap_caller() (git-fixes). - x86/mce: Retrieve poison range from hardware (git-fixes). - x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build (git-fixes). - x86/mm: Avoid incomplete Global INVLPG flushes (git-fixes). - x86/mm: Do not shuffle CPU entry areas without KASLR (git-fixes). - x86/purgatory: remove PGO flags (git-fixes). - x86/PVH: avoid 32-bit build warning when obtaining VGA console info (git-fixes). - x86/reboot: Disable virtualization in an emergency if SVM is supported (git-fixes). - x86/resctl: fix scheduler confusion with 'current' (git-fixes). - x86/resctrl: Fix task CLOSID/RMID update race (git-fixes). - x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register (git-fixes). - x86/rtc: Remove __init for runtime functions (git-fixes). - x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635). - x86/sgx: Reduce delay and interference of enclave release (git-fixes). - x86/srso: Do not probe microcode in a guest (git-fixes). - x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes). - x86/srso: Fix srso_show_state() side effect (git-fixes). - x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes). - x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows) (git-fixes). - xen: remove a confusing comment on auto-translated guest I/O (git-fixes). - xprtrdma: Remap Receive buffers after a reconnect (git-fixes). kernel-default-5.14.21-150500.55.31.1.nosrc.rpm True kernel-default-5.14.21-150500.55.31.1.x86_64.rpm True kernel-default-base-5.14.21-150500.55.31.1.150500.6.13.1.src.rpm True kernel-default-base-5.14.21-150500.55.31.1.150500.6.13.1.x86_64.rpm True kernel-default-5.14.21-150500.55.31.1.s390x.rpm True kernel-default-5.14.21-150500.55.31.1.aarch64.rpm True kernel-default-base-5.14.21-150500.55.31.1.150500.6.13.1.aarch64.rpm True openSUSE-Leap-Micro-5.5-2023-4601 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for suseconnect-ng fixes the following issues: - Update to version 1.4.0~git0.b0f7c25bfdfa - Added EULA display for addons (bsc#1170267) - Fix zypper argument for auto-agreeing licenses (bsc#1214781) - Enable building on SLE12 SP5 (jsc#PED-3179) - Fixed `provides` to work with yast2-registration on SLE15 SP4 (bsc#1212799) - Improve error message if product set more than once suseconnect-ng-1.4.0~git0.b0f7c25bfdfa-150500.3.6.1.src.rpm suseconnect-ng-1.4.0~git0.b0f7c25bfdfa-150500.3.6.1.x86_64.rpm suseconnect-ng-1.4.0~git0.b0f7c25bfdfa-150500.3.6.1.s390x.rpm suseconnect-ng-1.4.0~git0.b0f7c25bfdfa-150500.3.6.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4108 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for python-urllib3 fixes the following issues: - CVE-2023-43804: Fixed a potential cookie leak via HTTP redirect if the user manually set the corresponding header (bsc#1215968). python-urllib3-1.25.10-150300.4.6.1.src.rpm python3-urllib3-1.25.10-150300.4.6.1.noarch.rpm openSUSE-Leap-Micro-5.5-2023-4035 important SUSE Updates openSUSE-Leap-Micro 5.5 The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-39194: Fixed an out of bounds read in the XFRM subsystem (bsc#1215861). - CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860). - CVE-2023-39192: Fixed an out of bounds read in the netfilter (bsc#1215858). - CVE-2023-42754: Fixed a NULL pointer dereference in the IPv4 stack that could lead to denial of service (bsc#1215467). - CVE-2023-4389: Fixed a reference counting issue in the Btrfs filesystem that could be exploited in order to leak internal kernel information or crash the system (bsc#1214351). - CVE-2023-5345: fixed an use-after-free vulnerability in the fs/smb/client component which could be exploited to achieve local privilege escalation. (bsc#1215899) - CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges (bsc#1215150). - CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95% (bsc#1212703). - CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio (bsc#1215275). - CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117). - CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115). - CVE-2023-4155: Fixed a flaw in KVM AMD Secure Encrypted Virtualization (SEV). An attacker can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages. (bsc#1214022) The following non-security bugs were fixed: - ALSA: hda/realtek: Splitting the UX3402 into two separate models (git-fixes). - arm64: module-plts: inline linux/moduleloader.h (git-fixes) - arm64: module: Use module_init_layout_section() to spot init sections (git-fixes) - arm64: sdei: abort running SDEI handlers during crash (git-fixes) - arm64: tegra: Update AHUB clock parent and rate (git-fixes) - arm64/fpsimd: Only provide the length to cpufeature for xCR registers (git-fixes) - ASoC: amd: yc: Fix non-functional mic on Lenovo 82QF and 82UG (git-fixes). - ASoC: hdaudio.c: Add missing check for devm_kstrdup (git-fixes). - ASoC: imx-audmix: Fix return error with devm_clk_get() (git-fixes). - ASoC: meson: spdifin: start hw on dai probe (git-fixes). - ASoC: rt5640: Fix IRQ not being free-ed for HDA jack detect mode (git-fixes). - ASoC: rt5640: Fix sleep in atomic context (git-fixes). - ASoC: rt5640: Revert "Fix sleep in atomic context" (git-fixes). - ASoC: soc-utils: Export snd_soc_dai_is_dummy() symbol (git-fixes). - ASoC: SOF: core: Only call sof_ops_free() on remove if the probe was successful (git-fixes). - ASoC: tegra: Fix redundant PLLA and PLLA_OUT0 updates (git-fixes). - blk-iocost: fix divide by 0 error in calc_lcoefs() (bsc#1214986). - blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost (bsc#1214992). - block/mq-deadline: use correct way to throttling write requests (bsc#1214993). - bnx2x: new flag for track HW resource allocation (bsc#1202845 bsc#1215322). - clocksource: hyper-v: Mark hyperv tsc page unencrypted in sev-snp enlightened guest (bsc#1206453). - drivers: hv: Mark percpu hvcall input arg page unencrypted in SEV-SNP enlightened guest (bsc#1206453). - Drivers: hv: vmbus: Bring the post_msg_page back for TDX VMs with the paravisor (bsc#1206453). - Drivers: hv: vmbus: Support >64 VPs for a fully enlightened TDX/SNP VM (bsc#1206453). - Drivers: hv: vmbus: Support fully enlightened TDX guests (bsc#1206453). - drm/ast: Add BMC virtual connector (bsc#1152472) Backporting changes: * rename ast_device to ast_private - drm/ast: report connection status on Display Port. (bsc#1152472) Backporting changes: * rename ast_device to ast_private * context changes - drm/display: Do not assume dual mode adaptors support i2c sub-addressing (bsc#1213808). - drm/meson: fix memory leak on ->hpd_notify callback (git-fixes). - drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling (git-fixes). - drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb() (git-fixes). - ext4: avoid potential data overflow in next_linear_group (bsc#1214951). - ext4: correct inline offset when handling xattrs in inode body (bsc#1214950). - ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} (bsc#1214954). - ext4: fix wrong unit use in ext4_mb_clear_bb (bsc#1214943). - ext4: fix wrong unit use in ext4_mb_new_blocks (bsc#1214944). - ext4: get block from bh in ext4_free_blocks for fast commit replay (bsc#1214942). - ext4: reflect error codes from ext4_multi_mount_protect() to its callers (bsc#1214941). - ext4: Remove ext4 locking of moved directory (bsc#1214957). - ext4: set goal start correctly in ext4_mb_normalize_request (bsc#1214940). - fs: Establish locking order for unrelated directories (bsc#1214958). - fs: Lock moved directories (bsc#1214959). - fs: lockd: avoid possible wrong NULL parameter (git-fixes). - fs: no need to check source (bsc#1215752). - fuse: nlookup missing decrement in fuse_direntplus_link (bsc#1215581). - gve: Add AF_XDP zero-copy support for GQI-QPL format (bsc#1214479). - gve: Add XDP DROP and TX support for GQI-QPL format (bsc#1214479). - gve: Add XDP REDIRECT support for GQI-QPL format (bsc#1214479). - gve: Changes to add new TX queues (bsc#1214479). - gve: Control path for DQO-QPL (bsc#1214479). - gve: fix frag_list chaining (bsc#1214479). - gve: Fix gve interrupt names (bsc#1214479). - gve: RX path for DQO-QPL (bsc#1214479). - gve: trivial spell fix Recive to Receive (bsc#1214479). - gve: Tx path for DQO-QPL (bsc#1214479). - gve: Unify duplicate GQ min pkt desc size constants (bsc#1214479). - gve: use vmalloc_array and vcalloc (bsc#1214479). - gve: XDP support GQI-QPL: helper function changes (bsc#1214479). - hwrng: virtio - add an internal buffer (git-fixes). - hwrng: virtio - always add a pending request (git-fixes). - hwrng: virtio - do not wait on cleanup (git-fixes). - hwrng: virtio - do not waste entropy (git-fixes). - hwrng: virtio - Fix race on data_avail and actual data (git-fixes). - i915/pmu: Move execlist stats initialization to execlist specific setup (git-fixes). - iommu/virtio: Detach domain on endpoint release (git-fixes). - iommu/virtio: Return size mapped for a detached domain (git-fixes). - jbd2: check 'jh->b_transaction' before removing it from checkpoint (bsc#1214953). - jbd2: correct the end of the journal recovery scan range (bsc#1214955). - jbd2: fix a race when checking checkpoint buffer busy (bsc#1214949). - jbd2: fix checkpoint cleanup performance regression (bsc#1214952). - jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint (bsc#1214948). - jbd2: recheck chechpointing non-dirty buffer (bsc#1214945). - jbd2: remove journal_clean_one_cp_list() (bsc#1214947). - jbd2: remove t_checkpoint_io_list (bsc#1214946). - jbd2: restore t_checkpoint_io_list to maintain kABI (bsc#1214946). - kernel-binary: Move build-time definitions together Move source list and build architecture to buildrequires to aid in future reorganization of the spec template. - kernel-binary: python3 is needed for build At least scripts/bpf_helpers_doc.py requires python3 since Linux 4.18 Other simimlar scripts may exist. - KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes (git-fixes bsc#1215915). - KVM: s390: interrupt: use READ_ONCE() before cmpxchg() (git-fixes bsc#1215896). - KVM: s390: pv: fix external interruption loop not always detected (git-fixes bsc#1215916). - KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (git-fixes bsc#1215894). - KVM: s390: vsie: fix the length of APCB bitmap (git-fixes bsc#1215895). - KVM: s390/diag: fix racy access of physical cpu number in diag 9c handler (git-fixes bsc#1215911). - KVM: x86: Fix KVM_CAP_SYNC_REGS's sync_regs() TOCTOU issues (git-fixes). - KVM: x86/mmu: Include mmu.h in spte.h (git-fixes). - loop: Fix use-after-free issues (bsc#1214991). - loop: loop_set_status_from_info() check before assignment (bsc#1214990). - module: Expose module_init_layout_section() (git-fixes) - net: do not allow gso_size to be set to GSO_BY_FRAGS (git-fixes). - net: mana: Add page pool for RX buffers (bsc#1214040). - net: mana: Configure hwc timeout from hardware (bsc#1214037). - net: usb: qmi_wwan: add Quectel EM05GV2 (git-fixes). - NFS: Guard against READDIR loop when entry names exceed MAXNAMELEN (git-fixes). - nfs/blocklayout: Use the passed in gfp flags (git-fixes). - NFS/pNFS: Report EINVAL errors from connect() to the server (git-fixes). - NFSD: da_addr_body field missing in some GETDEVICEINFO replies (git-fixes). - nfsd: fix change_info in NFSv4 RENAME replies (git-fixes). - nfsd: Fix race to FREE_STATEID and cl_revoked (git-fixes). - NFSv4: Fix dropped lock for racing OPEN and delegation return (git-fixes). - NFSv4: fix out path in __nfs4_get_acl_uncached (git-fixes). - NFSv4.2: fix error handling in nfs42_proc_getxattr (git-fixes). - NFSv4.2: fix handling of COPY ERR_OFFLOAD_NO_REQ (git-fixes). - NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info (git-fixes). - nvme-auth: use chap->s2 to indicate bidirectional authentication (bsc#1214543). - nvme-tcp: add recovery_delay to sysfs (bsc#1201284). - nvme-tcp: delay error recovery until the next KATO interval (bsc#1201284). - nvme-tcp: Do not terminate commands when in RESETTING (bsc#1201284). - nvme-tcp: make 'err_work' a delayed work (bsc#1201284). - platform/x86: intel_scu_ipc: Check status after timeout in busy_loop() (git-fixes). - platform/x86: intel_scu_ipc: Check status upon timeout in ipc_wait_for_interrupt() (git-fixes). - platform/x86: intel_scu_ipc: Do not override scu in intel_scu_ipc_dev_simple_command() (git-fixes). - platform/x86: intel_scu_ipc: Fail IPC send if still busy (git-fixes). - pNFS: Fix assignment of xprtdata.cred (git-fixes). - powerpc/fadump: make is_kdump_kernel() return false when fadump is active (bsc#1212639 ltc#202582). - printk: ringbuffer: Fix truncating buffer size min_t cast (bsc#1215875). - quota: add new helper dquot_active() (bsc#1214998). - quota: factor out dquot_write_dquot() (bsc#1214995). - quota: fix dqput() to follow the guarantees dquot_srcu should provide (bsc#1214963). - quota: fix warning in dqgrab() (bsc#1214962). - quota: Properly disable quotas when add_dquot_ref() fails (bsc#1214961). - quota: rename dquot_active() to inode_quota_active() (bsc#1214997). - RDMA/siw: Fabricate a GID on tun and loopback devices (git-fixes) - scsi: lpfc: Early return after marking final NLP_DROPPED flag in dev_loss_tmo (git-fixes). - scsi: lpfc: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git-fixes). - scsi: lpfc: Prevent use-after-free during rmmod with mapped NVMe rports (git-fixes). - scsi: qedf: Add synchronization between I/O completions and abort (bsc#1210658). - scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes). - scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() (git-fixes). - scsi: storvsc: Handle additional SRB status values (git-fixes). - scsi: zfcp: Fix a double put in zfcp_port_enqueue() (git-fixes bsc#1215941). - selftests: mlxsw: Fix test failure on Spectrum-4 (jsc#PED-1549). - spi: Add TPM HW flow flag (bsc#1213534) - spi: tegra210-quad: Enable TPM wait polling (bsc#1213534) - spi: tegra210-quad: set half duplex flag (bsc#1213534) - SUNRPC: Mark the cred for revalidation if the server rejects it (git-fixes). - tpm_tis_spi: Add hardware wait polling (bsc#1213534) - uapi: stddef.h: Fix __DECLARE_FLEX_ARRAY for C++ (git-fixes). - udf: Fix extension of the last extent in the file (bsc#1214964). - udf: Fix file corruption when appending just after end of preallocated extent (bsc#1214965). - udf: Fix off-by-one error when discarding preallocation (bsc#1214966). - udf: Fix uninitialized array access for some pathnames (bsc#1214967). - Update metadata - usb: ehci: add workaround for chipidea PORTSC.PEC bug (git-fixes). - usb: ehci: move new member has_ci_pec_bug into hole (git-fixes). - vhost_vdpa: fix the crash in unmap a large memory (git-fixes). - vhost-scsi: unbreak any layout for response (git-fixes). - vhost: allow batching hint without size (git-fixes). - vhost: allow batching hint without size (git-fixes). - vhost: fix hung thread due to erroneous iotlb entries (git-fixes). - vhost: handle error while adding split ranges to iotlb (git-fixes). - virtio_net: add checking sq is full inside xdp xmit (git-fixes). - virtio_net: Fix probe failed when modprobe virtio_net (git-fixes). - virtio_net: reorder some funcs (git-fixes). - virtio_net: separate the logic of checking whether sq is full (git-fixes). - virtio_ring: fix avail_wrap_counter in virtqueue_add_packed (git-fixes). - virtio-blk: set req->state to MQ_RQ_COMPLETE after polling I/O is finished (git-fixes). - virtio-mmio: do not break lifecycle of vm_dev (git-fixes). - virtio-net: fix race between set queues and probe (git-fixes). - virtio-net: set queues after driver_ok (git-fixes). - virtio-rng: make device ready before making request (git-fixes). - virtio: acknowledge all features before access (git-fixes). - vmcore: remove dependency with is_kdump_kernel() for exporting vmcore (bsc#1212639 ltc#202582). - x86/coco: Allow CPU online/offline for a TDX VM with the paravisor on Hyper-V (bsc#1206453). - x86/coco: Export cc_vendor (bsc#1206453). - x86/hyperv: Add hv_write_efer() for a TDX VM with the paravisor (bsc#1206453). - x86/hyperv: Add hyperv-specific handling for VMMCALL under SEV-ES (bsc#1206453). - x86/hyperv: Add missing 'inline' to hv_snp_boot_ap() stub (bsc#1206453). - x86/hyperv: Add sev-snp enlightened guest static key (bsc#1206453) - x86/hyperv: Add smp support for SEV-SNP guest (bsc#1206453). - x86/hyperv: Add VTL specific structs and hypercalls (bsc#1206453). - x86/hyperv: Fix serial console interrupts for fully enlightened TDX guests (bsc#1206453). - x86/hyperv: Fix undefined reference to isolation_type_en_snp without CONFIG_HYPERV (bsc#1206453). - x86/hyperv: Introduce a global variable hyperv_paravisor_present (bsc#1206453). - x86/hyperv: Mark hv_ghcb_terminate() as noreturn (bsc#1206453). - x86/hyperv: Mark Hyper-V vp assist page unencrypted in SEV-SNP enlightened guest (bsc#1206453). - x86/hyperv: Move the code in ivm.c around to avoid unnecessary ifdef's (bsc#1206453). - x86/hyperv: Remove hv_isolation_type_en_snp (bsc#1206453). - x86/hyperv: Set Virtual Trust Level in VMBus init message (bsc#1206453). - x86/hyperv: Support hypercalls for fully enlightened TDX guests (bsc#1206453). - x86/hyperv: Use TDX GHCI to access some MSRs in a TDX VM with the paravisor (bsc#1206453). - x86/hyperv: Use vmmcall to implement Hyper-V hypercall in sev-snp enlightened guest (bsc#1206453). - x86/PVH: avoid 32-bit build warning when obtaining VGA console info (git-fixes). - x86/srso: Do not probe microcode in a guest (git-fixes). - x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes). - x86/srso: Fix srso_show_state() side effect (git-fixes). - x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes). - xen: remove a confusing comment on auto-translated guest I/O (git-fixes). - xprtrdma: Remap Receive buffers after a reconnect (git-fixes). kernel-rt-5.14.21-150500.13.21.1.nosrc.rpm True kernel-rt-5.14.21-150500.13.21.1.x86_64.rpm True openSUSE-Leap-Micro-5.5-2023-4054 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for xen fixes the following issues: - CVE-2023-34323: A transaction conflict can crash C Xenstored (XSA-440, bsc#1215744) - CVE-2023-34326: Missing IOMMU TLB flushing (XSA-442, bsc#1215746) - CVE-2023-34325: Multiple vulnerabilities in libfsimage disk handling (XSA-443, bsc#1215747) - CVE-2023-34327: Debug Mask handling (XSA-444, bsc#1215748) - CVE-2023-34328: Debug Mask handling (XSA-444, bsc#1215748) xen-4.17.2_06-150500.3.12.1.src.rpm xen-libs-4.17.2_06-150500.3.12.1.x86_64.rpm openSUSE-Leap-Micro-5.5-2023-4076 important SUSE Updates openSUSE-Leap-Micro 5.5 This update of cni fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). cni-1.1.2-150500.3.2.1.src.rpm cni-1.1.2-150500.3.2.1.x86_64.rpm cni-1.1.2-150500.3.2.1.s390x.rpm cni-1.1.2-150500.3.2.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4075 important SUSE Updates openSUSE-Leap-Micro 5.5 This update of cni-plugins fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). cni-plugins-1.1.1-150500.3.2.1.src.rpm cni-plugins-1.1.1-150500.3.2.1.x86_64.rpm cni-plugins-1.1.1-150500.3.2.1.s390x.rpm cni-plugins-1.1.1-150500.3.2.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4089 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for opensc fixes the following issues: - CVE-2023-40660: Fixed a PIN bypass that could be triggered when cards tracked their own login state (bsc#1215762). - CVE-2023-40661: Fixed several memory safety issues that could happen during the card enrollment process using pkcs15-init (bsc#1215761). opensc-0.22.0-150400.3.6.1.src.rpm opensc-0.22.0-150400.3.6.1.x86_64.rpm opensc-0.22.0-150400.3.6.1.s390x.rpm opensc-0.22.0-150400.3.6.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4105 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for openssl-1_1 fixes the following issues: - Displays "fips" in the version string (bsc#1215215) libopenssl-1_1-devel-1.1.1l-150500.17.19.1.x86_64.rpm libopenssl1_1-1.1.1l-150500.17.19.1.x86_64.rpm libopenssl1_1-hmac-1.1.1l-150500.17.19.1.x86_64.rpm openssl-1_1-1.1.1l-150500.17.19.1.src.rpm openssl-1_1-1.1.1l-150500.17.19.1.x86_64.rpm libopenssl-1_1-devel-1.1.1l-150500.17.19.1.s390x.rpm libopenssl1_1-1.1.1l-150500.17.19.1.s390x.rpm libopenssl1_1-hmac-1.1.1l-150500.17.19.1.s390x.rpm openssl-1_1-1.1.1l-150500.17.19.1.s390x.rpm libopenssl-1_1-devel-1.1.1l-150500.17.19.1.aarch64.rpm libopenssl1_1-1.1.1l-150500.17.19.1.aarch64.rpm libopenssl1_1-hmac-1.1.1l-150500.17.19.1.aarch64.rpm openssl-1_1-1.1.1l-150500.17.19.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4388 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for salt fixes the following issues: Security issues fixed: - CVE-2023-34049: arbitrary code execution via symlink attack (bsc#1215157) Bugs fixed: - Fix optimization_order opt to prevent testsuite fails - Improve salt.utils.json.find_json to avoid fails (bsc#1213293) - Use salt-call from salt bundle with transactional_update - Only call native_str on curl_debug message in tornado when needed - Implement the calling for batch async from the salt CLI - Fix calculation of SLS context vars when trailing dots on targetted sls/state (bsc#1213518) - Rename salt-tests to python3-salt-testsuite - Allow all primitive grain types for autosign_grains (bsc#1214477) python-simplejson-3.17.2-150300.3.4.1.src.rpm True python3-simplejson-3.17.2-150300.3.4.1.x86_64.rpm True python3-simplejson-3.17.2-150300.3.4.1.s390x.rpm True python3-simplejson-3.17.2-150300.3.4.1.aarch64.rpm True openSUSE-Leap-Micro-5.5-2023-4386 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for salt fixes the following issues: Security issues fixed: - CVE-2023-34049: arbitrary code execution via symlink attack (bsc#1215157) Bugs fixed: - Fix optimization_order opt to prevent testsuite fails - Improve salt.utils.json.find_json to avoid fails (bsc#1213293) - Use salt-call from salt bundle with transactional_update - Only call native_str on curl_debug message in tornado when needed - Implement the calling for batch async from the salt CLI - Fix calculation of SLS context vars when trailing dots on targetted sls/state (bsc#1213518) - Rename salt-tests to python3-salt-testsuite - Allow all primitive grain types for autosign_grains (bsc#1214477) python3-salt-3006.0-150500.4.24.2.x86_64.rpm True salt-3006.0-150500.4.24.2.src.rpm True salt-3006.0-150500.4.24.2.x86_64.rpm True salt-minion-3006.0-150500.4.24.2.x86_64.rpm True salt-transactional-update-3006.0-150500.4.24.2.x86_64.rpm True python3-salt-3006.0-150500.4.24.2.s390x.rpm True salt-3006.0-150500.4.24.2.s390x.rpm True salt-minion-3006.0-150500.4.24.2.s390x.rpm True salt-transactional-update-3006.0-150500.4.24.2.s390x.rpm True python3-salt-3006.0-150500.4.24.2.aarch64.rpm True salt-3006.0-150500.4.24.2.aarch64.rpm True salt-minion-3006.0-150500.4.24.2.aarch64.rpm True salt-transactional-update-3006.0-150500.4.24.2.aarch64.rpm True openSUSE-Leap-Micro-5.5-2023-4936 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for docker, rootlesskit fixes the following issues: docker: - Update to Docker 24.0.7-ce. See upstream changelong online at https://docs.docker.com/engine/release-notes/24.0/#2407>. bsc#1217513 * Deny containers access to /sys/devices/virtual/powercap by default. - CVE-2020-8694 bsc#1170415 - CVE-2020-8695 bsc#1170446 - CVE-2020-12912 bsc#1178760 - Update to Docker 24.0.6-ce. See upstream changelong online at https://docs.docker.com/engine/release-notes/24.0/#2406 . bsc#1215323 - Add a docker.socket unit file, but with socket activation effectively disabled to ensure that Docker will always run even if you start the socket individually. Users should probably just ignore this unit file. bsc#1210141 - Update to Docker 24.0.5-ce. See upstream changelong online at https://docs.docker.com/engine/release-notes/24.0/#2405 . bsc#1213229 This update ships docker-rootless support in the docker-rootless-extra package. (jsc#PED-6180) rootlesskit: - new package, for docker rootless support. (jsc#PED-6180) Updating docker will restart the docker service, which may stop some of your docker containers. Do you want to proceed with the update? docker-24.0.7_ce-150000.190.4.src.rpm docker-24.0.7_ce-150000.190.4.x86_64.rpm docker-24.0.7_ce-150000.190.4.s390x.rpm docker-24.0.7_ce-150000.190.4.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4139 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for containerd, runc fixes the following issues: runc was updated to v1.1.9. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.9 containerd was updated to containerd v1.7.7 for Docker v24.0.6-ce. Upstream release notes: - https://github.com/containerd/containerd/releases/tag/v1.7.7 - https://github.com/containerd/containerd/releases/tag/v1.7.6 bsc#1215323 - Add `Provides: cri-runtime` to use containerd as container runtime in Factory Kubernetes packages containerd-1.7.7-150000.100.1.src.rpm containerd-1.7.7-150000.100.1.x86_64.rpm runc-1.1.9-150000.52.2.src.rpm runc-1.1.9-150000.52.2.x86_64.rpm containerd-1.7.7-150000.100.1.s390x.rpm runc-1.1.9-150000.52.2.s390x.rpm containerd-1.7.7-150000.100.1.aarch64.rpm runc-1.1.9-150000.52.2.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4538 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for screen fixes the following issue: - screen is shipped to SUSE Linux Enterprise Micro 5.3, 5.4 and 5.5. screen-4.6.2-150000.5.5.1.src.rpm screen-4.6.2-150000.5.5.1.x86_64.rpm screen-4.6.2-150000.5.5.1.s390x.rpm screen-4.6.2-150000.5.5.1.ppc64le.rpm screen-4.6.2-150000.5.5.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4268 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for pciutils fixes the following issues: - Buffer overflow error that would cause lspci to crash on systems with complex topologies (bsc#1215265) libpci3-3.5.6-150300.13.6.1.x86_64.rpm pciutils-3.5.6-150300.13.6.1.src.rpm pciutils-3.5.6-150300.13.6.1.x86_64.rpm libpci3-3.5.6-150300.13.6.1.s390x.rpm pciutils-3.5.6-150300.13.6.1.s390x.rpm libpci3-3.5.6-150300.13.6.1.aarch64.rpm pciutils-3.5.6-150300.13.6.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4136 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for suse-module-tools fixes the following issues: - Update to version 15.5.3: - CVE-2023-1829: Blacklisted the Linux kernel tcindex classifier module (bsc#1210335). - CVE-2023-23559: Blacklisted the Linux kernel RNDIS modules (bsc#1205767, jsc#PED-5731). suse-module-tools-15.5.3-150500.3.6.1.src.rpm suse-module-tools-15.5.3-150500.3.6.1.x86_64.rpm suse-module-tools-15.5.3-150500.3.6.1.s390x.rpm suse-module-tools-15.5.3-150500.3.6.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4192 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for libssh2_org fixes the following issues: - Upgrade to version 1.11.0 in SLE-15: [jsc#PED-7040] Update to 1.11.0: * Enhancements and bugfixes - Adds support for encrypt-then-mac (ETM) MACs - Adds support for AES-GCM crypto protocols - Adds support for sk-ecdsa-sha2-nistp256 and sk-ssh-ed25519 keys - Adds support for RSA certificate authentication - Adds FIDO support with *_sk() functions - Adds RSA-SHA2 key upgrading to OpenSSL, WinCNG, mbedTLS, OS400 backends - Adds Agent Forwarding and libssh2_agent_sign() - Adds support for Channel Signal message libssh2_channel_signal_ex() - Adds support to get the user auth banner message libssh2_userauth_banner() - Adds LIBSSH2_NO_{MD5, HMAC_RIPEMD, DSA, RSA, RSA_SHA1, ECDSA, ED25519, AES_CBC, AES_CTR, BLOWFISH, RC4, CAST, 3DES} options - Adds direct stream UNIX sockets with libssh2_channel_direct_streamlocal_ex() - Adds wolfSSL support to CMake file - Adds mbedTLS 3.x support - Adds LibreSSL 3.5 support - Adds support for CMake "unity" builds - Adds CMake support for building shared and static libs in a single pass - Adds symbol hiding support to CMake - Adds support for libssh2.rc for all build tools - Adds .zip, .tar.xz and .tar.bz2 release tarballs - Enables ed25519 key support for LibreSSL 3.7.0 or higher - Improves OpenSSL 1.1 and 3 compatibility - Now requires OpenSSL 1.0.2 or newer - Now requires CMake 3.1 or newer - SFTP: Adds libssh2_sftp_open_ex_r() and libssh2_sftp_open_r() extended APIs - SFTP: No longer has a packet limit when reading a directory - SFTP: now parses attribute extensions if they exist - SFTP: no longer will busy loop if SFTP fails to initialize - SFTP: now clear various errors as expected - SFTP: no longer skips files if the line buffer is too small - SCP: add option to not quote paths - SCP: Enables 64-bit offset support unconditionally - Now skips leading \r and \n characters in banner_receive() - Enables secure memory zeroing with all build tools on all platforms - No longer logs SSH_MSG_REQUEST_FAILURE packets from keepalive - Speed up base64 encoding by 7x - Assert if there is an attempt to write a value that is too large - WinCNG: fix memory leak in _libssh2_dh_secret() - Added protection against possible null pointer dereferences - Agent now handles overly large comment lengths - Now ensure KEX replies don't include extra bytes - Fixed possible buffer overflow when receiving SSH_MSG_USERAUTH_BANNER - Fixed possible buffer overflow in keyboard interactive code path - Fixed overlapping memcpy() - Fixed Windows UWP builds - Fixed DLL import name - Renamed local RANDOM_PADDING macro to avoid unexpected define on Windows - Support for building with gcc versions older than 8 - Improvements to CMake, Makefile, NMakefile, GNUmakefile, autoreconf files - Restores ANSI C89 compliance - Enabled new compiler warnings and fixed/silenced them - Improved error messages - Now uses CIFuzz - Numerous minor code improvements - Improvements to CI builds - Improvements to unit tests - Improvements to doc files - Improvements to example files - Removed "old gex" build option - Removed no-encryption/no-mac builds - Removed support for NetWare and Watcom wmake build files - Bump to version 1.10.0 * Enhancements and bugfixes: * support ECDSA certificate authentication * fix detailed _libssh2_error being overwritten by generic errors * unified error handling * fix _libssh2_random() silently discarding errors * don't error if using keys without RSA * avoid OpenSSL latent error in FIPS mode * fix EVP_Cipher interface change in openssl 3 * fix potential overwrite of buffer when reading stdout of command * use string_buf in ecdh_sha2_nistp() to avoid attempting to parse malformed data * correct a typo which may lead to stack overflow * fix random big number generation to match openssl * added key exchange group16-sha512 and group18-sha512. * add support for an OSS Fuzzer fuzzing target * adds support for ECDSA for both key exchange and host key algorithms * clean up curve25519 code * update the min, preferred and max DH group values based on RFC 8270. * changed type of LIBSSH2_FX_* constants to unsigned long * added diffie-hellman-group14-sha256 kex * fix for use of uninitialized aes_ctr_cipher.key_len when using HAVE_OPAQUE_STRUCTS, regression * fixes memory leaks and use after free AES EVP_CIPHER contexts when using OpenSSL 1.0.x. * fixes crash with delayed compression option using Bitvise server. * adds support for PKIX key reading * use new API to parse data in packet_x11_open() for better bounds checking. * double the static buffer size when reading and writing known hosts * improved bounds checking in packet_queue_listener * improve message parsing (CVE-2019-17498) * improve bounds checking in kex_agree_methods() * adding SSH agent forwarding. * fix agent forwarding message, updated example. * added integration test code and cmake target. Added example to cmake list. * don't call `libssh2_crypto_exit()` until `_libssh2_initialized` count is down to zero. * add an EWOULDBLOCK check for better portability * fix off by one error when loading public keys with no id * fix use-after-free crash on reinitialization of openssl backend * preserve error info from agent_list_identities() * make sure the error code is set in _libssh2_channel_open() * fixed misspellings * fix potential typecast error for `_libssh2_ecdsa_key_get_curve_type` * rename _libssh2_ecdsa_key_get_curve_type to _libssh2_ecdsa_get_curve_type libssh2-1-1.11.0-150000.4.19.1.x86_64.rpm libssh2_org-1.11.0-150000.4.19.1.src.rpm libssh2-1-1.11.0-150000.4.19.1.s390x.rpm libssh2-1-1.11.0-150000.4.19.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4897 low SUSE Updates openSUSE-Leap-Micro 5.5 This update for openslp bumps the version number to ensure a clean upgrade path from SLE-12 to SLE-15. This is a no-change rebuild of the packages already available in SLE-15. openslp-2.0.0-150000.6.17.1.src.rpm openslp-2.0.0-150000.6.17.1.x86_64.rpm openslp-2.0.0-150000.6.17.1.s390x.rpm openslp-2.0.0-150000.6.17.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4711 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for wireless-regdb fixes the following issues: - Update all regulatory rules(v.20230901) for various countries (bsc#1029961) wireless-regdb-20230901-150000.3.17.1.noarch.rpm wireless-regdb-20230901-150000.3.17.1.src.rpm openSUSE-Leap-Micro-5.5-2023-4200 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) libnghttp2-14-1.40.0-150200.12.1.x86_64.rpm nghttp2-1.40.0-150200.12.1.src.rpm libnghttp2-14-1.40.0-150200.12.1.s390x.rpm libnghttp2-14-1.40.0-150200.12.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4225 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for zchunk fixes the following issues: - CVE-2023-46228: Fixed a handle overflow errors in malformed zchunk files. (bsc#1216268) libzck1-1.1.16-150400.3.7.1.x86_64.rpm zchunk-1.1.16-150400.3.7.1.src.rpm libzck1-1.1.16-150400.3.7.1.s390x.rpm libzck1-1.1.16-150400.3.7.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4215 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). libz1-1.2.13-150500.4.3.1.x86_64.rpm zlib-1.2.13-150500.4.3.1.src.rpm zlib-devel-1.2.13-150500.4.3.1.x86_64.rpm libz1-1.2.13-150500.4.3.1.s390x.rpm zlib-devel-1.2.13-150500.4.3.1.s390x.rpm libz1-1.2.13-150500.4.3.1.aarch64.rpm zlib-devel-1.2.13-150500.4.3.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2024-22 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for libica, openssl-ibmca fixes the following issues: Changes in libica: - Added library in openssl3 flavor [bsc#1207472] Changes in openssl-ibmca: - Add a additional openssl engine for openssl 3 [bsc#1207472] libica-4.2.1-150500.3.3.7.src.rpm libica-tools-4.2.1-150500.3.3.7.s390x.rpm libica4-4.2.1-150500.3.3.7.s390x.rpm openssl-ibmca-2.4.0-150500.6.3.1.s390x.rpm openssl-ibmca-2.4.0-150500.6.3.1.src.rpm openSUSE-Leap-Micro-5.5-2023-4937 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for sg3_utils fixes the following issues: - Update to version 1.47+15.b6898b8 - L3-Question: rescan-scsi-bus.sh resize not detected (bsc#1215720). - Packman Discord package upgrade lockout defeat inoperative (bsc#1216355). - sg3_utils package doesn't rebuild initrd (bsc#1215772). - rescan-scsi-bus.sh: improve cleanup on exit (gh#doug-gilbert/sg3_utils#44) libsgutils2-1_47-2-1.47+15.b6898b8-150400.3.11.1.x86_64.rpm sg3_utils-1.47+15.b6898b8-150400.3.11.1.src.rpm sg3_utils-1.47+15.b6898b8-150400.3.11.1.x86_64.rpm libsgutils2-1_47-2-1.47+15.b6898b8-150400.3.11.1.s390x.rpm sg3_utils-1.47+15.b6898b8-150400.3.11.1.s390x.rpm libsgutils2-1_47-2-1.47+15.b6898b8-150400.3.11.1.aarch64.rpm sg3_utils-1.47+15.b6898b8-150400.3.11.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4310 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir libtirpc-1.3.4-150300.3.20.1.src.rpm libtirpc-netconfig-1.3.4-150300.3.20.1.x86_64.rpm libtirpc3-1.3.4-150300.3.20.1.x86_64.rpm libtirpc-netconfig-1.3.4-150300.3.20.1.s390x.rpm libtirpc3-1.3.4-150300.3.20.1.s390x.rpm libtirpc-netconfig-1.3.4-150300.3.20.1.aarch64.rpm libtirpc3-1.3.4-150300.3.20.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4227 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for open-vm-tools fixes the following issues: - CVE-2023-34058: Fixed a SAML token signature bypass issue (bsc#1216432). - CVE-2023-34059: Fixed a privilege escalation issue through vmware-user-suid-wrapper (bsc#1216433). libvmtools0-12.3.0-150300.43.1.x86_64.rpm open-vm-tools-12.3.0-150300.43.1.src.rpm open-vm-tools-12.3.0-150300.43.1.x86_64.rpm openSUSE-Leap-Micro-5.5-2023-4583 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for python-psutil, python-requests fixes the following issues: - update python-psutil to 5.9.1 (bsc#1199282, bsc#1184753, jsc#SLE-24629, jsc#PM-3243, gh#giampaolo/psutil#2043) - Fix tests: setuptools changed the builddir library path and does not find the module from it. Use the installed platlib instead and exclude psutil.tests only later. - remove the dependency on net-tools, since it conflicts with busybox-hostnmame which is default on MicroOS - Update python-requests to 2.25.1 (bsc#1176785, bsc#1170175, jsc#ECO-3105, jsc#PM-2352, jsc#PED-7192) - Fixed bug with unintended Authorization header stripping for redirects using default ports (bsc#1111622). python-psutil-5.9.1-150300.3.6.1.src.rpm python-requests-2.25.1-150300.3.6.1.src.rpm python3-psutil-5.9.1-150300.3.6.1.x86_64.rpm python3-requests-2.25.1-150300.3.6.1.noarch.rpm python3-psutil-5.9.1-150300.3.6.1.s390x.rpm python3-psutil-5.9.1-150300.3.6.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4716 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for git fixes the following issues: - Add rule for /etc/gitconfig in gitweb.cgi apparmor profile (bsc#1216501). - gitweb.cgi AppArmor profile - make the profile a named profile - add local/include to make custom additions easier git-2.35.3-150300.10.33.1.src.rpm git-2.35.3-150300.10.33.1.x86_64.rpm git-core-2.35.3-150300.10.33.1.x86_64.rpm perl-Git-2.35.3-150300.10.33.1.x86_64.rpm git-2.35.3-150300.10.33.1.s390x.rpm git-core-2.35.3-150300.10.33.1.s390x.rpm perl-Git-2.35.3-150300.10.33.1.s390x.rpm git-2.35.3-150300.10.33.1.aarch64.rpm git-core-2.35.3-150300.10.33.1.aarch64.rpm perl-Git-2.35.3-150300.10.33.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4534 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for libzypp, zypper fixes the following issues: - Preliminary disable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091) - Fix comment typo on zypp.conf (bsc#1215979) - Attempt to delay %transfiletrigger(postun|in) execution if rpm supports it (bsc#1041742) - Make sure the old target is deleted before a new one is created (bsc#1203760) - Return 104 also if info suggests near matches - Rephrase upgrade message for openSUSE Tumbleweed (bsc#1212422) - commit: Insert a headline to separate output of different rpm scripts (bsc#1041742) libzypp-17.31.22-150400.3.43.1.src.rpm True libzypp-17.31.22-150400.3.43.1.x86_64.rpm True zypper-1.14.66-150400.3.35.1.src.rpm True zypper-1.14.66-150400.3.35.1.x86_64.rpm True zypper-needs-restarting-1.14.66-150400.3.35.1.noarch.rpm True libzypp-17.31.22-150400.3.43.1.s390x.rpm True zypper-1.14.66-150400.3.35.1.s390x.rpm True libzypp-17.31.22-150400.3.43.1.aarch64.rpm True zypper-1.14.66-150400.3.35.1.aarch64.rpm True openSUSE-Leap-Micro-5.5-2023-4467 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for python-urllib3 fixes the following issues: - CVE-2023-45803: Fix a request body leak that could occur when receiving a 303 HTTP response (bsc#1216377). python-urllib3-1.25.10-150300.4.9.1.src.rpm python3-urllib3-1.25.10-150300.4.9.1.noarch.rpm openSUSE-Leap-Micro-5.5-2023-4644 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for psmisc fixes the following issues: - Fix version number when building the package psmisc-23.0-150000.6.25.1.src.rpm psmisc-23.0-150000.6.25.1.x86_64.rpm psmisc-23.0-150000.6.25.1.s390x.rpm psmisc-23.0-150000.6.25.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4700 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for p11-kit fixes the following issues: - Ensure that programs using <p11-kit/pkcs11x.h> can be compiled with CRYPTOKI_GNU. Fixes GnuTLS builds (jsc#PED-6705). libp11-kit0-0.23.22-150500.8.3.1.x86_64.rpm p11-kit-0.23.22-150500.8.3.1.src.rpm p11-kit-0.23.22-150500.8.3.1.x86_64.rpm p11-kit-tools-0.23.22-150500.8.3.1.x86_64.rpm libp11-kit0-0.23.22-150500.8.3.1.s390x.rpm p11-kit-0.23.22-150500.8.3.1.s390x.rpm p11-kit-tools-0.23.22-150500.8.3.1.s390x.rpm libp11-kit0-0.23.22-150500.8.3.1.aarch64.rpm p11-kit-0.23.22-150500.8.3.1.aarch64.rpm p11-kit-tools-0.23.22-150500.8.3.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4503 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for avahi fixes the following issues: - CVE-2023-38470: Ensure each label is at least one byte long (bsc#1215947). - CVE-2023-38473: Fixed a reachable assertion when parsing a host name (bsc#1216419). avahi-0.8-150400.7.10.1.src.rpm avahi-0.8-150400.7.10.1.x86_64.rpm libavahi-client3-0.8-150400.7.10.1.x86_64.rpm libavahi-common3-0.8-150400.7.10.1.x86_64.rpm libavahi-core7-0.8-150400.7.10.1.x86_64.rpm avahi-0.8-150400.7.10.1.s390x.rpm libavahi-client3-0.8-150400.7.10.1.s390x.rpm libavahi-common3-0.8-150400.7.10.1.s390x.rpm libavahi-core7-0.8-150400.7.10.1.s390x.rpm avahi-0.8-150400.7.10.1.aarch64.rpm libavahi-client3-0.8-150400.7.10.1.aarch64.rpm libavahi-common3-0.8-150400.7.10.1.aarch64.rpm libavahi-core7-0.8-150400.7.10.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4375 important SUSE Updates openSUSE-Leap-Micro 5.5 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215095) - CVE-2023-46813: Fixed a local privilege escalation with user-space programs that have access to MMIO regions (bsc#1212649). - CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize) that could cause a local DoS. (bsc#1210778) - CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860). - CVE-2023-5178: Fixed an use-after-free and a double-free flaw that could allow a malicious user to execute a remote code execution. (bsc#1215768) - CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215518) - CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745). - CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046) - CVE-2023-39191: Fixed a lack of validation of dynamic pointers within user-supplied eBPF programs that may have allowed an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code. (bsc#1215863) The following non-security bugs were fixed: - 9p: virtio: make sure 'offs' is initialized in zc_request (git-fixes). - ACPI: irq: Fix incorrect return value in acpi_register_gsi() (git-fixes). - ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA (git-fixes). - ALSA: hda/realtek - ALC287 I2S speaker platform support (git-fixes). - ALSA: hda/realtek - ALC287 merge RTK codec with CS CS35L41 AMP (git-fixes). - ALSA: hda/realtek - Fixed ASUS platform headset Mic issue (git-fixes). - ALSA: hda/realtek - Fixed two speaker platform (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS ROG GU603ZV (git-fixes). - ALSA: hda/realtek: Change model for Intel RVP board (git-fixes). - ALSA: hda/relatek: Enable Mute LED on HP Laptop 15s-fq5xxx (git-fixes). - ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre M70q (git-fixes). - ALSA: hda: intel-dsp-cfg: add LunarLake support (git-fixes). - ALSA: hda: intel-sdw-acpi: Use u8 type for link index (git-fixes). - ALSA: usb-audio: Fix microphone sound on Nexigo webcam (git-fixes). - ALSA: usb-audio: Fix microphone sound on Opencomm2 Headset (git-fixes). - ASoC: amd: yc: Fix non-functional mic on Lenovo 82YM (git-fixes). - ASoC: codecs: wcd938x-sdw: fix runtime PM imbalance on probe errors (git-fixes). - ASoC: codecs: wcd938x-sdw: fix use after free on driver unbind (git-fixes). - ASoC: codecs: wcd938x: drop bogus bind error handling (git-fixes). - ASoC: codecs: wcd938x: fix unbind tear down order (git-fixes). - ASoC: fsl: imx-pcm-rpmsg: Add SNDRV_PCM_INFO_BATCH flag (git-fixes). - ASoC: imx-rpmsg: Set ignore_pmdown_time for dai_link (git-fixes). - ASoC: pxa: fix a memory leak in probe() (git-fixes). - Bluetooth: Avoid redundant authentication (git-fixes). - Bluetooth: Fix a refcnt underflow problem for hci_conn (git-fixes). - Bluetooth: ISO: Fix handling of listen for unicast (git-fixes). - Bluetooth: Reject connection with the device which has same BD_ADDR (git-fixes). - Bluetooth: avoid memcmp() out of bounds warning (git-fixes). - Bluetooth: btusb: add shutdown function for QCA6174 (git-fixes). - Bluetooth: hci_codec: Fix leaking content of local_codecs (git-fixes). - Bluetooth: hci_event: Fix coding style (git-fixes). - Bluetooth: hci_event: Fix using memcmp when comparing keys (git-fixes). - Bluetooth: hci_event: Ignore NULL link key (git-fixes). - Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name (git-fixes). - Bluetooth: hci_sock: fix slab oob read in create_monitor_event (git-fixes). - Bluetooth: vhci: Fix race when opening vhci device (git-fixes). - Documentation: qat: change kernel version (PED-6401). - Documentation: qat: rewrite description (PED-6401). - Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (git-fixes). - Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs (git-fixes). - HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event (git-fixes). - HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit (git-fixes). - HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect (git-fixes). - HID: multitouch: Add required quirk for Synaptics 0xcd7e device (git-fixes). - HID: sony: Fix a potential memory leak in sony_probe() (git-fixes). - HID: sony: remove duplicate NULL check before calling usb_free_urb() (git-fixes). - IB/mlx4: Fix the size of a buffer in add_port_entries() (git-fixes) - Input: goodix - ensure int GPIO is in input for gpio_count == 1 && gpio_int_idx == 0 case (git-fixes). - Input: powermate - fix use-after-free in powermate_config_complete (git-fixes). - Input: psmouse - fix fast_reconnect function for PS/2 mode (git-fixes). - Input: xpad - add PXN V900 support (git-fixes). - KVM: SVM: Do not kill SEV guest if SMAP erratum triggers in usermode (git-fixes). - KVM: SVM: INTERCEPT_RDTSCP is never intercepted anyway (git-fixes). - KVM: s390: fix gisa destroy operation might lead to cpu stalls (git-fixes bsc#1216512). - KVM: x86/mmu: Reconstruct shadow page root if the guest PDPTEs is changed (git-fixes). - KVM: x86: Fix clang -Wimplicit-fallthrough in do_host_cpuid() (git-fixes). - KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (bsc#1213772). - KVM: x86: Propagate the AMD Automatic IBRS feature to the guest (bsc#1213772). - KVM: x86: add support for CPUID leaf 0x80000021 (bsc#1213772). - KVM: x86: synthesize CPUID leaf 0x80000021h if useful (bsc#1213772). - KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes). - NFS: Fix O_DIRECT locking issues (bsc#1211162). - NFS: Fix a few more clear_bit() instances that need release semantics (bsc#1211162). - NFS: Fix a potential data corruption (bsc#1211162). - NFS: Fix a use after free in nfs_direct_join_group() (bsc#1211162). - NFS: Fix error handling for O_DIRECT write scheduling (bsc#1211162). - NFS: More O_DIRECT accounting fixes for error paths (bsc#1211162). - NFS: More fixes for nfs_direct_write_reschedule_io() (bsc#1211162). - NFS: Use the correct commit info in nfs_join_page_group() (bsc#1211162). - NFS: only issue commit in DIO codepath if we have uncommitted data (bsc#1211162). - NFSD: Never call nfsd_file_gc() in foreground paths (bsc#1215545). - RDMA/cma: Fix truncation compilation warning in make_cma_ports (git-fixes) - RDMA/cma: Initialize ib_sa_multicast structure to 0 when join (git-fixes) - RDMA/core: Require admin capabilities to set system parameters (git-fixes) - RDMA/cxgb4: Check skb value for failure to allocate (git-fixes) - RDMA/mlx5: Fix NULL string error (git-fixes) - RDMA/mlx5: Fix mutex unlocking on error flow for steering anchor creation (git-fixes) - RDMA/siw: Fix connection failure handling (git-fixes) - RDMA/srp: Do not call scsi_done() from srp_abort() (git-fixes) - RDMA/uverbs: Fix typo of sizeof argument (git-fixes) - arm64/smmu: use TLBI ASID when invalidating entire range (bsc#1215921) - ata: libata-core: Do not register PM operations for SAS ports (git-fixes). - ata: libata-core: Fix ata_port_request_pm() locking (git-fixes). - ata: libata-core: Fix port and device removal (git-fixes). - ata: libata-sata: increase PMP SRST timeout to 10s (git-fixes). - ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES (git-fixes). - blk-cgroup: Fix NULL deref caused by blkg_policy_data being installed before init (bsc#1216062). - blk-cgroup: support to track if policy is online (bsc#1216062). - bonding: Fix extraction of ports from the packet headers (bsc#1214754). - bonding: Return pointer to data after pull on skb (bsc#1214754). - bonding: do not assume skb mac_header is set (bsc#1214754). - bpf: Add copy_map_value_long to copy to remote percpu memory (git-fixes). - bpf: Add missing btf_put to register_btf_id_dtor_kfuncs (git-fixes). - bpf: Add override check to kprobe multi link attach (git-fixes). - bpf: Add zero_map_value to zero map value with special fields (git-fixes). - bpf: Cleanup check_refcount_ok (git-fixes). - bpf: Fix max stack depth check for async callbacks (git-fixes). - bpf: Fix offset calculation error in __copy_map_value and zero_map_value (git-fixes). - bpf: Fix ref_obj_id for dynptr data slices in verifier (git-fixes). - bpf: Fix resetting logic for unreferenced kptrs (git-fixes). - bpf: Fix subprog idx logic in check_max_stack_depth (git-fixes). - bpf: Gate dynptr API behind CAP_BPF (git-fixes). - bpf: Prevent decl_tag from being referenced in func_proto arg (git-fixes). - bpf: Repeat check_max_stack_depth for async callbacks (git-fixes). - bpf: Tighten ptr_to_btf_id checks (git-fixes). - bpf: fix precision propagation verbose logging (git-fixes). - bpf: prevent decl_tag from being referenced in func_proto (git-fixes). - bpf: propagate precision across all frames, not just the last one (git-fixes). - bpf: propagate precision in ALU/ALU64 operations (git-fixes). - bpf: propagate precision in ALU/ALU64 operations (git-fixes). - btf: Export bpf_dynptr definition (git-fixes). - btrfs: do not start transaction for scrub if the fs is mounted read-only (bsc#1214874). - bus: ti-sysc: Fix missing AM35xx SoC matching (git-fixes). - bus: ti-sysc: Use fsleep() instead of usleep_range() in sysc_reset() (git-fixes). - ceph: add base64 endcoding routines for encrypted names (jsc#SES-1880). - ceph: add encryption support to writepage and writepages (jsc#SES-1880). - ceph: add fscrypt ioctls and ceph.fscrypt.auth vxattr (jsc#SES-1880). - ceph: add helpers for converting names for userland presentation (jsc#SES-1880). - ceph: add infrastructure for file encryption and decryption (jsc#SES-1880). - ceph: add new mount option to enable sparse reads (jsc#SES-1880). - ceph: add object version support for sync read (jsc#SES-1880). - ceph: add read/modify/write to ceph_sync_write (jsc#SES-1880). - ceph: add some fscrypt guardrails (jsc#SES-1880). - ceph: add support for encrypted snapshot names (jsc#SES-1880). - ceph: add support to readdir for encrypted names (jsc#SES-1880). - ceph: add truncate size handling support for fscrypt (jsc#SES-1880). - ceph: align data in pages in ceph_sync_write (jsc#SES-1880). - ceph: allow encrypting a directory while not having Ax caps (jsc#SES-1880). - ceph: create symlinks with encrypted and base64-encoded targets (jsc#SES-1880). - ceph: decode alternate_name in lease info (jsc#SES-1880). - ceph: do not use special DIO path for encrypted inodes (jsc#SES-1880). - ceph: drop messages from MDS when unmounting (jsc#SES-1880). - ceph: encode encrypted name in ceph_mdsc_build_path and dentry release (jsc#SES-1880). - ceph: fix incorrect revoked caps assert in ceph_fill_file_size() (bsc#1216322). - ceph: fix type promotion bug on 32bit systems (bsc#1216324). - ceph: fix updating i_truncate_pagecache_size for fscrypt (jsc#SES-1880). - ceph: fscrypt_auth handling for ceph (jsc#SES-1880). - ceph: handle fscrypt fields in cap messages from MDS (jsc#SES-1880). - ceph: implement -o test_dummy_encryption mount option (jsc#SES-1880). - ceph: invalidate pages when doing direct/sync writes (jsc#SES-1880). - ceph: make ceph_fill_trace and ceph_get_name decrypt names (jsc#SES-1880). - ceph: make ceph_msdc_build_path use ref-walk (jsc#SES-1880). - ceph: make d_revalidate call fscrypt revalidator for encrypted dentries (jsc#SES-1880). - ceph: make ioctl cmds more readable in debug log (jsc#SES-1880). - ceph: make num_fwd and num_retry to __u32 (jsc#SES-1880). - ceph: mark directory as non-complete after loading key (jsc#SES-1880). - ceph: pass the request to parse_reply_info_readdir() (jsc#SES-1880). - ceph: plumb in decryption during reads (jsc#SES-1880). - ceph: preallocate inode for ops that may create one (jsc#SES-1880). - ceph: prevent snapshot creation in encrypted locked directories (jsc#SES-1880). - ceph: remove unnecessary check for NULL in parse_longname() (bsc#1216333). - ceph: send alternate_name in MClientRequest (jsc#SES-1880). - ceph: set DCACHE_NOKEY_NAME flag in ceph_lookup/atomic_open() (jsc#SES-1880). - ceph: size handling in MClientRequest, cap updates and inode traces (jsc#SES-1880). - ceph: switch ceph_lookup/atomic_open() to use new fscrypt helper (jsc#SES-1880). - ceph: use osd_req_op_extent_osd_iter for netfs reads (jsc#SES-1880). - ceph: voluntarily drop Xx caps for requests those touch parent mtime (jsc#SES-1880). - ceph: wait for OSD requests' callbacks to finish when unmounting (jsc#SES-1880). - cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem (bsc#1215955). - cgroup: Remove duplicates in cgroup v1 tasks file (bsc#1211307). - clk: tegra: fix error return case for recalc_rate (git-fixes). - counter: microchip-tcb-capture: Fix the use of internal GCLK logic (git-fixes). - crypto: qat - Include algapi.h for low-level Crypto API (PED-6401). - crypto: qat - Remove unused function declarations (PED-6401). - crypto: qat - add fw_counters debugfs file (PED-6401). - crypto: qat - add heartbeat counters check (PED-6401). - crypto: qat - add heartbeat feature (PED-6401). - crypto: qat - add internal timer for qat 4xxx (PED-6401). - crypto: qat - add measure clock frequency (PED-6401). - crypto: qat - add missing function declaration in adf_dbgfs.h (PED-6401). - crypto: qat - add qat_zlib_deflate (PED-6401). - crypto: qat - add support for 402xx devices (PED-6401). - crypto: qat - change value of default idle filter (PED-6401). - crypto: qat - delay sysfs initialization (PED-6401). - crypto: qat - do not export adf_init_admin_pm() (PED-6401). - crypto: qat - drop log level of msg in get_instance_node() (PED-6401). - crypto: qat - drop obsolete heartbeat interface (PED-6401). - crypto: qat - drop redundant adf_enable_aer() (PED-6401). - crypto: qat - expose pm_idle_enabled through sysfs (PED-6401). - crypto: qat - extend buffer list logic interface (PED-6401). - crypto: qat - extend configuration for 4xxx (PED-6401). - crypto: qat - fix apply custom thread-service mapping for dc service (PED-6401). - crypto: qat - fix concurrency issue when device state changes (PED-6401). - crypto: qat - fix crypto capability detection for 4xxx (PED-6401). - crypto: qat - fix spelling mistakes from 'bufer' to 'buffer' (PED-6401). - crypto: qat - make fw images name constant (PED-6401). - crypto: qat - make state machine functions static (PED-6401). - crypto: qat - move dbgfs init to separate file (PED-6401). - crypto: qat - move returns to default case (PED-6401). - crypto: qat - refactor device restart logic (PED-6401). - crypto: qat - refactor fw config logic for 4xxx (PED-6401). - crypto: qat - remove ADF_STATUS_PF_RUNNING flag from probe (PED-6401). - crypto: qat - replace state machine calls (PED-6401). - crypto: qat - replace the if statement with min() (PED-6401). - crypto: qat - set deprecated capabilities as reserved (PED-6401). - crypto: qat - unmap buffer before free for DH (PED-6401). - crypto: qat - unmap buffers before free for RSA (PED-6401). - crypto: qat - update slice mask for 4xxx devices (PED-6401). - crypto: qat - use kfree_sensitive instead of memset/kfree() (PED-6401). - dmaengine: idxd: use spin_lock_irqsave before wait_event_lock_irq (git-fixes). - dmaengine: mediatek: Fix deadlock caused by synchronize_irq() (git-fixes). - dmaengine: stm32-mdma: abort resume if no ongoing transfer (git-fixes). - drm/amd/display: Do not check registers, if using AUX BL control (git-fixes). - drm/amd/display: Do not set dpms_off for seamless boot (git-fixes). - drm/amd/pm: add unique_id for gc 11.0.3 (git-fixes). - drm/amd: Fix detection of _PR3 on the PCIe root port (git-fixes). - drm/amdgpu/nbio4.3: set proper rmmio_remap.reg_offset for SR-IOV (git-fixes). - drm/amdgpu/soc21: do not remap HDP registers for SR-IOV (git-fixes). - drm/amdgpu: Handle null atom context in VBIOS info ioctl (git-fixes). - drm/amdgpu: add missing NULL check (git-fixes). - drm/amdkfd: Flush TLB after unmapping for GFX v9.4.3 (git-fixes). - drm/amdkfd: Insert missing TLB flush on GFX10 and later (git-fixes). - drm/amdkfd: Use gpu_offset for user queue's wptr (git-fixes). - drm/atomic-helper: relax unregistered connector check (git-fixes). - drm/bridge: ti-sn65dsi83: Do not generate HFP/HBP/HSA and EOT packet (git-fixes). - drm/i915/gt: Fix reservation address in ggtt_reserve_guc_top (git-fixes). - drm/i915/pmu: Check if pmu is closed before stopping event (git-fixes). - drm/i915: Retry gtt fault when out of fence registers (git-fixes). - drm/mediatek: Correctly free sg_table in gem prime vmap (git-fixes). - drm/msm/dp: do not reinitialize phy unless retry during link training (git-fixes). - drm/msm/dpu: change _dpu_plane_calc_bw() to use u64 to avoid overflow (git-fixes). - drm/msm/dsi: fix irq_of_parse_and_map() error checking (git-fixes). - drm/msm/dsi: skip the wait for video mode done if not applicable (git-fixes). - drm/vmwgfx: fix typo of sizeof argument (git-fixes). - drm: panel-orientation-quirks: Add quirk for One Mix 2S (git-fixes). - firmware/imx-dsp: Fix use_after_free in imx_dsp_setup_channels() (git-fixes). - firmware: arm_ffa: Do not set the memory region attributes for MEM_LEND (git-fixes). - firmware: imx-dsp: Fix an error handling path in imx_dsp_setup_channels() (git-fixes). - fix x86/mm: print the encryption features in hyperv is disabled - fprobe: Ensure running fprobe_exit_handler() finished before calling rethook_free() (git-fixes). - fscrypt: new helper function - fscrypt_prepare_lookup_partial() (jsc#SES-1880). - gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config() (git-fixes). - gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip (git-fixes). - gpio: pxa: disable pinctrl calls for MMP_GPIO (git-fixes). - gpio: tb10x: Fix an error handling path in tb10x_gpio_probe() (git-fixes). - gpio: timberdale: Fix potential deadlock on &tgpio->lock (git-fixes). - gpio: vf610: set value before the direction to avoid a glitch (git-fixes). - gve: Do not fully free QPL pages on prefill errors (git-fixes). - i2c: aspeed: Fix i2c bus hang in slave read (git-fixes). - i2c: i801: unregister tco_pdev in i801_probe() error path (git-fixes). - i2c: mux: Avoid potential false error message in i2c_mux_add_adapter (git-fixes). - i2c: mux: demux-pinctrl: check the return value of devm_kstrdup() (git-fixes). - i2c: mux: gpio: Add missing fwnode_handle_put() (git-fixes). - i2c: mux: gpio: Replace custom acpi_get_local_address() (git-fixes). - i2c: muxes: i2c-demux-pinctrl: Use of_get_i2c_adapter_by_node() (git-fixes). - i2c: muxes: i2c-mux-gpmux: Use of_get_i2c_adapter_by_node() (git-fixes). - i2c: muxes: i2c-mux-pinctrl: Use of_get_i2c_adapter_by_node() (git-fixes). - i2c: npcm7xx: Fix callback completion ordering (git-fixes). - i2c: stm32f7: Fix PEC handling in case of SMBUS transfers (git-fixes). - ieee802154: ca8210: Fix a potential UAF in ca8210_probe (git-fixes). - iio: adc: xilinx-xadc: Correct temperature offset/scale for UltraScale (git-fixes). - iio: adc: xilinx-xadc: Do not clobber preset voltage/temperature thresholds (git-fixes). - iio: exynos-adc: request second interupt only when touchscreen mode is used (git-fixes). - iio: pressure: bmp280: Fix NULL pointer exception (git-fixes). - iio: pressure: dps310: Adjust Timeout Settings (git-fixes). - iio: pressure: ms5611: ms5611_prom_is_valid false negative bug (git-fixes). - intel x86 platform vsec kABI workaround (bsc#1216202). - io_uring/fs: remove sqe->rw_flags checking from LINKAT (git-fixes). - io_uring/rw: defer fsnotify calls to task context (git-fixes). - io_uring/rw: ensure kiocb_end_write() is always called (git-fixes). - io_uring/rw: remove leftover debug statement (git-fixes). - io_uring: Replace 0-length array with flexible array (git-fixes). - io_uring: ensure REQ_F_ISREG is set async offload (git-fixes). - io_uring: fix fdinfo sqe offsets calculation (git-fixes). - io_uring: fix memory leak when removing provided buffers (git-fixes). - iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback (bsc#1212423). - iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback (bsc#1212423). - iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support (bsc#1212423). - iommu/arm-smmu-v3: Fix soft lockup triggered by (bsc#1215921) - kABI: fix bpf Tighten-ptr_to_btf_id checks (git-fixes). - kabi: blkcg_policy_data fix KABI (bsc#1216062). - kabi: workaround for enum nft_trans_phase (bsc#1215104). - kprobes: Prohibit probing on CFI preamble symbol (git-fixes). - leds: Drop BUG_ON check for LED_COLOR_ID_MULTI (git-fixes). - libceph: add CEPH_OSD_OP_ASSERT_VER support (jsc#SES-1880). - libceph: add new iov_iter-based ceph_msg_data_type and ceph_osd_data_type (jsc#SES-1880). - libceph: add sparse read support to OSD client (jsc#SES-1880). - libceph: add sparse read support to msgr1 (jsc#SES-1880). - libceph: add spinlock around osd->o_requests (jsc#SES-1880). - libceph: allow ceph_osdc_new_request to accept a multi-op read (jsc#SES-1880). - libceph: define struct ceph_sparse_extent and add some helpers (jsc#SES-1880). - libceph: new sparse_read op, support sparse reads on msgr2 crc codepath (jsc#SES-1880). - libceph: support sparse reads on msgr2 secure codepath (jsc#SES-1880). - libceph: use kernel_connect() (bsc#1216323). - misc: fastrpc: Clean buffers on remote invocation failures (git-fixes). - mm, memcg: reconsider kmem.limit_in_bytes deprecation (bsc#1208788 bsc#1213705). - mmc: core: Capture correct oemid-bits for eMMC cards (git-fixes). - mmc: core: sdio: hold retuning if sdio in 1-bit mode (git-fixes). - mmc: mtk-sd: Use readl_poll_timeout_atomic in msdc_reset_hw (git-fixes). - mtd: physmap-core: Restore map_rom fallback (git-fixes). - mtd: rawnand: arasan: Ensure program page operations are successful (git-fixes). - mtd: rawnand: marvell: Ensure program page operations are successful (git-fixes). - mtd: rawnand: pl353: Ensure program page operations are successful (git-fixes). - mtd: rawnand: qcom: Unmap the right resource upon probe failure (git-fixes). - mtd: spinand: micron: correct bitmask for ecc status (git-fixes). - net/sched: fix netdevice reference leaks in attach_default_qdiscs() (git-fixes). - net: ieee802154: adf7242: Fix some potential buffer overflow in adf7242_stats_show() (git-fixes). - net: mana: Fix TX CQE error handling (bsc#1215986). - net: mana: Fix oversized sge0 for GSO packets (bsc#1215986). - net: nfc: llcp: Add lock when modifying device list (git-fixes). - net: rfkill: gpio: prevent value glitch during probe (git-fixes). - net: sched: add barrier to fix packet stuck problem for lockless qdisc (bsc#1216345). - net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (bsc#1216345). - net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read (git-fixes). - net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git-fixes). - net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git-fixes). - net: usb: smsc95xx: Fix an error code in smsc95xx_reset() (git-fixes). - net: usb: smsc95xx: Fix uninit-value access in smsc95xx_read_reg (git-fixes). - net: use sk_is_tcp() in more places (git-fixes). - netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain (git-fixes). - netfilter: nf_tables: unbind non-anonymous set if rule construction fails (git-fixes). - nfc: nci: assert requested protocol is valid (git-fixes). - nfc: nci: fix possible NULL pointer dereference in send_acknowledge() (git-fixes). - nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() (git-fixes). - nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() (bsc#1214842). - phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins (git-fixes). - phy: mapphone-mdm6600: Fix runtime PM for remove (git-fixes). - phy: mapphone-mdm6600: Fix runtime disable on probe (git-fixes). - pinctrl: avoid unsafe code pattern in find_pinctrl() (git-fixes). - pinctrl: renesas: rzn1: Enable missing PINMUX (git-fixes). - platform/surface: platform_profile: Propagate error if profile registration fails (git-fixes). - platform/x86/intel/pmt: Ignore uninitialized entries (bsc#1216202). - platform/x86/intel/pmt: telemetry: Fix fixed region handling (bsc#1216202). - platform/x86/intel/vsec: Rework early hardware code (bsc#1216202). - platform/x86/intel: Fix 'rmmod pmt_telemetry' panic (bsc#1216202). - platform/x86/intel: Fix pmt_crashlog array reference (bsc#1216202). - platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e (git-fixes). - platform/x86: asus-wmi: Map 0x2a code, Ignore 0x2b and 0x2c events (git-fixes). - platform/x86: think-lmi: Fix reference leak (git-fixes). - platform/x86: touchscreen_dmi: Add info for the Positivo C4128B (git-fixes). - power: supply: ucs1002: fix error code in ucs1002_get_property() (git-fixes). - quota: Fix slow quotaoff (bsc#1216621). - r8152: Cancel hw_phy_work if we have an error in probe (git-fixes). - r8152: Increase USB control msg timeout to 5000ms as per spec (git-fixes). - r8152: Release firmware if we have an error in probe (git-fixes). - r8152: Run the unload routine if we have errors during probe (git-fixes). - r8152: check budget for r8152_poll() (git-fixes). - regmap: fix NULL deref on lookup (git-fixes). - regmap: rbtree: Fix wrong register marked as in-cache when creating new node (git-fixes). - ring-buffer: Avoid softlockup in ring_buffer_resize() (git-fixes). - ring-buffer: Do not attempt to read past "commit" (git-fixes). - ring-buffer: Fix bytes info in per_cpu buffer stats (git-fixes). - ring-buffer: Update "shortest_full" in polling (git-fixes). - s390/cio: fix a memleak in css_alloc_subchannel (git-fixes bsc#1216510). - s390/pci: fix iommu bitmap allocation (git-fixes bsc#1216511). - s390: add z16 elf platform (git-fixes LTC#203789 bsc#1215956 LTC#203788 bsc#1215957). - sched/cpuset: Bring back cpuset_mutex (bsc#1215955). - sched/deadline,rt: Remove unused parameter from pick_next_[rt|dl]_entity() (git fixes (sched)). - sched/rt: Fix live lock between select_fallback_rq() and RT push (git fixes (sched)). - sched/rt: Fix sysctl_sched_rr_timeslice intial value (git fixes (sched)). - scsi: be2iscsi: Add length check when parsing nlattrs (git-fixes). - scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock (git-fixes). - scsi: iscsi: Add length check for nlattr payload (git-fixes). - scsi: iscsi: Add strlen() check in iscsi_if_set{_host}_param() (git-fixes). - scsi: iscsi_tcp: restrict to TCP sockets (git-fixes). - scsi: mpi3mr: Propagate sense data for admin queue SCSI I/O (git-fixes). - scsi: mpt3sas: Perform additional retries if doorbell read returns 0 (git-fixes). - scsi: pm8001: Setup IRQs on resume (git-fixes). - scsi: qedf: Do not touch __user pointer in qedf_dbg_debug_cmd_read() directly (git-fixes). - scsi: qedf: Do not touch __user pointer in qedf_dbg_fp_int_cmd_read() directly (git-fixes). - scsi: qedf: Do not touch __user pointer in qedf_dbg_stop_io_on_error_cmd_read() directly (git-fixes). - scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock (git-fixes). - scsi: qla4xxx: Add length check when parsing nlattrs (git-fixes). - selftests/bpf: Add more tests for check_max_stack_depth bug (git-fixes). - selftests/bpf: Add reproducer for decl_tag in func_proto argument (git-fixes). - selftests/bpf: Add reproducer for decl_tag in func_proto return type (git-fixes). - selftests/bpf: Add selftest for check_stack_max_depth bug (git-fixes). - selftests/bpf: Clean up sys_nanosleep uses (git-fixes). - serial: 8250_port: Check IRQ data before use (git-fixes). - soc: imx8m: Enable OCOTP clock for imx8mm before reading registers (git-fixes). - spi: nxp-fspi: reset the FLSHxCR1 registers (git-fixes). - spi: stm32: add a delay before SPI disable (git-fixes). - spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain (git-fixes). - spi: sun6i: reduce DMA RX transfer width to single byte (git-fixes). - thunderbolt: Check that lane 1 is in CL0 before enabling lane bonding (git-fixes). - thunderbolt: Restart XDomain discovery handshake after failure (git-fixes). - thunderbolt: Workaround an IOMMU fault on certain systems with Intel Maple Ridge (git-fixes). - tracing: Have current_trace inc the trace array ref count (git-fixes). - tracing: Have event inject files inc the trace array ref count (git-fixes). - tracing: Have option files inc the trace array ref count (git-fixes). - tracing: Have tracing_max_latency inc the trace array ref count (git-fixes). - tracing: Increase trace array ref count on enable and filter files (git-fixes). - tracing: Make trace_marker{,_raw} stream-like (git-fixes). - treewide: Spelling fix in comment (git-fixes). - usb: cdnsp: Fixes issue with dequeuing not queued requests (git-fixes). - usb: dwc3: Soft reset phy on probe for host (git-fixes). - usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call (git-fixes). - usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes). - usb: hub: Guard against accesses to uninitialized BOS descriptors (git-fixes). - usb: musb: Get the musb_qh poniter after musb_giveback (git-fixes). - usb: musb: Modify the "HWVers" register address (git-fixes). - usb: serial: option: add Fibocom to DELL custom modem FM101R-GL (git-fixes). - usb: serial: option: add Telit LE910C4-WWX 0x1035 composition (git-fixes). - usb: serial: option: add entry for Sierra EM9191 with new firmware (git-fixes). - usb: typec: altmodes/displayport: Signal hpd low when exiting mode (git-fixes). - usb: typec: ucsi: Clear EVENT_PENDING bit if ucsi_send_command fails (git-fixes). - usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer (git-fixes). - vmbus_testing: fix wrong python syntax for integer value comparison (git-fixes). - vringh: do not use vringh_kiov_advance() in vringh_iov_xfer() (git-fixes). - watchdog: iTCO_wdt: No need to stop the timer in probe (git-fixes). - watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running (git-fixes). - wifi: cfg80211: Fix 6GHz scan configuration (git-fixes). - wifi: cfg80211: avoid leaking stack data into trace (git-fixes). - wifi: iwlwifi: Ensure ack flag is properly cleared (git-fixes). - wifi: iwlwifi: dbg_ini: fix structure packing (git-fixes). - wifi: iwlwifi: mvm: Fix a memory corruption issue (git-fixes). - wifi: mac80211: allow transmitting EAPOL frames with tainted key (git-fixes). - wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling (git-fixes). - wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet (git-fixes). - wifi: mwifiex: Fix tlv_buf_left calculation (git-fixes). - wifi: mwifiex: Sanity check tlv_len and tlv_bitmap_len (git-fixes). - x86/cpu, kvm: Add the NO_NESTED_DATA_BP feature (bsc#1213772). - x86/cpu, kvm: Add the Null Selector Clears Base feature (bsc#1213772). - x86/cpu, kvm: Add the SMM_CTL MSR not present feature (bsc#1213772). - x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (bsc#1213772). - x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled (bsc#1213772). - x86/cpu: Support AMD Automatic IBRS (bsc#1213772). - x86/mm: Print the encryption features correctly when a paravisor is present (bsc#1206453). - x86/platform/uv: Use alternate source for socket to node data (bsc#1215696). - x86/sev: Check IOBM for IOIO exceptions from user-space (bsc#1212649). - x86/sev: Check for user-space IOIO pointing to kernel space (bsc#1212649). - x86/sev: Disable MMIO emulation from user mode (bsc#1212649). - x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635). - xen-netback: use default TX queue size for vifs (git-fixes). - xhci: Keep interrupt disabled in initialization until host is running (git-fixes). kernel-default-5.14.21-150500.55.36.1.nosrc.rpm True kernel-default-5.14.21-150500.55.36.1.x86_64.rpm True kernel-default-base-5.14.21-150500.55.36.1.150500.6.15.3.src.rpm True kernel-default-base-5.14.21-150500.55.36.1.150500.6.15.3.x86_64.rpm True kernel-default-5.14.21-150500.55.36.1.s390x.rpm True kernel-default-5.14.21-150500.55.36.1.aarch64.rpm True kernel-default-base-5.14.21-150500.55.36.1.150500.6.15.3.aarch64.rpm True openSUSE-Leap-Micro-5.5-2023-4591 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for squashfs fixes the following issues: - CVE-2015-4645,CVE-2015-4646: Multiple buffer overflows fixed in squashfs-tools (bsc#935380) - CVE-2021-40153: Fixed an issue where an attacker might have been able to write a file outside of destination (bsc#1189936) - CVE-2021-41072: Fixed an issue where an attacker might have been able to write a file outside the destination directory via a symlink (bsc#1190531). update to 4.6.1: * Race condition which can cause corruption of the "fragment table" fixed. This is a regression introduced in August 2022, and it has been seen when tailend packing is used (-tailends option). * Fix build failure when the tools are being built without extended attribute (XATTRs) support. * Fix XATTR error message when an unrecognised prefix is found * Fix incorrect free of pointer when an unrecognised XATTR prefix is found. * Major improvements in extended attribute handling, pseudo file handling, and miscellaneous new options and improvements * Extended attribute handling improved in Mksquashfs and Sqfstar * New Pseudo file xattr definition to add extended attributes to files. * New xattrs-add Action to add extended attributes to files * Extended attribute handling improved in Unsquashfs * Other major improvements * Unsquashfs can now output Pseudo files to standard out. * Mksquashfs can now input Pseudo files from standard in. * Squashfs filesystems can now be converted (different block size compression etc) without unpacking to an intermediate filesystem or mounting, by piping the output of Unsquashfs to Mksquashfs. * Pseudo files are now supported by Sqfstar. * "Non-anchored" excludes are now supported by Unsquashfs. update to 4.5.1 (bsc#1190531, CVE-2021-41072): * This release adds Manpages for Mksquashfs(1), Unsquashfs(1), Sqfstar(1) and Sqfscat(1). * The -help text output from the utilities has been improved and extended as well (but the Manpages are now more comprehensive). * CVE-2021-41072 which is a writing outside of destination exploit, has been fixed. * The number of hard-links in the filesystem is now also displayed by Mksquashfs in the output summary. * The number of hard-links written by Unsquashfs is now also displayed in the output summary. * Unsquashfs will now write to a pre-existing destination directory, rather than aborting. * Unsquashfs now allows "." to used as the destination, to extract to the current directory. * The Unsquashfs progress bar now tracks empty files and hardlinks, in addition to data blocks. * -no-hardlinks option has been implemented for Sqfstar. * More sanity checking for "corrupted" filesystems, including checks for multiply linked directories and directory loops. * Options that may cause filesystems to be unmountable have been moved into a new "experts" category in the Mksquashfs help text (and Manpage). * Maximum cpiostyle filename limited to PATH_MAX. This prevents attempts to overflow the stack, or cause system calls to fail with a too long pathname. * Don't always use "max open file limit" when calculating length of queues, as a very large file limit can cause Unsquashfs to abort. Instead use the smaller of max open file limit and cache size. * Fix Mksquashfs silently ignoring Pseudo file definitions when appending. * Don't abort if no XATTR support has been built in, and there's XATTRs in the filesystem. This is a regression introduced in 2019 in Version 4.4. * Fix duplicate check when the last file block is sparse. update to 4.5: * Mksquashfs now supports "Actions". * New sqfstar command which will create a Squashfs image from a tar archive. * Tar style handling of source pathnames in Mksquashfs. * Cpio style handling of source pathnames in Mksquashfs. * New option to throttle the amount of CPU and I/O. * Mksquashfs now allows no source directory to be specified. * New Pseudo file "R" definition which allows a Regular file o be created with data stored within the Pseudo file. * Symbolic links are now followed in extract files * Unsquashfs now supports "exclude" files. * Max depth traversal option added. * Unsquashfs can now output a "Pseudo file" representing the input Squashfs filesystem. * New -one-file-system option in Mksquashfs. * New -no-hardlinks option in Mksquashfs. * Exit code in Unsquashfs changed to distinguish between non-fatal errors (exit 2), and fatal errors (exit 1). * Xattr id count added in Unsquashfs "-stat" output. * Unsquashfs "write outside directory" exploit fixed. * Error handling in Unsquashfs writer thread fixed. * Fix failure to truncate destination if appending aborted. * Prevent Mksquashfs reading the destination file. squashfs-4.6.1-150300.3.3.1.src.rpm squashfs-4.6.1-150300.3.3.1.x86_64.rpm squashfs-4.6.1-150300.3.3.1.s390x.rpm squashfs-4.6.1-150300.3.3.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4525 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for samba fixes the following issues: - Update to samba 4.17.12 - Some filenames can cause assert to fail in openat_pathref_fsp_nosymlink - reply_sesssetup_and_X() can dereference uninitialized tmp pointer - Missing return in reply_exit_done() - TREE_CONNECT without SETUP causes smbd to use uninitialized pointer - Improve GetNChanges to address synchronization tool looping during the initial user sync phase - Samba replication logs show (null) DN - Renaming results in NT_STATUS_SHARING_VIOLATION if previously attempted to remove the destination - Spotlight results return wrong date in result list - Delays at reconnect with smb2_validate_sequence_number: bad message_id 2 - samba-tool ntacl get segfault if aio_pthread appended - DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED can't be parsed - File doesn't show when user doesn't have permission if aio_pthread is loaded - net ads lookup with unspecified realm fails - Regression DFS not working with widelinks = true (bsc#1213607); - ctdb_killtcp fails to work with --enable-pcap and libpcap 1.9.1 - mdssvc: Do an early talloc_free() in _mdssvc_open() - Windows client join fails if a second container CN=System exists somewhere - Fix crossing automounter mount points (bsc#1215212) samba-4.17.12+git.427.2619dc0bed-150500.3.14.1.src.rpm samba-client-libs-4.17.12+git.427.2619dc0bed-150500.3.14.1.x86_64.rpm samba-client-libs-4.17.12+git.427.2619dc0bed-150500.3.14.1.s390x.rpm samba-client-libs-4.17.12+git.427.2619dc0bed-150500.3.14.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4440 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for ucode-intel fixes the following issues: - Updated to Intel CPU Microcode 20231114 pre-release (labeled 20231113). (bsc#1215278) - CVE-2023-23583: Fixed potential CPU deadlocks or privilege escalation. (bsc#1215278) ucode-intel-20231113-150200.32.1.src.rpm ucode-intel-20231113-150200.32.1.x86_64.rpm openSUSE-Leap-Micro-5.5-2023-4370 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for tiff fixes the following issues: - CVE-2023-38289: Fixed a NULL pointer dereference in raw2tiff (bsc#1213589). - CVE-2023-38288: Fixed an integer overflow in raw2tiff (bsc#1213590). - CVE-2023-3576: Fixed a memory leak in tiffcrop (bsc#1213273). - CVE-2020-18768: Fixed an out of bounds read in tiffcp (bsc#1214574). - CVE-2023-26966: Fixed an out of bounds read when transforming a little-endian file to a big-endian output (bsc#1212881) - CVE-2023-3618: Fixed a NULL pointer dereference while encoding FAX3 files (bsc#1213274). - CVE-2023-2908: Fixed an undefined behavior issue when doing pointer arithmetic on a NULL pointer (bsc#1212888). - CVE-2023-3316: Fixed a NULL pointer dereference while opening a file in an inaccessible path (bsc#1212535). - CVE-2023-25433: Fixed a buffer overflow in tiffcrop (bsc#1212883). libtiff5-4.0.9-150000.45.32.1.x86_64.rpm tiff-4.0.9-150000.45.32.1.src.rpm libtiff5-4.0.9-150000.45.32.1.s390x.rpm libtiff5-4.0.9-150000.45.32.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4446 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for open-vm-tools fixes the following issues: - Update to 12.3.5 (bsc#1216670) libvmtools0-12.3.5-150300.46.1.x86_64.rpm open-vm-tools-12.3.5-150300.46.1.src.rpm open-vm-tools-12.3.5-150300.46.1.x86_64.rpm openSUSE-Leap-Micro-5.5-2023-4343 important SUSE Updates openSUSE-Leap-Micro 5.5 The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize) that could cause a local DoS. (bsc#1210778) - CVE-2023-45862: Fixed an issue in the ENE UB6250 reader driver whwere an object could potentially extend beyond the end of an allocation causing. (bsc#1216051) - CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860). - CVE-2023-5178: Fixed an UAF in queue intialization setup. (bsc#1215768) - CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215518) - CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745). - CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046) - CVE-2023-39191: Fixed a lack of validation of dynamic pointers within user-supplied eBPF programs that may have allowed an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code. (bsc#1215863) - CVE-2023-2860: Fixed an out-of-bounds read vulnerability in the processing of seg6 attributes. This flaw allowed a privileged local user to disclose sensitive information. (bsc#1211592) The following non-security bugs were fixed: - 9p: virtio: make sure 'offs' is initialized in zc_request (git-fixes). - ACPI: irq: Fix incorrect return value in acpi_register_gsi() (git-fixes). - ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA (git-fixes). - ALSA: hda/realtek - ALC287 I2S speaker platform support (git-fixes). - ALSA: hda/realtek - ALC287 merge RTK codec with CS CS35L41 AMP (git-fixes). - ALSA: hda/realtek - Fixed ASUS platform headset Mic issue (git-fixes). - ALSA: hda/realtek - Fixed two speaker platform (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS ROG GU603ZV (git-fixes). - ALSA: hda/realtek: Change model for Intel RVP board (git-fixes). - ALSA: hda/relatek: Enable Mute LED on HP Laptop 15s-fq5xxx (git-fixes). - ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre M70q (git-fixes). - ALSA: hda: intel-dsp-cfg: add LunarLake support (git-fixes). - ALSA: hda: intel-sdw-acpi: Use u8 type for link index (git-fixes). - ALSA: usb-audio: Fix microphone sound on Nexigo webcam (git-fixes). - ALSA: usb-audio: Fix microphone sound on Opencomm2 Headset (git-fixes). - ASoC: amd: yc: Fix non-functional mic on Lenovo 82YM (git-fixes). - ASoC: codecs: wcd938x-sdw: fix runtime PM imbalance on probe errors (git-fixes). - ASoC: codecs: wcd938x-sdw: fix use after free on driver unbind (git-fixes). - ASoC: codecs: wcd938x: drop bogus bind error handling (git-fixes). - ASoC: codecs: wcd938x: fix unbind tear down order (git-fixes). - ASoC: fsl: imx-pcm-rpmsg: Add SNDRV_PCM_INFO_BATCH flag (git-fixes). - ASoC: imx-rpmsg: Set ignore_pmdown_time for dai_link (git-fixes). - ASoC: pxa: fix a memory leak in probe() (git-fixes). - Bluetooth: Avoid redundant authentication (git-fixes). - Bluetooth: Fix a refcnt underflow problem for hci_conn (git-fixes). - Bluetooth: ISO: Fix handling of listen for unicast (git-fixes). - Bluetooth: Reject connection with the device which has same BD_ADDR (git-fixes). - Bluetooth: avoid memcmp() out of bounds warning (git-fixes). - Bluetooth: btusb: add shutdown function for QCA6174 (git-fixes). - Bluetooth: hci_codec: Fix leaking content of local_codecs (git-fixes). - Bluetooth: hci_event: Fix coding style (git-fixes). - Bluetooth: hci_event: Fix using memcmp when comparing keys (git-fixes). - Bluetooth: hci_event: Ignore NULL link key (git-fixes). - Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name (git-fixes). - Bluetooth: hci_sock: fix slab oob read in create_monitor_event (git-fixes). - Bluetooth: vhci: Fix race when opening vhci device (git-fixes). - Documentation: qat: change kernel version (PED-6401). - Documentation: qat: rewrite description (PED-6401). - Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (git-fixes). - Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs (git-fixes). - Fix metadata references - HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event (git-fixes). - HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit (git-fixes). - HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect (git-fixes). - HID: multitouch: Add required quirk for Synaptics 0xcd7e device (git-fixes). - HID: sony: Fix a potential memory leak in sony_probe() (git-fixes). - HID: sony: remove duplicate NULL check before calling usb_free_urb() (git-fixes). - IB/mlx4: Fix the size of a buffer in add_port_entries() (git-fixes) - Input: goodix - ensure int GPIO is in input for gpio_count == 1 && gpio_int_idx == 0 case (git-fixes). - Input: powermate - fix use-after-free in powermate_config_complete (git-fixes). - Input: psmouse - fix fast_reconnect function for PS/2 mode (git-fixes). - Input: xpad - add PXN V900 support (git-fixes). - KVM: SVM: Do not kill SEV guest if SMAP erratum triggers in usermode (git-fixes). - KVM: SVM: INTERCEPT_RDTSCP is never intercepted anyway (git-fixes). - KVM: s390: fix gisa destroy operation might lead to cpu stalls (git-fixes bsc#1216512). - KVM: x86/mmu: Reconstruct shadow page root if the guest PDPTEs is changed (git-fixes). - KVM: x86: Fix clang -Wimplicit-fallthrough in do_host_cpuid() (git-fixes). - KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (bsc#1213772). - KVM: x86: Propagate the AMD Automatic IBRS feature to the guest (bsc#1213772). - KVM: x86: add support for CPUID leaf 0x80000021 (bsc#1213772). - KVM: x86: synthesize CPUID leaf 0x80000021h if useful (bsc#1213772). - KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes). - NFS: Fix O_DIRECT locking issues (bsc#1211162). - NFS: Fix a few more clear_bit() instances that need release semantics (bsc#1211162). - NFS: Fix a potential data corruption (bsc#1211162). - NFS: Fix a use after free in nfs_direct_join_group() (bsc#1211162). - NFS: Fix error handling for O_DIRECT write scheduling (bsc#1211162). - NFS: More O_DIRECT accounting fixes for error paths (bsc#1211162). - NFS: More fixes for nfs_direct_write_reschedule_io() (bsc#1211162). - NFS: Use the correct commit info in nfs_join_page_group() (bsc#1211162). - NFSD: Never call nfsd_file_gc() in foreground paths (bsc#1215545). - RDMA/cma: Fix truncation compilation warning in make_cma_ports (git-fixes) - RDMA/cma: Initialize ib_sa_multicast structure to 0 when join (git-fixes) - RDMA/core: Require admin capabilities to set system parameters (git-fixes) - RDMA/cxgb4: Check skb value for failure to allocate (git-fixes) - RDMA/mlx5: Fix NULL string error (git-fixes) - RDMA/mlx5: Fix mutex unlocking on error flow for steering anchor creation (git-fixes) - RDMA/siw: Fix connection failure handling (git-fixes) - RDMA/srp: Do not call scsi_done() from srp_abort() (git-fixes) - RDMA/uverbs: Fix typo of sizeof argument (git-fixes) - Revert "pinctrl: avoid unsafe code pattern in find_pinctrl()" (git-fixes). - Revert "tty: n_gsm: fix UAF in gsm_cleanup_mux" (git-fixes). - USB: serial: option: add Fibocom to DELL custom modem FM101R-GL (git-fixes). - USB: serial: option: add Telit LE910C4-WWX 0x1035 composition (git-fixes). - USB: serial: option: add entry for Sierra EM9191 with new firmware (git-fixes). - arm64/smmu: use TLBI ASID when invalidating entire range (bsc#1215921) - ata: libata-core: Do not register PM operations for SAS ports (git-fixes). - ata: libata-core: Fix ata_port_request_pm() locking (git-fixes). - ata: libata-core: Fix port and device removal (git-fixes). - ata: libata-sata: increase PMP SRST timeout to 10s (git-fixes). - ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES (git-fixes). - blk-cgroup: Fix NULL deref caused by blkg_policy_data being installed before init (bsc#1216062). - blk-cgroup: support to track if policy is online (bsc#1216062). - bonding: Fix extraction of ports from the packet headers (bsc#1214754). - bonding: Return pointer to data after pull on skb (bsc#1214754). - bonding: do not assume skb mac_header is set (bsc#1214754). - bpf: Add copy_map_value_long to copy to remote percpu memory (git-fixes). - bpf: Add missing btf_put to register_btf_id_dtor_kfuncs (git-fixes). - bpf: Add override check to kprobe multi link attach (git-fixes). - bpf: Add zero_map_value to zero map value with special fields (git-fixes). - bpf: Cleanup check_refcount_ok (git-fixes). - bpf: Fix max stack depth check for async callbacks (git-fixes). - bpf: Fix offset calculation error in __copy_map_value and zero_map_value (git-fixes). - bpf: Fix ref_obj_id for dynptr data slices in verifier (git-fixes). - bpf: Fix resetting logic for unreferenced kptrs (git-fixes). - bpf: Fix subprog idx logic in check_max_stack_depth (git-fixes). - bpf: Gate dynptr API behind CAP_BPF (git-fixes). - bpf: Prevent decl_tag from being referenced in func_proto arg (git-fixes). - bpf: Repeat check_max_stack_depth for async callbacks (git-fixes). - bpf: Tighten ptr_to_btf_id checks (git-fixes). - bpf: fix precision propagation verbose logging (git-fixes). - bpf: prevent decl_tag from being referenced in func_proto (git-fixes). - bpf: propagate precision across all frames, not just the last one (git-fixes). - bpf: propagate precision in ALU/ALU64 operations (git-fixes). - btf: Export bpf_dynptr definition (git-fixes). - btrfs: do not start transaction for scrub if the fs is mounted read-only (bsc#1214874). - bus: ti-sysc: Fix missing AM35xx SoC matching (git-fixes). - bus: ti-sysc: Use fsleep() instead of usleep_range() in sysc_reset() (git-fixes). - ceph: add base64 endcoding routines for encrypted names (jsc#SES-1880). - ceph: add encryption support to writepage and writepages (jsc#SES-1880). - ceph: add fscrypt ioctls and ceph.fscrypt.auth vxattr (jsc#SES-1880). - ceph: add helpers for converting names for userland presentation (jsc#SES-1880). - ceph: add infrastructure for file encryption and decryption (jsc#SES-1880). - ceph: add new mount option to enable sparse reads (jsc#SES-1880). - ceph: add object version support for sync read (jsc#SES-1880). - ceph: add read/modify/write to ceph_sync_write (jsc#SES-1880). - ceph: add some fscrypt guardrails (jsc#SES-1880). - ceph: add support for encrypted snapshot names (jsc#SES-1880). - ceph: add support to readdir for encrypted names (jsc#SES-1880). - ceph: add truncate size handling support for fscrypt (jsc#SES-1880). - ceph: align data in pages in ceph_sync_write (jsc#SES-1880). - ceph: allow encrypting a directory while not having Ax caps (jsc#SES-1880). - ceph: create symlinks with encrypted and base64-encoded targets (jsc#SES-1880). - ceph: decode alternate_name in lease info (jsc#SES-1880). - ceph: do not use special DIO path for encrypted inodes (jsc#SES-1880). - ceph: drop messages from MDS when unmounting (jsc#SES-1880). - ceph: encode encrypted name in ceph_mdsc_build_path and dentry release (jsc#SES-1880). - ceph: fix incorrect revoked caps assert in ceph_fill_file_size() (bsc#1216322). - ceph: fix type promotion bug on 32bit systems (bsc#1216324). - ceph: fix updating i_truncate_pagecache_size for fscrypt (jsc#SES-1880). - ceph: fscrypt_auth handling for ceph (jsc#SES-1880). - ceph: handle fscrypt fields in cap messages from MDS (jsc#SES-1880). - ceph: implement -o test_dummy_encryption mount option (jsc#SES-1880). - ceph: invalidate pages when doing direct/sync writes (jsc#SES-1880). - ceph: make ceph_fill_trace and ceph_get_name decrypt names (jsc#SES-1880). - ceph: make ceph_msdc_build_path use ref-walk (jsc#SES-1880). - ceph: make d_revalidate call fscrypt revalidator for encrypted dentries (jsc#SES-1880). - ceph: make ioctl cmds more readable in debug log (jsc#SES-1880). - ceph: make num_fwd and num_retry to __u32 (jsc#SES-1880). - ceph: mark directory as non-complete after loading key (jsc#SES-1880). - ceph: pass the request to parse_reply_info_readdir() (jsc#SES-1880). - ceph: plumb in decryption during reads (jsc#SES-1880). - ceph: preallocate inode for ops that may create one (jsc#SES-1880). - ceph: prevent snapshot creation in encrypted locked directories (jsc#SES-1880). - ceph: remove unnecessary check for NULL in parse_longname() (bsc#1216333). - ceph: send alternate_name in MClientRequest (jsc#SES-1880). - ceph: set DCACHE_NOKEY_NAME flag in ceph_lookup/atomic_open() (jsc#SES-1880). - ceph: size handling in MClientRequest, cap updates and inode traces (jsc#SES-1880). - ceph: switch ceph_lookup/atomic_open() to use new fscrypt helper (jsc#SES-1880). - ceph: use osd_req_op_extent_osd_iter for netfs reads (jsc#SES-1880). - ceph: voluntarily drop Xx caps for requests those touch parent mtime (jsc#SES-1880). - ceph: wait for OSD requests' callbacks to finish when unmounting (jsc#SES-1880). - cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem (bsc#1215955). - cgroup: Remove duplicates in cgroup v1 tasks file (bsc#1211307). - clk: tegra: fix error return case for recalc_rate (git-fixes). - counter: microchip-tcb-capture: Fix the use of internal GCLK logic (git-fixes). - crypto: qat - Include algapi.h for low-level Crypto API (PED-6401). - crypto: qat - Remove unused function declarations (PED-6401). - crypto: qat - add fw_counters debugfs file (PED-6401). - crypto: qat - add heartbeat counters check (PED-6401). - crypto: qat - add heartbeat feature (PED-6401). - crypto: qat - add internal timer for qat 4xxx (PED-6401). - crypto: qat - add measure clock frequency (PED-6401). - crypto: qat - add missing function declaration in adf_dbgfs.h (PED-6401). - crypto: qat - add qat_zlib_deflate (PED-6401). - crypto: qat - add support for 402xx devices (PED-6401). - crypto: qat - change value of default idle filter (PED-6401). - crypto: qat - delay sysfs initialization (PED-6401). - crypto: qat - do not export adf_init_admin_pm() (PED-6401). - crypto: qat - drop log level of msg in get_instance_node() (PED-6401). - crypto: qat - drop obsolete heartbeat interface (PED-6401). - crypto: qat - drop redundant adf_enable_aer() (PED-6401). - crypto: qat - expose pm_idle_enabled through sysfs (PED-6401). - crypto: qat - extend buffer list logic interface (PED-6401). - crypto: qat - extend configuration for 4xxx (PED-6401). - crypto: qat - fix apply custom thread-service mapping for dc service (PED-6401). - crypto: qat - fix concurrency issue when device state changes (PED-6401). - crypto: qat - fix crypto capability detection for 4xxx (PED-6401). - crypto: qat - fix spelling mistakes from 'bufer' to 'buffer' (PED-6401). - crypto: qat - make fw images name constant (PED-6401). - crypto: qat - make state machine functions static (PED-6401). - crypto: qat - move dbgfs init to separate file (PED-6401). - crypto: qat - move returns to default case (PED-6401). - crypto: qat - refactor device restart logic (PED-6401). - crypto: qat - refactor fw config logic for 4xxx (PED-6401). - crypto: qat - remove ADF_STATUS_PF_RUNNING flag from probe (PED-6401). - crypto: qat - replace state machine calls (PED-6401). - crypto: qat - replace the if statement with min() (PED-6401). - crypto: qat - set deprecated capabilities as reserved (PED-6401). - crypto: qat - unmap buffer before free for DH (PED-6401). - crypto: qat - unmap buffers before free for RSA (PED-6401). - crypto: qat - update slice mask for 4xxx devices (PED-6401). - crypto: qat - use kfree_sensitive instead of memset/kfree() (PED-6401). - dmaengine: idxd: use spin_lock_irqsave before wait_event_lock_irq (git-fixes). - dmaengine: mediatek: Fix deadlock caused by synchronize_irq() (git-fixes). - dmaengine: stm32-mdma: abort resume if no ongoing transfer (git-fixes). - drm/amd/display: Do not check registers, if using AUX BL control (git-fixes). - drm/amd/display: Do not set dpms_off for seamless boot (git-fixes). - drm/amd/pm: add unique_id for gc 11.0.3 (git-fixes). - drm/amd: Fix detection of _PR3 on the PCIe root port (git-fixes). - drm/amdgpu/nbio4.3: set proper rmmio_remap.reg_offset for SR-IOV (git-fixes). - drm/amdgpu/soc21: do not remap HDP registers for SR-IOV (git-fixes). - drm/amdgpu: Handle null atom context in VBIOS info ioctl (git-fixes). - drm/amdgpu: add missing NULL check (git-fixes). - drm/amdkfd: Flush TLB after unmapping for GFX v9.4.3 (git-fixes). - drm/amdkfd: Insert missing TLB flush on GFX10 and later (git-fixes). - drm/amdkfd: Use gpu_offset for user queue's wptr (git-fixes). - drm/atomic-helper: relax unregistered connector check (git-fixes). - drm/bridge: ti-sn65dsi83: Do not generate HFP/HBP/HSA and EOT packet (git-fixes). - drm/i915/gt: Fix reservation address in ggtt_reserve_guc_top (git-fixes). - drm/i915: Retry gtt fault when out of fence registers (git-fixes). - drm/mediatek: Correctly free sg_table in gem prime vmap (git-fixes). - drm/msm/dp: do not reinitialize phy unless retry during link training (git-fixes). - drm/msm/dpu: change _dpu_plane_calc_bw() to use u64 to avoid overflow (git-fixes). - drm/msm/dsi: fix irq_of_parse_and_map() error checking (git-fixes). - drm/msm/dsi: skip the wait for video mode done if not applicable (git-fixes). - drm/vmwgfx: fix typo of sizeof argument (git-fixes). - drm: panel-orientation-quirks: Add quirk for One Mix 2S (git-fixes). - firmware: arm_ffa: Do not set the memory region attributes for MEM_LEND (git-fixes). - firmware: imx-dsp: Fix an error handling path in imx_dsp_setup_channels() (git-fixes). - fprobe: Ensure running fprobe_exit_handler() finished before calling rethook_free() (git-fixes). - fscrypt: new helper function - fscrypt_prepare_lookup_partial() (jsc#SES-1880). - gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config() (git-fixes). - gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip (git-fixes). - gpio: pxa: disable pinctrl calls for MMP_GPIO (git-fixes). - gpio: tb10x: Fix an error handling path in tb10x_gpio_probe() (git-fixes). - gpio: timberdale: Fix potential deadlock on &tgpio->lock (git-fixes). - gpio: vf610: set value before the direction to avoid a glitch (git-fixes). - gve: Do not fully free QPL pages on prefill errors (git-fixes). - i2c: i801: unregister tco_pdev in i801_probe() error path (git-fixes). - i2c: mux: Avoid potential false error message in i2c_mux_add_adapter (git-fixes). - i2c: mux: demux-pinctrl: check the return value of devm_kstrdup() (git-fixes). - i2c: mux: gpio: Add missing fwnode_handle_put() (git-fixes). - i2c: mux: gpio: Replace custom acpi_get_local_address() (git-fixes). - i2c: npcm7xx: Fix callback completion ordering (git-fixes). - ieee802154: ca8210: Fix a potential UAF in ca8210_probe (git-fixes). - iio: pressure: bmp280: Fix NULL pointer exception (git-fixes). - iio: pressure: dps310: Adjust Timeout Settings (git-fixes). - iio: pressure: ms5611: ms5611_prom_is_valid false negative bug (git-fixes). - intel x86 platform vsec kABI workaround (bsc#1216202). - io_uring/fs: remove sqe->rw_flags checking from LINKAT (git-fixes). - io_uring/rw: defer fsnotify calls to task context (git-fixes). - io_uring/rw: ensure kiocb_end_write() is always called (git-fixes). - io_uring/rw: remove leftover debug statement (git-fixes). - io_uring: Replace 0-length array with flexible array (git-fixes). - io_uring: ensure REQ_F_ISREG is set async offload (git-fixes). - io_uring: fix fdinfo sqe offsets calculation (git-fixes). - io_uring: fix memory leak when removing provided buffers (git-fixes). - iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback (bsc#1212423). - iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback (bsc#1212423). - iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support (bsc#1212423). - iommu/arm-smmu-v3: Fix soft lockup triggered by (bsc#1215921) - kABI: fix bpf Tighten-ptr_to_btf_id checks (git-fixes). - kabi: blkcg_policy_data fix KABI (bsc#1216062). - kabi: workaround for enum nft_trans_phase (bsc#1215104). - kprobes: Prohibit probing on CFI preamble symbol (git-fixes). - leds: Drop BUG_ON check for LED_COLOR_ID_MULTI (git-fixes). - libceph: add CEPH_OSD_OP_ASSERT_VER support (jsc#SES-1880). - libceph: add new iov_iter-based ceph_msg_data_type and ceph_osd_data_type (jsc#SES-1880). - libceph: add sparse read support to OSD client (jsc#SES-1880). - libceph: add sparse read support to msgr1 (jsc#SES-1880). - libceph: add spinlock around osd->o_requests (jsc#SES-1880). - libceph: allow ceph_osdc_new_request to accept a multi-op read (jsc#SES-1880). - libceph: define struct ceph_sparse_extent and add some helpers (jsc#SES-1880). - libceph: new sparse_read op, support sparse reads on msgr2 crc codepath (jsc#SES-1880). - libceph: support sparse reads on msgr2 secure codepath (jsc#SES-1880). - libceph: use kernel_connect() (bsc#1216323). - mm, memcg: reconsider kmem.limit_in_bytes deprecation (bsc#1208788 bsc#1213705). - mmc: core: Capture correct oemid-bits for eMMC cards (git-fixes). - mmc: core: sdio: hold retuning if sdio in 1-bit mode (git-fixes). - mmc: mtk-sd: Use readl_poll_timeout_atomic in msdc_reset_hw (git-fixes). - mtd: physmap-core: Restore map_rom fallback (git-fixes). - mtd: rawnand: arasan: Ensure program page operations are successful (git-fixes). - mtd: rawnand: marvell: Ensure program page operations are successful (git-fixes). - mtd: rawnand: pl353: Ensure program page operations are successful (git-fixes). - mtd: rawnand: qcom: Unmap the right resource upon probe failure (git-fixes). - mtd: spinand: micron: correct bitmask for ecc status (git-fixes). - net/sched: fix netdevice reference leaks in attach_default_qdiscs() (git-fixes). - net: mana: Fix TX CQE error handling (bsc#1215986). - net: mana: Fix oversized sge0 for GSO packets (bsc#1215986). - net: nfc: llcp: Add lock when modifying device list (git-fixes). - net: rfkill: gpio: prevent value glitch during probe (git-fixes). - net: sched: add barrier to fix packet stuck problem for lockless qdisc (bsc#1216345). - net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (bsc#1216345). - net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read (git-fixes). - net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git-fixes). - net: usb: smsc95xx: Fix an error code in smsc95xx_reset() (git-fixes). - net: use sk_is_tcp() in more places (git-fixes). - netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain (git-fixes). - netfilter: nf_tables: unbind non-anonymous set if rule construction fails (git-fixes). - nfc: nci: assert requested protocol is valid (git-fixes). - nfc: nci: fix possible NULL pointer dereference in send_acknowledge() (git-fixes). - nfs: only issue commit in DIO codepath if we have uncommitted data (bsc#1211162). - nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() (git-fixes). - nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() (bsc#1214842). - phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins (git-fixes). - phy: mapphone-mdm6600: Fix runtime PM for remove (git-fixes). - phy: mapphone-mdm6600: Fix runtime disable on probe (git-fixes). - pinctrl: avoid unsafe code pattern in find_pinctrl() (git-fixes). - pinctrl: renesas: rzn1: Enable missing PINMUX (git-fixes). - platform/surface: platform_profile: Propagate error if profile registration fails (git-fixes). - platform/x86/intel/pmt: Ignore uninitialized entries (bsc#1216202). - platform/x86/intel/pmt: telemetry: Fix fixed region handling (bsc#1216202). - platform/x86/intel/vsec: Rework early hardware code (bsc#1216202). - platform/x86/intel: Fix 'rmmod pmt_telemetry' panic (bsc#1216202). - platform/x86/intel: Fix pmt_crashlog array reference (bsc#1216202). - platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e (git-fixes). - platform/x86: asus-wmi: Map 0x2a code, Ignore 0x2b and 0x2c events (git-fixes). - platform/x86: think-lmi: Fix reference leak (git-fixes). - platform/x86: touchscreen_dmi: Add info for the Positivo C4128B (git-fixes). - power: supply: ucs1002: fix error code in ucs1002_get_property() (git-fixes). - r8152: check budget for r8152_poll() (git-fixes). - regmap: fix NULL deref on lookup (git-fixes). - regmap: rbtree: Fix wrong register marked as in-cache when creating new node (git-fixes). - remove unnecessary WARN_ON_ONCE() (bsc#1214823). - ring-buffer: Avoid softlockup in ring_buffer_resize() (git-fixes). - ring-buffer: Do not attempt to read past "commit" (git-fixes). - ring-buffer: Fix bytes info in per_cpu buffer stats (git-fixes). - ring-buffer: Update "shortest_full" in polling (git-fixes). - s390/cio: fix a memleak in css_alloc_subchannel (git-fixes bsc#1216510). - s390/pci: fix iommu bitmap allocation (git-fixes bsc#1216511). - s390: add z16 elf platform (git-fixes LTC#203789 bsc#1215956 LTC#203788 bsc#1215957). - sched/cpuset: Bring back cpuset_mutex (bsc#1215955). - sched/deadline,rt: Remove unused parameter from pick_next_[rt|dl]_entity() (git fixes (sched)). - sched/rt: Fix live lock between select_fallback_rq() and RT push (git fixes (sched)). - sched/rt: Fix sysctl_sched_rr_timeslice intial value (git fixes (sched)). - scsi: be2iscsi: Add length check when parsing nlattrs (git-fixes). - scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock (git-fixes). - scsi: iscsi: Add length check for nlattr payload (git-fixes). - scsi: iscsi: Add strlen() check in iscsi_if_set{_host}_param() (git-fixes). - scsi: iscsi_tcp: restrict to TCP sockets (git-fixes). - scsi: mpi3mr: Propagate sense data for admin queue SCSI I/O (git-fixes). - scsi: mpt3sas: Perform additional retries if doorbell read returns 0 (git-fixes). - scsi: pm8001: Setup IRQs on resume (git-fixes). - scsi: qedf: Do not touch __user pointer in qedf_dbg_debug_cmd_read() directly (git-fixes). - scsi: qedf: Do not touch __user pointer in qedf_dbg_fp_int_cmd_read() directly (git-fixes). - scsi: qedf: Do not touch __user pointer in qedf_dbg_stop_io_on_error_cmd_read() directly (git-fixes). - scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock (git-fixes). - scsi: qla4xxx: Add length check when parsing nlattrs (git-fixes). - selftests/bpf: Add more tests for check_max_stack_depth bug (git-fixes). - selftests/bpf: Add reproducer for decl_tag in func_proto argument (git-fixes). - selftests/bpf: Add reproducer for decl_tag in func_proto return type (git-fixes). - selftests/bpf: Add selftest for check_stack_max_depth bug (git-fixes). - selftests/bpf: Clean up sys_nanosleep uses (git-fixes). - serial: 8250_port: Check IRQ data before use (git-fixes). - soc: imx8m: Enable OCOTP clock for imx8mm before reading registers (git-fixes). - spi: nxp-fspi: reset the FLSHxCR1 registers (git-fixes). - spi: stm32: add a delay before SPI disable (git-fixes). - spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain (git-fixes). - spi: sun6i: reduce DMA RX transfer width to single byte (git-fixes). - thunderbolt: Check that lane 1 is in CL0 before enabling lane bonding (git-fixes). - thunderbolt: Restart XDomain discovery handshake after failure (git-fixes). - thunderbolt: Workaround an IOMMU fault on certain systems with Intel Maple Ridge (git-fixes). - tracing: Have current_trace inc the trace array ref count (git-fixes). - tracing: Have event inject files inc the trace array ref count (git-fixes). - tracing: Have option files inc the trace array ref count (git-fixes). - tracing: Have tracing_max_latency inc the trace array ref count (git-fixes). - tracing: Increase trace array ref count on enable and filter files (git-fixes). - tracing: Make trace_marker{,_raw} stream-like (git-fixes). - usb: cdnsp: Fixes issue with dequeuing not queued requests (git-fixes). - usb: dwc3: Soft reset phy on probe for host (git-fixes). - usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call (git-fixes). - usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes). - usb: hub: Guard against accesses to uninitialized BOS descriptors (git-fixes). - usb: musb: Get the musb_qh poniter after musb_giveback (git-fixes). - usb: musb: Modify the "HWVers" register address (git-fixes). - usb: typec: altmodes/displayport: Signal hpd low when exiting mode (git-fixes). - usb: typec: ucsi: Clear EVENT_PENDING bit if ucsi_send_command fails (git-fixes). - usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer (git-fixes). - vmbus_testing: fix wrong python syntax for integer value comparison (git-fixes). - vringh: do not use vringh_kiov_advance() in vringh_iov_xfer() (git-fixes). - watchdog: iTCO_wdt: No need to stop the timer in probe (git-fixes). - watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running (git-fixes). - wifi: cfg80211: Fix 6GHz scan configuration (git-fixes). - wifi: cfg80211: avoid leaking stack data into trace (git-fixes). - wifi: iwlwifi: Ensure ack flag is properly cleared (git-fixes). - wifi: iwlwifi: dbg_ini: fix structure packing (git-fixes). - wifi: iwlwifi: mvm: Fix a memory corruption issue (git-fixes). - wifi: mac80211: allow transmitting EAPOL frames with tainted key (git-fixes). - wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling (git-fixes). - wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet (git-fixes). - wifi: mwifiex: Fix tlv_buf_left calculation (git-fixes). - wifi: mwifiex: Sanity check tlv_len and tlv_bitmap_len (git-fixes). - x86/cpu, kvm: Add the NO_NESTED_DATA_BP feature (bsc#1213772). - x86/cpu, kvm: Add the Null Selector Clears Base feature (bsc#1213772). - x86/cpu, kvm: Add the SMM_CTL MSR not present feature (bsc#1213772). - x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (bsc#1213772). - x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled (bsc#1213772). - x86/cpu: Support AMD Automatic IBRS (bsc#1213772). - x86/mm: Print the encryption features correctly when a paravisor is present (bsc#1206453). - x86/platform/uv: Use alternate source for socket to node data (bsc#1215696). - x86/sev: Check IOBM for IOIO exceptions from user-space (bsc#1212649). - x86/sev: Check for user-space IOIO pointing to kernel space (bsc#1212649). - x86/sev: Disable MMIO emulation from user mode (bsc#1212649). - xen-netback: use default TX queue size for vifs (git-fixes). - xhci: Keep interrupt disabled in initialization until host is running (git-fixes). kernel-rt-5.14.21-150500.13.24.1.nosrc.rpm True kernel-rt-5.14.21-150500.13.24.1.x86_64.rpm True openSUSE-Leap-Micro-5.5-2023-4759 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for open-iscsi fixes the following issue: - Upgrade to upstream version 2.1.9 (bsc#1210514) with tag "2.1.9-suse" (bsc#1210514) * replacing open-iscsi-2.1.8-suse.tar.bz2 with open-iscsi-2.1.9-suse.tar.bz2 * several fixes to harden iscsiuio (v0.7.8.8), including: - logging now uses syslog - shutdown now waits for helper threads to complete - netlink socket cleanup * some minor bug fixes, some helping builds on musl iscsiuio-0.7.8.8-150500.46.3.1.x86_64.rpm libopeniscsiusr0-0.2.0-150500.46.3.1.x86_64.rpm open-iscsi-2.1.9-150500.46.3.1.src.rpm open-iscsi-2.1.9-150500.46.3.1.x86_64.rpm iscsiuio-0.7.8.8-150500.46.3.1.s390x.rpm libopeniscsiusr0-0.2.0-150500.46.3.1.s390x.rpm open-iscsi-2.1.9-150500.46.3.1.s390x.rpm iscsiuio-0.7.8.8-150500.46.3.1.aarch64.rpm libopeniscsiusr0-0.2.0-150500.46.3.1.aarch64.rpm open-iscsi-2.1.9-150500.46.3.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4478 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for grub2 fixes the following issues: - Fix failure to identify recent ext4 filesystem (bsc#1216010) - Fix reading files from btrfs with "implicit" holes - Fix fadump not working with 1GB/2GB/4GB LMB[P10] (bsc#1216253) - Fix detection of encrypted disk's uuid in powerpc (bsc#1216075) grub2-2.06-150500.29.11.1.src.rpm grub2-2.06-150500.29.11.1.x86_64.rpm grub2-i386-pc-2.06-150500.29.11.1.noarch.rpm grub2-snapper-plugin-2.06-150500.29.11.1.noarch.rpm grub2-x86_64-efi-2.06-150500.29.11.1.noarch.rpm grub2-x86_64-xen-2.06-150500.29.11.1.noarch.rpm grub2-2.06-150500.29.11.1.s390x.rpm grub2-s390x-emu-2.06-150500.29.11.1.s390x.rpm grub2-2.06-150500.29.11.1.aarch64.rpm grub2-arm64-efi-2.06-150500.29.11.1.noarch.rpm openSUSE-Leap-Micro-5.5-2023-4427 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed fixes the following issues: Security issue fixed: - CVE-2023-31022: Fixed NULL ptr deref in kernel module layer Changes in kernel-firmware-nvidia-gspx-G06: - update firmware to version 535.129.03 - update firmware to version 535.113.01 Changes in nvidia-open-driver-G06-signed: - Update to version 535.129.03 - Add a devel package so other modules can be built against this one. [jira#PED-4964] - disabled build of nvidia-peermem module; it's no longer needed and never worked anyway (it was only a stub) [bsc#1211892] - preamble: added conflict to nvidia-gfxG05-kmp to prevent users from accidently installing conflicting proprietary kernelspace drivers from CUDA repository - Update to version 535.113.01 - kmp-post.sh/kmp-postun.sh: * add/remove nosimplefb=1 kernel option in order to fix Linux console also on sle15-sp6/Leap 15.6 kernel, which will come with simpledrm support kernel-firmware-nvidia-gspx-G06-535.129.03-150500.11.9.1.nosrc.rpm kernel-firmware-nvidia-gspx-G06-535.129.03-150500.11.9.1.x86_64.rpm nvidia-open-driver-G06-signed-535.129.03-150500.3.13.1.src.rpm nvidia-open-driver-G06-signed-kmp-default-535.129.03_k5.14.21_150500.55.31-150500.3.13.1.x86_64.rpm kernel-firmware-nvidia-gspx-G06-535.129.03-150500.11.9.1.aarch64.rpm nvidia-open-driver-G06-signed-kmp-default-535.129.03_k5.14.21_150500.55.31-150500.3.13.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4456 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for selinux-policy fixes the following issues: - Update to version 20230511+git9.1b35a6ab - Allow keepalived to manage its tmp files (bsc#1216060) selinux-policy-20230511+git9.1b35a6ab-150500.3.3.1.noarch.rpm selinux-policy-20230511+git9.1b35a6ab-150500.3.3.1.src.rpm selinux-policy-devel-20230511+git9.1b35a6ab-150500.3.3.1.noarch.rpm selinux-policy-targeted-20230511+git9.1b35a6ab-150500.3.3.1.noarch.rpm openSUSE-Leap-Micro-5.5-2023-4457 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for nvme-cli fixes the following issues: - Update to version 2.4+31.gf7ec09: * NetApp udev rule updates (bsc#1215994) * Connection reuse issue when multiple Host NQNs are used for the same host (bsc#1213768) nvme-cli-2.4+31.gf7ec09-150500.4.12.1.src.rpm nvme-cli-2.4+31.gf7ec09-150500.4.12.1.x86_64.rpm nvme-cli-2.4+31.gf7ec09-150500.4.12.1.s390x.rpm nvme-cli-2.4+31.gf7ec09-150500.4.12.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4458 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the "Development Tools" module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install "gcc13" or "gcc13-c++" or one of the other "gcc13-COMPILER" frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. gcc13-13.2.1+git7813-150000.1.6.1.src.rpm libgcc_s1-13.2.1+git7813-150000.1.6.1.x86_64.rpm libstdc++6-13.2.1+git7813-150000.1.6.1.x86_64.rpm libgcc_s1-13.2.1+git7813-150000.1.6.1.s390x.rpm libstdc++6-13.2.1+git7813-150000.1.6.1.s390x.rpm libgcc_s1-13.2.1+git7813-150000.1.6.1.aarch64.rpm libstdc++6-13.2.1+git7813-150000.1.6.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4475 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for xen fixes the following issues: - CVE-2023-20588: AMD CPU transitional execution leak via division by zero (XSA-439) (bsc#1215474). - CVE-2023-34322: top-level shadow reference dropped too early for 64-bit PV guests (XSA-438) (bsc#1215145). - CVE-2023-34325: Multiple vulnerabilities in libfsimage disk handling (XSA-443) (bsc#1215747). - CVE-2023-34326: x86/AMD: missing IOMMU TLB flushing (XSA-442) (bsc#1215746). - CVE-2023-34327,CVE-2023-34328: x86/AMD: Debug Mask handling (XSA-444) (bsc#1215748). - CVE-2023-46835: x86/AMD: mismatch in IOMMU quarantine page table levels (XSA-445) (bsc#1216654). - CVE-2023-46836: x86: BTC/SRSO fixes not fully effective (XSA-446) (bsc#1216807). - Upstream bug fixes (bsc#1027519) xen-4.17.2_08-150500.3.15.1.src.rpm True xen-libs-4.17.2_08-150500.3.15.1.x86_64.rpm True openSUSE-Leap-Micro-5.5-2023-4703 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for dracut fixes the following issues: - Update to version 055+suse.375.g1167ed75 - Fix network device naming in udev-rules (bsc#1192986) dracut-055+suse.375.g1167ed75-150500.3.15.1.src.rpm dracut-055+suse.375.g1167ed75-150500.3.15.1.x86_64.rpm dracut-fips-055+suse.375.g1167ed75-150500.3.15.1.x86_64.rpm dracut-055+suse.375.g1167ed75-150500.3.15.1.s390x.rpm dracut-fips-055+suse.375.g1167ed75-150500.3.15.1.s390x.rpm dracut-055+suse.375.g1167ed75-150500.3.15.1.aarch64.rpm dracut-fips-055+suse.375.g1167ed75-150500.3.15.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4504 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for libxml2 fixes the following issues: - CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). libxml2-2-2.10.3-150500.5.11.1.x86_64.rpm libxml2-2.10.3-150500.5.11.1.src.rpm libxml2-python-2.10.3-150500.5.11.1.src.rpm libxml2-tools-2.10.3-150500.5.11.1.x86_64.rpm python3-libxml2-2.10.3-150500.5.11.1.x86_64.rpm libxml2-2-2.10.3-150500.5.11.1.s390x.rpm libxml2-tools-2.10.3-150500.5.11.1.s390x.rpm python3-libxml2-2.10.3-150500.5.11.1.s390x.rpm libxml2-2-2.10.3-150500.5.11.1.aarch64.rpm libxml2-tools-2.10.3-150500.5.11.1.aarch64.rpm python3-libxml2-2.10.3-150500.5.11.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4723 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) libtirpc-1.3.4-150300.3.23.1.src.rpm libtirpc-netconfig-1.3.4-150300.3.23.1.x86_64.rpm libtirpc3-1.3.4-150300.3.23.1.x86_64.rpm libtirpc-netconfig-1.3.4-150300.3.23.1.s390x.rpm libtirpc3-1.3.4-150300.3.23.1.s390x.rpm libtirpc-netconfig-1.3.4-150300.3.23.1.aarch64.rpm libtirpc3-1.3.4-150300.3.23.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4620 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for libhugetlbfs fixes the following issue: - Add patch for upstream issue (bsc#1216576, bsc#1213639) libhugetlbfs-2.20-150000.3.8.1.src.rpm libhugetlbfs-2.20-150000.3.8.1.x86_64.rpm libhugetlbfs-2.20-150000.3.8.1.s390x.rpm libhugetlbfs-2.20-150000.3.8.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4642 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed fixes the following issues: Changes in kernel-firmware-nvidia-gspx-G06: - update firmware to version 545.29.02 Changes in nvidia-open-driver-G06-signed: - Update to 545.29.02 - added fbdev=1 option for nvidia-drm module, which gives us a proper framebuffer console now ... - nosimplefb kernel option no longer needed with usage of nvidia-drm's fbdev=1 option - nvidia's NVreg_OpenRmEnableUnsupportedGpus=1 option no longer needed; GeForce and Workstation GPUs now officially supported - support added for H100/H800 GPUs (Hopper) - no longer try to overwrite NVreg_OpenRMEnableSupporteGpus driver option setting; apparently it's ignored by the driver (boo#1215981, comment#26) - use different modprobe.d config file to resolve conflict with older driver package (boo#1217370); overwrite NVreg_OpenRMEnableSupporteGpus driver option setting (disable it), since letting it enabled is supposed to break booting (boo#1215981, comment#23) kernel-firmware-nvidia-gspx-G06-545.29.02-150500.11.12.1.nosrc.rpm kernel-firmware-nvidia-gspx-G06-545.29.02-150500.11.12.1.x86_64.rpm nvidia-open-driver-G06-signed-545.29.02-150500.3.18.1.src.rpm nvidia-open-driver-G06-signed-kmp-default-545.29.02_k5.14.21_150500.55.36-150500.3.18.1.x86_64.rpm kernel-firmware-nvidia-gspx-G06-545.29.02-150500.11.12.1.aarch64.rpm nvidia-open-driver-G06-signed-kmp-default-545.29.02_k5.14.21_150500.55.36-150500.3.18.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4517 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for python3-setuptools fixes the following issues: - CVE-2022-40897: Fixed Regular Expression Denial of Service (ReDoS) in package_index.py (bsc#1206667). python3-setuptools-44.1.1-150400.9.6.1.noarch.rpm python3-setuptools-44.1.1-150400.9.6.1.src.rpm openSUSE-Leap-Micro-5.5-2023-4518 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for openssl-1_1 fixes the following issues: - CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). libopenssl-1_1-devel-1.1.1l-150500.17.22.1.x86_64.rpm libopenssl1_1-1.1.1l-150500.17.22.1.x86_64.rpm libopenssl1_1-hmac-1.1.1l-150500.17.22.1.x86_64.rpm openssl-1_1-1.1.1l-150500.17.22.1.src.rpm openssl-1_1-1.1.1l-150500.17.22.1.x86_64.rpm libopenssl-1_1-devel-1.1.1l-150500.17.22.1.s390x.rpm libopenssl1_1-1.1.1l-150500.17.22.1.s390x.rpm libopenssl1_1-hmac-1.1.1l-150500.17.22.1.s390x.rpm openssl-1_1-1.1.1l-150500.17.22.1.s390x.rpm libopenssl-1_1-devel-1.1.1l-150500.17.22.1.aarch64.rpm libopenssl1_1-1.1.1l-150500.17.22.1.aarch64.rpm libopenssl1_1-hmac-1.1.1l-150500.17.22.1.aarch64.rpm openssl-1_1-1.1.1l-150500.17.22.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4500 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for ucode-intel fixes the following issues: - Updated to Intel CPU Microcode 20231114 release. (bsc#1215278) - CVE-2023-23583: Fixed potential CPU deadlocks or privilege escalation. (bsc#1215278) ucode-intel-20231114-150200.35.1.src.rpm ucode-intel-20231114-150200.35.1.x86_64.rpm openSUSE-Leap-Micro-5.5-2023-4550 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for fdo-client fixes the following issues: - Removed build key via utils/keys_gen.sh. (bsc#1216293) fdo-client-1.0.0+git20210816.baa09b5-150500.3.3.1.src.rpm fdo-client-1.0.0+git20210816.baa09b5-150500.3.3.1.x86_64.rpm fdo-client-devel-1.0.0+git20210816.baa09b5-150500.3.3.1.x86_64.rpm fdo-client-1.0.0+git20210816.baa09b5-150500.3.3.1.s390x.rpm fdo-client-devel-1.0.0+git20210816.baa09b5-150500.3.3.1.s390x.rpm fdo-client-1.0.0+git20210816.baa09b5-150500.3.3.1.aarch64.rpm fdo-client-devel-1.0.0+git20210816.baa09b5-150500.3.3.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4672 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for suse-build-key fixes the following issues: This update runs a import-suse-build-key script. The previous libzypp-post-script based installation is replaced with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777). - suse-build-key-import.service - suse-build-key-import.timer It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. After successful import the timer is disabled. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc suse-build-key-12.0-150000.8.37.1.noarch.rpm suse-build-key-12.0-150000.8.37.1.src.rpm openSUSE-Leap-Micro-5.5-2023-4619 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for sqlite3 fixes the following issues: - CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660). libsqlite3-0-3.44.0-150000.3.23.1.x86_64.rpm sqlite3-3.44.0-150000.3.23.1.src.rpm sqlite3-tcl-3.44.0-150000.3.23.1.x86_64.rpm libsqlite3-0-3.44.0-150000.3.23.1.s390x.rpm sqlite3-tcl-3.44.0-150000.3.23.1.s390x.rpm libsqlite3-0-3.44.0-150000.3.23.1.aarch64.rpm sqlite3-tcl-3.44.0-150000.3.23.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4557 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for vim fixes the following issues: Updated to version 9.0 with patch level 2103, fixes the following security problems * CVE-2023-5344: vim: Heap-based Buffer Overflow in vim prior to 9.0.1969 (bsc#1215940) * CVE-2023-5441: vim: segfault in exmode when redrawing (bsc#1216001) * CVE-2023-5535: vim: use-after-free from buf_contents_changed() (bsc#1216167) * CVE-2023-46246: vim: Integer Overflow in :history command (bsc#1216696) * CVE-2023-4738: vim: heap-buffer-overflow in vim_regsub_both (bsc#1214922) * CVE-2023-4735: vim: OOB Write ops.c (bsc#1214924) * CVE-2023-4734: vim: segmentation fault in function f_fullcommand (bsc#1214925) * CVE-2023-4733: vim: use-after-free in function buflist_altfpos (bsc#1215004) * CVE-2023-4752: vim: Heap Use After Free in function ins_compl_get_exp (bsc#1215006) * CVE-2023-4781: vim: heap-buffer-overflow in function vim_regsub_both (bsc#1215033) vim-9.0.2103-150500.20.6.1.src.rpm vim-data-common-9.0.2103-150500.20.6.1.noarch.rpm vim-small-9.0.2103-150500.20.6.1.x86_64.rpm vim-small-9.0.2103-150500.20.6.1.s390x.rpm vim-small-9.0.2103-150500.20.6.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4699 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for gpg2 fixes the following issues: - `dirmngr-client --validate` is broken for DER-encoded files (bsc#1217212) gpg2-2.2.27-150300.3.8.1.src.rpm gpg2-2.2.27-150300.3.8.1.x86_64.rpm gpg2-2.2.27-150300.3.8.1.s390x.rpm gpg2-2.2.27-150300.3.8.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4628 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for podman fixes the following issues: This update ships podman version 4.7.2: * WSL: Fixed podman compose command. * Fixed a bug in podman compose to try all configured providers before throwing an error (#20502). * Mask /sys/devices/virtual/powercap ( GHSA-jq35-85cj-fj4p) - podman-docker: Provides docker to avoid conflicts when using podman with docker-compose (bsc#1215926) - Update to version 4.7.1: * Bugfixes * Fixed a bug involving non-English locales of Windows where machine installs using user-mode networking were rejected due to erroneous version detection (#20209). * Fixed a regression in --env-file handling (#19565). * Fixed a bug where podman inspect would fail when stat'ing a device failed. * API * The network list compat API endpoint is now much faster (#20035). - Build against latest stable Go version (bsc#1215807) - Update to version 4.7.0: * Security * Now the io.containers.capabilities LABEL in an image can be an empty string. * Features * New command set: podman farm [create,list,remove,update] has been created to "farm" out builds to machines running Podman for different architectures. * New command: podman compose as a thin wrapper around an external compose provider such as docker-compose or podman-compose. * FreeBSD: podman run --device is now supported. * Linux: Add a new --module flag for Podman. * Podmansh: Timeout is now configurable using the podmansh_timeout option in containers.conf. * SELinux: Add support for confined users to create containers but restrict them from creating privileged containers. * WSL: Registers shared socket bindings on Windows, to allow other WSL distributions easy remote access (#15190). * WSL: Enabling user-mode-networking on older WSL2 generations will now detect an error with upgrade guidance. * The podman build command now supports two new options: --layer-label and --cw. * The podman kube generate command now supports generation of k8s DaemonSet kind (#18899). * The podman kube generate and podman kube play commands now support the k8s TerminationGracePeriodSeconds field (RH BZ#2218061). * The podman kube generate and podman kube play commands now support securityContext.procMount: Unmasked (#19881). * The podman generate kube command now supports a --podman-only flag to allow podman-only reserved annotations to be used in the generated YAML file. These annotations cannot be used by Kubernetes. * The podman kube generate now supports a --no-trunc flag that supports YAML files with annotations longer than 63 characters. Warning: if an annotation is longer than 63 chars, then the generated yaml file is not Kubernetes compatible. * An infra name annotation io.podman.annotations.infra.name is added in the generated yaml when the pod create command has --infra-name set. This annotation can also be used with kube play when wanting to customize the infra container name (#18312). * The syntax of --uidmap and --gidmap has been extended to lookup the parent user namespace and to extend default mappings (#18333). * The podman kube commands now support the List kind (#19052). * The podman kube play command now supports environment variables in kube.yaml (#15983). * The podman push and podman manifest push commands now support the --force-compression optionto prevent reusing other blobs (#18860). * The podman manifest push command now supports --add-compression to push with compressed variants. * The podman manifest push command now honors the add_compression field from containers.conf if --add-compression is not set. * The podman run and podman create --mount commands now support the ramfs type (#19659). * When running under systemd (e.g., via Quadlet), Podman will extend the start timeout in 30 second steps up to a maximum of 5 minutes when pulling an image. * The --add-host option now accepts the special string host-gateway instead of an IP Address, which will be mapped to the host IP address. * The podman generate systemd command is deprecated. Use Quadlet for running containers and pods under systemd. * The podman secret rm command now supports an --ignore option. * The --env-file option now supports multiline variables (#18724). * The --read-only-tmpfs flag now affects /dev and /dev/shm as well as /run, /tmp, /var/tmp (#12937). * The Podman --mount option now supports bind mounts passed as globs. * The --mount option can now be specified in containers.conf using the mounts field. * The podman stats now has an --all option to get all containers stats (#19252). * There is now a new --sdnotify=healthy policy where Podman sends the READY message once the container turns healthy (#6160). * Temporary files created when dealing with images in /var/tmp will automatically be cleaned up on reboot. * There is now a new filter option since for podman volume ls and podman volume prune (#19228). * The podman inspect command now has tab-completion support (#18672). * The podman kube play command now has support for the use of reserved annotations in the generated YAML. * The progress bar is now displayed when decompressing a Podman machine image (#19240). * The podman secret inspect command supports a new option --showsecret which will output the actual secret. * The podman secret create now supports a --replace option, which allows you to modify secrets without replacing containers. * The podman login command can now read the secret for a registry from its secret database created with podman secret create (#18667). * The remote Podman client’s podman play kube command now works with the --userns option (#17392). * Changes * The /tmp and /var/tmp inside of a podman kube play will no longer be noexec. * The limit of inotify instances has been bumped from 128 to 524288 for podman machine (#19848). * The podman kube play has been improved to only pull a newer image for the "latest" tag (#19801). * Pulling from an oci transport will use the optional name for naming the image. * The podman info command will always display the existence of the Podman socket. * The echo server example in socket_activation.md has been rewritten to use quadlet instead of podman generate systemd. * Kubernetes support table documentation correctly show volumes support. * The podman auto-update manpage and documentation has been updated and now includes references to Quadlet. * Quadlet * Quadlet now supports setting Ulimit values. * Quadlet now supports setting the PidsLimit option in a container. * Quadlet unit files allow DNS field in Network group and DNS, DNSSearch, and DNSOption field in Container group (#19884). * Quadlet now supports ShmSize option in unit files. * Quadlet now recursively calls in user directories for unit files. * Quadlet now allows the user to set the service working directory relative to the YAML or Unit files (17177). * Quadlet now allows setting user-defined names for Volume and Network units via the VolumeName and NetworkName directives, respectively. * Kube quadlets can now support autoupdate. * Bugfixes * Fixed an issue where containers were being restarted after a podman kill. * Fixed a bug where events could report incorrect healthcheck results (#19237). * Fixed a bug where running a container in a pod didn't fail if volumes or mounts were specified in the containers.conf file. * Fixed a bug where pod cgroup limits were not being honored after a reboot (#19175). * Fixed a bug where podman rm -af could fail to remove containers under some circumstances (#18874). * Fixed a bug in rootless to clamp oom_score_adj to current value if it is too low (#19829). * Fixed a bug where --hostuser was being parsed in base 8 instead of base 10 (#19800). * Fixed a bug where kube down would error when an object did not exist (#19711). * Fixed a bug where containers created via DOCKER API without specifying StopTimeout had StopTimeout defaulting to 0 seconds (#19139). * Fixed a bug in podman exec to set umask to match the container it's execing into (#19713). * Fixed a bug where podman kube play failed to set a container's Umask to the default 0022. * Fixed a bug to automatically reassign Podman's machine ssh port on Windows when it conflicts with in-use system ports (#19554). * Fixed a bug where locales weren't passed to conmon correctly, resulting in a crash if some characters were specified over CLI (containers/common/#272). * Fixed a bug where podman top would sometimes not print the full output (#19504). * Fixed a bug were podman logs --tail could return incorrect lines when the k8s-file logger is used (#19545). * Fixed a bug where podman stop did not ignore cidfile not existing when user specified --ignore flag (#19546). * Fixed a bug where a container with an image volume and an inheri... - Update to version 4.6.2: * Changes * Fixed a performance issue when calculating diff sizes in overlay. The podman system df command should see a significant performance improvement (#19467). * Bugfixes * Fixed a bug where containers in a pod would use the pod restart policy over the set container restart policy (#19671). * API * Fixed a bug in the Compat Build endpoint where the pull query parameter did not parse 0/1 as a boolean (#17778). * Misc * Updated the containers/storage library to v1.48.1 - Update to version 4.6.1: * Quadlet * Quadlet now selects the first Quadlet file found when multiple Quadlets exist with the same name. * API * Fixed a bug in the container kill endpoint to correctly return 409 when a container is not running (#19368). * Misc * Updated Buildah to v1.31.2 * Updated the containers/common library to v0.55.3 - Recommend gvisor-tap-vsock, required for `podmand machine` - Update to version 4.6.0: * Features * The podman manifest inspect command now supports the --authfile option, for authentication purposes. * The podman wait command now supports --condition={healthy,unhealthy}, allowing waits on successful health checks. * The podman push command now supports a new option, --compression-level, which specifies the compression level to use (#18939). * The podman machine start command, when run with --log-level=debug, now creates a console window to display the virtual machine while booting. * Podman now supports a new option, --imagestore, which allows images to be stored in a different directory than the graphroot. * The --ip-range option to the podman network create command now accepts a new syntax, <startIP>-<endIP>, which allows more flexibility when limiting the ip range that Podman assigns. * [Tech Preview] A new command, podmansh, has been added, which executes a user shell within a container when the user logs into the system. The container that the users get added to can be defined via a Podman Quadlet file. This feature is currently a Tech Preview which means it's ready for users to try out but changes can be expected in upcoming versions. * The podman network create command supports a new --option, bclim, for the macvlan driver. * The podman network create command now supports adding static routes using the --route option. * The podman network create command supports a new --option, no_default_route for all drivers. * The podman info command now prints network information about the binary path, package version, program version and DNS information (#18443). * The podman info command now displays the number of free locks available, helping to debug lock exhaustion scenarios. * The podman info command now outputs information about pasta, if it exists in helper_binaries_dir or $PATH. * The remote Podman client’s podman build command now accepts Containerfiles that are not in the context directory (#18239). * The remote Podman client’s podman play kube command now supports the --configmap option (#17513). * The podman kube play command now supports multi-doc YAML files for configmap arguments. (#18537). * The podman pod create command now supports a new flag, --restart, which sets the restart policy for all the containers in a pod. * The --format={{.Restarts}} option to the podman ps command now shows the number of times a container has been restarted based on its restart policy. * The --format={{.Restarts}} option to the podman pod ps command now shows the total number of container restarts in a pod. * The podman machine provider can now be specified via the CONTAINERS_MACHINE_PROVIDER environment variable, as well as via the provider field in containers.conf (#17116). * A default list of pasta arguments can now be set in containers.conf via pasta_options. * The podman machine init and podman machine set commands now support a new option, --user-mode-networking, which improves interops with VPN configs that drop traffic from WSL networking, on Windows. * The remote Podman client’s podman push command now supports the --digestfile option (#18216). * Podman now supports a new option, --out, that allows redirection or suppression of STDOUT (#18120). * Changes * When looking up an image by digest, the entire repository of the specified value is now considered. This aligns with Docker's behavior since v20.10.20. Previously, both the repository and the tag was ignored and Podman looked for an image with only a matching digest. Ignoring the name, repository, and tag of the specified value can lead to security issues and is considered harmful. * The podman system service command now emits a warning when binding to a TCP socket. This is not a secure configuration and the Podman team recommends against using it. * The podman top command no longer depends on ps(1) being present in the container image and now uses the one from the host (#19001). * The --filter id=xxx option will now treat xxx as a CID prefix, and not as a regular expression (#18471). * The --filter option now requires multiple --filter flags to specify multiple filters. It will no longer support the comma syntax (--filter label=a,label=b). * The slirp4netns binary for will now be searched for in paths specified by the helper_binaries_dir option in containers.conf (#18239). * Podman machine now updates /run/docker.sock within the guest to be consistent with its rootless/rootful setting (#18480). * The podman system df command now counts files which podman generates for use with specific containers as part of the disk space used by those containers, and which can be reclaimed by removing those containers. It also counts space used by files it associates with specific images and volumes as being used by those images and volumes. * The podman build command now returns a clearer error message when the Containerfile cannot be found. (#16354). * Containers created with --pid=host will no longer print errors on podman stop (#18460). * The podman manifest push command no longer requires a destination to be specified. If a destination is not provided, the source is used as the destination (#18360). * The podman system reset command now warns the user that the graphroot and runroot directories will be deleted (#18349), (#18295). * The package and package-install targets in Makefile have now been fixed and also renamed to rpm and rpm-install respectively for clarity (#18817). * Quadlet * Quadlet now exits with a non-zero exit code when errors are found (#18778). * Rootless podman quadlet files can now be installed in /etc/containers/systemd/users directory. * Quadlet now supports the AutoUpdate option. * Quadlet now supports the Mask and Unmask options. * Quadlet now supports the WorkingDir option, which specifies the default working dir in a container. * Quadlet now supports the Sysctl option, which sets namespaced kernel parameters for containers (#18727). * Quadlet now supports the SecurityLabelNetsted=true option, which allows nested SELinux containers. * Quadlet now supports the Pull option in .container files (#18779). * Quadlet now supports the ExitCode field in .kube files, which reflects the exit codes of failed containers. * Quadlet now supports PodmanArgs field. * Quadlet now supports the HostName field, which sets the container's host name, in .container files (#18486). * Bugfixes * Fixed a bug where the podman machine start command would fail with a 255 exit code. It now waits for systemd-user sessions to be up, and for SSH to be ready, addressing the flaky machine starts (#17403). * Fixed a bug where the podman auto update command did not correctly use authentication files when contacting container registries. * Fixed a bug where --label option to the podman volume ls command would return volumes that matched any of the filters, not all of them (#19219). * Fixed a bug where the podman kube play command did not recognize containerPort names inside Kubernetes liveness probes. Now, liveness probes support both containerPort names as well as port numbers (#18645). * Fixed a bug where the --dns option to the podman run command was ignored for macvlan networks (#19169). * Fixed a bug in the podman system service command where setting LISTEN_FDS when listening on TCP would misbehave. * Fixed a bug where hostnames were not recognized as a network alias. Containers can now resolve other hostnames, in addition to their names (#17370). * Fixed a bug where the podman pod run command would error after a reboot on a non-systemd system (#19175). * Fixed a bug where the --syslog option returned a fatal error when no syslog server was found (#19075). * Fixed a bug where the --mount option would parse the readonly option incorrectly (#18995). * Fixed a bug where hook executables invoked by the podman run command set an incorrect working directory. It now sets the correct working directory pointing to the container bundle directory (#18907). * Fixed a bug where the -device-cgroup-rule option was silently ignored in rootless mode ([#18698](https://github.com/containers/podman/issu... - Don't unconditionally Obsolete podman-cni-config, ensure clean upgrade path. - Prefer Podman's new network stack (netavark) exclusively on ALP - Remove unused podman-cni-config subpackage, add systemd - Update to version 4.5.1: * Security * Do not include image annotations when building spec. These annotations can have security implications - crun, for example, allows rootless containers to preserve the user's groups through an annotation. * Quadlet * Fixed a bug in quadlet to recognize the systemd optional prefix '-'. * Bugfixes * Fixed a bug where fully resolving symlink paths included the version number, breaking the path to homebrew-installed qemu files (#18111). * Fixed a bug where Podman was splitting the filter map slightly differently compared to Docker (#18092). * Fixed a bug where running make package did not work on RHEL 8 environments (#18421). * Fixed a bug to allow comma separated dns server IP addresses in podman network create --dns and podman network update --dns-add/--dns-drop (#18663). * Fixed a bug to correctly stop containers created with --restart=always in all cases (#18259). * Fixed a bug in podman-remote logs to correctly display errors reported by the server. * Fixed a bug to correctly tear down the network stack again when an error happened during the setup. * Fixed a bug in the remote API exec inspect call to correctly display updated information, e.g. when the exec process died (#18424). * Fixed a bug so that podman save on windows can now write to stdout by default (#18147). * Fixed a bug where podman machine rm with the qemu backend now correctly removes the machine connection after the confirmation message not before (#18330). * Fixed a problem where podman machine connections would try to connect to the ipv6 localhost ipv6 (::1) (#16470). * API * Fixed a bug in the compat container create endpoint which could result in a "duplicate mount destination" error when the volume path was not "clean", e.g. included a final slash at the end. (#18454). * The compat API now correctly accepts a tag in the images/create?fromSrc endpoint (#18597). - Update to version 4.5.0: * Features * The podman kube play command now supports the hostIPC field (#17157). * The podman kube play command now supports a new flag, --wait, that keeps the workload running in foreground until killed with a sigkill or sigterm. The workloads are cleaned up and removed when killed (#14522). * The podman kube generate and podman kube play commands now support SELinux filetype labels. * The podman kube play command now supports sysctl options (#16711). * The podman kube generate command now supports generating the Deployments (#17712). * The podman machine inspect command now shows information about named pipe addresses on Windows (#16860). * The --userns=keep-id option for podman create, run, and kube play now works for root containers by copying the current mapping into a new user namespace (#17337). * A new command has been added, podman secret exists, to verify if a secret with the given name exists. * The podman kube generate and podman kube play commands now support ulimit annotations (#16404). * The podman create, run, pod create, and pod clone commands now support a new option, --shm-size-systemd, that allows limiting tmpfs sizes for systemd-specific mounts (#17037). * The podman create and run commands now support a new option, --group-entry which customizes the entry that is written to the /etc/group file within the container when the --user option is used (#14965). * The podman create and podman run commands now support a new option, --security-opt label=nested, which allows SELinux labeling within a confined container. * A new command, podman machine os apply has been added, which applies OS changes to a Podman machine, from an OCI image. * The podman search command now supports two new options: --cert-dir and --creds. * Defaults for the --cgroup-config option for podman create and podman run can now be set in containers.conf. * Podman now supports auto updates for containers running inside a pod (#17181). * Podman can now use a SQLite database as a backend for increased stability. The default remains the old database, BoltDB. The database to use is selected through the database_backend field in containers.conf. * Netavark plugin support has been added. The netavark network backend now allows users to create custom network drivers. podman network create -d <plugin> can be used to create a network config for your plugin and then Podman will use it like any other config and takes care of setup/teardown on container start/stop. This requires at least Netavark version 1.6. * DHCP with macvlan and the netavark backend is now supported. * Changes * Remote builds using the podman build command no longer allows .containerignore or .dockerignore files to be symlinks outside the build context. * The podman system reset command now clears build caches. * The podman play kube command now adds ctrName as an alias to the pod network (#16544). * The podman kube generate command no longer adds hostPort to the pod spec when generating service kinds. * Using a private cgroup namespace with systemd containers on a cgroups v1 system will explicitly error (this configuration has never worked) (#17727). * The SYS_CHROOT capability has been re-added to the default set of capabilities. * Listing large quantities of images with the podman images command has seen a significant performance improvement (#17828). * Quadlet * Quadlet now supports the Rootfs= option, allowing containers to be based on rootfs in addition to image. * Quadlet now supports the Secret key in the Container group. * Quadlet now supports the Logdriver key in .container and .kube units. * Quadlet now supports the Mount key in .container files (#17632). * Quadlet now supports specifying static IPv4 and IPv6 addresses in .container files via the IP= and IP6= options. * Quadlet now supports health check configuration in .container files. * Quadlet now supports relative paths in the Volume key in .container files (#17418). * Quadlet now supports setting the UID and GID options for --userns=keep-id (#17908). * Quadlet now supports adding tmpfs filesystems through the Tmpfs key in .container files (#17907). * Quadlet now supports the UserNS option in .container files, which will replace the existing RemapGid, RemapUid, RemapUidSize and RemapUsers options in a future release (#17984). * Quadlet now includes a --version option. * Quadlet now forbids specifying SELinux label types, including disabling selinux separation. * Quadlet now does not set log-driver by default. * Fixed a bug where Quadlet did not recognize paths starting with systemd specifiers as absolute (#17906). * Bugfixes * Fixed a bug in the network list API where a race condition would cause the list to fail if a container had just been removed (#17341). * Fixed a bug in the podman image scp command to correctly use identity settings. * Fixed a bug in the remote Podman client's podman build command where building from stdin would fail. podman --remote build -f - now works correctly (#17495). * Fixed a bug in the podman volume prune command where exclusive (!=) filters would fail (#17051). * Fixed a bug in the --volume option in the podman create, run, pod create, and pod clone commands where specifying relative mappings or idmapped mounts would fail (#17517). * Fixed a bug in the podman kube play command where a secret would be created, but nothing would be printed on the terminal (#17071). * Fixed a bug in the podman kube down command where secrets were not removed. * Fixed a bug where cleaning up after an exited container could segfault on non-Linux operating systems. * Fixed a bug where the podman inspect command did not properly list the network configuration of containers created with --net=none or --net=host (#17385). * Fixed a bug where containers created with user-specified SELinux labels that created anonymous or named volumes would create those volumes with incorrect labels. * Fixed a bug where the podman checkpoint restore command could panic. * Fixed a bug in the podman events command where events could be returned more than once after a log file rotation (#17665). * Fixed a bug where errors from systemd when restarting units during a podman auto-update command were not reported. * Fixed a bug where containers created with the --health-on-failure=restart option were not restarting when the health state turned unhealthy (#17777). * Fixed a bug where containers using the slirp4netns network mode with the cidr option and a custom user namespace did not set proper DNS IPs in resolv.conf. * Fixed a bug where the podman auto-update command could fail to restart systemd units (#17607). * Fixed a bug where the podman play kube command did not properly handle secret.items in volumes (#17829). * Fixed a bug where the podman generate kube command could generate pods with invalid names and hostnames (#18054). * Fixed a bug where names of limits (such as RLIMIT_NOFILE) passed to the --ulimit option to podman create and podman run were case-sensitive (#18077). * Fixed a possible corruption issue with the configuration state of podman machine during system failures on Mac, Linux, and Windows. * API * The Compat Stats endpoint for Containers now returns the Id key as lowercase id to match Docker (#17869). * Fixed a bug where the Compat top endpoint incorrectly returned titles as a string instead of a list (#17524). * Misc * The podman version command no longer joins the rootless user namespace (#17657). * The podman-events --stream option is no longer hidden and is now documented. * Updated Buildah to v1.30.0 * Updated the containers/storage library to v1.46.1 * Updated the containers/image library to v5.25.0 * Updated the containers/common library to v0.52.0 - Don't build against EoL go versions, fixes bsc#1210299 podman-4.7.2-150500.3.3.1.src.rpm podman-4.7.2-150500.3.3.1.x86_64.rpm podman-docker-4.7.2-150500.3.3.1.noarch.rpm podman-remote-4.7.2-150500.3.3.1.x86_64.rpm podmansh-4.7.2-150500.3.3.1.x86_64.rpm podman-4.7.2-150500.3.3.1.s390x.rpm podman-remote-4.7.2-150500.3.3.1.s390x.rpm podmansh-4.7.2-150500.3.3.1.s390x.rpm podman-4.7.2-150500.3.3.1.ppc64le.rpm podman-remote-4.7.2-150500.3.3.1.ppc64le.rpm podmansh-4.7.2-150500.3.3.1.ppc64le.rpm podman-4.7.2-150500.3.3.1.aarch64.rpm podman-remote-4.7.2-150500.3.3.1.aarch64.rpm podmansh-4.7.2-150500.3.3.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2024-88 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for libsolv, zypper, libzypp fixes the following issues: - Expand RepoVars in URLs downloading a .repo file (bsc#1212160) - Fix search/info commands ignoring --ignore-unknown (bsc#1217593) - CheckAccessDeleted: fix 'running in container' filter (bsc#1218291) - Open rpmdb just once during execution of %posttrans scripts (bsc#1216412) - Make sure reboot-needed is remembered until next boot (bsc#1217873) - Stop using boost version 1 timer library (bsc#1215294) - Updated to version 0.7.27 - Add zstd support for the installcheck tool - Add putinowndirpool cache to make file list handling in repo_write much faster - Do not use deprecated headerUnload with newer rpm versions - Support complex deps in SOLVABLE_PREREQ_IGNOREINST - Fix minimization not prefering installed packages in some cases - Reduce memory usage in repo_updateinfoxml - Fix lock-step interfering with architecture selection - Fix choice rule handing for package downgrades - Fix complex dependencies with an "else" part sometimes leading to unsolved dependencies libsolv-0.7.27-150400.3.11.2.src.rpm True libsolv-tools-0.7.27-150400.3.11.2.x86_64.rpm True libzypp-17.31.27-150400.3.49.1.src.rpm True libzypp-17.31.27-150400.3.49.1.x86_64.rpm True zypper-1.14.68-150400.3.40.2.src.rpm True zypper-1.14.68-150400.3.40.2.x86_64.rpm True zypper-needs-restarting-1.14.68-150400.3.40.2.noarch.rpm True libsolv-tools-0.7.27-150400.3.11.2.s390x.rpm True libzypp-17.31.27-150400.3.49.1.s390x.rpm True zypper-1.14.68-150400.3.40.2.s390x.rpm True libsolv-tools-0.7.27-150400.3.11.2.aarch64.rpm True libzypp-17.31.27-150400.3.49.1.aarch64.rpm True zypper-1.14.68-150400.3.40.2.aarch64.rpm True openSUSE-Leap-Micro-5.5-2023-4603 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for selinux-policy fixes the following issues: - Extend module list for targeted policy * timedatex * rrdcached * stratisd * ica (bsc#1215405) * fedoratp * stalld * rhcd * wireguard selinux-policy-20230511+git9.1b35a6ab-150500.3.6.1.noarch.rpm selinux-policy-20230511+git9.1b35a6ab-150500.3.6.1.src.rpm selinux-policy-devel-20230511+git9.1b35a6ab-150500.3.6.1.noarch.rpm selinux-policy-targeted-20230511+git9.1b35a6ab-150500.3.6.1.noarch.rpm openSUSE-Leap-Micro-5.5-2023-4623 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for traceroute fixes the following issues: - CVE-2023-46316: wrapper scripts do not properly parse command lines (bsc#1216591). traceroute-2.0.21-150000.3.3.1.src.rpm traceroute-2.0.21-150000.3.3.1.x86_64.rpm traceroute-2.0.21-150000.3.3.1.s390x.rpm traceroute-2.0.21-150000.3.3.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4760 low SUSE Updates openSUSE-Leap-Micro 5.5 This optional update for llvm15 fixes the following issues: - Add missing LLVM 15 binary packages to Package Hub 15 SP5 (bsc#1217091) * clang15-devel * clang15-doc * libclang13 * llvm15 * llvm15-devel * llvm15-doc * llvm15-gold * llvm15-opt-viewer * llvm15-polly * llvm15-polly-devel * llvm15-vim-plugins * libomp15-devel * libLTO15 libLLVM15-15.0.7-150500.4.4.1.x86_64.rpm llvm15-15.0.7-150500.4.4.1.src.rpm libLLVM15-15.0.7-150500.4.4.1.s390x.rpm libLLVM15-15.0.7-150500.4.4.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4973 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update of duktape fixes the following issue: - duktape-devel is shipped to Basesystem module (bsc#1216296). duktape-2.6.0-150500.4.2.1.src.rpm libduktape206-2.6.0-150500.4.2.1.x86_64.rpm libduktape206-2.6.0-150500.4.2.1.s390x.rpm libduktape206-2.6.0-150500.4.2.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4624 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container fixes the following issues: Update to version 1.1.0 - Release notes https://github.com/kubevirt/kubevirt/releases/tag/v1.1.0 Update to version 1.0.1 - Release notes https://github.com/kubevirt/kubevirt/releases/tag/v1.0.1 kubevirt-1.1.0-150500.8.6.1.src.rpm kubevirt-manifests-1.1.0-150500.8.6.1.x86_64.rpm kubevirt-virtctl-1.1.0-150500.8.6.1.x86_64.rpm openSUSE-Leap-Micro-5.5-2023-4652 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer fixes the following issues: Update to version 1.58.0 - Release notes https://github.com/kubevirt/containerized-data-importer/releases/tag/v1.58.0 containerized-data-importer-1.58.0-150500.6.6.1.src.rpm containerized-data-importer-manifests-1.58.0-150500.6.6.1.x86_64.rpm openSUSE-Leap-Micro-5.5-2023-4678 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for lvm2 fixes the following issues: Updated lvm2 from LVM2.2.03.16 to LVM2.2.03.22 (jsc#PED-6753,jsc#PED-6754): - Version 2.03.22: * Fixed issues with LVM filters no longer working with SUSE Linux Enterprise 15 Service Pack 5 (bsc#1216938) * Fixed pv_major/pv_minor report field types so they are integers, not strings. * Added `lvmdevices --delnotfound` to delete entries for missing devices. * Always use cachepool name for metadata backup LV for `lvconvert --repair`. * Make metadata backup LVs read-only after pool's `lvconvert --repair`. * Improve VDO and Thin support with lvmlockd. * Handle `lvextend --usepolicies` for pools for all activation variants. * Fixed memleak in vgchange autoactivation setup. * Update py-compile building script. * Support conversion from thick to fully provisioned thin LV. * Cache/Thin-pool can use error and zero volumes for testing. * Individual thin volume can be cached, but cannot take snapshot. * Better internal support for handling error and zero target (for testing). * Resize COW above trimmed maximal size is does not return error. * Support parsing of vdo geometry format version 4. * Added lvm.conf thin_restore and cache_restore settings. * Handle multiple mounts while resizing volume with a FS. * Handle leading/trailing spaces in sys_wwid and sys_serial used by deivce_id. * Enhance lvm_import_vdo and use snapshot when converting VDO volume. * Fixed parsing of VDO metadata. * Fixed failing `-S|--select` for non-reporting cmds if using LV info/status fields. * Allow snapshots of raid+integrity LV. * Fixed multisegment RAID1 allocator to prevent using single disk for more legs. - Version 2.03.21: * Fixed activation of vdo-pool for with 0 length headers (converted pools). * Avoid printing internal init messages when creation integration devices. * Allow (write)cache over raid+integrity LV. - Version 2.03.20: * Fixed segfault if using `-S|--select` with log/report_command_log=1 setting. * Configure now fails when requested lvmlockd dependencies are missing. * Added some configure Gentoo enhancements for static builds. - Version 2.03.19: * Configure supports `--with-systemd-run` executed from udev rules. * Enhancement for build with MuslC systemd and non-bash system shells (dash). * Do not reset SYSTEMD_READY variable in udev for PVs on MD and loop devices. * Ensure udev is processing origin LV before its thick snapshots LVs. * Fixed and improve runtime memory size detection for VDO volumes. - Version 2.03.18: * Fixed issues reported by coverity scan. * Fixed warning for thin pool overprovisioning on lvextend (2.03.17). * Added support for writecache metadata_only and pause_writeback settings. * Fixed missing error messages in lvmdbusd. - Version 2.03.17: * Added new options (`--fs, --fsmode`) for FS handling when resizing LVs. * Fixed `lvremove -S|--select LV` to not also remove its historical LV right away. * Fixed lv_active field type to binary so --select and --binary applies properly. * Switch to use mallinfo2 and use it only with glibc. * Error out in lvm shell if using a cmd argument not supported in the shell. * Fixed lvm shell's lastlog command to report previous pre-command failures. * Extend VDO and VDOPOOL without flushing and locking fs. * Added `--valuesonly` option to lvmconfig to print only values without keys. * Updates configure with recent autoconf tooling. * Fixed `lvconvert --test --type vdo-pool` execution. * Added json_std output format for more JSON standard compliant version of output. * Fixed vdo_slab_size_mb value for converted VDO volume. * Fixed many corner cases in device_id, including handling of S/N duplicates. * Fixed various issues in lvmdbusd. device-mapper-2.03.22_1.02.196-150500.7.9.1.x86_64.rpm libdevmapper-event1_03-2.03.22_1.02.196-150500.7.9.1.x86_64.rpm libdevmapper1_03-2.03.22_1.02.196-150500.7.9.1.x86_64.rpm liblvm2cmd2_03-2.03.22-150500.7.9.1.x86_64.rpm lvm2-2.03.22-150500.7.9.1.src.rpm lvm2-2.03.22-150500.7.9.1.x86_64.rpm lvm2-device-mapper-2.03.22-150500.7.9.1.src.rpm device-mapper-2.03.22_1.02.196-150500.7.9.1.s390x.rpm libdevmapper-event1_03-2.03.22_1.02.196-150500.7.9.1.s390x.rpm libdevmapper1_03-2.03.22_1.02.196-150500.7.9.1.s390x.rpm liblvm2cmd2_03-2.03.22-150500.7.9.1.s390x.rpm lvm2-2.03.22-150500.7.9.1.s390x.rpm device-mapper-2.03.22_1.02.196-150500.7.9.1.aarch64.rpm libdevmapper-event1_03-2.03.22_1.02.196-150500.7.9.1.aarch64.rpm libdevmapper1_03-2.03.22_1.02.196-150500.7.9.1.aarch64.rpm liblvm2cmd2_03-2.03.22-150500.7.9.1.aarch64.rpm lvm2-2.03.22-150500.7.9.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4843 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for python3-cryptography fixes the following issues: - CVE-2023-49083: Fixed a NULL pointer dereference when loading certificates from a PKCS#7 bundle (bsc#1217592). python3-cryptography-3.3.2-150400.23.1.src.rpm python3-cryptography-3.3.2-150400.23.1.x86_64.rpm python3-cryptography-3.3.2-150400.23.1.s390x.rpm python3-cryptography-3.3.2-150400.23.1.ppc64le.rpm python3-cryptography-3.3.2-150400.23.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4659 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). - CVE-2023-46219: HSTS long file name clears contents (bsc#1217574). curl-8.0.1-150400.5.36.1.src.rpm curl-8.0.1-150400.5.36.1.x86_64.rpm libcurl4-8.0.1-150400.5.36.1.x86_64.rpm curl-8.0.1-150400.5.36.1.s390x.rpm libcurl4-8.0.1-150400.5.36.1.s390x.rpm curl-8.0.1-150400.5.36.1.aarch64.rpm libcurl4-8.0.1-150400.5.36.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4662 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for qemu fixes the following issues: - CVE-2021-3638: hw/display/ati_2d: Fix buffer overflow in ati_2d_blt (bsc#1188609) - CVE-2023-3180: virtio-crypto: verify src and dst buffer length for sym request (bsc#1213925) - CVE-2023-3354: io: remove io watch if TLS channel is closed during handshake (bsc#1212850) - [openSUSE] roms/ipxe: Backport 0aa2e4ec9635, in preparation of binutils 2.41 (bsc#1215311) - target/s390x: Fix the "ignored match" case in VSTRS (bsc#1213210) - linux-user/elfload: Enable vxe2 on s390x (bsc#1213210) qemu-7.1.0-150500.49.9.2.src.rpm qemu-7.1.0-150500.49.9.2.x86_64.rpm qemu-accel-tcg-x86-7.1.0-150500.49.9.2.x86_64.rpm qemu-audio-spice-7.1.0-150500.49.9.2.x86_64.rpm qemu-block-curl-7.1.0-150500.49.9.2.x86_64.rpm qemu-chardev-spice-7.1.0-150500.49.9.2.x86_64.rpm qemu-guest-agent-7.1.0-150500.49.9.2.x86_64.rpm qemu-hw-display-qxl-7.1.0-150500.49.9.2.x86_64.rpm qemu-hw-display-virtio-gpu-7.1.0-150500.49.9.2.x86_64.rpm qemu-hw-display-virtio-vga-7.1.0-150500.49.9.2.x86_64.rpm qemu-hw-usb-redirect-7.1.0-150500.49.9.2.x86_64.rpm qemu-ipxe-1.0.0+-150500.49.9.2.noarch.rpm qemu-seabios-1.16.0_0_gd239552-150500.49.9.2.noarch.rpm qemu-sgabios-8-150500.49.9.2.noarch.rpm qemu-tools-7.1.0-150500.49.9.2.x86_64.rpm qemu-ui-opengl-7.1.0-150500.49.9.2.x86_64.rpm qemu-ui-spice-core-7.1.0-150500.49.9.2.x86_64.rpm qemu-vgabios-1.16.0_0_gd239552-150500.49.9.2.noarch.rpm qemu-x86-7.1.0-150500.49.9.2.x86_64.rpm qemu-7.1.0-150500.49.9.2.s390x.rpm qemu-audio-spice-7.1.0-150500.49.9.2.s390x.rpm qemu-block-curl-7.1.0-150500.49.9.2.s390x.rpm qemu-chardev-spice-7.1.0-150500.49.9.2.s390x.rpm qemu-guest-agent-7.1.0-150500.49.9.2.s390x.rpm qemu-hw-display-qxl-7.1.0-150500.49.9.2.s390x.rpm qemu-hw-display-virtio-gpu-7.1.0-150500.49.9.2.s390x.rpm qemu-hw-display-virtio-vga-7.1.0-150500.49.9.2.s390x.rpm qemu-hw-usb-redirect-7.1.0-150500.49.9.2.s390x.rpm qemu-s390x-7.1.0-150500.49.9.2.s390x.rpm qemu-tools-7.1.0-150500.49.9.2.s390x.rpm qemu-ui-opengl-7.1.0-150500.49.9.2.s390x.rpm qemu-ui-spice-core-7.1.0-150500.49.9.2.s390x.rpm qemu-7.1.0-150500.49.9.2.aarch64.rpm qemu-arm-7.1.0-150500.49.9.2.aarch64.rpm qemu-audio-spice-7.1.0-150500.49.9.2.aarch64.rpm qemu-block-curl-7.1.0-150500.49.9.2.aarch64.rpm qemu-chardev-spice-7.1.0-150500.49.9.2.aarch64.rpm qemu-guest-agent-7.1.0-150500.49.9.2.aarch64.rpm qemu-hw-display-qxl-7.1.0-150500.49.9.2.aarch64.rpm qemu-hw-display-virtio-gpu-7.1.0-150500.49.9.2.aarch64.rpm qemu-hw-display-virtio-vga-7.1.0-150500.49.9.2.aarch64.rpm qemu-hw-usb-redirect-7.1.0-150500.49.9.2.aarch64.rpm qemu-tools-7.1.0-150500.49.9.2.aarch64.rpm qemu-ui-opengl-7.1.0-150500.49.9.2.aarch64.rpm qemu-ui-spice-core-7.1.0-150500.49.9.2.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4660 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for kernel-firmware fixes the following issues: Update AMD ucode to 20231030 (bsc#1215831): - CVE-2022-23820: Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution. - CVE-2021-46774: Insufficient input validation in ABL may enable a privileged attacker to perform arbitrary DRAM writes, potentially resulting in code execution and privilege escalation. - CVE-2023-20533: Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker using DMA to read/write from/to invalid DRAM address potentially resulting in denial-of-service. 0 CVE-2023-20519: A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest's migration agent resulting in a potential loss of guest integrity. - CVE-2023-20566: Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity. - CVE-2023-20521: TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service. - CVE-2021-46766: Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality. - CVE-2022-23830: SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory integrity. - CVE-2023-20526: Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality. - CVE-2021-26345: Failure to validate the value in APCB may allow an attacker with physical access to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service. - CVE-2023-20592: Issue with INVD instruction aka CacheWarpAttack (bsc#1215823). kernel-firmware-20230724-150500.3.9.1.src.rpm True kernel-firmware-all-20230724-150500.3.9.1.noarch.rpm True kernel-firmware-amdgpu-20230724-150500.3.9.1.noarch.rpm True kernel-firmware-ath10k-20230724-150500.3.9.1.noarch.rpm True kernel-firmware-ath11k-20230724-150500.3.9.1.noarch.rpm True kernel-firmware-atheros-20230724-150500.3.9.1.noarch.rpm True kernel-firmware-bluetooth-20230724-150500.3.9.1.noarch.rpm True kernel-firmware-bnx2-20230724-150500.3.9.1.noarch.rpm True kernel-firmware-brcm-20230724-150500.3.9.1.noarch.rpm True kernel-firmware-chelsio-20230724-150500.3.9.1.noarch.rpm True kernel-firmware-dpaa2-20230724-150500.3.9.1.noarch.rpm True kernel-firmware-i915-20230724-150500.3.9.1.noarch.rpm True kernel-firmware-intel-20230724-150500.3.9.1.noarch.rpm True kernel-firmware-iwlwifi-20230724-150500.3.9.1.noarch.rpm True kernel-firmware-liquidio-20230724-150500.3.9.1.noarch.rpm True kernel-firmware-marvell-20230724-150500.3.9.1.noarch.rpm True kernel-firmware-media-20230724-150500.3.9.1.noarch.rpm True kernel-firmware-mediatek-20230724-150500.3.9.1.noarch.rpm True kernel-firmware-mellanox-20230724-150500.3.9.1.noarch.rpm True kernel-firmware-mwifiex-20230724-150500.3.9.1.noarch.rpm True kernel-firmware-network-20230724-150500.3.9.1.noarch.rpm True kernel-firmware-nfp-20230724-150500.3.9.1.noarch.rpm True kernel-firmware-nvidia-20230724-150500.3.9.1.noarch.rpm True kernel-firmware-platform-20230724-150500.3.9.1.noarch.rpm True kernel-firmware-prestera-20230724-150500.3.9.1.noarch.rpm True kernel-firmware-qcom-20230724-150500.3.9.1.noarch.rpm True kernel-firmware-qlogic-20230724-150500.3.9.1.noarch.rpm True kernel-firmware-radeon-20230724-150500.3.9.1.noarch.rpm True kernel-firmware-realtek-20230724-150500.3.9.1.noarch.rpm True kernel-firmware-serial-20230724-150500.3.9.1.noarch.rpm True kernel-firmware-sound-20230724-150500.3.9.1.noarch.rpm True kernel-firmware-ti-20230724-150500.3.9.1.noarch.rpm True kernel-firmware-ueagle-20230724-150500.3.9.1.noarch.rpm True kernel-firmware-usb-network-20230724-150500.3.9.1.noarch.rpm True ucode-amd-20230724-150500.3.9.1.noarch.rpm True openSUSE-Leap-Micro-5.5-2023-4647 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for haproxy fixes the following issues: - CVE-2023-45539: Fixed misinterpretation of a path_end rule with # as part of the URI component (bsc#1217653). haproxy-2.4.22+git0.f8e3218e2-150400.3.19.1.src.rpm haproxy-2.4.22+git0.f8e3218e2-150400.3.19.1.x86_64.rpm haproxy-2.4.22+git0.f8e3218e2-150400.3.19.1.s390x.rpm haproxy-2.4.22+git0.f8e3218e2-150400.3.19.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4983 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for gnutls fixes the following issues: - CVE-2023-5981: Fixed timing side-channel inside RSA-PSK key exchange (bsc#1217277). gnutls-3.7.3-150400.4.38.1.src.rpm gnutls-3.7.3-150400.4.38.1.x86_64.rpm libgnutls30-3.7.3-150400.4.38.1.x86_64.rpm libgnutls30-hmac-3.7.3-150400.4.38.1.x86_64.rpm gnutls-3.7.3-150400.4.38.1.s390x.rpm libgnutls30-3.7.3-150400.4.38.1.s390x.rpm libgnutls30-hmac-3.7.3-150400.4.38.1.s390x.rpm gnutls-3.7.3-150400.4.38.1.aarch64.rpm libgnutls30-3.7.3-150400.4.38.1.aarch64.rpm libgnutls30-hmac-3.7.3-150400.4.38.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4902 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for openssh fixes the following issues: - CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity (bsc#1217950). the following non-security bug was fixed: - Fix the 'no route to host' error when connecting via ProxyJump openssh-8.4p1-150300.3.27.1.src.rpm openssh-8.4p1-150300.3.27.1.x86_64.rpm openssh-clients-8.4p1-150300.3.27.1.x86_64.rpm openssh-common-8.4p1-150300.3.27.1.x86_64.rpm openssh-fips-8.4p1-150300.3.27.1.x86_64.rpm openssh-server-8.4p1-150300.3.27.1.x86_64.rpm openssh-8.4p1-150300.3.27.1.s390x.rpm openssh-clients-8.4p1-150300.3.27.1.s390x.rpm openssh-common-8.4p1-150300.3.27.1.s390x.rpm openssh-fips-8.4p1-150300.3.27.1.s390x.rpm openssh-server-8.4p1-150300.3.27.1.s390x.rpm openssh-8.4p1-150300.3.27.1.aarch64.rpm openssh-clients-8.4p1-150300.3.27.1.aarch64.rpm openssh-common-8.4p1-150300.3.27.1.aarch64.rpm openssh-fips-8.4p1-150300.3.27.1.aarch64.rpm openssh-server-8.4p1-150300.3.27.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4670 critical SUSE Updates openSUSE-Leap-Micro 5.5 This update for regionServiceClientConfigGCE fixes the following issue: - Update to version 4.0.1 (bsc#1217538) regionServiceClientConfigGCE-4.0.1-150000.4.12.1.noarch.rpm regionServiceClientConfigGCE-4.0.1-150000.4.12.1.src.rpm openSUSE-Leap-Micro-5.5-2023-4669 critical SUSE Updates openSUSE-Leap-Micro 5.5 This update for regionServiceClientConfigAzure fixes the following issue: - Update to version 2.0.1 (bsc#1217537) regionServiceClientConfigAzure-2.0.1-150000.3.19.1.noarch.rpm regionServiceClientConfigAzure-2.0.1-150000.3.19.1.src.rpm openSUSE-Leap-Micro-5.5-2023-4668 critical SUSE Updates openSUSE-Leap-Micro 5.5 This update for regionServiceClientConfigEC2 fixes the following issue: - Update to version 4.1.1 (bsc#1217536) regionServiceClientConfigEC2-4.1.1-150000.3.27.1.noarch.rpm regionServiceClientConfigEC2-4.1.1-150000.3.27.1.src.rpm openSUSE-Leap-Micro-5.5-2023-4671 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update of man fixes the following problem: - The "man" commands is delivered to SUSE Linux Enterprise Micro to allow browsing man pages. groff-1.22.4-150400.5.2.1.src.rpm groff-1.22.4-150400.5.2.1.x86_64.rpm system-group-hardware-20170617-150400.24.2.1.noarch.rpm system-group-kvm-20170617-150400.24.2.1.noarch.rpm system-group-libvirt-20170617-150400.24.2.1.noarch.rpm system-group-wheel-20170617-150400.24.2.1.noarch.rpm system-user-lp-20170617-150400.24.2.1.noarch.rpm system-user-nobody-20170617-150400.24.2.1.noarch.rpm system-user-qemu-20170617-150400.24.2.1.noarch.rpm system-user-tftp-20170617-150400.24.2.1.noarch.rpm system-user-tss-20170617-150400.24.2.1.noarch.rpm system-users-20170617-150400.24.2.1.src.rpm openSUSE-Leap-Micro-5.5-2024-21 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for net-snmp fixes the following issues: Update to net-snmp-5.9.4 (bsc#1214364). - libsnmp: - Remove the SNMP_SWIPE_MEM() macro Remove this macro since it is not used in the Net-SNMP code base. - DISPLAY-HINT fixes - Miscellanious improvements to the transports - Handle multiple oldEngineID configuration lines - fixes for DNS names longer than 63 characters - agent: - Added a ignoremount configuration option for the HOST-MIB - disallow SETs with a NULL varbind - fix the --enable-minimalist build - apps: - snmpset: allow SET with NULL varbind for testing - snmptrapd: improved MySQL logging code - general: - configure: Remove -Wno-deprecated as it is no longer needed - miscellanious ther bug fixes, build fixes and cleanups - Re-add support for hostname netgroups that was removed accidentally and previously added with FATE#316305 (bsc#1207697). '@hostgroup' can be specified for multiple hosts - Hardening systemd services setting "ProtectHome=true" caused home directory size and allocation to be listed incorrectly (bsc#1206044). libsnmp40-5.9.4-150300.15.11.1.x86_64.rpm net-snmp-5.9.4-150300.15.11.1.src.rpm snmp-mibs-5.9.4-150300.15.11.1.x86_64.rpm libsnmp40-5.9.4-150300.15.11.1.s390x.rpm snmp-mibs-5.9.4-150300.15.11.1.s390x.rpm libsnmp40-5.9.4-150300.15.11.1.aarch64.rpm snmp-mibs-5.9.4-150300.15.11.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2024-53 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for python-kiwi fixes the following issues: - Add `partx` to module-setup of kiwi-lib (bsc#1216465) - Change partprobe fallback to partx (bsc#1216465): Informing the kernel about a new partition geometry can be done in a busy state and is also effective for new devices and new mounts based on the new geometry. busy state mounts of course will not see it until swap of the busy state but a complete refuse of operation like it happens with blockdev is imho not required. Just as partprobe, partx is less restrictive on the busy state. That's why this commit changes the partprobe fallback to use partx instead of blockdev - Create live persistent storage without busy state (bsc#1216465): With the former logic the live ISO was already mounted when an eventual persistent storage partition was created. This leads to an issue on re-reading the partition table, not for all but several tools. This commit changes the order of tasks such that the setup of the persistent write storage is performed prior mounting the live ISO. In addition to this change an alternative method using blockdev to re-read the partition was added in case partprobe is not present. This also allows to get rid of the parted dependency which provides partprobe - Add alternative re-reading of the partition table (bsc#1216465): dracut-kiwi-lib-9.24.43-150100.3.65.1.x86_64.rpm dracut-kiwi-oem-dump-9.24.43-150100.3.65.1.x86_64.rpm dracut-kiwi-oem-repart-9.24.43-150100.3.65.1.x86_64.rpm python-kiwi-9.24.43-150100.3.65.1.src.rpm dracut-kiwi-lib-9.24.43-150100.3.65.1.s390x.rpm dracut-kiwi-oem-dump-9.24.43-150100.3.65.1.s390x.rpm dracut-kiwi-oem-repart-9.24.43-150100.3.65.1.s390x.rpm dracut-kiwi-lib-9.24.43-150100.3.65.1.aarch64.rpm dracut-kiwi-oem-dump-9.24.43-150100.3.65.1.aarch64.rpm dracut-kiwi-oem-repart-9.24.43-150100.3.65.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4680 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for selinux-policy fixes the following issues: - Trigger rebuild of the policy when pcre2 gets updated to avoid regex version mismatch errors (bsc#1216747) selinux-policy-20230511+git9.1b35a6ab-150500.3.9.1.noarch.rpm selinux-policy-20230511+git9.1b35a6ab-150500.3.9.1.src.rpm selinux-policy-devel-20230511+git9.1b35a6ab-150500.3.9.1.noarch.rpm selinux-policy-targeted-20230511+git9.1b35a6ab-150500.3.9.1.noarch.rpm openSUSE-Leap-Micro-5.5-2024-50 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for python-instance-billing-flavor-check fixes the following issues: - Run the command as sudo only (bsc#1217696, bsc#1217695) - Handle exception for Python 3.4 python-cssselect-1.0.3-150000.3.5.1.src.rpm python3-cssselect-1.0.3-150000.3.5.1.noarch.rpm openSUSE-Leap-Micro-5.5-2023-4901 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for avahi fixes the following issues: - CVE-2023-38472: Fixed reachable assertion in avahi_rdata_parse (bsc#1216853). avahi-0.8-150400.7.13.1.src.rpm avahi-0.8-150400.7.13.1.x86_64.rpm libavahi-client3-0.8-150400.7.13.1.x86_64.rpm libavahi-common3-0.8-150400.7.13.1.x86_64.rpm libavahi-core7-0.8-150400.7.13.1.x86_64.rpm avahi-0.8-150400.7.13.1.s390x.rpm libavahi-client3-0.8-150400.7.13.1.s390x.rpm libavahi-common3-0.8-150400.7.13.1.s390x.rpm libavahi-core7-0.8-150400.7.13.1.s390x.rpm avahi-0.8-150400.7.13.1.aarch64.rpm libavahi-client3-0.8-150400.7.13.1.aarch64.rpm libavahi-common3-0.8-150400.7.13.1.aarch64.rpm libavahi-core7-0.8-150400.7.13.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4727 important SUSE Updates openSUSE-Leap-Micro 5.5 This update of runc and containerd fixes the following issues: containerd: - Update to containerd v1.7.8. Upstream release notes: https://github.com/containerd/containerd/releases/tag/v1.7.8 * CVE-2022-1996: Fixed CORS bypass in go-restful (bsc#1200528) catatonit: - Update to catatonit v0.2.0. * Change license to GPL-2.0-or-later. - Update to catatont v0.1.7 * This release adds the ability for catatonit to be used as the only process in a pause container, by passing the -P flag (in this mode no subprocess is spawned and thus no signal forwarding is done). - Update to catatonit v0.1.6, which fixes a few bugs -- mainly ones related to socket activation or features somewhat adjacent to socket activation (such as passing file descriptors). runc: - Update to runc v1.1.10. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.10 containerd-1.7.8-150000.103.1.src.rpm containerd-1.7.8-150000.103.1.x86_64.rpm runc-1.1.10-150000.55.1.src.rpm runc-1.1.10-150000.55.1.x86_64.rpm containerd-1.7.8-150000.103.1.s390x.rpm runc-1.1.10-150000.55.1.s390x.rpm containerd-1.7.8-150000.103.1.aarch64.rpm runc-1.1.10-150000.55.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4985 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for samba fixes the following issues: - Add "net offlinejoin composeodj" command (bsc#1214076) samba-4.17.12+git.444.922f3bd625-150500.3.17.1.src.rpm samba-client-libs-4.17.12+git.444.922f3bd625-150500.3.17.1.x86_64.rpm samba-client-libs-4.17.12+git.444.922f3bd625-150500.3.17.1.s390x.rpm samba-client-libs-4.17.12+git.444.922f3bd625-150500.3.17.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2024-143 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for nvidia-open-driver-G06-signed fixes the following issues: - Update to 545.29.06 - no longer try to overwrite NVreg_OpenRmEnableUnsupportedGpus driver NVreg_OpenRmEnableUnsupportedGpus driver option setting (disable it), kernel-firmware-nvidia-gspx-G06-545.29.06-150500.11.15.1.nosrc.rpm kernel-firmware-nvidia-gspx-G06-545.29.06-150500.11.15.1.x86_64.rpm nvidia-open-driver-G06-signed-545.29.06-150500.3.21.5.src.rpm nvidia-open-driver-G06-signed-kmp-default-545.29.06_k5.14.21_150500.55.39-150500.3.21.5.x86_64.rpm kernel-firmware-nvidia-gspx-G06-545.29.06-150500.11.15.1.aarch64.rpm nvidia-open-driver-G06-signed-kmp-default-545.29.06_k5.14.21_150500.55.39-150500.3.21.5.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4730 important SUSE Updates openSUSE-Leap-Micro 5.5 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-6176: Fixed a denial of service in the cryptographic algorithm scatterwalk functionality (bsc#1217332). - CVE-2023-2006: Fixed a race condition in the RxRPC network protocol (bsc#1210447). - CVE-2023-5633: Fixed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface (bsc#1216527). - CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet() (bsc#1216976). - CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which could be exploited to achieve local privilege escalation (bsc#1215420). - CVE-2023-6039: Fixed a use-after-free in lan78xx_disconnect in drivers/net/usb/lan78xx.c (bsc#1217068). - CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path() (bsc#1216058). - CVE-2023-5158: Fixed a denial of service in vringh_kiov_advance() in drivers/vhost/vringh.c in the host side of a virtio ring (bsc#1215710). - CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may not be adequate for frames larger than the MTU (bsc#1216259). - CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216584). - CVE-2023-39198: Fixed a race condition leading to use-after-free in qxl_mode_dumb_create() (bsc#1216965). - CVE-2023-25775: Fixed improper access control in the Intel Ethernet Controller RDMA driver (bsc#1216959). - CVE-2023-46862: Fixed a NULL pointer dereference in io_uring_show_fdinfo() (bsc#1216693). The following non-security bugs were fixed: - ACPI: FPDT: properly handle invalid FPDT subtables (git-fixes). - ACPI: resource: Do IRQ override on TongFang GMxXGxx (git-fixes). - ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CVA (git-fixes). - ACPI: sysfs: Fix create_pnp_modalias() and create_of_modalias() (git-fixes). - ALSA: hda/realtek - ALC287 Realtek I2S speaker platform support (git-fixes). - ALSA: hda/realtek - Add Dell ALC295 to pin fall back table (git-fixes). - ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS UX7602ZM (git-fixes). - ALSA: hda/realtek: Add quirks for ASUS 2024 Zenbooks (git-fixes). - ALSA: hda/realtek: Add quirks for HP Laptops (git-fixes). - ALSA: hda/realtek: Add support dual speaker for Dell (git-fixes). - ALSA: hda/realtek: Enable Mute LED on HP 255 G10 (git-fixes). - ALSA: hda/realtek: Enable Mute LED on HP 255 G8 (git-fixes). - ALSA: hda: ASUS UM5302LA: Added quirks for cs35L41/10431A83 on i2c bus (git-fixes). - ALSA: hda: Disable power-save on KONTRON SinglePC (bsc#1217140). - ALSA: hda: Fix possible null-ptr-deref when assigning a stream (git-fixes). - ALSA: hda: cs35l41: Fix unbalanced pm_runtime_get() (git-fixes). - ALSA: hda: cs35l41: Undo runtime PM changes at driver exit time (git-fixes). - ALSA: hda: intel-dsp-config: Fix JSL Chromebook quirk detection (git-fixes). - ALSA: info: Fix potential deadlock at disconnection (git-fixes). - ALSA: usb-audio: add quirk flag to enable native DSD for McIntosh devices (git-fixes). - ARM: 9321/1: memset: cast the constant byte to unsigned char (git-fixes). - ASoC: Intel: Skylake: Fix mem leak when parsing UUIDs fails (git-fixes). - ASoC: SOF: core: Ensure sof_ops_free() is still called when probe never ran (git-fixes). - ASoC: ams-delta.c: use component after check (git-fixes). - ASoC: codecs: wsa-macro: fix uninitialized stack variables with name prefix (git-fixes). - ASoC: cs35l41: Undo runtime PM changes at driver exit time (git-fixes). - ASoC: cs35l41: Verify PM runtime resume errors in IRQ handler (git-fixes). - ASoC: fsl: Fix PM disable depth imbalance in fsl_easrc_probe (git-fixes). - ASoC: fsl: mpc5200_dma.c: Fix warning of Function parameter or member not described (git-fixes). - ASoC: hdmi-codec: register hpd callback on component probe (git-fixes). - ASoC: rt5650: fix the wrong result of key button (git-fixes). - ASoC: simple-card: fixup asoc_simple_probe() error handling (git-fixes). - ASoC: ti: omap-mcbsp: Fix runtime PM underflow warnings (git-fixes). - Bluetooth: btusb: Add 0bda:b85b for Fn-Link RTL8852BE (git-fixes). - Bluetooth: btusb: Add RTW8852BE device 13d3:3570 to device tables (git-fixes). - Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0cb8:0xc559 (git-fixes). - Bluetooth: btusb: Add date->evt_skb is NULL check (git-fixes). - Documentation: networking: correct possessive "its" (bsc#1215458). - Drivers: hv: vmbus: Remove unused extern declaration vmbus_ontimer() (git-fixes). - Fix termination state for idr_for_each_entry_ul() (git-fixes). - HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W (git-fixes). - HID: hyperv: Replace one-element array with flexible-array member (git-fixes). - HID: hyperv: avoid struct memcpy overrun warning (git-fixes). - HID: hyperv: remove unused struct synthhid_msg (git-fixes). - HID: lenovo: Detect quirk-free fw on cptkbd and stop applying workaround (git-fixes). - HID: logitech-hidpp: Do not restart IO, instead defer hid_connect() only (git-fixes). - HID: logitech-hidpp: Move get_wireless_feature_index() check to hidpp_connect_event() (git-fixes). - HID: logitech-hidpp: Remove HIDPP_QUIRK_NO_HIDINPUT quirk (git-fixes). - HID: logitech-hidpp: Revert "Do not restart communication if not necessary" (git-fixes). - Input: synaptics-rmi4 - fix use after free in rmi_unregister_function() (git-fixes). - Input: synaptics-rmi4 - handle reset delay when using SMBus trsnsport (git-fixes). - Input: xpad - add VID for Turtle Beach controllers (git-fixes). - NFS: Fix access to page->mapping (bsc#1216788). - PCI/ASPM: Fix L1 substate handling in aspm_attr_store_common() (git-fixes). - PCI/sysfs: Protect driver's D3cold preference from user space (git-fixes). - PCI: Disable ATS for specific Intel IPU E2000 devices (bsc#1215458). - PCI: Extract ATS disabling to a helper function (bsc#1215458). - PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD device (git-fixes). - PCI: Use FIELD_GET() in Sapphire RX 5600 XT Pulse quirk (git-fixes). - PCI: Use FIELD_GET() to extract Link Width (git-fixes). - PCI: exynos: Do not discard .remove() callback (git-fixes). - PCI: keystone: Do not discard .probe() callback (git-fixes). - PCI: keystone: Do not discard .remove() callback (git-fixes). - PCI: tegra194: Use FIELD_GET()/FIELD_PREP() with Link Width fields (git-fixes). - PCI: vmd: Correct PCI Header Type Register's multi-function check (git-fixes). - PM / devfreq: rockchip-dfi: Make pmu regmap mandatory (git-fixes). - PM: hibernate: Use __get_safe_page() rather than touching the list (git-fixes). - USB: dwc2: write HCINT with INTMASK applied (bsc#1214286). - USB: dwc3: qcom: fix ACPI platform device leak (git-fixes). - USB: dwc3: qcom: fix resource leaks on probe deferral (git-fixes). - USB: dwc3: qcom: fix software node leak on probe errors (git-fixes). - USB: dwc3: qcom: fix wakeup after probe deferral (git-fixes). - USB: serial: option: add Fibocom L7xx modules (git-fixes). - USB: serial: option: add Luat Air72*U series products (git-fixes). - USB: serial: option: do not claim interface 4 for ZTE MF290 (git-fixes). - USB: serial: option: fix FM101R-GL defines (git-fixes). - USB: usbip: fix stub_dev hub disconnect (git-fixes). - arm/xen: fix xen_vcpu_info allocation alignment (git-fixes). - arm64: Add Cortex-A520 CPU part definition (git-fixes) - arm64: allow kprobes on EL0 handlers (git-fixes) - arm64: armv8_deprecated move emulation functions (git-fixes) - arm64: armv8_deprecated: fix unused-function error (git-fixes) - arm64: armv8_deprecated: fold ops into insn_emulation (git-fixes) - arm64: armv8_deprecated: move aarch32 helper earlier (git-fixes) - arm64: armv8_deprecated: rework deprected instruction handling (git-fixes) - arm64: consistently pass ESR_ELx to die() (git-fixes) - arm64: die(): pass 'err' as long (git-fixes) - arm64: factor insn read out of call_undef_hook() (git-fixes) - arm64: factor out EL1 SSBS emulation hook (git-fixes) - arm64: report EL1 UNDEFs better (git-fixes) - arm64: rework BTI exception handling (git-fixes) - arm64: rework EL0 MRS emulation (git-fixes) - arm64: rework FPAC exception handling (git-fixes) - arm64: split EL0/EL1 UNDEF handlers (git-fixes) - ata: pata_isapnp: Add missing error check for devm_ioport_map() (git-fixes). - atl1c: Work around the DMA RX overflow issue (git-fixes). - atm: iphase: Do PCI error checks on own line (git-fixes). - blk-mq: Do not clear driver tags own mapping (bsc#1217366). - blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping() (bsc#1217366). - bluetooth: Add device 0bda:887b to device tables (git-fixes). - bluetooth: Add device 13d3:3571 to device tables (git-fixes). - btrfs: always log symlinks in full mode (bsc#1214840). - can: dev: can_put_echo_skb(): do not crash kernel if can_priv::echo_skb is accessed out of bounds (git-fixes). - can: dev: can_restart(): do not crash kernel if carrier is OK (git-fixes). - can: dev: can_restart(): fix race condition between controller restart and netif_carrier_on() (git-fixes). - can: isotp: add local echo tx processing for consecutive frames (git-fixes). - can: isotp: fix race between isotp_sendsmg() and isotp_release() (git-fixes). - can: isotp: fix tx state handling for echo tx processing (git-fixes). - can: isotp: handle wait_event_interruptible() return values (git-fixes). - can: isotp: isotp_bind(): return -EINVAL on incorrect CAN ID formatting (git-fixes). - can: isotp: isotp_sendmsg(): fix TX state detection and wait behavior (git-fixes). - can: isotp: remove re-binding of bound socket (git-fixes). - can: isotp: sanitize CAN ID checks in isotp_bind() (git-fixes). - can: isotp: set max PDU size to 64 kByte (git-fixes). - can: isotp: split tx timer into transmission and timeout (git-fixes). - can: sja1000: Fix comment (git-fixes). - clk: Sanitize possible_parent_show to Handle Return Value of of_clk_get_parent_name (git-fixes). - clk: imx: Select MXC_CLK for CLK_IMX8QXP (git-fixes). - clk: imx: imx8mq: correct error handling path (git-fixes). - clk: imx: imx8qxp: Fix elcdif_pll clock (git-fixes). - clk: keystone: pll: fix a couple NULL vs IS_ERR() checks (git-fixes). - clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data (git-fixes). - clk: mediatek: clk-mt6765: Add check for mtk_alloc_clk_data (git-fixes). - clk: mediatek: clk-mt6779: Add check for mtk_alloc_clk_data (git-fixes). - clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data (git-fixes). - clk: mediatek: clk-mt7629-eth: Add check for mtk_alloc_clk_data (git-fixes). - clk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data (git-fixes). - clk: npcm7xx: Fix incorrect kfree (git-fixes). - clk: qcom: clk-rcg2: Fix clock rate overflow for high parent frequencies (git-fixes). - clk: qcom: config IPQ_APSS_6018 should depend on QCOM_SMEM (git-fixes). - clk: qcom: gcc-sm8150: Fix gcc_sdcc2_apps_clk_src (git-fixes). - clk: qcom: ipq6018: drop the CLK_SET_RATE_PARENT flag from PLL clocks (git-fixes). - clk: qcom: mmcc-msm8998: Do not check halt bit on some branch clks (git-fixes). - clk: qcom: mmcc-msm8998: Fix the SMMU GDSC (git-fixes). - clk: scmi: Free scmi_clk allocated when the clocks with invalid info are skipped (git-fixes). - clk: ti: Add ti_dt_clk_name() helper to use clock-output-names (git-fixes). - clk: ti: Update component clocks to use ti_dt_clk_name() (git-fixes). - clk: ti: Update pll and clockdomain clocks to use ti_dt_clk_name() (git-fixes). - clk: ti: change ti_clk_register[_omap_hw]() API (git-fixes). - clk: ti: fix double free in of_ti_divider_clk_setup() (git-fixes). - clocksource/drivers/timer-atmel-tcb: Fix initialization on SAM9 hardware (git-fixes). - clocksource/drivers/timer-imx-gpt: Fix potential memory leak (git-fixes). - crypto: caam/jr - fix Chacha20 + Poly1305 self test failure (git-fixes). - crypto: caam/qi2 - fix Chacha20 + Poly1305 self test failure (git-fixes). - crypto: hisilicon/hpre - Fix a erroneous check after snprintf() (git-fixes). - dmaengine: pxa_dma: Remove an erroneous BUG_ON() in pxad_free_desc() (git-fixes). - dmaengine: ste_dma40: Fix PM disable depth imbalance in d40_probe (git-fixes). - dmaengine: stm32-mdma: correct desc prep when channel running (git-fixes). - dmaengine: ti: edma: handle irq_of_parse_and_map() errors (git-fixes). - drm/amd/display: Avoid NULL dereference of timing generator (git-fixes). - drm/amd/display: Change the DMCUB mailbox memory location from FB to inbox (git-fixes). - drm/amd/display: Refactor dm_get_plane_scale helper (git-fixes). - drm/amd/display: remove useless check in should_enable_fbc() (git-fixes). - drm/amd/display: use full update for clip size increase of large plane source (git-fixes). - drm/amd/pm: Handle non-terminated overdrive commands (git-fixes). - drm/amd: Disable ASPM for VI w/ all Intel systems (git-fixes). - drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga (git-fixes). - drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 (git-fixes). - drm/amd: Move helper for dynamic speed switch check out of smu13 (git-fixes). - drm/amd: Update `update_pcie_parameters` functions to use uint8_t arguments (git-fixes). - drm/amdgpu/vkms: fix a possible null pointer dereference (git-fixes). - drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL (git-fixes). - drm/amdgpu: Fix potential null pointer derefernce (git-fixes). - drm/amdgpu: Remove unnecessary domain argument (git-fixes). - drm/amdgpu: Reserve fences for VM update (git-fixes). - drm/amdgpu: add drv_vram_usage_va for virt data exchange (bsc#1215802). - drm/amdgpu: add vram reservation based on vram_usagebyfirmware_v2_2 (git-fixes). - drm/amdgpu: do not use ATRM for external devices (git-fixes). - drm/amdgpu: fix error handling in amdgpu_bo_list_get() (git-fixes). - drm/amdgpu: fix software pci_unplug on some chips (git-fixes). - drm/amdgpu: not to save bo in the case of RAS err_event_athub (git-fixes). - drm/amdgpu: skip vram reserve on firmware_v2_2 for bare-metal (bsc#1215802). - drm/amdkfd: Fix a race condition of vram buffer unref in svm code (git-fixes). - drm/amdkfd: Fix shift out-of-bounds issue (git-fixes). - drm/amdkfd: fix some race conditions in vram buffer alloc/free of svm code (git-fixes). - drm/bridge: Fix kernel-doc typo in desc of output_bus_cfg in drm_bridge_state (git-fixes). - drm/bridge: lt8912b: Add missing drm_bridge_attach call (git-fixes). - drm/bridge: lt8912b: Fix bridge_detach (git-fixes). - drm/bridge: lt8912b: Fix crash on bridge detach (git-fixes). - drm/bridge: lt8912b: Manually disable HPD only if it was enabled (git-fixes). - drm/bridge: lt8912b: Register and attach our DSI device at probe (git-fixes). - drm/bridge: lt8912b: Switch to devm MIPI-DSI helpers (git-fixes). - drm/bridge: lt9611uxc: Register and attach our DSI device at probe (git-fixes). - drm/bridge: lt9611uxc: Switch to devm MIPI-DSI helpers (git-fixes). - drm/bridge: lt9611uxc: fix the race in the error path (git-fixes). - drm/bridge: lt9611uxc: fix the race in the error path (git-fixes). - drm/bridge: tc358768: Clean up clock period code (git-fixes). - drm/bridge: tc358768: Disable non-continuous clock mode (git-fixes). - drm/bridge: tc358768: Fix bit updates (git-fixes). - drm/bridge: tc358768: Fix tc358768_ns_to_cnt() (git-fixes). - drm/bridge: tc358768: Fix use of uninitialized variable (git-fixes). - drm/bridge: tc358768: Print logical values, not raw register values (git-fixes). - drm/bridge: tc358768: Rename dsibclk to hsbyteclk (git-fixes). - drm/bridge: tc358768: Use dev for dbg prints, not priv->dev (git-fixes). - drm/bridge: tc358768: Use struct videomode (git-fixes). - drm/bridge: tc358768: remove unused variable (git-fixes). - drm/dp_mst: Fix NULL deref in get_mst_branch_device_by_guid_helper() (git-fixes). - drm/gma500: Fix call trace when psb_gem_mm_init() fails (git-fixes). - drm/gud: Use size_add() in call to struct_size() (git-fixes). - drm/i915: Fix potential spectre vulnerability (git-fixes). - drm/i915: Flush WC GGTT only on required platforms (git-fixes). - drm/komeda: drop all currently held locks if deadlock happens (git-fixes). - drm/mediatek: Fix iommu fault by swapping FBs after updating plane state (git-fixes). - drm/mediatek: Fix iommu fault during crtc enabling (git-fixes). - drm/mipi-dsi: Create devm device attachment (git-fixes). - drm/mipi-dsi: Create devm device registration (git-fixes). - drm/msm/dp: skip validity check for DP CTS EDID checksum (git-fixes). - drm/msm/dsi: free TX buffer in unbind (git-fixes). - drm/msm/dsi: use msm_gem_kernel_put to free TX buffer (git-fixes). - drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference (git-fixes). - drm/panel: fix a possible null pointer dereference (git-fixes). - drm/panel: simple: Fix Innolux G101ICE-L01 bus flags (git-fixes). - drm/panel: simple: Fix Innolux G101ICE-L01 timings (git-fixes). - drm/panel: st7703: Pick different reset sequence (git-fixes). - drm/qxl: prevent memory leak (git-fixes). - drm/radeon: fix a possible null pointer dereference (git-fixes). - drm/radeon: possible buffer overflow (git-fixes). - drm/rockchip: Fix type promotion bug in rockchip_gem_iommu_map() (git-fixes). - drm/rockchip: cdn-dp: Fix some error handling paths in cdn_dp_probe() (git-fixes). - drm/rockchip: vop: Fix call to crtc reset helper (git-fixes). - drm/rockchip: vop: Fix color for RGB888/BGR888 format on VOP full (git-fixes). - drm/rockchip: vop: Fix reset of state in duplicate state crtc funcs (git-fixes). - drm/syncobj: fix DRM_SYNCOBJ_WAIT_FLAGS_WAIT_AVAILABLE (git-fixes). - drm/ttm: Reorder sys manager cleanup step (git-fixes). - drm/vc4: fix typo (git-fixes). - drm/vmwgfx: Remove the duplicate bo_free function (bsc#1216527) - drm/vmwgfx: Rename vmw_buffer_object to vmw_bo (bsc#1216527) - drm: bridge: it66121: Fix invalid connector dereference (git-fixes). - drm: mediatek: mtk_dsi: Fix NO_EOT_PACKET settings/handling (git-fixes). - drm: vmwgfx_surface.c: copy user-array safely (git-fixes). - dt-bindings: usb: hcd: add missing phy name to example (git-fixes). - dt-bindings: usb: qcom,dwc3: fix example wakeup interrupt types (git-fixes). - fbdev: atyfb: only use ioremap_uc() on i386 and ia64 (git-fixes). - fbdev: fsl-diu-fb: mark wr_reg_wa() static (git-fixes). - fbdev: imsttfb: Fix error path of imsttfb_probe() (git-fixes). - fbdev: imsttfb: Release framebuffer and dealloc cmap on error path (git-fixes). - fbdev: imsttfb: fix a resource leak in probe (git-fixes). - fbdev: imsttfb: fix double free in probe() (git-fixes). - fbdev: omapfb: Drop unused remove function (git-fixes). - fbdev: uvesafb: Call cn_del_callback() at the end of uvesafb_exit() (git-fixes). - firewire: core: fix possible memory leak in create_units() (git-fixes). - gpio: mockup: fix kerneldoc (git-fixes). - gpio: mockup: remove unused field (git-fixes). - gpu: host1x: Correct allocated size for contexts (git-fixes). - hid: cp2112: Fix duplicate workqueue initialization (git-fixes). - hv: simplify sysctl registration (git-fixes). - hv_netvsc: Fix race of register_netdevice_notifier and VF register (git-fixes). - hv_netvsc: Mark VF as slave before exposing it to user-mode (git-fixes). - hv_netvsc: fix netvsc_send_completion to avoid multiple message length checks (git-fixes). - hv_netvsc: fix race of netvsc and VF register_netdevice (git-fixes). - hwmon: (coretemp) Fix potentially truncated sysfs attribute name (git-fixes). - i2c: core: Run atomic i2c xfer when !preemptible (git-fixes). - i2c: designware: Disable TX_EMPTY irq while waiting for block length byte (git-fixes). - i2c: dev: copy userspace array safely (git-fixes). - i2c: i801: fix potential race in i801_block_transaction_byte_by_byte (git-fixes). - i2c: iproc: handle invalid slave state (git-fixes). - i2c: sun6i-p2wi: Prevent potential division by zero (git-fixes). - i3c: Fix potential refcount leak in i3c_master_register_new_i3c_devs (git-fixes). - i3c: master: cdns: Fix reading status register (git-fixes). - i3c: master: mipi-i3c-hci: Fix a kernel panic for accessing DAT_data (git-fixes). - i3c: master: svc: fix SDA keep low when polling IBIWON timeout happen (git-fixes). - i3c: master: svc: fix check wrong status register in irq handler (git-fixes). - i3c: master: svc: fix ibi may not return mandatory data byte (git-fixes). - i3c: master: svc: fix race condition in ibi work thread (git-fixes). - i3c: master: svc: fix wrong data return when IBI happen during start frame (git-fixes). - i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler (git-fixes). - i915/perf: Fix NULL deref bugs with drm_dbg() calls (git-fixes). - idpf: add RX splitq napi poll support (bsc#1215458). - idpf: add SRIOV support and other ndo_ops (bsc#1215458). - idpf: add TX splitq napi poll support (bsc#1215458). - idpf: add controlq init and reset checks (bsc#1215458). - idpf: add core init and interrupt request (bsc#1215458). - idpf: add create vport and netdev configuration (bsc#1215458). - idpf: add ethtool callbacks (bsc#1215458). - idpf: add module register and probe functionality (bsc#1215458). - idpf: add ptypes and MAC filter support (bsc#1215458). - idpf: add singleq start_xmit and napi poll (bsc#1215458). - idpf: add splitq start_xmit (bsc#1215458). - idpf: cancel mailbox work in error path (bsc#1215458). - idpf: configure resources for RX queues (bsc#1215458). - idpf: configure resources for TX queues (bsc#1215458). - idpf: fix potential use-after-free in idpf_tso() (bsc#1215458). - idpf: initialize interrupts and enable vport (bsc#1215458). - idpf: set scheduling mode for completion queue (bsc#1215458). - irqchip/stm32-exti: add missing DT IRQ flag translation (git-fixes). - leds: pwm: Do not disable the PWM when the LED should be off (git-fixes). - leds: trigger: ledtrig-cpu:: Fix 'output may be truncated' issue for 'cpu' (git-fixes). - leds: turris-omnia: Do not use SMBUS calls (git-fixes). - lsm: fix default return value for inode_getsecctx (git-fixes). - lsm: fix default return value for vm_enough_memory (git-fixes). - media: bttv: fix use after free error due to btv->timeout timer (git-fixes). - media: ccs: Correctly initialise try compose rectangle (git-fixes). - media: ccs: Fix driver quirk struct documentation (git-fixes). - media: cedrus: Fix clock/reset sequence (git-fixes). - media: cobalt: Use FIELD_GET() to extract Link Width (git-fixes). - media: gspca: cpia1: shift-out-of-bounds in set_flicker (git-fixes). - media: i2c: max9286: Fix some redundant of_node_put() calls (git-fixes). - media: imon: fix access to invalid resource for the second interface (git-fixes). - media: lirc: drop trailing space from scancode transmit (git-fixes). - media: qcom: camss: Fix VFE-17x vfe_disable_output() (git-fixes). - media: qcom: camss: Fix missing vfe_lite clocks check (git-fixes). - media: qcom: camss: Fix pm_domain_on sequence in probe (git-fixes). - media: qcom: camss: Fix vfe_get() error jump (git-fixes). - media: sharp: fix sharp encoding (git-fixes). - media: siano: Drop unnecessary error check for debugfs_create_dir/file() (git-fixes). - media: venus: hfi: add checks to handle capabilities from firmware (git-fixes). - media: venus: hfi: add checks to perform sanity on queue pointers (git-fixes). - media: venus: hfi: fix the check to handle session buffer requirement (git-fixes). - media: venus: hfi_parser: Add check to keep the number of codecs within range (git-fixes). - media: vidtv: mux: Add check and kfree for kstrdup (git-fixes). - media: vidtv: psi: Add check for kstrdup (git-fixes). - media: vivid: avoid integer overflow (git-fixes). - mfd: arizona-spi: Set pdata.hpdet_channel for ACPI enumerated devs (git-fixes). - mfd: core: Ensure disabled devices are skipped without aborting (git-fixes). - mfd: dln2: Fix double put in dln2_probe (git-fixes). - misc: pci_endpoint_test: Add Device ID for R-Car S4-8 PCIe controller (git-fixes). - mm/hmm: fault non-owner device private entries (bsc#1216844, jsc#PED-7237, git-fixes). - mmc: block: Be sure to wait while busy in CQE error recovery (git-fixes). - mmc: block: Do not lose cache flush during CQE error recovery (git-fixes). - mmc: block: Retry commands in CQE error recovery (git-fixes). - mmc: cqhci: Fix task clearing in CQE error recovery (git-fixes). - mmc: cqhci: Increase recovery halt timeout (git-fixes). - mmc: cqhci: Warn of halt or task clear failure (git-fixes). - mmc: meson-gx: Remove setting of CMD_CFG_ERROR (git-fixes). - mmc: sdhci-pci-gli: A workaround to allow GL9750 to enter ASPM L1.2 (git-fixes). - mmc: sdhci-pci-gli: GL9750: Mask the replay timer timeout of AER (git-fixes). - mmc: sdhci_am654: fix start loop index for TAP value parsing (git-fixes). - mmc: vub300: fix an error code (git-fixes). - modpost: fix tee MODULE_DEVICE_TABLE built on big-endian host (git-fixes). - mt76: dma: use kzalloc instead of devm_kzalloc for txwi (git-fixes). - mtd: cfi_cmdset_0001: Byte swap OTP info (git-fixes). - mtd: rawnand: arasan: Include ECC syndrome along with in-band data while checking for ECC failure (git-fixes). - net-memcg: Fix scope of sockmem pressure indicators (bsc#1216759). - net: Avoid address overwrite in kernel_connect (bsc#1216861). - net: add macro netif_subqueue_completed_wake (bsc#1215458). - net: fix use-after-free in tw_timer_handler (bsc#1217195). - net: mana: Fix return type of mana_start_xmit() (git-fixes). - net: piggy back on the memory barrier in bql when waking queues (bsc#1215458). - net: provide macros for commonly copied lockless queue stop/wake code (bsc#1215458). - net: usb: ax88179_178a: fix failed operations during ax88179_reset (git-fixes). - nvme: update firmware version after commit (bsc#1215292). - pcmcia: cs: fix possible hung task and memory leak pccardd() (git-fixes). - pcmcia: ds: fix possible name leak in error path in pcmcia_device_add() (git-fixes). - pcmcia: ds: fix refcount leak in pcmcia_device_add() (git-fixes). - pinctrl: avoid reload of p state in list iteration (git-fixes). - platform/x86/intel-uncore-freq: Return error on write frequency (bsc#1217147). - platform/x86/intel-uncore-freq: Split common and enumeration part (bsc#1217147). - platform/x86/intel-uncore-freq: Support for cluster level controls (bsc#1217147). - platform/x86/intel-uncore-freq: Uncore frequency control via TPMI (bsc#1217147). - platform/x86/intel-uncore-freq: tpmi: Provide cluster level control (bsc#1217147). - platform/x86/intel/tpmi: ADD tpmi external interface for tpmi feature drivers (bsc#1217147). - platform/x86/intel/tpmi: Fix double free reported by Smatch (bsc#1217147). - platform/x86/intel/tpmi: Process CPU package mapping (bsc#1217147). - platform/x86/intel/uncore-freq: Display uncore current frequency (bsc#1217147). - platform/x86/intel/uncore-freq: Move to uncore-frequency folder (bsc#1217147). - platform/x86/intel/uncore-freq: Use sysfs API to create attributes (bsc#1217147). - platform/x86/intel/vsec: Add TPMI ID (bsc#1217147). - platform/x86/intel/vsec: Enhance and Export intel_vsec_add_aux() (bsc#1217147). - platform/x86/intel/vsec: Support private data (bsc#1217147). - platform/x86/intel/vsec: Use mutex for ida_alloc() and ida_free() (bsc#1217147). - platform/x86/intel: Intel TPMI enumeration driver (bsc#1217147). - platform/x86/intel: tpmi: Fix double free in tpmi_create_device() (bsc#1217147). - platform/x86: intel-uncore-freq: Add client processors (bsc#1217147). - platform/x86: intel-uncore-freq: Conditionally create attribute for read frequency (bsc#1217147). - platform/x86: intel-uncore-freq: Prevent driver loading in guests (bsc#1217147). - platform/x86: intel-uncore-freq: Use sysfs_emit() to instead of scnprintf() (bsc#1217147). - platform/x86: intel-uncore-freq: fix uncore_freq_common_init() error codes (bsc#1217147). - platform/x86: intel-uncore-frequency: Move to intel sub-directory (bsc#1217147). - platform/x86: intel-uncore-frequency: use default_groups in kobj_type (bsc#1217147). - platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e (git-fixes). - platform/x86: wmi: Fix opening of char device (git-fixes). - platform/x86: wmi: Fix probe failure when failing to register WMI devices (git-fixes). - platform/x86: wmi: remove unnecessary initializations (git-fixes). - powerpc/perf/hv-24x7: Update domain value check (bsc#1215931). - powerpc/vas: Limit open window failure messages in log bufffer (bsc#1216687 ltc#203927). - powerpc: Do not clobber f0/vs0 during fp|altivec register save (bsc#1217780). - pwm: Fix double shift bug (git-fixes). - pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume (git-fixes). - pwm: sti: Reduce number of allocations and drop usage of chip_data (git-fixes). - r8152: Check for unplug in r8153b_ups_en() / r8153c_ups_en() (git-fixes). - r8152: Check for unplug in rtl_phy_patch_request() (git-fixes). - regmap: Ensure range selector registers are updated after cache sync (git-fixes). - regmap: debugfs: Fix a erroneous check after snprintf() (git-fixes). - regmap: prevent noinc writes from clobbering cache (git-fixes). - s390/ap: fix AP bus crash on early config change callback invocation (git-fixes bsc#1217687). - s390/cio: unregister device when the only path is gone (git-fixes bsc#1217609). - s390/cmma: fix detection of DAT pages (LTC#203997 bsc#1217086). - s390/cmma: fix handling of swapper_pg_dir and invalid_pg_dir (LTC#203997 bsc#1217086). - s390/cmma: fix initial kernel address space page table walk (LTC#203997 bsc#1217086). - s390/crashdump: fix TOD programmable field size (git-fixes bsc#1217205). - s390/dasd: fix hanging device after request requeue (git-fixes LTC#203629 bsc#1215124). - s390/dasd: protect device queue against concurrent access (git-fixes bsc#1217515). - s390/dasd: use correct number of retries for ERP requests (git-fixes bsc#1217598). - s390/ipl: add missing IPL_TYPE_ECKD_DUMP case to ipl_init() (git-fixes bsc#1217511). - s390/ipl: add missing secure/has_secure file to ipl type 'unknown' (bsc#1214976 git-fixes). - s390/mm: add missing arch_set_page_dat() call to gmap allocations (LTC#203997 bsc#1217086). - s390/mm: add missing arch_set_page_dat() call to vmem_crst_alloc() (LTC#203997 bsc#1217086). - s390/pkey: fix/harmonize internal keyblob headers (git-fixes bsc#1217200). - s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling (git-fixes bsc#1217599). - sbitmap: fix batched wait_cnt accounting (bsc#1217095 bsc#1217196). - sbitmap: fix up kABI for sbitmap_queue_wake_up() (bsc#1217095 bsc#1217196). - sbsa_gwdt: Calculate timeout with 64-bit math (git-fixes). - scsi: lpfc: Copyright updates for 14.2.0.16 patches (bsc#1217731). - scsi: lpfc: Correct maximum PCI function value for RAS fw logging (bsc#1217731). - scsi: lpfc: Eliminate unnecessary relocking in lpfc_check_nlp_post_devloss() (bsc#1217731). - scsi: lpfc: Enhance driver logging for selected discovery events (bsc#1217731). - scsi: lpfc: Fix list_entry null check warning in lpfc_cmpl_els_plogi() (bsc#1217731). - scsi: lpfc: Fix possible file string name overflow when updating firmware (bsc#1217731). - scsi: lpfc: Introduce LOG_NODE_VERBOSE messaging flag (bsc#1217124). - scsi: lpfc: Refactor and clean up mailbox command memory free (bsc#1217731). - scsi: lpfc: Reject received PRLIs with only initiator fcn role for NPIV ports (bsc#1217124). - scsi: lpfc: Remove unnecessary zero return code assignment in lpfc_sli4_hba_setup (bsc#1217124). - scsi: lpfc: Return early in lpfc_poll_eratt() when the driver is unloading (bsc#1217731). - scsi: lpfc: Treat IOERR_SLI_DOWN I/O completion status the same as pci offline (bsc#1217124). - scsi: lpfc: Update lpfc version to 14.2.0.15 (bsc#1217124). - scsi: lpfc: Update lpfc version to 14.2.0.16 (bsc#1217731). - scsi: lpfc: Validate ELS LS_ACC completion payload (bsc#1217124). - scsi: qla2xxx: Fix double free of dsd_list during driver load (git-fixes). - scsi: qla2xxx: Use FIELD_GET() to extract PCIe capability fields (git-fixes). - selftests/efivarfs: create-read: fix a resource leak (git-fixes). - selftests/pidfd: Fix ksft print formats (git-fixes). - selftests/resctrl: Ensure the benchmark commands fits to its array (git-fixes). - selftests/resctrl: Reduce failures due to outliers in MBA/MBM tests (git-fixes). - selftests/resctrl: Remove duplicate feature check from CMT test (git-fixes). - seq_buf: fix a misleading comment (git-fixes). - serial: exar: Revert "serial: exar: Add support for Sealevel 7xxxC serial cards" (git-fixes). - serial: meson: Use platform_get_irq() to get the interrupt (git-fixes). - soc: qcom: llcc: Handle a second device without data corruption (git-fixes). - spi: nxp-fspi: use the correct ioremap function (git-fixes). - spi: spi-zynq-qspi: add spi-mem to driver kconfig dependencies (git-fixes). - spi: tegra: Fix missing IRQ check in tegra_slink_probe() (git-fixes). - staging: media: ipu3: remove ftrace-like logging (git-fixes). - string.h: add array-wrappers for (v)memdup_user() (git-fixes). - supported.conf: marked idpf supported - thermal: core: prevent potential string overflow (git-fixes). - tty/sysrq: replace smp_processor_id() with get_cpu() (git-fixes). - tty: 8250: Add Brainboxes Oxford Semiconductor-based quirks (git-fixes). - tty: 8250: Add support for Brainboxes UP cards (git-fixes). - tty: 8250: Add support for Intashield IS-100 (git-fixes). - tty: 8250: Add support for Intashield IX cards (git-fixes). - tty: 8250: Add support for additional Brainboxes PX cards (git-fixes). - tty: 8250: Add support for additional Brainboxes UC cards (git-fixes). - tty: 8250: Fix port count of PX-257 (git-fixes). - tty: 8250: Fix up PX-803/PX-857 (git-fixes). - tty: 8250: Remove UC-257 and UC-431 (git-fixes). - tty: Fix uninit-value access in ppp_sync_receive() (git-fixes). - tty: n_gsm: fix race condition in status line change on dead connections (git-fixes). - tty: serial: meson: fix hard LOCKUP on crtscts mode (git-fixes). - tty: tty_jobctrl: fix pid memleak in disassociate_ctty() (git-fixes). - tty: vcc: Add check for kstrdup() in vcc_probe() (git-fixes). - usb: cdnsp: Fix deadlock issue during using NCM gadget (git-fixes). - usb: chipidea: Fix DMA overwrite for Tegra (git-fixes). - usb: chipidea: Simplify Tegra DMA alignment code (git-fixes). - usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency (git-fixes). - usb: dwc3: Fix default mode initialization (git-fixes). - usb: dwc3: set the dma max_seg_size (git-fixes). - usb: gadget: f_ncm: Always set current gadget in ncm_bind() (git-fixes). - usb: raw-gadget: properly handle interrupted requests (git-fixes). - usb: storage: set 1.50 as the lower bcdDevice for older "Super Top" compatibility (git-fixes). - usb: typec: tcpm: Fix NULL pointer dereference in tcpm_pd_svdm() (git-fixes). - usb: typec: tcpm: Skip hard reset when in error recovery (git-fixes). - virtchnl: add virtchnl version 2 ops (bsc#1215458). - wifi: ath10k: Do not touch the CE interrupt registers after power up (git-fixes). - wifi: ath10k: fix clang-specific fortify warning (git-fixes). - wifi: ath11k: debugfs: fix to work with multiple PCI devices (git-fixes). - wifi: ath11k: fix dfs radar event locking (git-fixes). - wifi: ath11k: fix gtk offload status event locking (git-fixes). - wifi: ath11k: fix htt pktlog locking (git-fixes). - wifi: ath11k: fix temperature event locking (git-fixes). - wifi: ath9k: fix clang-specific fortify warnings (git-fixes). - wifi: iwlwifi: Use FW rate for non-data frames (git-fixes). - wifi: iwlwifi: call napi_synchronize() before freeing rx/tx queues (git-fixes). - wifi: iwlwifi: empty overflow queue during flush (git-fixes). - wifi: iwlwifi: honor the enable_ini value (git-fixes). - wifi: iwlwifi: pcie: synchronize IRQs before NAPI (git-fixes). - wifi: mac80211: do not return unset power in ieee80211_get_tx_power() (git-fixes). - wifi: mac80211: fix # of MSDU in A-MSDU calculation (git-fixes). - wifi: mt76: mt7603: rework/fix rx pse hang check (git-fixes). - wifi: rtlwifi: fix EDCA limit set by BT coexistence (git-fixes). - wifi: rtw88: debug: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git-fixes). - x86/alternative: Add a __alt_reloc_selftest() prototype (git-fixes). - x86/cpu: Clear SVM feature if disabled by BIOS (bsc#1214700). - x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs (git-fixes). - x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4 (git-fixes). - x86/hyperv: Add HV_EXPOSE_INVARIANT_TSC define (git-fixes). - x86/hyperv: Improve code for referencing hyperv_pcpu_input_arg (git-fixes). - x86/hyperv: Make hv_get_nmi_reason public (git-fixes). - x86/hyperv: fix a warning in mshyperv.h (git-fixes). - x86/sev: Do not try to parse for the CC blob on non-AMD hardware (git-fixes). - x86/sev: Fix calculation of end address based on number of pages (git-fixes). - x86/sev: Use the GHCB protocol when available for SNP CPUID requests (git-fixes). - x86: Move gds_ucode_mitigated() declaration to header (git-fixes). - xfs: add attr state machine tracepoints (git-fixes). - xfs: can't use kmem_zalloc() for attribute buffers (bsc#1216909). - xfs: can't use kmem_zalloc() for attribute buffers (bsc#1216909). - xfs: constify btree function parameters that are not modified (git-fixes). - xfs: convert AGF log flags to unsigned (git-fixes). - xfs: convert AGI log flags to unsigned (git-fixes). - xfs: convert attr type flags to unsigned (git-fixes). - xfs: convert bmap extent type flags to unsigned (git-fixes). - xfs: convert bmapi flags to unsigned (git-fixes). - xfs: convert btree buffer log flags to unsigned (git-fixes). - xfs: convert buffer flags to unsigned (git-fixes). - xfs: convert buffer log item flags to unsigned (git-fixes). - xfs: convert da btree operations flags to unsigned (git-fixes). - xfs: convert dquot flags to unsigned (git-fixes). - xfs: convert inode lock flags to unsigned (git-fixes). - xfs: convert log item tracepoint flags to unsigned (git-fixes). - xfs: convert log ticket and iclog flags to unsigned (git-fixes). - xfs: convert quota options flags to unsigned (git-fixes). - xfs: convert scrub type flags to unsigned (git-fixes). - xfs: disambiguate units for ftrace fields tagged "blkno", "block", or "bno" (git-fixes). - xfs: disambiguate units for ftrace fields tagged "count" (git-fixes). - xfs: disambiguate units for ftrace fields tagged "len" (git-fixes). - xfs: disambiguate units for ftrace fields tagged "offset" (git-fixes). - xfs: make the key parameters to all btree key comparison functions const (git-fixes). - xfs: make the key parameters to all btree query range functions const (git-fixes). - xfs: make the keys and records passed to btree inorder functions const (git-fixes). - xfs: make the pointer passed to btree set_root functions const (git-fixes). - xfs: make the start pointer passed to btree alloc_block functions const (git-fixes). - xfs: make the start pointer passed to btree update_lastrec functions const (git-fixes). - xfs: mark the record passed into btree init_key functions as const (git-fixes). - xfs: mark the record passed into xchk_btree functions as const (git-fixes). - xfs: remove xfs_btree_cur_t typedef (git-fixes). - xfs: rename i_disk_size fields in ftrace output (git-fixes). - xfs: resolve fork names in trace output (git-fixes). - xfs: standardize AG block number formatting in ftrace output (git-fixes). - xfs: standardize AG number formatting in ftrace output (git-fixes). - xfs: standardize daddr formatting in ftrace output (git-fixes). - xfs: standardize inode generation formatting in ftrace output (git-fixes). - xfs: standardize inode number formatting in ftrace output (git-fixes). - xfs: standardize remaining xfs_buf length tracepoints (git-fixes). - xfs: standardize rmap owner number formatting in ftrace output (git-fixes). - xhci: Enable RPM on controllers that support low-power states (git-fixes). - xhci: Loosen RPM as default policy to cover for AMD xHC 1.1 (git-fixes). kernel-default-5.14.21-150500.55.39.1.nosrc.rpm True kernel-default-5.14.21-150500.55.39.1.x86_64.rpm True kernel-default-base-5.14.21-150500.55.39.1.150500.6.17.1.src.rpm True kernel-default-base-5.14.21-150500.55.39.1.150500.6.17.1.x86_64.rpm True kernel-default-5.14.21-150500.55.39.1.s390x.rpm True kernel-default-5.14.21-150500.55.39.1.aarch64.rpm True kernel-default-base-5.14.21-150500.55.39.1.150500.6.17.1.aarch64.rpm True openSUSE-Leap-Micro-5.5-2024-11 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for procps fixes the following issues: - Update procps to 3.3.17 (jsc#PED-3244 jsc#PED-6369) - For support up to 2048 CPU as well (bsc#1185417) - Allow `-´ as leading character to ignore possible errors on systctl entries (bsc#1209122) - Get the first CPU summary correct (bsc#1121753) - Enable pidof for SLE-15 as this is provided by sysvinit-tools - Use a check on syscall __NR_pidfd_open to decide if the pwait tool and its manual page will be build - Do not truncate output of w with option -n - Prefer logind over utmp (jsc#PED-3144) - Don't install translated man pages for non-installed binaries (uptime, kill). - Fix directory for Ukrainian man pages translations. - Move localized man pages to lang package. - Update to procps-ng-3.3.17 * library: Incremented to 8:3:0 (no removals or additions, internal changes only) * all: properly handle utf8 cmdline translations * kill: Pass int to signalled process * pgrep: Pass int to signalled process * pgrep: Check sanity of SG_ARG_MAX * pgrep: Add older than selection * pidof: Quiet mode * pidof: show worker threads * ps.1: Mention stime alias * ps: check also match on truncated 16 char comm names * ps: Add exe output option * ps: A lot more sorting available * pwait: New command waits for a process * sysctl: Match systemd directory order * sysctl: Document directory order * top: ensure config file backward compatibility * top: add command line 'e' for symmetry with 'E' * top: add '4' toggle for two abreast cpu display * top: add '!' toggle for combining multiple cpus * top: fix potential SEGV involving -p switch * vmstat: Wide mode gives wider proc columns * watch: Add environment variable for interval * watch: Add no linewrap option * watch: Support more colors * free,uptime,slabtop: complain about extra ops - Package translations in procps-lang. - Fix pgrep: cannot allocate 4611686018427387903 bytes when ulimit -s is unlimited. - Enable pidof by default - Update to procps-ng-3.3.16 * library: Increment to 8:2:0 No removals or functions Internal changes only, so revision is incremented. Previous version should have been 8:1:0 not 8:0:1 * docs: Use correct symbols for -h option in free.1 * docs: ps.1 now warns about command name length * docs: install translated man pages * pgrep: Match on runstate * snice: Fix matching on pid * top: can now exploit 256-color terminals * top: preserves 'other filters' in configuration file * top: can now collapse/expand forest view children * top: parent %CPU time includes collapsed children * top: improve xterm support for vim navigation keys * top: avoid segmentation fault at program termination * "ps -C" does not allow anymore an argument longer than 15 characters (bsc#1158830) libprocps8-3.3.17-150000.7.37.1.x86_64.rpm procps-3.3.17-150000.7.37.1.src.rpm procps-3.3.17-150000.7.37.1.x86_64.rpm libprocps8-3.3.17-150000.7.37.1.s390x.rpm procps-3.3.17-150000.7.37.1.s390x.rpm libprocps8-3.3.17-150000.7.37.1.ppc64le.rpm libprocps8-3.3.17-150000.7.37.1.aarch64.rpm procps-3.3.17-150000.7.37.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4732 important SUSE Updates openSUSE-Leap-Micro 5.5 The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-2006: Fixed a race condition in the RxRPC network protocol (bsc#1210447). - CVE-2023-25775: Fixed improper access control in the Intel Ethernet Controller RDMA driver (bsc#1216959). - CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215095) - CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet() (bsc#1216976). - CVE-2023-39198: Fixed a race condition leading to use-after-free in qxl_mode_dumb_create() (bsc#1216965). - CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which could be exploited to achieve local privilege escalation (bsc#1215420). - CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path() (bsc#1216058). - CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may not be adequate for frames larger than the MTU (bsc#1216259). - CVE-2023-46813: Fixed SEV-ES local priv escalation (bsc#1212649). - CVE-2023-46862: Fixed a NULL pointer dereference in io_uring_show_fdinfo() (bsc#1216693). - CVE-2023-5158: Fixed a denial of service in vringh_kiov_advance() in drivers/vhost/vringh.c in the host side of a virtio ring (bsc#1215710). - CVE-2023-5633: Fixed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface (bsc#1216527). - CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216584). - CVE-2023-6039: Fixed a use-after-free in lan78xx_disconnect in drivers/net/usb/lan78xx.c (bsc#1217068). - CVE-2023-6176: Fixed a denial of service in the cryptographic algorithm scatterwalk functionality (bsc#1217332). The following non-security bugs were fixed: - acpi: fpdt: properly handle invalid fpdt subtables (git-fixes). - acpi: resource: do irq override on tongfang gmxxgxx (git-fixes). - acpi: resource: skip irq override on asus expertbook b1402cva (git-fixes). - acpi: sysfs: fix create_pnp_modalias() and create_of_modalias() (git-fixes). - alsa: hda/realtek - add dell alc295 to pin fall back table (git-fixes). - alsa: hda/realtek - alc287 realtek i2s speaker platform support (git-fixes). - alsa: hda/realtek - enable internal speaker of asus k6500zc (git-fixes). - alsa: hda/realtek: add quirk for asus ux7602zm (git-fixes). - alsa: hda/realtek: add quirks for asus 2024 zenbooks (git-fixes). - alsa: hda/realtek: add quirks for hp laptops (git-fixes). - alsa: hda/realtek: add support dual speaker for dell (git-fixes). - alsa: hda/realtek: enable mute led on hp 255 g10 (git-fixes). - alsa: hda/realtek: enable mute led on hp 255 g8 (git-fixes). - alsa: hda: asus um5302la: added quirks for cs35l41/10431a83 on i2c bus (git-fixes). - alsa: hda: cs35l41: fix unbalanced pm_runtime_get() (git-fixes). - alsa: hda: cs35l41: undo runtime pm changes at driver exit time (git-fixes). - alsa: hda: disable power-save on kontron singlepc (bsc#1217140). - alsa: hda: fix possible null-ptr-deref when assigning a stream (git-fixes). - alsa: hda: intel-dsp-config: fix jsl chromebook quirk detection (git-fixes). - alsa: info: fix potential deadlock at disconnection (git-fixes). - alsa: usb-audio: add quirk flag to enable native dsd for mcintosh devices (git-fixes). - arm/xen: fix xen_vcpu_info allocation alignment (git-fixes). - arm64: add cortex-a520 cpu part definition (git-fixes) - arm64: allow kprobes on el0 handlers (git-fixes) - arm64: armv8_deprecated move emulation functions (git-fixes) - arm64: armv8_deprecated: fix unused-function error (git-fixes) - arm64: armv8_deprecated: fold ops into insn_emulation (git-fixes) - arm64: armv8_deprecated: move aarch32 helper earlier (git-fixes) - arm64: armv8_deprecated: rework deprected instruction handling (git-fixes) - arm64: consistently pass esr_elx to die() (git-fixes) - arm64: die(): pass 'err' as long (git-fixes) - arm64: factor insn read out of call_undef_hook() (git-fixes) - arm64: factor out el1 ssbs emulation hook (git-fixes) - arm64: report el1 undefs better (git-fixes) - arm64: rework bti exception handling (git-fixes) - arm64: rework el0 mrs emulation (git-fixes) - arm64: rework fpac exception handling (git-fixes) - arm64: split el0/el1 undef handlers (git-fixes) - arm: 9321/1: memset: cast the constant byte to unsigned char (git-fixes). - asoc: ams-delta.c: use component after check (git-fixes). - asoc: codecs: wsa-macro: fix uninitialized stack variables with name prefix (git-fixes). - asoc: cs35l41: undo runtime pm changes at driver exit time (git-fixes). - asoc: cs35l41: verify pm runtime resume errors in irq handler (git-fixes). - asoc: fsl: fix pm disable depth imbalance in fsl_easrc_probe (git-fixes). - asoc: fsl: mpc5200_dma.c: fix warning of function parameter or member not described (git-fixes). - asoc: hdmi-codec: register hpd callback on component probe (git-fixes). - asoc: intel: skylake: fix mem leak when parsing uuids fails (git-fixes). - asoc: rt5650: fix the wrong result of key button (git-fixes). - asoc: simple-card: fixup asoc_simple_probe() error handling (git-fixes). - asoc: sof: core: ensure sof_ops_free() is still called when probe never ran (git-fixes). - asoc: ti: omap-mcbsp: fix runtime pm underflow warnings (git-fixes). - ata: pata_isapnp: add missing error check for devm_ioport_map() (git-fixes). - atl1c: work around the dma rx overflow issue (git-fixes). - atm: iphase: do pci error checks on own line (git-fixes). - blk-mq: do not clear driver tags own mapping (bsc#1217366). - blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping() (bsc#1217366). - bluetooth: add device 0bda:887b to device tables (git-fixes). - bluetooth: add device 13d3:3571 to device tables (git-fixes). - bluetooth: btusb: add 0bda:b85b for fn-link rtl8852be (git-fixes). - bluetooth: btusb: add date->evt_skb is null check (git-fixes). - bluetooth: btusb: add realtek rtl8852be support id 0x0cb8:0xc559 (git-fixes). - bluetooth: btusb: add rtw8852be device 13d3:3570 to device tables (git-fixes). - btrfs: always log symlinks in full mode (bsc#1214840). - can: dev: can_put_echo_skb(): do not crash kernel if can_priv::echo_skb is accessed out of bounds (git-fixes). - can: dev: can_restart(): do not crash kernel if carrier is ok (git-fixes). - can: dev: can_restart(): fix race condition between controller restart and netif_carrier_on() (git-fixes). - can: isotp: add local echo tx processing for consecutive frames (git-fixes). - can: isotp: fix race between isotp_sendsmg() and isotp_release() (git-fixes). - can: isotp: fix tx state handling for echo tx processing (git-fixes). - can: isotp: handle wait_event_interruptible() return values (git-fixes). - can: isotp: isotp_bind(): return -einval on incorrect can id formatting (git-fixes). - can: isotp: isotp_sendmsg(): fix tx state detection and wait behavior (git-fixes). - can: isotp: remove re-binding of bound socket (git-fixes). - can: isotp: sanitize can id checks in isotp_bind() (git-fixes). - can: isotp: set max pdu size to 64 kbyte (git-fixes). - can: isotp: split tx timer into transmission and timeout (git-fixes). - can: sja1000: fix comment (git-fixes). - clk: imx: imx8mq: correct error handling path (git-fixes). - clk: imx: imx8qxp: fix elcdif_pll clock (git-fixes). - clk: imx: select mxc_clk for clk_imx8qxp (git-fixes). - clk: keystone: pll: fix a couple null vs is_err() checks (git-fixes). - clk: mediatek: clk-mt2701: add check for mtk_alloc_clk_data (git-fixes). - clk: mediatek: clk-mt6765: add check for mtk_alloc_clk_data (git-fixes). - clk: mediatek: clk-mt6779: add check for mtk_alloc_clk_data (git-fixes). - clk: mediatek: clk-mt6797: add check for mtk_alloc_clk_data (git-fixes). - clk: mediatek: clk-mt7629-eth: add check for mtk_alloc_clk_data (git-fixes). - clk: mediatek: clk-mt7629: add check for mtk_alloc_clk_data (git-fixes). - clk: npcm7xx: fix incorrect kfree (git-fixes). - clk: qcom: clk-rcg2: fix clock rate overflow for high parent frequencies (git-fixes). - clk: qcom: config ipq_apss_6018 should depend on qcom_smem (git-fixes). - clk: qcom: gcc-sm8150: fix gcc_sdcc2_apps_clk_src (git-fixes). - clk: qcom: ipq6018: drop the clk_set_rate_parent flag from pll clocks (git-fixes). - clk: qcom: mmcc-msm8998: do not check halt bit on some branch clks (git-fixes). - clk: qcom: mmcc-msm8998: fix the smmu gdsc (git-fixes). - clk: sanitize possible_parent_show to handle return value of of_clk_get_parent_name (git-fixes). - clk: scmi: free scmi_clk allocated when the clocks with invalid info are skipped (git-fixes). - clk: ti: add ti_dt_clk_name() helper to use clock-output-names (git-fixes). - clk: ti: change ti_clk_register[_omap_hw]() api (git-fixes). - clk: ti: fix double free in of_ti_divider_clk_setup() (git-fixes). - clk: ti: update component clocks to use ti_dt_clk_name() (git-fixes). - clk: ti: update pll and clockdomain clocks to use ti_dt_clk_name() (git-fixes). - clocksource/drivers/timer-atmel-tcb: fix initialization on sam9 hardware (git-fixes). - clocksource/drivers/timer-imx-gpt: fix potential memory leak (git-fixes). - crypto: caam/jr - fix chacha20 + poly1305 self test failure (git-fixes). - crypto: caam/qi2 - fix chacha20 + poly1305 self test failure (git-fixes). - crypto: hisilicon/hpre - fix a erroneous check after snprintf() (git-fixes). - disable loongson drivers loongson is a mips architecture, it does not make sense to build loongson drivers on other architectures. - dmaengine: pxa_dma: remove an erroneous bug_on() in pxad_free_desc() (git-fixes). - dmaengine: ste_dma40: fix pm disable depth imbalance in d40_probe (git-fixes). - dmaengine: stm32-mdma: correct desc prep when channel running (git-fixes). - dmaengine: ti: edma: handle irq_of_parse_and_map() errors (git-fixes). - docs: net: move the probe and open/close sections of driver.rst up (bsc#1215458). - docs: net: reformat driver.rst from a list to sections (bsc#1215458). - docs: net: use c syntax highlight in driver.rst (bsc#1215458). - documentation: networking: correct possessive "its" (bsc#1215458). - drivers: hv: vmbus: remove unused extern declaration vmbus_ontimer() (git-fixes). - drm/amd/display: avoid null dereference of timing generator (git-fixes). - drm/amd/display: change the dmcub mailbox memory location from fb to inbox (git-fixes). - drm/amd/display: refactor dm_get_plane_scale helper (git-fixes). - drm/amd/display: remove useless check in should_enable_fbc() (git-fixes). - drm/amd/display: use full update for clip size increase of large plane source (git-fixes). - drm/amd/pm: handle non-terminated overdrive commands (git-fixes). - drm/amd: disable aspm for vi w/ all intel systems (git-fixes). - drm/amd: fix ubsan array-index-out-of-bounds for polaris and tonga (git-fixes). - drm/amd: fix ubsan array-index-out-of-bounds for smu7 (git-fixes). - drm/amd: move helper for dynamic speed switch check out of smu13 (git-fixes). - drm/amd: update `update_pcie_parameters` functions to use uint8_t arguments (git-fixes). - drm/amdgpu/vkms: fix a possible null pointer dereference (git-fixes). - drm/amdgpu: add drv_vram_usage_va for virt data exchange (bsc#1215802). - drm/amdgpu: add vram reservation based on vram_usagebyfirmware_v2_2 (git-fixes). - drm/amdgpu: do not use atrm for external devices (git-fixes). - drm/amdgpu: fix a null pointer access when the smc_rreg pointer is null (git-fixes). - drm/amdgpu: fix error handling in amdgpu_bo_list_get() (git-fixes). - drm/amdgpu: fix potential null pointer derefernce (git-fixes). - drm/amdgpu: fix software pci_unplug on some chips (git-fixes). - drm/amdgpu: not to save bo in the case of ras err_event_athub (git-fixes). - drm/amdgpu: remove unnecessary domain argument (git-fixes). - drm/amdgpu: reserve fences for vm update (git-fixes). - drm/amdgpu: skip vram reserve on firmware_v2_2 for bare-metal (bsc#1215802). - drm/amdkfd: fix a race condition of vram buffer unref in svm code (git-fixes). - drm/amdkfd: fix shift out-of-bounds issue (git-fixes). - drm/amdkfd: fix some race conditions in vram buffer alloc/free of svm code (git-fixes). - drm/bridge: fix kernel-doc typo in desc of output_bus_cfg in drm_bridge_state (git-fixes). - drm/bridge: lt8912b: add missing drm_bridge_attach call (git-fixes). - drm/bridge: lt8912b: fix bridge_detach (git-fixes). - drm/bridge: lt8912b: fix crash on bridge detach (git-fixes). - drm/bridge: lt8912b: manually disable hpd only if it was enabled (git-fixes). - drm/bridge: lt8912b: register and attach our dsi device at probe (git-fixes). - drm/bridge: lt8912b: switch to devm mipi-dsi helpers (git-fixes). - drm/bridge: lt9611uxc: fix the race in the error path (git-fixes). - drm/bridge: lt9611uxc: register and attach our dsi device at probe (git-fixes). - drm/bridge: lt9611uxc: switch to devm mipi-dsi helpers (git-fixes). - drm/bridge: tc358768: clean up clock period code (git-fixes). - drm/bridge: tc358768: disable non-continuous clock mode (git-fixes). - drm/bridge: tc358768: fix bit updates (git-fixes). - drm/bridge: tc358768: fix tc358768_ns_to_cnt() (git-fixes). - drm/bridge: tc358768: fix use of uninitialized variable (git-fixes). - drm/bridge: tc358768: print logical values, not raw register values (git-fixes). - drm/bridge: tc358768: remove unused variable (git-fixes). - drm/bridge: tc358768: rename dsibclk to hsbyteclk (git-fixes). - drm/bridge: tc358768: use dev for dbg prints, not priv->dev (git-fixes). - drm/bridge: tc358768: use struct videomode (git-fixes). - drm/dp_mst: fix null deref in get_mst_branch_device_by_guid_helper() (git-fixes). - drm/gma500: fix call trace when psb_gem_mm_init() fails (git-fixes). - drm/gud: use size_add() in call to struct_size() (git-fixes). - drm/i915/pmu: check if pmu is closed before stopping event (git-fixes). - drm/i915: fix potential spectre vulnerability (git-fixes). - drm/i915: flush wc ggtt only on required platforms (git-fixes). - drm/komeda: drop all currently held locks if deadlock happens (git-fixes). - drm/mediatek: fix iommu fault by swapping fbs after updating plane state (git-fixes). - drm/mediatek: fix iommu fault during crtc enabling (git-fixes). - drm/mipi-dsi: create devm device attachment (git-fixes). - drm/mipi-dsi: create devm device registration (git-fixes). - drm/msm/dp: skip validity check for dp cts edid checksum (git-fixes). - drm/msm/dsi: free tx buffer in unbind (git-fixes). - drm/msm/dsi: use msm_gem_kernel_put to free tx buffer (git-fixes). - drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference (git-fixes). - drm/panel: fix a possible null pointer dereference (git-fixes). - drm/panel: simple: fix innolux g101ice-l01 bus flags (git-fixes). - drm/panel: simple: fix innolux g101ice-l01 timings (git-fixes). - drm/panel: st7703: pick different reset sequence (git-fixes). - drm/qxl: prevent memory leak (git-fixes). - drm/radeon: fix a possible null pointer dereference (git-fixes). - drm/radeon: possible buffer overflow (git-fixes). - drm/rockchip: cdn-dp: fix some error handling paths in cdn_dp_probe() (git-fixes). - drm/rockchip: fix type promotion bug in rockchip_gem_iommu_map() (git-fixes). - drm/rockchip: vop: fix call to crtc reset helper (git-fixes). - drm/rockchip: vop: fix color for rgb888/bgr888 format on vop full (git-fixes). - drm/rockchip: vop: fix reset of state in duplicate state crtc funcs (git-fixes). - drm/syncobj: fix drm_syncobj_wait_flags_wait_available (git-fixes). - drm/ttm: reorder sys manager cleanup step (git-fixes). - drm/vc4: fix typo (git-fixes). - drm/vmwgfx: remove the duplicate bo_free function (bsc#1216527) - drm/vmwgfx: rename vmw_buffer_object to vmw_bo (bsc#1216527) - drm: bridge: it66121: fix invalid connector dereference (git-fixes). - drm: mediatek: mtk_dsi: fix no_eot_packet settings/handling (git-fixes). - drm: vmwgfx_surface.c: copy user-array safely (git-fixes). - dt-bindings: usb: hcd: add missing phy name to example (git-fixes). - dt-bindings: usb: qcom,dwc3: fix example wakeup interrupt types (git-fixes). - ensure ia32_emulation is always enabled for kernel-obs-build if ia32_emulation is disabled by default, ensure it is enabled back for obs kernel to allow building 32bit binaries (jsc#ped-3184) [ms: always pass the parameter, no need to grep through the config which may not be very reliable] - fbdev: atyfb: only use ioremap_uc() on i386 and ia64 (git-fixes). - fbdev: fsl-diu-fb: mark wr_reg_wa() static (git-fixes). - fbdev: imsttfb: fix a resource leak in probe (git-fixes). - fbdev: imsttfb: fix double free in probe() (git-fixes). - fbdev: imsttfb: fix error path of imsttfb_probe() (git-fixes). - fbdev: imsttfb: release framebuffer and dealloc cmap on error path (git-fixes). - fbdev: omapfb: drop unused remove function (git-fixes). - fbdev: uvesafb: call cn_del_callback() at the end of uvesafb_exit() (git-fixes). - firewire: core: fix possible memory leak in create_units() (git-fixes). - firmware/imx-dsp: fix use_after_free in imx_dsp_setup_channels() (git-fixes). - fix termination state for idr_for_each_entry_ul() (git-fixes). - fix x86/mm: print the encryption features in hyperv is disabled - gpio: mockup: fix kerneldoc (git-fixes). - gpio: mockup: remove unused field (git-fixes). - gpu: host1x: correct allocated size for contexts (git-fixes). - hid: add quirk for dell pro wireless keyboard and mouse km5221w (git-fixes). - hid: cp2112: fix duplicate workqueue initialization (git-fixes). - hid: hyperv: avoid struct memcpy overrun warning (git-fixes). - hid: hyperv: remove unused struct synthhid_msg (git-fixes). - hid: hyperv: replace one-element array with flexible-array member (git-fixes). - hid: lenovo: detect quirk-free fw on cptkbd and stop applying workaround (git-fixes). - hid: logitech-hidpp: do not restart io, instead defer hid_connect() only (git-fixes). - hid: logitech-hidpp: move get_wireless_feature_index() check to hidpp_connect_event() (git-fixes). - hid: logitech-hidpp: remove hidpp_quirk_no_hidinput quirk (git-fixes). - hid: logitech-hidpp: revert "do not restart communication if not necessary" (git-fixes). - hv: simplify sysctl registration (git-fixes). - hv_netvsc: fix netvsc_send_completion to avoid multiple message length checks (git-fixes). - hv_netvsc: fix race of netvsc and vf register_netdevice (git-fixes). - hv_netvsc: fix race of register_netdevice_notifier and vf register (git-fixes). - hv_netvsc: mark vf as slave before exposing it to user-mode (git-fixes). - hwmon: (coretemp) fix potentially truncated sysfs attribute name (git-fixes). - i2c: aspeed: fix i2c bus hang in slave read (git-fixes). - i2c: core: run atomic i2c xfer when !preemptible (git-fixes). - i2c: designware: disable tx_empty irq while waiting for block length byte (git-fixes). - i2c: dev: copy userspace array safely (git-fixes). - i2c: i801: fix potential race in i801_block_transaction_byte_by_byte (git-fixes). - i2c: iproc: handle invalid slave state (git-fixes). - i2c: muxes: i2c-demux-pinctrl: use of_get_i2c_adapter_by_node() (git-fixes). - i2c: muxes: i2c-mux-gpmux: use of_get_i2c_adapter_by_node() (git-fixes). - i2c: muxes: i2c-mux-pinctrl: use of_get_i2c_adapter_by_node() (git-fixes). - i2c: stm32f7: fix pec handling in case of smbus transfers (git-fixes). - i2c: sun6i-p2wi: prevent potential division by zero (git-fixes). - i3c: fix potential refcount leak in i3c_master_register_new_i3c_devs (git-fixes). - i3c: master: cdns: fix reading status register (git-fixes). - i3c: master: mipi-i3c-hci: fix a kernel panic for accessing dat_data (git-fixes). - i3c: master: svc: fix check wrong status register in irq handler (git-fixes). - i3c: master: svc: fix ibi may not return mandatory data byte (git-fixes). - i3c: master: svc: fix race condition in ibi work thread (git-fixes). - i3c: master: svc: fix sda keep low when polling ibiwon timeout happen (git-fixes). - i3c: master: svc: fix wrong data return when ibi happen during start frame (git-fixes). - i3c: mipi-i3c-hci: fix out of bounds access in hci_dma_irq_handler (git-fixes). - i915/perf: fix null deref bugs with drm_dbg() calls (git-fixes). - idpf: add controlq init and reset checks (bsc#1215458). - idpf: add core init and interrupt request (bsc#1215458). - idpf: add create vport and netdev configuration (bsc#1215458). - idpf: add ethtool callbacks (bsc#1215458). - idpf: add module register and probe functionality (bsc#1215458). - idpf: add ptypes and mac filter support (bsc#1215458). - idpf: add rx splitq napi poll support (bsc#1215458). - idpf: add singleq start_xmit and napi poll (bsc#1215458). - idpf: add splitq start_xmit (bsc#1215458). - idpf: add sriov support and other ndo_ops (bsc#1215458). - idpf: add tx splitq napi poll support (bsc#1215458). - idpf: cancel mailbox work in error path (bsc#1215458). - idpf: configure resources for rx queues (bsc#1215458). - idpf: configure resources for tx queues (bsc#1215458). - idpf: fix potential use-after-free in idpf_tso() (bsc#1215458). - idpf: initialize interrupts and enable vport (bsc#1215458). - idpf: set scheduling mode for completion queue (bsc#1215458). - iio: adc: xilinx-xadc: correct temperature offset/scale for ultrascale (git-fixes). - iio: adc: xilinx-xadc: do not clobber preset voltage/temperature thresholds (git-fixes). - iio: exynos-adc: request second interupt only when touchscreen mode is used (git-fixes). - input: synaptics-rmi4 - fix use after free in rmi_unregister_function() (git-fixes). - input: synaptics-rmi4 - handle reset delay when using smbus trsnsport (git-fixes). - input: xpad - add vid for turtle beach controllers (git-fixes). - irqchip/stm32-exti: add missing dt irq flag translation (git-fixes). - kabi/severities: ignore kabi in rxrpc (bsc#1210447) the rxrpc module is built since sle15-sp3 but it is not shipped as part of any sle product, only in leap (in kernel-*-optional). - kernel-binary: suse-module-tools is also required when installed requires(pre) adds dependency for the specific sciptlet. however, suse-module-tools also ships modprobe.d files which may be needed at posttrans time or any time the kernel is on the system for generating ramdisk. add plain requires as well. - kernel-source: move provides after sources - kernel/fork: beware of __put_task_struct() calling context (bsc#1216761). - leds: pwm: do not disable the pwm when the led should be off (git-fixes). - leds: trigger: ledtrig-cpu:: fix 'output may be truncated' issue for 'cpu' (git-fixes). - leds: turris-omnia: do not use smbus calls (git-fixes). - lsm: fix default return value for inode_getsecctx (git-fixes). - lsm: fix default return value for vm_enough_memory (git-fixes). - media: bttv: fix use after free error due to btv->timeout timer (git-fixes). - media: ccs: correctly initialise try compose rectangle (git-fixes). - media: ccs: fix driver quirk struct documentation (git-fixes). - media: cedrus: fix clock/reset sequence (git-fixes). - media: cobalt: use field_get() to extract link width (git-fixes). - media: gspca: cpia1: shift-out-of-bounds in set_flicker (git-fixes). - media: i2c: max9286: fix some redundant of_node_put() calls (git-fixes). - media: imon: fix access to invalid resource for the second interface (git-fixes). - media: lirc: drop trailing space from scancode transmit (git-fixes). - media: qcom: camss: fix missing vfe_lite clocks check (git-fixes). - media: qcom: camss: fix pm_domain_on sequence in probe (git-fixes). - media: qcom: camss: fix vfe-17x vfe_disable_output() (git-fixes). - media: qcom: camss: fix vfe_get() error jump (git-fixes). - media: sharp: fix sharp encoding (git-fixes). - media: siano: drop unnecessary error check for debugfs_create_dir/file() (git-fixes). - media: venus: hfi: add checks to handle capabilities from firmware (git-fixes). - media: venus: hfi: add checks to perform sanity on queue pointers (git-fixes). - media: venus: hfi: fix the check to handle session buffer requirement (git-fixes). - media: venus: hfi_parser: add check to keep the number of codecs within range (git-fixes). - media: vidtv: mux: add check and kfree for kstrdup (git-fixes). - media: vidtv: psi: add check for kstrdup (git-fixes). - media: vivid: avoid integer overflow (git-fixes). - mfd: arizona-spi: set pdata.hpdet_channel for acpi enumerated devs (git-fixes). - mfd: core: ensure disabled devices are skipped without aborting (git-fixes). - mfd: dln2: fix double put in dln2_probe (git-fixes). - misc: fastrpc: clean buffers on remote invocation failures (git-fixes). - misc: pci_endpoint_test: add device id for r-car s4-8 pcie controller (git-fixes). - mm/hmm: fault non-owner device private entries (bsc#1216844, jsc#ped-7237, git-fixes). - mmc: block: be sure to wait while busy in cqe error recovery (git-fixes). - mmc: block: do not lose cache flush during cqe error recovery (git-fixes). - mmc: block: retry commands in cqe error recovery (git-fixes). - mmc: cqhci: fix task clearing in cqe error recovery (git-fixes). - mmc: cqhci: increase recovery halt timeout (git-fixes). - mmc: cqhci: warn of halt or task clear failure (git-fixes). - mmc: meson-gx: remove setting of cmd_cfg_error (git-fixes). - mmc: sdhci-pci-gli: a workaround to allow gl9750 to enter aspm l1.2 (git-fixes). - mmc: sdhci-pci-gli: gl9750: mask the replay timer timeout of aer (git-fixes). - mmc: sdhci_am654: fix start loop index for tap value parsing (git-fixes). - mmc: vub300: fix an error code (git-fixes). - modpost: fix tee module_device_table built on big-endian host (git-fixes). - mt76: dma: use kzalloc instead of devm_kzalloc for txwi (git-fixes). - mtd: cfi_cmdset_0001: byte swap otp info (git-fixes). - mtd: rawnand: arasan: include ecc syndrome along with in-band data while checking for ecc failure (git-fixes). - net-memcg: fix scope of sockmem pressure indicators (bsc#1216759). - net: add macro netif_subqueue_completed_wake (bsc#1215458). - net: avoid address overwrite in kernel_connect (bsc#1216861). - net: fix use-after-free in tw_timer_handler (bsc#1217195). - net: ieee802154: adf7242: fix some potential buffer overflow in adf7242_stats_show() (git-fixes). - net: mana: fix return type of mana_start_xmit() (git-fixes). - net: piggy back on the memory barrier in bql when waking queues (bsc#1215458). - net: provide macros for commonly copied lockless queue stop/wake code (bsc#1215458). - net: usb: ax88179_178a: fix failed operations during ax88179_reset (git-fixes). - net: usb: smsc95xx: fix uninit-value access in smsc95xx_read_reg (git-fixes). - nfs: fix access to page->mapping (bsc#1216788). - nvme: update firmware version after commit (bsc#1215292). - pci/aspm: fix l1 substate handling in aspm_attr_store_common() (git-fixes). - pci/sysfs: protect driver's d3cold preference from user space (git-fixes). - pci: disable ats for specific intel ipu e2000 devices (bsc#1215458). - pci: extract ats disabling to a helper function (bsc#1215458). - pci: exynos: do not discard .remove() callback (git-fixes). - pci: keystone: do not discard .probe() callback (git-fixes). - pci: keystone: do not discard .remove() callback (git-fixes). - pci: prevent xhci driver from claiming amd vangogh usb3 drd device (git-fixes). - pci: tegra194: use field_get()/field_prep() with link width fields (git-fixes). - pci: use field_get() in sapphire rx 5600 xt pulse quirk (git-fixes). - pci: use field_get() to extract link width (git-fixes). - pci: vmd: correct pci header type register's multi-function check (git-fixes). - pcmcia: cs: fix possible hung task and memory leak pccardd() (git-fixes). - pcmcia: ds: fix possible name leak in error path in pcmcia_device_add() (git-fixes). - pcmcia: ds: fix refcount leak in pcmcia_device_add() (git-fixes). - pinctrl: avoid reload of p state in list iteration (git-fixes). - platform/x86/intel-uncore-freq: return error on write frequency (bsc#1217147). - platform/x86/intel-uncore-freq: split common and enumeration part (bsc#1217147). - platform/x86/intel-uncore-freq: support for cluster level controls (bsc#1217147). - platform/x86/intel-uncore-freq: tpmi: provide cluster level control (bsc#1217147). - platform/x86/intel-uncore-freq: uncore frequency control via tpmi (bsc#1217147). - platform/x86/intel/tpmi: add tpmi external interface for tpmi feature drivers (bsc#1217147). - platform/x86/intel/tpmi: fix double free reported by smatch (bsc#1217147). - platform/x86/intel/tpmi: process cpu package mapping (bsc#1217147). - platform/x86/intel/uncore-freq: display uncore current frequency (bsc#1217147). - platform/x86/intel/uncore-freq: move to uncore-frequency folder (bsc#1217147). - platform/x86/intel/uncore-freq: use sysfs api to create attributes (bsc#1217147). - platform/x86/intel/vsec: add tpmi id (bsc#1217147). - platform/x86/intel/vsec: enhance and export intel_vsec_add_aux() (bsc#1217147). - platform/x86/intel/vsec: support private data (bsc#1217147). - platform/x86/intel/vsec: use mutex for ida_alloc() and ida_free() (bsc#1217147). - platform/x86/intel: intel tpmi enumeration driver (bsc#1217147). - platform/x86/intel: tpmi: fix double free in tpmi_create_device() (bsc#1217147). - platform/x86: intel-uncore-freq: add client processors (bsc#1217147). - platform/x86: intel-uncore-freq: conditionally create attribute for read frequency (bsc#1217147). - platform/x86: intel-uncore-freq: fix uncore_freq_common_init() error codes (bsc#1217147). - platform/x86: intel-uncore-freq: prevent driver loading in guests (bsc#1217147). - platform/x86: intel-uncore-freq: use sysfs_emit() to instead of scnprintf() (bsc#1217147). - platform/x86: intel-uncore-frequency: move to intel sub-directory (bsc#1217147). - platform/x86: intel-uncore-frequency: use default_groups in kobj_type (bsc#1217147). - platform/x86: thinkpad_acpi: add battery quirk for thinkpad x120e (git-fixes). - platform/x86: wmi: fix opening of char device (git-fixes). - platform/x86: wmi: fix probe failure when failing to register wmi devices (git-fixes). - platform/x86: wmi: remove unnecessary initializations (git-fixes). - pm / devfreq: rockchip-dfi: make pmu regmap mandatory (git-fixes). - pm: hibernate: use __get_safe_page() rather than touching the list (git-fixes). - powerpc/perf/hv-24x7: update domain value check (bsc#1215931). - powerpc/vas: limit open window failure messages in log bufffer (bsc#1216687 ltc#203927). - powerpc: do not clobber f0/vs0 during fp|altivec register save (bsc#1217780). - pwm: brcmstb: utilize appropriate clock apis in suspend/resume (git-fixes). - pwm: fix double shift bug (git-fixes). - pwm: sti: reduce number of allocations and drop usage of chip_data (git-fixes). - quota: fix slow quotaoff (bsc#1216621). - r8152: cancel hw_phy_work if we have an error in probe (git-fixes). - r8152: check for unplug in r8153b_ups_en() / r8153c_ups_en() (git-fixes). - r8152: check for unplug in rtl_phy_patch_request() (git-fixes). - r8152: increase usb control msg timeout to 5000ms as per spec (git-fixes). - r8152: release firmware if we have an error in probe (git-fixes). - r8152: run the unload routine if we have errors during probe (git-fixes). - regmap: debugfs: fix a erroneous check after snprintf() (git-fixes). - regmap: ensure range selector registers are updated after cache sync (git-fixes). - regmap: prevent noinc writes from clobbering cache (git-fixes). - revert "i2c: pxa: move to generic gpio recovery" (git-fixes). - revert "mmc: core: capture correct oemid-bits for emmc cards" (git-fixes). - revert "tracing: fix warning in trace_buffered_event_disable()" (bsc#1217036) - revert amdgpu patches that caused a regression (bsc#1215802) - rpm/check-for-config-changes: add as_wruss to ignored_configs_re add as_wruss as an ignored_configs_re entry in check-for-config-changes to fix build on x86_32. there was a fix submitted to upstream but it was not accepted: https://lore.kernel.org/all/20231031140504.gczuejkmpxsredh3ma@fat_crate.local/ so carry this in ignored_configs_re instead. - rpm/check-for-config-changes: add have_shadow_call_stack to ignored_configs_re not supported by our compiler. - rpm/mkspec-dtb: add riscv64 dtb-allwinner subpackage - run scripts/renamepatches for sle15-sp4 - s390/ap: fix ap bus crash on early config change callback invocation (git-fixes bsc#1217687). - s390/cio: unregister device when the only path is gone (git-fixes bsc#1217609). - s390/cmma: fix detection of dat pages (ltc#203997 bsc#1217086). - s390/cmma: fix handling of swapper_pg_dir and invalid_pg_dir (ltc#203997 bsc#1217086). - s390/cmma: fix initial kernel address space page table walk (ltc#203997 bsc#1217086). - s390/crashdump: fix tod programmable field size (git-fixes bsc#1217205). - s390/dasd: fix hanging device after request requeue (git-fixes ltc#203629 bsc#1215124). - s390/dasd: protect device queue against concurrent access (git-fixes bsc#1217515). - s390/dasd: use correct number of retries for erp requests (git-fixes bsc#1217598). - s390/ipl: add missing ipl_type_eckd_dump case to ipl_init() (git-fixes bsc#1217511). - s390/ipl: add missing secure/has_secure file to ipl type 'unknown' (bsc#1214976 git-fixes). - s390/mm: add missing arch_set_page_dat() call to gmap allocations (ltc#203997 bsc#1217086). - s390/mm: add missing arch_set_page_dat() call to vmem_crst_alloc() (ltc#203997 bsc#1217086). - s390/pkey: fix/harmonize internal keyblob headers (git-fixes bsc#1217200). - s390/ptrace: fix ptrace_get_last_break error handling (git-fixes bsc#1217599). - sbitmap: fix batched wait_cnt accounting (bsc#1217095 bsc#1217196). - sbitmap: fix up kabi for sbitmap_queue_wake_up() (bsc#1217095 bsc#1217196). - sbsa_gwdt: calculate timeout with 64-bit math (git-fixes). - scsi: lpfc: copyright updates for 14.2.0.16 patches (bsc#1217731). - scsi: lpfc: correct maximum pci function value for ras fw logging (bsc#1217731). - scsi: lpfc: eliminate unnecessary relocking in lpfc_check_nlp_post_devloss() (bsc#1217731). - scsi: lpfc: enhance driver logging for selected discovery events (bsc#1217731). - scsi: lpfc: fix list_entry null check warning in lpfc_cmpl_els_plogi() (bsc#1217731). - scsi: lpfc: fix possible file string name overflow when updating firmware (bsc#1217731). - scsi: lpfc: introduce log_node_verbose messaging flag (bsc#1217124). - scsi: lpfc: refactor and clean up mailbox command memory free (bsc#1217731). - scsi: lpfc: reject received prlis with only initiator fcn role for npiv ports (bsc#1217124). - scsi: lpfc: remove unnecessary zero return code assignment in lpfc_sli4_hba_setup (bsc#1217124). - scsi: lpfc: return early in lpfc_poll_eratt() when the driver is unloading (bsc#1217731). - scsi: lpfc: treat ioerr_sli_down i/o completion status the same as pci offline (bsc#1217124). - scsi: lpfc: update lpfc version to 14.2.0.15 (bsc#1217124). - scsi: lpfc: update lpfc version to 14.2.0.16 (bsc#1217731). - scsi: lpfc: validate els ls_acc completion payload (bsc#1217124). - scsi: qla2xxx: fix double free of dsd_list during driver load (git-fixes). - scsi: qla2xxx: use field_get() to extract pcie capability fields (git-fixes). - selftests/efivarfs: create-read: fix a resource leak (git-fixes). - selftests/pidfd: fix ksft print formats (git-fixes). - selftests/resctrl: ensure the benchmark commands fits to its array (git-fixes). - selftests/resctrl: reduce failures due to outliers in mba/mbm tests (git-fixes). - selftests/resctrl: remove duplicate feature check from cmt test (git-fixes). - seq_buf: fix a misleading comment (git-fixes). - serial: exar: revert "serial: exar: add support for sealevel 7xxxc serial cards" (git-fixes). - serial: meson: use platform_get_irq() to get the interrupt (git-fixes). - soc: qcom: llcc: handle a second device without data corruption (git-fixes). - spi: nxp-fspi: use the correct ioremap function (git-fixes). - spi: spi-zynq-qspi: add spi-mem to driver kconfig dependencies (git-fixes). - spi: tegra: fix missing irq check in tegra_slink_probe() (git-fixes). - staging: media: ipu3: remove ftrace-like logging (git-fixes). - string.h: add array-wrappers for (v)memdup_user() (git-fixes). - supported.conf: marked idpf supported - thermal: core: prevent potential string overflow (git-fixes). - treewide: spelling fix in comment (git-fixes). - tty/sysrq: replace smp_processor_id() with get_cpu() (git-fixes). - tty: 8250: add brainboxes oxford semiconductor-based quirks (git-fixes). - tty: 8250: add support for additional brainboxes px cards (git-fixes). - tty: 8250: add support for additional brainboxes uc cards (git-fixes). - tty: 8250: add support for brainboxes up cards (git-fixes). - tty: 8250: add support for intashield is-100 (git-fixes). - tty: 8250: add support for intashield ix cards (git-fixes). - tty: 8250: fix port count of px-257 (git-fixes). - tty: 8250: fix up px-803/px-857 (git-fixes). - tty: 8250: remove uc-257 and uc-431 (git-fixes). - tty: fix uninit-value access in ppp_sync_receive() (git-fixes). - tty: n_gsm: fix race condition in status line change on dead connections (git-fixes). - tty: serial: meson: fix hard lockup on crtscts mode (git-fixes). - tty: tty_jobctrl: fix pid memleak in disassociate_ctty() (git-fixes). - tty: vcc: add check for kstrdup() in vcc_probe() (git-fixes). - update ath11k hibernation fix patch set (bsc#1207948) - update metadata s390-ipl-add-missing-secure-has_secure-file-to-ipl-type-unknown (bsc#1214976 git-fixes). - usb: cdnsp: fix deadlock issue during using ncm gadget (git-fixes). - usb: chipidea: fix dma overwrite for tegra (git-fixes). - usb: chipidea: simplify tegra dma alignment code (git-fixes). - usb: dwc2: fix possible null pointer dereference caused by driver concurrency (git-fixes). - usb: dwc2: write hcint with intmask applied (bsc#1214286). - usb: dwc3: fix default mode initialization (git-fixes). - usb: dwc3: qcom: fix acpi platform device leak (git-fixes). - usb: dwc3: qcom: fix resource leaks on probe deferral (git-fixes). - usb: dwc3: qcom: fix software node leak on probe errors (git-fixes). - usb: dwc3: qcom: fix wakeup after probe deferral (git-fixes). - usb: dwc3: set the dma max_seg_size (git-fixes). - usb: gadget: f_ncm: always set current gadget in ncm_bind() (git-fixes). - usb: raw-gadget: properly handle interrupted requests (git-fixes). - usb: serial: option: add fibocom l7xx modules (git-fixes). - usb: serial: option: do not claim interface 4 for zte mf290 (git-fixes). - usb: serial: option: fix fm101r-gl defines (git-fixes). - usb: storage: set 1.50 as the lower bcddevice for older "super top" compatibility (git-fixes). - usb: typec: tcpm: fix null pointer dereference in tcpm_pd_svdm() (git-fixes). - usb: typec: tcpm: skip hard reset when in error recovery (git-fixes). - usb: usbip: fix stub_dev hub disconnect (git-fixes). - virtchnl: add virtchnl version 2 ops (bsc#1215458). - wifi: ath10k: do not touch the ce interrupt registers after power up (git-fixes). - wifi: ath10k: fix clang-specific fortify warning (git-fixes). - wifi: ath11k: debugfs: fix to work with multiple pci devices (git-fixes). - wifi: ath11k: fix dfs radar event locking (git-fixes). - wifi: ath11k: fix gtk offload status event locking (git-fixes). - wifi: ath11k: fix htt pktlog locking (git-fixes). - wifi: ath11k: fix temperature event locking (git-fixes). - wifi: ath9k: fix clang-specific fortify warnings (git-fixes). - wifi: iwlwifi: call napi_synchronize() before freeing rx/tx queues (git-fixes). - wifi: iwlwifi: empty overflow queue during flush (git-fixes). - wifi: iwlwifi: honor the enable_ini value (git-fixes). - wifi: iwlwifi: pcie: synchronize irqs before napi (git-fixes). - wifi: iwlwifi: use fw rate for non-data frames (git-fixes). - wifi: mac80211: do not return unset power in ieee80211_get_tx_power() (git-fixes). - wifi: mac80211: fix # of msdu in a-msdu calculation (git-fixes). - wifi: mt76: mt7603: rework/fix rx pse hang check (git-fixes). - wifi: rtlwifi: fix edca limit set by bt coexistence (git-fixes). - wifi: rtw88: debug: fix the null vs is_err() bug for debugfs_create_file() (git-fixes). - x86/alternative: add a __alt_reloc_selftest() prototype (git-fixes). - x86/cpu: clear svm feature if disabled by bios (bsc#1214700). - x86/cpu: fix amd erratum #1485 on zen4-based cpus (git-fixes). - x86/fpu: set x86_feature_osxsave feature after enabling osxsave in cr4 (git-fixes). - x86/hyperv: add hv_expose_invariant_tsc define (git-fixes). - x86/hyperv: fix a warning in mshyperv.h (git-fixes). - x86/hyperv: improve code for referencing hyperv_pcpu_input_arg (git-fixes). - x86/hyperv: make hv_get_nmi_reason public (git-fixes). - x86/sev: do not try to parse for the cc blob on non-amd hardware (git-fixes). - x86/sev: fix calculation of end address based on number of pages (git-fixes). - x86/sev: use the ghcb protocol when available for snp cpuid requests (git-fixes). - x86: move gds_ucode_mitigated() declaration to header (git-fixes). - xfs: add attr state machine tracepoints (git-fixes). - xfs: can't use kmem_zalloc() for attribute buffers (bsc#1216909). - xfs: constify btree function parameters that are not modified (git-fixes). - xfs: convert agf log flags to unsigned (git-fixes). - xfs: convert agi log flags to unsigned (git-fixes). - xfs: convert attr type flags to unsigned (git-fixes). - xfs: convert bmap extent type flags to unsigned (git-fixes). - xfs: convert bmapi flags to unsigned (git-fixes). - xfs: convert btree buffer log flags to unsigned (git-fixes). - xfs: convert buffer flags to unsigned (git-fixes). - xfs: convert buffer log item flags to unsigned (git-fixes). - xfs: convert da btree operations flags to unsigned (git-fixes). - xfs: convert dquot flags to unsigned (git-fixes). - xfs: convert inode lock flags to unsigned (git-fixes). - xfs: convert log item tracepoint flags to unsigned (git-fixes). - xfs: convert log ticket and iclog flags to unsigned (git-fixes). - xfs: convert quota options flags to unsigned (git-fixes). - xfs: convert scrub type flags to unsigned (git-fixes). - xfs: disambiguate units for ftrace fields tagged "blkno", "block", or "bno" (git-fixes). - xfs: disambiguate units for ftrace fields tagged "count" (git-fixes). - xfs: disambiguate units for ftrace fields tagged "len" (git-fixes). - xfs: disambiguate units for ftrace fields tagged "offset" (git-fixes). - xfs: make the key parameters to all btree key comparison functions const (git-fixes). - xfs: make the key parameters to all btree query range functions const (git-fixes). - xfs: make the keys and records passed to btree inorder functions const (git-fixes). - xfs: make the pointer passed to btree set_root functions const (git-fixes). - xfs: make the start pointer passed to btree alloc_block functions const (git-fixes). - xfs: make the start pointer passed to btree update_lastrec functions const (git-fixes). - xfs: mark the record passed into btree init_key functions as const (git-fixes). - xfs: mark the record passed into xchk_btree functions as const (git-fixes). - xfs: remove xfs_btree_cur_t typedef (git-fixes). - xfs: rename i_disk_size fields in ftrace output (git-fixes). - xfs: resolve fork names in trace output (git-fixes). - xfs: standardize ag block number formatting in ftrace output (git-fixes). - xfs: standardize ag number formatting in ftrace output (git-fixes). - xfs: standardize daddr formatting in ftrace output (git-fixes). - xfs: standardize inode generation formatting in ftrace output (git-fixes). - xfs: standardize inode number formatting in ftrace output (git-fixes). - xfs: standardize remaining xfs_buf length tracepoints (git-fixes). - xfs: standardize rmap owner number formatting in ftrace output (git-fixes). - xhci: Loosen RPM as default policy to cover for AMD xHC 1.1 (git-fixes). - xhci: enable rpm on controllers that support low-power states (git-fixes). kernel-rt-5.14.21-150500.13.27.2.nosrc.rpm True kernel-rt-5.14.21-150500.13.27.2.x86_64.rpm True openSUSE-Leap-Micro-5.5-2023-4869 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for tiff fixes the following issues: - CVE-2023-2731: Fix null pointer deference in LZWDecode() (bsc#1211478). - CVE-2023-1916: Fix out-of-bounds read in extractImageSection() (bsc#1210231). - CVE-2023-26965: Fix heap-based use after free in loadImage() (bsc#1212398). - CVE-2022-40090: Fix infinite loop in TIFFReadDirectory() (bsc#1214680). libtiff5-4.0.9-150000.45.35.1.x86_64.rpm tiff-4.0.9-150000.45.35.1.src.rpm libtiff5-4.0.9-150000.45.35.1.s390x.rpm libtiff5-4.0.9-150000.45.35.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2024-16 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for biosdevname fixes the following issues: Update to version 0.7.3.7.g495ab76 (bsc#1217455): * Add SMBIOS 3.x support * Read DMI entries from /sys/firmware/dmi/tables/DMI * Add buffer read helper using read explicitly * man: fix all_ethN indentation * Netronome biosdevname support (#8) * Prevent infinite recursion in dmidecode.c::smbios_setslot by (#7) * Add support for ExaNIC network cards (#5) biosdevname-0.7.3.7.g495ab76-150000.5.6.1.src.rpm biosdevname-0.7.3.7.g495ab76-150000.5.6.1.x86_64.rpm openSUSE-Leap-Micro-5.5-2024-73 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for sssd fixes the following issues: - Only send cldap-ping to our local domain; (bsc#1217319); (gh#SSSD/sssd#5822) - Do not write kdc info file for GC lookup; (bsc#1217319); (gh#SSSD/sssd#5956) - sssd Unable to obtain cached rules filling up sssd_sudo.log libsss_certmap0-2.5.2-150500.10.11.1.x86_64.rpm libsss_idmap0-2.5.2-150500.10.11.1.x86_64.rpm libsss_nss_idmap0-2.5.2-150500.10.11.1.x86_64.rpm sssd-2.5.2-150500.10.11.1.src.rpm sssd-2.5.2-150500.10.11.1.x86_64.rpm sssd-common-2.5.2-150500.10.11.1.x86_64.rpm sssd-krb5-common-2.5.2-150500.10.11.1.x86_64.rpm sssd-ldap-2.5.2-150500.10.11.1.x86_64.rpm libsss_certmap0-2.5.2-150500.10.11.1.s390x.rpm libsss_idmap0-2.5.2-150500.10.11.1.s390x.rpm libsss_nss_idmap0-2.5.2-150500.10.11.1.s390x.rpm sssd-2.5.2-150500.10.11.1.s390x.rpm sssd-common-2.5.2-150500.10.11.1.s390x.rpm sssd-krb5-common-2.5.2-150500.10.11.1.s390x.rpm sssd-ldap-2.5.2-150500.10.11.1.s390x.rpm libsss_certmap0-2.5.2-150500.10.11.1.aarch64.rpm libsss_idmap0-2.5.2-150500.10.11.1.aarch64.rpm libsss_nss_idmap0-2.5.2-150500.10.11.1.aarch64.rpm sssd-2.5.2-150500.10.11.1.aarch64.rpm sssd-common-2.5.2-150500.10.11.1.aarch64.rpm sssd-krb5-common-2.5.2-150500.10.11.1.aarch64.rpm sssd-ldap-2.5.2-150500.10.11.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2024-62 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for libxcrypt fixes the following issues: - fix variable name for datamember [bsc#1215496] - added patches fix https://github.com/besser82/libxcrypt/commit/b212d601549a0fc84cbbcaf21b931f903787d7e2 libcrypt1-4.4.15-150300.4.7.1.x86_64.rpm libxcrypt-4.4.15-150300.4.7.1.src.rpm libxcrypt-devel-4.4.15-150300.4.7.1.x86_64.rpm libcrypt1-4.4.15-150300.4.7.1.s390x.rpm libxcrypt-devel-4.4.15-150300.4.7.1.s390x.rpm libcrypt1-4.4.15-150300.4.7.1.aarch64.rpm libxcrypt-devel-4.4.15-150300.4.7.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4962 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. curl-8.0.1-150400.5.41.1.src.rpm True curl-8.0.1-150400.5.41.1.x86_64.rpm True libcurl4-8.0.1-150400.5.41.1.x86_64.rpm True curl-8.0.1-150400.5.41.1.s390x.rpm True libcurl4-8.0.1-150400.5.41.1.s390x.rpm True curl-8.0.1-150400.5.41.1.aarch64.rpm True libcurl4-8.0.1-150400.5.41.1.aarch64.rpm True openSUSE-Leap-Micro-5.5-2023-4891 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) libncurses6-6.1-150000.5.20.1.x86_64.rpm ncurses-6.1-150000.5.20.1.src.rpm ncurses-utils-6.1-150000.5.20.1.x86_64.rpm terminfo-6.1-150000.5.20.1.x86_64.rpm terminfo-base-6.1-150000.5.20.1.x86_64.rpm libncurses6-6.1-150000.5.20.1.s390x.rpm ncurses-utils-6.1-150000.5.20.1.s390x.rpm terminfo-6.1-150000.5.20.1.s390x.rpm terminfo-base-6.1-150000.5.20.1.s390x.rpm libncurses6-6.1-150000.5.20.1.aarch64.rpm ncurses-utils-6.1-150000.5.20.1.aarch64.rpm terminfo-6.1-150000.5.20.1.aarch64.rpm terminfo-base-6.1-150000.5.20.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2024-70 low SUSE Updates openSUSE-Leap-Micro 5.5 This update for tar fixes the following issues: - CVE-2023-39804: Fixed extension attributes in PAX archives incorrect hanling (bsc#1217969). tar-1.34-150000.3.34.1.src.rpm tar-1.34-150000.3.34.1.x86_64.rpm tar-1.34-150000.3.34.1.s390x.rpm tar-1.34-150000.3.34.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2024-26 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for mozilla-nss fixes the following issues: Mozilla NSS was updated to NSS 3.90.1 * regenerate NameConstraints test certificates. * add OSXSAVE and XCR0 tests to AVX2 detection. libfreebl3-3.90.1-150400.3.35.2.x86_64.rpm libsoftokn3-3.90.1-150400.3.35.2.x86_64.rpm mozilla-nss-3.90.1-150400.3.35.2.src.rpm mozilla-nss-3.90.1-150400.3.35.2.x86_64.rpm mozilla-nss-certs-3.90.1-150400.3.35.2.x86_64.rpm mozilla-nss-tools-3.90.1-150400.3.35.2.x86_64.rpm libfreebl3-3.90.1-150400.3.35.2.s390x.rpm libsoftokn3-3.90.1-150400.3.35.2.s390x.rpm mozilla-nss-3.90.1-150400.3.35.2.s390x.rpm mozilla-nss-certs-3.90.1-150400.3.35.2.s390x.rpm mozilla-nss-tools-3.90.1-150400.3.35.2.s390x.rpm libfreebl3-3.90.1-150400.3.35.2.aarch64.rpm libsoftokn3-3.90.1-150400.3.35.2.aarch64.rpm mozilla-nss-3.90.1-150400.3.35.2.aarch64.rpm mozilla-nss-certs-3.90.1-150400.3.35.2.aarch64.rpm mozilla-nss-tools-3.90.1-150400.3.35.2.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4945 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for xen fixes the following issues: - CVE-2023-46836: Fixed BTC/SRSO fixes not fully effective (bsc#1216807). - CVE-2023-46835: Fixed mismatch in IOMMU quarantine page table levels on x86/AMD (bsc#1216654). Update to Xen 4.17.3 bug fix release (bsc#1027519). xen-4.17.3_02-150500.3.18.1.src.rpm xen-libs-4.17.3_02-150500.3.18.1.x86_64.rpm openSUSE-Leap-Micro-5.5-2023-4968 low SUSE Updates openSUSE-Leap-Micro 5.5 This update for jbigkit fixes the following issues: - CVE-2022-1210: Fixed denial of service in TIFF File Handler (bsc#1198146). jbigkit-2.1-150000.3.5.1.src.rpm libjbig2-2.1-150000.3.5.1.x86_64.rpm libjbig2-2.1-150000.3.5.1.s390x.rpm libjbig2-2.1-150000.3.5.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2024-6 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for libssh2_org fixes the following issues: - CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity (Terrapin Attack) (bsc#1218127). libssh2-1-1.11.0-150000.4.22.1.x86_64.rpm libssh2_org-1.11.0-150000.4.22.1.src.rpm libssh2-1-1.11.0-150000.4.22.1.s390x.rpm libssh2-1-1.11.0-150000.4.22.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2023-4966 critical SUSE Updates openSUSE-Leap-Micro 5.5 This update for cloud-regionsrv-client fixes the following issues: - Update to version 10.1.5 (bsc#1217583) + Fix fallback path when IPv6 network path is not usable + Enable an IPv6 fallback path in IMDS access if it cannot be accessed over IPv4 + Enable IMDS access over IPv6 - Update to version 10.1.4 (bsc#1217451) + Fetch cert for new update server during failover cloud-regionsrv-client-10.1.5-150000.6.102.1.noarch.rpm cloud-regionsrv-client-10.1.5-150000.6.102.1.src.rpm cloud-regionsrv-client-addon-azure-1.0.5-150000.6.102.1.noarch.rpm cloud-regionsrv-client-generic-config-1.0.0-150000.6.102.1.noarch.rpm cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.102.1.noarch.rpm cloud-regionsrv-client-plugin-ec2-1.0.3-150000.6.102.1.noarch.rpm cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.102.1.noarch.rpm openSUSE-Leap-Micro-5.5-2023-4965 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for ppp fixes the following issues: - CVE-2022-4603: Fixed improper validation of array index of the component pppdump (bsc#1218251). ppp-2.4.7-150000.5.13.1.src.rpm ppp-2.4.7-150000.5.13.1.x86_64.rpm ppp-2.4.7-150000.5.13.1.s390x.rpm ppp-2.4.7-150000.5.13.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2024-147 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for ignition fixes the following issues: - Update to version 2.17.0: - Updates from version 2.16.x [jsc#SMO-314] [bsc#1217533]: - Fix segmentation fault if filesystem section of Ignition JSON doesn't contain path entry - Increased required Go version ignition-2.17.0-150500.3.3.1.src.rpm ignition-2.17.0-150500.3.3.1.x86_64.rpm ignition-dracut-grub2-2.17.0-150500.3.3.1.x86_64.rpm ignition-2.17.0-150500.3.3.1.s390x.rpm ignition-dracut-grub2-2.17.0-150500.3.3.1.s390x.rpm ignition-2.17.0-150500.3.3.1.aarch64.rpm ignition-dracut-grub2-2.17.0-150500.3.3.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2024-39 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for samba fixes the following issues: - Add idmap_nss option 'use_upn' for NSS modules able to handle UPNs or DOMAIN/user name format (bsc#1215369) - Avoid unnecessary locking in idmap parent setup (bsc#1215369) samba-4.17.12+git.455.b299ac1e60-150500.3.20.1.src.rpm samba-client-libs-4.17.12+git.455.b299ac1e60-150500.3.20.1.x86_64.rpm samba-client-libs-4.17.12+git.455.b299ac1e60-150500.3.20.1.s390x.rpm samba-client-libs-4.17.12+git.455.b299ac1e60-150500.3.20.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2024-54 important SUSE Updates openSUSE-Leap-Micro 5.5 This recommended update for NetworkManager fixes the following issues: - No-change rebuild to include NetworkManager-wwan in the SLE-Module-Desktop-Applications_15-SP5 channels (bsc#1218248) NetworkManager-1.38.6-150500.3.2.1.src.rpm NetworkManager-1.38.6-150500.3.2.1.x86_64.rpm NetworkManager-bluetooth-1.38.6-150500.3.2.1.x86_64.rpm NetworkManager-cloud-setup-1.38.6-150500.3.2.1.x86_64.rpm NetworkManager-pppoe-1.38.6-150500.3.2.1.x86_64.rpm NetworkManager-tui-1.38.6-150500.3.2.1.x86_64.rpm NetworkManager-wwan-1.38.6-150500.3.2.1.x86_64.rpm libnm0-1.38.6-150500.3.2.1.x86_64.rpm typelib-1_0-NM-1_0-1.38.6-150500.3.2.1.x86_64.rpm NetworkManager-1.38.6-150500.3.2.1.s390x.rpm NetworkManager-bluetooth-1.38.6-150500.3.2.1.s390x.rpm NetworkManager-cloud-setup-1.38.6-150500.3.2.1.s390x.rpm NetworkManager-pppoe-1.38.6-150500.3.2.1.s390x.rpm NetworkManager-tui-1.38.6-150500.3.2.1.s390x.rpm NetworkManager-wwan-1.38.6-150500.3.2.1.s390x.rpm libnm0-1.38.6-150500.3.2.1.s390x.rpm typelib-1_0-NM-1_0-1.38.6-150500.3.2.1.s390x.rpm NetworkManager-1.38.6-150500.3.2.1.aarch64.rpm NetworkManager-bluetooth-1.38.6-150500.3.2.1.aarch64.rpm NetworkManager-cloud-setup-1.38.6-150500.3.2.1.aarch64.rpm NetworkManager-pppoe-1.38.6-150500.3.2.1.aarch64.rpm NetworkManager-tui-1.38.6-150500.3.2.1.aarch64.rpm NetworkManager-wwan-1.38.6-150500.3.2.1.aarch64.rpm libnm0-1.38.6-150500.3.2.1.aarch64.rpm typelib-1_0-NM-1_0-1.38.6-150500.3.2.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2024-145 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for btrfsprogs fixes the following issue: - btrfs-progs: fix defrag -c option parsing (bsc#1218029) btrfsprogs-5.14-150500.10.3.1.src.rpm btrfsprogs-5.14-150500.10.3.1.x86_64.rpm btrfsprogs-udev-rules-5.14-150500.10.3.1.noarch.rpm libbtrfs0-5.14-150500.10.3.1.x86_64.rpm btrfsprogs-5.14-150500.10.3.1.s390x.rpm libbtrfs0-5.14-150500.10.3.1.s390x.rpm btrfsprogs-5.14-150500.10.3.1.aarch64.rpm libbtrfs0-5.14-150500.10.3.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2024-124 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for suseconnect-ng fixes the following issues: - Update to version 1.5.0 - Configure docker credentials for registry authentication - Feature: Support usage from Agama + Cockpit for ALP Micro system registration (bsc#1218364) - Add --json output option suseconnect-ng-1.5.0~git0.d27a8e2-150500.3.9.1.src.rpm suseconnect-ng-1.5.0~git0.d27a8e2-150500.3.9.1.x86_64.rpm suseconnect-ng-1.5.0~git0.d27a8e2-150500.3.9.1.s390x.rpm suseconnect-ng-1.5.0~git0.d27a8e2-150500.3.9.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2024-136 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for pam fixes the following issues: - CVE-2024-22365: Fixed a local denial of service during PAM login due to a missing check during path manipulation (bsc#1218475). - Check localtime_r() return value to fix crashing (bsc#1217000) pam-1.3.0-150000.6.66.1.src.rpm pam-1.3.0-150000.6.66.1.x86_64.rpm pam-1.3.0-150000.6.66.1.s390x.rpm pam-1.3.0-150000.6.66.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2024-105 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for grub2 and efibootmgr fixes the following issues: grub2: - Deliver missing grub2-arm64-efi and grub2-powerpc-ieee1275 to SUSE Manager 4.3 (no source changes) (bsc#1217237) efibootmgr: - Deliver missing efibootmgr to SUSE Manager 4.3 (no source changes) (bsc#1217237) efibootmgr-17-150400.3.2.2.src.rpm efibootmgr-17-150400.3.2.2.x86_64.rpm efibootmgr-17-150400.3.2.2.aarch64.rpm openSUSE-Leap-Micro-5.5-2024-160 important SUSE Updates openSUSE-Leap-Micro 5.5 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-26555: Fixed Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B that may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN (bsc#1179610 bsc#1215237). - CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race condition in bt_sock_recvmsg (bsc#1218559). - CVE-2023-6121: Fixed an out-of-bounds read vulnerability in the NVMe-oF/TCP subsystem that could lead to information leak (bsc#1217250). - CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218447). - CVE-2023-6546: Fixed a race condition in the GSM 0710 tty multiplexor via the GSMIOC_SETCONF ioctl that could lead to local privilege escalation (bsc#1218335). - CVE-2023-6606: Fixed an out-of-bounds read vulnerability in smbCalcSize in fs/smb/client/netmisc.c that could allow a local attacker to crash the system or leak internal kernel information (bsc#1217947). - CVE-2023-6610: Fixed an out-of-bounds read vulnerability in smb2_dump_detail in fs/smb/client/smb2ops.c that could allow a local attacker to crash the system or leak internal kernel information (bsc#1217946). - CVE-2023-6622: Fixed a null pointer dereference vulnerability in nft_dynset_init() that could allow a local attacker with CAP_NET_ADMIN user privilege to trigger a denial of service (bsc#1217938). - CVE-2023-6931: Fixed a heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component that could lead to local privilege escalation. (bsc#1218258). - CVE-2023-6932: Fixed a use-after-free vulnerability in the Linux kernel's ipv4: igmp component that could lead to local privilege escalation (bsc#1218253). The following non-security bugs were fixed: - Documentation: KVM: add separate directories for architecture-specific documentation (jsc#PED-7167). - Documentation: KVM: update amd-memory-encryption.rst references (jsc#PED-7167). - Documentation: KVM: update msr.rst reference (jsc#PED-7167). - Documentation: KVM: update s390-diag.rst reference (jsc#PED-7167). - Documentation: KVM: update s390-pv.rst reference (jsc#PED-7167). - Documentation: drop more IDE boot options and ide-cd.rst (git-fixes). - Documentation: qat: Use code block for qat sysfs example (git-fixes). - Drop Documentation/ide/ (git-fixes). - Fix crash in vmw_context_cotables_unref when 3d support is enabled (bsc#1218738) - Fix crash on screen resize (bsc#1218229) - Fix drm gem object underflow (bsc#1218092) - Revert "PCI/ASPM: Remove pcie_aspm_pm_state_change()" (git-fixes). - Revert "PCI: acpiphp: Reassign resources on bridge if necessary" (git-fixes). - Revert "md: unlock mddev before reap sync_thread in action_store" (git-fixes). - Revert "swiotlb: panic if nslabs is too small" (git-fixes). - Revert "xhci: Loosen RPM as default policy to cover for AMD xHC 1.1" (git-fixes). - Update: drm/vmwgfx: Keep a gem reference to user bos in surfaces - acpi: video: Add backlight=native DMI quirk for Lenovo Ideapad Z470 (git-fixes). - acpi: x86: s2idle: Catch multiple ACPI_TYPE_PACKAGE objects (git-fixes). - acpica: Add AML_NO_OPERAND_RESOLVE flag to Timer (git-fixes). - afs: Fix afs_server_list to be cleaned up with RCU (git-fixes). - afs: Fix dynamic root lookup DNS check (git-fixes). - afs: Fix file locking on R/O volumes to operate in local mode (git-fixes). - afs: Fix overwriting of result of DNS query (git-fixes). - afs: Fix refcount underflow from error handling race (git-fixes). - afs: Fix the dynamic root's d_delete to always delete unused dentries (git-fixes). - afs: Fix use-after-free due to get/remove race in volume tree (git-fixes). - afs: Make error on cell lookup failure consistent with OpenAFS (git-fixes). - afs: Return ENOENT if no cell DNS record can be found (git-fixes). - alsa: hda - Fix speaker and headset mic pin config for CHUWI CoreBook XPro (git-fixes). - alsa: hda/hdmi: add force-connect quirk for NUC5CPYB (git-fixes). - alsa: hda/hdmi: add force-connect quirks for ASUSTeK Z170 variants (git-fixes). - alsa: hda/realtek: Add Framework laptop 16 to quirks (git-fixes). - alsa: hda/realtek: Add quirk for ASUS ROG GV302XA (git-fixes). - alsa: hda/realtek: Add supported ALC257 for ChromeOS (git-fixes). - alsa: hda/realtek: Apply mute LED quirk for HP15-db (git-fixes). - alsa: hda/realtek: Enable headset on Lenovo M90 Gen5 (git-fixes). - alsa: hda/realtek: Fix mute and mic-mute LEDs for HP ProBook 440 G6 (git-fixes). - alsa: hda/realtek: Headset Mic VREF to 100% (git-fixes). - alsa: hda/realtek: add new Framework laptop to quirks (git-fixes). - alsa: hda/realtek: enable SND_PCI_QUIRK for hp pavilion 14-ec1xxx series (git-fixes). - alsa: hda/realtek: fix mute/micmute LEDs for a HP ZBook (git-fixes). - alsa: hda/realtek: fix speakers on XPS 9530 (2023) (git-fixes). - alsa: hda: intel-dsp-cfg: add LunarLake support (git-fixes). - alsa: pcm: fix out-of-bounds in snd_pcm_state_names (git-fixes). - alsa: seq: oss: Fix racy open/close of MIDI devices (git-fixes). - alsa: usb-audio: Add Pioneer DJM-450 mixer controls (git-fixes). - alsa: usb-audio: Increase delay in MOTU M quirk (git-fixes). - apparmor: Free up __cleanup() name (jsc#PED-7167). - arm64: dts: arm: add missing cache properties (git-fixes) - arm64: dts: imx8mm: Add sound-dai-cells to micfil node (git-fixes) - arm64: dts: imx8mn: Add sound-dai-cells to micfil node (git-fixes) - arm64: dts: imx8mq-librem5: Remove dis_u3_susphy_quirk from (git-fixes) - arm64: kdump: Skip kmemleak scan reserved memory for kdump (jsc#PED-7167). - arm64: mm: Fix "rodata=on" when CONFIG_RODATA_FULL_DEFAULT_ENABLED=y (git-fixes) - arm: OMAP2+: Fix null pointer dereference and memory leak in omap_soc_device_init (git-fixes). - arm: PL011: Fix DMA support (git-fixes). - asoc: fsl_rpmsg: Fix error handler with pm_runtime_enable (git-fixes). - asoc: hdmi-codec: fix missing report for jack initial status (git-fixes). - asoc: meson: g12a-toacodec: Fix event generation (git-fixes). - asoc: meson: g12a-toacodec: Validate written enum values (git-fixes). - asoc: meson: g12a-tohdmitx: Fix event generation for S/PDIF mux (git-fixes). - asoc: meson: g12a-tohdmitx: Validate written enum values (git-fixes). - asoc: wm_adsp: fix memleak in wm_adsp_buffer_populate (git-fixes). - bitmap: unify find_bit operations (jsc#PED-7167). - block: fix revalidate performance regression (bsc#1216057). - bluetooth: Fix deadlock in vhci_send_frame (git-fixes). - bluetooth: L2CAP: Send reject on command corrupted request (git-fixes). - bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE (git-fixes). - bluetooth: btusb: Add new PID/VID 0489:e0f2 for MT7921 (bsc#1218461). - bluetooth: hci_event: Fix not checking if HCI_OP_INQUIRY has been sent (git-fixes). - bluetooth: hci_event: shut up a false-positive warning (git-fixes). - bluetooth: hci_qca: Fix the teardown problem for real (git-fixes). - bnxt: do not handle XDP in netpoll (jsc#PED-1495). - bnxt_en: Clear resource reservation during resume (jsc#PED-1495). - bnxt_en: Fix HWTSTAMP_FILTER_ALL packet timestamp logic (jsc#PED-1495). - bnxt_en: Fix max_mtu setting for multi-buf XDP (jsc#PED-1495). - bnxt_en: Fix page pool logic for page size >= 64K (jsc#PED-1495). - bnxt_en: Fix wrong return value check in bnxt_close_nic() (jsc#PED-1495). - bnxt_en: Flush XDP for bnxt_poll_nitroa0()'s NAPI (jsc#PED-1495). - bpf: Adjust insufficient default bpf_jit_limit (bsc#1218234 git-fixes). - bus: ti-sysc: Flush posted write only after srst_udelay (git-fixes). - ceph: fix incorrect revoked caps assert in ceph_fill_file_size() (bsc#1217980). - ceph: fix type promotion bug on 32bit systems (bsc#1217982). - cleanup: Make no_free_ptr() __must_check (jsc#PED-7167). - clocksource: Add a Kconfig option for WATCHDOG_MAX_SKEW (bsc#1215885 bsc#1217217). - clocksource: Enable TSC watchdog checking of HPET and PMTMR only when requested (bsc#1215885 bsc#1217217). - clocksource: Handle negative skews in "skew is too large" messages (bsc#1215885 bsc#1217217). - clocksource: Improve "skew is too large" messages (bsc#1215885 bsc#1217217). - clocksource: Improve read-back-delay message (bsc#1215885 bsc#1217217). - clocksource: Loosen clocksource watchdog constraints (bsc#1215885 bsc#1217217). - clocksource: Print clocksource name when clocksource is tested unstable (bsc#1215885 bsc#1217217). - clocksource: Verify HPET and PMTMR when TSC unverified (bsc#1215885 bsc#1217217). - configfs-tsm: Introduce a shared ABI for attestation reports (jsc#PED-7167). - crypto: ccp - Add SEV_INIT rc error logging on init (jsc#PED-7167). - crypto: ccp - Add SEV_INIT_EX support (jsc#PED-7167). - crypto: ccp - Add a header for multiple drivers to use `__psp_pa` (jsc#PED-7167). - crypto: ccp - Add a quirk to firmware update (jsc#PED-7167). - crypto: ccp - Add psp_init_on_probe module parameter (jsc#PED-7167). - crypto: ccp - Drop TEE support for IRQ handler (jsc#PED-7167). - crypto: ccp - Ensure psp_ret is always init'd in __sev_platform_init_locked() (jsc#PED-7167). - crypto: ccp - Fail the PSP initialization when writing psp data file failed (jsc#PED-7167). - crypto: ccp - Fix the INIT_EX data file open failure (jsc#PED-7167). - crypto: ccp - Fix whitespace in sev_cmd_buffer_len() (jsc#PED-7167). - crypto: ccp - Flush the SEV-ES TMR memory before giving it to firmware (jsc#PED-7167). - crypto: ccp - Initialize PSP when reading psp data file failed (jsc#PED-7167). - crypto: ccp - Log when resetting PSP SEV state (jsc#PED-7167). - crypto: ccp - Move SEV_INIT retry for corrupted data (jsc#PED-7167). - crypto: ccp - Move some PSP mailbox bit definitions into common header (jsc#PED-7167). - crypto: ccp - Name -1 return value as SEV_RET_NO_FW_CALL (jsc#PED-7167). - crypto: ccp - Refactor out sev_fw_alloc() (jsc#PED-7167). - crypto: ccp - remove unneeded semicolon (jsc#PED-7167). - crypto: ccp: Get rid of __sev_platform_init_locked()'s local function pointer (jsc#PED-7167). - dm verity: initialize fec io before freeing it (git-fixes). - dm-verity: do not use blocking calls from tasklets (git-fixes). - dm: add cond_resched() to dm_wq_requeue_work() (git-fixes). - dm: do not attempt to queue IO under RCU protection (git-fixes). - dm: fix __send_duplicate_bios() to always allow for splitting IO (bsc#1215952). - dm: fix improper splitting for abnormal bios (bsc#1215952). - dm: verity-loadpin: Add NULL pointer check for 'bdev' parameter (git-fixes). - dm_blk_ioctl: implement path failover for SG_IO (bsc#1183045, bsc#1216776). - dmaengine: ioat: Free up __cleanup() name (jsc#PED-7167). - doc/README.SUSE: Add how to update the config for module signing (jsc#PED-5021) - doc/README.SUSE: Remove how to build modules using kernel-source (jsc#PED-5021) - doc/README.SUSE: Simplify the list of references (jsc#PED-5021) - drm/amd/amdgpu: Fix warnings in amdgpu/amdgpu_display.c (git-fixes). - drm/amdgpu/sdma5.2: add begin/end_use ring callbacks (bsc#1212139). - drm/amdgpu: Add EEPROM I2C address support for ip discovery (git-fixes). - drm/amdgpu: Add I2C EEPROM support on smu v13_0_6 (git-fixes). - drm/amdgpu: Add support for RAS table at 0x40000 (git-fixes). - drm/amdgpu: Decouple RAS EEPROM addresses from chips (git-fixes). - drm/amdgpu: Remove redundant I2C EEPROM address (git-fixes). - drm/amdgpu: Remove second moot switch to set EEPROM I2C address (git-fixes). - drm/amdgpu: Return from switch early for EEPROM I2C address (git-fixes). - drm/amdgpu: Update EEPROM I2C address for smu v13_0_0 (git-fixes). - drm/amdgpu: Update ras eeprom support for smu v13_0_0 and v13_0_10 (git-fixes). - drm/amdgpu: correct chunk_ptr to a pointer to chunk (git-fixes). - drm/amdgpu: correct the amdgpu runtime dereference usage count (git-fixes). - drm/amdgpu: fix tear down order in amdgpu_vm_pt_free (git-fixes). - drm/amdgpu: simplify amdgpu_ras_eeprom.c (git-fixes). - drm/bridge: parade-ps8640: Never store more than msg->size bytes in AUX xfer (git-fixes). - drm/bridge: ps8640: Fix size mismatch warning w/ len (git-fixes). - drm/bridge: tc358768: select CONFIG_VIDEOMODE_HELPERS (git-fixes). - drm/bridge: ti-sn65dsi86: Never store more than msg->size bytes in AUX xfer (git-fixes). - drm/i915/display: Drop check for doublescan mode in modevalid (git-fixes). - drm/i915/dp: Fix passing the correct DPCD_REV for drm_dp_set_phy_test_pattern (git-fixes). - drm/i915/dpt: Only do the POT stride remap when using DPT (git-fixes). - drm/i915/lvds: Use REG_BIT() & co (git-fixes). - drm/i915/mtl: limit second scaler vertical scaling in ver >= 14 (git-fixes). - drm/i915/sdvo: stop caching has_hdmi_monitor in struct intel_sdvo (git-fixes). - drm/i915: Fix intel_atomic_setup_scalers() plane_state handling (git-fixes). - drm/i915: Fix remapped stride with CCS on ADL+ (git-fixes). - drm/i915: Reject async flips with bigjoiner (git-fixes). - drm/i915: Relocate intel_atomic_setup_scalers() (git-fixes). - drm/i915: fix MAX_ORDER usage in i915_gem_object_get_pages_internal() (jsc#PED-7167). - drm/mediatek: Add spinlock for setting vblank event in atomic_begin (git-fixes). - drm/mgag200: Fix gamma lut not initialized for G200ER, G200EV, G200SE (git-fixes). - efi/libstub: Implement support for unaccepted memory (jsc#PED-7167). - efi/unaccepted: Avoid load_unaligned_zeropad() stepping into unaccepted memory (jsc#PED-7167). - efi/unaccepted: Fix off-by-one when checking for overlapping ranges (jsc#PED-7167). - efi/unaccepted: Fix soft lockups caused by parallel memory acceptance (jsc#PED-7167). - efi/unaccepted: Make sure unaccepted table is mapped (jsc#PED-7167). - efi/unaccepted: Use ACPI reclaim memory for unaccepted memory table (jsc#PED-7167). - efi/x86: Get full memory map in allocate_e820() (jsc#PED-7167). - efi: Add unaccepted memory support (jsc#PED-7167). - efi: libstub: avoid efi_get_memory_map() for allocating the virt map (jsc#PED-7167). - efi: libstub: install boot-time memory map as config table (jsc#PED-7167). - efi: libstub: remove DT dependency from generic stub (jsc#PED-7167). - efi: libstub: remove pointless goto kludge (jsc#PED-7167). - efi: libstub: simplify efi_get_memory_map() and struct efi_boot_memmap (jsc#PED-7167). - efi: libstub: unify initrd loading between architectures (jsc#PED-7167). - floppy: fix MAX_ORDER usage (jsc#PED-7167). - fprobe: Fix to ensure the number of active retprobes is not zero (git-fixes). - fs/jfs: Add check for negative db_l2nbperpage (git-fixes). - fs/jfs: Add validity check for db_maxag and db_agpref (git-fixes). - fs/jfs: prevent double-free in dbUnmount() after failed jfs_remount() (git-fixes). - fs/remap: constrain dedupe of EOF blocks (git-fixes). - fs: avoid empty option when generating legacy mount string (git-fixes). - fs: fix an infinite loop in iomap_fiemap (git-fixes). - fs: ocfs2: namei: check return value of ocfs2_add_entry() (git-fixes). - genwqe: fix MAX_ORDER usage (jsc#PED-7167). - gfs2: Add wrapper for iomap_file_buffered_write (git-fixes). - gfs2: Check sb_bsize_shift after reading superblock (git-fixes). - gfs2: Clean up function may_grant (git-fixes). - gfs2: Fix filesystem block deallocation for short writes (git-fixes). - gfs2: Fix gfs2_release for non-writers regression (git-fixes). - gfs2: Fix inode height consistency check (git-fixes). - gfs2: Fix length of holes reported at end-of-file (git-fixes). - gfs2: Fix possible data races in gfs2_show_options() (git-fixes). - gfs2: Improve gfs2_make_fs_rw error handling (git-fixes). - gfs2: Make sure FITRIM minlen is rounded up to fs block size (git-fixes). - gfs2: Silence "suspicious RCU usage in gfs2_permission" warning (git-fixes). - gfs2: Switch from strlcpy to strscpy (git-fixes). - gfs2: fix an oops in gfs2_permission (git-fixes). - gfs2: gfs2_setattr_size error path fix (git-fixes). - gfs2: ignore negated quota changes (git-fixes). - gfs2: jdata writepage fix (git-fixes). - gfs2: use i_lock spin_lock for inode qadata (git-fixes). - gpiolib: sysfs: Fix error handling on failed export (git-fixes). - gve: Fixes for napi_poll when budget is 0 (git-fixes). - gve: Use size_add() in call to struct_size() (git-fixes). - hid: add ALWAYS_POLL quirk for Apple kb (git-fixes). - hid: glorious: fix Glorious Model I HID report (git-fixes). - hid: hid-asus: add const to read-only outgoing usb buffer (git-fixes). - hid: hid-asus: reset the backlight brightness level on resume (git-fixes). - hid: lenovo: Restrict detection of patched firmware only to USB cptkbd (git-fixes). - hid: multitouch: Add quirk for HONOR GLO-GXXX touchpad (git-fixes). - hwmon: (acpi_power_meter) Fix 4.29 MW bug (git-fixes). - hwmon: (nzxt-kraken2) Fix error handling path in kraken2_probe() (git-fixes). - i2c: aspeed: Handle the coalesced stop conditions with the start conditions (git-fixes). - i2c: core: Fix atomic xfer check for non-preempt config (git-fixes). - i2c: designware: Fix corrupted memory seen in the ISR (git-fixes). - i40e: Fix I40E_FLAG_VF_VLAN_PRUNING value (jsc#PED-372). - i40e: Fix VF VLAN offloading when port VLAN is configured (jsc#PED-372). - i40e: Fix unexpected MFS warning message (jsc#PED-372). - i40e: Fix wrong check for I40E_TXR_FLAGS_WB_ON_ITR (jsc#PED-372). - i40e: fix misleading debug logs (jsc#PED-372). - i40e: fix potential NULL pointer dereferencing of pf->vf i40e_sync_vsi_filters() (jsc#PED-372). - i40e: fix potential memory leaks in i40e_remove() (jsc#PED-372). - i40e: prevent crash on probe if hw registers have invalid values (jsc#PED-372). - ib/mlx5: Fix init stage error handling to avoid double free of same QP and UAF (git-fixes) - ib/mlx5: Fix rdma counter binding for RAW QP (git-fixes) - igb: Avoid starting unnecessary workqueues (jsc#PED-370). - igb: Change IGB_MIN to allow set rx/tx value between 64 and 80 (jsc#PED-370). - igb: Fix potential memory leak in igb_add_ethtool_nfc_entry (jsc#PED-370). - igb: clean up in all error paths when enabling SR-IOV (jsc#PED-370). - igb: disable virtualization features on 82580 (jsc#PED-370). - igbvf: Change IGBVF_MIN to allow set rx/tx value between 64 and 80 (jsc#PED-370). - igc: Change IGC_MIN to allow set rx/tx value between 64 and 80 (jsc#PED-375). - igc: Expose tx-usecs coalesce setting to user (jsc#PED-375). - igc: Fix ambiguity in the ethtool advertising (jsc#PED-375). - igc: Fix infinite initialization loop with early XDP redirect (jsc#PED-375). - igc: Fix the typo in the PTM Control macro (jsc#PED-375). - iio: adc: ti_am335x_adc: Fix return value check of tiadc_request_dma() (git-fixes). - iio: common: ms_sensors: ms_sensors_i2c: fix humidity conversion time table (git-fixes). - iio: imu: inv_mpu6050: fix an error code problem in inv_mpu6050_read_raw (git-fixes). - iio: triggered-buffer: prevent possible freeing of wrong buffer (git-fixes). - input: i8042 - add quirk for TUXEDO Gemini 17 Gen1/Clevo PD70PN (git-fixes). - input: ipaq-micro-keys - add error handling for devm_kmemdup (git-fixes). - input: soc_button_array - add mapping for airplane mode button (git-fixes). - input: xpad - add HyperX Clutch Gladiate Support (git-fixes). - interconnect: Treat xlate() returning NULL node as an error (git-fixes). - iomap: Fix iomap_dio_rw return value for user copies (git-fixes). - iommu: fix MAX_ORDER usage in __iommu_dma_alloc_pages() (jsc#PED-7167). - iov_iter, x86: Be consistent about the __user tag on copy_mc_to_user() (git-fixes). - jfs: fix array-index-out-of-bounds in dbFindLeaf (git-fixes). - jfs: fix array-index-out-of-bounds in diAlloc (git-fixes). - jfs: fix invalid free of JFS_IP(ipimap)->i_imap in diUnmount (git-fixes). - jfs: validate max amount of blocks before allocation (git-fixes). - kABI: Preserve the type of rethook::handler (git-fixes). - kABI: restore void return to typec_altmode_attention (git-fixes). - kabi/severities: ignore kABI for asus-wmi drivers Tolerate the kABI changes, as used only locally for asus-wmi stuff - kabi/severities: make snp_issue_guest_request PASS (jsc#PED-7167) - kabi: fix of_reserved_mem_* due to struct vm_struct became defined (jsc#PED-7167). - kabi: fix sev-dev due to fs_struct became defined (jsc#PED-7167). - kabi: fix struct efi after adding unaccepted memory table (jsc#PED-7167). - kabi: fix struct zone kabi after adding unaccepted_pages and NR_UNACCEPTED (jsc#PED-7167). - kbuild: Drop -Wdeclaration-after-statement (jsc#PED-7167). - kconfig: fix memory leak from range properties (git-fixes). - kprobes: consistent rcu api usage for kretprobe holder (git-fixes). - kvm: arm64: Prevent kmemleak from accessing pKVM memory (jsc#PED-7167). - kvm: s390/mm: Properly reset no-dat (git-fixes bsc#1218056). - kvm: s390: vsie: fix wrong VIR 37 when MSO is used (git-fixes bsc#1217933). - lib/vsprintf: Fix %pfwf when current node refcount == 0 (git-fixes). - libceph: use kernel_connect() (bsc#1217981). - locking: Introduce __cleanup() based infrastructure (jsc#PED-7167). - locks: fix KASAN: use-after-free in trace_event_raw_event_filelock_lock (git-fixes). - md/bitmap: do not set max_write_behind if there is no write mostly device (git-fixes). - md/md-bitmap: hold 'reconfig_mutex' in backlog_store() (git-fixes). - md/md-bitmap: remove unnecessary local variable in backlog_store() (git-fixes). - md/raid0: add discard support for the 'original' layout (git-fixes). - md/raid10: do not call bio_start_io_acct twice for bio which experienced read error (git-fixes). - md/raid10: factor out code from wait_barrier() to stop_waiting_barrier() (git-fixes). - md/raid10: factor out dereference_rdev_and_rrdev() (git-fixes). - md/raid10: fix io loss while replacement replace rdev (git-fixes). - md/raid10: fix leak of 'r10bio->remaining' for recovery (git-fixes). - md/raid10: fix memleak for 'conf->bio_split' (git-fixes). - md/raid10: fix memleak of md thread (git-fixes). - md/raid10: fix null-ptr-deref in raid10_sync_request (git-fixes). - md/raid10: fix null-ptr-deref of mreplace in raid10_sync_request (git-fixes). - md/raid10: fix overflow of md/safe_mode_delay (git-fixes). - md/raid10: fix task hung in raid10d (git-fixes). - md/raid10: fix the condition to call bio_end_io_acct() (git-fixes). - md/raid10: fix wrong setting of max_corr_read_errors (git-fixes). - md/raid10: prevent soft lockup while flush writes (git-fixes). - md/raid10: use dereference_rdev_and_rrdev() to get devices (git-fixes). - md/raid1: fix error: ISO C90 forbids mixed declarations (git-fixes). - md/raid1: free the r1bio before waiting for blocked rdev (git-fixes). - md/raid1: hold the barrier until handle_read_error() finishes (git-fixes). - md/raid5-cache: fix a deadlock in r5l_exit_log() (git-fixes). - md/raid5-cache: fix null-ptr-deref for r5l_flush_stripe_to_raid() (git-fixes). - md/raid5: fix miscalculation of 'end_sector' in raid5_read_one_chunk() (git-fixes). - md: Put the right device in md_seq_next (bsc#1217822). - md: Set MD_BROKEN for RAID1 and RAID10 (git-fixes). - md: avoid signed overflow in slot_store() (git-fixes). - md: do not update recovery_cp when curr_resync is ACTIVE (git-fixes). - md: drop queue limitation for RAID1 and RAID10 (git-fixes). - md: raid0: account for split bio in iostat accounting (git-fixes). - md: raid10 add nowait support (git-fixes). - md: raid1: fix potential OOB in raid1_remove_disk() (git-fixes). - md: restore 'noio_flag' for the last mddev_resume() (git-fixes). - md: select BLOCK_LEGACY_AUTOLOAD (git-fixes). - memblock: exclude MEMBLOCK_NOMAP regions from kmemleak (jsc#PED-7167). - memblock: make memblock_find_in_range method private (jsc#PED-7167). - misc: mei: client.c: fix problem of return '-EOVERFLOW' in mei_cl_write (git-fixes). - misc: mei: client.c: return negative error code in mei_cl_write (git-fixes). - mkspec: Add multibuild support (JSC-SLE#5501, boo#1211226, bsc#1218184) When MULTIBUILD option in config.sh is enabled generate a _multibuild file listing all spec files. - mm/page_alloc: make deferred page init free pages in MAX_ORDER blocks (jsc#PED-7167). - mm/pgtable: Fix multiple -Wstringop-overflow warnings (jsc#PED-7167). - mm/slab: Add __free() support for kvfree (jsc#PED-7167). - mm/slub: fix MAX_ORDER usage in calculate_order() (jsc#PED-7167). - mm: Add PAGE_ALIGN_DOWN macro (jsc#PED-7167). - mm: Add support for unaccepted memory (jsc#PED-7167). - mm: add pageblock_align() macro (jsc#PED-7167). - mm: add pageblock_aligned() macro (jsc#PED-7167). - mm: avoid passing 0 to __ffs() (jsc#PED-7167). - mm: kmem: drop __GFP_NOFAIL when allocating objcg vectors (bsc#1218515). - mm: move kvmalloc-related functions to slab.h (jsc#PED-7167). - mm: new primitive kvmemdup() (jsc#PED-7167). - mm: reuse pageblock_start/end_pfn() macro (jsc#PED-7167). - mmc: meson-mx-sdhc: Fix initialization frozen issue (git-fixes). - mmc: rpmb: fixes pause retune on all RPMB partitions (git-fixes). - mmc: sdhci-sprd: Fix eMMC init failure after hw reset (git-fixes). - neighbor: tracing: Move pin6 inside CONFIG_IPV6=y section (git-fixes). - net/rose: Fix Use-After-Free in rose_ioctl (git-fixes). - net/smc: Fix pos miscalculation in statistics (bsc#1218139). - net/tg3: fix race condition in tg3_reset_task() (bsc#1217801). - net: 9p: avoid freeing uninit memory in p9pdu_vreadf (git-fixes). - net: bnxt: fix a potential use-after-free in bnxt_init_tc (jsc#PED-1495). - net: ena: Destroy correct number of xdp queues upon failure (git-fixes). - net: ena: Fix XDP redirection error (git-fixes). - net: ena: Fix xdp drops handling due to multibuf packets (git-fixes). - net: ena: Flush XDP packets on error (git-fixes). - net: mana: select PAGE_POOL (git-fixes). - net: rfkill: gpio: set GPIO direction (git-fixes). - net: usb: ax88179_178a: avoid failed operations when device is disconnected (git-fixes). - net: usb: ax88179_178a: clean up pm calls (git-fixes). - net: usb: ax88179_178a: wol optimizations (git-fixes). - net: usb: qmi_wwan: claim interface 4 for ZTE MF290 (git-fixes). - nfc: llcp_core: Hold a ref to llcp_local->dev when holding a ref to llcp_local (git-fixes). - nfs: Fix O_DIRECT locking issues (bsc#1211162). - nfs: Fix a few more clear_bit() instances that need release semantics (bsc#1211162). - nfs: Fix a potential data corruption (bsc#1211162). - nfs: Fix a use after free in nfs_direct_join_group() (bsc#1211162). - nfs: Fix error handling for O_DIRECT write scheduling (bsc#1211162). - nfs: More O_DIRECT accounting fixes for error paths (bsc#1211162). - nfs: More fixes for nfs_direct_write_reschedule_io() (bsc#1211162). - nfs: Use the correct commit info in nfs_join_page_group() (bsc#1211162). - nfs: only issue commit in DIO codepath if we have uncommitted data (bsc#1211162). - nilfs2: fix missing error check for sb_set_blocksize call (git-fixes). - nilfs2: prevent WARNING in nilfs_sufile_set_segment_usage() (git-fixes). - nlm: Defend against file_lock changes after vfs_test_lock() (bsc#1217692). - null_blk: fix poll request timeout handling (git-fixes). - nvme-core: check for too small lba shift (bsc#1214117). - nvme-pci: Add sleep quirk for Kingston drives (git-fixes). - nvme-pci: always return an ERR_PTR from nvme_pci_alloc_dev (git-fixes). - nvme-pci: do not set the NUMA node of device if it has none (git-fixes). - nvme-pci: factor out a nvme_pci_alloc_dev helper (git-fixes). - nvme-rdma: do not try to stop unallocated queues (git-fixes). - nvme: sanitize metadata bounce buffer for reads (git-fixes). - nvmet-auth: complete a request only after freeing the dhchap pointers (git-fixes). - of: reserved_mem: Have kmemleak ignore dynamically allocated reserved mem (jsc#PED-7167). - orangefs: Fix kmemleak in orangefs_prepare_debugfs_help_string() (git-fixes). - orangefs: Fix kmemleak in orangefs_{kernel,client}_debug_init() (git-fixes). - orangefs: Fix sysfs not cleanup when dev init failed (git-fixes). - orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc() (git-fixes). - padata: Fix refcnt handling in padata_free_shell() (git-fixes). - parport: Add support for Brainboxes IX/UC/PX parallel cards (git-fixes). - pci: loongson: Limit MRRS to 256 (git-fixes). - perf/core: fix MAX_ORDER usage in rb_alloc_aux_page() (jsc#PED-7167). - pinctrl: at91-pio4: use dedicated lock class for IRQ (git-fixes). - platform/surface: aggregator: fix recv_buf() return value (git-fixes). - platform/x86: asus-wmi: Add support for ROG X13 tablet mode (git-fixes). - platform/x86: asus-wmi: Adjust tablet/lidflip handling to use enum (git-fixes). - platform/x86: asus-wmi: Fix kbd_dock_devid tablet-switch reporting (git-fixes). - platform/x86: asus-wmi: Move i8042 filter install to shared asus-wmi code (git-fixes). - platform/x86: asus-wmi: Simplify tablet-mode-switch handling (git-fixes). - platform/x86: asus-wmi: Simplify tablet-mode-switch probing (git-fixes). - platform/x86: wmi: Allow duplicate GUIDs for drivers that use struct wmi_driver (git-fixes). - platform/x86: wmi: Skip blocks with zero instances (git-fixes). - powerpc/pseries/vas: Migration suspend waits for no in-progress open windows (bsc#1218397 ltc#204523). - qed/red_ll2: Fix undefined behavior bug in struct qed_ll2_info (jsc#PED-1526). - qed: Fix a potential use-after-free in qed_cxt_tables_alloc (jsc#PED-1526). - qed: fix LL2 RX buffer allocation (jsc#PED-1526). - qede: fix firmware halt over suspend and resume (jsc#PED-1526). - qla2xxx: add debug log for deprecated hw detected (bsc#1216032). - r8152: Add RTL8152_INACCESSIBLE checks to more loops (git-fixes). - r8152: Add RTL8152_INACCESSIBLE to r8153_aldps_en() (git-fixes). - r8152: Add RTL8152_INACCESSIBLE to r8153_pre_firmware_1() (git-fixes). - r8152: Add RTL8152_INACCESSIBLE to r8156b_wait_loading_flash() (git-fixes). - r8152: Rename RTL8152_UNPLUG to RTL8152_INACCESSIBLE (git-fixes). - r8169: Fix PCI error on system resume (git-fixes). - rdma/bnxt_re: Correct module description string (jsc#PED-1495). - rdma/core: Use size_{add,sub,mul}() in calls to struct_size() (git-fixes) - rdma/hfi1: Use FIELD_GET() to extract Link Width (git-fixes) - rdma/hfi1: Workaround truncation compilation error (git-fixes) - rdma/hns: Add check for SL (git-fixes) - rdma/hns: Fix printing level of asynchronous events (git-fixes) - rdma/hns: Fix signed-unsigned mixed comparisons (git-fixes) - rdma/hns: Fix uninitialized ucmd in hns_roce_create_qp_common() (git-fixes) - rdma/hns: The UD mode can only be configured with DCQCN (git-fixes) - regmap: fix bogus error on regcache_sync success (git-fixes). - reiserfs: Check the return value from __getblk() (git-fixes). - reiserfs: Replace 1-element array with C99 style flex-array (git-fixes). - remove unnecessary WARN_ON_ONCE() (bsc#1214823 bsc#1218569). - reset: Fix crash when freeing non-existent optional resets (git-fixes). - restore renamed device IDs for USB HID devices (git-fixes). - rethook: Fix to use WRITE_ONCE() for rethook:: Handler (git-fixes). - rethook: Use __rcu pointer for rethook::handler (git-fixes). - ring-buffer: Do not try to put back write_stamp (git-fixes). - ring-buffer: Do not update before stamp when switching sub-buffers (git-fixes). - ring-buffer: Fix a race in rb_time_cmpxchg() for 32 bit archs (git-fixes). - ring-buffer: Fix memory leak of free page (git-fixes). - ring-buffer: Fix slowpath of interrupted event (git-fixes). - ring-buffer: Fix wake ups when buffer_percent is set to 100 (git-fixes). - ring-buffer: Fix writing to the buffer with max_data_size (git-fixes). - ring-buffer: Force absolute timestamp on discard of event (git-fixes). - ring-buffer: Have saved event hold the entire event (git-fixes). - ring-buffer: Remove useless update to write_stamp in rb_try_to_discard() (git-fixes). - s390/vx: fix save/restore of fpu kernel context (git-fixes bsc#1218357). - scsi: lpfc: use unsigned type for num_sge (bsc#1214747). - serial: 8250: 8250_omap: Clear UART_HAS_RHR_IT_DIS bit (git-fixes). - serial: 8250: 8250_omap: Do not start RX DMA on THRI interrupt (git-fixes). - serial: sc16is7xx: address RX timeout interrupt errata (git-fixes). - soundwire: stream: fix NULL pointer dereference for multi_link (git-fixes). - spi: atmel: Fix clock issue when using devices with different polarities (git-fixes). - statfs: enforce statfs[64] structure initialization (git-fixes). - supported.conf: add drivers/virt/coco/tsm (jsc#PED-7167) - swiotlb: always set the number of areas before allocating the pool (git-fixes). - swiotlb: do not panic! (git-fixes). - swiotlb: fix a braino in the alignment check fix (bsc#1216559). - swiotlb: fix debugfs reporting of reserved memory pools (git-fixes). - swiotlb: fix slot alignment checks (bsc#1216559). - swiotlb: fix the deadlock in swiotlb_do_find_slots (git-fixes). - swiotlb: mark swiotlb_memblock_alloc() as __init (git-fixes). - swiotlb: reduce the number of areas to match actual memory pool size (git-fixes). - swiotlb: reduce the swiotlb buffer size on allocation failure (git-fixes). - swiotlb: use the calculated number of areas (git-fixes). - tracing / synthetic: Disable events after testing in synth_event_gen_test_init() (git-fixes). - tracing/kprobes: Fix the description of variable length arguments (git-fixes). - tracing/kprobes: Fix the order of argument descriptions (git-fixes). - tracing/perf: Add interrupt_context_level() helper (git-fixes). - tracing/synthetic: fix kernel-doc warnings (git-fixes). - tracing: Always update snapshot buffer size (git-fixes). - tracing: Disable preemption when using the filter buffer (bsc#1217036). - tracing: Disable snapshot buffer when stopping instance tracers (git-fixes). - tracing: Fix a possible race when disabling buffered events (bsc#1217036). - tracing: Fix a warning when allocating buffered events fails (bsc#1217036). - tracing: Fix blocked reader of snapshot buffer (git-fixes). - tracing: Fix incomplete locking when disabling buffered events (bsc#1217036). - tracing: Fix warning in trace_buffered_event_disable() (git-fixes, bsc#1217036). - tracing: Have the user copy of synthetic event address use correct context (git-fixes). - tracing: Reuse logic from perf's get_recursion_context() (git-fixes). - tracing: Set actual size after ring buffer resize (git-fixes). - tracing: Stop current tracer when resizing buffer (git-fixes). - tracing: Update snapshot buffer on resize if it is allocated (git-fixes). - tracing: Use __this_cpu_read() in trace_event_buffer_lock_reserver() (bsc#1217036). - tracing: relax trace_event_eval_update() execution with cond_resched() (git-fixes). - uapi: propagate __struct_group() attributes to the container union (jsc#SLE-18978). - ubifs: Fix memory leak of bud->log_hash (git-fixes). - ubifs: fix possible dereference after free (git-fixes). - usb-storage: Add quirk for incorrect WP on Kingston DT Ultimate 3.0 G3 (git-fixes). - usb: aqc111: check packet for fixup for true limit (git-fixes). - usb: config: fix iteration issue in 'usb_get_bos_descriptor()' (git-fixes). - usb: host: xhci-plat: fix possible kernel oops while resuming (git-fixes). - usb: hub: Guard against accesses to uninitialized BOS descriptors (git-fixes). - usb: serial: ftdi_sio: update Actisense PIDs constant names (git-fixes). - usb: serial: option: add Foxconn T99W265 with new baseline (git-fixes). - usb: serial: option: add Quectel EG912Y module support (git-fixes). - usb: serial: option: add Quectel RM500Q R13 firmware support (git-fixes). - usb: typec: bus: verify partner exists in typec_altmode_attention (git-fixes). - usb: typec: class: fix typec_altmode_put_partner to put plugs (git-fixes). - usb: typec: ucsi: acpi: add quirk for ASUS Zenbook UM325 (git-fixes). - virt/coco/sev-guest: Double-buffer messages (jsc#PED-7167). - virt: coco: Add a coco/Makefile and coco/Kconfig (jsc#PED-7167). - virt: sevguest: Add TSM_REPORTS support for SNP_GET_EXT_REPORT (jsc#PED-7167). - virt: sevguest: Fix passing a stack buffer as a scatterlist target (jsc#PED-7167). - virt: sevguest: Prep for kernel internal get_ext_report() (jsc#PED-7167). - virt: tdx-guest: Add Quote generation support using TSM_REPORTS (jsc#PED-7167). - vsprintf/kallsyms: Prevent invalid data when printing symbol (bsc#1217602). - wifi: cfg80211: Add my certificate (git-fixes). - wifi: cfg80211: fix certs build to not depend on file order (git-fixes). - wifi: iwlwifi: pcie: add another missing bh-disable for rxq->lock (git-fixes). - wifi: iwlwifi: pcie: do not synchronize IRQs from IRQ (git-fixes). - wifi: mac80211: mesh: check element parsing succeeded (git-fixes). - wifi: mac80211: mesh_plink: fix matches_local logic (git-fixes). - x86/CPU/AMD: Check vendor in the AMD microcode callback (git-fixes). - x86/alternatives: Disable KASAN in apply_alternatives() (git-fixes). - x86/alternatives: Disable interrupts and sync when optimizing NOPs in place (git-fixes). - x86/alternatives: Sync core before enabling interrupts (git-fixes). - x86/boot/compressed: Handle unaccepted memory (jsc#PED-7167). - x86/boot/compressed: Reserve more memory for page tables (git-fixes). - x86/boot: Add an efi.h header for the decompressor (jsc#PED-7167). - x86/boot: Centralize __pa()/__va() definitions (jsc#PED-7167). - x86/boot: Fix incorrect startup_gdt_descr.size (git-fixes). - x86/cpu/amd: Enable Zenbleed fix for AMD Custom APU 0405 (git-fixes). - x86/cpu: Do not write CSTAR MSR on Intel CPUs (jsc#PED-7167). - x86/cpu: Fix amd_check_microcode() declaration (git-fixes). - x86/efi: Safely enable unaccepted memory in UEFI (jsc#PED-7167). - x86/entry: Convert INT 0x80 emulation to IDTENTRY (bsc#1217927). - x86/entry: Do not allow external 0x80 interrupts (bsc#1217927). - x86/fpu/xstate: Prevent false-positive warning in __copy_xstate_uabi_buf() (git-fixes). - x86/fpu: Invalidate FPU state correctly on exec() (git-fixes). - x86/platform/uv: Use alternate source for socket to node data (bsc#1215696 bsc#1217790). - x86/purgatory: Remove LTO flags (git-fixes). - x86/resctrl: Fix kernel-doc warnings (git-fixes). - x86/sev-es: Replace open-coded hlt-loop with sev_es_terminate() (jsc#PED-7167). - x86/sev-es: Use insn_decode_mmio() for MMIO implementation (jsc#PED-7167). - x86/sev: Add SNP-specific unaccepted memory support (jsc#PED-7167). - x86/sev: Allow for use of the early boot GHCB for PSC requests (jsc#PED-7167). - x86/sev: Change npages to unsigned long in snp_accept_memory() (jsc#PED-7167). - x86/sev: Change snp_guest_issue_request()'s fw_err argument (jsc#PED-7167). - x86/sev: Fix address space sparse warning (jsc#PED-7167). - x86/sev: Get rid of special sev_es_enable_key (jsc#PED-7167). - x86/sev: Mark snp_abort() noreturn (jsc#PED-7167). - x86/sev: Put PSC struct on the stack in prep for unaccepted memory support (jsc#PED-7167). - x86/sev: Use large PSC requests if applicable (jsc#PED-7167). - x86/smp: Use dedicated cache-line for mwait_play_dead() (git-fixes). - x86/srso: Add SRSO mitigation for Hygon processors (git-fixes). - x86/srso: Fix SBPB enablement for (possible) future fixed HW (git-fixes). - x86/srso: Fix vulnerability reporting for missing microcode (git-fixes). - x86/tdx: Add unaccepted memory support (jsc#PED-7167). - x86/tdx: Disable NOTIFY_ENABLES (jsc#PED-7167). - x86/tdx: Make _tdx_hypercall() and __tdx_module_call() available in boot stub (jsc#PED-7167). - x86/tdx: Refactor try_accept_one() (jsc#PED-7167). - x86/tdx: Relax SEPT_VE_DISABLE check for debug TD (jsc#PED-7167). - x86/tdx: Use ReportFatalError to report missing SEPT_VE_DISABLE (jsc#PED-7167). - x86/tsc: Add option to force frequency recalibration with HW timer (bsc#1215885 bsc#1217217). - x86/tsc: Be consistent about use_tsc_delay() (bsc#1215885 bsc#1217217). - x86/tsc: Extend watchdog check exemption to 4-Sockets platform (bsc#1215885 bsc#1217217). - x86/unwind/orc: Unwind ftrace trampolines with correct ORC entry (git-fixes). - xfs: Rename __xfs_attr_rmtval_remove (git-fixes). - xfs: Use kvcalloc() instead of kvzalloc() (git-fixes). - xfs: aborting inodes on shutdown may need buffer lock (git-fixes). - xfs: add selinux labels to whiteout inodes (git-fixes). - xfs: clean up "%Ld/%Lu" which does not meet C standard (git-fixes). - xfs: convert flex-array declarations in struct xfs_attrlist* (git-fixes). - xfs: convert flex-array declarations in xfs attr leaf blocks (git-fixes). - xfs: convert flex-array declarations in xfs attr shortform objects (git-fixes). - xfs: decode scrub flags in ftrace output (git-fixes). - xfs: dump log intent items that cannot be recovered due to corruption (git-fixes). - xfs: fix a bug in the online fsck directory leaf1 bestcount check (git-fixes). - xfs: fix agf_fllast when repairing an empty AGFL (git-fixes). - xfs: fix incorrect unit conversion in scrub tracepoint (git-fixes). - xfs: fix silly whitespace problems with kernel libxfs (git-fixes). - xfs: fix uninit warning in xfs_growfs_data (git-fixes). - xfs: fix units conversion error in xfs_bmap_del_extent_delay (git-fixes). - xfs: make sure maxlen is still congruent with prod when rounding down (git-fixes). - xfs: remove kmem_alloc_io() (git-fixes). - xfs: remove the xfs_dinode_t typedef (git-fixes). - xfs: remove the xfs_dqblk_t typedef (git-fixes). - xfs: remove the xfs_dsb_t typedef (git-fixes). - xfs: rename xfs_has_attr() (git-fixes). - xfs: replace snprintf in show functions with sysfs_emit (git-fixes). - xfs: return EINTR when a fatal signal terminates scrub (git-fixes). - xfs: sb verifier does not handle uncached sb buffer (git-fixes). - xfs: simplify two-level sysctl registration for xfs_table (git-fixes). - xfs: sysfs: use default_groups in kobj_type (git-fixes). - xfs: use swap() to make dabtree code cleaner (git-fixes). - xhci: Clear EHB bit only at end of interrupt handler (git-fixes). kernel-default-5.14.21-150500.55.44.1.nosrc.rpm True kernel-default-5.14.21-150500.55.44.1.x86_64.rpm True kernel-default-base-5.14.21-150500.55.44.1.150500.6.19.2.src.rpm True kernel-default-base-5.14.21-150500.55.44.1.150500.6.19.2.x86_64.rpm True kernel-default-5.14.21-150500.55.44.1.s390x.rpm True kernel-default-5.14.21-150500.55.44.1.aarch64.rpm True kernel-default-base-5.14.21-150500.55.44.1.150500.6.19.2.aarch64.rpm True openSUSE-Leap-Micro-5.5-2024-140 important SUSE Updates openSUSE-Leap-Micro 5.5 This update for libssh fixes the following issues: Security fixes: - CVE-2023-6004: Fixed command injection using proxycommand (bsc#1218209) - CVE-2023-48795: Fixed potential downgrade attack using strict kex (bsc#1218126) - CVE-2023-6918: Fixed missing checks for return values of MD functions (bsc#1218186) - CVE-2023-1667: Fixed NULL dereference during rekeying with algorithm guessing (bsc#1211188) - CVE-2023-2283: Fixed possible authorization bypass in pki_verify_data_signature under low-memory conditions (bsc#1211190) Other fixes: - Update to version 0.9.8 - Allow @ in usernames when parsing from URI composes - Update to version 0.9.7 - Fix several memory leaks in GSSAPI handling code libssh-0.9.8-150400.3.3.1.src.rpm libssh-config-0.9.8-150400.3.3.1.x86_64.rpm libssh4-0.9.8-150400.3.3.1.x86_64.rpm libssh-config-0.9.8-150400.3.3.1.s390x.rpm libssh4-0.9.8-150400.3.3.1.s390x.rpm libssh-config-0.9.8-150400.3.3.1.aarch64.rpm libssh4-0.9.8-150400.3.3.1.aarch64.rpm openSUSE-Leap-Micro-5.5-2024-115 important SUSE Updates openSUSE-Leap-Micro 5.5 The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218447). - CVE-2023-6610: Fixed an out of bounds read in the SMB client when printing debug information (bsc#1217946). - CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race condition in bt_sock_recvmsg (bsc#1218559). - CVE-2020-26555: Fixed Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B that may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN (bsc#1179610 bsc#1215237). - CVE-2023-6606: Fixed an out of bounds read in the SMB client when receiving a malformed length from a server (bsc#1217947). - CVE-2023-6546: Fixed a race condition in the GSM 0710 tty multiplexor via the GSMIOC_SETCONF ioctl that could lead to local privilege escalation (bsc#1218335). - CVE-2023-6931: Fixed a heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component that could lead to local privilege escalation. (bsc#1218258). - CVE-2023-6932: Fixed a use-after-free vulnerability in the Linux kernel's ipv4: igmp component that could lead to local privilege escalation (bsc#1218253). - CVE-2023-6622: Fixed a null pointer dereference vulnerability in nft_dynset_init() that could allow a local attacker with CAP_NET_ADMIN user privilege to trigger a denial of service (bsc#1217938). - CVE-2023-6121: Fixed an out-of-bounds read vulnerability in the NVMe-oF/TCP subsystem that could lead to information leak (bsc#1217250). The following non-security bugs were fixed: - Documentation: KVM: add separate directories for architecture-specific documentation (jsc#PED-7167). - Documentation: KVM: update amd-memory-encryption.rst references (jsc#PED-7167). - Documentation: KVM: update msr.rst reference (jsc#PED-7167). - Documentation: KVM: update s390-diag.rst reference (jsc#PED-7167). - Documentation: KVM: update s390-pv.rst reference (jsc#PED-7167). - Documentation: drop more IDE boot options and ide-cd.rst (git-fixes). - Documentation: qat: Use code block for qat sysfs example (git-fixes). - Drop Documentation/ide/ (git-fixes). - Fix crash on screen resize (bsc#1218229) - Fix drm gem object underflow (bsc#1218092) - KVM: arm64: Prevent kmemleak from accessing pKVM memory (jsc#PED-7167). - KVM: s390/mm: Properly reset no-dat (git-fixes bsc#1218056). - KVM: s390: vsie: fix wrong VIR 37 when MSO is used (git-fixes bsc#1217933). - Revert "PCI/ASPM: Remove pcie_aspm_pm_state_change()" (git-fixes). - Revert "PCI: acpiphp: Reassign resources on bridge if necessary" (git-fixes). - Revert "md: unlock mddev before reap sync_thread in action_store" (git-fixes). - Revert "swiotlb: panic if nslabs is too small" (git-fixes). - Revert "xhci: Loosen RPM as default policy to cover for AMD xHC 1.1" (git-fixes). - USB: serial: ftdi_sio: update Actisense PIDs constant names (git-fixes). - USB: serial: option: add Foxconn T99W265 with new baseline (git-fixes). - USB: serial: option: add Quectel EG912Y module support (git-fixes). - USB: serial: option: add Quectel RM500Q R13 firmware support (git-fixes). - Update: drm/vmwgfx: Keep a gem reference to user bos in surfaces - acpi: video: Add backlight=native DMI quirk for Lenovo Ideapad Z470 (git-fixes). - acpi: x86: s2idle: Catch multiple ACPI_TYPE_PACKAGE objects (git-fixes). - acpica: Add AML_NO_OPERAND_RESOLVE flag to Timer (git-fixes). - afs: Fix afs_server_list to be cleaned up with RCU (git-fixes). - afs: Fix dynamic root lookup DNS check (git-fixes). - afs: Fix file locking on R/O volumes to operate in local mode (git-fixes). - afs: Fix overwriting of result of DNS query (git-fixes). - afs: Fix refcount underflow from error handling race (git-fixes). - afs: Fix the dynamic root's d_delete to always delete unused dentries (git-fixes). - afs: Fix use-after-free due to get/remove race in volume tree (git-fixes). - afs: Make error on cell lookup failure consistent with OpenAFS (git-fixes). - afs: Return ENOENT if no cell DNS record can be found (git-fixes). - alsa: hda - Fix speaker and headset mic pin config for CHUWI CoreBook XPro (git-fixes). - alsa: hda/hdmi: add force-connect quirk for NUC5CPYB (git-fixes). - alsa: hda/hdmi: add force-connect quirks for ASUSTeK Z170 variants (git-fixes). - alsa: hda/realtek: Add Framework laptop 16 to quirks (git-fixes). - alsa: hda/realtek: Add quirk for ASUS ROG GV302XA (git-fixes). - alsa: hda/realtek: Add supported ALC257 for ChromeOS (git-fixes). - alsa: hda/realtek: Apply mute LED quirk for HP15-db (git-fixes). - alsa: hda/realtek: Enable headset on Lenovo M90 Gen5 (git-fixes). - alsa: hda/realtek: Fix mute and mic-mute LEDs for HP ProBook 440 G6 (git-fixes). - alsa: hda/realtek: Headset Mic VREF to 100% (git-fixes). - alsa: hda/realtek: add new Framework laptop to quirks (git-fixes). - alsa: hda/realtek: enable SND_PCI_QUIRK for hp pavilion 14-ec1xxx series (git-fixes). - alsa: hda/realtek: fix mute/micmute LEDs for a HP ZBook (git-fixes). - alsa: hda/realtek: fix speakers on XPS 9530 (2023) (git-fixes). - alsa: hda: intel-dsp-cfg: add LunarLake support (git-fixes). - alsa: pcm: fix out-of-bounds in snd_pcm_state_names (git-fixes). - alsa: seq: oss: Fix racy open/close of MIDI devices (git-fixes). - alsa: usb-audio: Add Pioneer DJM-450 mixer controls (git-fixes). - alsa: usb-audio: Increase delay in MOTU M quirk (git-fixes). - apparmor: Free up __cleanup() name (jsc#PED-7167). - arm64: dts: arm: add missing cache properties (git-fixes) - arm64: dts: imx8mm: Add sound-dai-cells to micfil node (git-fixes) - arm64: dts: imx8mn: Add sound-dai-cells to micfil node (git-fixes) - arm64: dts: imx8mq-librem5: Remove dis_u3_susphy_quirk from (git-fixes) - arm64: kdump: Skip kmemleak scan reserved memory for kdump (jsc#PED-7167). - arm64: mm: Fix "rodata=on" when CONFIG_RODATA_FULL_DEFAULT_ENABLED=y (git-fixes) - arm: oMAP2+: Fix null pointer dereference and memory leak in omap_soc_device_init (git-fixes). - arm: pL011: Fix DMA support (git-fixes). - asoc: fsl_rpmsg: Fix error handler with pm_runtime_enable (git-fixes). - asoc: hdmi-codec: fix missing report for jack initial status (git-fixes). - asoc: meson: g12a-toacodec: Fix event generation (git-fixes). - asoc: meson: g12a-toacodec: Validate written enum values (git-fixes). - asoc: meson: g12a-tohdmitx: Fix event generation for S/PDIF mux (git-fixes). - asoc: meson: g12a-tohdmitx: Validate written enum values (git-fixes). - asoc: wm_adsp: fix memleak in wm_adsp_buffer_populate (git-fixes). - bitmap: unify find_bit operations (jsc#PED-7167). - block: fix revalidate performance regression (bsc#1216057). - bluetooth: Fix deadlock in vhci_send_frame (git-fixes). - bluetooth: L2CAP: Send reject on command corrupted request (git-fixes). - bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE (git-fixes). - bluetooth: btusb: Add new PID/VID 0489:e0f2 for MT7921 (bsc#1218461). - bluetooth: hci_event: Fix not checking if HCI_OP_INQUIRY has been sent (git-fixes). - bluetooth: hci_event: shut up a false-positive warning (git-fixes). - bluetooth: hci_qca: Fix the teardown problem for real (git-fixes). - bnxt: do not handle XDP in netpoll (jsc#PED-1495). - bnxt_en: Clear resource reservation during resume (jsc#PED-1495). - bnxt_en: Fix HWTSTAMP_FILTER_ALL packet timestamp logic (jsc#PED-1495). - bnxt_en: Fix max_mtu setting for multi-buf XDP (jsc#PED-1495). - bnxt_en: Fix page pool logic for page size >= 64K (jsc#PED-1495). - bnxt_en: Fix wrong return value check in bnxt_close_nic() (jsc#PED-1495). - bnxt_en: Flush XDP for bnxt_poll_nitroa0()'s NAPI (jsc#PED-1495). - bpf: Adjust insufficient default bpf_jit_limit (bsc#1218234 git-fixes). - bus: ti-sysc: Flush posted write only after srst_udelay (git-fixes). - ceph: fix incorrect revoked caps assert in ceph_fill_file_size() (bsc#1217980). - ceph: fix type promotion bug on 32bit systems (bsc#1217982). - cleanup: Make no_free_ptr() __must_check (jsc#PED-7167). - clocksource: Add a Kconfig option for WATCHDOG_MAX_SKEW (bsc#1215885 bsc#1217217). - clocksource: Enable TSC watchdog checking of HPET and PMTMR only when requested (bsc#1215885 bsc#1217217). - clocksource: Handle negative skews in "skew is too large" messages (bsc#1215885 bsc#1217217). - clocksource: Improve "skew is too large" messages (bsc#1215885 bsc#1217217). - clocksource: Improve read-back-delay message (bsc#1215885 bsc#1217217). - clocksource: Loosen clocksource watchdog constraints (bsc#1215885 bsc#1217217). - clocksource: Print clocksource name when clocksource is tested unstable (bsc#1215885 bsc#1217217). - clocksource: Verify HPET and PMTMR when TSC unverified (bsc#1215885 bsc#1217217). - configfs-tsm: Introduce a shared ABI for attestation reports (jsc#PED-7167). - crypto: ccp - Add SEV_INIT rc error logging on init (jsc#PED-7167). - crypto: ccp - Add SEV_INIT_EX support (jsc#PED-7167). - crypto: ccp - Add a header for multiple drivers to use `__psp_pa` (jsc#PED-7167). - crypto: ccp - Add a quirk to firmware update (jsc#PED-7167). - crypto: ccp - Add psp_init_on_probe module parameter (jsc#PED-7167). - crypto: ccp - Drop TEE support for IRQ handler (jsc#PED-7167). - crypto: ccp - Ensure psp_ret is always init'd in __sev_platform_init_locked() (jsc#PED-7167). - crypto: ccp - Fail the PSP initialization when writing psp data file failed (jsc#PED-7167). - crypto: ccp - Fix the INIT_EX data file open failure (jsc#PED-7167). - crypto: ccp - Fix whitespace in sev_cmd_buffer_len() (jsc#PED-7167). - crypto: ccp - Flush the SEV-ES TMR memory before giving it to firmware (jsc#PED-7167). - crypto: ccp - Initialize PSP when reading psp data file failed (jsc#PED-7167). - crypto: ccp - Log when resetting PSP SEV state (jsc#PED-7167). - crypto: ccp - Move SEV_INIT retry for corrupted data (jsc#PED-7167). - crypto: ccp - Move some PSP mailbox bit definitions into common header (jsc#PED-7167). - crypto: ccp - Name -1 return value as SEV_RET_NO_FW_CALL (jsc#PED-7167). - crypto: ccp - Refactor out sev_fw_alloc() (jsc#PED-7167). - crypto: ccp - remove unneeded semicolon (jsc#PED-7167). - crypto: ccp: Get rid of __sev_platform_init_locked()'s local function pointer (jsc#PED-7167). - dm verity: initialize fec io before freeing it (git-fixes). - dm-verity: do not use blocking calls from tasklets (git-fixes). - dm: add cond_resched() to dm_wq_requeue_work() (git-fixes). - dm: do not attempt to queue IO under RCU protection (git-fixes). - dm: fix __send_duplicate_bios() to always allow for splitting IO (bsc#1215952). - dm: fix improper splitting for abnormal bios (bsc#1215952). - dm: verity-loadpin: Add NULL pointer check for 'bdev' parameter (git-fixes). - dm_blk_ioctl: implement path failover for SG_IO (bsc#1183045, bsc#1216776). - dmaengine: ioat: Free up __cleanup() name (jsc#PED-7167). - doc/README.SUSE: Add how to update the config for module signing (jsc#PED-5021) - doc/README.SUSE: Remove how to build modules using kernel-source (jsc#PED-5021) - doc/README.SUSE: Simplify the list of references (jsc#PED-5021) - drm/amd/amdgpu: Fix warnings in amdgpu/amdgpu_display.c (git-fixes). - drm/amdgpu/sdma5.2: add begin/end_use ring callbacks (bsc#1212139). - drm/amdgpu: Add EEPROM I2C address support for ip discovery (git-fixes). - drm/amdgpu: Add I2C EEPROM support on smu v13_0_6 (git-fixes). - drm/amdgpu: Add support for RAS table at 0x40000 (git-fixes). - drm/amdgpu: Decouple RAS EEPROM addresses from chips (git-fixes). - drm/amdgpu: Remove redundant I2C EEPROM address (git-fixes). - drm/amdgpu: Remove second moot switch to set EEPROM I2C address (git-fixes). - drm/amdgpu: Return from switch early for EEPROM I2C address (git-fixes). - drm/amdgpu: Update EEPROM I2C address for smu v13_0_0 (git-fixes). - drm/amdgpu: Update ras eeprom support for smu v13_0_0 and v13_0_10 (git-fixes). - drm/amdgpu: correct chunk_ptr to a pointer to chunk (git-fixes). - drm/amdgpu: correct the amdgpu runtime dereference usage count (git-fixes). - drm/amdgpu: fix tear down order in amdgpu_vm_pt_free (git-fixes). - drm/amdgpu: simplify amdgpu_ras_eeprom.c (git-fixes). - drm/bridge: parade-ps8640: Never store more than msg->size bytes in AUX xfer (git-fixes). - drm/bridge: ps8640: Fix size mismatch warning w/ len (git-fixes). - drm/bridge: tc358768: select CONFIG_VIDEOMODE_HELPERS (git-fixes). - drm/bridge: ti-sn65dsi86: Never store more than msg->size bytes in AUX xfer (git-fixes). - drm/i915/display: Drop check for doublescan mode in modevalid (git-fixes). - drm/i915/dp: Fix passing the correct DPCD_REV for drm_dp_set_phy_test_pattern (git-fixes). - drm/i915/dpt: Only do the POT stride remap when using DPT (git-fixes). - drm/i915/lvds: Use REG_BIT() & co (git-fixes). - drm/i915/mtl: limit second scaler vertical scaling in ver >= 14 (git-fixes). - drm/i915/sdvo: stop caching has_hdmi_monitor in struct intel_sdvo (git-fixes). - drm/i915: Fix intel_atomic_setup_scalers() plane_state handling (git-fixes). - drm/i915: Fix remapped stride with CCS on ADL+ (git-fixes). - drm/i915: Reject async flips with bigjoiner (git-fixes). - drm/i915: Relocate intel_atomic_setup_scalers() (git-fixes). - drm/i915: fix MAX_ORDER usage in i915_gem_object_get_pages_internal() (jsc#PED-7167). - drm/mediatek: Add spinlock for setting vblank event in atomic_begin (git-fixes). - drm/mgag200: Fix gamma lut not initialized for G200ER, G200EV, G200SE (git-fixes). - efi/libstub: Implement support for unaccepted memory (jsc#PED-7167). - efi/unaccepted: Avoid load_unaligned_zeropad() stepping into unaccepted memory (jsc#PED-7167). - efi/unaccepted: Fix off-by-one when checking for overlapping ranges (jsc#PED-7167). - efi/unaccepted: Fix soft lockups caused by parallel memory acceptance (jsc#PED-7167). - efi/unaccepted: Make sure unaccepted table is mapped (jsc#PED-7167). - efi/unaccepted: Use ACPI reclaim memory for unaccepted memory table (jsc#PED-7167). - efi/x86: Get full memory map in allocate_e820() (jsc#PED-7167). - efi: Add unaccepted memory support (jsc#PED-7167). - efi: libstub: avoid efi_get_memory_map() for allocating the virt map (jsc#PED-7167). - efi: libstub: install boot-time memory map as config table (jsc#PED-7167). - efi: libstub: remove DT dependency from generic stub (jsc#PED-7167). - efi: libstub: remove pointless goto kludge (jsc#PED-7167). - efi: libstub: simplify efi_get_memory_map() and struct efi_boot_memmap (jsc#PED-7167). - efi: libstub: unify initrd loading between architectures (jsc#PED-7167). - floppy: fix MAX_ORDER usage (jsc#PED-7167). - fprobe: Fix to ensure the number of active retprobes is not zero (git-fixes). - fs/jfs: Add check for negative db_l2nbperpage (git-fixes). - fs/jfs: Add validity check for db_maxag and db_agpref (git-fixes). - fs/jfs: prevent double-free in dbUnmount() after failed jfs_remount() (git-fixes). - fs/remap: constrain dedupe of EOF blocks (git-fixes). - fs: avoid empty option when generating legacy mount string (git-fixes). - fs: fix an infinite loop in iomap_fiemap (git-fixes). - fs: ocfs2: namei: check return value of ocfs2_add_entry() (git-fixes). - genwqe: fix MAX_ORDER usage (jsc#PED-7167). - gfs2: Add wrapper for iomap_file_buffered_write (git-fixes). - gfs2: Check sb_bsize_shift after reading superblock (git-fixes). - gfs2: Clean up function may_grant (git-fixes). - gfs2: Fix filesystem block deallocation for short writes (git-fixes). - gfs2: Fix gfs2_release for non-writers regression (git-fixes). - gfs2: Fix inode height consistency check (git-fixes). - gfs2: Fix length of holes reported at end-of-file (git-fixes). - gfs2: Fix possible data races in gfs2_show_options() (git-fixes). - gfs2: Improve gfs2_make_fs_rw error handling (git-fixes). - gfs2: Make sure FITRIM minlen is rounded up to fs block size (git-fixes). - gfs2: Silence "suspicious RCU usage in gfs2_permission" warning (git-fixes). - gfs2: Switch from strlcpy to strscpy (git-fixes). - gfs2: fix an oops in gfs2_permission (git-fixes). - gfs2: gfs2_setattr_size error path fix (git-fixes). - gfs2: ignore negated quota changes (git-fixes). - gfs2: jdata writepage fix (git-fixes). - gfs2: use i_lock spin_lock for inode qadata (git-fixes). - gpiolib: sysfs: Fix error handling on failed export (git-fixes). - gve: Fixes for napi_poll when budget is 0 (git-fixes). - gve: Use size_add() in call to struct_size() (git-fixes). - hid: add ALWAYS_POLL quirk for Apple kb (git-fixes). - hid: glorious: fix Glorious Model I HID report (git-fixes). - hid: hid-asus: add const to read-only outgoing usb buffer (git-fixes). - hid: hid-asus: reset the backlight brightness level on resume (git-fixes). - hid: lenovo: Restrict detection of patched firmware only to USB cptkbd (git-fixes). - hid: multitouch: Add quirk for HONOR GLO-GXXX touchpad (git-fixes). - hwmon: (acpi_power_meter) Fix 4.29 MW bug (git-fixes). - hwmon: (nzxt-kraken2) Fix error handling path in kraken2_probe() (git-fixes). - i2c: aspeed: Handle the coalesced stop conditions with the start conditions (git-fixes). - i2c: core: Fix atomic xfer check for non-preempt config (git-fixes). - i2c: designware: Fix corrupted memory seen in the ISR (git-fixes). - i40e: Fix I40E_FLAG_VF_VLAN_PRUNING value (jsc#PED-372). - i40e: Fix VF VLAN offloading when port VLAN is configured (jsc#PED-372). - i40e: Fix unexpected MFS warning message (jsc#PED-372). - i40e: Fix wrong check for I40E_TXR_FLAGS_WB_ON_ITR (jsc#PED-372). - i40e: fix misleading debug logs (jsc#PED-372). - i40e: fix potential NULL pointer dereferencing of pf->vf i40e_sync_vsi_filters() (jsc#PED-372). - i40e: fix potential memory leaks in i40e_remove() (jsc#PED-372). - i40e: prevent crash on probe if hw registers have invalid values (jsc#PED-372). - ib/mlx5: Fix init stage error handling to avoid double free of same QP and UAF (git-fixes) - ib/mlx5: Fix rdma counter binding for RAW QP (git-fixes) - igb: Avoid starting unnecessary workqueues (jsc#PED-370). - igb: Change IGB_MIN to allow set rx/tx value between 64 and 80 (jsc#PED-370). - igb: Fix potential memory leak in igb_add_ethtool_nfc_entry (jsc#PED-370). - igb: clean up in all error paths when enabling SR-IOV (jsc#PED-370). - igb: disable virtualization features on 82580 (jsc#PED-370). - igbvf: Change IGBVF_MIN to allow set rx/tx value between 64 and 80 (jsc#PED-370). - igc: Change IGC_MIN to allow set rx/tx value between 64 and 80 (jsc#PED-375). - igc: Expose tx-usecs coalesce setting to user (jsc#PED-375). - igc: Fix ambiguity in the ethtool advertising (jsc#PED-375). - igc: Fix infinite initialization loop with early XDP redirect (jsc#PED-375). - igc: Fix the typo in the PTM Control macro (jsc#PED-375). - iio: adc: ti_am335x_adc: Fix return value check of tiadc_request_dma() (git-fixes). - iio: common: ms_sensors: ms_sensors_i2c: fix humidity conversion time table (git-fixes). - iio: imu: inv_mpu6050: fix an error code problem in inv_mpu6050_read_raw (git-fixes). - iio: triggered-buffer: prevent possible freeing of wrong buffer (git-fixes). - input: i8042 - add quirk for TUXEDO Gemini 17 Gen1/Clevo PD70PN (git-fixes). - input: ipaq-micro-keys - add error handling for devm_kmemdup (git-fixes). - input: soc_button_array - add mapping for airplane mode button (git-fixes). - input: xpad - add HyperX Clutch Gladiate Support (git-fixes). - interconnect: Treat xlate() returning NULL node as an error (git-fixes). - iomap: Fix iomap_dio_rw return value for user copies (git-fixes). - iommu: fix MAX_ORDER usage in __iommu_dma_alloc_pages() (jsc#PED-7167). - iov_iter, x86: Be consistent about the __user tag on copy_mc_to_user() (git-fixes). - jfs: fix array-index-out-of-bounds in dbFindLeaf (git-fixes). - jfs: fix array-index-out-of-bounds in diAlloc (git-fixes). - jfs: fix invalid free of JFS_IP(ipimap)->i_imap in diUnmount (git-fixes). - jfs: validate max amount of blocks before allocation (git-fixes). - kABI: Preserve the type of rethook::handler (git-fixes). - kABI: restore void return to typec_altmode_attention (git-fixes). - kabi/severities: ignore kABI for asus-wmi drivers Tolerate the kABI changes, as used only locally for asus-wmi stuff - kabi/severities: make snp_issue_guest_request PASS (jsc#PED-7167) - kabi: fix of_reserved_mem_* due to struct vm_struct became defined (jsc#PED-7167). - kabi: fix sev-dev due to fs_struct became defined (jsc#PED-7167). - kabi: fix struct efi after adding unaccepted memory table (jsc#PED-7167). - kabi: fix struct zone kabi after adding unaccepted_pages and NR_UNACCEPTED (jsc#PED-7167). - kbuild: Drop -Wdeclaration-after-statement (jsc#PED-7167). - kconfig: fix memory leak from range properties (git-fixes). - kernel-source: Remove config-options.changes (jsc#PED-5021) - kprobes: consistent rcu api usage for kretprobe holder (git-fixes). - lib/vsprintf: Fix %pfwf when current node refcount == 0 (git-fixes). - libceph: use kernel_connect() (bsc#1217981). - locking: Introduce __cleanup() based infrastructure (jsc#PED-7167). - locks: fix KASAN: use-after-free in trace_event_raw_event_filelock_lock (git-fixes). - md/bitmap: do not set max_write_behind if there is no write mostly device (git-fixes). - md/md-bitmap: hold 'reconfig_mutex' in backlog_store() (git-fixes). - md/md-bitmap: remove unnecessary local variable in backlog_store() (git-fixes). - md/raid0: add discard support for the 'original' layout (git-fixes). - md/raid10: do not call bio_start_io_acct twice for bio which experienced read error (git-fixes). - md/raid10: factor out code from wait_barrier() to stop_waiting_barrier() (git-fixes). - md/raid10: factor out dereference_rdev_and_rrdev() (git-fixes). - md/raid10: fix io loss while replacement replace rdev (git-fixes). - md/raid10: fix leak of 'r10bio->remaining' for recovery (git-fixes). - md/raid10: fix memleak for 'conf->bio_split' (git-fixes). - md/raid10: fix memleak of md thread (git-fixes). - md/raid10: fix null-ptr-deref in raid10_sync_request (git-fixes). - md/raid10: fix null-ptr-deref of mreplace in raid10_sync_request (git-fixes). - md/raid10: fix overflow of md/safe_mode_delay (git-fixes). - md/raid10: fix task hung in raid10d (git-fixes). - md/raid10: fix the condition to call bio_end_io_acct() (git-fixes). - md/raid10: fix wrong setting of max_corr_read_errors (git-fixes). - md/raid10: prevent soft lockup while flush writes (git-fixes). - md/raid10: use dereference_rdev_and_rrdev() to get devices (git-fixes). - md/raid1: fix error: ISO C90 forbids mixed declarations (git-fixes). - md/raid1: free the r1bio before waiting for blocked rdev (git-fixes). - md/raid1: hold the barrier until handle_read_error() finishes (git-fixes). - md/raid5-cache: fix a deadlock in r5l_exit_log() (git-fixes). - md/raid5-cache: fix null-ptr-deref for r5l_flush_stripe_to_raid() (git-fixes). - md/raid5: fix miscalculation of 'end_sector' in raid5_read_one_chunk() (git-fixes). - md: Put the right device in md_seq_next (bsc#1217822). - md: Set MD_BROKEN for RAID1 and RAID10 (git-fixes). - md: avoid signed overflow in slot_store() (git-fixes). - md: do not update recovery_cp when curr_resync is ACTIVE (git-fixes). - md: drop queue limitation for RAID1 and RAID10 (git-fixes). - md: raid0: account for split bio in iostat accounting (git-fixes). - md: raid10 add nowait support (git-fixes). - md: raid1: fix potential OOB in raid1_remove_disk() (git-fixes). - md: restore 'noio_flag' for the last mddev_resume() (git-fixes). - md: select BLOCK_LEGACY_AUTOLOAD (git-fixes). - memblock: exclude MEMBLOCK_NOMAP regions from kmemleak (jsc#PED-7167). - memblock: make memblock_find_in_range method private (jsc#PED-7167). - misc: mei: client.c: fix problem of return '-EOVERFLOW' in mei_cl_write (git-fixes). - misc: mei: client.c: return negative error code in mei_cl_write (git-fixes). - mkspec: Add multibuild support (JSC-SLE#5501, boo#1211226, bsc#1218184) When MULTIBUILD option in config.sh is enabled generate a _multibuild file listing all spec files. - mm/page_alloc: make deferred page init free pages in MAX_ORDER blocks (jsc#PED-7167). - mm/pgtable: Fix multiple -Wstringop-overflow warnings (jsc#PED-7167). - mm/slab: Add __free() support for kvfree (jsc#PED-7167). - mm/slub: fix MAX_ORDER usage in calculate_order() (jsc#PED-7167). - mm: Add PAGE_ALIGN_DOWN macro (jsc#PED-7167). - mm: Add support for unaccepted memory (jsc#PED-7167). - mm: add pageblock_align() macro (jsc#PED-7167). - mm: add pageblock_aligned() macro (jsc#PED-7167). - mm: avoid passing 0 to __ffs() (jsc#PED-7167). - mm: kmem: drop __GFP_NOFAIL when allocating objcg vectors (bsc#1218515). - mm: move kvmalloc-related functions to slab.h (jsc#PED-7167). - mm: new primitive kvmemdup() (jsc#PED-7167). - mm: reuse pageblock_start/end_pfn() macro (jsc#PED-7167). - mmc: meson-mx-sdhc: Fix initialization frozen issue (git-fixes). - mmc: rpmb: fixes pause retune on all RPMB partitions (git-fixes). - mmc: sdhci-sprd: Fix eMMC init failure after hw reset (git-fixes). - neighbor: tracing: Move pin6 inside CONFIG_IPV6=y section (git-fixes). - net/rose: Fix Use-After-Free in rose_ioctl (git-fixes). - net/smc: Fix pos miscalculation in statistics (bsc#1218139). - net/tg3: fix race condition in tg3_reset_task() (bsc#1217801). - net: 9p: avoid freeing uninit memory in p9pdu_vreadf (git-fixes). - net: bnxt: fix a potential use-after-free in bnxt_init_tc (jsc#PED-1495). - net: ena: Destroy correct number of xdp queues upon failure (git-fixes). - net: ena: Fix XDP redirection error (git-fixes). - net: ena: Fix xdp drops handling due to multibuf packets (git-fixes). - net: ena: Flush XDP packets on error (git-fixes). - net: mana: select PAGE_POOL (git-fixes). - net: rfkill: gpio: set GPIO direction (git-fixes). - net: usb: ax88179_178a: avoid failed operations when device is disconnected (git-fixes). - net: usb: ax88179_178a: clean up pm calls (git-fixes). - net: usb: ax88179_178a: wol optimizations (git-fixes). - net: usb: qmi_wwan: claim interface 4 for ZTE MF290 (git-fixes). - nfc: llcp_core: Hold a ref to llcp_local->dev when holding a ref to llcp_local (git-fixes). - nfs: Fix O_DIRECT locking issues (bsc#1211162). - nfs: Fix a few more clear_bit() instances that need release semantics (bsc#1211162). - nfs: Fix a potential data corruption (bsc#1211162). - nfs: Fix a use after free in nfs_direct_join_group() (bsc#1211162). - nfs: Fix error handling for O_DIRECT write scheduling (bsc#1211162). - nfs: More O_DIRECT accounting fixes for error paths (bsc#1211162). - nfs: More fixes for nfs_direct_write_reschedule_io() (bsc#1211162). - nfs: Use the correct commit info in nfs_join_page_group() (bsc#1211162). - nfs: only issue commit in DIO codepath if we have uncommitted data (bsc#1211162). - nilfs2: fix missing error check for sb_set_blocksize call (git-fixes). - nilfs2: prevent WARNING in nilfs_sufile_set_segment_usage() (git-fixes). - nlm: Defend against file_lock changes after vfs_test_lock() (bsc#1217692). - null_blk: fix poll request timeout handling (git-fixes). - nvme-core: check for too small lba shift (bsc#1214117). - nvme-pci: Add sleep quirk for Kingston drives (git-fixes). - nvme-pci: always return an ERR_PTR from nvme_pci_alloc_dev (git-fixes). - nvme-pci: do not set the NUMA node of device if it has none (git-fixes). - nvme-pci: factor out a nvme_pci_alloc_dev helper (git-fixes). - nvme-rdma: do not try to stop unallocated queues (git-fixes). - nvme: sanitize metadata bounce buffer for reads (git-fixes). - nvmet-auth: complete a request only after freeing the dhchap pointers (git-fixes). - of: reserved_mem: Have kmemleak ignore dynamically allocated reserved mem (jsc#PED-7167). - orangefs: Fix kmemleak in orangefs_prepare_debugfs_help_string() (git-fixes). - orangefs: Fix kmemleak in orangefs_{kernel,client}_debug_init() (git-fixes). - orangefs: Fix sysfs not cleanup when dev init failed (git-fixes). - orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc() (git-fixes). - padata: Fix refcnt handling in padata_free_shell() (git-fixes). - parport: Add support for Brainboxes IX/UC/PX parallel cards (git-fixes). - pci: loongson: Limit MRRS to 256 (git-fixes). - perf/core: fix MAX_ORDER usage in rb_alloc_aux_page() (jsc#PED-7167). - pinctrl: at91-pio4: use dedicated lock class for IRQ (git-fixes). - platform/surface: aggregator: fix recv_buf() return value (git-fixes). - platform/x86: asus-wmi: Add support for ROG X13 tablet mode (git-fixes). - platform/x86: asus-wmi: Adjust tablet/lidflip handling to use enum (git-fixes). - platform/x86: asus-wmi: Fix kbd_dock_devid tablet-switch reporting (git-fixes). - platform/x86: asus-wmi: Move i8042 filter install to shared asus-wmi code (git-fixes). - platform/x86: asus-wmi: Simplify tablet-mode-switch handling (git-fixes). - platform/x86: asus-wmi: Simplify tablet-mode-switch probing (git-fixes). - platform/x86: wmi: Allow duplicate GUIDs for drivers that use struct wmi_driver (git-fixes). - platform/x86: wmi: Skip blocks with zero instances (git-fixes). - powerpc/pseries/vas: Migration suspend waits for no in-progress open windows (bsc#1218397 ltc#204523). - qed/red_ll2: Fix undefined behavior bug in struct qed_ll2_info (jsc#PED-1526). - qed: Fix a potential use-after-free in qed_cxt_tables_alloc (jsc#PED-1526). - qed: fix LL2 RX buffer allocation (jsc#PED-1526). - qede: fix firmware halt over suspend and resume (jsc#PED-1526). - qla2xxx: add debug log for deprecated hw detected (bsc#1216032). - r8152: Add RTL8152_INACCESSIBLE checks to more loops (git-fixes). - r8152: Add RTL8152_INACCESSIBLE to r8153_aldps_en() (git-fixes). - r8152: Add RTL8152_INACCESSIBLE to r8153_pre_firmware_1() (git-fixes). - r8152: Add RTL8152_INACCESSIBLE to r8156b_wait_loading_flash() (git-fixes). - r8152: Rename RTL8152_UNPLUG to RTL8152_INACCESSIBLE (git-fixes). - r8169: Fix PCI error on system resume (git-fixes). - rdma/bnxt_re: Correct module description string (jsc#PED-1495). - rdma/core: Use size_{add,sub,mul}() in calls to struct_size() (git-fixes) - rdma/hfi1: Use FIELD_GET() to extract Link Width (git-fixes) - rdma/hfi1: Workaround truncation compilation error (git-fixes) - rdma/hns: Add check for SL (git-fixes) - rdma/hns: Fix printing level of asynchronous events (git-fixes) - rdma/hns: Fix signed-unsigned mixed comparisons (git-fixes) - rdma/hns: Fix uninitialized ucmd in hns_roce_create_qp_common() (git-fixes) - rdma/hns: The UD mode can only be configured with DCQCN (git-fixes) - regmap: fix bogus error on regcache_sync success (git-fixes). - reiserfs: Check the return value from __getblk() (git-fixes). - reiserfs: Replace 1-element array with C99 style flex-array (git-fixes). - remove unnecessary WARN_ON_ONCE() (bsc#1214823 bsc#1218569). - reset: Fix crash when freeing non-existent optional resets (git-fixes). - restore renamed device IDs for USB HID devices (git-fixes). - rethook: Fix to use WRITE_ONCE() for rethook:: Handler (git-fixes). - rethook: Use __rcu pointer for rethook::handler (git-fixes). - ring-buffer: Do not try to put back write_stamp (git-fixes). - ring-buffer: Do not update before stamp when switching sub-buffers (git-fixes). - ring-buffer: Fix a race in rb_time_cmpxchg() for 32 bit archs (git-fixes). - ring-buffer: Fix memory leak of free page (git-fixes). - ring-buffer: Fix slowpath of interrupted event (git-fixes). - ring-buffer: Fix wake ups when buffer_percent is set to 100 (git-fixes). - ring-buffer: Fix writing to the buffer with max_data_size (git-fixes). - ring-buffer: Force absolute timestamp on discard of event (git-fixes). - ring-buffer: Have saved event hold the entire event (git-fixes). - ring-buffer: Remove useless update to write_stamp in rb_try_to_discard() (git-fixes). - s390/vx: fix save/restore of fpu kernel context (git-fixes bsc#1218357). - scsi: lpfc: use unsigned type for num_sge (bsc#1214747). - serial: 8250: 8250_omap: Clear UART_HAS_RHR_IT_DIS bit (git-fixes). - serial: 8250: 8250_omap: Do not start RX DMA on THRI interrupt (git-fixes). - serial: sc16is7xx: address RX timeout interrupt errata (git-fixes). - soundwire: stream: fix NULL pointer dereference for multi_link (git-fixes). - spi: atmel: Fix clock issue when using devices with different polarities (git-fixes). - statfs: enforce statfs[64] structure initialization (git-fixes). - supported.conf: add drivers/virt/coco/tsm (jsc#PED-7167) - swiotlb: always set the number of areas before allocating the pool (git-fixes). - swiotlb: do not panic! (git-fixes). - swiotlb: fix a braino in the alignment check fix (bsc#1216559). - swiotlb: fix debugfs reporting of reserved memory pools (git-fixes). - swiotlb: fix slot alignment checks (bsc#1216559). - swiotlb: fix the deadlock in swiotlb_do_find_slots (git-fixes). - swiotlb: mark swiotlb_memblock_alloc() as __init (git-fixes). - swiotlb: reduce the number of areas to match actual memory pool size (git-fixes). - swiotlb: reduce the swiotlb buffer size on allocation failure (git-fixes). - swiotlb: use the calculated number of areas (git-fixes). - tracing / synthetic: Disable events after testing in synth_event_gen_test_init() (git-fixes). - tracing/kprobes: Fix the description of variable length arguments (git-fixes). - tracing/kprobes: Fix the order of argument descriptions (git-fixes). - tracing/perf: Add interrupt_context_level() helper (git-fixes). - tracing/synthetic: fix kernel-doc warnings (git-fixes). - tracing: Always update snapshot buffer size (git-fixes). - tracing: Disable preemption when using the filter buffer (bsc#1217036). - tracing: Disable snapshot buffer when stopping instance tracers (git-fixes). - tracing: Fix a possible race when disabling buffered events (bsc#1217036). - tracing: Fix a warning when allocating buffered events fails (bsc#1217036). - tracing: Fix blocked reader of snapshot buffer (git-fixes). - tracing: Fix incomplete locking when disabling buffered events (bsc#1217036). - tracing: Fix warning in trace_buffered_event_disable() (git-fixes, bsc#1217036). - tracing: Have the user copy of synthetic event address use correct context (git-fixes). - tracing: Reuse logic from perf's get_recursion_context() (git-fixes). - tracing: Set actual size after ring buffer resize (git-fixes). - tracing: Stop current tracer when resizing buffer (git-fixes). - tracing: Update snapshot buffer on resize if it is allocated (git-fixes). - tracing: Use __this_cpu_read() in trace_event_buffer_lock_reserver() (bsc#1217036). - tracing: relax trace_event_eval_update() execution with cond_resched() (git-fixes). - uapi: propagate __struct_group() attributes to the container union (jsc#SLE-18978). - ubifs: Fix memory leak of bud->log_hash (git-fixes). - ubifs: fix possible dereference after free (git-fixes). - usb-storage: Add quirk for incorrect WP on Kingston DT Ultimate 3.0 G3 (git-fixes). - usb: aqc111: check packet for fixup for true limit (git-fixes). - usb: config: fix iteration issue in 'usb_get_bos_descriptor()' (git-fixes). - usb: host: xhci-plat: fix possible kernel oops while resuming (git-fixes). - usb: hub: Guard against accesses to uninitialized BOS descriptors (git-fixes). - usb: typec: bus: verify partner exists in typec_altmode_attention (git-fixes). - usb: typec: class: fix typec_altmode_put_partner to put plugs (git-fixes). - usb: typec: ucsi: acpi: add quirk for ASUS Zenbook UM325 (git-fixes). - virt/coco/sev-guest: Double-buffer messages (jsc#PED-7167). - virt: coco: Add a coco/Makefile and coco/Kconfig (jsc#PED-7167). - virt: sevguest: Add TSM_REPORTS support for SNP_GET_EXT_REPORT (jsc#PED-7167). - virt: sevguest: Fix passing a stack buffer as a scatterlist target (jsc#PED-7167). - virt: sevguest: Prep for kernel internal get_ext_report() (jsc#PED-7167). - virt: tdx-guest: Add Quote generation support using TSM_REPORTS (jsc#PED-7167). - vsprintf/kallsyms: Prevent invalid data when printing symbol (bsc#1217602). - wifi: cfg80211: Add my certificate (git-fixes). - wifi: cfg80211: fix certs build to not depend on file order (git-fixes). - wifi: iwlwifi: pcie: add another missing bh-disable for rxq->lock (git-fixes). - wifi: iwlwifi: pcie: do not synchronize IRQs from IRQ (git-fixes). - wifi: mac80211: mesh: check element parsing succeeded (git-fixes). - wifi: mac80211: mesh_plink: fix matches_local logic (git-fixes). - x86/CPU/AMD: Check vendor in the AMD microcode callback (git-fixes). - x86/alternatives: Disable KASAN in apply_alternatives() (git-fixes). - x86/alternatives: Disable interrupts and sync when optimizing NOPs in place (git-fixes). - x86/alternatives: Sync core before enabling interrupts (git-fixes). - x86/boot/compressed: Handle unaccepted memory (jsc#PED-7167). - x86/boot/compressed: Reserve more memory for page tables (git-fixes). - x86/boot: Add an efi.h header for the decompressor (jsc#PED-7167). - x86/boot: Centralize __pa()/__va() definitions (jsc#PED-7167). - x86/boot: Fix incorrect startup_gdt_descr.size (git-fixes). - x86/cpu/amd: Enable Zenbleed fix for AMD Custom APU 0405 (git-fixes). - x86/cpu: Do not write CSTAR MSR on Intel CPUs (jsc#PED-7167). - x86/cpu: Fix amd_check_microcode() declaration (git-fixes). - x86/efi: Safely enable unaccepted memory in UEFI (jsc#PED-7167). - x86/entry: Convert INT 0x80 emulation to IDTENTRY (bsc#1217927). - x86/entry: Do not allow external 0x80 interrupts (bsc#1217927). - x86/fpu/xstate: Prevent false-positive warning in __copy_xstate_uabi_buf() (git-fixes). - x86/fpu: Invalidate FPU state correctly on exec() (git-fixes). - x86/platform/uv: Use alternate source for socket to node data (bsc#1215696 bsc#1217790). - x86/purgatory: Remove LTO flags (git-fixes). - x86/resctrl: Fix kernel-doc warnings (git-fixes). - x86/sev-es: Replace open-coded hlt-loop with sev_es_terminate() (jsc#PED-7167). - x86/sev-es: Use insn_decode_mmio() for MMIO implementation (jsc#PED-7167). - x86/sev: Add SNP-specific unaccepted memory support (jsc#PED-7167). - x86/sev: Allow for use of the early boot GHCB for PSC requests (jsc#PED-7167). - x86/sev: Change npages to unsigned long in snp_accept_memory() (jsc#PED-7167). - x86/sev: Change snp_guest_issue_request()'s fw_err argument (jsc#PED-7167). - x86/sev: Fix address space sparse warning (jsc#PED-7167). - x86/sev: Get rid of special sev_es_enable_key (jsc#PED-7167). - x86/sev: Mark snp_abort() noreturn (jsc#PED-7167). - x86/sev: Put PSC struct on the stack in prep for unaccepted memory support (jsc#PED-7167). - x86/sev: Use large PSC requests if applicable (jsc#PED-7167). - x86/smp: Use dedicated cache-line for mwait_play_dead() (git-fixes). - x86/srso: Add SRSO mitigation for Hygon processors (git-fixes). - x86/srso: Fix SBPB enablement for (possible) future fixed HW (git-fixes). - x86/srso: Fix vulnerability reporting for missing microcode (git-fixes). - x86/tdx: Add unaccepted memory support (jsc#PED-7167). - x86/tdx: Disable NOTIFY_ENABLES (jsc#PED-7167). - x86/tdx: Make _tdx_hypercall() and __tdx_module_call() available in boot stub (jsc#PED-7167). - x86/tdx: Refactor try_accept_one() (jsc#PED-7167). - x86/tdx: Relax SEPT_VE_DISABLE check for debug TD (jsc#PED-7167). - x86/tdx: Use ReportFatalError to report missing SEPT_VE_DISABLE (jsc#PED-7167). - x86/tsc: Add option to force frequency recalibration with HW timer (bsc#1215885 bsc#1217217). - x86/tsc: Be consistent about use_tsc_delay() (bsc#1215885 bsc#1217217). - x86/tsc: Extend watchdog check exemption to 4-Sockets platform (bsc#1215885 bsc#1217217). - x86/unwind/orc: Unwind ftrace trampolines with correct ORC entry (git-fixes). - xfs: Rename __xfs_attr_rmtval_remove (git-fixes). - xfs: Use kvcalloc() instead of kvzalloc() (git-fixes). - xfs: aborting inodes on shutdown may need buffer lock (git-fixes). - xfs: add selinux labels to whiteout inodes (git-fixes). - xfs: clean up "%Ld/%Lu" which does not meet C standard (git-fixes). - xfs: convert flex-array declarations in struct xfs_attrlist* (git-fixes). - xfs: convert flex-array declarations in xfs attr leaf blocks (git-fixes). - xfs: convert flex-array declarations in xfs attr shortform objects (git-fixes). - xfs: decode scrub flags in ftrace output (git-fixes). - xfs: dump log intent items that cannot be recovered due to corruption (git-fixes). - xfs: fix a bug in the online fsck directory leaf1 bestcount check (git-fixes). - xfs: fix agf_fllast when repairing an empty AGFL (git-fixes). - xfs: fix incorrect unit conversion in scrub tracepoint (git-fixes). - xfs: fix silly whitespace problems with kernel libxfs (git-fixes). - xfs: fix uninit warning in xfs_growfs_data (git-fixes). - xfs: fix units conversion error in xfs_bmap_del_extent_delay (git-fixes). - xfs: make sure maxlen is still congruent with prod when rounding down (git-fixes). - xfs: remove kmem_alloc_io() (git-fixes). - xfs: remove the xfs_dinode_t typedef (git-fixes). - xfs: remove the xfs_dqblk_t typedef (git-fixes). - xfs: remove the xfs_dsb_t typedef (git-fixes). - xfs: rename xfs_has_attr() (git-fixes). - xfs: replace snprintf in show functions with sysfs_emit (git-fixes). - xfs: return EINTR when a fatal signal terminates scrub (git-fixes). - xfs: sb verifier does not handle uncached sb buffer (git-fixes). - xfs: simplify two-level sysctl registration for xfs_table (git-fixes). - xfs: sysfs: use default_groups in kobj_type (git-fixes). - xfs: use swap() to make dabtree code cleaner (git-fixes). - xhci: Clear EHB bit only at end of interrupt handler (git-fixes). kernel-rt-5.14.21-150500.13.30.1.nosrc.rpm True kernel-rt-5.14.21-150500.13.30.1.x86_64.rpm True openSUSE-Leap-Micro-5.5-2024-149 moderate SUSE Updates openSUSE-Leap-Micro 5.5 This update for selinux-policy fixes the following issues: - Allow rebootmgr to read the system state (bsc#1205931) - Allow keepalived_t read+write kernel_t pipes (bsc#1216060) selinux-policy-20230511+git13.edb03d70-150500.3.12.1.noarch.rpm selinux-policy-20230511+git13.edb03d70-150500.3.12.1.src.rpm selinux-policy-devel-20230511+git13.edb03d70-150500.3.12.1.noarch.rpm selinux-policy-targeted-20230511+git13.edb03d70-150500.3.12.1.noarch.rpm